lttng: add system call instrumentation probe

/*

 * lttng-syscalls.c

 *

 * Copyright 2010-2011 (c) - Mathieu Desnoyers <mathieu.desnoyers@efficios.com>

 *

 * LTTng syscall probes.

 *

 * Dual LGPL v2.1/GPL v2 license.

 */

#include <linux/module.h>

#include <linux/slab.h>

#include <linux/compat.h>

#include <asm/ptrace.h>

#include <asm/syscall.h>

#include "ltt-events.h"

#ifndef CONFIG_COMPAT

static inline int is_compat_task(void)

{

	return 0;

}

#endif

static

void syscall_entry_probe(void *__data, struct pt_regs *regs, long id);

/*

 * Take care of NOARGS not supported by mainline.

 */

#define DECLARE_EVENT_CLASS_NOARGS(name, tstruct, assign, print)

#define DEFINE_EVENT_NOARGS(template, name)

#define TRACE_EVENT_NOARGS(name, struct, assign, print)

/*

 * Create LTTng tracepoint probes.

 */

#define LTTNG_PACKAGE_BUILD

#define CREATE_TRACE_POINTS

#define TP_MODULE_OVERRIDE

#define TRACE_INCLUDE_PATH ../instrumentation/syscalls/headers

#define PARAMS(args...)	args

#undef TRACE_SYSTEM

/* Hijack probe callback for system calls */

#undef TP_PROBE_CB

#define TP_PROBE_CB(_template)		&syscall_entry_probe

#define SC_TRACE_EVENT(_name, _proto, _args, _struct, _assign, _printk)	\

	TRACE_EVENT(_name, PARAMS(_proto), PARAMS(_args),\

		PARAMS(_struct), PARAMS(_assign), PARAMS(_printk))

#define SC_DECLARE_EVENT_CLASS_NOARGS(_name, _struct, _assign, _printk)	\

	DECLARE_EVENT_CLASS_NOARGS(_name, PARAMS(_struct), PARAMS(_assign),\

		PARAMS(_printk))

#define SC_DEFINE_EVENT_NOARGS(_template, _name)			\

	DEFINE_EVENT_NOARGS(_template, _name)

#define TRACE_SYSTEM syscalls_integers

#include "instrumentation/syscalls/headers/syscalls_integers.h"

#undef TRACE_SYSTEM

#define TRACE_SYSTEM syscalls_pointers

#include "instrumentation/syscalls/headers/syscalls_pointers.h"

#undef TRACE_SYSTEM

#undef SC_TRACE_EVENT

#undef SC_DECLARE_EVENT_CLASS_NOARGS

#undef SC_DEFINE_EVENT_NOARGS

#define TRACE_SYSTEM syscalls_unknown

#include "instrumentation/syscalls/headers/syscalls_unknown.h"

#undef TRACE_SYSTEM

/* For compat syscalls */

#undef _TRACE_SYSCALLS_integers_H

#undef _TRACE_SYSCALLS_pointers_H

/* Hijack probe callback for system calls */

#undef TP_PROBE_CB

#define TP_PROBE_CB(_template)		&syscall_entry_probe

#define SC_TRACE_EVENT(_name, _proto, _args, _struct, _assign, _printk)	\

	TRACE_EVENT(compat_##_name, PARAMS(_proto), PARAMS(_args),	\

		PARAMS(_struct), PARAMS(_assign),			\

		PARAMS(_printk))

#define SC_DECLARE_EVENT_CLASS_NOARGS(_name, _struct, _assign, _printk) \

	DECLARE_EVENT_CLASS_NOARGS(compat_##_name, PARAMS(_struct),	\

		PARAMS(_assign), PARAMS(_printk))

#define SC_DEFINE_EVENT_NOARGS(_template, _name)			\

	DEFINE_EVENT_NOARGS(compat_##_template, compat_##_name)

#define TRACE_SYSTEM compat_syscalls_integers

#include "instrumentation/syscalls/headers/compat_syscalls_integers.h"

#undef TRACE_SYSTEM

#define TRACE_SYSTEM compat_syscalls_pointers

#include "instrumentation/syscalls/headers/compat_syscalls_pointers.h"

#undef TRACE_SYSTEM

#undef SC_TRACE_EVENT

#undef SC_DECLARE_EVENT_CLASS_NOARGS

#undef SC_DEFINE_EVENT_NOARGS

#undef TP_PROBE_CB

#undef TP_MODULE_OVERRIDE

#undef LTTNG_PACKAGE_BUILD

#undef CREATE_TRACE_POINTS

struct trace_syscall_entry {

	void *func;

	const struct lttng_event_desc *desc;

	const struct lttng_event_field *fields;

	unsigned int nrargs;

};

#define CREATE_SYSCALL_TABLE

#undef TRACE_SYSCALL_TABLE

#define TRACE_SYSCALL_TABLE(_template, _name, _nr, _nrargs)	\

	[ _nr ] = {						\

		.func = __event_probe__##_template,		\

		.nrargs = (_nrargs),				\

		.fields = __event_fields___##_template,		\

		.desc = &__event_desc___##_name,		\

	},

static const struct trace_syscall_entry sc_table[] = {

#include "instrumentation/syscalls/headers/syscalls_integers.h"

#include "instrumentation/syscalls/headers/syscalls_pointers.h"

};

#undef TRACE_SYSCALL_TABLE

#define TRACE_SYSCALL_TABLE(_template, _name, _nr, _nrargs)	\

	[ _nr ] = {						\

		.func = __event_probe__##compat_##_template,	\

		.nrargs = (_nrargs),				\

		.fields = __event_fields___##compat_##_template,\

		.desc = &__event_desc___##compat_##_name,	\

	},

/* Create compatibility syscall table */

const struct trace_syscall_entry compat_sc_table[] = {

#include "instrumentation/syscalls/headers/compat_syscalls_integers.h"

#include "instrumentation/syscalls/headers/compat_syscalls_pointers.h"

};

#undef CREATE_SYSCALL_TABLE

static void syscall_entry_unknown(struct ltt_event *event,

	struct pt_regs *regs, unsigned int id)

{

	unsigned long args[UNKNOWN_SYSCALL_NRARGS];

	syscall_get_arguments(current, regs, 0, UNKNOWN_SYSCALL_NRARGS, args);

	if (unlikely(is_compat_task()))

		__event_probe__compat_sys_unknown(event, id, args);

	else

		__event_probe__sys_unknown(event, id, args);

}

void syscall_entry_probe(void *__data, struct pt_regs *regs, long id)

{

	struct ltt_channel *chan = __data;

	struct ltt_event *event, *unknown_event;

	const struct trace_syscall_entry *table, *entry;

	size_t table_len;

	if (unlikely(is_compat_task())) {

		table = compat_sc_table;

		table_len = ARRAY_SIZE(compat_sc_table);

		unknown_event = chan->sc_compat_unknown;

	} else {

		table = sc_table;

		table_len = ARRAY_SIZE(sc_table);

		unknown_event = chan->sc_unknown;

	}

	if (unlikely(id >= table_len)) {

		syscall_entry_unknown(unknown_event, regs, id);

		return;

	}

	if (unlikely(is_compat_task()))

		event = chan->compat_sc_table[id];

	else

		event = chan->sc_table[id];

	if (unlikely(!event)) {

		syscall_entry_unknown(unknown_event, regs, id);

		return;

	}

	entry = &table[id];

	WARN_ON_ONCE(!entry);

	switch (entry->nrargs) {

	case 0:

	{

		void (*fptr)(void *__data) = entry->func;

		fptr(event);

		break;

	}

	case 1:

	{

		void (*fptr)(void *__data, unsigned long arg0) = entry->func;

		unsigned long args[1];

		syscall_get_arguments(current, regs, 0, entry->nrargs, args);

		fptr(event, args[0]);

		break;

	}

	case 2:

	{

		void (*fptr)(void *__data,

			unsigned long arg0,

			unsigned long arg1) = entry->func;

		unsigned long args[2];

		syscall_get_arguments(current, regs, 0, entry->nrargs, args);

		fptr(event, args[0], args[1]);

		break;

	}

	case 3:

	{

		void (*fptr)(void *__data,

			unsigned long arg0,

			unsigned long arg1,

			unsigned long arg2) = entry->func;

		unsigned long args[3];

		syscall_get_arguments(current, regs, 0, entry->nrargs, args);

		fptr(event, args[0], args[1], args[2]);

		break;

	}

	case 4:

	{

		void (*fptr)(void *__data,

			unsigned long arg0,

			unsigned long arg1,

			unsigned long arg2,

			unsigned long arg3) = entry->func;

		unsigned long args[4];

		syscall_get_arguments(current, regs, 0, entry->nrargs, args);

		fptr(event, args[0], args[1], args[2], args[3]);

		break;

	}

	case 5:

	{

		void (*fptr)(void *__data,

			unsigned long arg0,

			unsigned long arg1,

			unsigned long arg2,

			unsigned long arg3,

			unsigned long arg4) = entry->func;

		unsigned long args[5];

		syscall_get_arguments(current, regs, 0, entry->nrargs, args);

		fptr(event, args[0], args[1], args[2], args[3], args[4]);

		break;

	}

	case 6:

	{

		void (*fptr)(void *__data,

			unsigned long arg0,

			unsigned long arg1,

			unsigned long arg2,

			unsigned long arg3,

			unsigned long arg4,

			unsigned long arg5) = entry->func;

		unsigned long args[6];

		syscall_get_arguments(current, regs, 0, entry->nrargs, args);

		fptr(event, args[0], args[1], args[2],

			args[3], args[4], args[5]);

		break;

	}

	default:

		break;

	}

}

/* noinline to diminish caller stack size */

static

int fill_table(const struct trace_syscall_entry *table, size_t table_len,

	struct ltt_event **chan_table, struct ltt_channel *chan, void *filter)

{

	const struct lttng_event_desc *desc;

	unsigned int i;

	/* Allocate events for each syscall, insert into table */

	for (i = 0; i < table_len; i++) {

		struct lttng_kernel_event ev;

		desc = table[i].desc;

		if (!desc) {

			/* Unknown syscall */

			continue;

		}

		/*

		 * Skip those already populated by previous failed

		 * register for this channel.

		 */

		if (chan_table[i])

			continue;

		memset(&ev, 0, sizeof(ev));

		strncpy(ev.name, desc->name, LTTNG_SYM_NAME_LEN);

		ev.name[LTTNG_SYM_NAME_LEN - 1] = '\0';

		ev.instrumentation = LTTNG_KERNEL_NOOP;

		chan_table[i] = ltt_event_create(chan, &ev, filter,

						desc);

		if (!chan_table[i]) {

			/*

			 * If something goes wrong in event registration

			 * after the first one, we have no choice but to

			 * leave the previous events in there, until

			 * deleted by session teardown.

			 */

			return -EINVAL;

		}

	}

	return 0;

}

int lttng_syscalls_register(struct ltt_channel *chan, void *filter)

{

	struct lttng_kernel_event ev;

	int ret;

	wrapper_vmalloc_sync_all();

	if (!chan->sc_table) {

		/* create syscall table mapping syscall to events */

		chan->sc_table = kzalloc(sizeof(struct ltt_event *)

					* ARRAY_SIZE(sc_table), GFP_KERNEL);

		if (!chan->sc_table)

			return -ENOMEM;

	}

#ifdef CONFIG_COMPAT

	if (!chan->compat_sc_table) {

		/* create syscall table mapping compat syscall to events */

		chan->compat_sc_table = kzalloc(sizeof(struct ltt_event *)

					* ARRAY_SIZE(compat_sc_table), GFP_KERNEL);

		if (!chan->compat_sc_table)

			return -ENOMEM;

	}

#endif

	if (!chan->sc_unknown) {

		const struct lttng_event_desc *desc =

			&__event_desc___sys_unknown;

		memset(&ev, 0, sizeof(ev));

		strncpy(ev.name, desc->name, LTTNG_SYM_NAME_LEN);

		ev.name[LTTNG_SYM_NAME_LEN - 1] = '\0';

		ev.instrumentation = LTTNG_KERNEL_NOOP;

		chan->sc_unknown = ltt_event_create(chan, &ev, filter,

						    desc);

		if (!chan->sc_unknown) {

			return -EINVAL;

		}

	}

	if (!chan->sc_compat_unknown) {

		const struct lttng_event_desc *desc =

			&__event_desc___compat_sys_unknown;

		memset(&ev, 0, sizeof(ev));

		strncpy(ev.name, desc->name, LTTNG_SYM_NAME_LEN);

		ev.name[LTTNG_SYM_NAME_LEN - 1] = '\0';

		ev.instrumentation = LTTNG_KERNEL_NOOP;

		chan->sc_compat_unknown = ltt_event_create(chan, &ev, filter,

							   desc);

		if (!chan->sc_compat_unknown) {

			return -EINVAL;

		}

	}

	if (!chan->sc_exit) {

		const struct lttng_event_desc *desc =

			&__event_desc___exit_syscall;

		memset(&ev, 0, sizeof(ev));

		strncpy(ev.name, desc->name, LTTNG_SYM_NAME_LEN);

		ev.name[LTTNG_SYM_NAME_LEN - 1] = '\0';

		ev.instrumentation = LTTNG_KERNEL_NOOP;

		chan->sc_exit = ltt_event_create(chan, &ev, filter,

						 desc);

		if (!chan->sc_exit) {

			return -EINVAL;

		}

	}

	ret = fill_table(sc_table, ARRAY_SIZE(sc_table),

			chan->sc_table, chan, filter);

	if (ret)

		return ret;

#ifdef CONFIG_COMPAT

	ret = fill_table(compat_sc_table, ARRAY_SIZE(compat_sc_table),

			chan->compat_sc_table, chan, filter);

	if (ret)

		return ret;

#endif

	ret = tracepoint_probe_register("sys_enter",

			(void *) syscall_entry_probe, chan);

	if (ret)

		return ret;

	/*

	 * We change the name of sys_exit tracepoint due to namespace

	 * conflict with sys_exit syscall entry.

	 */

	ret = tracepoint_probe_register("sys_exit",

			(void *) __event_probe__exit_syscall,

			chan->sc_exit);

	if (ret) {

		WARN_ON_ONCE(tracepoint_probe_unregister("sys_enter",

			(void *) syscall_entry_probe, chan));

	}

	return ret;

}

/*

 * Only called at session destruction.

 */

int lttng_syscalls_unregister(struct ltt_channel *chan)

{

	int ret;

	if (!chan->sc_table)

		return 0;

	ret = tracepoint_probe_unregister("sys_exit",

			(void *) __event_probe__exit_syscall,

			chan->sc_exit);

	if (ret)

		return ret;

	ret = tracepoint_probe_unregister("sys_enter",

			(void *) syscall_entry_probe, chan);

	if (ret)

		return ret;

	/* ltt_event destroy will be performed by ltt_session_destroy() */

	kfree(chan->sc_table);

#ifdef CONFIG_COMPAT

	kfree(chan->compat_sc_table);

#endif

	return 0;

}