1 /*- 2 * SPDX-License-Identifier: BSD-3-Clause 3 * 4 * Copyright (c) 1988, 1993 5 * The Regents of the University of California. All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. Neither the name of the University nor the names of its contributors 16 * may be used to endorse or promote products derived from this software 17 * without specific prior written permission. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29 * SUCH DAMAGE. 30 */ 31 32 #ifndef _SYS_KTRACE_H_ 33 #define _SYS_KTRACE_H_ 34 35 #include <sys/param.h> 36 #include <sys/caprights.h> 37 #include <sys/signal.h> 38 #include <sys/socket.h> 39 #include <sys/_uio.h> 40 41 /* 42 * operations to ktrace system call (KTROP(op)) 43 */ 44 #define KTROP_SET 0 /* set trace points */ 45 #define KTROP_CLEAR 1 /* clear trace points */ 46 #define KTROP_CLEARFILE 2 /* stop all tracing to file */ 47 #define KTROP(o) ((o)&3) /* macro to extract operation */ 48 /* 49 * flags (ORed in with operation) 50 */ 51 #define KTRFLAG_DESCEND 4 /* perform op on all children too */ 52 53 /* 54 * ktrace record header 55 */ 56 struct ktr_header_v0 { 57 int ktr_len; /* length of buf */ 58 short ktr_type; /* trace record type */ 59 pid_t ktr_pid; /* process id */ 60 char ktr_comm[MAXCOMLEN + 1];/* command name */ 61 struct timeval ktr_time; /* timestamp */ 62 long ktr_tid; /* thread id */ 63 }; 64 65 struct ktr_header { 66 int ktr_len; /* length of buf */ 67 short ktr_type; /* trace record type */ 68 short ktr_version; /* ktr_header version */ 69 pid_t ktr_pid; /* process id */ 70 char ktr_comm[MAXCOMLEN + 1];/* command name */ 71 struct timespec ktr_time; /* timestamp */ 72 /* XXX: make ktr_tid an lwpid_t on next ABI break */ 73 long ktr_tid; /* thread id */ 74 int ktr_cpu; /* cpu id */ 75 }; 76 77 #define KTR_VERSION0 0 78 #define KTR_VERSION1 1 79 #define KTR_OFFSET_V0 sizeof(struct ktr_header_v0) - \ 80 sizeof(struct ktr_header) 81 /* 82 * Test for kernel trace point (MP SAFE). 83 * 84 * KTRCHECK() just checks that the type is enabled and is only for 85 * internal use in the ktrace subsystem. KTRPOINT() checks against 86 * ktrace recursion as well as checking that the type is enabled and 87 * is the public interface. 88 */ 89 #define KTRCHECK(td, type) ((td)->td_proc->p_traceflag & (1 << type)) 90 #define KTRPOINT(td, type) (__predict_false(KTRCHECK((td), (type)))) 91 #define KTRCHECKDRAIN(td) (!(STAILQ_EMPTY(&(td)->td_proc->p_ktr))) 92 #define KTRUSERRET(td) do { \ 93 if (__predict_false(KTRCHECKDRAIN(td))) \ 94 ktruserret(td); \ 95 } while (0) 96 97 /* 98 * ktrace record types 99 */ 100 101 /* 102 * KTR_SYSCALL - system call record 103 */ 104 #define KTR_SYSCALL 1 105 struct ktr_syscall { 106 short ktr_code; /* syscall number */ 107 short ktr_narg; /* number of arguments */ 108 /* 109 * followed by ktr_narg register_t 110 */ 111 register_t ktr_args[1]; 112 }; 113 114 /* 115 * KTR_SYSRET - return from system call record 116 */ 117 #define KTR_SYSRET 2 118 struct ktr_sysret { 119 short ktr_code; 120 short ktr_eosys; 121 int ktr_error; 122 register_t ktr_retval; 123 }; 124 125 /* 126 * KTR_NAMEI - namei record 127 */ 128 #define KTR_NAMEI 3 129 /* record contains pathname */ 130 131 /* 132 * KTR_GENIO - trace generic process i/o 133 */ 134 #define KTR_GENIO 4 135 struct ktr_genio { 136 int ktr_fd; 137 enum uio_rw ktr_rw; 138 /* 139 * followed by data successfully read/written 140 */ 141 }; 142 143 /* 144 * KTR_PSIG - trace processed signal 145 */ 146 #define KTR_PSIG 5 147 struct ktr_psig { 148 int signo; 149 sig_t action; 150 int code; 151 sigset_t mask; 152 }; 153 154 /* 155 * KTR_CSW - trace context switches 156 */ 157 #define KTR_CSW 6 158 struct ktr_csw_old { 159 int out; /* 1 if switch out, 0 if switch in */ 160 int user; /* 1 if usermode (ivcsw), 0 if kernel (vcsw) */ 161 }; 162 163 struct ktr_csw { 164 int out; /* 1 if switch out, 0 if switch in */ 165 int user; /* 1 if usermode (ivcsw), 0 if kernel (vcsw) */ 166 char wmesg[8]; 167 }; 168 169 /* 170 * KTR_USER - data coming from userland 171 */ 172 #define KTR_USER_MAXLEN 2048 /* maximum length of passed data */ 173 #define KTR_USER 7 174 175 /* 176 * KTR_STRUCT - misc. structs 177 */ 178 #define KTR_STRUCT 8 179 /* 180 * record contains null-terminated struct name followed by 181 * struct contents 182 */ 183 struct sockaddr; 184 struct stat; 185 struct sysentvec; 186 187 /* 188 * KTR_SYSCTL - name of a sysctl MIB 189 */ 190 #define KTR_SYSCTL 9 191 /* record contains null-terminated MIB name */ 192 193 /* 194 * KTR_PROCCTOR - trace process creation (multiple ABI support) 195 */ 196 #define KTR_PROCCTOR 10 197 struct ktr_proc_ctor { 198 u_int sv_flags; /* struct sysentvec sv_flags copy */ 199 }; 200 201 /* 202 * KTR_PROCDTOR - trace process destruction (multiple ABI support) 203 */ 204 #define KTR_PROCDTOR 11 205 206 /* 207 * KTR_CAPFAIL - trace capability check failures 208 */ 209 #define KTR_CAPFAIL 12 210 enum ktr_cap_violation { 211 CAPFAIL_NOTCAPABLE, /* insufficient capabilities in cap_check() */ 212 CAPFAIL_INCREASE, /* attempt to increase rights on a capability */ 213 CAPFAIL_SYSCALL, /* disallowed system call */ 214 CAPFAIL_SIGNAL, /* sent signal to process other than self */ 215 CAPFAIL_PROTO, /* disallowed protocol */ 216 CAPFAIL_SOCKADDR, /* restricted address lookup */ 217 CAPFAIL_NAMEI, /* restricted namei lookup */ 218 CAPFAIL_CPUSET, /* restricted CPU set modification */ 219 }; 220 221 union ktr_cap_data { 222 cap_rights_t cap_rights[2]; 223 #define cap_needed cap_rights[0] 224 #define cap_held cap_rights[1] 225 int cap_int; 226 struct sockaddr cap_sockaddr; 227 char cap_path[MAXPATHLEN]; 228 }; 229 230 struct ktr_cap_fail { 231 enum ktr_cap_violation cap_type; 232 short cap_code; 233 u_int cap_svflags; 234 union ktr_cap_data cap_data; 235 }; 236 237 /* 238 * KTR_FAULT - page fault record 239 */ 240 #define KTR_FAULT 13 241 struct ktr_fault { 242 vm_offset_t vaddr; 243 int type; 244 }; 245 246 /* 247 * KTR_FAULTEND - end of page fault record 248 */ 249 #define KTR_FAULTEND 14 250 struct ktr_faultend { 251 int result; 252 }; 253 254 /* 255 * KTR_STRUCT_ARRAY - array of misc. structs 256 */ 257 #define KTR_STRUCT_ARRAY 15 258 struct ktr_struct_array { 259 size_t struct_size; 260 /* 261 * Followed by null-terminated structure name and then payload 262 * contents. 263 */ 264 }; 265 266 /* 267 * KTR_ARGS - arguments of execve() 268 */ 269 #define KTR_ARGS 16 270 271 /* 272 * KTR_ENVS - environment variables of execve() 273 */ 274 #define KTR_ENVS 17 275 276 /* 277 * KTR_DROP - If this bit is set in ktr_type, then at least one event 278 * between the previous record and this record was dropped. 279 */ 280 #define KTR_DROP 0x8000 281 /* 282 * KTR_VERSIONED - If this bit is set in ktr_type, then the kernel 283 * exposes the new struct ktr_header (versioned), otherwise the old 284 * struct ktr_header_v0 is exposed. 285 */ 286 #define KTR_VERSIONED 0x4000 287 #define KTR_TYPE (KTR_DROP | KTR_VERSIONED) 288 289 /* 290 * kernel trace points (in p_traceflag) 291 */ 292 #define KTRFAC_MASK 0x00ffffff 293 #define KTRFAC_SYSCALL (1<<KTR_SYSCALL) 294 #define KTRFAC_SYSRET (1<<KTR_SYSRET) 295 #define KTRFAC_NAMEI (1<<KTR_NAMEI) 296 #define KTRFAC_GENIO (1<<KTR_GENIO) 297 #define KTRFAC_PSIG (1<<KTR_PSIG) 298 #define KTRFAC_CSW (1<<KTR_CSW) 299 #define KTRFAC_USER (1<<KTR_USER) 300 #define KTRFAC_STRUCT (1<<KTR_STRUCT) 301 #define KTRFAC_SYSCTL (1<<KTR_SYSCTL) 302 #define KTRFAC_PROCCTOR (1<<KTR_PROCCTOR) 303 #define KTRFAC_PROCDTOR (1<<KTR_PROCDTOR) 304 #define KTRFAC_CAPFAIL (1<<KTR_CAPFAIL) 305 #define KTRFAC_FAULT (1<<KTR_FAULT) 306 #define KTRFAC_FAULTEND (1<<KTR_FAULTEND) 307 #define KTRFAC_STRUCT_ARRAY (1<<KTR_STRUCT_ARRAY) 308 #define KTRFAC_ARGS (1<<KTR_ARGS) 309 #define KTRFAC_ENVS (1<<KTR_ENVS) 310 311 /* 312 * trace flags (also in p_traceflags) 313 */ 314 #define KTRFAC_ROOT 0x80000000 /* root set this trace */ 315 #define KTRFAC_INHERIT 0x40000000 /* pass trace flags to children */ 316 #define KTRFAC_DROP 0x20000000 /* last event was dropped */ 317 318 #ifdef _KERNEL 319 struct ktr_io_params; 320 321 #ifdef KTRACE 322 struct vnode *ktr_get_tracevp(struct proc *, bool); 323 #else 324 static inline struct vnode * 325 ktr_get_tracevp(struct proc *p, bool ref) 326 { 327 328 return (NULL); 329 } 330 #endif 331 void ktr_io_params_free(struct ktr_io_params *); 332 void ktrnamei(const char *); 333 void ktrcsw(int, int, const char *); 334 void ktrpsig(int, sig_t, sigset_t *, int); 335 void ktrfault(vm_offset_t, int); 336 void ktrfaultend(int); 337 void ktrgenio(int, enum uio_rw, struct uio *, int); 338 void ktrsyscall(int, int narg, syscallarg_t args[]); 339 void ktrsysctl(int *name, u_int namelen); 340 void ktrsysret(int, int, register_t); 341 void ktrprocctor(struct proc *); 342 struct ktr_io_params *ktrprocexec(struct proc *); 343 void ktrprocexit(struct thread *); 344 void ktrprocfork(struct proc *, struct proc *); 345 void ktruserret(struct thread *); 346 void ktrstruct(const char *, const void *, size_t); 347 void ktrstruct_error(const char *, const void *, size_t, int); 348 void ktrstructarray(const char *, enum uio_seg, const void *, int, size_t); 349 void ktrcapfail(enum ktr_cap_violation, const void *); 350 void ktrdata(int, const void *, size_t); 351 #define ktrcaprights(s) \ 352 ktrstruct("caprights", (s), sizeof(cap_rights_t)) 353 #define ktritimerval(s) \ 354 ktrstruct("itimerval", (s), sizeof(struct itimerval)) 355 #define ktrsockaddr(s) \ 356 ktrstruct("sockaddr", (s), ((struct sockaddr *)(s))->sa_len) 357 #define ktrstat(s) \ 358 ktrstruct("stat", (s), sizeof(struct stat)) 359 #define ktrstat_error(s, error) \ 360 ktrstruct_error("stat", (s), sizeof(struct stat), error) 361 #define ktrcpuset(s, l) \ 362 ktrstruct("cpuset_t", (s), l) 363 #define ktrsplice(s) \ 364 ktrstruct("splice", (s), sizeof(struct splice)) 365 extern u_int ktr_geniosize; 366 #ifdef KTRACE 367 extern int ktr_filesize_limit_signal; 368 #define __ktrace_used 369 #else 370 #define ktr_filesize_limit_signal 0 371 #define __ktrace_used __unused 372 #endif 373 #else 374 375 #include <sys/cdefs.h> 376 377 __BEGIN_DECLS 378 int ktrace(const char *, int, int, pid_t); 379 int utrace(const void *, size_t); 380 __END_DECLS 381 382 #endif 383 384 #endif 385