1 /*-
2 * Copyright (c) 1989, 1993
3 * The Regents of the University of California.
4 * Copyright (c) 2005 Robert N. M. Watson
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 4. Neither the name of the University nor the names of its contributors
16 * may be used to endorse or promote products derived from this software
17 * without specific prior written permission.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 * SUCH DAMAGE.
30 *
31 * @(#)kern_ktrace.c 8.2 (Berkeley) 9/23/93
32 */
33
34 #include <sys/cdefs.h>
35 __FBSDID("$FreeBSD: releng/8.3/sys/kern/kern_ktrace.c 230159 2012-01-15 20:52:31Z eadler $");
36
37 #include "opt_ktrace.h"
38
39 #include <sys/param.h>
40 #include <sys/systm.h>
41 #include <sys/fcntl.h>
42 #include <sys/kernel.h>
43 #include <sys/kthread.h>
44 #include <sys/lock.h>
45 #include <sys/mutex.h>
46 #include <sys/malloc.h>
47 #include <sys/mount.h>
48 #include <sys/namei.h>
49 #include <sys/priv.h>
50 #include <sys/proc.h>
51 #include <sys/unistd.h>
52 #include <sys/vnode.h>
53 #include <sys/socket.h>
54 #include <sys/stat.h>
55 #include <sys/ktrace.h>
56 #include <sys/sx.h>
57 #include <sys/sysctl.h>
58 #include <sys/sysent.h>
59 #include <sys/syslog.h>
60 #include <sys/sysproto.h>
61
62 #include <security/mac/mac_framework.h>
63
64 /*
65 * The ktrace facility allows the tracing of certain key events in user space
66 * processes, such as system calls, signal delivery, context switches, and
67 * user generated events using utrace(2). It works by streaming event
68 * records and data to a vnode associated with the process using the
69 * ktrace(2) system call. In general, records can be written directly from
70 * the context that generates the event. One important exception to this is
71 * during a context switch, where sleeping is not permitted. To handle this
72 * case, trace events are generated using in-kernel ktr_request records, and
73 * then delivered to disk at a convenient moment -- either immediately, the
74 * next traceable event, at system call return, or at process exit.
75 *
76 * When dealing with multiple threads or processes writing to the same event
77 * log, ordering guarantees are weak: specifically, if an event has multiple
78 * records (i.e., system call enter and return), they may be interlaced with
79 * records from another event. Process and thread ID information is provided
80 * in the record, and user applications can de-interlace events if required.
81 */
82
83 static MALLOC_DEFINE(M_KTRACE, "KTRACE", "KTRACE");
84
85 #ifdef KTRACE
86
87 #ifndef KTRACE_REQUEST_POOL
88 #define KTRACE_REQUEST_POOL 100
89 #endif
90
91 struct ktr_request {
92 struct ktr_header ktr_header;
93 void *ktr_buffer;
94 union {
95 struct ktr_proc_ctor ktr_proc_ctor;
96 struct ktr_syscall ktr_syscall;
97 struct ktr_sysret ktr_sysret;
98 struct ktr_genio ktr_genio;
99 struct ktr_psig ktr_psig;
100 struct ktr_csw ktr_csw;
101 } ktr_data;
102 STAILQ_ENTRY(ktr_request) ktr_list;
103 };
104
105 static int data_lengths[] = {
106 0, /* none */
107 offsetof(struct ktr_syscall, ktr_args), /* KTR_SYSCALL */
108 sizeof(struct ktr_sysret), /* KTR_SYSRET */
109 0, /* KTR_NAMEI */
110 sizeof(struct ktr_genio), /* KTR_GENIO */
111 sizeof(struct ktr_psig), /* KTR_PSIG */
112 sizeof(struct ktr_csw), /* KTR_CSW */
113 0, /* KTR_USER */
114 0, /* KTR_STRUCT */
115 0, /* KTR_SYSCTL */
116 sizeof(struct ktr_proc_ctor), /* KTR_PROCCTOR */
117 0, /* KTR_PROCDTOR */
118 };
119
120 static STAILQ_HEAD(, ktr_request) ktr_free;
121
122 static SYSCTL_NODE(_kern, OID_AUTO, ktrace, CTLFLAG_RD, 0, "KTRACE options");
123
124 static u_int ktr_requestpool = KTRACE_REQUEST_POOL;
125 TUNABLE_INT("kern.ktrace.request_pool", &ktr_requestpool);
126
127 static u_int ktr_geniosize = PAGE_SIZE;
128 TUNABLE_INT("kern.ktrace.genio_size", &ktr_geniosize);
129 SYSCTL_UINT(_kern_ktrace, OID_AUTO, genio_size, CTLFLAG_RW, &ktr_geniosize,
130 0, "Maximum size of genio event payload");
131
132 static int print_message = 1;
133 static struct mtx ktrace_mtx;
134 static struct sx ktrace_sx;
135
136 static void ktrace_init(void *dummy);
137 static int sysctl_kern_ktrace_request_pool(SYSCTL_HANDLER_ARGS);
138 static u_int ktrace_resize_pool(u_int oldsize, u_int newsize);
139 static struct ktr_request *ktr_getrequest_entered(struct thread *td, int type);
140 static struct ktr_request *ktr_getrequest(int type);
141 static void ktr_submitrequest(struct thread *td, struct ktr_request *req);
142 static void ktr_freeproc(struct proc *p, struct ucred **uc,
143 struct vnode **vp);
144 static void ktr_freerequest(struct ktr_request *req);
145 static void ktr_freerequest_locked(struct ktr_request *req);
146 static void ktr_writerequest(struct thread *td, struct ktr_request *req);
147 static int ktrcanset(struct thread *,struct proc *);
148 static int ktrsetchildren(struct thread *,struct proc *,int,int,struct vnode *);
149 static int ktrops(struct thread *,struct proc *,int,int,struct vnode *);
150 static void ktrprocctor_entered(struct thread *, struct proc *);
151
152 /*
153 * ktrace itself generates events, such as context switches, which we do not
154 * wish to trace. Maintain a flag, TDP_INKTRACE, on each thread to determine
155 * whether or not it is in a region where tracing of events should be
156 * suppressed.
157 */
158 static void
159 ktrace_enter(struct thread *td)
160 {
161
162 KASSERT(!(td->td_pflags & TDP_INKTRACE), ("ktrace_enter: flag set"));
163 td->td_pflags |= TDP_INKTRACE;
164 }
165
166 static void
167 ktrace_exit(struct thread *td)
168 {
169
170 KASSERT(td->td_pflags & TDP_INKTRACE, ("ktrace_exit: flag not set"));
171 td->td_pflags &= ~TDP_INKTRACE;
172 }
173
174 static void
175 ktrace_assert(struct thread *td)
176 {
177
178 KASSERT(td->td_pflags & TDP_INKTRACE, ("ktrace_assert: flag not set"));
179 }
180
181 static void
182 ktrace_init(void *dummy)
183 {
184 struct ktr_request *req;
185 int i;
186
187 mtx_init(&ktrace_mtx, "ktrace", NULL, MTX_DEF | MTX_QUIET);
188 sx_init(&ktrace_sx, "ktrace_sx");
189 STAILQ_INIT(&ktr_free);
190 for (i = 0; i < ktr_requestpool; i++) {
191 req = malloc(sizeof(struct ktr_request), M_KTRACE, M_WAITOK);
192 STAILQ_INSERT_HEAD(&ktr_free, req, ktr_list);
193 }
194 }
195 SYSINIT(ktrace_init, SI_SUB_KTRACE, SI_ORDER_ANY, ktrace_init, NULL);
196
197 static int
198 sysctl_kern_ktrace_request_pool(SYSCTL_HANDLER_ARGS)
199 {
200 struct thread *td;
201 u_int newsize, oldsize, wantsize;
202 int error;
203
204 /* Handle easy read-only case first to avoid warnings from GCC. */
205 if (!req->newptr) {
206 oldsize = ktr_requestpool;
207 return (SYSCTL_OUT(req, &oldsize, sizeof(u_int)));
208 }
209
210 error = SYSCTL_IN(req, &wantsize, sizeof(u_int));
211 if (error)
212 return (error);
213 td = curthread;
214 ktrace_enter(td);
215 oldsize = ktr_requestpool;
216 newsize = ktrace_resize_pool(oldsize, wantsize);
217 ktrace_exit(td);
218 error = SYSCTL_OUT(req, &oldsize, sizeof(u_int));
219 if (error)
220 return (error);
221 if (wantsize > oldsize && newsize < wantsize)
222 return (ENOSPC);
223 return (0);
224 }
225 SYSCTL_PROC(_kern_ktrace, OID_AUTO, request_pool, CTLTYPE_UINT|CTLFLAG_RW,
226 &ktr_requestpool, 0, sysctl_kern_ktrace_request_pool, "IU", "");
227
228 static u_int
229 ktrace_resize_pool(u_int oldsize, u_int newsize)
230 {
231 STAILQ_HEAD(, ktr_request) ktr_new;
232 struct ktr_request *req;
233 int bound;
234
235 print_message = 1;
236 bound = newsize - oldsize;
237 if (bound == 0)
238 return (ktr_requestpool);
239 if (bound < 0) {
240 mtx_lock(&ktrace_mtx);
241 /* Shrink pool down to newsize if possible. */
242 while (bound++ < 0) {
243 req = STAILQ_FIRST(&ktr_free);
244 if (req == NULL)
245 break;
246 STAILQ_REMOVE_HEAD(&ktr_free, ktr_list);
247 ktr_requestpool--;
248 free(req, M_KTRACE);
249 }
250 } else {
251 /* Grow pool up to newsize. */
252 STAILQ_INIT(&ktr_new);
253 while (bound-- > 0) {
254 req = malloc(sizeof(struct ktr_request), M_KTRACE,
255 M_WAITOK);
256 STAILQ_INSERT_HEAD(&ktr_new, req, ktr_list);
257 }
258 mtx_lock(&ktrace_mtx);
259 STAILQ_CONCAT(&ktr_free, &ktr_new);
260 ktr_requestpool += (newsize - oldsize);
261 }
262 mtx_unlock(&ktrace_mtx);
263 return (ktr_requestpool);
264 }
265
266 /* ktr_getrequest() assumes that ktr_comm[] is the same size as td_name[]. */
267 CTASSERT(sizeof(((struct ktr_header *)NULL)->ktr_comm) ==
268 (sizeof((struct thread *)NULL)->td_name));
269
270 static struct ktr_request *
271 ktr_getrequest_entered(struct thread *td, int type)
272 {
273 struct ktr_request *req;
274 struct proc *p = td->td_proc;
275 int pm;
276
277 mtx_lock(&ktrace_mtx);
278 if (!KTRCHECK(td, type)) {
279 mtx_unlock(&ktrace_mtx);
280 return (NULL);
281 }
282 req = STAILQ_FIRST(&ktr_free);
283 if (req != NULL) {
284 STAILQ_REMOVE_HEAD(&ktr_free, ktr_list);
285 req->ktr_header.ktr_type = type;
286 if (p->p_traceflag & KTRFAC_DROP) {
287 req->ktr_header.ktr_type |= KTR_DROP;
288 p->p_traceflag &= ~KTRFAC_DROP;
289 }
290 mtx_unlock(&ktrace_mtx);
291 microtime(&req->ktr_header.ktr_time);
292 req->ktr_header.ktr_pid = p->p_pid;
293 req->ktr_header.ktr_tid = td->td_tid;
294 bcopy(td->td_name, req->ktr_header.ktr_comm,
295 sizeof(req->ktr_header.ktr_comm));
296 req->ktr_buffer = NULL;
297 req->ktr_header.ktr_len = 0;
298 } else {
299 p->p_traceflag |= KTRFAC_DROP;
300 pm = print_message;
301 print_message = 0;
302 mtx_unlock(&ktrace_mtx);
303 if (pm)
304 printf("Out of ktrace request objects.\n");
305 }
306 return (req);
307 }
308
309 static struct ktr_request *
310 ktr_getrequest(int type)
311 {
312 struct thread *td = curthread;
313 struct ktr_request *req;
314
315 ktrace_enter(td);
316 req = ktr_getrequest_entered(td, type);
317 if (req == NULL)
318 ktrace_exit(td);
319
320 return (req);
321 }
322
323 /*
324 * Some trace generation environments don't permit direct access to VFS,
325 * such as during a context switch where sleeping is not allowed. Under these
326 * circumstances, queue a request to the thread to be written asynchronously
327 * later.
328 */
329 static void
330 ktr_enqueuerequest(struct thread *td, struct ktr_request *req)
331 {
332
333 mtx_lock(&ktrace_mtx);
334 STAILQ_INSERT_TAIL(&td->td_proc->p_ktr, req, ktr_list);
335 mtx_unlock(&ktrace_mtx);
336 }
337
338 /*
339 * Drain any pending ktrace records from the per-thread queue to disk. This
340 * is used both internally before committing other records, and also on
341 * system call return. We drain all the ones we can find at the time when
342 * drain is requested, but don't keep draining after that as those events
343 * may be approximately "after" the current event.
344 */
345 static void
346 ktr_drain(struct thread *td)
347 {
348 struct ktr_request *queued_req;
349 STAILQ_HEAD(, ktr_request) local_queue;
350
351 ktrace_assert(td);
352 sx_assert(&ktrace_sx, SX_XLOCKED);
353
354 STAILQ_INIT(&local_queue); /* XXXRW: needed? */
355
356 if (!STAILQ_EMPTY(&td->td_proc->p_ktr)) {
357 mtx_lock(&ktrace_mtx);
358 STAILQ_CONCAT(&local_queue, &td->td_proc->p_ktr);
359 mtx_unlock(&ktrace_mtx);
360
361 while ((queued_req = STAILQ_FIRST(&local_queue))) {
362 STAILQ_REMOVE_HEAD(&local_queue, ktr_list);
363 ktr_writerequest(td, queued_req);
364 ktr_freerequest(queued_req);
365 }
366 }
367 }
368
369 /*
370 * Submit a trace record for immediate commit to disk -- to be used only
371 * where entering VFS is OK. First drain any pending records that may have
372 * been cached in the thread.
373 */
374 static void
375 ktr_submitrequest(struct thread *td, struct ktr_request *req)
376 {
377
378 ktrace_assert(td);
379
380 sx_xlock(&ktrace_sx);
381 ktr_drain(td);
382 ktr_writerequest(td, req);
383 ktr_freerequest(req);
384 sx_xunlock(&ktrace_sx);
385 ktrace_exit(td);
386 }
387
388 static void
389 ktr_freerequest(struct ktr_request *req)
390 {
391
392 mtx_lock(&ktrace_mtx);
393 ktr_freerequest_locked(req);
394 mtx_unlock(&ktrace_mtx);
395 }
396
397 static void
398 ktr_freerequest_locked(struct ktr_request *req)
399 {
400
401 mtx_assert(&ktrace_mtx, MA_OWNED);
402 if (req->ktr_buffer != NULL)
403 free(req->ktr_buffer, M_KTRACE);
404 STAILQ_INSERT_HEAD(&ktr_free, req, ktr_list);
405 }
406
407 /*
408 * Disable tracing for a process and release all associated resources.
409 * The caller is responsible for releasing a reference on the returned
410 * vnode and credentials.
411 */
412 static void
413 ktr_freeproc(struct proc *p, struct ucred **uc, struct vnode **vp)
414 {
415 struct ktr_request *req;
416
417 PROC_LOCK_ASSERT(p, MA_OWNED);
418 mtx_assert(&ktrace_mtx, MA_OWNED);
419 *uc = p->p_tracecred;
420 p->p_tracecred = NULL;
421 if (vp != NULL)
422 *vp = p->p_tracevp;
423 p->p_tracevp = NULL;
424 p->p_traceflag = 0;
425 while ((req = STAILQ_FIRST(&p->p_ktr)) != NULL) {
426 STAILQ_REMOVE_HEAD(&p->p_ktr, ktr_list);
427 ktr_freerequest_locked(req);
428 }
429 }
430
431 void
432 ktrsyscall(code, narg, args)
433 int code, narg;
434 register_t args[];
435 {
436 struct ktr_request *req;
437 struct ktr_syscall *ktp;
438 size_t buflen;
439 char *buf = NULL;
440
441 buflen = sizeof(register_t) * narg;
442 if (buflen > 0) {
443 buf = malloc(buflen, M_KTRACE, M_WAITOK);
444 bcopy(args, buf, buflen);
445 }
446 req = ktr_getrequest(KTR_SYSCALL);
447 if (req == NULL) {
448 if (buf != NULL)
449 free(buf, M_KTRACE);
450 return;
451 }
452 ktp = &req->ktr_data.ktr_syscall;
453 ktp->ktr_code = code;
454 ktp->ktr_narg = narg;
455 if (buflen > 0) {
456 req->ktr_header.ktr_len = buflen;
457 req->ktr_buffer = buf;
458 }
459 ktr_submitrequest(curthread, req);
460 }
461
462 void
463 ktrsysret(code, error, retval)
464 int code, error;
465 register_t retval;
466 {
467 struct ktr_request *req;
468 struct ktr_sysret *ktp;
469
470 req = ktr_getrequest(KTR_SYSRET);
471 if (req == NULL)
472 return;
473 ktp = &req->ktr_data.ktr_sysret;
474 ktp->ktr_code = code;
475 ktp->ktr_error = error;
476 ktp->ktr_retval = ((error == 0) ? retval: 0); /* what about val2 ? */
477 ktr_submitrequest(curthread, req);
478 }
479
480 /*
481 * When a setuid process execs, disable tracing.
482 *
483 * XXX: We toss any pending asynchronous records.
484 */
485 void
486 ktrprocexec(struct proc *p, struct ucred **uc, struct vnode **vp)
487 {
488
489 PROC_LOCK_ASSERT(p, MA_OWNED);
490 mtx_lock(&ktrace_mtx);
491 ktr_freeproc(p, uc, vp);
492 mtx_unlock(&ktrace_mtx);
493 }
494
495 /*
496 * When a process exits, drain per-process asynchronous trace records
497 * and disable tracing.
498 */
499 void
500 ktrprocexit(struct thread *td)
501 {
502 struct ktr_request *req;
503 struct proc *p;
504 struct ucred *cred;
505 struct vnode *vp;
506 int vfslocked;
507
508 p = td->td_proc;
509 if (p->p_traceflag == 0)
510 return;
511
512 ktrace_enter(td);
513 req = ktr_getrequest_entered(td, KTR_PROCDTOR);
514 if (req != NULL)
515 ktr_enqueuerequest(td, req);
516 sx_xlock(&ktrace_sx);
517 ktr_drain(td);
518 sx_xunlock(&ktrace_sx);
519 PROC_LOCK(p);
520 mtx_lock(&ktrace_mtx);
521 ktr_freeproc(p, &cred, &vp);
522 mtx_unlock(&ktrace_mtx);
523 PROC_UNLOCK(p);
524 if (vp != NULL) {
525 vfslocked = VFS_LOCK_GIANT(vp->v_mount);
526 vrele(vp);
527 VFS_UNLOCK_GIANT(vfslocked);
528 }
529 if (cred != NULL)
530 crfree(cred);
531 ktrace_exit(td);
532 }
533
534 static void
535 ktrprocctor_entered(struct thread *td, struct proc *p)
536 {
537 struct ktr_proc_ctor *ktp;
538 struct ktr_request *req;
539 struct thread *td2;
540
541 ktrace_assert(td);
542 td2 = FIRST_THREAD_IN_PROC(p);
543 req = ktr_getrequest_entered(td2, KTR_PROCCTOR);
544 if (req == NULL)
545 return;
546 ktp = &req->ktr_data.ktr_proc_ctor;
547 ktp->sv_flags = p->p_sysent->sv_flags;
548 ktr_enqueuerequest(td2, req);
549 }
550
551 void
552 ktrprocctor(struct proc *p)
553 {
554 struct thread *td = curthread;
555
556 if ((p->p_traceflag & KTRFAC_MASK) == 0)
557 return;
558
559 ktrace_enter(td);
560 ktrprocctor_entered(td, p);
561 ktrace_exit(td);
562 }
563
564 /*
565 * When a process forks, enable tracing in the new process if needed.
566 */
567 void
568 ktrprocfork(struct proc *p1, struct proc *p2)
569 {
570
571 PROC_LOCK(p1);
572 mtx_lock(&ktrace_mtx);
573 KASSERT(p2->p_tracevp == NULL, ("new process has a ktrace vnode"));
574 if (p1->p_traceflag & KTRFAC_INHERIT) {
575 p2->p_traceflag = p1->p_traceflag;
576 if ((p2->p_tracevp = p1->p_tracevp) != NULL) {
577 VREF(p2->p_tracevp);
578 KASSERT(p1->p_tracecred != NULL,
579 ("ktrace vnode with no cred"));
580 p2->p_tracecred = crhold(p1->p_tracecred);
581 }
582 }
583 mtx_unlock(&ktrace_mtx);
584 PROC_UNLOCK(p1);
585
586 ktrprocctor(p2);
587 }
588
589 /*
590 * When a thread returns, drain any asynchronous records generated by the
591 * system call.
592 */
593 void
594 ktruserret(struct thread *td)
595 {
596
597 ktrace_enter(td);
598 sx_xlock(&ktrace_sx);
599 ktr_drain(td);
600 sx_xunlock(&ktrace_sx);
601 ktrace_exit(td);
602 }
603
604 void
605 ktrnamei(path)
606 char *path;
607 {
608 struct ktr_request *req;
609 int namelen;
610 char *buf = NULL;
611
612 namelen = strlen(path);
613 if (namelen > 0) {
614 buf = malloc(namelen, M_KTRACE, M_WAITOK);
615 bcopy(path, buf, namelen);
616 }
617 req = ktr_getrequest(KTR_NAMEI);
618 if (req == NULL) {
619 if (buf != NULL)
620 free(buf, M_KTRACE);
621 return;
622 }
623 if (namelen > 0) {
624 req->ktr_header.ktr_len = namelen;
625 req->ktr_buffer = buf;
626 }
627 ktr_submitrequest(curthread, req);
628 }
629
630 void
631 ktrsysctl(name, namelen)
632 int *name;
633 u_int namelen;
634 {
635 struct ktr_request *req;
636 u_int mib[CTL_MAXNAME + 2];
637 char *mibname;
638 size_t mibnamelen;
639 int error;
640
641 /* Lookup name of mib. */
642 KASSERT(namelen <= CTL_MAXNAME, ("sysctl MIB too long"));
643 mib[0] = 0;
644 mib[1] = 1;
645 bcopy(name, mib + 2, namelen * sizeof(*name));
646 mibnamelen = 128;
647 mibname = malloc(mibnamelen, M_KTRACE, M_WAITOK);
648 error = kernel_sysctl(curthread, mib, namelen + 2, mibname, &mibnamelen,
649 NULL, 0, &mibnamelen, 0);
650 if (error) {
651 free(mibname, M_KTRACE);
652 return;
653 }
654 req = ktr_getrequest(KTR_SYSCTL);
655 if (req == NULL) {
656 free(mibname, M_KTRACE);
657 return;
658 }
659 req->ktr_header.ktr_len = mibnamelen;
660 req->ktr_buffer = mibname;
661 ktr_submitrequest(curthread, req);
662 }
663
664 void
665 ktrgenio(fd, rw, uio, error)
666 int fd;
667 enum uio_rw rw;
668 struct uio *uio;
669 int error;
670 {
671 struct ktr_request *req;
672 struct ktr_genio *ktg;
673 int datalen;
674 char *buf;
675
676 if (error) {
677 free(uio, M_IOV);
678 return;
679 }
680 uio->uio_offset = 0;
681 uio->uio_rw = UIO_WRITE;
682 datalen = imin(uio->uio_resid, ktr_geniosize);
683 buf = malloc(datalen, M_KTRACE, M_WAITOK);
684 error = uiomove(buf, datalen, uio);
685 free(uio, M_IOV);
686 if (error) {
687 free(buf, M_KTRACE);
688 return;
689 }
690 req = ktr_getrequest(KTR_GENIO);
691 if (req == NULL) {
692 free(buf, M_KTRACE);
693 return;
694 }
695 ktg = &req->ktr_data.ktr_genio;
696 ktg->ktr_fd = fd;
697 ktg->ktr_rw = rw;
698 req->ktr_header.ktr_len = datalen;
699 req->ktr_buffer = buf;
700 ktr_submitrequest(curthread, req);
701 }
702
703 void
704 ktrpsig(sig, action, mask, code)
705 int sig;
706 sig_t action;
707 sigset_t *mask;
708 int code;
709 {
710 struct thread *td = curthread;
711 struct ktr_request *req;
712 struct ktr_psig *kp;
713
714 req = ktr_getrequest(KTR_PSIG);
715 if (req == NULL)
716 return;
717 kp = &req->ktr_data.ktr_psig;
718 kp->signo = (char)sig;
719 kp->action = action;
720 kp->mask = *mask;
721 kp->code = code;
722 ktr_enqueuerequest(td, req);
723 ktrace_exit(td);
724 }
725
726 void
727 ktrcsw(out, user)
728 int out, user;
729 {
730 struct thread *td = curthread;
731 struct ktr_request *req;
732 struct ktr_csw *kc;
733
734 req = ktr_getrequest(KTR_CSW);
735 if (req == NULL)
736 return;
737 kc = &req->ktr_data.ktr_csw;
738 kc->out = out;
739 kc->user = user;
740 ktr_enqueuerequest(td, req);
741 ktrace_exit(td);
742 }
743
744 void
745 ktrstruct(name, namelen, data, datalen)
746 const char *name;
747 size_t namelen;
748 void *data;
749 size_t datalen;
750 {
751 struct ktr_request *req;
752 char *buf = NULL;
753 size_t buflen;
754
755 if (!data)
756 datalen = 0;
757 buflen = namelen + 1 + datalen;
758 buf = malloc(buflen, M_KTRACE, M_WAITOK);
759 bcopy(name, buf, namelen);
760 buf[namelen] = '\0';
761 bcopy(data, buf + namelen + 1, datalen);
762 if ((req = ktr_getrequest(KTR_STRUCT)) == NULL) {
763 free(buf, M_KTRACE);
764 return;
765 }
766 req->ktr_buffer = buf;
767 req->ktr_header.ktr_len = buflen;
768 ktr_submitrequest(curthread, req);
769 }
770 #endif /* KTRACE */
771
772 /* Interface and common routines */
773
774 #ifndef _SYS_SYSPROTO_H_
775 struct ktrace_args {
776 char *fname;
777 int ops;
778 int facs;
779 int pid;
780 };
781 #endif
782 /* ARGSUSED */
783 int
784 ktrace(td, uap)
785 struct thread *td;
786 register struct ktrace_args *uap;
787 {
788 #ifdef KTRACE
789 register struct vnode *vp = NULL;
790 register struct proc *p;
791 struct pgrp *pg;
792 int facs = uap->facs & ~KTRFAC_ROOT;
793 int ops = KTROP(uap->ops);
794 int descend = uap->ops & KTRFLAG_DESCEND;
795 int nfound, ret = 0;
796 int flags, error = 0, vfslocked;
797 struct nameidata nd;
798 struct ucred *cred;
799
800 /*
801 * Need something to (un)trace.
802 */
803 if (ops != KTROP_CLEARFILE && facs == 0)
804 return (EINVAL);
805
806 ktrace_enter(td);
807 if (ops != KTROP_CLEAR) {
808 /*
809 * an operation which requires a file argument.
810 */
811 NDINIT(&nd, LOOKUP, NOFOLLOW | MPSAFE, UIO_USERSPACE,
812 uap->fname, td);
813 flags = FREAD | FWRITE | O_NOFOLLOW;
814 error = vn_open(&nd, &flags, 0, NULL);
815 if (error) {
816 ktrace_exit(td);
817 return (error);
818 }
819 vfslocked = NDHASGIANT(&nd);
820 NDFREE(&nd, NDF_ONLY_PNBUF);
821 vp = nd.ni_vp;
822 VOP_UNLOCK(vp, 0);
823 if (vp->v_type != VREG) {
824 (void) vn_close(vp, FREAD|FWRITE, td->td_ucred, td);
825 VFS_UNLOCK_GIANT(vfslocked);
826 ktrace_exit(td);
827 return (EACCES);
828 }
829 VFS_UNLOCK_GIANT(vfslocked);
830 }
831 /*
832 * Clear all uses of the tracefile.
833 */
834 if (ops == KTROP_CLEARFILE) {
835 int vrele_count;
836
837 vrele_count = 0;
838 sx_slock(&allproc_lock);
839 FOREACH_PROC_IN_SYSTEM(p) {
840 PROC_LOCK(p);
841 if (p->p_tracevp == vp) {
842 if (ktrcanset(td, p)) {
843 mtx_lock(&ktrace_mtx);
844 ktr_freeproc(p, &cred, NULL);
845 mtx_unlock(&ktrace_mtx);
846 vrele_count++;
847 crfree(cred);
848 } else
849 error = EPERM;
850 }
851 PROC_UNLOCK(p);
852 }
853 sx_sunlock(&allproc_lock);
854 if (vrele_count > 0) {
855 vfslocked = VFS_LOCK_GIANT(vp->v_mount);
856 while (vrele_count-- > 0)
857 vrele(vp);
858 VFS_UNLOCK_GIANT(vfslocked);
859 }
860 goto done;
861 }
862 /*
863 * do it
864 */
865 sx_slock(&proctree_lock);
866 if (uap->pid < 0) {
867 /*
868 * by process group
869 */
870 pg = pgfind(-uap->pid);
871 if (pg == NULL) {
872 sx_sunlock(&proctree_lock);
873 error = ESRCH;
874 goto done;
875 }
876 /*
877 * ktrops() may call vrele(). Lock pg_members
878 * by the proctree_lock rather than pg_mtx.
879 */
880 PGRP_UNLOCK(pg);
881 nfound = 0;
882 LIST_FOREACH(p, &pg->pg_members, p_pglist) {
883 PROC_LOCK(p);
884 if (p->p_state == PRS_NEW ||
885 p_cansee(td, p) != 0) {
886 PROC_UNLOCK(p);
887 continue;
888 }
889 PROC_UNLOCK(p);
890 nfound++;
891 if (descend)
892 ret |= ktrsetchildren(td, p, ops, facs, vp);
893 else
894 ret |= ktrops(td, p, ops, facs, vp);
895 }
896 if (nfound == 0) {
897 sx_sunlock(&proctree_lock);
898 error = ESRCH;
899 goto done;
900 }
901 } else {
902 /*
903 * by pid
904 */
905 p = pfind(uap->pid);
906 if (p == NULL) {
907 sx_sunlock(&proctree_lock);
908 error = ESRCH;
909 goto done;
910 }
911 error = p_cansee(td, p);
912 /*
913 * The slock of the proctree lock will keep this process
914 * from going away, so unlocking the proc here is ok.
915 */
916 PROC_UNLOCK(p);
917 if (error) {
918 sx_sunlock(&proctree_lock);
919 goto done;
920 }
921 if (descend)
922 ret |= ktrsetchildren(td, p, ops, facs, vp);
923 else
924 ret |= ktrops(td, p, ops, facs, vp);
925 }
926 sx_sunlock(&proctree_lock);
927 if (!ret)
928 error = EPERM;
929 done:
930 if (vp != NULL) {
931 vfslocked = VFS_LOCK_GIANT(vp->v_mount);
932 (void) vn_close(vp, FWRITE, td->td_ucred, td);
933 VFS_UNLOCK_GIANT(vfslocked);
934 }
935 ktrace_exit(td);
936 return (error);
937 #else /* !KTRACE */
938 return (ENOSYS);
939 #endif /* KTRACE */
940 }
941
942 /* ARGSUSED */
943 int
944 utrace(td, uap)
945 struct thread *td;
946 register struct utrace_args *uap;
947 {
948
949 #ifdef KTRACE
950 struct ktr_request *req;
951 void *cp;
952 int error;
953
954 if (!KTRPOINT(td, KTR_USER))
955 return (0);
956 if (uap->len > KTR_USER_MAXLEN)
957 return (EINVAL);
958 cp = malloc(uap->len, M_KTRACE, M_WAITOK);
959 error = copyin(uap->addr, cp, uap->len);
960 if (error) {
961 free(cp, M_KTRACE);
962 return (error);
963 }
964 req = ktr_getrequest(KTR_USER);
965 if (req == NULL) {
966 free(cp, M_KTRACE);
967 return (ENOMEM);
968 }
969 req->ktr_buffer = cp;
970 req->ktr_header.ktr_len = uap->len;
971 ktr_submitrequest(td, req);
972 return (0);
973 #else /* !KTRACE */
974 return (ENOSYS);
975 #endif /* KTRACE */
976 }
977
978 #ifdef KTRACE
979 static int
980 ktrops(td, p, ops, facs, vp)
981 struct thread *td;
982 struct proc *p;
983 int ops, facs;
984 struct vnode *vp;
985 {
986 struct vnode *tracevp = NULL;
987 struct ucred *tracecred = NULL;
988
989 PROC_LOCK(p);
990 if (!ktrcanset(td, p)) {
991 PROC_UNLOCK(p);
992 return (0);
993 }
994 mtx_lock(&ktrace_mtx);
995 if (ops == KTROP_SET) {
996 if (p->p_tracevp != vp) {
997 /*
998 * if trace file already in use, relinquish below
999 */
1000 tracevp = p->p_tracevp;
1001 VREF(vp);
1002 p->p_tracevp = vp;
1003 }
1004 if (p->p_tracecred != td->td_ucred) {
1005 tracecred = p->p_tracecred;
1006 p->p_tracecred = crhold(td->td_ucred);
1007 }
1008 p->p_traceflag |= facs;
1009 if (priv_check(td, PRIV_KTRACE) == 0)
1010 p->p_traceflag |= KTRFAC_ROOT;
1011 } else {
1012 /* KTROP_CLEAR */
1013 if (((p->p_traceflag &= ~facs) & KTRFAC_MASK) == 0)
1014 /* no more tracing */
1015 ktr_freeproc(p, &tracecred, &tracevp);
1016 }
1017 mtx_unlock(&ktrace_mtx);
1018 if ((p->p_traceflag & KTRFAC_MASK) != 0)
1019 ktrprocctor_entered(td, p);
1020 PROC_UNLOCK(p);
1021 if (tracevp != NULL) {
1022 int vfslocked;
1023
1024 vfslocked = VFS_LOCK_GIANT(tracevp->v_mount);
1025 vrele(tracevp);
1026 VFS_UNLOCK_GIANT(vfslocked);
1027 }
1028 if (tracecred != NULL)
1029 crfree(tracecred);
1030
1031 return (1);
1032 }
1033
1034 static int
1035 ktrsetchildren(td, top, ops, facs, vp)
1036 struct thread *td;
1037 struct proc *top;
1038 int ops, facs;
1039 struct vnode *vp;
1040 {
1041 register struct proc *p;
1042 register int ret = 0;
1043
1044 p = top;
1045 sx_assert(&proctree_lock, SX_LOCKED);
1046 for (;;) {
1047 ret |= ktrops(td, p, ops, facs, vp);
1048 /*
1049 * If this process has children, descend to them next,
1050 * otherwise do any siblings, and if done with this level,
1051 * follow back up the tree (but not past top).
1052 */
1053 if (!LIST_EMPTY(&p->p_children))
1054 p = LIST_FIRST(&p->p_children);
1055 else for (;;) {
1056 if (p == top)
1057 return (ret);
1058 if (LIST_NEXT(p, p_sibling)) {
1059 p = LIST_NEXT(p, p_sibling);
1060 break;
1061 }
1062 p = p->p_pptr;
1063 }
1064 }
1065 /*NOTREACHED*/
1066 }
1067
1068 static void
1069 ktr_writerequest(struct thread *td, struct ktr_request *req)
1070 {
1071 struct ktr_header *kth;
1072 struct vnode *vp;
1073 struct proc *p;
1074 struct ucred *cred;
1075 struct uio auio;
1076 struct iovec aiov[3];
1077 struct mount *mp;
1078 int datalen, buflen, vrele_count;
1079 int error, vfslocked;
1080
1081 /*
1082 * We hold the vnode and credential for use in I/O in case ktrace is
1083 * disabled on the process as we write out the request.
1084 *
1085 * XXXRW: This is not ideal: we could end up performing a write after
1086 * the vnode has been closed.
1087 */
1088 mtx_lock(&ktrace_mtx);
1089 vp = td->td_proc->p_tracevp;
1090 cred = td->td_proc->p_tracecred;
1091
1092 /*
1093 * If vp is NULL, the vp has been cleared out from under this
1094 * request, so just drop it. Make sure the credential and vnode are
1095 * in sync: we should have both or neither.
1096 */
1097 if (vp == NULL) {
1098 KASSERT(cred == NULL, ("ktr_writerequest: cred != NULL"));
1099 mtx_unlock(&ktrace_mtx);
1100 return;
1101 }
1102 VREF(vp);
1103 KASSERT(cred != NULL, ("ktr_writerequest: cred == NULL"));
1104 crhold(cred);
1105 mtx_unlock(&ktrace_mtx);
1106
1107 kth = &req->ktr_header;
1108 KASSERT(((u_short)kth->ktr_type & ~KTR_DROP) <
1109 sizeof(data_lengths) / sizeof(data_lengths[0]),
1110 ("data_lengths array overflow"));
1111 datalen = data_lengths[(u_short)kth->ktr_type & ~KTR_DROP];
1112 buflen = kth->ktr_len;
1113 auio.uio_iov = &aiov[0];
1114 auio.uio_offset = 0;
1115 auio.uio_segflg = UIO_SYSSPACE;
1116 auio.uio_rw = UIO_WRITE;
1117 aiov[0].iov_base = (caddr_t)kth;
1118 aiov[0].iov_len = sizeof(struct ktr_header);
1119 auio.uio_resid = sizeof(struct ktr_header);
1120 auio.uio_iovcnt = 1;
1121 auio.uio_td = td;
1122 if (datalen != 0) {
1123 aiov[1].iov_base = (caddr_t)&req->ktr_data;
1124 aiov[1].iov_len = datalen;
1125 auio.uio_resid += datalen;
1126 auio.uio_iovcnt++;
1127 kth->ktr_len += datalen;
1128 }
1129 if (buflen != 0) {
1130 KASSERT(req->ktr_buffer != NULL, ("ktrace: nothing to write"));
1131 aiov[auio.uio_iovcnt].iov_base = req->ktr_buffer;
1132 aiov[auio.uio_iovcnt].iov_len = buflen;
1133 auio.uio_resid += buflen;
1134 auio.uio_iovcnt++;
1135 }
1136
1137 vfslocked = VFS_LOCK_GIANT(vp->v_mount);
1138 vn_start_write(vp, &mp, V_WAIT);
1139 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
1140 #ifdef MAC
1141 error = mac_vnode_check_write(cred, NOCRED, vp);
1142 if (error == 0)
1143 #endif
1144 error = VOP_WRITE(vp, &auio, IO_UNIT | IO_APPEND, cred);
1145 VOP_UNLOCK(vp, 0);
1146 vn_finished_write(mp);
1147 crfree(cred);
1148 if (!error) {
1149 vrele(vp);
1150 VFS_UNLOCK_GIANT(vfslocked);
1151 return;
1152 }
1153 VFS_UNLOCK_GIANT(vfslocked);
1154
1155 /*
1156 * If error encountered, give up tracing on this vnode. We defer
1157 * all the vrele()'s on the vnode until after we are finished walking
1158 * the various lists to avoid needlessly holding locks.
1159 * NB: at this point we still hold the vnode reference that must
1160 * not go away as we need the valid vnode to compare with. Thus let
1161 * vrele_count start at 1 and the reference will be freed
1162 * by the loop at the end after our last use of vp.
1163 */
1164 log(LOG_NOTICE, "ktrace write failed, errno %d, tracing stopped\n",
1165 error);
1166 vrele_count = 1;
1167 /*
1168 * First, clear this vnode from being used by any processes in the
1169 * system.
1170 * XXX - If one process gets an EPERM writing to the vnode, should
1171 * we really do this? Other processes might have suitable
1172 * credentials for the operation.
1173 */
1174 cred = NULL;
1175 sx_slock(&allproc_lock);
1176 FOREACH_PROC_IN_SYSTEM(p) {
1177 PROC_LOCK(p);
1178 if (p->p_tracevp == vp) {
1179 mtx_lock(&ktrace_mtx);
1180 ktr_freeproc(p, &cred, NULL);
1181 mtx_unlock(&ktrace_mtx);
1182 vrele_count++;
1183 }
1184 PROC_UNLOCK(p);
1185 if (cred != NULL) {
1186 crfree(cred);
1187 cred = NULL;
1188 }
1189 }
1190 sx_sunlock(&allproc_lock);
1191
1192 vfslocked = VFS_LOCK_GIANT(vp->v_mount);
1193 while (vrele_count-- > 0)
1194 vrele(vp);
1195 VFS_UNLOCK_GIANT(vfslocked);
1196 }
1197
1198 /*
1199 * Return true if caller has permission to set the ktracing state
1200 * of target. Essentially, the target can't possess any
1201 * more permissions than the caller. KTRFAC_ROOT signifies that
1202 * root previously set the tracing status on the target process, and
1203 * so, only root may further change it.
1204 */
1205 static int
1206 ktrcanset(td, targetp)
1207 struct thread *td;
1208 struct proc *targetp;
1209 {
1210
1211 PROC_LOCK_ASSERT(targetp, MA_OWNED);
1212 if (targetp->p_traceflag & KTRFAC_ROOT &&
1213 priv_check(td, PRIV_KTRACE))
1214 return (0);
1215
1216 if (p_candebug(td, targetp) != 0)
1217 return (0);
1218
1219 return (1);
1220 }
1221
1222 #endif /* KTRACE */
Cache object: ef5bda79a544b7ac817704ab2e202d30
|