1 /*- 2 * Copyright (c) 1988, 1993 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 4. Neither the name of the University nor the names of its contributors 14 * may be used to endorse or promote products derived from this software 15 * without specific prior written permission. 16 * 17 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27 * SUCH DAMAGE. 28 * 29 * @(#)ktrace.h 8.1 (Berkeley) 6/2/93 30 * $FreeBSD$ 31 */ 32 33 #ifndef _SYS_KTRACE_H_ 34 #define _SYS_KTRACE_H_ 35 36 #include <sys/caprights.h> 37 38 /* 39 * operations to ktrace system call (KTROP(op)) 40 */ 41 #define KTROP_SET 0 /* set trace points */ 42 #define KTROP_CLEAR 1 /* clear trace points */ 43 #define KTROP_CLEARFILE 2 /* stop all tracing to file */ 44 #define KTROP(o) ((o)&3) /* macro to extract operation */ 45 /* 46 * flags (ORed in with operation) 47 */ 48 #define KTRFLAG_DESCEND 4 /* perform op on all children too */ 49 50 /* 51 * ktrace record header 52 */ 53 struct ktr_header { 54 int ktr_len; /* length of buf */ 55 short ktr_type; /* trace record type */ 56 pid_t ktr_pid; /* process id */ 57 char ktr_comm[MAXCOMLEN + 1];/* command name */ 58 struct timeval ktr_time; /* timestamp */ 59 intptr_t ktr_tid; /* was ktr_buffer */ 60 }; 61 62 /* 63 * Test for kernel trace point (MP SAFE). 64 * 65 * KTRCHECK() just checks that the type is enabled and is only for 66 * internal use in the ktrace subsystem. KTRPOINT() checks against 67 * ktrace recursion as well as checking that the type is enabled and 68 * is the public interface. 69 */ 70 #define KTRCHECK(td, type) ((td)->td_proc->p_traceflag & (1 << type)) 71 #define KTRPOINT(td, type) \ 72 (KTRCHECK((td), (type)) && !((td)->td_pflags & TDP_INKTRACE)) 73 #define KTRCHECKDRAIN(td) (!(STAILQ_EMPTY(&(td)->td_proc->p_ktr))) 74 #define KTRUSERRET(td) do { \ 75 if (KTRCHECKDRAIN(td)) \ 76 ktruserret(td); \ 77 } while (0) 78 79 /* 80 * ktrace record types 81 */ 82 83 /* 84 * KTR_SYSCALL - system call record 85 */ 86 #define KTR_SYSCALL 1 87 struct ktr_syscall { 88 short ktr_code; /* syscall number */ 89 short ktr_narg; /* number of arguments */ 90 /* 91 * followed by ktr_narg register_t 92 */ 93 register_t ktr_args[1]; 94 }; 95 96 /* 97 * KTR_SYSRET - return from system call record 98 */ 99 #define KTR_SYSRET 2 100 struct ktr_sysret { 101 short ktr_code; 102 short ktr_eosys; 103 int ktr_error; 104 register_t ktr_retval; 105 }; 106 107 /* 108 * KTR_NAMEI - namei record 109 */ 110 #define KTR_NAMEI 3 111 /* record contains pathname */ 112 113 /* 114 * KTR_GENIO - trace generic process i/o 115 */ 116 #define KTR_GENIO 4 117 struct ktr_genio { 118 int ktr_fd; 119 enum uio_rw ktr_rw; 120 /* 121 * followed by data successfully read/written 122 */ 123 }; 124 125 /* 126 * KTR_PSIG - trace processed signal 127 */ 128 #define KTR_PSIG 5 129 struct ktr_psig { 130 int signo; 131 sig_t action; 132 int code; 133 sigset_t mask; 134 }; 135 136 /* 137 * KTR_CSW - trace context switches 138 */ 139 #define KTR_CSW 6 140 struct ktr_csw_old { 141 int out; /* 1 if switch out, 0 if switch in */ 142 int user; /* 1 if usermode (ivcsw), 0 if kernel (vcsw) */ 143 }; 144 145 struct ktr_csw { 146 int out; /* 1 if switch out, 0 if switch in */ 147 int user; /* 1 if usermode (ivcsw), 0 if kernel (vcsw) */ 148 char wmesg[8]; 149 }; 150 151 /* 152 * KTR_USER - data coming from userland 153 */ 154 #define KTR_USER_MAXLEN 2048 /* maximum length of passed data */ 155 #define KTR_USER 7 156 157 /* 158 * KTR_STRUCT - misc. structs 159 */ 160 #define KTR_STRUCT 8 161 /* 162 * record contains null-terminated struct name followed by 163 * struct contents 164 */ 165 struct sockaddr; 166 struct stat; 167 struct sysentvec; 168 169 /* 170 * KTR_SYSCTL - name of a sysctl MIB 171 */ 172 #define KTR_SYSCTL 9 173 /* record contains null-terminated MIB name */ 174 175 /* 176 * KTR_PROCCTOR - trace process creation (multiple ABI support) 177 */ 178 #define KTR_PROCCTOR 10 179 struct ktr_proc_ctor { 180 u_int sv_flags; /* struct sysentvec sv_flags copy */ 181 }; 182 183 /* 184 * KTR_PROCDTOR - trace process destruction (multiple ABI support) 185 */ 186 #define KTR_PROCDTOR 11 187 188 /* 189 * KTR_CAPFAIL - trace capability check failures 190 */ 191 #define KTR_CAPFAIL 12 192 enum ktr_cap_fail_type { 193 CAPFAIL_NOTCAPABLE, /* insufficient capabilities in cap_check() */ 194 CAPFAIL_INCREASE, /* attempt to increase capabilities */ 195 CAPFAIL_SYSCALL, /* disallowed system call */ 196 CAPFAIL_LOOKUP, /* disallowed VFS lookup */ 197 }; 198 struct ktr_cap_fail { 199 enum ktr_cap_fail_type cap_type; 200 cap_rights_t cap_needed; 201 cap_rights_t cap_held; 202 }; 203 204 /* 205 * KTR_FAULT - page fault record 206 */ 207 #define KTR_FAULT 13 208 struct ktr_fault { 209 vm_offset_t vaddr; 210 int type; 211 }; 212 213 /* 214 * KTR_FAULTEND - end of page fault record 215 */ 216 #define KTR_FAULTEND 14 217 struct ktr_faultend { 218 int result; 219 }; 220 221 /* 222 * KTR_STRUCT_ARRAY - array of misc. structs 223 */ 224 #define KTR_STRUCT_ARRAY 15 225 struct ktr_struct_array { 226 size_t struct_size; 227 /* 228 * Followed by null-terminated structure name and then payload 229 * contents. 230 */ 231 }; 232 233 /* 234 * KTR_DROP - If this bit is set in ktr_type, then at least one event 235 * between the previous record and this record was dropped. 236 */ 237 #define KTR_DROP 0x8000 238 239 /* 240 * kernel trace points (in p_traceflag) 241 */ 242 #define KTRFAC_MASK 0x00ffffff 243 #define KTRFAC_SYSCALL (1<<KTR_SYSCALL) 244 #define KTRFAC_SYSRET (1<<KTR_SYSRET) 245 #define KTRFAC_NAMEI (1<<KTR_NAMEI) 246 #define KTRFAC_GENIO (1<<KTR_GENIO) 247 #define KTRFAC_PSIG (1<<KTR_PSIG) 248 #define KTRFAC_CSW (1<<KTR_CSW) 249 #define KTRFAC_USER (1<<KTR_USER) 250 #define KTRFAC_STRUCT (1<<KTR_STRUCT) 251 #define KTRFAC_SYSCTL (1<<KTR_SYSCTL) 252 #define KTRFAC_PROCCTOR (1<<KTR_PROCCTOR) 253 #define KTRFAC_PROCDTOR (1<<KTR_PROCDTOR) 254 #define KTRFAC_CAPFAIL (1<<KTR_CAPFAIL) 255 #define KTRFAC_FAULT (1<<KTR_FAULT) 256 #define KTRFAC_FAULTEND (1<<KTR_FAULTEND) 257 #define KTRFAC_STRUCT_ARRAY (1<<KTR_STRUCT_ARRAY) 258 259 /* 260 * trace flags (also in p_traceflags) 261 */ 262 #define KTRFAC_ROOT 0x80000000 /* root set this trace */ 263 #define KTRFAC_INHERIT 0x40000000 /* pass trace flags to children */ 264 #define KTRFAC_DROP 0x20000000 /* last event was dropped */ 265 266 #ifdef _KERNEL 267 void ktrnamei(char *); 268 void ktrcsw(int, int, const char *); 269 void ktrpsig(int, sig_t, sigset_t *, int); 270 void ktrfault(vm_offset_t, int); 271 void ktrfaultend(int); 272 void ktrgenio(int, enum uio_rw, struct uio *, int); 273 void ktrsyscall(int, int narg, register_t args[]); 274 void ktrsysctl(int *name, u_int namelen); 275 void ktrsysret(int, int, register_t); 276 void ktrprocctor(struct proc *); 277 void ktrprocexec(struct proc *, struct ucred **, struct vnode **); 278 void ktrprocexit(struct thread *); 279 void ktrprocfork(struct proc *, struct proc *); 280 void ktruserret(struct thread *); 281 void ktrstruct(const char *, const void *, size_t); 282 void ktrstructarray(const char *, enum uio_seg, const void *, int, size_t); 283 void ktrcapfail(enum ktr_cap_fail_type, const cap_rights_t *, 284 const cap_rights_t *); 285 #define ktrcaprights(s) \ 286 ktrstruct("caprights", (s), sizeof(cap_rights_t)) 287 #define ktritimerval(s) \ 288 ktrstruct("itimerval", (s), sizeof(struct itimerval)) 289 #define ktrsockaddr(s) \ 290 ktrstruct("sockaddr", (s), ((struct sockaddr *)(s))->sa_len) 291 #define ktrstat(s) \ 292 ktrstruct("stat", (s), sizeof(struct stat)) 293 extern u_int ktr_geniosize; 294 #else 295 296 #include <sys/cdefs.h> 297 298 __BEGIN_DECLS 299 int ktrace(const char *, int, int, pid_t); 300 int utrace(const void *, size_t); 301 __END_DECLS 302 303 #endif 304 305 #endif 306