1 /* SPDX-License-Identifier: (GPL-2.0-only or LGPL-2.1-only)
5 * LTTng syscall probes.
7 * Copyright (C) 2010-2012 Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
10 #include <linux/module.h>
11 #include <linux/slab.h>
12 #include <linux/compat.h>
13 #include <linux/err.h>
14 #include <linux/bitmap.h>
16 #include <linux/in6.h>
17 #include <linux/seq_file.h>
18 #include <linux/stringify.h>
19 #include <linux/file.h>
20 #include <linux/anon_inodes.h>
21 #include <linux/fcntl.h>
22 #include <linux/mman.h>
23 #include <asm/ptrace.h>
24 #include <asm/syscall.h>
26 #include <lttng/bitfield.h>
27 #include <wrapper/tracepoint.h>
28 #include <wrapper/file.h>
29 #include <wrapper/rcu.h>
30 #include <wrapper/syscall.h>
31 #include <wrapper/limits.h>
32 #include <lttng/events.h>
33 #include <lttng/events-internal.h>
34 #include <lttng/utils.h>
36 #include "lttng-syscalls.h"
39 # ifndef is_compat_task
40 # define is_compat_task() (0)
44 /* in_compat_syscall appears in kernel 4.6. */
45 #ifndef in_compat_syscall
46 #define in_compat_syscall() is_compat_task()
56 #define SYSCALL_ENTRY_TOK syscall_entry_
57 #define COMPAT_SYSCALL_ENTRY_TOK compat_syscall_entry_
58 #define SYSCALL_EXIT_TOK syscall_exit_
59 #define COMPAT_SYSCALL_EXIT_TOK compat_syscall_exit_
61 #define SYSCALL_ENTRY_STR __stringify(SYSCALL_ENTRY_TOK)
62 #define COMPAT_SYSCALL_ENTRY_STR __stringify(COMPAT_SYSCALL_ENTRY_TOK)
63 #define SYSCALL_EXIT_STR __stringify(SYSCALL_EXIT_TOK)
64 #define COMPAT_SYSCALL_EXIT_STR __stringify(COMPAT_SYSCALL_EXIT_TOK)
66 void syscall_entry_event_probe(void *__data
, struct pt_regs
*regs
, long id
);
67 void syscall_exit_event_probe(void *__data
, struct pt_regs
*regs
, long ret
);
70 * Forward declarations for old kernels.
74 struct oldold_utsname
;
76 struct sel_arg_struct
;
77 struct mmap_arg_struct
;
80 struct __kernel_old_itimerval
;
86 * Forward declaration for kernels >= 5.6
93 #if (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(5,6,0))
94 typedef __kernel_old_time_t
time_t;
97 #ifdef IA32_NR_syscalls
98 #define NR_compat_syscalls IA32_NR_syscalls
100 #define NR_compat_syscalls NR_syscalls
104 * Create LTTng tracepoint probes.
106 #define LTTNG_PACKAGE_BUILD
107 #define CREATE_TRACE_POINTS
108 #define TP_MODULE_NOINIT
109 #define TRACE_INCLUDE_PATH instrumentation/syscalls/headers
111 #define PARAMS(args...) args
113 /* Handle unknown syscalls */
115 #define TRACE_SYSTEM syscalls_unknown
116 #include <instrumentation/syscalls/headers/syscalls_unknown.h>
121 extern const struct trace_syscall_table sc_table
;
122 extern const struct trace_syscall_table compat_sc_table
;
124 /* Event syscall exit table */
125 extern const struct trace_syscall_table sc_exit_table
;
126 extern const struct trace_syscall_table compat_sc_exit_table
;
131 #undef CREATE_SYSCALL_TABLE
133 struct lttng_syscall_filter
{
134 DECLARE_BITMAP(sc_entry
, NR_syscalls
);
135 DECLARE_BITMAP(sc_exit
, NR_syscalls
);
136 DECLARE_BITMAP(sc_compat_entry
, NR_compat_syscalls
);
137 DECLARE_BITMAP(sc_compat_exit
, NR_compat_syscalls
);
140 * Reference counters keeping track of number of events enabled
143 u32 sc_entry_refcount_map
[NR_syscalls
];
144 u32 sc_exit_refcount_map
[NR_syscalls
];
145 u32 sc_compat_entry_refcount_map
[NR_compat_syscalls
];
146 u32 sc_compat_exit_refcount_map
[NR_compat_syscalls
];
149 static void syscall_entry_event_unknown(struct hlist_head
*unknown_action_list_head
,
150 struct pt_regs
*regs
, long id
)
152 unsigned long args
[LTTNG_SYSCALL_NR_ARGS
];
153 struct lttng_kernel_event_common_private
*event_priv
;
155 lttng_syscall_get_arguments(current
, regs
, args
);
156 lttng_hlist_for_each_entry_rcu(event_priv
, unknown_action_list_head
, u
.syscall
.node
) {
157 if (unlikely(in_compat_syscall()))
158 __event_probe__compat_syscall_entry_unknown(event_priv
->pub
, id
, args
);
160 __event_probe__syscall_entry_unknown(event_priv
->pub
, id
, args
);
164 static __always_inline
165 void syscall_entry_event_call_func(struct hlist_head
*action_list
,
166 void *func
, unsigned int nrargs
,
167 struct pt_regs
*regs
)
169 struct lttng_kernel_event_common_private
*event_priv
;
174 void (*fptr
)(void *__data
) = func
;
176 lttng_hlist_for_each_entry_rcu(event_priv
, action_list
, u
.syscall
.node
)
177 fptr(event_priv
->pub
);
182 void (*fptr
)(void *__data
, unsigned long arg0
) = func
;
183 unsigned long args
[LTTNG_SYSCALL_NR_ARGS
];
185 lttng_syscall_get_arguments(current
, regs
, args
);
186 lttng_hlist_for_each_entry_rcu(event_priv
, action_list
, u
.syscall
.node
)
187 fptr(event_priv
->pub
, args
[0]);
192 void (*fptr
)(void *__data
,
194 unsigned long arg1
) = func
;
195 unsigned long args
[LTTNG_SYSCALL_NR_ARGS
];
197 lttng_syscall_get_arguments(current
, regs
, args
);
198 lttng_hlist_for_each_entry_rcu(event_priv
, action_list
, u
.syscall
.node
)
199 fptr(event_priv
->pub
, args
[0], args
[1]);
204 void (*fptr
)(void *__data
,
207 unsigned long arg2
) = func
;
208 unsigned long args
[LTTNG_SYSCALL_NR_ARGS
];
210 lttng_syscall_get_arguments(current
, regs
, args
);
211 lttng_hlist_for_each_entry_rcu(event_priv
, action_list
, u
.syscall
.node
)
212 fptr(event_priv
->pub
, args
[0], args
[1], args
[2]);
217 void (*fptr
)(void *__data
,
221 unsigned long arg3
) = func
;
222 unsigned long args
[LTTNG_SYSCALL_NR_ARGS
];
224 lttng_syscall_get_arguments(current
, regs
, args
);
225 lttng_hlist_for_each_entry_rcu(event_priv
, action_list
, u
.syscall
.node
)
226 fptr(event_priv
->pub
, args
[0], args
[1], args
[2], args
[3]);
231 void (*fptr
)(void *__data
,
236 unsigned long arg4
) = func
;
237 unsigned long args
[LTTNG_SYSCALL_NR_ARGS
];
239 lttng_syscall_get_arguments(current
, regs
, args
);
240 lttng_hlist_for_each_entry_rcu(event_priv
, action_list
, u
.syscall
.node
)
241 fptr(event_priv
->pub
, args
[0], args
[1], args
[2], args
[3], args
[4]);
246 void (*fptr
)(void *__data
,
252 unsigned long arg5
) = func
;
253 unsigned long args
[LTTNG_SYSCALL_NR_ARGS
];
255 lttng_syscall_get_arguments(current
, regs
, args
);
256 lttng_hlist_for_each_entry_rcu(event_priv
, action_list
, u
.syscall
.node
)
257 fptr(event_priv
->pub
, args
[0], args
[1], args
[2],
258 args
[3], args
[4], args
[5]);
266 void syscall_entry_event_probe(void *__data
, struct pt_regs
*regs
, long id
)
268 struct lttng_kernel_syscall_table
*syscall_table
= __data
;
269 struct hlist_head
*action_list
, *unknown_action_list
;
270 const struct trace_syscall_entry
*table
, *entry
;
273 if (unlikely(in_compat_syscall())) {
274 struct lttng_syscall_filter
*filter
= syscall_table
->sc_filter
;
276 if (id
< 0 || id
>= NR_compat_syscalls
277 || (!READ_ONCE(syscall_table
->syscall_all_entry
) && !test_bit(id
, filter
->sc_compat_entry
))) {
278 /* System call filtered out. */
281 table
= compat_sc_table
.table
;
282 table_len
= compat_sc_table
.len
;
283 unknown_action_list
= &syscall_table
->compat_unknown_syscall_dispatch
;
285 struct lttng_syscall_filter
*filter
= syscall_table
->sc_filter
;
287 if (id
< 0 || id
>= NR_syscalls
288 || (!READ_ONCE(syscall_table
->syscall_all_entry
) && !test_bit(id
, filter
->sc_entry
))) {
289 /* System call filtered out. */
292 table
= sc_table
.table
;
293 table_len
= sc_table
.len
;
294 unknown_action_list
= &syscall_table
->unknown_syscall_dispatch
;
296 if (unlikely(id
< 0 || id
>= table_len
)) {
297 syscall_entry_event_unknown(unknown_action_list
, regs
, id
);
302 if (!entry
->event_func
) {
303 syscall_entry_event_unknown(unknown_action_list
, regs
, id
);
307 if (unlikely(in_compat_syscall())) {
308 action_list
= &syscall_table
->compat_syscall_dispatch
[id
];
310 action_list
= &syscall_table
->syscall_dispatch
[id
];
312 if (unlikely(hlist_empty(action_list
)))
315 syscall_entry_event_call_func(action_list
, entry
->event_func
, entry
->nrargs
, regs
);
318 static void syscall_exit_event_unknown(struct hlist_head
*unknown_action_list_head
,
319 struct pt_regs
*regs
, long id
, long ret
)
321 unsigned long args
[LTTNG_SYSCALL_NR_ARGS
];
322 struct lttng_kernel_event_common_private
*event_priv
;
324 lttng_syscall_get_arguments(current
, regs
, args
);
325 lttng_hlist_for_each_entry_rcu(event_priv
, unknown_action_list_head
, u
.syscall
.node
) {
326 if (unlikely(in_compat_syscall()))
327 __event_probe__compat_syscall_exit_unknown(event_priv
->pub
, id
, ret
,
330 __event_probe__syscall_exit_unknown(event_priv
->pub
, id
, ret
, args
);
334 static __always_inline
335 void syscall_exit_event_call_func(struct hlist_head
*action_list
,
336 void *func
, unsigned int nrargs
,
337 struct pt_regs
*regs
, long ret
)
339 struct lttng_kernel_event_common_private
*event_priv
;
344 void (*fptr
)(void *__data
, long ret
) = func
;
346 lttng_hlist_for_each_entry_rcu(event_priv
, action_list
, u
.syscall
.node
)
347 fptr(event_priv
->pub
, ret
);
352 void (*fptr
)(void *__data
,
354 unsigned long arg0
) = func
;
355 unsigned long args
[LTTNG_SYSCALL_NR_ARGS
];
357 lttng_syscall_get_arguments(current
, regs
, args
);
358 lttng_hlist_for_each_entry_rcu(event_priv
, action_list
, u
.syscall
.node
)
359 fptr(event_priv
->pub
, ret
, args
[0]);
364 void (*fptr
)(void *__data
,
367 unsigned long arg1
) = func
;
368 unsigned long args
[LTTNG_SYSCALL_NR_ARGS
];
370 lttng_syscall_get_arguments(current
, regs
, args
);
371 lttng_hlist_for_each_entry_rcu(event_priv
, action_list
, u
.syscall
.node
)
372 fptr(event_priv
->pub
, ret
, args
[0], args
[1]);
377 void (*fptr
)(void *__data
,
381 unsigned long arg2
) = func
;
382 unsigned long args
[LTTNG_SYSCALL_NR_ARGS
];
384 lttng_syscall_get_arguments(current
, regs
, args
);
385 lttng_hlist_for_each_entry_rcu(event_priv
, action_list
, u
.syscall
.node
)
386 fptr(event_priv
->pub
, ret
, args
[0], args
[1], args
[2]);
391 void (*fptr
)(void *__data
,
396 unsigned long arg3
) = func
;
397 unsigned long args
[LTTNG_SYSCALL_NR_ARGS
];
399 lttng_syscall_get_arguments(current
, regs
, args
);
400 lttng_hlist_for_each_entry_rcu(event_priv
, action_list
, u
.syscall
.node
)
401 fptr(event_priv
->pub
, ret
, args
[0], args
[1], args
[2], args
[3]);
406 void (*fptr
)(void *__data
,
412 unsigned long arg4
) = func
;
413 unsigned long args
[LTTNG_SYSCALL_NR_ARGS
];
415 lttng_syscall_get_arguments(current
, regs
, args
);
416 lttng_hlist_for_each_entry_rcu(event_priv
, action_list
, u
.syscall
.node
)
417 fptr(event_priv
->pub
, ret
, args
[0], args
[1], args
[2], args
[3], args
[4]);
422 void (*fptr
)(void *__data
,
429 unsigned long arg5
) = func
;
430 unsigned long args
[LTTNG_SYSCALL_NR_ARGS
];
432 lttng_syscall_get_arguments(current
, regs
, args
);
433 lttng_hlist_for_each_entry_rcu(event_priv
, action_list
, u
.syscall
.node
)
434 fptr(event_priv
->pub
, ret
, args
[0], args
[1], args
[2],
435 args
[3], args
[4], args
[5]);
443 void syscall_exit_event_probe(void *__data
, struct pt_regs
*regs
, long ret
)
445 struct lttng_kernel_syscall_table
*syscall_table
= __data
;
446 struct hlist_head
*action_list
, *unknown_action_list
;
447 const struct trace_syscall_entry
*table
, *entry
;
451 id
= syscall_get_nr(current
, regs
);
453 if (unlikely(in_compat_syscall())) {
454 struct lttng_syscall_filter
*filter
= syscall_table
->sc_filter
;
456 if (id
< 0 || id
>= NR_compat_syscalls
457 || (!READ_ONCE(syscall_table
->syscall_all_exit
) && !test_bit(id
, filter
->sc_compat_exit
))) {
458 /* System call filtered out. */
461 table
= compat_sc_exit_table
.table
;
462 table_len
= compat_sc_exit_table
.len
;
463 unknown_action_list
= &syscall_table
->compat_unknown_syscall_exit_dispatch
;
465 struct lttng_syscall_filter
*filter
= syscall_table
->sc_filter
;
467 if (id
< 0 || id
>= NR_syscalls
468 || (!READ_ONCE(syscall_table
->syscall_all_exit
) && !test_bit(id
, filter
->sc_exit
))) {
469 /* System call filtered out. */
472 table
= sc_exit_table
.table
;
473 table_len
= sc_exit_table
.len
;
474 unknown_action_list
= &syscall_table
->unknown_syscall_exit_dispatch
;
476 if (unlikely(id
< 0 || id
>= table_len
)) {
477 syscall_exit_event_unknown(unknown_action_list
, regs
, id
, ret
);
482 if (!entry
->event_func
) {
483 syscall_exit_event_unknown(unknown_action_list
, regs
, id
, ret
);
487 if (unlikely(in_compat_syscall())) {
488 action_list
= &syscall_table
->compat_syscall_exit_dispatch
[id
];
490 action_list
= &syscall_table
->syscall_exit_dispatch
[id
];
492 if (unlikely(hlist_empty(action_list
)))
495 syscall_exit_event_call_func(action_list
, entry
->event_func
, entry
->nrargs
,
500 struct lttng_kernel_syscall_table
*get_syscall_table_from_enabler(struct lttng_event_enabler_common
*event_enabler
)
502 switch (event_enabler
->enabler_type
) {
503 case LTTNG_EVENT_ENABLER_TYPE_RECORDER
:
505 struct lttng_event_recorder_enabler
*event_recorder_enabler
=
506 container_of(event_enabler
, struct lttng_event_recorder_enabler
, parent
);
507 return &event_recorder_enabler
->chan
->priv
->parent
.syscall_table
;
509 case LTTNG_EVENT_ENABLER_TYPE_NOTIFIER
:
511 struct lttng_event_notifier_enabler
*event_notifier_enabler
=
512 container_of(event_enabler
, struct lttng_event_notifier_enabler
, parent
);
513 return &event_notifier_enabler
->group
->syscall_table
;
521 struct lttng_kernel_syscall_table
*get_syscall_table_from_event(struct lttng_kernel_event_common
*event
)
523 switch (event
->type
) {
524 case LTTNG_KERNEL_EVENT_TYPE_RECORDER
:
526 struct lttng_kernel_event_recorder
*event_recorder
=
527 container_of(event
, struct lttng_kernel_event_recorder
, parent
);
528 return &event_recorder
->chan
->priv
->parent
.syscall_table
;
530 case LTTNG_KERNEL_EVENT_TYPE_NOTIFIER
:
532 struct lttng_kernel_event_notifier
*event_notifier
=
533 container_of(event
, struct lttng_kernel_event_notifier
, parent
);
534 return &event_notifier
->priv
->group
->syscall_table
;
542 void lttng_syscall_event_enabler_create_event(struct lttng_event_enabler_common
*syscall_event_enabler
,
543 const struct lttng_kernel_event_desc
*desc
, enum sc_type type
, unsigned int syscall_nr
)
545 struct lttng_kernel_event_common
*event
;
547 switch (syscall_event_enabler
->enabler_type
) {
548 case LTTNG_EVENT_ENABLER_TYPE_RECORDER
:
550 struct lttng_event_recorder_enabler
*syscall_event_recorder_enabler
=
551 container_of(syscall_event_enabler
, struct lttng_event_recorder_enabler
, parent
);
552 struct lttng_event_recorder_enabler
*event_recorder_enabler
;
553 struct lttng_kernel_abi_event ev
;
555 /* We need to create an event for this syscall/enabler. */
556 memset(&ev
, 0, sizeof(ev
));
559 ev
.u
.syscall
.entryexit
= LTTNG_KERNEL_ABI_SYSCALL_ENTRY
;
560 ev
.u
.syscall
.abi
= LTTNG_KERNEL_ABI_SYSCALL_ABI_NATIVE
;
563 ev
.u
.syscall
.entryexit
= LTTNG_KERNEL_ABI_SYSCALL_EXIT
;
564 ev
.u
.syscall
.abi
= LTTNG_KERNEL_ABI_SYSCALL_ABI_NATIVE
;
566 case SC_TYPE_COMPAT_ENTRY
:
567 ev
.u
.syscall
.entryexit
= LTTNG_KERNEL_ABI_SYSCALL_ENTRY
;
568 ev
.u
.syscall
.abi
= LTTNG_KERNEL_ABI_SYSCALL_ABI_COMPAT
;
570 case SC_TYPE_COMPAT_EXIT
:
571 ev
.u
.syscall
.entryexit
= LTTNG_KERNEL_ABI_SYSCALL_EXIT
;
572 ev
.u
.syscall
.abi
= LTTNG_KERNEL_ABI_SYSCALL_ABI_COMPAT
;
575 strncpy(ev
.name
, desc
->event_name
, LTTNG_KERNEL_ABI_SYM_NAME_LEN
- 1);
576 ev
.name
[LTTNG_KERNEL_ABI_SYM_NAME_LEN
- 1] = '\0';
577 ev
.instrumentation
= LTTNG_KERNEL_ABI_SYSCALL
;
578 event_recorder_enabler
= lttng_event_recorder_enabler_create(LTTNG_ENABLER_FORMAT_NAME
, &ev
,
579 syscall_event_recorder_enabler
->chan
);
580 WARN_ON_ONCE(!event_recorder_enabler
);
581 if (!event_recorder_enabler
)
583 event
= _lttng_kernel_event_create(&event_recorder_enabler
->parent
, desc
);
584 WARN_ON_ONCE(IS_ERR(event
));
585 lttng_event_enabler_destroy(&event_recorder_enabler
->parent
);
587 printk(KERN_INFO
"Unable to create event recorder %s\n", desc
->event_name
);
590 event
->priv
->u
.syscall
.syscall_id
= syscall_nr
;
593 case LTTNG_EVENT_ENABLER_TYPE_NOTIFIER
:
595 struct lttng_event_notifier_enabler
*syscall_event_notifier_enabler
=
596 container_of(syscall_event_enabler
, struct lttng_event_notifier_enabler
, parent
);
597 struct lttng_event_notifier_enabler
*event_notifier_enabler
;
598 struct lttng_kernel_abi_event_notifier event_notifier_param
;
599 uint64_t user_token
= syscall_event_enabler
->user_token
;
600 uint64_t error_counter_index
= syscall_event_notifier_enabler
->error_counter_index
;
602 memset(&event_notifier_param
, 0, sizeof(event_notifier_param
));
605 event_notifier_param
.event
.u
.syscall
.entryexit
= LTTNG_KERNEL_ABI_SYSCALL_ENTRY
;
606 event_notifier_param
.event
.u
.syscall
.abi
= LTTNG_KERNEL_ABI_SYSCALL_ABI_NATIVE
;
609 event_notifier_param
.event
.u
.syscall
.entryexit
= LTTNG_KERNEL_ABI_SYSCALL_EXIT
;
610 event_notifier_param
.event
.u
.syscall
.abi
= LTTNG_KERNEL_ABI_SYSCALL_ABI_NATIVE
;
612 case SC_TYPE_COMPAT_ENTRY
:
613 event_notifier_param
.event
.u
.syscall
.entryexit
= LTTNG_KERNEL_ABI_SYSCALL_ENTRY
;
614 event_notifier_param
.event
.u
.syscall
.abi
= LTTNG_KERNEL_ABI_SYSCALL_ABI_COMPAT
;
616 case SC_TYPE_COMPAT_EXIT
:
617 event_notifier_param
.event
.u
.syscall
.entryexit
= LTTNG_KERNEL_ABI_SYSCALL_EXIT
;
618 event_notifier_param
.event
.u
.syscall
.abi
= LTTNG_KERNEL_ABI_SYSCALL_ABI_COMPAT
;
621 strncat(event_notifier_param
.event
.name
, desc
->event_name
,
622 LTTNG_KERNEL_ABI_SYM_NAME_LEN
- strlen(event_notifier_param
.event
.name
) - 1);
623 event_notifier_param
.event
.name
[LTTNG_KERNEL_ABI_SYM_NAME_LEN
- 1] = '\0';
624 event_notifier_param
.event
.instrumentation
= LTTNG_KERNEL_ABI_SYSCALL
;
625 event_notifier_param
.event
.token
= user_token
;
626 event_notifier_param
.error_counter_index
= error_counter_index
;
628 event_notifier_enabler
= lttng_event_notifier_enabler_create(LTTNG_ENABLER_FORMAT_NAME
,
629 &event_notifier_param
, syscall_event_notifier_enabler
->group
);
630 WARN_ON_ONCE(!event_notifier_enabler
);
631 event
= _lttng_kernel_event_create(&event_notifier_enabler
->parent
, desc
);
632 WARN_ON_ONCE(IS_ERR(event
));
633 lttng_event_enabler_destroy(&event_notifier_enabler
->parent
);
635 printk(KERN_INFO
"Unable to create event notifier %s\n", desc
->event_name
);
638 event
->priv
->u
.syscall
.syscall_id
= syscall_nr
;
647 void lttng_syscall_event_enabler_create_matching_syscall_table_events(struct lttng_event_enabler_common
*syscall_event_enabler_common
,
648 const struct trace_syscall_entry
*table
, size_t table_len
, enum sc_type type
)
650 struct lttng_event_ht
*events_ht
= lttng_get_event_ht_from_enabler(syscall_event_enabler_common
);
651 const struct lttng_kernel_event_desc
*desc
;
654 #ifndef CONFIG_COMPAT
655 if (type
== SC_TYPE_COMPAT_ENTRY
|| type
== SC_TYPE_COMPAT_EXIT
)
658 /* iterate over all syscall and create event that match */
659 for (i
= 0; i
< table_len
; i
++) {
660 struct lttng_kernel_event_common_private
*event_priv
;
661 struct hlist_head
*head
;
664 desc
= table
[i
].desc
;
666 /* Unknown syscall */
670 if (!lttng_desc_match_enabler(desc
, syscall_event_enabler_common
))
674 * Check if already created.
676 head
= utils_borrow_hash_table_bucket(events_ht
->table
, LTTNG_EVENT_HT_SIZE
, desc
->event_name
);
677 lttng_hlist_for_each_entry(event_priv
, head
, hlist_node
) {
678 if (lttng_event_enabler_desc_match_event(syscall_event_enabler_common
, desc
, event_priv
->pub
)) {
686 lttng_syscall_event_enabler_create_event(syscall_event_enabler_common
, desc
, type
, i
);
691 bool lttng_syscall_event_enabler_is_wildcard_all(struct lttng_event_enabler_common
*event_enabler
)
693 if (event_enabler
->event_param
.instrumentation
!= LTTNG_KERNEL_ABI_SYSCALL
)
695 if (event_enabler
->event_param
.u
.syscall
.abi
!= LTTNG_KERNEL_ABI_SYSCALL_ABI_ALL
)
697 if (event_enabler
->event_param
.u
.syscall
.match
!= LTTNG_KERNEL_ABI_SYSCALL_MATCH_NAME
)
699 if (strcmp(event_enabler
->event_param
.name
, "*"))
705 void create_unknown_syscall_event(struct lttng_event_enabler_common
*event_enabler
, enum sc_type type
)
707 struct lttng_event_ht
*events_ht
= lttng_get_event_ht_from_enabler(event_enabler
);
708 struct lttng_kernel_event_common_private
*event_priv
;
709 const struct lttng_kernel_event_desc
*desc
;
711 struct hlist_head
*head
;
713 #ifndef CONFIG_COMPAT
714 if (type
== SC_TYPE_COMPAT_ENTRY
|| type
== SC_TYPE_COMPAT_EXIT
)
718 * Considering that currently system calls can only be enabled on a per
719 * name basis (or wildcard based on a name), unknown syscall events are
720 * only used when matching *all* system calls, because this is the only
721 * case which can be associated with an unknown system call.
723 * When enabling system call on a per system call number basis will be
724 * supported, this will need to be revisited.
726 if (!lttng_syscall_event_enabler_is_wildcard_all(event_enabler
))
731 desc
= &__event_desc___syscall_entry_unknown
;
734 desc
= &__event_desc___syscall_exit_unknown
;
736 case SC_TYPE_COMPAT_ENTRY
:
737 desc
= &__event_desc___compat_syscall_entry_unknown
;
739 case SC_TYPE_COMPAT_EXIT
:
740 desc
= &__event_desc___compat_syscall_exit_unknown
;
747 * Check if already created.
749 head
= utils_borrow_hash_table_bucket(events_ht
->table
, LTTNG_EVENT_HT_SIZE
, desc
->event_name
);
750 lttng_hlist_for_each_entry(event_priv
, head
, hlist_node
) {
751 if (lttng_event_enabler_desc_match_event(event_enabler
, desc
, event_priv
->pub
)) {
757 lttng_syscall_event_enabler_create_event(event_enabler
, desc
, type
, -1U);
761 void lttng_syscall_event_enabler_create_matching_events(struct lttng_event_enabler_common
*event_enabler
)
763 enum lttng_kernel_abi_syscall_entryexit entryexit
= event_enabler
->event_param
.u
.syscall
.entryexit
;
765 if (entryexit
== LTTNG_KERNEL_ABI_SYSCALL_ENTRY
|| entryexit
== LTTNG_KERNEL_ABI_SYSCALL_ENTRYEXIT
) {
766 lttng_syscall_event_enabler_create_matching_syscall_table_events(event_enabler
,
767 sc_table
.table
, sc_table
.len
, SC_TYPE_ENTRY
);
768 lttng_syscall_event_enabler_create_matching_syscall_table_events(event_enabler
,
769 compat_sc_table
.table
, compat_sc_table
.len
, SC_TYPE_COMPAT_ENTRY
);
770 create_unknown_syscall_event(event_enabler
, SC_TYPE_ENTRY
);
771 create_unknown_syscall_event(event_enabler
, SC_TYPE_COMPAT_ENTRY
);
774 if (entryexit
== LTTNG_KERNEL_ABI_SYSCALL_EXIT
|| entryexit
== LTTNG_KERNEL_ABI_SYSCALL_ENTRYEXIT
) {
775 lttng_syscall_event_enabler_create_matching_syscall_table_events(event_enabler
,
776 sc_exit_table
.table
, sc_exit_table
.len
, SC_TYPE_EXIT
);
777 lttng_syscall_event_enabler_create_matching_syscall_table_events(event_enabler
,
778 compat_sc_exit_table
.table
, compat_sc_exit_table
.len
, SC_TYPE_COMPAT_EXIT
);
779 create_unknown_syscall_event(event_enabler
, SC_TYPE_EXIT
);
780 create_unknown_syscall_event(event_enabler
, SC_TYPE_COMPAT_EXIT
);
785 * Should be called with sessions lock held.
787 int lttng_event_enabler_create_syscall_events_if_missing(struct lttng_event_enabler_common
*syscall_event_enabler
)
789 struct lttng_kernel_syscall_table
*syscall_table
= get_syscall_table_from_enabler(syscall_event_enabler
);
792 if (!syscall_table
->syscall_dispatch
) {
793 /* create syscall table mapping syscall to events */
794 syscall_table
->syscall_dispatch
= kzalloc(sizeof(struct hlist_head
) * sc_table
.len
, GFP_KERNEL
);
795 if (!syscall_table
->syscall_dispatch
)
798 if (!syscall_table
->syscall_exit_dispatch
) {
799 /* create syscall table mapping syscall to events */
800 syscall_table
->syscall_exit_dispatch
= kzalloc(sizeof(struct hlist_head
) * sc_exit_table
.len
, GFP_KERNEL
);
801 if (!syscall_table
->syscall_exit_dispatch
)
806 if (!syscall_table
->compat_syscall_dispatch
) {
807 /* create syscall table mapping compat syscall to events */
808 syscall_table
->compat_syscall_dispatch
= kzalloc(sizeof(struct hlist_head
) * compat_sc_table
.len
, GFP_KERNEL
);
809 if (!syscall_table
->compat_syscall_dispatch
)
813 if (!syscall_table
->compat_syscall_exit_dispatch
) {
814 /* create syscall table mapping compat syscall to events */
815 syscall_table
->compat_syscall_exit_dispatch
= kzalloc(sizeof(struct hlist_head
) * compat_sc_exit_table
.len
, GFP_KERNEL
);
816 if (!syscall_table
->compat_syscall_exit_dispatch
)
820 if (!syscall_table
->sc_filter
) {
821 syscall_table
->sc_filter
= kzalloc(sizeof(struct lttng_syscall_filter
),
823 if (!syscall_table
->sc_filter
)
827 if (!syscall_table
->sys_enter_registered
) {
828 ret
= lttng_wrapper_tracepoint_probe_register("sys_enter",
829 (void *) syscall_entry_event_probe
, syscall_table
);
832 syscall_table
->sys_enter_registered
= 1;
834 if (!syscall_table
->sys_exit_registered
) {
835 ret
= lttng_wrapper_tracepoint_probe_register("sys_exit",
836 (void *) syscall_exit_event_probe
, syscall_table
);
838 WARN_ON_ONCE(lttng_wrapper_tracepoint_probe_unregister("sys_enter",
839 (void *) syscall_entry_event_probe
, syscall_table
));
842 syscall_table
->sys_exit_registered
= 1;
845 lttng_syscall_event_enabler_create_matching_events(syscall_event_enabler
);
850 int lttng_syscalls_unregister_syscall_table(struct lttng_kernel_syscall_table
*syscall_table
)
854 if (!syscall_table
->syscall_dispatch
)
856 if (syscall_table
->sys_enter_registered
) {
857 ret
= lttng_wrapper_tracepoint_probe_unregister("sys_enter",
858 (void *) syscall_entry_event_probe
, syscall_table
);
861 syscall_table
->sys_enter_registered
= 0;
863 if (syscall_table
->sys_exit_registered
) {
864 ret
= lttng_wrapper_tracepoint_probe_unregister("sys_exit",
865 (void *) syscall_exit_event_probe
, syscall_table
);
868 syscall_table
->sys_exit_registered
= 0;
873 int lttng_syscalls_destroy_syscall_table(struct lttng_kernel_syscall_table
*syscall_table
)
875 kfree(syscall_table
->syscall_dispatch
);
876 kfree(syscall_table
->syscall_exit_dispatch
);
878 kfree(syscall_table
->compat_syscall_dispatch
);
879 kfree(syscall_table
->compat_syscall_exit_dispatch
);
881 kfree(syscall_table
->sc_filter
);
886 uint32_t get_sc_tables_len(void)
888 return sc_table
.len
+ compat_sc_table
.len
;
892 const char *get_syscall_name(const char *desc_name
,
893 enum lttng_syscall_abi abi
,
894 enum lttng_syscall_entryexit entryexit
)
896 size_t prefix_len
= 0;
900 case LTTNG_SYSCALL_ENTRY
:
902 case LTTNG_SYSCALL_ABI_NATIVE
:
903 prefix_len
= strlen(SYSCALL_ENTRY_STR
);
905 case LTTNG_SYSCALL_ABI_COMPAT
:
906 prefix_len
= strlen(COMPAT_SYSCALL_ENTRY_STR
);
910 case LTTNG_SYSCALL_EXIT
:
912 case LTTNG_SYSCALL_ABI_NATIVE
:
913 prefix_len
= strlen(SYSCALL_EXIT_STR
);
915 case LTTNG_SYSCALL_ABI_COMPAT
:
916 prefix_len
= strlen(COMPAT_SYSCALL_EXIT_STR
);
921 WARN_ON_ONCE(prefix_len
== 0);
922 return desc_name
+ prefix_len
;
926 int lttng_syscall_filter_enable(
927 struct lttng_syscall_filter
*filter
,
928 const char *desc_name
, enum lttng_syscall_abi abi
,
929 enum lttng_syscall_entryexit entryexit
,
930 unsigned int syscall_id
)
932 const char *syscall_name
;
933 unsigned long *bitmap
;
936 syscall_name
= get_syscall_name(desc_name
, abi
, entryexit
);
939 case LTTNG_SYSCALL_ENTRY
:
941 case LTTNG_SYSCALL_ABI_NATIVE
:
942 bitmap
= filter
->sc_entry
;
943 refcount_map
= filter
->sc_entry_refcount_map
;
945 case LTTNG_SYSCALL_ABI_COMPAT
:
946 bitmap
= filter
->sc_compat_entry
;
947 refcount_map
= filter
->sc_compat_entry_refcount_map
;
953 case LTTNG_SYSCALL_EXIT
:
955 case LTTNG_SYSCALL_ABI_NATIVE
:
956 bitmap
= filter
->sc_exit
;
957 refcount_map
= filter
->sc_exit_refcount_map
;
959 case LTTNG_SYSCALL_ABI_COMPAT
:
960 bitmap
= filter
->sc_compat_exit
;
961 refcount_map
= filter
->sc_compat_exit_refcount_map
;
970 if (refcount_map
[syscall_id
] == U32_MAX
)
972 if (refcount_map
[syscall_id
]++ == 0)
973 bitmap_set(bitmap
, syscall_id
, 1);
977 int lttng_syscall_filter_enable_event(struct lttng_kernel_event_common
*event
)
979 struct lttng_kernel_syscall_table
*syscall_table
= get_syscall_table_from_event(event
);
980 unsigned int syscall_id
= event
->priv
->u
.syscall
.syscall_id
;
981 struct hlist_head
*dispatch_list
;
984 WARN_ON_ONCE(event
->priv
->instrumentation
!= LTTNG_KERNEL_ABI_SYSCALL
);
986 /* Unknown syscall */
987 if (syscall_id
== -1U) {
988 switch (event
->priv
->u
.syscall
.entryexit
) {
989 case LTTNG_SYSCALL_ENTRY
:
990 switch (event
->priv
->u
.syscall
.abi
) {
991 case LTTNG_SYSCALL_ABI_NATIVE
:
992 dispatch_list
= &syscall_table
->unknown_syscall_dispatch
;
994 case LTTNG_SYSCALL_ABI_COMPAT
:
995 dispatch_list
= &syscall_table
->compat_unknown_syscall_dispatch
;
1002 case LTTNG_SYSCALL_EXIT
:
1003 switch (event
->priv
->u
.syscall
.abi
) {
1004 case LTTNG_SYSCALL_ABI_NATIVE
:
1005 dispatch_list
= &syscall_table
->unknown_syscall_exit_dispatch
;
1007 case LTTNG_SYSCALL_ABI_COMPAT
:
1008 dispatch_list
= &syscall_table
->compat_unknown_syscall_exit_dispatch
;
1020 ret
= lttng_syscall_filter_enable(syscall_table
->sc_filter
,
1021 event
->priv
->desc
->event_name
, event
->priv
->u
.syscall
.abi
,
1022 event
->priv
->u
.syscall
.entryexit
, syscall_id
);
1026 switch (event
->priv
->u
.syscall
.entryexit
) {
1027 case LTTNG_SYSCALL_ENTRY
:
1028 switch (event
->priv
->u
.syscall
.abi
) {
1029 case LTTNG_SYSCALL_ABI_NATIVE
:
1030 dispatch_list
= &syscall_table
->syscall_dispatch
[syscall_id
];
1032 case LTTNG_SYSCALL_ABI_COMPAT
:
1033 dispatch_list
= &syscall_table
->compat_syscall_dispatch
[syscall_id
];
1040 case LTTNG_SYSCALL_EXIT
:
1041 switch (event
->priv
->u
.syscall
.abi
) {
1042 case LTTNG_SYSCALL_ABI_NATIVE
:
1043 dispatch_list
= &syscall_table
->syscall_exit_dispatch
[syscall_id
];
1045 case LTTNG_SYSCALL_ABI_COMPAT
:
1046 dispatch_list
= &syscall_table
->compat_syscall_exit_dispatch
[syscall_id
];
1059 hlist_add_head_rcu(&event
->priv
->u
.syscall
.node
, dispatch_list
);
1065 int lttng_syscall_filter_disable(struct lttng_syscall_filter
*filter
,
1066 const char *desc_name
, enum lttng_syscall_abi abi
,
1067 enum lttng_syscall_entryexit entryexit
,
1068 unsigned int syscall_id
)
1070 const char *syscall_name
;
1071 unsigned long *bitmap
;
1074 syscall_name
= get_syscall_name(desc_name
, abi
, entryexit
);
1076 switch (entryexit
) {
1077 case LTTNG_SYSCALL_ENTRY
:
1079 case LTTNG_SYSCALL_ABI_NATIVE
:
1080 bitmap
= filter
->sc_entry
;
1081 refcount_map
= filter
->sc_entry_refcount_map
;
1083 case LTTNG_SYSCALL_ABI_COMPAT
:
1084 bitmap
= filter
->sc_compat_entry
;
1085 refcount_map
= filter
->sc_compat_entry_refcount_map
;
1091 case LTTNG_SYSCALL_EXIT
:
1093 case LTTNG_SYSCALL_ABI_NATIVE
:
1094 bitmap
= filter
->sc_exit
;
1095 refcount_map
= filter
->sc_exit_refcount_map
;
1097 case LTTNG_SYSCALL_ABI_COMPAT
:
1098 bitmap
= filter
->sc_compat_exit
;
1099 refcount_map
= filter
->sc_compat_exit_refcount_map
;
1108 if (refcount_map
[syscall_id
] == 0)
1110 if (--refcount_map
[syscall_id
] == 0)
1111 bitmap_clear(bitmap
, syscall_id
, 1);
1115 int lttng_syscall_filter_disable_event(struct lttng_kernel_event_common
*event
)
1117 struct lttng_kernel_syscall_table
*syscall_table
= get_syscall_table_from_event(event
);
1118 unsigned int syscall_id
= event
->priv
->u
.syscall
.syscall_id
;
1121 /* Except for unknown syscall */
1122 if (syscall_id
!= -1U) {
1123 ret
= lttng_syscall_filter_disable(syscall_table
->sc_filter
,
1124 event
->priv
->desc
->event_name
, event
->priv
->u
.syscall
.abi
,
1125 event
->priv
->u
.syscall
.entryexit
, syscall_id
);
1129 hlist_del_rcu(&event
->priv
->u
.syscall
.node
);
1133 void lttng_syscall_table_set_wildcard_all(struct lttng_event_enabler_common
*event_enabler
)
1135 struct lttng_kernel_syscall_table
*syscall_table
= get_syscall_table_from_enabler(event_enabler
);
1136 enum lttng_kernel_abi_syscall_entryexit entryexit
;
1137 int enabled
= event_enabler
->enabled
;
1139 if (!lttng_syscall_event_enabler_is_wildcard_all(event_enabler
))
1141 entryexit
= event_enabler
->event_param
.u
.syscall
.entryexit
;
1142 if (entryexit
== LTTNG_KERNEL_ABI_SYSCALL_ENTRY
|| entryexit
== LTTNG_KERNEL_ABI_SYSCALL_ENTRYEXIT
)
1143 WRITE_ONCE(syscall_table
->syscall_all_entry
, enabled
);
1145 if (entryexit
== LTTNG_KERNEL_ABI_SYSCALL_EXIT
|| entryexit
== LTTNG_KERNEL_ABI_SYSCALL_ENTRYEXIT
)
1146 WRITE_ONCE(syscall_table
->syscall_all_exit
, enabled
);
1150 const struct trace_syscall_entry
*syscall_list_get_entry(loff_t
*pos
)
1152 const struct trace_syscall_entry
*entry
;
1155 for (entry
= sc_table
.table
;
1156 entry
< sc_table
.table
+ sc_table
.len
;
1161 for (entry
= compat_sc_table
.table
;
1162 entry
< compat_sc_table
.table
+ compat_sc_table
.len
;
1172 void *syscall_list_start(struct seq_file
*m
, loff_t
*pos
)
1174 return (void *) syscall_list_get_entry(pos
);
1178 void *syscall_list_next(struct seq_file
*m
, void *p
, loff_t
*ppos
)
1181 return (void *) syscall_list_get_entry(ppos
);
1185 void syscall_list_stop(struct seq_file
*m
, void *p
)
1190 int get_sc_table(const struct trace_syscall_entry
*entry
,
1191 const struct trace_syscall_entry
**table
,
1192 unsigned int *bitness
)
1194 if (entry
>= sc_table
.table
&& entry
< sc_table
.table
+ sc_table
.len
) {
1196 *bitness
= BITS_PER_LONG
;
1198 *table
= sc_table
.table
;
1201 if (!(entry
>= compat_sc_table
.table
1202 && entry
< compat_sc_table
.table
+ compat_sc_table
.len
)) {
1208 *table
= compat_sc_table
.table
;
1213 int syscall_list_show(struct seq_file
*m
, void *p
)
1215 const struct trace_syscall_entry
*table
, *entry
= p
;
1216 unsigned int bitness
;
1217 unsigned long index
;
1221 ret
= get_sc_table(entry
, &table
, &bitness
);
1226 if (table
== sc_table
.table
) {
1227 index
= entry
- table
;
1228 name
= &entry
->desc
->event_name
[strlen(SYSCALL_ENTRY_STR
)];
1230 index
= (entry
- table
) + sc_table
.len
;
1231 name
= &entry
->desc
->event_name
[strlen(COMPAT_SYSCALL_ENTRY_STR
)];
1233 seq_printf(m
, "syscall { index = %lu; name = %s; bitness = %u; };\n",
1234 index
, name
, bitness
);
1239 const struct seq_operations lttng_syscall_list_seq_ops
= {
1240 .start
= syscall_list_start
,
1241 .next
= syscall_list_next
,
1242 .stop
= syscall_list_stop
,
1243 .show
= syscall_list_show
,
1247 int lttng_syscall_list_open(struct inode
*inode
, struct file
*file
)
1249 return seq_open(file
, <tng_syscall_list_seq_ops
);
1252 const struct file_operations lttng_syscall_list_fops
= {
1253 .owner
= THIS_MODULE
,
1254 .open
= lttng_syscall_list_open
,
1256 .llseek
= seq_lseek
,
1257 .release
= seq_release
,
1261 * A syscall is enabled if it is traced for either entry or exit.
1263 long lttng_syscall_table_get_active_mask(struct lttng_kernel_syscall_table
*syscall_table
,
1264 struct lttng_kernel_abi_syscall_mask __user
*usyscall_mask
)
1266 uint32_t len
, sc_tables_len
, bitmask_len
;
1269 struct lttng_syscall_filter
*filter
;
1271 ret
= get_user(len
, &usyscall_mask
->len
);
1274 sc_tables_len
= get_sc_tables_len();
1275 bitmask_len
= ALIGN(sc_tables_len
, 8) >> 3;
1276 if (len
< sc_tables_len
) {
1277 return put_user(sc_tables_len
, &usyscall_mask
->len
);
1279 /* Array is large enough, we can copy array to user-space. */
1280 tmp_mask
= kzalloc(bitmask_len
, GFP_KERNEL
);
1283 filter
= syscall_table
->sc_filter
;
1285 for (bit
= 0; bit
< sc_table
.len
; bit
++) {
1288 if (syscall_table
->syscall_dispatch
) {
1289 if (!(READ_ONCE(syscall_table
->syscall_all_entry
)
1290 || READ_ONCE(syscall_table
->syscall_all_exit
)) && filter
)
1291 state
= test_bit(bit
, filter
->sc_entry
)
1292 || test_bit(bit
, filter
->sc_exit
);
1298 bt_bitfield_write_be(tmp_mask
, char, bit
, 1, state
);
1300 for (; bit
< sc_tables_len
; bit
++) {
1303 if (syscall_table
->compat_syscall_dispatch
) {
1304 if (!(READ_ONCE(syscall_table
->syscall_all_entry
)
1305 || READ_ONCE(syscall_table
->syscall_all_exit
)) && filter
)
1306 state
= test_bit(bit
- sc_table
.len
,
1307 filter
->sc_compat_entry
)
1308 || test_bit(bit
- sc_table
.len
,
1309 filter
->sc_compat_exit
);
1315 bt_bitfield_write_be(tmp_mask
, char, bit
, 1, state
);
1317 if (copy_to_user(usyscall_mask
->mask
, tmp_mask
, bitmask_len
))
1323 int lttng_abi_syscall_list(void)
1325 struct file
*syscall_list_file
;
1328 file_fd
= lttng_get_unused_fd();
1334 syscall_list_file
= anon_inode_getfile("[lttng_syscall_list]",
1335 <tng_syscall_list_fops
,
1337 if (IS_ERR(syscall_list_file
)) {
1338 ret
= PTR_ERR(syscall_list_file
);
1341 ret
= lttng_syscall_list_fops
.open(NULL
, syscall_list_file
);
1344 fd_install(file_fd
, syscall_list_file
);
1348 fput(syscall_list_file
);
1350 put_unused_fd(file_fd
);