1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 * 21 * Portions Copyright 2010 The FreeBSD Foundation 22 * 23 * $FreeBSD$ 24 */ 25 26 /* 27 * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 28 * Use is subject to license terms. 29 */ 30 31 #if defined(sun) 32 #pragma ident "%Z%%M% %I% %E% SMI" 33 #endif 34 35 #include <sys/atomic.h> 36 #include <sys/errno.h> 37 #include <sys/stat.h> 38 #include <sys/modctl.h> 39 #include <sys/conf.h> 40 #include <sys/systm.h> 41 #if defined(sun) 42 #include <sys/ddi.h> 43 #endif 44 #include <sys/sunddi.h> 45 #include <sys/cpuvar.h> 46 #include <sys/kmem.h> 47 #if defined(sun) 48 #include <sys/strsubr.h> 49 #endif 50 #include <sys/fasttrap.h> 51 #include <sys/fasttrap_impl.h> 52 #include <sys/fasttrap_isa.h> 53 #include <sys/dtrace.h> 54 #include <sys/dtrace_impl.h> 55 #include <sys/sysmacros.h> 56 #include <sys/proc.h> 57 #include <sys/policy.h> 58 #if defined(sun) 59 #include <util/qsort.h> 60 #endif 61 #include <sys/mutex.h> 62 #include <sys/kernel.h> 63 #if !defined(sun) 64 #include <sys/user.h> 65 #include <sys/dtrace_bsd.h> 66 #include <cddl/dev/dtrace/dtrace_cddl.h> 67 #endif 68 69 /* 70 * User-Land Trap-Based Tracing 71 * ---------------------------- 72 * 73 * The fasttrap provider allows DTrace consumers to instrument any user-level 74 * instruction to gather data; this includes probes with semantic 75 * signifigance like entry and return as well as simple offsets into the 76 * function. While the specific techniques used are very ISA specific, the 77 * methodology is generalizable to any architecture. 78 * 79 * 80 * The General Methodology 81 * ----------------------- 82 * 83 * With the primary goal of tracing every user-land instruction and the 84 * limitation that we can't trust user space so don't want to rely on much 85 * information there, we begin by replacing the instructions we want to trace 86 * with trap instructions. Each instruction we overwrite is saved into a hash 87 * table keyed by process ID and pc address. When we enter the kernel due to 88 * this trap instruction, we need the effects of the replaced instruction to 89 * appear to have occurred before we proceed with the user thread's 90 * execution. 91 * 92 * Each user level thread is represented by a ulwp_t structure which is 93 * always easily accessible through a register. The most basic way to produce 94 * the effects of the instruction we replaced is to copy that instruction out 95 * to a bit of scratch space reserved in the user thread's ulwp_t structure 96 * (a sort of kernel-private thread local storage), set the PC to that 97 * scratch space and single step. When we reenter the kernel after single 98 * stepping the instruction we must then adjust the PC to point to what would 99 * normally be the next instruction. Of course, special care must be taken 100 * for branches and jumps, but these represent such a small fraction of any 101 * instruction set that writing the code to emulate these in the kernel is 102 * not too difficult. 103 * 104 * Return probes may require several tracepoints to trace every return site, 105 * and, conversely, each tracepoint may activate several probes (the entry 106 * and offset 0 probes, for example). To solve this muliplexing problem, 107 * tracepoints contain lists of probes to activate and probes contain lists 108 * of tracepoints to enable. If a probe is activated, it adds its ID to 109 * existing tracepoints or creates new ones as necessary. 110 * 111 * Most probes are activated _before_ the instruction is executed, but return 112 * probes are activated _after_ the effects of the last instruction of the 113 * function are visible. Return probes must be fired _after_ we have 114 * single-stepped the instruction whereas all other probes are fired 115 * beforehand. 116 * 117 * 118 * Lock Ordering 119 * ------------- 120 * 121 * The lock ordering below -- both internally and with respect to the DTrace 122 * framework -- is a little tricky and bears some explanation. Each provider 123 * has a lock (ftp_mtx) that protects its members including reference counts 124 * for enabled probes (ftp_rcount), consumers actively creating probes 125 * (ftp_ccount) and USDT consumers (ftp_mcount); all three prevent a provider 126 * from being freed. A provider is looked up by taking the bucket lock for the 127 * provider hash table, and is returned with its lock held. The provider lock 128 * may be taken in functions invoked by the DTrace framework, but may not be 129 * held while calling functions in the DTrace framework. 130 * 131 * To ensure consistency over multiple calls to the DTrace framework, the 132 * creation lock (ftp_cmtx) should be held. Naturally, the creation lock may 133 * not be taken when holding the provider lock as that would create a cyclic 134 * lock ordering. In situations where one would naturally take the provider 135 * lock and then the creation lock, we instead up a reference count to prevent 136 * the provider from disappearing, drop the provider lock, and acquire the 137 * creation lock. 138 * 139 * Briefly: 140 * bucket lock before provider lock 141 * DTrace before provider lock 142 * creation lock before DTrace 143 * never hold the provider lock and creation lock simultaneously 144 */ 145 146 static d_open_t fasttrap_open; 147 static d_ioctl_t fasttrap_ioctl; 148 149 static struct cdevsw fasttrap_cdevsw = { 150 .d_version = D_VERSION, 151 .d_open = fasttrap_open, 152 .d_ioctl = fasttrap_ioctl, 153 .d_name = "fasttrap", 154 }; 155 static struct cdev *fasttrap_cdev; 156 static dtrace_meta_provider_id_t fasttrap_meta_id; 157 158 static struct proc *fasttrap_cleanup_proc; 159 static struct mtx fasttrap_cleanup_mtx; 160 static uint_t fasttrap_cleanup_work, fasttrap_cleanup_drain, fasttrap_cleanup_cv; 161 162 /* 163 * Generation count on modifications to the global tracepoint lookup table. 164 */ 165 static volatile uint64_t fasttrap_mod_gen; 166 167 /* 168 * When the fasttrap provider is loaded, fasttrap_max is set to either 169 * FASTTRAP_MAX_DEFAULT or the value for fasttrap-max-probes in the 170 * fasttrap.conf file. Each time a probe is created, fasttrap_total is 171 * incremented by the number of tracepoints that may be associated with that 172 * probe; fasttrap_total is capped at fasttrap_max. 173 */ 174 #define FASTTRAP_MAX_DEFAULT 250000 175 static uint32_t fasttrap_max; 176 static uint32_t fasttrap_total; 177 178 /* 179 * Copyright (c) 2011, Joyent, Inc. All rights reserved. 180 */ 181 182 #define FASTTRAP_TPOINTS_DEFAULT_SIZE 0x4000 183 #define FASTTRAP_PROVIDERS_DEFAULT_SIZE 0x100 184 #define FASTTRAP_PROCS_DEFAULT_SIZE 0x100 185 186 #define FASTTRAP_PID_NAME "pid" 187 188 fasttrap_hash_t fasttrap_tpoints; 189 static fasttrap_hash_t fasttrap_provs; 190 static fasttrap_hash_t fasttrap_procs; 191 192 static uint64_t fasttrap_pid_count; /* pid ref count */ 193 static kmutex_t fasttrap_count_mtx; /* lock on ref count */ 194 195 #define FASTTRAP_ENABLE_FAIL 1 196 #define FASTTRAP_ENABLE_PARTIAL 2 197 198 static int fasttrap_tracepoint_enable(proc_t *, fasttrap_probe_t *, uint_t); 199 static void fasttrap_tracepoint_disable(proc_t *, fasttrap_probe_t *, uint_t); 200 201 static fasttrap_provider_t *fasttrap_provider_lookup(pid_t, const char *, 202 const dtrace_pattr_t *); 203 static void fasttrap_provider_retire(pid_t, const char *, int); 204 static void fasttrap_provider_free(fasttrap_provider_t *); 205 206 static fasttrap_proc_t *fasttrap_proc_lookup(pid_t); 207 static void fasttrap_proc_release(fasttrap_proc_t *); 208 209 #define FASTTRAP_PROVS_INDEX(pid, name) \ 210 ((fasttrap_hash_str(name) + (pid)) & fasttrap_provs.fth_mask) 211 212 #define FASTTRAP_PROCS_INDEX(pid) ((pid) & fasttrap_procs.fth_mask) 213 214 #if !defined(sun) 215 static kmutex_t fasttrap_cpuc_pid_lock[MAXCPU]; 216 #endif 217 218 static int 219 fasttrap_highbit(ulong_t i) 220 { 221 int h = 1; 222 223 if (i == 0) 224 return (0); 225 #ifdef _LP64 226 if (i & 0xffffffff00000000ul) { 227 h += 32; i >>= 32; 228 } 229 #endif 230 if (i & 0xffff0000) { 231 h += 16; i >>= 16; 232 } 233 if (i & 0xff00) { 234 h += 8; i >>= 8; 235 } 236 if (i & 0xf0) { 237 h += 4; i >>= 4; 238 } 239 if (i & 0xc) { 240 h += 2; i >>= 2; 241 } 242 if (i & 0x2) { 243 h += 1; 244 } 245 return (h); 246 } 247 248 static uint_t 249 fasttrap_hash_str(const char *p) 250 { 251 unsigned int g; 252 uint_t hval = 0; 253 254 while (*p) { 255 hval = (hval << 4) + *p++; 256 if ((g = (hval & 0xf0000000)) != 0) 257 hval ^= g >> 24; 258 hval &= ~g; 259 } 260 return (hval); 261 } 262 263 void 264 fasttrap_sigtrap(proc_t *p, kthread_t *t, uintptr_t pc) 265 { 266 #if defined(sun) 267 sigqueue_t *sqp = kmem_zalloc(sizeof (sigqueue_t), KM_SLEEP); 268 269 sqp->sq_info.si_signo = SIGTRAP; 270 sqp->sq_info.si_code = TRAP_DTRACE; 271 sqp->sq_info.si_addr = (caddr_t)pc; 272 273 mutex_enter(&p->p_lock); 274 sigaddqa(p, t, sqp); 275 mutex_exit(&p->p_lock); 276 277 if (t != NULL) 278 aston(t); 279 #else 280 ksiginfo_t *ksi = kmem_zalloc(sizeof (ksiginfo_t), KM_SLEEP); 281 282 ksiginfo_init(ksi); 283 ksi->ksi_signo = SIGTRAP; 284 ksi->ksi_code = TRAP_DTRACE; 285 ksi->ksi_addr = (caddr_t)pc; 286 PROC_LOCK(p); 287 (void) tdksignal(t, SIGTRAP, ksi); 288 PROC_UNLOCK(p); 289 #endif 290 } 291 292 /* 293 * This function ensures that no threads are actively using the memory 294 * associated with probes that were formerly live. 295 */ 296 static void 297 fasttrap_mod_barrier(uint64_t gen) 298 { 299 int i; 300 301 if (gen < fasttrap_mod_gen) 302 return; 303 304 fasttrap_mod_gen++; 305 306 CPU_FOREACH(i) { 307 mutex_enter(&fasttrap_cpuc_pid_lock[i]); 308 mutex_exit(&fasttrap_cpuc_pid_lock[i]); 309 } 310 } 311 312 /* 313 * This function performs asynchronous cleanup of fasttrap providers. The 314 * Solaris implementation of this mechanism use a timeout that's activated in 315 * fasttrap_pid_cleanup(), but this doesn't work in FreeBSD: one may sleep while 316 * holding the DTrace mutexes, but it is unsafe to sleep in a callout handler. 317 * Thus we use a dedicated process to perform the cleanup when requested. 318 */ 319 /*ARGSUSED*/ 320 static void 321 fasttrap_pid_cleanup_cb(void *data) 322 { 323 fasttrap_provider_t **fpp, *fp; 324 fasttrap_bucket_t *bucket; 325 dtrace_provider_id_t provid; 326 int i, later = 0, rval; 327 328 mtx_lock(&fasttrap_cleanup_mtx); 329 while (!fasttrap_cleanup_drain || later > 0) { 330 fasttrap_cleanup_work = 0; 331 mtx_unlock(&fasttrap_cleanup_mtx); 332 333 later = 0; 334 335 /* 336 * Iterate over all the providers trying to remove the marked 337 * ones. If a provider is marked but not retired, we just 338 * have to take a crack at removing it -- it's no big deal if 339 * we can't. 340 */ 341 for (i = 0; i < fasttrap_provs.fth_nent; i++) { 342 bucket = &fasttrap_provs.fth_table[i]; 343 mutex_enter(&bucket->ftb_mtx); 344 fpp = (fasttrap_provider_t **)&bucket->ftb_data; 345 346 while ((fp = *fpp) != NULL) { 347 if (!fp->ftp_marked) { 348 fpp = &fp->ftp_next; 349 continue; 350 } 351 352 mutex_enter(&fp->ftp_mtx); 353 354 /* 355 * If this provider has consumers actively 356 * creating probes (ftp_ccount) or is a USDT 357 * provider (ftp_mcount), we can't unregister 358 * or even condense. 359 */ 360 if (fp->ftp_ccount != 0 || 361 fp->ftp_mcount != 0) { 362 mutex_exit(&fp->ftp_mtx); 363 fp->ftp_marked = 0; 364 continue; 365 } 366 367 if (!fp->ftp_retired || fp->ftp_rcount != 0) 368 fp->ftp_marked = 0; 369 370 mutex_exit(&fp->ftp_mtx); 371 372 /* 373 * If we successfully unregister this 374 * provider we can remove it from the hash 375 * chain and free the memory. If our attempt 376 * to unregister fails and this is a retired 377 * provider, increment our flag to try again 378 * pretty soon. If we've consumed more than 379 * half of our total permitted number of 380 * probes call dtrace_condense() to try to 381 * clean out the unenabled probes. 382 */ 383 provid = fp->ftp_provid; 384 if ((rval = dtrace_unregister(provid)) != 0) { 385 if (fasttrap_total > fasttrap_max / 2) 386 (void) dtrace_condense(provid); 387 388 if (rval == EAGAIN) 389 fp->ftp_marked = 1; 390 391 later += fp->ftp_marked; 392 fpp = &fp->ftp_next; 393 } else { 394 *fpp = fp->ftp_next; 395 fasttrap_provider_free(fp); 396 } 397 } 398 mutex_exit(&bucket->ftb_mtx); 399 } 400 mtx_lock(&fasttrap_cleanup_mtx); 401 402 /* 403 * If we were unable to retire a provider, try again after a 404 * second. This situation can occur in certain circumstances 405 * where providers cannot be unregistered even though they have 406 * no probes enabled because of an execution of dtrace -l or 407 * something similar. 408 */ 409 if (later > 0 || fasttrap_cleanup_work || 410 fasttrap_cleanup_drain) { 411 mtx_unlock(&fasttrap_cleanup_mtx); 412 pause("ftclean", hz); 413 mtx_lock(&fasttrap_cleanup_mtx); 414 } else 415 mtx_sleep(&fasttrap_cleanup_cv, &fasttrap_cleanup_mtx, 416 0, "ftcl", 0); 417 } 418 419 /* 420 * Wake up the thread in fasttrap_unload() now that we're done. 421 */ 422 wakeup(&fasttrap_cleanup_drain); 423 mtx_unlock(&fasttrap_cleanup_mtx); 424 425 kthread_exit(); 426 } 427 428 /* 429 * Activates the asynchronous cleanup mechanism. 430 */ 431 static void 432 fasttrap_pid_cleanup(void) 433 { 434 435 mtx_lock(&fasttrap_cleanup_mtx); 436 if (!fasttrap_cleanup_work) { 437 fasttrap_cleanup_work = 1; 438 wakeup(&fasttrap_cleanup_cv); 439 } 440 mtx_unlock(&fasttrap_cleanup_mtx); 441 } 442 443 /* 444 * This is called from cfork() via dtrace_fasttrap_fork(). The child 445 * process's address space is (roughly) a copy of the parent process's so 446 * we have to remove all the instrumentation we had previously enabled in the 447 * parent. 448 */ 449 static void 450 fasttrap_fork(proc_t *p, proc_t *cp) 451 { 452 pid_t ppid = p->p_pid; 453 int i; 454 455 #if defined(sun) 456 ASSERT(curproc == p); 457 ASSERT(p->p_proc_flag & P_PR_LOCK); 458 #else 459 PROC_LOCK_ASSERT(p, MA_OWNED); 460 #endif 461 #if defined(sun) 462 ASSERT(p->p_dtrace_count > 0); 463 #else 464 if (p->p_dtrace_helpers) { 465 /* 466 * dtrace_helpers_duplicate() allocates memory. 467 */ 468 _PHOLD(cp); 469 PROC_UNLOCK(p); 470 PROC_UNLOCK(cp); 471 dtrace_helpers_duplicate(p, cp); 472 PROC_LOCK(cp); 473 PROC_LOCK(p); 474 _PRELE(cp); 475 } 476 /* 477 * This check is purposely here instead of in kern_fork.c because, 478 * for legal resons, we cannot include the dtrace_cddl.h header 479 * inside kern_fork.c and insert if-clause there. 480 */ 481 if (p->p_dtrace_count == 0) 482 return; 483 #endif 484 ASSERT(cp->p_dtrace_count == 0); 485 486 /* 487 * This would be simpler and faster if we maintained per-process 488 * hash tables of enabled tracepoints. It could, however, potentially 489 * slow down execution of a tracepoint since we'd need to go 490 * through two levels of indirection. In the future, we should 491 * consider either maintaining per-process ancillary lists of 492 * enabled tracepoints or hanging a pointer to a per-process hash 493 * table of enabled tracepoints off the proc structure. 494 */ 495 496 /* 497 * We don't have to worry about the child process disappearing 498 * because we're in fork(). 499 */ 500 #if defined(sun) 501 mtx_lock_spin(&cp->p_slock); 502 sprlock_proc(cp); 503 mtx_unlock_spin(&cp->p_slock); 504 #else 505 /* 506 * fasttrap_tracepoint_remove() expects the child process to be 507 * unlocked and the VM then expects curproc to be unlocked. 508 */ 509 _PHOLD(cp); 510 PROC_UNLOCK(cp); 511 PROC_UNLOCK(p); 512 #endif 513 514 /* 515 * Iterate over every tracepoint looking for ones that belong to the 516 * parent process, and remove each from the child process. 517 */ 518 for (i = 0; i < fasttrap_tpoints.fth_nent; i++) { 519 fasttrap_tracepoint_t *tp; 520 fasttrap_bucket_t *bucket = &fasttrap_tpoints.fth_table[i]; 521 522 mutex_enter(&bucket->ftb_mtx); 523 for (tp = bucket->ftb_data; tp != NULL; tp = tp->ftt_next) { 524 if (tp->ftt_pid == ppid && 525 tp->ftt_proc->ftpc_acount != 0) { 526 int ret = fasttrap_tracepoint_remove(cp, tp); 527 ASSERT(ret == 0); 528 529 /* 530 * The count of active providers can only be 531 * decremented (i.e. to zero) during exec, 532 * exit, and removal of a meta provider so it 533 * should be impossible to drop the count 534 * mid-fork. 535 */ 536 ASSERT(tp->ftt_proc->ftpc_acount != 0); 537 } 538 } 539 mutex_exit(&bucket->ftb_mtx); 540 } 541 542 #if defined(sun) 543 mutex_enter(&cp->p_lock); 544 sprunlock(cp); 545 #else 546 PROC_LOCK(p); 547 PROC_LOCK(cp); 548 _PRELE(cp); 549 #endif 550 } 551 552 /* 553 * This is called from proc_exit() or from exec_common() if p_dtrace_probes 554 * is set on the proc structure to indicate that there is a pid provider 555 * associated with this process. 556 */ 557 static void 558 fasttrap_exec_exit(proc_t *p) 559 { 560 #if defined(sun) 561 ASSERT(p == curproc); 562 #endif 563 PROC_LOCK_ASSERT(p, MA_OWNED); 564 _PHOLD(p); 565 PROC_UNLOCK(p); 566 567 /* 568 * We clean up the pid provider for this process here; user-land 569 * static probes are handled by the meta-provider remove entry point. 570 */ 571 fasttrap_provider_retire(p->p_pid, FASTTRAP_PID_NAME, 0); 572 #if !defined(sun) 573 if (p->p_dtrace_helpers) 574 dtrace_helpers_destroy(p); 575 #endif 576 PROC_LOCK(p); 577 _PRELE(p); 578 } 579 580 581 /*ARGSUSED*/ 582 static void 583 fasttrap_pid_provide(void *arg, dtrace_probedesc_t *desc) 584 { 585 /* 586 * There are no "default" pid probes. 587 */ 588 } 589 590 static int 591 fasttrap_tracepoint_enable(proc_t *p, fasttrap_probe_t *probe, uint_t index) 592 { 593 fasttrap_tracepoint_t *tp, *new_tp = NULL; 594 fasttrap_bucket_t *bucket; 595 fasttrap_id_t *id; 596 pid_t pid; 597 uintptr_t pc; 598 599 ASSERT(index < probe->ftp_ntps); 600 601 pid = probe->ftp_pid; 602 pc = probe->ftp_tps[index].fit_tp->ftt_pc; 603 id = &probe->ftp_tps[index].fit_id; 604 605 ASSERT(probe->ftp_tps[index].fit_tp->ftt_pid == pid); 606 607 #if defined(sun) 608 ASSERT(!(p->p_flag & SVFORK)); 609 #endif 610 611 /* 612 * Before we make any modifications, make sure we've imposed a barrier 613 * on the generation in which this probe was last modified. 614 */ 615 fasttrap_mod_barrier(probe->ftp_gen); 616 617 bucket = &fasttrap_tpoints.fth_table[FASTTRAP_TPOINTS_INDEX(pid, pc)]; 618 619 /* 620 * If the tracepoint has already been enabled, just add our id to the 621 * list of interested probes. This may be our second time through 622 * this path in which case we'll have constructed the tracepoint we'd 623 * like to install. If we can't find a match, and have an allocated 624 * tracepoint ready to go, enable that one now. 625 * 626 * A tracepoint whose process is defunct is also considered defunct. 627 */ 628 again: 629 mutex_enter(&bucket->ftb_mtx); 630 for (tp = bucket->ftb_data; tp != NULL; tp = tp->ftt_next) { 631 /* 632 * Note that it's safe to access the active count on the 633 * associated proc structure because we know that at least one 634 * provider (this one) will still be around throughout this 635 * operation. 636 */ 637 if (tp->ftt_pid != pid || tp->ftt_pc != pc || 638 tp->ftt_proc->ftpc_acount == 0) 639 continue; 640 641 /* 642 * Now that we've found a matching tracepoint, it would be 643 * a decent idea to confirm that the tracepoint is still 644 * enabled and the trap instruction hasn't been overwritten. 645 * Since this is a little hairy, we'll punt for now. 646 */ 647 648 /* 649 * This can't be the first interested probe. We don't have 650 * to worry about another thread being in the midst of 651 * deleting this tracepoint (which would be the only valid 652 * reason for a tracepoint to have no interested probes) 653 * since we're holding P_PR_LOCK for this process. 654 */ 655 ASSERT(tp->ftt_ids != NULL || tp->ftt_retids != NULL); 656 657 switch (id->fti_ptype) { 658 case DTFTP_ENTRY: 659 case DTFTP_OFFSETS: 660 case DTFTP_IS_ENABLED: 661 id->fti_next = tp->ftt_ids; 662 membar_producer(); 663 tp->ftt_ids = id; 664 membar_producer(); 665 break; 666 667 case DTFTP_RETURN: 668 case DTFTP_POST_OFFSETS: 669 id->fti_next = tp->ftt_retids; 670 membar_producer(); 671 tp->ftt_retids = id; 672 membar_producer(); 673 break; 674 675 default: 676 ASSERT(0); 677 } 678 679 mutex_exit(&bucket->ftb_mtx); 680 681 if (new_tp != NULL) { 682 new_tp->ftt_ids = NULL; 683 new_tp->ftt_retids = NULL; 684 } 685 686 return (0); 687 } 688 689 /* 690 * If we have a good tracepoint ready to go, install it now while 691 * we have the lock held and no one can screw with us. 692 */ 693 if (new_tp != NULL) { 694 int rc = 0; 695 696 new_tp->ftt_next = bucket->ftb_data; 697 membar_producer(); 698 bucket->ftb_data = new_tp; 699 membar_producer(); 700 mutex_exit(&bucket->ftb_mtx); 701 702 /* 703 * Activate the tracepoint in the ISA-specific manner. 704 * If this fails, we need to report the failure, but 705 * indicate that this tracepoint must still be disabled 706 * by calling fasttrap_tracepoint_disable(). 707 */ 708 if (fasttrap_tracepoint_install(p, new_tp) != 0) 709 rc = FASTTRAP_ENABLE_PARTIAL; 710 711 /* 712 * Increment the count of the number of tracepoints active in 713 * the victim process. 714 */ 715 #if defined(sun) 716 ASSERT(p->p_proc_flag & P_PR_LOCK); 717 #endif 718 p->p_dtrace_count++; 719 720 return (rc); 721 } 722 723 mutex_exit(&bucket->ftb_mtx); 724 725 /* 726 * Initialize the tracepoint that's been preallocated with the probe. 727 */ 728 new_tp = probe->ftp_tps[index].fit_tp; 729 730 ASSERT(new_tp->ftt_pid == pid); 731 ASSERT(new_tp->ftt_pc == pc); 732 ASSERT(new_tp->ftt_proc == probe->ftp_prov->ftp_proc); 733 ASSERT(new_tp->ftt_ids == NULL); 734 ASSERT(new_tp->ftt_retids == NULL); 735 736 switch (id->fti_ptype) { 737 case DTFTP_ENTRY: 738 case DTFTP_OFFSETS: 739 case DTFTP_IS_ENABLED: 740 id->fti_next = NULL; 741 new_tp->ftt_ids = id; 742 break; 743 744 case DTFTP_RETURN: 745 case DTFTP_POST_OFFSETS: 746 id->fti_next = NULL; 747 new_tp->ftt_retids = id; 748 break; 749 750 default: 751 ASSERT(0); 752 } 753 754 /* 755 * If the ISA-dependent initialization goes to plan, go back to the 756 * beginning and try to install this freshly made tracepoint. 757 */ 758 if (fasttrap_tracepoint_init(p, new_tp, pc, id->fti_ptype) == 0) 759 goto again; 760 761 new_tp->ftt_ids = NULL; 762 new_tp->ftt_retids = NULL; 763 764 return (FASTTRAP_ENABLE_FAIL); 765 } 766 767 static void 768 fasttrap_tracepoint_disable(proc_t *p, fasttrap_probe_t *probe, uint_t index) 769 { 770 fasttrap_bucket_t *bucket; 771 fasttrap_provider_t *provider = probe->ftp_prov; 772 fasttrap_tracepoint_t **pp, *tp; 773 fasttrap_id_t *id, **idp = NULL; 774 pid_t pid; 775 uintptr_t pc; 776 777 ASSERT(index < probe->ftp_ntps); 778 779 pid = probe->ftp_pid; 780 pc = probe->ftp_tps[index].fit_tp->ftt_pc; 781 id = &probe->ftp_tps[index].fit_id; 782 783 ASSERT(probe->ftp_tps[index].fit_tp->ftt_pid == pid); 784 785 /* 786 * Find the tracepoint and make sure that our id is one of the 787 * ones registered with it. 788 */ 789 bucket = &fasttrap_tpoints.fth_table[FASTTRAP_TPOINTS_INDEX(pid, pc)]; 790 mutex_enter(&bucket->ftb_mtx); 791 for (tp = bucket->ftb_data; tp != NULL; tp = tp->ftt_next) { 792 if (tp->ftt_pid == pid && tp->ftt_pc == pc && 793 tp->ftt_proc == provider->ftp_proc) 794 break; 795 } 796 797 /* 798 * If we somehow lost this tracepoint, we're in a world of hurt. 799 */ 800 ASSERT(tp != NULL); 801 802 switch (id->fti_ptype) { 803 case DTFTP_ENTRY: 804 case DTFTP_OFFSETS: 805 case DTFTP_IS_ENABLED: 806 ASSERT(tp->ftt_ids != NULL); 807 idp = &tp->ftt_ids; 808 break; 809 810 case DTFTP_RETURN: 811 case DTFTP_POST_OFFSETS: 812 ASSERT(tp->ftt_retids != NULL); 813 idp = &tp->ftt_retids; 814 break; 815 816 default: 817 ASSERT(0); 818 } 819 820 while ((*idp)->fti_probe != probe) { 821 idp = &(*idp)->fti_next; 822 ASSERT(*idp != NULL); 823 } 824 825 id = *idp; 826 *idp = id->fti_next; 827 membar_producer(); 828 829 ASSERT(id->fti_probe == probe); 830 831 /* 832 * If there are other registered enablings of this tracepoint, we're 833 * all done, but if this was the last probe assocated with this 834 * this tracepoint, we need to remove and free it. 835 */ 836 if (tp->ftt_ids != NULL || tp->ftt_retids != NULL) { 837 838 /* 839 * If the current probe's tracepoint is in use, swap it 840 * for an unused tracepoint. 841 */ 842 if (tp == probe->ftp_tps[index].fit_tp) { 843 fasttrap_probe_t *tmp_probe; 844 fasttrap_tracepoint_t **tmp_tp; 845 uint_t tmp_index; 846 847 if (tp->ftt_ids != NULL) { 848 tmp_probe = tp->ftt_ids->fti_probe; 849 /* LINTED - alignment */ 850 tmp_index = FASTTRAP_ID_INDEX(tp->ftt_ids); 851 tmp_tp = &tmp_probe->ftp_tps[tmp_index].fit_tp; 852 } else { 853 tmp_probe = tp->ftt_retids->fti_probe; 854 /* LINTED - alignment */ 855 tmp_index = FASTTRAP_ID_INDEX(tp->ftt_retids); 856 tmp_tp = &tmp_probe->ftp_tps[tmp_index].fit_tp; 857 } 858 859 ASSERT(*tmp_tp != NULL); 860 ASSERT(*tmp_tp != probe->ftp_tps[index].fit_tp); 861 ASSERT((*tmp_tp)->ftt_ids == NULL); 862 ASSERT((*tmp_tp)->ftt_retids == NULL); 863 864 probe->ftp_tps[index].fit_tp = *tmp_tp; 865 *tmp_tp = tp; 866 } 867 868 mutex_exit(&bucket->ftb_mtx); 869 870 /* 871 * Tag the modified probe with the generation in which it was 872 * changed. 873 */ 874 probe->ftp_gen = fasttrap_mod_gen; 875 return; 876 } 877 878 mutex_exit(&bucket->ftb_mtx); 879 880 /* 881 * We can't safely remove the tracepoint from the set of active 882 * tracepoints until we've actually removed the fasttrap instruction 883 * from the process's text. We can, however, operate on this 884 * tracepoint secure in the knowledge that no other thread is going to 885 * be looking at it since we hold P_PR_LOCK on the process if it's 886 * live or we hold the provider lock on the process if it's dead and 887 * gone. 888 */ 889 890 /* 891 * We only need to remove the actual instruction if we're looking 892 * at an existing process 893 */ 894 if (p != NULL) { 895 /* 896 * If we fail to restore the instruction we need to kill 897 * this process since it's in a completely unrecoverable 898 * state. 899 */ 900 if (fasttrap_tracepoint_remove(p, tp) != 0) 901 fasttrap_sigtrap(p, NULL, pc); 902 903 /* 904 * Decrement the count of the number of tracepoints active 905 * in the victim process. 906 */ 907 #if defined(sun) 908 ASSERT(p->p_proc_flag & P_PR_LOCK); 909 #endif 910 p->p_dtrace_count--; 911 } 912 913 /* 914 * Remove the probe from the hash table of active tracepoints. 915 */ 916 mutex_enter(&bucket->ftb_mtx); 917 pp = (fasttrap_tracepoint_t **)&bucket->ftb_data; 918 ASSERT(*pp != NULL); 919 while (*pp != tp) { 920 pp = &(*pp)->ftt_next; 921 ASSERT(*pp != NULL); 922 } 923 924 *pp = tp->ftt_next; 925 membar_producer(); 926 927 mutex_exit(&bucket->ftb_mtx); 928 929 /* 930 * Tag the modified probe with the generation in which it was changed. 931 */ 932 probe->ftp_gen = fasttrap_mod_gen; 933 } 934 935 static void 936 fasttrap_enable_callbacks(void) 937 { 938 /* 939 * We don't have to play the rw lock game here because we're 940 * providing something rather than taking something away -- 941 * we can be sure that no threads have tried to follow this 942 * function pointer yet. 943 */ 944 mutex_enter(&fasttrap_count_mtx); 945 if (fasttrap_pid_count == 0) { 946 ASSERT(dtrace_pid_probe_ptr == NULL); 947 ASSERT(dtrace_return_probe_ptr == NULL); 948 dtrace_pid_probe_ptr = &fasttrap_pid_probe; 949 dtrace_return_probe_ptr = &fasttrap_return_probe; 950 } 951 ASSERT(dtrace_pid_probe_ptr == &fasttrap_pid_probe); 952 ASSERT(dtrace_return_probe_ptr == &fasttrap_return_probe); 953 fasttrap_pid_count++; 954 mutex_exit(&fasttrap_count_mtx); 955 } 956 957 static void 958 fasttrap_disable_callbacks(void) 959 { 960 #if defined(sun) 961 ASSERT(MUTEX_HELD(&cpu_lock)); 962 #endif 963 964 965 mutex_enter(&fasttrap_count_mtx); 966 ASSERT(fasttrap_pid_count > 0); 967 fasttrap_pid_count--; 968 if (fasttrap_pid_count == 0) { 969 #if defined(sun) 970 cpu_t *cur, *cpu = CPU; 971 972 for (cur = cpu->cpu_next_onln; cur != cpu; 973 cur = cur->cpu_next_onln) { 974 rw_enter(&cur->cpu_ft_lock, RW_WRITER); 975 } 976 #endif 977 dtrace_pid_probe_ptr = NULL; 978 dtrace_return_probe_ptr = NULL; 979 #if defined(sun) 980 for (cur = cpu->cpu_next_onln; cur != cpu; 981 cur = cur->cpu_next_onln) { 982 rw_exit(&cur->cpu_ft_lock); 983 } 984 #endif 985 } 986 mutex_exit(&fasttrap_count_mtx); 987 } 988 989 /*ARGSUSED*/ 990 static void 991 fasttrap_pid_enable(void *arg, dtrace_id_t id, void *parg) 992 { 993 fasttrap_probe_t *probe = parg; 994 proc_t *p = NULL; 995 int i, rc; 996 997 ASSERT(probe != NULL); 998 ASSERT(!probe->ftp_enabled); 999 ASSERT(id == probe->ftp_id); 1000 #if defined(sun) 1001 ASSERT(MUTEX_HELD(&cpu_lock)); 1002 #endif 1003 1004 /* 1005 * Increment the count of enabled probes on this probe's provider; 1006 * the provider can't go away while the probe still exists. We 1007 * must increment this even if we aren't able to properly enable 1008 * this probe. 1009 */ 1010 mutex_enter(&probe->ftp_prov->ftp_mtx); 1011 probe->ftp_prov->ftp_rcount++; 1012 mutex_exit(&probe->ftp_prov->ftp_mtx); 1013 1014 /* 1015 * If this probe's provider is retired (meaning it was valid in a 1016 * previously exec'ed incarnation of this address space), bail out. The 1017 * provider can't go away while we're in this code path. 1018 */ 1019 if (probe->ftp_prov->ftp_retired) 1020 return; 1021 1022 /* 1023 * If we can't find the process, it may be that we're in the context of 1024 * a fork in which the traced process is being born and we're copying 1025 * USDT probes. Otherwise, the process is gone so bail. 1026 */ 1027 #if defined(sun) 1028 if ((p = sprlock(probe->ftp_pid)) == NULL) { 1029 if ((curproc->p_flag & SFORKING) == 0) 1030 return; 1031 1032 mutex_enter(&pidlock); 1033 p = prfind(probe->ftp_pid); 1034 1035 /* 1036 * Confirm that curproc is indeed forking the process in which 1037 * we're trying to enable probes. 1038 */ 1039 ASSERT(p != NULL); 1040 ASSERT(p->p_parent == curproc); 1041 ASSERT(p->p_stat == SIDL); 1042 1043 mutex_enter(&p->p_lock); 1044 mutex_exit(&pidlock); 1045 1046 sprlock_proc(p); 1047 } 1048 1049 ASSERT(!(p->p_flag & SVFORK)); 1050 mutex_exit(&p->p_lock); 1051 #else 1052 if ((p = pfind(probe->ftp_pid)) == NULL) 1053 return; 1054 #endif 1055 1056 /* 1057 * We have to enable the trap entry point before any user threads have 1058 * the chance to execute the trap instruction we're about to place 1059 * in their process's text. 1060 */ 1061 #ifdef __FreeBSD__ 1062 /* 1063 * pfind() returns a locked process. 1064 */ 1065 _PHOLD(p); 1066 PROC_UNLOCK(p); 1067 #endif 1068 fasttrap_enable_callbacks(); 1069 1070 /* 1071 * Enable all the tracepoints and add this probe's id to each 1072 * tracepoint's list of active probes. 1073 */ 1074 for (i = 0; i < probe->ftp_ntps; i++) { 1075 if ((rc = fasttrap_tracepoint_enable(p, probe, i)) != 0) { 1076 /* 1077 * If enabling the tracepoint failed completely, 1078 * we don't have to disable it; if the failure 1079 * was only partial we must disable it. 1080 */ 1081 if (rc == FASTTRAP_ENABLE_FAIL) 1082 i--; 1083 else 1084 ASSERT(rc == FASTTRAP_ENABLE_PARTIAL); 1085 1086 /* 1087 * Back up and pull out all the tracepoints we've 1088 * created so far for this probe. 1089 */ 1090 while (i >= 0) { 1091 fasttrap_tracepoint_disable(p, probe, i); 1092 i--; 1093 } 1094 1095 #if defined(sun) 1096 mutex_enter(&p->p_lock); 1097 sprunlock(p); 1098 #else 1099 PRELE(p); 1100 #endif 1101 1102 /* 1103 * Since we're not actually enabling this probe, 1104 * drop our reference on the trap table entry. 1105 */ 1106 fasttrap_disable_callbacks(); 1107 return; 1108 } 1109 } 1110 #if defined(sun) 1111 mutex_enter(&p->p_lock); 1112 sprunlock(p); 1113 #else 1114 PRELE(p); 1115 #endif 1116 1117 probe->ftp_enabled = 1; 1118 } 1119 1120 /*ARGSUSED*/ 1121 static void 1122 fasttrap_pid_disable(void *arg, dtrace_id_t id, void *parg) 1123 { 1124 fasttrap_probe_t *probe = parg; 1125 fasttrap_provider_t *provider = probe->ftp_prov; 1126 proc_t *p; 1127 int i, whack = 0; 1128 1129 ASSERT(id == probe->ftp_id); 1130 1131 mutex_enter(&provider->ftp_mtx); 1132 1133 /* 1134 * We won't be able to acquire a /proc-esque lock on the process 1135 * iff the process is dead and gone. In this case, we rely on the 1136 * provider lock as a point of mutual exclusion to prevent other 1137 * DTrace consumers from disabling this probe. 1138 */ 1139 if ((p = pfind(probe->ftp_pid)) != NULL) { 1140 #ifdef __FreeBSD__ 1141 _PHOLD(p); 1142 PROC_UNLOCK(p); 1143 #endif 1144 } 1145 1146 /* 1147 * Disable all the associated tracepoints (for fully enabled probes). 1148 */ 1149 if (probe->ftp_enabled) { 1150 for (i = 0; i < probe->ftp_ntps; i++) { 1151 fasttrap_tracepoint_disable(p, probe, i); 1152 } 1153 } 1154 1155 ASSERT(provider->ftp_rcount > 0); 1156 provider->ftp_rcount--; 1157 1158 if (p != NULL) { 1159 /* 1160 * Even though we may not be able to remove it entirely, we 1161 * mark this retired provider to get a chance to remove some 1162 * of the associated probes. 1163 */ 1164 if (provider->ftp_retired && !provider->ftp_marked) 1165 whack = provider->ftp_marked = 1; 1166 mutex_exit(&provider->ftp_mtx); 1167 } else { 1168 /* 1169 * If the process is dead, we're just waiting for the 1170 * last probe to be disabled to be able to free it. 1171 */ 1172 if (provider->ftp_rcount == 0 && !provider->ftp_marked) 1173 whack = provider->ftp_marked = 1; 1174 mutex_exit(&provider->ftp_mtx); 1175 } 1176 1177 if (whack) 1178 fasttrap_pid_cleanup(); 1179 1180 #ifdef __FreeBSD__ 1181 if (p != NULL) 1182 PRELE(p); 1183 #endif 1184 if (!probe->ftp_enabled) 1185 return; 1186 1187 probe->ftp_enabled = 0; 1188 1189 #if defined(sun) 1190 ASSERT(MUTEX_HELD(&cpu_lock)); 1191 #endif 1192 fasttrap_disable_callbacks(); 1193 } 1194 1195 /*ARGSUSED*/ 1196 static void 1197 fasttrap_pid_getargdesc(void *arg, dtrace_id_t id, void *parg, 1198 dtrace_argdesc_t *desc) 1199 { 1200 fasttrap_probe_t *probe = parg; 1201 char *str; 1202 int i, ndx; 1203 1204 desc->dtargd_native[0] = '\0'; 1205 desc->dtargd_xlate[0] = '\0'; 1206 1207 if (probe->ftp_prov->ftp_retired != 0 || 1208 desc->dtargd_ndx >= probe->ftp_nargs) { 1209 desc->dtargd_ndx = DTRACE_ARGNONE; 1210 return; 1211 } 1212 1213 ndx = (probe->ftp_argmap != NULL) ? 1214 probe->ftp_argmap[desc->dtargd_ndx] : desc->dtargd_ndx; 1215 1216 str = probe->ftp_ntypes; 1217 for (i = 0; i < ndx; i++) { 1218 str += strlen(str) + 1; 1219 } 1220 1221 ASSERT(strlen(str + 1) < sizeof (desc->dtargd_native)); 1222 (void) strcpy(desc->dtargd_native, str); 1223 1224 if (probe->ftp_xtypes == NULL) 1225 return; 1226 1227 str = probe->ftp_xtypes; 1228 for (i = 0; i < desc->dtargd_ndx; i++) { 1229 str += strlen(str) + 1; 1230 } 1231 1232 ASSERT(strlen(str + 1) < sizeof (desc->dtargd_xlate)); 1233 (void) strcpy(desc->dtargd_xlate, str); 1234 } 1235 1236 /*ARGSUSED*/ 1237 static void 1238 fasttrap_pid_destroy(void *arg, dtrace_id_t id, void *parg) 1239 { 1240 fasttrap_probe_t *probe = parg; 1241 int i; 1242 size_t size; 1243 1244 ASSERT(probe != NULL); 1245 ASSERT(!probe->ftp_enabled); 1246 ASSERT(fasttrap_total >= probe->ftp_ntps); 1247 1248 atomic_add_32(&fasttrap_total, -probe->ftp_ntps); 1249 size = offsetof(fasttrap_probe_t, ftp_tps[probe->ftp_ntps]); 1250 1251 if (probe->ftp_gen + 1 >= fasttrap_mod_gen) 1252 fasttrap_mod_barrier(probe->ftp_gen); 1253 1254 for (i = 0; i < probe->ftp_ntps; i++) { 1255 kmem_free(probe->ftp_tps[i].fit_tp, 1256 sizeof (fasttrap_tracepoint_t)); 1257 } 1258 1259 kmem_free(probe, size); 1260 } 1261 1262 1263 static const dtrace_pattr_t pid_attr = { 1264 { DTRACE_STABILITY_EVOLVING, DTRACE_STABILITY_EVOLVING, DTRACE_CLASS_ISA }, 1265 { DTRACE_STABILITY_PRIVATE, DTRACE_STABILITY_PRIVATE, DTRACE_CLASS_UNKNOWN }, 1266 { DTRACE_STABILITY_PRIVATE, DTRACE_STABILITY_PRIVATE, DTRACE_CLASS_UNKNOWN }, 1267 { DTRACE_STABILITY_EVOLVING, DTRACE_STABILITY_EVOLVING, DTRACE_CLASS_ISA }, 1268 { DTRACE_STABILITY_PRIVATE, DTRACE_STABILITY_PRIVATE, DTRACE_CLASS_UNKNOWN }, 1269 }; 1270 1271 static dtrace_pops_t pid_pops = { 1272 fasttrap_pid_provide, 1273 NULL, 1274 fasttrap_pid_enable, 1275 fasttrap_pid_disable, 1276 NULL, 1277 NULL, 1278 fasttrap_pid_getargdesc, 1279 fasttrap_pid_getarg, 1280 NULL, 1281 fasttrap_pid_destroy 1282 }; 1283 1284 static dtrace_pops_t usdt_pops = { 1285 fasttrap_pid_provide, 1286 NULL, 1287 fasttrap_pid_enable, 1288 fasttrap_pid_disable, 1289 NULL, 1290 NULL, 1291 fasttrap_pid_getargdesc, 1292 fasttrap_usdt_getarg, 1293 NULL, 1294 fasttrap_pid_destroy 1295 }; 1296 1297 static fasttrap_proc_t * 1298 fasttrap_proc_lookup(pid_t pid) 1299 { 1300 fasttrap_bucket_t *bucket; 1301 fasttrap_proc_t *fprc, *new_fprc; 1302 1303 1304 bucket = &fasttrap_procs.fth_table[FASTTRAP_PROCS_INDEX(pid)]; 1305 mutex_enter(&bucket->ftb_mtx); 1306 1307 for (fprc = bucket->ftb_data; fprc != NULL; fprc = fprc->ftpc_next) { 1308 if (fprc->ftpc_pid == pid && fprc->ftpc_acount != 0) { 1309 mutex_enter(&fprc->ftpc_mtx); 1310 mutex_exit(&bucket->ftb_mtx); 1311 fprc->ftpc_rcount++; 1312 atomic_add_64(&fprc->ftpc_acount, 1); 1313 ASSERT(fprc->ftpc_acount <= fprc->ftpc_rcount); 1314 mutex_exit(&fprc->ftpc_mtx); 1315 1316 return (fprc); 1317 } 1318 } 1319 1320 /* 1321 * Drop the bucket lock so we don't try to perform a sleeping 1322 * allocation under it. 1323 */ 1324 mutex_exit(&bucket->ftb_mtx); 1325 1326 new_fprc = kmem_zalloc(sizeof (fasttrap_proc_t), KM_SLEEP); 1327 new_fprc->ftpc_pid = pid; 1328 new_fprc->ftpc_rcount = 1; 1329 new_fprc->ftpc_acount = 1; 1330 #if !defined(sun) 1331 mutex_init(&new_fprc->ftpc_mtx, "fasttrap proc mtx", MUTEX_DEFAULT, 1332 NULL); 1333 #endif 1334 1335 mutex_enter(&bucket->ftb_mtx); 1336 1337 /* 1338 * Take another lap through the list to make sure a proc hasn't 1339 * been created for this pid while we weren't under the bucket lock. 1340 */ 1341 for (fprc = bucket->ftb_data; fprc != NULL; fprc = fprc->ftpc_next) { 1342 if (fprc->ftpc_pid == pid && fprc->ftpc_acount != 0) { 1343 mutex_enter(&fprc->ftpc_mtx); 1344 mutex_exit(&bucket->ftb_mtx); 1345 fprc->ftpc_rcount++; 1346 atomic_add_64(&fprc->ftpc_acount, 1); 1347 ASSERT(fprc->ftpc_acount <= fprc->ftpc_rcount); 1348 mutex_exit(&fprc->ftpc_mtx); 1349 1350 kmem_free(new_fprc, sizeof (fasttrap_proc_t)); 1351 1352 return (fprc); 1353 } 1354 } 1355 1356 new_fprc->ftpc_next = bucket->ftb_data; 1357 bucket->ftb_data = new_fprc; 1358 1359 mutex_exit(&bucket->ftb_mtx); 1360 1361 return (new_fprc); 1362 } 1363 1364 static void 1365 fasttrap_proc_release(fasttrap_proc_t *proc) 1366 { 1367 fasttrap_bucket_t *bucket; 1368 fasttrap_proc_t *fprc, **fprcp; 1369 pid_t pid = proc->ftpc_pid; 1370 1371 mutex_enter(&proc->ftpc_mtx); 1372 1373 ASSERT(proc->ftpc_rcount != 0); 1374 ASSERT(proc->ftpc_acount <= proc->ftpc_rcount); 1375 1376 if (--proc->ftpc_rcount != 0) { 1377 mutex_exit(&proc->ftpc_mtx); 1378 return; 1379 } 1380 1381 mutex_exit(&proc->ftpc_mtx); 1382 1383 /* 1384 * There should definitely be no live providers associated with this 1385 * process at this point. 1386 */ 1387 ASSERT(proc->ftpc_acount == 0); 1388 1389 bucket = &fasttrap_procs.fth_table[FASTTRAP_PROCS_INDEX(pid)]; 1390 mutex_enter(&bucket->ftb_mtx); 1391 1392 fprcp = (fasttrap_proc_t **)&bucket->ftb_data; 1393 while ((fprc = *fprcp) != NULL) { 1394 if (fprc == proc) 1395 break; 1396 1397 fprcp = &fprc->ftpc_next; 1398 } 1399 1400 /* 1401 * Something strange has happened if we can't find the proc. 1402 */ 1403 ASSERT(fprc != NULL); 1404 1405 *fprcp = fprc->ftpc_next; 1406 1407 mutex_exit(&bucket->ftb_mtx); 1408 1409 kmem_free(fprc, sizeof (fasttrap_proc_t)); 1410 } 1411 1412 /* 1413 * Lookup a fasttrap-managed provider based on its name and associated pid. 1414 * If the pattr argument is non-NULL, this function instantiates the provider 1415 * if it doesn't exist otherwise it returns NULL. The provider is returned 1416 * with its lock held. 1417 */ 1418 static fasttrap_provider_t * 1419 fasttrap_provider_lookup(pid_t pid, const char *name, 1420 const dtrace_pattr_t *pattr) 1421 { 1422 fasttrap_provider_t *fp, *new_fp = NULL; 1423 fasttrap_bucket_t *bucket; 1424 char provname[DTRACE_PROVNAMELEN]; 1425 proc_t *p; 1426 cred_t *cred; 1427 1428 ASSERT(strlen(name) < sizeof (fp->ftp_name)); 1429 ASSERT(pattr != NULL); 1430 1431 bucket = &fasttrap_provs.fth_table[FASTTRAP_PROVS_INDEX(pid, name)]; 1432 mutex_enter(&bucket->ftb_mtx); 1433 1434 /* 1435 * Take a lap through the list and return the match if we find it. 1436 */ 1437 for (fp = bucket->ftb_data; fp != NULL; fp = fp->ftp_next) { 1438 if (fp->ftp_pid == pid && strcmp(fp->ftp_name, name) == 0 && 1439 !fp->ftp_retired) { 1440 mutex_enter(&fp->ftp_mtx); 1441 mutex_exit(&bucket->ftb_mtx); 1442 return (fp); 1443 } 1444 } 1445 1446 /* 1447 * Drop the bucket lock so we don't try to perform a sleeping 1448 * allocation under it. 1449 */ 1450 mutex_exit(&bucket->ftb_mtx); 1451 1452 /* 1453 * Make sure the process exists, isn't a child created as the result 1454 * of a vfork(2), and isn't a zombie (but may be in fork). 1455 */ 1456 if ((p = pfind(pid)) == NULL) 1457 return (NULL); 1458 1459 /* 1460 * Increment p_dtrace_probes so that the process knows to inform us 1461 * when it exits or execs. fasttrap_provider_free() decrements this 1462 * when we're done with this provider. 1463 */ 1464 p->p_dtrace_probes++; 1465 1466 /* 1467 * Grab the credentials for this process so we have 1468 * something to pass to dtrace_register(). 1469 */ 1470 PROC_LOCK_ASSERT(p, MA_OWNED); 1471 crhold(p->p_ucred); 1472 cred = p->p_ucred; 1473 PROC_UNLOCK(p); 1474 1475 new_fp = kmem_zalloc(sizeof (fasttrap_provider_t), KM_SLEEP); 1476 new_fp->ftp_pid = pid; 1477 new_fp->ftp_proc = fasttrap_proc_lookup(pid); 1478 #if !defined(sun) 1479 mutex_init(&new_fp->ftp_mtx, "provider mtx", MUTEX_DEFAULT, NULL); 1480 mutex_init(&new_fp->ftp_cmtx, "lock on creating", MUTEX_DEFAULT, NULL); 1481 #endif 1482 1483 ASSERT(new_fp->ftp_proc != NULL); 1484 1485 mutex_enter(&bucket->ftb_mtx); 1486 1487 /* 1488 * Take another lap through the list to make sure a provider hasn't 1489 * been created for this pid while we weren't under the bucket lock. 1490 */ 1491 for (fp = bucket->ftb_data; fp != NULL; fp = fp->ftp_next) { 1492 if (fp->ftp_pid == pid && strcmp(fp->ftp_name, name) == 0 && 1493 !fp->ftp_retired) { 1494 mutex_enter(&fp->ftp_mtx); 1495 mutex_exit(&bucket->ftb_mtx); 1496 fasttrap_provider_free(new_fp); 1497 crfree(cred); 1498 return (fp); 1499 } 1500 } 1501 1502 (void) strcpy(new_fp->ftp_name, name); 1503 1504 /* 1505 * Fail and return NULL if either the provider name is too long 1506 * or we fail to register this new provider with the DTrace 1507 * framework. Note that this is the only place we ever construct 1508 * the full provider name -- we keep it in pieces in the provider 1509 * structure. 1510 */ 1511 if (snprintf(provname, sizeof (provname), "%s%u", name, (uint_t)pid) >= 1512 sizeof (provname) || 1513 dtrace_register(provname, pattr, 1514 DTRACE_PRIV_PROC | DTRACE_PRIV_OWNER | DTRACE_PRIV_ZONEOWNER, cred, 1515 pattr == &pid_attr ? &pid_pops : &usdt_pops, new_fp, 1516 &new_fp->ftp_provid) != 0) { 1517 mutex_exit(&bucket->ftb_mtx); 1518 fasttrap_provider_free(new_fp); 1519 crfree(cred); 1520 return (NULL); 1521 } 1522 1523 new_fp->ftp_next = bucket->ftb_data; 1524 bucket->ftb_data = new_fp; 1525 1526 mutex_enter(&new_fp->ftp_mtx); 1527 mutex_exit(&bucket->ftb_mtx); 1528 1529 crfree(cred); 1530 return (new_fp); 1531 } 1532 1533 static void 1534 fasttrap_provider_free(fasttrap_provider_t *provider) 1535 { 1536 pid_t pid = provider->ftp_pid; 1537 proc_t *p; 1538 1539 /* 1540 * There need to be no associated enabled probes, no consumers 1541 * creating probes, and no meta providers referencing this provider. 1542 */ 1543 ASSERT(provider->ftp_rcount == 0); 1544 ASSERT(provider->ftp_ccount == 0); 1545 ASSERT(provider->ftp_mcount == 0); 1546 1547 /* 1548 * If this provider hasn't been retired, we need to explicitly drop the 1549 * count of active providers on the associated process structure. 1550 */ 1551 if (!provider->ftp_retired) { 1552 atomic_add_64(&provider->ftp_proc->ftpc_acount, -1); 1553 ASSERT(provider->ftp_proc->ftpc_acount < 1554 provider->ftp_proc->ftpc_rcount); 1555 } 1556 1557 fasttrap_proc_release(provider->ftp_proc); 1558 1559 #if !defined(sun) 1560 mutex_destroy(&provider->ftp_mtx); 1561 mutex_destroy(&provider->ftp_cmtx); 1562 #endif 1563 kmem_free(provider, sizeof (fasttrap_provider_t)); 1564 1565 /* 1566 * Decrement p_dtrace_probes on the process whose provider we're 1567 * freeing. We don't have to worry about clobbering somone else's 1568 * modifications to it because we have locked the bucket that 1569 * corresponds to this process's hash chain in the provider hash 1570 * table. Don't sweat it if we can't find the process. 1571 */ 1572 if ((p = pfind(pid)) == NULL) { 1573 return; 1574 } 1575 1576 p->p_dtrace_probes--; 1577 #if !defined(sun) 1578 PROC_UNLOCK(p); 1579 #endif 1580 } 1581 1582 static void 1583 fasttrap_provider_retire(pid_t pid, const char *name, int mprov) 1584 { 1585 fasttrap_provider_t *fp; 1586 fasttrap_bucket_t *bucket; 1587 dtrace_provider_id_t provid; 1588 1589 ASSERT(strlen(name) < sizeof (fp->ftp_name)); 1590 1591 bucket = &fasttrap_provs.fth_table[FASTTRAP_PROVS_INDEX(pid, name)]; 1592 mutex_enter(&bucket->ftb_mtx); 1593 1594 for (fp = bucket->ftb_data; fp != NULL; fp = fp->ftp_next) { 1595 if (fp->ftp_pid == pid && strcmp(fp->ftp_name, name) == 0 && 1596 !fp->ftp_retired) 1597 break; 1598 } 1599 1600 if (fp == NULL) { 1601 mutex_exit(&bucket->ftb_mtx); 1602 return; 1603 } 1604 1605 mutex_enter(&fp->ftp_mtx); 1606 ASSERT(!mprov || fp->ftp_mcount > 0); 1607 if (mprov && --fp->ftp_mcount != 0) { 1608 mutex_exit(&fp->ftp_mtx); 1609 mutex_exit(&bucket->ftb_mtx); 1610 return; 1611 } 1612 1613 /* 1614 * Mark the provider to be removed in our post-processing step, mark it 1615 * retired, and drop the active count on its proc. Marking it indicates 1616 * that we should try to remove it; setting the retired flag indicates 1617 * that we're done with this provider; dropping the active the proc 1618 * releases our hold, and when this reaches zero (as it will during 1619 * exit or exec) the proc and associated providers become defunct. 1620 * 1621 * We obviously need to take the bucket lock before the provider lock 1622 * to perform the lookup, but we need to drop the provider lock 1623 * before calling into the DTrace framework since we acquire the 1624 * provider lock in callbacks invoked from the DTrace framework. The 1625 * bucket lock therefore protects the integrity of the provider hash 1626 * table. 1627 */ 1628 atomic_add_64(&fp->ftp_proc->ftpc_acount, -1); 1629 ASSERT(fp->ftp_proc->ftpc_acount < fp->ftp_proc->ftpc_rcount); 1630 1631 fp->ftp_retired = 1; 1632 fp->ftp_marked = 1; 1633 provid = fp->ftp_provid; 1634 mutex_exit(&fp->ftp_mtx); 1635 1636 /* 1637 * We don't have to worry about invalidating the same provider twice 1638 * since fasttrap_provider_lookup() will ignore provider that have 1639 * been marked as retired. 1640 */ 1641 dtrace_invalidate(provid); 1642 1643 mutex_exit(&bucket->ftb_mtx); 1644 1645 fasttrap_pid_cleanup(); 1646 } 1647 1648 static int 1649 fasttrap_uint32_cmp(const void *ap, const void *bp) 1650 { 1651 return (*(const uint32_t *)ap - *(const uint32_t *)bp); 1652 } 1653 1654 static int 1655 fasttrap_uint64_cmp(const void *ap, const void *bp) 1656 { 1657 return (*(const uint64_t *)ap - *(const uint64_t *)bp); 1658 } 1659 1660 static int 1661 fasttrap_add_probe(fasttrap_probe_spec_t *pdata) 1662 { 1663 fasttrap_provider_t *provider; 1664 fasttrap_probe_t *pp; 1665 fasttrap_tracepoint_t *tp; 1666 char *name; 1667 int i, aframes = 0, whack; 1668 1669 /* 1670 * There needs to be at least one desired trace point. 1671 */ 1672 if (pdata->ftps_noffs == 0) 1673 return (EINVAL); 1674 1675 switch (pdata->ftps_type) { 1676 case DTFTP_ENTRY: 1677 name = "entry"; 1678 aframes = FASTTRAP_ENTRY_AFRAMES; 1679 break; 1680 case DTFTP_RETURN: 1681 name = "return"; 1682 aframes = FASTTRAP_RETURN_AFRAMES; 1683 break; 1684 case DTFTP_OFFSETS: 1685 name = NULL; 1686 break; 1687 default: 1688 return (EINVAL); 1689 } 1690 1691 if ((provider = fasttrap_provider_lookup(pdata->ftps_pid, 1692 FASTTRAP_PID_NAME, &pid_attr)) == NULL) 1693 return (ESRCH); 1694 1695 /* 1696 * Increment this reference count to indicate that a consumer is 1697 * actively adding a new probe associated with this provider. This 1698 * prevents the provider from being deleted -- we'll need to check 1699 * for pending deletions when we drop this reference count. 1700 */ 1701 provider->ftp_ccount++; 1702 mutex_exit(&provider->ftp_mtx); 1703 1704 /* 1705 * Grab the creation lock to ensure consistency between calls to 1706 * dtrace_probe_lookup() and dtrace_probe_create() in the face of 1707 * other threads creating probes. We must drop the provider lock 1708 * before taking this lock to avoid a three-way deadlock with the 1709 * DTrace framework. 1710 */ 1711 mutex_enter(&provider->ftp_cmtx); 1712 1713 if (name == NULL) { 1714 for (i = 0; i < pdata->ftps_noffs; i++) { 1715 char name_str[17]; 1716 1717 (void) sprintf(name_str, "%llx", 1718 (unsigned long long)pdata->ftps_offs[i]); 1719 1720 if (dtrace_probe_lookup(provider->ftp_provid, 1721 pdata->ftps_mod, pdata->ftps_func, name_str) != 0) 1722 continue; 1723 1724 atomic_add_32(&fasttrap_total, 1); 1725 1726 if (fasttrap_total > fasttrap_max) { 1727 atomic_add_32(&fasttrap_total, -1); 1728 goto no_mem; 1729 } 1730 1731 pp = kmem_zalloc(sizeof (fasttrap_probe_t), KM_SLEEP); 1732 1733 pp->ftp_prov = provider; 1734 pp->ftp_faddr = pdata->ftps_pc; 1735 pp->ftp_fsize = pdata->ftps_size; 1736 pp->ftp_pid = pdata->ftps_pid; 1737 pp->ftp_ntps = 1; 1738 1739 tp = kmem_zalloc(sizeof (fasttrap_tracepoint_t), 1740 KM_SLEEP); 1741 1742 tp->ftt_proc = provider->ftp_proc; 1743 tp->ftt_pc = pdata->ftps_offs[i] + pdata->ftps_pc; 1744 tp->ftt_pid = pdata->ftps_pid; 1745 1746 pp->ftp_tps[0].fit_tp = tp; 1747 pp->ftp_tps[0].fit_id.fti_probe = pp; 1748 pp->ftp_tps[0].fit_id.fti_ptype = pdata->ftps_type; 1749 1750 pp->ftp_id = dtrace_probe_create(provider->ftp_provid, 1751 pdata->ftps_mod, pdata->ftps_func, name_str, 1752 FASTTRAP_OFFSET_AFRAMES, pp); 1753 } 1754 1755 } else if (dtrace_probe_lookup(provider->ftp_provid, pdata->ftps_mod, 1756 pdata->ftps_func, name) == 0) { 1757 atomic_add_32(&fasttrap_total, pdata->ftps_noffs); 1758 1759 if (fasttrap_total > fasttrap_max) { 1760 atomic_add_32(&fasttrap_total, -pdata->ftps_noffs); 1761 goto no_mem; 1762 } 1763 1764 /* 1765 * Make sure all tracepoint program counter values are unique. 1766 * We later assume that each probe has exactly one tracepoint 1767 * for a given pc. 1768 */ 1769 qsort(pdata->ftps_offs, pdata->ftps_noffs, 1770 sizeof (uint64_t), fasttrap_uint64_cmp); 1771 for (i = 1; i < pdata->ftps_noffs; i++) { 1772 if (pdata->ftps_offs[i] > pdata->ftps_offs[i - 1]) 1773 continue; 1774 1775 atomic_add_32(&fasttrap_total, -pdata->ftps_noffs); 1776 goto no_mem; 1777 } 1778 1779 ASSERT(pdata->ftps_noffs > 0); 1780 pp = kmem_zalloc(offsetof(fasttrap_probe_t, 1781 ftp_tps[pdata->ftps_noffs]), KM_SLEEP); 1782 1783 pp->ftp_prov = provider; 1784 pp->ftp_faddr = pdata->ftps_pc; 1785 pp->ftp_fsize = pdata->ftps_size; 1786 pp->ftp_pid = pdata->ftps_pid; 1787 pp->ftp_ntps = pdata->ftps_noffs; 1788 1789 for (i = 0; i < pdata->ftps_noffs; i++) { 1790 tp = kmem_zalloc(sizeof (fasttrap_tracepoint_t), 1791 KM_SLEEP); 1792 1793 tp->ftt_proc = provider->ftp_proc; 1794 tp->ftt_pc = pdata->ftps_offs[i] + pdata->ftps_pc; 1795 tp->ftt_pid = pdata->ftps_pid; 1796 1797 pp->ftp_tps[i].fit_tp = tp; 1798 pp->ftp_tps[i].fit_id.fti_probe = pp; 1799 pp->ftp_tps[i].fit_id.fti_ptype = pdata->ftps_type; 1800 } 1801 1802 pp->ftp_id = dtrace_probe_create(provider->ftp_provid, 1803 pdata->ftps_mod, pdata->ftps_func, name, aframes, pp); 1804 } 1805 1806 mutex_exit(&provider->ftp_cmtx); 1807 1808 /* 1809 * We know that the provider is still valid since we incremented the 1810 * creation reference count. If someone tried to clean up this provider 1811 * while we were using it (e.g. because the process called exec(2) or 1812 * exit(2)), take note of that and try to clean it up now. 1813 */ 1814 mutex_enter(&provider->ftp_mtx); 1815 provider->ftp_ccount--; 1816 whack = provider->ftp_retired; 1817 mutex_exit(&provider->ftp_mtx); 1818 1819 if (whack) 1820 fasttrap_pid_cleanup(); 1821 1822 return (0); 1823 1824 no_mem: 1825 /* 1826 * If we've exhausted the allowable resources, we'll try to remove 1827 * this provider to free some up. This is to cover the case where 1828 * the user has accidentally created many more probes than was 1829 * intended (e.g. pid123:::). 1830 */ 1831 mutex_exit(&provider->ftp_cmtx); 1832 mutex_enter(&provider->ftp_mtx); 1833 provider->ftp_ccount--; 1834 provider->ftp_marked = 1; 1835 mutex_exit(&provider->ftp_mtx); 1836 1837 fasttrap_pid_cleanup(); 1838 1839 return (ENOMEM); 1840 } 1841 1842 /*ARGSUSED*/ 1843 static void * 1844 fasttrap_meta_provide(void *arg, dtrace_helper_provdesc_t *dhpv, pid_t pid) 1845 { 1846 fasttrap_provider_t *provider; 1847 1848 /* 1849 * A 32-bit unsigned integer (like a pid for example) can be 1850 * expressed in 10 or fewer decimal digits. Make sure that we'll 1851 * have enough space for the provider name. 1852 */ 1853 if (strlen(dhpv->dthpv_provname) + 10 >= 1854 sizeof (provider->ftp_name)) { 1855 printf("failed to instantiate provider %s: " 1856 "name too long to accomodate pid", dhpv->dthpv_provname); 1857 return (NULL); 1858 } 1859 1860 /* 1861 * Don't let folks spoof the true pid provider. 1862 */ 1863 if (strcmp(dhpv->dthpv_provname, FASTTRAP_PID_NAME) == 0) { 1864 printf("failed to instantiate provider %s: " 1865 "%s is an invalid name", dhpv->dthpv_provname, 1866 FASTTRAP_PID_NAME); 1867 return (NULL); 1868 } 1869 1870 /* 1871 * The highest stability class that fasttrap supports is ISA; cap 1872 * the stability of the new provider accordingly. 1873 */ 1874 if (dhpv->dthpv_pattr.dtpa_provider.dtat_class > DTRACE_CLASS_ISA) 1875 dhpv->dthpv_pattr.dtpa_provider.dtat_class = DTRACE_CLASS_ISA; 1876 if (dhpv->dthpv_pattr.dtpa_mod.dtat_class > DTRACE_CLASS_ISA) 1877 dhpv->dthpv_pattr.dtpa_mod.dtat_class = DTRACE_CLASS_ISA; 1878 if (dhpv->dthpv_pattr.dtpa_func.dtat_class > DTRACE_CLASS_ISA) 1879 dhpv->dthpv_pattr.dtpa_func.dtat_class = DTRACE_CLASS_ISA; 1880 if (dhpv->dthpv_pattr.dtpa_name.dtat_class > DTRACE_CLASS_ISA) 1881 dhpv->dthpv_pattr.dtpa_name.dtat_class = DTRACE_CLASS_ISA; 1882 if (dhpv->dthpv_pattr.dtpa_args.dtat_class > DTRACE_CLASS_ISA) 1883 dhpv->dthpv_pattr.dtpa_args.dtat_class = DTRACE_CLASS_ISA; 1884 1885 if ((provider = fasttrap_provider_lookup(pid, dhpv->dthpv_provname, 1886 &dhpv->dthpv_pattr)) == NULL) { 1887 printf("failed to instantiate provider %s for " 1888 "process %u", dhpv->dthpv_provname, (uint_t)pid); 1889 return (NULL); 1890 } 1891 1892 /* 1893 * Up the meta provider count so this provider isn't removed until 1894 * the meta provider has been told to remove it. 1895 */ 1896 provider->ftp_mcount++; 1897 1898 mutex_exit(&provider->ftp_mtx); 1899 1900 return (provider); 1901 } 1902 1903 /*ARGSUSED*/ 1904 static void 1905 fasttrap_meta_create_probe(void *arg, void *parg, 1906 dtrace_helper_probedesc_t *dhpb) 1907 { 1908 fasttrap_provider_t *provider = parg; 1909 fasttrap_probe_t *pp; 1910 fasttrap_tracepoint_t *tp; 1911 int i, j; 1912 uint32_t ntps; 1913 1914 /* 1915 * Since the meta provider count is non-zero we don't have to worry 1916 * about this provider disappearing. 1917 */ 1918 ASSERT(provider->ftp_mcount > 0); 1919 1920 /* 1921 * The offsets must be unique. 1922 */ 1923 qsort(dhpb->dthpb_offs, dhpb->dthpb_noffs, sizeof (uint32_t), 1924 fasttrap_uint32_cmp); 1925 for (i = 1; i < dhpb->dthpb_noffs; i++) { 1926 if (dhpb->dthpb_base + dhpb->dthpb_offs[i] <= 1927 dhpb->dthpb_base + dhpb->dthpb_offs[i - 1]) 1928 return; 1929 } 1930 1931 qsort(dhpb->dthpb_enoffs, dhpb->dthpb_nenoffs, sizeof (uint32_t), 1932 fasttrap_uint32_cmp); 1933 for (i = 1; i < dhpb->dthpb_nenoffs; i++) { 1934 if (dhpb->dthpb_base + dhpb->dthpb_enoffs[i] <= 1935 dhpb->dthpb_base + dhpb->dthpb_enoffs[i - 1]) 1936 return; 1937 } 1938 1939 /* 1940 * Grab the creation lock to ensure consistency between calls to 1941 * dtrace_probe_lookup() and dtrace_probe_create() in the face of 1942 * other threads creating probes. 1943 */ 1944 mutex_enter(&provider->ftp_cmtx); 1945 1946 if (dtrace_probe_lookup(provider->ftp_provid, dhpb->dthpb_mod, 1947 dhpb->dthpb_func, dhpb->dthpb_name) != 0) { 1948 mutex_exit(&provider->ftp_cmtx); 1949 return; 1950 } 1951 1952 ntps = dhpb->dthpb_noffs + dhpb->dthpb_nenoffs; 1953 ASSERT(ntps > 0); 1954 1955 atomic_add_32(&fasttrap_total, ntps); 1956 1957 if (fasttrap_total > fasttrap_max) { 1958 atomic_add_32(&fasttrap_total, -ntps); 1959 mutex_exit(&provider->ftp_cmtx); 1960 return; 1961 } 1962 1963 pp = kmem_zalloc(offsetof(fasttrap_probe_t, ftp_tps[ntps]), KM_SLEEP); 1964 1965 pp->ftp_prov = provider; 1966 pp->ftp_pid = provider->ftp_pid; 1967 pp->ftp_ntps = ntps; 1968 pp->ftp_nargs = dhpb->dthpb_xargc; 1969 pp->ftp_xtypes = dhpb->dthpb_xtypes; 1970 pp->ftp_ntypes = dhpb->dthpb_ntypes; 1971 1972 /* 1973 * First create a tracepoint for each actual point of interest. 1974 */ 1975 for (i = 0; i < dhpb->dthpb_noffs; i++) { 1976 tp = kmem_zalloc(sizeof (fasttrap_tracepoint_t), KM_SLEEP); 1977 1978 tp->ftt_proc = provider->ftp_proc; 1979 tp->ftt_pc = dhpb->dthpb_base + dhpb->dthpb_offs[i]; 1980 tp->ftt_pid = provider->ftp_pid; 1981 1982 pp->ftp_tps[i].fit_tp = tp; 1983 pp->ftp_tps[i].fit_id.fti_probe = pp; 1984 #ifdef __sparc 1985 pp->ftp_tps[i].fit_id.fti_ptype = DTFTP_POST_OFFSETS; 1986 #else 1987 pp->ftp_tps[i].fit_id.fti_ptype = DTFTP_OFFSETS; 1988 #endif 1989 } 1990 1991 /* 1992 * Then create a tracepoint for each is-enabled point. 1993 */ 1994 for (j = 0; i < ntps; i++, j++) { 1995 tp = kmem_zalloc(sizeof (fasttrap_tracepoint_t), KM_SLEEP); 1996 1997 tp->ftt_proc = provider->ftp_proc; 1998 tp->ftt_pc = dhpb->dthpb_base + dhpb->dthpb_enoffs[j]; 1999 tp->ftt_pid = provider->ftp_pid; 2000 2001 pp->ftp_tps[i].fit_tp = tp; 2002 pp->ftp_tps[i].fit_id.fti_probe = pp; 2003 pp->ftp_tps[i].fit_id.fti_ptype = DTFTP_IS_ENABLED; 2004 } 2005 2006 /* 2007 * If the arguments are shuffled around we set the argument remapping 2008 * table. Later, when the probe fires, we only remap the arguments 2009 * if the table is non-NULL. 2010 */ 2011 for (i = 0; i < dhpb->dthpb_xargc; i++) { 2012 if (dhpb->dthpb_args[i] != i) { 2013 pp->ftp_argmap = dhpb->dthpb_args; 2014 break; 2015 } 2016 } 2017 2018 /* 2019 * The probe is fully constructed -- register it with DTrace. 2020 */ 2021 pp->ftp_id = dtrace_probe_create(provider->ftp_provid, dhpb->dthpb_mod, 2022 dhpb->dthpb_func, dhpb->dthpb_name, FASTTRAP_OFFSET_AFRAMES, pp); 2023 2024 mutex_exit(&provider->ftp_cmtx); 2025 } 2026 2027 /*ARGSUSED*/ 2028 static void 2029 fasttrap_meta_remove(void *arg, dtrace_helper_provdesc_t *dhpv, pid_t pid) 2030 { 2031 /* 2032 * Clean up the USDT provider. There may be active consumers of the 2033 * provider busy adding probes, no damage will actually befall the 2034 * provider until that count has dropped to zero. This just puts 2035 * the provider on death row. 2036 */ 2037 fasttrap_provider_retire(pid, dhpv->dthpv_provname, 1); 2038 } 2039 2040 static dtrace_mops_t fasttrap_mops = { 2041 fasttrap_meta_create_probe, 2042 fasttrap_meta_provide, 2043 fasttrap_meta_remove 2044 }; 2045 2046 /*ARGSUSED*/ 2047 static int 2048 fasttrap_open(struct cdev *dev __unused, int oflags __unused, 2049 int devtype __unused, struct thread *td __unused) 2050 { 2051 return (0); 2052 } 2053 2054 /*ARGSUSED*/ 2055 static int 2056 fasttrap_ioctl(struct cdev *dev, u_long cmd, caddr_t arg, int fflag, 2057 struct thread *td) 2058 { 2059 #ifdef notyet 2060 struct kinfo_proc kp; 2061 const cred_t *cr = td->td_ucred; 2062 #endif 2063 if (!dtrace_attached()) 2064 return (EAGAIN); 2065 2066 if (cmd == FASTTRAPIOC_MAKEPROBE) { 2067 fasttrap_probe_spec_t *uprobe = *(fasttrap_probe_spec_t **)arg; 2068 fasttrap_probe_spec_t *probe; 2069 uint64_t noffs; 2070 size_t size; 2071 int ret; 2072 char *c; 2073 2074 if (copyin(&uprobe->ftps_noffs, &noffs, 2075 sizeof (uprobe->ftps_noffs))) 2076 return (EFAULT); 2077 2078 /* 2079 * Probes must have at least one tracepoint. 2080 */ 2081 if (noffs == 0) 2082 return (EINVAL); 2083 2084 size = sizeof (fasttrap_probe_spec_t) + 2085 sizeof (probe->ftps_offs[0]) * (noffs - 1); 2086 2087 if (size > 1024 * 1024) 2088 return (ENOMEM); 2089 2090 probe = kmem_alloc(size, KM_SLEEP); 2091 2092 if (copyin(uprobe, probe, size) != 0) { 2093 kmem_free(probe, size); 2094 return (EFAULT); 2095 } 2096 2097 /* 2098 * Verify that the function and module strings contain no 2099 * funny characters. 2100 */ 2101 for (c = &probe->ftps_func[0]; *c != '\0'; c++) { 2102 if (*c < 0x20 || 0x7f <= *c) { 2103 ret = EINVAL; 2104 goto err; 2105 } 2106 } 2107 2108 for (c = &probe->ftps_mod[0]; *c != '\0'; c++) { 2109 if (*c < 0x20 || 0x7f <= *c) { 2110 ret = EINVAL; 2111 goto err; 2112 } 2113 } 2114 2115 #ifdef notyet 2116 if (!PRIV_POLICY_CHOICE(cr, PRIV_ALL, B_FALSE)) { 2117 proc_t *p; 2118 pid_t pid = probe->ftps_pid; 2119 2120 #if defined(sun) 2121 mutex_enter(&pidlock); 2122 #endif 2123 /* 2124 * Report an error if the process doesn't exist 2125 * or is actively being birthed. 2126 */ 2127 p = pfind(pid); 2128 if (p) 2129 fill_kinfo_proc(p, &kp); 2130 if (p == NULL || kp.ki_stat == SIDL) { 2131 #if defined(sun) 2132 mutex_exit(&pidlock); 2133 #endif 2134 return (ESRCH); 2135 } 2136 #if defined(sun) 2137 mutex_enter(&p->p_lock); 2138 mutex_exit(&pidlock); 2139 #else 2140 PROC_LOCK_ASSERT(p, MA_OWNED); 2141 #endif 2142 2143 #ifdef notyet 2144 if ((ret = priv_proc_cred_perm(cr, p, NULL, 2145 VREAD | VWRITE)) != 0) { 2146 #if defined(sun) 2147 mutex_exit(&p->p_lock); 2148 #else 2149 PROC_UNLOCK(p); 2150 #endif 2151 return (ret); 2152 } 2153 #endif /* notyet */ 2154 #if defined(sun) 2155 mutex_exit(&p->p_lock); 2156 #else 2157 PROC_UNLOCK(p); 2158 #endif 2159 } 2160 #endif /* notyet */ 2161 2162 ret = fasttrap_add_probe(probe); 2163 err: 2164 kmem_free(probe, size); 2165 2166 return (ret); 2167 2168 } else if (cmd == FASTTRAPIOC_GETINSTR) { 2169 fasttrap_instr_query_t instr; 2170 fasttrap_tracepoint_t *tp; 2171 uint_t index; 2172 #if defined(sun) 2173 int ret; 2174 #endif 2175 2176 #if defined(sun) 2177 if (copyin((void *)arg, &instr, sizeof (instr)) != 0) 2178 return (EFAULT); 2179 #endif 2180 2181 #ifdef notyet 2182 if (!PRIV_POLICY_CHOICE(cr, PRIV_ALL, B_FALSE)) { 2183 proc_t *p; 2184 pid_t pid = instr.ftiq_pid; 2185 2186 #if defined(sun) 2187 mutex_enter(&pidlock); 2188 #endif 2189 /* 2190 * Report an error if the process doesn't exist 2191 * or is actively being birthed. 2192 */ 2193 p = pfind(pid); 2194 if (p) 2195 fill_kinfo_proc(p, &kp); 2196 if (p == NULL || kp.ki_stat == SIDL) { 2197 #if defined(sun) 2198 mutex_exit(&pidlock); 2199 #endif 2200 return (ESRCH); 2201 } 2202 #if defined(sun) 2203 mutex_enter(&p->p_lock); 2204 mutex_exit(&pidlock); 2205 #else 2206 PROC_LOCK_ASSERT(p, MA_OWNED); 2207 #endif 2208 2209 #ifdef notyet 2210 if ((ret = priv_proc_cred_perm(cr, p, NULL, 2211 VREAD)) != 0) { 2212 #if defined(sun) 2213 mutex_exit(&p->p_lock); 2214 #else 2215 PROC_UNLOCK(p); 2216 #endif 2217 return (ret); 2218 } 2219 #endif /* notyet */ 2220 2221 #if defined(sun) 2222 mutex_exit(&p->p_lock); 2223 #else 2224 PROC_UNLOCK(p); 2225 #endif 2226 } 2227 #endif /* notyet */ 2228 2229 index = FASTTRAP_TPOINTS_INDEX(instr.ftiq_pid, instr.ftiq_pc); 2230 2231 mutex_enter(&fasttrap_tpoints.fth_table[index].ftb_mtx); 2232 tp = fasttrap_tpoints.fth_table[index].ftb_data; 2233 while (tp != NULL) { 2234 if (instr.ftiq_pid == tp->ftt_pid && 2235 instr.ftiq_pc == tp->ftt_pc && 2236 tp->ftt_proc->ftpc_acount != 0) 2237 break; 2238 2239 tp = tp->ftt_next; 2240 } 2241 2242 if (tp == NULL) { 2243 mutex_exit(&fasttrap_tpoints.fth_table[index].ftb_mtx); 2244 return (ENOENT); 2245 } 2246 2247 bcopy(&tp->ftt_instr, &instr.ftiq_instr, 2248 sizeof (instr.ftiq_instr)); 2249 mutex_exit(&fasttrap_tpoints.fth_table[index].ftb_mtx); 2250 2251 if (copyout(&instr, (void *)arg, sizeof (instr)) != 0) 2252 return (EFAULT); 2253 2254 return (0); 2255 } 2256 2257 return (EINVAL); 2258 } 2259 2260 static int 2261 fasttrap_load(void) 2262 { 2263 ulong_t nent; 2264 int i, ret; 2265 2266 /* Create the /dev/dtrace/fasttrap entry. */ 2267 fasttrap_cdev = make_dev(&fasttrap_cdevsw, 0, UID_ROOT, GID_WHEEL, 0600, 2268 "dtrace/fasttrap"); 2269 2270 mtx_init(&fasttrap_cleanup_mtx, "fasttrap clean", "dtrace", MTX_DEF); 2271 mutex_init(&fasttrap_count_mtx, "fasttrap count mtx", MUTEX_DEFAULT, 2272 NULL); 2273 2274 #if defined(sun) 2275 fasttrap_max = ddi_getprop(DDI_DEV_T_ANY, devi, DDI_PROP_DONTPASS, 2276 "fasttrap-max-probes", FASTTRAP_MAX_DEFAULT); 2277 #else 2278 fasttrap_max = FASTTRAP_MAX_DEFAULT; 2279 #endif 2280 fasttrap_total = 0; 2281 2282 /* 2283 * Conjure up the tracepoints hashtable... 2284 */ 2285 #if defined(sun) 2286 nent = ddi_getprop(DDI_DEV_T_ANY, devi, DDI_PROP_DONTPASS, 2287 "fasttrap-hash-size", FASTTRAP_TPOINTS_DEFAULT_SIZE); 2288 #else 2289 nent = FASTTRAP_TPOINTS_DEFAULT_SIZE; 2290 #endif 2291 2292 if (nent == 0 || nent > 0x1000000) 2293 nent = FASTTRAP_TPOINTS_DEFAULT_SIZE; 2294 2295 if ((nent & (nent - 1)) == 0) 2296 fasttrap_tpoints.fth_nent = nent; 2297 else 2298 fasttrap_tpoints.fth_nent = 1 << fasttrap_highbit(nent); 2299 ASSERT(fasttrap_tpoints.fth_nent > 0); 2300 fasttrap_tpoints.fth_mask = fasttrap_tpoints.fth_nent - 1; 2301 fasttrap_tpoints.fth_table = kmem_zalloc(fasttrap_tpoints.fth_nent * 2302 sizeof (fasttrap_bucket_t), KM_SLEEP); 2303 #if !defined(sun) 2304 for (i = 0; i < fasttrap_tpoints.fth_nent; i++) 2305 mutex_init(&fasttrap_tpoints.fth_table[i].ftb_mtx, 2306 "tracepoints bucket mtx", MUTEX_DEFAULT, NULL); 2307 #endif 2308 2309 /* 2310 * ... and the providers hash table... 2311 */ 2312 nent = FASTTRAP_PROVIDERS_DEFAULT_SIZE; 2313 if ((nent & (nent - 1)) == 0) 2314 fasttrap_provs.fth_nent = nent; 2315 else 2316 fasttrap_provs.fth_nent = 1 << fasttrap_highbit(nent); 2317 ASSERT(fasttrap_provs.fth_nent > 0); 2318 fasttrap_provs.fth_mask = fasttrap_provs.fth_nent - 1; 2319 fasttrap_provs.fth_table = kmem_zalloc(fasttrap_provs.fth_nent * 2320 sizeof (fasttrap_bucket_t), KM_SLEEP); 2321 #if !defined(sun) 2322 for (i = 0; i < fasttrap_provs.fth_nent; i++) 2323 mutex_init(&fasttrap_provs.fth_table[i].ftb_mtx, 2324 "providers bucket mtx", MUTEX_DEFAULT, NULL); 2325 #endif 2326 2327 ret = kproc_create(fasttrap_pid_cleanup_cb, NULL, 2328 &fasttrap_cleanup_proc, 0, 0, "ftcleanup"); 2329 if (ret != 0) { 2330 destroy_dev(fasttrap_cdev); 2331 #if !defined(sun) 2332 for (i = 0; i < fasttrap_provs.fth_nent; i++) 2333 mutex_destroy(&fasttrap_provs.fth_table[i].ftb_mtx); 2334 for (i = 0; i < fasttrap_tpoints.fth_nent; i++) 2335 mutex_destroy(&fasttrap_tpoints.fth_table[i].ftb_mtx); 2336 #endif 2337 kmem_free(fasttrap_provs.fth_table, fasttrap_provs.fth_nent * 2338 sizeof (fasttrap_bucket_t)); 2339 mtx_destroy(&fasttrap_cleanup_mtx); 2340 mutex_destroy(&fasttrap_count_mtx); 2341 return (ret); 2342 } 2343 2344 2345 /* 2346 * ... and the procs hash table. 2347 */ 2348 nent = FASTTRAP_PROCS_DEFAULT_SIZE; 2349 if ((nent & (nent - 1)) == 0) 2350 fasttrap_procs.fth_nent = nent; 2351 else 2352 fasttrap_procs.fth_nent = 1 << fasttrap_highbit(nent); 2353 ASSERT(fasttrap_procs.fth_nent > 0); 2354 fasttrap_procs.fth_mask = fasttrap_procs.fth_nent - 1; 2355 fasttrap_procs.fth_table = kmem_zalloc(fasttrap_procs.fth_nent * 2356 sizeof (fasttrap_bucket_t), KM_SLEEP); 2357 #if !defined(sun) 2358 for (i = 0; i < fasttrap_procs.fth_nent; i++) 2359 mutex_init(&fasttrap_procs.fth_table[i].ftb_mtx, 2360 "processes bucket mtx", MUTEX_DEFAULT, NULL); 2361 2362 CPU_FOREACH(i) { 2363 mutex_init(&fasttrap_cpuc_pid_lock[i], "fasttrap barrier", 2364 MUTEX_DEFAULT, NULL); 2365 } 2366 #endif 2367 2368 /* 2369 * Install our hooks into fork(2), exec(2), and exit(2). 2370 */ 2371 dtrace_fasttrap_fork = &fasttrap_fork; 2372 dtrace_fasttrap_exit = &fasttrap_exec_exit; 2373 dtrace_fasttrap_exec = &fasttrap_exec_exit; 2374 2375 (void) dtrace_meta_register("fasttrap", &fasttrap_mops, NULL, 2376 &fasttrap_meta_id); 2377 2378 return (0); 2379 } 2380 2381 static int 2382 fasttrap_unload(void) 2383 { 2384 int i, fail = 0; 2385 2386 /* 2387 * Unregister the meta-provider to make sure no new fasttrap- 2388 * managed providers come along while we're trying to close up 2389 * shop. If we fail to detach, we'll need to re-register as a 2390 * meta-provider. We can fail to unregister as a meta-provider 2391 * if providers we manage still exist. 2392 */ 2393 if (fasttrap_meta_id != DTRACE_METAPROVNONE && 2394 dtrace_meta_unregister(fasttrap_meta_id) != 0) 2395 return (-1); 2396 2397 /* 2398 * Iterate over all of our providers. If there's still a process 2399 * that corresponds to that pid, fail to detach. 2400 */ 2401 for (i = 0; i < fasttrap_provs.fth_nent; i++) { 2402 fasttrap_provider_t **fpp, *fp; 2403 fasttrap_bucket_t *bucket = &fasttrap_provs.fth_table[i]; 2404 2405 mutex_enter(&bucket->ftb_mtx); 2406 fpp = (fasttrap_provider_t **)&bucket->ftb_data; 2407 while ((fp = *fpp) != NULL) { 2408 /* 2409 * Acquire and release the lock as a simple way of 2410 * waiting for any other consumer to finish with 2411 * this provider. A thread must first acquire the 2412 * bucket lock so there's no chance of another thread 2413 * blocking on the provider's lock. 2414 */ 2415 mutex_enter(&fp->ftp_mtx); 2416 mutex_exit(&fp->ftp_mtx); 2417 2418 if (dtrace_unregister(fp->ftp_provid) != 0) { 2419 fail = 1; 2420 fpp = &fp->ftp_next; 2421 } else { 2422 *fpp = fp->ftp_next; 2423 fasttrap_provider_free(fp); 2424 } 2425 } 2426 2427 mutex_exit(&bucket->ftb_mtx); 2428 } 2429 2430 if (fail) { 2431 (void) dtrace_meta_register("fasttrap", &fasttrap_mops, NULL, 2432 &fasttrap_meta_id); 2433 2434 return (-1); 2435 } 2436 2437 /* 2438 * Stop new processes from entering these hooks now, before the 2439 * fasttrap_cleanup thread runs. That way all processes will hopefully 2440 * be out of these hooks before we free fasttrap_provs.fth_table 2441 */ 2442 ASSERT(dtrace_fasttrap_fork == &fasttrap_fork); 2443 dtrace_fasttrap_fork = NULL; 2444 2445 ASSERT(dtrace_fasttrap_exec == &fasttrap_exec_exit); 2446 dtrace_fasttrap_exec = NULL; 2447 2448 ASSERT(dtrace_fasttrap_exit == &fasttrap_exec_exit); 2449 dtrace_fasttrap_exit = NULL; 2450 2451 mtx_lock(&fasttrap_cleanup_mtx); 2452 fasttrap_cleanup_drain = 1; 2453 /* Wait for the cleanup thread to finish up and signal us. */ 2454 wakeup(&fasttrap_cleanup_cv); 2455 mtx_sleep(&fasttrap_cleanup_drain, &fasttrap_cleanup_mtx, 0, "ftcld", 2456 0); 2457 fasttrap_cleanup_proc = NULL; 2458 mtx_destroy(&fasttrap_cleanup_mtx); 2459 2460 #ifdef DEBUG 2461 mutex_enter(&fasttrap_count_mtx); 2462 ASSERT(fasttrap_pid_count == 0); 2463 mutex_exit(&fasttrap_count_mtx); 2464 #endif 2465 2466 #if !defined(sun) 2467 for (i = 0; i < fasttrap_tpoints.fth_nent; i++) 2468 mutex_destroy(&fasttrap_tpoints.fth_table[i].ftb_mtx); 2469 for (i = 0; i < fasttrap_provs.fth_nent; i++) 2470 mutex_destroy(&fasttrap_provs.fth_table[i].ftb_mtx); 2471 for (i = 0; i < fasttrap_procs.fth_nent; i++) 2472 mutex_destroy(&fasttrap_procs.fth_table[i].ftb_mtx); 2473 #endif 2474 kmem_free(fasttrap_tpoints.fth_table, 2475 fasttrap_tpoints.fth_nent * sizeof (fasttrap_bucket_t)); 2476 fasttrap_tpoints.fth_nent = 0; 2477 2478 kmem_free(fasttrap_provs.fth_table, 2479 fasttrap_provs.fth_nent * sizeof (fasttrap_bucket_t)); 2480 fasttrap_provs.fth_nent = 0; 2481 2482 kmem_free(fasttrap_procs.fth_table, 2483 fasttrap_procs.fth_nent * sizeof (fasttrap_bucket_t)); 2484 fasttrap_procs.fth_nent = 0; 2485 2486 #if !defined(sun) 2487 destroy_dev(fasttrap_cdev); 2488 mutex_destroy(&fasttrap_count_mtx); 2489 CPU_FOREACH(i) { 2490 mutex_destroy(&fasttrap_cpuc_pid_lock[i]); 2491 } 2492 #endif 2493 2494 return (0); 2495 } 2496 2497 /* ARGSUSED */ 2498 static int 2499 fasttrap_modevent(module_t mod __unused, int type, void *data __unused) 2500 { 2501 int error = 0; 2502 2503 switch (type) { 2504 case MOD_LOAD: 2505 break; 2506 2507 case MOD_UNLOAD: 2508 break; 2509 2510 case MOD_SHUTDOWN: 2511 break; 2512 2513 default: 2514 error = EOPNOTSUPP; 2515 break; 2516 } 2517 return (error); 2518 } 2519 2520 SYSINIT(fasttrap_load, SI_SUB_DTRACE_PROVIDER, SI_ORDER_ANY, fasttrap_load, 2521 NULL); 2522 SYSUNINIT(fasttrap_unload, SI_SUB_DTRACE_PROVIDER, SI_ORDER_ANY, 2523 fasttrap_unload, NULL); 2524 2525 DEV_MODULE(fasttrap, fasttrap_modevent, NULL); 2526 MODULE_VERSION(fasttrap, 1); 2527 MODULE_DEPEND(fasttrap, dtrace, 1, 1, 1); 2528 MODULE_DEPEND(fasttrap, opensolaris, 1, 1, 1); 2529