6

I am trying to hook unlinkat.my hooking function.

but i get only file name instead of absolute path.so i want absolute path to compare string.when i try rm -r than i get only file name if i get absolute path then it works.so please tell me how i get absolute path.
my code is

long mw_sys_unlink(int dfd, const char *filename ,int flag)
{
        long ret;
        if( strstr(filename,"/tmp/a/"))
        {
                printk(KERN_INFO "file %s has not been deleted by kernel module\n", filename);
                return -1;
        }
        else
        {
                ret = orig_sys_unlink(dfd ,filename,flag);
                printk(KERN_INFO "file %s has been deleted", filename);
                return ret;
        }
}
vikas_saini
  • 159
  • 1
  • 10

2 Answers2

4

Try the following:

    char *tmp = (char*)__get_free_page(GFP_TEMPORARY);

    file *file = fget(dfd);
    if (!file) {
        goto out
    }

    char *path = d_path(&file->f_path, tmp, PAGE_SIZE);
    if (IS_ERR(path)) {
        printk("error: %d\n", (int)path);
        goto out;
    }

    printk("path: %s\n", path);
out:
    free_page((unsigned long)tmp);
Arthur
  • 566
  • 3
  • 7
0

fget can use in linux kernel also.
in fs/file.c at kernel 5.15.33 line 951: https://elixir.bootlin.com/linux/v5.15.33/source/fs/file.c#L951

ytfrdfiw
  • 29
  • 5
  • While this link may answer the question, it is better to include the essential parts of the answer here and provide the link for reference. Link-only answers can become invalid if the linked page changes. - [From Review](/review/late-answers/33943577) – user16217248 Mar 05 '23 at 04:47
  • struct file *fget(unsigned int fd) { return __fget(fd, FMODE_PATH, 1); } EXPORT_SYMBOL(fget); – ytfrdfiw Aug 02 '23 at 01:51