1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
|
/*
* sec_gaf.c
*
*/
#include <linux/module.h>
#include <linux/types.h>
#include <linux/sched.h>
#include <linux/fs.h>
#include <linux/mount.h>
#include <asm/pgtable.h>
static struct GAForensicINFO {
unsigned short ver;
unsigned int size;
unsigned short task_struct_struct_state;
unsigned short task_struct_struct_comm;
unsigned short task_struct_struct_tasks;
unsigned short task_struct_struct_pid;
unsigned short task_struct_struct_stack;
unsigned short task_struct_struct_mm;
unsigned short mm_struct_struct_start_data;
unsigned short mm_struct_struct_end_data;
unsigned short mm_struct_struct_start_brk;
unsigned short mm_struct_struct_brk;
unsigned short mm_struct_struct_start_stack;
unsigned short mm_struct_struct_arg_start;
unsigned short mm_struct_struct_arg_end;
unsigned short mm_struct_struct_pgd;
unsigned short mm_struct_struct_mmap;
unsigned short vm_area_struct_struct_vm_start;
unsigned short vm_area_struct_struct_vm_end;
unsigned short vm_area_struct_struct_vm_next;
unsigned short vm_area_struct_struct_vm_file;
unsigned short thread_info_struct_cpu_context;
unsigned short cpu_context_save_struct_sp;
unsigned short file_struct_f_path;
unsigned short path_struct_mnt;
unsigned short path_struct_dentry;
unsigned short dentry_struct_d_parent;
unsigned short dentry_struct_d_name;
unsigned short qstr_struct_name;
unsigned short vfsmount_struct_mnt_mountpoint;
unsigned short vfsmount_struct_mnt_root;
unsigned short vfsmount_struct_mnt_parent;
unsigned int pgdir_shift;
unsigned int ptrs_per_pte;
unsigned int phys_offset;
unsigned int page_offset;
unsigned int page_shift;
unsigned int page_size;
unsigned short task_struct_struct_thread_group;
unsigned short task_struct_struct_utime;
unsigned short task_struct_struct_stime;
unsigned short list_head_struct_next;
unsigned short list_head_struct_prev;
unsigned short rq_struct_curr;
unsigned short thread_info_struct_cpu;
unsigned short task_struct_struct_prio;
unsigned short task_struct_struct_static_prio;
unsigned short task_struct_struct_normal_prio;
unsigned short task_struct_struct_rt_priority;
unsigned short task_struct_struct_se;
unsigned short sched_entity_struct_exec_start;
unsigned short sched_entity_struct_sum_exec_runtime;
unsigned short sched_entity_struct_prev_sum_exec_runtime;
unsigned short task_struct_struct_sched_info;
unsigned short sched_info_struct_pcount;
unsigned short sched_info_struct_run_delay;
unsigned short sched_info_struct_last_arrival;
unsigned short sched_info_struct_last_queued;
unsigned short task_struct_struct_blocked_on;
unsigned short mutex_waiter_struct_list;
unsigned short mutex_waiter_struct_task;
unsigned short sched_entity_struct_cfs_rq_struct;
unsigned short cfs_rq_struct_rq_struct;
unsigned short gaf_fp;
unsigned short GAFINFOCheckSum;
} GAFINFO = {
.ver = 0x0300, /* by dh3s.choi 2010 12 14 */
.size = sizeof(GAFINFO),
.task_struct_struct_state = offsetof(struct task_struct, state),
.task_struct_struct_comm = offsetof(struct task_struct, comm),
.task_struct_struct_tasks = offsetof(struct task_struct, tasks),
.task_struct_struct_pid = offsetof(struct task_struct, pid),
.task_struct_struct_stack = offsetof(struct task_struct, stack),
.task_struct_struct_mm = offsetof(struct task_struct, mm),
.mm_struct_struct_start_data = offsetof(struct mm_struct, start_data),
.mm_struct_struct_end_data = offsetof(struct mm_struct, end_data),
.mm_struct_struct_start_brk = offsetof(struct mm_struct, start_brk),
.mm_struct_struct_brk = offsetof(struct mm_struct, brk),
.mm_struct_struct_start_stack = offsetof(struct mm_struct, start_stack),
.mm_struct_struct_arg_start = offsetof(struct mm_struct, arg_start),
.mm_struct_struct_arg_end = offsetof(struct mm_struct, arg_end),
.mm_struct_struct_pgd = offsetof(struct mm_struct, pgd),
.mm_struct_struct_mmap = offsetof(struct mm_struct, mmap),
.vm_area_struct_struct_vm_start = offsetof(struct vm_area_struct, vm_start),
.vm_area_struct_struct_vm_end = offsetof(struct vm_area_struct, vm_end),
.vm_area_struct_struct_vm_next = offsetof(struct vm_area_struct, vm_next),
.vm_area_struct_struct_vm_file = offsetof(struct vm_area_struct, vm_file),
.thread_info_struct_cpu_context = offsetof(struct thread_info, cpu_context),
.cpu_context_save_struct_sp = offsetof(struct cpu_context_save, sp),
.file_struct_f_path = offsetof(struct file, f_path),
.path_struct_mnt = offsetof(struct path, mnt),
.path_struct_dentry = offsetof(struct path, dentry),
.dentry_struct_d_parent = offsetof(struct dentry, d_parent),
.dentry_struct_d_name = offsetof(struct dentry, d_name),
.qstr_struct_name = offsetof(struct qstr, name),
.vfsmount_struct_mnt_mountpoint = offsetof(struct vfsmount, mnt_mountpoint),
.vfsmount_struct_mnt_root = offsetof(struct vfsmount, mnt_root),
.vfsmount_struct_mnt_parent = offsetof(struct vfsmount, mnt_parent),
.pgdir_shift = PGDIR_SHIFT,
.ptrs_per_pte = PTRS_PER_PTE,
/* .phys_offset = PHYS_OFFSET, */
.page_offset = PAGE_OFFSET,
.page_shift = PAGE_SHIFT,
.page_size = PAGE_SIZE,
.task_struct_struct_thread_group = offsetof(struct task_struct, thread_group),
.task_struct_struct_utime = offsetof(struct task_struct, utime),
.task_struct_struct_stime = offsetof(struct task_struct, stime),
.list_head_struct_next = offsetof(struct list_head, next),
.list_head_struct_prev = offsetof(struct list_head, prev),
.rq_struct_curr = 0,
.thread_info_struct_cpu = offsetof(struct thread_info, cpu),
.task_struct_struct_prio = offsetof(struct task_struct, prio),
.task_struct_struct_static_prio = offsetof(struct task_struct, static_prio),
.task_struct_struct_normal_prio = offsetof(struct task_struct, normal_prio),
.task_struct_struct_rt_priority = offsetof(struct task_struct, rt_priority),
.task_struct_struct_se = offsetof(struct task_struct, se),
.sched_entity_struct_exec_start = offsetof(struct sched_entity, exec_start),
.sched_entity_struct_sum_exec_runtime = offsetof(struct sched_entity, sum_exec_runtime),
.sched_entity_struct_prev_sum_exec_runtime = offsetof(struct sched_entity, prev_sum_exec_runtime),
#if defined(CONFIG_SCHEDSTATS) || defined(CONFIG_TASK_DELAY_ACCT)
.task_struct_struct_sched_info = offsetof(struct task_struct, sched_info),
.sched_info_struct_pcount = offsetof(struct sched_info, pcount),
.sched_info_struct_run_delay = offsetof(struct sched_info, run_delay),
.sched_info_struct_last_arrival = offsetof(struct sched_info, last_arrival),
.sched_info_struct_last_queued = offsetof(struct sched_info, last_queued),
#else
.task_struct_struct_sched_info = 0x1223,
.sched_info_struct_pcount = 0x1224,
.sched_info_struct_run_delay = 0x1225,
.sched_info_struct_last_arrival = 0x1226,
.sched_info_struct_last_queued = 0x1227,
#endif
#ifdef CONFIG_DEBUG_MUTEXES
.task_struct_struct_blocked_on = offsetof(struct task_struct, blocked_on),
.mutex_waiter_struct_list = offsetof(struct mutex_waiter, list),
.mutex_waiter_struct_task = offsetof(struct mutex_waiter, task),
#else
.task_struct_struct_blocked_on = 0x1228,
.mutex_waiter_struct_list = 0x1229,
.mutex_waiter_struct_task = 0x122a,
#endif
#ifdef CONFIG_FAIR_GROUP_SCHED
.sched_entity_struct_cfs_rq_struct = offsetof(struct sched_entity, cfs_rq),
#else
.sched_entity_struct_cfs_rq_struct = 0x1223,
#endif
.cfs_rq_struct_rq_struct = 0,
#ifdef CONFIG_FRAME_POINTER
.gaf_fp = 1,
#else
.gaf_fp = 0,
#endif
.GAFINFOCheckSum = 0
};
void sec_gaf_supply_rqinfo(unsigned short curr_offset, unsigned short rq_offset)
{
unsigned short *checksum = &(GAFINFO.GAFINFOCheckSum);
unsigned char *memory = (unsigned char *)&GAFINFO;
unsigned char address;
/*
* Add GAForensic init for preventing symbol removal for optimization.
*/
GAFINFO.phys_offset = PHYS_OFFSET;
GAFINFO.rq_struct_curr = curr_offset;
#ifdef CONFIG_FAIR_GROUP_SCHED
GAFINFO.cfs_rq_struct_rq_struct = rq_offset;
#else
GAFINFO.cfs_rq_struct_rq_struct = 0x1224;
#endif
for (*checksum = 0, address = 0;
address < (sizeof(GAFINFO) - sizeof(GAFINFO.GAFINFOCheckSum));
address++) {
if ((*checksum) & 0x8000)
(*checksum) =
(((*checksum) << 1) | 1) ^ memory[address];
else
(*checksum) = ((*checksum) << 1) ^ memory[address];
}
}
EXPORT_SYMBOL(sec_gaf_supply_rqinfo);
static int __init sec_gaf_init(void)
{
GAFINFO.phys_offset = PHYS_OFFSET;
return 0;
}
core_initcall(sec_gaf_init);
|
