Loading...
1#include <trace/syscall.h>
2#include <trace/events/syscalls.h>
3#include <linux/slab.h>
4#include <linux/kernel.h>
5#include <linux/module.h> /* for MODULE_NAME_LEN via KSYM_SYMBOL_LEN */
6#include <linux/ftrace.h>
7#include <linux/perf_event.h>
8#include <asm/syscall.h>
9
10#include "trace_output.h"
11#include "trace.h"
12
13static DEFINE_MUTEX(syscall_trace_lock);
14static int sys_refcount_enter;
15static int sys_refcount_exit;
16static DECLARE_BITMAP(enabled_enter_syscalls, NR_syscalls);
17static DECLARE_BITMAP(enabled_exit_syscalls, NR_syscalls);
18
19static int syscall_enter_register(struct ftrace_event_call *event,
20 enum trace_reg type, void *data);
21static int syscall_exit_register(struct ftrace_event_call *event,
22 enum trace_reg type, void *data);
23
24static int syscall_enter_define_fields(struct ftrace_event_call *call);
25static int syscall_exit_define_fields(struct ftrace_event_call *call);
26
27static struct list_head *
28syscall_get_enter_fields(struct ftrace_event_call *call)
29{
30 struct syscall_metadata *entry = call->data;
31
32 return &entry->enter_fields;
33}
34
35struct trace_event_functions enter_syscall_print_funcs = {
36 .trace = print_syscall_enter,
37};
38
39struct trace_event_functions exit_syscall_print_funcs = {
40 .trace = print_syscall_exit,
41};
42
43struct ftrace_event_class event_class_syscall_enter = {
44 .system = "syscalls",
45 .reg = syscall_enter_register,
46 .define_fields = syscall_enter_define_fields,
47 .get_fields = syscall_get_enter_fields,
48 .raw_init = init_syscall_trace,
49};
50
51struct ftrace_event_class event_class_syscall_exit = {
52 .system = "syscalls",
53 .reg = syscall_exit_register,
54 .define_fields = syscall_exit_define_fields,
55 .fields = LIST_HEAD_INIT(event_class_syscall_exit.fields),
56 .raw_init = init_syscall_trace,
57};
58
59extern struct syscall_metadata *__start_syscalls_metadata[];
60extern struct syscall_metadata *__stop_syscalls_metadata[];
61
62static struct syscall_metadata **syscalls_metadata;
63
64#ifndef ARCH_HAS_SYSCALL_MATCH_SYM_NAME
65static inline bool arch_syscall_match_sym_name(const char *sym, const char *name)
66{
67 /*
68 * Only compare after the "sys" prefix. Archs that use
69 * syscall wrappers may have syscalls symbols aliases prefixed
70 * with "SyS" instead of "sys", leading to an unwanted
71 * mismatch.
72 */
73 return !strcmp(sym + 3, name + 3);
74}
75#endif
76
77static __init struct syscall_metadata *
78find_syscall_meta(unsigned long syscall)
79{
80 struct syscall_metadata **start;
81 struct syscall_metadata **stop;
82 char str[KSYM_SYMBOL_LEN];
83
84
85 start = __start_syscalls_metadata;
86 stop = __stop_syscalls_metadata;
87 kallsyms_lookup(syscall, NULL, NULL, NULL, str);
88
89 if (arch_syscall_match_sym_name(str, "sys_ni_syscall"))
90 return NULL;
91
92 for ( ; start < stop; start++) {
93 if ((*start)->name && arch_syscall_match_sym_name(str, (*start)->name))
94 return *start;
95 }
96 return NULL;
97}
98
99static struct syscall_metadata *syscall_nr_to_meta(int nr)
100{
101 if (!syscalls_metadata || nr >= NR_syscalls || nr < 0)
102 return NULL;
103
104 return syscalls_metadata[nr];
105}
106
107enum print_line_t
108print_syscall_enter(struct trace_iterator *iter, int flags,
109 struct trace_event *event)
110{
111 struct trace_seq *s = &iter->seq;
112 struct trace_entry *ent = iter->ent;
113 struct syscall_trace_enter *trace;
114 struct syscall_metadata *entry;
115 int i, ret, syscall;
116
117 trace = (typeof(trace))ent;
118 syscall = trace->nr;
119 entry = syscall_nr_to_meta(syscall);
120
121 if (!entry)
122 goto end;
123
124 if (entry->enter_event->event.type != ent->type) {
125 WARN_ON_ONCE(1);
126 goto end;
127 }
128
129 ret = trace_seq_printf(s, "%s(", entry->name);
130 if (!ret)
131 return TRACE_TYPE_PARTIAL_LINE;
132
133 for (i = 0; i < entry->nb_args; i++) {
134 /* parameter types */
135 if (trace_flags & TRACE_ITER_VERBOSE) {
136 ret = trace_seq_printf(s, "%s ", entry->types[i]);
137 if (!ret)
138 return TRACE_TYPE_PARTIAL_LINE;
139 }
140 /* parameter values */
141 ret = trace_seq_printf(s, "%s: %lx%s", entry->args[i],
142 trace->args[i],
143 i == entry->nb_args - 1 ? "" : ", ");
144 if (!ret)
145 return TRACE_TYPE_PARTIAL_LINE;
146 }
147
148 ret = trace_seq_putc(s, ')');
149 if (!ret)
150 return TRACE_TYPE_PARTIAL_LINE;
151
152end:
153 ret = trace_seq_putc(s, '\n');
154 if (!ret)
155 return TRACE_TYPE_PARTIAL_LINE;
156
157 return TRACE_TYPE_HANDLED;
158}
159
160enum print_line_t
161print_syscall_exit(struct trace_iterator *iter, int flags,
162 struct trace_event *event)
163{
164 struct trace_seq *s = &iter->seq;
165 struct trace_entry *ent = iter->ent;
166 struct syscall_trace_exit *trace;
167 int syscall;
168 struct syscall_metadata *entry;
169 int ret;
170
171 trace = (typeof(trace))ent;
172 syscall = trace->nr;
173 entry = syscall_nr_to_meta(syscall);
174
175 if (!entry) {
176 trace_seq_printf(s, "\n");
177 return TRACE_TYPE_HANDLED;
178 }
179
180 if (entry->exit_event->event.type != ent->type) {
181 WARN_ON_ONCE(1);
182 return TRACE_TYPE_UNHANDLED;
183 }
184
185 ret = trace_seq_printf(s, "%s -> 0x%lx\n", entry->name,
186 trace->ret);
187 if (!ret)
188 return TRACE_TYPE_PARTIAL_LINE;
189
190 return TRACE_TYPE_HANDLED;
191}
192
193extern char *__bad_type_size(void);
194
195#define SYSCALL_FIELD(type, name) \
196 sizeof(type) != sizeof(trace.name) ? \
197 __bad_type_size() : \
198 #type, #name, offsetof(typeof(trace), name), \
199 sizeof(trace.name), is_signed_type(type)
200
201static
202int __set_enter_print_fmt(struct syscall_metadata *entry, char *buf, int len)
203{
204 int i;
205 int pos = 0;
206
207 /* When len=0, we just calculate the needed length */
208#define LEN_OR_ZERO (len ? len - pos : 0)
209
210 pos += snprintf(buf + pos, LEN_OR_ZERO, "\"");
211 for (i = 0; i < entry->nb_args; i++) {
212 pos += snprintf(buf + pos, LEN_OR_ZERO, "%s: 0x%%0%zulx%s",
213 entry->args[i], sizeof(unsigned long),
214 i == entry->nb_args - 1 ? "" : ", ");
215 }
216 pos += snprintf(buf + pos, LEN_OR_ZERO, "\"");
217
218 for (i = 0; i < entry->nb_args; i++) {
219 pos += snprintf(buf + pos, LEN_OR_ZERO,
220 ", ((unsigned long)(REC->%s))", entry->args[i]);
221 }
222
223#undef LEN_OR_ZERO
224
225 /* return the length of print_fmt */
226 return pos;
227}
228
229static int set_syscall_print_fmt(struct ftrace_event_call *call)
230{
231 char *print_fmt;
232 int len;
233 struct syscall_metadata *entry = call->data;
234
235 if (entry->enter_event != call) {
236 call->print_fmt = "\"0x%lx\", REC->ret";
237 return 0;
238 }
239
240 /* First: called with 0 length to calculate the needed length */
241 len = __set_enter_print_fmt(entry, NULL, 0);
242
243 print_fmt = kmalloc(len + 1, GFP_KERNEL);
244 if (!print_fmt)
245 return -ENOMEM;
246
247 /* Second: actually write the @print_fmt */
248 __set_enter_print_fmt(entry, print_fmt, len + 1);
249 call->print_fmt = print_fmt;
250
251 return 0;
252}
253
254static void free_syscall_print_fmt(struct ftrace_event_call *call)
255{
256 struct syscall_metadata *entry = call->data;
257
258 if (entry->enter_event == call)
259 kfree(call->print_fmt);
260}
261
262static int syscall_enter_define_fields(struct ftrace_event_call *call)
263{
264 struct syscall_trace_enter trace;
265 struct syscall_metadata *meta = call->data;
266 int ret;
267 int i;
268 int offset = offsetof(typeof(trace), args);
269
270 ret = trace_define_field(call, SYSCALL_FIELD(int, nr), FILTER_OTHER);
271 if (ret)
272 return ret;
273
274 for (i = 0; i < meta->nb_args; i++) {
275 ret = trace_define_field(call, meta->types[i],
276 meta->args[i], offset,
277 sizeof(unsigned long), 0,
278 FILTER_OTHER);
279 offset += sizeof(unsigned long);
280 }
281
282 return ret;
283}
284
285static int syscall_exit_define_fields(struct ftrace_event_call *call)
286{
287 struct syscall_trace_exit trace;
288 int ret;
289
290 ret = trace_define_field(call, SYSCALL_FIELD(int, nr), FILTER_OTHER);
291 if (ret)
292 return ret;
293
294 ret = trace_define_field(call, SYSCALL_FIELD(long, ret),
295 FILTER_OTHER);
296
297 return ret;
298}
299
300void ftrace_syscall_enter(void *ignore, struct pt_regs *regs, long id)
301{
302 struct syscall_trace_enter *entry;
303 struct syscall_metadata *sys_data;
304 struct ring_buffer_event *event;
305 struct ring_buffer *buffer;
306 int size;
307 int syscall_nr;
308
309 syscall_nr = syscall_get_nr(current, regs);
310 if (syscall_nr < 0)
311 return;
312 if (!test_bit(syscall_nr, enabled_enter_syscalls))
313 return;
314
315 sys_data = syscall_nr_to_meta(syscall_nr);
316 if (!sys_data)
317 return;
318
319 size = sizeof(*entry) + sizeof(unsigned long) * sys_data->nb_args;
320
321 event = trace_current_buffer_lock_reserve(&buffer,
322 sys_data->enter_event->event.type, size, 0, 0);
323 if (!event)
324 return;
325
326 entry = ring_buffer_event_data(event);
327 entry->nr = syscall_nr;
328 syscall_get_arguments(current, regs, 0, sys_data->nb_args, entry->args);
329
330 if (!filter_current_check_discard(buffer, sys_data->enter_event,
331 entry, event))
332 trace_current_buffer_unlock_commit(buffer, event, 0, 0);
333}
334
335void ftrace_syscall_exit(void *ignore, struct pt_regs *regs, long ret)
336{
337 struct syscall_trace_exit *entry;
338 struct syscall_metadata *sys_data;
339 struct ring_buffer_event *event;
340 struct ring_buffer *buffer;
341 int syscall_nr;
342
343 syscall_nr = syscall_get_nr(current, regs);
344 if (syscall_nr < 0)
345 return;
346 if (!test_bit(syscall_nr, enabled_exit_syscalls))
347 return;
348
349 sys_data = syscall_nr_to_meta(syscall_nr);
350 if (!sys_data)
351 return;
352
353 event = trace_current_buffer_lock_reserve(&buffer,
354 sys_data->exit_event->event.type, sizeof(*entry), 0, 0);
355 if (!event)
356 return;
357
358 entry = ring_buffer_event_data(event);
359 entry->nr = syscall_nr;
360 entry->ret = syscall_get_return_value(current, regs);
361
362 if (!filter_current_check_discard(buffer, sys_data->exit_event,
363 entry, event))
364 trace_current_buffer_unlock_commit(buffer, event, 0, 0);
365}
366
367int reg_event_syscall_enter(struct ftrace_event_call *call)
368{
369 int ret = 0;
370 int num;
371
372 num = ((struct syscall_metadata *)call->data)->syscall_nr;
373 if (WARN_ON_ONCE(num < 0 || num >= NR_syscalls))
374 return -ENOSYS;
375 mutex_lock(&syscall_trace_lock);
376 if (!sys_refcount_enter)
377 ret = register_trace_sys_enter(ftrace_syscall_enter, NULL);
378 if (!ret) {
379 set_bit(num, enabled_enter_syscalls);
380 sys_refcount_enter++;
381 }
382 mutex_unlock(&syscall_trace_lock);
383 return ret;
384}
385
386void unreg_event_syscall_enter(struct ftrace_event_call *call)
387{
388 int num;
389
390 num = ((struct syscall_metadata *)call->data)->syscall_nr;
391 if (WARN_ON_ONCE(num < 0 || num >= NR_syscalls))
392 return;
393 mutex_lock(&syscall_trace_lock);
394 sys_refcount_enter--;
395 clear_bit(num, enabled_enter_syscalls);
396 if (!sys_refcount_enter)
397 unregister_trace_sys_enter(ftrace_syscall_enter, NULL);
398 mutex_unlock(&syscall_trace_lock);
399}
400
401int reg_event_syscall_exit(struct ftrace_event_call *call)
402{
403 int ret = 0;
404 int num;
405
406 num = ((struct syscall_metadata *)call->data)->syscall_nr;
407 if (WARN_ON_ONCE(num < 0 || num >= NR_syscalls))
408 return -ENOSYS;
409 mutex_lock(&syscall_trace_lock);
410 if (!sys_refcount_exit)
411 ret = register_trace_sys_exit(ftrace_syscall_exit, NULL);
412 if (!ret) {
413 set_bit(num, enabled_exit_syscalls);
414 sys_refcount_exit++;
415 }
416 mutex_unlock(&syscall_trace_lock);
417 return ret;
418}
419
420void unreg_event_syscall_exit(struct ftrace_event_call *call)
421{
422 int num;
423
424 num = ((struct syscall_metadata *)call->data)->syscall_nr;
425 if (WARN_ON_ONCE(num < 0 || num >= NR_syscalls))
426 return;
427 mutex_lock(&syscall_trace_lock);
428 sys_refcount_exit--;
429 clear_bit(num, enabled_exit_syscalls);
430 if (!sys_refcount_exit)
431 unregister_trace_sys_exit(ftrace_syscall_exit, NULL);
432 mutex_unlock(&syscall_trace_lock);
433}
434
435int init_syscall_trace(struct ftrace_event_call *call)
436{
437 int id;
438 int num;
439
440 num = ((struct syscall_metadata *)call->data)->syscall_nr;
441 if (num < 0 || num >= NR_syscalls) {
442 pr_debug("syscall %s metadata not mapped, disabling ftrace event\n",
443 ((struct syscall_metadata *)call->data)->name);
444 return -ENOSYS;
445 }
446
447 if (set_syscall_print_fmt(call) < 0)
448 return -ENOMEM;
449
450 id = trace_event_raw_init(call);
451
452 if (id < 0) {
453 free_syscall_print_fmt(call);
454 return id;
455 }
456
457 return id;
458}
459
460unsigned long __init __weak arch_syscall_addr(int nr)
461{
462 return (unsigned long)sys_call_table[nr];
463}
464
465int __init init_ftrace_syscalls(void)
466{
467 struct syscall_metadata *meta;
468 unsigned long addr;
469 int i;
470
471 syscalls_metadata = kcalloc(NR_syscalls, sizeof(*syscalls_metadata),
472 GFP_KERNEL);
473 if (!syscalls_metadata) {
474 WARN_ON(1);
475 return -ENOMEM;
476 }
477
478 for (i = 0; i < NR_syscalls; i++) {
479 addr = arch_syscall_addr(i);
480 meta = find_syscall_meta(addr);
481 if (!meta)
482 continue;
483
484 meta->syscall_nr = i;
485 syscalls_metadata[i] = meta;
486 }
487
488 return 0;
489}
490core_initcall(init_ftrace_syscalls);
491
492#ifdef CONFIG_PERF_EVENTS
493
494static DECLARE_BITMAP(enabled_perf_enter_syscalls, NR_syscalls);
495static DECLARE_BITMAP(enabled_perf_exit_syscalls, NR_syscalls);
496static int sys_perf_refcount_enter;
497static int sys_perf_refcount_exit;
498
499static void perf_syscall_enter(void *ignore, struct pt_regs *regs, long id)
500{
501 struct syscall_metadata *sys_data;
502 struct syscall_trace_enter *rec;
503 struct hlist_head *head;
504 int syscall_nr;
505 int rctx;
506 int size;
507
508 syscall_nr = syscall_get_nr(current, regs);
509 if (!test_bit(syscall_nr, enabled_perf_enter_syscalls))
510 return;
511
512 sys_data = syscall_nr_to_meta(syscall_nr);
513 if (!sys_data)
514 return;
515
516 /* get the size after alignment with the u32 buffer size field */
517 size = sizeof(unsigned long) * sys_data->nb_args + sizeof(*rec);
518 size = ALIGN(size + sizeof(u32), sizeof(u64));
519 size -= sizeof(u32);
520
521 if (WARN_ONCE(size > PERF_MAX_TRACE_SIZE,
522 "perf buffer not large enough"))
523 return;
524
525 rec = (struct syscall_trace_enter *)perf_trace_buf_prepare(size,
526 sys_data->enter_event->event.type, regs, &rctx);
527 if (!rec)
528 return;
529
530 rec->nr = syscall_nr;
531 syscall_get_arguments(current, regs, 0, sys_data->nb_args,
532 (unsigned long *)&rec->args);
533
534 head = this_cpu_ptr(sys_data->enter_event->perf_events);
535 perf_trace_buf_submit(rec, size, rctx, 0, 1, regs, head);
536}
537
538int perf_sysenter_enable(struct ftrace_event_call *call)
539{
540 int ret = 0;
541 int num;
542
543 num = ((struct syscall_metadata *)call->data)->syscall_nr;
544
545 mutex_lock(&syscall_trace_lock);
546 if (!sys_perf_refcount_enter)
547 ret = register_trace_sys_enter(perf_syscall_enter, NULL);
548 if (ret) {
549 pr_info("event trace: Could not activate"
550 "syscall entry trace point");
551 } else {
552 set_bit(num, enabled_perf_enter_syscalls);
553 sys_perf_refcount_enter++;
554 }
555 mutex_unlock(&syscall_trace_lock);
556 return ret;
557}
558
559void perf_sysenter_disable(struct ftrace_event_call *call)
560{
561 int num;
562
563 num = ((struct syscall_metadata *)call->data)->syscall_nr;
564
565 mutex_lock(&syscall_trace_lock);
566 sys_perf_refcount_enter--;
567 clear_bit(num, enabled_perf_enter_syscalls);
568 if (!sys_perf_refcount_enter)
569 unregister_trace_sys_enter(perf_syscall_enter, NULL);
570 mutex_unlock(&syscall_trace_lock);
571}
572
573static void perf_syscall_exit(void *ignore, struct pt_regs *regs, long ret)
574{
575 struct syscall_metadata *sys_data;
576 struct syscall_trace_exit *rec;
577 struct hlist_head *head;
578 int syscall_nr;
579 int rctx;
580 int size;
581
582 syscall_nr = syscall_get_nr(current, regs);
583 if (!test_bit(syscall_nr, enabled_perf_exit_syscalls))
584 return;
585
586 sys_data = syscall_nr_to_meta(syscall_nr);
587 if (!sys_data)
588 return;
589
590 /* We can probably do that at build time */
591 size = ALIGN(sizeof(*rec) + sizeof(u32), sizeof(u64));
592 size -= sizeof(u32);
593
594 /*
595 * Impossible, but be paranoid with the future
596 * How to put this check outside runtime?
597 */
598 if (WARN_ONCE(size > PERF_MAX_TRACE_SIZE,
599 "exit event has grown above perf buffer size"))
600 return;
601
602 rec = (struct syscall_trace_exit *)perf_trace_buf_prepare(size,
603 sys_data->exit_event->event.type, regs, &rctx);
604 if (!rec)
605 return;
606
607 rec->nr = syscall_nr;
608 rec->ret = syscall_get_return_value(current, regs);
609
610 head = this_cpu_ptr(sys_data->exit_event->perf_events);
611 perf_trace_buf_submit(rec, size, rctx, 0, 1, regs, head);
612}
613
614int perf_sysexit_enable(struct ftrace_event_call *call)
615{
616 int ret = 0;
617 int num;
618
619 num = ((struct syscall_metadata *)call->data)->syscall_nr;
620
621 mutex_lock(&syscall_trace_lock);
622 if (!sys_perf_refcount_exit)
623 ret = register_trace_sys_exit(perf_syscall_exit, NULL);
624 if (ret) {
625 pr_info("event trace: Could not activate"
626 "syscall exit trace point");
627 } else {
628 set_bit(num, enabled_perf_exit_syscalls);
629 sys_perf_refcount_exit++;
630 }
631 mutex_unlock(&syscall_trace_lock);
632 return ret;
633}
634
635void perf_sysexit_disable(struct ftrace_event_call *call)
636{
637 int num;
638
639 num = ((struct syscall_metadata *)call->data)->syscall_nr;
640
641 mutex_lock(&syscall_trace_lock);
642 sys_perf_refcount_exit--;
643 clear_bit(num, enabled_perf_exit_syscalls);
644 if (!sys_perf_refcount_exit)
645 unregister_trace_sys_exit(perf_syscall_exit, NULL);
646 mutex_unlock(&syscall_trace_lock);
647}
648
649#endif /* CONFIG_PERF_EVENTS */
650
651static int syscall_enter_register(struct ftrace_event_call *event,
652 enum trace_reg type, void *data)
653{
654 switch (type) {
655 case TRACE_REG_REGISTER:
656 return reg_event_syscall_enter(event);
657 case TRACE_REG_UNREGISTER:
658 unreg_event_syscall_enter(event);
659 return 0;
660
661#ifdef CONFIG_PERF_EVENTS
662 case TRACE_REG_PERF_REGISTER:
663 return perf_sysenter_enable(event);
664 case TRACE_REG_PERF_UNREGISTER:
665 perf_sysenter_disable(event);
666 return 0;
667 case TRACE_REG_PERF_OPEN:
668 case TRACE_REG_PERF_CLOSE:
669 case TRACE_REG_PERF_ADD:
670 case TRACE_REG_PERF_DEL:
671 return 0;
672#endif
673 }
674 return 0;
675}
676
677static int syscall_exit_register(struct ftrace_event_call *event,
678 enum trace_reg type, void *data)
679{
680 switch (type) {
681 case TRACE_REG_REGISTER:
682 return reg_event_syscall_exit(event);
683 case TRACE_REG_UNREGISTER:
684 unreg_event_syscall_exit(event);
685 return 0;
686
687#ifdef CONFIG_PERF_EVENTS
688 case TRACE_REG_PERF_REGISTER:
689 return perf_sysexit_enable(event);
690 case TRACE_REG_PERF_UNREGISTER:
691 perf_sysexit_disable(event);
692 return 0;
693 case TRACE_REG_PERF_OPEN:
694 case TRACE_REG_PERF_CLOSE:
695 case TRACE_REG_PERF_ADD:
696 case TRACE_REG_PERF_DEL:
697 return 0;
698#endif
699 }
700 return 0;
701}
1#include <trace/syscall.h>
2#include <trace/events/syscalls.h>
3#include <linux/slab.h>
4#include <linux/kernel.h>
5#include <linux/ftrace.h>
6#include <linux/perf_event.h>
7#include <asm/syscall.h>
8
9#include "trace_output.h"
10#include "trace.h"
11
12static DEFINE_MUTEX(syscall_trace_lock);
13static int sys_refcount_enter;
14static int sys_refcount_exit;
15static DECLARE_BITMAP(enabled_enter_syscalls, NR_syscalls);
16static DECLARE_BITMAP(enabled_exit_syscalls, NR_syscalls);
17
18static int syscall_enter_register(struct ftrace_event_call *event,
19 enum trace_reg type);
20static int syscall_exit_register(struct ftrace_event_call *event,
21 enum trace_reg type);
22
23static int syscall_enter_define_fields(struct ftrace_event_call *call);
24static int syscall_exit_define_fields(struct ftrace_event_call *call);
25
26static struct list_head *
27syscall_get_enter_fields(struct ftrace_event_call *call)
28{
29 struct syscall_metadata *entry = call->data;
30
31 return &entry->enter_fields;
32}
33
34struct trace_event_functions enter_syscall_print_funcs = {
35 .trace = print_syscall_enter,
36};
37
38struct trace_event_functions exit_syscall_print_funcs = {
39 .trace = print_syscall_exit,
40};
41
42struct ftrace_event_class event_class_syscall_enter = {
43 .system = "syscalls",
44 .reg = syscall_enter_register,
45 .define_fields = syscall_enter_define_fields,
46 .get_fields = syscall_get_enter_fields,
47 .raw_init = init_syscall_trace,
48};
49
50struct ftrace_event_class event_class_syscall_exit = {
51 .system = "syscalls",
52 .reg = syscall_exit_register,
53 .define_fields = syscall_exit_define_fields,
54 .fields = LIST_HEAD_INIT(event_class_syscall_exit.fields),
55 .raw_init = init_syscall_trace,
56};
57
58extern struct syscall_metadata *__start_syscalls_metadata[];
59extern struct syscall_metadata *__stop_syscalls_metadata[];
60
61static struct syscall_metadata **syscalls_metadata;
62
63#ifndef ARCH_HAS_SYSCALL_MATCH_SYM_NAME
64static inline bool arch_syscall_match_sym_name(const char *sym, const char *name)
65{
66 /*
67 * Only compare after the "sys" prefix. Archs that use
68 * syscall wrappers may have syscalls symbols aliases prefixed
69 * with "SyS" instead of "sys", leading to an unwanted
70 * mismatch.
71 */
72 return !strcmp(sym + 3, name + 3);
73}
74#endif
75
76static __init struct syscall_metadata *
77find_syscall_meta(unsigned long syscall)
78{
79 struct syscall_metadata **start;
80 struct syscall_metadata **stop;
81 char str[KSYM_SYMBOL_LEN];
82
83
84 start = __start_syscalls_metadata;
85 stop = __stop_syscalls_metadata;
86 kallsyms_lookup(syscall, NULL, NULL, NULL, str);
87
88 if (arch_syscall_match_sym_name(str, "sys_ni_syscall"))
89 return NULL;
90
91 for ( ; start < stop; start++) {
92 if ((*start)->name && arch_syscall_match_sym_name(str, (*start)->name))
93 return *start;
94 }
95 return NULL;
96}
97
98static struct syscall_metadata *syscall_nr_to_meta(int nr)
99{
100 if (!syscalls_metadata || nr >= NR_syscalls || nr < 0)
101 return NULL;
102
103 return syscalls_metadata[nr];
104}
105
106enum print_line_t
107print_syscall_enter(struct trace_iterator *iter, int flags,
108 struct trace_event *event)
109{
110 struct trace_seq *s = &iter->seq;
111 struct trace_entry *ent = iter->ent;
112 struct syscall_trace_enter *trace;
113 struct syscall_metadata *entry;
114 int i, ret, syscall;
115
116 trace = (typeof(trace))ent;
117 syscall = trace->nr;
118 entry = syscall_nr_to_meta(syscall);
119
120 if (!entry)
121 goto end;
122
123 if (entry->enter_event->event.type != ent->type) {
124 WARN_ON_ONCE(1);
125 goto end;
126 }
127
128 ret = trace_seq_printf(s, "%s(", entry->name);
129 if (!ret)
130 return TRACE_TYPE_PARTIAL_LINE;
131
132 for (i = 0; i < entry->nb_args; i++) {
133 /* parameter types */
134 if (trace_flags & TRACE_ITER_VERBOSE) {
135 ret = trace_seq_printf(s, "%s ", entry->types[i]);
136 if (!ret)
137 return TRACE_TYPE_PARTIAL_LINE;
138 }
139 /* parameter values */
140 ret = trace_seq_printf(s, "%s: %lx%s", entry->args[i],
141 trace->args[i],
142 i == entry->nb_args - 1 ? "" : ", ");
143 if (!ret)
144 return TRACE_TYPE_PARTIAL_LINE;
145 }
146
147 ret = trace_seq_putc(s, ')');
148 if (!ret)
149 return TRACE_TYPE_PARTIAL_LINE;
150
151end:
152 ret = trace_seq_putc(s, '\n');
153 if (!ret)
154 return TRACE_TYPE_PARTIAL_LINE;
155
156 return TRACE_TYPE_HANDLED;
157}
158
159enum print_line_t
160print_syscall_exit(struct trace_iterator *iter, int flags,
161 struct trace_event *event)
162{
163 struct trace_seq *s = &iter->seq;
164 struct trace_entry *ent = iter->ent;
165 struct syscall_trace_exit *trace;
166 int syscall;
167 struct syscall_metadata *entry;
168 int ret;
169
170 trace = (typeof(trace))ent;
171 syscall = trace->nr;
172 entry = syscall_nr_to_meta(syscall);
173
174 if (!entry) {
175 trace_seq_printf(s, "\n");
176 return TRACE_TYPE_HANDLED;
177 }
178
179 if (entry->exit_event->event.type != ent->type) {
180 WARN_ON_ONCE(1);
181 return TRACE_TYPE_UNHANDLED;
182 }
183
184 ret = trace_seq_printf(s, "%s -> 0x%lx\n", entry->name,
185 trace->ret);
186 if (!ret)
187 return TRACE_TYPE_PARTIAL_LINE;
188
189 return TRACE_TYPE_HANDLED;
190}
191
192extern char *__bad_type_size(void);
193
194#define SYSCALL_FIELD(type, name) \
195 sizeof(type) != sizeof(trace.name) ? \
196 __bad_type_size() : \
197 #type, #name, offsetof(typeof(trace), name), \
198 sizeof(trace.name), is_signed_type(type)
199
200static
201int __set_enter_print_fmt(struct syscall_metadata *entry, char *buf, int len)
202{
203 int i;
204 int pos = 0;
205
206 /* When len=0, we just calculate the needed length */
207#define LEN_OR_ZERO (len ? len - pos : 0)
208
209 pos += snprintf(buf + pos, LEN_OR_ZERO, "\"");
210 for (i = 0; i < entry->nb_args; i++) {
211 pos += snprintf(buf + pos, LEN_OR_ZERO, "%s: 0x%%0%zulx%s",
212 entry->args[i], sizeof(unsigned long),
213 i == entry->nb_args - 1 ? "" : ", ");
214 }
215 pos += snprintf(buf + pos, LEN_OR_ZERO, "\"");
216
217 for (i = 0; i < entry->nb_args; i++) {
218 pos += snprintf(buf + pos, LEN_OR_ZERO,
219 ", ((unsigned long)(REC->%s))", entry->args[i]);
220 }
221
222#undef LEN_OR_ZERO
223
224 /* return the length of print_fmt */
225 return pos;
226}
227
228static int set_syscall_print_fmt(struct ftrace_event_call *call)
229{
230 char *print_fmt;
231 int len;
232 struct syscall_metadata *entry = call->data;
233
234 if (entry->enter_event != call) {
235 call->print_fmt = "\"0x%lx\", REC->ret";
236 return 0;
237 }
238
239 /* First: called with 0 length to calculate the needed length */
240 len = __set_enter_print_fmt(entry, NULL, 0);
241
242 print_fmt = kmalloc(len + 1, GFP_KERNEL);
243 if (!print_fmt)
244 return -ENOMEM;
245
246 /* Second: actually write the @print_fmt */
247 __set_enter_print_fmt(entry, print_fmt, len + 1);
248 call->print_fmt = print_fmt;
249
250 return 0;
251}
252
253static void free_syscall_print_fmt(struct ftrace_event_call *call)
254{
255 struct syscall_metadata *entry = call->data;
256
257 if (entry->enter_event == call)
258 kfree(call->print_fmt);
259}
260
261static int syscall_enter_define_fields(struct ftrace_event_call *call)
262{
263 struct syscall_trace_enter trace;
264 struct syscall_metadata *meta = call->data;
265 int ret;
266 int i;
267 int offset = offsetof(typeof(trace), args);
268
269 ret = trace_define_field(call, SYSCALL_FIELD(int, nr), FILTER_OTHER);
270 if (ret)
271 return ret;
272
273 for (i = 0; i < meta->nb_args; i++) {
274 ret = trace_define_field(call, meta->types[i],
275 meta->args[i], offset,
276 sizeof(unsigned long), 0,
277 FILTER_OTHER);
278 offset += sizeof(unsigned long);
279 }
280
281 return ret;
282}
283
284static int syscall_exit_define_fields(struct ftrace_event_call *call)
285{
286 struct syscall_trace_exit trace;
287 int ret;
288
289 ret = trace_define_field(call, SYSCALL_FIELD(int, nr), FILTER_OTHER);
290 if (ret)
291 return ret;
292
293 ret = trace_define_field(call, SYSCALL_FIELD(long, ret),
294 FILTER_OTHER);
295
296 return ret;
297}
298
299void ftrace_syscall_enter(void *ignore, struct pt_regs *regs, long id)
300{
301 struct syscall_trace_enter *entry;
302 struct syscall_metadata *sys_data;
303 struct ring_buffer_event *event;
304 struct ring_buffer *buffer;
305 int size;
306 int syscall_nr;
307
308 syscall_nr = syscall_get_nr(current, regs);
309 if (syscall_nr < 0)
310 return;
311 if (!test_bit(syscall_nr, enabled_enter_syscalls))
312 return;
313
314 sys_data = syscall_nr_to_meta(syscall_nr);
315 if (!sys_data)
316 return;
317
318 size = sizeof(*entry) + sizeof(unsigned long) * sys_data->nb_args;
319
320 event = trace_current_buffer_lock_reserve(&buffer,
321 sys_data->enter_event->event.type, size, 0, 0);
322 if (!event)
323 return;
324
325 entry = ring_buffer_event_data(event);
326 entry->nr = syscall_nr;
327 syscall_get_arguments(current, regs, 0, sys_data->nb_args, entry->args);
328
329 if (!filter_current_check_discard(buffer, sys_data->enter_event,
330 entry, event))
331 trace_current_buffer_unlock_commit(buffer, event, 0, 0);
332}
333
334void ftrace_syscall_exit(void *ignore, struct pt_regs *regs, long ret)
335{
336 struct syscall_trace_exit *entry;
337 struct syscall_metadata *sys_data;
338 struct ring_buffer_event *event;
339 struct ring_buffer *buffer;
340 int syscall_nr;
341
342 syscall_nr = syscall_get_nr(current, regs);
343 if (syscall_nr < 0)
344 return;
345 if (!test_bit(syscall_nr, enabled_exit_syscalls))
346 return;
347
348 sys_data = syscall_nr_to_meta(syscall_nr);
349 if (!sys_data)
350 return;
351
352 event = trace_current_buffer_lock_reserve(&buffer,
353 sys_data->exit_event->event.type, sizeof(*entry), 0, 0);
354 if (!event)
355 return;
356
357 entry = ring_buffer_event_data(event);
358 entry->nr = syscall_nr;
359 entry->ret = syscall_get_return_value(current, regs);
360
361 if (!filter_current_check_discard(buffer, sys_data->exit_event,
362 entry, event))
363 trace_current_buffer_unlock_commit(buffer, event, 0, 0);
364}
365
366int reg_event_syscall_enter(struct ftrace_event_call *call)
367{
368 int ret = 0;
369 int num;
370
371 num = ((struct syscall_metadata *)call->data)->syscall_nr;
372 if (WARN_ON_ONCE(num < 0 || num >= NR_syscalls))
373 return -ENOSYS;
374 mutex_lock(&syscall_trace_lock);
375 if (!sys_refcount_enter)
376 ret = register_trace_sys_enter(ftrace_syscall_enter, NULL);
377 if (!ret) {
378 set_bit(num, enabled_enter_syscalls);
379 sys_refcount_enter++;
380 }
381 mutex_unlock(&syscall_trace_lock);
382 return ret;
383}
384
385void unreg_event_syscall_enter(struct ftrace_event_call *call)
386{
387 int num;
388
389 num = ((struct syscall_metadata *)call->data)->syscall_nr;
390 if (WARN_ON_ONCE(num < 0 || num >= NR_syscalls))
391 return;
392 mutex_lock(&syscall_trace_lock);
393 sys_refcount_enter--;
394 clear_bit(num, enabled_enter_syscalls);
395 if (!sys_refcount_enter)
396 unregister_trace_sys_enter(ftrace_syscall_enter, NULL);
397 mutex_unlock(&syscall_trace_lock);
398}
399
400int reg_event_syscall_exit(struct ftrace_event_call *call)
401{
402 int ret = 0;
403 int num;
404
405 num = ((struct syscall_metadata *)call->data)->syscall_nr;
406 if (WARN_ON_ONCE(num < 0 || num >= NR_syscalls))
407 return -ENOSYS;
408 mutex_lock(&syscall_trace_lock);
409 if (!sys_refcount_exit)
410 ret = register_trace_sys_exit(ftrace_syscall_exit, NULL);
411 if (!ret) {
412 set_bit(num, enabled_exit_syscalls);
413 sys_refcount_exit++;
414 }
415 mutex_unlock(&syscall_trace_lock);
416 return ret;
417}
418
419void unreg_event_syscall_exit(struct ftrace_event_call *call)
420{
421 int num;
422
423 num = ((struct syscall_metadata *)call->data)->syscall_nr;
424 if (WARN_ON_ONCE(num < 0 || num >= NR_syscalls))
425 return;
426 mutex_lock(&syscall_trace_lock);
427 sys_refcount_exit--;
428 clear_bit(num, enabled_exit_syscalls);
429 if (!sys_refcount_exit)
430 unregister_trace_sys_exit(ftrace_syscall_exit, NULL);
431 mutex_unlock(&syscall_trace_lock);
432}
433
434int init_syscall_trace(struct ftrace_event_call *call)
435{
436 int id;
437 int num;
438
439 num = ((struct syscall_metadata *)call->data)->syscall_nr;
440 if (num < 0 || num >= NR_syscalls) {
441 pr_debug("syscall %s metadata not mapped, disabling ftrace event\n",
442 ((struct syscall_metadata *)call->data)->name);
443 return -ENOSYS;
444 }
445
446 if (set_syscall_print_fmt(call) < 0)
447 return -ENOMEM;
448
449 id = trace_event_raw_init(call);
450
451 if (id < 0) {
452 free_syscall_print_fmt(call);
453 return id;
454 }
455
456 return id;
457}
458
459unsigned long __init __weak arch_syscall_addr(int nr)
460{
461 return (unsigned long)sys_call_table[nr];
462}
463
464int __init init_ftrace_syscalls(void)
465{
466 struct syscall_metadata *meta;
467 unsigned long addr;
468 int i;
469
470 syscalls_metadata = kzalloc(sizeof(*syscalls_metadata) *
471 NR_syscalls, GFP_KERNEL);
472 if (!syscalls_metadata) {
473 WARN_ON(1);
474 return -ENOMEM;
475 }
476
477 for (i = 0; i < NR_syscalls; i++) {
478 addr = arch_syscall_addr(i);
479 meta = find_syscall_meta(addr);
480 if (!meta)
481 continue;
482
483 meta->syscall_nr = i;
484 syscalls_metadata[i] = meta;
485 }
486
487 return 0;
488}
489core_initcall(init_ftrace_syscalls);
490
491#ifdef CONFIG_PERF_EVENTS
492
493static DECLARE_BITMAP(enabled_perf_enter_syscalls, NR_syscalls);
494static DECLARE_BITMAP(enabled_perf_exit_syscalls, NR_syscalls);
495static int sys_perf_refcount_enter;
496static int sys_perf_refcount_exit;
497
498static void perf_syscall_enter(void *ignore, struct pt_regs *regs, long id)
499{
500 struct syscall_metadata *sys_data;
501 struct syscall_trace_enter *rec;
502 struct hlist_head *head;
503 int syscall_nr;
504 int rctx;
505 int size;
506
507 syscall_nr = syscall_get_nr(current, regs);
508 if (!test_bit(syscall_nr, enabled_perf_enter_syscalls))
509 return;
510
511 sys_data = syscall_nr_to_meta(syscall_nr);
512 if (!sys_data)
513 return;
514
515 /* get the size after alignment with the u32 buffer size field */
516 size = sizeof(unsigned long) * sys_data->nb_args + sizeof(*rec);
517 size = ALIGN(size + sizeof(u32), sizeof(u64));
518 size -= sizeof(u32);
519
520 if (WARN_ONCE(size > PERF_MAX_TRACE_SIZE,
521 "perf buffer not large enough"))
522 return;
523
524 rec = (struct syscall_trace_enter *)perf_trace_buf_prepare(size,
525 sys_data->enter_event->event.type, regs, &rctx);
526 if (!rec)
527 return;
528
529 rec->nr = syscall_nr;
530 syscall_get_arguments(current, regs, 0, sys_data->nb_args,
531 (unsigned long *)&rec->args);
532
533 head = this_cpu_ptr(sys_data->enter_event->perf_events);
534 perf_trace_buf_submit(rec, size, rctx, 0, 1, regs, head);
535}
536
537int perf_sysenter_enable(struct ftrace_event_call *call)
538{
539 int ret = 0;
540 int num;
541
542 num = ((struct syscall_metadata *)call->data)->syscall_nr;
543
544 mutex_lock(&syscall_trace_lock);
545 if (!sys_perf_refcount_enter)
546 ret = register_trace_sys_enter(perf_syscall_enter, NULL);
547 if (ret) {
548 pr_info("event trace: Could not activate"
549 "syscall entry trace point");
550 } else {
551 set_bit(num, enabled_perf_enter_syscalls);
552 sys_perf_refcount_enter++;
553 }
554 mutex_unlock(&syscall_trace_lock);
555 return ret;
556}
557
558void perf_sysenter_disable(struct ftrace_event_call *call)
559{
560 int num;
561
562 num = ((struct syscall_metadata *)call->data)->syscall_nr;
563
564 mutex_lock(&syscall_trace_lock);
565 sys_perf_refcount_enter--;
566 clear_bit(num, enabled_perf_enter_syscalls);
567 if (!sys_perf_refcount_enter)
568 unregister_trace_sys_enter(perf_syscall_enter, NULL);
569 mutex_unlock(&syscall_trace_lock);
570}
571
572static void perf_syscall_exit(void *ignore, struct pt_regs *regs, long ret)
573{
574 struct syscall_metadata *sys_data;
575 struct syscall_trace_exit *rec;
576 struct hlist_head *head;
577 int syscall_nr;
578 int rctx;
579 int size;
580
581 syscall_nr = syscall_get_nr(current, regs);
582 if (!test_bit(syscall_nr, enabled_perf_exit_syscalls))
583 return;
584
585 sys_data = syscall_nr_to_meta(syscall_nr);
586 if (!sys_data)
587 return;
588
589 /* We can probably do that at build time */
590 size = ALIGN(sizeof(*rec) + sizeof(u32), sizeof(u64));
591 size -= sizeof(u32);
592
593 /*
594 * Impossible, but be paranoid with the future
595 * How to put this check outside runtime?
596 */
597 if (WARN_ONCE(size > PERF_MAX_TRACE_SIZE,
598 "exit event has grown above perf buffer size"))
599 return;
600
601 rec = (struct syscall_trace_exit *)perf_trace_buf_prepare(size,
602 sys_data->exit_event->event.type, regs, &rctx);
603 if (!rec)
604 return;
605
606 rec->nr = syscall_nr;
607 rec->ret = syscall_get_return_value(current, regs);
608
609 head = this_cpu_ptr(sys_data->exit_event->perf_events);
610 perf_trace_buf_submit(rec, size, rctx, 0, 1, regs, head);
611}
612
613int perf_sysexit_enable(struct ftrace_event_call *call)
614{
615 int ret = 0;
616 int num;
617
618 num = ((struct syscall_metadata *)call->data)->syscall_nr;
619
620 mutex_lock(&syscall_trace_lock);
621 if (!sys_perf_refcount_exit)
622 ret = register_trace_sys_exit(perf_syscall_exit, NULL);
623 if (ret) {
624 pr_info("event trace: Could not activate"
625 "syscall exit trace point");
626 } else {
627 set_bit(num, enabled_perf_exit_syscalls);
628 sys_perf_refcount_exit++;
629 }
630 mutex_unlock(&syscall_trace_lock);
631 return ret;
632}
633
634void perf_sysexit_disable(struct ftrace_event_call *call)
635{
636 int num;
637
638 num = ((struct syscall_metadata *)call->data)->syscall_nr;
639
640 mutex_lock(&syscall_trace_lock);
641 sys_perf_refcount_exit--;
642 clear_bit(num, enabled_perf_exit_syscalls);
643 if (!sys_perf_refcount_exit)
644 unregister_trace_sys_exit(perf_syscall_exit, NULL);
645 mutex_unlock(&syscall_trace_lock);
646}
647
648#endif /* CONFIG_PERF_EVENTS */
649
650static int syscall_enter_register(struct ftrace_event_call *event,
651 enum trace_reg type)
652{
653 switch (type) {
654 case TRACE_REG_REGISTER:
655 return reg_event_syscall_enter(event);
656 case TRACE_REG_UNREGISTER:
657 unreg_event_syscall_enter(event);
658 return 0;
659
660#ifdef CONFIG_PERF_EVENTS
661 case TRACE_REG_PERF_REGISTER:
662 return perf_sysenter_enable(event);
663 case TRACE_REG_PERF_UNREGISTER:
664 perf_sysenter_disable(event);
665 return 0;
666#endif
667 }
668 return 0;
669}
670
671static int syscall_exit_register(struct ftrace_event_call *event,
672 enum trace_reg type)
673{
674 switch (type) {
675 case TRACE_REG_REGISTER:
676 return reg_event_syscall_exit(event);
677 case TRACE_REG_UNREGISTER:
678 unreg_event_syscall_exit(event);
679 return 0;
680
681#ifdef CONFIG_PERF_EVENTS
682 case TRACE_REG_PERF_REGISTER:
683 return perf_sysexit_enable(event);
684 case TRACE_REG_PERF_UNREGISTER:
685 perf_sysexit_disable(event);
686 return 0;
687#endif
688 }
689 return 0;
690}