2 * SPDX-License-Identifier: BSD-3-Clause
4 * Copyright (c) 1989, 1993
5 * The Regents of the University of California.
6 * Copyright (c) 2005 Robert N. M. Watson
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the University nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 * @(#)kern_ktrace.c 8.2 (Berkeley) 9/23/93
36 #include <sys/cdefs.h>
37 #include "opt_ktrace.h"
39 #include <sys/param.h>
40 #include <sys/capsicum.h>
41 #include <sys/systm.h>
42 #include <sys/fcntl.h>
43 #include <sys/kernel.h>
44 #include <sys/kthread.h>
46 #include <sys/mutex.h>
47 #include <sys/malloc.h>
48 #include <sys/mount.h>
49 #include <sys/namei.h>
52 #include <sys/resourcevar.h>
53 #include <sys/unistd.h>
54 #include <sys/vnode.h>
55 #include <sys/socket.h>
57 #include <sys/ktrace.h>
59 #include <sys/sysctl.h>
60 #include <sys/sysent.h>
61 #include <sys/syslog.h>
62 #include <sys/sysproto.h>
64 #include <security/mac/mac_framework.h>
67 * The ktrace facility allows the tracing of certain key events in user space
68 * processes, such as system calls, signal delivery, context switches, and
69 * user generated events using utrace(2). It works by streaming event
70 * records and data to a vnode associated with the process using the
71 * ktrace(2) system call. In general, records can be written directly from
72 * the context that generates the event. One important exception to this is
73 * during a context switch, where sleeping is not permitted. To handle this
74 * case, trace events are generated using in-kernel ktr_request records, and
75 * then delivered to disk at a convenient moment -- either immediately, the
76 * next traceable event, at system call return, or at process exit.
78 * When dealing with multiple threads or processes writing to the same event
79 * log, ordering guarantees are weak: specifically, if an event has multiple
80 * records (i.e., system call enter and return), they may be interlaced with
81 * records from another event. Process and thread ID information is provided
82 * in the record, and user applications can de-interlace events if required.
85 static MALLOC_DEFINE(M_KTRACE, "KTRACE", "KTRACE");
89 FEATURE(ktrace, "Kernel support for system-call tracing");
91 #ifndef KTRACE_REQUEST_POOL
92 #define KTRACE_REQUEST_POOL 100
96 struct ktr_header ktr_header;
99 struct ktr_proc_ctor ktr_proc_ctor;
100 struct ktr_cap_fail ktr_cap_fail;
101 struct ktr_syscall ktr_syscall;
102 struct ktr_sysret ktr_sysret;
103 struct ktr_genio ktr_genio;
104 struct ktr_psig ktr_psig;
105 struct ktr_csw ktr_csw;
106 struct ktr_fault ktr_fault;
107 struct ktr_faultend ktr_faultend;
108 struct ktr_struct_array ktr_struct_array;
110 STAILQ_ENTRY(ktr_request) ktr_list;
113 static const int data_lengths[] = {
114 [KTR_SYSCALL] = offsetof(struct ktr_syscall, ktr_args),
115 [KTR_SYSRET] = sizeof(struct ktr_sysret),
117 [KTR_GENIO] = sizeof(struct ktr_genio),
118 [KTR_PSIG] = sizeof(struct ktr_psig),
119 [KTR_CSW] = sizeof(struct ktr_csw),
123 [KTR_PROCCTOR] = sizeof(struct ktr_proc_ctor),
125 [KTR_CAPFAIL] = sizeof(struct ktr_cap_fail),
126 [KTR_FAULT] = sizeof(struct ktr_fault),
127 [KTR_FAULTEND] = sizeof(struct ktr_faultend),
128 [KTR_STRUCT_ARRAY] = sizeof(struct ktr_struct_array),
131 static STAILQ_HEAD(, ktr_request) ktr_free;
133 static SYSCTL_NODE(_kern, OID_AUTO, ktrace, CTLFLAG_RD | CTLFLAG_MPSAFE, 0,
136 static u_int ktr_requestpool = KTRACE_REQUEST_POOL;
137 TUNABLE_INT("kern.ktrace.request_pool", &ktr_requestpool);
139 u_int ktr_geniosize = PAGE_SIZE;
140 SYSCTL_UINT(_kern_ktrace, OID_AUTO, genio_size, CTLFLAG_RWTUN, &ktr_geniosize,
141 0, "Maximum size of genio event payload");
144 * Allow to not to send signal to traced process, in which context the
145 * ktr record is written. The limit is applied from the process that
146 * set up ktrace, so killing the traced process is not completely fair.
148 int ktr_filesize_limit_signal = 0;
149 SYSCTL_INT(_kern_ktrace, OID_AUTO, filesize_limit_signal, CTLFLAG_RWTUN,
150 &ktr_filesize_limit_signal, 0,
151 "Send SIGXFSZ to the traced process when the log size limit is exceeded");
153 static int print_message = 1;
154 static struct mtx ktrace_mtx;
155 static struct sx ktrace_sx;
157 struct ktr_io_params {
164 static void ktrace_init(void *dummy);
165 static int sysctl_kern_ktrace_request_pool(SYSCTL_HANDLER_ARGS);
166 static u_int ktrace_resize_pool(u_int oldsize, u_int newsize);
167 static struct ktr_request *ktr_getrequest_entered(struct thread *td, int type);
168 static struct ktr_request *ktr_getrequest(int type);
169 static void ktr_submitrequest(struct thread *td, struct ktr_request *req);
170 static struct ktr_io_params *ktr_freeproc(struct proc *p);
171 static void ktr_freerequest(struct ktr_request *req);
172 static void ktr_freerequest_locked(struct ktr_request *req);
173 static void ktr_writerequest(struct thread *td, struct ktr_request *req);
174 static int ktrcanset(struct thread *,struct proc *);
175 static int ktrsetchildren(struct thread *, struct proc *, int, int,
176 struct ktr_io_params *);
177 static int ktrops(struct thread *, struct proc *, int, int,
178 struct ktr_io_params *);
179 static void ktrprocctor_entered(struct thread *, struct proc *);
182 * ktrace itself generates events, such as context switches, which we do not
183 * wish to trace. Maintain a flag, TDP_INKTRACE, on each thread to determine
184 * whether or not it is in a region where tracing of events should be
188 ktrace_enter(struct thread *td)
191 KASSERT(!(td->td_pflags & TDP_INKTRACE), ("ktrace_enter: flag set"));
192 td->td_pflags |= TDP_INKTRACE;
196 ktrace_exit(struct thread *td)
199 KASSERT(td->td_pflags & TDP_INKTRACE, ("ktrace_exit: flag not set"));
200 td->td_pflags &= ~TDP_INKTRACE;
204 ktrace_assert(struct thread *td)
207 KASSERT(td->td_pflags & TDP_INKTRACE, ("ktrace_assert: flag not set"));
211 ktrace_init(void *dummy)
213 struct ktr_request *req;
216 mtx_init(&ktrace_mtx, "ktrace", NULL, MTX_DEF | MTX_QUIET);
217 sx_init(&ktrace_sx, "ktrace_sx");
218 STAILQ_INIT(&ktr_free);
219 for (i = 0; i < ktr_requestpool; i++) {
220 req = malloc(sizeof(struct ktr_request), M_KTRACE, M_WAITOK |
222 STAILQ_INSERT_HEAD(&ktr_free, req, ktr_list);
225 SYSINIT(ktrace_init, SI_SUB_KTRACE, SI_ORDER_ANY, ktrace_init, NULL);
228 sysctl_kern_ktrace_request_pool(SYSCTL_HANDLER_ARGS)
231 u_int newsize, oldsize, wantsize;
234 /* Handle easy read-only case first to avoid warnings from GCC. */
236 oldsize = ktr_requestpool;
237 return (SYSCTL_OUT(req, &oldsize, sizeof(u_int)));
240 error = SYSCTL_IN(req, &wantsize, sizeof(u_int));
245 oldsize = ktr_requestpool;
246 newsize = ktrace_resize_pool(oldsize, wantsize);
248 error = SYSCTL_OUT(req, &oldsize, sizeof(u_int));
251 if (wantsize > oldsize && newsize < wantsize)
255 SYSCTL_PROC(_kern_ktrace, OID_AUTO, request_pool,
256 CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT, &ktr_requestpool, 0,
257 sysctl_kern_ktrace_request_pool, "IU",
258 "Pool buffer size for ktrace(1)");
261 ktrace_resize_pool(u_int oldsize, u_int newsize)
263 STAILQ_HEAD(, ktr_request) ktr_new;
264 struct ktr_request *req;
268 bound = newsize - oldsize;
270 return (ktr_requestpool);
272 mtx_lock(&ktrace_mtx);
273 /* Shrink pool down to newsize if possible. */
274 while (bound++ < 0) {
275 req = STAILQ_FIRST(&ktr_free);
278 STAILQ_REMOVE_HEAD(&ktr_free, ktr_list);
283 /* Grow pool up to newsize. */
284 STAILQ_INIT(&ktr_new);
285 while (bound-- > 0) {
286 req = malloc(sizeof(struct ktr_request), M_KTRACE,
288 STAILQ_INSERT_HEAD(&ktr_new, req, ktr_list);
290 mtx_lock(&ktrace_mtx);
291 STAILQ_CONCAT(&ktr_free, &ktr_new);
292 ktr_requestpool += (newsize - oldsize);
294 mtx_unlock(&ktrace_mtx);
295 return (ktr_requestpool);
298 /* ktr_getrequest() assumes that ktr_comm[] is the same size as td_name[]. */
299 CTASSERT(sizeof(((struct ktr_header *)NULL)->ktr_comm) ==
300 (sizeof((struct thread *)NULL)->td_name));
302 static struct ktr_request *
303 ktr_getrequest_entered(struct thread *td, int type)
305 struct ktr_request *req;
306 struct proc *p = td->td_proc;
309 mtx_lock(&ktrace_mtx);
310 if (!KTRCHECK(td, type)) {
311 mtx_unlock(&ktrace_mtx);
314 req = STAILQ_FIRST(&ktr_free);
316 STAILQ_REMOVE_HEAD(&ktr_free, ktr_list);
317 req->ktr_header.ktr_type = type;
318 if (p->p_traceflag & KTRFAC_DROP) {
319 req->ktr_header.ktr_type |= KTR_DROP;
320 p->p_traceflag &= ~KTRFAC_DROP;
322 mtx_unlock(&ktrace_mtx);
323 microtime(&req->ktr_header.ktr_time);
324 req->ktr_header.ktr_pid = p->p_pid;
325 req->ktr_header.ktr_tid = td->td_tid;
326 bcopy(td->td_name, req->ktr_header.ktr_comm,
327 sizeof(req->ktr_header.ktr_comm));
328 req->ktr_buffer = NULL;
329 req->ktr_header.ktr_len = 0;
331 p->p_traceflag |= KTRFAC_DROP;
334 mtx_unlock(&ktrace_mtx);
336 printf("Out of ktrace request objects.\n");
341 static struct ktr_request *
342 ktr_getrequest(int type)
344 struct thread *td = curthread;
345 struct ktr_request *req;
348 req = ktr_getrequest_entered(td, type);
356 * Some trace generation environments don't permit direct access to VFS,
357 * such as during a context switch where sleeping is not allowed. Under these
358 * circumstances, queue a request to the thread to be written asynchronously
362 ktr_enqueuerequest(struct thread *td, struct ktr_request *req)
365 mtx_lock(&ktrace_mtx);
366 STAILQ_INSERT_TAIL(&td->td_proc->p_ktr, req, ktr_list);
367 mtx_unlock(&ktrace_mtx);
369 td->td_flags |= TDF_ASTPENDING;
374 * Drain any pending ktrace records from the per-thread queue to disk. This
375 * is used both internally before committing other records, and also on
376 * system call return. We drain all the ones we can find at the time when
377 * drain is requested, but don't keep draining after that as those events
378 * may be approximately "after" the current event.
381 ktr_drain(struct thread *td)
383 struct ktr_request *queued_req;
384 STAILQ_HEAD(, ktr_request) local_queue;
387 sx_assert(&ktrace_sx, SX_XLOCKED);
389 STAILQ_INIT(&local_queue);
391 if (!STAILQ_EMPTY(&td->td_proc->p_ktr)) {
392 mtx_lock(&ktrace_mtx);
393 STAILQ_CONCAT(&local_queue, &td->td_proc->p_ktr);
394 mtx_unlock(&ktrace_mtx);
396 while ((queued_req = STAILQ_FIRST(&local_queue))) {
397 STAILQ_REMOVE_HEAD(&local_queue, ktr_list);
398 ktr_writerequest(td, queued_req);
399 ktr_freerequest(queued_req);
405 * Submit a trace record for immediate commit to disk -- to be used only
406 * where entering VFS is OK. First drain any pending records that may have
407 * been cached in the thread.
410 ktr_submitrequest(struct thread *td, struct ktr_request *req)
415 sx_xlock(&ktrace_sx);
417 ktr_writerequest(td, req);
418 ktr_freerequest(req);
419 sx_xunlock(&ktrace_sx);
424 ktr_freerequest(struct ktr_request *req)
427 mtx_lock(&ktrace_mtx);
428 ktr_freerequest_locked(req);
429 mtx_unlock(&ktrace_mtx);
433 ktr_freerequest_locked(struct ktr_request *req)
436 mtx_assert(&ktrace_mtx, MA_OWNED);
437 if (req->ktr_buffer != NULL)
438 free(req->ktr_buffer, M_KTRACE);
439 STAILQ_INSERT_HEAD(&ktr_free, req, ktr_list);
443 ktr_io_params_ref(struct ktr_io_params *kiop)
445 mtx_assert(&ktrace_mtx, MA_OWNED);
449 static struct ktr_io_params *
450 ktr_io_params_rele(struct ktr_io_params *kiop)
452 mtx_assert(&ktrace_mtx, MA_OWNED);
455 KASSERT(kiop->refs > 0, ("kiop ref == 0 %p", kiop));
456 return (--(kiop->refs) == 0 ? kiop : NULL);
460 ktr_io_params_free(struct ktr_io_params *kiop)
465 MPASS(kiop->refs == 0);
466 vn_close(kiop->vp, FWRITE, kiop->cr, curthread);
468 free(kiop, M_KTRACE);
471 static struct ktr_io_params *
472 ktr_io_params_alloc(struct thread *td, struct vnode *vp)
474 struct ktr_io_params *res;
476 res = malloc(sizeof(struct ktr_io_params), M_KTRACE, M_WAITOK);
478 res->cr = crhold(td->td_ucred);
479 res->lim = lim_cur(td, RLIMIT_FSIZE);
485 * Disable tracing for a process and release all associated resources.
486 * The caller is responsible for releasing a reference on the returned
487 * vnode and credentials.
489 static struct ktr_io_params *
490 ktr_freeproc(struct proc *p)
492 struct ktr_io_params *kiop;
493 struct ktr_request *req;
495 PROC_LOCK_ASSERT(p, MA_OWNED);
496 mtx_assert(&ktrace_mtx, MA_OWNED);
497 kiop = ktr_io_params_rele(p->p_ktrioparms);
498 p->p_ktrioparms = NULL;
500 while ((req = STAILQ_FIRST(&p->p_ktr)) != NULL) {
501 STAILQ_REMOVE_HEAD(&p->p_ktr, ktr_list);
502 ktr_freerequest_locked(req);
508 ktr_get_tracevp(struct proc *p, bool ref)
512 PROC_LOCK_ASSERT(p, MA_OWNED);
514 if (p->p_ktrioparms != NULL) {
515 vp = p->p_ktrioparms->vp;
525 ktrsyscall(int code, int narg, register_t args[])
527 struct ktr_request *req;
528 struct ktr_syscall *ktp;
532 if (__predict_false(curthread->td_pflags & TDP_INKTRACE))
535 buflen = sizeof(register_t) * narg;
537 buf = malloc(buflen, M_KTRACE, M_WAITOK);
538 bcopy(args, buf, buflen);
540 req = ktr_getrequest(KTR_SYSCALL);
546 ktp = &req->ktr_data.ktr_syscall;
547 ktp->ktr_code = code;
548 ktp->ktr_narg = narg;
550 req->ktr_header.ktr_len = buflen;
551 req->ktr_buffer = buf;
553 ktr_submitrequest(curthread, req);
557 ktrsysret(int code, int error, register_t retval)
559 struct ktr_request *req;
560 struct ktr_sysret *ktp;
562 if (__predict_false(curthread->td_pflags & TDP_INKTRACE))
565 req = ktr_getrequest(KTR_SYSRET);
568 ktp = &req->ktr_data.ktr_sysret;
569 ktp->ktr_code = code;
570 ktp->ktr_error = error;
571 ktp->ktr_retval = ((error == 0) ? retval: 0); /* what about val2 ? */
572 ktr_submitrequest(curthread, req);
576 * When a setuid process execs, disable tracing.
578 * XXX: We toss any pending asynchronous records.
580 struct ktr_io_params *
581 ktrprocexec(struct proc *p)
583 struct ktr_io_params *kiop;
585 PROC_LOCK_ASSERT(p, MA_OWNED);
587 kiop = p->p_ktrioparms;
588 if (kiop == NULL || priv_check_cred(kiop->cr, PRIV_DEBUG_DIFFCRED))
591 mtx_lock(&ktrace_mtx);
592 kiop = ktr_freeproc(p);
593 mtx_unlock(&ktrace_mtx);
598 * When a process exits, drain per-process asynchronous trace records
599 * and disable tracing.
602 ktrprocexit(struct thread *td)
604 struct ktr_request *req;
606 struct ktr_io_params *kiop;
609 if (p->p_traceflag == 0)
613 req = ktr_getrequest_entered(td, KTR_PROCDTOR);
615 ktr_enqueuerequest(td, req);
616 sx_xlock(&ktrace_sx);
618 sx_xunlock(&ktrace_sx);
620 mtx_lock(&ktrace_mtx);
621 kiop = ktr_freeproc(p);
622 mtx_unlock(&ktrace_mtx);
624 ktr_io_params_free(kiop);
629 ktrprocctor_entered(struct thread *td, struct proc *p)
631 struct ktr_proc_ctor *ktp;
632 struct ktr_request *req;
636 td2 = FIRST_THREAD_IN_PROC(p);
637 req = ktr_getrequest_entered(td2, KTR_PROCCTOR);
640 ktp = &req->ktr_data.ktr_proc_ctor;
641 ktp->sv_flags = p->p_sysent->sv_flags;
642 ktr_enqueuerequest(td2, req);
646 ktrprocctor(struct proc *p)
648 struct thread *td = curthread;
650 if ((p->p_traceflag & KTRFAC_MASK) == 0)
654 ktrprocctor_entered(td, p);
659 * When a process forks, enable tracing in the new process if needed.
662 ktrprocfork(struct proc *p1, struct proc *p2)
665 MPASS(p2->p_ktrioparms == NULL);
666 MPASS(p2->p_traceflag == 0);
668 if (p1->p_traceflag == 0)
672 mtx_lock(&ktrace_mtx);
673 if (p1->p_traceflag & KTRFAC_INHERIT) {
674 p2->p_traceflag = p1->p_traceflag;
675 if ((p2->p_ktrioparms = p1->p_ktrioparms) != NULL)
676 p1->p_ktrioparms->refs++;
678 mtx_unlock(&ktrace_mtx);
685 * When a thread returns, drain any asynchronous records generated by the
689 ktruserret(struct thread *td)
693 sx_xlock(&ktrace_sx);
695 sx_xunlock(&ktrace_sx);
703 struct ktr_request *req;
707 namelen = strlen(path);
709 buf = malloc(namelen, M_KTRACE, M_WAITOK);
710 bcopy(path, buf, namelen);
712 req = ktr_getrequest(KTR_NAMEI);
719 req->ktr_header.ktr_len = namelen;
720 req->ktr_buffer = buf;
722 ktr_submitrequest(curthread, req);
726 ktrsysctl(int *name, u_int namelen)
728 struct ktr_request *req;
729 u_int mib[CTL_MAXNAME + 2];
734 /* Lookup name of mib. */
735 KASSERT(namelen <= CTL_MAXNAME, ("sysctl MIB too long"));
738 bcopy(name, mib + 2, namelen * sizeof(*name));
740 mibname = malloc(mibnamelen, M_KTRACE, M_WAITOK);
741 error = kernel_sysctl(curthread, mib, namelen + 2, mibname, &mibnamelen,
742 NULL, 0, &mibnamelen, 0);
744 free(mibname, M_KTRACE);
747 req = ktr_getrequest(KTR_SYSCTL);
749 free(mibname, M_KTRACE);
752 req->ktr_header.ktr_len = mibnamelen;
753 req->ktr_buffer = mibname;
754 ktr_submitrequest(curthread, req);
758 ktrgenio(int fd, enum uio_rw rw, struct uio *uio, int error)
760 struct ktr_request *req;
761 struct ktr_genio *ktg;
770 uio->uio_rw = UIO_WRITE;
771 datalen = MIN(uio->uio_resid, ktr_geniosize);
772 buf = malloc(datalen, M_KTRACE, M_WAITOK);
773 error = uiomove(buf, datalen, uio);
779 req = ktr_getrequest(KTR_GENIO);
784 ktg = &req->ktr_data.ktr_genio;
787 req->ktr_header.ktr_len = datalen;
788 req->ktr_buffer = buf;
789 ktr_submitrequest(curthread, req);
793 ktrpsig(int sig, sig_t action, sigset_t *mask, int code)
795 struct thread *td = curthread;
796 struct ktr_request *req;
799 req = ktr_getrequest(KTR_PSIG);
802 kp = &req->ktr_data.ktr_psig;
803 kp->signo = (char)sig;
807 ktr_enqueuerequest(td, req);
812 ktrcsw(int out, int user, const char *wmesg)
814 struct thread *td = curthread;
815 struct ktr_request *req;
818 if (__predict_false(curthread->td_pflags & TDP_INKTRACE))
821 req = ktr_getrequest(KTR_CSW);
824 kc = &req->ktr_data.ktr_csw;
828 strlcpy(kc->wmesg, wmesg, sizeof(kc->wmesg));
830 bzero(kc->wmesg, sizeof(kc->wmesg));
831 ktr_enqueuerequest(td, req);
836 ktrstruct(const char *name, const void *data, size_t datalen)
838 struct ktr_request *req;
840 size_t buflen, namelen;
842 if (__predict_false(curthread->td_pflags & TDP_INKTRACE))
847 namelen = strlen(name) + 1;
848 buflen = namelen + datalen;
849 buf = malloc(buflen, M_KTRACE, M_WAITOK);
851 bcopy(data, buf + namelen, datalen);
852 if ((req = ktr_getrequest(KTR_STRUCT)) == NULL) {
856 req->ktr_buffer = buf;
857 req->ktr_header.ktr_len = buflen;
858 ktr_submitrequest(curthread, req);
862 ktrstruct_error(const char *name, const void *data, size_t datalen, int error)
866 ktrstruct(name, data, datalen);
870 ktrstructarray(const char *name, enum uio_seg seg, const void *data,
871 int num_items, size_t struct_size)
873 struct ktr_request *req;
874 struct ktr_struct_array *ksa;
876 size_t buflen, datalen, namelen;
879 if (__predict_false(curthread->td_pflags & TDP_INKTRACE))
884 /* Trim array length to genio size. */
885 max_items = ktr_geniosize / struct_size;
886 if (num_items > max_items) {
890 num_items = max_items;
892 datalen = num_items * struct_size;
897 namelen = strlen(name) + 1;
898 buflen = namelen + datalen;
899 buf = malloc(buflen, M_KTRACE, M_WAITOK);
901 if (seg == UIO_SYSSPACE)
902 bcopy(data, buf + namelen, datalen);
904 if (copyin(data, buf + namelen, datalen) != 0) {
909 if ((req = ktr_getrequest(KTR_STRUCT_ARRAY)) == NULL) {
913 ksa = &req->ktr_data.ktr_struct_array;
914 ksa->struct_size = struct_size;
915 req->ktr_buffer = buf;
916 req->ktr_header.ktr_len = buflen;
917 ktr_submitrequest(curthread, req);
921 ktrcapfail(enum ktr_cap_fail_type type, const cap_rights_t *needed,
922 const cap_rights_t *held)
924 struct thread *td = curthread;
925 struct ktr_request *req;
926 struct ktr_cap_fail *kcf;
928 if (__predict_false(curthread->td_pflags & TDP_INKTRACE))
931 req = ktr_getrequest(KTR_CAPFAIL);
934 kcf = &req->ktr_data.ktr_cap_fail;
935 kcf->cap_type = type;
937 kcf->cap_needed = *needed;
939 cap_rights_init(&kcf->cap_needed);
941 kcf->cap_held = *held;
943 cap_rights_init(&kcf->cap_held);
944 ktr_enqueuerequest(td, req);
949 ktrfault(vm_offset_t vaddr, int type)
951 struct thread *td = curthread;
952 struct ktr_request *req;
953 struct ktr_fault *kf;
955 if (__predict_false(curthread->td_pflags & TDP_INKTRACE))
958 req = ktr_getrequest(KTR_FAULT);
961 kf = &req->ktr_data.ktr_fault;
964 ktr_enqueuerequest(td, req);
969 ktrfaultend(int result)
971 struct thread *td = curthread;
972 struct ktr_request *req;
973 struct ktr_faultend *kf;
975 if (__predict_false(curthread->td_pflags & TDP_INKTRACE))
978 req = ktr_getrequest(KTR_FAULTEND);
981 kf = &req->ktr_data.ktr_faultend;
983 ktr_enqueuerequest(td, req);
988 /* Interface and common routines */
990 #ifndef _SYS_SYSPROTO_H_
1000 sys_ktrace(struct thread *td, struct ktrace_args *uap)
1003 struct vnode *vp = NULL;
1006 int facs = uap->facs & ~KTRFAC_ROOT;
1007 int ops = KTROP(uap->ops);
1008 int descend = uap->ops & KTRFLAG_DESCEND;
1009 int nfound, ret = 0;
1010 int flags, error = 0;
1011 struct nameidata nd;
1012 struct ktr_io_params *kiop, *old_kiop;
1015 * Need something to (un)trace.
1017 if (ops != KTROP_CLEARFILE && facs == 0)
1022 if (ops != KTROP_CLEAR) {
1024 * an operation which requires a file argument.
1026 NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_USERSPACE, uap->fname, td);
1027 flags = FREAD | FWRITE | O_NOFOLLOW;
1028 error = vn_open(&nd, &flags, 0, NULL);
1033 NDFREE(&nd, NDF_ONLY_PNBUF);
1036 if (vp->v_type != VREG) {
1037 (void) vn_close(vp, FREAD|FWRITE, td->td_ucred, td);
1041 kiop = ktr_io_params_alloc(td, vp);
1044 * Clear all uses of the tracefile.
1046 if (ops == KTROP_CLEARFILE) {
1048 sx_slock(&allproc_lock);
1049 FOREACH_PROC_IN_SYSTEM(p) {
1052 if (p->p_ktrioparms != NULL &&
1053 p->p_ktrioparms->vp == vp) {
1054 if (ktrcanset(td, p)) {
1055 mtx_lock(&ktrace_mtx);
1056 old_kiop = ktr_freeproc(p);
1057 mtx_unlock(&ktrace_mtx);
1062 if (old_kiop != NULL) {
1063 sx_sunlock(&allproc_lock);
1064 ktr_io_params_free(old_kiop);
1068 sx_sunlock(&allproc_lock);
1074 sx_slock(&proctree_lock);
1079 pg = pgfind(-uap->pid);
1081 sx_sunlock(&proctree_lock);
1086 * ktrops() may call vrele(). Lock pg_members
1087 * by the proctree_lock rather than pg_mtx.
1091 LIST_FOREACH(p, &pg->pg_members, p_pglist) {
1093 if (p->p_state == PRS_NEW ||
1094 p_cansee(td, p) != 0) {
1100 ret |= ktrsetchildren(td, p, ops, facs, kiop);
1102 ret |= ktrops(td, p, ops, facs, kiop);
1105 sx_sunlock(&proctree_lock);
1113 p = pfind(uap->pid);
1117 error = p_cansee(td, p);
1121 sx_sunlock(&proctree_lock);
1125 ret |= ktrsetchildren(td, p, ops, facs, kiop);
1127 ret |= ktrops(td, p, ops, facs, kiop);
1129 sx_sunlock(&proctree_lock);
1134 mtx_lock(&ktrace_mtx);
1135 kiop = ktr_io_params_rele(kiop);
1136 mtx_unlock(&ktrace_mtx);
1137 ktr_io_params_free(kiop);
1148 sys_utrace(struct thread *td, struct utrace_args *uap)
1152 struct ktr_request *req;
1156 if (!KTRPOINT(td, KTR_USER))
1158 if (uap->len > KTR_USER_MAXLEN)
1160 cp = malloc(uap->len, M_KTRACE, M_WAITOK);
1161 error = copyin(uap->addr, cp, uap->len);
1166 req = ktr_getrequest(KTR_USER);
1171 req->ktr_buffer = cp;
1172 req->ktr_header.ktr_len = uap->len;
1173 ktr_submitrequest(td, req);
1182 ktrops(struct thread *td, struct proc *p, int ops, int facs,
1183 struct ktr_io_params *new_kiop)
1185 struct ktr_io_params *old_kiop;
1187 PROC_LOCK_ASSERT(p, MA_OWNED);
1188 if (!ktrcanset(td, p)) {
1192 if (p->p_flag & P_WEXIT) {
1193 /* If the process is exiting, just ignore it. */
1198 mtx_lock(&ktrace_mtx);
1199 if (ops == KTROP_SET) {
1200 if (p->p_ktrioparms != NULL &&
1201 p->p_ktrioparms->vp != new_kiop->vp) {
1202 /* if trace file already in use, relinquish below */
1203 old_kiop = ktr_io_params_rele(p->p_ktrioparms);
1204 p->p_ktrioparms = NULL;
1206 if (p->p_ktrioparms == NULL) {
1207 p->p_ktrioparms = new_kiop;
1208 ktr_io_params_ref(new_kiop);
1210 p->p_traceflag |= facs;
1211 if (priv_check(td, PRIV_KTRACE) == 0)
1212 p->p_traceflag |= KTRFAC_ROOT;
1215 if (((p->p_traceflag &= ~facs) & KTRFAC_MASK) == 0)
1216 /* no more tracing */
1217 old_kiop = ktr_freeproc(p);
1219 mtx_unlock(&ktrace_mtx);
1220 if ((p->p_traceflag & KTRFAC_MASK) != 0)
1221 ktrprocctor_entered(td, p);
1223 ktr_io_params_free(old_kiop);
1229 ktrsetchildren(struct thread *td, struct proc *top, int ops, int facs,
1230 struct ktr_io_params *new_kiop)
1236 PROC_LOCK_ASSERT(p, MA_OWNED);
1237 sx_assert(&proctree_lock, SX_LOCKED);
1239 ret |= ktrops(td, p, ops, facs, new_kiop);
1241 * If this process has children, descend to them next,
1242 * otherwise do any siblings, and if done with this level,
1243 * follow back up the tree (but not past top).
1245 if (!LIST_EMPTY(&p->p_children))
1246 p = LIST_FIRST(&p->p_children);
1250 if (LIST_NEXT(p, p_sibling)) {
1251 p = LIST_NEXT(p, p_sibling);
1262 ktr_writerequest(struct thread *td, struct ktr_request *req)
1264 struct ktr_io_params *kiop, *kiop1;
1265 struct ktr_header *kth;
1270 struct iovec aiov[3];
1273 int datalen, buflen;
1279 * We reference the kiop for use in I/O in case ktrace is
1280 * disabled on the process as we write out the request.
1282 mtx_lock(&ktrace_mtx);
1283 kiop = p->p_ktrioparms;
1286 * If kiop is NULL, it has been cleared out from under this
1287 * request, so just drop it.
1290 mtx_unlock(&ktrace_mtx);
1294 ktr_io_params_ref(kiop);
1299 KASSERT(cred != NULL, ("ktr_writerequest: cred == NULL"));
1300 mtx_unlock(&ktrace_mtx);
1302 kth = &req->ktr_header;
1303 KASSERT(((u_short)kth->ktr_type & ~KTR_DROP) < nitems(data_lengths),
1304 ("data_lengths array overflow"));
1305 datalen = data_lengths[(u_short)kth->ktr_type & ~KTR_DROP];
1306 buflen = kth->ktr_len;
1307 auio.uio_iov = &aiov[0];
1308 auio.uio_offset = 0;
1309 auio.uio_segflg = UIO_SYSSPACE;
1310 auio.uio_rw = UIO_WRITE;
1311 aiov[0].iov_base = (caddr_t)kth;
1312 aiov[0].iov_len = sizeof(struct ktr_header);
1313 auio.uio_resid = sizeof(struct ktr_header);
1314 auio.uio_iovcnt = 1;
1317 aiov[1].iov_base = (caddr_t)&req->ktr_data;
1318 aiov[1].iov_len = datalen;
1319 auio.uio_resid += datalen;
1321 kth->ktr_len += datalen;
1324 KASSERT(req->ktr_buffer != NULL, ("ktrace: nothing to write"));
1325 aiov[auio.uio_iovcnt].iov_base = req->ktr_buffer;
1326 aiov[auio.uio_iovcnt].iov_len = buflen;
1327 auio.uio_resid += buflen;
1331 vn_start_write(vp, &mp, V_WAIT);
1332 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
1333 td->td_ktr_io_lim = lim;
1335 error = mac_vnode_check_write(cred, NOCRED, vp);
1338 error = VOP_WRITE(vp, &auio, IO_UNIT | IO_APPEND, cred);
1340 vn_finished_write(mp);
1342 mtx_lock(&ktrace_mtx);
1343 kiop = ktr_io_params_rele(kiop);
1344 mtx_unlock(&ktrace_mtx);
1345 ktr_io_params_free(kiop);
1350 * If error encountered, give up tracing on this vnode on this
1351 * process. Other processes might still be suitable for
1352 * writes to this vnode.
1355 "ktrace write failed, errno %d, tracing stopped for pid %d\n",
1360 mtx_lock(&ktrace_mtx);
1361 if (p->p_ktrioparms != NULL && p->p_ktrioparms->vp == vp)
1362 kiop1 = ktr_freeproc(p);
1363 kiop = ktr_io_params_rele(kiop);
1364 mtx_unlock(&ktrace_mtx);
1366 ktr_io_params_free(kiop1);
1367 ktr_io_params_free(kiop);
1371 * Return true if caller has permission to set the ktracing state
1372 * of target. Essentially, the target can't possess any
1373 * more permissions than the caller. KTRFAC_ROOT signifies that
1374 * root previously set the tracing status on the target process, and
1375 * so, only root may further change it.
1378 ktrcanset(struct thread *td, struct proc *targetp)
1381 PROC_LOCK_ASSERT(targetp, MA_OWNED);
1382 if (targetp->p_traceflag & KTRFAC_ROOT &&
1383 priv_check(td, PRIV_KTRACE))
1386 if (p_candebug(td, targetp) != 0)