From 8a8ac9a87ae1ddffad34d96a66be224e8c8d89e4 Mon Sep 17 00:00:00 2001 From: Francis Deslauriers Date: Thu, 23 Jan 2020 17:47:17 -0500 Subject: [PATCH] Implement event notifiers for syscalls Signed-off-by: Francis Deslauriers Signed-off-by: Mathieu Desnoyers Change-Id: I31e60d0d758b93ada11d208f583d71f05168c014 --- .../syscalls/headers/syscalls_unknown.h | 7 +- include/lttng/abi.h | 4 +- include/lttng/events.h | 66 ++ src/lttng-abi.c | 3 +- src/lttng-events.c | 103 ++- src/lttng-syscalls.c | 809 +++++++++++++++++- 6 files changed, 971 insertions(+), 21 deletions(-) diff --git a/include/instrumentation/syscalls/headers/syscalls_unknown.h b/include/instrumentation/syscalls/headers/syscalls_unknown.h index 64e53792..8645d714 100644 --- a/include/instrumentation/syscalls/headers/syscalls_unknown.h +++ b/include/instrumentation/syscalls/headers/syscalls_unknown.h @@ -9,7 +9,10 @@ #define UNKNOWN_SYSCALL_NRARGS 6 #undef TP_PROBE_CB -#define TP_PROBE_CB(_template) &syscall_entry_event_probe +#define TP_PROBE_CB(_template) &syscall_entry_event_probe + +#undef TP_EVENT_NOTIFIER_PROBE_CB +#define TP_EVENT_NOTIFIER_PROBE_CB(_template) &syscall_entry_event_notifier_probe LTTNG_TRACEPOINT_EVENT(syscall_entry_unknown, TP_PROTO(int id, unsigned long *args), @@ -30,6 +33,8 @@ LTTNG_TRACEPOINT_EVENT(compat_syscall_entry_unknown, #undef TP_PROBE_CB #define TP_PROBE_CB(_template) &syscall_exit_event_probe +#undef TP_EVENT_NOTIFIER_PROBE_CB +#define TP_EVENT_NOTIFIER_PROBE_CB(_template) &syscall_exit_event_notifier_probe LTTNG_TRACEPOINT_EVENT(syscall_exit_unknown, TP_PROTO(int id, long ret, unsigned long *args), diff --git a/include/lttng/abi.h b/include/lttng/abi.h index 75c2cb08..c7c6dc19 100644 --- a/include/lttng/abi.h +++ b/include/lttng/abi.h @@ -98,8 +98,8 @@ enum lttng_kernel_syscall_entryexit { enum lttng_kernel_syscall_abi { LTTNG_KERNEL_SYSCALL_ABI_ALL = 0, - LTTNG_KERNEL_SYSCALL_ABI_NATIVE = 1, /* Not implemented. */ - LTTNG_KERNEL_SYSCALL_ABI_COMPAT = 2, /* Not implemented. */ + LTTNG_KERNEL_SYSCALL_ABI_NATIVE = 1, + LTTNG_KERNEL_SYSCALL_ABI_COMPAT = 2, }; enum lttng_kernel_syscall_match { diff --git a/include/lttng/events.h b/include/lttng/events.h index 05b0f7cf..6125f08b 100644 --- a/include/lttng/events.h +++ b/include/lttng/events.h @@ -350,6 +350,13 @@ struct lttng_event_notifier { union { struct lttng_kprobe kprobe; struct lttng_uprobe uprobe; + struct { + enum lttng_syscall_entryexit entryexit; + enum lttng_syscall_abi abi; + struct hlist_node node; /* chain registered syscall event_notifier */ + unsigned int syscall_id; + } syscall; + } u; /* Backward references: list of lttng_enabler_ref (ref to enablers) */ @@ -628,6 +635,28 @@ struct lttng_event_notifier_group { struct lib_ring_buffer *buf; /* Ring buffer for event notifier group. */ wait_queue_head_t read_wait; struct irq_work wakeup_pending; /* Pending wakeup irq work. */ + struct lttng_event_notifier *sc_unknown; /* for unknown syscalls */ + struct lttng_event_notifier *sc_compat_unknown; + + struct lttng_syscall_filter *sc_filter; + + struct hlist_head *event_notifier_syscall_dispatch; + struct hlist_head *event_notifier_compat_syscall_dispatch; + struct hlist_head *event_notifier_exit_syscall_dispatch; + struct hlist_head *event_notifier_exit_compat_syscall_dispatch; + + struct hlist_head event_notifier_unknown_syscall_dispatch; + struct hlist_head event_notifier_compat_unknown_syscall_dispatch; + struct hlist_head event_notifier_exit_unknown_syscall_dispatch; + struct hlist_head event_notifier_exit_compat_unknown_syscall_dispatch; + + int syscall_all_entry; + int syscall_all_exit; + + unsigned int sys_enter_registered:1, sys_exit_registered:1; + + struct lttng_counter *error_counter; + size_t error_counter_len; }; struct lttng_metadata_cache { @@ -769,6 +798,9 @@ int lttng_session_list_tracker_ids(struct lttng_session *session, void lttng_clock_ref(void); void lttng_clock_unref(void); +int lttng_desc_match_enabler(const struct lttng_event_desc *desc, + struct lttng_enabler *enabler); + #if defined(CONFIG_HAVE_SYSCALL_TRACEPOINTS) int lttng_syscalls_register_event(struct lttng_channel *chan, void *filter); int lttng_syscalls_unregister_event(struct lttng_channel *chan); @@ -783,6 +815,14 @@ int lttng_syscall_filter_disable_event( long lttng_channel_syscall_mask(struct lttng_channel *channel, struct lttng_kernel_syscall_mask __user *usyscall_mask); +int lttng_syscalls_register_event_notifier( + struct lttng_event_notifier_enabler *event_notifier_enabler, + void *filter); +int lttng_syscals_create_matching_event_notifiers( + struct lttng_event_notifier_enabler *event_notifier_enabler, void *filter); +int lttng_syscalls_unregister_event_notifier(struct lttng_event_notifier_group *group); +int lttng_syscall_filter_enable_event_notifier(struct lttng_event_notifier *event_notifier); +int lttng_syscall_filter_disable_event_notifier(struct lttng_event_notifier *event_notifier); #else static inline int lttng_syscalls_register_event( struct lttng_channel *chan, void *filter) @@ -818,6 +858,32 @@ static inline long lttng_channel_syscall_mask(struct lttng_channel *channel, return -ENOSYS; } +static inline int lttng_syscalls_register_event_notifier( + struct lttng_event_notifier_group *group, void *filter) +{ + return -ENOSYS; +} + +static inline int lttng_syscalls_unregister_event_notifier( + struct lttng_event_notifier_group *group) +{ + return 0; +} + +static inline int lttng_syscall_filter_enable_event_notifier( + struct lttng_event_notifier_group *group, + const char *name) +{ + return -ENOSYS; +} + +static inline int lttng_syscall_filter_disable_event_notifier( + struct lttng_event_notifier_group *group, + const char *name) +{ + return -ENOSYS; +} + #endif void lttng_filter_sync_state(struct lttng_bytecode_runtime *runtime); diff --git a/src/lttng-abi.c b/src/lttng-abi.c index fbbdbabf..67f5aa87 100644 --- a/src/lttng-abi.c +++ b/src/lttng-abi.c @@ -1826,11 +1826,12 @@ int lttng_abi_create_event_notifier(struct file *event_notifier_group_file, case LTTNG_KERNEL_KPROBE: event_notifier_param->event.u.kprobe.symbol_name[LTTNG_KERNEL_SYM_NAME_LEN - 1] = '\0'; break; + case LTTNG_KERNEL_SYSCALL: + break; case LTTNG_KERNEL_KRETPROBE: /* Placing an event notifier on kretprobe is not supported. */ case LTTNG_KERNEL_FUNCTION: case LTTNG_KERNEL_NOOP: - case LTTNG_KERNEL_SYSCALL: default: ret = -EINVAL; goto inval_instr; diff --git a/src/lttng-events.c b/src/lttng-events.c index 91a08100..dff93ce6 100644 --- a/src/lttng-events.c +++ b/src/lttng-events.c @@ -329,6 +329,9 @@ void lttng_event_notifier_group_destroy( mutex_lock(&sessions_mutex); + ret = lttng_syscalls_unregister_event_notifier(event_notifier_group); + WARN_ON(ret); + list_for_each_entry_safe(event_notifier, tmpevent_notifier, &event_notifier_group->event_notifiers_head, list) { ret = _lttng_event_notifier_unregister(event_notifier); @@ -340,6 +343,8 @@ void lttng_event_notifier_group_destroy( irq_work_sync(&event_notifier_group->wakeup_pending); + kfree(event_notifier_group->sc_filter); + list_for_each_entry_safe(event_notifier_enabler, tmp_event_notifier_enabler, &event_notifier_group->enablers_head, node) lttng_event_notifier_enabler_destroy(event_notifier_enabler); @@ -612,13 +617,13 @@ int lttng_event_notifier_enable(struct lttng_event_notifier *event_notifier) } switch (event_notifier->instrumentation) { case LTTNG_KERNEL_TRACEPOINT: + case LTTNG_KERNEL_SYSCALL: ret = -EINVAL; break; case LTTNG_KERNEL_KPROBE: case LTTNG_KERNEL_UPROBE: WRITE_ONCE(event_notifier->enabled, 1); break; - case LTTNG_KERNEL_SYSCALL: case LTTNG_KERNEL_FUNCTION: case LTTNG_KERNEL_NOOP: case LTTNG_KERNEL_KRETPROBE: @@ -642,13 +647,13 @@ int lttng_event_notifier_disable(struct lttng_event_notifier *event_notifier) } switch (event_notifier->instrumentation) { case LTTNG_KERNEL_TRACEPOINT: + case LTTNG_KERNEL_SYSCALL: ret = -EINVAL; break; case LTTNG_KERNEL_KPROBE: case LTTNG_KERNEL_UPROBE: WRITE_ONCE(event_notifier->enabled, 0); break; - case LTTNG_KERNEL_SYSCALL: case LTTNG_KERNEL_FUNCTION: case LTTNG_KERNEL_NOOP: case LTTNG_KERNEL_KRETPROBE: @@ -1009,12 +1014,12 @@ struct lttng_event_notifier *_lttng_event_notifier_create( break; case LTTNG_KERNEL_KPROBE: case LTTNG_KERNEL_UPROBE: + case LTTNG_KERNEL_SYSCALL: event_name = event_notifier_param->event.name; break; case LTTNG_KERNEL_KRETPROBE: case LTTNG_KERNEL_FUNCTION: case LTTNG_KERNEL_NOOP: - case LTTNG_KERNEL_SYSCALL: default: WARN_ON_ONCE(1); ret = -EINVAL; @@ -1086,6 +1091,43 @@ struct lttng_event_notifier *_lttng_event_notifier_create( ret = try_module_get(event_notifier->desc->owner); WARN_ON_ONCE(!ret); break; + case LTTNG_KERNEL_NOOP: + case LTTNG_KERNEL_SYSCALL: + /* + * Needs to be explicitly enabled after creation, since + * we may want to apply filters. + */ + event_notifier->enabled = 0; + event_notifier->registered = 0; + event_notifier->desc = event_desc; + switch (event_notifier_param->event.u.syscall.entryexit) { + case LTTNG_KERNEL_SYSCALL_ENTRYEXIT: + ret = -EINVAL; + goto register_error; + case LTTNG_KERNEL_SYSCALL_ENTRY: + event_notifier->u.syscall.entryexit = LTTNG_SYSCALL_ENTRY; + break; + case LTTNG_KERNEL_SYSCALL_EXIT: + event_notifier->u.syscall.entryexit = LTTNG_SYSCALL_EXIT; + break; + } + switch (event_notifier_param->event.u.syscall.abi) { + case LTTNG_KERNEL_SYSCALL_ABI_ALL: + ret = -EINVAL; + goto register_error; + case LTTNG_KERNEL_SYSCALL_ABI_NATIVE: + event_notifier->u.syscall.abi = LTTNG_SYSCALL_ABI_NATIVE; + break; + case LTTNG_KERNEL_SYSCALL_ABI_COMPAT: + event_notifier->u.syscall.abi = LTTNG_SYSCALL_ABI_COMPAT; + break; + } + + if (!event_notifier->desc) { + ret = -EINVAL; + goto register_error; + } + break; case LTTNG_KERNEL_UPROBE: /* * Needs to be explicitly enabled after creation, since @@ -1111,8 +1153,6 @@ struct lttng_event_notifier *_lttng_event_notifier_create( break; case LTTNG_KERNEL_KRETPROBE: case LTTNG_KERNEL_FUNCTION: - case LTTNG_KERNEL_NOOP: - case LTTNG_KERNEL_SYSCALL: default: WARN_ON_ONCE(1); ret = -EINVAL; @@ -1257,11 +1297,13 @@ void register_event_notifier(struct lttng_event_notifier *event_notifier) desc->event_notifier_callback, event_notifier); break; + case LTTNG_KERNEL_SYSCALL: + ret = lttng_syscall_filter_enable_event_notifier(event_notifier); + break; case LTTNG_KERNEL_KPROBE: case LTTNG_KERNEL_UPROBE: ret = 0; break; - case LTTNG_KERNEL_SYSCALL: case LTTNG_KERNEL_KRETPROBE: case LTTNG_KERNEL_FUNCTION: case LTTNG_KERNEL_NOOP: @@ -1297,9 +1339,11 @@ int _lttng_event_notifier_unregister( lttng_uprobes_unregister_event_notifier(event_notifier); ret = 0; break; + case LTTNG_KERNEL_SYSCALL: + ret = lttng_syscall_filter_disable_event_notifier(event_notifier); + break; case LTTNG_KERNEL_KRETPROBE: case LTTNG_KERNEL_FUNCTION: - case LTTNG_KERNEL_SYSCALL: case LTTNG_KERNEL_NOOP: default: WARN_ON_ONCE(1); @@ -1357,14 +1401,15 @@ void _lttng_event_notifier_destroy(struct lttng_event_notifier *event_notifier) module_put(event_notifier->desc->owner); lttng_kprobes_destroy_event_notifier_private(event_notifier); break; + case LTTNG_KERNEL_NOOP: + case LTTNG_KERNEL_SYSCALL: + break; case LTTNG_KERNEL_UPROBE: module_put(event_notifier->desc->owner); lttng_uprobes_destroy_event_notifier_private(event_notifier); break; case LTTNG_KERNEL_KRETPROBE: case LTTNG_KERNEL_FUNCTION: - case LTTNG_KERNEL_NOOP: - case LTTNG_KERNEL_SYSCALL: default: WARN_ON_ONCE(1); } @@ -1647,7 +1692,6 @@ int lttng_match_enabler_name(const char *desc_name, return 1; } -static int lttng_desc_match_enabler(const struct lttng_event_desc *desc, struct lttng_enabler *enabler) { @@ -1901,6 +1945,17 @@ void lttng_create_syscall_event_if_missing(struct lttng_event_enabler *event_ena WARN_ON_ONCE(ret); } +static +void lttng_create_syscall_event_notifier_if_missing(struct lttng_event_notifier_enabler *event_notifier_enabler) +{ + int ret; + + ret = lttng_syscalls_register_event_notifier(event_notifier_enabler, NULL); + WARN_ON_ONCE(ret); + ret = lttng_syscals_create_matching_event_notifiers(event_notifier_enabler, NULL); + WARN_ON_ONCE(ret); +} + /* * Create struct lttng_event if it is missing and present in the list of * tracepoint probes. @@ -1995,6 +2050,9 @@ void lttng_create_event_notifier_if_missing(struct lttng_event_notifier_enabler case LTTNG_KERNEL_TRACEPOINT: lttng_create_tracepoint_event_notifier_if_missing(event_notifier_enabler); break; + case LTTNG_KERNEL_SYSCALL: + lttng_create_syscall_event_notifier_if_missing(event_notifier_enabler); + break; default: WARN_ON_ONCE(1); break; @@ -2005,11 +2063,29 @@ void lttng_create_event_notifier_if_missing(struct lttng_event_notifier_enabler * Create event_notifiers associated with a event_notifier enabler (if not already present). */ static -int lttng_event_notifier_enabler_ref_event_notifiers(struct lttng_event_notifier_enabler *event_notifier_enabler) +int lttng_event_notifier_enabler_ref_event_notifiers( + struct lttng_event_notifier_enabler *event_notifier_enabler) { struct lttng_event_notifier_group *event_notifier_group = event_notifier_enabler->group; + struct lttng_enabler *base_enabler = lttng_event_notifier_enabler_as_enabler(event_notifier_enabler); struct lttng_event_notifier *event_notifier; + if (base_enabler->event_param.instrumentation == LTTNG_KERNEL_SYSCALL && + base_enabler->event_param.u.syscall.abi == LTTNG_KERNEL_SYSCALL_ABI_ALL && + base_enabler->event_param.u.syscall.match == LTTNG_KERNEL_SYSCALL_MATCH_NAME && + !strcmp(base_enabler->event_param.name, "*")) { + + int enabled = base_enabler->enabled; + enum lttng_kernel_syscall_entryexit entryexit = base_enabler->event_param.u.syscall.entryexit; + + if (entryexit == LTTNG_KERNEL_SYSCALL_ENTRY || entryexit == LTTNG_KERNEL_SYSCALL_ENTRYEXIT) + WRITE_ONCE(event_notifier_group->syscall_all_entry, enabled); + + if (entryexit == LTTNG_KERNEL_SYSCALL_EXIT || entryexit == LTTNG_KERNEL_SYSCALL_ENTRYEXIT) + WRITE_ONCE(event_notifier_group->syscall_all_exit, enabled); + + } + /* First ensure that probe event_notifiers are created for this enabler. */ lttng_create_event_notifier_if_missing(event_notifier_enabler); @@ -2241,9 +2317,8 @@ struct lttng_event_notifier_enabler *lttng_event_notifier_enabler_create( event_notifier_enabler->base.format_type = format_type; INIT_LIST_HEAD(&event_notifier_enabler->base.filter_bytecode_head); - memcpy(&event_notifier_enabler->base.event_param.name, event_notifier_param->event.name, - sizeof(event_notifier_enabler->base.event_param.name)); - event_notifier_enabler->base.event_param.instrumentation = event_notifier_param->event.instrumentation; + memcpy(&event_notifier_enabler->base.event_param, &event_notifier_param->event, + sizeof(event_notifier_enabler->base.event_param)); event_notifier_enabler->base.evtype = LTTNG_TYPE_ENABLER; event_notifier_enabler->base.enabled = 0; diff --git a/src/lttng-syscalls.c b/src/lttng-syscalls.c index 06d16ff2..14650835 100644 --- a/src/lttng-syscalls.c +++ b/src/lttng-syscalls.c @@ -29,6 +29,7 @@ #include #include #include +#include #ifndef CONFIG_COMPAT # ifndef is_compat_task @@ -63,6 +64,13 @@ void syscall_entry_event_probe(void *__data, struct pt_regs *regs, long id); static void syscall_exit_event_probe(void *__data, struct pt_regs *regs, long ret); +static +void syscall_entry_event_notifier_probe(void *__data, struct pt_regs *regs, + long id); +static +void syscall_exit_event_notifier_probe(void *__data, struct pt_regs *regs, + long ret); + /* * Forward declarations for old kernels. */ @@ -285,6 +293,7 @@ typedef __kernel_old_time_t time_t; struct trace_syscall_entry { void *event_func; + void *event_notifier_func; const struct lttng_event_desc *desc; const struct lttng_event_field *fields; unsigned int nrargs; @@ -301,6 +310,7 @@ struct trace_syscall_entry { #define TRACE_SYSCALL_TABLE(_template, _name, _nr, _nrargs) \ [ _nr ] = { \ .event_func = __event_probe__syscall_entry_##_template, \ + .event_notifier_func = __event_notifier_probe__syscall_entry_##_template, \ .nrargs = (_nrargs), \ .fields = __event_fields___syscall_entry_##_template, \ .desc = &__event_desc___syscall_entry_##_name, \ @@ -316,6 +326,7 @@ static const struct trace_syscall_entry sc_table[] = { #define TRACE_SYSCALL_TABLE(_template, _name, _nr, _nrargs) \ [ _nr ] = { \ .event_func = __event_probe__compat_syscall_entry_##_template, \ + .event_notifier_func = __event_notifier_probe__compat_syscall_entry_##_template, \ .nrargs = (_nrargs), \ .fields = __event_fields___compat_syscall_entry_##_template, \ .desc = &__event_desc___compat_syscall_entry_##_name, \ @@ -338,6 +349,7 @@ const struct trace_syscall_entry compat_sc_table[] = { #define TRACE_SYSCALL_TABLE(_template, _name, _nr, _nrargs) \ [ _nr ] = { \ .event_func = __event_probe__syscall_exit_##_template, \ + .event_notifier_func = __event_notifier_probe__syscall_exit_##_template, \ .nrargs = (_nrargs), \ .fields = __event_fields___syscall_exit_##_template, \ .desc = &__event_desc___syscall_exit_##_name, \ @@ -353,6 +365,7 @@ static const struct trace_syscall_entry sc_exit_table[] = { #define TRACE_SYSCALL_TABLE(_template, _name, _nr, _nrargs) \ [ _nr ] = { \ .event_func = __event_probe__compat_syscall_exit_##_template, \ + .event_notifier_func = __event_notifier_probe__compat_syscall_exit_##_template, \ .nrargs = (_nrargs), \ .fields = __event_fields___compat_syscall_exit_##_template, \ .desc = &__event_desc___compat_syscall_exit_##_name, \ @@ -376,7 +389,7 @@ struct lttng_syscall_filter { }; static void syscall_entry_event_unknown(struct lttng_event *event, - struct pt_regs *regs, unsigned int id) + struct pt_regs *regs, long id) { unsigned long args[LTTNG_SYSCALL_NR_ARGS]; @@ -387,6 +400,38 @@ static void syscall_entry_event_unknown(struct lttng_event *event, __event_probe__syscall_entry_unknown(event, id, args); } +static void syscall_entry_event_notifier_unknown( + struct hlist_head *unknown_dispatch_list_head, + struct pt_regs *regs, long id) +{ + unsigned long args[LTTNG_SYSCALL_NR_ARGS]; + struct lttng_event_notifier *notifier; + + lttng_syscall_get_arguments(current, regs, args); + lttng_hlist_for_each_entry_rcu(notifier, unknown_dispatch_list_head, u.syscall.node) { + if (unlikely(in_compat_syscall())) + __event_notifier_probe__compat_syscall_entry_unknown(notifier, id, args); + else + __event_notifier_probe__syscall_entry_unknown(notifier, id, args); + } +} + +static void syscall_exit_event_notifier_unknown( + struct hlist_head *unknown_dispatch_list_head, + struct pt_regs *regs, long id, long ret) +{ + unsigned long args[LTTNG_SYSCALL_NR_ARGS]; + struct lttng_event_notifier *notifier; + + lttng_syscall_get_arguments(current, regs, args); + lttng_hlist_for_each_entry_rcu(notifier, unknown_dispatch_list_head, u.syscall.node) { + if (unlikely(in_compat_syscall())) + __event_notifier_probe__compat_syscall_exit_unknown(notifier, id, ret, args); + else + __event_notifier_probe__syscall_exit_unknown(notifier, id, ret, args); + } +} + static __always_inline void syscall_entry_call_func(void *func, unsigned int nrargs, void *data, struct pt_regs *regs) @@ -479,6 +524,106 @@ void syscall_entry_call_func(void *func, unsigned int nrargs, void *data, } } +static __always_inline +void syscall_entry_event_notifier_call_func(struct hlist_head *dispatch_list, + void *func, unsigned int nrargs, struct pt_regs *regs) +{ + struct lttng_event_notifier *notifier; + + switch (nrargs) { + case 0: + { + void (*fptr)(void *__data) = func; + + lttng_hlist_for_each_entry_rcu(notifier, dispatch_list, u.syscall.node) + fptr(notifier); + break; + } + case 1: + { + void (*fptr)(void *__data, unsigned long arg0) = func; + unsigned long args[LTTNG_SYSCALL_NR_ARGS]; + + lttng_syscall_get_arguments(current, regs, args); + lttng_hlist_for_each_entry_rcu(notifier, dispatch_list, u.syscall.node) + fptr(notifier, args[0]); + break; + } + case 2: + { + void (*fptr)(void *__data, + unsigned long arg0, + unsigned long arg1) = func; + unsigned long args[LTTNG_SYSCALL_NR_ARGS]; + + lttng_syscall_get_arguments(current, regs, args); + lttng_hlist_for_each_entry_rcu(notifier, dispatch_list, u.syscall.node) + fptr(notifier, args[0], args[1]); + break; + } + case 3: + { + void (*fptr)(void *__data, + unsigned long arg0, + unsigned long arg1, + unsigned long arg2) = func; + unsigned long args[LTTNG_SYSCALL_NR_ARGS]; + + lttng_syscall_get_arguments(current, regs, args); + lttng_hlist_for_each_entry_rcu(notifier, dispatch_list, u.syscall.node) + fptr(notifier, args[0], args[1], args[2]); + break; + } + case 4: + { + void (*fptr)(void *__data, + unsigned long arg0, + unsigned long arg1, + unsigned long arg2, + unsigned long arg3) = func; + unsigned long args[LTTNG_SYSCALL_NR_ARGS]; + + lttng_syscall_get_arguments(current, regs, args); + lttng_hlist_for_each_entry_rcu(notifier, dispatch_list, u.syscall.node) + fptr(notifier, args[0], args[1], args[2], args[3]); + break; + } + case 5: + { + void (*fptr)(void *__data, + unsigned long arg0, + unsigned long arg1, + unsigned long arg2, + unsigned long arg3, + unsigned long arg4) = func; + unsigned long args[LTTNG_SYSCALL_NR_ARGS]; + + lttng_syscall_get_arguments(current, regs, args); + lttng_hlist_for_each_entry_rcu(notifier, dispatch_list, u.syscall.node) + fptr(notifier, args[0], args[1], args[2], args[3], args[4]); + break; + } + case 6: + { + void (*fptr)(void *__data, + unsigned long arg0, + unsigned long arg1, + unsigned long arg2, + unsigned long arg3, + unsigned long arg4, + unsigned long arg5) = func; + unsigned long args[LTTNG_SYSCALL_NR_ARGS]; + + lttng_syscall_get_arguments(current, regs, args); + lttng_hlist_for_each_entry_rcu(notifier, dispatch_list, u.syscall.node) + fptr(notifier, args[0], args[1], args[2], args[3], args[4], args[5]); + break; + } + default: + break; + } +} + void syscall_entry_event_probe(void *__data, struct pt_regs *regs, long id) { struct lttng_channel *chan = __data; @@ -526,8 +671,67 @@ void syscall_entry_event_probe(void *__data, struct pt_regs *regs, long id) syscall_entry_call_func(entry->event_func, entry->nrargs, event, regs); } +void syscall_entry_event_notifier_probe(void *__data, struct pt_regs *regs, + long id) +{ + struct lttng_event_notifier_group *group = __data; + const struct trace_syscall_entry *table, *entry; + struct hlist_head *dispatch_list, *unknown_dispatch_list; + size_t table_len; + + if (unlikely(in_compat_syscall())) { + struct lttng_syscall_filter *filter = group->sc_filter; + + if (id < 0 || id >= NR_compat_syscalls + || (!READ_ONCE(group->syscall_all_entry) && + !test_bit(id, filter->sc_compat_entry))) { + /* System call filtered out. */ + return; + } + table = compat_sc_table; + table_len = ARRAY_SIZE(compat_sc_table); + unknown_dispatch_list = &group->event_notifier_compat_unknown_syscall_dispatch; + } else { + struct lttng_syscall_filter *filter = group->sc_filter; + + if (id < 0 || id >= NR_syscalls + || (!READ_ONCE(group->syscall_all_entry) && + !test_bit(id, filter->sc_entry))) { + /* System call filtered out. */ + return; + } + table = sc_table; + table_len = ARRAY_SIZE(sc_table); + unknown_dispatch_list = &group->event_notifier_unknown_syscall_dispatch; + } + /* Check if the syscall id is out of bound. */ + if (unlikely(id < 0 || id >= table_len)) { + syscall_entry_event_notifier_unknown(unknown_dispatch_list, + regs, id); + return; + } + + entry = &table[id]; + if (!entry->event_notifier_func) { + syscall_entry_event_notifier_unknown(unknown_dispatch_list, + regs, id); + return; + } + + if (unlikely(in_compat_syscall())) { + dispatch_list = &group->event_notifier_compat_syscall_dispatch[id]; + } else { + dispatch_list = &group->event_notifier_syscall_dispatch[id]; + } + if (unlikely(hlist_empty(dispatch_list))) + return; + + syscall_entry_event_notifier_call_func(dispatch_list, + entry->event_notifier_func, entry->nrargs, regs); +} + static void syscall_exit_event_unknown(struct lttng_event *event, - struct pt_regs *regs, int id, long ret) + struct pt_regs *regs, long id, long ret) { unsigned long args[LTTNG_SYSCALL_NR_ARGS]; @@ -681,6 +885,173 @@ void syscall_exit_event_probe(void *__data, struct pt_regs *regs, long ret) } } +static __always_inline +void syscall_exit_event_notifier_call_func(struct hlist_head *dispatch_list, + void *func, unsigned int nrargs, struct pt_regs *regs, long ret) +{ + struct lttng_event_notifier *notifier; + + switch (nrargs) { + case 0: + { + void (*fptr)(void *__data, long ret) = func; + + lttng_hlist_for_each_entry_rcu(notifier, dispatch_list, u.syscall.node) + fptr(notifier, ret); + break; + } + case 1: + { + void (*fptr)(void *__data, long ret, unsigned long arg0) = func; + unsigned long args[LTTNG_SYSCALL_NR_ARGS]; + + lttng_syscall_get_arguments(current, regs, args); + lttng_hlist_for_each_entry_rcu(notifier, dispatch_list, u.syscall.node) + fptr(notifier, ret, args[0]); + break; + } + case 2: + { + void (*fptr)(void *__data, + long ret, + unsigned long arg0, + unsigned long arg1) = func; + unsigned long args[LTTNG_SYSCALL_NR_ARGS]; + + lttng_syscall_get_arguments(current, regs, args); + lttng_hlist_for_each_entry_rcu(notifier, dispatch_list, u.syscall.node) + fptr(notifier, ret, args[0], args[1]); + break; + } + case 3: + { + void (*fptr)(void *__data, + long ret, + unsigned long arg0, + unsigned long arg1, + unsigned long arg2) = func; + unsigned long args[LTTNG_SYSCALL_NR_ARGS]; + + lttng_syscall_get_arguments(current, regs, args); + lttng_hlist_for_each_entry_rcu(notifier, dispatch_list, u.syscall.node) + fptr(notifier, ret, args[0], args[1], args[2]); + break; + } + case 4: + { + void (*fptr)(void *__data, + long ret, + unsigned long arg0, + unsigned long arg1, + unsigned long arg2, + unsigned long arg3) = func; + unsigned long args[LTTNG_SYSCALL_NR_ARGS]; + + lttng_syscall_get_arguments(current, regs, args); + lttng_hlist_for_each_entry_rcu(notifier, dispatch_list, u.syscall.node) + fptr(notifier, ret, args[0], args[1], args[2], args[3]); + break; + } + case 5: + { + void (*fptr)(void *__data, + long ret, + unsigned long arg0, + unsigned long arg1, + unsigned long arg2, + unsigned long arg3, + unsigned long arg4) = func; + unsigned long args[LTTNG_SYSCALL_NR_ARGS]; + + lttng_syscall_get_arguments(current, regs, args); + lttng_hlist_for_each_entry_rcu(notifier, dispatch_list, u.syscall.node) + fptr(notifier, ret, args[0], args[1], args[2], args[3], args[4]); + break; + } + case 6: + { + void (*fptr)(void *__data, + long ret, + unsigned long arg0, + unsigned long arg1, + unsigned long arg2, + unsigned long arg3, + unsigned long arg4, + unsigned long arg5) = func; + unsigned long args[LTTNG_SYSCALL_NR_ARGS]; + + lttng_syscall_get_arguments(current, regs, args); + lttng_hlist_for_each_entry_rcu(notifier, dispatch_list, u.syscall.node) + fptr(notifier, ret, args[0], args[1], args[2], args[3], args[4], args[5]); + break; + } + default: + break; + } +} + +static +void syscall_exit_event_notifier_probe(void *__data, struct pt_regs *regs, + long ret) +{ + struct lttng_event_notifier_group *group = __data; + const struct trace_syscall_entry *table, *entry; + struct hlist_head *dispatch_list, *unknown_dispatch_list; + size_t table_len; + long id; + + id = syscall_get_nr(current, regs); + + if (unlikely(in_compat_syscall())) { + struct lttng_syscall_filter *filter = group->sc_filter; + + if (id < 0 || id >= NR_compat_syscalls + || (!READ_ONCE(group->syscall_all_exit) && + !test_bit(id, filter->sc_compat_exit))) { + /* System call filtered out. */ + return; + } + table = compat_sc_exit_table; + table_len = ARRAY_SIZE(compat_sc_exit_table); + unknown_dispatch_list = &group->event_notifier_exit_compat_unknown_syscall_dispatch; + } else { + struct lttng_syscall_filter *filter = group->sc_filter; + + if (id < 0 || id >= NR_syscalls + || (!READ_ONCE(group->syscall_all_exit) && + !test_bit(id, filter->sc_exit))) { + /* System call filtered out. */ + return; + } + table = sc_exit_table; + table_len = ARRAY_SIZE(sc_exit_table); + unknown_dispatch_list = &group->event_notifier_exit_unknown_syscall_dispatch; + } + /* Check if the syscall id is out of bound. */ + if (unlikely(id < 0 || id >= table_len)) { + syscall_exit_event_notifier_unknown(unknown_dispatch_list, + regs, id, ret); + return; + } + + entry = &table[id]; + if (!entry->event_notifier_func) { + syscall_entry_event_notifier_unknown(unknown_dispatch_list, + regs, id); + return; + } + + if (unlikely(in_compat_syscall())) { + dispatch_list = &group->event_notifier_exit_compat_syscall_dispatch[id]; + } else { + dispatch_list = &group->event_notifier_exit_syscall_dispatch[id]; + } + if (unlikely(hlist_empty(dispatch_list))) + return; + + syscall_exit_event_notifier_call_func(dispatch_list, + entry->event_notifier_func, entry->nrargs, regs, ret); +} /* * noinline to diminish caller stack size. * Should be called with sessions lock held. @@ -918,8 +1289,377 @@ int lttng_syscalls_register_event(struct lttng_channel *chan, void *filter) } /* - * Only called at session destruction. + * Should be called with sessions lock held. + */ +int lttng_syscalls_register_event_notifier( + struct lttng_event_notifier_enabler *event_notifier_enabler, + void *filter) +{ + struct lttng_event_notifier_group *group = event_notifier_enabler->group; + unsigned int i; + int ret = 0; + + wrapper_vmalloc_sync_mappings(); + + if (!group->event_notifier_syscall_dispatch) { + group->event_notifier_syscall_dispatch = + kzalloc(sizeof(struct hlist_head) * ARRAY_SIZE(sc_table), + GFP_KERNEL); + if (!group->event_notifier_syscall_dispatch) + return -ENOMEM; + + /* Initialize all list_head */ + for (i = 0; i < ARRAY_SIZE(sc_table); i++) + INIT_HLIST_HEAD(&group->event_notifier_syscall_dispatch[i]); + + /* Init the unknown syscall notifier list. */ + INIT_HLIST_HEAD(&group->event_notifier_unknown_syscall_dispatch); + } + + if (!group->event_notifier_exit_syscall_dispatch) { + group->event_notifier_exit_syscall_dispatch = + kzalloc(sizeof(struct hlist_head) * ARRAY_SIZE(sc_table), + GFP_KERNEL); + if (!group->event_notifier_exit_syscall_dispatch) + return -ENOMEM; + + /* Initialize all list_head */ + for (i = 0; i < ARRAY_SIZE(sc_table); i++) + INIT_HLIST_HEAD(&group->event_notifier_exit_syscall_dispatch[i]); + + /* Init the unknown exit syscall notifier list. */ + INIT_HLIST_HEAD(&group->event_notifier_exit_unknown_syscall_dispatch); + } + +#ifdef CONFIG_COMPAT + if (!group->event_notifier_compat_syscall_dispatch) { + group->event_notifier_compat_syscall_dispatch = + kzalloc(sizeof(struct hlist_head) * ARRAY_SIZE(compat_sc_table), + GFP_KERNEL); + if (!group->event_notifier_syscall_dispatch) + return -ENOMEM; + + /* Initialize all list_head */ + for (i = 0; i < ARRAY_SIZE(compat_sc_table); i++) + INIT_HLIST_HEAD(&group->event_notifier_compat_syscall_dispatch[i]); + + /* Init the unknown syscall notifier list. */ + INIT_HLIST_HEAD(&group->event_notifier_compat_unknown_syscall_dispatch); + } + + if (!group->event_notifier_exit_compat_syscall_dispatch) { + group->event_notifier_exit_compat_syscall_dispatch = + kzalloc(sizeof(struct hlist_head) * ARRAY_SIZE(compat_sc_exit_table), + GFP_KERNEL); + if (!group->event_notifier_exit_syscall_dispatch) + return -ENOMEM; + + /* Initialize all list_head */ + for (i = 0; i < ARRAY_SIZE(compat_sc_exit_table); i++) + INIT_HLIST_HEAD(&group->event_notifier_exit_compat_syscall_dispatch[i]); + + /* Init the unknown exit syscall notifier list. */ + INIT_HLIST_HEAD(&group->event_notifier_exit_compat_unknown_syscall_dispatch); + } +#endif + + if (!group->sc_filter) { + group->sc_filter = kzalloc(sizeof(struct lttng_syscall_filter), + GFP_KERNEL); + if (!group->sc_filter) + return -ENOMEM; + } + + if (!group->sys_enter_registered) { + ret = lttng_wrapper_tracepoint_probe_register("sys_enter", + (void *) syscall_entry_event_notifier_probe, group); + if (ret) + return ret; + group->sys_enter_registered = 1; + } + + if (!group->sys_exit_registered) { + ret = lttng_wrapper_tracepoint_probe_register("sys_exit", + (void *) syscall_exit_event_notifier_probe, group); + if (ret) { + WARN_ON_ONCE(lttng_wrapper_tracepoint_probe_unregister("sys_enter", + (void *) syscall_entry_event_notifier_probe, group)); + return ret; + } + group->sys_exit_registered = 1; + } + + return ret; +} + +static +int create_unknown_event_notifier( + struct lttng_event_notifier_enabler *event_notifier_enabler, + enum sc_type type) +{ + struct lttng_event_notifier *notifier; + const struct lttng_event_desc *desc; + struct lttng_event_notifier_group *group = event_notifier_enabler->group; + struct lttng_kernel_event_notifier event_notifier_param; + uint64_t user_token = event_notifier_enabler->base.user_token; + struct lttng_enabler *base_enabler = lttng_event_notifier_enabler_as_enabler( + event_notifier_enabler); + struct hlist_head *unknown_dispatch_list; + int ret = 0; + bool found = false; + enum lttng_kernel_syscall_abi abi; + enum lttng_kernel_syscall_entryexit entryexit; + struct hlist_head *head; + + switch (type) { + case SC_TYPE_ENTRY: + desc = &__event_desc___syscall_entry_unknown; + unknown_dispatch_list = &group->event_notifier_unknown_syscall_dispatch; + entryexit = LTTNG_KERNEL_SYSCALL_ENTRY; + abi = LTTNG_KERNEL_SYSCALL_ABI_NATIVE; + break; + case SC_TYPE_EXIT: + desc = &__event_desc___syscall_exit_unknown; + unknown_dispatch_list = &group->event_notifier_exit_unknown_syscall_dispatch; + entryexit = LTTNG_KERNEL_SYSCALL_EXIT; + abi = LTTNG_KERNEL_SYSCALL_ABI_NATIVE; + break; + case SC_TYPE_COMPAT_ENTRY: + desc = &__event_desc___compat_syscall_entry_unknown; + unknown_dispatch_list = &group->event_notifier_compat_unknown_syscall_dispatch; + entryexit = LTTNG_KERNEL_SYSCALL_ENTRY; + abi = LTTNG_KERNEL_SYSCALL_ABI_COMPAT; + break; + case SC_TYPE_COMPAT_EXIT: + desc = &__event_desc___compat_syscall_exit_unknown; + unknown_dispatch_list = &group->event_notifier_exit_compat_unknown_syscall_dispatch; + entryexit = LTTNG_KERNEL_SYSCALL_EXIT; + abi = LTTNG_KERNEL_SYSCALL_ABI_COMPAT; + break; + default: + BUG_ON(1); + } + + /* + * Check if already created. + */ + head = utils_borrow_hash_table_bucket(group->event_notifiers_ht.table, + LTTNG_EVENT_NOTIFIER_HT_SIZE, desc->name); + lttng_hlist_for_each_entry(notifier, head, hlist) { + if (notifier->desc == desc && + notifier->user_token == base_enabler->user_token) + found = true; + } + if (found) + goto end; + + memset(&event_notifier_param, 0, sizeof(event_notifier_param)); + strncat(event_notifier_param.event.name, desc->name, + LTTNG_KERNEL_SYM_NAME_LEN - strlen(event_notifier_param.event.name) - 1); + + event_notifier_param.event.name[LTTNG_KERNEL_SYM_NAME_LEN - 1] = '\0'; + + event_notifier_param.event.instrumentation = LTTNG_KERNEL_SYSCALL; + event_notifier_param.event.u.syscall.abi = abi; + event_notifier_param.event.u.syscall.entryexit = entryexit; + + notifier = _lttng_event_notifier_create(desc, user_token, + group, &event_notifier_param, NULL, + event_notifier_param.event.instrumentation); + if (IS_ERR(notifier)) { + printk(KERN_INFO "Unable to create unknown notifier %s\n", + desc->name); + ret = -ENOMEM; + goto end; + } + + hlist_add_head_rcu(¬ifier->u.syscall.node, unknown_dispatch_list); + +end: + return ret; +} + +static int create_matching_event_notifiers( + struct lttng_event_notifier_enabler *event_notifier_enabler, + void *filter, const struct trace_syscall_entry *table, + size_t table_len, enum sc_type type) +{ + struct lttng_event_notifier_group *group = event_notifier_enabler->group; + const struct lttng_event_desc *desc; + uint64_t user_token = event_notifier_enabler->base.user_token; + unsigned int i; + int ret = 0; + + /* iterate over all syscall and create event_notifier that match */ + for (i = 0; i < table_len; i++) { + struct lttng_event_notifier *event_notifier; + struct lttng_kernel_event_notifier event_notifier_param; + struct hlist_head *head; + int found = 0; + + desc = table[i].desc; + if (!desc) { + /* Unknown syscall */ + continue; + } + + if (!lttng_desc_match_enabler(desc, + lttng_event_notifier_enabler_as_enabler(event_notifier_enabler))) + continue; + + /* + * Check if already created. + */ + head = utils_borrow_hash_table_bucket(group->event_notifiers_ht.table, + LTTNG_EVENT_NOTIFIER_HT_SIZE, desc->name); + lttng_hlist_for_each_entry(event_notifier, head, hlist) { + if (event_notifier->desc == desc + && event_notifier->user_token == event_notifier_enabler->base.user_token) + found = 1; + } + if (found) + continue; + + memset(&event_notifier_param, 0, sizeof(event_notifier_param)); + switch (type) { + case SC_TYPE_ENTRY: + event_notifier_param.event.u.syscall.entryexit = LTTNG_KERNEL_SYSCALL_ENTRY; + event_notifier_param.event.u.syscall.abi = LTTNG_KERNEL_SYSCALL_ABI_NATIVE; + break; + case SC_TYPE_EXIT: + event_notifier_param.event.u.syscall.entryexit = LTTNG_KERNEL_SYSCALL_EXIT; + event_notifier_param.event.u.syscall.abi = LTTNG_KERNEL_SYSCALL_ABI_NATIVE; + break; + case SC_TYPE_COMPAT_ENTRY: + event_notifier_param.event.u.syscall.entryexit = LTTNG_KERNEL_SYSCALL_ENTRY; + event_notifier_param.event.u.syscall.abi = LTTNG_KERNEL_SYSCALL_ABI_COMPAT; + break; + case SC_TYPE_COMPAT_EXIT: + event_notifier_param.event.u.syscall.entryexit = LTTNG_KERNEL_SYSCALL_EXIT; + event_notifier_param.event.u.syscall.abi = LTTNG_KERNEL_SYSCALL_ABI_COMPAT; + break; + } + strncat(event_notifier_param.event.name, desc->name, + LTTNG_KERNEL_SYM_NAME_LEN - strlen(event_notifier_param.event.name) - 1); + event_notifier_param.event.name[LTTNG_KERNEL_SYM_NAME_LEN - 1] = '\0'; + event_notifier_param.event.instrumentation = LTTNG_KERNEL_SYSCALL; + + event_notifier = _lttng_event_notifier_create(desc, user_token, group, + &event_notifier_param, filter, + event_notifier_param.event.instrumentation); + if (IS_ERR(event_notifier)) { + printk(KERN_INFO "Unable to create event_notifier %s\n", + desc->name); + ret = -ENOMEM; + goto end; + } + + event_notifier->u.syscall.syscall_id = i; + } + +end: + return ret; + +} + +int lttng_syscals_create_matching_event_notifiers( + struct lttng_event_notifier_enabler *event_notifier_enabler, + void *filter) +{ + int ret; + struct lttng_enabler *base_enabler = + lttng_event_notifier_enabler_as_enabler(event_notifier_enabler); + enum lttng_kernel_syscall_entryexit entryexit = + base_enabler->event_param.u.syscall.entryexit; + + if (entryexit == LTTNG_KERNEL_SYSCALL_ENTRY || entryexit == LTTNG_KERNEL_SYSCALL_ENTRYEXIT) { + ret = create_matching_event_notifiers(event_notifier_enabler, + filter, sc_table, ARRAY_SIZE(sc_table), SC_TYPE_ENTRY); + if (ret) + goto end; + + ret = create_matching_event_notifiers(event_notifier_enabler, + filter, compat_sc_table, ARRAY_SIZE(compat_sc_table), + SC_TYPE_COMPAT_ENTRY); + if (ret) + goto end; + + ret = create_unknown_event_notifier(event_notifier_enabler, + SC_TYPE_ENTRY); + if (ret) + goto end; + + ret = create_unknown_event_notifier(event_notifier_enabler, + SC_TYPE_COMPAT_ENTRY); + if (ret) + goto end; + } + + if (entryexit == LTTNG_KERNEL_SYSCALL_EXIT || entryexit == LTTNG_KERNEL_SYSCALL_ENTRYEXIT) { + ret = create_matching_event_notifiers(event_notifier_enabler, + filter, sc_exit_table, ARRAY_SIZE(sc_exit_table), + SC_TYPE_EXIT); + if (ret) + goto end; + + ret = create_unknown_event_notifier(event_notifier_enabler, + SC_TYPE_EXIT); + if (ret) + goto end; + + ret = create_matching_event_notifiers(event_notifier_enabler, + filter, compat_sc_exit_table, ARRAY_SIZE(compat_sc_exit_table), + SC_TYPE_COMPAT_EXIT); + if (ret) + goto end; + + ret = create_unknown_event_notifier(event_notifier_enabler, + SC_TYPE_COMPAT_EXIT); + if (ret) + goto end; + } + +end: + return ret; +} + +/* + * Unregister the syscall event_notifier probes from the callsites. */ +int lttng_syscalls_unregister_event_notifier( + struct lttng_event_notifier_group *event_notifier_group) +{ + int ret; + + /* + * Only register the event_notifier probe on the `sys_enter` callsite for now. + * At the moment, we don't think it's desirable to have one fired + * event_notifier for the entry and one for the exit of a syscall. + */ + if (event_notifier_group->sys_enter_registered) { + ret = lttng_wrapper_tracepoint_probe_unregister("sys_enter", + (void *) syscall_entry_event_notifier_probe, event_notifier_group); + if (ret) + return ret; + event_notifier_group->sys_enter_registered = 0; + } + if (event_notifier_group->sys_exit_registered) { + ret = lttng_wrapper_tracepoint_probe_unregister("sys_exit", + (void *) syscall_exit_event_notifier_probe, event_notifier_group); + if (ret) + return ret; + event_notifier_group->sys_enter_registered = 0; + } + + kfree(event_notifier_group->event_notifier_syscall_dispatch); + kfree(event_notifier_group->event_notifier_exit_syscall_dispatch); +#ifdef CONFIG_COMPAT + kfree(event_notifier_group->event_notifier_compat_syscall_dispatch); + kfree(event_notifier_group->event_notifier_exit_compat_syscall_dispatch); +#endif + return 0; +} + int lttng_syscalls_unregister_event(struct lttng_channel *chan) { int ret; @@ -1100,6 +1840,52 @@ int lttng_syscall_filter_enable( return 0; } +int lttng_syscall_filter_enable_event_notifier( + struct lttng_event_notifier *notifier) +{ + struct lttng_event_notifier_group *group = notifier->group; + unsigned int syscall_id = notifier->u.syscall.syscall_id; + struct hlist_head *dispatch_list; + int ret = 0; + + WARN_ON_ONCE(notifier->instrumentation != LTTNG_KERNEL_SYSCALL); + + ret = lttng_syscall_filter_enable(group->sc_filter, + notifier->desc->name, notifier->u.syscall.abi, + notifier->u.syscall.entryexit); + if (ret) { + goto end; + } + + switch (notifier->u.syscall.entryexit) { + case LTTNG_SYSCALL_ENTRY: + switch (notifier->u.syscall.abi) { + case LTTNG_SYSCALL_ABI_NATIVE: + dispatch_list = &group->event_notifier_syscall_dispatch[syscall_id]; + break; + case LTTNG_SYSCALL_ABI_COMPAT: + dispatch_list = &group->event_notifier_compat_syscall_dispatch[syscall_id]; + break; + } + break; + case LTTNG_SYSCALL_EXIT: + switch (notifier->u.syscall.abi) { + case LTTNG_SYSCALL_ABI_NATIVE: + dispatch_list = &group->event_notifier_exit_syscall_dispatch[syscall_id]; + break; + case LTTNG_SYSCALL_ABI_COMPAT: + dispatch_list = &group->event_notifier_exit_compat_syscall_dispatch[syscall_id]; + break; + } + break; + } + + hlist_add_head_rcu(¬ifier->u.syscall.node, dispatch_list); + +end: + return ret ; +} + int lttng_syscall_filter_enable_event( struct lttng_channel *channel, struct lttng_event *event) @@ -1171,6 +1957,23 @@ int lttng_syscall_filter_disable( return 0; } +int lttng_syscall_filter_disable_event_notifier( + struct lttng_event_notifier *notifier) +{ + struct lttng_event_notifier_group *group = notifier->group; + int ret; + + WARN_ON_ONCE(notifier->instrumentation != LTTNG_KERNEL_SYSCALL); + + ret = lttng_syscall_filter_disable(group->sc_filter, + notifier->desc->name, notifier->u.syscall.abi, + notifier->u.syscall.entryexit); + WARN_ON_ONCE(ret != 0); + + hlist_del_rcu(¬ifier->u.syscall.node); + return 0; +} + int lttng_syscall_filter_disable_event( struct lttng_channel *channel, struct lttng_event *event) -- 2.34.1