xref: /freebsd/sys/cddl/dev/dtrace/dtrace_ioctl.c (revision 5944f899a2519c6321bac3c17cc076418643a088)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  *
21  * $FreeBSD$
22  *
23  */
24 
25 static int dtrace_verbose_ioctl;
26 SYSCTL_INT(_debug_dtrace, OID_AUTO, verbose_ioctl, CTLFLAG_RW,
27     &dtrace_verbose_ioctl, 0, "log DTrace ioctls");
28 
29 #define DTRACE_IOCTL_PRINTF(fmt, ...)	if (dtrace_verbose_ioctl) printf(fmt, ## __VA_ARGS__ )
30 
31 static int
32 dtrace_ioctl_helper(struct cdev *dev, u_long cmd, caddr_t addr, int flags,
33     struct thread *td)
34 {
35 	struct proc *p;
36 	dof_helper_t *dhp;
37 	dof_hdr_t *dof;
38 	int rval;
39 
40 	dhp = NULL;
41 	dof = NULL;
42 	rval = 0;
43 	switch (cmd) {
44 	case DTRACEHIOC_ADDDOF:
45 		dhp = (dof_helper_t *)addr;
46 		addr = (caddr_t)(uintptr_t)dhp->dofhp_dof;
47 		p = curproc;
48 		if (p->p_pid == dhp->dofhp_pid) {
49 			dof = dtrace_dof_copyin((uintptr_t)addr, &rval);
50 		} else {
51 			p = pfind(dhp->dofhp_pid);
52 			if (p == NULL)
53 				return (EINVAL);
54 			if (!P_SHOULDSTOP(p) ||
55 			    (p->p_flag & (P_TRACED | P_WEXIT)) != P_TRACED ||
56 			    p->p_pptr != curproc) {
57 				PROC_UNLOCK(p);
58 				return (EINVAL);
59 			}
60 			_PHOLD(p);
61 			PROC_UNLOCK(p);
62 			dof = dtrace_dof_copyin_proc(p, (uintptr_t)addr, &rval);
63 		}
64 
65 		if (dof == NULL) {
66 			if (p != curproc)
67 				PRELE(p);
68 			break;
69 		}
70 
71 		mutex_enter(&dtrace_lock);
72 		if ((rval = dtrace_helper_slurp(dof, dhp, p)) != -1) {
73 			dhp->dofhp_gen = rval;
74 			rval = 0;
75 		} else {
76 			rval = EINVAL;
77 		}
78 		mutex_exit(&dtrace_lock);
79 		if (p != curproc)
80 			PRELE(p);
81 		break;
82 	case DTRACEHIOC_REMOVE:
83 		mutex_enter(&dtrace_lock);
84 		rval = dtrace_helper_destroygen(NULL, *(int *)(uintptr_t)addr);
85 		mutex_exit(&dtrace_lock);
86 		break;
87 	default:
88 		rval = ENOTTY;
89 		break;
90 	}
91 	return (rval);
92 }
93 
94 /* ARGSUSED */
95 static int
96 dtrace_ioctl(struct cdev *dev, u_long cmd, caddr_t addr,
97     int flags __unused, struct thread *td)
98 {
99 	dtrace_state_t *state;
100 	devfs_get_cdevpriv((void **) &state);
101 
102 	int error = 0;
103 	if (state == NULL)
104 		return (EINVAL);
105 
106 	if (state->dts_anon) {
107 		ASSERT(dtrace_anon.dta_state == NULL);
108 		state = state->dts_anon;
109 	}
110 
111 	switch (cmd) {
112 	case DTRACEIOC_AGGDESC: {
113 		dtrace_aggdesc_t **paggdesc = (dtrace_aggdesc_t **) addr;
114 		dtrace_aggdesc_t aggdesc;
115 		dtrace_action_t *act;
116 		dtrace_aggregation_t *agg;
117 		int nrecs;
118 		uint32_t offs;
119 		dtrace_recdesc_t *lrec;
120 		void *buf;
121 		size_t size;
122 		uintptr_t dest;
123 
124 		DTRACE_IOCTL_PRINTF("%s(%d): DTRACEIOC_AGGDESC\n",__func__,__LINE__);
125 
126 		if (copyin((void *) *paggdesc, &aggdesc, sizeof (aggdesc)) != 0)
127 			return (EFAULT);
128 
129 		mutex_enter(&dtrace_lock);
130 
131 		if ((agg = dtrace_aggid2agg(state, aggdesc.dtagd_id)) == NULL) {
132 			mutex_exit(&dtrace_lock);
133 			return (EINVAL);
134 		}
135 
136 		aggdesc.dtagd_epid = agg->dtag_ecb->dte_epid;
137 
138 		nrecs = aggdesc.dtagd_nrecs;
139 		aggdesc.dtagd_nrecs = 0;
140 
141 		offs = agg->dtag_base;
142 		lrec = &agg->dtag_action.dta_rec;
143 		aggdesc.dtagd_size = lrec->dtrd_offset + lrec->dtrd_size - offs;
144 
145 		for (act = agg->dtag_first; ; act = act->dta_next) {
146 			ASSERT(act->dta_intuple ||
147 			    DTRACEACT_ISAGG(act->dta_kind));
148 
149 			/*
150 			 * If this action has a record size of zero, it
151 			 * denotes an argument to the aggregating action.
152 			 * Because the presence of this record doesn't (or
153 			 * shouldn't) affect the way the data is interpreted,
154 			 * we don't copy it out to save user-level the
155 			 * confusion of dealing with a zero-length record.
156 			 */
157 			if (act->dta_rec.dtrd_size == 0) {
158 				ASSERT(agg->dtag_hasarg);
159 				continue;
160 			}
161 
162 			aggdesc.dtagd_nrecs++;
163 
164 			if (act == &agg->dtag_action)
165 				break;
166 		}
167 
168 		/*
169 		 * Now that we have the size, we need to allocate a temporary
170 		 * buffer in which to store the complete description.  We need
171 		 * the temporary buffer to be able to drop dtrace_lock()
172 		 * across the copyout(), below.
173 		 */
174 		size = sizeof (dtrace_aggdesc_t) +
175 		    (aggdesc.dtagd_nrecs * sizeof (dtrace_recdesc_t));
176 
177 		buf = kmem_alloc(size, KM_SLEEP);
178 		dest = (uintptr_t)buf;
179 
180 		bcopy(&aggdesc, (void *)dest, sizeof (aggdesc));
181 		dest += offsetof(dtrace_aggdesc_t, dtagd_rec[0]);
182 
183 		for (act = agg->dtag_first; ; act = act->dta_next) {
184 			dtrace_recdesc_t rec = act->dta_rec;
185 
186 			/*
187 			 * See the comment in the above loop for why we pass
188 			 * over zero-length records.
189 			 */
190 			if (rec.dtrd_size == 0) {
191 				ASSERT(agg->dtag_hasarg);
192 				continue;
193 			}
194 
195 			if (nrecs-- == 0)
196 				break;
197 
198 			rec.dtrd_offset -= offs;
199 			bcopy(&rec, (void *)dest, sizeof (rec));
200 			dest += sizeof (dtrace_recdesc_t);
201 
202 			if (act == &agg->dtag_action)
203 				break;
204 		}
205 
206 		mutex_exit(&dtrace_lock);
207 
208 		if (copyout(buf, (void *) *paggdesc, dest - (uintptr_t)buf) != 0) {
209 			kmem_free(buf, size);
210 			return (EFAULT);
211 		}
212 
213 		kmem_free(buf, size);
214 		return (0);
215 	}
216 	case DTRACEIOC_AGGSNAP:
217 	case DTRACEIOC_BUFSNAP: {
218 		dtrace_bufdesc_t **pdesc = (dtrace_bufdesc_t **) addr;
219 		dtrace_bufdesc_t desc;
220 		caddr_t cached;
221 		dtrace_buffer_t *buf;
222 
223 		dtrace_debug_output();
224 
225 		if (copyin((void *) *pdesc, &desc, sizeof (desc)) != 0)
226 			return (EFAULT);
227 
228 		DTRACE_IOCTL_PRINTF("%s(%d): %s curcpu %d cpu %d\n",
229 		    __func__,__LINE__,
230 		    cmd == DTRACEIOC_AGGSNAP ?
231 		    "DTRACEIOC_AGGSNAP":"DTRACEIOC_BUFSNAP",
232 		    curcpu, desc.dtbd_cpu);
233 
234 		if (desc.dtbd_cpu >= NCPU)
235 			return (ENOENT);
236 		if (pcpu_find(desc.dtbd_cpu) == NULL)
237 			return (ENOENT);
238 
239 		mutex_enter(&dtrace_lock);
240 
241 		if (cmd == DTRACEIOC_BUFSNAP) {
242 			buf = &state->dts_buffer[desc.dtbd_cpu];
243 		} else {
244 			buf = &state->dts_aggbuffer[desc.dtbd_cpu];
245 		}
246 
247 		if (buf->dtb_flags & (DTRACEBUF_RING | DTRACEBUF_FILL)) {
248 			size_t sz = buf->dtb_offset;
249 
250 			if (state->dts_activity != DTRACE_ACTIVITY_STOPPED) {
251 				mutex_exit(&dtrace_lock);
252 				return (EBUSY);
253 			}
254 
255 			/*
256 			 * If this buffer has already been consumed, we're
257 			 * going to indicate that there's nothing left here
258 			 * to consume.
259 			 */
260 			if (buf->dtb_flags & DTRACEBUF_CONSUMED) {
261 				mutex_exit(&dtrace_lock);
262 
263 				desc.dtbd_size = 0;
264 				desc.dtbd_drops = 0;
265 				desc.dtbd_errors = 0;
266 				desc.dtbd_oldest = 0;
267 				sz = sizeof (desc);
268 
269 				if (copyout(&desc, (void *) *pdesc, sz) != 0)
270 					return (EFAULT);
271 
272 				return (0);
273 			}
274 
275 			/*
276 			 * If this is a ring buffer that has wrapped, we want
277 			 * to copy the whole thing out.
278 			 */
279 			if (buf->dtb_flags & DTRACEBUF_WRAPPED) {
280 				dtrace_buffer_polish(buf);
281 				sz = buf->dtb_size;
282 			}
283 
284 			if (copyout(buf->dtb_tomax, desc.dtbd_data, sz) != 0) {
285 				mutex_exit(&dtrace_lock);
286 				return (EFAULT);
287 			}
288 
289 			desc.dtbd_size = sz;
290 			desc.dtbd_drops = buf->dtb_drops;
291 			desc.dtbd_errors = buf->dtb_errors;
292 			desc.dtbd_oldest = buf->dtb_xamot_offset;
293 			desc.dtbd_timestamp = dtrace_gethrtime();
294 
295 			mutex_exit(&dtrace_lock);
296 
297 			if (copyout(&desc, (void *) *pdesc, sizeof (desc)) != 0)
298 				return (EFAULT);
299 
300 			buf->dtb_flags |= DTRACEBUF_CONSUMED;
301 
302 			return (0);
303 		}
304 
305 		if (buf->dtb_tomax == NULL) {
306 			ASSERT(buf->dtb_xamot == NULL);
307 			mutex_exit(&dtrace_lock);
308 			return (ENOENT);
309 		}
310 
311 		cached = buf->dtb_tomax;
312 		ASSERT(!(buf->dtb_flags & DTRACEBUF_NOSWITCH));
313 
314 		dtrace_xcall(desc.dtbd_cpu,
315 		    (dtrace_xcall_t)dtrace_buffer_switch, buf);
316 
317 		state->dts_errors += buf->dtb_xamot_errors;
318 
319 		/*
320 		 * If the buffers did not actually switch, then the cross call
321 		 * did not take place -- presumably because the given CPU is
322 		 * not in the ready set.  If this is the case, we'll return
323 		 * ENOENT.
324 		 */
325 		if (buf->dtb_tomax == cached) {
326 			ASSERT(buf->dtb_xamot != cached);
327 			mutex_exit(&dtrace_lock);
328 			return (ENOENT);
329 		}
330 
331 		ASSERT(cached == buf->dtb_xamot);
332 
333 		DTRACE_IOCTL_PRINTF("%s(%d): copyout the buffer snapshot\n",__func__,__LINE__);
334 
335 		/*
336 		 * We have our snapshot; now copy it out.
337 		 */
338 		if (copyout(buf->dtb_xamot, desc.dtbd_data,
339 		    buf->dtb_xamot_offset) != 0) {
340 			mutex_exit(&dtrace_lock);
341 			return (EFAULT);
342 		}
343 
344 		desc.dtbd_size = buf->dtb_xamot_offset;
345 		desc.dtbd_drops = buf->dtb_xamot_drops;
346 		desc.dtbd_errors = buf->dtb_xamot_errors;
347 		desc.dtbd_oldest = 0;
348 		desc.dtbd_timestamp = buf->dtb_switched;
349 
350 		mutex_exit(&dtrace_lock);
351 
352 		DTRACE_IOCTL_PRINTF("%s(%d): copyout buffer desc: size %zd drops %lu errors %lu\n",__func__,__LINE__,(size_t) desc.dtbd_size,(u_long) desc.dtbd_drops,(u_long) desc.dtbd_errors);
353 
354 		/*
355 		 * Finally, copy out the buffer description.
356 		 */
357 		if (copyout(&desc, (void *) *pdesc, sizeof (desc)) != 0)
358 			return (EFAULT);
359 
360 		return (0);
361 	}
362 	case DTRACEIOC_CONF: {
363 		dtrace_conf_t conf;
364 
365 		DTRACE_IOCTL_PRINTF("%s(%d): DTRACEIOC_CONF\n",__func__,__LINE__);
366 
367 		bzero(&conf, sizeof (conf));
368 		conf.dtc_difversion = DIF_VERSION;
369 		conf.dtc_difintregs = DIF_DIR_NREGS;
370 		conf.dtc_diftupregs = DIF_DTR_NREGS;
371 		conf.dtc_ctfmodel = CTF_MODEL_NATIVE;
372 
373 		*((dtrace_conf_t *) addr) = conf;
374 
375 		return (0);
376 	}
377 	case DTRACEIOC_DOFGET: {
378 		dof_hdr_t **pdof = (dof_hdr_t **) addr;
379 		dof_hdr_t hdr, *dof = *pdof;
380 		int rval;
381 		uint64_t len;
382 
383 		DTRACE_IOCTL_PRINTF("%s(%d): DTRACEIOC_DOFGET\n",__func__,__LINE__);
384 
385 		if (copyin((void *)dof, &hdr, sizeof (hdr)) != 0)
386 			return (EFAULT);
387 
388 		mutex_enter(&dtrace_lock);
389 		dof = dtrace_dof_create(state);
390 		mutex_exit(&dtrace_lock);
391 
392 		len = MIN(hdr.dofh_loadsz, dof->dofh_loadsz);
393 		rval = copyout(dof, (void *) *pdof, len);
394 		dtrace_dof_destroy(dof);
395 
396 		return (rval == 0 ? 0 : EFAULT);
397 	}
398 	case DTRACEIOC_ENABLE: {
399 		dof_hdr_t *dof = NULL;
400 		dtrace_enabling_t *enab = NULL;
401 		dtrace_vstate_t *vstate;
402 		int err = 0;
403 		int rval;
404 		dtrace_enable_io_t *p = (dtrace_enable_io_t *) addr;
405 
406 		DTRACE_IOCTL_PRINTF("%s(%d): DTRACEIOC_ENABLE\n",__func__,__LINE__);
407 
408 		/*
409 		 * If a NULL argument has been passed, we take this as our
410 		 * cue to reevaluate our enablings.
411 		 */
412 		if (p->dof == NULL) {
413 			dtrace_enabling_matchall();
414 
415 			return (0);
416 		}
417 
418 		if ((dof = dtrace_dof_copyin((uintptr_t) p->dof, &rval)) == NULL)
419 			return (EINVAL);
420 
421 		mutex_enter(&cpu_lock);
422 		mutex_enter(&dtrace_lock);
423 		vstate = &state->dts_vstate;
424 
425 		if (state->dts_activity != DTRACE_ACTIVITY_INACTIVE) {
426 			mutex_exit(&dtrace_lock);
427 			mutex_exit(&cpu_lock);
428 			dtrace_dof_destroy(dof);
429 			return (EBUSY);
430 		}
431 
432 		if (dtrace_dof_slurp(dof, vstate, td->td_ucred, &enab, 0, 0,
433 		    B_TRUE) != 0) {
434 			mutex_exit(&dtrace_lock);
435 			mutex_exit(&cpu_lock);
436 			dtrace_dof_destroy(dof);
437 			return (EINVAL);
438 		}
439 
440 		if ((rval = dtrace_dof_options(dof, state)) != 0) {
441 			dtrace_enabling_destroy(enab);
442 			mutex_exit(&dtrace_lock);
443 			mutex_exit(&cpu_lock);
444 			dtrace_dof_destroy(dof);
445 			return (rval);
446 		}
447 
448 		if ((err = dtrace_enabling_match(enab, &p->n_matched)) == 0) {
449 			err = dtrace_enabling_retain(enab);
450 		} else {
451 			dtrace_enabling_destroy(enab);
452 		}
453 
454 		mutex_exit(&cpu_lock);
455 		mutex_exit(&dtrace_lock);
456 		dtrace_dof_destroy(dof);
457 
458 		return (err);
459 	}
460 	case DTRACEIOC_EPROBE: {
461 		dtrace_eprobedesc_t **pepdesc = (dtrace_eprobedesc_t **) addr;
462 		dtrace_eprobedesc_t epdesc;
463 		dtrace_ecb_t *ecb;
464 		dtrace_action_t *act;
465 		void *buf;
466 		size_t size;
467 		uintptr_t dest;
468 		int nrecs;
469 
470 		DTRACE_IOCTL_PRINTF("%s(%d): DTRACEIOC_EPROBE\n",__func__,__LINE__);
471 
472 		if (copyin((void *)*pepdesc, &epdesc, sizeof (epdesc)) != 0)
473 			return (EFAULT);
474 
475 		mutex_enter(&dtrace_lock);
476 
477 		if ((ecb = dtrace_epid2ecb(state, epdesc.dtepd_epid)) == NULL) {
478 			mutex_exit(&dtrace_lock);
479 			return (EINVAL);
480 		}
481 
482 		if (ecb->dte_probe == NULL) {
483 			mutex_exit(&dtrace_lock);
484 			return (EINVAL);
485 		}
486 
487 		epdesc.dtepd_probeid = ecb->dte_probe->dtpr_id;
488 		epdesc.dtepd_uarg = ecb->dte_uarg;
489 		epdesc.dtepd_size = ecb->dte_size;
490 
491 		nrecs = epdesc.dtepd_nrecs;
492 		epdesc.dtepd_nrecs = 0;
493 		for (act = ecb->dte_action; act != NULL; act = act->dta_next) {
494 			if (DTRACEACT_ISAGG(act->dta_kind) || act->dta_intuple)
495 				continue;
496 
497 			epdesc.dtepd_nrecs++;
498 		}
499 
500 		/*
501 		 * Now that we have the size, we need to allocate a temporary
502 		 * buffer in which to store the complete description.  We need
503 		 * the temporary buffer to be able to drop dtrace_lock()
504 		 * across the copyout(), below.
505 		 */
506 		size = sizeof (dtrace_eprobedesc_t) +
507 		    (epdesc.dtepd_nrecs * sizeof (dtrace_recdesc_t));
508 
509 		buf = kmem_alloc(size, KM_SLEEP);
510 		dest = (uintptr_t)buf;
511 
512 		bcopy(&epdesc, (void *)dest, sizeof (epdesc));
513 		dest += offsetof(dtrace_eprobedesc_t, dtepd_rec[0]);
514 
515 		for (act = ecb->dte_action; act != NULL; act = act->dta_next) {
516 			if (DTRACEACT_ISAGG(act->dta_kind) || act->dta_intuple)
517 				continue;
518 
519 			if (nrecs-- == 0)
520 				break;
521 
522 			bcopy(&act->dta_rec, (void *)dest,
523 			    sizeof (dtrace_recdesc_t));
524 			dest += sizeof (dtrace_recdesc_t);
525 		}
526 
527 		mutex_exit(&dtrace_lock);
528 
529 		if (copyout(buf, (void *) *pepdesc, dest - (uintptr_t)buf) != 0) {
530 			kmem_free(buf, size);
531 			return (EFAULT);
532 		}
533 
534 		kmem_free(buf, size);
535 		return (0);
536 	}
537 	case DTRACEIOC_FORMAT: {
538 		dtrace_fmtdesc_t *fmt = (dtrace_fmtdesc_t *) addr;
539 		char *str;
540 		int len;
541 
542 		DTRACE_IOCTL_PRINTF("%s(%d): DTRACEIOC_FORMAT\n",__func__,__LINE__);
543 
544 		mutex_enter(&dtrace_lock);
545 
546 		if (fmt->dtfd_format == 0 ||
547 		    fmt->dtfd_format > state->dts_nformats) {
548 			mutex_exit(&dtrace_lock);
549 			return (EINVAL);
550 		}
551 
552 		/*
553 		 * Format strings are allocated contiguously and they are
554 		 * never freed; if a format index is less than the number
555 		 * of formats, we can assert that the format map is non-NULL
556 		 * and that the format for the specified index is non-NULL.
557 		 */
558 		ASSERT(state->dts_formats != NULL);
559 		str = state->dts_formats[fmt->dtfd_format - 1];
560 		ASSERT(str != NULL);
561 
562 		len = strlen(str) + 1;
563 
564 		if (len > fmt->dtfd_length) {
565 			fmt->dtfd_length = len;
566 		} else {
567 			if (copyout(str, fmt->dtfd_string, len) != 0) {
568 				mutex_exit(&dtrace_lock);
569 				return (EINVAL);
570 			}
571 		}
572 
573 		mutex_exit(&dtrace_lock);
574 		return (0);
575 	}
576 	case DTRACEIOC_GO: {
577 		int rval;
578 		processorid_t *cpuid = (processorid_t *) addr;
579 
580 		DTRACE_IOCTL_PRINTF("%s(%d): DTRACEIOC_GO\n",__func__,__LINE__);
581 
582 		rval = dtrace_state_go(state, cpuid);
583 
584 		return (rval);
585 	}
586 	case DTRACEIOC_PROBEARG: {
587 		dtrace_argdesc_t *desc = (dtrace_argdesc_t *) addr;
588 		dtrace_probe_t *probe;
589 		dtrace_provider_t *prov;
590 
591 		DTRACE_IOCTL_PRINTF("%s(%d): DTRACEIOC_PROBEARG\n",__func__,__LINE__);
592 
593 		if (desc->dtargd_id == DTRACE_IDNONE)
594 			return (EINVAL);
595 
596 		if (desc->dtargd_ndx == DTRACE_ARGNONE)
597 			return (EINVAL);
598 
599 		mutex_enter(&dtrace_provider_lock);
600 #ifdef illumos
601 		mutex_enter(&mod_lock);
602 #endif
603 		mutex_enter(&dtrace_lock);
604 
605 		if (desc->dtargd_id > dtrace_nprobes) {
606 			mutex_exit(&dtrace_lock);
607 #ifdef illumos
608 			mutex_exit(&mod_lock);
609 #endif
610 			mutex_exit(&dtrace_provider_lock);
611 			return (EINVAL);
612 		}
613 
614 		if ((probe = dtrace_probes[desc->dtargd_id - 1]) == NULL) {
615 			mutex_exit(&dtrace_lock);
616 #ifdef illumos
617 			mutex_exit(&mod_lock);
618 #endif
619 			mutex_exit(&dtrace_provider_lock);
620 			return (EINVAL);
621 		}
622 
623 		mutex_exit(&dtrace_lock);
624 
625 		prov = probe->dtpr_provider;
626 
627 		if (prov->dtpv_pops.dtps_getargdesc == NULL) {
628 			/*
629 			 * There isn't any typed information for this probe.
630 			 * Set the argument number to DTRACE_ARGNONE.
631 			 */
632 			desc->dtargd_ndx = DTRACE_ARGNONE;
633 		} else {
634 			desc->dtargd_native[0] = '\0';
635 			desc->dtargd_xlate[0] = '\0';
636 			desc->dtargd_mapping = desc->dtargd_ndx;
637 
638 			prov->dtpv_pops.dtps_getargdesc(prov->dtpv_arg,
639 			    probe->dtpr_id, probe->dtpr_arg, desc);
640 		}
641 
642 #ifdef illumos
643 		mutex_exit(&mod_lock);
644 #endif
645 		mutex_exit(&dtrace_provider_lock);
646 
647 		return (0);
648 	}
649 	case DTRACEIOC_PROBEMATCH:
650 	case DTRACEIOC_PROBES: {
651 		dtrace_probedesc_t *p_desc = (dtrace_probedesc_t *) addr;
652 		dtrace_probe_t *probe = NULL;
653 		dtrace_probekey_t pkey;
654 		dtrace_id_t i;
655 		int m = 0;
656 		uint32_t priv = 0;
657 		uid_t uid = 0;
658 		zoneid_t zoneid = 0;
659 
660 		DTRACE_IOCTL_PRINTF("%s(%d): %s\n",__func__,__LINE__,
661 		    cmd == DTRACEIOC_PROBEMATCH ?
662 		    "DTRACEIOC_PROBEMATCH":"DTRACEIOC_PROBES");
663 
664 		p_desc->dtpd_provider[DTRACE_PROVNAMELEN - 1] = '\0';
665 		p_desc->dtpd_mod[DTRACE_MODNAMELEN - 1] = '\0';
666 		p_desc->dtpd_func[DTRACE_FUNCNAMELEN - 1] = '\0';
667 		p_desc->dtpd_name[DTRACE_NAMELEN - 1] = '\0';
668 
669 		/*
670 		 * Before we attempt to match this probe, we want to give
671 		 * all providers the opportunity to provide it.
672 		 */
673 		if (p_desc->dtpd_id == DTRACE_IDNONE) {
674 			mutex_enter(&dtrace_provider_lock);
675 			dtrace_probe_provide(p_desc, NULL);
676 			mutex_exit(&dtrace_provider_lock);
677 			p_desc->dtpd_id++;
678 		}
679 
680 		if (cmd == DTRACEIOC_PROBEMATCH)  {
681 			dtrace_probekey(p_desc, &pkey);
682 			pkey.dtpk_id = DTRACE_IDNONE;
683 		}
684 
685 		dtrace_cred2priv(td->td_ucred, &priv, &uid, &zoneid);
686 
687 		mutex_enter(&dtrace_lock);
688 
689 		if (cmd == DTRACEIOC_PROBEMATCH) {
690 			for (i = p_desc->dtpd_id; i <= dtrace_nprobes; i++) {
691 				if ((probe = dtrace_probes[i - 1]) != NULL &&
692 				    (m = dtrace_match_probe(probe, &pkey,
693 				    priv, uid, zoneid)) != 0)
694 					break;
695 			}
696 
697 			if (m < 0) {
698 				mutex_exit(&dtrace_lock);
699 				return (EINVAL);
700 			}
701 
702 		} else {
703 			for (i = p_desc->dtpd_id; i <= dtrace_nprobes; i++) {
704 				if ((probe = dtrace_probes[i - 1]) != NULL &&
705 				    dtrace_match_priv(probe, priv, uid, zoneid))
706 					break;
707 			}
708 		}
709 
710 		if (probe == NULL) {
711 			mutex_exit(&dtrace_lock);
712 			return (ESRCH);
713 		}
714 
715 		dtrace_probe_description(probe, p_desc);
716 		mutex_exit(&dtrace_lock);
717 
718 		return (0);
719 	}
720 	case DTRACEIOC_PROVIDER: {
721 		dtrace_providerdesc_t *pvd = (dtrace_providerdesc_t *) addr;
722 		dtrace_provider_t *pvp;
723 
724 		DTRACE_IOCTL_PRINTF("%s(%d): DTRACEIOC_PROVIDER\n",__func__,__LINE__);
725 
726 		pvd->dtvd_name[DTRACE_PROVNAMELEN - 1] = '\0';
727 		mutex_enter(&dtrace_provider_lock);
728 
729 		for (pvp = dtrace_provider; pvp != NULL; pvp = pvp->dtpv_next) {
730 			if (strcmp(pvp->dtpv_name, pvd->dtvd_name) == 0)
731 				break;
732 		}
733 
734 		mutex_exit(&dtrace_provider_lock);
735 
736 		if (pvp == NULL)
737 			return (ESRCH);
738 
739 		bcopy(&pvp->dtpv_priv, &pvd->dtvd_priv, sizeof (dtrace_ppriv_t));
740 		bcopy(&pvp->dtpv_attr, &pvd->dtvd_attr, sizeof (dtrace_pattr_t));
741 
742 		return (0);
743 	}
744 	case DTRACEIOC_REPLICATE: {
745 		dtrace_repldesc_t *desc = (dtrace_repldesc_t *) addr;
746 		dtrace_probedesc_t *match = &desc->dtrpd_match;
747 		dtrace_probedesc_t *create = &desc->dtrpd_create;
748 		int err;
749 
750 		DTRACE_IOCTL_PRINTF("%s(%d): DTRACEIOC_REPLICATE\n",__func__,__LINE__);
751 
752 		match->dtpd_provider[DTRACE_PROVNAMELEN - 1] = '\0';
753 		match->dtpd_mod[DTRACE_MODNAMELEN - 1] = '\0';
754 		match->dtpd_func[DTRACE_FUNCNAMELEN - 1] = '\0';
755 		match->dtpd_name[DTRACE_NAMELEN - 1] = '\0';
756 
757 		create->dtpd_provider[DTRACE_PROVNAMELEN - 1] = '\0';
758 		create->dtpd_mod[DTRACE_MODNAMELEN - 1] = '\0';
759 		create->dtpd_func[DTRACE_FUNCNAMELEN - 1] = '\0';
760 		create->dtpd_name[DTRACE_NAMELEN - 1] = '\0';
761 
762 		mutex_enter(&dtrace_lock);
763 		err = dtrace_enabling_replicate(state, match, create);
764 		mutex_exit(&dtrace_lock);
765 
766 		return (err);
767 	}
768 	case DTRACEIOC_STATUS: {
769 		dtrace_status_t *stat = (dtrace_status_t *) addr;
770 		dtrace_dstate_t *dstate;
771 		int i, j;
772 		uint64_t nerrs;
773 
774 		DTRACE_IOCTL_PRINTF("%s(%d): DTRACEIOC_STATUS\n",__func__,__LINE__);
775 
776 		/*
777 		 * See the comment in dtrace_state_deadman() for the reason
778 		 * for setting dts_laststatus to INT64_MAX before setting
779 		 * it to the correct value.
780 		 */
781 		state->dts_laststatus = INT64_MAX;
782 		dtrace_membar_producer();
783 		state->dts_laststatus = dtrace_gethrtime();
784 
785 		bzero(stat, sizeof (*stat));
786 
787 		mutex_enter(&dtrace_lock);
788 
789 		if (state->dts_activity == DTRACE_ACTIVITY_INACTIVE) {
790 			mutex_exit(&dtrace_lock);
791 			return (ENOENT);
792 		}
793 
794 		if (state->dts_activity == DTRACE_ACTIVITY_DRAINING)
795 			stat->dtst_exiting = 1;
796 
797 		nerrs = state->dts_errors;
798 		dstate = &state->dts_vstate.dtvs_dynvars;
799 
800 		for (i = 0; i < NCPU; i++) {
801 #ifndef illumos
802 			if (pcpu_find(i) == NULL)
803 				continue;
804 #endif
805 			dtrace_dstate_percpu_t *dcpu = &dstate->dtds_percpu[i];
806 
807 			stat->dtst_dyndrops += dcpu->dtdsc_drops;
808 			stat->dtst_dyndrops_dirty += dcpu->dtdsc_dirty_drops;
809 			stat->dtst_dyndrops_rinsing += dcpu->dtdsc_rinsing_drops;
810 
811 			if (state->dts_buffer[i].dtb_flags & DTRACEBUF_FULL)
812 				stat->dtst_filled++;
813 
814 			nerrs += state->dts_buffer[i].dtb_errors;
815 
816 			for (j = 0; j < state->dts_nspeculations; j++) {
817 				dtrace_speculation_t *spec;
818 				dtrace_buffer_t *buf;
819 
820 				spec = &state->dts_speculations[j];
821 				buf = &spec->dtsp_buffer[i];
822 				stat->dtst_specdrops += buf->dtb_xamot_drops;
823 			}
824 		}
825 
826 		stat->dtst_specdrops_busy = state->dts_speculations_busy;
827 		stat->dtst_specdrops_unavail = state->dts_speculations_unavail;
828 		stat->dtst_stkstroverflows = state->dts_stkstroverflows;
829 		stat->dtst_dblerrors = state->dts_dblerrors;
830 		stat->dtst_killed =
831 		    (state->dts_activity == DTRACE_ACTIVITY_KILLED);
832 		stat->dtst_errors = nerrs;
833 
834 		mutex_exit(&dtrace_lock);
835 
836 		return (0);
837 	}
838 	case DTRACEIOC_STOP: {
839 		int rval;
840 		processorid_t *cpuid = (processorid_t *) addr;
841 
842 		DTRACE_IOCTL_PRINTF("%s(%d): DTRACEIOC_STOP\n",__func__,__LINE__);
843 
844 		mutex_enter(&dtrace_lock);
845 		rval = dtrace_state_stop(state, cpuid);
846 		mutex_exit(&dtrace_lock);
847 
848 		return (rval);
849 	}
850 	default:
851 		error = ENOTTY;
852 	}
853 	return (error);
854 }
855