trace_syscalls.c 15 KB
Newer Older
1
#include <trace/syscall.h>
2
#include <trace/events/syscalls.h>
3
#include <linux/slab.h>
4
#include <linux/kernel.h>
5
#include <linux/ftrace.h>
6
#include <linux/perf_event.h>
7
8
9
10
11
#include <asm/syscall.h>

#include "trace_output.h"
#include "trace.h"

12
static DEFINE_MUTEX(syscall_trace_lock);
13
14
static int sys_refcount_enter;
static int sys_refcount_exit;
15
16
static DECLARE_BITMAP(enabled_enter_syscalls, NR_syscalls);
static DECLARE_BITMAP(enabled_exit_syscalls, NR_syscalls);
17

18
19
20
21
22
23
24
25
26
27
28
29
30
static int syscall_enter_register(struct ftrace_event_call *event,
				 enum trace_reg type);
static int syscall_exit_register(struct ftrace_event_call *event,
				 enum trace_reg type);

struct ftrace_event_class event_class_syscall_enter = {
	.system			= "syscalls",
	.reg			= syscall_enter_register
};

struct ftrace_event_class event_class_syscall_exit = {
	.system			= "syscalls",
	.reg			= syscall_exit_register
31
32
};

33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
extern unsigned long __start_syscalls_metadata[];
extern unsigned long __stop_syscalls_metadata[];

static struct syscall_metadata **syscalls_metadata;

static struct syscall_metadata *find_syscall_meta(unsigned long syscall)
{
	struct syscall_metadata *start;
	struct syscall_metadata *stop;
	char str[KSYM_SYMBOL_LEN];


	start = (struct syscall_metadata *)__start_syscalls_metadata;
	stop = (struct syscall_metadata *)__stop_syscalls_metadata;
	kallsyms_lookup(syscall, NULL, NULL, NULL, str);

	for ( ; start < stop; start++) {
		/*
		 * Only compare after the "sys" prefix. Archs that use
		 * syscall wrappers may have syscalls symbols aliases prefixed
		 * with "SyS" instead of "sys", leading to an unwanted
		 * mismatch.
		 */
		if (start->name && !strcmp(start->name + 3, str + 3))
			return start;
	}
	return NULL;
}

static struct syscall_metadata *syscall_nr_to_meta(int nr)
{
	if (!syscalls_metadata || nr >= NR_syscalls || nr < 0)
		return NULL;

	return syscalls_metadata[nr];
}

70
71
72
73
74
75
76
77
78
enum print_line_t
print_syscall_enter(struct trace_iterator *iter, int flags)
{
	struct trace_seq *s = &iter->seq;
	struct trace_entry *ent = iter->ent;
	struct syscall_trace_enter *trace;
	struct syscall_metadata *entry;
	int i, ret, syscall;

79
	trace = (typeof(trace))ent;
80
81
	syscall = trace->nr;
	entry = syscall_nr_to_meta(syscall);
82

83
84
85
	if (!entry)
		goto end;

86
	if (entry->enter_event->id != ent->type) {
87
88
89
90
		WARN_ON_ONCE(1);
		goto end;
	}

91
92
93
94
95
96
	ret = trace_seq_printf(s, "%s(", entry->name);
	if (!ret)
		return TRACE_TYPE_PARTIAL_LINE;

	for (i = 0; i < entry->nb_args; i++) {
		/* parameter types */
97
		if (trace_flags & TRACE_ITER_VERBOSE) {
98
99
100
101
102
			ret = trace_seq_printf(s, "%s ", entry->types[i]);
			if (!ret)
				return TRACE_TYPE_PARTIAL_LINE;
		}
		/* parameter values */
103
		ret = trace_seq_printf(s, "%s: %lx%s", entry->args[i],
104
				       trace->args[i],
105
				       i == entry->nb_args - 1 ? "" : ", ");
106
107
108
109
		if (!ret)
			return TRACE_TYPE_PARTIAL_LINE;
	}

110
111
112
113
	ret = trace_seq_putc(s, ')');
	if (!ret)
		return TRACE_TYPE_PARTIAL_LINE;

114
end:
115
116
117
118
	ret =  trace_seq_putc(s, '\n');
	if (!ret)
		return TRACE_TYPE_PARTIAL_LINE;

119
120
121
122
123
124
125
126
127
128
129
130
131
	return TRACE_TYPE_HANDLED;
}

enum print_line_t
print_syscall_exit(struct trace_iterator *iter, int flags)
{
	struct trace_seq *s = &iter->seq;
	struct trace_entry *ent = iter->ent;
	struct syscall_trace_exit *trace;
	int syscall;
	struct syscall_metadata *entry;
	int ret;

132
	trace = (typeof(trace))ent;
133
134
	syscall = trace->nr;
	entry = syscall_nr_to_meta(syscall);
135

136
137
138
139
140
	if (!entry) {
		trace_seq_printf(s, "\n");
		return TRACE_TYPE_HANDLED;
	}

141
	if (entry->exit_event->id != ent->type) {
142
143
144
145
		WARN_ON_ONCE(1);
		return TRACE_TYPE_UNHANDLED;
	}

146
147
148
149
150
151
152
153
	ret = trace_seq_printf(s, "%s -> 0x%lx\n", entry->name,
				trace->ret);
	if (!ret)
		return TRACE_TYPE_PARTIAL_LINE;

	return TRACE_TYPE_HANDLED;
}

154
155
156
157
158
extern char *__bad_type_size(void);

#define SYSCALL_FIELD(type, name)					\
	sizeof(type) != sizeof(trace.name) ?				\
		__bad_type_size() :					\
159
160
		#type, #name, offsetof(typeof(trace), name),		\
		sizeof(trace.name), is_signed_type(type)
161

162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
static
int  __set_enter_print_fmt(struct syscall_metadata *entry, char *buf, int len)
{
	int i;
	int pos = 0;

	/* When len=0, we just calculate the needed length */
#define LEN_OR_ZERO (len ? len - pos : 0)

	pos += snprintf(buf + pos, LEN_OR_ZERO, "\"");
	for (i = 0; i < entry->nb_args; i++) {
		pos += snprintf(buf + pos, LEN_OR_ZERO, "%s: 0x%%0%zulx%s",
				entry->args[i], sizeof(unsigned long),
				i == entry->nb_args - 1 ? "" : ", ");
	}
	pos += snprintf(buf + pos, LEN_OR_ZERO, "\"");

	for (i = 0; i < entry->nb_args; i++) {
		pos += snprintf(buf + pos, LEN_OR_ZERO,
				", ((unsigned long)(REC->%s))", entry->args[i]);
	}

#undef LEN_OR_ZERO

	/* return the length of print_fmt */
	return pos;
}

static int set_syscall_print_fmt(struct ftrace_event_call *call)
{
	char *print_fmt;
	int len;
	struct syscall_metadata *entry = call->data;

	if (entry->enter_event != call) {
		call->print_fmt = "\"0x%lx\", REC->ret";
		return 0;
	}

	/* First: called with 0 length to calculate the needed length */
	len = __set_enter_print_fmt(entry, NULL, 0);

	print_fmt = kmalloc(len + 1, GFP_KERNEL);
	if (!print_fmt)
		return -ENOMEM;

	/* Second: actually write the @print_fmt */
	__set_enter_print_fmt(entry, print_fmt, len + 1);
	call->print_fmt = print_fmt;

	return 0;
}

static void free_syscall_print_fmt(struct ftrace_event_call *call)
{
	struct syscall_metadata *entry = call->data;

	if (entry->enter_event == call)
		kfree(call->print_fmt);
}

223
224
225
int syscall_enter_define_fields(struct ftrace_event_call *call)
{
	struct syscall_trace_enter trace;
226
	struct syscall_metadata *meta = call->data;
227
228
229
230
	int ret;
	int i;
	int offset = offsetof(typeof(trace), args);

231
232
233
234
	ret = trace_define_field(call, SYSCALL_FIELD(int, nr), FILTER_OTHER);
	if (ret)
		return ret;

235
	for (i = 0; i < meta->nb_args; i++) {
236
237
		ret = trace_define_field(call, meta->types[i],
					 meta->args[i], offset,
238
239
					 sizeof(unsigned long), 0,
					 FILTER_OTHER);
240
241
242
243
244
245
246
247
248
249
250
		offset += sizeof(unsigned long);
	}

	return ret;
}

int syscall_exit_define_fields(struct ftrace_event_call *call)
{
	struct syscall_trace_exit trace;
	int ret;

251
252
253
254
	ret = trace_define_field(call, SYSCALL_FIELD(int, nr), FILTER_OTHER);
	if (ret)
		return ret;

255
	ret = trace_define_field(call, SYSCALL_FIELD(long, ret),
256
				 FILTER_OTHER);
257
258
259
260

	return ret;
}

261
void ftrace_syscall_enter(void *ignore, struct pt_regs *regs, long id)
262
{
263
264
265
	struct syscall_trace_enter *entry;
	struct syscall_metadata *sys_data;
	struct ring_buffer_event *event;
266
	struct ring_buffer *buffer;
267
	int size;
268
269
270
	int syscall_nr;

	syscall_nr = syscall_get_nr(current, regs);
271
272
	if (syscall_nr < 0)
		return;
273
274
	if (!test_bit(syscall_nr, enabled_enter_syscalls))
		return;
275

276
277
278
279
280
281
	sys_data = syscall_nr_to_meta(syscall_nr);
	if (!sys_data)
		return;

	size = sizeof(*entry) + sizeof(unsigned long) * sys_data->nb_args;

282
283
	event = trace_current_buffer_lock_reserve(&buffer,
			sys_data->enter_event->id, size, 0, 0);
284
285
286
287
288
289
290
	if (!event)
		return;

	entry = ring_buffer_event_data(event);
	entry->nr = syscall_nr;
	syscall_get_arguments(current, regs, 0, sys_data->nb_args, entry->args);

291
292
293
	if (!filter_current_check_discard(buffer, sys_data->enter_event,
					  entry, event))
		trace_current_buffer_unlock_commit(buffer, event, 0, 0);
294
295
}

296
void ftrace_syscall_exit(void *ignore, struct pt_regs *regs, long ret)
297
{
298
299
300
	struct syscall_trace_exit *entry;
	struct syscall_metadata *sys_data;
	struct ring_buffer_event *event;
301
	struct ring_buffer *buffer;
302
303
304
	int syscall_nr;

	syscall_nr = syscall_get_nr(current, regs);
305
306
	if (syscall_nr < 0)
		return;
307
308
	if (!test_bit(syscall_nr, enabled_exit_syscalls))
		return;
309

310
311
312
313
	sys_data = syscall_nr_to_meta(syscall_nr);
	if (!sys_data)
		return;

314
315
	event = trace_current_buffer_lock_reserve(&buffer,
			sys_data->exit_event->id, sizeof(*entry), 0, 0);
316
317
318
319
320
321
322
	if (!event)
		return;

	entry = ring_buffer_event_data(event);
	entry->nr = syscall_nr;
	entry->ret = syscall_get_return_value(current, regs);

323
324
325
	if (!filter_current_check_discard(buffer, sys_data->exit_event,
					  entry, event))
		trace_current_buffer_unlock_commit(buffer, event, 0, 0);
326
327
}

328
int reg_event_syscall_enter(struct ftrace_event_call *call)
329
{
330
331
332
	int ret = 0;
	int num;

333
	num = ((struct syscall_metadata *)call->data)->syscall_nr;
334
	if (num < 0 || num >= NR_syscalls)
335
336
337
		return -ENOSYS;
	mutex_lock(&syscall_trace_lock);
	if (!sys_refcount_enter)
338
		ret = register_trace_sys_enter(ftrace_syscall_enter, NULL);
339
	if (!ret) {
340
341
342
343
344
		set_bit(num, enabled_enter_syscalls);
		sys_refcount_enter++;
	}
	mutex_unlock(&syscall_trace_lock);
	return ret;
345
346
}

347
void unreg_event_syscall_enter(struct ftrace_event_call *call)
348
{
349
	int num;
350

351
	num = ((struct syscall_metadata *)call->data)->syscall_nr;
352
	if (num < 0 || num >= NR_syscalls)
353
354
355
356
357
		return;
	mutex_lock(&syscall_trace_lock);
	sys_refcount_enter--;
	clear_bit(num, enabled_enter_syscalls);
	if (!sys_refcount_enter)
358
		unregister_trace_sys_enter(ftrace_syscall_enter, NULL);
359
360
	mutex_unlock(&syscall_trace_lock);
}
361

362
int reg_event_syscall_exit(struct ftrace_event_call *call)
363
{
364
365
366
	int ret = 0;
	int num;

367
	num = ((struct syscall_metadata *)call->data)->syscall_nr;
368
	if (num < 0 || num >= NR_syscalls)
369
370
371
		return -ENOSYS;
	mutex_lock(&syscall_trace_lock);
	if (!sys_refcount_exit)
372
		ret = register_trace_sys_exit(ftrace_syscall_exit, NULL);
373
	if (!ret) {
374
375
		set_bit(num, enabled_exit_syscalls);
		sys_refcount_exit++;
376
	}
377
378
379
	mutex_unlock(&syscall_trace_lock);
	return ret;
}
380

381
void unreg_event_syscall_exit(struct ftrace_event_call *call)
382
383
{
	int num;
384

385
	num = ((struct syscall_metadata *)call->data)->syscall_nr;
386
	if (num < 0 || num >= NR_syscalls)
387
388
389
390
391
		return;
	mutex_lock(&syscall_trace_lock);
	sys_refcount_exit--;
	clear_bit(num, enabled_exit_syscalls);
	if (!sys_refcount_exit)
392
		unregister_trace_sys_exit(ftrace_syscall_exit, NULL);
393
	mutex_unlock(&syscall_trace_lock);
394
}
395

396
397
398
399
int init_syscall_trace(struct ftrace_event_call *call)
{
	int id;

400
401
402
	if (set_syscall_print_fmt(call) < 0)
		return -ENOMEM;

403
404
405
	id = trace_event_raw_init(call);

	if (id < 0) {
406
		free_syscall_print_fmt(call);
407
		return id;
408
	}
409
410

	return id;
411
412
}

413
414
415
416
417
unsigned long __init arch_syscall_addr(int nr)
{
	return (unsigned long)sys_call_table[nr];
}

418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
int __init init_ftrace_syscalls(void)
{
	struct syscall_metadata *meta;
	unsigned long addr;
	int i;

	syscalls_metadata = kzalloc(sizeof(*syscalls_metadata) *
					NR_syscalls, GFP_KERNEL);
	if (!syscalls_metadata) {
		WARN_ON(1);
		return -ENOMEM;
	}

	for (i = 0; i < NR_syscalls; i++) {
		addr = arch_syscall_addr(i);
		meta = find_syscall_meta(addr);
434
435
436
437
		if (!meta)
			continue;

		meta->syscall_nr = i;
438
439
440
441
442
443
444
		syscalls_metadata[i] = meta;
	}

	return 0;
}
core_initcall(init_ftrace_syscalls);

445
#ifdef CONFIG_PERF_EVENTS
446

447
448
449
450
static DECLARE_BITMAP(enabled_perf_enter_syscalls, NR_syscalls);
static DECLARE_BITMAP(enabled_perf_exit_syscalls, NR_syscalls);
static int sys_perf_refcount_enter;
static int sys_perf_refcount_exit;
451

452
static void perf_syscall_enter(void *ignore, struct pt_regs *regs, long id)
453
454
{
	struct syscall_metadata *sys_data;
455
456
	struct syscall_trace_enter *rec;
	unsigned long flags;
457
	int syscall_nr;
458
	int rctx;
459
	int size;
460
461

	syscall_nr = syscall_get_nr(current, regs);
462
	if (!test_bit(syscall_nr, enabled_perf_enter_syscalls))
463
464
465
466
467
468
		return;

	sys_data = syscall_nr_to_meta(syscall_nr);
	if (!sys_data)
		return;

469
470
471
472
473
	/* get the size after alignment with the u32 buffer size field */
	size = sizeof(unsigned long) * sys_data->nb_args + sizeof(*rec);
	size = ALIGN(size + sizeof(u32), sizeof(u64));
	size -= sizeof(u32);

474
475
	if (WARN_ONCE(size > PERF_MAX_TRACE_SIZE,
		      "perf buffer not large enough"))
476
477
		return;

478
	rec = (struct syscall_trace_enter *)perf_trace_buf_prepare(size,
479
480
481
				sys_data->enter_event->id, &rctx, &flags);
	if (!rec)
		return;
482
483
484
485

	rec->nr = syscall_nr;
	syscall_get_arguments(current, regs, 0, sys_data->nb_args,
			       (unsigned long *)&rec->args);
486
	perf_trace_buf_submit(rec, size, rctx, 0, 1, flags, regs);
487
488
}

489
int perf_sysenter_enable(struct ftrace_event_call *call)
490
491
492
493
{
	int ret = 0;
	int num;

494
	num = ((struct syscall_metadata *)call->data)->syscall_nr;
495
496

	mutex_lock(&syscall_trace_lock);
497
	if (!sys_perf_refcount_enter)
498
		ret = register_trace_sys_enter(perf_syscall_enter, NULL);
499
500
501
502
	if (ret) {
		pr_info("event trace: Could not activate"
				"syscall entry trace point");
	} else {
503
504
		set_bit(num, enabled_perf_enter_syscalls);
		sys_perf_refcount_enter++;
505
506
507
508
509
	}
	mutex_unlock(&syscall_trace_lock);
	return ret;
}

510
void perf_sysenter_disable(struct ftrace_event_call *call)
511
512
513
{
	int num;

514
	num = ((struct syscall_metadata *)call->data)->syscall_nr;
515
516

	mutex_lock(&syscall_trace_lock);
517
518
519
	sys_perf_refcount_enter--;
	clear_bit(num, enabled_perf_enter_syscalls);
	if (!sys_perf_refcount_enter)
520
		unregister_trace_sys_enter(perf_syscall_enter, NULL);
521
522
523
	mutex_unlock(&syscall_trace_lock);
}

524
static void perf_syscall_exit(void *ignore, struct pt_regs *regs, long ret)
525
526
{
	struct syscall_metadata *sys_data;
527
528
	struct syscall_trace_exit *rec;
	unsigned long flags;
529
	int syscall_nr;
530
	int rctx;
531
	int size;
532
533

	syscall_nr = syscall_get_nr(current, regs);
534
	if (!test_bit(syscall_nr, enabled_perf_exit_syscalls))
535
536
537
538
539
540
		return;

	sys_data = syscall_nr_to_meta(syscall_nr);
	if (!sys_data)
		return;

541
542
543
	/* We can probably do that at build time */
	size = ALIGN(sizeof(*rec) + sizeof(u32), sizeof(u64));
	size -= sizeof(u32);
544

545
546
547
548
	/*
	 * Impossible, but be paranoid with the future
	 * How to put this check outside runtime?
	 */
549
550
	if (WARN_ONCE(size > PERF_MAX_TRACE_SIZE,
		"exit event has grown above perf buffer size"))
551
552
		return;

553
	rec = (struct syscall_trace_exit *)perf_trace_buf_prepare(size,
554
555
556
				sys_data->exit_event->id, &rctx, &flags);
	if (!rec)
		return;
557
558
559
560

	rec->nr = syscall_nr;
	rec->ret = syscall_get_return_value(current, regs);

561
	perf_trace_buf_submit(rec, size, rctx, 0, 1, flags, regs);
562
563
}

564
int perf_sysexit_enable(struct ftrace_event_call *call)
565
566
567
568
{
	int ret = 0;
	int num;

569
	num = ((struct syscall_metadata *)call->data)->syscall_nr;
570
571

	mutex_lock(&syscall_trace_lock);
572
	if (!sys_perf_refcount_exit)
573
		ret = register_trace_sys_exit(perf_syscall_exit, NULL);
574
575
	if (ret) {
		pr_info("event trace: Could not activate"
576
				"syscall exit trace point");
577
	} else {
578
579
		set_bit(num, enabled_perf_exit_syscalls);
		sys_perf_refcount_exit++;
580
581
582
583
584
	}
	mutex_unlock(&syscall_trace_lock);
	return ret;
}

585
void perf_sysexit_disable(struct ftrace_event_call *call)
586
587
588
{
	int num;

589
	num = ((struct syscall_metadata *)call->data)->syscall_nr;
590
591

	mutex_lock(&syscall_trace_lock);
592
593
594
	sys_perf_refcount_exit--;
	clear_bit(num, enabled_perf_exit_syscalls);
	if (!sys_perf_refcount_exit)
595
		unregister_trace_sys_exit(perf_syscall_exit, NULL);
596
597
598
	mutex_unlock(&syscall_trace_lock);
}

599
#endif /* CONFIG_PERF_EVENTS */
600

601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
static int syscall_enter_register(struct ftrace_event_call *event,
				 enum trace_reg type)
{
	switch (type) {
	case TRACE_REG_REGISTER:
		return reg_event_syscall_enter(event);
	case TRACE_REG_UNREGISTER:
		unreg_event_syscall_enter(event);
		return 0;

#ifdef CONFIG_PERF_EVENTS
	case TRACE_REG_PERF_REGISTER:
		return perf_sysenter_enable(event);
	case TRACE_REG_PERF_UNREGISTER:
		perf_sysenter_disable(event);
		return 0;
#endif
	}
	return 0;
}

static int syscall_exit_register(struct ftrace_event_call *event,
				 enum trace_reg type)
{
	switch (type) {
	case TRACE_REG_REGISTER:
		return reg_event_syscall_exit(event);
	case TRACE_REG_UNREGISTER:
		unreg_event_syscall_exit(event);
		return 0;

#ifdef CONFIG_PERF_EVENTS
	case TRACE_REG_PERF_REGISTER:
		return perf_sysexit_enable(event);
	case TRACE_REG_PERF_UNREGISTER:
		perf_sysexit_disable(event);
		return 0;
#endif
	}
	return 0;
}