1/*-
  2 * SPDX-License-Identifier: BSD-3-Clause
  3 *
  4 * Copyright (c) 1988, 1993
  5 *	The Regents of the University of California.  All rights reserved.
  6 *
  7 * Redistribution and use in source and binary forms, with or without
  8 * modification, are permitted provided that the following conditions
  9 * are met:
 10 * 1. Redistributions of source code must retain the above copyright
 11 *    notice, this list of conditions and the following disclaimer.
 12 * 2. Redistributions in binary form must reproduce the above copyright
 13 *    notice, this list of conditions and the following disclaimer in the
 14 *    documentation and/or other materials provided with the distribution.
 15 * 3. Neither the name of the University nor the names of its contributors
 16 *    may be used to endorse or promote products derived from this software
 17 *    without specific prior written permission.
 18 *
 19 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
 20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 22 * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
 23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 29 * SUCH DAMAGE.
 30 *
 31 *	@(#)ktrace.h	8.1 (Berkeley) 6/2/93
 32 */
 33
 34#ifndef _SYS_KTRACE_H_
 35#define _SYS_KTRACE_H_
 36
 37#include <sys/param.h>
 38#include <sys/caprights.h>
 39#include <sys/signal.h>
 40#include <sys/socket.h>
 41#include <sys/_uio.h>
 42
 43/*
 44 * operations to ktrace system call  (KTROP(op))
 45 */
 46#define KTROP_SET		0	/* set trace points */
 47#define KTROP_CLEAR		1	/* clear trace points */
 48#define KTROP_CLEARFILE		2	/* stop all tracing to file */
 49#define	KTROP(o)		((o)&3)	/* macro to extract operation */
 50/*
 51 * flags (ORed in with operation)
 52 */
 53#define KTRFLAG_DESCEND		4	/* perform op on all children too */
 54
 55/*
 56 * ktrace record header
 57 */
 58struct ktr_header_v0 {
 59	int	ktr_len;		/* length of buf */
 60	short	ktr_type;		/* trace record type */
 61	pid_t	ktr_pid;		/* process id */
 62	char	ktr_comm[MAXCOMLEN + 1];/* command name */
 63	struct	timeval ktr_time;	/* timestamp */
 64	long	ktr_tid;		/* thread id */
 65};
 66
 67struct ktr_header {
 68	int	ktr_len;		/* length of buf */
 69	short	ktr_type;		/* trace record type */
 70	short	ktr_version;		/* ktr_header version */
 71	pid_t	ktr_pid;		/* process id */
 72	char	ktr_comm[MAXCOMLEN + 1];/* command name */
 73	struct	timespec ktr_time;	/* timestamp */
 74	/* XXX: make ktr_tid an lwpid_t on next ABI break */
 75	long	ktr_tid;		/* thread id */
 76	int	ktr_cpu;		/* cpu id */
 77};
 78
 79#define	KTR_VERSION0	0
 80#define	KTR_VERSION1	1
 81#define	KTR_OFFSET_V0	sizeof(struct ktr_header_v0) - \
 82			    sizeof(struct ktr_header)
 83/*
 84 * Test for kernel trace point (MP SAFE).
 85 *
 86 * KTRCHECK() just checks that the type is enabled and is only for
 87 * internal use in the ktrace subsystem.  KTRPOINT() checks against
 88 * ktrace recursion as well as checking that the type is enabled and
 89 * is the public interface.
 90 */
 91#define	KTRCHECK(td, type)	((td)->td_proc->p_traceflag & (1 << type))
 92#define KTRPOINT(td, type)  (__predict_false(KTRCHECK((td), (type))))
 93#define	KTRCHECKDRAIN(td)	(!(STAILQ_EMPTY(&(td)->td_proc->p_ktr)))
 94#define	KTRUSERRET(td) do {						\
 95	if (__predict_false(KTRCHECKDRAIN(td)))				\
 96		ktruserret(td);						\
 97} while (0)
 98
 99/*
100 * ktrace record types
101 */
102
103/*
104 * KTR_SYSCALL - system call record
105 */
106#define KTR_SYSCALL	1
107struct ktr_syscall {
108	short	ktr_code;		/* syscall number */
109	short	ktr_narg;		/* number of arguments */
110	/*
111	 * followed by ktr_narg register_t
112	 */
113	register_t	ktr_args[1];
114};
115
116/*
117 * KTR_SYSRET - return from system call record
118 */
119#define KTR_SYSRET	2
120struct ktr_sysret {
121	short	ktr_code;
122	short	ktr_eosys;
123	int	ktr_error;
124	register_t	ktr_retval;
125};
126
127/*
128 * KTR_NAMEI - namei record
129 */
130#define KTR_NAMEI	3
131	/* record contains pathname */
132
133/*
134 * KTR_GENIO - trace generic process i/o
135 */
136#define KTR_GENIO	4
137struct ktr_genio {
138	int	ktr_fd;
139	enum	uio_rw ktr_rw;
140	/*
141	 * followed by data successfully read/written
142	 */
143};
144
145/*
146 * KTR_PSIG - trace processed signal
147 */
148#define	KTR_PSIG	5
149struct ktr_psig {
150	int	signo;
151	sig_t	action;
152	int	code;
153	sigset_t mask;
154};
155
156/*
157 * KTR_CSW - trace context switches
158 */
159#define KTR_CSW		6
160struct ktr_csw_old {
161	int	out;	/* 1 if switch out, 0 if switch in */
162	int	user;	/* 1 if usermode (ivcsw), 0 if kernel (vcsw) */
163};
164
165struct ktr_csw {
166	int	out;	/* 1 if switch out, 0 if switch in */
167	int	user;	/* 1 if usermode (ivcsw), 0 if kernel (vcsw) */
168	char	wmesg[8];
169};
170
171/*
172 * KTR_USER - data coming from userland
173 */
174#define KTR_USER_MAXLEN	2048	/* maximum length of passed data */
175#define KTR_USER	7
176
177/*
178 * KTR_STRUCT - misc. structs
179 */
180#define KTR_STRUCT	8
181	/*
182	 * record contains null-terminated struct name followed by
183	 * struct contents
184	 */
185struct sockaddr;
186struct stat;
187struct sysentvec;
188
189/*
190 * KTR_SYSCTL - name of a sysctl MIB
191 */
192#define	KTR_SYSCTL	9
193	/* record contains null-terminated MIB name */
194
195/*
196 * KTR_PROCCTOR - trace process creation (multiple ABI support)
197 */
198#define KTR_PROCCTOR	10
199struct ktr_proc_ctor {
200	u_int	sv_flags;	/* struct sysentvec sv_flags copy */
201};
202
203/*
204 * KTR_PROCDTOR - trace process destruction (multiple ABI support)
205 */
206#define KTR_PROCDTOR	11
207
208/*
209 * KTR_CAPFAIL - trace capability check failures
210 */
211#define KTR_CAPFAIL	12
212enum ktr_cap_violation {
213	CAPFAIL_NOTCAPABLE,	/* insufficient capabilities in cap_check() */
214	CAPFAIL_INCREASE,	/* attempt to increase rights on a capability */
215	CAPFAIL_SYSCALL,	/* disallowed system call */
216	CAPFAIL_SIGNAL,		/* sent signal to process other than self */
217	CAPFAIL_PROTO,		/* disallowed protocol */
218	CAPFAIL_SOCKADDR,	/* restricted address lookup */
219	CAPFAIL_NAMEI,		/* restricted namei lookup */
220	CAPFAIL_CPUSET,		/* restricted CPU set modification */
221};
222
223union ktr_cap_data {
224	cap_rights_t	cap_rights[2];
225#define	cap_needed	cap_rights[0]
226#define	cap_held	cap_rights[1]
227	int		cap_int;
228	struct sockaddr	cap_sockaddr;
229	char		cap_path[MAXPATHLEN];
230};
231
232struct ktr_cap_fail {
233	enum ktr_cap_violation cap_type;
234	short	cap_code;
235	u_int	cap_svflags;
236	union ktr_cap_data cap_data;
237};
238
239/*
240 * KTR_FAULT - page fault record
241 */
242#define KTR_FAULT	13
243struct ktr_fault {
244	vm_offset_t vaddr;
245	int type;
246};
247
248/*
249 * KTR_FAULTEND - end of page fault record
250 */
251#define KTR_FAULTEND	14
252struct ktr_faultend {
253	int result;
254};
255
256/*
257 * KTR_STRUCT_ARRAY - array of misc. structs
258 */
259#define	KTR_STRUCT_ARRAY 15
260struct ktr_struct_array {
261	size_t struct_size;
262	/*
263	 * Followed by null-terminated structure name and then payload
264	 * contents.
265	 */
266};
267
268/*
269 * KTR_DROP - If this bit is set in ktr_type, then at least one event
270 * between the previous record and this record was dropped.
271 */
272#define	KTR_DROP	0x8000
273/*
274 * KTR_VERSIONED - If this bit is set in ktr_type, then the kernel
275 * exposes the new struct ktr_header (versioned), otherwise the old
276 * struct ktr_header_v0 is exposed.
277 */
278#define	KTR_VERSIONED	0x4000
279#define	KTR_TYPE	(KTR_DROP | KTR_VERSIONED)
280
281/*
282 * kernel trace points (in p_traceflag)
283 */
284#define KTRFAC_MASK	0x00ffffff
285#define KTRFAC_SYSCALL	(1<<KTR_SYSCALL)
286#define KTRFAC_SYSRET	(1<<KTR_SYSRET)
287#define KTRFAC_NAMEI	(1<<KTR_NAMEI)
288#define KTRFAC_GENIO	(1<<KTR_GENIO)
289#define	KTRFAC_PSIG	(1<<KTR_PSIG)
290#define KTRFAC_CSW	(1<<KTR_CSW)
291#define KTRFAC_USER	(1<<KTR_USER)
292#define KTRFAC_STRUCT	(1<<KTR_STRUCT)
293#define KTRFAC_SYSCTL	(1<<KTR_SYSCTL)
294#define KTRFAC_PROCCTOR	(1<<KTR_PROCCTOR)
295#define KTRFAC_PROCDTOR	(1<<KTR_PROCDTOR)
296#define KTRFAC_CAPFAIL	(1<<KTR_CAPFAIL)
297#define KTRFAC_FAULT	(1<<KTR_FAULT)
298#define KTRFAC_FAULTEND	(1<<KTR_FAULTEND)
299#define	KTRFAC_STRUCT_ARRAY (1<<KTR_STRUCT_ARRAY)
300
301/*
302 * trace flags (also in p_traceflags)
303 */
304#define KTRFAC_ROOT	0x80000000	/* root set this trace */
305#define KTRFAC_INHERIT	0x40000000	/* pass trace flags to children */
306#define	KTRFAC_DROP	0x20000000	/* last event was dropped */
307
308#ifdef	_KERNEL
309struct ktr_io_params;
310
311#ifdef	KTRACE
312struct vnode *ktr_get_tracevp(struct proc *, bool);
313#else
314static inline struct vnode *
315ktr_get_tracevp(struct proc *p, bool ref)
316{
317
318	return (NULL);
319}
320#endif
321void	ktr_io_params_free(struct ktr_io_params *);
322void	ktrnamei(const char *);
323void	ktrcsw(int, int, const char *);
324void	ktrpsig(int, sig_t, sigset_t *, int);
325void	ktrfault(vm_offset_t, int);
326void	ktrfaultend(int);
327void	ktrgenio(int, enum uio_rw, struct uio *, int);
328void	ktrsyscall(int, int narg, syscallarg_t args[]);
329void	ktrsysctl(int *name, u_int namelen);
330void	ktrsysret(int, int, register_t);
331void	ktrprocctor(struct proc *);
332struct ktr_io_params *ktrprocexec(struct proc *);
333void	ktrprocexit(struct thread *);
334void	ktrprocfork(struct proc *, struct proc *);
335void	ktruserret(struct thread *);
336void	ktrstruct(const char *, const void *, size_t);
337void	ktrstruct_error(const char *, const void *, size_t, int);
338void	ktrstructarray(const char *, enum uio_seg, const void *, int, size_t);
339void	ktrcapfail(enum ktr_cap_violation, const void *);
340#define ktrcaprights(s) \
341	ktrstruct("caprights", (s), sizeof(cap_rights_t))
342#define	ktritimerval(s) \
343	ktrstruct("itimerval", (s), sizeof(struct itimerval))
344#define ktrsockaddr(s) \
345	ktrstruct("sockaddr", (s), ((struct sockaddr *)(s))->sa_len)
346#define ktrstat(s) \
347	ktrstruct("stat", (s), sizeof(struct stat))
348#define ktrstat_error(s, error) \
349	ktrstruct_error("stat", (s), sizeof(struct stat), error)
350#define ktrcpuset(s, l) \
351	ktrstruct("cpuset_t", (s), l)
352#define	ktrsplice(s) \
353	ktrstruct("splice", (s), sizeof(struct splice))
354extern u_int ktr_geniosize;
355#ifdef	KTRACE
356extern int ktr_filesize_limit_signal;
357#define	__ktrace_used
358#else
359#define	ktr_filesize_limit_signal 0
360#define	__ktrace_used	__unused
361#endif
362#else
363
364#include <sys/cdefs.h>
365
366__BEGIN_DECLS
367int	ktrace(const char *, int, int, pid_t);
368int	utrace(const void *, size_t);
369__END_DECLS
370
371#endif
372
373#endif