1 /* SPDX-License-Identifier: (GPL-2.0-only or LGPL-2.1-only)
5 * LTTng syscall probes.
7 * Copyright (C) 2010-2012 Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
10 #include <linux/module.h>
11 #include <linux/slab.h>
12 #include <linux/compat.h>
13 #include <linux/err.h>
14 #include <linux/bitmap.h>
16 #include <linux/in6.h>
17 #include <linux/seq_file.h>
18 #include <linux/stringify.h>
19 #include <linux/file.h>
20 #include <linux/anon_inodes.h>
21 #include <linux/fcntl.h>
22 #include <linux/mman.h>
23 #include <asm/ptrace.h>
24 #include <asm/syscall.h>
26 #include <lttng/bitfield.h>
27 #include <wrapper/tracepoint.h>
28 #include <wrapper/rcu.h>
29 #include <wrapper/syscall.h>
30 #include <wrapper/limits.h>
31 #include <lttng/events.h>
32 #include <lttng/events-internal.h>
33 #include <lttng/utils.h>
35 #include "lttng-syscalls.h"
38 # ifndef is_compat_task
39 # define is_compat_task() (0)
43 /* in_compat_syscall appears in kernel 4.6. */
44 #ifndef in_compat_syscall
45 #define in_compat_syscall() is_compat_task()
55 #define SYSCALL_ENTRY_TOK syscall_entry_
56 #define COMPAT_SYSCALL_ENTRY_TOK compat_syscall_entry_
57 #define SYSCALL_EXIT_TOK syscall_exit_
58 #define COMPAT_SYSCALL_EXIT_TOK compat_syscall_exit_
60 #define SYSCALL_ENTRY_STR __stringify(SYSCALL_ENTRY_TOK)
61 #define COMPAT_SYSCALL_ENTRY_STR __stringify(COMPAT_SYSCALL_ENTRY_TOK)
62 #define SYSCALL_EXIT_STR __stringify(SYSCALL_EXIT_TOK)
63 #define COMPAT_SYSCALL_EXIT_STR __stringify(COMPAT_SYSCALL_EXIT_TOK)
65 void syscall_entry_event_probe(void *__data
, struct pt_regs
*regs
, long id
);
66 void syscall_exit_event_probe(void *__data
, struct pt_regs
*regs
, long ret
);
68 #ifdef IA32_NR_syscalls
69 #define NR_compat_syscalls IA32_NR_syscalls
71 #define NR_compat_syscalls NR_syscalls
75 * Create LTTng tracepoint probes.
77 #define LTTNG_PACKAGE_BUILD
78 #define CREATE_TRACE_POINTS
79 #define TP_MODULE_NOINIT
80 #define TRACE_INCLUDE_PATH instrumentation/syscalls/headers
82 #define PARAMS(args...) args
84 /* Handle unknown syscalls */
86 #define TRACE_SYSTEM syscalls_unknown
87 #include <instrumentation/syscalls/headers/syscalls_unknown.h>
92 extern const struct trace_syscall_table sc_table
;
93 extern const struct trace_syscall_table compat_sc_table
;
95 /* Event syscall exit table */
96 extern const struct trace_syscall_table sc_exit_table
;
97 extern const struct trace_syscall_table compat_sc_exit_table
;
102 #undef CREATE_SYSCALL_TABLE
104 struct lttng_syscall_filter
{
105 DECLARE_BITMAP(sc_entry
, NR_syscalls
);
106 DECLARE_BITMAP(sc_exit
, NR_syscalls
);
107 DECLARE_BITMAP(sc_compat_entry
, NR_compat_syscalls
);
108 DECLARE_BITMAP(sc_compat_exit
, NR_compat_syscalls
);
111 * Reference counters keeping track of number of events enabled
114 u32 sc_entry_refcount_map
[NR_syscalls
];
115 u32 sc_exit_refcount_map
[NR_syscalls
];
116 u32 sc_compat_entry_refcount_map
[NR_compat_syscalls
];
117 u32 sc_compat_exit_refcount_map
[NR_compat_syscalls
];
120 static void syscall_entry_event_unknown(struct hlist_head
*unknown_action_list_head
,
121 struct pt_regs
*regs
, long id
)
123 unsigned long args
[LTTNG_SYSCALL_NR_ARGS
];
124 struct lttng_kernel_event_common_private
*event_priv
;
126 lttng_syscall_get_arguments(current
, regs
, args
);
127 lttng_hlist_for_each_entry_rcu(event_priv
, unknown_action_list_head
, u
.syscall
.node
) {
128 if (unlikely(in_compat_syscall()))
129 __event_probe__compat_syscall_entry_unknown(event_priv
->pub
, id
, args
);
131 __event_probe__syscall_entry_unknown(event_priv
->pub
, id
, args
);
135 static __always_inline
136 void syscall_entry_event_call_func(struct hlist_head
*action_list
,
137 void *func
, unsigned int nrargs
,
138 struct pt_regs
*regs
)
140 struct lttng_kernel_event_common_private
*event_priv
;
145 void (*fptr
)(void *__data
) = func
;
147 lttng_hlist_for_each_entry_rcu(event_priv
, action_list
, u
.syscall
.node
)
148 fptr(event_priv
->pub
);
153 void (*fptr
)(void *__data
, unsigned long arg0
) = func
;
154 unsigned long args
[LTTNG_SYSCALL_NR_ARGS
];
156 lttng_syscall_get_arguments(current
, regs
, args
);
157 lttng_hlist_for_each_entry_rcu(event_priv
, action_list
, u
.syscall
.node
)
158 fptr(event_priv
->pub
, args
[0]);
163 void (*fptr
)(void *__data
,
165 unsigned long arg1
) = func
;
166 unsigned long args
[LTTNG_SYSCALL_NR_ARGS
];
168 lttng_syscall_get_arguments(current
, regs
, args
);
169 lttng_hlist_for_each_entry_rcu(event_priv
, action_list
, u
.syscall
.node
)
170 fptr(event_priv
->pub
, args
[0], args
[1]);
175 void (*fptr
)(void *__data
,
178 unsigned long arg2
) = func
;
179 unsigned long args
[LTTNG_SYSCALL_NR_ARGS
];
181 lttng_syscall_get_arguments(current
, regs
, args
);
182 lttng_hlist_for_each_entry_rcu(event_priv
, action_list
, u
.syscall
.node
)
183 fptr(event_priv
->pub
, args
[0], args
[1], args
[2]);
188 void (*fptr
)(void *__data
,
192 unsigned long arg3
) = func
;
193 unsigned long args
[LTTNG_SYSCALL_NR_ARGS
];
195 lttng_syscall_get_arguments(current
, regs
, args
);
196 lttng_hlist_for_each_entry_rcu(event_priv
, action_list
, u
.syscall
.node
)
197 fptr(event_priv
->pub
, args
[0], args
[1], args
[2], args
[3]);
202 void (*fptr
)(void *__data
,
207 unsigned long arg4
) = func
;
208 unsigned long args
[LTTNG_SYSCALL_NR_ARGS
];
210 lttng_syscall_get_arguments(current
, regs
, args
);
211 lttng_hlist_for_each_entry_rcu(event_priv
, action_list
, u
.syscall
.node
)
212 fptr(event_priv
->pub
, args
[0], args
[1], args
[2], args
[3], args
[4]);
217 void (*fptr
)(void *__data
,
223 unsigned long arg5
) = func
;
224 unsigned long args
[LTTNG_SYSCALL_NR_ARGS
];
226 lttng_syscall_get_arguments(current
, regs
, args
);
227 lttng_hlist_for_each_entry_rcu(event_priv
, action_list
, u
.syscall
.node
)
228 fptr(event_priv
->pub
, args
[0], args
[1], args
[2],
229 args
[3], args
[4], args
[5]);
237 void syscall_entry_event_probe(void *__data
, struct pt_regs
*regs
, long id
)
239 struct lttng_kernel_syscall_table
*syscall_table
= __data
;
240 struct hlist_head
*action_list
, *unknown_action_list
;
241 const struct trace_syscall_entry
*table
, *entry
;
244 if (unlikely(in_compat_syscall())) {
245 struct lttng_syscall_filter
*filter
= syscall_table
->sc_filter
;
247 if (id
< 0 || id
>= NR_compat_syscalls
248 || (!READ_ONCE(syscall_table
->syscall_all_entry
) && !test_bit(id
, filter
->sc_compat_entry
))) {
249 /* System call filtered out. */
252 table
= compat_sc_table
.table
;
253 table_len
= compat_sc_table
.len
;
254 unknown_action_list
= &syscall_table
->compat_unknown_syscall_dispatch
;
256 struct lttng_syscall_filter
*filter
= syscall_table
->sc_filter
;
258 if (id
< 0 || id
>= NR_syscalls
259 || (!READ_ONCE(syscall_table
->syscall_all_entry
) && !test_bit(id
, filter
->sc_entry
))) {
260 /* System call filtered out. */
263 table
= sc_table
.table
;
264 table_len
= sc_table
.len
;
265 unknown_action_list
= &syscall_table
->unknown_syscall_dispatch
;
267 if (unlikely(id
< 0 || id
>= table_len
)) {
268 syscall_entry_event_unknown(unknown_action_list
, regs
, id
);
273 if (!entry
->event_func
) {
274 syscall_entry_event_unknown(unknown_action_list
, regs
, id
);
278 if (unlikely(in_compat_syscall())) {
279 action_list
= &syscall_table
->compat_syscall_dispatch
[id
];
281 action_list
= &syscall_table
->syscall_dispatch
[id
];
283 if (unlikely(hlist_empty(action_list
)))
286 syscall_entry_event_call_func(action_list
, entry
->event_func
, entry
->nrargs
, regs
);
289 static void syscall_exit_event_unknown(struct hlist_head
*unknown_action_list_head
,
290 struct pt_regs
*regs
, long id
, long ret
)
292 unsigned long args
[LTTNG_SYSCALL_NR_ARGS
];
293 struct lttng_kernel_event_common_private
*event_priv
;
295 lttng_syscall_get_arguments(current
, regs
, args
);
296 lttng_hlist_for_each_entry_rcu(event_priv
, unknown_action_list_head
, u
.syscall
.node
) {
297 if (unlikely(in_compat_syscall()))
298 __event_probe__compat_syscall_exit_unknown(event_priv
->pub
, id
, ret
,
301 __event_probe__syscall_exit_unknown(event_priv
->pub
, id
, ret
, args
);
305 static __always_inline
306 void syscall_exit_event_call_func(struct hlist_head
*action_list
,
307 void *func
, unsigned int nrargs
,
308 struct pt_regs
*regs
, long ret
)
310 struct lttng_kernel_event_common_private
*event_priv
;
315 void (*fptr
)(void *__data
, long ret
) = func
;
317 lttng_hlist_for_each_entry_rcu(event_priv
, action_list
, u
.syscall
.node
)
318 fptr(event_priv
->pub
, ret
);
323 void (*fptr
)(void *__data
,
325 unsigned long arg0
) = func
;
326 unsigned long args
[LTTNG_SYSCALL_NR_ARGS
];
328 lttng_syscall_get_arguments(current
, regs
, args
);
329 lttng_hlist_for_each_entry_rcu(event_priv
, action_list
, u
.syscall
.node
)
330 fptr(event_priv
->pub
, ret
, args
[0]);
335 void (*fptr
)(void *__data
,
338 unsigned long arg1
) = func
;
339 unsigned long args
[LTTNG_SYSCALL_NR_ARGS
];
341 lttng_syscall_get_arguments(current
, regs
, args
);
342 lttng_hlist_for_each_entry_rcu(event_priv
, action_list
, u
.syscall
.node
)
343 fptr(event_priv
->pub
, ret
, args
[0], args
[1]);
348 void (*fptr
)(void *__data
,
352 unsigned long arg2
) = func
;
353 unsigned long args
[LTTNG_SYSCALL_NR_ARGS
];
355 lttng_syscall_get_arguments(current
, regs
, args
);
356 lttng_hlist_for_each_entry_rcu(event_priv
, action_list
, u
.syscall
.node
)
357 fptr(event_priv
->pub
, ret
, args
[0], args
[1], args
[2]);
362 void (*fptr
)(void *__data
,
367 unsigned long arg3
) = func
;
368 unsigned long args
[LTTNG_SYSCALL_NR_ARGS
];
370 lttng_syscall_get_arguments(current
, regs
, args
);
371 lttng_hlist_for_each_entry_rcu(event_priv
, action_list
, u
.syscall
.node
)
372 fptr(event_priv
->pub
, ret
, args
[0], args
[1], args
[2], args
[3]);
377 void (*fptr
)(void *__data
,
383 unsigned long arg4
) = func
;
384 unsigned long args
[LTTNG_SYSCALL_NR_ARGS
];
386 lttng_syscall_get_arguments(current
, regs
, args
);
387 lttng_hlist_for_each_entry_rcu(event_priv
, action_list
, u
.syscall
.node
)
388 fptr(event_priv
->pub
, ret
, args
[0], args
[1], args
[2], args
[3], args
[4]);
393 void (*fptr
)(void *__data
,
400 unsigned long arg5
) = func
;
401 unsigned long args
[LTTNG_SYSCALL_NR_ARGS
];
403 lttng_syscall_get_arguments(current
, regs
, args
);
404 lttng_hlist_for_each_entry_rcu(event_priv
, action_list
, u
.syscall
.node
)
405 fptr(event_priv
->pub
, ret
, args
[0], args
[1], args
[2],
406 args
[3], args
[4], args
[5]);
414 void syscall_exit_event_probe(void *__data
, struct pt_regs
*regs
, long ret
)
416 struct lttng_kernel_syscall_table
*syscall_table
= __data
;
417 struct hlist_head
*action_list
, *unknown_action_list
;
418 const struct trace_syscall_entry
*table
, *entry
;
422 id
= syscall_get_nr(current
, regs
);
424 if (unlikely(in_compat_syscall())) {
425 struct lttng_syscall_filter
*filter
= syscall_table
->sc_filter
;
427 if (id
< 0 || id
>= NR_compat_syscalls
428 || (!READ_ONCE(syscall_table
->syscall_all_exit
) && !test_bit(id
, filter
->sc_compat_exit
))) {
429 /* System call filtered out. */
432 table
= compat_sc_exit_table
.table
;
433 table_len
= compat_sc_exit_table
.len
;
434 unknown_action_list
= &syscall_table
->compat_unknown_syscall_exit_dispatch
;
436 struct lttng_syscall_filter
*filter
= syscall_table
->sc_filter
;
438 if (id
< 0 || id
>= NR_syscalls
439 || (!READ_ONCE(syscall_table
->syscall_all_exit
) && !test_bit(id
, filter
->sc_exit
))) {
440 /* System call filtered out. */
443 table
= sc_exit_table
.table
;
444 table_len
= sc_exit_table
.len
;
445 unknown_action_list
= &syscall_table
->unknown_syscall_exit_dispatch
;
447 if (unlikely(id
< 0 || id
>= table_len
)) {
448 syscall_exit_event_unknown(unknown_action_list
, regs
, id
, ret
);
453 if (!entry
->event_func
) {
454 syscall_exit_event_unknown(unknown_action_list
, regs
, id
, ret
);
458 if (unlikely(in_compat_syscall())) {
459 action_list
= &syscall_table
->compat_syscall_exit_dispatch
[id
];
461 action_list
= &syscall_table
->syscall_exit_dispatch
[id
];
463 if (unlikely(hlist_empty(action_list
)))
466 syscall_exit_event_call_func(action_list
, entry
->event_func
, entry
->nrargs
,
471 struct lttng_kernel_syscall_table
*get_syscall_table_from_enabler(struct lttng_event_enabler_common
*event_enabler
)
473 switch (event_enabler
->enabler_type
) {
474 case LTTNG_EVENT_ENABLER_TYPE_RECORDER
:
476 struct lttng_event_recorder_enabler
*event_recorder_enabler
=
477 container_of(event_enabler
, struct lttng_event_recorder_enabler
, parent
);
478 return &event_recorder_enabler
->chan
->priv
->parent
.syscall_table
;
480 case LTTNG_EVENT_ENABLER_TYPE_NOTIFIER
:
482 struct lttng_event_notifier_enabler
*event_notifier_enabler
=
483 container_of(event_enabler
, struct lttng_event_notifier_enabler
, parent
);
484 return &event_notifier_enabler
->group
->syscall_table
;
492 struct lttng_kernel_syscall_table
*get_syscall_table_from_event(struct lttng_kernel_event_common
*event
)
494 switch (event
->type
) {
495 case LTTNG_KERNEL_EVENT_TYPE_RECORDER
:
497 struct lttng_kernel_event_recorder
*event_recorder
=
498 container_of(event
, struct lttng_kernel_event_recorder
, parent
);
499 return &event_recorder
->chan
->priv
->parent
.syscall_table
;
501 case LTTNG_KERNEL_EVENT_TYPE_NOTIFIER
:
503 struct lttng_kernel_event_notifier
*event_notifier
=
504 container_of(event
, struct lttng_kernel_event_notifier
, parent
);
505 return &event_notifier
->priv
->group
->syscall_table
;
513 void lttng_syscall_event_enabler_create_event(struct lttng_event_enabler_common
*syscall_event_enabler
,
514 const struct lttng_kernel_event_desc
*desc
, enum sc_type type
, unsigned int syscall_nr
)
516 struct lttng_kernel_event_common
*event
;
518 switch (syscall_event_enabler
->enabler_type
) {
519 case LTTNG_EVENT_ENABLER_TYPE_RECORDER
:
521 struct lttng_event_recorder_enabler
*syscall_event_recorder_enabler
=
522 container_of(syscall_event_enabler
, struct lttng_event_recorder_enabler
, parent
);
523 struct lttng_event_recorder_enabler
*event_recorder_enabler
;
524 struct lttng_kernel_abi_event ev
;
526 /* We need to create an event for this syscall/enabler. */
527 memset(&ev
, 0, sizeof(ev
));
530 ev
.u
.syscall
.entryexit
= LTTNG_KERNEL_ABI_SYSCALL_ENTRY
;
531 ev
.u
.syscall
.abi
= LTTNG_KERNEL_ABI_SYSCALL_ABI_NATIVE
;
534 ev
.u
.syscall
.entryexit
= LTTNG_KERNEL_ABI_SYSCALL_EXIT
;
535 ev
.u
.syscall
.abi
= LTTNG_KERNEL_ABI_SYSCALL_ABI_NATIVE
;
537 case SC_TYPE_COMPAT_ENTRY
:
538 ev
.u
.syscall
.entryexit
= LTTNG_KERNEL_ABI_SYSCALL_ENTRY
;
539 ev
.u
.syscall
.abi
= LTTNG_KERNEL_ABI_SYSCALL_ABI_COMPAT
;
541 case SC_TYPE_COMPAT_EXIT
:
542 ev
.u
.syscall
.entryexit
= LTTNG_KERNEL_ABI_SYSCALL_EXIT
;
543 ev
.u
.syscall
.abi
= LTTNG_KERNEL_ABI_SYSCALL_ABI_COMPAT
;
546 strncpy(ev
.name
, desc
->event_name
, LTTNG_KERNEL_ABI_SYM_NAME_LEN
- 1);
547 ev
.name
[LTTNG_KERNEL_ABI_SYM_NAME_LEN
- 1] = '\0';
548 ev
.instrumentation
= LTTNG_KERNEL_ABI_SYSCALL
;
549 event_recorder_enabler
= lttng_event_recorder_enabler_create(LTTNG_ENABLER_FORMAT_NAME
, &ev
,
550 syscall_event_recorder_enabler
->chan
);
551 WARN_ON_ONCE(!event_recorder_enabler
);
552 if (!event_recorder_enabler
)
554 event
= _lttng_kernel_event_create(&event_recorder_enabler
->parent
, desc
);
555 WARN_ON_ONCE(IS_ERR(event
));
556 lttng_event_enabler_destroy(&event_recorder_enabler
->parent
);
558 printk(KERN_INFO
"Unable to create event recorder %s\n", desc
->event_name
);
561 event
->priv
->u
.syscall
.syscall_id
= syscall_nr
;
564 case LTTNG_EVENT_ENABLER_TYPE_NOTIFIER
:
566 struct lttng_event_notifier_enabler
*syscall_event_notifier_enabler
=
567 container_of(syscall_event_enabler
, struct lttng_event_notifier_enabler
, parent
);
568 struct lttng_event_notifier_enabler
*event_notifier_enabler
;
569 struct lttng_kernel_abi_event_notifier event_notifier_param
;
570 uint64_t user_token
= syscall_event_enabler
->user_token
;
571 uint64_t error_counter_index
= syscall_event_notifier_enabler
->error_counter_index
;
573 memset(&event_notifier_param
, 0, sizeof(event_notifier_param
));
576 event_notifier_param
.event
.u
.syscall
.entryexit
= LTTNG_KERNEL_ABI_SYSCALL_ENTRY
;
577 event_notifier_param
.event
.u
.syscall
.abi
= LTTNG_KERNEL_ABI_SYSCALL_ABI_NATIVE
;
580 event_notifier_param
.event
.u
.syscall
.entryexit
= LTTNG_KERNEL_ABI_SYSCALL_EXIT
;
581 event_notifier_param
.event
.u
.syscall
.abi
= LTTNG_KERNEL_ABI_SYSCALL_ABI_NATIVE
;
583 case SC_TYPE_COMPAT_ENTRY
:
584 event_notifier_param
.event
.u
.syscall
.entryexit
= LTTNG_KERNEL_ABI_SYSCALL_ENTRY
;
585 event_notifier_param
.event
.u
.syscall
.abi
= LTTNG_KERNEL_ABI_SYSCALL_ABI_COMPAT
;
587 case SC_TYPE_COMPAT_EXIT
:
588 event_notifier_param
.event
.u
.syscall
.entryexit
= LTTNG_KERNEL_ABI_SYSCALL_EXIT
;
589 event_notifier_param
.event
.u
.syscall
.abi
= LTTNG_KERNEL_ABI_SYSCALL_ABI_COMPAT
;
592 strncat(event_notifier_param
.event
.name
, desc
->event_name
,
593 LTTNG_KERNEL_ABI_SYM_NAME_LEN
- strlen(event_notifier_param
.event
.name
) - 1);
594 event_notifier_param
.event
.name
[LTTNG_KERNEL_ABI_SYM_NAME_LEN
- 1] = '\0';
595 event_notifier_param
.event
.instrumentation
= LTTNG_KERNEL_ABI_SYSCALL
;
596 event_notifier_param
.event
.token
= user_token
;
597 event_notifier_param
.error_counter_index
= error_counter_index
;
599 event_notifier_enabler
= lttng_event_notifier_enabler_create(LTTNG_ENABLER_FORMAT_NAME
,
600 &event_notifier_param
, syscall_event_notifier_enabler
->group
);
601 WARN_ON_ONCE(!event_notifier_enabler
);
602 event
= _lttng_kernel_event_create(&event_notifier_enabler
->parent
, desc
);
603 WARN_ON_ONCE(IS_ERR(event
));
604 lttng_event_enabler_destroy(&event_notifier_enabler
->parent
);
606 printk(KERN_INFO
"Unable to create event notifier %s\n", desc
->event_name
);
609 event
->priv
->u
.syscall
.syscall_id
= syscall_nr
;
618 void lttng_syscall_event_enabler_create_matching_syscall_table_events(struct lttng_event_enabler_common
*syscall_event_enabler_common
,
619 const struct trace_syscall_entry
*table
, size_t table_len
, enum sc_type type
)
621 struct lttng_event_ht
*events_ht
= lttng_get_event_ht_from_enabler(syscall_event_enabler_common
);
622 const struct lttng_kernel_event_desc
*desc
;
625 #ifndef CONFIG_COMPAT
626 if (type
== SC_TYPE_COMPAT_ENTRY
|| type
== SC_TYPE_COMPAT_EXIT
)
629 /* iterate over all syscall and create event that match */
630 for (i
= 0; i
< table_len
; i
++) {
631 struct lttng_kernel_event_common_private
*event_priv
;
632 struct hlist_head
*head
;
635 desc
= table
[i
].desc
;
637 /* Unknown syscall */
641 if (!lttng_desc_match_enabler(desc
, syscall_event_enabler_common
))
645 * Check if already created.
647 head
= utils_borrow_hash_table_bucket(events_ht
->table
, LTTNG_EVENT_HT_SIZE
, desc
->event_name
);
648 lttng_hlist_for_each_entry(event_priv
, head
, hlist_node
) {
649 if (lttng_event_enabler_desc_match_event(syscall_event_enabler_common
, desc
, event_priv
->pub
)) {
657 lttng_syscall_event_enabler_create_event(syscall_event_enabler_common
, desc
, type
, i
);
662 bool lttng_syscall_event_enabler_is_wildcard_all(struct lttng_event_enabler_common
*event_enabler
)
664 if (event_enabler
->event_param
.instrumentation
!= LTTNG_KERNEL_ABI_SYSCALL
)
666 if (event_enabler
->event_param
.u
.syscall
.abi
!= LTTNG_KERNEL_ABI_SYSCALL_ABI_ALL
)
668 if (event_enabler
->event_param
.u
.syscall
.match
!= LTTNG_KERNEL_ABI_SYSCALL_MATCH_NAME
)
670 if (strcmp(event_enabler
->event_param
.name
, "*"))
676 void create_unknown_syscall_event(struct lttng_event_enabler_common
*event_enabler
, enum sc_type type
)
678 struct lttng_event_ht
*events_ht
= lttng_get_event_ht_from_enabler(event_enabler
);
679 struct lttng_kernel_event_common_private
*event_priv
;
680 const struct lttng_kernel_event_desc
*desc
;
682 struct hlist_head
*head
;
684 #ifndef CONFIG_COMPAT
685 if (type
== SC_TYPE_COMPAT_ENTRY
|| type
== SC_TYPE_COMPAT_EXIT
)
689 * Considering that currently system calls can only be enabled on a per
690 * name basis (or wildcard based on a name), unknown syscall events are
691 * only used when matching *all* system calls, because this is the only
692 * case which can be associated with an unknown system call.
694 * When enabling system call on a per system call number basis will be
695 * supported, this will need to be revisited.
697 if (!lttng_syscall_event_enabler_is_wildcard_all(event_enabler
))
702 desc
= &__event_desc___syscall_entry_unknown
;
705 desc
= &__event_desc___syscall_exit_unknown
;
707 case SC_TYPE_COMPAT_ENTRY
:
708 desc
= &__event_desc___compat_syscall_entry_unknown
;
710 case SC_TYPE_COMPAT_EXIT
:
711 desc
= &__event_desc___compat_syscall_exit_unknown
;
718 * Check if already created.
720 head
= utils_borrow_hash_table_bucket(events_ht
->table
, LTTNG_EVENT_HT_SIZE
, desc
->event_name
);
721 lttng_hlist_for_each_entry(event_priv
, head
, hlist_node
) {
722 if (lttng_event_enabler_desc_match_event(event_enabler
, desc
, event_priv
->pub
)) {
728 lttng_syscall_event_enabler_create_event(event_enabler
, desc
, type
, -1U);
732 void lttng_syscall_event_enabler_create_matching_events(struct lttng_event_enabler_common
*event_enabler
)
734 enum lttng_kernel_abi_syscall_entryexit entryexit
= event_enabler
->event_param
.u
.syscall
.entryexit
;
736 if (entryexit
== LTTNG_KERNEL_ABI_SYSCALL_ENTRY
|| entryexit
== LTTNG_KERNEL_ABI_SYSCALL_ENTRYEXIT
) {
737 lttng_syscall_event_enabler_create_matching_syscall_table_events(event_enabler
,
738 sc_table
.table
, sc_table
.len
, SC_TYPE_ENTRY
);
739 lttng_syscall_event_enabler_create_matching_syscall_table_events(event_enabler
,
740 compat_sc_table
.table
, compat_sc_table
.len
, SC_TYPE_COMPAT_ENTRY
);
741 create_unknown_syscall_event(event_enabler
, SC_TYPE_ENTRY
);
742 create_unknown_syscall_event(event_enabler
, SC_TYPE_COMPAT_ENTRY
);
745 if (entryexit
== LTTNG_KERNEL_ABI_SYSCALL_EXIT
|| entryexit
== LTTNG_KERNEL_ABI_SYSCALL_ENTRYEXIT
) {
746 lttng_syscall_event_enabler_create_matching_syscall_table_events(event_enabler
,
747 sc_exit_table
.table
, sc_exit_table
.len
, SC_TYPE_EXIT
);
748 lttng_syscall_event_enabler_create_matching_syscall_table_events(event_enabler
,
749 compat_sc_exit_table
.table
, compat_sc_exit_table
.len
, SC_TYPE_COMPAT_EXIT
);
750 create_unknown_syscall_event(event_enabler
, SC_TYPE_EXIT
);
751 create_unknown_syscall_event(event_enabler
, SC_TYPE_COMPAT_EXIT
);
756 * Should be called with sessions lock held.
758 int lttng_event_enabler_create_syscall_events_if_missing(struct lttng_event_enabler_common
*syscall_event_enabler
)
760 struct lttng_kernel_syscall_table
*syscall_table
= get_syscall_table_from_enabler(syscall_event_enabler
);
763 if (!syscall_table
->syscall_dispatch
) {
764 /* create syscall table mapping syscall to events */
765 syscall_table
->syscall_dispatch
= kzalloc(sizeof(struct hlist_head
) * sc_table
.len
, GFP_KERNEL
);
766 if (!syscall_table
->syscall_dispatch
)
769 if (!syscall_table
->syscall_exit_dispatch
) {
770 /* create syscall table mapping syscall to events */
771 syscall_table
->syscall_exit_dispatch
= kzalloc(sizeof(struct hlist_head
) * sc_exit_table
.len
, GFP_KERNEL
);
772 if (!syscall_table
->syscall_exit_dispatch
)
777 if (!syscall_table
->compat_syscall_dispatch
) {
778 /* create syscall table mapping compat syscall to events */
779 syscall_table
->compat_syscall_dispatch
= kzalloc(sizeof(struct hlist_head
) * compat_sc_table
.len
, GFP_KERNEL
);
780 if (!syscall_table
->compat_syscall_dispatch
)
784 if (!syscall_table
->compat_syscall_exit_dispatch
) {
785 /* create syscall table mapping compat syscall to events */
786 syscall_table
->compat_syscall_exit_dispatch
= kzalloc(sizeof(struct hlist_head
) * compat_sc_exit_table
.len
, GFP_KERNEL
);
787 if (!syscall_table
->compat_syscall_exit_dispatch
)
791 if (!syscall_table
->sc_filter
) {
792 syscall_table
->sc_filter
= kzalloc(sizeof(struct lttng_syscall_filter
),
794 if (!syscall_table
->sc_filter
)
798 if (!syscall_table
->sys_enter_registered
) {
799 ret
= lttng_tracepoint_probe_register("sys_enter",
800 (void *) syscall_entry_event_probe
, syscall_table
);
803 syscall_table
->sys_enter_registered
= 1;
805 if (!syscall_table
->sys_exit_registered
) {
806 ret
= lttng_tracepoint_probe_register("sys_exit",
807 (void *) syscall_exit_event_probe
, syscall_table
);
809 WARN_ON_ONCE(lttng_tracepoint_probe_unregister("sys_enter",
810 (void *) syscall_entry_event_probe
, syscall_table
));
813 syscall_table
->sys_exit_registered
= 1;
816 lttng_syscall_event_enabler_create_matching_events(syscall_event_enabler
);
821 int lttng_syscalls_unregister_syscall_table(struct lttng_kernel_syscall_table
*syscall_table
)
825 if (!syscall_table
->syscall_dispatch
)
827 if (syscall_table
->sys_enter_registered
) {
828 ret
= lttng_tracepoint_probe_unregister("sys_enter",
829 (void *) syscall_entry_event_probe
, syscall_table
);
832 syscall_table
->sys_enter_registered
= 0;
834 if (syscall_table
->sys_exit_registered
) {
835 ret
= lttng_tracepoint_probe_unregister("sys_exit",
836 (void *) syscall_exit_event_probe
, syscall_table
);
839 syscall_table
->sys_exit_registered
= 0;
844 int lttng_syscalls_destroy_syscall_table(struct lttng_kernel_syscall_table
*syscall_table
)
846 kfree(syscall_table
->syscall_dispatch
);
847 kfree(syscall_table
->syscall_exit_dispatch
);
849 kfree(syscall_table
->compat_syscall_dispatch
);
850 kfree(syscall_table
->compat_syscall_exit_dispatch
);
852 kfree(syscall_table
->sc_filter
);
857 uint32_t get_sc_tables_len(void)
859 return sc_table
.len
+ compat_sc_table
.len
;
863 const char *get_syscall_name(const char *desc_name
,
864 enum lttng_syscall_abi abi
,
865 enum lttng_syscall_entryexit entryexit
)
867 size_t prefix_len
= 0;
871 case LTTNG_SYSCALL_ENTRY
:
873 case LTTNG_SYSCALL_ABI_NATIVE
:
874 prefix_len
= strlen(SYSCALL_ENTRY_STR
);
876 case LTTNG_SYSCALL_ABI_COMPAT
:
877 prefix_len
= strlen(COMPAT_SYSCALL_ENTRY_STR
);
881 case LTTNG_SYSCALL_EXIT
:
883 case LTTNG_SYSCALL_ABI_NATIVE
:
884 prefix_len
= strlen(SYSCALL_EXIT_STR
);
886 case LTTNG_SYSCALL_ABI_COMPAT
:
887 prefix_len
= strlen(COMPAT_SYSCALL_EXIT_STR
);
892 WARN_ON_ONCE(prefix_len
== 0);
893 return desc_name
+ prefix_len
;
897 int lttng_syscall_filter_enable(
898 struct lttng_syscall_filter
*filter
,
899 const char *desc_name
, enum lttng_syscall_abi abi
,
900 enum lttng_syscall_entryexit entryexit
,
901 unsigned int syscall_id
)
903 const char *syscall_name
;
904 unsigned long *bitmap
;
907 syscall_name
= get_syscall_name(desc_name
, abi
, entryexit
);
910 case LTTNG_SYSCALL_ENTRY
:
912 case LTTNG_SYSCALL_ABI_NATIVE
:
913 bitmap
= filter
->sc_entry
;
914 refcount_map
= filter
->sc_entry_refcount_map
;
916 case LTTNG_SYSCALL_ABI_COMPAT
:
917 bitmap
= filter
->sc_compat_entry
;
918 refcount_map
= filter
->sc_compat_entry_refcount_map
;
924 case LTTNG_SYSCALL_EXIT
:
926 case LTTNG_SYSCALL_ABI_NATIVE
:
927 bitmap
= filter
->sc_exit
;
928 refcount_map
= filter
->sc_exit_refcount_map
;
930 case LTTNG_SYSCALL_ABI_COMPAT
:
931 bitmap
= filter
->sc_compat_exit
;
932 refcount_map
= filter
->sc_compat_exit_refcount_map
;
941 if (refcount_map
[syscall_id
] == U32_MAX
)
943 if (refcount_map
[syscall_id
]++ == 0)
944 bitmap_set(bitmap
, syscall_id
, 1);
948 int lttng_syscall_filter_enable_event(struct lttng_kernel_event_common
*event
)
950 struct lttng_kernel_syscall_table
*syscall_table
= get_syscall_table_from_event(event
);
951 unsigned int syscall_id
= event
->priv
->u
.syscall
.syscall_id
;
952 struct hlist_head
*dispatch_list
;
955 WARN_ON_ONCE(event
->priv
->instrumentation
!= LTTNG_KERNEL_ABI_SYSCALL
);
957 /* Unknown syscall */
958 if (syscall_id
== -1U) {
959 switch (event
->priv
->u
.syscall
.entryexit
) {
960 case LTTNG_SYSCALL_ENTRY
:
961 switch (event
->priv
->u
.syscall
.abi
) {
962 case LTTNG_SYSCALL_ABI_NATIVE
:
963 dispatch_list
= &syscall_table
->unknown_syscall_dispatch
;
965 case LTTNG_SYSCALL_ABI_COMPAT
:
966 dispatch_list
= &syscall_table
->compat_unknown_syscall_dispatch
;
973 case LTTNG_SYSCALL_EXIT
:
974 switch (event
->priv
->u
.syscall
.abi
) {
975 case LTTNG_SYSCALL_ABI_NATIVE
:
976 dispatch_list
= &syscall_table
->unknown_syscall_exit_dispatch
;
978 case LTTNG_SYSCALL_ABI_COMPAT
:
979 dispatch_list
= &syscall_table
->compat_unknown_syscall_exit_dispatch
;
991 ret
= lttng_syscall_filter_enable(syscall_table
->sc_filter
,
992 event
->priv
->desc
->event_name
, event
->priv
->u
.syscall
.abi
,
993 event
->priv
->u
.syscall
.entryexit
, syscall_id
);
997 switch (event
->priv
->u
.syscall
.entryexit
) {
998 case LTTNG_SYSCALL_ENTRY
:
999 switch (event
->priv
->u
.syscall
.abi
) {
1000 case LTTNG_SYSCALL_ABI_NATIVE
:
1001 dispatch_list
= &syscall_table
->syscall_dispatch
[syscall_id
];
1003 case LTTNG_SYSCALL_ABI_COMPAT
:
1004 dispatch_list
= &syscall_table
->compat_syscall_dispatch
[syscall_id
];
1011 case LTTNG_SYSCALL_EXIT
:
1012 switch (event
->priv
->u
.syscall
.abi
) {
1013 case LTTNG_SYSCALL_ABI_NATIVE
:
1014 dispatch_list
= &syscall_table
->syscall_exit_dispatch
[syscall_id
];
1016 case LTTNG_SYSCALL_ABI_COMPAT
:
1017 dispatch_list
= &syscall_table
->compat_syscall_exit_dispatch
[syscall_id
];
1030 hlist_add_head_rcu(&event
->priv
->u
.syscall
.node
, dispatch_list
);
1036 int lttng_syscall_filter_disable(struct lttng_syscall_filter
*filter
,
1037 const char *desc_name
, enum lttng_syscall_abi abi
,
1038 enum lttng_syscall_entryexit entryexit
,
1039 unsigned int syscall_id
)
1041 const char *syscall_name
;
1042 unsigned long *bitmap
;
1045 syscall_name
= get_syscall_name(desc_name
, abi
, entryexit
);
1047 switch (entryexit
) {
1048 case LTTNG_SYSCALL_ENTRY
:
1050 case LTTNG_SYSCALL_ABI_NATIVE
:
1051 bitmap
= filter
->sc_entry
;
1052 refcount_map
= filter
->sc_entry_refcount_map
;
1054 case LTTNG_SYSCALL_ABI_COMPAT
:
1055 bitmap
= filter
->sc_compat_entry
;
1056 refcount_map
= filter
->sc_compat_entry_refcount_map
;
1062 case LTTNG_SYSCALL_EXIT
:
1064 case LTTNG_SYSCALL_ABI_NATIVE
:
1065 bitmap
= filter
->sc_exit
;
1066 refcount_map
= filter
->sc_exit_refcount_map
;
1068 case LTTNG_SYSCALL_ABI_COMPAT
:
1069 bitmap
= filter
->sc_compat_exit
;
1070 refcount_map
= filter
->sc_compat_exit_refcount_map
;
1079 if (refcount_map
[syscall_id
] == 0)
1081 if (--refcount_map
[syscall_id
] == 0)
1082 bitmap_clear(bitmap
, syscall_id
, 1);
1086 int lttng_syscall_filter_disable_event(struct lttng_kernel_event_common
*event
)
1088 struct lttng_kernel_syscall_table
*syscall_table
= get_syscall_table_from_event(event
);
1089 unsigned int syscall_id
= event
->priv
->u
.syscall
.syscall_id
;
1092 /* Except for unknown syscall */
1093 if (syscall_id
!= -1U) {
1094 ret
= lttng_syscall_filter_disable(syscall_table
->sc_filter
,
1095 event
->priv
->desc
->event_name
, event
->priv
->u
.syscall
.abi
,
1096 event
->priv
->u
.syscall
.entryexit
, syscall_id
);
1100 hlist_del_rcu(&event
->priv
->u
.syscall
.node
);
1104 void lttng_syscall_table_set_wildcard_all(struct lttng_event_enabler_common
*event_enabler
)
1106 struct lttng_kernel_syscall_table
*syscall_table
= get_syscall_table_from_enabler(event_enabler
);
1107 enum lttng_kernel_abi_syscall_entryexit entryexit
;
1108 int enabled
= event_enabler
->enabled
;
1110 if (!lttng_syscall_event_enabler_is_wildcard_all(event_enabler
))
1112 entryexit
= event_enabler
->event_param
.u
.syscall
.entryexit
;
1113 if (entryexit
== LTTNG_KERNEL_ABI_SYSCALL_ENTRY
|| entryexit
== LTTNG_KERNEL_ABI_SYSCALL_ENTRYEXIT
)
1114 WRITE_ONCE(syscall_table
->syscall_all_entry
, enabled
);
1116 if (entryexit
== LTTNG_KERNEL_ABI_SYSCALL_EXIT
|| entryexit
== LTTNG_KERNEL_ABI_SYSCALL_ENTRYEXIT
)
1117 WRITE_ONCE(syscall_table
->syscall_all_exit
, enabled
);
1121 const struct trace_syscall_entry
*syscall_list_get_entry(loff_t
*pos
)
1123 const struct trace_syscall_entry
*entry
;
1126 for (entry
= sc_table
.table
;
1127 entry
< sc_table
.table
+ sc_table
.len
;
1132 for (entry
= compat_sc_table
.table
;
1133 entry
< compat_sc_table
.table
+ compat_sc_table
.len
;
1143 void *syscall_list_start(struct seq_file
*m
, loff_t
*pos
)
1145 return (void *) syscall_list_get_entry(pos
);
1149 void *syscall_list_next(struct seq_file
*m
, void *p
, loff_t
*ppos
)
1152 return (void *) syscall_list_get_entry(ppos
);
1156 void syscall_list_stop(struct seq_file
*m
, void *p
)
1161 int get_sc_table(const struct trace_syscall_entry
*entry
,
1162 const struct trace_syscall_entry
**table
,
1163 unsigned int *bitness
)
1165 if (entry
>= sc_table
.table
&& entry
< sc_table
.table
+ sc_table
.len
) {
1167 *bitness
= BITS_PER_LONG
;
1169 *table
= sc_table
.table
;
1172 if (!(entry
>= compat_sc_table
.table
1173 && entry
< compat_sc_table
.table
+ compat_sc_table
.len
)) {
1179 *table
= compat_sc_table
.table
;
1184 int syscall_list_show(struct seq_file
*m
, void *p
)
1186 const struct trace_syscall_entry
*table
, *entry
= p
;
1187 unsigned int bitness
;
1188 unsigned long index
;
1192 ret
= get_sc_table(entry
, &table
, &bitness
);
1197 if (table
== sc_table
.table
) {
1198 index
= entry
- table
;
1199 name
= &entry
->desc
->event_name
[strlen(SYSCALL_ENTRY_STR
)];
1201 index
= (entry
- table
) + sc_table
.len
;
1202 name
= &entry
->desc
->event_name
[strlen(COMPAT_SYSCALL_ENTRY_STR
)];
1204 seq_printf(m
, "syscall { index = %lu; name = %s; bitness = %u; };\n",
1205 index
, name
, bitness
);
1210 const struct seq_operations lttng_syscall_list_seq_ops
= {
1211 .start
= syscall_list_start
,
1212 .next
= syscall_list_next
,
1213 .stop
= syscall_list_stop
,
1214 .show
= syscall_list_show
,
1218 int lttng_syscall_list_open(struct inode
*inode
, struct file
*file
)
1220 return seq_open(file
, <tng_syscall_list_seq_ops
);
1223 const struct file_operations lttng_syscall_list_fops
= {
1224 .owner
= THIS_MODULE
,
1225 .open
= lttng_syscall_list_open
,
1227 .llseek
= seq_lseek
,
1228 .release
= seq_release
,
1232 * A syscall is enabled if it is traced for either entry or exit.
1234 long lttng_syscall_table_get_active_mask(struct lttng_kernel_syscall_table
*syscall_table
,
1235 struct lttng_kernel_abi_syscall_mask __user
*usyscall_mask
)
1237 uint32_t len
, sc_tables_len
, bitmask_len
;
1240 struct lttng_syscall_filter
*filter
;
1242 ret
= get_user(len
, &usyscall_mask
->len
);
1245 sc_tables_len
= get_sc_tables_len();
1246 bitmask_len
= ALIGN(sc_tables_len
, 8) >> 3;
1247 if (len
< sc_tables_len
) {
1248 return put_user(sc_tables_len
, &usyscall_mask
->len
);
1250 /* Array is large enough, we can copy array to user-space. */
1251 tmp_mask
= kzalloc(bitmask_len
, GFP_KERNEL
);
1254 filter
= syscall_table
->sc_filter
;
1256 for (bit
= 0; bit
< sc_table
.len
; bit
++) {
1259 if (syscall_table
->syscall_dispatch
) {
1260 if (!(READ_ONCE(syscall_table
->syscall_all_entry
)
1261 || READ_ONCE(syscall_table
->syscall_all_exit
)) && filter
)
1262 state
= test_bit(bit
, filter
->sc_entry
)
1263 || test_bit(bit
, filter
->sc_exit
);
1269 bt_bitfield_write_be(tmp_mask
, char, bit
, 1, state
);
1271 for (; bit
< sc_tables_len
; bit
++) {
1274 if (syscall_table
->compat_syscall_dispatch
) {
1275 if (!(READ_ONCE(syscall_table
->syscall_all_entry
)
1276 || READ_ONCE(syscall_table
->syscall_all_exit
)) && filter
)
1277 state
= test_bit(bit
- sc_table
.len
,
1278 filter
->sc_compat_entry
)
1279 || test_bit(bit
- sc_table
.len
,
1280 filter
->sc_compat_exit
);
1286 bt_bitfield_write_be(tmp_mask
, char, bit
, 1, state
);
1288 if (copy_to_user(usyscall_mask
->mask
, tmp_mask
, bitmask_len
))
1294 int lttng_abi_syscall_list(void)
1296 struct file
*syscall_list_file
;
1299 file_fd
= get_unused_fd_flags(0);
1305 syscall_list_file
= anon_inode_getfile("[lttng_syscall_list]",
1306 <tng_syscall_list_fops
,
1308 if (IS_ERR(syscall_list_file
)) {
1309 ret
= PTR_ERR(syscall_list_file
);
1312 ret
= lttng_syscall_list_fops
.open(NULL
, syscall_list_file
);
1315 fd_install(file_fd
, syscall_list_file
);
1319 fput(syscall_list_file
);
1321 put_unused_fd(file_fd
);