1 /* SPDX-License-Identifier: (GPL-2.0-only or LGPL-2.1-only)
5 * LTTng syscall probes.
7 * Copyright (C) 2010-2012 Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
10 #include <linux/module.h>
11 #include <linux/slab.h>
12 #include <linux/compat.h>
13 #include <linux/err.h>
14 #include <linux/bitmap.h>
16 #include <linux/in6.h>
17 #include <linux/seq_file.h>
18 #include <linux/stringify.h>
19 #include <linux/file.h>
20 #include <linux/anon_inodes.h>
21 #include <linux/fcntl.h>
22 #include <linux/mman.h>
23 #include <asm/ptrace.h>
24 #include <asm/syscall.h>
26 #include <lttng/bitfield.h>
27 #include <wrapper/tracepoint.h>
28 #include <wrapper/file.h>
29 #include <wrapper/rcu.h>
30 #include <wrapper/syscall.h>
31 #include <lttng/events.h>
32 #include <lttng/utils.h>
35 # ifndef is_compat_task
36 # define is_compat_task() (0)
40 /* in_compat_syscall appears in kernel 4.6. */
41 #ifndef in_compat_syscall
42 #define in_compat_syscall() is_compat_task()
52 #define SYSCALL_ENTRY_TOK syscall_entry_
53 #define COMPAT_SYSCALL_ENTRY_TOK compat_syscall_entry_
54 #define SYSCALL_EXIT_TOK syscall_exit_
55 #define COMPAT_SYSCALL_EXIT_TOK compat_syscall_exit_
57 #define SYSCALL_ENTRY_STR __stringify(SYSCALL_ENTRY_TOK)
58 #define COMPAT_SYSCALL_ENTRY_STR __stringify(COMPAT_SYSCALL_ENTRY_TOK)
59 #define SYSCALL_EXIT_STR __stringify(SYSCALL_EXIT_TOK)
60 #define COMPAT_SYSCALL_EXIT_STR __stringify(COMPAT_SYSCALL_EXIT_TOK)
63 void syscall_entry_event_probe(void *__data
, struct pt_regs
*regs
, long id
);
65 void syscall_exit_event_probe(void *__data
, struct pt_regs
*regs
, long ret
);
68 void syscall_entry_event_notifier_probe(void *__data
, struct pt_regs
*regs
,
72 * Forward declarations for old kernels.
76 struct oldold_utsname
;
78 struct sel_arg_struct
;
79 struct mmap_arg_struct
;
84 * Forward declaration for kernels >= 5.6
91 #if (LINUX_VERSION_CODE >= KERNEL_VERSION(5,6,0))
92 typedef __kernel_old_time_t
time_t;
95 #ifdef IA32_NR_syscalls
96 #define NR_compat_syscalls IA32_NR_syscalls
98 #define NR_compat_syscalls NR_syscalls
102 * Create LTTng tracepoint probes.
104 #define LTTNG_PACKAGE_BUILD
105 #define CREATE_TRACE_POINTS
106 #define TP_MODULE_NOINIT
107 #define TRACE_INCLUDE_PATH instrumentation/syscalls/headers
109 #define PARAMS(args...) args
111 /* Handle unknown syscalls */
113 #define TRACE_SYSTEM syscalls_unknown
114 #include <instrumentation/syscalls/headers/syscalls_unknown.h>
122 #define sc_in(...) __VA_ARGS__
126 #define sc_inout(...) __VA_ARGS__
128 /* Hijack probe callback for system call enter */
130 #define TP_PROBE_CB(_template) &syscall_entry_event_probe
131 #define SC_LTTNG_TRACEPOINT_EVENT(_name, _proto, _args, _fields) \
132 LTTNG_TRACEPOINT_EVENT(syscall_entry_##_name, PARAMS(_proto), PARAMS(_args), \
134 #define SC_LTTNG_TRACEPOINT_EVENT_CODE(_name, _proto, _args, _locvar, _code_pre, _fields, _code_post) \
135 LTTNG_TRACEPOINT_EVENT_CODE(syscall_entry_##_name, PARAMS(_proto), PARAMS(_args), \
136 PARAMS(_locvar), PARAMS(_code_pre), \
137 PARAMS(_fields), PARAMS(_code_post))
138 #define SC_LTTNG_TRACEPOINT_EVENT_CLASS_NOARGS(_name, _fields) \
139 LTTNG_TRACEPOINT_EVENT_CLASS_NOARGS(syscall_entry_##_name, PARAMS(_fields))
140 #define SC_LTTNG_TRACEPOINT_EVENT_INSTANCE_NOARGS(_template, _name) \
141 LTTNG_TRACEPOINT_EVENT_INSTANCE_NOARGS(syscall_entry_##_template, syscall_entry_##_name)
142 /* Enumerations only defined at first inclusion. */
143 #define SC_LTTNG_TRACEPOINT_ENUM(_name, _values) \
144 LTTNG_TRACEPOINT_ENUM(_name, PARAMS(_values))
146 #define TRACE_SYSTEM syscall_entry_integers
147 #define TRACE_INCLUDE_FILE syscalls_integers
148 #include <instrumentation/syscalls/headers/syscalls_integers.h>
149 #undef TRACE_INCLUDE_FILE
151 #define TRACE_SYSTEM syscall_entry_pointers
152 #define TRACE_INCLUDE_FILE syscalls_pointers
153 #include <instrumentation/syscalls/headers/syscalls_pointers.h>
154 #undef TRACE_INCLUDE_FILE
156 #undef SC_LTTNG_TRACEPOINT_ENUM
157 #undef SC_LTTNG_TRACEPOINT_EVENT_CODE
158 #undef SC_LTTNG_TRACEPOINT_EVENT
159 #undef SC_LTTNG_TRACEPOINT_EVENT_CLASS_NOARGS
160 #undef SC_LTTNG_TRACEPOINT_EVENT_INSTANCE_NOARGS
162 #undef _TRACE_SYSCALLS_INTEGERS_H
163 #undef _TRACE_SYSCALLS_POINTERS_H
165 /* Hijack probe callback for compat system call enter */
166 #define TP_PROBE_CB(_template) &syscall_entry_event_probe
167 #define LTTNG_SC_COMPAT
168 #define SC_LTTNG_TRACEPOINT_EVENT(_name, _proto, _args, _fields) \
169 LTTNG_TRACEPOINT_EVENT(compat_syscall_entry_##_name, PARAMS(_proto), PARAMS(_args), \
171 #define SC_LTTNG_TRACEPOINT_EVENT_CODE(_name, _proto, _args, _locvar, _code_pre, _fields, _code_post) \
172 LTTNG_TRACEPOINT_EVENT_CODE(compat_syscall_entry_##_name, PARAMS(_proto), PARAMS(_args), \
173 PARAMS(_locvar), PARAMS(_code_pre), PARAMS(_fields), PARAMS(_code_post))
174 #define SC_LTTNG_TRACEPOINT_EVENT_CLASS_NOARGS(_name, _fields) \
175 LTTNG_TRACEPOINT_EVENT_CLASS_NOARGS(compat_syscall_entry_##_name, PARAMS(_fields))
176 #define SC_LTTNG_TRACEPOINT_EVENT_INSTANCE_NOARGS(_template, _name) \
177 LTTNG_TRACEPOINT_EVENT_INSTANCE_NOARGS(compat_syscall_entry_##_template, \
178 compat_syscall_entry_##_name)
179 /* Enumerations only defined at inital inclusion (not here). */
180 #define SC_LTTNG_TRACEPOINT_ENUM(_name, _values)
181 #define TRACE_SYSTEM compat_syscall_entry_integers
182 #define TRACE_INCLUDE_FILE compat_syscalls_integers
183 #include <instrumentation/syscalls/headers/compat_syscalls_integers.h>
184 #undef TRACE_INCLUDE_FILE
186 #define TRACE_SYSTEM compat_syscall_entry_pointers
187 #define TRACE_INCLUDE_FILE compat_syscalls_pointers
188 #include <instrumentation/syscalls/headers/compat_syscalls_pointers.h>
189 #undef TRACE_INCLUDE_FILE
191 #undef SC_LTTNG_TRACEPOINT_ENUM
192 #undef SC_LTTNG_TRACEPOINT_EVENT_CODE
193 #undef SC_LTTNG_TRACEPOINT_EVENT
194 #undef SC_LTTNG_TRACEPOINT_EVENT_CLASS_NOARGS
195 #undef SC_LTTNG_TRACEPOINT_EVENT_INSTANCE_NOARGS
197 #undef _TRACE_SYSCALLS_INTEGERS_H
198 #undef _TRACE_SYSCALLS_POINTERS_H
199 #undef LTTNG_SC_COMPAT
206 #define sc_exit(...) __VA_ARGS__
210 #define sc_out(...) __VA_ARGS__
212 #define sc_inout(...) __VA_ARGS__
214 /* Hijack probe callback for system call exit */
215 #define TP_PROBE_CB(_template) &syscall_exit_event_probe
216 #define SC_LTTNG_TRACEPOINT_EVENT(_name, _proto, _args, _fields) \
217 LTTNG_TRACEPOINT_EVENT(syscall_exit_##_name, PARAMS(_proto), PARAMS(_args), \
219 #define SC_LTTNG_TRACEPOINT_EVENT_CODE(_name, _proto, _args, _locvar, _code_pre, _fields, _code_post) \
220 LTTNG_TRACEPOINT_EVENT_CODE(syscall_exit_##_name, PARAMS(_proto), PARAMS(_args), \
221 PARAMS(_locvar), PARAMS(_code_pre), PARAMS(_fields), PARAMS(_code_post))
222 #define SC_LTTNG_TRACEPOINT_EVENT_CLASS_NOARGS(_name, _fields) \
223 LTTNG_TRACEPOINT_EVENT_CLASS_NOARGS(syscall_exit_##_name, PARAMS(_fields))
224 #define SC_LTTNG_TRACEPOINT_EVENT_INSTANCE_NOARGS(_template, _name) \
225 LTTNG_TRACEPOINT_EVENT_INSTANCE_NOARGS(syscall_exit_##_template, \
226 syscall_exit_##_name)
227 /* Enumerations only defined at inital inclusion (not here). */
228 #define SC_LTTNG_TRACEPOINT_ENUM(_name, _values)
229 #define TRACE_SYSTEM syscall_exit_integers
230 #define TRACE_INCLUDE_FILE syscalls_integers
231 #include <instrumentation/syscalls/headers/syscalls_integers.h>
232 #undef TRACE_INCLUDE_FILE
234 #define TRACE_SYSTEM syscall_exit_pointers
235 #define TRACE_INCLUDE_FILE syscalls_pointers
236 #include <instrumentation/syscalls/headers/syscalls_pointers.h>
237 #undef TRACE_INCLUDE_FILE
239 #undef SC_LTTNG_TRACEPOINT_ENUM
240 #undef SC_LTTNG_TRACEPOINT_EVENT_CODE
241 #undef SC_LTTNG_TRACEPOINT_EVENT
242 #undef SC_LTTNG_TRACEPOINT_EVENT_CLASS_NOARGS
243 #undef SC_LTTNG_TRACEPOINT_EVENT_INSTANCE_NOARGS
245 #undef _TRACE_SYSCALLS_INTEGERS_H
246 #undef _TRACE_SYSCALLS_POINTERS_H
249 /* Hijack probe callback for compat system call exit */
250 #define TP_PROBE_CB(_template) &syscall_exit_event_probe
251 #define LTTNG_SC_COMPAT
252 #define SC_LTTNG_TRACEPOINT_EVENT(_name, _proto, _args, _fields) \
253 LTTNG_TRACEPOINT_EVENT(compat_syscall_exit_##_name, PARAMS(_proto), PARAMS(_args), \
255 #define SC_LTTNG_TRACEPOINT_EVENT_CODE(_name, _proto, _args, _locvar, _code_pre, _fields, _code_post) \
256 LTTNG_TRACEPOINT_EVENT_CODE(compat_syscall_exit_##_name, PARAMS(_proto), PARAMS(_args), \
257 PARAMS(_locvar), PARAMS(_code_pre), PARAMS(_fields), PARAMS(_code_post))
258 #define SC_LTTNG_TRACEPOINT_EVENT_CLASS_NOARGS(_name, _fields) \
259 LTTNG_TRACEPOINT_EVENT_CLASS_NOARGS(compat_syscall_exit_##_name, PARAMS(_fields))
260 #define SC_LTTNG_TRACEPOINT_EVENT_INSTANCE_NOARGS(_template, _name) \
261 LTTNG_TRACEPOINT_EVENT_INSTANCE_NOARGS(compat_syscall_exit_##_template, \
262 compat_syscall_exit_##_name)
263 /* Enumerations only defined at inital inclusion (not here). */
264 #define SC_LTTNG_TRACEPOINT_ENUM(_name, _values)
265 #define TRACE_SYSTEM compat_syscall_exit_integers
266 #define TRACE_INCLUDE_FILE compat_syscalls_integers
267 #include <instrumentation/syscalls/headers/compat_syscalls_integers.h>
268 #undef TRACE_INCLUDE_FILE
270 #define TRACE_SYSTEM compat_syscall_exit_pointers
271 #define TRACE_INCLUDE_FILE compat_syscalls_pointers
272 #include <instrumentation/syscalls/headers/compat_syscalls_pointers.h>
273 #undef TRACE_INCLUDE_FILE
275 #undef SC_LTTNG_TRACEPOINT_ENUM
276 #undef SC_LTTNG_TRACEPOINT_EVENT_CODE
277 #undef SC_LTTNG_TRACEPOINT_EVENT
278 #undef SC_LTTNG_TRACEPOINT_EVENT_CLASS_NOARGS
279 #undef SC_LTTNG_TRACEPOINT_EVENT_INSTANCE_NOARGS
281 #undef _TRACE_SYSCALLS_INTEGERS_H
282 #undef _TRACE_SYSCALLS_POINTERS_H
283 #undef LTTNG_SC_COMPAT
287 #undef TP_MODULE_NOINIT
288 #undef LTTNG_PACKAGE_BUILD
289 #undef CREATE_TRACE_POINTS
291 struct trace_syscall_entry
{
293 void *event_notifier_func
;
294 const struct lttng_event_desc
*desc
;
295 const struct lttng_event_field
*fields
;
299 #define CREATE_SYSCALL_TABLE
306 #undef TRACE_SYSCALL_TABLE
307 #define TRACE_SYSCALL_TABLE(_template, _name, _nr, _nrargs) \
309 .event_func = __event_probe__syscall_entry_##_template, \
310 .event_notifier_func = __event_notifier_probe__syscall_entry_##_template, \
311 .nrargs = (_nrargs), \
312 .fields = __event_fields___syscall_entry_##_template, \
313 .desc = &__event_desc___syscall_entry_##_name, \
316 /* Event syscall enter tracing table */
317 static const struct trace_syscall_entry sc_table
[] = {
318 #include <instrumentation/syscalls/headers/syscalls_integers.h>
319 #include <instrumentation/syscalls/headers/syscalls_pointers.h>
322 #undef TRACE_SYSCALL_TABLE
323 #define TRACE_SYSCALL_TABLE(_template, _name, _nr, _nrargs) \
325 .event_func = __event_probe__compat_syscall_entry_##_template, \
326 .event_notifier_func = __event_notifier_probe__compat_syscall_entry_##_template, \
327 .nrargs = (_nrargs), \
328 .fields = __event_fields___compat_syscall_entry_##_template, \
329 .desc = &__event_desc___compat_syscall_entry_##_name, \
332 /* Event compat syscall enter table */
333 const struct trace_syscall_entry compat_sc_table
[] = {
334 #include <instrumentation/syscalls/headers/compat_syscalls_integers.h>
335 #include <instrumentation/syscalls/headers/compat_syscalls_pointers.h>
343 #define sc_exit(...) __VA_ARGS__
345 #undef TRACE_SYSCALL_TABLE
346 #define TRACE_SYSCALL_TABLE(_template, _name, _nr, _nrargs) \
348 .event_func = __event_probe__syscall_exit_##_template, \
349 .event_notifier_func = __event_notifier_probe__syscall_exit_##_template, \
350 .nrargs = (_nrargs), \
351 .fields = __event_fields___syscall_exit_##_template, \
352 .desc = &__event_desc___syscall_exit_##_name, \
355 /* Event syscall exit table */
356 static const struct trace_syscall_entry sc_exit_table
[] = {
357 #include <instrumentation/syscalls/headers/syscalls_integers.h>
358 #include <instrumentation/syscalls/headers/syscalls_pointers.h>
361 #undef TRACE_SYSCALL_TABLE
362 #define TRACE_SYSCALL_TABLE(_template, _name, _nr, _nrargs) \
364 .event_func = __event_probe__compat_syscall_exit_##_template, \
365 .event_notifier_func = __event_notifier_probe__compat_syscall_exit_##_template, \
366 .nrargs = (_nrargs), \
367 .fields = __event_fields___compat_syscall_exit_##_template, \
368 .desc = &__event_desc___compat_syscall_exit_##_name, \
371 /* Event compat syscall exit table */
372 const struct trace_syscall_entry compat_sc_exit_table
[] = {
373 #include <instrumentation/syscalls/headers/compat_syscalls_integers.h>
374 #include <instrumentation/syscalls/headers/compat_syscalls_pointers.h>
379 #undef CREATE_SYSCALL_TABLE
381 struct lttng_syscall_filter
{
382 DECLARE_BITMAP(sc_entry
, NR_syscalls
);
383 DECLARE_BITMAP(sc_exit
, NR_syscalls
);
384 DECLARE_BITMAP(sc_compat_entry
, NR_compat_syscalls
);
385 DECLARE_BITMAP(sc_compat_exit
, NR_compat_syscalls
);
388 static void syscall_entry_event_unknown(struct lttng_event
*event
,
389 struct pt_regs
*regs
, unsigned int id
)
391 unsigned long args
[LTTNG_SYSCALL_NR_ARGS
];
393 lttng_syscall_get_arguments(current
, regs
, args
);
394 if (unlikely(in_compat_syscall()))
395 __event_probe__compat_syscall_entry_unknown(event
, id
, args
);
397 __event_probe__syscall_entry_unknown(event
, id
, args
);
400 static void syscall_entry_event_notifier_unknown(
401 struct lttng_event_notifier_group
*notifier_group
,
402 struct pt_regs
*regs
, unsigned int id
)
404 unsigned long args
[LTTNG_SYSCALL_NR_ARGS
];
405 struct lttng_event
*event
;
407 lttng_syscall_get_arguments(current
, regs
, args
);
408 if (unlikely(in_compat_syscall()))
409 __event_probe__compat_syscall_notifier_entry_unknown(event
, id
, args
);
411 __event_probe__syscall_notifier_entry_unknown(event
, id
, args
);
414 static __always_inline
415 void syscall_entry_call_func(void *func
, unsigned int nrargs
, void *data
,
416 struct pt_regs
*regs
)
421 void (*fptr
)(void *__data
) = func
;
428 void (*fptr
)(void *__data
, unsigned long arg0
) = func
;
429 unsigned long args
[LTTNG_SYSCALL_NR_ARGS
];
431 lttng_syscall_get_arguments(current
, regs
, args
);
437 void (*fptr
)(void *__data
,
439 unsigned long arg1
) = func
;
440 unsigned long args
[LTTNG_SYSCALL_NR_ARGS
];
442 lttng_syscall_get_arguments(current
, regs
, args
);
443 fptr(data
, args
[0], args
[1]);
448 void (*fptr
)(void *__data
,
451 unsigned long arg2
) = func
;
452 unsigned long args
[LTTNG_SYSCALL_NR_ARGS
];
454 lttng_syscall_get_arguments(current
, regs
, args
);
455 fptr(data
, args
[0], args
[1], args
[2]);
460 void (*fptr
)(void *__data
,
464 unsigned long arg3
) = func
;
465 unsigned long args
[LTTNG_SYSCALL_NR_ARGS
];
467 lttng_syscall_get_arguments(current
, regs
, args
);
468 fptr(data
, args
[0], args
[1], args
[2], args
[3]);
473 void (*fptr
)(void *__data
,
478 unsigned long arg4
) = func
;
479 unsigned long args
[LTTNG_SYSCALL_NR_ARGS
];
481 lttng_syscall_get_arguments(current
, regs
, args
);
482 fptr(data
, args
[0], args
[1], args
[2], args
[3], args
[4]);
487 void (*fptr
)(void *__data
,
493 unsigned long arg5
) = func
;
494 unsigned long args
[LTTNG_SYSCALL_NR_ARGS
];
496 lttng_syscall_get_arguments(current
, regs
, args
);
497 fptr(data
, args
[0], args
[1], args
[2],
498 args
[3], args
[4], args
[5]);
506 void syscall_entry_event_probe(void *__data
, struct pt_regs
*regs
, long id
)
508 struct lttng_channel
*chan
= __data
;
509 struct lttng_event
*event
, *unknown_event
;
510 const struct trace_syscall_entry
*table
, *entry
;
513 if (unlikely(in_compat_syscall())) {
514 struct lttng_syscall_filter
*filter
= chan
->sc_filter
;
516 if (id
< 0 || id
>= NR_compat_syscalls
517 || (!READ_ONCE(chan
->syscall_all
) && !test_bit(id
, filter
->sc_compat_entry
))) {
518 /* System call filtered out. */
521 table
= compat_sc_table
;
522 table_len
= ARRAY_SIZE(compat_sc_table
);
523 unknown_event
= chan
->sc_compat_unknown
;
525 struct lttng_syscall_filter
*filter
= chan
->sc_filter
;
527 if (id
< 0 || id
>= NR_syscalls
528 || (!READ_ONCE(chan
->syscall_all
) && !test_bit(id
, filter
->sc_entry
))) {
529 /* System call filtered out. */
533 table_len
= ARRAY_SIZE(sc_table
);
534 unknown_event
= chan
->sc_unknown
;
536 if (unlikely(id
< 0 || id
>= table_len
)) {
537 syscall_entry_event_unknown(unknown_event
, regs
, id
);
540 if (unlikely(in_compat_syscall()))
541 event
= chan
->compat_sc_table
[id
];
543 event
= chan
->sc_table
[id
];
544 if (unlikely(!event
)) {
545 syscall_entry_event_unknown(unknown_event
, regs
, id
);
549 WARN_ON_ONCE(!entry
);
550 syscall_entry_call_func(entry
->event_func
, entry
->nrargs
, event
, regs
);
553 void syscall_entry_event_notifier_probe(void *__data
, struct pt_regs
*regs
, long id
)
555 struct lttng_event_notifier_group
*event_notifier_group
= __data
;
556 const struct trace_syscall_entry
*entry
;
557 struct list_head
*dispatch_list
;
558 struct lttng_event_notifier
*iter
;
561 if (unlikely(in_compat_syscall())) {
562 table_len
= ARRAY_SIZE(compat_sc_table
);
563 if (unlikely(id
< 0 || id
>= table_len
)) {
566 entry
= &compat_sc_table
[id
];
567 dispatch_list
= &event_notifier_group
->event_notifier_compat_syscall_dispatch
[id
];
569 table_len
= ARRAY_SIZE(sc_table
);
570 if (unlikely(id
< 0 || id
>= table_len
)) {
573 entry
= &sc_table
[id
];
574 dispatch_list
= &event_notifier_group
->event_notifier_syscall_dispatch
[id
];
577 if (unlikely(id
< 0 || id
>= table_len
)) {
578 syscall_entry_event_notifier_unknown(event_notifier_group
, regs
, id
);
582 /* TODO handle unknown syscall */
584 list_for_each_entry_rcu(iter
, dispatch_list
, u
.syscall
.node
) {
585 BUG_ON(iter
->u
.syscall
.syscall_id
!= id
);
586 syscall_entry_call_func(entry
->event_notifier_func
,
587 entry
->nrargs
, iter
, regs
);
591 static void syscall_exit_event_unknown(struct lttng_event
*event
,
592 struct pt_regs
*regs
, int id
, long ret
)
594 unsigned long args
[LTTNG_SYSCALL_NR_ARGS
];
596 lttng_syscall_get_arguments(current
, regs
, args
);
597 if (unlikely(in_compat_syscall()))
598 __event_probe__compat_syscall_exit_unknown(event
, id
, ret
,
601 __event_probe__syscall_exit_unknown(event
, id
, ret
, args
);
604 void syscall_exit_event_probe(void *__data
, struct pt_regs
*regs
, long ret
)
606 struct lttng_channel
*chan
= __data
;
607 struct lttng_event
*event
, *unknown_event
;
608 const struct trace_syscall_entry
*table
, *entry
;
612 id
= syscall_get_nr(current
, regs
);
613 if (unlikely(in_compat_syscall())) {
614 struct lttng_syscall_filter
*filter
= chan
->sc_filter
;
616 if (id
< 0 || id
>= NR_compat_syscalls
617 || (!READ_ONCE(chan
->syscall_all
) && !test_bit(id
, filter
->sc_compat_exit
))) {
618 /* System call filtered out. */
621 table
= compat_sc_exit_table
;
622 table_len
= ARRAY_SIZE(compat_sc_exit_table
);
623 unknown_event
= chan
->compat_sc_exit_unknown
;
625 struct lttng_syscall_filter
*filter
= chan
->sc_filter
;
627 if (id
< 0 || id
>= NR_syscalls
628 || (!READ_ONCE(chan
->syscall_all
) && !test_bit(id
, filter
->sc_exit
))) {
629 /* System call filtered out. */
632 table
= sc_exit_table
;
633 table_len
= ARRAY_SIZE(sc_exit_table
);
634 unknown_event
= chan
->sc_exit_unknown
;
636 if (unlikely(id
< 0 || id
>= table_len
)) {
637 syscall_exit_event_unknown(unknown_event
, regs
, id
, ret
);
640 if (unlikely(in_compat_syscall()))
641 event
= chan
->compat_sc_exit_table
[id
];
643 event
= chan
->sc_exit_table
[id
];
644 if (unlikely(!event
)) {
645 syscall_exit_event_unknown(unknown_event
, regs
, id
, ret
);
649 WARN_ON_ONCE(!entry
);
651 switch (entry
->nrargs
) {
654 void (*fptr
)(void *__data
, long ret
) = entry
->event_func
;
661 void (*fptr
)(void *__data
,
663 unsigned long arg0
) = entry
->event_func
;
664 unsigned long args
[LTTNG_SYSCALL_NR_ARGS
];
666 lttng_syscall_get_arguments(current
, regs
, args
);
667 fptr(event
, ret
, args
[0]);
672 void (*fptr
)(void *__data
,
675 unsigned long arg1
) = entry
->event_func
;
676 unsigned long args
[LTTNG_SYSCALL_NR_ARGS
];
678 lttng_syscall_get_arguments(current
, regs
, args
);
679 fptr(event
, ret
, args
[0], args
[1]);
684 void (*fptr
)(void *__data
,
688 unsigned long arg2
) = entry
->event_func
;
689 unsigned long args
[LTTNG_SYSCALL_NR_ARGS
];
691 lttng_syscall_get_arguments(current
, regs
, args
);
692 fptr(event
, ret
, args
[0], args
[1], args
[2]);
697 void (*fptr
)(void *__data
,
702 unsigned long arg3
) = entry
->event_func
;
703 unsigned long args
[LTTNG_SYSCALL_NR_ARGS
];
705 lttng_syscall_get_arguments(current
, regs
, args
);
706 fptr(event
, ret
, args
[0], args
[1], args
[2], args
[3]);
711 void (*fptr
)(void *__data
,
717 unsigned long arg4
) = entry
->event_func
;
718 unsigned long args
[LTTNG_SYSCALL_NR_ARGS
];
720 lttng_syscall_get_arguments(current
, regs
, args
);
721 fptr(event
, ret
, args
[0], args
[1], args
[2], args
[3], args
[4]);
726 void (*fptr
)(void *__data
,
733 unsigned long arg5
) = entry
->event_func
;
734 unsigned long args
[LTTNG_SYSCALL_NR_ARGS
];
736 lttng_syscall_get_arguments(current
, regs
, args
);
737 fptr(event
, ret
, args
[0], args
[1], args
[2],
738 args
[3], args
[4], args
[5]);
747 * noinline to diminish caller stack size.
748 * Should be called with sessions lock held.
751 int fill_event_table(const struct trace_syscall_entry
*table
, size_t table_len
,
752 struct lttng_event
**chan_table
, struct lttng_channel
*chan
,
753 void *filter
, enum sc_type type
)
755 const struct lttng_event_desc
*desc
;
758 /* Allocate events for each syscall, insert into table */
759 for (i
= 0; i
< table_len
; i
++) {
760 struct lttng_kernel_event ev
;
761 desc
= table
[i
].desc
;
764 /* Unknown syscall */
768 * Skip those already populated by previous failed
769 * register for this channel.
773 memset(&ev
, 0, sizeof(ev
));
776 ev
.u
.syscall
.entryexit
= LTTNG_KERNEL_SYSCALL_ENTRY
;
777 ev
.u
.syscall
.abi
= LTTNG_KERNEL_SYSCALL_ABI_NATIVE
;
780 ev
.u
.syscall
.entryexit
= LTTNG_KERNEL_SYSCALL_EXIT
;
781 ev
.u
.syscall
.abi
= LTTNG_KERNEL_SYSCALL_ABI_NATIVE
;
783 case SC_TYPE_COMPAT_ENTRY
:
784 ev
.u
.syscall
.entryexit
= LTTNG_KERNEL_SYSCALL_ENTRY
;
785 ev
.u
.syscall
.abi
= LTTNG_KERNEL_SYSCALL_ABI_COMPAT
;
787 case SC_TYPE_COMPAT_EXIT
:
788 ev
.u
.syscall
.entryexit
= LTTNG_KERNEL_SYSCALL_EXIT
;
789 ev
.u
.syscall
.abi
= LTTNG_KERNEL_SYSCALL_ABI_COMPAT
;
792 strncpy(ev
.name
, desc
->name
, LTTNG_KERNEL_SYM_NAME_LEN
- 1);
793 ev
.name
[LTTNG_KERNEL_SYM_NAME_LEN
- 1] = '\0';
794 ev
.instrumentation
= LTTNG_KERNEL_SYSCALL
;
795 chan_table
[i
] = _lttng_event_create(chan
, &ev
, filter
,
796 desc
, ev
.instrumentation
);
797 WARN_ON_ONCE(!chan_table
[i
]);
798 if (IS_ERR(chan_table
[i
])) {
800 * If something goes wrong in event registration
801 * after the first one, we have no choice but to
802 * leave the previous events in there, until
803 * deleted by session teardown.
805 return PTR_ERR(chan_table
[i
]);
812 * Should be called with sessions lock held.
814 int lttng_syscalls_register_event(struct lttng_channel
*chan
, void *filter
)
816 struct lttng_kernel_event ev
;
819 wrapper_vmalloc_sync_mappings();
821 if (!chan
->sc_table
) {
822 /* create syscall table mapping syscall to events */
823 chan
->sc_table
= kzalloc(sizeof(struct lttng_event
*)
824 * ARRAY_SIZE(sc_table
), GFP_KERNEL
);
828 if (!chan
->sc_exit_table
) {
829 /* create syscall table mapping syscall to events */
830 chan
->sc_exit_table
= kzalloc(sizeof(struct lttng_event
*)
831 * ARRAY_SIZE(sc_exit_table
), GFP_KERNEL
);
832 if (!chan
->sc_exit_table
)
838 if (!chan
->compat_sc_table
) {
839 /* create syscall table mapping compat syscall to events */
840 chan
->compat_sc_table
= kzalloc(sizeof(struct lttng_event
*)
841 * ARRAY_SIZE(compat_sc_table
), GFP_KERNEL
);
842 if (!chan
->compat_sc_table
)
846 if (!chan
->compat_sc_exit_table
) {
847 /* create syscall table mapping compat syscall to events */
848 chan
->compat_sc_exit_table
= kzalloc(sizeof(struct lttng_event
*)
849 * ARRAY_SIZE(compat_sc_exit_table
), GFP_KERNEL
);
850 if (!chan
->compat_sc_exit_table
)
854 if (!chan
->sc_unknown
) {
855 const struct lttng_event_desc
*desc
=
856 &__event_desc___syscall_entry_unknown
;
858 memset(&ev
, 0, sizeof(ev
));
859 strncpy(ev
.name
, desc
->name
, LTTNG_KERNEL_SYM_NAME_LEN
);
860 ev
.name
[LTTNG_KERNEL_SYM_NAME_LEN
- 1] = '\0';
861 ev
.instrumentation
= LTTNG_KERNEL_SYSCALL
;
862 ev
.u
.syscall
.entryexit
= LTTNG_KERNEL_SYSCALL_ENTRY
;
863 ev
.u
.syscall
.abi
= LTTNG_KERNEL_SYSCALL_ABI_NATIVE
;
864 chan
->sc_unknown
= _lttng_event_create(chan
, &ev
, filter
,
867 WARN_ON_ONCE(!chan
->sc_unknown
);
868 if (IS_ERR(chan
->sc_unknown
)) {
869 return PTR_ERR(chan
->sc_unknown
);
873 if (!chan
->sc_compat_unknown
) {
874 const struct lttng_event_desc
*desc
=
875 &__event_desc___compat_syscall_entry_unknown
;
877 memset(&ev
, 0, sizeof(ev
));
878 strncpy(ev
.name
, desc
->name
, LTTNG_KERNEL_SYM_NAME_LEN
);
879 ev
.name
[LTTNG_KERNEL_SYM_NAME_LEN
- 1] = '\0';
880 ev
.instrumentation
= LTTNG_KERNEL_SYSCALL
;
881 ev
.u
.syscall
.entryexit
= LTTNG_KERNEL_SYSCALL_ENTRY
;
882 ev
.u
.syscall
.abi
= LTTNG_KERNEL_SYSCALL_ABI_COMPAT
;
883 chan
->sc_compat_unknown
= _lttng_event_create(chan
, &ev
, filter
,
886 WARN_ON_ONCE(!chan
->sc_unknown
);
887 if (IS_ERR(chan
->sc_compat_unknown
)) {
888 return PTR_ERR(chan
->sc_compat_unknown
);
892 if (!chan
->compat_sc_exit_unknown
) {
893 const struct lttng_event_desc
*desc
=
894 &__event_desc___compat_syscall_exit_unknown
;
896 memset(&ev
, 0, sizeof(ev
));
897 strncpy(ev
.name
, desc
->name
, LTTNG_KERNEL_SYM_NAME_LEN
);
898 ev
.name
[LTTNG_KERNEL_SYM_NAME_LEN
- 1] = '\0';
899 ev
.instrumentation
= LTTNG_KERNEL_SYSCALL
;
900 ev
.u
.syscall
.entryexit
= LTTNG_KERNEL_SYSCALL_EXIT
;
901 ev
.u
.syscall
.abi
= LTTNG_KERNEL_SYSCALL_ABI_COMPAT
;
902 chan
->compat_sc_exit_unknown
= _lttng_event_create(chan
, &ev
,
905 WARN_ON_ONCE(!chan
->compat_sc_exit_unknown
);
906 if (IS_ERR(chan
->compat_sc_exit_unknown
)) {
907 return PTR_ERR(chan
->compat_sc_exit_unknown
);
911 if (!chan
->sc_exit_unknown
) {
912 const struct lttng_event_desc
*desc
=
913 &__event_desc___syscall_exit_unknown
;
915 memset(&ev
, 0, sizeof(ev
));
916 strncpy(ev
.name
, desc
->name
, LTTNG_KERNEL_SYM_NAME_LEN
);
917 ev
.name
[LTTNG_KERNEL_SYM_NAME_LEN
- 1] = '\0';
918 ev
.instrumentation
= LTTNG_KERNEL_SYSCALL
;
919 ev
.u
.syscall
.entryexit
= LTTNG_KERNEL_SYSCALL_EXIT
;
920 ev
.u
.syscall
.abi
= LTTNG_KERNEL_SYSCALL_ABI_NATIVE
;
921 chan
->sc_exit_unknown
= _lttng_event_create(chan
, &ev
, filter
,
922 desc
, ev
.instrumentation
);
923 WARN_ON_ONCE(!chan
->sc_exit_unknown
);
924 if (IS_ERR(chan
->sc_exit_unknown
)) {
925 return PTR_ERR(chan
->sc_exit_unknown
);
929 ret
= fill_event_table(sc_table
, ARRAY_SIZE(sc_table
),
930 chan
->sc_table
, chan
, filter
, SC_TYPE_ENTRY
);
933 ret
= fill_event_table(sc_exit_table
, ARRAY_SIZE(sc_exit_table
),
934 chan
->sc_exit_table
, chan
, filter
, SC_TYPE_EXIT
);
939 ret
= fill_event_table(compat_sc_table
, ARRAY_SIZE(compat_sc_table
),
940 chan
->compat_sc_table
, chan
, filter
,
941 SC_TYPE_COMPAT_ENTRY
);
944 ret
= fill_event_table(compat_sc_exit_table
, ARRAY_SIZE(compat_sc_exit_table
),
945 chan
->compat_sc_exit_table
, chan
, filter
,
946 SC_TYPE_COMPAT_EXIT
);
951 if (!chan
->sc_filter
) {
952 chan
->sc_filter
= kzalloc(sizeof(struct lttng_syscall_filter
),
954 if (!chan
->sc_filter
)
958 if (!chan
->sys_enter_registered
) {
959 ret
= lttng_wrapper_tracepoint_probe_register("sys_enter",
960 (void *) syscall_entry_event_probe
, chan
);
963 chan
->sys_enter_registered
= 1;
966 * We change the name of sys_exit tracepoint due to namespace
967 * conflict with sys_exit syscall entry.
969 if (!chan
->sys_exit_registered
) {
970 ret
= lttng_wrapper_tracepoint_probe_register("sys_exit",
971 (void *) syscall_exit_event_probe
, chan
);
973 WARN_ON_ONCE(lttng_wrapper_tracepoint_probe_unregister("sys_enter",
974 (void *) syscall_entry_event_probe
, chan
));
977 chan
->sys_exit_registered
= 1;
983 * Should be called with sessions lock held.
985 int lttng_syscalls_register_event_notifier(struct lttng_event_notifier_enabler
*event_notifier_enabler
, void *filter
)
987 struct lttng_event_notifier_group
*group
= event_notifier_enabler
->group
;
991 wrapper_vmalloc_sync_mappings();
993 if (!group
->event_notifier_syscall_dispatch
) {
994 group
->event_notifier_syscall_dispatch
= kzalloc(sizeof(struct list_head
)
995 * ARRAY_SIZE(sc_table
), GFP_KERNEL
);
996 if (!group
->event_notifier_syscall_dispatch
)
999 /* Initialize all list_head */
1000 for (i
= 0; i
< ARRAY_SIZE(sc_table
); i
++)
1001 INIT_LIST_HEAD(&group
->event_notifier_syscall_dispatch
[i
]);
1004 #ifdef CONFIG_COMPAT
1005 if (!group
->event_notifier_compat_syscall_dispatch
) {
1006 group
->event_notifier_compat_syscall_dispatch
= kzalloc(sizeof(struct list_head
)
1007 * ARRAY_SIZE(compat_sc_table
), GFP_KERNEL
);
1008 if (!group
->event_notifier_syscall_dispatch
)
1011 /* Initialize all list_head */
1012 for (i
= 0; i
< ARRAY_SIZE(compat_sc_table
); i
++)
1013 INIT_LIST_HEAD(&group
->event_notifier_compat_syscall_dispatch
[i
]);
1017 if (!group
->sys_enter_registered
) {
1018 ret
= lttng_wrapper_tracepoint_probe_register("sys_enter",
1019 (void *) syscall_entry_event_notifier_probe
, group
);
1022 group
->sys_enter_registered
= 1;
1028 static int create_matching_event_notifiers(struct lttng_event_notifier_enabler
*event_notifier_enabler
,
1029 void *filter
, const struct trace_syscall_entry
*table
,
1030 size_t table_len
, bool is_compat
)
1032 struct lttng_event_notifier_group
*group
= event_notifier_enabler
->group
;
1033 const struct lttng_event_desc
*desc
;
1034 uint64_t user_token
= event_notifier_enabler
->base
.user_token
;
1038 /* iterate over all syscall and create event_notifier that match */
1039 for (i
= 0; i
< table_len
; i
++) {
1040 struct lttng_event_notifier
*event_notifier
;
1041 struct lttng_kernel_event_notifier event_notifier_param
;
1042 struct hlist_head
*head
;
1045 desc
= table
[i
].desc
;
1047 /* Unknown syscall */
1051 if (!lttng_desc_match_enabler(desc
,
1052 lttng_event_notifier_enabler_as_enabler(event_notifier_enabler
)))
1056 * Check if already created.
1058 head
= utils_borrow_hash_table_bucket(group
->event_notifiers_ht
.table
,
1059 LTTNG_EVENT_NOTIFIER_HT_SIZE
, desc
->name
);
1060 lttng_hlist_for_each_entry(event_notifier
, head
, hlist
) {
1061 if (event_notifier
->desc
== desc
1062 && event_notifier
->user_token
== event_notifier_enabler
->base
.user_token
)
1068 memset(&event_notifier_param
, 0, sizeof(event_notifier_param
));
1069 strncat(event_notifier_param
.event
.name
, desc
->name
,
1070 LTTNG_KERNEL_SYM_NAME_LEN
- strlen(event_notifier_param
.event
.name
) - 1);
1071 event_notifier_param
.event
.name
[LTTNG_KERNEL_SYM_NAME_LEN
- 1] = '\0';
1072 event_notifier_param
.event
.instrumentation
= LTTNG_KERNEL_SYSCALL
;
1074 event_notifier
= _lttng_event_notifier_create(desc
, user_token
, group
,
1075 &event_notifier_param
, filter
,
1076 event_notifier_param
.event
.instrumentation
);
1077 if (IS_ERR(event_notifier
)) {
1078 printk(KERN_INFO
"Unable to create event_notifier %s\n",
1084 event_notifier
->u
.syscall
.syscall_id
= i
;
1085 event_notifier
->u
.syscall
.is_compat
= is_compat
;
1092 int lttng_syscals_create_matching_event_notifiers(struct lttng_event_notifier_enabler
*event_notifier_enabler
, void *filter
)
1096 ret
= create_matching_event_notifiers(event_notifier_enabler
, filter
, sc_table
,
1097 ARRAY_SIZE(sc_table
), false);
1101 ret
= create_matching_event_notifiers(event_notifier_enabler
, filter
, compat_sc_table
,
1102 ARRAY_SIZE(compat_sc_table
), true);
1108 * Unregister the syscall event_notifier probes from the callsites.
1110 int lttng_syscalls_unregister_event_notifier(struct lttng_event_notifier_group
*event_notifier_group
)
1115 * Only register the event_notifier probe on the `sys_enter` callsite for now.
1116 * At the moment, we don't think it's desirable to have one fired
1117 * event_notifier for the entry and one for the exit of a syscall.
1119 if (event_notifier_group
->sys_enter_registered
) {
1120 ret
= lttng_wrapper_tracepoint_probe_unregister("sys_enter",
1121 (void *) syscall_entry_event_notifier_probe
, event_notifier_group
);
1124 event_notifier_group
->sys_enter_registered
= 0;
1127 kfree(event_notifier_group
->event_notifier_syscall_dispatch
);
1128 #ifdef CONFIG_COMPAT
1129 kfree(event_notifier_group
->event_notifier_compat_syscall_dispatch
);
1134 int lttng_syscalls_unregister_event(struct lttng_channel
*chan
)
1138 if (!chan
->sc_table
)
1140 if (chan
->sys_enter_registered
) {
1141 ret
= lttng_wrapper_tracepoint_probe_unregister("sys_enter",
1142 (void *) syscall_entry_event_probe
, chan
);
1145 chan
->sys_enter_registered
= 0;
1147 if (chan
->sys_exit_registered
) {
1148 ret
= lttng_wrapper_tracepoint_probe_unregister("sys_exit",
1149 (void *) syscall_exit_event_probe
, chan
);
1152 chan
->sys_exit_registered
= 0;
1157 int lttng_syscalls_destroy_event(struct lttng_channel
*chan
)
1159 kfree(chan
->sc_table
);
1160 kfree(chan
->sc_exit_table
);
1161 #ifdef CONFIG_COMPAT
1162 kfree(chan
->compat_sc_table
);
1163 kfree(chan
->compat_sc_exit_table
);
1165 kfree(chan
->sc_filter
);
1170 int get_syscall_nr(const char *syscall_name
)
1172 int syscall_nr
= -1;
1175 for (i
= 0; i
< ARRAY_SIZE(sc_table
); i
++) {
1176 const struct trace_syscall_entry
*entry
;
1177 const char *it_name
;
1179 entry
= &sc_table
[i
];
1182 it_name
= entry
->desc
->name
;
1183 it_name
+= strlen(SYSCALL_ENTRY_STR
);
1184 if (!strcmp(syscall_name
, it_name
)) {
1193 int get_compat_syscall_nr(const char *syscall_name
)
1195 int syscall_nr
= -1;
1198 for (i
= 0; i
< ARRAY_SIZE(compat_sc_table
); i
++) {
1199 const struct trace_syscall_entry
*entry
;
1200 const char *it_name
;
1202 entry
= &compat_sc_table
[i
];
1205 it_name
= entry
->desc
->name
;
1206 it_name
+= strlen(COMPAT_SYSCALL_ENTRY_STR
);
1207 if (!strcmp(syscall_name
, it_name
)) {
1216 uint32_t get_sc_tables_len(void)
1218 return ARRAY_SIZE(sc_table
) + ARRAY_SIZE(compat_sc_table
);
1222 const char *get_syscall_name(struct lttng_event
*event
)
1224 size_t prefix_len
= 0;
1226 WARN_ON_ONCE(event
->instrumentation
!= LTTNG_KERNEL_SYSCALL
);
1228 switch (event
->u
.syscall
.entryexit
) {
1229 case LTTNG_SYSCALL_ENTRY
:
1230 switch (event
->u
.syscall
.abi
) {
1231 case LTTNG_SYSCALL_ABI_NATIVE
:
1232 prefix_len
= strlen(SYSCALL_ENTRY_STR
);
1234 case LTTNG_SYSCALL_ABI_COMPAT
:
1235 prefix_len
= strlen(COMPAT_SYSCALL_ENTRY_STR
);
1239 case LTTNG_SYSCALL_EXIT
:
1240 switch (event
->u
.syscall
.abi
) {
1241 case LTTNG_SYSCALL_ABI_NATIVE
:
1242 prefix_len
= strlen(SYSCALL_EXIT_STR
);
1244 case LTTNG_SYSCALL_ABI_COMPAT
:
1245 prefix_len
= strlen(COMPAT_SYSCALL_EXIT_STR
);
1250 WARN_ON_ONCE(prefix_len
== 0);
1251 return event
->desc
->name
+ prefix_len
;
1254 int lttng_syscall_filter_enable_event(struct lttng_channel
*chan
,
1255 struct lttng_event
*event
)
1257 struct lttng_syscall_filter
*filter
= chan
->sc_filter
;
1258 const char *syscall_name
;
1259 unsigned long *bitmap
;
1262 WARN_ON_ONCE(!chan
->sc_table
);
1264 syscall_name
= get_syscall_name(event
);
1266 switch (event
->u
.syscall
.abi
) {
1267 case LTTNG_SYSCALL_ABI_NATIVE
:
1268 syscall_nr
= get_syscall_nr(syscall_name
);
1270 case LTTNG_SYSCALL_ABI_COMPAT
:
1271 syscall_nr
= get_compat_syscall_nr(syscall_name
);
1279 switch (event
->u
.syscall
.entryexit
) {
1280 case LTTNG_SYSCALL_ENTRY
:
1281 switch (event
->u
.syscall
.abi
) {
1282 case LTTNG_SYSCALL_ABI_NATIVE
:
1283 bitmap
= filter
->sc_entry
;
1285 case LTTNG_SYSCALL_ABI_COMPAT
:
1286 bitmap
= filter
->sc_compat_entry
;
1292 case LTTNG_SYSCALL_EXIT
:
1293 switch (event
->u
.syscall
.abi
) {
1294 case LTTNG_SYSCALL_ABI_NATIVE
:
1295 bitmap
= filter
->sc_exit
;
1297 case LTTNG_SYSCALL_ABI_COMPAT
:
1298 bitmap
= filter
->sc_compat_exit
;
1307 if (test_bit(syscall_nr
, bitmap
))
1309 bitmap_set(bitmap
, syscall_nr
, 1);
1313 int lttng_syscall_filter_enable_event_notifier(
1314 struct lttng_event_notifier
*event_notifier
)
1316 struct lttng_event_notifier_group
*group
= event_notifier
->group
;
1317 unsigned int syscall_id
= event_notifier
->u
.syscall
.syscall_id
;
1318 struct list_head
*dispatch_list
;
1320 if (event_notifier
->u
.syscall
.is_compat
)
1321 dispatch_list
= &group
->event_notifier_compat_syscall_dispatch
[syscall_id
];
1323 dispatch_list
= &group
->event_notifier_syscall_dispatch
[syscall_id
];
1325 list_add_rcu(&event_notifier
->u
.syscall
.node
, dispatch_list
);
1330 int lttng_syscall_filter_disable_event(struct lttng_channel
*chan
,
1331 struct lttng_event
*event
)
1333 struct lttng_syscall_filter
*filter
= chan
->sc_filter
;
1334 const char *syscall_name
;
1335 unsigned long *bitmap
;
1338 WARN_ON_ONCE(!chan
->sc_table
);
1340 syscall_name
= get_syscall_name(event
);
1342 switch (event
->u
.syscall
.abi
) {
1343 case LTTNG_SYSCALL_ABI_NATIVE
:
1344 syscall_nr
= get_syscall_nr(syscall_name
);
1346 case LTTNG_SYSCALL_ABI_COMPAT
:
1347 syscall_nr
= get_compat_syscall_nr(syscall_name
);
1355 switch (event
->u
.syscall
.entryexit
) {
1356 case LTTNG_SYSCALL_ENTRY
:
1357 switch (event
->u
.syscall
.abi
) {
1358 case LTTNG_SYSCALL_ABI_NATIVE
:
1359 bitmap
= filter
->sc_entry
;
1361 case LTTNG_SYSCALL_ABI_COMPAT
:
1362 bitmap
= filter
->sc_compat_entry
;
1368 case LTTNG_SYSCALL_EXIT
:
1369 switch (event
->u
.syscall
.abi
) {
1370 case LTTNG_SYSCALL_ABI_NATIVE
:
1371 bitmap
= filter
->sc_exit
;
1373 case LTTNG_SYSCALL_ABI_COMPAT
:
1374 bitmap
= filter
->sc_compat_exit
;
1383 if (!test_bit(syscall_nr
, bitmap
))
1385 bitmap_clear(bitmap
, syscall_nr
, 1);
1390 int lttng_syscall_filter_disable_event_notifier(
1391 struct lttng_event_notifier
*event_notifier
)
1393 list_del_rcu(&event_notifier
->u
.syscall
.node
);
1398 const struct trace_syscall_entry
*syscall_list_get_entry(loff_t
*pos
)
1400 const struct trace_syscall_entry
*entry
;
1403 for (entry
= sc_table
;
1404 entry
< sc_table
+ ARRAY_SIZE(sc_table
);
1409 for (entry
= compat_sc_table
;
1410 entry
< compat_sc_table
+ ARRAY_SIZE(compat_sc_table
);
1420 void *syscall_list_start(struct seq_file
*m
, loff_t
*pos
)
1422 return (void *) syscall_list_get_entry(pos
);
1426 void *syscall_list_next(struct seq_file
*m
, void *p
, loff_t
*ppos
)
1429 return (void *) syscall_list_get_entry(ppos
);
1433 void syscall_list_stop(struct seq_file
*m
, void *p
)
1438 int get_sc_table(const struct trace_syscall_entry
*entry
,
1439 const struct trace_syscall_entry
**table
,
1440 unsigned int *bitness
)
1442 if (entry
>= sc_table
&& entry
< sc_table
+ ARRAY_SIZE(sc_table
)) {
1444 *bitness
= BITS_PER_LONG
;
1449 if (!(entry
>= compat_sc_table
1450 && entry
< compat_sc_table
+ ARRAY_SIZE(compat_sc_table
))) {
1456 *table
= compat_sc_table
;
1461 int syscall_list_show(struct seq_file
*m
, void *p
)
1463 const struct trace_syscall_entry
*table
, *entry
= p
;
1464 unsigned int bitness
;
1465 unsigned long index
;
1469 ret
= get_sc_table(entry
, &table
, &bitness
);
1474 if (table
== sc_table
) {
1475 index
= entry
- table
;
1476 name
= &entry
->desc
->name
[strlen(SYSCALL_ENTRY_STR
)];
1478 index
= (entry
- table
) + ARRAY_SIZE(sc_table
);
1479 name
= &entry
->desc
->name
[strlen(COMPAT_SYSCALL_ENTRY_STR
)];
1481 seq_printf(m
, "syscall { index = %lu; name = %s; bitness = %u; };\n",
1482 index
, name
, bitness
);
1487 const struct seq_operations lttng_syscall_list_seq_ops
= {
1488 .start
= syscall_list_start
,
1489 .next
= syscall_list_next
,
1490 .stop
= syscall_list_stop
,
1491 .show
= syscall_list_show
,
1495 int lttng_syscall_list_open(struct inode
*inode
, struct file
*file
)
1497 return seq_open(file
, <tng_syscall_list_seq_ops
);
1500 const struct file_operations lttng_syscall_list_fops
= {
1501 .owner
= THIS_MODULE
,
1502 .open
= lttng_syscall_list_open
,
1504 .llseek
= seq_lseek
,
1505 .release
= seq_release
,
1509 * A syscall is enabled if it is traced for either entry or exit.
1511 long lttng_channel_syscall_mask(struct lttng_channel
*channel
,
1512 struct lttng_kernel_syscall_mask __user
*usyscall_mask
)
1514 uint32_t len
, sc_tables_len
, bitmask_len
;
1517 struct lttng_syscall_filter
*filter
;
1519 ret
= get_user(len
, &usyscall_mask
->len
);
1522 sc_tables_len
= get_sc_tables_len();
1523 bitmask_len
= ALIGN(sc_tables_len
, 8) >> 3;
1524 if (len
< sc_tables_len
) {
1525 return put_user(sc_tables_len
, &usyscall_mask
->len
);
1527 /* Array is large enough, we can copy array to user-space. */
1528 tmp_mask
= kzalloc(bitmask_len
, GFP_KERNEL
);
1531 filter
= channel
->sc_filter
;
1533 for (bit
= 0; bit
< ARRAY_SIZE(sc_table
); bit
++) {
1536 if (channel
->sc_table
) {
1537 if (!READ_ONCE(channel
->syscall_all
) && filter
)
1538 state
= test_bit(bit
, filter
->sc_entry
)
1539 || test_bit(bit
, filter
->sc_exit
);
1545 bt_bitfield_write_be(tmp_mask
, char, bit
, 1, state
);
1547 for (; bit
< sc_tables_len
; bit
++) {
1550 if (channel
->compat_sc_table
) {
1551 if (!READ_ONCE(channel
->syscall_all
) && filter
)
1552 state
= test_bit(bit
- ARRAY_SIZE(sc_table
),
1553 filter
->sc_compat_entry
)
1554 || test_bit(bit
- ARRAY_SIZE(sc_table
),
1555 filter
->sc_compat_exit
);
1561 bt_bitfield_write_be(tmp_mask
, char, bit
, 1, state
);
1563 if (copy_to_user(usyscall_mask
->mask
, tmp_mask
, bitmask_len
))
1569 int lttng_abi_syscall_list(void)
1571 struct file
*syscall_list_file
;
1574 file_fd
= lttng_get_unused_fd();
1580 syscall_list_file
= anon_inode_getfile("[lttng_syscall_list]",
1581 <tng_syscall_list_fops
,
1583 if (IS_ERR(syscall_list_file
)) {
1584 ret
= PTR_ERR(syscall_list_file
);
1587 ret
= lttng_syscall_list_fops
.open(NULL
, syscall_list_file
);
1590 fd_install(file_fd
, syscall_list_file
);
1594 fput(syscall_list_file
);
1596 put_unused_fd(file_fd
);
projects / lttng-modules.git / blob