projects / lttng-tools.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
MI: implement all objects related to trigger machine interface
[lttng-tools.git] / src / common / event-rule / kernel-syscall.c
1 /*
2 * Copyright (C) 2019 Jonathan Rajotte <jonathan.rajotte-julien@efficios.com>
3 *
4 * SPDX-License-Identifier: LGPL-2.1-only
5 *
6 */
7
8 #include <assert.h>
9 #include <common/credentials.h>
10 #include <common/error.h>
11 #include <common/hashtable/hashtable.h>
12 #include <common/hashtable/utils.h>
13 #include <common/macros.h>
14 #include <common/mi-lttng.h>
15 #include <common/payload-view.h>
16 #include <common/payload.h>
17 #include <common/runas.h>
18 #include <common/string-utils/string-utils.h>
19 #include <lttng/event-rule/event-rule-internal.h>
20 #include <lttng/event-rule/kernel-syscall-internal.h>
21
22 #define IS_SYSCALL_EVENT_RULE(rule) \
23 (lttng_event_rule_get_type(rule) == LTTNG_EVENT_RULE_TYPE_KERNEL_SYSCALL)
24
25 static void lttng_event_rule_kernel_syscall_destroy(struct lttng_event_rule *rule)
26 {
27 struct lttng_event_rule_kernel_syscall *syscall;
28
29 if (rule == NULL) {
30 return;
31 }
32
33 syscall = container_of(rule, struct lttng_event_rule_kernel_syscall, parent);
34
35 free(syscall->pattern);
36 free(syscall->filter_expression);
37 free(syscall->internal_filter.filter);
38 free(syscall->internal_filter.bytecode);
39 free(syscall);
40 }
41
42 static bool lttng_event_rule_kernel_syscall_validate(
43 const struct lttng_event_rule *rule)
44 {
45 bool valid = false;
46 struct lttng_event_rule_kernel_syscall *syscall;
47
48 if (!rule) {
49 goto end;
50 }
51
52 syscall = container_of(rule, struct lttng_event_rule_kernel_syscall, parent);
53
54 /* Required field. */
55 if (!syscall->pattern) {
56 ERR("Invalid syscall event rule: a pattern must be set.");
57 goto end;
58 }
59
60 valid = true;
61 end:
62 return valid;
63 }
64
65 static int lttng_event_rule_kernel_syscall_serialize(
66 const struct lttng_event_rule *rule,
67 struct lttng_payload *payload)
68 {
69 int ret;
70 size_t pattern_len, filter_expression_len;
71 struct lttng_event_rule_kernel_syscall *syscall;
72 struct lttng_event_rule_kernel_syscall_comm syscall_comm;
73
74 if (!rule || !IS_SYSCALL_EVENT_RULE(rule)) {
75 ret = -1;
76 goto end;
77 }
78
79 DBG("Serializing syscall event rule");
80 syscall = container_of(rule, struct lttng_event_rule_kernel_syscall, parent);
81
82 pattern_len = strlen(syscall->pattern) + 1;
83
84 if (syscall->filter_expression != NULL) {
85 filter_expression_len = strlen(syscall->filter_expression) + 1;
86 } else {
87 filter_expression_len = 0;
88 }
89
90 syscall_comm.pattern_len = pattern_len;
91 syscall_comm.filter_expression_len = filter_expression_len;
92 syscall_comm.emission_site = syscall->emission_site;
93
94 ret = lttng_dynamic_buffer_append(
95 &payload->buffer, &syscall_comm, sizeof(syscall_comm));
96 if (ret) {
97 goto end;
98 }
99
100 ret = lttng_dynamic_buffer_append(
101 &payload->buffer, syscall->pattern, pattern_len);
102 if (ret) {
103 goto end;
104 }
105
106 ret = lttng_dynamic_buffer_append(&payload->buffer,
107 syscall->filter_expression, filter_expression_len);
108 end:
109 return ret;
110 }
111
112 static bool lttng_event_rule_kernel_syscall_is_equal(const struct lttng_event_rule *_a,
113 const struct lttng_event_rule *_b)
114 {
115 bool is_equal = false;
116 struct lttng_event_rule_kernel_syscall *a, *b;
117
118 a = container_of(_a, struct lttng_event_rule_kernel_syscall, parent);
119 b = container_of(_b, struct lttng_event_rule_kernel_syscall, parent);
120
121 if (!!a->filter_expression != !!b->filter_expression) {
122 goto end;
123 }
124
125 assert(a->pattern);
126 assert(b->pattern);
127 if (strcmp(a->pattern, b->pattern)) {
128 goto end;
129 }
130
131 if (a->filter_expression && b->filter_expression) {
132 if (strcmp(a->filter_expression, b->filter_expression)) {
133 goto end;
134 }
135 } else if (!!a->filter_expression != !!b->filter_expression) {
136 /* One is set and not the other. */
137 goto end;
138 }
139
140 is_equal = true;
141 end:
142 return is_equal;
143 }
144
145 static enum lttng_error_code lttng_event_rule_kernel_syscall_generate_filter_bytecode(
146 struct lttng_event_rule *rule,
147 const struct lttng_credentials *creds)
148 {
149 int ret;
150 enum lttng_error_code ret_code = LTTNG_OK;
151 struct lttng_event_rule_kernel_syscall *syscall;
152 enum lttng_event_rule_status status;
153 const char *filter;
154 struct lttng_bytecode *bytecode = NULL;
155
156 assert(rule);
157
158 syscall = container_of(rule, struct lttng_event_rule_kernel_syscall, parent);
159
160 /* Generate the filter bytecode. */
161 status = lttng_event_rule_kernel_syscall_get_filter(rule, &filter);
162 if (status == LTTNG_EVENT_RULE_STATUS_UNSET) {
163 filter = NULL;
164 } else if (status != LTTNG_EVENT_RULE_STATUS_OK) {
165 ret_code = LTTNG_ERR_FILTER_INVAL;
166 goto end;
167 }
168
169 if (filter && filter[0] == '\0') {
170 ret_code = LTTNG_ERR_FILTER_INVAL;
171 goto end;
172 }
173
174 if (filter == NULL) {
175 /* Nothing to do. */
176 ret = LTTNG_OK;
177 goto end;
178 }
179
180 syscall->internal_filter.filter = strdup(filter);
181 if (syscall->internal_filter.filter == NULL) {
182 ret_code = LTTNG_ERR_NOMEM;
183 goto end;
184 }
185
186 ret = run_as_generate_filter_bytecode(
187 syscall->internal_filter.filter, creds, &bytecode);
188 if (ret) {
189 ret_code = LTTNG_ERR_FILTER_INVAL;
190 }
191
192 syscall->internal_filter.bytecode = bytecode;
193 bytecode = NULL;
194
195 end:
196 free(bytecode);
197 return ret_code;
198 }
199
200 static const char *lttng_event_rule_kernel_syscall_get_internal_filter(
201 const struct lttng_event_rule *rule)
202 {
203 struct lttng_event_rule_kernel_syscall *syscall;
204
205 assert(rule);
206 syscall = container_of(rule, struct lttng_event_rule_kernel_syscall, parent);
207
208 return syscall->internal_filter.filter;
209 }
210
211 static const struct lttng_bytecode *
212 lttng_event_rule_kernel_syscall_get_internal_filter_bytecode(
213 const struct lttng_event_rule *rule)
214 {
215 struct lttng_event_rule_kernel_syscall *syscall;
216
217 assert(rule);
218 syscall = container_of(rule, struct lttng_event_rule_kernel_syscall, parent);
219
220 return syscall->internal_filter.bytecode;
221 }
222
223 static enum lttng_event_rule_generate_exclusions_status
224 lttng_event_rule_kernel_syscall_generate_exclusions(const struct lttng_event_rule *rule,
225 struct lttng_event_exclusion **exclusions)
226 {
227 /* Unsupported. */
228 *exclusions = NULL;
229 return LTTNG_EVENT_RULE_GENERATE_EXCLUSIONS_STATUS_NONE;
230 }
231
232 static unsigned long
233 lttng_event_rule_kernel_syscall_hash(
234 const struct lttng_event_rule *rule)
235 {
236 unsigned long hash;
237 struct lttng_event_rule_kernel_syscall *syscall_rule =
238 container_of(rule, typeof(*syscall_rule), parent);
239
240 hash = hash_key_ulong((void *) LTTNG_EVENT_RULE_TYPE_KERNEL_SYSCALL,
241 lttng_ht_seed);
242 hash ^= hash_key_str(syscall_rule->pattern, lttng_ht_seed);
243 if (syscall_rule->filter_expression) {
244 hash ^= hash_key_str(syscall_rule->filter_expression,
245 lttng_ht_seed);
246 }
247
248 return hash;
249 }
250
251 static enum lttng_error_code lttng_event_rule_kernel_syscall_mi_serialize(
252 const struct lttng_event_rule *rule, struct mi_writer *writer)
253 {
254 int ret;
255 enum lttng_error_code ret_code;
256 enum lttng_event_rule_status status;
257
258 enum lttng_event_rule_kernel_syscall_emission_site site_type;
259 const char *filter = NULL;
260 const char *name_pattern = NULL;
261 const char *site_type_str = NULL;
262
263 assert(rule);
264 assert(writer);
265 assert(IS_SYSCALL_EVENT_RULE(rule));
266
267 status = lttng_event_rule_kernel_syscall_get_name_pattern(
268 rule, &name_pattern);
269 assert(status == LTTNG_EVENT_RULE_STATUS_OK);
270 assert(name_pattern);
271
272 status = lttng_event_rule_kernel_syscall_get_filter(rule, &filter);
273 assert(status == LTTNG_EVENT_RULE_STATUS_OK ||
274 status == LTTNG_EVENT_RULE_STATUS_UNSET);
275
276 site_type = lttng_event_rule_kernel_syscall_get_emission_site(rule);
277
278 switch (site_type) {
279 case LTTNG_EVENT_RULE_KERNEL_SYSCALL_EMISSION_SITE_ENTRY_EXIT:
280 site_type_str = mi_lttng_event_rule_kernel_syscall_emission_site_entry_exit;
281 break;
282 case LTTNG_EVENT_RULE_KERNEL_SYSCALL_EMISSION_SITE_ENTRY:
283 site_type_str = mi_lttng_event_rule_kernel_syscall_emission_site_entry;
284 break;
285 case LTTNG_EVENT_RULE_KERNEL_SYSCALL_EMISSION_SITE_EXIT:
286 site_type_str = mi_lttng_event_rule_kernel_syscall_emission_site_exit;
287 break;
288 default:
289 abort();
290 break;
291 }
292
293 /* Open event rule kernel syscall element. */
294 ret = mi_lttng_writer_open_element(
295 writer, mi_lttng_element_event_rule_kernel_syscall);
296 if (ret) {
297 goto mi_error;
298 }
299
300 /* Emission site. */
301 ret = mi_lttng_writer_write_element_string(writer,
302 mi_lttng_element_event_rule_kernel_syscall_emission_site,
303 site_type_str);
304 if (ret) {
305 goto mi_error;
306 }
307
308 /* Name pattern. */
309 ret = mi_lttng_writer_write_element_string(writer,
310 mi_lttng_element_event_rule_name_pattern, name_pattern);
311 if (ret) {
312 goto mi_error;
313 }
314
315 /* Filter. */
316 if (filter != NULL) {
317 ret = mi_lttng_writer_write_element_string(writer,
318 mi_lttng_element_event_rule_filter_expression,
319 filter);
320 if (ret) {
321 goto mi_error;
322 }
323 }
324
325 /* Close event rule kernel syscall. */
326 ret = mi_lttng_writer_close_element(writer);
327 if (ret) {
328 goto mi_error;
329 }
330
331 ret_code = LTTNG_OK;
332 goto end;
333
334 mi_error:
335 ret_code = LTTNG_ERR_MI_IO_FAIL;
336 end:
337 return ret_code;
338 }
339
340 struct lttng_event_rule *lttng_event_rule_kernel_syscall_create(
341 enum lttng_event_rule_kernel_syscall_emission_site
342 emission_site)
343 {
344 struct lttng_event_rule *rule = NULL;
345 struct lttng_event_rule_kernel_syscall *syscall_rule;
346 enum lttng_event_rule_status status;
347
348 /* Validate the emission site type */
349 switch (emission_site) {
350 case LTTNG_EVENT_RULE_KERNEL_SYSCALL_EMISSION_SITE_ENTRY_EXIT:
351 case LTTNG_EVENT_RULE_KERNEL_SYSCALL_EMISSION_SITE_ENTRY:
352 case LTTNG_EVENT_RULE_KERNEL_SYSCALL_EMISSION_SITE_EXIT:
353 break;
354 default:
355 /* Invalid emission type */
356 goto end;
357 }
358
359 syscall_rule = zmalloc(sizeof(struct lttng_event_rule_kernel_syscall));
360 if (!syscall_rule) {
361 goto end;
362 }
363
364 rule = &syscall_rule->parent;
365 lttng_event_rule_init(
366 &syscall_rule->parent, LTTNG_EVENT_RULE_TYPE_KERNEL_SYSCALL);
367 syscall_rule->parent.validate = lttng_event_rule_kernel_syscall_validate;
368 syscall_rule->parent.serialize = lttng_event_rule_kernel_syscall_serialize;
369 syscall_rule->parent.equal = lttng_event_rule_kernel_syscall_is_equal;
370 syscall_rule->parent.destroy = lttng_event_rule_kernel_syscall_destroy;
371 syscall_rule->parent.generate_filter_bytecode =
372 lttng_event_rule_kernel_syscall_generate_filter_bytecode;
373 syscall_rule->parent.get_filter =
374 lttng_event_rule_kernel_syscall_get_internal_filter;
375 syscall_rule->parent.get_filter_bytecode =
376 lttng_event_rule_kernel_syscall_get_internal_filter_bytecode;
377 syscall_rule->parent.generate_exclusions =
378 lttng_event_rule_kernel_syscall_generate_exclusions;
379 syscall_rule->parent.hash = lttng_event_rule_kernel_syscall_hash;
380 syscall_rule->parent.mi_serialize = lttng_event_rule_kernel_syscall_mi_serialize;
381
382 /* Default pattern is '*'. */
383 status = lttng_event_rule_kernel_syscall_set_name_pattern(rule, "*");
384 if (status != LTTNG_EVENT_RULE_STATUS_OK) {
385 lttng_event_rule_destroy(rule);
386 rule = NULL;
387 }
388
389 /* Emission site type */
390 syscall_rule->emission_site = emission_site;
391
392 end:
393 return rule;
394 }
395
396 LTTNG_HIDDEN
397 ssize_t lttng_event_rule_kernel_syscall_create_from_payload(
398 struct lttng_payload_view *view,
399 struct lttng_event_rule **_event_rule)
400 {
401 ssize_t ret, offset = 0;
402 enum lttng_event_rule_status status;
403 const struct lttng_event_rule_kernel_syscall_comm *syscall_comm;
404 const char *pattern;
405 const char *filter_expression = NULL;
406 struct lttng_buffer_view current_buffer_view;
407 struct lttng_event_rule *rule = NULL;
408
409 if (!_event_rule) {
410 ret = -1;
411 goto end;
412 }
413
414 if (view->buffer.size < sizeof(*syscall_comm)) {
415 ERR("Failed to initialize from malformed event rule syscall: buffer too short to contain header");
416 ret = -1;
417 goto end;
418 }
419
420 current_buffer_view = lttng_buffer_view_from_view(
421 &view->buffer, offset, sizeof(*syscall_comm));
422 if (!lttng_buffer_view_is_valid(&current_buffer_view)) {
423 ret = -1;
424 goto end;
425 }
426
427 syscall_comm = (typeof(syscall_comm)) current_buffer_view.data;
428 rule = lttng_event_rule_kernel_syscall_create(syscall_comm->emission_site);
429 if (!rule) {
430 ERR("Failed to create event rule syscall");
431 ret = -1;
432 goto end;
433 }
434
435 /* Skip to payload. */
436 offset += current_buffer_view.size;
437
438 /* Map the pattern. */
439 current_buffer_view = lttng_buffer_view_from_view(
440 &view->buffer, offset, syscall_comm->pattern_len);
441 if (!lttng_buffer_view_is_valid(&current_buffer_view)) {
442 ret = -1;
443 goto end;
444 }
445
446 pattern = current_buffer_view.data;
447 if (!lttng_buffer_view_contains_string(&current_buffer_view, pattern,
448 syscall_comm->pattern_len)) {
449 ret = -1;
450 goto end;
451 }
452
453 /* Skip after the pattern. */
454 offset += syscall_comm->pattern_len;
455
456 if (!syscall_comm->filter_expression_len) {
457 goto skip_filter_expression;
458 }
459
460 /* Map the filter_expression. */
461 current_buffer_view = lttng_buffer_view_from_view(&view->buffer, offset,
462 syscall_comm->filter_expression_len);
463 if (!lttng_buffer_view_is_valid(&current_buffer_view)) {
464 ret = -1;
465 goto end;
466 }
467
468 filter_expression = current_buffer_view.data;
469 if (!lttng_buffer_view_contains_string(&current_buffer_view,
470 filter_expression,
471 syscall_comm->filter_expression_len)) {
472 ret = -1;
473 goto end;
474 }
475
476 /* Skip after the pattern. */
477 offset += syscall_comm->filter_expression_len;
478
479 skip_filter_expression:
480
481 status = lttng_event_rule_kernel_syscall_set_name_pattern(rule, pattern);
482 if (status != LTTNG_EVENT_RULE_STATUS_OK) {
483 ERR("Failed to set event rule syscall pattern");
484 ret = -1;
485 goto end;
486 }
487
488 if (filter_expression) {
489 status = lttng_event_rule_kernel_syscall_set_filter(
490 rule, filter_expression);
491 if (status != LTTNG_EVENT_RULE_STATUS_OK) {
492 ERR("Failed to set event rule syscall pattern");
493 ret = -1;
494 goto end;
495 }
496 }
497
498 *_event_rule = rule;
499 rule = NULL;
500 ret = offset;
501 end:
502 lttng_event_rule_destroy(rule);
503 return ret;
504 }
505
506 enum lttng_event_rule_status lttng_event_rule_kernel_syscall_set_name_pattern(
507 struct lttng_event_rule *rule, const char *pattern)
508 {
509 char *pattern_copy = NULL;
510 struct lttng_event_rule_kernel_syscall *syscall;
511 enum lttng_event_rule_status status = LTTNG_EVENT_RULE_STATUS_OK;
512
513 if (!rule || !IS_SYSCALL_EVENT_RULE(rule) || !pattern ||
514 strlen(pattern) == 0) {
515 status = LTTNG_EVENT_RULE_STATUS_INVALID;
516 goto end;
517 }
518
519 syscall = container_of(rule, struct lttng_event_rule_kernel_syscall, parent);
520 pattern_copy = strdup(pattern);
521 if (!pattern_copy) {
522 status = LTTNG_EVENT_RULE_STATUS_ERROR;
523 goto end;
524 }
525
526 strutils_normalize_star_glob_pattern(pattern_copy);
527
528 free(syscall->pattern);
529
530 syscall->pattern = pattern_copy;
531 pattern_copy = NULL;
532 end:
533 return status;
534 }
535
536 enum lttng_event_rule_status lttng_event_rule_kernel_syscall_get_name_pattern(
537 const struct lttng_event_rule *rule, const char **pattern)
538 {
539 struct lttng_event_rule_kernel_syscall *syscall;
540 enum lttng_event_rule_status status = LTTNG_EVENT_RULE_STATUS_OK;
541
542 if (!rule || !IS_SYSCALL_EVENT_RULE(rule) || !pattern) {
543 status = LTTNG_EVENT_RULE_STATUS_INVALID;
544 goto end;
545 }
546
547 syscall = container_of(rule, struct lttng_event_rule_kernel_syscall, parent);
548 if (!syscall->pattern) {
549 status = LTTNG_EVENT_RULE_STATUS_UNSET;
550 goto end;
551 }
552
553 *pattern = syscall->pattern;
554 end:
555 return status;
556 }
557
558 enum lttng_event_rule_status lttng_event_rule_kernel_syscall_set_filter(
559 struct lttng_event_rule *rule, const char *expression)
560 {
561 char *expression_copy = NULL;
562 struct lttng_event_rule_kernel_syscall *syscall;
563 enum lttng_event_rule_status status = LTTNG_EVENT_RULE_STATUS_OK;
564
565 /* TODO: validate that the passed expression is valid. */
566
567 if (!rule || !IS_SYSCALL_EVENT_RULE(rule) || !expression ||
568 strlen(expression) == 0) {
569 status = LTTNG_EVENT_RULE_STATUS_INVALID;
570 goto end;
571 }
572
573 syscall = container_of(rule, struct lttng_event_rule_kernel_syscall, parent);
574 expression_copy = strdup(expression);
575 if (!expression_copy) {
576 status = LTTNG_EVENT_RULE_STATUS_ERROR;
577 goto end;
578 }
579
580 if (syscall->filter_expression) {
581 free(syscall->filter_expression);
582 }
583
584 syscall->filter_expression = expression_copy;
585 expression_copy = NULL;
586 end:
587 return status;
588 }
589
590 enum lttng_event_rule_status lttng_event_rule_kernel_syscall_get_filter(
591 const struct lttng_event_rule *rule, const char **expression)
592 {
593 struct lttng_event_rule_kernel_syscall *syscall;
594 enum lttng_event_rule_status status = LTTNG_EVENT_RULE_STATUS_OK;
595
596 if (!rule || !IS_SYSCALL_EVENT_RULE(rule) || !expression) {
597 status = LTTNG_EVENT_RULE_STATUS_INVALID;
598 goto end;
599 }
600
601 syscall = container_of(rule, struct lttng_event_rule_kernel_syscall, parent);
602 if (!syscall->filter_expression) {
603 status = LTTNG_EVENT_RULE_STATUS_UNSET;
604 goto end;
605 }
606
607 *expression = syscall->filter_expression;
608 end:
609 return status;
610 }
611 extern enum lttng_event_rule_kernel_syscall_emission_site
612 lttng_event_rule_kernel_syscall_get_emission_site(
613 const struct lttng_event_rule *rule)
614 {
615 enum lttng_event_rule_kernel_syscall_emission_site emission_site =
616 LTTNG_EVENT_RULE_KERNEL_SYSCALL_EMISSION_SITE_UNKNOWN;
617 struct lttng_event_rule_kernel_syscall *syscall;
618
619 if (!rule || !IS_SYSCALL_EVENT_RULE(rule)) {
620 goto end;
621 }
622
623 syscall = container_of(rule, struct lttng_event_rule_kernel_syscall, parent);
624 emission_site = syscall->emission_site;
625
626 end:
627 return emission_site;
628 }
629
630 LTTNG_HIDDEN
631 const char *lttng_event_rule_kernel_syscall_emission_site_str(
632 enum lttng_event_rule_kernel_syscall_emission_site emission_site)
633 {
634 switch (emission_site) {
635 case LTTNG_EVENT_RULE_KERNEL_SYSCALL_EMISSION_SITE_ENTRY:
636 return "entry";
637 case LTTNG_EVENT_RULE_KERNEL_SYSCALL_EMISSION_SITE_ENTRY_EXIT:
638 return "entry+exit";
639 case LTTNG_EVENT_RULE_KERNEL_SYSCALL_EMISSION_SITE_EXIT:
640 return "exit";
641 default:
642 return "???";
643 }
644 }
LTTng 2.0 tools and control repository
This page took 0.041869 seconds and 4 git commands to generate.