trace_syscalls.c 16 KB
Newer Older
1
#include <trace/syscall.h>
2
#include <trace/events/syscalls.h>
3
#include <linux/slab.h>
4
#include <linux/kernel.h>
5
#include <linux/ftrace.h>
6
#include <linux/perf_event.h>
7 8 9 10 11
#include <asm/syscall.h>

#include "trace_output.h"
#include "trace.h"

12
static DEFINE_MUTEX(syscall_trace_lock);
13 14
static int sys_refcount_enter;
static int sys_refcount_exit;
15 16
static DECLARE_BITMAP(enabled_enter_syscalls, NR_syscalls);
static DECLARE_BITMAP(enabled_exit_syscalls, NR_syscalls);
17

18 19 20 21 22
static int syscall_enter_register(struct ftrace_event_call *event,
				 enum trace_reg type);
static int syscall_exit_register(struct ftrace_event_call *event,
				 enum trace_reg type);

23 24 25 26 27 28 29 30 31 32 33
static int syscall_enter_define_fields(struct ftrace_event_call *call);
static int syscall_exit_define_fields(struct ftrace_event_call *call);

static struct list_head *
syscall_get_enter_fields(struct ftrace_event_call *call)
{
	struct syscall_metadata *entry = call->data;

	return &entry->enter_fields;
}

34
struct trace_event_functions enter_syscall_print_funcs = {
35
	.trace		= print_syscall_enter,
36 37 38
};

struct trace_event_functions exit_syscall_print_funcs = {
39
	.trace		= print_syscall_exit,
40 41
};

42
struct ftrace_event_class event_class_syscall_enter = {
43 44 45 46 47
	.system		= "syscalls",
	.reg		= syscall_enter_register,
	.define_fields	= syscall_enter_define_fields,
	.get_fields	= syscall_get_enter_fields,
	.raw_init	= init_syscall_trace,
48 49 50
};

struct ftrace_event_class event_class_syscall_exit = {
51 52 53 54 55
	.system		= "syscalls",
	.reg		= syscall_exit_register,
	.define_fields	= syscall_exit_define_fields,
	.fields		= LIST_HEAD_INIT(event_class_syscall_exit.fields),
	.raw_init	= init_syscall_trace,
56 57
};

58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94
extern unsigned long __start_syscalls_metadata[];
extern unsigned long __stop_syscalls_metadata[];

static struct syscall_metadata **syscalls_metadata;

static struct syscall_metadata *find_syscall_meta(unsigned long syscall)
{
	struct syscall_metadata *start;
	struct syscall_metadata *stop;
	char str[KSYM_SYMBOL_LEN];


	start = (struct syscall_metadata *)__start_syscalls_metadata;
	stop = (struct syscall_metadata *)__stop_syscalls_metadata;
	kallsyms_lookup(syscall, NULL, NULL, NULL, str);

	for ( ; start < stop; start++) {
		/*
		 * Only compare after the "sys" prefix. Archs that use
		 * syscall wrappers may have syscalls symbols aliases prefixed
		 * with "SyS" instead of "sys", leading to an unwanted
		 * mismatch.
		 */
		if (start->name && !strcmp(start->name + 3, str + 3))
			return start;
	}
	return NULL;
}

static struct syscall_metadata *syscall_nr_to_meta(int nr)
{
	if (!syscalls_metadata || nr >= NR_syscalls || nr < 0)
		return NULL;

	return syscalls_metadata[nr];
}

95
enum print_line_t
96 97
print_syscall_enter(struct trace_iterator *iter, int flags,
		    struct trace_event *event)
98 99 100 101 102 103 104
{
	struct trace_seq *s = &iter->seq;
	struct trace_entry *ent = iter->ent;
	struct syscall_trace_enter *trace;
	struct syscall_metadata *entry;
	int i, ret, syscall;

105
	trace = (typeof(trace))ent;
106 107
	syscall = trace->nr;
	entry = syscall_nr_to_meta(syscall);
108

109 110 111
	if (!entry)
		goto end;

112
	if (entry->enter_event->event.type != ent->type) {
113 114 115 116
		WARN_ON_ONCE(1);
		goto end;
	}

117 118 119 120 121 122
	ret = trace_seq_printf(s, "%s(", entry->name);
	if (!ret)
		return TRACE_TYPE_PARTIAL_LINE;

	for (i = 0; i < entry->nb_args; i++) {
		/* parameter types */
123
		if (trace_flags & TRACE_ITER_VERBOSE) {
124 125 126 127 128
			ret = trace_seq_printf(s, "%s ", entry->types[i]);
			if (!ret)
				return TRACE_TYPE_PARTIAL_LINE;
		}
		/* parameter values */
129
		ret = trace_seq_printf(s, "%s: %lx%s", entry->args[i],
130
				       trace->args[i],
131
				       i == entry->nb_args - 1 ? "" : ", ");
132 133 134 135
		if (!ret)
			return TRACE_TYPE_PARTIAL_LINE;
	}

136 137 138 139
	ret = trace_seq_putc(s, ')');
	if (!ret)
		return TRACE_TYPE_PARTIAL_LINE;

140
end:
141 142 143 144
	ret =  trace_seq_putc(s, '\n');
	if (!ret)
		return TRACE_TYPE_PARTIAL_LINE;

145 146 147 148
	return TRACE_TYPE_HANDLED;
}

enum print_line_t
149 150
print_syscall_exit(struct trace_iterator *iter, int flags,
		   struct trace_event *event)
151 152 153 154 155 156 157 158
{
	struct trace_seq *s = &iter->seq;
	struct trace_entry *ent = iter->ent;
	struct syscall_trace_exit *trace;
	int syscall;
	struct syscall_metadata *entry;
	int ret;

159
	trace = (typeof(trace))ent;
160 161
	syscall = trace->nr;
	entry = syscall_nr_to_meta(syscall);
162

163 164 165 166 167
	if (!entry) {
		trace_seq_printf(s, "\n");
		return TRACE_TYPE_HANDLED;
	}

168
	if (entry->exit_event->event.type != ent->type) {
169 170 171 172
		WARN_ON_ONCE(1);
		return TRACE_TYPE_UNHANDLED;
	}

173 174 175 176 177 178 179 180
	ret = trace_seq_printf(s, "%s -> 0x%lx\n", entry->name,
				trace->ret);
	if (!ret)
		return TRACE_TYPE_PARTIAL_LINE;

	return TRACE_TYPE_HANDLED;
}

181 182 183 184 185
extern char *__bad_type_size(void);

#define SYSCALL_FIELD(type, name)					\
	sizeof(type) != sizeof(trace.name) ?				\
		__bad_type_size() :					\
186 187
		#type, #name, offsetof(typeof(trace), name),		\
		sizeof(trace.name), is_signed_type(type)
188

189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249
static
int  __set_enter_print_fmt(struct syscall_metadata *entry, char *buf, int len)
{
	int i;
	int pos = 0;

	/* When len=0, we just calculate the needed length */
#define LEN_OR_ZERO (len ? len - pos : 0)

	pos += snprintf(buf + pos, LEN_OR_ZERO, "\"");
	for (i = 0; i < entry->nb_args; i++) {
		pos += snprintf(buf + pos, LEN_OR_ZERO, "%s: 0x%%0%zulx%s",
				entry->args[i], sizeof(unsigned long),
				i == entry->nb_args - 1 ? "" : ", ");
	}
	pos += snprintf(buf + pos, LEN_OR_ZERO, "\"");

	for (i = 0; i < entry->nb_args; i++) {
		pos += snprintf(buf + pos, LEN_OR_ZERO,
				", ((unsigned long)(REC->%s))", entry->args[i]);
	}

#undef LEN_OR_ZERO

	/* return the length of print_fmt */
	return pos;
}

static int set_syscall_print_fmt(struct ftrace_event_call *call)
{
	char *print_fmt;
	int len;
	struct syscall_metadata *entry = call->data;

	if (entry->enter_event != call) {
		call->print_fmt = "\"0x%lx\", REC->ret";
		return 0;
	}

	/* First: called with 0 length to calculate the needed length */
	len = __set_enter_print_fmt(entry, NULL, 0);

	print_fmt = kmalloc(len + 1, GFP_KERNEL);
	if (!print_fmt)
		return -ENOMEM;

	/* Second: actually write the @print_fmt */
	__set_enter_print_fmt(entry, print_fmt, len + 1);
	call->print_fmt = print_fmt;

	return 0;
}

static void free_syscall_print_fmt(struct ftrace_event_call *call)
{
	struct syscall_metadata *entry = call->data;

	if (entry->enter_event == call)
		kfree(call->print_fmt);
}

250
static int syscall_enter_define_fields(struct ftrace_event_call *call)
251 252
{
	struct syscall_trace_enter trace;
253
	struct syscall_metadata *meta = call->data;
254 255 256 257
	int ret;
	int i;
	int offset = offsetof(typeof(trace), args);

258 259 260 261
	ret = trace_define_field(call, SYSCALL_FIELD(int, nr), FILTER_OTHER);
	if (ret)
		return ret;

262
	for (i = 0; i < meta->nb_args; i++) {
263 264
		ret = trace_define_field(call, meta->types[i],
					 meta->args[i], offset,
265 266
					 sizeof(unsigned long), 0,
					 FILTER_OTHER);
267 268 269 270 271 272
		offset += sizeof(unsigned long);
	}

	return ret;
}

273
static int syscall_exit_define_fields(struct ftrace_event_call *call)
274 275 276 277
{
	struct syscall_trace_exit trace;
	int ret;

278 279 280 281
	ret = trace_define_field(call, SYSCALL_FIELD(int, nr), FILTER_OTHER);
	if (ret)
		return ret;

282
	ret = trace_define_field(call, SYSCALL_FIELD(long, ret),
283
				 FILTER_OTHER);
284 285 286 287

	return ret;
}

288
void ftrace_syscall_enter(void *ignore, struct pt_regs *regs, long id)
289
{
290 291 292
	struct syscall_trace_enter *entry;
	struct syscall_metadata *sys_data;
	struct ring_buffer_event *event;
293
	struct ring_buffer *buffer;
294
	int size;
295 296 297
	int syscall_nr;

	syscall_nr = syscall_get_nr(current, regs);
298 299
	if (syscall_nr < 0)
		return;
300 301
	if (!test_bit(syscall_nr, enabled_enter_syscalls))
		return;
302

303 304 305 306 307 308
	sys_data = syscall_nr_to_meta(syscall_nr);
	if (!sys_data)
		return;

	size = sizeof(*entry) + sizeof(unsigned long) * sys_data->nb_args;

309
	event = trace_current_buffer_lock_reserve(&buffer,
310
			sys_data->enter_event->event.type, size, 0, 0);
311 312 313 314 315 316 317
	if (!event)
		return;

	entry = ring_buffer_event_data(event);
	entry->nr = syscall_nr;
	syscall_get_arguments(current, regs, 0, sys_data->nb_args, entry->args);

318 319 320
	if (!filter_current_check_discard(buffer, sys_data->enter_event,
					  entry, event))
		trace_current_buffer_unlock_commit(buffer, event, 0, 0);
321 322
}

323
void ftrace_syscall_exit(void *ignore, struct pt_regs *regs, long ret)
324
{
325 326 327
	struct syscall_trace_exit *entry;
	struct syscall_metadata *sys_data;
	struct ring_buffer_event *event;
328
	struct ring_buffer *buffer;
329 330 331
	int syscall_nr;

	syscall_nr = syscall_get_nr(current, regs);
332 333
	if (syscall_nr < 0)
		return;
334 335
	if (!test_bit(syscall_nr, enabled_exit_syscalls))
		return;
336

337 338 339 340
	sys_data = syscall_nr_to_meta(syscall_nr);
	if (!sys_data)
		return;

341
	event = trace_current_buffer_lock_reserve(&buffer,
342
			sys_data->exit_event->event.type, sizeof(*entry), 0, 0);
343 344 345 346 347 348 349
	if (!event)
		return;

	entry = ring_buffer_event_data(event);
	entry->nr = syscall_nr;
	entry->ret = syscall_get_return_value(current, regs);

350 351 352
	if (!filter_current_check_discard(buffer, sys_data->exit_event,
					  entry, event))
		trace_current_buffer_unlock_commit(buffer, event, 0, 0);
353 354
}

355
int reg_event_syscall_enter(struct ftrace_event_call *call)
356
{
357 358 359
	int ret = 0;
	int num;

360
	num = ((struct syscall_metadata *)call->data)->syscall_nr;
361
	if (num < 0 || num >= NR_syscalls)
362 363 364
		return -ENOSYS;
	mutex_lock(&syscall_trace_lock);
	if (!sys_refcount_enter)
365
		ret = register_trace_sys_enter(ftrace_syscall_enter, NULL);
366
	if (!ret) {
367 368 369 370 371
		set_bit(num, enabled_enter_syscalls);
		sys_refcount_enter++;
	}
	mutex_unlock(&syscall_trace_lock);
	return ret;
372 373
}

374
void unreg_event_syscall_enter(struct ftrace_event_call *call)
375
{
376
	int num;
377

378
	num = ((struct syscall_metadata *)call->data)->syscall_nr;
379
	if (num < 0 || num >= NR_syscalls)
380 381 382 383 384
		return;
	mutex_lock(&syscall_trace_lock);
	sys_refcount_enter--;
	clear_bit(num, enabled_enter_syscalls);
	if (!sys_refcount_enter)
385
		unregister_trace_sys_enter(ftrace_syscall_enter, NULL);
386 387
	mutex_unlock(&syscall_trace_lock);
}
388

389
int reg_event_syscall_exit(struct ftrace_event_call *call)
390
{
391 392 393
	int ret = 0;
	int num;

394
	num = ((struct syscall_metadata *)call->data)->syscall_nr;
395
	if (num < 0 || num >= NR_syscalls)
396 397 398
		return -ENOSYS;
	mutex_lock(&syscall_trace_lock);
	if (!sys_refcount_exit)
399
		ret = register_trace_sys_exit(ftrace_syscall_exit, NULL);
400
	if (!ret) {
401 402
		set_bit(num, enabled_exit_syscalls);
		sys_refcount_exit++;
403
	}
404 405 406
	mutex_unlock(&syscall_trace_lock);
	return ret;
}
407

408
void unreg_event_syscall_exit(struct ftrace_event_call *call)
409 410
{
	int num;
411

412
	num = ((struct syscall_metadata *)call->data)->syscall_nr;
413
	if (num < 0 || num >= NR_syscalls)
414 415 416 417 418
		return;
	mutex_lock(&syscall_trace_lock);
	sys_refcount_exit--;
	clear_bit(num, enabled_exit_syscalls);
	if (!sys_refcount_exit)
419
		unregister_trace_sys_exit(ftrace_syscall_exit, NULL);
420
	mutex_unlock(&syscall_trace_lock);
421
}
422

423 424 425 426
int init_syscall_trace(struct ftrace_event_call *call)
{
	int id;

427 428 429
	if (set_syscall_print_fmt(call) < 0)
		return -ENOMEM;

430 431 432
	id = trace_event_raw_init(call);

	if (id < 0) {
433
		free_syscall_print_fmt(call);
434
		return id;
435
	}
436 437

	return id;
438 439
}

440 441 442 443 444
unsigned long __init arch_syscall_addr(int nr)
{
	return (unsigned long)sys_call_table[nr];
}

445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460
int __init init_ftrace_syscalls(void)
{
	struct syscall_metadata *meta;
	unsigned long addr;
	int i;

	syscalls_metadata = kzalloc(sizeof(*syscalls_metadata) *
					NR_syscalls, GFP_KERNEL);
	if (!syscalls_metadata) {
		WARN_ON(1);
		return -ENOMEM;
	}

	for (i = 0; i < NR_syscalls; i++) {
		addr = arch_syscall_addr(i);
		meta = find_syscall_meta(addr);
461 462 463 464
		if (!meta)
			continue;

		meta->syscall_nr = i;
465 466 467 468 469 470 471
		syscalls_metadata[i] = meta;
	}

	return 0;
}
core_initcall(init_ftrace_syscalls);

472
#ifdef CONFIG_PERF_EVENTS
473

474 475 476 477
static DECLARE_BITMAP(enabled_perf_enter_syscalls, NR_syscalls);
static DECLARE_BITMAP(enabled_perf_exit_syscalls, NR_syscalls);
static int sys_perf_refcount_enter;
static int sys_perf_refcount_exit;
478

479
static void perf_syscall_enter(void *ignore, struct pt_regs *regs, long id)
480 481
{
	struct syscall_metadata *sys_data;
482
	struct syscall_trace_enter *rec;
483
	struct hlist_head *head;
484
	int syscall_nr;
485
	int rctx;
486
	int size;
487 488

	syscall_nr = syscall_get_nr(current, regs);
489
	if (!test_bit(syscall_nr, enabled_perf_enter_syscalls))
490 491 492 493 494 495
		return;

	sys_data = syscall_nr_to_meta(syscall_nr);
	if (!sys_data)
		return;

496 497 498 499 500
	/* get the size after alignment with the u32 buffer size field */
	size = sizeof(unsigned long) * sys_data->nb_args + sizeof(*rec);
	size = ALIGN(size + sizeof(u32), sizeof(u64));
	size -= sizeof(u32);

501 502
	if (WARN_ONCE(size > PERF_MAX_TRACE_SIZE,
		      "perf buffer not large enough"))
503 504
		return;

505
	rec = (struct syscall_trace_enter *)perf_trace_buf_prepare(size,
506
				sys_data->enter_event->event.type, regs, &rctx);
507 508
	if (!rec)
		return;
509 510 511 512

	rec->nr = syscall_nr;
	syscall_get_arguments(current, regs, 0, sys_data->nb_args,
			       (unsigned long *)&rec->args);
513

514
	head = this_cpu_ptr(sys_data->enter_event->perf_events);
515
	perf_trace_buf_submit(rec, size, rctx, 0, 1, regs, head);
516 517
}

518
int perf_sysenter_enable(struct ftrace_event_call *call)
519 520 521 522
{
	int ret = 0;
	int num;

523
	num = ((struct syscall_metadata *)call->data)->syscall_nr;
524 525

	mutex_lock(&syscall_trace_lock);
526
	if (!sys_perf_refcount_enter)
527
		ret = register_trace_sys_enter(perf_syscall_enter, NULL);
528 529 530 531
	if (ret) {
		pr_info("event trace: Could not activate"
				"syscall entry trace point");
	} else {
532 533
		set_bit(num, enabled_perf_enter_syscalls);
		sys_perf_refcount_enter++;
534 535 536 537 538
	}
	mutex_unlock(&syscall_trace_lock);
	return ret;
}

539
void perf_sysenter_disable(struct ftrace_event_call *call)
540 541 542
{
	int num;

543
	num = ((struct syscall_metadata *)call->data)->syscall_nr;
544 545

	mutex_lock(&syscall_trace_lock);
546 547 548
	sys_perf_refcount_enter--;
	clear_bit(num, enabled_perf_enter_syscalls);
	if (!sys_perf_refcount_enter)
549
		unregister_trace_sys_enter(perf_syscall_enter, NULL);
550 551 552
	mutex_unlock(&syscall_trace_lock);
}

553
static void perf_syscall_exit(void *ignore, struct pt_regs *regs, long ret)
554 555
{
	struct syscall_metadata *sys_data;
556
	struct syscall_trace_exit *rec;
557
	struct hlist_head *head;
558
	int syscall_nr;
559
	int rctx;
560
	int size;
561 562

	syscall_nr = syscall_get_nr(current, regs);
563
	if (!test_bit(syscall_nr, enabled_perf_exit_syscalls))
564 565 566 567 568 569
		return;

	sys_data = syscall_nr_to_meta(syscall_nr);
	if (!sys_data)
		return;

570 571 572
	/* We can probably do that at build time */
	size = ALIGN(sizeof(*rec) + sizeof(u32), sizeof(u64));
	size -= sizeof(u32);
573

574 575 576 577
	/*
	 * Impossible, but be paranoid with the future
	 * How to put this check outside runtime?
	 */
578 579
	if (WARN_ONCE(size > PERF_MAX_TRACE_SIZE,
		"exit event has grown above perf buffer size"))
580 581
		return;

582
	rec = (struct syscall_trace_exit *)perf_trace_buf_prepare(size,
583
				sys_data->exit_event->event.type, regs, &rctx);
584 585
	if (!rec)
		return;
586 587 588 589

	rec->nr = syscall_nr;
	rec->ret = syscall_get_return_value(current, regs);

590
	head = this_cpu_ptr(sys_data->exit_event->perf_events);
591
	perf_trace_buf_submit(rec, size, rctx, 0, 1, regs, head);
592 593
}

594
int perf_sysexit_enable(struct ftrace_event_call *call)
595 596 597 598
{
	int ret = 0;
	int num;

599
	num = ((struct syscall_metadata *)call->data)->syscall_nr;
600 601

	mutex_lock(&syscall_trace_lock);
602
	if (!sys_perf_refcount_exit)
603
		ret = register_trace_sys_exit(perf_syscall_exit, NULL);
604 605
	if (ret) {
		pr_info("event trace: Could not activate"
606
				"syscall exit trace point");
607
	} else {
608 609
		set_bit(num, enabled_perf_exit_syscalls);
		sys_perf_refcount_exit++;
610 611 612 613 614
	}
	mutex_unlock(&syscall_trace_lock);
	return ret;
}

615
void perf_sysexit_disable(struct ftrace_event_call *call)
616 617 618
{
	int num;

619
	num = ((struct syscall_metadata *)call->data)->syscall_nr;
620 621

	mutex_lock(&syscall_trace_lock);
622 623 624
	sys_perf_refcount_exit--;
	clear_bit(num, enabled_perf_exit_syscalls);
	if (!sys_perf_refcount_exit)
625
		unregister_trace_sys_exit(perf_syscall_exit, NULL);
626 627 628
	mutex_unlock(&syscall_trace_lock);
}

629
#endif /* CONFIG_PERF_EVENTS */
630

631 632 633 634 635 636 637 638 639 640 641 642 643 644 645 646 647 648 649 650 651 652 653 654 655 656 657 658 659 660 661 662 663 664 665 666 667 668 669 670 671
static int syscall_enter_register(struct ftrace_event_call *event,
				 enum trace_reg type)
{
	switch (type) {
	case TRACE_REG_REGISTER:
		return reg_event_syscall_enter(event);
	case TRACE_REG_UNREGISTER:
		unreg_event_syscall_enter(event);
		return 0;

#ifdef CONFIG_PERF_EVENTS
	case TRACE_REG_PERF_REGISTER:
		return perf_sysenter_enable(event);
	case TRACE_REG_PERF_UNREGISTER:
		perf_sysenter_disable(event);
		return 0;
#endif
	}
	return 0;
}

static int syscall_exit_register(struct ftrace_event_call *event,
				 enum trace_reg type)
{
	switch (type) {
	case TRACE_REG_REGISTER:
		return reg_event_syscall_exit(event);
	case TRACE_REG_UNREGISTER:
		unreg_event_syscall_exit(event);
		return 0;

#ifdef CONFIG_PERF_EVENTS
	case TRACE_REG_PERF_REGISTER:
		return perf_sysexit_enable(event);
	case TRACE_REG_PERF_UNREGISTER:
		perf_sysexit_disable(event);
		return 0;
#endif
	}
	return 0;
}