xref: /freebsd/sys/cddl/dev/dtrace/dtrace_ioctl.c (revision f4b37ed0f8b307b1f3f0f630ca725d68f1dff30d)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  *
21  * $FreeBSD$
22  *
23  */
24 
25 static int dtrace_verbose_ioctl;
26 SYSCTL_INT(_debug_dtrace, OID_AUTO, verbose_ioctl, CTLFLAG_RW,
27     &dtrace_verbose_ioctl, 0, "log DTrace ioctls");
28 
29 #define DTRACE_IOCTL_PRINTF(fmt, ...)	if (dtrace_verbose_ioctl) printf(fmt, ## __VA_ARGS__ )
30 
31 static int
32 dtrace_ioctl_helper(struct cdev *dev, u_long cmd, caddr_t addr, int flags,
33     struct thread *td)
34 {
35 	dof_helper_t *dhp = NULL;
36 	dof_hdr_t *dof = NULL;
37 	int rval;
38 
39 	switch (cmd) {
40 	case DTRACEHIOC_ADDDOF:
41 		dhp = (dof_helper_t *)addr;
42 		/* XXX all because dofhp_dof is 64 bit */
43 		addr = (caddr_t)(vm_offset_t)dhp->dofhp_dof;
44 		/* FALLTHROUGH */
45 	case DTRACEHIOC_ADD:
46 		dof = dtrace_dof_copyin((intptr_t)addr, &rval);
47 
48 		if (dof == NULL)
49 			return (rval);
50 
51 		mutex_enter(&dtrace_lock);
52 		if ((rval = dtrace_helper_slurp((dof_hdr_t *)dof, dhp)) != -1) {
53 			if (dhp) {
54 				dhp->dofhp_gen = rval;
55 				copyout(dhp, addr, sizeof(*dhp));
56 			}
57 			rval = 0;
58 		} else {
59 			rval = EINVAL;
60 		}
61 		mutex_exit(&dtrace_lock);
62 
63 		return (rval);
64 	case DTRACEHIOC_REMOVE:
65 		mutex_enter(&dtrace_lock);
66 		rval = dtrace_helper_destroygen(NULL, (int)*addr);
67 		mutex_exit(&dtrace_lock);
68 
69 		return (rval);
70 	default:
71 		break;
72 	}
73 
74 	return (ENOTTY);
75 }
76 
77 /* ARGSUSED */
78 static int
79 dtrace_ioctl(struct cdev *dev, u_long cmd, caddr_t addr,
80     int flags __unused, struct thread *td)
81 {
82 	dtrace_state_t *state;
83 	devfs_get_cdevpriv((void **) &state);
84 
85 	int error = 0;
86 	if (state == NULL)
87 		return (EINVAL);
88 
89 	if (state->dts_anon) {
90 		ASSERT(dtrace_anon.dta_state == NULL);
91 		state = state->dts_anon;
92 	}
93 
94 	switch (cmd) {
95 	case DTRACEIOC_AGGDESC: {
96 		dtrace_aggdesc_t **paggdesc = (dtrace_aggdesc_t **) addr;
97 		dtrace_aggdesc_t aggdesc;
98 		dtrace_action_t *act;
99 		dtrace_aggregation_t *agg;
100 		int nrecs;
101 		uint32_t offs;
102 		dtrace_recdesc_t *lrec;
103 		void *buf;
104 		size_t size;
105 		uintptr_t dest;
106 
107 		DTRACE_IOCTL_PRINTF("%s(%d): DTRACEIOC_AGGDESC\n",__func__,__LINE__);
108 
109 		if (copyin((void *) *paggdesc, &aggdesc, sizeof (aggdesc)) != 0)
110 			return (EFAULT);
111 
112 		mutex_enter(&dtrace_lock);
113 
114 		if ((agg = dtrace_aggid2agg(state, aggdesc.dtagd_id)) == NULL) {
115 			mutex_exit(&dtrace_lock);
116 			return (EINVAL);
117 		}
118 
119 		aggdesc.dtagd_epid = agg->dtag_ecb->dte_epid;
120 
121 		nrecs = aggdesc.dtagd_nrecs;
122 		aggdesc.dtagd_nrecs = 0;
123 
124 		offs = agg->dtag_base;
125 		lrec = &agg->dtag_action.dta_rec;
126 		aggdesc.dtagd_size = lrec->dtrd_offset + lrec->dtrd_size - offs;
127 
128 		for (act = agg->dtag_first; ; act = act->dta_next) {
129 			ASSERT(act->dta_intuple ||
130 			    DTRACEACT_ISAGG(act->dta_kind));
131 
132 			/*
133 			 * If this action has a record size of zero, it
134 			 * denotes an argument to the aggregating action.
135 			 * Because the presence of this record doesn't (or
136 			 * shouldn't) affect the way the data is interpreted,
137 			 * we don't copy it out to save user-level the
138 			 * confusion of dealing with a zero-length record.
139 			 */
140 			if (act->dta_rec.dtrd_size == 0) {
141 				ASSERT(agg->dtag_hasarg);
142 				continue;
143 			}
144 
145 			aggdesc.dtagd_nrecs++;
146 
147 			if (act == &agg->dtag_action)
148 				break;
149 		}
150 
151 		/*
152 		 * Now that we have the size, we need to allocate a temporary
153 		 * buffer in which to store the complete description.  We need
154 		 * the temporary buffer to be able to drop dtrace_lock()
155 		 * across the copyout(), below.
156 		 */
157 		size = sizeof (dtrace_aggdesc_t) +
158 		    (aggdesc.dtagd_nrecs * sizeof (dtrace_recdesc_t));
159 
160 		buf = kmem_alloc(size, KM_SLEEP);
161 		dest = (uintptr_t)buf;
162 
163 		bcopy(&aggdesc, (void *)dest, sizeof (aggdesc));
164 		dest += offsetof(dtrace_aggdesc_t, dtagd_rec[0]);
165 
166 		for (act = agg->dtag_first; ; act = act->dta_next) {
167 			dtrace_recdesc_t rec = act->dta_rec;
168 
169 			/*
170 			 * See the comment in the above loop for why we pass
171 			 * over zero-length records.
172 			 */
173 			if (rec.dtrd_size == 0) {
174 				ASSERT(agg->dtag_hasarg);
175 				continue;
176 			}
177 
178 			if (nrecs-- == 0)
179 				break;
180 
181 			rec.dtrd_offset -= offs;
182 			bcopy(&rec, (void *)dest, sizeof (rec));
183 			dest += sizeof (dtrace_recdesc_t);
184 
185 			if (act == &agg->dtag_action)
186 				break;
187 		}
188 
189 		mutex_exit(&dtrace_lock);
190 
191 		if (copyout(buf, (void *) *paggdesc, dest - (uintptr_t)buf) != 0) {
192 			kmem_free(buf, size);
193 			return (EFAULT);
194 		}
195 
196 		kmem_free(buf, size);
197 		return (0);
198 	}
199 	case DTRACEIOC_AGGSNAP:
200 	case DTRACEIOC_BUFSNAP: {
201 		dtrace_bufdesc_t **pdesc = (dtrace_bufdesc_t **) addr;
202 		dtrace_bufdesc_t desc;
203 		caddr_t cached;
204 		dtrace_buffer_t *buf;
205 
206 		dtrace_debug_output();
207 
208 		if (copyin((void *) *pdesc, &desc, sizeof (desc)) != 0)
209 			return (EFAULT);
210 
211 		DTRACE_IOCTL_PRINTF("%s(%d): %s curcpu %d cpu %d\n",
212 		    __func__,__LINE__,
213 		    cmd == DTRACEIOC_AGGSNAP ?
214 		    "DTRACEIOC_AGGSNAP":"DTRACEIOC_BUFSNAP",
215 		    curcpu, desc.dtbd_cpu);
216 
217 		if (desc.dtbd_cpu >= NCPU)
218 			return (ENOENT);
219 		if (pcpu_find(desc.dtbd_cpu) == NULL)
220 			return (ENOENT);
221 
222 		mutex_enter(&dtrace_lock);
223 
224 		if (cmd == DTRACEIOC_BUFSNAP) {
225 			buf = &state->dts_buffer[desc.dtbd_cpu];
226 		} else {
227 			buf = &state->dts_aggbuffer[desc.dtbd_cpu];
228 		}
229 
230 		if (buf->dtb_flags & (DTRACEBUF_RING | DTRACEBUF_FILL)) {
231 			size_t sz = buf->dtb_offset;
232 
233 			if (state->dts_activity != DTRACE_ACTIVITY_STOPPED) {
234 				mutex_exit(&dtrace_lock);
235 				return (EBUSY);
236 			}
237 
238 			/*
239 			 * If this buffer has already been consumed, we're
240 			 * going to indicate that there's nothing left here
241 			 * to consume.
242 			 */
243 			if (buf->dtb_flags & DTRACEBUF_CONSUMED) {
244 				mutex_exit(&dtrace_lock);
245 
246 				desc.dtbd_size = 0;
247 				desc.dtbd_drops = 0;
248 				desc.dtbd_errors = 0;
249 				desc.dtbd_oldest = 0;
250 				sz = sizeof (desc);
251 
252 				if (copyout(&desc, (void *) *pdesc, sz) != 0)
253 					return (EFAULT);
254 
255 				return (0);
256 			}
257 
258 			/*
259 			 * If this is a ring buffer that has wrapped, we want
260 			 * to copy the whole thing out.
261 			 */
262 			if (buf->dtb_flags & DTRACEBUF_WRAPPED) {
263 				dtrace_buffer_polish(buf);
264 				sz = buf->dtb_size;
265 			}
266 
267 			if (copyout(buf->dtb_tomax, desc.dtbd_data, sz) != 0) {
268 				mutex_exit(&dtrace_lock);
269 				return (EFAULT);
270 			}
271 
272 			desc.dtbd_size = sz;
273 			desc.dtbd_drops = buf->dtb_drops;
274 			desc.dtbd_errors = buf->dtb_errors;
275 			desc.dtbd_oldest = buf->dtb_xamot_offset;
276 			desc.dtbd_timestamp = dtrace_gethrtime();
277 
278 			mutex_exit(&dtrace_lock);
279 
280 			if (copyout(&desc, (void *) *pdesc, sizeof (desc)) != 0)
281 				return (EFAULT);
282 
283 			buf->dtb_flags |= DTRACEBUF_CONSUMED;
284 
285 			return (0);
286 		}
287 
288 		if (buf->dtb_tomax == NULL) {
289 			ASSERT(buf->dtb_xamot == NULL);
290 			mutex_exit(&dtrace_lock);
291 			return (ENOENT);
292 		}
293 
294 		cached = buf->dtb_tomax;
295 		ASSERT(!(buf->dtb_flags & DTRACEBUF_NOSWITCH));
296 
297 		dtrace_xcall(desc.dtbd_cpu,
298 		    (dtrace_xcall_t)dtrace_buffer_switch, buf);
299 
300 		state->dts_errors += buf->dtb_xamot_errors;
301 
302 		/*
303 		 * If the buffers did not actually switch, then the cross call
304 		 * did not take place -- presumably because the given CPU is
305 		 * not in the ready set.  If this is the case, we'll return
306 		 * ENOENT.
307 		 */
308 		if (buf->dtb_tomax == cached) {
309 			ASSERT(buf->dtb_xamot != cached);
310 			mutex_exit(&dtrace_lock);
311 			return (ENOENT);
312 		}
313 
314 		ASSERT(cached == buf->dtb_xamot);
315 
316 		DTRACE_IOCTL_PRINTF("%s(%d): copyout the buffer snapshot\n",__func__,__LINE__);
317 
318 		/*
319 		 * We have our snapshot; now copy it out.
320 		 */
321 		if (copyout(buf->dtb_xamot, desc.dtbd_data,
322 		    buf->dtb_xamot_offset) != 0) {
323 			mutex_exit(&dtrace_lock);
324 			return (EFAULT);
325 		}
326 
327 		desc.dtbd_size = buf->dtb_xamot_offset;
328 		desc.dtbd_drops = buf->dtb_xamot_drops;
329 		desc.dtbd_errors = buf->dtb_xamot_errors;
330 		desc.dtbd_oldest = 0;
331 		desc.dtbd_timestamp = buf->dtb_switched;
332 
333 		mutex_exit(&dtrace_lock);
334 
335 		DTRACE_IOCTL_PRINTF("%s(%d): copyout buffer desc: size %zd drops %lu errors %lu\n",__func__,__LINE__,(size_t) desc.dtbd_size,(u_long) desc.dtbd_drops,(u_long) desc.dtbd_errors);
336 
337 		/*
338 		 * Finally, copy out the buffer description.
339 		 */
340 		if (copyout(&desc, (void *) *pdesc, sizeof (desc)) != 0)
341 			return (EFAULT);
342 
343 		return (0);
344 	}
345 	case DTRACEIOC_CONF: {
346 		dtrace_conf_t conf;
347 
348 		DTRACE_IOCTL_PRINTF("%s(%d): DTRACEIOC_CONF\n",__func__,__LINE__);
349 
350 		bzero(&conf, sizeof (conf));
351 		conf.dtc_difversion = DIF_VERSION;
352 		conf.dtc_difintregs = DIF_DIR_NREGS;
353 		conf.dtc_diftupregs = DIF_DTR_NREGS;
354 		conf.dtc_ctfmodel = CTF_MODEL_NATIVE;
355 
356 		*((dtrace_conf_t *) addr) = conf;
357 
358 		return (0);
359 	}
360 	case DTRACEIOC_DOFGET: {
361 		dof_hdr_t **pdof = (dof_hdr_t **) addr;
362 		dof_hdr_t hdr, *dof = *pdof;
363 		int rval;
364 		uint64_t len;
365 
366 		DTRACE_IOCTL_PRINTF("%s(%d): DTRACEIOC_DOFGET\n",__func__,__LINE__);
367 
368 		if (copyin((void *)dof, &hdr, sizeof (hdr)) != 0)
369 			return (EFAULT);
370 
371 		mutex_enter(&dtrace_lock);
372 		dof = dtrace_dof_create(state);
373 		mutex_exit(&dtrace_lock);
374 
375 		len = MIN(hdr.dofh_loadsz, dof->dofh_loadsz);
376 		rval = copyout(dof, (void *) *pdof, len);
377 		dtrace_dof_destroy(dof);
378 
379 		return (rval == 0 ? 0 : EFAULT);
380 	}
381 	case DTRACEIOC_ENABLE: {
382 		dof_hdr_t *dof = NULL;
383 		dtrace_enabling_t *enab = NULL;
384 		dtrace_vstate_t *vstate;
385 		int err = 0;
386 		int rval;
387 		dtrace_enable_io_t *p = (dtrace_enable_io_t *) addr;
388 
389 		DTRACE_IOCTL_PRINTF("%s(%d): DTRACEIOC_ENABLE\n",__func__,__LINE__);
390 
391 		/*
392 		 * If a NULL argument has been passed, we take this as our
393 		 * cue to reevaluate our enablings.
394 		 */
395 		if (p->dof == NULL) {
396 			dtrace_enabling_matchall();
397 
398 			return (0);
399 		}
400 
401 		if ((dof = dtrace_dof_copyin((uintptr_t) p->dof, &rval)) == NULL)
402 			return (EINVAL);
403 
404 		mutex_enter(&cpu_lock);
405 		mutex_enter(&dtrace_lock);
406 		vstate = &state->dts_vstate;
407 
408 		if (state->dts_activity != DTRACE_ACTIVITY_INACTIVE) {
409 			mutex_exit(&dtrace_lock);
410 			mutex_exit(&cpu_lock);
411 			dtrace_dof_destroy(dof);
412 			return (EBUSY);
413 		}
414 
415 		if (dtrace_dof_slurp(dof, vstate, td->td_ucred, &enab, 0, B_TRUE) != 0) {
416 			mutex_exit(&dtrace_lock);
417 			mutex_exit(&cpu_lock);
418 			dtrace_dof_destroy(dof);
419 			return (EINVAL);
420 		}
421 
422 		if ((rval = dtrace_dof_options(dof, state)) != 0) {
423 			dtrace_enabling_destroy(enab);
424 			mutex_exit(&dtrace_lock);
425 			mutex_exit(&cpu_lock);
426 			dtrace_dof_destroy(dof);
427 			return (rval);
428 		}
429 
430 		if ((err = dtrace_enabling_match(enab, &p->n_matched)) == 0) {
431 			err = dtrace_enabling_retain(enab);
432 		} else {
433 			dtrace_enabling_destroy(enab);
434 		}
435 
436 		mutex_exit(&cpu_lock);
437 		mutex_exit(&dtrace_lock);
438 		dtrace_dof_destroy(dof);
439 
440 		return (err);
441 	}
442 	case DTRACEIOC_EPROBE: {
443 		dtrace_eprobedesc_t **pepdesc = (dtrace_eprobedesc_t **) addr;
444 		dtrace_eprobedesc_t epdesc;
445 		dtrace_ecb_t *ecb;
446 		dtrace_action_t *act;
447 		void *buf;
448 		size_t size;
449 		uintptr_t dest;
450 		int nrecs;
451 
452 		DTRACE_IOCTL_PRINTF("%s(%d): DTRACEIOC_EPROBE\n",__func__,__LINE__);
453 
454 		if (copyin((void *)*pepdesc, &epdesc, sizeof (epdesc)) != 0)
455 			return (EFAULT);
456 
457 		mutex_enter(&dtrace_lock);
458 
459 		if ((ecb = dtrace_epid2ecb(state, epdesc.dtepd_epid)) == NULL) {
460 			mutex_exit(&dtrace_lock);
461 			return (EINVAL);
462 		}
463 
464 		if (ecb->dte_probe == NULL) {
465 			mutex_exit(&dtrace_lock);
466 			return (EINVAL);
467 		}
468 
469 		epdesc.dtepd_probeid = ecb->dte_probe->dtpr_id;
470 		epdesc.dtepd_uarg = ecb->dte_uarg;
471 		epdesc.dtepd_size = ecb->dte_size;
472 
473 		nrecs = epdesc.dtepd_nrecs;
474 		epdesc.dtepd_nrecs = 0;
475 		for (act = ecb->dte_action; act != NULL; act = act->dta_next) {
476 			if (DTRACEACT_ISAGG(act->dta_kind) || act->dta_intuple)
477 				continue;
478 
479 			epdesc.dtepd_nrecs++;
480 		}
481 
482 		/*
483 		 * Now that we have the size, we need to allocate a temporary
484 		 * buffer in which to store the complete description.  We need
485 		 * the temporary buffer to be able to drop dtrace_lock()
486 		 * across the copyout(), below.
487 		 */
488 		size = sizeof (dtrace_eprobedesc_t) +
489 		    (epdesc.dtepd_nrecs * sizeof (dtrace_recdesc_t));
490 
491 		buf = kmem_alloc(size, KM_SLEEP);
492 		dest = (uintptr_t)buf;
493 
494 		bcopy(&epdesc, (void *)dest, sizeof (epdesc));
495 		dest += offsetof(dtrace_eprobedesc_t, dtepd_rec[0]);
496 
497 		for (act = ecb->dte_action; act != NULL; act = act->dta_next) {
498 			if (DTRACEACT_ISAGG(act->dta_kind) || act->dta_intuple)
499 				continue;
500 
501 			if (nrecs-- == 0)
502 				break;
503 
504 			bcopy(&act->dta_rec, (void *)dest,
505 			    sizeof (dtrace_recdesc_t));
506 			dest += sizeof (dtrace_recdesc_t);
507 		}
508 
509 		mutex_exit(&dtrace_lock);
510 
511 		if (copyout(buf, (void *) *pepdesc, dest - (uintptr_t)buf) != 0) {
512 			kmem_free(buf, size);
513 			return (EFAULT);
514 		}
515 
516 		kmem_free(buf, size);
517 		return (0);
518 	}
519 	case DTRACEIOC_FORMAT: {
520 		dtrace_fmtdesc_t *fmt = (dtrace_fmtdesc_t *) addr;
521 		char *str;
522 		int len;
523 
524 		DTRACE_IOCTL_PRINTF("%s(%d): DTRACEIOC_FORMAT\n",__func__,__LINE__);
525 
526 		mutex_enter(&dtrace_lock);
527 
528 		if (fmt->dtfd_format == 0 ||
529 		    fmt->dtfd_format > state->dts_nformats) {
530 			mutex_exit(&dtrace_lock);
531 			return (EINVAL);
532 		}
533 
534 		/*
535 		 * Format strings are allocated contiguously and they are
536 		 * never freed; if a format index is less than the number
537 		 * of formats, we can assert that the format map is non-NULL
538 		 * and that the format for the specified index is non-NULL.
539 		 */
540 		ASSERT(state->dts_formats != NULL);
541 		str = state->dts_formats[fmt->dtfd_format - 1];
542 		ASSERT(str != NULL);
543 
544 		len = strlen(str) + 1;
545 
546 		if (len > fmt->dtfd_length) {
547 			fmt->dtfd_length = len;
548 		} else {
549 			if (copyout(str, fmt->dtfd_string, len) != 0) {
550 				mutex_exit(&dtrace_lock);
551 				return (EINVAL);
552 			}
553 		}
554 
555 		mutex_exit(&dtrace_lock);
556 		return (0);
557 	}
558 	case DTRACEIOC_GO: {
559 		int rval;
560 		processorid_t *cpuid = (processorid_t *) addr;
561 
562 		DTRACE_IOCTL_PRINTF("%s(%d): DTRACEIOC_GO\n",__func__,__LINE__);
563 
564 		rval = dtrace_state_go(state, cpuid);
565 
566 		return (rval);
567 	}
568 	case DTRACEIOC_PROBEARG: {
569 		dtrace_argdesc_t *desc = (dtrace_argdesc_t *) addr;
570 		dtrace_probe_t *probe;
571 		dtrace_provider_t *prov;
572 
573 		DTRACE_IOCTL_PRINTF("%s(%d): DTRACEIOC_PROBEARG\n",__func__,__LINE__);
574 
575 		if (desc->dtargd_id == DTRACE_IDNONE)
576 			return (EINVAL);
577 
578 		if (desc->dtargd_ndx == DTRACE_ARGNONE)
579 			return (EINVAL);
580 
581 		mutex_enter(&dtrace_provider_lock);
582 #ifdef illumos
583 		mutex_enter(&mod_lock);
584 #endif
585 		mutex_enter(&dtrace_lock);
586 
587 		if (desc->dtargd_id > dtrace_nprobes) {
588 			mutex_exit(&dtrace_lock);
589 #ifdef illumos
590 			mutex_exit(&mod_lock);
591 #endif
592 			mutex_exit(&dtrace_provider_lock);
593 			return (EINVAL);
594 		}
595 
596 		if ((probe = dtrace_probes[desc->dtargd_id - 1]) == NULL) {
597 			mutex_exit(&dtrace_lock);
598 #ifdef illumos
599 			mutex_exit(&mod_lock);
600 #endif
601 			mutex_exit(&dtrace_provider_lock);
602 			return (EINVAL);
603 		}
604 
605 		mutex_exit(&dtrace_lock);
606 
607 		prov = probe->dtpr_provider;
608 
609 		if (prov->dtpv_pops.dtps_getargdesc == NULL) {
610 			/*
611 			 * There isn't any typed information for this probe.
612 			 * Set the argument number to DTRACE_ARGNONE.
613 			 */
614 			desc->dtargd_ndx = DTRACE_ARGNONE;
615 		} else {
616 			desc->dtargd_native[0] = '\0';
617 			desc->dtargd_xlate[0] = '\0';
618 			desc->dtargd_mapping = desc->dtargd_ndx;
619 
620 			prov->dtpv_pops.dtps_getargdesc(prov->dtpv_arg,
621 			    probe->dtpr_id, probe->dtpr_arg, desc);
622 		}
623 
624 #ifdef illumos
625 		mutex_exit(&mod_lock);
626 #endif
627 		mutex_exit(&dtrace_provider_lock);
628 
629 		return (0);
630 	}
631 	case DTRACEIOC_PROBEMATCH:
632 	case DTRACEIOC_PROBES: {
633 		dtrace_probedesc_t *p_desc = (dtrace_probedesc_t *) addr;
634 		dtrace_probe_t *probe = NULL;
635 		dtrace_probekey_t pkey;
636 		dtrace_id_t i;
637 		int m = 0;
638 		uint32_t priv = 0;
639 		uid_t uid = 0;
640 		zoneid_t zoneid = 0;
641 
642 		DTRACE_IOCTL_PRINTF("%s(%d): %s\n",__func__,__LINE__,
643 		    cmd == DTRACEIOC_PROBEMATCH ?
644 		    "DTRACEIOC_PROBEMATCH":"DTRACEIOC_PROBES");
645 
646 		p_desc->dtpd_provider[DTRACE_PROVNAMELEN - 1] = '\0';
647 		p_desc->dtpd_mod[DTRACE_MODNAMELEN - 1] = '\0';
648 		p_desc->dtpd_func[DTRACE_FUNCNAMELEN - 1] = '\0';
649 		p_desc->dtpd_name[DTRACE_NAMELEN - 1] = '\0';
650 
651 		/*
652 		 * Before we attempt to match this probe, we want to give
653 		 * all providers the opportunity to provide it.
654 		 */
655 		if (p_desc->dtpd_id == DTRACE_IDNONE) {
656 			mutex_enter(&dtrace_provider_lock);
657 			dtrace_probe_provide(p_desc, NULL);
658 			mutex_exit(&dtrace_provider_lock);
659 			p_desc->dtpd_id++;
660 		}
661 
662 		if (cmd == DTRACEIOC_PROBEMATCH)  {
663 			dtrace_probekey(p_desc, &pkey);
664 			pkey.dtpk_id = DTRACE_IDNONE;
665 		}
666 
667 		dtrace_cred2priv(td->td_ucred, &priv, &uid, &zoneid);
668 
669 		mutex_enter(&dtrace_lock);
670 
671 		if (cmd == DTRACEIOC_PROBEMATCH) {
672 			for (i = p_desc->dtpd_id; i <= dtrace_nprobes; i++) {
673 				if ((probe = dtrace_probes[i - 1]) != NULL &&
674 				    (m = dtrace_match_probe(probe, &pkey,
675 				    priv, uid, zoneid)) != 0)
676 					break;
677 			}
678 
679 			if (m < 0) {
680 				mutex_exit(&dtrace_lock);
681 				return (EINVAL);
682 			}
683 
684 		} else {
685 			for (i = p_desc->dtpd_id; i <= dtrace_nprobes; i++) {
686 				if ((probe = dtrace_probes[i - 1]) != NULL &&
687 				    dtrace_match_priv(probe, priv, uid, zoneid))
688 					break;
689 			}
690 		}
691 
692 		if (probe == NULL) {
693 			mutex_exit(&dtrace_lock);
694 			return (ESRCH);
695 		}
696 
697 		dtrace_probe_description(probe, p_desc);
698 		mutex_exit(&dtrace_lock);
699 
700 		return (0);
701 	}
702 	case DTRACEIOC_PROVIDER: {
703 		dtrace_providerdesc_t *pvd = (dtrace_providerdesc_t *) addr;
704 		dtrace_provider_t *pvp;
705 
706 		DTRACE_IOCTL_PRINTF("%s(%d): DTRACEIOC_PROVIDER\n",__func__,__LINE__);
707 
708 		pvd->dtvd_name[DTRACE_PROVNAMELEN - 1] = '\0';
709 		mutex_enter(&dtrace_provider_lock);
710 
711 		for (pvp = dtrace_provider; pvp != NULL; pvp = pvp->dtpv_next) {
712 			if (strcmp(pvp->dtpv_name, pvd->dtvd_name) == 0)
713 				break;
714 		}
715 
716 		mutex_exit(&dtrace_provider_lock);
717 
718 		if (pvp == NULL)
719 			return (ESRCH);
720 
721 		bcopy(&pvp->dtpv_priv, &pvd->dtvd_priv, sizeof (dtrace_ppriv_t));
722 		bcopy(&pvp->dtpv_attr, &pvd->dtvd_attr, sizeof (dtrace_pattr_t));
723 
724 		return (0);
725 	}
726 	case DTRACEIOC_REPLICATE: {
727 		dtrace_repldesc_t *desc = (dtrace_repldesc_t *) addr;
728 		dtrace_probedesc_t *match = &desc->dtrpd_match;
729 		dtrace_probedesc_t *create = &desc->dtrpd_create;
730 		int err;
731 
732 		DTRACE_IOCTL_PRINTF("%s(%d): DTRACEIOC_REPLICATE\n",__func__,__LINE__);
733 
734 		match->dtpd_provider[DTRACE_PROVNAMELEN - 1] = '\0';
735 		match->dtpd_mod[DTRACE_MODNAMELEN - 1] = '\0';
736 		match->dtpd_func[DTRACE_FUNCNAMELEN - 1] = '\0';
737 		match->dtpd_name[DTRACE_NAMELEN - 1] = '\0';
738 
739 		create->dtpd_provider[DTRACE_PROVNAMELEN - 1] = '\0';
740 		create->dtpd_mod[DTRACE_MODNAMELEN - 1] = '\0';
741 		create->dtpd_func[DTRACE_FUNCNAMELEN - 1] = '\0';
742 		create->dtpd_name[DTRACE_NAMELEN - 1] = '\0';
743 
744 		mutex_enter(&dtrace_lock);
745 		err = dtrace_enabling_replicate(state, match, create);
746 		mutex_exit(&dtrace_lock);
747 
748 		return (err);
749 	}
750 	case DTRACEIOC_STATUS: {
751 		dtrace_status_t *stat = (dtrace_status_t *) addr;
752 		dtrace_dstate_t *dstate;
753 		int i, j;
754 		uint64_t nerrs;
755 
756 		DTRACE_IOCTL_PRINTF("%s(%d): DTRACEIOC_STATUS\n",__func__,__LINE__);
757 
758 		/*
759 		 * See the comment in dtrace_state_deadman() for the reason
760 		 * for setting dts_laststatus to INT64_MAX before setting
761 		 * it to the correct value.
762 		 */
763 		state->dts_laststatus = INT64_MAX;
764 		dtrace_membar_producer();
765 		state->dts_laststatus = dtrace_gethrtime();
766 
767 		bzero(stat, sizeof (*stat));
768 
769 		mutex_enter(&dtrace_lock);
770 
771 		if (state->dts_activity == DTRACE_ACTIVITY_INACTIVE) {
772 			mutex_exit(&dtrace_lock);
773 			return (ENOENT);
774 		}
775 
776 		if (state->dts_activity == DTRACE_ACTIVITY_DRAINING)
777 			stat->dtst_exiting = 1;
778 
779 		nerrs = state->dts_errors;
780 		dstate = &state->dts_vstate.dtvs_dynvars;
781 
782 		for (i = 0; i < NCPU; i++) {
783 #ifndef illumos
784 			if (pcpu_find(i) == NULL)
785 				continue;
786 #endif
787 			dtrace_dstate_percpu_t *dcpu = &dstate->dtds_percpu[i];
788 
789 			stat->dtst_dyndrops += dcpu->dtdsc_drops;
790 			stat->dtst_dyndrops_dirty += dcpu->dtdsc_dirty_drops;
791 			stat->dtst_dyndrops_rinsing += dcpu->dtdsc_rinsing_drops;
792 
793 			if (state->dts_buffer[i].dtb_flags & DTRACEBUF_FULL)
794 				stat->dtst_filled++;
795 
796 			nerrs += state->dts_buffer[i].dtb_errors;
797 
798 			for (j = 0; j < state->dts_nspeculations; j++) {
799 				dtrace_speculation_t *spec;
800 				dtrace_buffer_t *buf;
801 
802 				spec = &state->dts_speculations[j];
803 				buf = &spec->dtsp_buffer[i];
804 				stat->dtst_specdrops += buf->dtb_xamot_drops;
805 			}
806 		}
807 
808 		stat->dtst_specdrops_busy = state->dts_speculations_busy;
809 		stat->dtst_specdrops_unavail = state->dts_speculations_unavail;
810 		stat->dtst_stkstroverflows = state->dts_stkstroverflows;
811 		stat->dtst_dblerrors = state->dts_dblerrors;
812 		stat->dtst_killed =
813 		    (state->dts_activity == DTRACE_ACTIVITY_KILLED);
814 		stat->dtst_errors = nerrs;
815 
816 		mutex_exit(&dtrace_lock);
817 
818 		return (0);
819 	}
820 	case DTRACEIOC_STOP: {
821 		int rval;
822 		processorid_t *cpuid = (processorid_t *) addr;
823 
824 		DTRACE_IOCTL_PRINTF("%s(%d): DTRACEIOC_STOP\n",__func__,__LINE__);
825 
826 		mutex_enter(&dtrace_lock);
827 		rval = dtrace_state_stop(state, cpuid);
828 		mutex_exit(&dtrace_lock);
829 
830 		return (rval);
831 	}
832 	default:
833 		error = ENOTTY;
834 	}
835 	return (error);
836 }
837