From ff82edcf298c425161f6695fbb0a0435787541f5 Mon Sep 17 00:00:00 2001 From: chenjingwen6 Date: Tue, 26 Sep 2023 11:56:28 +0800 Subject: [PATCH 1/2] add .clang-format MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 内核模块遵从linux内核的代码风格,因此从内核开发仓库拷贝一份代码风格文件到这里。 --- kerneldriver/.clang-format | 548 +++++++++++++++++++++++++++++++++++++ 1 file changed, 548 insertions(+) create mode 100644 kerneldriver/.clang-format diff --git a/kerneldriver/.clang-format b/kerneldriver/.clang-format new file mode 100644 index 0000000..10dc5a9 --- /dev/null +++ b/kerneldriver/.clang-format @@ -0,0 +1,548 @@ +# SPDX-License-Identifier: GPL-2.0 +# +# clang-format configuration file. Intended for clang-format >= 4. +# +# For more information, see: +# +# Documentation/process/clang-format.rst +# https://clang.llvm.org/docs/ClangFormat.html +# https://clang.llvm.org/docs/ClangFormatStyleOptions.html +# +--- +AccessModifierOffset: -4 +AlignAfterOpenBracket: Align +AlignConsecutiveAssignments: false +AlignConsecutiveDeclarations: false +#AlignEscapedNewlines: Left # Unknown to clang-format-4.0 +AlignOperands: true +AlignTrailingComments: false +AllowAllParametersOfDeclarationOnNextLine: false +AllowShortBlocksOnASingleLine: false +AllowShortCaseLabelsOnASingleLine: false +AllowShortFunctionsOnASingleLine: None +AllowShortIfStatementsOnASingleLine: false +AllowShortLoopsOnASingleLine: false +AlwaysBreakAfterDefinitionReturnType: None +AlwaysBreakAfterReturnType: None +AlwaysBreakBeforeMultilineStrings: false +AlwaysBreakTemplateDeclarations: false +BinPackArguments: true +BinPackParameters: true +BraceWrapping: + AfterClass: false + AfterControlStatement: false + AfterEnum: false + AfterFunction: true + AfterNamespace: true + AfterObjCDeclaration: false + AfterStruct: false + AfterUnion: false + #AfterExternBlock: false # Unknown to clang-format-5.0 + BeforeCatch: false + BeforeElse: false + IndentBraces: false + #SplitEmptyFunction: true # Unknown to clang-format-4.0 + #SplitEmptyRecord: true # Unknown to clang-format-4.0 + #SplitEmptyNamespace: true # Unknown to clang-format-4.0 +BreakBeforeBinaryOperators: None +BreakBeforeBraces: Custom +#BreakBeforeInheritanceComma: false # Unknown to clang-format-4.0 +BreakBeforeTernaryOperators: false +BreakConstructorInitializersBeforeComma: false +#BreakConstructorInitializers: BeforeComma # Unknown to clang-format-4.0 +BreakAfterJavaFieldAnnotations: false +BreakStringLiterals: false +ColumnLimit: 80 +CommentPragmas: '^ IWYU pragma:' +#CompactNamespaces: false # Unknown to clang-format-4.0 +ConstructorInitializerAllOnOneLineOrOnePerLine: false +ConstructorInitializerIndentWidth: 8 +ContinuationIndentWidth: 8 +Cpp11BracedListStyle: false +DerivePointerAlignment: false +DisableFormat: false +ExperimentalAutoDetectBinPacking: false +#FixNamespaceComments: false # Unknown to clang-format-4.0 + +# Taken from: +# git grep -h '^#define [^[:space:]]*for_each[^[:space:]]*(' include/ \ +# | sed "s,^#define \([^[:space:]]*for_each[^[:space:]]*\)(.*$, - '\1'," \ +# | sort | uniq +ForEachMacros: + - 'apei_estatus_for_each_section' + - 'ata_for_each_dev' + - 'ata_for_each_link' + - '__ata_qc_for_each' + - 'ata_qc_for_each' + - 'ata_qc_for_each_raw' + - 'ata_qc_for_each_with_internal' + - 'ax25_for_each' + - 'ax25_uid_for_each' + - '__bio_for_each_bvec' + - 'bio_for_each_bvec' + - 'bio_for_each_bvec_all' + - 'bio_for_each_integrity_vec' + - '__bio_for_each_segment' + - 'bio_for_each_segment' + - 'bio_for_each_segment_all' + - 'bio_list_for_each' + - 'bip_for_each_vec' + - 'bitmap_for_each_clear_region' + - 'bitmap_for_each_set_region' + - 'blkg_for_each_descendant_post' + - 'blkg_for_each_descendant_pre' + - 'blk_queue_for_each_rl' + - 'bond_for_each_slave' + - 'bond_for_each_slave_rcu' + - 'bpf_for_each_spilled_reg' + - 'btree_for_each_safe128' + - 'btree_for_each_safe32' + - 'btree_for_each_safe64' + - 'btree_for_each_safel' + - 'card_for_each_dev' + - 'cgroup_taskset_for_each' + - 'cgroup_taskset_for_each_leader' + - 'cpufreq_for_each_entry' + - 'cpufreq_for_each_entry_idx' + - 'cpufreq_for_each_valid_entry' + - 'cpufreq_for_each_valid_entry_idx' + - 'css_for_each_child' + - 'css_for_each_descendant_post' + - 'css_for_each_descendant_pre' + - 'device_for_each_child_node' + - 'dma_fence_chain_for_each' + - 'do_for_each_ftrace_op' + - 'drm_atomic_crtc_for_each_plane' + - 'drm_atomic_crtc_state_for_each_plane' + - 'drm_atomic_crtc_state_for_each_plane_state' + - 'drm_atomic_for_each_plane_damage' + - 'drm_client_for_each_connector_iter' + - 'drm_client_for_each_modeset' + - 'drm_connector_for_each_possible_encoder' + - 'drm_for_each_bridge_in_chain' + - 'drm_for_each_connector_iter' + - 'drm_for_each_crtc' + - 'drm_for_each_encoder' + - 'drm_for_each_encoder_mask' + - 'drm_for_each_fb' + - 'drm_for_each_legacy_plane' + - 'drm_for_each_plane' + - 'drm_for_each_plane_mask' + - 'drm_for_each_privobj' + - 'drm_mm_for_each_hole' + - 'drm_mm_for_each_node' + - 'drm_mm_for_each_node_in_range' + - 'drm_mm_for_each_node_safe' + - 'flow_action_for_each' + - 'for_each_active_dev_scope' + - 'for_each_active_drhd_unit' + - 'for_each_active_iommu' + - 'for_each_aggr_pgid' + - 'for_each_available_child_of_node' + - 'for_each_bio' + - 'for_each_board_func_rsrc' + - 'for_each_bvec' + - 'for_each_card_auxs' + - 'for_each_card_auxs_safe' + - 'for_each_card_components' + - 'for_each_card_dapms' + - 'for_each_card_pre_auxs' + - 'for_each_card_prelinks' + - 'for_each_card_rtds' + - 'for_each_card_rtds_safe' + - 'for_each_card_widgets' + - 'for_each_card_widgets_safe' + - 'for_each_cgroup_storage_type' + - 'for_each_child_of_node' + - 'for_each_clear_bit' + - 'for_each_clear_bit_from' + - 'for_each_cmsghdr' + - 'for_each_compatible_node' + - 'for_each_component_dais' + - 'for_each_component_dais_safe' + - 'for_each_comp_order' + - 'for_each_console' + - 'for_each_cpu' + - 'for_each_cpu_and' + - 'for_each_cpu_not' + - 'for_each_cpu_wrap' + - 'for_each_dapm_widgets' + - 'for_each_dev_addr' + - 'for_each_dev_scope' + - 'for_each_displayid_db' + - 'for_each_dma_cap_mask' + - 'for_each_dpcm_be' + - 'for_each_dpcm_be_rollback' + - 'for_each_dpcm_be_safe' + - 'for_each_dpcm_fe' + - 'for_each_drhd_unit' + - 'for_each_dss_dev' + - 'for_each_efi_memory_desc' + - 'for_each_efi_memory_desc_in_map' + - 'for_each_element' + - 'for_each_element_extid' + - 'for_each_element_id' + - 'for_each_endpoint_of_node' + - 'for_each_evictable_lru' + - 'for_each_fib6_node_rt_rcu' + - 'for_each_fib6_walker_rt' + - 'for_each_free_mem_pfn_range_in_zone' + - 'for_each_free_mem_pfn_range_in_zone_from' + - 'for_each_free_mem_range' + - 'for_each_free_mem_range_reverse' + - 'for_each_func_rsrc' + - 'for_each_hstate' + - 'for_each_if' + - 'for_each_iommu' + - 'for_each_ip_tunnel_rcu' + - 'for_each_irq_nr' + - 'for_each_link_codecs' + - 'for_each_link_cpus' + - 'for_each_link_platforms' + - 'for_each_lru' + - 'for_each_matching_node' + - 'for_each_matching_node_and_match' + - 'for_each_member' + - 'for_each_mem_region' + - 'for_each_memblock_type' + - 'for_each_memcg_cache_index' + - 'for_each_mem_pfn_range' + - '__for_each_mem_range' + - 'for_each_mem_range' + - '__for_each_mem_range_rev' + - 'for_each_mem_range_rev' + - 'for_each_migratetype_order' + - 'for_each_msi_entry' + - 'for_each_msi_entry_safe' + - 'for_each_net' + - 'for_each_net_continue_reverse' + - 'for_each_netdev' + - 'for_each_netdev_continue' + - 'for_each_netdev_continue_rcu' + - 'for_each_netdev_continue_reverse' + - 'for_each_netdev_feature' + - 'for_each_netdev_in_bond_rcu' + - 'for_each_netdev_rcu' + - 'for_each_netdev_reverse' + - 'for_each_netdev_safe' + - 'for_each_net_rcu' + - 'for_each_new_connector_in_state' + - 'for_each_new_crtc_in_state' + - 'for_each_new_mst_mgr_in_state' + - 'for_each_new_plane_in_state' + - 'for_each_new_private_obj_in_state' + - 'for_each_node' + - 'for_each_node_by_name' + - 'for_each_node_by_type' + - 'for_each_node_mask' + - 'for_each_node_state' + - 'for_each_node_with_cpus' + - 'for_each_node_with_property' + - 'for_each_nonreserved_multicast_dest_pgid' + - 'for_each_of_allnodes' + - 'for_each_of_allnodes_from' + - 'for_each_of_cpu_node' + - 'for_each_of_pci_range' + - 'for_each_old_connector_in_state' + - 'for_each_old_crtc_in_state' + - 'for_each_old_mst_mgr_in_state' + - 'for_each_oldnew_connector_in_state' + - 'for_each_oldnew_crtc_in_state' + - 'for_each_oldnew_mst_mgr_in_state' + - 'for_each_oldnew_plane_in_state' + - 'for_each_oldnew_plane_in_state_reverse' + - 'for_each_oldnew_private_obj_in_state' + - 'for_each_old_plane_in_state' + - 'for_each_old_private_obj_in_state' + - 'for_each_online_cpu' + - 'for_each_online_node' + - 'for_each_online_pgdat' + - 'for_each_pci_bridge' + - 'for_each_pci_dev' + - 'for_each_pci_msi_entry' + - 'for_each_pcm_streams' + - 'for_each_physmem_range' + - 'for_each_populated_zone' + - 'for_each_possible_cpu' + - 'for_each_present_cpu' + - 'for_each_prime_number' + - 'for_each_prime_number_from' + - 'for_each_process' + - 'for_each_process_thread' + - 'for_each_property_of_node' + - 'for_each_registered_fb' + - 'for_each_requested_gpio' + - 'for_each_requested_gpio_in_range' + - 'for_each_reserved_mem_range' + - 'for_each_reserved_mem_region' + - 'for_each_rtd_codec_dais' + - 'for_each_rtd_codec_dais_rollback' + - 'for_each_rtd_components' + - 'for_each_rtd_cpu_dais' + - 'for_each_rtd_cpu_dais_rollback' + - 'for_each_rtd_dais' + - 'for_each_set_bit' + - 'for_each_set_bit_from' + - 'for_each_set_clump8' + - 'for_each_sg' + - 'for_each_sg_dma_page' + - 'for_each_sg_page' + - 'for_each_sgtable_dma_page' + - 'for_each_sgtable_dma_sg' + - 'for_each_sgtable_page' + - 'for_each_sgtable_sg' + - 'for_each_sibling_event' + - 'for_each_subelement' + - 'for_each_subelement_extid' + - 'for_each_subelement_id' + - '__for_each_thread' + - 'for_each_thread' + - 'for_each_unicast_dest_pgid' + - 'for_each_wakeup_source' + - 'for_each_zone' + - 'for_each_zone_zonelist' + - 'for_each_zone_zonelist_nodemask' + - 'fwnode_for_each_available_child_node' + - 'fwnode_for_each_child_node' + - 'fwnode_graph_for_each_endpoint' + - 'gadget_for_each_ep' + - 'genradix_for_each' + - 'genradix_for_each_from' + - 'hash_for_each' + - 'hash_for_each_possible' + - 'hash_for_each_possible_rcu' + - 'hash_for_each_possible_rcu_notrace' + - 'hash_for_each_possible_safe' + - 'hash_for_each_rcu' + - 'hash_for_each_safe' + - 'hctx_for_each_ctx' + - 'hlist_bl_for_each_entry' + - 'hlist_bl_for_each_entry_rcu' + - 'hlist_bl_for_each_entry_safe' + - 'hlist_for_each' + - 'hlist_for_each_entry' + - 'hlist_for_each_entry_continue' + - 'hlist_for_each_entry_continue_rcu' + - 'hlist_for_each_entry_continue_rcu_bh' + - 'hlist_for_each_entry_from' + - 'hlist_for_each_entry_from_rcu' + - 'hlist_for_each_entry_rcu' + - 'hlist_for_each_entry_rcu_bh' + - 'hlist_for_each_entry_rcu_notrace' + - 'hlist_for_each_entry_safe' + - '__hlist_for_each_rcu' + - 'hlist_for_each_safe' + - 'hlist_nulls_for_each_entry' + - 'hlist_nulls_for_each_entry_from' + - 'hlist_nulls_for_each_entry_rcu' + - 'hlist_nulls_for_each_entry_safe' + - 'i3c_bus_for_each_i2cdev' + - 'i3c_bus_for_each_i3cdev' + - 'ide_host_for_each_port' + - 'ide_port_for_each_dev' + - 'ide_port_for_each_present_dev' + - 'idr_for_each_entry' + - 'idr_for_each_entry_continue' + - 'idr_for_each_entry_continue_ul' + - 'idr_for_each_entry_ul' + - 'in_dev_for_each_ifa_rcu' + - 'in_dev_for_each_ifa_rtnl' + - 'inet_bind_bucket_for_each' + - 'inet_lhash2_for_each_icsk_rcu' + - 'key_for_each' + - 'key_for_each_safe' + - 'klp_for_each_func' + - 'klp_for_each_func_safe' + - 'klp_for_each_func_static' + - 'klp_for_each_object' + - 'klp_for_each_object_safe' + - 'klp_for_each_object_static' + - 'kunit_suite_for_each_test_case' + - 'kvm_for_each_memslot' + - 'kvm_for_each_vcpu' + - 'list_for_each' + - 'list_for_each_codec' + - 'list_for_each_codec_safe' + - 'list_for_each_continue' + - 'list_for_each_entry' + - 'list_for_each_entry_continue' + - 'list_for_each_entry_continue_rcu' + - 'list_for_each_entry_continue_reverse' + - 'list_for_each_entry_from' + - 'list_for_each_entry_from_rcu' + - 'list_for_each_entry_from_reverse' + - 'list_for_each_entry_lockless' + - 'list_for_each_entry_rcu' + - 'list_for_each_entry_reverse' + - 'list_for_each_entry_safe' + - 'list_for_each_entry_safe_continue' + - 'list_for_each_entry_safe_from' + - 'list_for_each_entry_safe_reverse' + - 'list_for_each_prev' + - 'list_for_each_prev_safe' + - 'list_for_each_safe' + - 'llist_for_each' + - 'llist_for_each_entry' + - 'llist_for_each_entry_safe' + - 'llist_for_each_safe' + - 'mci_for_each_dimm' + - 'media_device_for_each_entity' + - 'media_device_for_each_intf' + - 'media_device_for_each_link' + - 'media_device_for_each_pad' + - 'nanddev_io_for_each_page' + - 'netdev_for_each_lower_dev' + - 'netdev_for_each_lower_private' + - 'netdev_for_each_lower_private_rcu' + - 'netdev_for_each_mc_addr' + - 'netdev_for_each_uc_addr' + - 'netdev_for_each_upper_dev_rcu' + - 'netdev_hw_addr_list_for_each' + - 'nft_rule_for_each_expr' + - 'nla_for_each_attr' + - 'nla_for_each_nested' + - 'nlmsg_for_each_attr' + - 'nlmsg_for_each_msg' + - 'nr_neigh_for_each' + - 'nr_neigh_for_each_safe' + - 'nr_node_for_each' + - 'nr_node_for_each_safe' + - 'of_for_each_phandle' + - 'of_property_for_each_string' + - 'of_property_for_each_u32' + - 'pci_bus_for_each_resource' + - 'pcm_for_each_format' + - 'ping_portaddr_for_each_entry' + - 'plist_for_each' + - 'plist_for_each_continue' + - 'plist_for_each_entry' + - 'plist_for_each_entry_continue' + - 'plist_for_each_entry_safe' + - 'plist_for_each_safe' + - 'pnp_for_each_card' + - 'pnp_for_each_dev' + - 'protocol_for_each_card' + - 'protocol_for_each_dev' + - 'queue_for_each_hw_ctx' + - 'radix_tree_for_each_slot' + - 'radix_tree_for_each_tagged' + - 'rbtree_postorder_for_each_entry_safe' + - 'rdma_for_each_block' + - 'rdma_for_each_port' + - 'rdma_umem_for_each_dma_block' + - 'resource_list_for_each_entry' + - 'resource_list_for_each_entry_safe' + - 'rhl_for_each_entry_rcu' + - 'rhl_for_each_rcu' + - 'rht_for_each' + - 'rht_for_each_entry' + - 'rht_for_each_entry_from' + - 'rht_for_each_entry_rcu' + - 'rht_for_each_entry_rcu_from' + - 'rht_for_each_entry_safe' + - 'rht_for_each_from' + - 'rht_for_each_rcu' + - 'rht_for_each_rcu_from' + - '__rq_for_each_bio' + - 'rq_for_each_bvec' + - 'rq_for_each_segment' + - 'scsi_for_each_prot_sg' + - 'scsi_for_each_sg' + - 'sctp_for_each_hentry' + - 'sctp_skb_for_each' + - 'shdma_for_each_chan' + - '__shost_for_each_device' + - 'shost_for_each_device' + - 'sk_for_each' + - 'sk_for_each_bound' + - 'sk_for_each_entry_offset_rcu' + - 'sk_for_each_from' + - 'sk_for_each_rcu' + - 'sk_for_each_safe' + - 'sk_nulls_for_each' + - 'sk_nulls_for_each_from' + - 'sk_nulls_for_each_rcu' + - 'snd_array_for_each' + - 'snd_pcm_group_for_each_entry' + - 'snd_soc_dapm_widget_for_each_path' + - 'snd_soc_dapm_widget_for_each_path_safe' + - 'snd_soc_dapm_widget_for_each_sink_path' + - 'snd_soc_dapm_widget_for_each_source_path' + - 'tb_property_for_each' + - 'tcf_exts_for_each_action' + - 'udp_portaddr_for_each_entry' + - 'udp_portaddr_for_each_entry_rcu' + - 'usb_hub_for_each_child' + - 'v4l2_device_for_each_subdev' + - 'v4l2_m2m_for_each_dst_buf' + - 'v4l2_m2m_for_each_dst_buf_safe' + - 'v4l2_m2m_for_each_src_buf' + - 'v4l2_m2m_for_each_src_buf_safe' + - 'virtio_device_for_each_vq' + - 'while_for_each_ftrace_op' + - 'xa_for_each' + - 'xa_for_each_marked' + - 'xa_for_each_range' + - 'xa_for_each_start' + - 'xas_for_each' + - 'xas_for_each_conflict' + - 'xas_for_each_marked' + - 'xbc_array_for_each_value' + - 'xbc_for_each_key_value' + - 'xbc_node_for_each_array_value' + - 'xbc_node_for_each_child' + - 'xbc_node_for_each_key_value' + - 'zorro_for_each_dev' + +#IncludeBlocks: Preserve # Unknown to clang-format-5.0 +IncludeCategories: + - Regex: '.*' + Priority: 1 +IncludeIsMainRegex: '(Test)?$' +IndentCaseLabels: false +#IndentPPDirectives: None # Unknown to clang-format-5.0 +IndentWidth: 8 +IndentWrappedFunctionNames: false +JavaScriptQuotes: Leave +JavaScriptWrapImports: true +KeepEmptyLinesAtTheStartOfBlocks: false +MacroBlockBegin: '' +MacroBlockEnd: '' +MaxEmptyLinesToKeep: 1 +NamespaceIndentation: None +#ObjCBinPackProtocolList: Auto # Unknown to clang-format-5.0 +ObjCBlockIndentWidth: 8 +ObjCSpaceAfterProperty: true +ObjCSpaceBeforeProtocolList: true + +# Taken from git's rules +#PenaltyBreakAssignment: 10 # Unknown to clang-format-4.0 +PenaltyBreakBeforeFirstCallParameter: 30 +PenaltyBreakComment: 10 +PenaltyBreakFirstLessLess: 0 +PenaltyBreakString: 10 +PenaltyExcessCharacter: 100 +PenaltyReturnTypeOnItsOwnLine: 60 + +PointerAlignment: Right +ReflowComments: false +SortIncludes: false +#SortUsingDeclarations: false # Unknown to clang-format-4.0 +SpaceAfterCStyleCast: false +SpaceAfterTemplateKeyword: true +SpaceBeforeAssignmentOperators: true +#SpaceBeforeCtorInitializerColon: true # Unknown to clang-format-5.0 +#SpaceBeforeInheritanceColon: true # Unknown to clang-format-5.0 +SpaceBeforeParens: ControlStatements +#SpaceBeforeRangeBasedForLoopColon: true # Unknown to clang-format-5.0 +SpaceInEmptyParentheses: false +SpacesBeforeTrailingComments: 1 +SpacesInAngles: false +SpacesInContainerLiterals: false +SpacesInCStyleCastParentheses: false +SpacesInParentheses: false +SpacesInSquareBrackets: false +Standard: Cpp03 +TabWidth: 8 +UseTab: Always +... -- Gitee From d80343d4b27f0bc4967edcfca11c260516d8f75b Mon Sep 17 00:00:00 2001 From: chenjingwen6 Date: Tue, 26 Sep 2023 12:01:35 +0800 Subject: [PATCH 2/2] format kerneldriver codestyle MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 格式化内核驱动的代码风格,保持和内核风格一致 --- .../core/hook_unit/secDetector_hook.c | 50 +++----- .../core/hook_unit/secDetector_hook.h | 47 +++---- .../hook_unit/secDetector_hook_tracepoint.c | 121 ++++++++++-------- .../core/response_unit/secDetector_proc.c | 57 +++++---- .../core/response_unit/secDetector_proc.h | 5 +- .../core/response_unit/secDetector_response.c | 7 +- .../response_unit/secDetector_ringbuffer.c | 35 ++--- kerneldriver/core/secDetector_main.c | 1 - kerneldriver/core/secDetector_manager.c | 37 +++--- kerneldriver/core/secDetector_workflow.c | 4 +- .../include/secDetector_analyze_type.h | 18 +-- .../include/secDetector_collect_type.h | 36 +++--- kerneldriver/include/secDetector_hook_type.h | 14 +- kerneldriver/include/secDetector_manager.h | 1 - .../include/secDetector_module_type.h | 16 +-- kerneldriver/include/secDetector_response.h | 11 +- .../include/secDetector_response_type.h | 12 +- kerneldriver/include/secDetector_workflow.h | 1 - .../include/secDetector_workflow_type.h | 62 +++++---- 19 files changed, 280 insertions(+), 255 deletions(-) diff --git a/kerneldriver/core/hook_unit/secDetector_hook.c b/kerneldriver/core/hook_unit/secDetector_hook.c index 16107e1..39f7e28 100644 --- a/kerneldriver/core/hook_unit/secDetector_hook.c +++ b/kerneldriver/core/hook_unit/secDetector_hook.c @@ -15,9 +15,9 @@ struct hook_list_func { int type_min; int type_max; - int (*insert) (struct secDetector_workflow *); - int (*delete) (struct secDetector_workflow *); - bool (*exists) (struct secDetector_workflow *); + int (*insert)(struct secDetector_workflow *); + int (*delete)(struct secDetector_workflow *); + bool (*exists)(struct secDetector_workflow *); }; static int insert_timer_callback(struct secDetector_workflow *workflow); @@ -25,20 +25,10 @@ static int unlink_timer_callback(struct secDetector_workflow *workflow); static bool timer_callback_exists(struct secDetector_workflow *workflow); static struct hook_list_func hook_list_funcs[] = { - { - TRACEPOINT_HOOK_START, - TRACEPOINT_HOOK_END, - insert_tracepoint_hook, - delete_tracepoint_hook, - tracepoint_exists - }, - { - SECDETECTOR_TIMER, - SECDETECTOR_TIMER, - insert_timer_callback, - unlink_timer_callback, - timer_callback_exists - } + { TRACEPOINT_HOOK_START, TRACEPOINT_HOOK_END, insert_tracepoint_hook, + delete_tracepoint_hook, tracepoint_exists }, + { SECDETECTOR_TIMER, SECDETECTOR_TIMER, insert_timer_callback, + unlink_timer_callback, timer_callback_exists } }; struct list_head secDetector_hook_array[HOOKEND]; @@ -63,14 +53,15 @@ static void do_timer_work(struct work_struct *work) return; timer = container_of(work, struct secDetector_timer, work); - _do_secDetector_callback(timer_func, timer->callback_list, PARAMS(&timer->timer)); - + _do_secDetector_callback(timer_func, timer->callback_list, + PARAMS(&timer->timer)); } static void add_secDetector_timer(struct secDetector_timer *tm); static void secDetector_timer_callback(struct timer_list *timer) { - struct secDetector_timer *tm = container_of(timer, struct secDetector_timer, timer); + struct secDetector_timer *tm = + container_of(timer, struct secDetector_timer, timer); queue_work(system_unbound_wq, &tm->work); add_secDetector_timer(tm); } @@ -90,10 +81,10 @@ static bool timer_callback_exists(struct secDetector_workflow *workflow) if (workflow == NULL) return false; - list_for_each_entry(timer, &secDetector_timer_list, list) { + list_for_each_entry (timer, &secDetector_timer_list, list) { if (workflow->interval != timer->interval) continue; - list_for_each_entry(tmp_wf, &timer->callback_list, list) { + list_for_each_entry (tmp_wf, &timer->callback_list, list) { if (tmp_wf == workflow) return true; } @@ -107,8 +98,8 @@ static int insert_timer_callback(struct secDetector_workflow *workflow) struct secDetector_timer *timer = NULL; if (workflow == NULL) return -1; - - list_for_each_entry(timer, &secDetector_timer_list, list) { + + list_for_each_entry (timer, &secDetector_timer_list, list) { if (workflow->interval != timer->interval) { list_add_rcu(&workflow->list, &timer->callback_list); return 0; @@ -137,7 +128,7 @@ static int unlink_timer_callback(struct secDetector_workflow *workflow) if (workflow == NULL) return -1; - list_for_each_entry(timer, &secDetector_timer_list, list) { + list_for_each_entry (timer, &secDetector_timer_list, list) { if (workflow->interval != timer->interval) { list_del_rcu(&workflow->list); synchronize_rcu(); @@ -164,7 +155,7 @@ int insert_callback(struct secDetector_workflow *workflow) for (i = 0; i < ARRAY_SIZE(hook_list_funcs); i++) { list_func = &hook_list_funcs[i]; if (workflow->hook_type >= list_func->type_min && - workflow->hook_type <= list_func->type_max) { + workflow->hook_type <= list_func->type_max) { if (list_func->exists(workflow)) return -EEXIST; ret = list_func->insert(workflow); @@ -186,14 +177,13 @@ int delete_callback(struct secDetector_workflow *workflow) for (i = 0; i < ARRAY_SIZE(hook_list_funcs); i++) { list_func = &hook_list_funcs[i]; if (workflow->hook_type >= list_func->type_min && - workflow->hook_type <= list_func->type_max) { + workflow->hook_type <= list_func->type_max) { if (!list_func->exists(workflow)) - return 0; - ret = list_func->delete(workflow); + return 0; + ret = list_func->delete (workflow); break; } } return ret; } - diff --git a/kerneldriver/core/hook_unit/secDetector_hook.h b/kerneldriver/core/hook_unit/secDetector_hook.h index a4448d4..18ece67 100644 --- a/kerneldriver/core/hook_unit/secDetector_hook.h +++ b/kerneldriver/core/hook_unit/secDetector_hook.h @@ -34,31 +34,34 @@ extern int delete_callback(struct secDetector_workflow *workflow); extern void init_secDetector_hook(void); // for timer -#define _do_secDetector_callback(func, callback_list,args) \ - do { \ - struct secDetector_workflow *workflow; \ - if (mutex_trylock(&g_hook_list_array_mutex) == 0) \ - return; \ - list_for_each_entry_rcu(workflow, &(callback_list), list) { \ - if (atomic_read(&workflow->enabled) && atomic_read(&workflow->module->enabled)) \ +#define _do_secDetector_callback(func, callback_list, args) \ + do { \ + struct secDetector_workflow *workflow; \ + if (mutex_trylock(&g_hook_list_array_mutex) == 0) \ + return; \ + list_for_each_entry_rcu (workflow, &(callback_list), list) { \ + if (atomic_read(&workflow->enabled) && \ + atomic_read(&workflow->module->enabled)) \ workflow->workflow_func.func(PARAMS(args)); \ - } \ - mutex_unlock(&g_hook_list_array_mutex); \ - } while(0) + } \ + mutex_unlock(&g_hook_list_array_mutex); \ + } while (0) //for tracepoint -#define _do_secDetector_callback_atomic(func, callback_list,args) \ - do { \ - struct secDetector_workflow *workflow; \ - rcu_read_lock(); \ - list_for_each_entry_rcu(workflow, &(callback_list), list) { \ - if (atomic_read(&workflow->enabled) && atomic_read(&workflow->module->enabled)) \ - workflow->workflow_func.func(PARAMS(args)); \ - } \ - rcu_read_unlock(); \ - } while(0) +#define _do_secDetector_callback_atomic(func, callback_list, args) \ + do { \ + struct secDetector_workflow *workflow; \ + rcu_read_lock(); \ + list_for_each_entry_rcu (workflow, &(callback_list), list) { \ + if (atomic_read(&workflow->enabled) && \ + atomic_read(&workflow->module->enabled)) \ + workflow->workflow_func.func(PARAMS(args)); \ + } \ + rcu_read_unlock(); \ + } while (0) -#define do_secDetector_hook_callback(func, id, args) \ - _do_secDetector_callback_atomic(func, secDetector_hook_array[id], PARAMS(args)) +#define do_secDetector_hook_callback(func, id, args) \ + _do_secDetector_callback_atomic(func, secDetector_hook_array[id], \ + PARAMS(args)) #endif diff --git a/kerneldriver/core/hook_unit/secDetector_hook_tracepoint.c b/kerneldriver/core/hook_unit/secDetector_hook_tracepoint.c index 559fc7c..54ee4eb 100644 --- a/kerneldriver/core/hook_unit/secDetector_hook_tracepoint.c +++ b/kerneldriver/core/hook_unit/secDetector_hook_tracepoint.c @@ -6,16 +6,15 @@ * Description: tracepoint hook */ - #include #include #include #include "secDetector_hook.h" -typedef int (*REGFUNC) (void *, void *); -typedef int (*UNREGFUNC) (void *, void *); -#define tracepoint_register_call(name)((REGFUNC)register_trace_##name) -#define tracepoint_unregister_call(name)((UNREGFUNC)register_trace_##name) +typedef int (*REGFUNC)(void *, void *); +typedef int (*UNREGFUNC)(void *, void *); +#define tracepoint_register_call(name) ((REGFUNC)register_trace_##name) +#define tracepoint_unregister_call(name) ((UNREGFUNC)register_trace_##name) struct secDetector_tracepoint { void *handler; @@ -23,44 +22,54 @@ struct secDetector_tracepoint { UNREGFUNC unregister_func; }; -static void create_file_handler(void *cb_data __attribute__ ((unused)), struct filename *pathname) +static void create_file_handler(void *cb_data __attribute__((unused)), + struct filename *pathname) { - do_secDetector_hook_callback(create_file, TRACEPOINT_CREATE_FILE, PARAMS(pathname)); + do_secDetector_hook_callback(create_file, TRACEPOINT_CREATE_FILE, + PARAMS(pathname)); } -static void write_file_handler(void *cb_data __attribute__ ((unused)), struct filename *pathname) +static void write_file_handler(void *cb_data __attribute__((unused)), + struct filename *pathname) { - do_secDetector_hook_callback(write_file, TRACEPOINT_WRITE_FILE, PARAMS(pathname)); + do_secDetector_hook_callback(write_file, TRACEPOINT_WRITE_FILE, + PARAMS(pathname)); } - -static void create_process_handler(void *cb_data __attribute__ ((unused)), int pid) +static void create_process_handler(void *cb_data __attribute__((unused)), + int pid) { - do_secDetector_hook_callback(create_process, TRACEPOINT_CREATE_PROCESS, PARAMS(pid)); + do_secDetector_hook_callback(create_process, TRACEPOINT_CREATE_PROCESS, + PARAMS(pid)); } - static struct secDetector_tracepoint secDetector_tracepoint_hook_functions[] = { { .handler = create_file_handler, - .register_func = tracepoint_register_call(secDetector_createfile), - .unregister_func = tracepoint_unregister_call(secDetector_createfile), + .register_func = + tracepoint_register_call(secDetector_createfile), + .unregister_func = + tracepoint_unregister_call(secDetector_createfile), + }, + { + .handler = write_file_handler, + .register_func = + tracepoint_register_call(secDetector_writefile), + .unregister_func = + tracepoint_unregister_call(secDetector_writefile), }, - { - .handler = write_file_handler, - .register_func = tracepoint_register_call(secDetector_writefile), - .unregister_func = tracepoint_unregister_call(secDetector_writefile), - }, - { - .handler = create_process_handler, - .register_func = tracepoint_register_call(secDetector_createprocess), - .unregister_func = tracepoint_unregister_call(secDetector_createprocess), - }, - { - .handler = NULL, - .register_func = NULL, - .unregister_func = NULL, - } + { + .handler = create_process_handler, + .register_func = + tracepoint_register_call(secDetector_createprocess), + .unregister_func = + tracepoint_unregister_call(secDetector_createprocess), + }, + { + .handler = NULL, + .register_func = NULL, + .unregister_func = NULL, + } }; int insert_tracepoint_hook(struct secDetector_workflow *workflow) @@ -72,13 +81,16 @@ int insert_tracepoint_hook(struct secDetector_workflow *workflow) if (workflow == NULL) return -1; - if (workflow->hook_type < TRACEPOINT_HOOK_START || workflow->hook_type > TRACEPOINT_HOOK_END) + if (workflow->hook_type < TRACEPOINT_HOOK_START || + workflow->hook_type > TRACEPOINT_HOOK_END) return -1; - + head = &secDetector_hook_array[workflow->hook_type]; if (list_empty(head) == 1) { - tp = &secDetector_tracepoint_hook_functions[workflow->hook_type - TRACEPOINT_HOOK_START]; - if (tp == NULL || tp->register_func == NULL || tp->handler == NULL) + tp = &secDetector_tracepoint_hook_functions + [workflow->hook_type - TRACEPOINT_HOOK_START]; + if (tp == NULL || tp->register_func == NULL || + tp->handler == NULL) return -1; ret = tp->register_func(tp->handler, NULL); @@ -86,34 +98,38 @@ int insert_tracepoint_hook(struct secDetector_workflow *workflow) return ret; } - list_add_rcu(&workflow->list, &secDetector_hook_array[workflow->hook_type]); + list_add_rcu(&workflow->list, + &secDetector_hook_array[workflow->hook_type]); return ret; } int delete_tracepoint_hook(struct secDetector_workflow *workflow) { - int ret = 0; - struct secDetector_tracepoint *tp = NULL; + int ret = 0; + struct secDetector_tracepoint *tp = NULL; - if (workflow == NULL) - return -1; + if (workflow == NULL) + return -1; - if (workflow->hook_type < TRACEPOINT_HOOK_START || workflow->hook_type > TRACEPOINT_HOOK_END) - return -1; + if (workflow->hook_type < TRACEPOINT_HOOK_START || + workflow->hook_type > TRACEPOINT_HOOK_END) + return -1; - list_del_rcu(&workflow->list); + list_del_rcu(&workflow->list); synchronize_rcu(); - if (list_empty(&secDetector_hook_array[workflow->hook_type]) == 1) { - tp = &secDetector_tracepoint_hook_functions[workflow->hook_type - TRACEPOINT_HOOK_START]; - if (tp == NULL || tp->register_func == NULL || tp->handler == NULL) - return -1; + if (list_empty(&secDetector_hook_array[workflow->hook_type]) == 1) { + tp = &secDetector_tracepoint_hook_functions + [workflow->hook_type - TRACEPOINT_HOOK_START]; + if (tp == NULL || tp->register_func == NULL || + tp->handler == NULL) + return -1; - ret = tp->unregister_func(tp->handler, NULL); - } + ret = tp->unregister_func(tp->handler, NULL); + } - return ret; + return ret; } bool tracepoint_exists(struct secDetector_workflow *workflow) @@ -123,11 +139,12 @@ bool tracepoint_exists(struct secDetector_workflow *workflow) if (workflow == NULL) return false; - if (workflow->hook_type < TRACEPOINT_HOOK_START || workflow->hook_type > TRACEPOINT_HOOK_END) - return -1; + if (workflow->hook_type < TRACEPOINT_HOOK_START || + workflow->hook_type > TRACEPOINT_HOOK_END) + return -1; head = &secDetector_hook_array[workflow->hook_type]; - list_for_each_entry(tmp_wf, head, list) { + list_for_each_entry (tmp_wf, head, list) { if (tmp_wf == workflow) return true; } diff --git a/kerneldriver/core/response_unit/secDetector_proc.c b/kerneldriver/core/response_unit/secDetector_proc.c index d7c3357..d04e1fd 100644 --- a/kerneldriver/core/response_unit/secDetector_proc.c +++ b/kerneldriver/core/response_unit/secDetector_proc.c @@ -31,15 +31,17 @@ static int clean_log_fifo_data(void) { int ret; unsigned int len; - s_log_data log = {0, NULL}; + s_log_data log = { 0, NULL }; if (!g_secDetector_log_fifo || !g_secDetector_log_fifo->inflag) return 0; - + g_secDetector_log_fifo->inflag = false; len = kfifo_len(&g_secDetector_log_fifo->log_fifo); while (len != 0) { - ret = kfifo_out_spinlocked(&g_secDetector_log_fifo->log_fifo, &log, 1, &g_secDetector_log_fifo->log_fifo_lock); + ret = kfifo_out_spinlocked( + &g_secDetector_log_fifo->log_fifo, &log, 1, + &g_secDetector_log_fifo->log_fifo_lock); if (ret != 1) { g_secDetector_log_fifo->inflag = true; return -1; @@ -56,13 +58,15 @@ static int check_and_out_log_fifo(void) { int ret; unsigned int avail_len; - s_log_data log = {0, NULL}; + s_log_data log = { 0, NULL }; avail_len = kfifo_len(&g_secDetector_log_fifo->log_fifo); while (avail_len == 0) { - ret = kfifo_out_spinlocked(&g_secDetector_log_fifo->log_fifo, &log, 1, &g_secDetector_log_fifo->log_fifo_lock); - if (ret != 1) - return -1; + ret = kfifo_out_spinlocked( + &g_secDetector_log_fifo->log_fifo, &log, 1, + &g_secDetector_log_fifo->log_fifo_lock); + if (ret != 1) + return -1; avail_len = kfifo_len(&g_secDetector_log_fifo->log_fifo); kfree(log.data); } @@ -79,20 +83,21 @@ int write_log(const char *buf, unsigned int buf_len) return -EINVAL; if (!g_secDetector_log_fifo || !g_secDetector_log_fifo->inflag) return -1; - - ret = check_and_out_log_fifo(); + + ret = check_and_out_log_fifo(); if (ret != 0) return -1; - + log.data_size = buf_len; - log.data = (char *) kzalloc(buf_len, GFP_ATOMIC); + log.data = (char *)kzalloc(buf_len, GFP_ATOMIC); if (!log.data) return -1; len = (buf_len == MSG_LEN) ? buf_len - 1 : buf_len; memcpy(log.data, buf, len); - ret = kfifo_out_spinlocked(&g_secDetector_log_fifo->log_fifo, &log, 1, &g_secDetector_log_fifo->log_fifo_lock); + ret = kfifo_out_spinlocked(&g_secDetector_log_fifo->log_fifo, &log, 1, + &g_secDetector_log_fifo->log_fifo_lock); if (ret != 1) { kfree(log.data); return -1; @@ -106,7 +111,7 @@ static int log_data_to_user(char __user *buffer, size_t buflen, s_log_data *log) int ret; if (!log || buflen < log->data_size) return -1; - + ret = copy_to_user(buffer, log->data, log->data_size); if (ret != 0) return -EFAULT; @@ -114,21 +119,24 @@ static int log_data_to_user(char __user *buffer, size_t buflen, s_log_data *log) return log->data_size; } -static ssize_t secDetector_log_read(struct file *file, char __user *buffer, size_t buflen, loff_t *fpos) +static ssize_t secDetector_log_read(struct file *file, char __user *buffer, + size_t buflen, loff_t *fpos) { int ret; unsigned int read_len; bool empty = false; - s_log_data log = {0, NULL}; + s_log_data log = { 0, NULL }; - if ((buflen == 0) || (buflen % MSG_ALIGN)) + if ((buflen == 0) || (buflen % MSG_ALIGN)) return -EINVAL; empty = kfifo_is_empty(&g_secDetector_log_fifo->log_fifo); if (empty) return 0; - read_len = kfifo_out_spinlocked(&g_secDetector_log_fifo->log_fifo, &log, 1, &g_secDetector_log_fifo->log_fifo_lock); + read_len = + kfifo_out_spinlocked(&g_secDetector_log_fifo->log_fifo, &log, 1, + &g_secDetector_log_fifo->log_fifo_lock); if (read_len != 1) return -1; @@ -139,7 +147,9 @@ static ssize_t secDetector_log_read(struct file *file, char __user *buffer, size return ret; } -static ssize_t secDetector_log_write(struct file *filp, const char __user *buffer, size_t count, loff_t *ppos) +static ssize_t secDetector_log_write(struct file *filp, + const char __user *buffer, size_t count, + loff_t *ppos) { int ret; if (count != 1) @@ -166,12 +176,13 @@ static int create_log(size_t log_size, struct proc_dir_entry *parent) g_secDetector_log_fifo = kzalloc(sizeof(s_secDetector_log), GFP_KERNEL); if (!g_secDetector_log_fifo) return -1; - + spin_lock_init(&g_secDetector_log_fifo->log_fifo_lock); g_secDetector_log_fifo->inflag = true; INIT_KFIFO(g_secDetector_log_fifo->log_fifo); - ret = kfifo_alloc(&g_secDetector_log_fifo->log_fifo, log_size, GFP_KERNEL); + ret = kfifo_alloc(&g_secDetector_log_fifo->log_fifo, log_size, + GFP_KERNEL); if (ret != 0) { kfree(g_secDetector_log_fifo); g_secDetector_log_fifo = NULL; @@ -179,7 +190,8 @@ static int create_log(size_t log_size, struct proc_dir_entry *parent) } avail_len = kfifo_avail(&g_secDetector_log_fifo->log_fifo); - g_proc_alarm = proc_create(ALARM_FILE, ALARM_FILE_MASK, parent, &g_proc_log_file_operations); + g_proc_alarm = proc_create(ALARM_FILE, ALARM_FILE_MASK, parent, + &g_proc_log_file_operations); if (!g_proc_alarm) { kfifo_free(&g_secDetector_log_fifo->log_fifo); kfree(g_secDetector_log_fifo); @@ -216,7 +228,8 @@ int __init secDetector_init_log(struct proc_dir_entry *parent, size_t log_size) return -EINVAL; if (log_size != roundup_pow_of_two(log_size)) { - pr_err("[secDetector] init log_size roundup error, suggest log_size=%zu\n", roundup_pow_of_two(log_size)); + pr_err("[secDetector] init log_size roundup error, suggest log_size=%zu\n", + roundup_pow_of_two(log_size)); return -EINVAL; } diff --git a/kerneldriver/core/response_unit/secDetector_proc.h b/kerneldriver/core/response_unit/secDetector_proc.h index 56e3a6d..f6a3c89 100644 --- a/kerneldriver/core/response_unit/secDetector_proc.h +++ b/kerneldriver/core/response_unit/secDetector_proc.h @@ -20,8 +20,9 @@ typedef struct secDetector_log { bool inflag; } s_secDetector_log; -extern int __init secDetector_init_log(struct proc_dir_entry *parent, size_t log_size); +extern int __init secDetector_init_log(struct proc_dir_entry *parent, + size_t log_size); extern void secDetector_destroy_log(void); -extern int write_log(const char*buf, unsigned int buf_len); +extern int write_log(const char *buf, unsigned int buf_len); #endif diff --git a/kerneldriver/core/response_unit/secDetector_response.c b/kerneldriver/core/response_unit/secDetector_response.c index fac9bdb..f3d09b1 100644 --- a/kerneldriver/core/response_unit/secDetector_response.c +++ b/kerneldriver/core/response_unit/secDetector_response.c @@ -15,7 +15,8 @@ static const response_func_t response_units[NR_RESPONSE] = { [RESPONSE_REPORT] = secdetector_report, }; -void notrace secdetector_respond(unsigned int response_type, response_data_t *data) +void notrace secdetector_respond(unsigned int response_type, + response_data_t *data) { if (response_type >= NR_RESPONSE) return; @@ -31,7 +32,9 @@ void notrace secdetector_report(response_data_t *log) if (!log || !log->report_data || !log->report_data->text) return; - ret = secDetector_ringbuf_output(log->report_data->text, log->report_data->len, BPF_RB_FORCE_WAKEUP); + ret = secDetector_ringbuf_output(log->report_data->text, + log->report_data->len, + BPF_RB_FORCE_WAKEUP); if (ret != 0) pr_warn("write ringbuf failed\n"); } diff --git a/kerneldriver/core/response_unit/secDetector_ringbuffer.c b/kerneldriver/core/response_unit/secDetector_ringbuffer.c index 7b83b59..aab2c72 100644 --- a/kerneldriver/core/response_unit/secDetector_ringbuffer.c +++ b/kerneldriver/core/response_unit/secDetector_ringbuffer.c @@ -26,12 +26,11 @@ #define RINGBUF_CREATE_FLAG_MASK (BPF_F_NUMA_NODE) /* non-mmap()'able part of ringbuf (everything up to consumer page) */ -#define RINGBUF_PGOFF \ - (offsetof(struct ringbuf, consumer_pos) >> PAGE_SHIFT) +#define RINGBUF_PGOFF (offsetof(struct ringbuf, consumer_pos) >> PAGE_SHIFT) /* consumer page and producer page */ #define RINGBUF_POS_PAGES 2 -#define RINGBUF_MAX_RECORD_SZ (UINT_MAX/4) +#define RINGBUF_MAX_RECORD_SZ (UINT_MAX / 4) /* Maximum size of ring buffer area is limited by 32-bit page offset within * record header, counted in pages. Reserve 8 bits for extensibility, and take @@ -39,7 +38,7 @@ * non-mmap()'able parts. This gives 64GB limit, which seems plenty for single * ring buffer. */ -#define RINGBUF_MAX_DATA_SZ \ +#define RINGBUF_MAX_DATA_SZ \ (((1ULL << 24) - RINGBUF_POS_PAGES - RINGBUF_PGOFF) * PAGE_SIZE) struct ringbuf { @@ -72,8 +71,8 @@ static unsigned long g_isopen; static struct ringbuf *ringbuf_area_alloc(size_t data_sz, int numa_node) { - const gfp_t flags = GFP_KERNEL | __GFP_RETRY_MAYFAIL | __GFP_NOWARN | - __GFP_ZERO; + const gfp_t flags = + GFP_KERNEL | __GFP_RETRY_MAYFAIL | __GFP_NOWARN | __GFP_ZERO; int nr_meta_pages = RINGBUF_PGOFF + RINGBUF_POS_PAGES; int nr_data_pages = data_sz >> PAGE_SHIFT; int nr_pages = nr_meta_pages + nr_data_pages; @@ -118,8 +117,8 @@ static struct ringbuf *ringbuf_area_alloc(size_t data_sz, int numa_node) pages[nr_data_pages + i] = page; } - rb = vmap(pages, nr_meta_pages + 2 * nr_data_pages, - VM_MAP | VM_USERMAP, PAGE_KERNEL); + rb = vmap(pages, nr_meta_pages + 2 * nr_data_pages, VM_MAP | VM_USERMAP, + PAGE_KERNEL); if (rb) { kmemleak_not_leak(pages); rb->pages = pages; @@ -189,8 +188,7 @@ static unsigned long ringbuf_avail_data_sz(struct ringbuf *rb) * restore struct ringbuf * from record pointer. This page offset is * stored at offset 4 of record metadata header. */ -static size_t ringbuf_rec_pg_off(struct ringbuf *rb, - struct ringbuf_hdr *hdr) +static size_t ringbuf_rec_pg_off(struct ringbuf *rb, struct ringbuf_hdr *hdr) { return ((void *)hdr - (void *)rb) >> PAGE_SHIFT; } @@ -198,13 +196,12 @@ static size_t ringbuf_rec_pg_off(struct ringbuf *rb, /* Given pointer to ring buffer record header, restore pointer to struct * ringbuf itself by using page offset stored at offset 4 */ -static struct ringbuf * -ringbuf_restore_from_rec(struct ringbuf_hdr *hdr) +static struct ringbuf *ringbuf_restore_from_rec(struct ringbuf_hdr *hdr) { unsigned long addr = (unsigned long)(void *)hdr; unsigned long off = (unsigned long)hdr->pg_off << PAGE_SHIFT; - return (void*)((addr & PAGE_MASK) - off); + return (void *)((addr & PAGE_MASK) - off); } static void *__ringbuf_reserve(struct ringbuf *rb, u64 size) @@ -285,7 +282,8 @@ static int ringbuffer_mmap(struct file *flip, struct vm_area_struct *vma) { if (vma->vm_flags & VM_WRITE) { /* allow writable mapping for the consumer_pos only */ - if (vma->vm_pgoff != 0 || vma->vm_end - vma->vm_start != PAGE_SIZE) + if (vma->vm_pgoff != 0 || + vma->vm_end - vma->vm_start != PAGE_SIZE) return -EPERM; } else { vma->vm_flags &= ~VM_MAYWRITE; @@ -294,7 +292,8 @@ static int ringbuffer_mmap(struct file *flip, struct vm_area_struct *vma) return remap_vmalloc_range(vma, g_rb, vma->vm_pgoff + RINGBUF_PGOFF); } -static __poll_t ringbuffer_poll(struct file *filp, struct poll_table_struct *pts) +static __poll_t ringbuffer_poll(struct file *filp, + struct poll_table_struct *pts) { poll_wait(filp, &g_rb->waitq, pts); @@ -326,7 +325,8 @@ static const struct file_operations dev_fops = { .owner = THIS_MODULE, }; -static int ringbuf_output(struct ringbuf *rb, const void *data, u64 size, u64 flags) +static int ringbuf_output(struct ringbuf *rb, const void *data, u64 size, + u64 flags) { void *rec; @@ -369,7 +369,8 @@ int __init secDetector_ringbuf_dev_init(void) goto error_class_create; } - class_dev = device_create(class, NULL, MKDEV((unsigned int)major, 1), NULL, MODULE_DEVICE); + class_dev = device_create(class, NULL, MKDEV((unsigned int)major, 1), + NULL, MODULE_DEVICE); if (unlikely(IS_ERR(class_dev))) { ret = PTR_ERR(class_dev); goto error_device_create; diff --git a/kerneldriver/core/secDetector_main.c b/kerneldriver/core/secDetector_main.c index e75fc24..35bc9a4 100644 --- a/kerneldriver/core/secDetector_main.c +++ b/kerneldriver/core/secDetector_main.c @@ -6,7 +6,6 @@ * Description: secDetector main entry. */ - #include #include #include "secDetector_manager.h" diff --git a/kerneldriver/core/secDetector_manager.c b/kerneldriver/core/secDetector_manager.c index 7c11be1..ba91533 100644 --- a/kerneldriver/core/secDetector_manager.c +++ b/kerneldriver/core/secDetector_manager.c @@ -34,7 +34,8 @@ void secDetector_module_unregister(struct secDetector_module *module) goto error; } - for (i = 0, wf = module->workflow_array; i < module->workflow_array_len; i++, wf++) { + for (i = 0, wf = module->workflow_array; i < module->workflow_array_len; + i++, wf++) { if (wf == NULL) { goto error; } @@ -43,30 +44,29 @@ void secDetector_module_unregister(struct secDetector_module *module) pr_err("[secDetector] delete callback failed\n"); goto error; } - } error: list_del_rcu(&module->list); synchronize_rcu(); mutex_unlock(&g_hook_list_array_mutex); - + return; } EXPORT_SYMBOL_GPL(secDetector_module_unregister); int secDetector_module_register(struct secDetector_module *module) { - struct secDetector_workflow *wf = NULL; - int ret = 0; - int i; - int module_id; - unsigned int callback_id = 0; + struct secDetector_workflow *wf = NULL; + int ret = 0; + int i; + int module_id; + unsigned int callback_id = 0; - if (module == NULL) { - pr_err("[secDetector] register module is null\n"); - return -EINVAL; - } + if (module == NULL) { + pr_err("[secDetector] register module is null\n"); + return -EINVAL; + } module_id = idr_alloc(&g_module_idr, module, 0, INT_MAX, GFP_KERNEL); if (module_id < 0) { @@ -75,14 +75,15 @@ int secDetector_module_register(struct secDetector_module *module) } mutex_lock(&g_hook_list_array_mutex); - for (i = 0, wf = module->workflow_array; i < module->workflow_array_len; i++, wf++) { - if (wf == NULL) { - ret = -EINVAL; - goto error; - } + for (i = 0, wf = module->workflow_array; i < module->workflow_array_len; + i++, wf++) { + if (wf == NULL) { + ret = -EINVAL; + goto error; + } wf->module = module; if (wf->workflow_type == WORKFLOW_PRESET) { - wf->workflow_func.func = preset_workflow; + wf->workflow_func.func = preset_workflow; } ret = insert_callback(wf); diff --git a/kerneldriver/core/secDetector_workflow.c b/kerneldriver/core/secDetector_workflow.c index 2d65b6b..0eff1f6 100644 --- a/kerneldriver/core/secDetector_workflow.c +++ b/kerneldriver/core/secDetector_workflow.c @@ -7,6 +7,6 @@ */ #include "secDetector_workflow_type.h" -void preset_workflow(void) { - +void preset_workflow(void) +{ } \ No newline at end of file diff --git a/kerneldriver/include/secDetector_analyze_type.h b/kerneldriver/include/secDetector_analyze_type.h index 39f2cec..a3930d9 100644 --- a/kerneldriver/include/secDetector_analyze_type.h +++ b/kerneldriver/include/secDetector_analyze_type.h @@ -9,16 +9,16 @@ #define SECDETECTOR_ANALYZE_TYPE_H enum ANALYZE_TYPE { - ANALYZE_RECORD, - ANALYZE_PRESET_START, - ANALYZE_PRESET_SAVE_CHECK = ANALYZE_PRESET_START, - ANALYZE_PRESET_FREQUENCY_RANGE, - ANALYZE_PRESET_END = ANALYZE_PRESET_FREQUENCY_RANGE, - ANALYZE_CUSTOMIZATION, + ANALYZE_RECORD, + ANALYZE_PRESET_START, + ANALYZE_PRESET_SAVE_CHECK = ANALYZE_PRESET_START, + ANALYZE_PRESET_FREQUENCY_RANGE, + ANALYZE_PRESET_END = ANALYZE_PRESET_FREQUENCY_RANGE, + ANALYZE_CUSTOMIZATION, }; typedef union analyze_func { - void (*func)(void); - void (*analyze_record_func)(void); -}analyze_func_t; + void (*func)(void); + void (*analyze_record_func)(void); +} analyze_func_t; #endif \ No newline at end of file diff --git a/kerneldriver/include/secDetector_collect_type.h b/kerneldriver/include/secDetector_collect_type.h index 5f364b8..fc5a03e 100644 --- a/kerneldriver/include/secDetector_collect_type.h +++ b/kerneldriver/include/secDetector_collect_type.h @@ -7,31 +7,31 @@ */ #ifndef SECDETECTOR_COLLECT_TYPE_H #define SECDETECTOR_COLLECT_TYPE_H -#include +#include enum COLLECT_TYPE { - COLLECT_TIME, - COLLECT_CURRENT_START, - COLLECT_CURRENT_PROCESS = COLLECT_CURRENT_START, - COLLECT_CURRENT_FILE, - COLLECT_CURRENT_END = COLLECT_CURRENT_FILE, - COLLECT_GLOBAL_START, - COLLECT_GLOBAL_PROCESS = COLLECT_GLOBAL_START, - COLLECT_GLOBAL_FILE, - COLLECT_GLOBAL_RESOURCE, - COLLECT_GLOBAL_END = COLLECT_GLOBAL_RESOURCE, - COLLECT_CUSTOMIZATION, + COLLECT_TIME, + COLLECT_CURRENT_START, + COLLECT_CURRENT_PROCESS = COLLECT_CURRENT_START, + COLLECT_CURRENT_FILE, + COLLECT_CURRENT_END = COLLECT_CURRENT_FILE, + COLLECT_GLOBAL_START, + COLLECT_GLOBAL_PROCESS = COLLECT_GLOBAL_START, + COLLECT_GLOBAL_FILE, + COLLECT_GLOBAL_RESOURCE, + COLLECT_GLOBAL_END = COLLECT_GLOBAL_RESOURCE, + COLLECT_CUSTOMIZATION, }; union collect_func { - void (*func)(void); - void (*COLLECT_record_func)(void); + void (*func)(void); + void (*COLLECT_record_func)(void); }; struct secDetector_collect { - struct list_head list; - struct rcu_head rcu; - unsigned int collect_type; - union collect_func collect_func; + struct list_head list; + struct rcu_head rcu; + unsigned int collect_type; + union collect_func collect_func; }; #endif \ No newline at end of file diff --git a/kerneldriver/include/secDetector_hook_type.h b/kerneldriver/include/secDetector_hook_type.h index 736d21e..9408d43 100644 --- a/kerneldriver/include/secDetector_hook_type.h +++ b/kerneldriver/include/secDetector_hook_type.h @@ -9,15 +9,15 @@ #define SECDETECTOR_HOOK_TYPE_H enum HOOK_TYPE { - TRACEPOINT_HOOK_START, - TRACEPOINT_CREATE_FILE = TRACEPOINT_HOOK_START, - TRACEPOINT_WRITE_FILE, - TRACEPOINT_CREATE_PROCESS, - TRACEPOINT_HOOK_END = TRACEPOINT_CREATE_PROCESS, + TRACEPOINT_HOOK_START, + TRACEPOINT_CREATE_FILE = TRACEPOINT_HOOK_START, + TRACEPOINT_WRITE_FILE, + TRACEPOINT_CREATE_PROCESS, + TRACEPOINT_HOOK_END = TRACEPOINT_CREATE_PROCESS, - HOOKEND, + HOOKEND, - SECDETECTOR_TIMER, + SECDETECTOR_TIMER, }; #endif \ No newline at end of file diff --git a/kerneldriver/include/secDetector_manager.h b/kerneldriver/include/secDetector_manager.h index 505dd56..2092faf 100644 --- a/kerneldriver/include/secDetector_manager.h +++ b/kerneldriver/include/secDetector_manager.h @@ -3,7 +3,6 @@ * */ - #ifndef SECDETECTOR_MANAGER_H #define SECDETECTOR_MANAGER_H diff --git a/kerneldriver/include/secDetector_module_type.h b/kerneldriver/include/secDetector_module_type.h index 375ea4f..4d4bacb 100644 --- a/kerneldriver/include/secDetector_module_type.h +++ b/kerneldriver/include/secDetector_module_type.h @@ -14,15 +14,15 @@ typedef struct secDetector_workflow secDetector_workflow_t; struct secDetector_module { - struct list_head list; - struct rcu_head rcu; - unsigned int id; - char *name; - struct module *kmodule; - atomic_t enabled; + struct list_head list; + struct rcu_head rcu; + unsigned int id; + char *name; + struct module *kmodule; + atomic_t enabled; - secDetector_workflow_t *workflow_array; - uint32_t workflow_array_len; + secDetector_workflow_t *workflow_array; + uint32_t workflow_array_len; }; #endif \ No newline at end of file diff --git a/kerneldriver/include/secDetector_response.h b/kerneldriver/include/secDetector_response.h index cbb5f47..e214e2f 100644 --- a/kerneldriver/include/secDetector_response.h +++ b/kerneldriver/include/secDetector_response.h @@ -10,13 +10,14 @@ #include "secDetector_response_type.h" struct secdetector_response { - struct list_head list; - struct rcu_head rcu; - unsigned int response_type; - response_func_t response_func; + struct list_head list; + struct rcu_head rcu; + unsigned int response_type; + response_func_t response_func; }; -extern void notrace secdetector_respond(unsigned int response_type, response_data_t *data); +extern void notrace secdetector_respond(unsigned int response_type, + response_data_t *data); extern void notrace secdetector_report(response_data_t *data); // support max 4095 bytes, diff --git a/kerneldriver/include/secDetector_response_type.h b/kerneldriver/include/secDetector_response_type.h index 6c49b1f..013e03a 100644 --- a/kerneldriver/include/secDetector_response_type.h +++ b/kerneldriver/include/secDetector_response_type.h @@ -10,18 +10,18 @@ #include enum { - RESPONSE_REPORT, - RESPONSE_REJECT, - NR_RESPONSE, + RESPONSE_REPORT, + RESPONSE_REJECT, + NR_RESPONSE, }; struct response_report_data { - const char *text; - size_t len; + const char *text; + size_t len; }; typedef union response_data { - struct response_report_data *report_data; + struct response_report_data *report_data; } response_data_t; typedef void (*response_func_t)(response_data_t *data); diff --git a/kerneldriver/include/secDetector_workflow.h b/kerneldriver/include/secDetector_workflow.h index 5246b15..d5b0541 100644 --- a/kerneldriver/include/secDetector_workflow.h +++ b/kerneldriver/include/secDetector_workflow.h @@ -12,6 +12,5 @@ #include "secDetector_response.h" #include "secDetector_workflow_type.h" - void preset_workflow(void); #endif \ No newline at end of file diff --git a/kerneldriver/include/secDetector_workflow_type.h b/kerneldriver/include/secDetector_workflow_type.h index 9e586a1..8ece9a5 100644 --- a/kerneldriver/include/secDetector_workflow_type.h +++ b/kerneldriver/include/secDetector_workflow_type.h @@ -14,46 +14,44 @@ #include "secDetector_module_type.h" enum WORKFLOW_TYPE { - WORKFLOW_CUSTOMIZATION, - WORKFLOW_PRESET, + WORKFLOW_CUSTOMIZATION, + WORKFLOW_PRESET, }; union workflow_func { - void (*func)(void); - void (*create_file)(struct filename *); - void (*write_file)(struct filename *); - void (*create_process)(int); - void (*timer_func)(struct timer_list *); + void (*func)(void); + void (*create_file)(struct filename *); + void (*write_file)(struct filename *); + void (*create_process)(int); + void (*timer_func)(struct timer_list *); }; typedef struct secDetector_module secDetector_module_t; typedef struct secDetector_workflow { - struct list_head list; - struct rcu_head rcu; - unsigned int id; - secDetector_module_t *module; - atomic_t enabled; - unsigned int workflow_type; - union workflow_func workflow_func; - - //hook - unsigned int hook_type; - int interval; - - //collect - struct secDetector_collect *collect_array; - uint32_t collect_array_len; - - //analyze - unsigned int analyze_type; - analyze_func_t analyze_func; - - //response - struct secdetector_response *response_array; - uint32_t response_array_len; + struct list_head list; + struct rcu_head rcu; + unsigned int id; + secDetector_module_t *module; + atomic_t enabled; + unsigned int workflow_type; + union workflow_func workflow_func; + + //hook + unsigned int hook_type; + int interval; + + //collect + struct secDetector_collect *collect_array; + uint32_t collect_array_len; + + //analyze + unsigned int analyze_type; + analyze_func_t analyze_func; + + //response + struct secdetector_response *response_array; + uint32_t response_array_len; } secDetector_workflow_t; - - #endif \ No newline at end of file -- Gitee