1 /*-
2 * SPDX-License-Identifier: BSD-3-Clause
3 *
4 * Copyright (c) 1988, 1993
5 * The Regents of the University of California. All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. Neither the name of the University nor the names of its contributors
16 * may be used to endorse or promote products derived from this software
17 * without specific prior written permission.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 * SUCH DAMAGE.
30 *
31 * @(#)ktrace.h 8.1 (Berkeley) 6/2/93
32 */
33
34 #ifndef _SYS_KTRACE_H_
35 #define _SYS_KTRACE_H_
36
37 #include <sys/param.h>
38 #include <sys/caprights.h>
39 #include <sys/signal.h>
40 #include <sys/socket.h>
41 #include <sys/_uio.h>
42
43 /*
44 * operations to ktrace system call (KTROP(op))
45 */
46 #define KTROP_SET 0 /* set trace points */
47 #define KTROP_CLEAR 1 /* clear trace points */
48 #define KTROP_CLEARFILE 2 /* stop all tracing to file */
49 #define KTROP(o) ((o)&3) /* macro to extract operation */
50 /*
51 * flags (ORed in with operation)
52 */
53 #define KTRFLAG_DESCEND 4 /* perform op on all children too */
54
55 /*
56 * ktrace record header
57 */
58 struct ktr_header_v0 {
59 int ktr_len; /* length of buf */
60 short ktr_type; /* trace record type */
61 pid_t ktr_pid; /* process id */
62 char ktr_comm[MAXCOMLEN + 1];/* command name */
63 struct timeval ktr_time; /* timestamp */
64 long ktr_tid; /* thread id */
65 };
66
67 struct ktr_header {
68 int ktr_len; /* length of buf */
69 short ktr_type; /* trace record type */
70 short ktr_version; /* ktr_header version */
71 pid_t ktr_pid; /* process id */
72 char ktr_comm[MAXCOMLEN + 1];/* command name */
73 struct timespec ktr_time; /* timestamp */
74 /* XXX: make ktr_tid an lwpid_t on next ABI break */
75 long ktr_tid; /* thread id */
76 int ktr_cpu; /* cpu id */
77 };
78
79 #define KTR_VERSION0 0
80 #define KTR_VERSION1 1
81 #define KTR_OFFSET_V0 sizeof(struct ktr_header_v0) - \
82 sizeof(struct ktr_header)
83 /*
84 * Test for kernel trace point (MP SAFE).
85 *
86 * KTRCHECK() just checks that the type is enabled and is only for
87 * internal use in the ktrace subsystem. KTRPOINT() checks against
88 * ktrace recursion as well as checking that the type is enabled and
89 * is the public interface.
90 */
91 #define KTRCHECK(td, type) ((td)->td_proc->p_traceflag & (1 << type))
92 #define KTRPOINT(td, type) (__predict_false(KTRCHECK((td), (type))))
93 #define KTRCHECKDRAIN(td) (!(STAILQ_EMPTY(&(td)->td_proc->p_ktr)))
94 #define KTRUSERRET(td) do { \
95 if (__predict_false(KTRCHECKDRAIN(td))) \
96 ktruserret(td); \
97 } while (0)
98
99 /*
100 * ktrace record types
101 */
102
103 /*
104 * KTR_SYSCALL - system call record
105 */
106 #define KTR_SYSCALL 1
107 struct ktr_syscall {
108 short ktr_code; /* syscall number */
109 short ktr_narg; /* number of arguments */
110 /*
111 * followed by ktr_narg register_t
112 */
113 register_t ktr_args[1];
114 };
115
116 /*
117 * KTR_SYSRET - return from system call record
118 */
119 #define KTR_SYSRET 2
120 struct ktr_sysret {
121 short ktr_code;
122 short ktr_eosys;
123 int ktr_error;
124 register_t ktr_retval;
125 };
126
127 /*
128 * KTR_NAMEI - namei record
129 */
130 #define KTR_NAMEI 3
131 /* record contains pathname */
132
133 /*
134 * KTR_GENIO - trace generic process i/o
135 */
136 #define KTR_GENIO 4
137 struct ktr_genio {
138 int ktr_fd;
139 enum uio_rw ktr_rw;
140 /*
141 * followed by data successfully read/written
142 */
143 };
144
145 /*
146 * KTR_PSIG - trace processed signal
147 */
148 #define KTR_PSIG 5
149 struct ktr_psig {
150 int signo;
151 sig_t action;
152 int code;
153 sigset_t mask;
154 };
155
156 /*
157 * KTR_CSW - trace context switches
158 */
159 #define KTR_CSW 6
160 struct ktr_csw_old {
161 int out; /* 1 if switch out, 0 if switch in */
162 int user; /* 1 if usermode (ivcsw), 0 if kernel (vcsw) */
163 };
164
165 struct ktr_csw {
166 int out; /* 1 if switch out, 0 if switch in */
167 int user; /* 1 if usermode (ivcsw), 0 if kernel (vcsw) */
168 char wmesg[8];
169 };
170
171 /*
172 * KTR_USER - data coming from userland
173 */
174 #define KTR_USER_MAXLEN 2048 /* maximum length of passed data */
175 #define KTR_USER 7
176
177 /*
178 * KTR_STRUCT - misc. structs
179 */
180 #define KTR_STRUCT 8
181 /*
182 * record contains null-terminated struct name followed by
183 * struct contents
184 */
185 struct sockaddr;
186 struct stat;
187 struct sysentvec;
188
189 /*
190 * KTR_SYSCTL - name of a sysctl MIB
191 */
192 #define KTR_SYSCTL 9
193 /* record contains null-terminated MIB name */
194
195 /*
196 * KTR_PROCCTOR - trace process creation (multiple ABI support)
197 */
198 #define KTR_PROCCTOR 10
199 struct ktr_proc_ctor {
200 u_int sv_flags; /* struct sysentvec sv_flags copy */
201 };
202
203 /*
204 * KTR_PROCDTOR - trace process destruction (multiple ABI support)
205 */
206 #define KTR_PROCDTOR 11
207
208 /*
209 * KTR_CAPFAIL - trace capability check failures
210 */
211 #define KTR_CAPFAIL 12
212 enum ktr_cap_violation {
213 CAPFAIL_NOTCAPABLE, /* insufficient capabilities in cap_check() */
214 CAPFAIL_INCREASE, /* attempt to increase rights on a capability */
215 CAPFAIL_SYSCALL, /* disallowed system call */
216 CAPFAIL_SIGNAL, /* sent signal to process other than self */
217 CAPFAIL_PROTO, /* disallowed protocol */
218 CAPFAIL_SOCKADDR, /* restricted address lookup */
219 CAPFAIL_NAMEI, /* restricted namei lookup */
220 CAPFAIL_CPUSET, /* restricted CPU set modification */
221 };
222
223 union ktr_cap_data {
224 cap_rights_t cap_rights[2];
225 #define cap_needed cap_rights[0]
226 #define cap_held cap_rights[1]
227 int cap_int;
228 struct sockaddr cap_sockaddr;
229 char cap_path[MAXPATHLEN];
230 };
231
232 struct ktr_cap_fail {
233 enum ktr_cap_violation cap_type;
234 short cap_code;
235 u_int cap_svflags;
236 union ktr_cap_data cap_data;
237 };
238
239 /*
240 * KTR_FAULT - page fault record
241 */
242 #define KTR_FAULT 13
243 struct ktr_fault {
244 vm_offset_t vaddr;
245 int type;
246 };
247
248 /*
249 * KTR_FAULTEND - end of page fault record
250 */
251 #define KTR_FAULTEND 14
252 struct ktr_faultend {
253 int result;
254 };
255
256 /*
257 * KTR_STRUCT_ARRAY - array of misc. structs
258 */
259 #define KTR_STRUCT_ARRAY 15
260 struct ktr_struct_array {
261 size_t struct_size;
262 /*
263 * Followed by null-terminated structure name and then payload
264 * contents.
265 */
266 };
267
268 /*
269 * KTR_DROP - If this bit is set in ktr_type, then at least one event
270 * between the previous record and this record was dropped.
271 */
272 #define KTR_DROP 0x8000
273 /*
274 * KTR_VERSIONED - If this bit is set in ktr_type, then the kernel
275 * exposes the new struct ktr_header (versioned), otherwise the old
276 * struct ktr_header_v0 is exposed.
277 */
278 #define KTR_VERSIONED 0x4000
279 #define KTR_TYPE (KTR_DROP | KTR_VERSIONED)
280
281 /*
282 * kernel trace points (in p_traceflag)
283 */
284 #define KTRFAC_MASK 0x00ffffff
285 #define KTRFAC_SYSCALL (1<<KTR_SYSCALL)
286 #define KTRFAC_SYSRET (1<<KTR_SYSRET)
287 #define KTRFAC_NAMEI (1<<KTR_NAMEI)
288 #define KTRFAC_GENIO (1<<KTR_GENIO)
289 #define KTRFAC_PSIG (1<<KTR_PSIG)
290 #define KTRFAC_CSW (1<<KTR_CSW)
291 #define KTRFAC_USER (1<<KTR_USER)
292 #define KTRFAC_STRUCT (1<<KTR_STRUCT)
293 #define KTRFAC_SYSCTL (1<<KTR_SYSCTL)
294 #define KTRFAC_PROCCTOR (1<<KTR_PROCCTOR)
295 #define KTRFAC_PROCDTOR (1<<KTR_PROCDTOR)
296 #define KTRFAC_CAPFAIL (1<<KTR_CAPFAIL)
297 #define KTRFAC_FAULT (1<<KTR_FAULT)
298 #define KTRFAC_FAULTEND (1<<KTR_FAULTEND)
299 #define KTRFAC_STRUCT_ARRAY (1<<KTR_STRUCT_ARRAY)
300
301 /*
302 * trace flags (also in p_traceflags)
303 */
304 #define KTRFAC_ROOT 0x80000000 /* root set this trace */
305 #define KTRFAC_INHERIT 0x40000000 /* pass trace flags to children */
306 #define KTRFAC_DROP 0x20000000 /* last event was dropped */
307
308 #ifdef _KERNEL
309 struct ktr_io_params;
310
311 #ifdef KTRACE
312 struct vnode *ktr_get_tracevp(struct proc *, bool);
313 #else
314 static inline struct vnode *
ktr_get_tracevp(struct proc * p,bool ref)315 ktr_get_tracevp(struct proc *p, bool ref)
316 {
317
318 return (NULL);
319 }
320 #endif
321 void ktr_io_params_free(struct ktr_io_params *);
322 void ktrnamei(const char *);
323 void ktrcsw(int, int, const char *);
324 void ktrpsig(int, sig_t, sigset_t *, int);
325 void ktrfault(vm_offset_t, int);
326 void ktrfaultend(int);
327 void ktrgenio(int, enum uio_rw, struct uio *, int);
328 void ktrsyscall(int, int narg, syscallarg_t args[]);
329 void ktrsysctl(int *name, u_int namelen);
330 void ktrsysret(int, int, register_t);
331 void ktrprocctor(struct proc *);
332 struct ktr_io_params *ktrprocexec(struct proc *);
333 void ktrprocexit(struct thread *);
334 void ktrprocfork(struct proc *, struct proc *);
335 void ktruserret(struct thread *);
336 void ktrstruct(const char *, const void *, size_t);
337 void ktrstruct_error(const char *, const void *, size_t, int);
338 void ktrstructarray(const char *, enum uio_seg, const void *, int, size_t);
339 void ktrcapfail(enum ktr_cap_violation, const void *);
340 #define ktrcaprights(s) \
341 ktrstruct("caprights", (s), sizeof(cap_rights_t))
342 #define ktritimerval(s) \
343 ktrstruct("itimerval", (s), sizeof(struct itimerval))
344 #define ktrsockaddr(s) \
345 ktrstruct("sockaddr", (s), ((struct sockaddr *)(s))->sa_len)
346 #define ktrstat(s) \
347 ktrstruct("stat", (s), sizeof(struct stat))
348 #define ktrstat_error(s, error) \
349 ktrstruct_error("stat", (s), sizeof(struct stat), error)
350 #define ktrcpuset(s, l) \
351 ktrstruct("cpuset_t", (s), l)
352 #define ktrsplice(s) \
353 ktrstruct("splice", (s), sizeof(struct splice))
354 extern u_int ktr_geniosize;
355 #ifdef KTRACE
356 extern int ktr_filesize_limit_signal;
357 #define __ktrace_used
358 #else
359 #define ktr_filesize_limit_signal 0
360 #define __ktrace_used __unused
361 #endif
362 #else
363
364 #include <sys/cdefs.h>
365
366 __BEGIN_DECLS
367 int ktrace(const char *, int, int, pid_t);
368 int utrace(const void *, size_t);
369 __END_DECLS
370
371 #endif
372
373 #endif
374