root/kern/kern_ktrace.c

DEFINITIONS

1. ktrsettracevnode
2. ktrinitheader
3. ktrsyscall
4. ktrsysret
5. ktrnamei
6. ktremul
7. ktrgenio
8. ktrpsig
9. ktrcsw
10. sys_ktrace
11. ktrops
12. ktrsetchildren
13. ktrwrite
14. ktrcanset

    1 /*      $OpenBSD: kern_ktrace.c,v 1.42 2007/05/16 17:27:30 art Exp $    */
    2 /*      $NetBSD: kern_ktrace.c,v 1.23 1996/02/09 18:59:36 christos Exp $        */
    4 /*
    5  * Copyright (c) 1989, 1993
    6  *      The Regents of the University of California.  All rights reserved.
    7  *
    8  * Redistribution and use in source and binary forms, with or without
    9  * modification, are permitted provided that the following conditions
   10  * are met:
   11  * 1. Redistributions of source code must retain the above copyright
   12  *    notice, this list of conditions and the following disclaimer.
   13  * 2. Redistributions in binary form must reproduce the above copyright
   14  *    notice, this list of conditions and the following disclaimer in the
   15  *    documentation and/or other materials provided with the distribution.
   16  * 3. Neither the name of the University nor the names of its contributors
   17  *    may be used to endorse or promote products derived from this software
   18  *    without specific prior written permission.
   19  *
   20  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
   21  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
   22  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
   23  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
   24  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
   25  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
   26  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
   27  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
   28  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
   29  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   30  * SUCH DAMAGE.
   31  *
   32  *      @(#)kern_ktrace.c       8.2 (Berkeley) 9/23/93
   33  */
   35 #ifdef KTRACE
   37 #include <sys/param.h>
   38 #include <sys/systm.h>
   39 #include <sys/proc.h>
   40 #include <sys/sched.h>
   41 #include <sys/file.h>
   42 #include <sys/namei.h>
   43 #include <sys/vnode.h>
   44 #include <sys/ktrace.h>
   45 #include <sys/malloc.h>
   46 #include <sys/syslog.h>
   47 #include <sys/sysctl.h>
   49 #include <sys/mount.h>
   50 #include <sys/syscall.h>
   51 #include <sys/syscallargs.h>
   53 #include <uvm/uvm_extern.h>
   55 void ktrinitheader(struct ktr_header *, struct proc *, int);
   56 int ktrops(struct proc *, struct proc *, int, int, struct vnode *);
   57 int ktrsetchildren(struct proc *, struct proc *, int, int,
   58                         struct vnode *);
   59 int ktrwrite(struct proc *, struct ktr_header *);
   60 int ktrcanset(struct proc *, struct proc *);
   62 /*
   63  * Change the trace vnode in a correct way (to avoid races).
   64  */
   65 void
ktrsettracevnode(struct proc *p, struct vnode *newvp)
   67 {
   68         struct vnode *vp;
   70         if (p->p_tracep == newvp)       /* avoid work */
   71                 return;
   73         if (newvp != NULL)
VREF(newvp);
vp = p->p_tracep;
p->p_tracep = newvp;
   79         if (vp != NULL)
vrele(vp);
   81 }
   83 void
ktrinitheader(struct ktr_header *kth, struct proc *p, int type)
   85 {
bzero(kth, sizeof (struct ktr_header));
kth->ktr_type = type;
microtime(&kth->ktr_time);
kth->ktr_pid = p->p_pid;
bcopy(p->p_comm, kth->ktr_comm, MAXCOMLEN);     
   91 }
   93 void
ktrsyscall(struct proc *p, register_t code, size_t argsize, register_t args[])
   95 {
   96         struct  ktr_header kth;
   97         struct  ktr_syscall *ktp;
size_t len = sizeof(struct ktr_syscall) + argsize;
register_t *argp;
u_int nargs = 0;
  101         int i;
  103         if (code == SYS___sysctl && (p->p_emul->e_flags & EMUL_NATIVE)) {
  104                 /*
  105                  * The native sysctl encoding stores the mib[]
  106                  * array because it is interesting.
  107                  */
  108                 if (args[1] > 0)
nargs = min(args[1], CTL_MAXNAME);
len += nargs * sizeof(int);
  111         }
p->p_traceflag |= KTRFAC_ACTIVE;
ktrinitheader(&kth, p, KTR_SYSCALL);
ktp = malloc(len, M_TEMP, M_WAITOK);
ktp->ktr_code = code;
ktp->ktr_argsize = argsize;
argp = (register_t *)((char *)ktp + sizeof(struct ktr_syscall));
  118         for (i = 0; i < (argsize / sizeof *argp); i++)
  119                 *argp++ = args[i];
  120         if (code == SYS___sysctl && (p->p_emul->e_flags & EMUL_NATIVE) &&
nargs &&
copyin((void *)args[0], argp, nargs * sizeof(int)))
bzero(argp, nargs * sizeof(int));
kth.ktr_buf = (caddr_t)ktp;
kth.ktr_len = len;
ktrwrite(p, &kth);
free(ktp, M_TEMP);
p->p_traceflag &= ~KTRFAC_ACTIVE;
  129 }
  131 void
ktrsysret(struct proc *p, register_t code, int error, register_t retval)
  133 {
  134         struct ktr_header kth;
  135         struct ktr_sysret ktp;
p->p_traceflag |= KTRFAC_ACTIVE;
ktrinitheader(&kth, p, KTR_SYSRET);
ktp.ktr_code = code;
ktp.ktr_error = error;
ktp.ktr_retval = retval;                /* what about val2 ? */
kth.ktr_buf = (caddr_t)&ktp;
kth.ktr_len = sizeof(struct ktr_sysret);
ktrwrite(p, &kth);
p->p_traceflag &= ~KTRFAC_ACTIVE;
  148 }
  150 void
ktrnamei(struct proc *p, char *path)
  152 {
  153         struct ktr_header kth;
p->p_traceflag |= KTRFAC_ACTIVE;
ktrinitheader(&kth, p, KTR_NAMEI);
kth.ktr_len = strlen(path);
kth.ktr_buf = path;
ktrwrite(p, &kth);
p->p_traceflag &= ~KTRFAC_ACTIVE;
  162 }
  164 void
ktremul(struct proc *p, char *emul)
  166 {
  167         struct ktr_header kth;
p->p_traceflag |= KTRFAC_ACTIVE;
ktrinitheader(&kth, p, KTR_EMUL);
kth.ktr_len = strlen(emul);
kth.ktr_buf = emul;
ktrwrite(p, &kth);
p->p_traceflag &= ~KTRFAC_ACTIVE;
  176 }
  178 void
ktrgenio(struct proc *p, int fd, enum uio_rw rw, struct iovec *iov, int len,
  180     int error)
  181 {
  182         struct ktr_header kth;
  183         struct ktr_genio *ktp;
caddr_t cp;
  185         int resid = len, count;
  186         int buflen;
  188         if (error)
  189                 return;
p->p_traceflag |= KTRFAC_ACTIVE;
buflen = min(PAGE_SIZE, len + sizeof(struct ktr_genio));
ktrinitheader(&kth, p, KTR_GENIO);
ktp = malloc(buflen, M_TEMP, M_WAITOK);
ktp->ktr_fd = fd;
ktp->ktr_rw = rw;
kth.ktr_buf = (caddr_t)ktp;
cp = (caddr_t)((char *)ktp + sizeof (struct ktr_genio));
buflen -= sizeof(struct ktr_genio);
  205         while (resid > 0) {
  206                 /*
  207                  * Don't allow this process to hog the cpu when doing
  208                  * huge I/O.
  209                  */
  210                 if (curcpu()->ci_schedstate.spc_schedflags & SPCF_SHOULDYIELD)
preempt(NULL);
count = min(iov->iov_len, buflen);
  214                 if (count > resid)
count = resid;
  216                 if (copyin(iov->iov_base, cp, count))
  217                         break;
kth.ktr_len = count + sizeof(struct ktr_genio);
  221                 if (ktrwrite(p, &kth) != 0)
  222                         break;
iov->iov_len -= count;
iov->iov_base = (caddr_t)iov->iov_base + count;
  227                 if (iov->iov_len == 0)
iov++;
resid -= count;
  231         }
free(ktp, M_TEMP);
p->p_traceflag &= ~KTRFAC_ACTIVE;
  236 }
  238 void
ktrpsig(struct proc *p, int sig, sig_t action, int mask, int code,
siginfo_t *si)
  241 {
  242         struct ktr_header kth;
  243         struct ktr_psig kp;
p->p_traceflag |= KTRFAC_ACTIVE;
ktrinitheader(&kth, p, KTR_PSIG);
kp.signo = (char)sig;
kp.action = action;
kp.mask = mask;
kp.code = code;
kp.si = *si;
kth.ktr_buf = (caddr_t)&kp;
kth.ktr_len = sizeof(struct ktr_psig);
ktrwrite(p, &kth);
p->p_traceflag &= ~KTRFAC_ACTIVE;
  257 }
  259 void
ktrcsw(struct proc *p, int out, int user)
  261 {
  262         struct ktr_header kth;
  263         struct  ktr_csw kc;
p->p_traceflag |= KTRFAC_ACTIVE;
ktrinitheader(&kth, p, KTR_CSW);
kc.out = out;
kc.user = user;
kth.ktr_buf = (caddr_t)&kc;
kth.ktr_len = sizeof(struct ktr_csw);
ktrwrite(p, &kth);
p->p_traceflag &= ~KTRFAC_ACTIVE;
  274 }
  276 /* Interface and common routines */
  278 /*
  279  * ktrace system call
  280  */
  281 /* ARGSUSED */
  282 int
sys_ktrace(struct proc *curp, void *v, register_t *retval)
  284 {
  285         struct sys_ktrace_args /* {
  286                 syscallarg(const char *) fname;
  287                 syscallarg(int) ops;
  288                 syscallarg(int) facs;
  289                 syscallarg(pid_t) pid;
  290         } */ *uap = v;
  291         struct vnode *vp = NULL;
  292         struct proc *p = NULL;
  293         struct pgrp *pg;
  294         int facs = SCARG(uap, facs) & ~((unsigned) KTRFAC_ROOT);
  295         int ops = KTROP(SCARG(uap, ops));
  296         int descend = SCARG(uap, ops) & KTRFLAG_DESCEND;
  297         int ret = 0;
  298         int error = 0;
  299         struct nameidata nd;
curp->p_traceflag |= KTRFAC_ACTIVE;
  302         if (ops != KTROP_CLEAR) {
  303                 /*
  304                  * an operation which requires a file argument.
  305                  */
NDINIT(&nd, LOOKUP, FOLLOW, UIO_USERSPACE, SCARG(uap, fname),
curp);
  308                 if ((error = vn_open(&nd, FREAD|FWRITE|O_NOFOLLOW, 0)) != 0) {
curp->p_traceflag &= ~KTRFAC_ACTIVE;
  310                         return (error);
  311                 }
vp = nd.ni_vp;
VOP_UNLOCK(vp, 0, curp);
  315                 if (vp->v_type != VREG) {
  316                         (void) vn_close(vp, FREAD|FWRITE, curp->p_ucred, curp);
curp->p_traceflag &= ~KTRFAC_ACTIVE;
  318                         return (EACCES);
  319                 }
  320         }
  321         /*
  322          * Clear all uses of the tracefile
  323          */
  324         if (ops == KTROP_CLEARFILE) {
  325                 for (p = LIST_FIRST(&allproc); p; p = LIST_NEXT(p, p_list)) {
  326                         if (p->p_tracep == vp) {
  327                                 if (ktrcanset(curp, p)) {
p->p_traceflag = 0;
ktrsettracevnode(p, NULL);
  330                                 } else
error = EPERM;
  332                         }
  333                 }
  334                 goto done;
  335         }
  336         /*
  337          * need something to (un)trace (XXX - why is this here?)
  338          */
  339         if (!facs) {
error = EINVAL;
  341                 goto done;
  342         }
  343         /* 
  344          * do it
  345          */
  346         if (SCARG(uap, pid) < 0) {
  347                 /*
  348                  * by process group
  349                  */
pg = pgfind(-SCARG(uap, pid));
  351                 if (pg == NULL) {
error = ESRCH;
  353                         goto done;
  354                 }
LIST_FOREACH(p, &pg->pg_members, p_pglist)
  356                         if (descend)
ret |= ktrsetchildren(curp, p, ops, facs, vp);
  358                         else 
ret |= ktrops(curp, p, ops, facs, vp);
  361         } else {
  362                 /*
  363                  * by pid
  364                  */
p = pfind(SCARG(uap, pid));
  366                 if (p == NULL) {
error = ESRCH;
  368                         goto done;
  369                 }
  370                 if (descend)
ret |= ktrsetchildren(curp, p, ops, facs, vp);
  372                 else
ret |= ktrops(curp, p, ops, facs, vp);
  374         }
  375         if (!ret)
error = EPERM;
done:
  378         if (vp != NULL)
  379                 (void) vn_close(vp, FWRITE, curp->p_ucred, curp);
curp->p_traceflag &= ~KTRFAC_ACTIVE;
  381         return (error);
  382 }
  384 int
ktrops(struct proc *curp, struct proc *p, int ops, int facs, struct vnode *vp)
  386 {
  388         if (!ktrcanset(curp, p))
  389                 return (0);
  390         if (ops == KTROP_SET) {
ktrsettracevnode(p, vp);
p->p_traceflag |= facs;
  393                 if (curp->p_ucred->cr_uid == 0)
p->p_traceflag |= KTRFAC_ROOT;
  395         } else {        
  396                 /* KTROP_CLEAR */
  397                 if (((p->p_traceflag &= ~facs) & KTRFAC_MASK) == 0) {
  398                         /* no more tracing */
p->p_traceflag = 0;
ktrsettracevnode(p, NULL);
  401                 }
  402         }
  404         /*
  405          * Emit an emulation record, every time there is a ktrace
  406          * change/attach request. 
  407          */
  408         if (KTRPOINT(p, KTR_EMUL))
ktremul(p, p->p_emul->e_name);
  411         return (1);
  412 }
  414 int
ktrsetchildren(struct proc *curp, struct proc *top, int ops, int facs,
  416     struct vnode *vp)
  417 {
  418         struct proc *p;
  419         int ret = 0;
p = top;
  422         for (;;) {
ret |= ktrops(curp, p, ops, facs, vp);
  424                 /*
  425                  * If this process has children, descend to them next,
  426                  * otherwise do any siblings, and if done with this level,
  427                  * follow back up the tree (but not past top).
  428                  */
  429                 if (!LIST_EMPTY(&p->p_children))
p = LIST_FIRST(&p->p_children);
  431                 else for (;;) {
  432                         if (p == top)
  433                                 return (ret);
  434                         if (LIST_NEXT(p, p_sibling) != NULL) {
p = LIST_NEXT(p, p_sibling);
  436                                 break;
  437                         }
p = p->p_pptr;
  439                 }
  440         }
  441         /*NOTREACHED*/
  442 }
  444 int
ktrwrite(struct proc *p, struct ktr_header *kth)
  446 {
  447         struct uio auio;
  448         struct iovec aiov[2];
  449         int error;
  450         struct vnode *vp = p->p_tracep;
  452         if (vp == NULL)
  453                 return 0;
auio.uio_iov = &aiov[0];
auio.uio_offset = 0;
auio.uio_segflg = UIO_SYSSPACE;
auio.uio_rw = UIO_WRITE;
aiov[0].iov_base = (caddr_t)kth;
aiov[0].iov_len = sizeof(struct ktr_header);
auio.uio_resid = sizeof(struct ktr_header);
auio.uio_iovcnt = 1;
auio.uio_procp = p;
  463         if (kth->ktr_len > 0) {
auio.uio_iovcnt++;
aiov[1].iov_base = kth->ktr_buf;
aiov[1].iov_len = kth->ktr_len;
auio.uio_resid += kth->ktr_len;
  468         }
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, p);
error = VOP_WRITE(vp, &auio, IO_UNIT|IO_APPEND, p->p_ucred);
VOP_UNLOCK(vp, 0, p);
  472         if (!error)
  473                 return 0;
  474         /*
  475          * If error encountered, give up tracing on this vnode.
  476          */
log(LOG_NOTICE, "ktrace write failed, errno %d, tracing stopped\n",
error);
  479         for (p = LIST_FIRST(&allproc); p != NULL; p = LIST_NEXT(p, p_list)) {
  480                 if (p->p_tracep == vp) {
p->p_traceflag = 0;
ktrsettracevnode(p, NULL);
  483                 }
  484         }
  486         return error;
  487 }
  489 /*
  490  * Return true if caller has permission to set the ktracing state
  491  * of target.  Essentially, the target can't possess any
  492  * more permissions than the caller.  KTRFAC_ROOT signifies that
  493  * root previously set the tracing status on the target process, and 
  494  * so, only root may further change it.
  495  *
  496  * TODO: check groups.  use caller effective gid.
  497  */
  498 int
ktrcanset(struct proc *callp, struct proc *targetp)
  500 {
  501         struct pcred *caller = callp->p_cred;
  502         struct pcred *target = targetp->p_cred;
  504         if ((caller->pc_ucred->cr_uid == target->p_ruid &&
target->p_ruid == target->p_svuid &&
caller->p_rgid == target->p_rgid && /* XXX */
target->p_rgid == target->p_svgid &&
  508             (targetp->p_traceflag & KTRFAC_ROOT) == 0 &&
  509             !ISSET(targetp->p_flag, P_SUGID)) ||
caller->pc_ucred->cr_uid == 0)
  511                 return (1);
  513         return (0);
  514 }
  516 #endif