1 /* SPDX-License-Identifier: (GPL-2.0-only or LGPL-2.1-only)
5 * LTTng syscall probes.
7 * Copyright (C) 2010-2012 Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
10 #include <linux/module.h>
11 #include <linux/slab.h>
12 #include <linux/compat.h>
13 #include <linux/err.h>
14 #include <linux/bitmap.h>
16 #include <linux/in6.h>
17 #include <linux/seq_file.h>
18 #include <linux/stringify.h>
19 #include <linux/file.h>
20 #include <linux/anon_inodes.h>
21 #include <linux/fcntl.h>
22 #include <linux/mman.h>
23 #include <asm/ptrace.h>
24 #include <asm/syscall.h>
26 #include <lttng/bitfield.h>
27 #include <wrapper/tracepoint.h>
28 #include <wrapper/file.h>
29 #include <wrapper/rcu.h>
30 #include <wrapper/syscall.h>
31 #include <lttng/events.h>
34 # ifndef is_compat_task
35 # define is_compat_task() (0)
39 /* in_compat_syscall appears in kernel 4.6. */
40 #ifndef in_compat_syscall
41 #define in_compat_syscall() is_compat_task()
51 #define SYSCALL_ENTRY_TOK syscall_entry_
52 #define COMPAT_SYSCALL_ENTRY_TOK compat_syscall_entry_
53 #define SYSCALL_EXIT_TOK syscall_exit_
54 #define COMPAT_SYSCALL_EXIT_TOK compat_syscall_exit_
56 #define SYSCALL_ENTRY_STR __stringify(SYSCALL_ENTRY_TOK)
57 #define COMPAT_SYSCALL_ENTRY_STR __stringify(COMPAT_SYSCALL_ENTRY_TOK)
58 #define SYSCALL_EXIT_STR __stringify(SYSCALL_EXIT_TOK)
59 #define COMPAT_SYSCALL_EXIT_STR __stringify(COMPAT_SYSCALL_EXIT_TOK)
62 void syscall_entry_event_probe(void *__data
, struct pt_regs
*regs
, long id
);
64 void syscall_exit_event_probe(void *__data
, struct pt_regs
*regs
, long ret
);
67 * Forward declarations for old kernels.
71 struct oldold_utsname
;
73 struct sel_arg_struct
;
74 struct mmap_arg_struct
;
79 * Forward declaration for kernels >= 5.6
86 #if (LINUX_VERSION_CODE >= KERNEL_VERSION(5,6,0))
87 typedef __kernel_old_time_t
time_t;
90 #ifdef IA32_NR_syscalls
91 #define NR_compat_syscalls IA32_NR_syscalls
93 #define NR_compat_syscalls NR_syscalls
97 * Create LTTng tracepoint probes.
99 #define LTTNG_PACKAGE_BUILD
100 #define CREATE_TRACE_POINTS
101 #define TP_MODULE_NOINIT
102 #define TRACE_INCLUDE_PATH instrumentation/syscalls/headers
104 #define PARAMS(args...) args
106 /* Handle unknown syscalls */
108 #define TRACE_SYSTEM syscalls_unknown
109 #include <instrumentation/syscalls/headers/syscalls_unknown.h>
117 #define sc_in(...) __VA_ARGS__
121 #define sc_inout(...) __VA_ARGS__
123 /* Hijack probe callback for system call enter */
125 #define TP_PROBE_CB(_template) &syscall_entry_event_probe
126 #define SC_LTTNG_TRACEPOINT_EVENT(_name, _proto, _args, _fields) \
127 LTTNG_TRACEPOINT_EVENT(syscall_entry_##_name, PARAMS(_proto), PARAMS(_args), \
129 #define SC_LTTNG_TRACEPOINT_EVENT_CODE(_name, _proto, _args, _locvar, _code_pre, _fields, _code_post) \
130 LTTNG_TRACEPOINT_EVENT_CODE(syscall_entry_##_name, PARAMS(_proto), PARAMS(_args), \
131 PARAMS(_locvar), PARAMS(_code_pre), \
132 PARAMS(_fields), PARAMS(_code_post))
133 #define SC_LTTNG_TRACEPOINT_EVENT_CLASS_NOARGS(_name, _fields) \
134 LTTNG_TRACEPOINT_EVENT_CLASS_NOARGS(syscall_entry_##_name, PARAMS(_fields))
135 #define SC_LTTNG_TRACEPOINT_EVENT_INSTANCE_NOARGS(_template, _name) \
136 LTTNG_TRACEPOINT_EVENT_INSTANCE_NOARGS(syscall_entry_##_template, syscall_entry_##_name)
137 /* Enumerations only defined at first inclusion. */
138 #define SC_LTTNG_TRACEPOINT_ENUM(_name, _values) \
139 LTTNG_TRACEPOINT_ENUM(_name, PARAMS(_values))
141 #define TRACE_SYSTEM syscall_entry_integers
142 #define TRACE_INCLUDE_FILE syscalls_integers
143 #include <instrumentation/syscalls/headers/syscalls_integers.h>
144 #undef TRACE_INCLUDE_FILE
146 #define TRACE_SYSTEM syscall_entry_pointers
147 #define TRACE_INCLUDE_FILE syscalls_pointers
148 #include <instrumentation/syscalls/headers/syscalls_pointers.h>
149 #undef TRACE_INCLUDE_FILE
151 #undef SC_LTTNG_TRACEPOINT_ENUM
152 #undef SC_LTTNG_TRACEPOINT_EVENT_CODE
153 #undef SC_LTTNG_TRACEPOINT_EVENT
154 #undef SC_LTTNG_TRACEPOINT_EVENT_CLASS_NOARGS
155 #undef SC_LTTNG_TRACEPOINT_EVENT_INSTANCE_NOARGS
157 #undef _TRACE_SYSCALLS_INTEGERS_H
158 #undef _TRACE_SYSCALLS_POINTERS_H
160 /* Hijack probe callback for compat system call enter */
161 #define TP_PROBE_CB(_template) &syscall_entry_event_probe
162 #define LTTNG_SC_COMPAT
163 #define SC_LTTNG_TRACEPOINT_EVENT(_name, _proto, _args, _fields) \
164 LTTNG_TRACEPOINT_EVENT(compat_syscall_entry_##_name, PARAMS(_proto), PARAMS(_args), \
166 #define SC_LTTNG_TRACEPOINT_EVENT_CODE(_name, _proto, _args, _locvar, _code_pre, _fields, _code_post) \
167 LTTNG_TRACEPOINT_EVENT_CODE(compat_syscall_entry_##_name, PARAMS(_proto), PARAMS(_args), \
168 PARAMS(_locvar), PARAMS(_code_pre), PARAMS(_fields), PARAMS(_code_post))
169 #define SC_LTTNG_TRACEPOINT_EVENT_CLASS_NOARGS(_name, _fields) \
170 LTTNG_TRACEPOINT_EVENT_CLASS_NOARGS(compat_syscall_entry_##_name, PARAMS(_fields))
171 #define SC_LTTNG_TRACEPOINT_EVENT_INSTANCE_NOARGS(_template, _name) \
172 LTTNG_TRACEPOINT_EVENT_INSTANCE_NOARGS(compat_syscall_entry_##_template, \
173 compat_syscall_entry_##_name)
174 /* Enumerations only defined at inital inclusion (not here). */
175 #define SC_LTTNG_TRACEPOINT_ENUM(_name, _values)
176 #define TRACE_SYSTEM compat_syscall_entry_integers
177 #define TRACE_INCLUDE_FILE compat_syscalls_integers
178 #include <instrumentation/syscalls/headers/compat_syscalls_integers.h>
179 #undef TRACE_INCLUDE_FILE
181 #define TRACE_SYSTEM compat_syscall_entry_pointers
182 #define TRACE_INCLUDE_FILE compat_syscalls_pointers
183 #include <instrumentation/syscalls/headers/compat_syscalls_pointers.h>
184 #undef TRACE_INCLUDE_FILE
186 #undef SC_LTTNG_TRACEPOINT_ENUM
187 #undef SC_LTTNG_TRACEPOINT_EVENT_CODE
188 #undef SC_LTTNG_TRACEPOINT_EVENT
189 #undef SC_LTTNG_TRACEPOINT_EVENT_CLASS_NOARGS
190 #undef SC_LTTNG_TRACEPOINT_EVENT_INSTANCE_NOARGS
192 #undef _TRACE_SYSCALLS_INTEGERS_H
193 #undef _TRACE_SYSCALLS_POINTERS_H
194 #undef LTTNG_SC_COMPAT
201 #define sc_exit(...) __VA_ARGS__
205 #define sc_out(...) __VA_ARGS__
207 #define sc_inout(...) __VA_ARGS__
209 /* Hijack probe callback for system call exit */
210 #define TP_PROBE_CB(_template) &syscall_exit_event_probe
211 #define SC_LTTNG_TRACEPOINT_EVENT(_name, _proto, _args, _fields) \
212 LTTNG_TRACEPOINT_EVENT(syscall_exit_##_name, PARAMS(_proto), PARAMS(_args), \
214 #define SC_LTTNG_TRACEPOINT_EVENT_CODE(_name, _proto, _args, _locvar, _code_pre, _fields, _code_post) \
215 LTTNG_TRACEPOINT_EVENT_CODE(syscall_exit_##_name, PARAMS(_proto), PARAMS(_args), \
216 PARAMS(_locvar), PARAMS(_code_pre), PARAMS(_fields), PARAMS(_code_post))
217 #define SC_LTTNG_TRACEPOINT_EVENT_CLASS_NOARGS(_name, _fields) \
218 LTTNG_TRACEPOINT_EVENT_CLASS_NOARGS(syscall_exit_##_name, PARAMS(_fields))
219 #define SC_LTTNG_TRACEPOINT_EVENT_INSTANCE_NOARGS(_template, _name) \
220 LTTNG_TRACEPOINT_EVENT_INSTANCE_NOARGS(syscall_exit_##_template, \
221 syscall_exit_##_name)
222 /* Enumerations only defined at inital inclusion (not here). */
223 #define SC_LTTNG_TRACEPOINT_ENUM(_name, _values)
224 #define TRACE_SYSTEM syscall_exit_integers
225 #define TRACE_INCLUDE_FILE syscalls_integers
226 #include <instrumentation/syscalls/headers/syscalls_integers.h>
227 #undef TRACE_INCLUDE_FILE
229 #define TRACE_SYSTEM syscall_exit_pointers
230 #define TRACE_INCLUDE_FILE syscalls_pointers
231 #include <instrumentation/syscalls/headers/syscalls_pointers.h>
232 #undef TRACE_INCLUDE_FILE
234 #undef SC_LTTNG_TRACEPOINT_ENUM
235 #undef SC_LTTNG_TRACEPOINT_EVENT_CODE
236 #undef SC_LTTNG_TRACEPOINT_EVENT
237 #undef SC_LTTNG_TRACEPOINT_EVENT_CLASS_NOARGS
238 #undef SC_LTTNG_TRACEPOINT_EVENT_INSTANCE_NOARGS
240 #undef _TRACE_SYSCALLS_INTEGERS_H
241 #undef _TRACE_SYSCALLS_POINTERS_H
244 /* Hijack probe callback for compat system call exit */
245 #define TP_PROBE_CB(_template) &syscall_exit_event_probe
246 #define LTTNG_SC_COMPAT
247 #define SC_LTTNG_TRACEPOINT_EVENT(_name, _proto, _args, _fields) \
248 LTTNG_TRACEPOINT_EVENT(compat_syscall_exit_##_name, PARAMS(_proto), PARAMS(_args), \
250 #define SC_LTTNG_TRACEPOINT_EVENT_CODE(_name, _proto, _args, _locvar, _code_pre, _fields, _code_post) \
251 LTTNG_TRACEPOINT_EVENT_CODE(compat_syscall_exit_##_name, PARAMS(_proto), PARAMS(_args), \
252 PARAMS(_locvar), PARAMS(_code_pre), PARAMS(_fields), PARAMS(_code_post))
253 #define SC_LTTNG_TRACEPOINT_EVENT_CLASS_NOARGS(_name, _fields) \
254 LTTNG_TRACEPOINT_EVENT_CLASS_NOARGS(compat_syscall_exit_##_name, PARAMS(_fields))
255 #define SC_LTTNG_TRACEPOINT_EVENT_INSTANCE_NOARGS(_template, _name) \
256 LTTNG_TRACEPOINT_EVENT_INSTANCE_NOARGS(compat_syscall_exit_##_template, \
257 compat_syscall_exit_##_name)
258 /* Enumerations only defined at inital inclusion (not here). */
259 #define SC_LTTNG_TRACEPOINT_ENUM(_name, _values)
260 #define TRACE_SYSTEM compat_syscall_exit_integers
261 #define TRACE_INCLUDE_FILE compat_syscalls_integers
262 #include <instrumentation/syscalls/headers/compat_syscalls_integers.h>
263 #undef TRACE_INCLUDE_FILE
265 #define TRACE_SYSTEM compat_syscall_exit_pointers
266 #define TRACE_INCLUDE_FILE compat_syscalls_pointers
267 #include <instrumentation/syscalls/headers/compat_syscalls_pointers.h>
268 #undef TRACE_INCLUDE_FILE
270 #undef SC_LTTNG_TRACEPOINT_ENUM
271 #undef SC_LTTNG_TRACEPOINT_EVENT_CODE
272 #undef SC_LTTNG_TRACEPOINT_EVENT
273 #undef SC_LTTNG_TRACEPOINT_EVENT_CLASS_NOARGS
274 #undef SC_LTTNG_TRACEPOINT_EVENT_INSTANCE_NOARGS
276 #undef _TRACE_SYSCALLS_INTEGERS_H
277 #undef _TRACE_SYSCALLS_POINTERS_H
278 #undef LTTNG_SC_COMPAT
282 #undef TP_MODULE_NOINIT
283 #undef LTTNG_PACKAGE_BUILD
284 #undef CREATE_TRACE_POINTS
286 struct trace_syscall_entry
{
288 const struct lttng_event_desc
*desc
;
289 const struct lttng_event_field
*fields
;
293 #define CREATE_SYSCALL_TABLE
300 #undef TRACE_SYSCALL_TABLE
301 #define TRACE_SYSCALL_TABLE(_template, _name, _nr, _nrargs) \
303 .event_func = __event_probe__syscall_entry_##_template, \
304 .nrargs = (_nrargs), \
305 .fields = __event_fields___syscall_entry_##_template, \
306 .desc = &__event_desc___syscall_entry_##_name, \
309 /* Event syscall enter tracing table */
310 static const struct trace_syscall_entry sc_table
[] = {
311 #include <instrumentation/syscalls/headers/syscalls_integers.h>
312 #include <instrumentation/syscalls/headers/syscalls_pointers.h>
315 #undef TRACE_SYSCALL_TABLE
316 #define TRACE_SYSCALL_TABLE(_template, _name, _nr, _nrargs) \
318 .event_func = __event_probe__compat_syscall_entry_##_template, \
319 .nrargs = (_nrargs), \
320 .fields = __event_fields___compat_syscall_entry_##_template, \
321 .desc = &__event_desc___compat_syscall_entry_##_name, \
324 /* Event compat syscall enter table */
325 const struct trace_syscall_entry compat_sc_table
[] = {
326 #include <instrumentation/syscalls/headers/compat_syscalls_integers.h>
327 #include <instrumentation/syscalls/headers/compat_syscalls_pointers.h>
335 #define sc_exit(...) __VA_ARGS__
337 #undef TRACE_SYSCALL_TABLE
338 #define TRACE_SYSCALL_TABLE(_template, _name, _nr, _nrargs) \
340 .event_func = __event_probe__syscall_exit_##_template, \
341 .nrargs = (_nrargs), \
342 .fields = __event_fields___syscall_exit_##_template, \
343 .desc = &__event_desc___syscall_exit_##_name, \
346 /* Event syscall exit table */
347 static const struct trace_syscall_entry sc_exit_table
[] = {
348 #include <instrumentation/syscalls/headers/syscalls_integers.h>
349 #include <instrumentation/syscalls/headers/syscalls_pointers.h>
352 #undef TRACE_SYSCALL_TABLE
353 #define TRACE_SYSCALL_TABLE(_template, _name, _nr, _nrargs) \
355 .event_func = __event_probe__compat_syscall_exit_##_template, \
356 .nrargs = (_nrargs), \
357 .fields = __event_fields___compat_syscall_exit_##_template, \
358 .desc = &__event_desc___compat_syscall_exit_##_name, \
361 /* Event compat syscall exit table */
362 const struct trace_syscall_entry compat_sc_exit_table
[] = {
363 #include <instrumentation/syscalls/headers/compat_syscalls_integers.h>
364 #include <instrumentation/syscalls/headers/compat_syscalls_pointers.h>
369 #undef CREATE_SYSCALL_TABLE
371 struct lttng_syscall_filter
{
372 DECLARE_BITMAP(sc_entry
, NR_syscalls
);
373 DECLARE_BITMAP(sc_exit
, NR_syscalls
);
374 DECLARE_BITMAP(sc_compat_entry
, NR_compat_syscalls
);
375 DECLARE_BITMAP(sc_compat_exit
, NR_compat_syscalls
);
378 static void syscall_entry_event_unknown(struct lttng_event
*event
,
379 struct pt_regs
*regs
, unsigned int id
)
381 unsigned long args
[LTTNG_SYSCALL_NR_ARGS
];
383 lttng_syscall_get_arguments(current
, regs
, args
);
384 if (unlikely(in_compat_syscall()))
385 __event_probe__compat_syscall_entry_unknown(event
, id
, args
);
387 __event_probe__syscall_entry_unknown(event
, id
, args
);
390 static __always_inline
391 void syscall_entry_call_func(void *func
, unsigned int nrargs
, void *data
,
392 struct pt_regs
*regs
)
397 void (*fptr
)(void *__data
) = func
;
404 void (*fptr
)(void *__data
, unsigned long arg0
) = func
;
405 unsigned long args
[LTTNG_SYSCALL_NR_ARGS
];
407 lttng_syscall_get_arguments(current
, regs
, args
);
413 void (*fptr
)(void *__data
,
415 unsigned long arg1
) = func
;
416 unsigned long args
[LTTNG_SYSCALL_NR_ARGS
];
418 lttng_syscall_get_arguments(current
, regs
, args
);
419 fptr(data
, args
[0], args
[1]);
424 void (*fptr
)(void *__data
,
427 unsigned long arg2
) = func
;
428 unsigned long args
[LTTNG_SYSCALL_NR_ARGS
];
430 lttng_syscall_get_arguments(current
, regs
, args
);
431 fptr(data
, args
[0], args
[1], args
[2]);
436 void (*fptr
)(void *__data
,
440 unsigned long arg3
) = func
;
441 unsigned long args
[LTTNG_SYSCALL_NR_ARGS
];
443 lttng_syscall_get_arguments(current
, regs
, args
);
444 fptr(data
, args
[0], args
[1], args
[2], args
[3]);
449 void (*fptr
)(void *__data
,
454 unsigned long arg4
) = func
;
455 unsigned long args
[LTTNG_SYSCALL_NR_ARGS
];
457 lttng_syscall_get_arguments(current
, regs
, args
);
458 fptr(data
, args
[0], args
[1], args
[2], args
[3], args
[4]);
463 void (*fptr
)(void *__data
,
469 unsigned long arg5
) = func
;
470 unsigned long args
[LTTNG_SYSCALL_NR_ARGS
];
472 lttng_syscall_get_arguments(current
, regs
, args
);
473 fptr(data
, args
[0], args
[1], args
[2],
474 args
[3], args
[4], args
[5]);
482 void syscall_entry_event_probe(void *__data
, struct pt_regs
*regs
, long id
)
484 struct lttng_channel
*chan
= __data
;
485 struct lttng_event
*event
, *unknown_event
;
486 const struct trace_syscall_entry
*table
, *entry
;
489 if (unlikely(in_compat_syscall())) {
490 struct lttng_syscall_filter
*filter
= chan
->sc_filter
;
492 if (id
< 0 || id
>= NR_compat_syscalls
493 || (!READ_ONCE(chan
->syscall_all
) && !test_bit(id
, filter
->sc_compat_entry
))) {
494 /* System call filtered out. */
497 table
= compat_sc_table
;
498 table_len
= ARRAY_SIZE(compat_sc_table
);
499 unknown_event
= chan
->sc_compat_unknown
;
501 struct lttng_syscall_filter
*filter
= chan
->sc_filter
;
503 if (id
< 0 || id
>= NR_syscalls
504 || (!READ_ONCE(chan
->syscall_all
) && !test_bit(id
, filter
->sc_entry
))) {
505 /* System call filtered out. */
509 table_len
= ARRAY_SIZE(sc_table
);
510 unknown_event
= chan
->sc_unknown
;
512 if (unlikely(id
< 0 || id
>= table_len
)) {
513 syscall_entry_event_unknown(unknown_event
, regs
, id
);
516 if (unlikely(in_compat_syscall()))
517 event
= chan
->compat_sc_table
[id
];
519 event
= chan
->sc_table
[id
];
520 if (unlikely(!event
)) {
521 syscall_entry_event_unknown(unknown_event
, regs
, id
);
525 WARN_ON_ONCE(!entry
->event_func
);
526 syscall_entry_call_func(entry
->event_func
, entry
->nrargs
, event
, regs
);
529 static void syscall_exit_event_unknown(struct lttng_event
*event
,
530 struct pt_regs
*regs
, int id
, long ret
)
532 unsigned long args
[LTTNG_SYSCALL_NR_ARGS
];
534 lttng_syscall_get_arguments(current
, regs
, args
);
535 if (unlikely(in_compat_syscall()))
536 __event_probe__compat_syscall_exit_unknown(event
, id
, ret
,
539 __event_probe__syscall_exit_unknown(event
, id
, ret
, args
);
542 void syscall_exit_event_probe(void *__data
, struct pt_regs
*regs
, long ret
)
544 struct lttng_channel
*chan
= __data
;
545 struct lttng_event
*event
, *unknown_event
;
546 const struct trace_syscall_entry
*table
, *entry
;
550 id
= syscall_get_nr(current
, regs
);
551 if (unlikely(in_compat_syscall())) {
552 struct lttng_syscall_filter
*filter
= chan
->sc_filter
;
554 if (id
< 0 || id
>= NR_compat_syscalls
555 || (!READ_ONCE(chan
->syscall_all
) && !test_bit(id
, filter
->sc_compat_exit
))) {
556 /* System call filtered out. */
559 table
= compat_sc_exit_table
;
560 table_len
= ARRAY_SIZE(compat_sc_exit_table
);
561 unknown_event
= chan
->compat_sc_exit_unknown
;
563 struct lttng_syscall_filter
*filter
= chan
->sc_filter
;
565 if (id
< 0 || id
>= NR_syscalls
566 || (!READ_ONCE(chan
->syscall_all
) && !test_bit(id
, filter
->sc_exit
))) {
567 /* System call filtered out. */
570 table
= sc_exit_table
;
571 table_len
= ARRAY_SIZE(sc_exit_table
);
572 unknown_event
= chan
->sc_exit_unknown
;
574 if (unlikely(id
< 0 || id
>= table_len
)) {
575 syscall_exit_event_unknown(unknown_event
, regs
, id
, ret
);
578 if (unlikely(in_compat_syscall()))
579 event
= chan
->compat_sc_exit_table
[id
];
581 event
= chan
->sc_exit_table
[id
];
582 if (unlikely(!event
)) {
583 syscall_exit_event_unknown(unknown_event
, regs
, id
, ret
);
587 WARN_ON_ONCE(!entry
->event_func
);
589 switch (entry
->nrargs
) {
592 void (*fptr
)(void *__data
, long ret
) = entry
->event_func
;
599 void (*fptr
)(void *__data
,
601 unsigned long arg0
) = entry
->event_func
;
602 unsigned long args
[LTTNG_SYSCALL_NR_ARGS
];
604 lttng_syscall_get_arguments(current
, regs
, args
);
605 fptr(event
, ret
, args
[0]);
610 void (*fptr
)(void *__data
,
613 unsigned long arg1
) = entry
->event_func
;
614 unsigned long args
[LTTNG_SYSCALL_NR_ARGS
];
616 lttng_syscall_get_arguments(current
, regs
, args
);
617 fptr(event
, ret
, args
[0], args
[1]);
622 void (*fptr
)(void *__data
,
626 unsigned long arg2
) = entry
->event_func
;
627 unsigned long args
[LTTNG_SYSCALL_NR_ARGS
];
629 lttng_syscall_get_arguments(current
, regs
, args
);
630 fptr(event
, ret
, args
[0], args
[1], args
[2]);
635 void (*fptr
)(void *__data
,
640 unsigned long arg3
) = entry
->event_func
;
641 unsigned long args
[LTTNG_SYSCALL_NR_ARGS
];
643 lttng_syscall_get_arguments(current
, regs
, args
);
644 fptr(event
, ret
, args
[0], args
[1], args
[2], args
[3]);
649 void (*fptr
)(void *__data
,
655 unsigned long arg4
) = entry
->event_func
;
656 unsigned long args
[LTTNG_SYSCALL_NR_ARGS
];
658 lttng_syscall_get_arguments(current
, regs
, args
);
659 fptr(event
, ret
, args
[0], args
[1], args
[2], args
[3], args
[4]);
664 void (*fptr
)(void *__data
,
671 unsigned long arg5
) = entry
->event_func
;
672 unsigned long args
[LTTNG_SYSCALL_NR_ARGS
];
674 lttng_syscall_get_arguments(current
, regs
, args
);
675 fptr(event
, ret
, args
[0], args
[1], args
[2],
676 args
[3], args
[4], args
[5]);
685 * noinline to diminish caller stack size.
686 * Should be called with sessions lock held.
689 int fill_event_table(const struct trace_syscall_entry
*table
, size_t table_len
,
690 struct lttng_event
**chan_table
, struct lttng_channel
*chan
,
691 void *filter
, enum sc_type type
)
693 const struct lttng_event_desc
*desc
;
696 /* Allocate events for each syscall, insert into table */
697 for (i
= 0; i
< table_len
; i
++) {
698 struct lttng_kernel_event ev
;
699 desc
= table
[i
].desc
;
702 /* Unknown syscall */
706 * Skip those already populated by previous failed
707 * register for this channel.
711 memset(&ev
, 0, sizeof(ev
));
714 ev
.u
.syscall
.entryexit
= LTTNG_KERNEL_SYSCALL_ENTRY
;
715 ev
.u
.syscall
.abi
= LTTNG_KERNEL_SYSCALL_ABI_NATIVE
;
718 ev
.u
.syscall
.entryexit
= LTTNG_KERNEL_SYSCALL_EXIT
;
719 ev
.u
.syscall
.abi
= LTTNG_KERNEL_SYSCALL_ABI_NATIVE
;
721 case SC_TYPE_COMPAT_ENTRY
:
722 ev
.u
.syscall
.entryexit
= LTTNG_KERNEL_SYSCALL_ENTRY
;
723 ev
.u
.syscall
.abi
= LTTNG_KERNEL_SYSCALL_ABI_COMPAT
;
725 case SC_TYPE_COMPAT_EXIT
:
726 ev
.u
.syscall
.entryexit
= LTTNG_KERNEL_SYSCALL_EXIT
;
727 ev
.u
.syscall
.abi
= LTTNG_KERNEL_SYSCALL_ABI_COMPAT
;
730 strncpy(ev
.name
, desc
->name
, LTTNG_KERNEL_SYM_NAME_LEN
- 1);
731 ev
.name
[LTTNG_KERNEL_SYM_NAME_LEN
- 1] = '\0';
732 ev
.instrumentation
= LTTNG_KERNEL_SYSCALL
;
733 chan_table
[i
] = _lttng_event_create(chan
, &ev
, filter
,
734 desc
, ev
.instrumentation
);
735 WARN_ON_ONCE(!chan_table
[i
]);
736 if (IS_ERR(chan_table
[i
])) {
738 * If something goes wrong in event registration
739 * after the first one, we have no choice but to
740 * leave the previous events in there, until
741 * deleted by session teardown.
743 return PTR_ERR(chan_table
[i
]);
750 * Should be called with sessions lock held.
752 int lttng_syscalls_register_event(struct lttng_channel
*chan
, void *filter
)
754 struct lttng_kernel_event ev
;
757 wrapper_vmalloc_sync_mappings();
759 if (!chan
->sc_table
) {
760 /* create syscall table mapping syscall to events */
761 chan
->sc_table
= kzalloc(sizeof(struct lttng_event
*)
762 * ARRAY_SIZE(sc_table
), GFP_KERNEL
);
766 if (!chan
->sc_exit_table
) {
767 /* create syscall table mapping syscall to events */
768 chan
->sc_exit_table
= kzalloc(sizeof(struct lttng_event
*)
769 * ARRAY_SIZE(sc_exit_table
), GFP_KERNEL
);
770 if (!chan
->sc_exit_table
)
776 if (!chan
->compat_sc_table
) {
777 /* create syscall table mapping compat syscall to events */
778 chan
->compat_sc_table
= kzalloc(sizeof(struct lttng_event
*)
779 * ARRAY_SIZE(compat_sc_table
), GFP_KERNEL
);
780 if (!chan
->compat_sc_table
)
784 if (!chan
->compat_sc_exit_table
) {
785 /* create syscall table mapping compat syscall to events */
786 chan
->compat_sc_exit_table
= kzalloc(sizeof(struct lttng_event
*)
787 * ARRAY_SIZE(compat_sc_exit_table
), GFP_KERNEL
);
788 if (!chan
->compat_sc_exit_table
)
792 if (!chan
->sc_unknown
) {
793 const struct lttng_event_desc
*desc
=
794 &__event_desc___syscall_entry_unknown
;
796 memset(&ev
, 0, sizeof(ev
));
797 strncpy(ev
.name
, desc
->name
, LTTNG_KERNEL_SYM_NAME_LEN
);
798 ev
.name
[LTTNG_KERNEL_SYM_NAME_LEN
- 1] = '\0';
799 ev
.instrumentation
= LTTNG_KERNEL_SYSCALL
;
800 ev
.u
.syscall
.entryexit
= LTTNG_KERNEL_SYSCALL_ENTRY
;
801 ev
.u
.syscall
.abi
= LTTNG_KERNEL_SYSCALL_ABI_NATIVE
;
802 chan
->sc_unknown
= _lttng_event_create(chan
, &ev
, filter
,
805 WARN_ON_ONCE(!chan
->sc_unknown
);
806 if (IS_ERR(chan
->sc_unknown
)) {
807 return PTR_ERR(chan
->sc_unknown
);
811 if (!chan
->sc_compat_unknown
) {
812 const struct lttng_event_desc
*desc
=
813 &__event_desc___compat_syscall_entry_unknown
;
815 memset(&ev
, 0, sizeof(ev
));
816 strncpy(ev
.name
, desc
->name
, LTTNG_KERNEL_SYM_NAME_LEN
);
817 ev
.name
[LTTNG_KERNEL_SYM_NAME_LEN
- 1] = '\0';
818 ev
.instrumentation
= LTTNG_KERNEL_SYSCALL
;
819 ev
.u
.syscall
.entryexit
= LTTNG_KERNEL_SYSCALL_ENTRY
;
820 ev
.u
.syscall
.abi
= LTTNG_KERNEL_SYSCALL_ABI_COMPAT
;
821 chan
->sc_compat_unknown
= _lttng_event_create(chan
, &ev
, filter
,
824 WARN_ON_ONCE(!chan
->sc_unknown
);
825 if (IS_ERR(chan
->sc_compat_unknown
)) {
826 return PTR_ERR(chan
->sc_compat_unknown
);
830 if (!chan
->compat_sc_exit_unknown
) {
831 const struct lttng_event_desc
*desc
=
832 &__event_desc___compat_syscall_exit_unknown
;
834 memset(&ev
, 0, sizeof(ev
));
835 strncpy(ev
.name
, desc
->name
, LTTNG_KERNEL_SYM_NAME_LEN
);
836 ev
.name
[LTTNG_KERNEL_SYM_NAME_LEN
- 1] = '\0';
837 ev
.instrumentation
= LTTNG_KERNEL_SYSCALL
;
838 ev
.u
.syscall
.entryexit
= LTTNG_KERNEL_SYSCALL_EXIT
;
839 ev
.u
.syscall
.abi
= LTTNG_KERNEL_SYSCALL_ABI_COMPAT
;
840 chan
->compat_sc_exit_unknown
= _lttng_event_create(chan
, &ev
,
843 WARN_ON_ONCE(!chan
->compat_sc_exit_unknown
);
844 if (IS_ERR(chan
->compat_sc_exit_unknown
)) {
845 return PTR_ERR(chan
->compat_sc_exit_unknown
);
849 if (!chan
->sc_exit_unknown
) {
850 const struct lttng_event_desc
*desc
=
851 &__event_desc___syscall_exit_unknown
;
853 memset(&ev
, 0, sizeof(ev
));
854 strncpy(ev
.name
, desc
->name
, LTTNG_KERNEL_SYM_NAME_LEN
);
855 ev
.name
[LTTNG_KERNEL_SYM_NAME_LEN
- 1] = '\0';
856 ev
.instrumentation
= LTTNG_KERNEL_SYSCALL
;
857 ev
.u
.syscall
.entryexit
= LTTNG_KERNEL_SYSCALL_EXIT
;
858 ev
.u
.syscall
.abi
= LTTNG_KERNEL_SYSCALL_ABI_NATIVE
;
859 chan
->sc_exit_unknown
= _lttng_event_create(chan
, &ev
, filter
,
860 desc
, ev
.instrumentation
);
861 WARN_ON_ONCE(!chan
->sc_exit_unknown
);
862 if (IS_ERR(chan
->sc_exit_unknown
)) {
863 return PTR_ERR(chan
->sc_exit_unknown
);
867 ret
= fill_event_table(sc_table
, ARRAY_SIZE(sc_table
),
868 chan
->sc_table
, chan
, filter
, SC_TYPE_ENTRY
);
871 ret
= fill_event_table(sc_exit_table
, ARRAY_SIZE(sc_exit_table
),
872 chan
->sc_exit_table
, chan
, filter
, SC_TYPE_EXIT
);
877 ret
= fill_event_table(compat_sc_table
, ARRAY_SIZE(compat_sc_table
),
878 chan
->compat_sc_table
, chan
, filter
,
879 SC_TYPE_COMPAT_ENTRY
);
882 ret
= fill_event_table(compat_sc_exit_table
, ARRAY_SIZE(compat_sc_exit_table
),
883 chan
->compat_sc_exit_table
, chan
, filter
,
884 SC_TYPE_COMPAT_EXIT
);
889 if (!chan
->sc_filter
) {
890 chan
->sc_filter
= kzalloc(sizeof(struct lttng_syscall_filter
),
892 if (!chan
->sc_filter
)
896 if (!chan
->sys_enter_registered
) {
897 ret
= lttng_wrapper_tracepoint_probe_register("sys_enter",
898 (void *) syscall_entry_event_probe
, chan
);
901 chan
->sys_enter_registered
= 1;
904 * We change the name of sys_exit tracepoint due to namespace
905 * conflict with sys_exit syscall entry.
907 if (!chan
->sys_exit_registered
) {
908 ret
= lttng_wrapper_tracepoint_probe_register("sys_exit",
909 (void *) syscall_exit_event_probe
, chan
);
911 WARN_ON_ONCE(lttng_wrapper_tracepoint_probe_unregister("sys_enter",
912 (void *) syscall_entry_event_probe
, chan
));
915 chan
->sys_exit_registered
= 1;
921 * Only called at session destruction.
923 int lttng_syscalls_unregister_event(struct lttng_channel
*chan
)
929 if (chan
->sys_enter_registered
) {
930 ret
= lttng_wrapper_tracepoint_probe_unregister("sys_enter",
931 (void *) syscall_entry_event_probe
, chan
);
934 chan
->sys_enter_registered
= 0;
936 if (chan
->sys_exit_registered
) {
937 ret
= lttng_wrapper_tracepoint_probe_unregister("sys_exit",
938 (void *) syscall_exit_event_probe
, chan
);
941 chan
->sys_exit_registered
= 0;
946 int lttng_syscalls_destroy_event(struct lttng_channel
*chan
)
948 kfree(chan
->sc_table
);
949 kfree(chan
->sc_exit_table
);
951 kfree(chan
->compat_sc_table
);
952 kfree(chan
->compat_sc_exit_table
);
954 kfree(chan
->sc_filter
);
959 int get_syscall_nr(const char *syscall_name
)
964 for (i
= 0; i
< ARRAY_SIZE(sc_table
); i
++) {
965 const struct trace_syscall_entry
*entry
;
968 entry
= &sc_table
[i
];
971 it_name
= entry
->desc
->name
;
972 it_name
+= strlen(SYSCALL_ENTRY_STR
);
973 if (!strcmp(syscall_name
, it_name
)) {
982 int get_compat_syscall_nr(const char *syscall_name
)
987 for (i
= 0; i
< ARRAY_SIZE(compat_sc_table
); i
++) {
988 const struct trace_syscall_entry
*entry
;
991 entry
= &compat_sc_table
[i
];
994 it_name
= entry
->desc
->name
;
995 it_name
+= strlen(COMPAT_SYSCALL_ENTRY_STR
);
996 if (!strcmp(syscall_name
, it_name
)) {
1005 uint32_t get_sc_tables_len(void)
1007 return ARRAY_SIZE(sc_table
) + ARRAY_SIZE(compat_sc_table
);
1011 const char *get_syscall_name(const char *desc_name
,
1012 enum lttng_syscall_abi abi
,
1013 enum lttng_syscall_entryexit entryexit
)
1015 size_t prefix_len
= 0;
1018 switch (entryexit
) {
1019 case LTTNG_SYSCALL_ENTRY
:
1021 case LTTNG_SYSCALL_ABI_NATIVE
:
1022 prefix_len
= strlen(SYSCALL_ENTRY_STR
);
1024 case LTTNG_SYSCALL_ABI_COMPAT
:
1025 prefix_len
= strlen(COMPAT_SYSCALL_ENTRY_STR
);
1029 case LTTNG_SYSCALL_EXIT
:
1031 case LTTNG_SYSCALL_ABI_NATIVE
:
1032 prefix_len
= strlen(SYSCALL_EXIT_STR
);
1034 case LTTNG_SYSCALL_ABI_COMPAT
:
1035 prefix_len
= strlen(COMPAT_SYSCALL_EXIT_STR
);
1040 WARN_ON_ONCE(prefix_len
== 0);
1041 return desc_name
+ prefix_len
;
1045 int lttng_syscall_filter_enable(
1046 struct lttng_syscall_filter
*filter
,
1047 const char *desc_name
, enum lttng_syscall_abi abi
,
1048 enum lttng_syscall_entryexit entryexit
)
1050 const char *syscall_name
;
1051 unsigned long *bitmap
;
1054 syscall_name
= get_syscall_name(desc_name
, abi
, entryexit
);
1057 case LTTNG_SYSCALL_ABI_NATIVE
:
1058 syscall_nr
= get_syscall_nr(syscall_name
);
1060 case LTTNG_SYSCALL_ABI_COMPAT
:
1061 syscall_nr
= get_compat_syscall_nr(syscall_name
);
1069 switch (entryexit
) {
1070 case LTTNG_SYSCALL_ENTRY
:
1072 case LTTNG_SYSCALL_ABI_NATIVE
:
1073 bitmap
= filter
->sc_entry
;
1075 case LTTNG_SYSCALL_ABI_COMPAT
:
1076 bitmap
= filter
->sc_compat_entry
;
1082 case LTTNG_SYSCALL_EXIT
:
1084 case LTTNG_SYSCALL_ABI_NATIVE
:
1085 bitmap
= filter
->sc_exit
;
1087 case LTTNG_SYSCALL_ABI_COMPAT
:
1088 bitmap
= filter
->sc_compat_exit
;
1097 if (test_bit(syscall_nr
, bitmap
))
1099 bitmap_set(bitmap
, syscall_nr
, 1);
1103 int lttng_syscall_filter_enable_event(
1104 struct lttng_channel
*channel
,
1105 struct lttng_event
*event
)
1107 WARN_ON_ONCE(event
->instrumentation
!= LTTNG_KERNEL_SYSCALL
);
1109 return lttng_syscall_filter_enable(channel
->sc_filter
,
1110 event
->desc
->name
, event
->u
.syscall
.abi
,
1111 event
->u
.syscall
.entryexit
);
1115 int lttng_syscall_filter_disable(
1116 struct lttng_syscall_filter
*filter
,
1117 const char *desc_name
, enum lttng_syscall_abi abi
,
1118 enum lttng_syscall_entryexit entryexit
)
1120 const char *syscall_name
;
1121 unsigned long *bitmap
;
1124 syscall_name
= get_syscall_name(desc_name
, abi
, entryexit
);
1127 case LTTNG_SYSCALL_ABI_NATIVE
:
1128 syscall_nr
= get_syscall_nr(syscall_name
);
1130 case LTTNG_SYSCALL_ABI_COMPAT
:
1131 syscall_nr
= get_compat_syscall_nr(syscall_name
);
1139 switch (entryexit
) {
1140 case LTTNG_SYSCALL_ENTRY
:
1142 case LTTNG_SYSCALL_ABI_NATIVE
:
1143 bitmap
= filter
->sc_entry
;
1145 case LTTNG_SYSCALL_ABI_COMPAT
:
1146 bitmap
= filter
->sc_compat_entry
;
1152 case LTTNG_SYSCALL_EXIT
:
1154 case LTTNG_SYSCALL_ABI_NATIVE
:
1155 bitmap
= filter
->sc_exit
;
1157 case LTTNG_SYSCALL_ABI_COMPAT
:
1158 bitmap
= filter
->sc_compat_exit
;
1167 if (!test_bit(syscall_nr
, bitmap
))
1169 bitmap_clear(bitmap
, syscall_nr
, 1);
1174 int lttng_syscall_filter_disable_event(
1175 struct lttng_channel
*channel
,
1176 struct lttng_event
*event
)
1178 return lttng_syscall_filter_disable(channel
->sc_filter
,
1179 event
->desc
->name
, event
->u
.syscall
.abi
,
1180 event
->u
.syscall
.entryexit
);
1184 const struct trace_syscall_entry
*syscall_list_get_entry(loff_t
*pos
)
1186 const struct trace_syscall_entry
*entry
;
1189 for (entry
= sc_table
;
1190 entry
< sc_table
+ ARRAY_SIZE(sc_table
);
1195 for (entry
= compat_sc_table
;
1196 entry
< compat_sc_table
+ ARRAY_SIZE(compat_sc_table
);
1206 void *syscall_list_start(struct seq_file
*m
, loff_t
*pos
)
1208 return (void *) syscall_list_get_entry(pos
);
1212 void *syscall_list_next(struct seq_file
*m
, void *p
, loff_t
*ppos
)
1215 return (void *) syscall_list_get_entry(ppos
);
1219 void syscall_list_stop(struct seq_file
*m
, void *p
)
1224 int get_sc_table(const struct trace_syscall_entry
*entry
,
1225 const struct trace_syscall_entry
**table
,
1226 unsigned int *bitness
)
1228 if (entry
>= sc_table
&& entry
< sc_table
+ ARRAY_SIZE(sc_table
)) {
1230 *bitness
= BITS_PER_LONG
;
1235 if (!(entry
>= compat_sc_table
1236 && entry
< compat_sc_table
+ ARRAY_SIZE(compat_sc_table
))) {
1242 *table
= compat_sc_table
;
1247 int syscall_list_show(struct seq_file
*m
, void *p
)
1249 const struct trace_syscall_entry
*table
, *entry
= p
;
1250 unsigned int bitness
;
1251 unsigned long index
;
1255 ret
= get_sc_table(entry
, &table
, &bitness
);
1260 if (table
== sc_table
) {
1261 index
= entry
- table
;
1262 name
= &entry
->desc
->name
[strlen(SYSCALL_ENTRY_STR
)];
1264 index
= (entry
- table
) + ARRAY_SIZE(sc_table
);
1265 name
= &entry
->desc
->name
[strlen(COMPAT_SYSCALL_ENTRY_STR
)];
1267 seq_printf(m
, "syscall { index = %lu; name = %s; bitness = %u; };\n",
1268 index
, name
, bitness
);
1273 const struct seq_operations lttng_syscall_list_seq_ops
= {
1274 .start
= syscall_list_start
,
1275 .next
= syscall_list_next
,
1276 .stop
= syscall_list_stop
,
1277 .show
= syscall_list_show
,
1281 int lttng_syscall_list_open(struct inode
*inode
, struct file
*file
)
1283 return seq_open(file
, <tng_syscall_list_seq_ops
);
1286 const struct file_operations lttng_syscall_list_fops
= {
1287 .owner
= THIS_MODULE
,
1288 .open
= lttng_syscall_list_open
,
1290 .llseek
= seq_lseek
,
1291 .release
= seq_release
,
1295 * A syscall is enabled if it is traced for either entry or exit.
1297 long lttng_channel_syscall_mask(struct lttng_channel
*channel
,
1298 struct lttng_kernel_syscall_mask __user
*usyscall_mask
)
1300 uint32_t len
, sc_tables_len
, bitmask_len
;
1303 struct lttng_syscall_filter
*filter
;
1305 ret
= get_user(len
, &usyscall_mask
->len
);
1308 sc_tables_len
= get_sc_tables_len();
1309 bitmask_len
= ALIGN(sc_tables_len
, 8) >> 3;
1310 if (len
< sc_tables_len
) {
1311 return put_user(sc_tables_len
, &usyscall_mask
->len
);
1313 /* Array is large enough, we can copy array to user-space. */
1314 tmp_mask
= kzalloc(bitmask_len
, GFP_KERNEL
);
1317 filter
= channel
->sc_filter
;
1319 for (bit
= 0; bit
< ARRAY_SIZE(sc_table
); bit
++) {
1322 if (channel
->sc_table
) {
1323 if (!READ_ONCE(channel
->syscall_all
) && filter
)
1324 state
= test_bit(bit
, filter
->sc_entry
)
1325 || test_bit(bit
, filter
->sc_exit
);
1331 bt_bitfield_write_be(tmp_mask
, char, bit
, 1, state
);
1333 for (; bit
< sc_tables_len
; bit
++) {
1336 if (channel
->compat_sc_table
) {
1337 if (!READ_ONCE(channel
->syscall_all
) && filter
)
1338 state
= test_bit(bit
- ARRAY_SIZE(sc_table
),
1339 filter
->sc_compat_entry
)
1340 || test_bit(bit
- ARRAY_SIZE(sc_table
),
1341 filter
->sc_compat_exit
);
1347 bt_bitfield_write_be(tmp_mask
, char, bit
, 1, state
);
1349 if (copy_to_user(usyscall_mask
->mask
, tmp_mask
, bitmask_len
))
1355 int lttng_abi_syscall_list(void)
1357 struct file
*syscall_list_file
;
1360 file_fd
= lttng_get_unused_fd();
1366 syscall_list_file
= anon_inode_getfile("[lttng_syscall_list]",
1367 <tng_syscall_list_fops
,
1369 if (IS_ERR(syscall_list_file
)) {
1370 ret
= PTR_ERR(syscall_list_file
);
1373 ret
= lttng_syscall_list_fops
.open(NULL
, syscall_list_file
);
1376 fd_install(file_fd
, syscall_list_file
);
1380 fput(syscall_list_file
);
1382 put_unused_fd(file_fd
);