1 /*- 2 * SPDX-License-Identifier: BSD-3-Clause 3 * 4 * Copyright (c) 1988, 1993 5 * The Regents of the University of California. All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. Neither the name of the University nor the names of its contributors 16 * may be used to endorse or promote products derived from this software 17 * without specific prior written permission. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29 * SUCH DAMAGE. 30 * 31 * @(#)ktrace.h 8.1 (Berkeley) 6/2/93 32 * $FreeBSD$ 33 */ 34 35 #ifndef _SYS_KTRACE_H_ 36 #define _SYS_KTRACE_H_ 37 38 #include <sys/caprights.h> 39 40 /* 41 * operations to ktrace system call (KTROP(op)) 42 */ 43 #define KTROP_SET 0 /* set trace points */ 44 #define KTROP_CLEAR 1 /* clear trace points */ 45 #define KTROP_CLEARFILE 2 /* stop all tracing to file */ 46 #define KTROP(o) ((o)&3) /* macro to extract operation */ 47 /* 48 * flags (ORed in with operation) 49 */ 50 #define KTRFLAG_DESCEND 4 /* perform op on all children too */ 51 52 /* 53 * ktrace record header 54 */ 55 struct ktr_header { 56 int ktr_len; /* length of buf */ 57 short ktr_type; /* trace record type */ 58 pid_t ktr_pid; /* process id */ 59 char ktr_comm[MAXCOMLEN + 1];/* command name */ 60 struct timeval ktr_time; /* timestamp */ 61 intptr_t ktr_tid; /* was ktr_buffer */ 62 }; 63 64 /* 65 * Test for kernel trace point (MP SAFE). 66 * 67 * KTRCHECK() just checks that the type is enabled and is only for 68 * internal use in the ktrace subsystem. KTRPOINT() checks against 69 * ktrace recursion as well as checking that the type is enabled and 70 * is the public interface. 71 */ 72 #define KTRCHECK(td, type) ((td)->td_proc->p_traceflag & (1 << type)) 73 #define KTRPOINT(td, type) (__predict_false(KTRCHECK((td), (type)))) 74 #define KTRCHECKDRAIN(td) (!(STAILQ_EMPTY(&(td)->td_proc->p_ktr))) 75 #define KTRUSERRET(td) do { \ 76 if (__predict_false(KTRCHECKDRAIN(td))) \ 77 ktruserret(td); \ 78 } while (0) 79 80 /* 81 * ktrace record types 82 */ 83 84 /* 85 * KTR_SYSCALL - system call record 86 */ 87 #define KTR_SYSCALL 1 88 struct ktr_syscall { 89 short ktr_code; /* syscall number */ 90 short ktr_narg; /* number of arguments */ 91 /* 92 * followed by ktr_narg register_t 93 */ 94 register_t ktr_args[1]; 95 }; 96 97 /* 98 * KTR_SYSRET - return from system call record 99 */ 100 #define KTR_SYSRET 2 101 struct ktr_sysret { 102 short ktr_code; 103 short ktr_eosys; 104 int ktr_error; 105 register_t ktr_retval; 106 }; 107 108 /* 109 * KTR_NAMEI - namei record 110 */ 111 #define KTR_NAMEI 3 112 /* record contains pathname */ 113 114 /* 115 * KTR_GENIO - trace generic process i/o 116 */ 117 #define KTR_GENIO 4 118 struct ktr_genio { 119 int ktr_fd; 120 enum uio_rw ktr_rw; 121 /* 122 * followed by data successfully read/written 123 */ 124 }; 125 126 /* 127 * KTR_PSIG - trace processed signal 128 */ 129 #define KTR_PSIG 5 130 struct ktr_psig { 131 int signo; 132 sig_t action; 133 int code; 134 sigset_t mask; 135 }; 136 137 /* 138 * KTR_CSW - trace context switches 139 */ 140 #define KTR_CSW 6 141 struct ktr_csw_old { 142 int out; /* 1 if switch out, 0 if switch in */ 143 int user; /* 1 if usermode (ivcsw), 0 if kernel (vcsw) */ 144 }; 145 146 struct ktr_csw { 147 int out; /* 1 if switch out, 0 if switch in */ 148 int user; /* 1 if usermode (ivcsw), 0 if kernel (vcsw) */ 149 char wmesg[8]; 150 }; 151 152 /* 153 * KTR_USER - data coming from userland 154 */ 155 #define KTR_USER_MAXLEN 2048 /* maximum length of passed data */ 156 #define KTR_USER 7 157 158 /* 159 * KTR_STRUCT - misc. structs 160 */ 161 #define KTR_STRUCT 8 162 /* 163 * record contains null-terminated struct name followed by 164 * struct contents 165 */ 166 struct sockaddr; 167 struct stat; 168 struct sysentvec; 169 170 /* 171 * KTR_SYSCTL - name of a sysctl MIB 172 */ 173 #define KTR_SYSCTL 9 174 /* record contains null-terminated MIB name */ 175 176 /* 177 * KTR_PROCCTOR - trace process creation (multiple ABI support) 178 */ 179 #define KTR_PROCCTOR 10 180 struct ktr_proc_ctor { 181 u_int sv_flags; /* struct sysentvec sv_flags copy */ 182 }; 183 184 /* 185 * KTR_PROCDTOR - trace process destruction (multiple ABI support) 186 */ 187 #define KTR_PROCDTOR 11 188 189 /* 190 * KTR_CAPFAIL - trace capability check failures 191 */ 192 #define KTR_CAPFAIL 12 193 enum ktr_cap_fail_type { 194 CAPFAIL_NOTCAPABLE, /* insufficient capabilities in cap_check() */ 195 CAPFAIL_INCREASE, /* attempt to increase capabilities */ 196 CAPFAIL_SYSCALL, /* disallowed system call */ 197 CAPFAIL_LOOKUP, /* disallowed VFS lookup */ 198 }; 199 struct ktr_cap_fail { 200 enum ktr_cap_fail_type cap_type; 201 cap_rights_t cap_needed; 202 cap_rights_t cap_held; 203 }; 204 205 /* 206 * KTR_FAULT - page fault record 207 */ 208 #define KTR_FAULT 13 209 struct ktr_fault { 210 vm_offset_t vaddr; 211 int type; 212 }; 213 214 /* 215 * KTR_FAULTEND - end of page fault record 216 */ 217 #define KTR_FAULTEND 14 218 struct ktr_faultend { 219 int result; 220 }; 221 222 /* 223 * KTR_STRUCT_ARRAY - array of misc. structs 224 */ 225 #define KTR_STRUCT_ARRAY 15 226 struct ktr_struct_array { 227 size_t struct_size; 228 /* 229 * Followed by null-terminated structure name and then payload 230 * contents. 231 */ 232 }; 233 234 /* 235 * KTR_DROP - If this bit is set in ktr_type, then at least one event 236 * between the previous record and this record was dropped. 237 */ 238 #define KTR_DROP 0x8000 239 240 /* 241 * kernel trace points (in p_traceflag) 242 */ 243 #define KTRFAC_MASK 0x00ffffff 244 #define KTRFAC_SYSCALL (1<<KTR_SYSCALL) 245 #define KTRFAC_SYSRET (1<<KTR_SYSRET) 246 #define KTRFAC_NAMEI (1<<KTR_NAMEI) 247 #define KTRFAC_GENIO (1<<KTR_GENIO) 248 #define KTRFAC_PSIG (1<<KTR_PSIG) 249 #define KTRFAC_CSW (1<<KTR_CSW) 250 #define KTRFAC_USER (1<<KTR_USER) 251 #define KTRFAC_STRUCT (1<<KTR_STRUCT) 252 #define KTRFAC_SYSCTL (1<<KTR_SYSCTL) 253 #define KTRFAC_PROCCTOR (1<<KTR_PROCCTOR) 254 #define KTRFAC_PROCDTOR (1<<KTR_PROCDTOR) 255 #define KTRFAC_CAPFAIL (1<<KTR_CAPFAIL) 256 #define KTRFAC_FAULT (1<<KTR_FAULT) 257 #define KTRFAC_FAULTEND (1<<KTR_FAULTEND) 258 #define KTRFAC_STRUCT_ARRAY (1<<KTR_STRUCT_ARRAY) 259 260 /* 261 * trace flags (also in p_traceflags) 262 */ 263 #define KTRFAC_ROOT 0x80000000 /* root set this trace */ 264 #define KTRFAC_INHERIT 0x40000000 /* pass trace flags to children */ 265 #define KTRFAC_DROP 0x20000000 /* last event was dropped */ 266 267 #ifdef _KERNEL 268 struct ktr_io_params; 269 270 #ifdef KTRACE 271 struct vnode *ktr_get_tracevp(struct proc *, bool); 272 #else 273 static inline struct vnode * 274 ktr_get_tracevp(struct proc *p, bool ref) 275 { 276 277 return (NULL); 278 } 279 #endif 280 void ktr_io_params_free(struct ktr_io_params *); 281 void ktrnamei(const char *); 282 void ktrcsw(int, int, const char *); 283 void ktrpsig(int, sig_t, sigset_t *, int); 284 void ktrfault(vm_offset_t, int); 285 void ktrfaultend(int); 286 void ktrgenio(int, enum uio_rw, struct uio *, int); 287 void ktrsyscall(int, int narg, register_t args[]); 288 void ktrsysctl(int *name, u_int namelen); 289 void ktrsysret(int, int, register_t); 290 void ktrprocctor(struct proc *); 291 struct ktr_io_params *ktrprocexec(struct proc *); 292 void ktrprocexit(struct thread *); 293 void ktrprocfork(struct proc *, struct proc *); 294 void ktruserret(struct thread *); 295 void ktrstruct(const char *, const void *, size_t); 296 void ktrstruct_error(const char *, const void *, size_t, int); 297 void ktrstructarray(const char *, enum uio_seg, const void *, int, size_t); 298 void ktrcapfail(enum ktr_cap_fail_type, const cap_rights_t *, 299 const cap_rights_t *); 300 #define ktrcaprights(s) \ 301 ktrstruct("caprights", (s), sizeof(cap_rights_t)) 302 #define ktritimerval(s) \ 303 ktrstruct("itimerval", (s), sizeof(struct itimerval)) 304 #define ktrsockaddr(s) \ 305 ktrstruct("sockaddr", (s), ((struct sockaddr *)(s))->sa_len) 306 #define ktrstat(s) \ 307 ktrstruct("stat", (s), sizeof(struct stat)) 308 #define ktrstat_error(s, error) \ 309 ktrstruct_error("stat", (s), sizeof(struct stat), error) 310 extern u_int ktr_geniosize; 311 #ifdef KTRACE 312 extern int ktr_filesize_limit_signal; 313 #else 314 #define ktr_filesize_limit_signal 0 315 #endif 316 #else 317 318 #include <sys/cdefs.h> 319 320 __BEGIN_DECLS 321 int ktrace(const char *, int, int, pid_t); 322 int utrace(const void *, size_t); 323 __END_DECLS 324 325 #endif 326 327 #endif 328