1/*-
2 * SPDX-License-Identifier: BSD-3-Clause
3 *
4 * Copyright (c) 1988, 1993
5 *	The Regents of the University of California.  All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 *    notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 *    notice, this list of conditions and the following disclaimer in the
14 *    documentation and/or other materials provided with the distribution.
15 * 3. Neither the name of the University nor the names of its contributors
16 *    may be used to endorse or promote products derived from this software
17 *    without specific prior written permission.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 * SUCH DAMAGE.
30 *
31 *	@(#)ktrace.h	8.1 (Berkeley) 6/2/93
32 * $FreeBSD$
33 */
34
35#ifndef _SYS_KTRACE_H_
36#define _SYS_KTRACE_H_
37
38#include <sys/caprights.h>
39
40/*
41 * operations to ktrace system call  (KTROP(op))
42 */
43#define KTROP_SET		0	/* set trace points */
44#define KTROP_CLEAR		1	/* clear trace points */
45#define KTROP_CLEARFILE		2	/* stop all tracing to file */
46#define	KTROP(o)		((o)&3)	/* macro to extract operation */
47/*
48 * flags (ORed in with operation)
49 */
50#define KTRFLAG_DESCEND		4	/* perform op on all children too */
51
52/*
53 * ktrace record header
54 */
55struct ktr_header {
56	int	ktr_len;		/* length of buf */
57	short	ktr_type;		/* trace record type */
58	pid_t	ktr_pid;		/* process id */
59	char	ktr_comm[MAXCOMLEN + 1];/* command name */
60	struct	timeval ktr_time;	/* timestamp */
61	intptr_t	ktr_tid;	/* was ktr_buffer */
62};
63
64/*
65 * Test for kernel trace point (MP SAFE).
66 *
67 * KTRCHECK() just checks that the type is enabled and is only for
68 * internal use in the ktrace subsystem.  KTRPOINT() checks against
69 * ktrace recursion as well as checking that the type is enabled and
70 * is the public interface.
71 */
72#define	KTRCHECK(td, type)	((td)->td_proc->p_traceflag & (1 << type))
73#define KTRPOINT(td, type)  (__predict_false(KTRCHECK((td), (type))))
74#define	KTRCHECKDRAIN(td)	(!(STAILQ_EMPTY(&(td)->td_proc->p_ktr)))
75#define	KTRUSERRET(td) do {						\
76	if (__predict_false(KTRCHECKDRAIN(td)))				\
77		ktruserret(td);						\
78} while (0)
79
80/*
81 * ktrace record types
82 */
83
84/*
85 * KTR_SYSCALL - system call record
86 */
87#define KTR_SYSCALL	1
88struct ktr_syscall {
89	short	ktr_code;		/* syscall number */
90	short	ktr_narg;		/* number of arguments */
91	/*
92	 * followed by ktr_narg register_t
93	 */
94	register_t	ktr_args[1];
95};
96
97/*
98 * KTR_SYSRET - return from system call record
99 */
100#define KTR_SYSRET	2
101struct ktr_sysret {
102	short	ktr_code;
103	short	ktr_eosys;
104	int	ktr_error;
105	register_t	ktr_retval;
106};
107
108/*
109 * KTR_NAMEI - namei record
110 */
111#define KTR_NAMEI	3
112	/* record contains pathname */
113
114/*
115 * KTR_GENIO - trace generic process i/o
116 */
117#define KTR_GENIO	4
118struct ktr_genio {
119	int	ktr_fd;
120	enum	uio_rw ktr_rw;
121	/*
122	 * followed by data successfully read/written
123	 */
124};
125
126/*
127 * KTR_PSIG - trace processed signal
128 */
129#define	KTR_PSIG	5
130struct ktr_psig {
131	int	signo;
132	sig_t	action;
133	int	code;
134	sigset_t mask;
135};
136
137/*
138 * KTR_CSW - trace context switches
139 */
140#define KTR_CSW		6
141struct ktr_csw_old {
142	int	out;	/* 1 if switch out, 0 if switch in */
143	int	user;	/* 1 if usermode (ivcsw), 0 if kernel (vcsw) */
144};
145
146struct ktr_csw {
147	int	out;	/* 1 if switch out, 0 if switch in */
148	int	user;	/* 1 if usermode (ivcsw), 0 if kernel (vcsw) */
149	char	wmesg[8];
150};
151
152/*
153 * KTR_USER - data coming from userland
154 */
155#define KTR_USER_MAXLEN	2048	/* maximum length of passed data */
156#define KTR_USER	7
157
158/*
159 * KTR_STRUCT - misc. structs
160 */
161#define KTR_STRUCT	8
162	/*
163	 * record contains null-terminated struct name followed by
164	 * struct contents
165	 */
166struct sockaddr;
167struct stat;
168struct sysentvec;
169
170/*
171 * KTR_SYSCTL - name of a sysctl MIB
172 */
173#define	KTR_SYSCTL	9
174	/* record contains null-terminated MIB name */
175
176/*
177 * KTR_PROCCTOR - trace process creation (multiple ABI support)
178 */
179#define KTR_PROCCTOR	10
180struct ktr_proc_ctor {
181	u_int	sv_flags;	/* struct sysentvec sv_flags copy */
182};
183
184/*
185 * KTR_PROCDTOR - trace process destruction (multiple ABI support)
186 */
187#define KTR_PROCDTOR	11
188
189/*
190 * KTR_CAPFAIL - trace capability check failures
191 */
192#define KTR_CAPFAIL	12
193enum ktr_cap_fail_type {
194	CAPFAIL_NOTCAPABLE,	/* insufficient capabilities in cap_check() */
195	CAPFAIL_INCREASE,	/* attempt to increase capabilities */
196	CAPFAIL_SYSCALL,	/* disallowed system call */
197	CAPFAIL_LOOKUP,		/* disallowed VFS lookup */
198};
199struct ktr_cap_fail {
200	enum ktr_cap_fail_type cap_type;
201	cap_rights_t	cap_needed;
202	cap_rights_t	cap_held;
203};
204
205/*
206 * KTR_FAULT - page fault record
207 */
208#define KTR_FAULT	13
209struct ktr_fault {
210	vm_offset_t vaddr;
211	int type;
212};
213
214/*
215 * KTR_FAULTEND - end of page fault record
216 */
217#define KTR_FAULTEND	14
218struct ktr_faultend {
219	int result;
220};
221
222/*
223 * KTR_STRUCT_ARRAY - array of misc. structs
224 */
225#define	KTR_STRUCT_ARRAY 15
226struct ktr_struct_array {
227	size_t struct_size;
228	/*
229	 * Followed by null-terminated structure name and then payload
230	 * contents.
231	 */
232};
233
234/*
235 * KTR_DROP - If this bit is set in ktr_type, then at least one event
236 * between the previous record and this record was dropped.
237 */
238#define	KTR_DROP	0x8000
239
240/*
241 * kernel trace points (in p_traceflag)
242 */
243#define KTRFAC_MASK	0x00ffffff
244#define KTRFAC_SYSCALL	(1<<KTR_SYSCALL)
245#define KTRFAC_SYSRET	(1<<KTR_SYSRET)
246#define KTRFAC_NAMEI	(1<<KTR_NAMEI)
247#define KTRFAC_GENIO	(1<<KTR_GENIO)
248#define	KTRFAC_PSIG	(1<<KTR_PSIG)
249#define KTRFAC_CSW	(1<<KTR_CSW)
250#define KTRFAC_USER	(1<<KTR_USER)
251#define KTRFAC_STRUCT	(1<<KTR_STRUCT)
252#define KTRFAC_SYSCTL	(1<<KTR_SYSCTL)
253#define KTRFAC_PROCCTOR	(1<<KTR_PROCCTOR)
254#define KTRFAC_PROCDTOR	(1<<KTR_PROCDTOR)
255#define KTRFAC_CAPFAIL	(1<<KTR_CAPFAIL)
256#define KTRFAC_FAULT	(1<<KTR_FAULT)
257#define KTRFAC_FAULTEND	(1<<KTR_FAULTEND)
258#define	KTRFAC_STRUCT_ARRAY (1<<KTR_STRUCT_ARRAY)
259
260/*
261 * trace flags (also in p_traceflags)
262 */
263#define KTRFAC_ROOT	0x80000000	/* root set this trace */
264#define KTRFAC_INHERIT	0x40000000	/* pass trace flags to children */
265#define	KTRFAC_DROP	0x20000000	/* last event was dropped */
266
267#ifdef	_KERNEL
268struct ktr_io_params;
269
270#ifdef	KTRACE
271struct vnode *ktr_get_tracevp(struct proc *, bool);
272#else
273static inline struct vnode *
274ktr_get_tracevp(struct proc *p, bool ref)
275{
276
277	return (NULL);
278}
279#endif
280void	ktr_io_params_free(struct ktr_io_params *);
281void	ktrnamei(char *);
282void	ktrcsw(int, int, const char *);
283void	ktrpsig(int, sig_t, sigset_t *, int);
284void	ktrfault(vm_offset_t, int);
285void	ktrfaultend(int);
286void	ktrgenio(int, enum uio_rw, struct uio *, int);
287void	ktrsyscall(int, int narg, register_t args[]);
288void	ktrsysctl(int *name, u_int namelen);
289void	ktrsysret(int, int, register_t);
290void	ktrprocctor(struct proc *);
291struct ktr_io_params *ktrprocexec(struct proc *);
292void	ktrprocexit(struct thread *);
293void	ktrprocfork(struct proc *, struct proc *);
294void	ktruserret(struct thread *);
295void	ktrstruct(const char *, const void *, size_t);
296void	ktrstruct_error(const char *, const void *, size_t, int);
297void	ktrstructarray(const char *, enum uio_seg, const void *, int, size_t);
298void	ktrcapfail(enum ktr_cap_fail_type, const cap_rights_t *,
299	    const cap_rights_t *);
300#define ktrcaprights(s) \
301	ktrstruct("caprights", (s), sizeof(cap_rights_t))
302#define	ktritimerval(s) \
303	ktrstruct("itimerval", (s), sizeof(struct itimerval))
304#define ktrsockaddr(s) \
305	ktrstruct("sockaddr", (s), ((struct sockaddr *)(s))->sa_len)
306#define ktrstat(s) \
307	ktrstruct("stat", (s), sizeof(struct stat))
308#define ktrstat_error(s, error) \
309	ktrstruct_error("stat", (s), sizeof(struct stat), error)
310extern u_int ktr_geniosize;
311#ifdef	KTRACE
312extern int ktr_filesize_limit_signal;
313#else
314#define	ktr_filesize_limit_signal 0
315#endif
316#else
317
318#include <sys/cdefs.h>
319
320__BEGIN_DECLS
321int	ktrace(const char *, int, int, pid_t);
322int	utrace(const void *, size_t);
323__END_DECLS
324
325#endif
326
327#endif
328