1a9643ea8Slogwang /*- 2*22ce4affSfengbojiang * SPDX-License-Identifier: BSD-3-Clause 3*22ce4affSfengbojiang * 4a9643ea8Slogwang * Copyright (c) 1988, 1993 5a9643ea8Slogwang * The Regents of the University of California. All rights reserved. 6a9643ea8Slogwang * 7a9643ea8Slogwang * Redistribution and use in source and binary forms, with or without 8a9643ea8Slogwang * modification, are permitted provided that the following conditions 9a9643ea8Slogwang * are met: 10a9643ea8Slogwang * 1. Redistributions of source code must retain the above copyright 11a9643ea8Slogwang * notice, this list of conditions and the following disclaimer. 12a9643ea8Slogwang * 2. Redistributions in binary form must reproduce the above copyright 13a9643ea8Slogwang * notice, this list of conditions and the following disclaimer in the 14a9643ea8Slogwang * documentation and/or other materials provided with the distribution. 15*22ce4affSfengbojiang * 3. Neither the name of the University nor the names of its contributors 16a9643ea8Slogwang * may be used to endorse or promote products derived from this software 17a9643ea8Slogwang * without specific prior written permission. 18a9643ea8Slogwang * 19a9643ea8Slogwang * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 20a9643ea8Slogwang * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21a9643ea8Slogwang * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22a9643ea8Slogwang * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 23a9643ea8Slogwang * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24a9643ea8Slogwang * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25a9643ea8Slogwang * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26a9643ea8Slogwang * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27a9643ea8Slogwang * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28a9643ea8Slogwang * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29a9643ea8Slogwang * SUCH DAMAGE. 30a9643ea8Slogwang * 31a9643ea8Slogwang * @(#)ktrace.h 8.1 (Berkeley) 6/2/93 32a9643ea8Slogwang * $FreeBSD$ 33a9643ea8Slogwang */ 34a9643ea8Slogwang 35a9643ea8Slogwang #ifndef _SYS_KTRACE_H_ 36a9643ea8Slogwang #define _SYS_KTRACE_H_ 37a9643ea8Slogwang 38a9643ea8Slogwang #include <sys/caprights.h> 39a9643ea8Slogwang 40a9643ea8Slogwang /* 41a9643ea8Slogwang * operations to ktrace system call (KTROP(op)) 42a9643ea8Slogwang */ 43a9643ea8Slogwang #define KTROP_SET 0 /* set trace points */ 44a9643ea8Slogwang #define KTROP_CLEAR 1 /* clear trace points */ 45a9643ea8Slogwang #define KTROP_CLEARFILE 2 /* stop all tracing to file */ 46a9643ea8Slogwang #define KTROP(o) ((o)&3) /* macro to extract operation */ 47a9643ea8Slogwang /* 48a9643ea8Slogwang * flags (ORed in with operation) 49a9643ea8Slogwang */ 50a9643ea8Slogwang #define KTRFLAG_DESCEND 4 /* perform op on all children too */ 51a9643ea8Slogwang 52a9643ea8Slogwang /* 53a9643ea8Slogwang * ktrace record header 54a9643ea8Slogwang */ 55a9643ea8Slogwang struct ktr_header { 56a9643ea8Slogwang int ktr_len; /* length of buf */ 57a9643ea8Slogwang short ktr_type; /* trace record type */ 58a9643ea8Slogwang pid_t ktr_pid; /* process id */ 59a9643ea8Slogwang char ktr_comm[MAXCOMLEN + 1];/* command name */ 60a9643ea8Slogwang struct timeval ktr_time; /* timestamp */ 61a9643ea8Slogwang intptr_t ktr_tid; /* was ktr_buffer */ 62a9643ea8Slogwang }; 63a9643ea8Slogwang 64a9643ea8Slogwang /* 65a9643ea8Slogwang * Test for kernel trace point (MP SAFE). 66a9643ea8Slogwang * 67a9643ea8Slogwang * KTRCHECK() just checks that the type is enabled and is only for 68a9643ea8Slogwang * internal use in the ktrace subsystem. KTRPOINT() checks against 69a9643ea8Slogwang * ktrace recursion as well as checking that the type is enabled and 70a9643ea8Slogwang * is the public interface. 71a9643ea8Slogwang */ 72a9643ea8Slogwang #define KTRCHECK(td, type) ((td)->td_proc->p_traceflag & (1 << type)) 73*22ce4affSfengbojiang #define KTRPOINT(td, type) (__predict_false(KTRCHECK((td), (type)))) 74a9643ea8Slogwang #define KTRCHECKDRAIN(td) (!(STAILQ_EMPTY(&(td)->td_proc->p_ktr))) 75a9643ea8Slogwang #define KTRUSERRET(td) do { \ 76*22ce4affSfengbojiang if (__predict_false(KTRCHECKDRAIN(td))) \ 77a9643ea8Slogwang ktruserret(td); \ 78a9643ea8Slogwang } while (0) 79a9643ea8Slogwang 80a9643ea8Slogwang /* 81a9643ea8Slogwang * ktrace record types 82a9643ea8Slogwang */ 83a9643ea8Slogwang 84a9643ea8Slogwang /* 85a9643ea8Slogwang * KTR_SYSCALL - system call record 86a9643ea8Slogwang */ 87a9643ea8Slogwang #define KTR_SYSCALL 1 88a9643ea8Slogwang struct ktr_syscall { 89a9643ea8Slogwang short ktr_code; /* syscall number */ 90a9643ea8Slogwang short ktr_narg; /* number of arguments */ 91a9643ea8Slogwang /* 92a9643ea8Slogwang * followed by ktr_narg register_t 93a9643ea8Slogwang */ 94a9643ea8Slogwang register_t ktr_args[1]; 95a9643ea8Slogwang }; 96a9643ea8Slogwang 97a9643ea8Slogwang /* 98a9643ea8Slogwang * KTR_SYSRET - return from system call record 99a9643ea8Slogwang */ 100a9643ea8Slogwang #define KTR_SYSRET 2 101a9643ea8Slogwang struct ktr_sysret { 102a9643ea8Slogwang short ktr_code; 103a9643ea8Slogwang short ktr_eosys; 104a9643ea8Slogwang int ktr_error; 105a9643ea8Slogwang register_t ktr_retval; 106a9643ea8Slogwang }; 107a9643ea8Slogwang 108a9643ea8Slogwang /* 109a9643ea8Slogwang * KTR_NAMEI - namei record 110a9643ea8Slogwang */ 111a9643ea8Slogwang #define KTR_NAMEI 3 112a9643ea8Slogwang /* record contains pathname */ 113a9643ea8Slogwang 114a9643ea8Slogwang /* 115a9643ea8Slogwang * KTR_GENIO - trace generic process i/o 116a9643ea8Slogwang */ 117a9643ea8Slogwang #define KTR_GENIO 4 118a9643ea8Slogwang struct ktr_genio { 119a9643ea8Slogwang int ktr_fd; 120a9643ea8Slogwang enum uio_rw ktr_rw; 121a9643ea8Slogwang /* 122a9643ea8Slogwang * followed by data successfully read/written 123a9643ea8Slogwang */ 124a9643ea8Slogwang }; 125a9643ea8Slogwang 126a9643ea8Slogwang /* 127a9643ea8Slogwang * KTR_PSIG - trace processed signal 128a9643ea8Slogwang */ 129a9643ea8Slogwang #define KTR_PSIG 5 130a9643ea8Slogwang struct ktr_psig { 131a9643ea8Slogwang int signo; 132a9643ea8Slogwang sig_t action; 133a9643ea8Slogwang int code; 134a9643ea8Slogwang sigset_t mask; 135a9643ea8Slogwang }; 136a9643ea8Slogwang 137a9643ea8Slogwang /* 138a9643ea8Slogwang * KTR_CSW - trace context switches 139a9643ea8Slogwang */ 140a9643ea8Slogwang #define KTR_CSW 6 141a9643ea8Slogwang struct ktr_csw_old { 142a9643ea8Slogwang int out; /* 1 if switch out, 0 if switch in */ 143a9643ea8Slogwang int user; /* 1 if usermode (ivcsw), 0 if kernel (vcsw) */ 144a9643ea8Slogwang }; 145a9643ea8Slogwang 146a9643ea8Slogwang struct ktr_csw { 147a9643ea8Slogwang int out; /* 1 if switch out, 0 if switch in */ 148a9643ea8Slogwang int user; /* 1 if usermode (ivcsw), 0 if kernel (vcsw) */ 149a9643ea8Slogwang char wmesg[8]; 150a9643ea8Slogwang }; 151a9643ea8Slogwang 152a9643ea8Slogwang /* 153a9643ea8Slogwang * KTR_USER - data coming from userland 154a9643ea8Slogwang */ 155a9643ea8Slogwang #define KTR_USER_MAXLEN 2048 /* maximum length of passed data */ 156a9643ea8Slogwang #define KTR_USER 7 157a9643ea8Slogwang 158a9643ea8Slogwang /* 159a9643ea8Slogwang * KTR_STRUCT - misc. structs 160a9643ea8Slogwang */ 161a9643ea8Slogwang #define KTR_STRUCT 8 162a9643ea8Slogwang /* 163a9643ea8Slogwang * record contains null-terminated struct name followed by 164a9643ea8Slogwang * struct contents 165a9643ea8Slogwang */ 166a9643ea8Slogwang struct sockaddr; 167a9643ea8Slogwang struct stat; 168a9643ea8Slogwang struct sysentvec; 169a9643ea8Slogwang 170a9643ea8Slogwang /* 171a9643ea8Slogwang * KTR_SYSCTL - name of a sysctl MIB 172a9643ea8Slogwang */ 173a9643ea8Slogwang #define KTR_SYSCTL 9 174a9643ea8Slogwang /* record contains null-terminated MIB name */ 175a9643ea8Slogwang 176a9643ea8Slogwang /* 177a9643ea8Slogwang * KTR_PROCCTOR - trace process creation (multiple ABI support) 178a9643ea8Slogwang */ 179a9643ea8Slogwang #define KTR_PROCCTOR 10 180a9643ea8Slogwang struct ktr_proc_ctor { 181a9643ea8Slogwang u_int sv_flags; /* struct sysentvec sv_flags copy */ 182a9643ea8Slogwang }; 183a9643ea8Slogwang 184a9643ea8Slogwang /* 185a9643ea8Slogwang * KTR_PROCDTOR - trace process destruction (multiple ABI support) 186a9643ea8Slogwang */ 187a9643ea8Slogwang #define KTR_PROCDTOR 11 188a9643ea8Slogwang 189a9643ea8Slogwang /* 190a9643ea8Slogwang * KTR_CAPFAIL - trace capability check failures 191a9643ea8Slogwang */ 192a9643ea8Slogwang #define KTR_CAPFAIL 12 193a9643ea8Slogwang enum ktr_cap_fail_type { 194a9643ea8Slogwang CAPFAIL_NOTCAPABLE, /* insufficient capabilities in cap_check() */ 195a9643ea8Slogwang CAPFAIL_INCREASE, /* attempt to increase capabilities */ 196a9643ea8Slogwang CAPFAIL_SYSCALL, /* disallowed system call */ 197a9643ea8Slogwang CAPFAIL_LOOKUP, /* disallowed VFS lookup */ 198a9643ea8Slogwang }; 199a9643ea8Slogwang struct ktr_cap_fail { 200a9643ea8Slogwang enum ktr_cap_fail_type cap_type; 201a9643ea8Slogwang cap_rights_t cap_needed; 202a9643ea8Slogwang cap_rights_t cap_held; 203a9643ea8Slogwang }; 204a9643ea8Slogwang 205a9643ea8Slogwang /* 206a9643ea8Slogwang * KTR_FAULT - page fault record 207a9643ea8Slogwang */ 208a9643ea8Slogwang #define KTR_FAULT 13 209a9643ea8Slogwang struct ktr_fault { 210a9643ea8Slogwang vm_offset_t vaddr; 211a9643ea8Slogwang int type; 212a9643ea8Slogwang }; 213a9643ea8Slogwang 214a9643ea8Slogwang /* 215a9643ea8Slogwang * KTR_FAULTEND - end of page fault record 216a9643ea8Slogwang */ 217a9643ea8Slogwang #define KTR_FAULTEND 14 218a9643ea8Slogwang struct ktr_faultend { 219a9643ea8Slogwang int result; 220a9643ea8Slogwang }; 221a9643ea8Slogwang 222a9643ea8Slogwang /* 223*22ce4affSfengbojiang * KTR_STRUCT_ARRAY - array of misc. structs 224*22ce4affSfengbojiang */ 225*22ce4affSfengbojiang #define KTR_STRUCT_ARRAY 15 226*22ce4affSfengbojiang struct ktr_struct_array { 227*22ce4affSfengbojiang size_t struct_size; 228*22ce4affSfengbojiang /* 229*22ce4affSfengbojiang * Followed by null-terminated structure name and then payload 230*22ce4affSfengbojiang * contents. 231*22ce4affSfengbojiang */ 232*22ce4affSfengbojiang }; 233*22ce4affSfengbojiang 234*22ce4affSfengbojiang /* 235a9643ea8Slogwang * KTR_DROP - If this bit is set in ktr_type, then at least one event 236a9643ea8Slogwang * between the previous record and this record was dropped. 237a9643ea8Slogwang */ 238a9643ea8Slogwang #define KTR_DROP 0x8000 239a9643ea8Slogwang 240a9643ea8Slogwang /* 241a9643ea8Slogwang * kernel trace points (in p_traceflag) 242a9643ea8Slogwang */ 243a9643ea8Slogwang #define KTRFAC_MASK 0x00ffffff 244a9643ea8Slogwang #define KTRFAC_SYSCALL (1<<KTR_SYSCALL) 245a9643ea8Slogwang #define KTRFAC_SYSRET (1<<KTR_SYSRET) 246a9643ea8Slogwang #define KTRFAC_NAMEI (1<<KTR_NAMEI) 247a9643ea8Slogwang #define KTRFAC_GENIO (1<<KTR_GENIO) 248a9643ea8Slogwang #define KTRFAC_PSIG (1<<KTR_PSIG) 249a9643ea8Slogwang #define KTRFAC_CSW (1<<KTR_CSW) 250a9643ea8Slogwang #define KTRFAC_USER (1<<KTR_USER) 251a9643ea8Slogwang #define KTRFAC_STRUCT (1<<KTR_STRUCT) 252a9643ea8Slogwang #define KTRFAC_SYSCTL (1<<KTR_SYSCTL) 253a9643ea8Slogwang #define KTRFAC_PROCCTOR (1<<KTR_PROCCTOR) 254a9643ea8Slogwang #define KTRFAC_PROCDTOR (1<<KTR_PROCDTOR) 255a9643ea8Slogwang #define KTRFAC_CAPFAIL (1<<KTR_CAPFAIL) 256a9643ea8Slogwang #define KTRFAC_FAULT (1<<KTR_FAULT) 257a9643ea8Slogwang #define KTRFAC_FAULTEND (1<<KTR_FAULTEND) 258*22ce4affSfengbojiang #define KTRFAC_STRUCT_ARRAY (1<<KTR_STRUCT_ARRAY) 259a9643ea8Slogwang 260a9643ea8Slogwang /* 261a9643ea8Slogwang * trace flags (also in p_traceflags) 262a9643ea8Slogwang */ 263a9643ea8Slogwang #define KTRFAC_ROOT 0x80000000 /* root set this trace */ 264a9643ea8Slogwang #define KTRFAC_INHERIT 0x40000000 /* pass trace flags to children */ 265a9643ea8Slogwang #define KTRFAC_DROP 0x20000000 /* last event was dropped */ 266a9643ea8Slogwang 267a9643ea8Slogwang #ifdef _KERNEL 268a9643ea8Slogwang void ktrnamei(char *); 269a9643ea8Slogwang void ktrcsw(int, int, const char *); 270a9643ea8Slogwang void ktrpsig(int, sig_t, sigset_t *, int); 271a9643ea8Slogwang void ktrfault(vm_offset_t, int); 272a9643ea8Slogwang void ktrfaultend(int); 273a9643ea8Slogwang void ktrgenio(int, enum uio_rw, struct uio *, int); 274a9643ea8Slogwang void ktrsyscall(int, int narg, register_t args[]); 275a9643ea8Slogwang void ktrsysctl(int *name, u_int namelen); 276a9643ea8Slogwang void ktrsysret(int, int, register_t); 277a9643ea8Slogwang void ktrprocctor(struct proc *); 278a9643ea8Slogwang void ktrprocexec(struct proc *, struct ucred **, struct vnode **); 279a9643ea8Slogwang void ktrprocexit(struct thread *); 280a9643ea8Slogwang void ktrprocfork(struct proc *, struct proc *); 281a9643ea8Slogwang void ktruserret(struct thread *); 282*22ce4affSfengbojiang void ktrstruct(const char *, const void *, size_t); 283*22ce4affSfengbojiang void ktrstruct_error(const char *, const void *, size_t, int); 284*22ce4affSfengbojiang void ktrstructarray(const char *, enum uio_seg, const void *, int, size_t); 285a9643ea8Slogwang void ktrcapfail(enum ktr_cap_fail_type, const cap_rights_t *, 286a9643ea8Slogwang const cap_rights_t *); 287a9643ea8Slogwang #define ktrcaprights(s) \ 288a9643ea8Slogwang ktrstruct("caprights", (s), sizeof(cap_rights_t)) 289a9643ea8Slogwang #define ktritimerval(s) \ 290a9643ea8Slogwang ktrstruct("itimerval", (s), sizeof(struct itimerval)) 291a9643ea8Slogwang #define ktrsockaddr(s) \ 292a9643ea8Slogwang ktrstruct("sockaddr", (s), ((struct sockaddr *)(s))->sa_len) 293a9643ea8Slogwang #define ktrstat(s) \ 294a9643ea8Slogwang ktrstruct("stat", (s), sizeof(struct stat)) 295*22ce4affSfengbojiang #define ktrstat_error(s, error) \ 296*22ce4affSfengbojiang ktrstruct_error("stat", (s), sizeof(struct stat), error) 297*22ce4affSfengbojiang extern u_int ktr_geniosize; 298a9643ea8Slogwang #else 299a9643ea8Slogwang 300a9643ea8Slogwang #include <sys/cdefs.h> 301a9643ea8Slogwang 302a9643ea8Slogwang __BEGIN_DECLS 303a9643ea8Slogwang int ktrace(const char *, int, int, pid_t); 304a9643ea8Slogwang int utrace(const void *, size_t); 305a9643ea8Slogwang __END_DECLS 306a9643ea8Slogwang 307a9643ea8Slogwang #endif 308a9643ea8Slogwang 309a9643ea8Slogwang #endif 310