JFIFICC_PROFILElcmsmntrRGB XYZ  acspMSFTsawsctrl-hand=@=@t," desc_cprt wtptrXYZ,gXYZ@bXYZTrTRCh`gTRCh`bTRCh`descuRGBtextCC0XYZ TXYZ o8XYZ bXYZ $curv*|uN  bj. C$)j.~39?FWM6Tv\dluV~,6۾ewC    #%$""!&+7/&)4)!"0A149;>>>%.DIC;C  ;("(;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;<" }!1AQa"q2#BR$3br %&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz w!1AQaq"2B #3Rbr $4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz ?|WH?cS?Ne.r˿ޱ5\YYhFOejT7PZ[qs2c/$Ep[Gqo(Nù=QHci;OipX=Ģ8d^mQeӴm1OsL/x2];i6p!zU -/uX!=<-}JFIFICC_PROFILElcmsmntrRGB XYZ  acspMSFTsawsctrl-hand=@=@t," desc_cprt wtptrXYZ,gXYZ@bXYZTrTRCh`gTRCh`bTRCh`descuRGBtextCC0XYZ TXYZ o8XYZ bXYZ $curv*|uN  bj. C$)j.~39?FWM6Tv\dluV~,6۾ewC    #%$""!&+7/&)4)!"0A149;>>>%.DIC;C  ;("(;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;<" }!1AQa"q2#BR$3br %&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz w!1AQaq"2B #3Rbr $4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz ?|WH?cS?Ne.r˿ޱ5\YYhFOejT7PZ[qs2c/$Ep[Gqo(Nù=QHci;OipX=Ģ8d^mQeӴm1OsL/x2];i6p!zU -/uX!=<-}JFIFICC_PROFILElcmsmntrRGB XYZ  acspMSFTsawsctrl-hand=@=@t," desc_cprt wtptrXYZ,gXYZ@bXYZTrTRCh`gTRCh`bTRCh`descuRGBtextCC0XYZ TXYZ o8XYZ bXYZ $curv*|uN  bj. C$)j.~39?FWM6Tv\dluV~,6۾ewC    #%$""!&+7/&)4)!"0A149;>>>%.DIC;C  ;("(;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;<" }!1AQa"q2#BR$3br %&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz w!1AQaq"2B #3Rbr $4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz ?|WH?cS?Ne.r˿ޱ5\YYhFOejT7PZ[qs2c/$Ep[Gqo(Nù=QHci;OipX=Ģ8d^mQeӴm1OsL/x2];i6p!zU -/uX!=<-}JFIFICC_PROFILElcmsmntrRGB XYZ  acspMSFTsawsctrl-hand=@=@t," desc_cprt wtptrXYZ,gXYZ@bXYZTrTRCh`gTRCh`bTRCh`descuRGBtextCC0XYZ TXYZ o8XYZ bXYZ $curv*|uN  bj. C$)j.~39?FWM6Tv\dluV~,6۾ewC    #%$""!&+7/&)4)!"0A149;>>>%.DIC;C  ;("(;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;<" }!1AQa"q2#BR$3br %&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz w!1AQaq"2B #3Rbr $4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz ?|WH?cS?Ne.r˿ޱ5\YYhFOejT7PZ[qs2c/$Ep[Gqo(Nù=QHci;OipX=Ģ8d^mQeӴm1OsL/x2];i6p!zU -/uX!=<-}JFIFICC_PROFILElcmsmntrRGB XYZ  acspMSFTsawsctrl-hand=@=@t," desc_cprt wtptrXYZ,gXYZ@bXYZTrTRCh`gTRCh`bTRCh`descuRGBtextCC0XYZ TXYZ o8XYZ bXYZ $curv*|uN  bj. C$)j.~39?FWM6Tv\dluV~,6۾ewC    #%$""!&+7/&)4)!"0A149;>>>%.DIC;C  ;("(;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;<" }!1AQa"q2#BR$3br %&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz w!1AQaq"2B #3Rbr $4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz ?|WH?cS?Ne.r˿ޱ5\YYhFOejT7PZ[qs2c/$Ep[Gqo(Nù=QHci;OipX=Ģ8d^mQeӴm1OsL/x2];i6p!zU -/uX!=<-}JFIFICC_PROFILElcmsmntrRGB XYZ  acspMSFTsawsctrl-hand=@=@t," desc_cprt wtptrXYZ,gXYZ@bXYZTrTRCh`gTRCh`bTRCh`descuRGBtextCC0XYZ TXYZ o8XYZ bXYZ $curv*|uN  bj. C$)j.~39?FWM6Tv\dluV~,6۾ewC    #%$""!&+7/&)4)!"0A149;>>>%.DIC;C  ;("(;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;<" }!1AQa"q2#BR$3br %&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz w!1AQaq"2B #3Rbr $4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz ?|WH?cS?Ne.r˿ޱ5\YYhFOejT7PZ[qs2c/$Ep[Gqo(Nù=QHci;OipX=Ģ8d^mQeӴm1OsL/x2];i6p!zU -/uX!=<-}JFIFICC_PROFILElcmsmntrRGB XYZ  acspMSFTsawsctrl-hand=@=@t," desc_cprt wtptrXYZ,gXYZ@bXYZTrTRCh`gTRCh`bTRCh`descuRGBtextCC0XYZ TXYZ o8XYZ bXYZ $curv*|uN  bj. C$)j.~39?FWM6Tv\dluV~,6۾ewC    #%$""!&+7/&)4)!"0A149;>>>%.DIC;C  ;("(;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;<" }!1AQa"q2#BR$3br %&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz w!1AQaq"2B #3Rbr $4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz ?|WH?cS?Ne.r˿ޱ5\YYhFOejT7PZ[qs2c/$Ep[Gqo(Nù=QHci;OipX=Ģ8d^mQeӴm1OsL/x2];i6p!zU -/uX!=<-}JFIFICC_PROFILElcmsmntrRGB XYZ  acspMSFTsawsctrl-hand=@=@t," desc_cprt wtptrXYZ,gXYZ@bXYZTrTRCh`gTRCh`bTRCh`descuRGBtextCC0XYZ TXYZ o8XYZ bXYZ $curv*|uN  bj. C$)j.~39?FWM6Tv\dluV~,6۾ewC    #%$""!&+7/&)4)!"0A149;>>>%.DIC;C  ;("(;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;<" }!1AQa"q2#BR$3br %&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz w!1AQaq"2B #3Rbr $4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz ?|WH?cS?Ne.r˿ޱ5\YYhFOejT7PZ[qs2c/$Ep[Gqo(Nù=QHci;OipX=Ģ8d^mQeӴm1OsL/x2];i6p!zU -/uX!=<-}JFIFICC_PROFILElcmsmntrRGB XYZ  acspMSFTsawsctrl-hand=@=@t," desc_cprt wtptrXYZ,gXYZ@bXYZTrTRCh`gTRCh`bTRCh`descuRGBtextCC0XYZ TXYZ o8XYZ bXYZ $curv*|uN  bj. C$)j.~39?FWM6Tv\dluV~,6۾ewC    #%$""!&+7/&)4)!"0A149;>>>%.DIC;C  ;("(;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;<" }!1AQa"q2#BR$3br %&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz w!1AQaq"2B #3Rbr $4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz ?|WH?cS?Ne.r˿ޱ5\YYhFOejT7PZ[qs2c/$Ep[Gqo(Nù=QHci;OipX=Ģ8d^mQeӴm1OsL/x2];i6p!zU -/uX!=<-}JFIFICC_PROFILElcmsmntrRGB XYZ  acspMSFTsawsctrl-hand=@=@t," desc_cprt wtptrXYZ,gXYZ@bXYZTrTRCh`gTRCh`bTRCh`descuRGBtextCC0XYZ TXYZ o8XYZ bXYZ $curv*|uN  bj. C$)j.~39?FWM6Tv\dluV~,6۾ewC    #%$""!&+7/&)4)!"0A149;>>>%.DIC;C  ;("(;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;<" }!1AQa"q2#BR$3br %&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz w!1AQaq"2B #3Rbr $4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz ?|WH?cS?Ne.r˿ޱ5\YYhFOejT7PZ[qs2c/$Ep[Gqo(Nù=QHci;OipX=Ģ8d^mQeӴm1OsL/x2];i6p!zU -/uX!=<-}JFIFICC_PROFILElcmsmntrRGB XYZ  acspMSFTsawsctrl-hand=@=@t," desc_cprt wtptrXYZ,gXYZ@bXYZTrTRCh`gTRCh`bTRCh`descuRGBtextCC0XYZ TXYZ o8XYZ bXYZ $curv*|uN  bj. C$)j.~39?FWM6Tv\dluV~,6۾ewC    #%$""!&+7/&)4)!"0A149;>>>%.DIC;C  ;("(;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;<" }!1AQa"q2#BR$3br %&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz w!1AQaq"2B #3Rbr $4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz ?|WH?cS?Ne.r˿ޱ5\YYhFOejT7PZ[qs2c/$Ep[Gqo(Nù=QHci;OipX=Ģ8d^mQeӴm1OsL/x2];i6p!zU -/uX!=<-}JFIFICC_PROFILElcmsmntrRGB XYZ  acspMSFTsawsctrl-hand=@=@t," desc_cprt wtptrXYZ,gXYZ@bXYZTrTRCh`gTRCh`bTRCh`descuRGBtextCC0XYZ TXYZ o8XYZ bXYZ $curv*|uN  bj. C$)j.~39?FWM6Tv\dluV~,6۾ewC    #%$""!&+7/&)4)!"0A149;>>>%.DIC;C  ;("(;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;<" }!1AQa"q2#BR$3br %&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz w!1AQaq"2B #3Rbr $4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz ?|WH?cS?Ne.r˿ޱ5\YYhFOejT7PZ[qs2c/$Ep[Gqo(Nù=QHci;OipX=Ģ8d^mQeӴm1OsL/x2];i6p!zU -/uX!=<-}JFIFICC_PROFILElcmsmntrRGB XYZ  acspMSFTsawsctrl-hand=@=@t," desc_cprt wtptrXYZ,gXYZ@bXYZTrTRCh`gTRCh`bTRCh`descuRGBtextCC0XYZ TXYZ o8XYZ bXYZ $curv*|uN  bj. C$)j.~39?FWM6Tv\dluV~,6۾ewC    #%$""!&+7/&)4)!"0A149;>>>%.DIC;C  ;("(;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;<" }!1AQa"q2#BR$3br %&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz w!1AQaq"2B #3Rbr $4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz ?|WH?cS?Ne.r˿ޱ5\YYhFOejT7PZ[qs2c/$Ep[Gqo(Nù=QHci;OipX=Ģ8d^mQeӴm1OsL/x2];i6p!zU -/uX!=<-}JFIFICC_PROFILElcmsmntrRGB XYZ  acspMSFTsawsctrl-hand=@=@t," desc_cprt wtptrXYZ,gXYZ@bXYZTrTRCh`gTRCh`bTRCh`descuRGBtextCC0XYZ TXYZ o8XYZ bXYZ $curv*|uN  bj. C$)j.~39?FWM6Tv\dluV~,6۾ewC    #%$""!&+7/&)4)!"0A149;>>>%.DIC;C  ;("(;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;<" }!1AQa"q2#BR$3br %&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz w!1AQaq"2B #3Rbr $4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz ?|WH?cS?Ne.r˿ޱ5\YYhFOejT7PZ[qs2c/$Ep[Gqo(Nù=QHci;OipX=Ģ8d^mQeӴm1OsL/x2];i6p!zU -/uX!=<-} .
LIBYA CYBER ARMY
Logo of a company Instagram@3g86    Server : Apache
System : Linux uta-edu.server.ly 4.18.0-513.11.1.el8_9.x86_64 #1 SMP Wed Jan 17 02:00:40 EST 2024 x86_64
User : utripoli ( 1001)
PHP Version : 7.4.33
Disable Function : NONE
Directory :  /usr/src/file_protector-1.1-1549/transport/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Current File : //usr/src/file_protector-1.1-1549/transport/message.c
/**
@file
@brief    kernel/userspace transport messages
@details  Copyright (c) 2017-2021 Acronis International GmbH
@author   Mikhail Krivtsov (mikhail.krivtsov@acronis.com)
@since    $Id: $
*/

#include "message.h"

#include "compat.h"
#include "debug.h"
#include "file_path_tools.h"
#include "ftrace_hooks/ftrace_events.h"
#include "lsm_hooks/lsm_common.h"
#include "memory.h"
#include "path_tools.h"
#include "si_templates.h"
#include "si_writer.h"
#include "si_writer_common.h"
#include "task_info_map.h"
#include "task_tools.h"

#include <linux/file.h>		// fput()
#include <linux/fs_struct.h>
#include <linux/mm.h>		// get_task_exe_file()
#include <linux/rcupdate.h>

const char* msg_type_to_string(msg_type_t type)
{
	switch (type)
	{
	#define FP_SI_MSG_TYPE(x) case FP_SI_OT_##x: return #x;
	#include "transport_message_types_x.h"
	#undef FP_SI_MSG_TYPE
	}

	return "?";
}

const char* action_type_to_string(action_type_t type)
{
	switch (type)
	{
#define CASE_AT_RETURN(t) case AT_##t: return #t
	CASE_AT_RETURN(PING);
	CASE_AT_RETURN(GET_VERSION);
	CASE_AT_RETURN(OPEN_FILE_FROM_MSG);
	CASE_AT_RETURN(OPEN_FILE_BY_PATH);
	CASE_AT_RETURN(INIT_SHARED_DATA_QUEUE);
	CASE_AT_RETURN(WAIT_SHARED_DATA_QUEUE);
	CASE_AT_RETURN(FILE_CONTEXT_ADD);
	CASE_AT_RETURN(GET_MNT_ID_OFFSET);
	CASE_AT_RETURN(SET_LISTENING_MASK_GLOBAL);
	CASE_AT_RETURN(SET_LISTENING_MASK_PROCESS);
	CASE_AT_RETURN(GET_PROCESS_INFO);
	CASE_AT_RETURN(GET_PROCESS_PID_VERSION);
	CASE_AT_RETURN(SET_LISTENING_SUBTYPE_MASK);
	CASE_AT_RETURN(LAST);
#undef CASE_AT_RETURN
	}

	return "?";
}

const char* return_type_to_string(return_type_t type)
{
	switch (type)
	{
#define CASE_RT_RETURN(t) case RT_##t: return #t
	CASE_RT_RETURN(ERROR);
	CASE_RT_RETURN(OPENED_FILE);
	CASE_RT_RETURN(VERSION_INFO);
	CASE_RT_RETURN(DATA_QUEUE_OFFSETS);
	CASE_RT_RETURN(GET_MNT_ID_OFFSET);
	CASE_RT_RETURN(GET_PROCESS_INFO);
	CASE_RT_RETURN(GET_PROCESS_PID_VERSION);
#undef CASE_RT_RETURN
	}

	return "?";
}

static void msg_free(msg_t * msg)
{
	DPRINTF("msg=%p id=%llX", msg, msg->id);
	if (msg->task_info) {
		task_info_put(msg->task_info);
	}
	kvfree_compat(msg);
}

msg_t *msg_ref(msg_t *msg)
{
	atomic_inc(&msg->ref_cnt);
	DPRINTF("msg=%p ref_cnt=%i", msg, atomic_read(&msg->ref_cnt));
	return msg;
}

void msg_unref(msg_t *msg)
{
	DPRINTF("msg=%p ref_cnt=%i", msg, atomic_read(&msg->ref_cnt));
	if (atomic_dec_and_test(&msg->ref_cnt)) {
		msg_free(msg);
	}
}

msg_t *msg_reply_wait_count_inc(msg_t *msg)
{
	msg_ref(msg);
	atomic_inc(&msg->reply_wait_count);
	DPRINTF("msg=%p reply_wait_count=%i", msg, atomic_read(&msg->reply_wait_count));
	return msg;
}

void msg_reply_wait_count_dec(msg_t *msg)
{
	DPRINTF("msg=%p reply_wait_count=%i", msg, atomic_read(&msg->reply_wait_count));
	if (atomic_dec_and_test(&msg->reply_wait_count)) {
		wake_up(&msg->wait_queue);
	}
	msg_unref(msg);
}

msg_sized_t* msg_varsized_init(msg_varsized_t *msg, size_t msg_img_size) {
	msg_sized_t* smsg;
	msg->on_heap = msg_img_size > MSG_MAX_SMALL_PAYLOAD_SIZE;
	if (msg->on_heap) {
		msg->data.heap.ptr = msg_sized_new(msg_img_size);
	}

	smsg = MSG_VARSIZED_GET_SIZED(msg);
	if (smsg) {
		smsg->img_size = msg_img_size;
	}

	return smsg;
}

void msg_varsized_uninit(msg_varsized_t *msg) {
	if (msg->on_heap) {
		msg_sized_free(msg->data.heap.ptr);
	}
}

static msg_t *msg_init(msg_t *msg, uint16_t operation, SUBTYPE_MASK_TYPE subtype, uint16_t callback_type, uint64_t process_uid)
{
	atomic_set(&msg->ref_cnt, 1);
	atomic_set(&msg->reply_wait_count, 0);
	init_waitqueue_head(&msg->wait_queue);
	msg->interrupted = false;
	msg->block = false;
	msg->subtype_mask = subtype;
	thread_safe_path_init(&msg->path);
	thread_safe_path_init(&msg->path2);
	msg->task_info = NULL;
	msg->file_context_msg_info = (file_context_msg_info_t) {0};
	msg->id = 0;
	msg->event.Size = 0;
	msg->event.Operation = operation;
	msg->event.CallbackType = callback_type;
	msg->event.ProcessUID = process_uid;
	msg->event.PropertiesNumber = 0;
	return msg;
}

msg_sized_t *msg_sized_new(size_t msg_img_size)
{
	size_t msg_size = sizeof(msg_sized_t) + msg_img_size;
	msg_sized_t *msg = mem_alloc(msg_size);
	if (msg) {
		msg->img_size = msg_img_size;
	}
	return msg;
}

msg_t *msg_new(uint16_t operation, SUBTYPE_MASK_TYPE subtype_mask, uint16_t callback_type, uint64_t process_uid, size_t props_size)
{
	size_t msg_size = sizeof(msg_t) + props_size;
	msg_t *msg = mem_alloc(msg_size);
	if (msg) {
		msg_init(msg, operation, subtype_mask, callback_type, process_uid);
	}
	DPRINTF("msg=%p msg_size=%zu props_size=%zu", msg, msg_size, props_size);
	return msg;
}

msg_t *msg_new_with_alloc_flags(uint16_t operation, SUBTYPE_MASK_TYPE subtype_mask, uint16_t callback_type, uint64_t process_uid, size_t props_size, bool nowait)
{
	size_t msg_size = sizeof(msg_t) + props_size;
	msg_t *msg;
	if (nowait) {
		msg = mem_alloc_nowait(msg_size);
	} else {
		msg = kvmalloc_compat(msg_size, GFP_KERNEL);
	}
	if (msg) {
		msg_init(msg, operation, subtype_mask, callback_type, process_uid);
	}
	DPRINTF("msg=%p msg_size=%zu props_size=%zu", msg, msg_size, props_size);
	return msg;
}

// - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

static const uint8_t k_hello_fields[] = { 
	FP_SI_PI_OBJECT_NAME,
};

msg_t *hello_msg_new(void)
{
	static const char hello[] = "hello";
	si_property_writer_t writer;
	SiSizedString hello_str;
	uint32_t event_size;
	msg_t* msg;

	hello_str.value = hello;
	hello_str.length = sizeof(hello) - 1;
	event_size = SI_ESTIMATE_SIZE_CONST_PARAMS(k_hello_fields) + hello_str.length;

	msg = msg_new(FP_SI_OT_HELLO, 0, SI_CT_PRE_CALLBACK, 0, event_size);
	if (!msg) {
		return NULL;
	}

	si_event_writer_init(&writer, &msg->event, event_size);
	si_property_writer_write_object_name(&writer, hello_str);
	si_event_writer_finalize(&msg->event, &writer);

	DPRINTF("msg=%p", msg);
	return msg;
}

// assuming correct 'ping_msg'
msg_t *pong_msg_new(msg_sized_t *ping_msg, uint64_t event_uid)
{
	request_msg_img_t *ping_msg_img = (request_msg_img_t*) MSG_IMG(ping_msg);
	ping_img_t *ping_img = IMG_PAYLOAD(ping_msg_img);
	uint32_t properties_number = ping_img->properties_number + 1;
	size_t ping_img_size = ping_msg->img_size - sizeof(request_msg_img_t);
	size_t payload_size = ping_img_size - sizeof(ping_img_t);
	// For 'pong' we need to add 'event_uid' property
	size_t img_size = payload_size + sizeof(SiProperty) + sizeof(uint64_t);
	msg_t* msg = msg_new(FP_SI_OT_PONG, 0, SI_CT_PRE_CALLBACK, ping_img->process_uid, img_size);
	if (msg) {
		SiProperty* event_uid_prop;
		msg->id = event_uid;
		msg->event.Size = sizeof(SiEvent) + img_size;
		msg->event.PropertiesNumber = properties_number;
		memcpy(msg->event.FirstProperty, ping_img->payload, payload_size);
		event_uid_prop = (SiProperty*) (((uint8_t*) msg->event.FirstProperty) + payload_size);
		event_uid_prop->Size = sizeof(SiProperty) + sizeof(uint64_t);
		event_uid_prop->PropertyId = FP_SI_PI_EVENT_UID;
		event_uid_prop->ValueType = SI_VT_UNSIGNED64_TYPE;
		*(uint64_t*) event_uid_prop->ValueBuffer = event_uid;
	}

	DPRINTF("msg=%p payload_size=%zu", msg, payload_size);
	return msg;
}

static const uint8_t k_exec_fields[] = { 
	SI_COMMON_FIELDS,
	SI_COMMON_CRED_FIELDS, \
	FP_SI_PI_PARENT_PROCESS_ID,
	FP_SI_PI_PARENT_PROCESS_UID,
	FP_SI_PI_PARENT_THREAD_ID,
	FP_SI_PI_PARENT_PROCESS_ID_VERSION,
	FP_SI_PI_PARENT_ARTIFICIAL_PROCESS_START_TIMESTAMP,
	FP_SI_PI_PARENT_PROCESS_START_TIMESTAMP,
	FP_SI_PI_PROCESS_START_TIMESTAMP,
	FP_SI_PI_UNIX_EXEC_TYPE,
	FP_SI_PI_ARTIFICIAL_PROCESS_START_TIMESTAMP,
	SI_COMMON_EXE_FILE_FIELDS,
};

msg_t *heur_exec_msg_new(task_info_t *task_info, const transport_ids_t *ids)
{
	struct path *exe_path = NULL;
	struct file *exe_file;
	bool has_parent = false;
	pid_t ptgid = 0, ppid = 0;
	uint64_t pupid = 0;
	SiTimeMicroseconds parent_start_time = {0};
	pid_t tgid, pid;
	msg_t* msg;
	uint32_t event_size;
	path_info_t exe_path_info = (path_info_t){0};
	file_handle_info_t exe_file_handle_info = (file_handle_info_t){0};
	char comm[TASK_COMM_LEN];

	tgid = current->tgid;
	pid = current->pid;

	if (!task_info_need_to_make_exec_event(task_info, ids))
		return NULL;

	exe_file = get_task_exe_file_compat(current);
	// Note: kernel's threads do not have 'exe_file'
	if (exe_file) {
		exe_path = &exe_file->f_path;
		if (!path_is_usable(exe_path)) {
			exe_path = NULL;
		}
	}

	if (exe_path) {
		file_handle_info_make(&exe_file_handle_info, exe_path);
		path_info_make(&exe_path_info, exe_path, false /*dir*/);
		event_size = SI_ESTIMATE_SIZE_CONST_PARAMS(k_exec_fields)
		           + SI_ESTIMATE_SIZE_PATH_INFO(exe_path_info)
		           + SI_ESTIMATE_SIZE_FILE_HANDLE_INFO(exe_file_handle_info);
	} else {
		get_task_comm(comm, current);
		event_size = SI_ESTIMATE_SIZE_CONST_PARAMS(k_exec_fields) + TASK_COMM_LEN;
	}

	{
		struct task_struct* parent;
		rcu_read_lock();
		parent = rcu_dereference(current->real_parent);
		if (parent) {
			ptgid = parent->tgid;
			ppid = parent->pid;
			pupid = make_unique_pid(parent);
			parent_start_time = make_process_start_time(parent);
			has_parent = true;
		}
		rcu_read_unlock();
	}

	msg = msg_new(FP_SI_OT_NOTIFY_PROCESS_EXEC, 0, SI_CT_POST_CALLBACK, make_unique_pid(current), event_size);
	if (msg) {
		si_property_writer_t writer;
		uint64_t event_uid = transport_global_sequence_next();
		task_info_t *parent_task_info = task_info_map_add(ptgid, pupid, NULL /*no exe update*/, parent_start_time.microseconds);

		msg->exec.pid_version = READ_ONCE(task_info->pid_version);
		msg->task_info = task_info_get(task_info);

		si_event_writer_init(&writer, &msg->event, event_size);
		si_property_writer_write_common(&writer, event_uid, pid, tgid, task_info);
		si_property_writer_write_process_start_timestamp(&writer, make_process_start_time(current));
		if (has_parent) {
			si_property_writer_write_parent_process_id(&writer, ptgid);
			si_property_writer_write_parent_process_uid(&writer, pupid);
			si_property_writer_write_parent_thread_id(&writer, ppid);
			si_property_writer_write_parent_process_id_version(&writer, parent_task_info ? READ_ONCE(parent_task_info->pid_version) : 0);
			si_property_writer_write_parent_process_start_timestamp(&writer, parent_start_time);
		}
		if (exe_path)
			si_property_writer_write_exe_file(&writer, &exe_path_info, exe_path->dentry->d_inode, &exe_file_handle_info);
		else
			si_property_writer_write_exe_comm(&writer, comm);

		si_property_writer_write_unix_exec_type(&writer, SI_UNIX_EXEC_TYPE_GENERATED);
		{
			SiTimeMicroseconds t;
			t.microseconds = READ_ONCE(task_info->artificial_start_time_us);
			si_property_writer_write_artificial_process_start_timestamp(&writer, t);
		}
		if (parent_task_info) {
			SiTimeMicroseconds t;
			t.microseconds = READ_ONCE(parent_task_info->artificial_start_time_us);
			si_property_writer_write_parent_artificial_process_start_timestamp(&writer, t);
			task_info_put(parent_task_info);
		}

		si_property_writer_write_current_creds(&writer);

		si_event_writer_finalize(&msg->event, &writer);
	}

	if (exe_file)
		fput(exe_file);

	path_info_free(&exe_path_info);
	file_handle_info_free(&exe_file_handle_info);
	return msg;
}

static msg_sized_t* msg_varsized_init_type(msg_varsized_t *msg, size_t msg_img_size, return_type_t type) {
	msg_sized_t* smsg = msg_varsized_init(msg, msg_img_size);
	if (smsg) {
		MSG_TYPE(smsg) = type;
	}

	return smsg;
}

int open_file_return_msg_new(msg_varsized_t *msg, int fd)
{
	size_t msg_img_size;
	request_msg_img_t *msg_img;
	opened_file_img_t *open_file_img;
	msg_sized_t *smsg;

	msg_img_size = sizeof(request_msg_img_t) + sizeof(opened_file_img_t);
	smsg = msg_varsized_init_type(msg, msg_img_size, RT_OPENED_FILE);
	if (!smsg) {
		return -ENOMEM;
	}

	msg_img = MSG_IMG(smsg);
	open_file_img = IMG_PAYLOAD(msg_img);
	open_file_img->fd = fd;

	return 0;
}

int version_info_return_msg_new(msg_varsized_t *msg)
{
	size_t msg_img_size;
	request_msg_img_t *msg_img;
	version_info_img_t *version_info_img;
	msg_sized_t *smsg;

	msg_img_size = sizeof(request_msg_img_t) + sizeof(version_info_img_t);
	smsg = msg_varsized_init_type(msg, msg_img_size, RT_VERSION_INFO);
	if (!smsg) {
		return -ENOMEM;
	}

	msg_img = MSG_IMG(smsg);
	version_info_img = IMG_PAYLOAD(msg_img);
	version_info_img->max_action = AT_LAST;
	version_info_img->features = DRIVER_FEATURE_CLOSE_EVENT;
	if (ftrace_post_event_have(FTRACE_POST_EVENT_FSNOTIFY))
	{
		version_info_img->features |= DRIVER_FEATURE_FSNOTIFY_EVENTS;
	}
	if (ftrace_post_event_have(FTRACE_POST_EVENT_EXEC)
	 && ftrace_post_event_have(FTRACE_POST_EVENT_EXIT)
	 && ftrace_post_event_have(FTRACE_POST_EVENT_FORK))
	{
		version_info_img->features |= DRIVER_FEATURE_SLEEPABLE_PROCESS_EVENTS;
	}
	if (ftrace_post_event_have(FTRACE_POST_EVENT_AUDIT))
	{
		version_info_img->features |= DRIVER_FEATURE_AUDIT_EVENTS;
	}
	if (lsm_registered())
	{
		version_info_img->features |= DRIVER_FEATURE_LSM_GENERIC;
#ifdef HAVE_MMAP_FILE
		version_info_img->features |= DRIVER_FEATURE_LSM_FILE_MMAP;
#endif
	}
	if (lsm_has_open())
	{
		version_info_img->features |= DRIVER_FEATURE_LSM_FILE_OPEN_COMPLEX_CREATE;
	}
	if (lsm_has_security_path())
	{
		version_info_img->features |= DRIVER_FEATURE_LSM_SECURITY_PATH_SIMPLE_PRE;
	}
	if (lsm_has_complex_post())
	{
		version_info_img->features |= DRIVER_FEATURE_LSM_SECURITY_PATH_COMPLEX_POST;
	}
	else
	{
		version_info_img->features |= DRIVER_FEATURE_FS_SYSCALL_HOOKS_COMPLEX_POST;
	}

	if (ftrace_post_event_have(FTRACE_POST_EVENT_EXEC))
	{
		version_info_img->features |= DRIVER_FEATURE_COMMAND_LINE_IN_EXEC;
	}
	if (has_d_absolute_path_compat())
	{
		version_info_img->features |= DRIVER_FEATURE_ABSOLUTE_PATHS;
	}
	if (ftrace_post_event_have(FTRACE_PRE_EVENT_RW_VERIFY_AREA))
	{
		version_info_img->features |= DRIVER_FEATURE_RW_VERIFY_AREA_EVENTS;
	}

	return 0;
}

int data_queue_offsets_return_msg_new(msg_varsized_t *msg, uint32_t size)
{
	size_t msg_img_size;
	request_msg_img_t *msg_img;
	data_queue_offsets_t *data_queue_offsets_img;
	msg_sized_t *smsg;

	msg_img_size = sizeof(request_msg_img_t) + sizeof(data_queue_offsets_t);
	smsg = msg_varsized_init_type(msg, msg_img_size, RT_DATA_QUEUE_OFFSETS);
	if (!smsg) {
		return -ENOMEM;
	}

	msg_img = MSG_IMG(smsg);
	data_queue_offsets_img = IMG_PAYLOAD(msg_img);
	data_queue_offsets_img->size = size;
	data_queue_offsets_img->headOff = offsetof(shared_data_queue_t, head);
	data_queue_offsets_img->tailOff = offsetof(shared_data_queue_t, tail);
	data_queue_offsets_img->entriesOff = offsetof(shared_data_queue_t, entries);

	return 0;
}

static const uint8_t k_proc_info_fields[] = {
	FP_SI_PI_PROCESS_ID,
	FP_SI_PI_PROCESS_UID,
	FP_SI_PI_PROCESS_ID_VERSION,
	FP_SI_PI_ARTIFICIAL_PROCESS_START_TIMESTAMP,

	FP_SI_PI_PARENT_PROCESS_ID,
	FP_SI_PI_PARENT_PROCESS_UID,
	FP_SI_PI_PARENT_PROCESS_ID_VERSION,
	FP_SI_PI_PARENT_ARTIFICIAL_PROCESS_START_TIMESTAMP,
	FP_SI_PI_PARENT_PROCESS_START_TIMESTAMP,

	FP_SI_PI_PROCESS_START_TIMESTAMP,

	// TODO: Size may vary if there is or there is no inode. Use other template when exe_path is NULL
	SI_COMMON_EXE_FILE_FIELDS,
	SI_COMMON_CRED_FIELDS,
};

int process_info_return_msg_new(msg_varsized_t *msg, pid_t nr)
{
	uint32_t event_size;
	struct pid *pid;
	struct task_struct *task;
	struct path *exe_path = NULL;
	struct file *exe_file;
	size_t msg_img_size;
	msg_sized_t *smsg;
	int ret;
	bool has_parent = false;
	pid_t ptgid = 0;
	uint64_t pupid = 0;
	SiTimeMicroseconds parent_start_time = {0};
	path_info_t exe_path_info = (path_info_t){0};
	file_handle_info_t exe_file_handle_info = (file_handle_info_t){0};
	char comm[TASK_COMM_LEN];
	task_info_t *task_info = NULL;

	pid = find_get_pid(nr);
	task = get_pid_task(pid, PIDTYPE_PID);
	put_pid(pid);
	if (!task) {
		ret = -ENOENT;
		goto out;
	}

	exe_file = get_task_exe_file_compat(task);
	// Note: kernel's threads do not have 'exe_file'
	if (exe_file) {
		exe_path = &exe_file->f_path;
		if (!path_is_usable(exe_path)) {
			exe_path = NULL;
		}
	}

	task_info = task_info_map_get_with_exe(task, exe_path);

	if (exe_path) {
		file_handle_info_make(&exe_file_handle_info, exe_path);
		path_info_make(&exe_path_info, exe_path, false /*dir*/);
		event_size = SI_ESTIMATE_SIZE_CONST_PARAMS(k_proc_info_fields)
		           + SI_ESTIMATE_SIZE_PATH_INFO(exe_path_info)
		           + SI_ESTIMATE_SIZE_FILE_HANDLE_INFO(exe_file_handle_info);
	} else {
		get_task_comm(comm, task);
		event_size = SI_ESTIMATE_SIZE_CONST_PARAMS(k_proc_info_fields) + TASK_COMM_LEN;
	}

	{
		struct task_struct* parent;
		rcu_read_lock();
		parent = rcu_dereference(task->real_parent);
		if (parent) {
			ptgid = parent->tgid;
			pupid = make_unique_pid(parent);
			parent_start_time = make_process_start_time(parent);
			has_parent = true;
		}
		rcu_read_unlock();
	}

	msg_img_size = sizeof(request_msg_img_t) + sizeof(SiInfo) + event_size;
	smsg = msg_varsized_init_type(msg, msg_img_size, RT_GET_PROCESS_INFO);
	if (smsg) {
		request_msg_img_t *msg_img = MSG_IMG(smsg);
		SiInfo *info = IMG_PAYLOAD(msg_img);
		{
			si_property_writer_t writer;
			task_info_t *parent_task_info = task_info_map_add(ptgid, pupid, NULL /*no exe update*/, parent_start_time.microseconds);

			si_info_writer_init(&writer, info, event_size);

			si_property_writer_write_process_id(&writer, task->tgid);
			si_property_writer_write_process_uid(&writer, make_unique_pid(task));
			si_property_writer_write_process_id_version(&writer, task_info ? READ_ONCE(task_info->pid_version) : 0);
			if (task_info) {
				SiTimeMicroseconds t;
				t.microseconds = READ_ONCE(task_info->artificial_start_time_us);
				si_property_writer_write_artificial_process_start_timestamp(&writer, t);
			}
			si_property_writer_write_process_start_timestamp(&writer, make_process_start_time(task));
			if (has_parent) {
				si_property_writer_write_parent_process_id(&writer, ptgid);
				si_property_writer_write_parent_process_uid(&writer, pupid);
				si_property_writer_write_parent_process_id_version(&writer, parent_task_info ? READ_ONCE(parent_task_info->pid_version) : 0);
				si_property_writer_write_parent_process_start_timestamp(&writer, parent_start_time);
			}
			if (exe_path)
				si_property_writer_write_exe_file(&writer, &exe_path_info, exe_path->dentry->d_inode, &exe_file_handle_info);
			else
				si_property_writer_write_exe_comm(&writer, comm);

			if (parent_task_info) {
				SiTimeMicroseconds t;
				t.microseconds = READ_ONCE(parent_task_info->artificial_start_time_us);
				si_property_writer_write_parent_artificial_process_start_timestamp(&writer, t);
				task_info_put(parent_task_info);
			}

			si_property_writer_write_task_creds(&writer, task);

			si_info_writer_finalize(info, &writer);
		}
		ret = 0;
	} else {
		ret = -ENOMEM;
	}

	if (exe_file)
		fput(exe_file);
	
	if (task_info)
		task_info_put(task_info);

	path_info_free(&exe_path_info);
	file_handle_info_free(&exe_file_handle_info);

out:
	return ret;
}

int process_pid_version_return_msg_new(msg_varsized_t *msg, pid_t nr)
{
	struct pid *pid;
	struct task_struct *task;
	struct path *exe_path = NULL;
	struct file *exe_file = NULL;
	int ret;
	task_info_t *task_info = NULL;
	size_t msg_img_size;
	msg_sized_t *smsg;

	pid = find_get_pid(nr);
	task = get_pid_task(pid, PIDTYPE_PID);
	put_pid(pid);
	if (!task) {
		ret = -ENOENT;
		goto out;
	}

	exe_file = get_task_exe_file_compat(task);
	// Note: kernel's threads do not have 'exe_file'
	if (exe_file) {
		exe_path = &exe_file->f_path;
		if (!path_is_usable(exe_path)) {
			exe_path = NULL;
		}
	}

	task_info = task_info_map_get_with_exe(task, exe_path);
	if (!task_info) {
		ret = -ENOMEM;
		goto out;
	}

	msg_img_size = sizeof(request_msg_img_t) + sizeof(process_pid_version_ret_img_t);
	smsg = msg_varsized_init_type(msg, msg_img_size, RT_GET_PROCESS_PID_VERSION);
	if (smsg) {
		request_msg_img_t *msg_img = MSG_IMG(smsg);
		process_pid_version_ret_img_t *pid_info_img = IMG_PAYLOAD(msg_img);
		pid_info_img->pid_version = READ_ONCE(task_info->pid_version);
		pid_info_img->artificial_process_start_timestamp = READ_ONCE(task_info->artificial_start_time_us);
		ret = 0;
	} else {
		ret = -ENOMEM;
	}

out:
	if (exe_file)
		fput(exe_file);

	if (task_info)
		task_info_put(task_info);

	return ret;
}

3g86 2022