projects / lttng-tools.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
liblttng-ctl: use export list to define exported symbols
[lttng-tools.git] / src / common / event-rule / kernel-syscall.c
1 /*
2 * Copyright (C) 2019 Jonathan Rajotte <jonathan.rajotte-julien@efficios.com>
3 *
4 * SPDX-License-Identifier: LGPL-2.1-only
5 *
6 */
7
8 #include <common/credentials.h>
9 #include <common/error.h>
10 #include <common/hashtable/hashtable.h>
11 #include <common/hashtable/utils.h>
12 #include <common/macros.h>
13 #include <common/mi-lttng.h>
14 #include <common/payload-view.h>
15 #include <common/payload.h>
16 #include <common/runas.h>
17 #include <common/string-utils/string-utils.h>
18 #include <lttng/event-rule/event-rule-internal.h>
19 #include <lttng/event-rule/kernel-syscall-internal.h>
20
21 #define IS_SYSCALL_EVENT_RULE(rule) \
22 (lttng_event_rule_get_type(rule) == LTTNG_EVENT_RULE_TYPE_KERNEL_SYSCALL)
23
24 static void lttng_event_rule_kernel_syscall_destroy(struct lttng_event_rule *rule)
25 {
26 struct lttng_event_rule_kernel_syscall *syscall;
27
28 if (rule == NULL) {
29 return;
30 }
31
32 syscall = container_of(rule, struct lttng_event_rule_kernel_syscall, parent);
33
34 free(syscall->pattern);
35 free(syscall->filter_expression);
36 free(syscall->internal_filter.filter);
37 free(syscall->internal_filter.bytecode);
38 free(syscall);
39 }
40
41 static bool lttng_event_rule_kernel_syscall_validate(
42 const struct lttng_event_rule *rule)
43 {
44 bool valid = false;
45 struct lttng_event_rule_kernel_syscall *syscall;
46
47 if (!rule) {
48 goto end;
49 }
50
51 syscall = container_of(rule, struct lttng_event_rule_kernel_syscall, parent);
52
53 /* Required field. */
54 if (!syscall->pattern) {
55 ERR("Invalid syscall event rule: a pattern must be set.");
56 goto end;
57 }
58
59 valid = true;
60 end:
61 return valid;
62 }
63
64 static int lttng_event_rule_kernel_syscall_serialize(
65 const struct lttng_event_rule *rule,
66 struct lttng_payload *payload)
67 {
68 int ret;
69 size_t pattern_len, filter_expression_len;
70 struct lttng_event_rule_kernel_syscall *syscall;
71 struct lttng_event_rule_kernel_syscall_comm syscall_comm;
72
73 if (!rule || !IS_SYSCALL_EVENT_RULE(rule)) {
74 ret = -1;
75 goto end;
76 }
77
78 DBG("Serializing syscall event rule");
79 syscall = container_of(rule, struct lttng_event_rule_kernel_syscall, parent);
80
81 pattern_len = strlen(syscall->pattern) + 1;
82
83 if (syscall->filter_expression != NULL) {
84 filter_expression_len = strlen(syscall->filter_expression) + 1;
85 } else {
86 filter_expression_len = 0;
87 }
88
89 syscall_comm.pattern_len = pattern_len;
90 syscall_comm.filter_expression_len = filter_expression_len;
91 syscall_comm.emission_site = syscall->emission_site;
92
93 ret = lttng_dynamic_buffer_append(
94 &payload->buffer, &syscall_comm, sizeof(syscall_comm));
95 if (ret) {
96 goto end;
97 }
98
99 ret = lttng_dynamic_buffer_append(
100 &payload->buffer, syscall->pattern, pattern_len);
101 if (ret) {
102 goto end;
103 }
104
105 ret = lttng_dynamic_buffer_append(&payload->buffer,
106 syscall->filter_expression, filter_expression_len);
107 end:
108 return ret;
109 }
110
111 static bool lttng_event_rule_kernel_syscall_is_equal(const struct lttng_event_rule *_a,
112 const struct lttng_event_rule *_b)
113 {
114 bool is_equal = false;
115 struct lttng_event_rule_kernel_syscall *a, *b;
116
117 a = container_of(_a, struct lttng_event_rule_kernel_syscall, parent);
118 b = container_of(_b, struct lttng_event_rule_kernel_syscall, parent);
119
120 if (!!a->filter_expression != !!b->filter_expression) {
121 goto end;
122 }
123
124 LTTNG_ASSERT(a->pattern);
125 LTTNG_ASSERT(b->pattern);
126 if (strcmp(a->pattern, b->pattern)) {
127 goto end;
128 }
129
130 if (a->filter_expression && b->filter_expression) {
131 if (strcmp(a->filter_expression, b->filter_expression)) {
132 goto end;
133 }
134 } else if (!!a->filter_expression != !!b->filter_expression) {
135 /* One is set and not the other. */
136 goto end;
137 }
138
139 is_equal = true;
140 end:
141 return is_equal;
142 }
143
144 static enum lttng_error_code lttng_event_rule_kernel_syscall_generate_filter_bytecode(
145 struct lttng_event_rule *rule,
146 const struct lttng_credentials *creds)
147 {
148 int ret;
149 enum lttng_error_code ret_code = LTTNG_OK;
150 struct lttng_event_rule_kernel_syscall *syscall;
151 enum lttng_event_rule_status status;
152 const char *filter;
153 struct lttng_bytecode *bytecode = NULL;
154
155 LTTNG_ASSERT(rule);
156
157 syscall = container_of(rule, struct lttng_event_rule_kernel_syscall, parent);
158
159 /* Generate the filter bytecode. */
160 status = lttng_event_rule_kernel_syscall_get_filter(rule, &filter);
161 if (status == LTTNG_EVENT_RULE_STATUS_UNSET) {
162 filter = NULL;
163 } else if (status != LTTNG_EVENT_RULE_STATUS_OK) {
164 ret_code = LTTNG_ERR_FILTER_INVAL;
165 goto end;
166 }
167
168 if (filter && filter[0] == '\0') {
169 ret_code = LTTNG_ERR_FILTER_INVAL;
170 goto end;
171 }
172
173 if (filter == NULL) {
174 /* Nothing to do. */
175 ret = LTTNG_OK;
176 goto end;
177 }
178
179 syscall->internal_filter.filter = strdup(filter);
180 if (syscall->internal_filter.filter == NULL) {
181 ret_code = LTTNG_ERR_NOMEM;
182 goto end;
183 }
184
185 ret = run_as_generate_filter_bytecode(
186 syscall->internal_filter.filter, creds, &bytecode);
187 if (ret) {
188 ret_code = LTTNG_ERR_FILTER_INVAL;
189 }
190
191 syscall->internal_filter.bytecode = bytecode;
192 bytecode = NULL;
193
194 end:
195 free(bytecode);
196 return ret_code;
197 }
198
199 static const char *lttng_event_rule_kernel_syscall_get_internal_filter(
200 const struct lttng_event_rule *rule)
201 {
202 struct lttng_event_rule_kernel_syscall *syscall;
203
204 LTTNG_ASSERT(rule);
205 syscall = container_of(rule, struct lttng_event_rule_kernel_syscall, parent);
206
207 return syscall->internal_filter.filter;
208 }
209
210 static const struct lttng_bytecode *
211 lttng_event_rule_kernel_syscall_get_internal_filter_bytecode(
212 const struct lttng_event_rule *rule)
213 {
214 struct lttng_event_rule_kernel_syscall *syscall;
215
216 LTTNG_ASSERT(rule);
217 syscall = container_of(rule, struct lttng_event_rule_kernel_syscall, parent);
218
219 return syscall->internal_filter.bytecode;
220 }
221
222 static enum lttng_event_rule_generate_exclusions_status
223 lttng_event_rule_kernel_syscall_generate_exclusions(const struct lttng_event_rule *rule,
224 struct lttng_event_exclusion **exclusions)
225 {
226 /* Unsupported. */
227 *exclusions = NULL;
228 return LTTNG_EVENT_RULE_GENERATE_EXCLUSIONS_STATUS_NONE;
229 }
230
231 static unsigned long
232 lttng_event_rule_kernel_syscall_hash(
233 const struct lttng_event_rule *rule)
234 {
235 unsigned long hash;
236 struct lttng_event_rule_kernel_syscall *syscall_rule =
237 container_of(rule, typeof(*syscall_rule), parent);
238
239 hash = hash_key_ulong((void *) LTTNG_EVENT_RULE_TYPE_KERNEL_SYSCALL,
240 lttng_ht_seed);
241 hash ^= hash_key_str(syscall_rule->pattern, lttng_ht_seed);
242 if (syscall_rule->filter_expression) {
243 hash ^= hash_key_str(syscall_rule->filter_expression,
244 lttng_ht_seed);
245 }
246
247 return hash;
248 }
249
250 static enum lttng_error_code lttng_event_rule_kernel_syscall_mi_serialize(
251 const struct lttng_event_rule *rule, struct mi_writer *writer)
252 {
253 int ret;
254 enum lttng_error_code ret_code;
255 enum lttng_event_rule_status status;
256
257 enum lttng_event_rule_kernel_syscall_emission_site site_type;
258 const char *filter = NULL;
259 const char *name_pattern = NULL;
260 const char *site_type_str = NULL;
261
262 LTTNG_ASSERT(rule);
263 LTTNG_ASSERT(writer);
264 LTTNG_ASSERT(IS_SYSCALL_EVENT_RULE(rule));
265
266 status = lttng_event_rule_kernel_syscall_get_name_pattern(
267 rule, &name_pattern);
268 LTTNG_ASSERT(status == LTTNG_EVENT_RULE_STATUS_OK);
269 LTTNG_ASSERT(name_pattern);
270
271 status = lttng_event_rule_kernel_syscall_get_filter(rule, &filter);
272 LTTNG_ASSERT(status == LTTNG_EVENT_RULE_STATUS_OK ||
273 status == LTTNG_EVENT_RULE_STATUS_UNSET);
274
275 site_type = lttng_event_rule_kernel_syscall_get_emission_site(rule);
276
277 switch (site_type) {
278 case LTTNG_EVENT_RULE_KERNEL_SYSCALL_EMISSION_SITE_ENTRY_EXIT:
279 site_type_str = mi_lttng_event_rule_kernel_syscall_emission_site_entry_exit;
280 break;
281 case LTTNG_EVENT_RULE_KERNEL_SYSCALL_EMISSION_SITE_ENTRY:
282 site_type_str = mi_lttng_event_rule_kernel_syscall_emission_site_entry;
283 break;
284 case LTTNG_EVENT_RULE_KERNEL_SYSCALL_EMISSION_SITE_EXIT:
285 site_type_str = mi_lttng_event_rule_kernel_syscall_emission_site_exit;
286 break;
287 default:
288 abort();
289 break;
290 }
291
292 /* Open event rule kernel syscall element. */
293 ret = mi_lttng_writer_open_element(
294 writer, mi_lttng_element_event_rule_kernel_syscall);
295 if (ret) {
296 goto mi_error;
297 }
298
299 /* Emission site. */
300 ret = mi_lttng_writer_write_element_string(writer,
301 mi_lttng_element_event_rule_kernel_syscall_emission_site,
302 site_type_str);
303 if (ret) {
304 goto mi_error;
305 }
306
307 /* Name pattern. */
308 ret = mi_lttng_writer_write_element_string(writer,
309 mi_lttng_element_event_rule_name_pattern, name_pattern);
310 if (ret) {
311 goto mi_error;
312 }
313
314 /* Filter. */
315 if (filter != NULL) {
316 ret = mi_lttng_writer_write_element_string(writer,
317 mi_lttng_element_event_rule_filter_expression,
318 filter);
319 if (ret) {
320 goto mi_error;
321 }
322 }
323
324 /* Close event rule kernel syscall. */
325 ret = mi_lttng_writer_close_element(writer);
326 if (ret) {
327 goto mi_error;
328 }
329
330 ret_code = LTTNG_OK;
331 goto end;
332
333 mi_error:
334 ret_code = LTTNG_ERR_MI_IO_FAIL;
335 end:
336 return ret_code;
337 }
338
339 struct lttng_event_rule *lttng_event_rule_kernel_syscall_create(
340 enum lttng_event_rule_kernel_syscall_emission_site
341 emission_site)
342 {
343 struct lttng_event_rule *rule = NULL;
344 struct lttng_event_rule_kernel_syscall *syscall_rule;
345 enum lttng_event_rule_status status;
346
347 /* Validate the emission site type */
348 switch (emission_site) {
349 case LTTNG_EVENT_RULE_KERNEL_SYSCALL_EMISSION_SITE_ENTRY_EXIT:
350 case LTTNG_EVENT_RULE_KERNEL_SYSCALL_EMISSION_SITE_ENTRY:
351 case LTTNG_EVENT_RULE_KERNEL_SYSCALL_EMISSION_SITE_EXIT:
352 break;
353 default:
354 /* Invalid emission type */
355 goto end;
356 }
357
358 syscall_rule = zmalloc(sizeof(struct lttng_event_rule_kernel_syscall));
359 if (!syscall_rule) {
360 goto end;
361 }
362
363 rule = &syscall_rule->parent;
364 lttng_event_rule_init(
365 &syscall_rule->parent, LTTNG_EVENT_RULE_TYPE_KERNEL_SYSCALL);
366 syscall_rule->parent.validate = lttng_event_rule_kernel_syscall_validate;
367 syscall_rule->parent.serialize = lttng_event_rule_kernel_syscall_serialize;
368 syscall_rule->parent.equal = lttng_event_rule_kernel_syscall_is_equal;
369 syscall_rule->parent.destroy = lttng_event_rule_kernel_syscall_destroy;
370 syscall_rule->parent.generate_filter_bytecode =
371 lttng_event_rule_kernel_syscall_generate_filter_bytecode;
372 syscall_rule->parent.get_filter =
373 lttng_event_rule_kernel_syscall_get_internal_filter;
374 syscall_rule->parent.get_filter_bytecode =
375 lttng_event_rule_kernel_syscall_get_internal_filter_bytecode;
376 syscall_rule->parent.generate_exclusions =
377 lttng_event_rule_kernel_syscall_generate_exclusions;
378 syscall_rule->parent.hash = lttng_event_rule_kernel_syscall_hash;
379 syscall_rule->parent.mi_serialize = lttng_event_rule_kernel_syscall_mi_serialize;
380
381 /* Default pattern is '*'. */
382 status = lttng_event_rule_kernel_syscall_set_name_pattern(rule, "*");
383 if (status != LTTNG_EVENT_RULE_STATUS_OK) {
384 lttng_event_rule_destroy(rule);
385 rule = NULL;
386 }
387
388 /* Emission site type */
389 syscall_rule->emission_site = emission_site;
390
391 end:
392 return rule;
393 }
394
395 ssize_t lttng_event_rule_kernel_syscall_create_from_payload(
396 struct lttng_payload_view *view,
397 struct lttng_event_rule **_event_rule)
398 {
399 ssize_t ret, offset = 0;
400 enum lttng_event_rule_status status;
401 const struct lttng_event_rule_kernel_syscall_comm *syscall_comm;
402 const char *pattern;
403 const char *filter_expression = NULL;
404 struct lttng_buffer_view current_buffer_view;
405 struct lttng_event_rule *rule = NULL;
406
407 if (!_event_rule) {
408 ret = -1;
409 goto end;
410 }
411
412 if (view->buffer.size < sizeof(*syscall_comm)) {
413 ERR("Failed to initialize from malformed event rule syscall: buffer too short to contain header");
414 ret = -1;
415 goto end;
416 }
417
418 current_buffer_view = lttng_buffer_view_from_view(
419 &view->buffer, offset, sizeof(*syscall_comm));
420 if (!lttng_buffer_view_is_valid(&current_buffer_view)) {
421 ret = -1;
422 goto end;
423 }
424
425 syscall_comm = (typeof(syscall_comm)) current_buffer_view.data;
426 rule = lttng_event_rule_kernel_syscall_create(syscall_comm->emission_site);
427 if (!rule) {
428 ERR("Failed to create event rule syscall");
429 ret = -1;
430 goto end;
431 }
432
433 /* Skip to payload. */
434 offset += current_buffer_view.size;
435
436 /* Map the pattern. */
437 current_buffer_view = lttng_buffer_view_from_view(
438 &view->buffer, offset, syscall_comm->pattern_len);
439 if (!lttng_buffer_view_is_valid(&current_buffer_view)) {
440 ret = -1;
441 goto end;
442 }
443
444 pattern = current_buffer_view.data;
445 if (!lttng_buffer_view_contains_string(&current_buffer_view, pattern,
446 syscall_comm->pattern_len)) {
447 ret = -1;
448 goto end;
449 }
450
451 /* Skip after the pattern. */
452 offset += syscall_comm->pattern_len;
453
454 if (!syscall_comm->filter_expression_len) {
455 goto skip_filter_expression;
456 }
457
458 /* Map the filter_expression. */
459 current_buffer_view = lttng_buffer_view_from_view(&view->buffer, offset,
460 syscall_comm->filter_expression_len);
461 if (!lttng_buffer_view_is_valid(&current_buffer_view)) {
462 ret = -1;
463 goto end;
464 }
465
466 filter_expression = current_buffer_view.data;
467 if (!lttng_buffer_view_contains_string(&current_buffer_view,
468 filter_expression,
469 syscall_comm->filter_expression_len)) {
470 ret = -1;
471 goto end;
472 }
473
474 /* Skip after the pattern. */
475 offset += syscall_comm->filter_expression_len;
476
477 skip_filter_expression:
478
479 status = lttng_event_rule_kernel_syscall_set_name_pattern(rule, pattern);
480 if (status != LTTNG_EVENT_RULE_STATUS_OK) {
481 ERR("Failed to set event rule syscall pattern");
482 ret = -1;
483 goto end;
484 }
485
486 if (filter_expression) {
487 status = lttng_event_rule_kernel_syscall_set_filter(
488 rule, filter_expression);
489 if (status != LTTNG_EVENT_RULE_STATUS_OK) {
490 ERR("Failed to set event rule syscall pattern");
491 ret = -1;
492 goto end;
493 }
494 }
495
496 *_event_rule = rule;
497 rule = NULL;
498 ret = offset;
499 end:
500 lttng_event_rule_destroy(rule);
501 return ret;
502 }
503
504 enum lttng_event_rule_status lttng_event_rule_kernel_syscall_set_name_pattern(
505 struct lttng_event_rule *rule, const char *pattern)
506 {
507 char *pattern_copy = NULL;
508 struct lttng_event_rule_kernel_syscall *syscall;
509 enum lttng_event_rule_status status = LTTNG_EVENT_RULE_STATUS_OK;
510
511 if (!rule || !IS_SYSCALL_EVENT_RULE(rule) || !pattern ||
512 strlen(pattern) == 0) {
513 status = LTTNG_EVENT_RULE_STATUS_INVALID;
514 goto end;
515 }
516
517 syscall = container_of(rule, struct lttng_event_rule_kernel_syscall, parent);
518 pattern_copy = strdup(pattern);
519 if (!pattern_copy) {
520 status = LTTNG_EVENT_RULE_STATUS_ERROR;
521 goto end;
522 }
523
524 strutils_normalize_star_glob_pattern(pattern_copy);
525
526 free(syscall->pattern);
527
528 syscall->pattern = pattern_copy;
529 pattern_copy = NULL;
530 end:
531 return status;
532 }
533
534 enum lttng_event_rule_status lttng_event_rule_kernel_syscall_get_name_pattern(
535 const struct lttng_event_rule *rule, const char **pattern)
536 {
537 struct lttng_event_rule_kernel_syscall *syscall;
538 enum lttng_event_rule_status status = LTTNG_EVENT_RULE_STATUS_OK;
539
540 if (!rule || !IS_SYSCALL_EVENT_RULE(rule) || !pattern) {
541 status = LTTNG_EVENT_RULE_STATUS_INVALID;
542 goto end;
543 }
544
545 syscall = container_of(rule, struct lttng_event_rule_kernel_syscall, parent);
546 if (!syscall->pattern) {
547 status = LTTNG_EVENT_RULE_STATUS_UNSET;
548 goto end;
549 }
550
551 *pattern = syscall->pattern;
552 end:
553 return status;
554 }
555
556 enum lttng_event_rule_status lttng_event_rule_kernel_syscall_set_filter(
557 struct lttng_event_rule *rule, const char *expression)
558 {
559 char *expression_copy = NULL;
560 struct lttng_event_rule_kernel_syscall *syscall;
561 enum lttng_event_rule_status status = LTTNG_EVENT_RULE_STATUS_OK;
562
563 /* TODO: validate that the passed expression is valid. */
564
565 if (!rule || !IS_SYSCALL_EVENT_RULE(rule) || !expression ||
566 strlen(expression) == 0) {
567 status = LTTNG_EVENT_RULE_STATUS_INVALID;
568 goto end;
569 }
570
571 syscall = container_of(rule, struct lttng_event_rule_kernel_syscall, parent);
572 expression_copy = strdup(expression);
573 if (!expression_copy) {
574 status = LTTNG_EVENT_RULE_STATUS_ERROR;
575 goto end;
576 }
577
578 if (syscall->filter_expression) {
579 free(syscall->filter_expression);
580 }
581
582 syscall->filter_expression = expression_copy;
583 expression_copy = NULL;
584 end:
585 return status;
586 }
587
588 enum lttng_event_rule_status lttng_event_rule_kernel_syscall_get_filter(
589 const struct lttng_event_rule *rule, const char **expression)
590 {
591 struct lttng_event_rule_kernel_syscall *syscall;
592 enum lttng_event_rule_status status = LTTNG_EVENT_RULE_STATUS_OK;
593
594 if (!rule || !IS_SYSCALL_EVENT_RULE(rule) || !expression) {
595 status = LTTNG_EVENT_RULE_STATUS_INVALID;
596 goto end;
597 }
598
599 syscall = container_of(rule, struct lttng_event_rule_kernel_syscall, parent);
600 if (!syscall->filter_expression) {
601 status = LTTNG_EVENT_RULE_STATUS_UNSET;
602 goto end;
603 }
604
605 *expression = syscall->filter_expression;
606 end:
607 return status;
608 }
609 extern enum lttng_event_rule_kernel_syscall_emission_site
610 lttng_event_rule_kernel_syscall_get_emission_site(
611 const struct lttng_event_rule *rule)
612 {
613 enum lttng_event_rule_kernel_syscall_emission_site emission_site =
614 LTTNG_EVENT_RULE_KERNEL_SYSCALL_EMISSION_SITE_UNKNOWN;
615 struct lttng_event_rule_kernel_syscall *syscall;
616
617 if (!rule || !IS_SYSCALL_EVENT_RULE(rule)) {
618 goto end;
619 }
620
621 syscall = container_of(rule, struct lttng_event_rule_kernel_syscall, parent);
622 emission_site = syscall->emission_site;
623
624 end:
625 return emission_site;
626 }
627
628 const char *lttng_event_rule_kernel_syscall_emission_site_str(
629 enum lttng_event_rule_kernel_syscall_emission_site emission_site)
630 {
631 switch (emission_site) {
632 case LTTNG_EVENT_RULE_KERNEL_SYSCALL_EMISSION_SITE_ENTRY:
633 return "entry";
634 case LTTNG_EVENT_RULE_KERNEL_SYSCALL_EMISSION_SITE_ENTRY_EXIT:
635 return "entry+exit";
636 case LTTNG_EVENT_RULE_KERNEL_SYSCALL_EMISSION_SITE_EXIT:
637 return "exit";
638 default:
639 return "???";
640 }
641 }
LTTng 2.0 tools and control repository
This page took 0.042273 seconds and 4 git commands to generate.