trace_syscalls.c 16.5 KB
Newer Older
1
#include <trace/syscall.h>
2
#include <trace/events/syscalls.h>
3
#include <linux/slab.h>
4
#include <linux/kernel.h>
5
#include <linux/ftrace.h>
6
#include <linux/perf_event.h>
7 8 9 10 11
#include <asm/syscall.h>

#include "trace_output.h"
#include "trace.h"

12
static DEFINE_MUTEX(syscall_trace_lock);
13 14
static int sys_refcount_enter;
static int sys_refcount_exit;
15 16
static DECLARE_BITMAP(enabled_enter_syscalls, NR_syscalls);
static DECLARE_BITMAP(enabled_exit_syscalls, NR_syscalls);
17

18 19 20 21 22
static int syscall_enter_register(struct ftrace_event_call *event,
				 enum trace_reg type);
static int syscall_exit_register(struct ftrace_event_call *event,
				 enum trace_reg type);

23 24 25 26 27 28 29 30 31 32 33
static int syscall_enter_define_fields(struct ftrace_event_call *call);
static int syscall_exit_define_fields(struct ftrace_event_call *call);

static struct list_head *
syscall_get_enter_fields(struct ftrace_event_call *call)
{
	struct syscall_metadata *entry = call->data;

	return &entry->enter_fields;
}

34
struct trace_event_functions enter_syscall_print_funcs = {
35
	.trace		= print_syscall_enter,
36 37 38
};

struct trace_event_functions exit_syscall_print_funcs = {
39
	.trace		= print_syscall_exit,
40 41
};

42
struct ftrace_event_class event_class_syscall_enter = {
43 44 45 46 47
	.system		= "syscalls",
	.reg		= syscall_enter_register,
	.define_fields	= syscall_enter_define_fields,
	.get_fields	= syscall_get_enter_fields,
	.raw_init	= init_syscall_trace,
48 49 50
};

struct ftrace_event_class event_class_syscall_exit = {
51 52 53 54 55
	.system		= "syscalls",
	.reg		= syscall_exit_register,
	.define_fields	= syscall_exit_define_fields,
	.fields		= LIST_HEAD_INIT(event_class_syscall_exit.fields),
	.raw_init	= init_syscall_trace,
56 57
};

58 59
extern struct syscall_metadata *__start_syscalls_metadata[];
extern struct syscall_metadata *__stop_syscalls_metadata[];
60 61 62

static struct syscall_metadata **syscalls_metadata;

63 64 65 66 67 68 69 70 71 72 73 74 75
#ifndef ARCH_HAS_SYSCALL_MATCH_SYM_NAME
static inline bool arch_syscall_match_sym_name(const char *sym, const char *name)
{
	/*
	 * Only compare after the "sys" prefix. Archs that use
	 * syscall wrappers may have syscalls symbols aliases prefixed
	 * with "SyS" instead of "sys", leading to an unwanted
	 * mismatch.
	 */
	return !strcmp(sym + 3, name + 3);
}
#endif

76 77
static __init struct syscall_metadata *
find_syscall_meta(unsigned long syscall)
78
{
79 80
	struct syscall_metadata **start;
	struct syscall_metadata **stop;
81 82 83
	char str[KSYM_SYMBOL_LEN];


84 85
	start = __start_syscalls_metadata;
	stop = __stop_syscalls_metadata;
86 87 88
	kallsyms_lookup(syscall, NULL, NULL, NULL, str);

	for ( ; start < stop; start++) {
89
		if ((*start)->name && arch_syscall_match_sym_name(str, (*start)->name))
90
			return *start;
91 92 93 94 95 96 97 98 99 100 101 102
	}
	return NULL;
}

static struct syscall_metadata *syscall_nr_to_meta(int nr)
{
	if (!syscalls_metadata || nr >= NR_syscalls || nr < 0)
		return NULL;

	return syscalls_metadata[nr];
}

103
enum print_line_t
104 105
print_syscall_enter(struct trace_iterator *iter, int flags,
		    struct trace_event *event)
106 107 108 109 110 111 112
{
	struct trace_seq *s = &iter->seq;
	struct trace_entry *ent = iter->ent;
	struct syscall_trace_enter *trace;
	struct syscall_metadata *entry;
	int i, ret, syscall;

113
	trace = (typeof(trace))ent;
114 115
	syscall = trace->nr;
	entry = syscall_nr_to_meta(syscall);
116

117 118 119
	if (!entry)
		goto end;

120
	if (entry->enter_event->event.type != ent->type) {
121 122 123 124
		WARN_ON_ONCE(1);
		goto end;
	}

125 126 127 128 129 130
	ret = trace_seq_printf(s, "%s(", entry->name);
	if (!ret)
		return TRACE_TYPE_PARTIAL_LINE;

	for (i = 0; i < entry->nb_args; i++) {
		/* parameter types */
131
		if (trace_flags & TRACE_ITER_VERBOSE) {
132 133 134 135 136
			ret = trace_seq_printf(s, "%s ", entry->types[i]);
			if (!ret)
				return TRACE_TYPE_PARTIAL_LINE;
		}
		/* parameter values */
137
		ret = trace_seq_printf(s, "%s: %lx%s", entry->args[i],
138
				       trace->args[i],
139
				       i == entry->nb_args - 1 ? "" : ", ");
140 141 142 143
		if (!ret)
			return TRACE_TYPE_PARTIAL_LINE;
	}

144 145 146 147
	ret = trace_seq_putc(s, ')');
	if (!ret)
		return TRACE_TYPE_PARTIAL_LINE;

148
end:
149 150 151 152
	ret =  trace_seq_putc(s, '\n');
	if (!ret)
		return TRACE_TYPE_PARTIAL_LINE;

153 154 155 156
	return TRACE_TYPE_HANDLED;
}

enum print_line_t
157 158
print_syscall_exit(struct trace_iterator *iter, int flags,
		   struct trace_event *event)
159 160 161 162 163 164 165 166
{
	struct trace_seq *s = &iter->seq;
	struct trace_entry *ent = iter->ent;
	struct syscall_trace_exit *trace;
	int syscall;
	struct syscall_metadata *entry;
	int ret;

167
	trace = (typeof(trace))ent;
168 169
	syscall = trace->nr;
	entry = syscall_nr_to_meta(syscall);
170

171 172 173 174 175
	if (!entry) {
		trace_seq_printf(s, "\n");
		return TRACE_TYPE_HANDLED;
	}

176
	if (entry->exit_event->event.type != ent->type) {
177 178 179 180
		WARN_ON_ONCE(1);
		return TRACE_TYPE_UNHANDLED;
	}

181 182 183 184 185 186 187 188
	ret = trace_seq_printf(s, "%s -> 0x%lx\n", entry->name,
				trace->ret);
	if (!ret)
		return TRACE_TYPE_PARTIAL_LINE;

	return TRACE_TYPE_HANDLED;
}

189 190 191 192 193
extern char *__bad_type_size(void);

#define SYSCALL_FIELD(type, name)					\
	sizeof(type) != sizeof(trace.name) ?				\
		__bad_type_size() :					\
194 195
		#type, #name, offsetof(typeof(trace), name),		\
		sizeof(trace.name), is_signed_type(type)
196

197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257
static
int  __set_enter_print_fmt(struct syscall_metadata *entry, char *buf, int len)
{
	int i;
	int pos = 0;

	/* When len=0, we just calculate the needed length */
#define LEN_OR_ZERO (len ? len - pos : 0)

	pos += snprintf(buf + pos, LEN_OR_ZERO, "\"");
	for (i = 0; i < entry->nb_args; i++) {
		pos += snprintf(buf + pos, LEN_OR_ZERO, "%s: 0x%%0%zulx%s",
				entry->args[i], sizeof(unsigned long),
				i == entry->nb_args - 1 ? "" : ", ");
	}
	pos += snprintf(buf + pos, LEN_OR_ZERO, "\"");

	for (i = 0; i < entry->nb_args; i++) {
		pos += snprintf(buf + pos, LEN_OR_ZERO,
				", ((unsigned long)(REC->%s))", entry->args[i]);
	}

#undef LEN_OR_ZERO

	/* return the length of print_fmt */
	return pos;
}

static int set_syscall_print_fmt(struct ftrace_event_call *call)
{
	char *print_fmt;
	int len;
	struct syscall_metadata *entry = call->data;

	if (entry->enter_event != call) {
		call->print_fmt = "\"0x%lx\", REC->ret";
		return 0;
	}

	/* First: called with 0 length to calculate the needed length */
	len = __set_enter_print_fmt(entry, NULL, 0);

	print_fmt = kmalloc(len + 1, GFP_KERNEL);
	if (!print_fmt)
		return -ENOMEM;

	/* Second: actually write the @print_fmt */
	__set_enter_print_fmt(entry, print_fmt, len + 1);
	call->print_fmt = print_fmt;

	return 0;
}

static void free_syscall_print_fmt(struct ftrace_event_call *call)
{
	struct syscall_metadata *entry = call->data;

	if (entry->enter_event == call)
		kfree(call->print_fmt);
}

258
static int syscall_enter_define_fields(struct ftrace_event_call *call)
259 260
{
	struct syscall_trace_enter trace;
261
	struct syscall_metadata *meta = call->data;
262 263 264 265
	int ret;
	int i;
	int offset = offsetof(typeof(trace), args);

266 267 268 269
	ret = trace_define_field(call, SYSCALL_FIELD(int, nr), FILTER_OTHER);
	if (ret)
		return ret;

270
	for (i = 0; i < meta->nb_args; i++) {
271 272
		ret = trace_define_field(call, meta->types[i],
					 meta->args[i], offset,
273 274
					 sizeof(unsigned long), 0,
					 FILTER_OTHER);
275 276 277 278 279 280
		offset += sizeof(unsigned long);
	}

	return ret;
}

281
static int syscall_exit_define_fields(struct ftrace_event_call *call)
282 283 284 285
{
	struct syscall_trace_exit trace;
	int ret;

286 287 288 289
	ret = trace_define_field(call, SYSCALL_FIELD(int, nr), FILTER_OTHER);
	if (ret)
		return ret;

290
	ret = trace_define_field(call, SYSCALL_FIELD(long, ret),
291
				 FILTER_OTHER);
292 293 294 295

	return ret;
}

296
void ftrace_syscall_enter(void *ignore, struct pt_regs *regs, long id)
297
{
298 299 300
	struct syscall_trace_enter *entry;
	struct syscall_metadata *sys_data;
	struct ring_buffer_event *event;
301
	struct ring_buffer *buffer;
302
	int size;
303 304 305
	int syscall_nr;

	syscall_nr = syscall_get_nr(current, regs);
306 307
	if (syscall_nr < 0)
		return;
308 309
	if (!test_bit(syscall_nr, enabled_enter_syscalls))
		return;
310

311 312 313 314 315 316
	sys_data = syscall_nr_to_meta(syscall_nr);
	if (!sys_data)
		return;

	size = sizeof(*entry) + sizeof(unsigned long) * sys_data->nb_args;

317
	event = trace_current_buffer_lock_reserve(&buffer,
318
			sys_data->enter_event->event.type, size, 0, 0);
319 320 321 322 323 324 325
	if (!event)
		return;

	entry = ring_buffer_event_data(event);
	entry->nr = syscall_nr;
	syscall_get_arguments(current, regs, 0, sys_data->nb_args, entry->args);

326 327 328
	if (!filter_current_check_discard(buffer, sys_data->enter_event,
					  entry, event))
		trace_current_buffer_unlock_commit(buffer, event, 0, 0);
329 330
}

331
void ftrace_syscall_exit(void *ignore, struct pt_regs *regs, long ret)
332
{
333 334 335
	struct syscall_trace_exit *entry;
	struct syscall_metadata *sys_data;
	struct ring_buffer_event *event;
336
	struct ring_buffer *buffer;
337 338 339
	int syscall_nr;

	syscall_nr = syscall_get_nr(current, regs);
340 341
	if (syscall_nr < 0)
		return;
342 343
	if (!test_bit(syscall_nr, enabled_exit_syscalls))
		return;
344

345 346 347 348
	sys_data = syscall_nr_to_meta(syscall_nr);
	if (!sys_data)
		return;

349
	event = trace_current_buffer_lock_reserve(&buffer,
350
			sys_data->exit_event->event.type, sizeof(*entry), 0, 0);
351 352 353 354 355 356 357
	if (!event)
		return;

	entry = ring_buffer_event_data(event);
	entry->nr = syscall_nr;
	entry->ret = syscall_get_return_value(current, regs);

358 359 360
	if (!filter_current_check_discard(buffer, sys_data->exit_event,
					  entry, event))
		trace_current_buffer_unlock_commit(buffer, event, 0, 0);
361 362
}

363
int reg_event_syscall_enter(struct ftrace_event_call *call)
364
{
365 366 367
	int ret = 0;
	int num;

368
	num = ((struct syscall_metadata *)call->data)->syscall_nr;
369
	if (WARN_ON_ONCE(num < 0 || num >= NR_syscalls))
370 371 372
		return -ENOSYS;
	mutex_lock(&syscall_trace_lock);
	if (!sys_refcount_enter)
373
		ret = register_trace_sys_enter(ftrace_syscall_enter, NULL);
374
	if (!ret) {
375 376 377 378 379
		set_bit(num, enabled_enter_syscalls);
		sys_refcount_enter++;
	}
	mutex_unlock(&syscall_trace_lock);
	return ret;
380 381
}

382
void unreg_event_syscall_enter(struct ftrace_event_call *call)
383
{
384
	int num;
385

386
	num = ((struct syscall_metadata *)call->data)->syscall_nr;
387
	if (WARN_ON_ONCE(num < 0 || num >= NR_syscalls))
388 389 390 391 392
		return;
	mutex_lock(&syscall_trace_lock);
	sys_refcount_enter--;
	clear_bit(num, enabled_enter_syscalls);
	if (!sys_refcount_enter)
393
		unregister_trace_sys_enter(ftrace_syscall_enter, NULL);
394 395
	mutex_unlock(&syscall_trace_lock);
}
396

397
int reg_event_syscall_exit(struct ftrace_event_call *call)
398
{
399 400 401
	int ret = 0;
	int num;

402
	num = ((struct syscall_metadata *)call->data)->syscall_nr;
403
	if (WARN_ON_ONCE(num < 0 || num >= NR_syscalls))
404 405 406
		return -ENOSYS;
	mutex_lock(&syscall_trace_lock);
	if (!sys_refcount_exit)
407
		ret = register_trace_sys_exit(ftrace_syscall_exit, NULL);
408
	if (!ret) {
409 410
		set_bit(num, enabled_exit_syscalls);
		sys_refcount_exit++;
411
	}
412 413 414
	mutex_unlock(&syscall_trace_lock);
	return ret;
}
415

416
void unreg_event_syscall_exit(struct ftrace_event_call *call)
417 418
{
	int num;
419

420
	num = ((struct syscall_metadata *)call->data)->syscall_nr;
421
	if (WARN_ON_ONCE(num < 0 || num >= NR_syscalls))
422 423 424 425 426
		return;
	mutex_lock(&syscall_trace_lock);
	sys_refcount_exit--;
	clear_bit(num, enabled_exit_syscalls);
	if (!sys_refcount_exit)
427
		unregister_trace_sys_exit(ftrace_syscall_exit, NULL);
428
	mutex_unlock(&syscall_trace_lock);
429
}
430

431 432 433
int init_syscall_trace(struct ftrace_event_call *call)
{
	int id;
434 435 436 437 438 439 440 441
	int num;

	num = ((struct syscall_metadata *)call->data)->syscall_nr;
	if (num < 0 || num >= NR_syscalls) {
		pr_debug("syscall %s metadata not mapped, disabling ftrace event\n",
				((struct syscall_metadata *)call->data)->name);
		return -ENOSYS;
	}
442

443 444 445
	if (set_syscall_print_fmt(call) < 0)
		return -ENOMEM;

446 447 448
	id = trace_event_raw_init(call);

	if (id < 0) {
449
		free_syscall_print_fmt(call);
450
		return id;
451
	}
452 453

	return id;
454 455
}

456
unsigned long __init __weak arch_syscall_addr(int nr)
457 458 459 460
{
	return (unsigned long)sys_call_table[nr];
}

461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476
int __init init_ftrace_syscalls(void)
{
	struct syscall_metadata *meta;
	unsigned long addr;
	int i;

	syscalls_metadata = kzalloc(sizeof(*syscalls_metadata) *
					NR_syscalls, GFP_KERNEL);
	if (!syscalls_metadata) {
		WARN_ON(1);
		return -ENOMEM;
	}

	for (i = 0; i < NR_syscalls; i++) {
		addr = arch_syscall_addr(i);
		meta = find_syscall_meta(addr);
477 478 479 480
		if (!meta)
			continue;

		meta->syscall_nr = i;
481 482 483 484 485 486 487
		syscalls_metadata[i] = meta;
	}

	return 0;
}
core_initcall(init_ftrace_syscalls);

488
#ifdef CONFIG_PERF_EVENTS
489

490 491 492 493
static DECLARE_BITMAP(enabled_perf_enter_syscalls, NR_syscalls);
static DECLARE_BITMAP(enabled_perf_exit_syscalls, NR_syscalls);
static int sys_perf_refcount_enter;
static int sys_perf_refcount_exit;
494

495
static void perf_syscall_enter(void *ignore, struct pt_regs *regs, long id)
496 497
{
	struct syscall_metadata *sys_data;
498
	struct syscall_trace_enter *rec;
499
	struct hlist_head *head;
500
	int syscall_nr;
501
	int rctx;
502
	int size;
503 504

	syscall_nr = syscall_get_nr(current, regs);
505
	if (!test_bit(syscall_nr, enabled_perf_enter_syscalls))
506 507 508 509 510 511
		return;

	sys_data = syscall_nr_to_meta(syscall_nr);
	if (!sys_data)
		return;

512 513 514 515 516
	/* get the size after alignment with the u32 buffer size field */
	size = sizeof(unsigned long) * sys_data->nb_args + sizeof(*rec);
	size = ALIGN(size + sizeof(u32), sizeof(u64));
	size -= sizeof(u32);

517 518
	if (WARN_ONCE(size > PERF_MAX_TRACE_SIZE,
		      "perf buffer not large enough"))
519 520
		return;

521
	rec = (struct syscall_trace_enter *)perf_trace_buf_prepare(size,
522
				sys_data->enter_event->event.type, regs, &rctx);
523 524
	if (!rec)
		return;
525 526 527 528

	rec->nr = syscall_nr;
	syscall_get_arguments(current, regs, 0, sys_data->nb_args,
			       (unsigned long *)&rec->args);
529

530
	head = this_cpu_ptr(sys_data->enter_event->perf_events);
531
	perf_trace_buf_submit(rec, size, rctx, 0, 1, regs, head);
532 533
}

534
int perf_sysenter_enable(struct ftrace_event_call *call)
535 536 537 538
{
	int ret = 0;
	int num;

539
	num = ((struct syscall_metadata *)call->data)->syscall_nr;
540 541

	mutex_lock(&syscall_trace_lock);
542
	if (!sys_perf_refcount_enter)
543
		ret = register_trace_sys_enter(perf_syscall_enter, NULL);
544 545 546 547
	if (ret) {
		pr_info("event trace: Could not activate"
				"syscall entry trace point");
	} else {
548 549
		set_bit(num, enabled_perf_enter_syscalls);
		sys_perf_refcount_enter++;
550 551 552 553 554
	}
	mutex_unlock(&syscall_trace_lock);
	return ret;
}

555
void perf_sysenter_disable(struct ftrace_event_call *call)
556 557 558
{
	int num;

559
	num = ((struct syscall_metadata *)call->data)->syscall_nr;
560 561

	mutex_lock(&syscall_trace_lock);
562 563 564
	sys_perf_refcount_enter--;
	clear_bit(num, enabled_perf_enter_syscalls);
	if (!sys_perf_refcount_enter)
565
		unregister_trace_sys_enter(perf_syscall_enter, NULL);
566 567 568
	mutex_unlock(&syscall_trace_lock);
}

569
static void perf_syscall_exit(void *ignore, struct pt_regs *regs, long ret)
570 571
{
	struct syscall_metadata *sys_data;
572
	struct syscall_trace_exit *rec;
573
	struct hlist_head *head;
574
	int syscall_nr;
575
	int rctx;
576
	int size;
577 578

	syscall_nr = syscall_get_nr(current, regs);
579
	if (!test_bit(syscall_nr, enabled_perf_exit_syscalls))
580 581 582 583 584 585
		return;

	sys_data = syscall_nr_to_meta(syscall_nr);
	if (!sys_data)
		return;

586 587 588
	/* We can probably do that at build time */
	size = ALIGN(sizeof(*rec) + sizeof(u32), sizeof(u64));
	size -= sizeof(u32);
589

590 591 592 593
	/*
	 * Impossible, but be paranoid with the future
	 * How to put this check outside runtime?
	 */
594 595
	if (WARN_ONCE(size > PERF_MAX_TRACE_SIZE,
		"exit event has grown above perf buffer size"))
596 597
		return;

598
	rec = (struct syscall_trace_exit *)perf_trace_buf_prepare(size,
599
				sys_data->exit_event->event.type, regs, &rctx);
600 601
	if (!rec)
		return;
602 603 604 605

	rec->nr = syscall_nr;
	rec->ret = syscall_get_return_value(current, regs);

606
	head = this_cpu_ptr(sys_data->exit_event->perf_events);
607
	perf_trace_buf_submit(rec, size, rctx, 0, 1, regs, head);
608 609
}

610
int perf_sysexit_enable(struct ftrace_event_call *call)
611 612 613 614
{
	int ret = 0;
	int num;

615
	num = ((struct syscall_metadata *)call->data)->syscall_nr;
616 617

	mutex_lock(&syscall_trace_lock);
618
	if (!sys_perf_refcount_exit)
619
		ret = register_trace_sys_exit(perf_syscall_exit, NULL);
620 621
	if (ret) {
		pr_info("event trace: Could not activate"
622
				"syscall exit trace point");
623
	} else {
624 625
		set_bit(num, enabled_perf_exit_syscalls);
		sys_perf_refcount_exit++;
626 627 628 629 630
	}
	mutex_unlock(&syscall_trace_lock);
	return ret;
}

631
void perf_sysexit_disable(struct ftrace_event_call *call)
632 633 634
{
	int num;

635
	num = ((struct syscall_metadata *)call->data)->syscall_nr;
636 637

	mutex_lock(&syscall_trace_lock);
638 639 640
	sys_perf_refcount_exit--;
	clear_bit(num, enabled_perf_exit_syscalls);
	if (!sys_perf_refcount_exit)
641
		unregister_trace_sys_exit(perf_syscall_exit, NULL);
642 643 644
	mutex_unlock(&syscall_trace_lock);
}

645
#endif /* CONFIG_PERF_EVENTS */
646

647 648 649 650 651 652 653 654 655 656 657 658 659 660 661 662 663 664 665 666 667 668 669 670 671 672 673 674 675 676 677 678 679 680 681 682 683 684 685 686 687
static int syscall_enter_register(struct ftrace_event_call *event,
				 enum trace_reg type)
{
	switch (type) {
	case TRACE_REG_REGISTER:
		return reg_event_syscall_enter(event);
	case TRACE_REG_UNREGISTER:
		unreg_event_syscall_enter(event);
		return 0;

#ifdef CONFIG_PERF_EVENTS
	case TRACE_REG_PERF_REGISTER:
		return perf_sysenter_enable(event);
	case TRACE_REG_PERF_UNREGISTER:
		perf_sysenter_disable(event);
		return 0;
#endif
	}
	return 0;
}

static int syscall_exit_register(struct ftrace_event_call *event,
				 enum trace_reg type)
{
	switch (type) {
	case TRACE_REG_REGISTER:
		return reg_event_syscall_exit(event);
	case TRACE_REG_UNREGISTER:
		unreg_event_syscall_exit(event);
		return 0;

#ifdef CONFIG_PERF_EVENTS
	case TRACE_REG_PERF_REGISTER:
		return perf_sysexit_enable(event);
	case TRACE_REG_PERF_UNREGISTER:
		perf_sysexit_disable(event);
		return 0;
#endif
	}
	return 0;
}