1 /* 2 * Copyright (c) 1989, 1993 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. All advertising materials mentioning features or use of this software 14 * must display the following acknowledgement: 15 * This product includes software developed by the University of 16 * California, Berkeley and its contributors. 17 * 4. Neither the name of the University nor the names of its contributors 18 * may be used to endorse or promote products derived from this software 19 * without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 * 33 * @(#)kern_ktrace.c 8.2 (Berkeley) 9/23/93 34 * $FreeBSD$ 35 */ 36 37 #include "opt_ktrace.h" 38 #include "opt_mac.h" 39 40 #include <sys/param.h> 41 #include <sys/systm.h> 42 #include <sys/fcntl.h> 43 #include <sys/jail.h> 44 #include <sys/kernel.h> 45 #include <sys/kthread.h> 46 #include <sys/lock.h> 47 #include <sys/mutex.h> 48 #include <sys/mac.h> 49 #include <sys/malloc.h> 50 #include <sys/namei.h> 51 #include <sys/proc.h> 52 #include <sys/unistd.h> 53 #include <sys/vnode.h> 54 #include <sys/ktrace.h> 55 #include <sys/sema.h> 56 #include <sys/sx.h> 57 #include <sys/sysctl.h> 58 #include <sys/syslog.h> 59 #include <sys/sysproto.h> 60 61 static MALLOC_DEFINE(M_KTRACE, "KTRACE", "KTRACE"); 62 63 #ifdef KTRACE 64 65 #ifndef KTRACE_REQUEST_POOL 66 #define KTRACE_REQUEST_POOL 100 67 #endif 68 69 struct ktr_request { 70 struct ktr_header ktr_header; 71 struct ucred *ktr_cred; 72 struct vnode *ktr_vp; 73 union { 74 struct ktr_syscall ktr_syscall; 75 struct ktr_sysret ktr_sysret; 76 struct ktr_genio ktr_genio; 77 struct ktr_psig ktr_psig; 78 struct ktr_csw ktr_csw; 79 } ktr_data; 80 int ktr_synchronous; 81 STAILQ_ENTRY(ktr_request) ktr_list; 82 }; 83 84 static int data_lengths[] = { 85 0, /* none */ 86 offsetof(struct ktr_syscall, ktr_args), /* KTR_SYSCALL */ 87 sizeof(struct ktr_sysret), /* KTR_SYSRET */ 88 0, /* KTR_NAMEI */ 89 sizeof(struct ktr_genio), /* KTR_GENIO */ 90 sizeof(struct ktr_psig), /* KTR_PSIG */ 91 sizeof(struct ktr_csw), /* KTR_CSW */ 92 0 /* KTR_USER */ 93 }; 94 95 static STAILQ_HEAD(, ktr_request) ktr_todo; 96 static STAILQ_HEAD(, ktr_request) ktr_free; 97 98 static uint ktr_requestpool = KTRACE_REQUEST_POOL; 99 TUNABLE_INT("kern.ktrace_request_pool", &ktr_requestpool); 100 101 static int print_message = 1; 102 struct mtx ktrace_mtx; 103 static struct sema ktrace_sema; 104 105 static void ktrace_init(void *dummy); 106 static int sysctl_kern_ktrace_request_pool(SYSCTL_HANDLER_ARGS); 107 static uint ktrace_resize_pool(uint newsize); 108 static struct ktr_request *ktr_getrequest(int type); 109 static void ktr_submitrequest(struct ktr_request *req); 110 static void ktr_freerequest(struct ktr_request *req); 111 static void ktr_loop(void *dummy); 112 static void ktr_writerequest(struct ktr_request *req); 113 static int ktrcanset(struct thread *,struct proc *); 114 static int ktrsetchildren(struct thread *,struct proc *,int,int,struct vnode *); 115 static int ktrops(struct thread *,struct proc *,int,int,struct vnode *); 116 117 static void 118 ktrace_init(void *dummy) 119 { 120 struct ktr_request *req; 121 int i; 122 123 mtx_init(&ktrace_mtx, "ktrace", NULL, MTX_DEF | MTX_QUIET); 124 sema_init(&ktrace_sema, 0, "ktrace"); 125 STAILQ_INIT(&ktr_todo); 126 STAILQ_INIT(&ktr_free); 127 for (i = 0; i < ktr_requestpool; i++) { 128 req = malloc(sizeof(struct ktr_request), M_KTRACE, M_WAITOK); 129 STAILQ_INSERT_HEAD(&ktr_free, req, ktr_list); 130 } 131 kthread_create(ktr_loop, NULL, NULL, RFHIGHPID, "ktrace"); 132 } 133 SYSINIT(ktrace_init, SI_SUB_KTRACE, SI_ORDER_ANY, ktrace_init, NULL); 134 135 static int 136 sysctl_kern_ktrace_request_pool(SYSCTL_HANDLER_ARGS) 137 { 138 struct thread *td; 139 uint newsize, oldsize, wantsize; 140 int error; 141 142 /* Handle easy read-only case first to avoid warnings from GCC. */ 143 if (!req->newptr) { 144 mtx_lock(&ktrace_mtx); 145 oldsize = ktr_requestpool; 146 mtx_unlock(&ktrace_mtx); 147 return (SYSCTL_OUT(req, &oldsize, sizeof(uint))); 148 } 149 150 error = SYSCTL_IN(req, &wantsize, sizeof(uint)); 151 if (error) 152 return (error); 153 td = curthread; 154 td->td_inktrace = 1; 155 mtx_lock(&ktrace_mtx); 156 oldsize = ktr_requestpool; 157 newsize = ktrace_resize_pool(wantsize); 158 mtx_unlock(&ktrace_mtx); 159 td->td_inktrace = 0; 160 error = SYSCTL_OUT(req, &oldsize, sizeof(uint)); 161 if (error) 162 return (error); 163 if (newsize != wantsize) 164 return (ENOSPC); 165 return (0); 166 } 167 SYSCTL_PROC(_kern, OID_AUTO, ktrace_request_pool, CTLTYPE_UINT|CTLFLAG_RW, 168 &ktr_requestpool, 0, sysctl_kern_ktrace_request_pool, "IU", ""); 169 170 static uint 171 ktrace_resize_pool(uint newsize) 172 { 173 struct ktr_request *req; 174 175 mtx_assert(&ktrace_mtx, MA_OWNED); 176 print_message = 1; 177 if (newsize == ktr_requestpool) 178 return (newsize); 179 if (newsize < ktr_requestpool) 180 /* Shrink pool down to newsize if possible. */ 181 while (ktr_requestpool > newsize) { 182 req = STAILQ_FIRST(&ktr_free); 183 if (req == NULL) 184 return (ktr_requestpool); 185 STAILQ_REMOVE_HEAD(&ktr_free, ktr_list); 186 ktr_requestpool--; 187 mtx_unlock(&ktrace_mtx); 188 free(req, M_KTRACE); 189 mtx_lock(&ktrace_mtx); 190 } 191 else 192 /* Grow pool up to newsize. */ 193 while (ktr_requestpool < newsize) { 194 mtx_unlock(&ktrace_mtx); 195 req = malloc(sizeof(struct ktr_request), M_KTRACE, 196 M_WAITOK); 197 mtx_lock(&ktrace_mtx); 198 STAILQ_INSERT_HEAD(&ktr_free, req, ktr_list); 199 ktr_requestpool++; 200 } 201 return (ktr_requestpool); 202 } 203 204 static struct ktr_request * 205 ktr_getrequest(int type) 206 { 207 struct ktr_request *req; 208 struct thread *td = curthread; 209 struct proc *p = td->td_proc; 210 int pm; 211 212 td->td_inktrace = 1; 213 mtx_lock(&ktrace_mtx); 214 if (!KTRCHECK(td, type)) { 215 mtx_unlock(&ktrace_mtx); 216 td->td_inktrace = 0; 217 return (NULL); 218 } 219 req = STAILQ_FIRST(&ktr_free); 220 if (req != NULL) { 221 STAILQ_REMOVE_HEAD(&ktr_free, ktr_list); 222 req->ktr_header.ktr_type = type; 223 KASSERT(p->p_tracep != NULL, ("ktrace: no trace vnode")); 224 req->ktr_vp = p->p_tracep; 225 VREF(p->p_tracep); 226 mtx_unlock(&ktrace_mtx); 227 microtime(&req->ktr_header.ktr_time); 228 req->ktr_header.ktr_pid = p->p_pid; 229 bcopy(p->p_comm, req->ktr_header.ktr_comm, MAXCOMLEN + 1); 230 req->ktr_cred = crhold(td->td_ucred); 231 req->ktr_header.ktr_buffer = NULL; 232 req->ktr_header.ktr_len = 0; 233 req->ktr_synchronous = 0; 234 } else { 235 pm = print_message; 236 print_message = 0; 237 mtx_unlock(&ktrace_mtx); 238 if (pm) 239 printf("Out of ktrace request objects.\n"); 240 td->td_inktrace = 0; 241 } 242 return (req); 243 } 244 245 static void 246 ktr_submitrequest(struct ktr_request *req) 247 { 248 249 mtx_lock(&ktrace_mtx); 250 STAILQ_INSERT_TAIL(&ktr_todo, req, ktr_list); 251 sema_post(&ktrace_sema); 252 if (req->ktr_synchronous) { 253 /* 254 * For a synchronous request, we wait for the ktrace thread 255 * to get to our item in the todo list and wake us up. Then 256 * we write the request out ourselves and wake the ktrace 257 * thread back up. 258 */ 259 msleep(req, &ktrace_mtx, curthread->td_priority, "ktrsync", 0); 260 mtx_unlock(&ktrace_mtx); 261 ktr_writerequest(req); 262 mtx_lock(&ktrace_mtx); 263 wakeup(req); 264 } 265 mtx_unlock(&ktrace_mtx); 266 curthread->td_inktrace = 0; 267 } 268 269 static void 270 ktr_freerequest(struct ktr_request *req) 271 { 272 273 crfree(req->ktr_cred); 274 if (req->ktr_vp != NULL) { 275 mtx_lock(&Giant); 276 vrele(req->ktr_vp); 277 mtx_unlock(&Giant); 278 } 279 mtx_lock(&ktrace_mtx); 280 STAILQ_INSERT_HEAD(&ktr_free, req, ktr_list); 281 mtx_unlock(&ktrace_mtx); 282 } 283 284 static void 285 ktr_loop(void *dummy) 286 { 287 struct ktr_request *req; 288 struct thread *td; 289 struct ucred *cred; 290 291 /* Only cache these values once. */ 292 td = curthread; 293 cred = td->td_ucred; 294 for (;;) { 295 sema_wait(&ktrace_sema); 296 mtx_lock(&ktrace_mtx); 297 req = STAILQ_FIRST(&ktr_todo); 298 STAILQ_REMOVE_HEAD(&ktr_todo, ktr_list); 299 KASSERT(req != NULL, ("got a NULL request")); 300 if (req->ktr_synchronous) { 301 wakeup(req); 302 msleep(req, &ktrace_mtx, curthread->td_priority, 303 "ktrwait", 0); 304 mtx_unlock(&ktrace_mtx); 305 } else { 306 mtx_unlock(&ktrace_mtx); 307 /* 308 * It is not enough just to pass the cached cred 309 * to the VOP's in ktr_writerequest(). Some VFS 310 * operations use curthread->td_ucred, so we need 311 * to modify our thread's credentials as well. 312 * Evil. 313 */ 314 td->td_ucred = req->ktr_cred; 315 ktr_writerequest(req); 316 td->td_ucred = cred; 317 } 318 ktr_freerequest(req); 319 } 320 } 321 322 /* 323 * MPSAFE 324 */ 325 void 326 ktrsyscall(code, narg, args) 327 int code, narg; 328 register_t args[]; 329 { 330 struct ktr_request *req; 331 struct ktr_syscall *ktp; 332 size_t buflen; 333 334 req = ktr_getrequest(KTR_SYSCALL); 335 if (req == NULL) 336 return; 337 ktp = &req->ktr_data.ktr_syscall; 338 ktp->ktr_code = code; 339 ktp->ktr_narg = narg; 340 buflen = sizeof(register_t) * narg; 341 if (buflen > 0) { 342 req->ktr_header.ktr_buffer = malloc(buflen, M_KTRACE, M_WAITOK); 343 bcopy(args, req->ktr_header.ktr_buffer, buflen); 344 req->ktr_header.ktr_len = buflen; 345 } 346 ktr_submitrequest(req); 347 } 348 349 /* 350 * MPSAFE 351 */ 352 void 353 ktrsysret(code, error, retval) 354 int code, error; 355 register_t retval; 356 { 357 struct ktr_request *req; 358 struct ktr_sysret *ktp; 359 360 req = ktr_getrequest(KTR_SYSRET); 361 if (req == NULL) 362 return; 363 ktp = &req->ktr_data.ktr_sysret; 364 ktp->ktr_code = code; 365 ktp->ktr_error = error; 366 ktp->ktr_retval = retval; /* what about val2 ? */ 367 ktr_submitrequest(req); 368 } 369 370 void 371 ktrnamei(path) 372 char *path; 373 { 374 struct ktr_request *req; 375 int namelen; 376 377 req = ktr_getrequest(KTR_NAMEI); 378 if (req == NULL) 379 return; 380 namelen = strlen(path); 381 if (namelen > 0) { 382 req->ktr_header.ktr_len = namelen; 383 req->ktr_header.ktr_buffer = malloc(namelen, M_KTRACE, 384 M_WAITOK); 385 bcopy(path, req->ktr_header.ktr_buffer, namelen); 386 } 387 ktr_submitrequest(req); 388 } 389 390 /* 391 * Since the uio may not stay valid, we can not hand off this request to 392 * the thread and need to process it synchronously. However, we wish to 393 * keep the relative order of records in a trace file correct, so we 394 * do put this request on the queue (if it isn't empty) and then block. 395 * The ktrace thread waks us back up when it is time for this event to 396 * be posted and blocks until we have completed writing out the event 397 * and woken it back up. 398 */ 399 void 400 ktrgenio(fd, rw, uio, error) 401 int fd; 402 enum uio_rw rw; 403 struct uio *uio; 404 int error; 405 { 406 struct ktr_request *req; 407 struct ktr_genio *ktg; 408 409 if (error) 410 return; 411 req = ktr_getrequest(KTR_GENIO); 412 if (req == NULL) 413 return; 414 ktg = &req->ktr_data.ktr_genio; 415 ktg->ktr_fd = fd; 416 ktg->ktr_rw = rw; 417 req->ktr_header.ktr_buffer = uio; 418 uio->uio_offset = 0; 419 uio->uio_rw = UIO_WRITE; 420 req->ktr_synchronous = 1; 421 ktr_submitrequest(req); 422 } 423 424 void 425 ktrpsig(sig, action, mask, code) 426 int sig; 427 sig_t action; 428 sigset_t *mask; 429 int code; 430 { 431 struct ktr_request *req; 432 struct ktr_psig *kp; 433 434 req = ktr_getrequest(KTR_PSIG); 435 if (req == NULL) 436 return; 437 kp = &req->ktr_data.ktr_psig; 438 kp->signo = (char)sig; 439 kp->action = action; 440 kp->mask = *mask; 441 kp->code = code; 442 ktr_submitrequest(req); 443 } 444 445 void 446 ktrcsw(out, user) 447 int out, user; 448 { 449 struct ktr_request *req; 450 struct ktr_csw *kc; 451 452 req = ktr_getrequest(KTR_CSW); 453 if (req == NULL) 454 return; 455 kc = &req->ktr_data.ktr_csw; 456 kc->out = out; 457 kc->user = user; 458 ktr_submitrequest(req); 459 } 460 #endif 461 462 /* Interface and common routines */ 463 464 /* 465 * ktrace system call 466 */ 467 #ifndef _SYS_SYSPROTO_H_ 468 struct ktrace_args { 469 char *fname; 470 int ops; 471 int facs; 472 int pid; 473 }; 474 #endif 475 /* ARGSUSED */ 476 int 477 ktrace(td, uap) 478 struct thread *td; 479 register struct ktrace_args *uap; 480 { 481 #ifdef KTRACE 482 register struct vnode *vp = NULL; 483 register struct proc *p; 484 struct pgrp *pg; 485 int facs = uap->facs & ~KTRFAC_ROOT; 486 int ops = KTROP(uap->ops); 487 int descend = uap->ops & KTRFLAG_DESCEND; 488 int ret = 0; 489 int flags, error = 0; 490 struct nameidata nd; 491 492 td->td_inktrace = 1; 493 if (ops != KTROP_CLEAR) { 494 /* 495 * an operation which requires a file argument. 496 */ 497 NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_USERSPACE, uap->fname, td); 498 flags = FREAD | FWRITE | O_NOFOLLOW; 499 error = vn_open(&nd, &flags, 0); 500 if (error) { 501 td->td_inktrace = 0; 502 return (error); 503 } 504 NDFREE(&nd, NDF_ONLY_PNBUF); 505 vp = nd.ni_vp; 506 VOP_UNLOCK(vp, 0, td); 507 if (vp->v_type != VREG) { 508 (void) vn_close(vp, FREAD|FWRITE, td->td_ucred, td); 509 td->td_inktrace = 0; 510 return (EACCES); 511 } 512 } 513 /* 514 * Clear all uses of the tracefile. 515 */ 516 if (ops == KTROP_CLEARFILE) { 517 sx_slock(&allproc_lock); 518 LIST_FOREACH(p, &allproc, p_list) { 519 PROC_LOCK(p); 520 if (p->p_tracep == vp) { 521 if (ktrcanset(td, p)) { 522 mtx_lock(&ktrace_mtx); 523 p->p_tracep = NULL; 524 p->p_traceflag = 0; 525 mtx_unlock(&ktrace_mtx); 526 PROC_UNLOCK(p); 527 (void) vn_close(vp, FREAD|FWRITE, 528 td->td_ucred, td); 529 } else { 530 PROC_UNLOCK(p); 531 error = EPERM; 532 } 533 } else 534 PROC_UNLOCK(p); 535 } 536 sx_sunlock(&allproc_lock); 537 goto done; 538 } 539 /* 540 * need something to (un)trace (XXX - why is this here?) 541 */ 542 if (!facs) { 543 error = EINVAL; 544 goto done; 545 } 546 /* 547 * do it 548 */ 549 if (uap->pid < 0) { 550 /* 551 * by process group 552 */ 553 sx_slock(&proctree_lock); 554 pg = pgfind(-uap->pid); 555 if (pg == NULL) { 556 sx_sunlock(&proctree_lock); 557 error = ESRCH; 558 goto done; 559 } 560 /* 561 * ktrops() may call vrele(). Lock pg_members 562 * by the proctree_lock rather than pg_mtx. 563 */ 564 PGRP_UNLOCK(pg); 565 LIST_FOREACH(p, &pg->pg_members, p_pglist) 566 if (descend) 567 ret |= ktrsetchildren(td, p, ops, facs, vp); 568 else 569 ret |= ktrops(td, p, ops, facs, vp); 570 sx_sunlock(&proctree_lock); 571 } else { 572 /* 573 * by pid 574 */ 575 p = pfind(uap->pid); 576 if (p == NULL) { 577 error = ESRCH; 578 goto done; 579 } 580 PROC_UNLOCK(p); 581 /* XXX: UNLOCK above has a race */ 582 if (descend) 583 ret |= ktrsetchildren(td, p, ops, facs, vp); 584 else 585 ret |= ktrops(td, p, ops, facs, vp); 586 } 587 if (!ret) 588 error = EPERM; 589 done: 590 if (vp != NULL) 591 (void) vn_close(vp, FWRITE, td->td_ucred, td); 592 td->td_inktrace = 0; 593 return (error); 594 #else 595 return ENOSYS; 596 #endif 597 } 598 599 /* 600 * utrace system call 601 */ 602 /* ARGSUSED */ 603 int 604 utrace(td, uap) 605 struct thread *td; 606 register struct utrace_args *uap; 607 { 608 609 #ifdef KTRACE 610 struct ktr_request *req; 611 void *cp; 612 613 if (uap->len > KTR_USER_MAXLEN) 614 return (EINVAL); 615 req = ktr_getrequest(KTR_USER); 616 if (req == NULL) 617 return (0); 618 cp = malloc(uap->len, M_KTRACE, M_WAITOK); 619 if (!copyin(uap->addr, cp, uap->len)) { 620 req->ktr_header.ktr_buffer = cp; 621 req->ktr_header.ktr_len = uap->len; 622 ktr_submitrequest(req); 623 } else { 624 ktr_freerequest(req); 625 td->td_inktrace = 0; 626 } 627 return (0); 628 #else 629 return (ENOSYS); 630 #endif 631 } 632 633 #ifdef KTRACE 634 static int 635 ktrops(td, p, ops, facs, vp) 636 struct thread *td; 637 struct proc *p; 638 int ops, facs; 639 struct vnode *vp; 640 { 641 struct vnode *tracevp = NULL; 642 643 PROC_LOCK(p); 644 if (!ktrcanset(td, p)) { 645 PROC_UNLOCK(p); 646 return (0); 647 } 648 mtx_lock(&ktrace_mtx); 649 if (ops == KTROP_SET) { 650 if (p->p_tracep != vp) { 651 /* 652 * if trace file already in use, relinquish below 653 */ 654 tracevp = p->p_tracep; 655 VREF(vp); 656 p->p_tracep = vp; 657 } 658 p->p_traceflag |= facs; 659 if (td->td_ucred->cr_uid == 0) 660 p->p_traceflag |= KTRFAC_ROOT; 661 } else { 662 /* KTROP_CLEAR */ 663 if (((p->p_traceflag &= ~facs) & KTRFAC_MASK) == 0) { 664 /* no more tracing */ 665 p->p_traceflag = 0; 666 tracevp = p->p_tracep; 667 p->p_tracep = NULL; 668 } 669 } 670 mtx_unlock(&ktrace_mtx); 671 PROC_UNLOCK(p); 672 if (tracevp != NULL) 673 vrele(tracevp); 674 675 return (1); 676 } 677 678 static int 679 ktrsetchildren(td, top, ops, facs, vp) 680 struct thread *td; 681 struct proc *top; 682 int ops, facs; 683 struct vnode *vp; 684 { 685 register struct proc *p; 686 register int ret = 0; 687 688 p = top; 689 sx_slock(&proctree_lock); 690 for (;;) { 691 ret |= ktrops(td, p, ops, facs, vp); 692 /* 693 * If this process has children, descend to them next, 694 * otherwise do any siblings, and if done with this level, 695 * follow back up the tree (but not past top). 696 */ 697 if (!LIST_EMPTY(&p->p_children)) 698 p = LIST_FIRST(&p->p_children); 699 else for (;;) { 700 if (p == top) { 701 sx_sunlock(&proctree_lock); 702 return (ret); 703 } 704 if (LIST_NEXT(p, p_sibling)) { 705 p = LIST_NEXT(p, p_sibling); 706 break; 707 } 708 p = p->p_pptr; 709 } 710 } 711 /*NOTREACHED*/ 712 } 713 714 static void 715 ktr_writerequest(struct ktr_request *req) 716 { 717 struct ktr_header *kth; 718 struct vnode *vp; 719 struct uio *uio = NULL; 720 struct proc *p; 721 struct thread *td; 722 struct ucred *cred; 723 struct uio auio; 724 struct iovec aiov[3]; 725 struct mount *mp; 726 int datalen, buflen, vrele_count; 727 int error; 728 729 vp = req->ktr_vp; 730 /* 731 * If vp is NULL, the vp has been cleared out from under this 732 * request, so just drop it. 733 */ 734 if (vp == NULL) 735 return; 736 kth = &req->ktr_header; 737 datalen = data_lengths[kth->ktr_type]; 738 buflen = kth->ktr_len; 739 cred = req->ktr_cred; 740 td = curthread; 741 auio.uio_iov = &aiov[0]; 742 auio.uio_offset = 0; 743 auio.uio_segflg = UIO_SYSSPACE; 744 auio.uio_rw = UIO_WRITE; 745 aiov[0].iov_base = (caddr_t)kth; 746 aiov[0].iov_len = sizeof(struct ktr_header); 747 auio.uio_resid = sizeof(struct ktr_header); 748 auio.uio_iovcnt = 1; 749 auio.uio_td = td; 750 if (datalen != 0) { 751 aiov[1].iov_base = (caddr_t)&req->ktr_data; 752 aiov[1].iov_len = datalen; 753 auio.uio_resid += datalen; 754 auio.uio_iovcnt++; 755 kth->ktr_len += datalen; 756 } 757 if (buflen != 0) { 758 KASSERT(kth->ktr_buffer != NULL, ("ktrace: nothing to write")); 759 aiov[auio.uio_iovcnt].iov_base = kth->ktr_buffer; 760 aiov[auio.uio_iovcnt].iov_len = buflen; 761 auio.uio_resid += buflen; 762 auio.uio_iovcnt++; 763 } else 764 uio = kth->ktr_buffer; 765 KASSERT((uio == NULL) ^ (kth->ktr_type == KTR_GENIO), 766 ("ktrace: uio and genio mismatch")); 767 if (uio != NULL) 768 kth->ktr_len += uio->uio_resid; 769 mtx_lock(&Giant); 770 vn_start_write(vp, &mp, V_WAIT); 771 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); 772 (void)VOP_LEASE(vp, td, cred, LEASE_WRITE); 773 #ifdef MAC 774 error = mac_check_vnode_write(cred, NOCRED, vp); 775 if (error == 0) 776 #endif 777 error = VOP_WRITE(vp, &auio, IO_UNIT | IO_APPEND, cred); 778 if (error == 0 && uio != NULL) { 779 (void)VOP_LEASE(vp, td, cred, LEASE_WRITE); 780 error = VOP_WRITE(vp, uio, IO_UNIT | IO_APPEND, cred); 781 } 782 VOP_UNLOCK(vp, 0, td); 783 vn_finished_write(mp); 784 mtx_unlock(&Giant); 785 if (buflen != 0) 786 free(kth->ktr_buffer, M_KTRACE); 787 if (!error) 788 return; 789 /* 790 * If error encountered, give up tracing on this vnode. We defer 791 * all the vrele()'s on the vnode until after we are finished walking 792 * the various lists to avoid needlessly holding locks. 793 */ 794 log(LOG_NOTICE, "ktrace write failed, errno %d, tracing stopped\n", 795 error); 796 vrele_count = 0; 797 /* 798 * First, clear this vnode from being used by any processes in the 799 * system. 800 * XXX - If one process gets an EPERM writing to the vnode, should 801 * we really do this? Other processes might have suitable 802 * credentials for the operation. 803 */ 804 sx_slock(&allproc_lock); 805 LIST_FOREACH(p, &allproc, p_list) { 806 PROC_LOCK(p); 807 if (p->p_tracep == vp) { 808 mtx_lock(&ktrace_mtx); 809 p->p_tracep = NULL; 810 p->p_traceflag = 0; 811 mtx_unlock(&ktrace_mtx); 812 vrele_count++; 813 } 814 PROC_UNLOCK(p); 815 } 816 sx_sunlock(&allproc_lock); 817 /* 818 * Second, clear this vnode from any pending requests. 819 */ 820 mtx_lock(&ktrace_mtx); 821 STAILQ_FOREACH(req, &ktr_todo, ktr_list) { 822 if (req->ktr_vp == vp) { 823 req->ktr_vp = NULL; 824 vrele_count++; 825 } 826 } 827 mtx_unlock(&ktrace_mtx); 828 mtx_lock(&Giant); 829 while (vrele_count-- > 0) 830 vrele(vp); 831 mtx_unlock(&Giant); 832 } 833 834 /* 835 * Return true if caller has permission to set the ktracing state 836 * of target. Essentially, the target can't possess any 837 * more permissions than the caller. KTRFAC_ROOT signifies that 838 * root previously set the tracing status on the target process, and 839 * so, only root may further change it. 840 */ 841 static int 842 ktrcanset(td, targetp) 843 struct thread *td; 844 struct proc *targetp; 845 { 846 847 PROC_LOCK_ASSERT(targetp, MA_OWNED); 848 if (targetp->p_traceflag & KTRFAC_ROOT && 849 suser_cred(td->td_ucred, PRISON_ROOT)) 850 return (0); 851 852 if (p_candebug(td, targetp) != 0) 853 return (0); 854 855 return (1); 856 } 857 858 #endif /* KTRACE */ 859