1 /*-
2 * SPDX-License-Identifier: BSD-3-Clause
3 *
4 * Copyright (c) 1988, 1993
5 * The Regents of the University of California. All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. Neither the name of the University nor the names of its contributors
16 * may be used to endorse or promote products derived from this software
17 * without specific prior written permission.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 * SUCH DAMAGE.
30 */
31
32 #ifndef _SYS_KTRACE_H_
33 #define _SYS_KTRACE_H_
34
35 #include <sys/param.h>
36 #include <sys/caprights.h>
37 #include <sys/signal.h>
38 #include <sys/socket.h>
39 #include <sys/_uexterror.h>
40 #include <sys/_uio.h>
41
42 /*
43 * operations to ktrace system call (KTROP(op))
44 */
45 #define KTROP_SET 0 /* set trace points */
46 #define KTROP_CLEAR 1 /* clear trace points */
47 #define KTROP_CLEARFILE 2 /* stop all tracing to file */
48 #define KTROP(o) ((o)&3) /* macro to extract operation */
49 /*
50 * flags (ORed in with operation)
51 */
52 #define KTRFLAG_DESCEND 4 /* perform op on all children too */
53
54 /*
55 * ktrace record header
56 */
57 struct ktr_header_v0 {
58 int ktr_len; /* length of buf */
59 short ktr_type; /* trace record type */
60 pid_t ktr_pid; /* process id */
61 char ktr_comm[MAXCOMLEN + 1];/* command name */
62 struct timeval ktr_time; /* timestamp */
63 long ktr_tid; /* thread id */
64 };
65
66 struct ktr_header {
67 int ktr_len; /* length of buf */
68 short ktr_type; /* trace record type */
69 short ktr_version; /* ktr_header version */
70 pid_t ktr_pid; /* process id */
71 char ktr_comm[MAXCOMLEN + 1];/* command name */
72 struct timespec ktr_time; /* timestamp */
73 /* XXX: make ktr_tid an lwpid_t on next ABI break */
74 long ktr_tid; /* thread id */
75 int ktr_cpu; /* cpu id */
76 };
77
78 #define KTR_VERSION0 0
79 #define KTR_VERSION1 1
80 #define KTR_OFFSET_V0 sizeof(struct ktr_header_v0) - \
81 sizeof(struct ktr_header)
82 /*
83 * Test for kernel trace point (MP SAFE).
84 *
85 * KTRCHECK() just checks that the type is enabled and is only for
86 * internal use in the ktrace subsystem. KTRPOINT() checks against
87 * ktrace recursion as well as checking that the type is enabled and
88 * is the public interface.
89 */
90 #define KTRCHECK(td, type) ((td)->td_proc->p_traceflag & (1 << type))
91 #define KTRPOINT(td, type) (__predict_false(KTRCHECK((td), (type))))
92 #define KTRUSERRET(td) do { \
93 if (__predict_false(!STAILQ_EMPTY_ATOMIC(&(td)->td_proc->p_ktr))) \
94 ktruserret(td); \
95 } while (0)
96
97 /*
98 * ktrace record types
99 */
100
101 /*
102 * KTR_SYSCALL - system call record
103 */
104 #define KTR_SYSCALL 1
105 struct ktr_syscall {
106 short ktr_code; /* syscall number */
107 short ktr_narg; /* number of arguments */
108 /*
109 * followed by ktr_narg register_t
110 */
111 register_t ktr_args[1];
112 };
113
114 /*
115 * KTR_SYSRET - return from system call record
116 */
117 #define KTR_SYSRET 2
118 struct ktr_sysret {
119 short ktr_code;
120 short ktr_eosys;
121 int ktr_error;
122 register_t ktr_retval;
123 };
124
125 /*
126 * KTR_NAMEI - namei record
127 */
128 #define KTR_NAMEI 3
129 /* record contains pathname */
130
131 /*
132 * KTR_GENIO - trace generic process i/o
133 */
134 #define KTR_GENIO 4
135 struct ktr_genio {
136 int ktr_fd;
137 enum uio_rw ktr_rw;
138 /*
139 * followed by data successfully read/written
140 */
141 };
142
143 /*
144 * KTR_PSIG - trace processed signal
145 */
146 #define KTR_PSIG 5
147 struct ktr_psig {
148 int signo;
149 sig_t action;
150 int code;
151 sigset_t mask;
152 };
153
154 /*
155 * KTR_CSW - trace context switches
156 */
157 #define KTR_CSW 6
158 struct ktr_csw_old {
159 int out; /* 1 if switch out, 0 if switch in */
160 int user; /* 1 if usermode (ivcsw), 0 if kernel (vcsw) */
161 };
162
163 struct ktr_csw {
164 int out; /* 1 if switch out, 0 if switch in */
165 int user; /* 1 if usermode (ivcsw), 0 if kernel (vcsw) */
166 char wmesg[8];
167 };
168
169 /*
170 * KTR_USER - data coming from userland
171 */
172 #define KTR_USER_MAXLEN 2048 /* maximum length of passed data */
173 #define KTR_USER 7
174
175 /*
176 * KTR_STRUCT - misc. structs
177 */
178 #define KTR_STRUCT 8
179 /*
180 * record contains null-terminated struct name followed by
181 * struct contents
182 */
183 struct sockaddr;
184 struct stat;
185 struct sysentvec;
186
187 /*
188 * KTR_SYSCTL - name of a sysctl MIB
189 */
190 #define KTR_SYSCTL 9
191 /* record contains null-terminated MIB name */
192
193 /*
194 * KTR_PROCCTOR - trace process creation (multiple ABI support)
195 */
196 #define KTR_PROCCTOR 10
197 struct ktr_proc_ctor {
198 u_int sv_flags; /* struct sysentvec sv_flags copy */
199 };
200
201 /*
202 * KTR_PROCDTOR - trace process destruction (multiple ABI support)
203 */
204 #define KTR_PROCDTOR 11
205
206 /*
207 * KTR_CAPFAIL - trace capability check failures
208 */
209 #define KTR_CAPFAIL 12
210 enum ktr_cap_violation {
211 CAPFAIL_NOTCAPABLE, /* insufficient capabilities in cap_check() */
212 CAPFAIL_INCREASE, /* attempt to increase rights on a capability */
213 CAPFAIL_SYSCALL, /* disallowed system call */
214 CAPFAIL_SIGNAL, /* sent signal to process other than self */
215 CAPFAIL_PROTO, /* disallowed protocol */
216 CAPFAIL_SOCKADDR, /* restricted address lookup */
217 CAPFAIL_NAMEI, /* restricted namei lookup */
218 CAPFAIL_CPUSET, /* restricted CPU set modification */
219 };
220
221 union ktr_cap_data {
222 cap_rights_t cap_rights[2];
223 #define cap_needed cap_rights[0]
224 #define cap_held cap_rights[1]
225 int cap_int;
226 struct sockaddr cap_sockaddr;
227 char cap_path[MAXPATHLEN];
228 };
229
230 struct ktr_cap_fail {
231 enum ktr_cap_violation cap_type;
232 short cap_code;
233 u_int cap_svflags;
234 union ktr_cap_data cap_data;
235 };
236
237 /*
238 * KTR_FAULT - page fault record
239 */
240 #define KTR_FAULT 13
241 struct ktr_fault {
242 vm_offset_t vaddr;
243 int type;
244 };
245
246 /*
247 * KTR_FAULTEND - end of page fault record
248 */
249 #define KTR_FAULTEND 14
250 struct ktr_faultend {
251 int result;
252 };
253
254 /*
255 * KTR_STRUCT_ARRAY - array of misc. structs
256 */
257 #define KTR_STRUCT_ARRAY 15
258 struct ktr_struct_array {
259 size_t struct_size;
260 /*
261 * Followed by null-terminated structure name and then payload
262 * contents.
263 */
264 };
265
266 /*
267 * KTR_ARGS - arguments of execve()
268 */
269 #define KTR_ARGS 16
270
271 /*
272 * KTR_ENVS - environment variables of execve()
273 */
274 #define KTR_ENVS 17
275
276 /*
277 * KTR_EXTERR - extended error reported
278 */
279 #define KTR_EXTERR 18
280 struct ktr_exterr {
281 struct uexterror ue;
282 };
283
284 /*
285 * KTR_DROP - If this bit is set in ktr_type, then at least one event
286 * between the previous record and this record was dropped.
287 */
288 #define KTR_DROP 0x8000
289 /*
290 * KTR_VERSIONED - If this bit is set in ktr_type, then the kernel
291 * exposes the new struct ktr_header (versioned), otherwise the old
292 * struct ktr_header_v0 is exposed.
293 */
294 #define KTR_VERSIONED 0x4000
295 #define KTR_TYPE (KTR_DROP | KTR_VERSIONED)
296
297 /*
298 * kernel trace points (in p_traceflag)
299 */
300 #define KTRFAC_MASK 0x00ffffff
301 #define KTRFAC_SYSCALL (1<<KTR_SYSCALL)
302 #define KTRFAC_SYSRET (1<<KTR_SYSRET)
303 #define KTRFAC_NAMEI (1<<KTR_NAMEI)
304 #define KTRFAC_GENIO (1<<KTR_GENIO)
305 #define KTRFAC_PSIG (1<<KTR_PSIG)
306 #define KTRFAC_CSW (1<<KTR_CSW)
307 #define KTRFAC_USER (1<<KTR_USER)
308 #define KTRFAC_STRUCT (1<<KTR_STRUCT)
309 #define KTRFAC_SYSCTL (1<<KTR_SYSCTL)
310 #define KTRFAC_PROCCTOR (1<<KTR_PROCCTOR)
311 #define KTRFAC_PROCDTOR (1<<KTR_PROCDTOR)
312 #define KTRFAC_CAPFAIL (1<<KTR_CAPFAIL)
313 #define KTRFAC_FAULT (1<<KTR_FAULT)
314 #define KTRFAC_FAULTEND (1<<KTR_FAULTEND)
315 #define KTRFAC_STRUCT_ARRAY (1<<KTR_STRUCT_ARRAY)
316 #define KTRFAC_ARGS (1<<KTR_ARGS)
317 #define KTRFAC_ENVS (1<<KTR_ENVS)
318 #define KTRFAC_EXTERR (1<<KTR_EXTERR)
319
320 /*
321 * trace flags (also in p_traceflags)
322 */
323 #define KTRFAC_ROOT 0x80000000 /* root set this trace */
324 #define KTRFAC_INHERIT 0x40000000 /* pass trace flags to children */
325 #define KTRFAC_DROP 0x20000000 /* last event was dropped */
326
327 #ifdef _KERNEL
328 struct ktr_io_params;
329
330 #ifdef KTRACE
331 struct vnode *ktr_get_tracevp(struct proc *, bool);
332 #else
333 static inline struct vnode *
ktr_get_tracevp(struct proc * p,bool ref)334 ktr_get_tracevp(struct proc *p, bool ref)
335 {
336
337 return (NULL);
338 }
339 #endif
340 void ktr_io_params_free(struct ktr_io_params *);
341 void ktrnamei(const char *);
342 void ktrcsw(int, int, const char *);
343 void ktrpsig(int, sig_t, sigset_t *, int);
344 void ktrfault(vm_offset_t, int);
345 void ktrfaultend(int);
346 void ktrgenio(int, enum uio_rw, struct uio *, int);
347 void ktrsyscall(int, int narg, syscallarg_t args[]);
348 void ktrsysctl(int *name, u_int namelen);
349 void ktrsysret(int, int, register_t);
350 void ktrprocctor(struct proc *);
351 struct ktr_io_params *ktrprocexec(struct proc *);
352 void ktrprocexit(struct thread *);
353 void ktrprocfork(struct proc *, struct proc *);
354 void ktruserret(struct thread *);
355 void ktrstruct(const char *, const void *, size_t);
356 void ktrstruct_error(const char *, const void *, size_t, int);
357 void ktrstructarray(const char *, enum uio_seg, const void *, int, size_t);
358 void ktrcapfail(enum ktr_cap_violation, const void *);
359 void ktrdata(int, const void *, size_t);
360 #define ktrcaprights(s) \
361 ktrstruct("caprights", (s), sizeof(cap_rights_t))
362 #define ktritimerval(s) \
363 ktrstruct("itimerval", (s), sizeof(struct itimerval))
364 #define ktrsockaddr(s) \
365 ktrstruct("sockaddr", (s), ((struct sockaddr *)(s))->sa_len)
366 #define ktrstat(s) \
367 ktrstruct("stat", (s), sizeof(struct stat))
368 #define ktrstat_error(s, error) \
369 ktrstruct_error("stat", (s), sizeof(struct stat), error)
370 #define ktrcpuset(s, l) \
371 ktrstruct("cpuset_t", (s), l)
372 #define ktrsplice(s) \
373 ktrstruct("splice", (s), sizeof(struct splice))
374 #define ktrthrparam(s) \
375 ktrstruct("thrparam", (s), sizeof(struct thr_param))
376 extern u_int ktr_geniosize;
377 #ifdef KTRACE
378 extern int ktr_filesize_limit_signal;
379 #define __ktrace_used
380 #else
381 #define ktr_filesize_limit_signal 0
382 #define __ktrace_used __unused
383 #endif
384 #else
385
386 #include <sys/cdefs.h>
387
388 __BEGIN_DECLS
389 int ktrace(const char *, int, int, pid_t);
390 int utrace(const void *, size_t);
391 __END_DECLS
392
393 #endif
394
395 #endif
396