sys/kern/kern_ktrace.c

36359Smarc/*
36359Smarc * Copyright (c) 1989 The Regents of the University of California.
36359Smarc * All rights reserved.
36359Smarc *
36359Smarc * Redistribution and use in source and binary forms are permitted
36359Smarc * provided that the above copyright notice and this paragraph are
36359Smarc * duplicated in all such forms and that any documentation,
36359Smarc * advertising materials, and other materials related to such
36359Smarc * distribution and use acknowledge that the software was developed
36359Smarc * by the University of California, Berkeley.  The name of the
36359Smarc * University may not be used to endorse or promote products derived
36359Smarc * from this software without specific prior written permission.
36359Smarc * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
36359Smarc * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
36359Smarc * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
36359Smarc *
*43444Smckusick *	@(#)kern_ktrace.c	7.6 (Berkeley) 06/22/90
36359Smarc */
36359Smarc
36359Smarc#ifdef KTRACE
36359Smarc
36359Smarc#include "param.h"
*43444Smckusick#include "syscontext.h"
36359Smarc#include "proc.h"
37728Smckusick#include "file.h"
37728Smckusick#include "vnode.h"
36359Smarc#include "ktrace.h"
36359Smarc#include "malloc.h"
36359Smarc
37593Smarc#include "syscalls.c"
36359Smarc
36359Smarcextern int nsysent;
36359Smarcextern char *syscallnames[];
36359Smarc
37593Smarcint ktrace_nocheck = 1;
37593Smarc
36359Smarcstruct ktr_header *
36359Smarcktrgetheader(type)
36359Smarc{
36359Smarc	register struct ktr_header *kth;
36359Smarc
36359Smarc	MALLOC(kth, struct ktr_header *, sizeof (struct ktr_header),
36359Smarc		M_TEMP, M_WAITOK);
36359Smarc	kth->ktr_type = type;
37593Smarc	microtime(&kth->ktr_time);
36359Smarc	kth->ktr_pid = u.u_procp->p_pid;
40805Smarc	bcopy(u.u_procp->p_comm, kth->ktr_comm, MAXCOMLEN);
36359Smarc	return (kth);
36359Smarc}
36359Smarc
*43444Smckusickktrsyscall(vp, code, narg, args)
37728Smckusick	struct vnode *vp;
*43444Smckusick	int code, narg, args[];
36359Smarc{
36359Smarc	struct	ktr_header *kth = ktrgetheader(KTR_SYSCALL);
36359Smarc	struct	ktr_syscall *ktp;
36359Smarc	register len = sizeof(struct ktr_syscall) + (narg * sizeof(int));
36359Smarc	int 	*argp, i;
36359Smarc
37593Smarc	if (kth == NULL)
36359Smarc		return;
36359Smarc	MALLOC(ktp, struct ktr_syscall *, len, M_TEMP, M_WAITOK);
36359Smarc	ktp->ktr_code = code;
36359Smarc	ktp->ktr_narg = narg;
36359Smarc	argp = (int *)((char *)ktp + sizeof(struct ktr_syscall));
36359Smarc	for (i = 0; i < narg; i++)
*43444Smckusick		*argp++ = args[i];
36359Smarc	kth->ktr_buf = (caddr_t)ktp;
36359Smarc	kth->ktr_len = len;
37728Smckusick	ktrwrite(vp, kth);
36359Smarc	FREE(ktp, M_TEMP);
36359Smarc	FREE(kth, M_TEMP);
36359Smarc}
36359Smarc
*43444Smckusickktrsysret(vp, code, error, retval)
37728Smckusick	struct vnode *vp;
*43444Smckusick	int code, error, retval;
36359Smarc{
36359Smarc	struct ktr_header *kth = ktrgetheader(KTR_SYSRET);
40805Smarc	struct ktr_sysret ktp;
36359Smarc
37593Smarc	if (kth == NULL)
36359Smarc		return;
40805Smarc	ktp.ktr_code = code;
*43444Smckusick	ktp.ktr_error = error;
*43444Smckusick	ktp.ktr_retval = retval;		/* what about val2 ? */
36359Smarc
40805Smarc	kth->ktr_buf = (caddr_t)&ktp;
36359Smarc	kth->ktr_len = sizeof(struct ktr_sysret);
36359Smarc
37728Smckusick	ktrwrite(vp, kth);
36359Smarc	FREE(kth, M_TEMP);
36359Smarc}
36359Smarc
37728Smckusickktrnamei(vp, path)
37728Smckusick	struct vnode *vp;
36359Smarc	char *path;
36359Smarc{
36359Smarc	struct ktr_header *kth = ktrgetheader(KTR_NAMEI);
36359Smarc
37593Smarc	if (kth == NULL)
36359Smarc		return;
36359Smarc	kth->ktr_len = strlen(path);
36359Smarc	kth->ktr_buf = path;
36359Smarc
37728Smckusick	ktrwrite(vp, kth);
36359Smarc	FREE(kth, M_TEMP);
36359Smarc}
36359Smarc
*43444Smckusickktrgenio(vp, fd, rw, iov, len, error)
37728Smckusick	struct vnode *vp;
*43444Smckusick	int fd;
37593Smarc	enum uio_rw rw;
37593Smarc	register struct iovec *iov;
37593Smarc{
37593Smarc	struct ktr_header *kth = ktrgetheader(KTR_GENIO);
37593Smarc	register struct ktr_genio *ktp;
37593Smarc	register caddr_t cp;
37593Smarc	register int resid = len, cnt;
37593Smarc
*43444Smckusick	if (kth == NULL || error)
37593Smarc		return;
37593Smarc	MALLOC(ktp, struct ktr_genio *, sizeof(struct ktr_genio) + len,
37593Smarc		M_TEMP, M_WAITOK);
37593Smarc	ktp->ktr_fd = fd;
37593Smarc	ktp->ktr_rw = rw;
37593Smarc	cp = (caddr_t)((char *)ktp + sizeof (struct ktr_genio));
37593Smarc	while (resid > 0) {
37593Smarc		if ((cnt = iov->iov_len) > resid)
37593Smarc			cnt = resid;
41573Smckusick		if (copyin(iov->iov_base, cp, (unsigned)cnt))
37593Smarc			goto done;
37593Smarc		cp += cnt;
37593Smarc		resid -= cnt;
37593Smarc		iov++;
37593Smarc	}
37593Smarc	kth->ktr_buf = (caddr_t)ktp;
37593Smarc	kth->ktr_len = sizeof (struct ktr_genio) + len;
37593Smarc
37728Smckusick	ktrwrite(vp, kth);
37593Smarcdone:
37593Smarc	FREE(kth, M_TEMP);
37593Smarc	FREE(ktp, M_TEMP);
37593Smarc}
37593Smarc
40805Smarcktrpsig(vp, sig, action, mask, code)
40805Smarc	struct	vnode *vp;
40805Smarc	sig_t	action;
40805Smarc{
40805Smarc	struct ktr_header *kth = ktrgetheader(KTR_PSIG);
40805Smarc	struct ktr_psig	kp;
40805Smarc
40805Smarc	if (kth == NULL)
40805Smarc		return;
40805Smarc	kp.signo = (char)sig;
40805Smarc	kp.action = action;
40805Smarc	kp.mask = mask;
40805Smarc	kp.code = code;
40805Smarc	kth->ktr_buf = (caddr_t)&kp;
40805Smarc	kth->ktr_len = sizeof (struct ktr_psig);
40805Smarc
40805Smarc	ktrwrite(vp, kth);
40805Smarc	FREE(kth, M_TEMP);
40805Smarc}
40805Smarc
40805Smarc/* Interface and common routines */
40805Smarc
36359Smarc/*
36359Smarc * ktrace system call
36359Smarc */
*43444Smckusick/* ARGSUSED */
*43444Smckusickktrace(curp, uap, retval)
*43444Smckusick	struct proc *curp;
*43444Smckusick	register struct args {
36359Smarc		char	*fname;
36359Smarc		int	ops;
36359Smarc		int	facs;
37593Smarc		int	pid;
*43444Smckusick	} *uap;
*43444Smckusick	int *retval;
*43444Smckusick{
37728Smckusick	register struct vnode *vp = NULL;
36359Smarc	register struct nameidata *ndp = &u.u_nd;
36359Smarc	register struct proc *p;
40805Smarc	register ops = KTROP(uap->ops);
36359Smarc	struct pgrp *pg;
36359Smarc	register int facs = uap->facs;
37593Smarc	register int ret = 0;
*43444Smckusick	int error = 0;
36359Smarc
36359Smarc	/*
36359Smarc	 * Until security implications are thought through,
37593Smarc	 * limit tracing to root (unless ktrace_nocheck is set).
36359Smarc	 */
*43444Smckusick	if (!ktrace_nocheck && (error = suser(u.u_cred, &u.u_acflag)))
*43444Smckusick		RETURN (error);
36359Smarc	if (ops != KTROP_CLEAR) {
36359Smarc		/*
36359Smarc		 * an operation which requires a file argument.
36359Smarc		 */
36359Smarc		ndp->ni_segflg = UIO_USERSPACE;
36359Smarc		ndp->ni_dirp = uap->fname;
*43444Smckusick		if (error = vn_open(ndp, FREAD|FWRITE, 0))
*43444Smckusick			RETURN (error);
37728Smckusick		vp = ndp->ni_vp;
37728Smckusick		if (vp->v_type != VREG) {
37728Smckusick			vrele(vp);
*43444Smckusick			RETURN (EACCES);
36359Smarc		}
36359Smarc	}
36359Smarc	/*
36359Smarc	 * Clear all uses of the tracefile
36359Smarc	 */
36359Smarc	if (ops == KTROP_CLEARFILE) {
36359Smarc		for (p = allproc; p != NULL; p = p->p_nxt) {
37728Smckusick			if (p->p_tracep == vp) {
36359Smarc				p->p_tracep = NULL;
36359Smarc				p->p_traceflag = 0;
37728Smckusick				vrele(vp);
36359Smarc			}
36359Smarc		}
36359Smarc		goto done;
36359Smarc	}
36359Smarc	/*
36359Smarc	 * need something to (un)trace
36359Smarc	 */
36359Smarc	if (!facs) {
*43444Smckusick		error = EINVAL;
36359Smarc		goto done;
36359Smarc	}
40805Smarc	/*
40805Smarc	 * doit
40805Smarc	 */
36359Smarc	if (uap->pid < 0) {
36359Smarc		pg = pgfind(-uap->pid);
36359Smarc		if (pg == NULL) {
*43444Smckusick			error = ESRCH;
36359Smarc			goto done;
36359Smarc		}
36359Smarc		for (p = pg->pg_mem; p != NULL; p = p->p_pgrpnxt)
40805Smarc			if (uap->ops&KTRFLAG_DESCEND)
37728Smckusick				ret |= ktrsetchildren(p, ops, facs, vp);
36359Smarc			else
37728Smckusick				ret |= ktrops(p, ops, facs, vp);
36359Smarc
36359Smarc	} else {
36359Smarc		p = pfind(uap->pid);
36359Smarc		if (p == NULL) {
*43444Smckusick			error = ESRCH;
36359Smarc			goto done;
36359Smarc		}
40805Smarc		if (ops&KTRFLAG_DESCEND)
37728Smckusick			ret |= ktrsetchildren(p, ops, facs, vp);
36359Smarc		else
37728Smckusick			ret |= ktrops(p, ops, facs, vp);
36359Smarc	}
37593Smarc	if (!ret)
*43444Smckusick		error = EPERM;
36359Smarcdone:
37728Smckusick	if (vp != NULL)
37728Smckusick		vrele(vp);
*43444Smckusick	RETURN (error);
36359Smarc}
36359Smarc
37728Smckusickktrops(p, ops, facs, vp)
36359Smarc	struct proc *p;
37728Smckusick	struct vnode *vp;
36359Smarc{
37593Smarc
37593Smarc	if (u.u_uid && u.u_uid != p->p_uid)
37593Smarc		return 0;
36359Smarc	if (ops == KTROP_SET) {
40805Smarc		if (p->p_tracep != vp) {
36359Smarc			/*
36359Smarc			 * if trace file already in use, relinquish
36359Smarc			 */
36359Smarc			if (p->p_tracep != NULL)
37728Smckusick				vrele(p->p_tracep);
38423Smarc			VREF(vp);
37728Smckusick			p->p_tracep = vp;
36359Smarc		}
36359Smarc		p->p_traceflag |= facs;
36359Smarc	} else {
36359Smarc		/* KTROP_CLEAR */
40805Smarc		if (((p->p_traceflag &= ~facs) & ~KTRFAC_INHERIT) == 0) {
40805Smarc			/* no more tracing */
40805Smarc			p->p_traceflag = 0;
36359Smarc			if (p->p_tracep != NULL) {
37728Smckusick				vrele(p->p_tracep);
36359Smarc				p->p_tracep = NULL;
36359Smarc			}
36359Smarc		}
36359Smarc	}
37593Smarc
37593Smarc	return 1;
36359Smarc}
37593Smarc
37728Smckusickktrsetchildren(top, ops, facs, vp)
36359Smarc	struct proc *top;
37728Smckusick	struct vnode *vp;
36359Smarc{
36359Smarc	register struct proc *p;
37593Smarc	register int ret = 0;
36359Smarc
36359Smarc	p = top;
36359Smarc	for (;;) {
40805Smarc		ret |= ktrops(p, ops, facs, vp);
36359Smarc		/*
36359Smarc		 * If this process has children, descend to them next,
36359Smarc		 * otherwise do any siblings, and if done with this level,
36359Smarc		 * follow back up the tree (but not past top).
36359Smarc		 */
36359Smarc		if (p->p_cptr)
36359Smarc			p = p->p_cptr;
36359Smarc		else if (p == top)
37593Smarc			return ret;
36359Smarc		else if (p->p_osptr)
36359Smarc			p = p->p_osptr;
36359Smarc		else for (;;) {
36359Smarc			p = p->p_pptr;
36359Smarc			if (p == top)
37593Smarc				return ret;
36359Smarc			if (p->p_osptr) {
36359Smarc				p = p->p_osptr;
36359Smarc				break;
36359Smarc			}
36359Smarc		}
36359Smarc	}
37593Smarc	/*NOTREACHED*/
36359Smarc}
36359Smarc
37728Smckusickktrwrite(vp, kth)
37728Smckusick	struct vnode *vp;
37728Smckusick	register struct ktr_header *kth;
36359Smarc{
37728Smckusick	struct uio auio;
37728Smckusick	struct iovec aiov[2];
41573Smckusick	struct proc *p;
39581Smckusick	int error;
37728Smckusick
37728Smckusick	if (vp == NULL)
37593Smarc		return;
37728Smckusick	auio.uio_iov = &aiov[0];
37728Smckusick	auio.uio_offset = 0;
37728Smckusick	auio.uio_segflg = UIO_SYSSPACE;
37728Smckusick	auio.uio_rw = UIO_WRITE;
37728Smckusick	aiov[0].iov_base = (caddr_t)kth;
37728Smckusick	aiov[0].iov_len = sizeof(struct ktr_header);
37728Smckusick	auio.uio_resid = sizeof(struct ktr_header);
37728Smckusick	auio.uio_iovcnt = 1;
36359Smarc	if (kth->ktr_len > 0) {
37728Smckusick		auio.uio_iovcnt++;
37728Smckusick		aiov[1].iov_base = kth->ktr_buf;
37728Smckusick		aiov[1].iov_len = kth->ktr_len;
37728Smckusick		auio.uio_resid += kth->ktr_len;
36359Smarc	}
39581Smckusick	VOP_LOCK(vp);
39581Smckusick	error = VOP_WRITE(vp, &auio, IO_UNIT|IO_APPEND, u.u_cred);
39581Smckusick	VOP_UNLOCK(vp);
41573Smckusick	if (!error)
41573Smckusick		return;
41573Smckusick	/*
41573Smckusick	 * If error encountered, give up tracing on this vnode.
41573Smckusick	 */
41573Smckusick	uprintf("\ntrace write failed with errno %d, tracing stopped\n", error);
41573Smckusick	for (p = allproc; p != NULL; p = p->p_nxt) {
41573Smckusick		if (p->p_tracep == vp) {
41573Smckusick			p->p_tracep = NULL;
41573Smckusick			p->p_traceflag = 0;
41573Smckusick			vrele(vp);
41573Smckusick		}
41573Smckusick	}
36359Smarc}
36359Smarc#endif