trace_syscalls.c 16 KB
Newer Older
1
#include <trace/syscall.h>
2
#include <trace/events/syscalls.h>
3
#include <linux/slab.h>
4
#include <linux/kernel.h>
5
#include <linux/ftrace.h>
6
#include <linux/perf_event.h>
7
8
9
10
11
#include <asm/syscall.h>

#include "trace_output.h"
#include "trace.h"

12
static DEFINE_MUTEX(syscall_trace_lock);
13
14
static int sys_refcount_enter;
static int sys_refcount_exit;
15
16
static DECLARE_BITMAP(enabled_enter_syscalls, NR_syscalls);
static DECLARE_BITMAP(enabled_exit_syscalls, NR_syscalls);
17

18
19
20
21
22
static int syscall_enter_register(struct ftrace_event_call *event,
				 enum trace_reg type);
static int syscall_exit_register(struct ftrace_event_call *event,
				 enum trace_reg type);

23
24
25
26
27
28
29
30
31
32
33
static int syscall_enter_define_fields(struct ftrace_event_call *call);
static int syscall_exit_define_fields(struct ftrace_event_call *call);

static struct list_head *
syscall_get_enter_fields(struct ftrace_event_call *call)
{
	struct syscall_metadata *entry = call->data;

	return &entry->enter_fields;
}

34
struct trace_event_functions enter_syscall_print_funcs = {
35
	.trace		= print_syscall_enter,
36
37
38
};

struct trace_event_functions exit_syscall_print_funcs = {
39
	.trace		= print_syscall_exit,
40
41
};

42
struct ftrace_event_class event_class_syscall_enter = {
43
44
45
46
47
	.system		= "syscalls",
	.reg		= syscall_enter_register,
	.define_fields	= syscall_enter_define_fields,
	.get_fields	= syscall_get_enter_fields,
	.raw_init	= init_syscall_trace,
48
49
50
};

struct ftrace_event_class event_class_syscall_exit = {
51
52
53
54
55
	.system		= "syscalls",
	.reg		= syscall_exit_register,
	.define_fields	= syscall_exit_define_fields,
	.fields		= LIST_HEAD_INIT(event_class_syscall_exit.fields),
	.raw_init	= init_syscall_trace,
56
57
};

58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
extern unsigned long __start_syscalls_metadata[];
extern unsigned long __stop_syscalls_metadata[];

static struct syscall_metadata **syscalls_metadata;

static struct syscall_metadata *find_syscall_meta(unsigned long syscall)
{
	struct syscall_metadata *start;
	struct syscall_metadata *stop;
	char str[KSYM_SYMBOL_LEN];


	start = (struct syscall_metadata *)__start_syscalls_metadata;
	stop = (struct syscall_metadata *)__stop_syscalls_metadata;
	kallsyms_lookup(syscall, NULL, NULL, NULL, str);

	for ( ; start < stop; start++) {
		/*
		 * Only compare after the "sys" prefix. Archs that use
		 * syscall wrappers may have syscalls symbols aliases prefixed
		 * with "SyS" instead of "sys", leading to an unwanted
		 * mismatch.
		 */
		if (start->name && !strcmp(start->name + 3, str + 3))
			return start;
	}
	return NULL;
}

static struct syscall_metadata *syscall_nr_to_meta(int nr)
{
	if (!syscalls_metadata || nr >= NR_syscalls || nr < 0)
		return NULL;

	return syscalls_metadata[nr];
}

95
enum print_line_t
96
97
print_syscall_enter(struct trace_iterator *iter, int flags,
		    struct trace_event *event)
98
99
100
101
102
103
104
{
	struct trace_seq *s = &iter->seq;
	struct trace_entry *ent = iter->ent;
	struct syscall_trace_enter *trace;
	struct syscall_metadata *entry;
	int i, ret, syscall;

105
	trace = (typeof(trace))ent;
106
107
	syscall = trace->nr;
	entry = syscall_nr_to_meta(syscall);
108

109
110
111
	if (!entry)
		goto end;

112
	if (entry->enter_event->event.type != ent->type) {
113
114
115
116
		WARN_ON_ONCE(1);
		goto end;
	}

117
118
119
120
121
122
	ret = trace_seq_printf(s, "%s(", entry->name);
	if (!ret)
		return TRACE_TYPE_PARTIAL_LINE;

	for (i = 0; i < entry->nb_args; i++) {
		/* parameter types */
123
		if (trace_flags & TRACE_ITER_VERBOSE) {
124
125
126
127
128
			ret = trace_seq_printf(s, "%s ", entry->types[i]);
			if (!ret)
				return TRACE_TYPE_PARTIAL_LINE;
		}
		/* parameter values */
129
		ret = trace_seq_printf(s, "%s: %lx%s", entry->args[i],
130
				       trace->args[i],
131
				       i == entry->nb_args - 1 ? "" : ", ");
132
133
134
135
		if (!ret)
			return TRACE_TYPE_PARTIAL_LINE;
	}

136
137
138
139
	ret = trace_seq_putc(s, ')');
	if (!ret)
		return TRACE_TYPE_PARTIAL_LINE;

140
end:
141
142
143
144
	ret =  trace_seq_putc(s, '\n');
	if (!ret)
		return TRACE_TYPE_PARTIAL_LINE;

145
146
147
148
	return TRACE_TYPE_HANDLED;
}

enum print_line_t
149
150
print_syscall_exit(struct trace_iterator *iter, int flags,
		   struct trace_event *event)
151
152
153
154
155
156
157
158
{
	struct trace_seq *s = &iter->seq;
	struct trace_entry *ent = iter->ent;
	struct syscall_trace_exit *trace;
	int syscall;
	struct syscall_metadata *entry;
	int ret;

159
	trace = (typeof(trace))ent;
160
161
	syscall = trace->nr;
	entry = syscall_nr_to_meta(syscall);
162

163
164
165
166
167
	if (!entry) {
		trace_seq_printf(s, "\n");
		return TRACE_TYPE_HANDLED;
	}

168
	if (entry->exit_event->event.type != ent->type) {
169
170
171
172
		WARN_ON_ONCE(1);
		return TRACE_TYPE_UNHANDLED;
	}

173
174
175
176
177
178
179
180
	ret = trace_seq_printf(s, "%s -> 0x%lx\n", entry->name,
				trace->ret);
	if (!ret)
		return TRACE_TYPE_PARTIAL_LINE;

	return TRACE_TYPE_HANDLED;
}

181
182
183
184
185
extern char *__bad_type_size(void);

#define SYSCALL_FIELD(type, name)					\
	sizeof(type) != sizeof(trace.name) ?				\
		__bad_type_size() :					\
186
187
		#type, #name, offsetof(typeof(trace), name),		\
		sizeof(trace.name), is_signed_type(type)
188

189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
static
int  __set_enter_print_fmt(struct syscall_metadata *entry, char *buf, int len)
{
	int i;
	int pos = 0;

	/* When len=0, we just calculate the needed length */
#define LEN_OR_ZERO (len ? len - pos : 0)

	pos += snprintf(buf + pos, LEN_OR_ZERO, "\"");
	for (i = 0; i < entry->nb_args; i++) {
		pos += snprintf(buf + pos, LEN_OR_ZERO, "%s: 0x%%0%zulx%s",
				entry->args[i], sizeof(unsigned long),
				i == entry->nb_args - 1 ? "" : ", ");
	}
	pos += snprintf(buf + pos, LEN_OR_ZERO, "\"");

	for (i = 0; i < entry->nb_args; i++) {
		pos += snprintf(buf + pos, LEN_OR_ZERO,
				", ((unsigned long)(REC->%s))", entry->args[i]);
	}

#undef LEN_OR_ZERO

	/* return the length of print_fmt */
	return pos;
}

static int set_syscall_print_fmt(struct ftrace_event_call *call)
{
	char *print_fmt;
	int len;
	struct syscall_metadata *entry = call->data;

	if (entry->enter_event != call) {
		call->print_fmt = "\"0x%lx\", REC->ret";
		return 0;
	}

	/* First: called with 0 length to calculate the needed length */
	len = __set_enter_print_fmt(entry, NULL, 0);

	print_fmt = kmalloc(len + 1, GFP_KERNEL);
	if (!print_fmt)
		return -ENOMEM;

	/* Second: actually write the @print_fmt */
	__set_enter_print_fmt(entry, print_fmt, len + 1);
	call->print_fmt = print_fmt;

	return 0;
}

static void free_syscall_print_fmt(struct ftrace_event_call *call)
{
	struct syscall_metadata *entry = call->data;

	if (entry->enter_event == call)
		kfree(call->print_fmt);
}

250
static int syscall_enter_define_fields(struct ftrace_event_call *call)
251
252
{
	struct syscall_trace_enter trace;
253
	struct syscall_metadata *meta = call->data;
254
255
256
257
	int ret;
	int i;
	int offset = offsetof(typeof(trace), args);

258
259
260
261
	ret = trace_define_field(call, SYSCALL_FIELD(int, nr), FILTER_OTHER);
	if (ret)
		return ret;

262
	for (i = 0; i < meta->nb_args; i++) {
263
264
		ret = trace_define_field(call, meta->types[i],
					 meta->args[i], offset,
265
266
					 sizeof(unsigned long), 0,
					 FILTER_OTHER);
267
268
269
270
271
272
		offset += sizeof(unsigned long);
	}

	return ret;
}

273
static int syscall_exit_define_fields(struct ftrace_event_call *call)
274
275
276
277
{
	struct syscall_trace_exit trace;
	int ret;

278
279
280
281
	ret = trace_define_field(call, SYSCALL_FIELD(int, nr), FILTER_OTHER);
	if (ret)
		return ret;

282
	ret = trace_define_field(call, SYSCALL_FIELD(long, ret),
283
				 FILTER_OTHER);
284
285
286
287

	return ret;
}

288
void ftrace_syscall_enter(void *ignore, struct pt_regs *regs, long id)
289
{
290
291
292
	struct syscall_trace_enter *entry;
	struct syscall_metadata *sys_data;
	struct ring_buffer_event *event;
293
	struct ring_buffer *buffer;
294
	int size;
295
296
297
	int syscall_nr;

	syscall_nr = syscall_get_nr(current, regs);
298
299
	if (syscall_nr < 0)
		return;
300
301
	if (!test_bit(syscall_nr, enabled_enter_syscalls))
		return;
302

303
304
305
306
307
308
	sys_data = syscall_nr_to_meta(syscall_nr);
	if (!sys_data)
		return;

	size = sizeof(*entry) + sizeof(unsigned long) * sys_data->nb_args;

309
	event = trace_current_buffer_lock_reserve(&buffer,
310
			sys_data->enter_event->event.type, size, 0, 0);
311
312
313
314
315
316
317
	if (!event)
		return;

	entry = ring_buffer_event_data(event);
	entry->nr = syscall_nr;
	syscall_get_arguments(current, regs, 0, sys_data->nb_args, entry->args);

318
319
320
	if (!filter_current_check_discard(buffer, sys_data->enter_event,
					  entry, event))
		trace_current_buffer_unlock_commit(buffer, event, 0, 0);
321
322
}

323
void ftrace_syscall_exit(void *ignore, struct pt_regs *regs, long ret)
324
{
325
326
327
	struct syscall_trace_exit *entry;
	struct syscall_metadata *sys_data;
	struct ring_buffer_event *event;
328
	struct ring_buffer *buffer;
329
330
331
	int syscall_nr;

	syscall_nr = syscall_get_nr(current, regs);
332
333
	if (syscall_nr < 0)
		return;
334
335
	if (!test_bit(syscall_nr, enabled_exit_syscalls))
		return;
336

337
338
339
340
	sys_data = syscall_nr_to_meta(syscall_nr);
	if (!sys_data)
		return;

341
	event = trace_current_buffer_lock_reserve(&buffer,
342
			sys_data->exit_event->event.type, sizeof(*entry), 0, 0);
343
344
345
346
347
348
349
	if (!event)
		return;

	entry = ring_buffer_event_data(event);
	entry->nr = syscall_nr;
	entry->ret = syscall_get_return_value(current, regs);

350
351
352
	if (!filter_current_check_discard(buffer, sys_data->exit_event,
					  entry, event))
		trace_current_buffer_unlock_commit(buffer, event, 0, 0);
353
354
}

355
int reg_event_syscall_enter(struct ftrace_event_call *call)
356
{
357
358
359
	int ret = 0;
	int num;

360
	num = ((struct syscall_metadata *)call->data)->syscall_nr;
361
	if (num < 0 || num >= NR_syscalls)
362
363
364
		return -ENOSYS;
	mutex_lock(&syscall_trace_lock);
	if (!sys_refcount_enter)
365
		ret = register_trace_sys_enter(ftrace_syscall_enter, NULL);
366
	if (!ret) {
367
368
369
370
371
		set_bit(num, enabled_enter_syscalls);
		sys_refcount_enter++;
	}
	mutex_unlock(&syscall_trace_lock);
	return ret;
372
373
}

374
void unreg_event_syscall_enter(struct ftrace_event_call *call)
375
{
376
	int num;
377

378
	num = ((struct syscall_metadata *)call->data)->syscall_nr;
379
	if (num < 0 || num >= NR_syscalls)
380
381
382
383
384
		return;
	mutex_lock(&syscall_trace_lock);
	sys_refcount_enter--;
	clear_bit(num, enabled_enter_syscalls);
	if (!sys_refcount_enter)
385
		unregister_trace_sys_enter(ftrace_syscall_enter, NULL);
386
387
	mutex_unlock(&syscall_trace_lock);
}
388

389
int reg_event_syscall_exit(struct ftrace_event_call *call)
390
{
391
392
393
	int ret = 0;
	int num;

394
	num = ((struct syscall_metadata *)call->data)->syscall_nr;
395
	if (num < 0 || num >= NR_syscalls)
396
397
398
		return -ENOSYS;
	mutex_lock(&syscall_trace_lock);
	if (!sys_refcount_exit)
399
		ret = register_trace_sys_exit(ftrace_syscall_exit, NULL);
400
	if (!ret) {
401
402
		set_bit(num, enabled_exit_syscalls);
		sys_refcount_exit++;
403
	}
404
405
406
	mutex_unlock(&syscall_trace_lock);
	return ret;
}
407

408
void unreg_event_syscall_exit(struct ftrace_event_call *call)
409
410
{
	int num;
411

412
	num = ((struct syscall_metadata *)call->data)->syscall_nr;
413
	if (num < 0 || num >= NR_syscalls)
414
415
416
417
418
		return;
	mutex_lock(&syscall_trace_lock);
	sys_refcount_exit--;
	clear_bit(num, enabled_exit_syscalls);
	if (!sys_refcount_exit)
419
		unregister_trace_sys_exit(ftrace_syscall_exit, NULL);
420
	mutex_unlock(&syscall_trace_lock);
421
}
422

423
424
425
426
int init_syscall_trace(struct ftrace_event_call *call)
{
	int id;

427
428
429
	if (set_syscall_print_fmt(call) < 0)
		return -ENOMEM;

430
431
432
	id = trace_event_raw_init(call);

	if (id < 0) {
433
		free_syscall_print_fmt(call);
434
		return id;
435
	}
436
437

	return id;
438
439
}

440
441
442
443
444
unsigned long __init arch_syscall_addr(int nr)
{
	return (unsigned long)sys_call_table[nr];
}

445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
int __init init_ftrace_syscalls(void)
{
	struct syscall_metadata *meta;
	unsigned long addr;
	int i;

	syscalls_metadata = kzalloc(sizeof(*syscalls_metadata) *
					NR_syscalls, GFP_KERNEL);
	if (!syscalls_metadata) {
		WARN_ON(1);
		return -ENOMEM;
	}

	for (i = 0; i < NR_syscalls; i++) {
		addr = arch_syscall_addr(i);
		meta = find_syscall_meta(addr);
461
462
463
464
		if (!meta)
			continue;

		meta->syscall_nr = i;
465
466
467
468
469
470
471
		syscalls_metadata[i] = meta;
	}

	return 0;
}
core_initcall(init_ftrace_syscalls);

472
#ifdef CONFIG_PERF_EVENTS
473

474
475
476
477
static DECLARE_BITMAP(enabled_perf_enter_syscalls, NR_syscalls);
static DECLARE_BITMAP(enabled_perf_exit_syscalls, NR_syscalls);
static int sys_perf_refcount_enter;
static int sys_perf_refcount_exit;
478

479
static void perf_syscall_enter(void *ignore, struct pt_regs *regs, long id)
480
481
{
	struct syscall_metadata *sys_data;
482
	struct syscall_trace_enter *rec;
483
	struct hlist_head *head;
484
	int syscall_nr;
485
	int rctx;
486
	int size;
487
488

	syscall_nr = syscall_get_nr(current, regs);
489
	if (!test_bit(syscall_nr, enabled_perf_enter_syscalls))
490
491
492
493
494
495
		return;

	sys_data = syscall_nr_to_meta(syscall_nr);
	if (!sys_data)
		return;

496
497
498
499
500
	/* get the size after alignment with the u32 buffer size field */
	size = sizeof(unsigned long) * sys_data->nb_args + sizeof(*rec);
	size = ALIGN(size + sizeof(u32), sizeof(u64));
	size -= sizeof(u32);

501
502
	if (WARN_ONCE(size > PERF_MAX_TRACE_SIZE,
		      "perf buffer not large enough"))
503
504
		return;

505
	rec = (struct syscall_trace_enter *)perf_trace_buf_prepare(size,
506
				sys_data->enter_event->event.type, regs, &rctx);
507
508
	if (!rec)
		return;
509
510
511
512

	rec->nr = syscall_nr;
	syscall_get_arguments(current, regs, 0, sys_data->nb_args,
			       (unsigned long *)&rec->args);
513

514
	head = this_cpu_ptr(sys_data->enter_event->perf_events);
515
	perf_trace_buf_submit(rec, size, rctx, 0, 1, regs, head);
516
517
}

518
int perf_sysenter_enable(struct ftrace_event_call *call)
519
520
521
522
{
	int ret = 0;
	int num;

523
	num = ((struct syscall_metadata *)call->data)->syscall_nr;
524
525

	mutex_lock(&syscall_trace_lock);
526
	if (!sys_perf_refcount_enter)
527
		ret = register_trace_sys_enter(perf_syscall_enter, NULL);
528
529
530
531
	if (ret) {
		pr_info("event trace: Could not activate"
				"syscall entry trace point");
	} else {
532
533
		set_bit(num, enabled_perf_enter_syscalls);
		sys_perf_refcount_enter++;
534
535
536
537
538
	}
	mutex_unlock(&syscall_trace_lock);
	return ret;
}

539
void perf_sysenter_disable(struct ftrace_event_call *call)
540
541
542
{
	int num;

543
	num = ((struct syscall_metadata *)call->data)->syscall_nr;
544
545

	mutex_lock(&syscall_trace_lock);
546
547
548
	sys_perf_refcount_enter--;
	clear_bit(num, enabled_perf_enter_syscalls);
	if (!sys_perf_refcount_enter)
549
		unregister_trace_sys_enter(perf_syscall_enter, NULL);
550
551
552
	mutex_unlock(&syscall_trace_lock);
}

553
static void perf_syscall_exit(void *ignore, struct pt_regs *regs, long ret)
554
555
{
	struct syscall_metadata *sys_data;
556
	struct syscall_trace_exit *rec;
557
	struct hlist_head *head;
558
	int syscall_nr;
559
	int rctx;
560
	int size;
561
562

	syscall_nr = syscall_get_nr(current, regs);
563
	if (!test_bit(syscall_nr, enabled_perf_exit_syscalls))
564
565
566
567
568
569
		return;

	sys_data = syscall_nr_to_meta(syscall_nr);
	if (!sys_data)
		return;

570
571
572
	/* We can probably do that at build time */
	size = ALIGN(sizeof(*rec) + sizeof(u32), sizeof(u64));
	size -= sizeof(u32);
573

574
575
576
577
	/*
	 * Impossible, but be paranoid with the future
	 * How to put this check outside runtime?
	 */
578
579
	if (WARN_ONCE(size > PERF_MAX_TRACE_SIZE,
		"exit event has grown above perf buffer size"))
580
581
		return;

582
	rec = (struct syscall_trace_exit *)perf_trace_buf_prepare(size,
583
				sys_data->exit_event->event.type, regs, &rctx);
584
585
	if (!rec)
		return;
586
587
588
589

	rec->nr = syscall_nr;
	rec->ret = syscall_get_return_value(current, regs);

590
	head = this_cpu_ptr(sys_data->exit_event->perf_events);
591
	perf_trace_buf_submit(rec, size, rctx, 0, 1, regs, head);
592
593
}

594
int perf_sysexit_enable(struct ftrace_event_call *call)
595
596
597
598
{
	int ret = 0;
	int num;

599
	num = ((struct syscall_metadata *)call->data)->syscall_nr;
600
601

	mutex_lock(&syscall_trace_lock);
602
	if (!sys_perf_refcount_exit)
603
		ret = register_trace_sys_exit(perf_syscall_exit, NULL);
604
605
	if (ret) {
		pr_info("event trace: Could not activate"
606
				"syscall exit trace point");
607
	} else {
608
609
		set_bit(num, enabled_perf_exit_syscalls);
		sys_perf_refcount_exit++;
610
611
612
613
614
	}
	mutex_unlock(&syscall_trace_lock);
	return ret;
}

615
void perf_sysexit_disable(struct ftrace_event_call *call)
616
617
618
{
	int num;

619
	num = ((struct syscall_metadata *)call->data)->syscall_nr;
620
621

	mutex_lock(&syscall_trace_lock);
622
623
624
	sys_perf_refcount_exit--;
	clear_bit(num, enabled_perf_exit_syscalls);
	if (!sys_perf_refcount_exit)
625
		unregister_trace_sys_exit(perf_syscall_exit, NULL);
626
627
628
	mutex_unlock(&syscall_trace_lock);
}

629
#endif /* CONFIG_PERF_EVENTS */
630

631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
static int syscall_enter_register(struct ftrace_event_call *event,
				 enum trace_reg type)
{
	switch (type) {
	case TRACE_REG_REGISTER:
		return reg_event_syscall_enter(event);
	case TRACE_REG_UNREGISTER:
		unreg_event_syscall_enter(event);
		return 0;

#ifdef CONFIG_PERF_EVENTS
	case TRACE_REG_PERF_REGISTER:
		return perf_sysenter_enable(event);
	case TRACE_REG_PERF_UNREGISTER:
		perf_sysenter_disable(event);
		return 0;
#endif
	}
	return 0;
}

static int syscall_exit_register(struct ftrace_event_call *event,
				 enum trace_reg type)
{
	switch (type) {
	case TRACE_REG_REGISTER:
		return reg_event_syscall_exit(event);
	case TRACE_REG_UNREGISTER:
		unreg_event_syscall_exit(event);
		return 0;

#ifdef CONFIG_PERF_EVENTS
	case TRACE_REG_PERF_REGISTER:
		return perf_sysexit_enable(event);
	case TRACE_REG_PERF_UNREGISTER:
		perf_sysexit_disable(event);
		return 0;
#endif
	}
	return 0;
}