trace_syscalls.c 15.7 KB
Newer Older
1
#include <trace/syscall.h>
2
#include <trace/events/syscalls.h>
3
#include <linux/slab.h>
4
#include <linux/kernel.h>
5
#include <linux/ftrace.h>
6
#include <linux/perf_event.h>
7
8
9
10
11
#include <asm/syscall.h>

#include "trace_output.h"
#include "trace.h"

12
static DEFINE_MUTEX(syscall_trace_lock);
13
14
static int sys_refcount_enter;
static int sys_refcount_exit;
15
16
static DECLARE_BITMAP(enabled_enter_syscalls, NR_syscalls);
static DECLARE_BITMAP(enabled_exit_syscalls, NR_syscalls);
17

18
19
20
21
22
static int syscall_enter_register(struct ftrace_event_call *event,
				 enum trace_reg type);
static int syscall_exit_register(struct ftrace_event_call *event,
				 enum trace_reg type);

23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
static int syscall_enter_define_fields(struct ftrace_event_call *call);
static int syscall_exit_define_fields(struct ftrace_event_call *call);

static struct list_head *
syscall_get_enter_fields(struct ftrace_event_call *call)
{
	struct syscall_metadata *entry = call->data;

	return &entry->enter_fields;
}

static struct list_head *
syscall_get_exit_fields(struct ftrace_event_call *call)
{
	struct syscall_metadata *entry = call->data;

	return &entry->exit_fields;
}

42
43
struct ftrace_event_class event_class_syscall_enter = {
	.system			= "syscalls",
44
45
46
	.reg			= syscall_enter_register,
	.define_fields		= syscall_enter_define_fields,
	.get_fields		= syscall_get_enter_fields,
47
48
49
50
};

struct ftrace_event_class event_class_syscall_exit = {
	.system			= "syscalls",
51
52
53
	.reg			= syscall_exit_register,
	.define_fields		= syscall_exit_define_fields,
	.get_fields		= syscall_get_exit_fields,
54
55
};

56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
extern unsigned long __start_syscalls_metadata[];
extern unsigned long __stop_syscalls_metadata[];

static struct syscall_metadata **syscalls_metadata;

static struct syscall_metadata *find_syscall_meta(unsigned long syscall)
{
	struct syscall_metadata *start;
	struct syscall_metadata *stop;
	char str[KSYM_SYMBOL_LEN];


	start = (struct syscall_metadata *)__start_syscalls_metadata;
	stop = (struct syscall_metadata *)__stop_syscalls_metadata;
	kallsyms_lookup(syscall, NULL, NULL, NULL, str);

	for ( ; start < stop; start++) {
		/*
		 * Only compare after the "sys" prefix. Archs that use
		 * syscall wrappers may have syscalls symbols aliases prefixed
		 * with "SyS" instead of "sys", leading to an unwanted
		 * mismatch.
		 */
		if (start->name && !strcmp(start->name + 3, str + 3))
			return start;
	}
	return NULL;
}

static struct syscall_metadata *syscall_nr_to_meta(int nr)
{
	if (!syscalls_metadata || nr >= NR_syscalls || nr < 0)
		return NULL;

	return syscalls_metadata[nr];
}

93
94
95
96
97
98
99
100
101
enum print_line_t
print_syscall_enter(struct trace_iterator *iter, int flags)
{
	struct trace_seq *s = &iter->seq;
	struct trace_entry *ent = iter->ent;
	struct syscall_trace_enter *trace;
	struct syscall_metadata *entry;
	int i, ret, syscall;

102
	trace = (typeof(trace))ent;
103
104
	syscall = trace->nr;
	entry = syscall_nr_to_meta(syscall);
105

106
107
108
	if (!entry)
		goto end;

109
	if (entry->enter_event->id != ent->type) {
110
111
112
113
		WARN_ON_ONCE(1);
		goto end;
	}

114
115
116
117
118
119
	ret = trace_seq_printf(s, "%s(", entry->name);
	if (!ret)
		return TRACE_TYPE_PARTIAL_LINE;

	for (i = 0; i < entry->nb_args; i++) {
		/* parameter types */
120
		if (trace_flags & TRACE_ITER_VERBOSE) {
121
122
123
124
125
			ret = trace_seq_printf(s, "%s ", entry->types[i]);
			if (!ret)
				return TRACE_TYPE_PARTIAL_LINE;
		}
		/* parameter values */
126
		ret = trace_seq_printf(s, "%s: %lx%s", entry->args[i],
127
				       trace->args[i],
128
				       i == entry->nb_args - 1 ? "" : ", ");
129
130
131
132
		if (!ret)
			return TRACE_TYPE_PARTIAL_LINE;
	}

133
134
135
136
	ret = trace_seq_putc(s, ')');
	if (!ret)
		return TRACE_TYPE_PARTIAL_LINE;

137
end:
138
139
140
141
	ret =  trace_seq_putc(s, '\n');
	if (!ret)
		return TRACE_TYPE_PARTIAL_LINE;

142
143
144
145
146
147
148
149
150
151
152
153
154
	return TRACE_TYPE_HANDLED;
}

enum print_line_t
print_syscall_exit(struct trace_iterator *iter, int flags)
{
	struct trace_seq *s = &iter->seq;
	struct trace_entry *ent = iter->ent;
	struct syscall_trace_exit *trace;
	int syscall;
	struct syscall_metadata *entry;
	int ret;

155
	trace = (typeof(trace))ent;
156
157
	syscall = trace->nr;
	entry = syscall_nr_to_meta(syscall);
158

159
160
161
162
163
	if (!entry) {
		trace_seq_printf(s, "\n");
		return TRACE_TYPE_HANDLED;
	}

164
	if (entry->exit_event->id != ent->type) {
165
166
167
168
		WARN_ON_ONCE(1);
		return TRACE_TYPE_UNHANDLED;
	}

169
170
171
172
173
174
175
176
	ret = trace_seq_printf(s, "%s -> 0x%lx\n", entry->name,
				trace->ret);
	if (!ret)
		return TRACE_TYPE_PARTIAL_LINE;

	return TRACE_TYPE_HANDLED;
}

177
178
179
180
181
extern char *__bad_type_size(void);

#define SYSCALL_FIELD(type, name)					\
	sizeof(type) != sizeof(trace.name) ?				\
		__bad_type_size() :					\
182
183
		#type, #name, offsetof(typeof(trace), name),		\
		sizeof(trace.name), is_signed_type(type)
184

185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
static
int  __set_enter_print_fmt(struct syscall_metadata *entry, char *buf, int len)
{
	int i;
	int pos = 0;

	/* When len=0, we just calculate the needed length */
#define LEN_OR_ZERO (len ? len - pos : 0)

	pos += snprintf(buf + pos, LEN_OR_ZERO, "\"");
	for (i = 0; i < entry->nb_args; i++) {
		pos += snprintf(buf + pos, LEN_OR_ZERO, "%s: 0x%%0%zulx%s",
				entry->args[i], sizeof(unsigned long),
				i == entry->nb_args - 1 ? "" : ", ");
	}
	pos += snprintf(buf + pos, LEN_OR_ZERO, "\"");

	for (i = 0; i < entry->nb_args; i++) {
		pos += snprintf(buf + pos, LEN_OR_ZERO,
				", ((unsigned long)(REC->%s))", entry->args[i]);
	}

#undef LEN_OR_ZERO

	/* return the length of print_fmt */
	return pos;
}

static int set_syscall_print_fmt(struct ftrace_event_call *call)
{
	char *print_fmt;
	int len;
	struct syscall_metadata *entry = call->data;

	if (entry->enter_event != call) {
		call->print_fmt = "\"0x%lx\", REC->ret";
		return 0;
	}

	/* First: called with 0 length to calculate the needed length */
	len = __set_enter_print_fmt(entry, NULL, 0);

	print_fmt = kmalloc(len + 1, GFP_KERNEL);
	if (!print_fmt)
		return -ENOMEM;

	/* Second: actually write the @print_fmt */
	__set_enter_print_fmt(entry, print_fmt, len + 1);
	call->print_fmt = print_fmt;

	return 0;
}

static void free_syscall_print_fmt(struct ftrace_event_call *call)
{
	struct syscall_metadata *entry = call->data;

	if (entry->enter_event == call)
		kfree(call->print_fmt);
}

246
static int syscall_enter_define_fields(struct ftrace_event_call *call)
247
248
{
	struct syscall_trace_enter trace;
249
	struct syscall_metadata *meta = call->data;
250
251
252
253
	int ret;
	int i;
	int offset = offsetof(typeof(trace), args);

254
255
256
257
	ret = trace_define_field(call, SYSCALL_FIELD(int, nr), FILTER_OTHER);
	if (ret)
		return ret;

258
	for (i = 0; i < meta->nb_args; i++) {
259
260
		ret = trace_define_field(call, meta->types[i],
					 meta->args[i], offset,
261
262
					 sizeof(unsigned long), 0,
					 FILTER_OTHER);
263
264
265
266
267
268
		offset += sizeof(unsigned long);
	}

	return ret;
}

269
static int syscall_exit_define_fields(struct ftrace_event_call *call)
270
271
272
273
{
	struct syscall_trace_exit trace;
	int ret;

274
275
276
277
	ret = trace_define_field(call, SYSCALL_FIELD(int, nr), FILTER_OTHER);
	if (ret)
		return ret;

278
	ret = trace_define_field(call, SYSCALL_FIELD(long, ret),
279
				 FILTER_OTHER);
280
281
282
283

	return ret;
}

284
void ftrace_syscall_enter(void *ignore, struct pt_regs *regs, long id)
285
{
286
287
288
	struct syscall_trace_enter *entry;
	struct syscall_metadata *sys_data;
	struct ring_buffer_event *event;
289
	struct ring_buffer *buffer;
290
	int size;
291
292
293
	int syscall_nr;

	syscall_nr = syscall_get_nr(current, regs);
294
295
	if (syscall_nr < 0)
		return;
296
297
	if (!test_bit(syscall_nr, enabled_enter_syscalls))
		return;
298

299
300
301
302
303
304
	sys_data = syscall_nr_to_meta(syscall_nr);
	if (!sys_data)
		return;

	size = sizeof(*entry) + sizeof(unsigned long) * sys_data->nb_args;

305
306
	event = trace_current_buffer_lock_reserve(&buffer,
			sys_data->enter_event->id, size, 0, 0);
307
308
309
310
311
312
313
	if (!event)
		return;

	entry = ring_buffer_event_data(event);
	entry->nr = syscall_nr;
	syscall_get_arguments(current, regs, 0, sys_data->nb_args, entry->args);

314
315
316
	if (!filter_current_check_discard(buffer, sys_data->enter_event,
					  entry, event))
		trace_current_buffer_unlock_commit(buffer, event, 0, 0);
317
318
}

319
void ftrace_syscall_exit(void *ignore, struct pt_regs *regs, long ret)
320
{
321
322
323
	struct syscall_trace_exit *entry;
	struct syscall_metadata *sys_data;
	struct ring_buffer_event *event;
324
	struct ring_buffer *buffer;
325
326
327
	int syscall_nr;

	syscall_nr = syscall_get_nr(current, regs);
328
329
	if (syscall_nr < 0)
		return;
330
331
	if (!test_bit(syscall_nr, enabled_exit_syscalls))
		return;
332

333
334
335
336
	sys_data = syscall_nr_to_meta(syscall_nr);
	if (!sys_data)
		return;

337
338
	event = trace_current_buffer_lock_reserve(&buffer,
			sys_data->exit_event->id, sizeof(*entry), 0, 0);
339
340
341
342
343
344
345
	if (!event)
		return;

	entry = ring_buffer_event_data(event);
	entry->nr = syscall_nr;
	entry->ret = syscall_get_return_value(current, regs);

346
347
348
	if (!filter_current_check_discard(buffer, sys_data->exit_event,
					  entry, event))
		trace_current_buffer_unlock_commit(buffer, event, 0, 0);
349
350
}

351
int reg_event_syscall_enter(struct ftrace_event_call *call)
352
{
353
354
355
	int ret = 0;
	int num;

356
	num = ((struct syscall_metadata *)call->data)->syscall_nr;
357
	if (num < 0 || num >= NR_syscalls)
358
359
360
		return -ENOSYS;
	mutex_lock(&syscall_trace_lock);
	if (!sys_refcount_enter)
361
		ret = register_trace_sys_enter(ftrace_syscall_enter, NULL);
362
	if (!ret) {
363
364
365
366
367
		set_bit(num, enabled_enter_syscalls);
		sys_refcount_enter++;
	}
	mutex_unlock(&syscall_trace_lock);
	return ret;
368
369
}

370
void unreg_event_syscall_enter(struct ftrace_event_call *call)
371
{
372
	int num;
373

374
	num = ((struct syscall_metadata *)call->data)->syscall_nr;
375
	if (num < 0 || num >= NR_syscalls)
376
377
378
379
380
		return;
	mutex_lock(&syscall_trace_lock);
	sys_refcount_enter--;
	clear_bit(num, enabled_enter_syscalls);
	if (!sys_refcount_enter)
381
		unregister_trace_sys_enter(ftrace_syscall_enter, NULL);
382
383
	mutex_unlock(&syscall_trace_lock);
}
384

385
int reg_event_syscall_exit(struct ftrace_event_call *call)
386
{
387
388
389
	int ret = 0;
	int num;

390
	num = ((struct syscall_metadata *)call->data)->syscall_nr;
391
	if (num < 0 || num >= NR_syscalls)
392
393
394
		return -ENOSYS;
	mutex_lock(&syscall_trace_lock);
	if (!sys_refcount_exit)
395
		ret = register_trace_sys_exit(ftrace_syscall_exit, NULL);
396
	if (!ret) {
397
398
		set_bit(num, enabled_exit_syscalls);
		sys_refcount_exit++;
399
	}
400
401
402
	mutex_unlock(&syscall_trace_lock);
	return ret;
}
403

404
void unreg_event_syscall_exit(struct ftrace_event_call *call)
405
406
{
	int num;
407

408
	num = ((struct syscall_metadata *)call->data)->syscall_nr;
409
	if (num < 0 || num >= NR_syscalls)
410
411
412
413
414
		return;
	mutex_lock(&syscall_trace_lock);
	sys_refcount_exit--;
	clear_bit(num, enabled_exit_syscalls);
	if (!sys_refcount_exit)
415
		unregister_trace_sys_exit(ftrace_syscall_exit, NULL);
416
	mutex_unlock(&syscall_trace_lock);
417
}
418

419
420
421
422
int init_syscall_trace(struct ftrace_event_call *call)
{
	int id;

423
424
425
	if (set_syscall_print_fmt(call) < 0)
		return -ENOMEM;

426
427
428
	id = trace_event_raw_init(call);

	if (id < 0) {
429
		free_syscall_print_fmt(call);
430
		return id;
431
	}
432
433

	return id;
434
435
}

436
437
438
439
440
unsigned long __init arch_syscall_addr(int nr)
{
	return (unsigned long)sys_call_table[nr];
}

441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
int __init init_ftrace_syscalls(void)
{
	struct syscall_metadata *meta;
	unsigned long addr;
	int i;

	syscalls_metadata = kzalloc(sizeof(*syscalls_metadata) *
					NR_syscalls, GFP_KERNEL);
	if (!syscalls_metadata) {
		WARN_ON(1);
		return -ENOMEM;
	}

	for (i = 0; i < NR_syscalls; i++) {
		addr = arch_syscall_addr(i);
		meta = find_syscall_meta(addr);
457
458
459
460
		if (!meta)
			continue;

		meta->syscall_nr = i;
461
462
463
464
465
466
467
		syscalls_metadata[i] = meta;
	}

	return 0;
}
core_initcall(init_ftrace_syscalls);

468
#ifdef CONFIG_PERF_EVENTS
469

470
471
472
473
static DECLARE_BITMAP(enabled_perf_enter_syscalls, NR_syscalls);
static DECLARE_BITMAP(enabled_perf_exit_syscalls, NR_syscalls);
static int sys_perf_refcount_enter;
static int sys_perf_refcount_exit;
474

475
static void perf_syscall_enter(void *ignore, struct pt_regs *regs, long id)
476
477
{
	struct syscall_metadata *sys_data;
478
479
	struct syscall_trace_enter *rec;
	unsigned long flags;
480
	int syscall_nr;
481
	int rctx;
482
	int size;
483
484

	syscall_nr = syscall_get_nr(current, regs);
485
	if (!test_bit(syscall_nr, enabled_perf_enter_syscalls))
486
487
488
489
490
491
		return;

	sys_data = syscall_nr_to_meta(syscall_nr);
	if (!sys_data)
		return;

492
493
494
495
496
	/* get the size after alignment with the u32 buffer size field */
	size = sizeof(unsigned long) * sys_data->nb_args + sizeof(*rec);
	size = ALIGN(size + sizeof(u32), sizeof(u64));
	size -= sizeof(u32);

497
498
	if (WARN_ONCE(size > PERF_MAX_TRACE_SIZE,
		      "perf buffer not large enough"))
499
500
		return;

501
	rec = (struct syscall_trace_enter *)perf_trace_buf_prepare(size,
502
503
504
				sys_data->enter_event->id, &rctx, &flags);
	if (!rec)
		return;
505
506
507
508

	rec->nr = syscall_nr;
	syscall_get_arguments(current, regs, 0, sys_data->nb_args,
			       (unsigned long *)&rec->args);
509
	perf_trace_buf_submit(rec, size, rctx, 0, 1, flags, regs);
510
511
}

512
int perf_sysenter_enable(struct ftrace_event_call *call)
513
514
515
516
{
	int ret = 0;
	int num;

517
	num = ((struct syscall_metadata *)call->data)->syscall_nr;
518
519

	mutex_lock(&syscall_trace_lock);
520
	if (!sys_perf_refcount_enter)
521
		ret = register_trace_sys_enter(perf_syscall_enter, NULL);
522
523
524
525
	if (ret) {
		pr_info("event trace: Could not activate"
				"syscall entry trace point");
	} else {
526
527
		set_bit(num, enabled_perf_enter_syscalls);
		sys_perf_refcount_enter++;
528
529
530
531
532
	}
	mutex_unlock(&syscall_trace_lock);
	return ret;
}

533
void perf_sysenter_disable(struct ftrace_event_call *call)
534
535
536
{
	int num;

537
	num = ((struct syscall_metadata *)call->data)->syscall_nr;
538
539

	mutex_lock(&syscall_trace_lock);
540
541
542
	sys_perf_refcount_enter--;
	clear_bit(num, enabled_perf_enter_syscalls);
	if (!sys_perf_refcount_enter)
543
		unregister_trace_sys_enter(perf_syscall_enter, NULL);
544
545
546
	mutex_unlock(&syscall_trace_lock);
}

547
static void perf_syscall_exit(void *ignore, struct pt_regs *regs, long ret)
548
549
{
	struct syscall_metadata *sys_data;
550
551
	struct syscall_trace_exit *rec;
	unsigned long flags;
552
	int syscall_nr;
553
	int rctx;
554
	int size;
555
556

	syscall_nr = syscall_get_nr(current, regs);
557
	if (!test_bit(syscall_nr, enabled_perf_exit_syscalls))
558
559
560
561
562
563
		return;

	sys_data = syscall_nr_to_meta(syscall_nr);
	if (!sys_data)
		return;

564
565
566
	/* We can probably do that at build time */
	size = ALIGN(sizeof(*rec) + sizeof(u32), sizeof(u64));
	size -= sizeof(u32);
567

568
569
570
571
	/*
	 * Impossible, but be paranoid with the future
	 * How to put this check outside runtime?
	 */
572
573
	if (WARN_ONCE(size > PERF_MAX_TRACE_SIZE,
		"exit event has grown above perf buffer size"))
574
575
		return;

576
	rec = (struct syscall_trace_exit *)perf_trace_buf_prepare(size,
577
578
579
				sys_data->exit_event->id, &rctx, &flags);
	if (!rec)
		return;
580
581
582
583

	rec->nr = syscall_nr;
	rec->ret = syscall_get_return_value(current, regs);

584
	perf_trace_buf_submit(rec, size, rctx, 0, 1, flags, regs);
585
586
}

587
int perf_sysexit_enable(struct ftrace_event_call *call)
588
589
590
591
{
	int ret = 0;
	int num;

592
	num = ((struct syscall_metadata *)call->data)->syscall_nr;
593
594

	mutex_lock(&syscall_trace_lock);
595
	if (!sys_perf_refcount_exit)
596
		ret = register_trace_sys_exit(perf_syscall_exit, NULL);
597
598
	if (ret) {
		pr_info("event trace: Could not activate"
599
				"syscall exit trace point");
600
	} else {
601
602
		set_bit(num, enabled_perf_exit_syscalls);
		sys_perf_refcount_exit++;
603
604
605
606
607
	}
	mutex_unlock(&syscall_trace_lock);
	return ret;
}

608
void perf_sysexit_disable(struct ftrace_event_call *call)
609
610
611
{
	int num;

612
	num = ((struct syscall_metadata *)call->data)->syscall_nr;
613
614

	mutex_lock(&syscall_trace_lock);
615
616
617
	sys_perf_refcount_exit--;
	clear_bit(num, enabled_perf_exit_syscalls);
	if (!sys_perf_refcount_exit)
618
		unregister_trace_sys_exit(perf_syscall_exit, NULL);
619
620
621
	mutex_unlock(&syscall_trace_lock);
}

622
#endif /* CONFIG_PERF_EVENTS */
623

624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
static int syscall_enter_register(struct ftrace_event_call *event,
				 enum trace_reg type)
{
	switch (type) {
	case TRACE_REG_REGISTER:
		return reg_event_syscall_enter(event);
	case TRACE_REG_UNREGISTER:
		unreg_event_syscall_enter(event);
		return 0;

#ifdef CONFIG_PERF_EVENTS
	case TRACE_REG_PERF_REGISTER:
		return perf_sysenter_enable(event);
	case TRACE_REG_PERF_UNREGISTER:
		perf_sysenter_disable(event);
		return 0;
#endif
	}
	return 0;
}

static int syscall_exit_register(struct ftrace_event_call *event,
				 enum trace_reg type)
{
	switch (type) {
	case TRACE_REG_REGISTER:
		return reg_event_syscall_exit(event);
	case TRACE_REG_UNREGISTER:
		unreg_event_syscall_exit(event);
		return 0;

#ifdef CONFIG_PERF_EVENTS
	case TRACE_REG_PERF_REGISTER:
		return perf_sysexit_enable(event);
	case TRACE_REG_PERF_UNREGISTER:
		perf_sysexit_disable(event);
		return 0;
#endif
	}
	return 0;
}