trace_syscalls.c 16.5 KB
Newer Older
1
#include <trace/syscall.h>
2
#include <trace/events/syscalls.h>
3
#include <linux/slab.h>
4
#include <linux/kernel.h>
5
#include <linux/ftrace.h>
6
#include <linux/perf_event.h>
7
8
9
10
11
#include <asm/syscall.h>

#include "trace_output.h"
#include "trace.h"

12
static DEFINE_MUTEX(syscall_trace_lock);
13
14
static int sys_refcount_enter;
static int sys_refcount_exit;
15
16
static DECLARE_BITMAP(enabled_enter_syscalls, NR_syscalls);
static DECLARE_BITMAP(enabled_exit_syscalls, NR_syscalls);
17

18
19
20
21
22
static int syscall_enter_register(struct ftrace_event_call *event,
				 enum trace_reg type);
static int syscall_exit_register(struct ftrace_event_call *event,
				 enum trace_reg type);

23
24
25
26
27
28
29
30
31
32
33
static int syscall_enter_define_fields(struct ftrace_event_call *call);
static int syscall_exit_define_fields(struct ftrace_event_call *call);

static struct list_head *
syscall_get_enter_fields(struct ftrace_event_call *call)
{
	struct syscall_metadata *entry = call->data;

	return &entry->enter_fields;
}

34
struct trace_event_functions enter_syscall_print_funcs = {
35
	.trace		= print_syscall_enter,
36
37
38
};

struct trace_event_functions exit_syscall_print_funcs = {
39
	.trace		= print_syscall_exit,
40
41
};

42
struct ftrace_event_class event_class_syscall_enter = {
43
44
45
46
47
	.system		= "syscalls",
	.reg		= syscall_enter_register,
	.define_fields	= syscall_enter_define_fields,
	.get_fields	= syscall_get_enter_fields,
	.raw_init	= init_syscall_trace,
48
49
50
};

struct ftrace_event_class event_class_syscall_exit = {
51
52
53
54
55
	.system		= "syscalls",
	.reg		= syscall_exit_register,
	.define_fields	= syscall_exit_define_fields,
	.fields		= LIST_HEAD_INIT(event_class_syscall_exit.fields),
	.raw_init	= init_syscall_trace,
56
57
};

58
59
extern struct syscall_metadata *__start_syscalls_metadata[];
extern struct syscall_metadata *__stop_syscalls_metadata[];
60
61
62

static struct syscall_metadata **syscalls_metadata;

63
64
65
66
67
68
69
70
71
72
73
74
75
#ifndef ARCH_HAS_SYSCALL_MATCH_SYM_NAME
static inline bool arch_syscall_match_sym_name(const char *sym, const char *name)
{
	/*
	 * Only compare after the "sys" prefix. Archs that use
	 * syscall wrappers may have syscalls symbols aliases prefixed
	 * with "SyS" instead of "sys", leading to an unwanted
	 * mismatch.
	 */
	return !strcmp(sym + 3, name + 3);
}
#endif

76
77
static __init struct syscall_metadata *
find_syscall_meta(unsigned long syscall)
78
{
79
80
	struct syscall_metadata **start;
	struct syscall_metadata **stop;
81
82
83
	char str[KSYM_SYMBOL_LEN];


84
85
	start = __start_syscalls_metadata;
	stop = __stop_syscalls_metadata;
86
87
88
	kallsyms_lookup(syscall, NULL, NULL, NULL, str);

	for ( ; start < stop; start++) {
89
		if ((*start)->name && arch_syscall_match_sym_name(str, (*start)->name))
90
			return *start;
91
92
93
94
95
96
97
98
99
100
101
102
	}
	return NULL;
}

static struct syscall_metadata *syscall_nr_to_meta(int nr)
{
	if (!syscalls_metadata || nr >= NR_syscalls || nr < 0)
		return NULL;

	return syscalls_metadata[nr];
}

103
enum print_line_t
104
105
print_syscall_enter(struct trace_iterator *iter, int flags,
		    struct trace_event *event)
106
107
108
109
110
111
112
{
	struct trace_seq *s = &iter->seq;
	struct trace_entry *ent = iter->ent;
	struct syscall_trace_enter *trace;
	struct syscall_metadata *entry;
	int i, ret, syscall;

113
	trace = (typeof(trace))ent;
114
115
	syscall = trace->nr;
	entry = syscall_nr_to_meta(syscall);
116

117
118
119
	if (!entry)
		goto end;

120
	if (entry->enter_event->event.type != ent->type) {
121
122
123
124
		WARN_ON_ONCE(1);
		goto end;
	}

125
126
127
128
129
130
	ret = trace_seq_printf(s, "%s(", entry->name);
	if (!ret)
		return TRACE_TYPE_PARTIAL_LINE;

	for (i = 0; i < entry->nb_args; i++) {
		/* parameter types */
131
		if (trace_flags & TRACE_ITER_VERBOSE) {
132
133
134
135
136
			ret = trace_seq_printf(s, "%s ", entry->types[i]);
			if (!ret)
				return TRACE_TYPE_PARTIAL_LINE;
		}
		/* parameter values */
137
		ret = trace_seq_printf(s, "%s: %lx%s", entry->args[i],
138
				       trace->args[i],
139
				       i == entry->nb_args - 1 ? "" : ", ");
140
141
142
143
		if (!ret)
			return TRACE_TYPE_PARTIAL_LINE;
	}

144
145
146
147
	ret = trace_seq_putc(s, ')');
	if (!ret)
		return TRACE_TYPE_PARTIAL_LINE;

148
end:
149
150
151
152
	ret =  trace_seq_putc(s, '\n');
	if (!ret)
		return TRACE_TYPE_PARTIAL_LINE;

153
154
155
156
	return TRACE_TYPE_HANDLED;
}

enum print_line_t
157
158
print_syscall_exit(struct trace_iterator *iter, int flags,
		   struct trace_event *event)
159
160
161
162
163
164
165
166
{
	struct trace_seq *s = &iter->seq;
	struct trace_entry *ent = iter->ent;
	struct syscall_trace_exit *trace;
	int syscall;
	struct syscall_metadata *entry;
	int ret;

167
	trace = (typeof(trace))ent;
168
169
	syscall = trace->nr;
	entry = syscall_nr_to_meta(syscall);
170

171
172
173
174
175
	if (!entry) {
		trace_seq_printf(s, "\n");
		return TRACE_TYPE_HANDLED;
	}

176
	if (entry->exit_event->event.type != ent->type) {
177
178
179
180
		WARN_ON_ONCE(1);
		return TRACE_TYPE_UNHANDLED;
	}

181
182
183
184
185
186
187
188
	ret = trace_seq_printf(s, "%s -> 0x%lx\n", entry->name,
				trace->ret);
	if (!ret)
		return TRACE_TYPE_PARTIAL_LINE;

	return TRACE_TYPE_HANDLED;
}

189
190
191
192
193
extern char *__bad_type_size(void);

#define SYSCALL_FIELD(type, name)					\
	sizeof(type) != sizeof(trace.name) ?				\
		__bad_type_size() :					\
194
195
		#type, #name, offsetof(typeof(trace), name),		\
		sizeof(trace.name), is_signed_type(type)
196

197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
static
int  __set_enter_print_fmt(struct syscall_metadata *entry, char *buf, int len)
{
	int i;
	int pos = 0;

	/* When len=0, we just calculate the needed length */
#define LEN_OR_ZERO (len ? len - pos : 0)

	pos += snprintf(buf + pos, LEN_OR_ZERO, "\"");
	for (i = 0; i < entry->nb_args; i++) {
		pos += snprintf(buf + pos, LEN_OR_ZERO, "%s: 0x%%0%zulx%s",
				entry->args[i], sizeof(unsigned long),
				i == entry->nb_args - 1 ? "" : ", ");
	}
	pos += snprintf(buf + pos, LEN_OR_ZERO, "\"");

	for (i = 0; i < entry->nb_args; i++) {
		pos += snprintf(buf + pos, LEN_OR_ZERO,
				", ((unsigned long)(REC->%s))", entry->args[i]);
	}

#undef LEN_OR_ZERO

	/* return the length of print_fmt */
	return pos;
}

static int set_syscall_print_fmt(struct ftrace_event_call *call)
{
	char *print_fmt;
	int len;
	struct syscall_metadata *entry = call->data;

	if (entry->enter_event != call) {
		call->print_fmt = "\"0x%lx\", REC->ret";
		return 0;
	}

	/* First: called with 0 length to calculate the needed length */
	len = __set_enter_print_fmt(entry, NULL, 0);

	print_fmt = kmalloc(len + 1, GFP_KERNEL);
	if (!print_fmt)
		return -ENOMEM;

	/* Second: actually write the @print_fmt */
	__set_enter_print_fmt(entry, print_fmt, len + 1);
	call->print_fmt = print_fmt;

	return 0;
}

static void free_syscall_print_fmt(struct ftrace_event_call *call)
{
	struct syscall_metadata *entry = call->data;

	if (entry->enter_event == call)
		kfree(call->print_fmt);
}

258
static int syscall_enter_define_fields(struct ftrace_event_call *call)
259
260
{
	struct syscall_trace_enter trace;
261
	struct syscall_metadata *meta = call->data;
262
263
264
265
	int ret;
	int i;
	int offset = offsetof(typeof(trace), args);

266
267
268
269
	ret = trace_define_field(call, SYSCALL_FIELD(int, nr), FILTER_OTHER);
	if (ret)
		return ret;

270
	for (i = 0; i < meta->nb_args; i++) {
271
272
		ret = trace_define_field(call, meta->types[i],
					 meta->args[i], offset,
273
274
					 sizeof(unsigned long), 0,
					 FILTER_OTHER);
275
276
277
278
279
280
		offset += sizeof(unsigned long);
	}

	return ret;
}

281
static int syscall_exit_define_fields(struct ftrace_event_call *call)
282
283
284
285
{
	struct syscall_trace_exit trace;
	int ret;

286
287
288
289
	ret = trace_define_field(call, SYSCALL_FIELD(int, nr), FILTER_OTHER);
	if (ret)
		return ret;

290
	ret = trace_define_field(call, SYSCALL_FIELD(long, ret),
291
				 FILTER_OTHER);
292
293
294
295

	return ret;
}

296
void ftrace_syscall_enter(void *ignore, struct pt_regs *regs, long id)
297
{
298
299
300
	struct syscall_trace_enter *entry;
	struct syscall_metadata *sys_data;
	struct ring_buffer_event *event;
301
	struct ring_buffer *buffer;
302
	int size;
303
304
305
	int syscall_nr;

	syscall_nr = syscall_get_nr(current, regs);
306
307
	if (syscall_nr < 0)
		return;
308
309
	if (!test_bit(syscall_nr, enabled_enter_syscalls))
		return;
310

311
312
313
314
315
316
	sys_data = syscall_nr_to_meta(syscall_nr);
	if (!sys_data)
		return;

	size = sizeof(*entry) + sizeof(unsigned long) * sys_data->nb_args;

317
	event = trace_current_buffer_lock_reserve(&buffer,
318
			sys_data->enter_event->event.type, size, 0, 0);
319
320
321
322
323
324
325
	if (!event)
		return;

	entry = ring_buffer_event_data(event);
	entry->nr = syscall_nr;
	syscall_get_arguments(current, regs, 0, sys_data->nb_args, entry->args);

326
327
328
	if (!filter_current_check_discard(buffer, sys_data->enter_event,
					  entry, event))
		trace_current_buffer_unlock_commit(buffer, event, 0, 0);
329
330
}

331
void ftrace_syscall_exit(void *ignore, struct pt_regs *regs, long ret)
332
{
333
334
335
	struct syscall_trace_exit *entry;
	struct syscall_metadata *sys_data;
	struct ring_buffer_event *event;
336
	struct ring_buffer *buffer;
337
338
339
	int syscall_nr;

	syscall_nr = syscall_get_nr(current, regs);
340
341
	if (syscall_nr < 0)
		return;
342
343
	if (!test_bit(syscall_nr, enabled_exit_syscalls))
		return;
344

345
346
347
348
	sys_data = syscall_nr_to_meta(syscall_nr);
	if (!sys_data)
		return;

349
	event = trace_current_buffer_lock_reserve(&buffer,
350
			sys_data->exit_event->event.type, sizeof(*entry), 0, 0);
351
352
353
354
355
356
357
	if (!event)
		return;

	entry = ring_buffer_event_data(event);
	entry->nr = syscall_nr;
	entry->ret = syscall_get_return_value(current, regs);

358
359
360
	if (!filter_current_check_discard(buffer, sys_data->exit_event,
					  entry, event))
		trace_current_buffer_unlock_commit(buffer, event, 0, 0);
361
362
}

363
int reg_event_syscall_enter(struct ftrace_event_call *call)
364
{
365
366
367
	int ret = 0;
	int num;

368
	num = ((struct syscall_metadata *)call->data)->syscall_nr;
369
	if (WARN_ON_ONCE(num < 0 || num >= NR_syscalls))
370
371
372
		return -ENOSYS;
	mutex_lock(&syscall_trace_lock);
	if (!sys_refcount_enter)
373
		ret = register_trace_sys_enter(ftrace_syscall_enter, NULL);
374
	if (!ret) {
375
376
377
378
379
		set_bit(num, enabled_enter_syscalls);
		sys_refcount_enter++;
	}
	mutex_unlock(&syscall_trace_lock);
	return ret;
380
381
}

382
void unreg_event_syscall_enter(struct ftrace_event_call *call)
383
{
384
	int num;
385

386
	num = ((struct syscall_metadata *)call->data)->syscall_nr;
387
	if (WARN_ON_ONCE(num < 0 || num >= NR_syscalls))
388
389
390
391
392
		return;
	mutex_lock(&syscall_trace_lock);
	sys_refcount_enter--;
	clear_bit(num, enabled_enter_syscalls);
	if (!sys_refcount_enter)
393
		unregister_trace_sys_enter(ftrace_syscall_enter, NULL);
394
395
	mutex_unlock(&syscall_trace_lock);
}
396

397
int reg_event_syscall_exit(struct ftrace_event_call *call)
398
{
399
400
401
	int ret = 0;
	int num;

402
	num = ((struct syscall_metadata *)call->data)->syscall_nr;
403
	if (WARN_ON_ONCE(num < 0 || num >= NR_syscalls))
404
405
406
		return -ENOSYS;
	mutex_lock(&syscall_trace_lock);
	if (!sys_refcount_exit)
407
		ret = register_trace_sys_exit(ftrace_syscall_exit, NULL);
408
	if (!ret) {
409
410
		set_bit(num, enabled_exit_syscalls);
		sys_refcount_exit++;
411
	}
412
413
414
	mutex_unlock(&syscall_trace_lock);
	return ret;
}
415

416
void unreg_event_syscall_exit(struct ftrace_event_call *call)
417
418
{
	int num;
419

420
	num = ((struct syscall_metadata *)call->data)->syscall_nr;
421
	if (WARN_ON_ONCE(num < 0 || num >= NR_syscalls))
422
423
424
425
426
		return;
	mutex_lock(&syscall_trace_lock);
	sys_refcount_exit--;
	clear_bit(num, enabled_exit_syscalls);
	if (!sys_refcount_exit)
427
		unregister_trace_sys_exit(ftrace_syscall_exit, NULL);
428
	mutex_unlock(&syscall_trace_lock);
429
}
430

431
432
433
int init_syscall_trace(struct ftrace_event_call *call)
{
	int id;
434
435
436
437
438
439
440
441
	int num;

	num = ((struct syscall_metadata *)call->data)->syscall_nr;
	if (num < 0 || num >= NR_syscalls) {
		pr_debug("syscall %s metadata not mapped, disabling ftrace event\n",
				((struct syscall_metadata *)call->data)->name);
		return -ENOSYS;
	}
442

443
444
445
	if (set_syscall_print_fmt(call) < 0)
		return -ENOMEM;

446
447
448
	id = trace_event_raw_init(call);

	if (id < 0) {
449
		free_syscall_print_fmt(call);
450
		return id;
451
	}
452
453

	return id;
454
455
}

456
unsigned long __init __weak arch_syscall_addr(int nr)
457
458
459
460
{
	return (unsigned long)sys_call_table[nr];
}

461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
int __init init_ftrace_syscalls(void)
{
	struct syscall_metadata *meta;
	unsigned long addr;
	int i;

	syscalls_metadata = kzalloc(sizeof(*syscalls_metadata) *
					NR_syscalls, GFP_KERNEL);
	if (!syscalls_metadata) {
		WARN_ON(1);
		return -ENOMEM;
	}

	for (i = 0; i < NR_syscalls; i++) {
		addr = arch_syscall_addr(i);
		meta = find_syscall_meta(addr);
477
478
479
480
		if (!meta)
			continue;

		meta->syscall_nr = i;
481
482
483
484
485
486
487
		syscalls_metadata[i] = meta;
	}

	return 0;
}
core_initcall(init_ftrace_syscalls);

488
#ifdef CONFIG_PERF_EVENTS
489

490
491
492
493
static DECLARE_BITMAP(enabled_perf_enter_syscalls, NR_syscalls);
static DECLARE_BITMAP(enabled_perf_exit_syscalls, NR_syscalls);
static int sys_perf_refcount_enter;
static int sys_perf_refcount_exit;
494

495
static void perf_syscall_enter(void *ignore, struct pt_regs *regs, long id)
496
497
{
	struct syscall_metadata *sys_data;
498
	struct syscall_trace_enter *rec;
499
	struct hlist_head *head;
500
	int syscall_nr;
501
	int rctx;
502
	int size;
503
504

	syscall_nr = syscall_get_nr(current, regs);
505
	if (!test_bit(syscall_nr, enabled_perf_enter_syscalls))
506
507
508
509
510
511
		return;

	sys_data = syscall_nr_to_meta(syscall_nr);
	if (!sys_data)
		return;

512
513
514
515
516
	/* get the size after alignment with the u32 buffer size field */
	size = sizeof(unsigned long) * sys_data->nb_args + sizeof(*rec);
	size = ALIGN(size + sizeof(u32), sizeof(u64));
	size -= sizeof(u32);

517
518
	if (WARN_ONCE(size > PERF_MAX_TRACE_SIZE,
		      "perf buffer not large enough"))
519
520
		return;

521
	rec = (struct syscall_trace_enter *)perf_trace_buf_prepare(size,
522
				sys_data->enter_event->event.type, regs, &rctx);
523
524
	if (!rec)
		return;
525
526
527
528

	rec->nr = syscall_nr;
	syscall_get_arguments(current, regs, 0, sys_data->nb_args,
			       (unsigned long *)&rec->args);
529

530
	head = this_cpu_ptr(sys_data->enter_event->perf_events);
531
	perf_trace_buf_submit(rec, size, rctx, 0, 1, regs, head);
532
533
}

534
int perf_sysenter_enable(struct ftrace_event_call *call)
535
536
537
538
{
	int ret = 0;
	int num;

539
	num = ((struct syscall_metadata *)call->data)->syscall_nr;
540
541

	mutex_lock(&syscall_trace_lock);
542
	if (!sys_perf_refcount_enter)
543
		ret = register_trace_sys_enter(perf_syscall_enter, NULL);
544
545
546
547
	if (ret) {
		pr_info("event trace: Could not activate"
				"syscall entry trace point");
	} else {
548
549
		set_bit(num, enabled_perf_enter_syscalls);
		sys_perf_refcount_enter++;
550
551
552
553
554
	}
	mutex_unlock(&syscall_trace_lock);
	return ret;
}

555
void perf_sysenter_disable(struct ftrace_event_call *call)
556
557
558
{
	int num;

559
	num = ((struct syscall_metadata *)call->data)->syscall_nr;
560
561

	mutex_lock(&syscall_trace_lock);
562
563
564
	sys_perf_refcount_enter--;
	clear_bit(num, enabled_perf_enter_syscalls);
	if (!sys_perf_refcount_enter)
565
		unregister_trace_sys_enter(perf_syscall_enter, NULL);
566
567
568
	mutex_unlock(&syscall_trace_lock);
}

569
static void perf_syscall_exit(void *ignore, struct pt_regs *regs, long ret)
570
571
{
	struct syscall_metadata *sys_data;
572
	struct syscall_trace_exit *rec;
573
	struct hlist_head *head;
574
	int syscall_nr;
575
	int rctx;
576
	int size;
577
578

	syscall_nr = syscall_get_nr(current, regs);
579
	if (!test_bit(syscall_nr, enabled_perf_exit_syscalls))
580
581
582
583
584
585
		return;

	sys_data = syscall_nr_to_meta(syscall_nr);
	if (!sys_data)
		return;

586
587
588
	/* We can probably do that at build time */
	size = ALIGN(sizeof(*rec) + sizeof(u32), sizeof(u64));
	size -= sizeof(u32);
589

590
591
592
593
	/*
	 * Impossible, but be paranoid with the future
	 * How to put this check outside runtime?
	 */
594
595
	if (WARN_ONCE(size > PERF_MAX_TRACE_SIZE,
		"exit event has grown above perf buffer size"))
596
597
		return;

598
	rec = (struct syscall_trace_exit *)perf_trace_buf_prepare(size,
599
				sys_data->exit_event->event.type, regs, &rctx);
600
601
	if (!rec)
		return;
602
603
604
605

	rec->nr = syscall_nr;
	rec->ret = syscall_get_return_value(current, regs);

606
	head = this_cpu_ptr(sys_data->exit_event->perf_events);
607
	perf_trace_buf_submit(rec, size, rctx, 0, 1, regs, head);
608
609
}

610
int perf_sysexit_enable(struct ftrace_event_call *call)
611
612
613
614
{
	int ret = 0;
	int num;

615
	num = ((struct syscall_metadata *)call->data)->syscall_nr;
616
617

	mutex_lock(&syscall_trace_lock);
618
	if (!sys_perf_refcount_exit)
619
		ret = register_trace_sys_exit(perf_syscall_exit, NULL);
620
621
	if (ret) {
		pr_info("event trace: Could not activate"
622
				"syscall exit trace point");
623
	} else {
624
625
		set_bit(num, enabled_perf_exit_syscalls);
		sys_perf_refcount_exit++;
626
627
628
629
630
	}
	mutex_unlock(&syscall_trace_lock);
	return ret;
}

631
void perf_sysexit_disable(struct ftrace_event_call *call)
632
633
634
{
	int num;

635
	num = ((struct syscall_metadata *)call->data)->syscall_nr;
636
637

	mutex_lock(&syscall_trace_lock);
638
639
640
	sys_perf_refcount_exit--;
	clear_bit(num, enabled_perf_exit_syscalls);
	if (!sys_perf_refcount_exit)
641
		unregister_trace_sys_exit(perf_syscall_exit, NULL);
642
643
644
	mutex_unlock(&syscall_trace_lock);
}

645
#endif /* CONFIG_PERF_EVENTS */
646

647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
static int syscall_enter_register(struct ftrace_event_call *event,
				 enum trace_reg type)
{
	switch (type) {
	case TRACE_REG_REGISTER:
		return reg_event_syscall_enter(event);
	case TRACE_REG_UNREGISTER:
		unreg_event_syscall_enter(event);
		return 0;

#ifdef CONFIG_PERF_EVENTS
	case TRACE_REG_PERF_REGISTER:
		return perf_sysenter_enable(event);
	case TRACE_REG_PERF_UNREGISTER:
		perf_sysenter_disable(event);
		return 0;
#endif
	}
	return 0;
}

static int syscall_exit_register(struct ftrace_event_call *event,
				 enum trace_reg type)
{
	switch (type) {
	case TRACE_REG_REGISTER:
		return reg_event_syscall_exit(event);
	case TRACE_REG_UNREGISTER:
		unreg_event_syscall_exit(event);
		return 0;

#ifdef CONFIG_PERF_EVENTS
	case TRACE_REG_PERF_REGISTER:
		return perf_sysexit_enable(event);
	case TRACE_REG_PERF_UNREGISTER:
		perf_sysexit_disable(event);
		return 0;
#endif
	}
	return 0;
}