1 /*-
2 * Copyright (c) 1989, 1993
3 * The Regents of the University of California.
4 * Copyright (c) 2005 Robert N. M. Watson
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 4. Neither the name of the University nor the names of its contributors
16 * may be used to endorse or promote products derived from this software
17 * without specific prior written permission.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 * SUCH DAMAGE.
30 *
31 * @(#)kern_ktrace.c 8.2 (Berkeley) 9/23/93
32 */
33
34 #include <sys/cdefs.h>
35 __FBSDID("$FreeBSD: releng/11.2/sys/kern/kern_ktrace.c 331722 2018-03-29 02:50:57Z eadler $");
36
37 #include "opt_ktrace.h"
38
39 #include <sys/param.h>
40 #include <sys/capsicum.h>
41 #include <sys/systm.h>
42 #include <sys/fcntl.h>
43 #include <sys/kernel.h>
44 #include <sys/kthread.h>
45 #include <sys/lock.h>
46 #include <sys/mutex.h>
47 #include <sys/malloc.h>
48 #include <sys/mount.h>
49 #include <sys/namei.h>
50 #include <sys/priv.h>
51 #include <sys/proc.h>
52 #include <sys/unistd.h>
53 #include <sys/vnode.h>
54 #include <sys/socket.h>
55 #include <sys/stat.h>
56 #include <sys/ktrace.h>
57 #include <sys/sx.h>
58 #include <sys/sysctl.h>
59 #include <sys/sysent.h>
60 #include <sys/syslog.h>
61 #include <sys/sysproto.h>
62
63 #include <security/mac/mac_framework.h>
64
65 /*
66 * The ktrace facility allows the tracing of certain key events in user space
67 * processes, such as system calls, signal delivery, context switches, and
68 * user generated events using utrace(2). It works by streaming event
69 * records and data to a vnode associated with the process using the
70 * ktrace(2) system call. In general, records can be written directly from
71 * the context that generates the event. One important exception to this is
72 * during a context switch, where sleeping is not permitted. To handle this
73 * case, trace events are generated using in-kernel ktr_request records, and
74 * then delivered to disk at a convenient moment -- either immediately, the
75 * next traceable event, at system call return, or at process exit.
76 *
77 * When dealing with multiple threads or processes writing to the same event
78 * log, ordering guarantees are weak: specifically, if an event has multiple
79 * records (i.e., system call enter and return), they may be interlaced with
80 * records from another event. Process and thread ID information is provided
81 * in the record, and user applications can de-interlace events if required.
82 */
83
84 static MALLOC_DEFINE(M_KTRACE, "KTRACE", "KTRACE");
85
86 #ifdef KTRACE
87
88 FEATURE(ktrace, "Kernel support for system-call tracing");
89
90 #ifndef KTRACE_REQUEST_POOL
91 #define KTRACE_REQUEST_POOL 100
92 #endif
93
94 struct ktr_request {
95 struct ktr_header ktr_header;
96 void *ktr_buffer;
97 union {
98 struct ktr_proc_ctor ktr_proc_ctor;
99 struct ktr_cap_fail ktr_cap_fail;
100 struct ktr_syscall ktr_syscall;
101 struct ktr_sysret ktr_sysret;
102 struct ktr_genio ktr_genio;
103 struct ktr_psig ktr_psig;
104 struct ktr_csw ktr_csw;
105 struct ktr_fault ktr_fault;
106 struct ktr_faultend ktr_faultend;
107 struct ktr_struct_array ktr_struct_array;
108 } ktr_data;
109 STAILQ_ENTRY(ktr_request) ktr_list;
110 };
111
112 static int data_lengths[] = {
113 [KTR_SYSCALL] = offsetof(struct ktr_syscall, ktr_args),
114 [KTR_SYSRET] = sizeof(struct ktr_sysret),
115 [KTR_NAMEI] = 0,
116 [KTR_GENIO] = sizeof(struct ktr_genio),
117 [KTR_PSIG] = sizeof(struct ktr_psig),
118 [KTR_CSW] = sizeof(struct ktr_csw),
119 [KTR_USER] = 0,
120 [KTR_STRUCT] = 0,
121 [KTR_SYSCTL] = 0,
122 [KTR_PROCCTOR] = sizeof(struct ktr_proc_ctor),
123 [KTR_PROCDTOR] = 0,
124 [KTR_CAPFAIL] = sizeof(struct ktr_cap_fail),
125 [KTR_FAULT] = sizeof(struct ktr_fault),
126 [KTR_FAULTEND] = sizeof(struct ktr_faultend),
127 [KTR_STRUCT_ARRAY] = sizeof(struct ktr_struct_array),
128 };
129
130 static STAILQ_HEAD(, ktr_request) ktr_free;
131
132 static SYSCTL_NODE(_kern, OID_AUTO, ktrace, CTLFLAG_RD, 0, "KTRACE options");
133
134 static u_int ktr_requestpool = KTRACE_REQUEST_POOL;
135 TUNABLE_INT("kern.ktrace.request_pool", &ktr_requestpool);
136
137 u_int ktr_geniosize = PAGE_SIZE;
138 SYSCTL_UINT(_kern_ktrace, OID_AUTO, genio_size, CTLFLAG_RWTUN, &ktr_geniosize,
139 0, "Maximum size of genio event payload");
140
141 static int print_message = 1;
142 static struct mtx ktrace_mtx;
143 static struct sx ktrace_sx;
144
145 static void ktrace_init(void *dummy);
146 static int sysctl_kern_ktrace_request_pool(SYSCTL_HANDLER_ARGS);
147 static u_int ktrace_resize_pool(u_int oldsize, u_int newsize);
148 static struct ktr_request *ktr_getrequest_entered(struct thread *td, int type);
149 static struct ktr_request *ktr_getrequest(int type);
150 static void ktr_submitrequest(struct thread *td, struct ktr_request *req);
151 static void ktr_freeproc(struct proc *p, struct ucred **uc,
152 struct vnode **vp);
153 static void ktr_freerequest(struct ktr_request *req);
154 static void ktr_freerequest_locked(struct ktr_request *req);
155 static void ktr_writerequest(struct thread *td, struct ktr_request *req);
156 static int ktrcanset(struct thread *,struct proc *);
157 static int ktrsetchildren(struct thread *,struct proc *,int,int,struct vnode *);
158 static int ktrops(struct thread *,struct proc *,int,int,struct vnode *);
159 static void ktrprocctor_entered(struct thread *, struct proc *);
160
161 /*
162 * ktrace itself generates events, such as context switches, which we do not
163 * wish to trace. Maintain a flag, TDP_INKTRACE, on each thread to determine
164 * whether or not it is in a region where tracing of events should be
165 * suppressed.
166 */
167 static void
168 ktrace_enter(struct thread *td)
169 {
170
171 KASSERT(!(td->td_pflags & TDP_INKTRACE), ("ktrace_enter: flag set"));
172 td->td_pflags |= TDP_INKTRACE;
173 }
174
175 static void
176 ktrace_exit(struct thread *td)
177 {
178
179 KASSERT(td->td_pflags & TDP_INKTRACE, ("ktrace_exit: flag not set"));
180 td->td_pflags &= ~TDP_INKTRACE;
181 }
182
183 static void
184 ktrace_assert(struct thread *td)
185 {
186
187 KASSERT(td->td_pflags & TDP_INKTRACE, ("ktrace_assert: flag not set"));
188 }
189
190 static void
191 ktrace_init(void *dummy)
192 {
193 struct ktr_request *req;
194 int i;
195
196 mtx_init(&ktrace_mtx, "ktrace", NULL, MTX_DEF | MTX_QUIET);
197 sx_init(&ktrace_sx, "ktrace_sx");
198 STAILQ_INIT(&ktr_free);
199 for (i = 0; i < ktr_requestpool; i++) {
200 req = malloc(sizeof(struct ktr_request), M_KTRACE, M_WAITOK);
201 STAILQ_INSERT_HEAD(&ktr_free, req, ktr_list);
202 }
203 }
204 SYSINIT(ktrace_init, SI_SUB_KTRACE, SI_ORDER_ANY, ktrace_init, NULL);
205
206 static int
207 sysctl_kern_ktrace_request_pool(SYSCTL_HANDLER_ARGS)
208 {
209 struct thread *td;
210 u_int newsize, oldsize, wantsize;
211 int error;
212
213 /* Handle easy read-only case first to avoid warnings from GCC. */
214 if (!req->newptr) {
215 oldsize = ktr_requestpool;
216 return (SYSCTL_OUT(req, &oldsize, sizeof(u_int)));
217 }
218
219 error = SYSCTL_IN(req, &wantsize, sizeof(u_int));
220 if (error)
221 return (error);
222 td = curthread;
223 ktrace_enter(td);
224 oldsize = ktr_requestpool;
225 newsize = ktrace_resize_pool(oldsize, wantsize);
226 ktrace_exit(td);
227 error = SYSCTL_OUT(req, &oldsize, sizeof(u_int));
228 if (error)
229 return (error);
230 if (wantsize > oldsize && newsize < wantsize)
231 return (ENOSPC);
232 return (0);
233 }
234 SYSCTL_PROC(_kern_ktrace, OID_AUTO, request_pool, CTLTYPE_UINT|CTLFLAG_RW,
235 &ktr_requestpool, 0, sysctl_kern_ktrace_request_pool, "IU",
236 "Pool buffer size for ktrace(1)");
237
238 static u_int
239 ktrace_resize_pool(u_int oldsize, u_int newsize)
240 {
241 STAILQ_HEAD(, ktr_request) ktr_new;
242 struct ktr_request *req;
243 int bound;
244
245 print_message = 1;
246 bound = newsize - oldsize;
247 if (bound == 0)
248 return (ktr_requestpool);
249 if (bound < 0) {
250 mtx_lock(&ktrace_mtx);
251 /* Shrink pool down to newsize if possible. */
252 while (bound++ < 0) {
253 req = STAILQ_FIRST(&ktr_free);
254 if (req == NULL)
255 break;
256 STAILQ_REMOVE_HEAD(&ktr_free, ktr_list);
257 ktr_requestpool--;
258 free(req, M_KTRACE);
259 }
260 } else {
261 /* Grow pool up to newsize. */
262 STAILQ_INIT(&ktr_new);
263 while (bound-- > 0) {
264 req = malloc(sizeof(struct ktr_request), M_KTRACE,
265 M_WAITOK);
266 STAILQ_INSERT_HEAD(&ktr_new, req, ktr_list);
267 }
268 mtx_lock(&ktrace_mtx);
269 STAILQ_CONCAT(&ktr_free, &ktr_new);
270 ktr_requestpool += (newsize - oldsize);
271 }
272 mtx_unlock(&ktrace_mtx);
273 return (ktr_requestpool);
274 }
275
276 /* ktr_getrequest() assumes that ktr_comm[] is the same size as td_name[]. */
277 CTASSERT(sizeof(((struct ktr_header *)NULL)->ktr_comm) ==
278 (sizeof((struct thread *)NULL)->td_name));
279
280 static struct ktr_request *
281 ktr_getrequest_entered(struct thread *td, int type)
282 {
283 struct ktr_request *req;
284 struct proc *p = td->td_proc;
285 int pm;
286
287 mtx_lock(&ktrace_mtx);
288 if (!KTRCHECK(td, type)) {
289 mtx_unlock(&ktrace_mtx);
290 return (NULL);
291 }
292 req = STAILQ_FIRST(&ktr_free);
293 if (req != NULL) {
294 STAILQ_REMOVE_HEAD(&ktr_free, ktr_list);
295 req->ktr_header.ktr_type = type;
296 if (p->p_traceflag & KTRFAC_DROP) {
297 req->ktr_header.ktr_type |= KTR_DROP;
298 p->p_traceflag &= ~KTRFAC_DROP;
299 }
300 mtx_unlock(&ktrace_mtx);
301 microtime(&req->ktr_header.ktr_time);
302 req->ktr_header.ktr_pid = p->p_pid;
303 req->ktr_header.ktr_tid = td->td_tid;
304 bcopy(td->td_name, req->ktr_header.ktr_comm,
305 sizeof(req->ktr_header.ktr_comm));
306 req->ktr_buffer = NULL;
307 req->ktr_header.ktr_len = 0;
308 } else {
309 p->p_traceflag |= KTRFAC_DROP;
310 pm = print_message;
311 print_message = 0;
312 mtx_unlock(&ktrace_mtx);
313 if (pm)
314 printf("Out of ktrace request objects.\n");
315 }
316 return (req);
317 }
318
319 static struct ktr_request *
320 ktr_getrequest(int type)
321 {
322 struct thread *td = curthread;
323 struct ktr_request *req;
324
325 ktrace_enter(td);
326 req = ktr_getrequest_entered(td, type);
327 if (req == NULL)
328 ktrace_exit(td);
329
330 return (req);
331 }
332
333 /*
334 * Some trace generation environments don't permit direct access to VFS,
335 * such as during a context switch where sleeping is not allowed. Under these
336 * circumstances, queue a request to the thread to be written asynchronously
337 * later.
338 */
339 static void
340 ktr_enqueuerequest(struct thread *td, struct ktr_request *req)
341 {
342
343 mtx_lock(&ktrace_mtx);
344 STAILQ_INSERT_TAIL(&td->td_proc->p_ktr, req, ktr_list);
345 mtx_unlock(&ktrace_mtx);
346 }
347
348 /*
349 * Drain any pending ktrace records from the per-thread queue to disk. This
350 * is used both internally before committing other records, and also on
351 * system call return. We drain all the ones we can find at the time when
352 * drain is requested, but don't keep draining after that as those events
353 * may be approximately "after" the current event.
354 */
355 static void
356 ktr_drain(struct thread *td)
357 {
358 struct ktr_request *queued_req;
359 STAILQ_HEAD(, ktr_request) local_queue;
360
361 ktrace_assert(td);
362 sx_assert(&ktrace_sx, SX_XLOCKED);
363
364 STAILQ_INIT(&local_queue);
365
366 if (!STAILQ_EMPTY(&td->td_proc->p_ktr)) {
367 mtx_lock(&ktrace_mtx);
368 STAILQ_CONCAT(&local_queue, &td->td_proc->p_ktr);
369 mtx_unlock(&ktrace_mtx);
370
371 while ((queued_req = STAILQ_FIRST(&local_queue))) {
372 STAILQ_REMOVE_HEAD(&local_queue, ktr_list);
373 ktr_writerequest(td, queued_req);
374 ktr_freerequest(queued_req);
375 }
376 }
377 }
378
379 /*
380 * Submit a trace record for immediate commit to disk -- to be used only
381 * where entering VFS is OK. First drain any pending records that may have
382 * been cached in the thread.
383 */
384 static void
385 ktr_submitrequest(struct thread *td, struct ktr_request *req)
386 {
387
388 ktrace_assert(td);
389
390 sx_xlock(&ktrace_sx);
391 ktr_drain(td);
392 ktr_writerequest(td, req);
393 ktr_freerequest(req);
394 sx_xunlock(&ktrace_sx);
395 ktrace_exit(td);
396 }
397
398 static void
399 ktr_freerequest(struct ktr_request *req)
400 {
401
402 mtx_lock(&ktrace_mtx);
403 ktr_freerequest_locked(req);
404 mtx_unlock(&ktrace_mtx);
405 }
406
407 static void
408 ktr_freerequest_locked(struct ktr_request *req)
409 {
410
411 mtx_assert(&ktrace_mtx, MA_OWNED);
412 if (req->ktr_buffer != NULL)
413 free(req->ktr_buffer, M_KTRACE);
414 STAILQ_INSERT_HEAD(&ktr_free, req, ktr_list);
415 }
416
417 /*
418 * Disable tracing for a process and release all associated resources.
419 * The caller is responsible for releasing a reference on the returned
420 * vnode and credentials.
421 */
422 static void
423 ktr_freeproc(struct proc *p, struct ucred **uc, struct vnode **vp)
424 {
425 struct ktr_request *req;
426
427 PROC_LOCK_ASSERT(p, MA_OWNED);
428 mtx_assert(&ktrace_mtx, MA_OWNED);
429 *uc = p->p_tracecred;
430 p->p_tracecred = NULL;
431 if (vp != NULL)
432 *vp = p->p_tracevp;
433 p->p_tracevp = NULL;
434 p->p_traceflag = 0;
435 while ((req = STAILQ_FIRST(&p->p_ktr)) != NULL) {
436 STAILQ_REMOVE_HEAD(&p->p_ktr, ktr_list);
437 ktr_freerequest_locked(req);
438 }
439 }
440
441 void
442 ktrsyscall(int code, int narg, register_t args[])
443 {
444 struct ktr_request *req;
445 struct ktr_syscall *ktp;
446 size_t buflen;
447 char *buf = NULL;
448
449 buflen = sizeof(register_t) * narg;
450 if (buflen > 0) {
451 buf = malloc(buflen, M_KTRACE, M_WAITOK);
452 bcopy(args, buf, buflen);
453 }
454 req = ktr_getrequest(KTR_SYSCALL);
455 if (req == NULL) {
456 if (buf != NULL)
457 free(buf, M_KTRACE);
458 return;
459 }
460 ktp = &req->ktr_data.ktr_syscall;
461 ktp->ktr_code = code;
462 ktp->ktr_narg = narg;
463 if (buflen > 0) {
464 req->ktr_header.ktr_len = buflen;
465 req->ktr_buffer = buf;
466 }
467 ktr_submitrequest(curthread, req);
468 }
469
470 void
471 ktrsysret(int code, int error, register_t retval)
472 {
473 struct ktr_request *req;
474 struct ktr_sysret *ktp;
475
476 req = ktr_getrequest(KTR_SYSRET);
477 if (req == NULL)
478 return;
479 ktp = &req->ktr_data.ktr_sysret;
480 ktp->ktr_code = code;
481 ktp->ktr_error = error;
482 ktp->ktr_retval = ((error == 0) ? retval: 0); /* what about val2 ? */
483 ktr_submitrequest(curthread, req);
484 }
485
486 /*
487 * When a setuid process execs, disable tracing.
488 *
489 * XXX: We toss any pending asynchronous records.
490 */
491 void
492 ktrprocexec(struct proc *p, struct ucred **uc, struct vnode **vp)
493 {
494
495 PROC_LOCK_ASSERT(p, MA_OWNED);
496 mtx_lock(&ktrace_mtx);
497 ktr_freeproc(p, uc, vp);
498 mtx_unlock(&ktrace_mtx);
499 }
500
501 /*
502 * When a process exits, drain per-process asynchronous trace records
503 * and disable tracing.
504 */
505 void
506 ktrprocexit(struct thread *td)
507 {
508 struct ktr_request *req;
509 struct proc *p;
510 struct ucred *cred;
511 struct vnode *vp;
512
513 p = td->td_proc;
514 if (p->p_traceflag == 0)
515 return;
516
517 ktrace_enter(td);
518 req = ktr_getrequest_entered(td, KTR_PROCDTOR);
519 if (req != NULL)
520 ktr_enqueuerequest(td, req);
521 sx_xlock(&ktrace_sx);
522 ktr_drain(td);
523 sx_xunlock(&ktrace_sx);
524 PROC_LOCK(p);
525 mtx_lock(&ktrace_mtx);
526 ktr_freeproc(p, &cred, &vp);
527 mtx_unlock(&ktrace_mtx);
528 PROC_UNLOCK(p);
529 if (vp != NULL)
530 vrele(vp);
531 if (cred != NULL)
532 crfree(cred);
533 ktrace_exit(td);
534 }
535
536 static void
537 ktrprocctor_entered(struct thread *td, struct proc *p)
538 {
539 struct ktr_proc_ctor *ktp;
540 struct ktr_request *req;
541 struct thread *td2;
542
543 ktrace_assert(td);
544 td2 = FIRST_THREAD_IN_PROC(p);
545 req = ktr_getrequest_entered(td2, KTR_PROCCTOR);
546 if (req == NULL)
547 return;
548 ktp = &req->ktr_data.ktr_proc_ctor;
549 ktp->sv_flags = p->p_sysent->sv_flags;
550 ktr_enqueuerequest(td2, req);
551 }
552
553 void
554 ktrprocctor(struct proc *p)
555 {
556 struct thread *td = curthread;
557
558 if ((p->p_traceflag & KTRFAC_MASK) == 0)
559 return;
560
561 ktrace_enter(td);
562 ktrprocctor_entered(td, p);
563 ktrace_exit(td);
564 }
565
566 /*
567 * When a process forks, enable tracing in the new process if needed.
568 */
569 void
570 ktrprocfork(struct proc *p1, struct proc *p2)
571 {
572
573 MPASS(p2->p_tracevp == NULL);
574 MPASS(p2->p_traceflag == 0);
575
576 if (p1->p_traceflag == 0)
577 return;
578
579 PROC_LOCK(p1);
580 mtx_lock(&ktrace_mtx);
581 if (p1->p_traceflag & KTRFAC_INHERIT) {
582 p2->p_traceflag = p1->p_traceflag;
583 if ((p2->p_tracevp = p1->p_tracevp) != NULL) {
584 VREF(p2->p_tracevp);
585 KASSERT(p1->p_tracecred != NULL,
586 ("ktrace vnode with no cred"));
587 p2->p_tracecred = crhold(p1->p_tracecred);
588 }
589 }
590 mtx_unlock(&ktrace_mtx);
591 PROC_UNLOCK(p1);
592
593 ktrprocctor(p2);
594 }
595
596 /*
597 * When a thread returns, drain any asynchronous records generated by the
598 * system call.
599 */
600 void
601 ktruserret(struct thread *td)
602 {
603
604 ktrace_enter(td);
605 sx_xlock(&ktrace_sx);
606 ktr_drain(td);
607 sx_xunlock(&ktrace_sx);
608 ktrace_exit(td);
609 }
610
611 void
612 ktrnamei(path)
613 char *path;
614 {
615 struct ktr_request *req;
616 int namelen;
617 char *buf = NULL;
618
619 namelen = strlen(path);
620 if (namelen > 0) {
621 buf = malloc(namelen, M_KTRACE, M_WAITOK);
622 bcopy(path, buf, namelen);
623 }
624 req = ktr_getrequest(KTR_NAMEI);
625 if (req == NULL) {
626 if (buf != NULL)
627 free(buf, M_KTRACE);
628 return;
629 }
630 if (namelen > 0) {
631 req->ktr_header.ktr_len = namelen;
632 req->ktr_buffer = buf;
633 }
634 ktr_submitrequest(curthread, req);
635 }
636
637 void
638 ktrsysctl(int *name, u_int namelen)
639 {
640 struct ktr_request *req;
641 u_int mib[CTL_MAXNAME + 2];
642 char *mibname;
643 size_t mibnamelen;
644 int error;
645
646 /* Lookup name of mib. */
647 KASSERT(namelen <= CTL_MAXNAME, ("sysctl MIB too long"));
648 mib[0] = 0;
649 mib[1] = 1;
650 bcopy(name, mib + 2, namelen * sizeof(*name));
651 mibnamelen = 128;
652 mibname = malloc(mibnamelen, M_KTRACE, M_WAITOK);
653 error = kernel_sysctl(curthread, mib, namelen + 2, mibname, &mibnamelen,
654 NULL, 0, &mibnamelen, 0);
655 if (error) {
656 free(mibname, M_KTRACE);
657 return;
658 }
659 req = ktr_getrequest(KTR_SYSCTL);
660 if (req == NULL) {
661 free(mibname, M_KTRACE);
662 return;
663 }
664 req->ktr_header.ktr_len = mibnamelen;
665 req->ktr_buffer = mibname;
666 ktr_submitrequest(curthread, req);
667 }
668
669 void
670 ktrgenio(int fd, enum uio_rw rw, struct uio *uio, int error)
671 {
672 struct ktr_request *req;
673 struct ktr_genio *ktg;
674 int datalen;
675 char *buf;
676
677 if (error) {
678 free(uio, M_IOV);
679 return;
680 }
681 uio->uio_offset = 0;
682 uio->uio_rw = UIO_WRITE;
683 datalen = MIN(uio->uio_resid, ktr_geniosize);
684 buf = malloc(datalen, M_KTRACE, M_WAITOK);
685 error = uiomove(buf, datalen, uio);
686 free(uio, M_IOV);
687 if (error) {
688 free(buf, M_KTRACE);
689 return;
690 }
691 req = ktr_getrequest(KTR_GENIO);
692 if (req == NULL) {
693 free(buf, M_KTRACE);
694 return;
695 }
696 ktg = &req->ktr_data.ktr_genio;
697 ktg->ktr_fd = fd;
698 ktg->ktr_rw = rw;
699 req->ktr_header.ktr_len = datalen;
700 req->ktr_buffer = buf;
701 ktr_submitrequest(curthread, req);
702 }
703
704 void
705 ktrpsig(int sig, sig_t action, sigset_t *mask, int code)
706 {
707 struct thread *td = curthread;
708 struct ktr_request *req;
709 struct ktr_psig *kp;
710
711 req = ktr_getrequest(KTR_PSIG);
712 if (req == NULL)
713 return;
714 kp = &req->ktr_data.ktr_psig;
715 kp->signo = (char)sig;
716 kp->action = action;
717 kp->mask = *mask;
718 kp->code = code;
719 ktr_enqueuerequest(td, req);
720 ktrace_exit(td);
721 }
722
723 void
724 ktrcsw(int out, int user, const char *wmesg)
725 {
726 struct thread *td = curthread;
727 struct ktr_request *req;
728 struct ktr_csw *kc;
729
730 req = ktr_getrequest(KTR_CSW);
731 if (req == NULL)
732 return;
733 kc = &req->ktr_data.ktr_csw;
734 kc->out = out;
735 kc->user = user;
736 if (wmesg != NULL)
737 strlcpy(kc->wmesg, wmesg, sizeof(kc->wmesg));
738 else
739 bzero(kc->wmesg, sizeof(kc->wmesg));
740 ktr_enqueuerequest(td, req);
741 ktrace_exit(td);
742 }
743
744 void
745 ktrstruct(const char *name, const void *data, size_t datalen)
746 {
747 struct ktr_request *req;
748 char *buf;
749 size_t buflen, namelen;
750
751 if (data == NULL)
752 datalen = 0;
753 namelen = strlen(name) + 1;
754 buflen = namelen + datalen;
755 buf = malloc(buflen, M_KTRACE, M_WAITOK);
756 strcpy(buf, name);
757 bcopy(data, buf + namelen, datalen);
758 if ((req = ktr_getrequest(KTR_STRUCT)) == NULL) {
759 free(buf, M_KTRACE);
760 return;
761 }
762 req->ktr_buffer = buf;
763 req->ktr_header.ktr_len = buflen;
764 ktr_submitrequest(curthread, req);
765 }
766
767 void
768 ktrstructarray(const char *name, enum uio_seg seg, const void *data,
769 int num_items, size_t struct_size)
770 {
771 struct ktr_request *req;
772 struct ktr_struct_array *ksa;
773 char *buf;
774 size_t buflen, datalen, namelen;
775 int max_items;
776
777 /* Trim array length to genio size. */
778 max_items = ktr_geniosize / struct_size;
779 if (num_items > max_items) {
780 if (max_items == 0)
781 num_items = 1;
782 else
783 num_items = max_items;
784 }
785 datalen = num_items * struct_size;
786
787 if (data == NULL)
788 datalen = 0;
789
790 namelen = strlen(name) + 1;
791 buflen = namelen + datalen;
792 buf = malloc(buflen, M_KTRACE, M_WAITOK);
793 strcpy(buf, name);
794 if (seg == UIO_SYSSPACE)
795 bcopy(data, buf + namelen, datalen);
796 else {
797 if (copyin(data, buf + namelen, datalen) != 0) {
798 free(buf, M_KTRACE);
799 return;
800 }
801 }
802 if ((req = ktr_getrequest(KTR_STRUCT_ARRAY)) == NULL) {
803 free(buf, M_KTRACE);
804 return;
805 }
806 ksa = &req->ktr_data.ktr_struct_array;
807 ksa->struct_size = struct_size;
808 req->ktr_buffer = buf;
809 req->ktr_header.ktr_len = buflen;
810 ktr_submitrequest(curthread, req);
811 }
812
813 void
814 ktrcapfail(enum ktr_cap_fail_type type, const cap_rights_t *needed,
815 const cap_rights_t *held)
816 {
817 struct thread *td = curthread;
818 struct ktr_request *req;
819 struct ktr_cap_fail *kcf;
820
821 req = ktr_getrequest(KTR_CAPFAIL);
822 if (req == NULL)
823 return;
824 kcf = &req->ktr_data.ktr_cap_fail;
825 kcf->cap_type = type;
826 if (needed != NULL)
827 kcf->cap_needed = *needed;
828 else
829 cap_rights_init(&kcf->cap_needed);
830 if (held != NULL)
831 kcf->cap_held = *held;
832 else
833 cap_rights_init(&kcf->cap_held);
834 ktr_enqueuerequest(td, req);
835 ktrace_exit(td);
836 }
837
838 void
839 ktrfault(vm_offset_t vaddr, int type)
840 {
841 struct thread *td = curthread;
842 struct ktr_request *req;
843 struct ktr_fault *kf;
844
845 req = ktr_getrequest(KTR_FAULT);
846 if (req == NULL)
847 return;
848 kf = &req->ktr_data.ktr_fault;
849 kf->vaddr = vaddr;
850 kf->type = type;
851 ktr_enqueuerequest(td, req);
852 ktrace_exit(td);
853 }
854
855 void
856 ktrfaultend(int result)
857 {
858 struct thread *td = curthread;
859 struct ktr_request *req;
860 struct ktr_faultend *kf;
861
862 req = ktr_getrequest(KTR_FAULTEND);
863 if (req == NULL)
864 return;
865 kf = &req->ktr_data.ktr_faultend;
866 kf->result = result;
867 ktr_enqueuerequest(td, req);
868 ktrace_exit(td);
869 }
870 #endif /* KTRACE */
871
872 /* Interface and common routines */
873
874 #ifndef _SYS_SYSPROTO_H_
875 struct ktrace_args {
876 char *fname;
877 int ops;
878 int facs;
879 int pid;
880 };
881 #endif
882 /* ARGSUSED */
883 int
884 sys_ktrace(struct thread *td, struct ktrace_args *uap)
885 {
886 #ifdef KTRACE
887 struct vnode *vp = NULL;
888 struct proc *p;
889 struct pgrp *pg;
890 int facs = uap->facs & ~KTRFAC_ROOT;
891 int ops = KTROP(uap->ops);
892 int descend = uap->ops & KTRFLAG_DESCEND;
893 int nfound, ret = 0;
894 int flags, error = 0;
895 struct nameidata nd;
896 struct ucred *cred;
897
898 /*
899 * Need something to (un)trace.
900 */
901 if (ops != KTROP_CLEARFILE && facs == 0)
902 return (EINVAL);
903
904 ktrace_enter(td);
905 if (ops != KTROP_CLEAR) {
906 /*
907 * an operation which requires a file argument.
908 */
909 NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_USERSPACE, uap->fname, td);
910 flags = FREAD | FWRITE | O_NOFOLLOW;
911 error = vn_open(&nd, &flags, 0, NULL);
912 if (error) {
913 ktrace_exit(td);
914 return (error);
915 }
916 NDFREE(&nd, NDF_ONLY_PNBUF);
917 vp = nd.ni_vp;
918 VOP_UNLOCK(vp, 0);
919 if (vp->v_type != VREG) {
920 (void) vn_close(vp, FREAD|FWRITE, td->td_ucred, td);
921 ktrace_exit(td);
922 return (EACCES);
923 }
924 }
925 /*
926 * Clear all uses of the tracefile.
927 */
928 if (ops == KTROP_CLEARFILE) {
929 int vrele_count;
930
931 vrele_count = 0;
932 sx_slock(&allproc_lock);
933 FOREACH_PROC_IN_SYSTEM(p) {
934 PROC_LOCK(p);
935 if (p->p_tracevp == vp) {
936 if (ktrcanset(td, p)) {
937 mtx_lock(&ktrace_mtx);
938 ktr_freeproc(p, &cred, NULL);
939 mtx_unlock(&ktrace_mtx);
940 vrele_count++;
941 crfree(cred);
942 } else
943 error = EPERM;
944 }
945 PROC_UNLOCK(p);
946 }
947 sx_sunlock(&allproc_lock);
948 if (vrele_count > 0) {
949 while (vrele_count-- > 0)
950 vrele(vp);
951 }
952 goto done;
953 }
954 /*
955 * do it
956 */
957 sx_slock(&proctree_lock);
958 if (uap->pid < 0) {
959 /*
960 * by process group
961 */
962 pg = pgfind(-uap->pid);
963 if (pg == NULL) {
964 sx_sunlock(&proctree_lock);
965 error = ESRCH;
966 goto done;
967 }
968 /*
969 * ktrops() may call vrele(). Lock pg_members
970 * by the proctree_lock rather than pg_mtx.
971 */
972 PGRP_UNLOCK(pg);
973 nfound = 0;
974 LIST_FOREACH(p, &pg->pg_members, p_pglist) {
975 PROC_LOCK(p);
976 if (p->p_state == PRS_NEW ||
977 p_cansee(td, p) != 0) {
978 PROC_UNLOCK(p);
979 continue;
980 }
981 nfound++;
982 if (descend)
983 ret |= ktrsetchildren(td, p, ops, facs, vp);
984 else
985 ret |= ktrops(td, p, ops, facs, vp);
986 }
987 if (nfound == 0) {
988 sx_sunlock(&proctree_lock);
989 error = ESRCH;
990 goto done;
991 }
992 } else {
993 /*
994 * by pid
995 */
996 p = pfind(uap->pid);
997 if (p == NULL)
998 error = ESRCH;
999 else
1000 error = p_cansee(td, p);
1001 if (error) {
1002 if (p != NULL)
1003 PROC_UNLOCK(p);
1004 sx_sunlock(&proctree_lock);
1005 goto done;
1006 }
1007 if (descend)
1008 ret |= ktrsetchildren(td, p, ops, facs, vp);
1009 else
1010 ret |= ktrops(td, p, ops, facs, vp);
1011 }
1012 sx_sunlock(&proctree_lock);
1013 if (!ret)
1014 error = EPERM;
1015 done:
1016 if (vp != NULL)
1017 (void) vn_close(vp, FWRITE, td->td_ucred, td);
1018 ktrace_exit(td);
1019 return (error);
1020 #else /* !KTRACE */
1021 return (ENOSYS);
1022 #endif /* KTRACE */
1023 }
1024
1025 /* ARGSUSED */
1026 int
1027 sys_utrace(struct thread *td, struct utrace_args *uap)
1028 {
1029
1030 #ifdef KTRACE
1031 struct ktr_request *req;
1032 void *cp;
1033 int error;
1034
1035 if (!KTRPOINT(td, KTR_USER))
1036 return (0);
1037 if (uap->len > KTR_USER_MAXLEN)
1038 return (EINVAL);
1039 cp = malloc(uap->len, M_KTRACE, M_WAITOK);
1040 error = copyin(uap->addr, cp, uap->len);
1041 if (error) {
1042 free(cp, M_KTRACE);
1043 return (error);
1044 }
1045 req = ktr_getrequest(KTR_USER);
1046 if (req == NULL) {
1047 free(cp, M_KTRACE);
1048 return (ENOMEM);
1049 }
1050 req->ktr_buffer = cp;
1051 req->ktr_header.ktr_len = uap->len;
1052 ktr_submitrequest(td, req);
1053 return (0);
1054 #else /* !KTRACE */
1055 return (ENOSYS);
1056 #endif /* KTRACE */
1057 }
1058
1059 #ifdef KTRACE
1060 static int
1061 ktrops(struct thread *td, struct proc *p, int ops, int facs, struct vnode *vp)
1062 {
1063 struct vnode *tracevp = NULL;
1064 struct ucred *tracecred = NULL;
1065
1066 PROC_LOCK_ASSERT(p, MA_OWNED);
1067 if (!ktrcanset(td, p)) {
1068 PROC_UNLOCK(p);
1069 return (0);
1070 }
1071 if (p->p_flag & P_WEXIT) {
1072 /* If the process is exiting, just ignore it. */
1073 PROC_UNLOCK(p);
1074 return (1);
1075 }
1076 mtx_lock(&ktrace_mtx);
1077 if (ops == KTROP_SET) {
1078 if (p->p_tracevp != vp) {
1079 /*
1080 * if trace file already in use, relinquish below
1081 */
1082 tracevp = p->p_tracevp;
1083 VREF(vp);
1084 p->p_tracevp = vp;
1085 }
1086 if (p->p_tracecred != td->td_ucred) {
1087 tracecred = p->p_tracecred;
1088 p->p_tracecred = crhold(td->td_ucred);
1089 }
1090 p->p_traceflag |= facs;
1091 if (priv_check(td, PRIV_KTRACE) == 0)
1092 p->p_traceflag |= KTRFAC_ROOT;
1093 } else {
1094 /* KTROP_CLEAR */
1095 if (((p->p_traceflag &= ~facs) & KTRFAC_MASK) == 0)
1096 /* no more tracing */
1097 ktr_freeproc(p, &tracecred, &tracevp);
1098 }
1099 mtx_unlock(&ktrace_mtx);
1100 if ((p->p_traceflag & KTRFAC_MASK) != 0)
1101 ktrprocctor_entered(td, p);
1102 PROC_UNLOCK(p);
1103 if (tracevp != NULL)
1104 vrele(tracevp);
1105 if (tracecred != NULL)
1106 crfree(tracecred);
1107
1108 return (1);
1109 }
1110
1111 static int
1112 ktrsetchildren(struct thread *td, struct proc *top, int ops, int facs,
1113 struct vnode *vp)
1114 {
1115 struct proc *p;
1116 int ret = 0;
1117
1118 p = top;
1119 PROC_LOCK_ASSERT(p, MA_OWNED);
1120 sx_assert(&proctree_lock, SX_LOCKED);
1121 for (;;) {
1122 ret |= ktrops(td, p, ops, facs, vp);
1123 /*
1124 * If this process has children, descend to them next,
1125 * otherwise do any siblings, and if done with this level,
1126 * follow back up the tree (but not past top).
1127 */
1128 if (!LIST_EMPTY(&p->p_children))
1129 p = LIST_FIRST(&p->p_children);
1130 else for (;;) {
1131 if (p == top)
1132 return (ret);
1133 if (LIST_NEXT(p, p_sibling)) {
1134 p = LIST_NEXT(p, p_sibling);
1135 break;
1136 }
1137 p = p->p_pptr;
1138 }
1139 PROC_LOCK(p);
1140 }
1141 /*NOTREACHED*/
1142 }
1143
1144 static void
1145 ktr_writerequest(struct thread *td, struct ktr_request *req)
1146 {
1147 struct ktr_header *kth;
1148 struct vnode *vp;
1149 struct proc *p;
1150 struct ucred *cred;
1151 struct uio auio;
1152 struct iovec aiov[3];
1153 struct mount *mp;
1154 int datalen, buflen, vrele_count;
1155 int error;
1156
1157 /*
1158 * We hold the vnode and credential for use in I/O in case ktrace is
1159 * disabled on the process as we write out the request.
1160 *
1161 * XXXRW: This is not ideal: we could end up performing a write after
1162 * the vnode has been closed.
1163 */
1164 mtx_lock(&ktrace_mtx);
1165 vp = td->td_proc->p_tracevp;
1166 cred = td->td_proc->p_tracecred;
1167
1168 /*
1169 * If vp is NULL, the vp has been cleared out from under this
1170 * request, so just drop it. Make sure the credential and vnode are
1171 * in sync: we should have both or neither.
1172 */
1173 if (vp == NULL) {
1174 KASSERT(cred == NULL, ("ktr_writerequest: cred != NULL"));
1175 mtx_unlock(&ktrace_mtx);
1176 return;
1177 }
1178 VREF(vp);
1179 KASSERT(cred != NULL, ("ktr_writerequest: cred == NULL"));
1180 crhold(cred);
1181 mtx_unlock(&ktrace_mtx);
1182
1183 kth = &req->ktr_header;
1184 KASSERT(((u_short)kth->ktr_type & ~KTR_DROP) < nitems(data_lengths),
1185 ("data_lengths array overflow"));
1186 datalen = data_lengths[(u_short)kth->ktr_type & ~KTR_DROP];
1187 buflen = kth->ktr_len;
1188 auio.uio_iov = &aiov[0];
1189 auio.uio_offset = 0;
1190 auio.uio_segflg = UIO_SYSSPACE;
1191 auio.uio_rw = UIO_WRITE;
1192 aiov[0].iov_base = (caddr_t)kth;
1193 aiov[0].iov_len = sizeof(struct ktr_header);
1194 auio.uio_resid = sizeof(struct ktr_header);
1195 auio.uio_iovcnt = 1;
1196 auio.uio_td = td;
1197 if (datalen != 0) {
1198 aiov[1].iov_base = (caddr_t)&req->ktr_data;
1199 aiov[1].iov_len = datalen;
1200 auio.uio_resid += datalen;
1201 auio.uio_iovcnt++;
1202 kth->ktr_len += datalen;
1203 }
1204 if (buflen != 0) {
1205 KASSERT(req->ktr_buffer != NULL, ("ktrace: nothing to write"));
1206 aiov[auio.uio_iovcnt].iov_base = req->ktr_buffer;
1207 aiov[auio.uio_iovcnt].iov_len = buflen;
1208 auio.uio_resid += buflen;
1209 auio.uio_iovcnt++;
1210 }
1211
1212 vn_start_write(vp, &mp, V_WAIT);
1213 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
1214 #ifdef MAC
1215 error = mac_vnode_check_write(cred, NOCRED, vp);
1216 if (error == 0)
1217 #endif
1218 error = VOP_WRITE(vp, &auio, IO_UNIT | IO_APPEND, cred);
1219 VOP_UNLOCK(vp, 0);
1220 vn_finished_write(mp);
1221 crfree(cred);
1222 if (!error) {
1223 vrele(vp);
1224 return;
1225 }
1226
1227 /*
1228 * If error encountered, give up tracing on this vnode. We defer
1229 * all the vrele()'s on the vnode until after we are finished walking
1230 * the various lists to avoid needlessly holding locks.
1231 * NB: at this point we still hold the vnode reference that must
1232 * not go away as we need the valid vnode to compare with. Thus let
1233 * vrele_count start at 1 and the reference will be freed
1234 * by the loop at the end after our last use of vp.
1235 */
1236 log(LOG_NOTICE, "ktrace write failed, errno %d, tracing stopped\n",
1237 error);
1238 vrele_count = 1;
1239 /*
1240 * First, clear this vnode from being used by any processes in the
1241 * system.
1242 * XXX - If one process gets an EPERM writing to the vnode, should
1243 * we really do this? Other processes might have suitable
1244 * credentials for the operation.
1245 */
1246 cred = NULL;
1247 sx_slock(&allproc_lock);
1248 FOREACH_PROC_IN_SYSTEM(p) {
1249 PROC_LOCK(p);
1250 if (p->p_tracevp == vp) {
1251 mtx_lock(&ktrace_mtx);
1252 ktr_freeproc(p, &cred, NULL);
1253 mtx_unlock(&ktrace_mtx);
1254 vrele_count++;
1255 }
1256 PROC_UNLOCK(p);
1257 if (cred != NULL) {
1258 crfree(cred);
1259 cred = NULL;
1260 }
1261 }
1262 sx_sunlock(&allproc_lock);
1263
1264 while (vrele_count-- > 0)
1265 vrele(vp);
1266 }
1267
1268 /*
1269 * Return true if caller has permission to set the ktracing state
1270 * of target. Essentially, the target can't possess any
1271 * more permissions than the caller. KTRFAC_ROOT signifies that
1272 * root previously set the tracing status on the target process, and
1273 * so, only root may further change it.
1274 */
1275 static int
1276 ktrcanset(struct thread *td, struct proc *targetp)
1277 {
1278
1279 PROC_LOCK_ASSERT(targetp, MA_OWNED);
1280 if (targetp->p_traceflag & KTRFAC_ROOT &&
1281 priv_check(td, PRIV_KTRACE))
1282 return (0);
1283
1284 if (p_candebug(td, targetp) != 0)
1285 return (0);
1286
1287 return (1);
1288 }
1289
1290 #endif /* KTRACE */
Cache object: e3815934d6f6c22ca9c920f0e88df5e0
|