1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 22 /* 23 * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 28 #include <sys/atomic.h> 29 #include <sys/errno.h> 30 #include <sys/stat.h> 31 #include <sys/modctl.h> 32 #include <sys/conf.h> 33 #include <sys/systm.h> 34 #include <sys/ddi.h> 35 #include <sys/sunddi.h> 36 #include <sys/cpuvar.h> 37 #include <sys/kmem.h> 38 #include <sys/strsubr.h> 39 #include <sys/fasttrap.h> 40 #include <sys/fasttrap_impl.h> 41 #include <sys/fasttrap_isa.h> 42 #include <sys/dtrace.h> 43 #include <sys/dtrace_impl.h> 44 #include <sys/sysmacros.h> 45 #include <sys/proc.h> 46 #include <sys/priv.h> 47 #include <sys/policy.h> 48 #include <util/qsort.h> 49 50 /* 51 * User-Land Trap-Based Tracing 52 * ---------------------------- 53 * 54 * The fasttrap provider allows DTrace consumers to instrument any user-level 55 * instruction to gather data; this includes probes with semantic 56 * signifigance like entry and return as well as simple offsets into the 57 * function. While the specific techniques used are very ISA specific, the 58 * methodology is generalizable to any architecture. 59 * 60 * 61 * The General Methodology 62 * ----------------------- 63 * 64 * With the primary goal of tracing every user-land instruction and the 65 * limitation that we can't trust user space so don't want to rely on much 66 * information there, we begin by replacing the instructions we want to trace 67 * with trap instructions. Each instruction we overwrite is saved into a hash 68 * table keyed by process ID and pc address. When we enter the kernel due to 69 * this trap instruction, we need the effects of the replaced instruction to 70 * appear to have occurred before we proceed with the user thread's 71 * execution. 72 * 73 * Each user level thread is represented by a ulwp_t structure which is 74 * always easily accessible through a register. The most basic way to produce 75 * the effects of the instruction we replaced is to copy that instruction out 76 * to a bit of scratch space reserved in the user thread's ulwp_t structure 77 * (a sort of kernel-private thread local storage), set the PC to that 78 * scratch space and single step. When we reenter the kernel after single 79 * stepping the instruction we must then adjust the PC to point to what would 80 * normally be the next instruction. Of course, special care must be taken 81 * for branches and jumps, but these represent such a small fraction of any 82 * instruction set that writing the code to emulate these in the kernel is 83 * not too difficult. 84 * 85 * Return probes may require several tracepoints to trace every return site, 86 * and, conversely, each tracepoint may activate several probes (the entry 87 * and offset 0 probes, for example). To solve this muliplexing problem, 88 * tracepoints contain lists of probes to activate and probes contain lists 89 * of tracepoints to enable. If a probe is activated, it adds its ID to 90 * existing tracepoints or creates new ones as necessary. 91 * 92 * Most probes are activated _before_ the instruction is executed, but return 93 * probes are activated _after_ the effects of the last instruction of the 94 * function are visible. Return probes must be fired _after_ we have 95 * single-stepped the instruction whereas all other probes are fired 96 * beforehand. 97 * 98 * 99 * Lock Ordering 100 * ------------- 101 * 102 * The lock ordering below -- both internally and with respect to the DTrace 103 * framework -- is a little tricky and bears some explanation. Each provider 104 * has a lock (ftp_mtx) that protects its members including reference counts 105 * for enabled probes (ftp_rcount), consumers actively creating probes 106 * (ftp_ccount) and USDT consumers (ftp_mcount); all three prevent a provider 107 * from being freed. A provider is looked up by taking the bucket lock for the 108 * provider hash table, and is returned with its lock held. The provider lock 109 * may be taken in functions invoked by the DTrace framework, but may not be 110 * held while calling functions in the DTrace framework. 111 * 112 * To ensure consistency over multiple calls to the DTrace framework, the 113 * creation lock (ftp_cmtx) should be held. Naturally, the creation lock may 114 * not be taken when holding the provider lock as that would create a cyclic 115 * lock ordering. In situations where one would naturally take the provider 116 * lock and then the creation lock, we instead up a reference count to prevent 117 * the provider from disappearing, drop the provider lock, and acquire the 118 * creation lock. 119 * 120 * Briefly: 121 * bucket lock before provider lock 122 * DTrace before provider lock 123 * creation lock before DTrace 124 * never hold the provider lock and creation lock simultaneously 125 */ 126 127 static dev_info_t *fasttrap_devi; 128 static dtrace_meta_provider_id_t fasttrap_meta_id; 129 130 static timeout_id_t fasttrap_timeout; 131 static kmutex_t fasttrap_cleanup_mtx; 132 static uint_t fasttrap_cleanup_work; 133 134 /* 135 * Generation count on modifications to the global tracepoint lookup table. 136 */ 137 static volatile uint64_t fasttrap_mod_gen; 138 139 /* 140 * When the fasttrap provider is loaded, fasttrap_max is set to either 141 * FASTTRAP_MAX_DEFAULT or the value for fasttrap-max-probes in the 142 * fasttrap.conf file. Each time a probe is created, fasttrap_total is 143 * incremented by the number of tracepoints that may be associated with that 144 * probe; fasttrap_total is capped at fasttrap_max. 145 */ 146 #define FASTTRAP_MAX_DEFAULT 250000 147 static uint32_t fasttrap_max; 148 static uint32_t fasttrap_total; 149 150 151 #define FASTTRAP_TPOINTS_DEFAULT_SIZE 0x4000 152 #define FASTTRAP_PROVIDERS_DEFAULT_SIZE 0x100 153 #define FASTTRAP_PROCS_DEFAULT_SIZE 0x100 154 155 #define FASTTRAP_PID_NAME "pid" 156 157 fasttrap_hash_t fasttrap_tpoints; 158 static fasttrap_hash_t fasttrap_provs; 159 static fasttrap_hash_t fasttrap_procs; 160 161 static uint64_t fasttrap_pid_count; /* pid ref count */ 162 static kmutex_t fasttrap_count_mtx; /* lock on ref count */ 163 164 #define FASTTRAP_ENABLE_FAIL 1 165 #define FASTTRAP_ENABLE_PARTIAL 2 166 167 static int fasttrap_tracepoint_enable(proc_t *, fasttrap_probe_t *, uint_t); 168 static void fasttrap_tracepoint_disable(proc_t *, fasttrap_probe_t *, uint_t); 169 170 static fasttrap_provider_t *fasttrap_provider_lookup(pid_t, const char *, 171 const dtrace_pattr_t *); 172 static void fasttrap_provider_retire(pid_t, const char *, int); 173 static void fasttrap_provider_free(fasttrap_provider_t *); 174 175 static fasttrap_proc_t *fasttrap_proc_lookup(pid_t); 176 static void fasttrap_proc_release(fasttrap_proc_t *); 177 178 #define FASTTRAP_PROVS_INDEX(pid, name) \ 179 ((fasttrap_hash_str(name) + (pid)) & fasttrap_provs.fth_mask) 180 181 #define FASTTRAP_PROCS_INDEX(pid) ((pid) & fasttrap_procs.fth_mask) 182 183 static int 184 fasttrap_highbit(ulong_t i) 185 { 186 int h = 1; 187 188 if (i == 0) 189 return (0); 190 #ifdef _LP64 191 if (i & 0xffffffff00000000ul) { 192 h += 32; i >>= 32; 193 } 194 #endif 195 if (i & 0xffff0000) { 196 h += 16; i >>= 16; 197 } 198 if (i & 0xff00) { 199 h += 8; i >>= 8; 200 } 201 if (i & 0xf0) { 202 h += 4; i >>= 4; 203 } 204 if (i & 0xc) { 205 h += 2; i >>= 2; 206 } 207 if (i & 0x2) { 208 h += 1; 209 } 210 return (h); 211 } 212 213 static uint_t 214 fasttrap_hash_str(const char *p) 215 { 216 unsigned int g; 217 uint_t hval = 0; 218 219 while (*p) { 220 hval = (hval << 4) + *p++; 221 if ((g = (hval & 0xf0000000)) != 0) 222 hval ^= g >> 24; 223 hval &= ~g; 224 } 225 return (hval); 226 } 227 228 void 229 fasttrap_sigtrap(proc_t *p, kthread_t *t, uintptr_t pc) 230 { 231 sigqueue_t *sqp = kmem_zalloc(sizeof (sigqueue_t), KM_SLEEP); 232 233 sqp->sq_info.si_signo = SIGTRAP; 234 sqp->sq_info.si_code = TRAP_DTRACE; 235 sqp->sq_info.si_addr = (caddr_t)pc; 236 237 mutex_enter(&p->p_lock); 238 sigaddqa(p, t, sqp); 239 mutex_exit(&p->p_lock); 240 241 if (t != NULL) 242 aston(t); 243 } 244 245 /* 246 * This function ensures that no threads are actively using the memory 247 * associated with probes that were formerly live. 248 */ 249 static void 250 fasttrap_mod_barrier(uint64_t gen) 251 { 252 int i; 253 254 if (gen < fasttrap_mod_gen) 255 return; 256 257 fasttrap_mod_gen++; 258 259 for (i = 0; i < NCPU; i++) { 260 mutex_enter(&cpu_core[i].cpuc_pid_lock); 261 mutex_exit(&cpu_core[i].cpuc_pid_lock); 262 } 263 } 264 265 /* 266 * This is the timeout's callback for cleaning up the providers and their 267 * probes. 268 */ 269 /*ARGSUSED*/ 270 static void 271 fasttrap_pid_cleanup_cb(void *data) 272 { 273 fasttrap_provider_t **fpp, *fp; 274 fasttrap_bucket_t *bucket; 275 dtrace_provider_id_t provid; 276 int i, later; 277 278 static volatile int in = 0; 279 ASSERT(in == 0); 280 in = 1; 281 282 mutex_enter(&fasttrap_cleanup_mtx); 283 while (fasttrap_cleanup_work) { 284 fasttrap_cleanup_work = 0; 285 mutex_exit(&fasttrap_cleanup_mtx); 286 287 later = 0; 288 289 /* 290 * Iterate over all the providers trying to remove the marked 291 * ones. If a provider is marked but not retired, we just 292 * have to take a crack at removing it -- it's no big deal if 293 * we can't. 294 */ 295 for (i = 0; i < fasttrap_provs.fth_nent; i++) { 296 bucket = &fasttrap_provs.fth_table[i]; 297 mutex_enter(&bucket->ftb_mtx); 298 fpp = (fasttrap_provider_t **)&bucket->ftb_data; 299 300 while ((fp = *fpp) != NULL) { 301 if (!fp->ftp_marked) { 302 fpp = &fp->ftp_next; 303 continue; 304 } 305 306 mutex_enter(&fp->ftp_mtx); 307 308 /* 309 * If this provider has consumers actively 310 * creating probes (ftp_ccount) or is a USDT 311 * provider (ftp_mcount), we can't unregister 312 * or even condense. 313 */ 314 if (fp->ftp_ccount != 0 || 315 fp->ftp_mcount != 0) { 316 mutex_exit(&fp->ftp_mtx); 317 fp->ftp_marked = 0; 318 continue; 319 } 320 321 if (!fp->ftp_retired || fp->ftp_rcount != 0) 322 fp->ftp_marked = 0; 323 324 mutex_exit(&fp->ftp_mtx); 325 326 /* 327 * If we successfully unregister this 328 * provider we can remove it from the hash 329 * chain and free the memory. If our attempt 330 * to unregister fails and this is a retired 331 * provider, increment our flag to try again 332 * pretty soon. If we've consumed more than 333 * half of our total permitted number of 334 * probes call dtrace_condense() to try to 335 * clean out the unenabled probes. 336 */ 337 provid = fp->ftp_provid; 338 if (dtrace_unregister(provid) != 0) { 339 if (fasttrap_total > fasttrap_max / 2) 340 (void) dtrace_condense(provid); 341 later += fp->ftp_marked; 342 fpp = &fp->ftp_next; 343 } else { 344 *fpp = fp->ftp_next; 345 fasttrap_provider_free(fp); 346 } 347 } 348 mutex_exit(&bucket->ftb_mtx); 349 } 350 351 mutex_enter(&fasttrap_cleanup_mtx); 352 } 353 354 ASSERT(fasttrap_timeout != 0); 355 356 /* 357 * If we were unable to remove a retired provider, try again after 358 * a second. This situation can occur in certain circumstances where 359 * providers cannot be unregistered even though they have no probes 360 * enabled because of an execution of dtrace -l or something similar. 361 * If the timeout has been disabled (set to 1 because we're trying 362 * to detach), we set fasttrap_cleanup_work to ensure that we'll 363 * get a chance to do that work if and when the timeout is reenabled 364 * (if detach fails). 365 */ 366 if (later > 0 && fasttrap_timeout != (timeout_id_t)1) 367 fasttrap_timeout = timeout(&fasttrap_pid_cleanup_cb, NULL, hz); 368 else if (later > 0) 369 fasttrap_cleanup_work = 1; 370 else 371 fasttrap_timeout = 0; 372 373 mutex_exit(&fasttrap_cleanup_mtx); 374 in = 0; 375 } 376 377 /* 378 * Activates the asynchronous cleanup mechanism. 379 */ 380 static void 381 fasttrap_pid_cleanup(void) 382 { 383 mutex_enter(&fasttrap_cleanup_mtx); 384 fasttrap_cleanup_work = 1; 385 if (fasttrap_timeout == 0) 386 fasttrap_timeout = timeout(&fasttrap_pid_cleanup_cb, NULL, 1); 387 mutex_exit(&fasttrap_cleanup_mtx); 388 } 389 390 /* 391 * This is called from cfork() via dtrace_fasttrap_fork(). The child 392 * process's address space is (roughly) a copy of the parent process's so 393 * we have to remove all the instrumentation we had previously enabled in the 394 * parent. 395 */ 396 static void 397 fasttrap_fork(proc_t *p, proc_t *cp) 398 { 399 pid_t ppid = p->p_pid; 400 int i; 401 402 ASSERT(curproc == p); 403 ASSERT(p->p_proc_flag & P_PR_LOCK); 404 ASSERT(p->p_dtrace_count > 0); 405 ASSERT(cp->p_dtrace_count == 0); 406 407 /* 408 * This would be simpler and faster if we maintained per-process 409 * hash tables of enabled tracepoints. It could, however, potentially 410 * slow down execution of a tracepoint since we'd need to go 411 * through two levels of indirection. In the future, we should 412 * consider either maintaining per-process ancillary lists of 413 * enabled tracepoints or hanging a pointer to a per-process hash 414 * table of enabled tracepoints off the proc structure. 415 */ 416 417 /* 418 * We don't have to worry about the child process disappearing 419 * because we're in fork(). 420 */ 421 mutex_enter(&cp->p_lock); 422 sprlock_proc(cp); 423 mutex_exit(&cp->p_lock); 424 425 /* 426 * Iterate over every tracepoint looking for ones that belong to the 427 * parent process, and remove each from the child process. 428 */ 429 for (i = 0; i < fasttrap_tpoints.fth_nent; i++) { 430 fasttrap_tracepoint_t *tp; 431 fasttrap_bucket_t *bucket = &fasttrap_tpoints.fth_table[i]; 432 433 mutex_enter(&bucket->ftb_mtx); 434 for (tp = bucket->ftb_data; tp != NULL; tp = tp->ftt_next) { 435 if (tp->ftt_pid == ppid && 436 tp->ftt_proc->ftpc_acount != 0) { 437 int ret = fasttrap_tracepoint_remove(cp, tp); 438 ASSERT(ret == 0); 439 440 /* 441 * The count of active providers can only be 442 * decremented (i.e. to zero) during exec, 443 * exit, and removal of a meta provider so it 444 * should be impossible to drop the count 445 * mid-fork. 446 */ 447 ASSERT(tp->ftt_proc->ftpc_acount != 0); 448 } 449 } 450 mutex_exit(&bucket->ftb_mtx); 451 } 452 453 mutex_enter(&cp->p_lock); 454 sprunlock(cp); 455 } 456 457 /* 458 * This is called from proc_exit() or from exec_common() if p_dtrace_probes 459 * is set on the proc structure to indicate that there is a pid provider 460 * associated with this process. 461 */ 462 static void 463 fasttrap_exec_exit(proc_t *p) 464 { 465 ASSERT(p == curproc); 466 ASSERT(MUTEX_HELD(&p->p_lock)); 467 468 mutex_exit(&p->p_lock); 469 470 /* 471 * We clean up the pid provider for this process here; user-land 472 * static probes are handled by the meta-provider remove entry point. 473 */ 474 fasttrap_provider_retire(p->p_pid, FASTTRAP_PID_NAME, 0); 475 476 mutex_enter(&p->p_lock); 477 } 478 479 480 /*ARGSUSED*/ 481 static void 482 fasttrap_pid_provide(void *arg, const dtrace_probedesc_t *desc) 483 { 484 /* 485 * There are no "default" pid probes. 486 */ 487 } 488 489 static int 490 fasttrap_tracepoint_enable(proc_t *p, fasttrap_probe_t *probe, uint_t index) 491 { 492 fasttrap_tracepoint_t *tp, *new_tp = NULL; 493 fasttrap_bucket_t *bucket; 494 fasttrap_id_t *id; 495 pid_t pid; 496 uintptr_t pc; 497 498 ASSERT(index < probe->ftp_ntps); 499 500 pid = probe->ftp_pid; 501 pc = probe->ftp_tps[index].fit_tp->ftt_pc; 502 id = &probe->ftp_tps[index].fit_id; 503 504 ASSERT(probe->ftp_tps[index].fit_tp->ftt_pid == pid); 505 506 ASSERT(!(p->p_flag & SVFORK)); 507 508 /* 509 * Before we make any modifications, make sure we've imposed a barrier 510 * on the generation in which this probe was last modified. 511 */ 512 fasttrap_mod_barrier(probe->ftp_gen); 513 514 bucket = &fasttrap_tpoints.fth_table[FASTTRAP_TPOINTS_INDEX(pid, pc)]; 515 516 /* 517 * If the tracepoint has already been enabled, just add our id to the 518 * list of interested probes. This may be our second time through 519 * this path in which case we'll have constructed the tracepoint we'd 520 * like to install. If we can't find a match, and have an allocated 521 * tracepoint ready to go, enable that one now. 522 * 523 * A tracepoint whose process is defunct is also considered defunct. 524 */ 525 again: 526 mutex_enter(&bucket->ftb_mtx); 527 for (tp = bucket->ftb_data; tp != NULL; tp = tp->ftt_next) { 528 /* 529 * Note that it's safe to access the active count on the 530 * associated proc structure because we know that at least one 531 * provider (this one) will still be around throughout this 532 * operation. 533 */ 534 if (tp->ftt_pid != pid || tp->ftt_pc != pc || 535 tp->ftt_proc->ftpc_acount == 0) 536 continue; 537 538 /* 539 * Now that we've found a matching tracepoint, it would be 540 * a decent idea to confirm that the tracepoint is still 541 * enabled and the trap instruction hasn't been overwritten. 542 * Since this is a little hairy, we'll punt for now. 543 */ 544 545 /* 546 * This can't be the first interested probe. We don't have 547 * to worry about another thread being in the midst of 548 * deleting this tracepoint (which would be the only valid 549 * reason for a tracepoint to have no interested probes) 550 * since we're holding P_PR_LOCK for this process. 551 */ 552 ASSERT(tp->ftt_ids != NULL || tp->ftt_retids != NULL); 553 554 switch (id->fti_ptype) { 555 case DTFTP_ENTRY: 556 case DTFTP_OFFSETS: 557 case DTFTP_IS_ENABLED: 558 id->fti_next = tp->ftt_ids; 559 membar_producer(); 560 tp->ftt_ids = id; 561 membar_producer(); 562 break; 563 564 case DTFTP_RETURN: 565 case DTFTP_POST_OFFSETS: 566 id->fti_next = tp->ftt_retids; 567 membar_producer(); 568 tp->ftt_retids = id; 569 membar_producer(); 570 break; 571 572 default: 573 ASSERT(0); 574 } 575 576 mutex_exit(&bucket->ftb_mtx); 577 578 if (new_tp != NULL) { 579 new_tp->ftt_ids = NULL; 580 new_tp->ftt_retids = NULL; 581 } 582 583 return (0); 584 } 585 586 /* 587 * If we have a good tracepoint ready to go, install it now while 588 * we have the lock held and no one can screw with us. 589 */ 590 if (new_tp != NULL) { 591 int rc = 0; 592 593 new_tp->ftt_next = bucket->ftb_data; 594 membar_producer(); 595 bucket->ftb_data = new_tp; 596 membar_producer(); 597 mutex_exit(&bucket->ftb_mtx); 598 599 /* 600 * Activate the tracepoint in the ISA-specific manner. 601 * If this fails, we need to report the failure, but 602 * indicate that this tracepoint must still be disabled 603 * by calling fasttrap_tracepoint_disable(). 604 */ 605 if (fasttrap_tracepoint_install(p, new_tp) != 0) 606 rc = FASTTRAP_ENABLE_PARTIAL; 607 608 /* 609 * Increment the count of the number of tracepoints active in 610 * the victim process. 611 */ 612 ASSERT(p->p_proc_flag & P_PR_LOCK); 613 p->p_dtrace_count++; 614 615 return (rc); 616 } 617 618 mutex_exit(&bucket->ftb_mtx); 619 620 /* 621 * Initialize the tracepoint that's been preallocated with the probe. 622 */ 623 new_tp = probe->ftp_tps[index].fit_tp; 624 625 ASSERT(new_tp->ftt_pid == pid); 626 ASSERT(new_tp->ftt_pc == pc); 627 ASSERT(new_tp->ftt_proc == probe->ftp_prov->ftp_proc); 628 ASSERT(new_tp->ftt_ids == NULL); 629 ASSERT(new_tp->ftt_retids == NULL); 630 631 switch (id->fti_ptype) { 632 case DTFTP_ENTRY: 633 case DTFTP_OFFSETS: 634 case DTFTP_IS_ENABLED: 635 id->fti_next = NULL; 636 new_tp->ftt_ids = id; 637 break; 638 639 case DTFTP_RETURN: 640 case DTFTP_POST_OFFSETS: 641 id->fti_next = NULL; 642 new_tp->ftt_retids = id; 643 break; 644 645 default: 646 ASSERT(0); 647 } 648 649 /* 650 * If the ISA-dependent initialization goes to plan, go back to the 651 * beginning and try to install this freshly made tracepoint. 652 */ 653 if (fasttrap_tracepoint_init(p, new_tp, pc, id->fti_ptype) == 0) 654 goto again; 655 656 new_tp->ftt_ids = NULL; 657 new_tp->ftt_retids = NULL; 658 659 return (FASTTRAP_ENABLE_FAIL); 660 } 661 662 static void 663 fasttrap_tracepoint_disable(proc_t *p, fasttrap_probe_t *probe, uint_t index) 664 { 665 fasttrap_bucket_t *bucket; 666 fasttrap_provider_t *provider = probe->ftp_prov; 667 fasttrap_tracepoint_t **pp, *tp; 668 fasttrap_id_t *id, **idp; 669 pid_t pid; 670 uintptr_t pc; 671 672 ASSERT(index < probe->ftp_ntps); 673 674 pid = probe->ftp_pid; 675 pc = probe->ftp_tps[index].fit_tp->ftt_pc; 676 id = &probe->ftp_tps[index].fit_id; 677 678 ASSERT(probe->ftp_tps[index].fit_tp->ftt_pid == pid); 679 680 /* 681 * Find the tracepoint and make sure that our id is one of the 682 * ones registered with it. 683 */ 684 bucket = &fasttrap_tpoints.fth_table[FASTTRAP_TPOINTS_INDEX(pid, pc)]; 685 mutex_enter(&bucket->ftb_mtx); 686 for (tp = bucket->ftb_data; tp != NULL; tp = tp->ftt_next) { 687 if (tp->ftt_pid == pid && tp->ftt_pc == pc && 688 tp->ftt_proc == provider->ftp_proc) 689 break; 690 } 691 692 /* 693 * If we somehow lost this tracepoint, we're in a world of hurt. 694 */ 695 ASSERT(tp != NULL); 696 697 switch (id->fti_ptype) { 698 case DTFTP_ENTRY: 699 case DTFTP_OFFSETS: 700 case DTFTP_IS_ENABLED: 701 ASSERT(tp->ftt_ids != NULL); 702 idp = &tp->ftt_ids; 703 break; 704 705 case DTFTP_RETURN: 706 case DTFTP_POST_OFFSETS: 707 ASSERT(tp->ftt_retids != NULL); 708 idp = &tp->ftt_retids; 709 break; 710 711 default: 712 ASSERT(0); 713 } 714 715 while ((*idp)->fti_probe != probe) { 716 idp = &(*idp)->fti_next; 717 ASSERT(*idp != NULL); 718 } 719 720 id = *idp; 721 *idp = id->fti_next; 722 membar_producer(); 723 724 ASSERT(id->fti_probe == probe); 725 726 /* 727 * If there are other registered enablings of this tracepoint, we're 728 * all done, but if this was the last probe assocated with this 729 * this tracepoint, we need to remove and free it. 730 */ 731 if (tp->ftt_ids != NULL || tp->ftt_retids != NULL) { 732 733 /* 734 * If the current probe's tracepoint is in use, swap it 735 * for an unused tracepoint. 736 */ 737 if (tp == probe->ftp_tps[index].fit_tp) { 738 fasttrap_probe_t *tmp_probe; 739 fasttrap_tracepoint_t **tmp_tp; 740 uint_t tmp_index; 741 742 if (tp->ftt_ids != NULL) { 743 tmp_probe = tp->ftt_ids->fti_probe; 744 /* LINTED - alignment */ 745 tmp_index = FASTTRAP_ID_INDEX(tp->ftt_ids); 746 tmp_tp = &tmp_probe->ftp_tps[tmp_index].fit_tp; 747 } else { 748 tmp_probe = tp->ftt_retids->fti_probe; 749 /* LINTED - alignment */ 750 tmp_index = FASTTRAP_ID_INDEX(tp->ftt_retids); 751 tmp_tp = &tmp_probe->ftp_tps[tmp_index].fit_tp; 752 } 753 754 ASSERT(*tmp_tp != NULL); 755 ASSERT(*tmp_tp != probe->ftp_tps[index].fit_tp); 756 ASSERT((*tmp_tp)->ftt_ids == NULL); 757 ASSERT((*tmp_tp)->ftt_retids == NULL); 758 759 probe->ftp_tps[index].fit_tp = *tmp_tp; 760 *tmp_tp = tp; 761 } 762 763 mutex_exit(&bucket->ftb_mtx); 764 765 /* 766 * Tag the modified probe with the generation in which it was 767 * changed. 768 */ 769 probe->ftp_gen = fasttrap_mod_gen; 770 return; 771 } 772 773 mutex_exit(&bucket->ftb_mtx); 774 775 /* 776 * We can't safely remove the tracepoint from the set of active 777 * tracepoints until we've actually removed the fasttrap instruction 778 * from the process's text. We can, however, operate on this 779 * tracepoint secure in the knowledge that no other thread is going to 780 * be looking at it since we hold P_PR_LOCK on the process if it's 781 * live or we hold the provider lock on the process if it's dead and 782 * gone. 783 */ 784 785 /* 786 * We only need to remove the actual instruction if we're looking 787 * at an existing process 788 */ 789 if (p != NULL) { 790 /* 791 * If we fail to restore the instruction we need to kill 792 * this process since it's in a completely unrecoverable 793 * state. 794 */ 795 if (fasttrap_tracepoint_remove(p, tp) != 0) 796 fasttrap_sigtrap(p, NULL, pc); 797 798 /* 799 * Decrement the count of the number of tracepoints active 800 * in the victim process. 801 */ 802 ASSERT(p->p_proc_flag & P_PR_LOCK); 803 p->p_dtrace_count--; 804 } 805 806 /* 807 * Remove the probe from the hash table of active tracepoints. 808 */ 809 mutex_enter(&bucket->ftb_mtx); 810 pp = (fasttrap_tracepoint_t **)&bucket->ftb_data; 811 ASSERT(*pp != NULL); 812 while (*pp != tp) { 813 pp = &(*pp)->ftt_next; 814 ASSERT(*pp != NULL); 815 } 816 817 *pp = tp->ftt_next; 818 membar_producer(); 819 820 mutex_exit(&bucket->ftb_mtx); 821 822 /* 823 * Tag the modified probe with the generation in which it was changed. 824 */ 825 probe->ftp_gen = fasttrap_mod_gen; 826 } 827 828 static void 829 fasttrap_enable_callbacks(void) 830 { 831 /* 832 * We don't have to play the rw lock game here because we're 833 * providing something rather than taking something away -- 834 * we can be sure that no threads have tried to follow this 835 * function pointer yet. 836 */ 837 mutex_enter(&fasttrap_count_mtx); 838 if (fasttrap_pid_count == 0) { 839 ASSERT(dtrace_pid_probe_ptr == NULL); 840 ASSERT(dtrace_return_probe_ptr == NULL); 841 dtrace_pid_probe_ptr = &fasttrap_pid_probe; 842 dtrace_return_probe_ptr = &fasttrap_return_probe; 843 } 844 ASSERT(dtrace_pid_probe_ptr == &fasttrap_pid_probe); 845 ASSERT(dtrace_return_probe_ptr == &fasttrap_return_probe); 846 fasttrap_pid_count++; 847 mutex_exit(&fasttrap_count_mtx); 848 } 849 850 static void 851 fasttrap_disable_callbacks(void) 852 { 853 ASSERT(MUTEX_HELD(&cpu_lock)); 854 855 mutex_enter(&fasttrap_count_mtx); 856 ASSERT(fasttrap_pid_count > 0); 857 fasttrap_pid_count--; 858 if (fasttrap_pid_count == 0) { 859 cpu_t *cur, *cpu = CPU; 860 861 for (cur = cpu->cpu_next_onln; cur != cpu; 862 cur = cur->cpu_next_onln) { 863 rw_enter(&cur->cpu_ft_lock, RW_WRITER); 864 } 865 866 dtrace_pid_probe_ptr = NULL; 867 dtrace_return_probe_ptr = NULL; 868 869 for (cur = cpu->cpu_next_onln; cur != cpu; 870 cur = cur->cpu_next_onln) { 871 rw_exit(&cur->cpu_ft_lock); 872 } 873 } 874 mutex_exit(&fasttrap_count_mtx); 875 } 876 877 /*ARGSUSED*/ 878 static int 879 fasttrap_pid_enable(void *arg, dtrace_id_t id, void *parg) 880 { 881 fasttrap_probe_t *probe = parg; 882 proc_t *p; 883 int i, rc; 884 885 ASSERT(probe != NULL); 886 ASSERT(!probe->ftp_enabled); 887 ASSERT(id == probe->ftp_id); 888 ASSERT(MUTEX_HELD(&cpu_lock)); 889 890 /* 891 * Increment the count of enabled probes on this probe's provider; 892 * the provider can't go away while the probe still exists. We 893 * must increment this even if we aren't able to properly enable 894 * this probe. 895 */ 896 mutex_enter(&probe->ftp_prov->ftp_mtx); 897 probe->ftp_prov->ftp_rcount++; 898 mutex_exit(&probe->ftp_prov->ftp_mtx); 899 900 /* 901 * If this probe's provider is retired (meaning it was valid in a 902 * previously exec'ed incarnation of this address space), bail out. The 903 * provider can't go away while we're in this code path. 904 */ 905 if (probe->ftp_prov->ftp_retired) 906 return (0); 907 908 /* 909 * If we can't find the process, it may be that we're in the context of 910 * a fork in which the traced process is being born and we're copying 911 * USDT probes. Otherwise, the process is gone so bail. 912 */ 913 if ((p = sprlock(probe->ftp_pid)) == NULL) { 914 if ((curproc->p_flag & SFORKING) == 0) 915 return (0); 916 917 mutex_enter(&pidlock); 918 p = prfind(probe->ftp_pid); 919 920 /* 921 * Confirm that curproc is indeed forking the process in which 922 * we're trying to enable probes. 923 */ 924 ASSERT(p != NULL); 925 ASSERT(p->p_parent == curproc); 926 ASSERT(p->p_stat == SIDL); 927 928 mutex_enter(&p->p_lock); 929 mutex_exit(&pidlock); 930 931 sprlock_proc(p); 932 } 933 934 ASSERT(!(p->p_flag & SVFORK)); 935 mutex_exit(&p->p_lock); 936 937 /* 938 * We have to enable the trap entry point before any user threads have 939 * the chance to execute the trap instruction we're about to place 940 * in their process's text. 941 */ 942 fasttrap_enable_callbacks(); 943 944 /* 945 * Enable all the tracepoints and add this probe's id to each 946 * tracepoint's list of active probes. 947 */ 948 for (i = 0; i < probe->ftp_ntps; i++) { 949 if ((rc = fasttrap_tracepoint_enable(p, probe, i)) != 0) { 950 /* 951 * If enabling the tracepoint failed completely, 952 * we don't have to disable it; if the failure 953 * was only partial we must disable it. 954 */ 955 if (rc == FASTTRAP_ENABLE_FAIL) 956 i--; 957 else 958 ASSERT(rc == FASTTRAP_ENABLE_PARTIAL); 959 960 /* 961 * Back up and pull out all the tracepoints we've 962 * created so far for this probe. 963 */ 964 while (i >= 0) { 965 fasttrap_tracepoint_disable(p, probe, i); 966 i--; 967 } 968 969 mutex_enter(&p->p_lock); 970 sprunlock(p); 971 972 /* 973 * Since we're not actually enabling this probe, 974 * drop our reference on the trap table entry. 975 */ 976 fasttrap_disable_callbacks(); 977 return (0); 978 } 979 } 980 981 mutex_enter(&p->p_lock); 982 sprunlock(p); 983 984 probe->ftp_enabled = 1; 985 return (0); 986 } 987 988 /*ARGSUSED*/ 989 static void 990 fasttrap_pid_disable(void *arg, dtrace_id_t id, void *parg) 991 { 992 fasttrap_probe_t *probe = parg; 993 fasttrap_provider_t *provider = probe->ftp_prov; 994 proc_t *p; 995 int i, whack = 0; 996 997 ASSERT(id == probe->ftp_id); 998 999 /* 1000 * We won't be able to acquire a /proc-esque lock on the process 1001 * iff the process is dead and gone. In this case, we rely on the 1002 * provider lock as a point of mutual exclusion to prevent other 1003 * DTrace consumers from disabling this probe. 1004 */ 1005 if ((p = sprlock(probe->ftp_pid)) != NULL) { 1006 ASSERT(!(p->p_flag & SVFORK)); 1007 mutex_exit(&p->p_lock); 1008 } 1009 1010 mutex_enter(&provider->ftp_mtx); 1011 1012 /* 1013 * Disable all the associated tracepoints (for fully enabled probes). 1014 */ 1015 if (probe->ftp_enabled) { 1016 for (i = 0; i < probe->ftp_ntps; i++) { 1017 fasttrap_tracepoint_disable(p, probe, i); 1018 } 1019 } 1020 1021 ASSERT(provider->ftp_rcount > 0); 1022 provider->ftp_rcount--; 1023 1024 if (p != NULL) { 1025 /* 1026 * Even though we may not be able to remove it entirely, we 1027 * mark this retired provider to get a chance to remove some 1028 * of the associated probes. 1029 */ 1030 if (provider->ftp_retired && !provider->ftp_marked) 1031 whack = provider->ftp_marked = 1; 1032 mutex_exit(&provider->ftp_mtx); 1033 1034 mutex_enter(&p->p_lock); 1035 sprunlock(p); 1036 } else { 1037 /* 1038 * If the process is dead, we're just waiting for the 1039 * last probe to be disabled to be able to free it. 1040 */ 1041 if (provider->ftp_rcount == 0 && !provider->ftp_marked) 1042 whack = provider->ftp_marked = 1; 1043 mutex_exit(&provider->ftp_mtx); 1044 } 1045 1046 if (whack) 1047 fasttrap_pid_cleanup(); 1048 1049 if (!probe->ftp_enabled) 1050 return; 1051 1052 probe->ftp_enabled = 0; 1053 1054 ASSERT(MUTEX_HELD(&cpu_lock)); 1055 fasttrap_disable_callbacks(); 1056 } 1057 1058 /*ARGSUSED*/ 1059 static void 1060 fasttrap_pid_getargdesc(void *arg, dtrace_id_t id, void *parg, 1061 dtrace_argdesc_t *desc) 1062 { 1063 fasttrap_probe_t *probe = parg; 1064 char *str; 1065 int i, ndx; 1066 1067 desc->dtargd_native[0] = '\0'; 1068 desc->dtargd_xlate[0] = '\0'; 1069 1070 if (probe->ftp_prov->ftp_retired != 0 || 1071 desc->dtargd_ndx >= probe->ftp_nargs) { 1072 desc->dtargd_ndx = DTRACE_ARGNONE; 1073 return; 1074 } 1075 1076 ndx = (probe->ftp_argmap != NULL) ? 1077 probe->ftp_argmap[desc->dtargd_ndx] : desc->dtargd_ndx; 1078 1079 str = probe->ftp_ntypes; 1080 for (i = 0; i < ndx; i++) { 1081 str += strlen(str) + 1; 1082 } 1083 1084 ASSERT(strlen(str + 1) < sizeof (desc->dtargd_native)); 1085 (void) strcpy(desc->dtargd_native, str); 1086 1087 if (probe->ftp_xtypes == NULL) 1088 return; 1089 1090 str = probe->ftp_xtypes; 1091 for (i = 0; i < desc->dtargd_ndx; i++) { 1092 str += strlen(str) + 1; 1093 } 1094 1095 ASSERT(strlen(str + 1) < sizeof (desc->dtargd_xlate)); 1096 (void) strcpy(desc->dtargd_xlate, str); 1097 } 1098 1099 /*ARGSUSED*/ 1100 static void 1101 fasttrap_pid_destroy(void *arg, dtrace_id_t id, void *parg) 1102 { 1103 fasttrap_probe_t *probe = parg; 1104 int i; 1105 size_t size; 1106 1107 ASSERT(probe != NULL); 1108 ASSERT(!probe->ftp_enabled); 1109 ASSERT(fasttrap_total >= probe->ftp_ntps); 1110 1111 atomic_add_32(&fasttrap_total, -probe->ftp_ntps); 1112 size = offsetof(fasttrap_probe_t, ftp_tps[probe->ftp_ntps]); 1113 1114 if (probe->ftp_gen + 1 >= fasttrap_mod_gen) 1115 fasttrap_mod_barrier(probe->ftp_gen); 1116 1117 for (i = 0; i < probe->ftp_ntps; i++) { 1118 kmem_free(probe->ftp_tps[i].fit_tp, 1119 sizeof (fasttrap_tracepoint_t)); 1120 } 1121 1122 kmem_free(probe, size); 1123 } 1124 1125 1126 static const dtrace_pattr_t pid_attr = { 1127 { DTRACE_STABILITY_EVOLVING, DTRACE_STABILITY_EVOLVING, DTRACE_CLASS_ISA }, 1128 { DTRACE_STABILITY_PRIVATE, DTRACE_STABILITY_PRIVATE, DTRACE_CLASS_UNKNOWN }, 1129 { DTRACE_STABILITY_PRIVATE, DTRACE_STABILITY_PRIVATE, DTRACE_CLASS_UNKNOWN }, 1130 { DTRACE_STABILITY_EVOLVING, DTRACE_STABILITY_EVOLVING, DTRACE_CLASS_ISA }, 1131 { DTRACE_STABILITY_PRIVATE, DTRACE_STABILITY_PRIVATE, DTRACE_CLASS_UNKNOWN }, 1132 }; 1133 1134 static dtrace_pops_t pid_pops = { 1135 fasttrap_pid_provide, 1136 NULL, 1137 fasttrap_pid_enable, 1138 fasttrap_pid_disable, 1139 NULL, 1140 NULL, 1141 fasttrap_pid_getargdesc, 1142 fasttrap_pid_getarg, 1143 NULL, 1144 fasttrap_pid_destroy 1145 }; 1146 1147 static dtrace_pops_t usdt_pops = { 1148 fasttrap_pid_provide, 1149 NULL, 1150 fasttrap_pid_enable, 1151 fasttrap_pid_disable, 1152 NULL, 1153 NULL, 1154 fasttrap_pid_getargdesc, 1155 fasttrap_usdt_getarg, 1156 NULL, 1157 fasttrap_pid_destroy 1158 }; 1159 1160 static fasttrap_proc_t * 1161 fasttrap_proc_lookup(pid_t pid) 1162 { 1163 fasttrap_bucket_t *bucket; 1164 fasttrap_proc_t *fprc, *new_fprc; 1165 1166 bucket = &fasttrap_procs.fth_table[FASTTRAP_PROCS_INDEX(pid)]; 1167 mutex_enter(&bucket->ftb_mtx); 1168 1169 for (fprc = bucket->ftb_data; fprc != NULL; fprc = fprc->ftpc_next) { 1170 if (fprc->ftpc_pid == pid && fprc->ftpc_acount != 0) { 1171 mutex_enter(&fprc->ftpc_mtx); 1172 mutex_exit(&bucket->ftb_mtx); 1173 fprc->ftpc_rcount++; 1174 atomic_add_64(&fprc->ftpc_acount, 1); 1175 ASSERT(fprc->ftpc_acount <= fprc->ftpc_rcount); 1176 mutex_exit(&fprc->ftpc_mtx); 1177 1178 return (fprc); 1179 } 1180 } 1181 1182 /* 1183 * Drop the bucket lock so we don't try to perform a sleeping 1184 * allocation under it. 1185 */ 1186 mutex_exit(&bucket->ftb_mtx); 1187 1188 new_fprc = kmem_zalloc(sizeof (fasttrap_proc_t), KM_SLEEP); 1189 new_fprc->ftpc_pid = pid; 1190 new_fprc->ftpc_rcount = 1; 1191 new_fprc->ftpc_acount = 1; 1192 1193 mutex_enter(&bucket->ftb_mtx); 1194 1195 /* 1196 * Take another lap through the list to make sure a proc hasn't 1197 * been created for this pid while we weren't under the bucket lock. 1198 */ 1199 for (fprc = bucket->ftb_data; fprc != NULL; fprc = fprc->ftpc_next) { 1200 if (fprc->ftpc_pid == pid && fprc->ftpc_acount != 0) { 1201 mutex_enter(&fprc->ftpc_mtx); 1202 mutex_exit(&bucket->ftb_mtx); 1203 fprc->ftpc_rcount++; 1204 atomic_add_64(&fprc->ftpc_acount, 1); 1205 ASSERT(fprc->ftpc_acount <= fprc->ftpc_rcount); 1206 mutex_exit(&fprc->ftpc_mtx); 1207 1208 kmem_free(new_fprc, sizeof (fasttrap_proc_t)); 1209 1210 return (fprc); 1211 } 1212 } 1213 1214 new_fprc->ftpc_next = bucket->ftb_data; 1215 bucket->ftb_data = new_fprc; 1216 1217 mutex_exit(&bucket->ftb_mtx); 1218 1219 return (new_fprc); 1220 } 1221 1222 static void 1223 fasttrap_proc_release(fasttrap_proc_t *proc) 1224 { 1225 fasttrap_bucket_t *bucket; 1226 fasttrap_proc_t *fprc, **fprcp; 1227 pid_t pid = proc->ftpc_pid; 1228 1229 mutex_enter(&proc->ftpc_mtx); 1230 1231 ASSERT(proc->ftpc_rcount != 0); 1232 ASSERT(proc->ftpc_acount <= proc->ftpc_rcount); 1233 1234 if (--proc->ftpc_rcount != 0) { 1235 mutex_exit(&proc->ftpc_mtx); 1236 return; 1237 } 1238 1239 mutex_exit(&proc->ftpc_mtx); 1240 1241 /* 1242 * There should definitely be no live providers associated with this 1243 * process at this point. 1244 */ 1245 ASSERT(proc->ftpc_acount == 0); 1246 1247 bucket = &fasttrap_procs.fth_table[FASTTRAP_PROCS_INDEX(pid)]; 1248 mutex_enter(&bucket->ftb_mtx); 1249 1250 fprcp = (fasttrap_proc_t **)&bucket->ftb_data; 1251 while ((fprc = *fprcp) != NULL) { 1252 if (fprc == proc) 1253 break; 1254 1255 fprcp = &fprc->ftpc_next; 1256 } 1257 1258 /* 1259 * Something strange has happened if we can't find the proc. 1260 */ 1261 ASSERT(fprc != NULL); 1262 1263 *fprcp = fprc->ftpc_next; 1264 1265 mutex_exit(&bucket->ftb_mtx); 1266 1267 kmem_free(fprc, sizeof (fasttrap_proc_t)); 1268 } 1269 1270 /* 1271 * Lookup a fasttrap-managed provider based on its name and associated pid. 1272 * If the pattr argument is non-NULL, this function instantiates the provider 1273 * if it doesn't exist otherwise it returns NULL. The provider is returned 1274 * with its lock held. 1275 */ 1276 static fasttrap_provider_t * 1277 fasttrap_provider_lookup(pid_t pid, const char *name, 1278 const dtrace_pattr_t *pattr) 1279 { 1280 fasttrap_provider_t *fp, *new_fp = NULL; 1281 fasttrap_bucket_t *bucket; 1282 char provname[DTRACE_PROVNAMELEN]; 1283 proc_t *p; 1284 cred_t *cred; 1285 1286 ASSERT(strlen(name) < sizeof (fp->ftp_name)); 1287 ASSERT(pattr != NULL); 1288 1289 bucket = &fasttrap_provs.fth_table[FASTTRAP_PROVS_INDEX(pid, name)]; 1290 mutex_enter(&bucket->ftb_mtx); 1291 1292 /* 1293 * Take a lap through the list and return the match if we find it. 1294 */ 1295 for (fp = bucket->ftb_data; fp != NULL; fp = fp->ftp_next) { 1296 if (fp->ftp_pid == pid && strcmp(fp->ftp_name, name) == 0 && 1297 !fp->ftp_retired) { 1298 mutex_enter(&fp->ftp_mtx); 1299 mutex_exit(&bucket->ftb_mtx); 1300 return (fp); 1301 } 1302 } 1303 1304 /* 1305 * Drop the bucket lock so we don't try to perform a sleeping 1306 * allocation under it. 1307 */ 1308 mutex_exit(&bucket->ftb_mtx); 1309 1310 /* 1311 * Make sure the process exists, isn't a child created as the result 1312 * of a vfork(2), and isn't a zombie (but may be in fork). 1313 */ 1314 mutex_enter(&pidlock); 1315 if ((p = prfind(pid)) == NULL) { 1316 mutex_exit(&pidlock); 1317 return (NULL); 1318 } 1319 mutex_enter(&p->p_lock); 1320 mutex_exit(&pidlock); 1321 if (p->p_flag & (SVFORK | SEXITING)) { 1322 mutex_exit(&p->p_lock); 1323 return (NULL); 1324 } 1325 1326 /* 1327 * Increment p_dtrace_probes so that the process knows to inform us 1328 * when it exits or execs. fasttrap_provider_free() decrements this 1329 * when we're done with this provider. 1330 */ 1331 p->p_dtrace_probes++; 1332 1333 /* 1334 * Grab the credentials for this process so we have 1335 * something to pass to dtrace_register(). 1336 */ 1337 mutex_enter(&p->p_crlock); 1338 crhold(p->p_cred); 1339 cred = p->p_cred; 1340 mutex_exit(&p->p_crlock); 1341 mutex_exit(&p->p_lock); 1342 1343 new_fp = kmem_zalloc(sizeof (fasttrap_provider_t), KM_SLEEP); 1344 new_fp->ftp_pid = pid; 1345 new_fp->ftp_proc = fasttrap_proc_lookup(pid); 1346 1347 ASSERT(new_fp->ftp_proc != NULL); 1348 1349 mutex_enter(&bucket->ftb_mtx); 1350 1351 /* 1352 * Take another lap through the list to make sure a provider hasn't 1353 * been created for this pid while we weren't under the bucket lock. 1354 */ 1355 for (fp = bucket->ftb_data; fp != NULL; fp = fp->ftp_next) { 1356 if (fp->ftp_pid == pid && strcmp(fp->ftp_name, name) == 0 && 1357 !fp->ftp_retired) { 1358 mutex_enter(&fp->ftp_mtx); 1359 mutex_exit(&bucket->ftb_mtx); 1360 fasttrap_provider_free(new_fp); 1361 crfree(cred); 1362 return (fp); 1363 } 1364 } 1365 1366 (void) strcpy(new_fp->ftp_name, name); 1367 1368 /* 1369 * Fail and return NULL if either the provider name is too long 1370 * or we fail to register this new provider with the DTrace 1371 * framework. Note that this is the only place we ever construct 1372 * the full provider name -- we keep it in pieces in the provider 1373 * structure. 1374 */ 1375 if (snprintf(provname, sizeof (provname), "%s%u", name, (uint_t)pid) >= 1376 sizeof (provname) || 1377 dtrace_register(provname, pattr, 1378 DTRACE_PRIV_PROC | DTRACE_PRIV_OWNER | DTRACE_PRIV_ZONEOWNER, cred, 1379 pattr == &pid_attr ? &pid_pops : &usdt_pops, new_fp, 1380 &new_fp->ftp_provid) != 0) { 1381 mutex_exit(&bucket->ftb_mtx); 1382 fasttrap_provider_free(new_fp); 1383 crfree(cred); 1384 return (NULL); 1385 } 1386 1387 new_fp->ftp_next = bucket->ftb_data; 1388 bucket->ftb_data = new_fp; 1389 1390 mutex_enter(&new_fp->ftp_mtx); 1391 mutex_exit(&bucket->ftb_mtx); 1392 1393 crfree(cred); 1394 return (new_fp); 1395 } 1396 1397 static void 1398 fasttrap_provider_free(fasttrap_provider_t *provider) 1399 { 1400 pid_t pid = provider->ftp_pid; 1401 proc_t *p; 1402 1403 /* 1404 * There need to be no associated enabled probes, no consumers 1405 * creating probes, and no meta providers referencing this provider. 1406 */ 1407 ASSERT(provider->ftp_rcount == 0); 1408 ASSERT(provider->ftp_ccount == 0); 1409 ASSERT(provider->ftp_mcount == 0); 1410 1411 /* 1412 * If this provider hasn't been retired, we need to explicitly drop the 1413 * count of active providers on the associated process structure. 1414 */ 1415 if (!provider->ftp_retired) { 1416 atomic_add_64(&provider->ftp_proc->ftpc_acount, -1); 1417 ASSERT(provider->ftp_proc->ftpc_acount < 1418 provider->ftp_proc->ftpc_rcount); 1419 } 1420 1421 fasttrap_proc_release(provider->ftp_proc); 1422 1423 kmem_free(provider, sizeof (fasttrap_provider_t)); 1424 1425 /* 1426 * Decrement p_dtrace_probes on the process whose provider we're 1427 * freeing. We don't have to worry about clobbering somone else's 1428 * modifications to it because we have locked the bucket that 1429 * corresponds to this process's hash chain in the provider hash 1430 * table. Don't sweat it if we can't find the process. 1431 */ 1432 mutex_enter(&pidlock); 1433 if ((p = prfind(pid)) == NULL) { 1434 mutex_exit(&pidlock); 1435 return; 1436 } 1437 1438 mutex_enter(&p->p_lock); 1439 mutex_exit(&pidlock); 1440 1441 p->p_dtrace_probes--; 1442 mutex_exit(&p->p_lock); 1443 } 1444 1445 static void 1446 fasttrap_provider_retire(pid_t pid, const char *name, int mprov) 1447 { 1448 fasttrap_provider_t *fp; 1449 fasttrap_bucket_t *bucket; 1450 dtrace_provider_id_t provid; 1451 1452 ASSERT(strlen(name) < sizeof (fp->ftp_name)); 1453 1454 bucket = &fasttrap_provs.fth_table[FASTTRAP_PROVS_INDEX(pid, name)]; 1455 mutex_enter(&bucket->ftb_mtx); 1456 1457 for (fp = bucket->ftb_data; fp != NULL; fp = fp->ftp_next) { 1458 if (fp->ftp_pid == pid && strcmp(fp->ftp_name, name) == 0 && 1459 !fp->ftp_retired) 1460 break; 1461 } 1462 1463 if (fp == NULL) { 1464 mutex_exit(&bucket->ftb_mtx); 1465 return; 1466 } 1467 1468 mutex_enter(&fp->ftp_mtx); 1469 ASSERT(!mprov || fp->ftp_mcount > 0); 1470 if (mprov && --fp->ftp_mcount != 0) { 1471 mutex_exit(&fp->ftp_mtx); 1472 mutex_exit(&bucket->ftb_mtx); 1473 return; 1474 } 1475 1476 /* 1477 * Mark the provider to be removed in our post-processing step, mark it 1478 * retired, and drop the active count on its proc. Marking it indicates 1479 * that we should try to remove it; setting the retired flag indicates 1480 * that we're done with this provider; dropping the active the proc 1481 * releases our hold, and when this reaches zero (as it will during 1482 * exit or exec) the proc and associated providers become defunct. 1483 * 1484 * We obviously need to take the bucket lock before the provider lock 1485 * to perform the lookup, but we need to drop the provider lock 1486 * before calling into the DTrace framework since we acquire the 1487 * provider lock in callbacks invoked from the DTrace framework. The 1488 * bucket lock therefore protects the integrity of the provider hash 1489 * table. 1490 */ 1491 atomic_add_64(&fp->ftp_proc->ftpc_acount, -1); 1492 ASSERT(fp->ftp_proc->ftpc_acount < fp->ftp_proc->ftpc_rcount); 1493 1494 fp->ftp_retired = 1; 1495 fp->ftp_marked = 1; 1496 provid = fp->ftp_provid; 1497 mutex_exit(&fp->ftp_mtx); 1498 1499 /* 1500 * We don't have to worry about invalidating the same provider twice 1501 * since fasttrap_provider_lookup() will ignore provider that have 1502 * been marked as retired. 1503 */ 1504 dtrace_invalidate(provid); 1505 1506 mutex_exit(&bucket->ftb_mtx); 1507 1508 fasttrap_pid_cleanup(); 1509 } 1510 1511 static int 1512 fasttrap_uint32_cmp(const void *ap, const void *bp) 1513 { 1514 return (*(const uint32_t *)ap - *(const uint32_t *)bp); 1515 } 1516 1517 static int 1518 fasttrap_uint64_cmp(const void *ap, const void *bp) 1519 { 1520 return (*(const uint64_t *)ap - *(const uint64_t *)bp); 1521 } 1522 1523 static int 1524 fasttrap_add_probe(fasttrap_probe_spec_t *pdata) 1525 { 1526 fasttrap_provider_t *provider; 1527 fasttrap_probe_t *pp; 1528 fasttrap_tracepoint_t *tp; 1529 char *name; 1530 int i, aframes, whack; 1531 1532 /* 1533 * There needs to be at least one desired trace point. 1534 */ 1535 if (pdata->ftps_noffs == 0) 1536 return (EINVAL); 1537 1538 switch (pdata->ftps_type) { 1539 case DTFTP_ENTRY: 1540 name = "entry"; 1541 aframes = FASTTRAP_ENTRY_AFRAMES; 1542 break; 1543 case DTFTP_RETURN: 1544 name = "return"; 1545 aframes = FASTTRAP_RETURN_AFRAMES; 1546 break; 1547 case DTFTP_OFFSETS: 1548 name = NULL; 1549 break; 1550 default: 1551 return (EINVAL); 1552 } 1553 1554 if ((provider = fasttrap_provider_lookup(pdata->ftps_pid, 1555 FASTTRAP_PID_NAME, &pid_attr)) == NULL) 1556 return (ESRCH); 1557 1558 /* 1559 * Increment this reference count to indicate that a consumer is 1560 * actively adding a new probe associated with this provider. This 1561 * prevents the provider from being deleted -- we'll need to check 1562 * for pending deletions when we drop this reference count. 1563 */ 1564 provider->ftp_ccount++; 1565 mutex_exit(&provider->ftp_mtx); 1566 1567 /* 1568 * Grab the creation lock to ensure consistency between calls to 1569 * dtrace_probe_lookup() and dtrace_probe_create() in the face of 1570 * other threads creating probes. We must drop the provider lock 1571 * before taking this lock to avoid a three-way deadlock with the 1572 * DTrace framework. 1573 */ 1574 mutex_enter(&provider->ftp_cmtx); 1575 1576 if (name == NULL) { 1577 for (i = 0; i < pdata->ftps_noffs; i++) { 1578 char name_str[17]; 1579 1580 (void) sprintf(name_str, "%llx", 1581 (unsigned long long)pdata->ftps_offs[i]); 1582 1583 if (dtrace_probe_lookup(provider->ftp_provid, 1584 pdata->ftps_mod, pdata->ftps_func, name_str) != 0) 1585 continue; 1586 1587 atomic_add_32(&fasttrap_total, 1); 1588 1589 if (fasttrap_total > fasttrap_max) { 1590 atomic_add_32(&fasttrap_total, -1); 1591 goto no_mem; 1592 } 1593 1594 pp = kmem_zalloc(sizeof (fasttrap_probe_t), KM_SLEEP); 1595 1596 pp->ftp_prov = provider; 1597 pp->ftp_faddr = pdata->ftps_pc; 1598 pp->ftp_fsize = pdata->ftps_size; 1599 pp->ftp_pid = pdata->ftps_pid; 1600 pp->ftp_ntps = 1; 1601 1602 tp = kmem_zalloc(sizeof (fasttrap_tracepoint_t), 1603 KM_SLEEP); 1604 1605 tp->ftt_proc = provider->ftp_proc; 1606 tp->ftt_pc = pdata->ftps_offs[i] + pdata->ftps_pc; 1607 tp->ftt_pid = pdata->ftps_pid; 1608 1609 pp->ftp_tps[0].fit_tp = tp; 1610 pp->ftp_tps[0].fit_id.fti_probe = pp; 1611 pp->ftp_tps[0].fit_id.fti_ptype = pdata->ftps_type; 1612 1613 pp->ftp_id = dtrace_probe_create(provider->ftp_provid, 1614 pdata->ftps_mod, pdata->ftps_func, name_str, 1615 FASTTRAP_OFFSET_AFRAMES, pp); 1616 } 1617 1618 } else if (dtrace_probe_lookup(provider->ftp_provid, pdata->ftps_mod, 1619 pdata->ftps_func, name) == 0) { 1620 atomic_add_32(&fasttrap_total, pdata->ftps_noffs); 1621 1622 if (fasttrap_total > fasttrap_max) { 1623 atomic_add_32(&fasttrap_total, -pdata->ftps_noffs); 1624 goto no_mem; 1625 } 1626 1627 /* 1628 * Make sure all tracepoint program counter values are unique. 1629 * We later assume that each probe has exactly one tracepoint 1630 * for a given pc. 1631 */ 1632 qsort(pdata->ftps_offs, pdata->ftps_noffs, 1633 sizeof (uint64_t), fasttrap_uint64_cmp); 1634 for (i = 1; i < pdata->ftps_noffs; i++) { 1635 if (pdata->ftps_offs[i] > pdata->ftps_offs[i - 1]) 1636 continue; 1637 1638 atomic_add_32(&fasttrap_total, -pdata->ftps_noffs); 1639 goto no_mem; 1640 } 1641 1642 ASSERT(pdata->ftps_noffs > 0); 1643 pp = kmem_zalloc(offsetof(fasttrap_probe_t, 1644 ftp_tps[pdata->ftps_noffs]), KM_SLEEP); 1645 1646 pp->ftp_prov = provider; 1647 pp->ftp_faddr = pdata->ftps_pc; 1648 pp->ftp_fsize = pdata->ftps_size; 1649 pp->ftp_pid = pdata->ftps_pid; 1650 pp->ftp_ntps = pdata->ftps_noffs; 1651 1652 for (i = 0; i < pdata->ftps_noffs; i++) { 1653 tp = kmem_zalloc(sizeof (fasttrap_tracepoint_t), 1654 KM_SLEEP); 1655 1656 tp->ftt_proc = provider->ftp_proc; 1657 tp->ftt_pc = pdata->ftps_offs[i] + pdata->ftps_pc; 1658 tp->ftt_pid = pdata->ftps_pid; 1659 1660 pp->ftp_tps[i].fit_tp = tp; 1661 pp->ftp_tps[i].fit_id.fti_probe = pp; 1662 pp->ftp_tps[i].fit_id.fti_ptype = pdata->ftps_type; 1663 } 1664 1665 pp->ftp_id = dtrace_probe_create(provider->ftp_provid, 1666 pdata->ftps_mod, pdata->ftps_func, name, aframes, pp); 1667 } 1668 1669 mutex_exit(&provider->ftp_cmtx); 1670 1671 /* 1672 * We know that the provider is still valid since we incremented the 1673 * creation reference count. If someone tried to clean up this provider 1674 * while we were using it (e.g. because the process called exec(2) or 1675 * exit(2)), take note of that and try to clean it up now. 1676 */ 1677 mutex_enter(&provider->ftp_mtx); 1678 provider->ftp_ccount--; 1679 whack = provider->ftp_retired; 1680 mutex_exit(&provider->ftp_mtx); 1681 1682 if (whack) 1683 fasttrap_pid_cleanup(); 1684 1685 return (0); 1686 1687 no_mem: 1688 /* 1689 * If we've exhausted the allowable resources, we'll try to remove 1690 * this provider to free some up. This is to cover the case where 1691 * the user has accidentally created many more probes than was 1692 * intended (e.g. pid123:::). 1693 */ 1694 mutex_exit(&provider->ftp_cmtx); 1695 mutex_enter(&provider->ftp_mtx); 1696 provider->ftp_ccount--; 1697 provider->ftp_marked = 1; 1698 mutex_exit(&provider->ftp_mtx); 1699 1700 fasttrap_pid_cleanup(); 1701 1702 return (ENOMEM); 1703 } 1704 1705 /*ARGSUSED*/ 1706 static void * 1707 fasttrap_meta_provide(void *arg, dtrace_helper_provdesc_t *dhpv, pid_t pid) 1708 { 1709 fasttrap_provider_t *provider; 1710 1711 /* 1712 * A 32-bit unsigned integer (like a pid for example) can be 1713 * expressed in 10 or fewer decimal digits. Make sure that we'll 1714 * have enough space for the provider name. 1715 */ 1716 if (strlen(dhpv->dthpv_provname) + 10 >= 1717 sizeof (provider->ftp_name)) { 1718 cmn_err(CE_WARN, "failed to instantiate provider %s: " 1719 "name too long to accomodate pid", dhpv->dthpv_provname); 1720 return (NULL); 1721 } 1722 1723 /* 1724 * Don't let folks spoof the true pid provider. 1725 */ 1726 if (strcmp(dhpv->dthpv_provname, FASTTRAP_PID_NAME) == 0) { 1727 cmn_err(CE_WARN, "failed to instantiate provider %s: " 1728 "%s is an invalid name", dhpv->dthpv_provname, 1729 FASTTRAP_PID_NAME); 1730 return (NULL); 1731 } 1732 1733 /* 1734 * The highest stability class that fasttrap supports is ISA; cap 1735 * the stability of the new provider accordingly. 1736 */ 1737 if (dhpv->dthpv_pattr.dtpa_provider.dtat_class > DTRACE_CLASS_ISA) 1738 dhpv->dthpv_pattr.dtpa_provider.dtat_class = DTRACE_CLASS_ISA; 1739 if (dhpv->dthpv_pattr.dtpa_mod.dtat_class > DTRACE_CLASS_ISA) 1740 dhpv->dthpv_pattr.dtpa_mod.dtat_class = DTRACE_CLASS_ISA; 1741 if (dhpv->dthpv_pattr.dtpa_func.dtat_class > DTRACE_CLASS_ISA) 1742 dhpv->dthpv_pattr.dtpa_func.dtat_class = DTRACE_CLASS_ISA; 1743 if (dhpv->dthpv_pattr.dtpa_name.dtat_class > DTRACE_CLASS_ISA) 1744 dhpv->dthpv_pattr.dtpa_name.dtat_class = DTRACE_CLASS_ISA; 1745 if (dhpv->dthpv_pattr.dtpa_args.dtat_class > DTRACE_CLASS_ISA) 1746 dhpv->dthpv_pattr.dtpa_args.dtat_class = DTRACE_CLASS_ISA; 1747 1748 if ((provider = fasttrap_provider_lookup(pid, dhpv->dthpv_provname, 1749 &dhpv->dthpv_pattr)) == NULL) { 1750 cmn_err(CE_WARN, "failed to instantiate provider %s for " 1751 "process %u", dhpv->dthpv_provname, (uint_t)pid); 1752 return (NULL); 1753 } 1754 1755 /* 1756 * Up the meta provider count so this provider isn't removed until 1757 * the meta provider has been told to remove it. 1758 */ 1759 provider->ftp_mcount++; 1760 1761 mutex_exit(&provider->ftp_mtx); 1762 1763 return (provider); 1764 } 1765 1766 /*ARGSUSED*/ 1767 static void 1768 fasttrap_meta_create_probe(void *arg, void *parg, 1769 dtrace_helper_probedesc_t *dhpb) 1770 { 1771 fasttrap_provider_t *provider = parg; 1772 fasttrap_probe_t *pp; 1773 fasttrap_tracepoint_t *tp; 1774 int i, j; 1775 uint32_t ntps; 1776 1777 /* 1778 * Since the meta provider count is non-zero we don't have to worry 1779 * about this provider disappearing. 1780 */ 1781 ASSERT(provider->ftp_mcount > 0); 1782 1783 /* 1784 * The offsets must be unique. 1785 */ 1786 qsort(dhpb->dthpb_offs, dhpb->dthpb_noffs, sizeof (uint32_t), 1787 fasttrap_uint32_cmp); 1788 for (i = 1; i < dhpb->dthpb_noffs; i++) { 1789 if (dhpb->dthpb_base + dhpb->dthpb_offs[i] <= 1790 dhpb->dthpb_base + dhpb->dthpb_offs[i - 1]) 1791 return; 1792 } 1793 1794 qsort(dhpb->dthpb_enoffs, dhpb->dthpb_nenoffs, sizeof (uint32_t), 1795 fasttrap_uint32_cmp); 1796 for (i = 1; i < dhpb->dthpb_nenoffs; i++) { 1797 if (dhpb->dthpb_base + dhpb->dthpb_enoffs[i] <= 1798 dhpb->dthpb_base + dhpb->dthpb_enoffs[i - 1]) 1799 return; 1800 } 1801 1802 /* 1803 * Grab the creation lock to ensure consistency between calls to 1804 * dtrace_probe_lookup() and dtrace_probe_create() in the face of 1805 * other threads creating probes. 1806 */ 1807 mutex_enter(&provider->ftp_cmtx); 1808 1809 if (dtrace_probe_lookup(provider->ftp_provid, dhpb->dthpb_mod, 1810 dhpb->dthpb_func, dhpb->dthpb_name) != 0) { 1811 mutex_exit(&provider->ftp_cmtx); 1812 return; 1813 } 1814 1815 ntps = dhpb->dthpb_noffs + dhpb->dthpb_nenoffs; 1816 ASSERT(ntps > 0); 1817 1818 atomic_add_32(&fasttrap_total, ntps); 1819 1820 if (fasttrap_total > fasttrap_max) { 1821 atomic_add_32(&fasttrap_total, -ntps); 1822 mutex_exit(&provider->ftp_cmtx); 1823 return; 1824 } 1825 1826 pp = kmem_zalloc(offsetof(fasttrap_probe_t, ftp_tps[ntps]), KM_SLEEP); 1827 1828 pp->ftp_prov = provider; 1829 pp->ftp_pid = provider->ftp_pid; 1830 pp->ftp_ntps = ntps; 1831 pp->ftp_nargs = dhpb->dthpb_xargc; 1832 pp->ftp_xtypes = dhpb->dthpb_xtypes; 1833 pp->ftp_ntypes = dhpb->dthpb_ntypes; 1834 1835 /* 1836 * First create a tracepoint for each actual point of interest. 1837 */ 1838 for (i = 0; i < dhpb->dthpb_noffs; i++) { 1839 tp = kmem_zalloc(sizeof (fasttrap_tracepoint_t), KM_SLEEP); 1840 1841 tp->ftt_proc = provider->ftp_proc; 1842 tp->ftt_pc = dhpb->dthpb_base + dhpb->dthpb_offs[i]; 1843 tp->ftt_pid = provider->ftp_pid; 1844 1845 pp->ftp_tps[i].fit_tp = tp; 1846 pp->ftp_tps[i].fit_id.fti_probe = pp; 1847 #ifdef __sparc 1848 pp->ftp_tps[i].fit_id.fti_ptype = DTFTP_POST_OFFSETS; 1849 #else 1850 pp->ftp_tps[i].fit_id.fti_ptype = DTFTP_OFFSETS; 1851 #endif 1852 } 1853 1854 /* 1855 * Then create a tracepoint for each is-enabled point. 1856 */ 1857 for (j = 0; i < ntps; i++, j++) { 1858 tp = kmem_zalloc(sizeof (fasttrap_tracepoint_t), KM_SLEEP); 1859 1860 tp->ftt_proc = provider->ftp_proc; 1861 tp->ftt_pc = dhpb->dthpb_base + dhpb->dthpb_enoffs[j]; 1862 tp->ftt_pid = provider->ftp_pid; 1863 1864 pp->ftp_tps[i].fit_tp = tp; 1865 pp->ftp_tps[i].fit_id.fti_probe = pp; 1866 pp->ftp_tps[i].fit_id.fti_ptype = DTFTP_IS_ENABLED; 1867 } 1868 1869 /* 1870 * If the arguments are shuffled around we set the argument remapping 1871 * table. Later, when the probe fires, we only remap the arguments 1872 * if the table is non-NULL. 1873 */ 1874 for (i = 0; i < dhpb->dthpb_xargc; i++) { 1875 if (dhpb->dthpb_args[i] != i) { 1876 pp->ftp_argmap = dhpb->dthpb_args; 1877 break; 1878 } 1879 } 1880 1881 /* 1882 * The probe is fully constructed -- register it with DTrace. 1883 */ 1884 pp->ftp_id = dtrace_probe_create(provider->ftp_provid, dhpb->dthpb_mod, 1885 dhpb->dthpb_func, dhpb->dthpb_name, FASTTRAP_OFFSET_AFRAMES, pp); 1886 1887 mutex_exit(&provider->ftp_cmtx); 1888 } 1889 1890 /*ARGSUSED*/ 1891 static void 1892 fasttrap_meta_remove(void *arg, dtrace_helper_provdesc_t *dhpv, pid_t pid) 1893 { 1894 /* 1895 * Clean up the USDT provider. There may be active consumers of the 1896 * provider busy adding probes, no damage will actually befall the 1897 * provider until that count has dropped to zero. This just puts 1898 * the provider on death row. 1899 */ 1900 fasttrap_provider_retire(pid, dhpv->dthpv_provname, 1); 1901 } 1902 1903 static dtrace_mops_t fasttrap_mops = { 1904 fasttrap_meta_create_probe, 1905 fasttrap_meta_provide, 1906 fasttrap_meta_remove 1907 }; 1908 1909 /*ARGSUSED*/ 1910 static int 1911 fasttrap_open(dev_t *devp, int flag, int otyp, cred_t *cred_p) 1912 { 1913 return (0); 1914 } 1915 1916 /*ARGSUSED*/ 1917 static int 1918 fasttrap_ioctl(dev_t dev, int cmd, intptr_t arg, int md, cred_t *cr, int *rv) 1919 { 1920 if (!dtrace_attached()) 1921 return (EAGAIN); 1922 1923 if (cmd == FASTTRAPIOC_MAKEPROBE) { 1924 fasttrap_probe_spec_t *uprobe = (void *)arg; 1925 fasttrap_probe_spec_t *probe; 1926 uint64_t noffs; 1927 size_t size; 1928 int ret; 1929 char *c; 1930 1931 if (copyin(&uprobe->ftps_noffs, &noffs, 1932 sizeof (uprobe->ftps_noffs))) 1933 return (EFAULT); 1934 1935 /* 1936 * Probes must have at least one tracepoint. 1937 */ 1938 if (noffs == 0) 1939 return (EINVAL); 1940 1941 size = sizeof (fasttrap_probe_spec_t) + 1942 sizeof (probe->ftps_offs[0]) * (noffs - 1); 1943 1944 if (size > 1024 * 1024) 1945 return (ENOMEM); 1946 1947 probe = kmem_alloc(size, KM_SLEEP); 1948 1949 if (copyin(uprobe, probe, size) != 0 || 1950 probe->ftps_noffs != noffs) { 1951 kmem_free(probe, size); 1952 return (EFAULT); 1953 } 1954 1955 /* 1956 * Verify that the function and module strings contain no 1957 * funny characters. 1958 */ 1959 for (c = &probe->ftps_func[0]; *c != '\0'; c++) { 1960 if (*c < 0x20 || 0x7f <= *c) { 1961 ret = EINVAL; 1962 goto err; 1963 } 1964 } 1965 1966 for (c = &probe->ftps_mod[0]; *c != '\0'; c++) { 1967 if (*c < 0x20 || 0x7f <= *c) { 1968 ret = EINVAL; 1969 goto err; 1970 } 1971 } 1972 1973 if (!PRIV_POLICY_CHOICE(cr, PRIV_ALL, B_FALSE)) { 1974 proc_t *p; 1975 pid_t pid = probe->ftps_pid; 1976 1977 mutex_enter(&pidlock); 1978 /* 1979 * Report an error if the process doesn't exist 1980 * or is actively being birthed. 1981 */ 1982 if ((p = prfind(pid)) == NULL || p->p_stat == SIDL) { 1983 mutex_exit(&pidlock); 1984 return (ESRCH); 1985 } 1986 mutex_enter(&p->p_lock); 1987 mutex_exit(&pidlock); 1988 1989 if ((ret = priv_proc_cred_perm(cr, p, NULL, 1990 VREAD | VWRITE)) != 0) { 1991 mutex_exit(&p->p_lock); 1992 return (ret); 1993 } 1994 1995 mutex_exit(&p->p_lock); 1996 } 1997 1998 ret = fasttrap_add_probe(probe); 1999 err: 2000 kmem_free(probe, size); 2001 2002 return (ret); 2003 2004 } else if (cmd == FASTTRAPIOC_GETINSTR) { 2005 fasttrap_instr_query_t instr; 2006 fasttrap_tracepoint_t *tp; 2007 uint_t index; 2008 int ret; 2009 2010 if (copyin((void *)arg, &instr, sizeof (instr)) != 0) 2011 return (EFAULT); 2012 2013 if (!PRIV_POLICY_CHOICE(cr, PRIV_ALL, B_FALSE)) { 2014 proc_t *p; 2015 pid_t pid = instr.ftiq_pid; 2016 2017 mutex_enter(&pidlock); 2018 /* 2019 * Report an error if the process doesn't exist 2020 * or is actively being birthed. 2021 */ 2022 if ((p = prfind(pid)) == NULL || p->p_stat == SIDL) { 2023 mutex_exit(&pidlock); 2024 return (ESRCH); 2025 } 2026 mutex_enter(&p->p_lock); 2027 mutex_exit(&pidlock); 2028 2029 if ((ret = priv_proc_cred_perm(cr, p, NULL, 2030 VREAD)) != 0) { 2031 mutex_exit(&p->p_lock); 2032 return (ret); 2033 } 2034 2035 mutex_exit(&p->p_lock); 2036 } 2037 2038 index = FASTTRAP_TPOINTS_INDEX(instr.ftiq_pid, instr.ftiq_pc); 2039 2040 mutex_enter(&fasttrap_tpoints.fth_table[index].ftb_mtx); 2041 tp = fasttrap_tpoints.fth_table[index].ftb_data; 2042 while (tp != NULL) { 2043 if (instr.ftiq_pid == tp->ftt_pid && 2044 instr.ftiq_pc == tp->ftt_pc && 2045 tp->ftt_proc->ftpc_acount != 0) 2046 break; 2047 2048 tp = tp->ftt_next; 2049 } 2050 2051 if (tp == NULL) { 2052 mutex_exit(&fasttrap_tpoints.fth_table[index].ftb_mtx); 2053 return (ENOENT); 2054 } 2055 2056 bcopy(&tp->ftt_instr, &instr.ftiq_instr, 2057 sizeof (instr.ftiq_instr)); 2058 mutex_exit(&fasttrap_tpoints.fth_table[index].ftb_mtx); 2059 2060 if (copyout(&instr, (void *)arg, sizeof (instr)) != 0) 2061 return (EFAULT); 2062 2063 return (0); 2064 } 2065 2066 return (EINVAL); 2067 } 2068 2069 static struct cb_ops fasttrap_cb_ops = { 2070 fasttrap_open, /* open */ 2071 nodev, /* close */ 2072 nulldev, /* strategy */ 2073 nulldev, /* print */ 2074 nodev, /* dump */ 2075 nodev, /* read */ 2076 nodev, /* write */ 2077 fasttrap_ioctl, /* ioctl */ 2078 nodev, /* devmap */ 2079 nodev, /* mmap */ 2080 nodev, /* segmap */ 2081 nochpoll, /* poll */ 2082 ddi_prop_op, /* cb_prop_op */ 2083 0, /* streamtab */ 2084 D_NEW | D_MP /* Driver compatibility flag */ 2085 }; 2086 2087 /*ARGSUSED*/ 2088 static int 2089 fasttrap_info(dev_info_t *dip, ddi_info_cmd_t infocmd, void *arg, void **result) 2090 { 2091 int error; 2092 2093 switch (infocmd) { 2094 case DDI_INFO_DEVT2DEVINFO: 2095 *result = (void *)fasttrap_devi; 2096 error = DDI_SUCCESS; 2097 break; 2098 case DDI_INFO_DEVT2INSTANCE: 2099 *result = (void *)0; 2100 error = DDI_SUCCESS; 2101 break; 2102 default: 2103 error = DDI_FAILURE; 2104 } 2105 return (error); 2106 } 2107 2108 static int 2109 fasttrap_attach(dev_info_t *devi, ddi_attach_cmd_t cmd) 2110 { 2111 ulong_t nent; 2112 2113 switch (cmd) { 2114 case DDI_ATTACH: 2115 break; 2116 case DDI_RESUME: 2117 return (DDI_SUCCESS); 2118 default: 2119 return (DDI_FAILURE); 2120 } 2121 2122 if (ddi_create_minor_node(devi, "fasttrap", S_IFCHR, 0, 2123 DDI_PSEUDO, NULL) == DDI_FAILURE) { 2124 ddi_remove_minor_node(devi, NULL); 2125 return (DDI_FAILURE); 2126 } 2127 2128 ddi_report_dev(devi); 2129 fasttrap_devi = devi; 2130 2131 /* 2132 * Install our hooks into fork(2), exec(2), and exit(2). 2133 */ 2134 dtrace_fasttrap_fork_ptr = &fasttrap_fork; 2135 dtrace_fasttrap_exit_ptr = &fasttrap_exec_exit; 2136 dtrace_fasttrap_exec_ptr = &fasttrap_exec_exit; 2137 2138 fasttrap_max = ddi_getprop(DDI_DEV_T_ANY, devi, DDI_PROP_DONTPASS, 2139 "fasttrap-max-probes", FASTTRAP_MAX_DEFAULT); 2140 fasttrap_total = 0; 2141 2142 /* 2143 * Conjure up the tracepoints hashtable... 2144 */ 2145 nent = ddi_getprop(DDI_DEV_T_ANY, devi, DDI_PROP_DONTPASS, 2146 "fasttrap-hash-size", FASTTRAP_TPOINTS_DEFAULT_SIZE); 2147 2148 if (nent == 0 || nent > 0x1000000) 2149 nent = FASTTRAP_TPOINTS_DEFAULT_SIZE; 2150 2151 if ((nent & (nent - 1)) == 0) 2152 fasttrap_tpoints.fth_nent = nent; 2153 else 2154 fasttrap_tpoints.fth_nent = 1 << fasttrap_highbit(nent); 2155 ASSERT(fasttrap_tpoints.fth_nent > 0); 2156 fasttrap_tpoints.fth_mask = fasttrap_tpoints.fth_nent - 1; 2157 fasttrap_tpoints.fth_table = kmem_zalloc(fasttrap_tpoints.fth_nent * 2158 sizeof (fasttrap_bucket_t), KM_SLEEP); 2159 2160 /* 2161 * ... and the providers hash table... 2162 */ 2163 nent = FASTTRAP_PROVIDERS_DEFAULT_SIZE; 2164 if ((nent & (nent - 1)) == 0) 2165 fasttrap_provs.fth_nent = nent; 2166 else 2167 fasttrap_provs.fth_nent = 1 << fasttrap_highbit(nent); 2168 ASSERT(fasttrap_provs.fth_nent > 0); 2169 fasttrap_provs.fth_mask = fasttrap_provs.fth_nent - 1; 2170 fasttrap_provs.fth_table = kmem_zalloc(fasttrap_provs.fth_nent * 2171 sizeof (fasttrap_bucket_t), KM_SLEEP); 2172 2173 /* 2174 * ... and the procs hash table. 2175 */ 2176 nent = FASTTRAP_PROCS_DEFAULT_SIZE; 2177 if ((nent & (nent - 1)) == 0) 2178 fasttrap_procs.fth_nent = nent; 2179 else 2180 fasttrap_procs.fth_nent = 1 << fasttrap_highbit(nent); 2181 ASSERT(fasttrap_procs.fth_nent > 0); 2182 fasttrap_procs.fth_mask = fasttrap_procs.fth_nent - 1; 2183 fasttrap_procs.fth_table = kmem_zalloc(fasttrap_procs.fth_nent * 2184 sizeof (fasttrap_bucket_t), KM_SLEEP); 2185 2186 (void) dtrace_meta_register("fasttrap", &fasttrap_mops, NULL, 2187 &fasttrap_meta_id); 2188 2189 return (DDI_SUCCESS); 2190 } 2191 2192 static int 2193 fasttrap_detach(dev_info_t *devi, ddi_detach_cmd_t cmd) 2194 { 2195 int i, fail = 0; 2196 timeout_id_t tmp; 2197 2198 switch (cmd) { 2199 case DDI_DETACH: 2200 break; 2201 case DDI_SUSPEND: 2202 return (DDI_SUCCESS); 2203 default: 2204 return (DDI_FAILURE); 2205 } 2206 2207 /* 2208 * Unregister the meta-provider to make sure no new fasttrap- 2209 * managed providers come along while we're trying to close up 2210 * shop. If we fail to detach, we'll need to re-register as a 2211 * meta-provider. We can fail to unregister as a meta-provider 2212 * if providers we manage still exist. 2213 */ 2214 if (fasttrap_meta_id != DTRACE_METAPROVNONE && 2215 dtrace_meta_unregister(fasttrap_meta_id) != 0) 2216 return (DDI_FAILURE); 2217 2218 /* 2219 * Prevent any new timeouts from running by setting fasttrap_timeout 2220 * to a non-zero value, and wait for the current timeout to complete. 2221 */ 2222 mutex_enter(&fasttrap_cleanup_mtx); 2223 fasttrap_cleanup_work = 0; 2224 2225 while (fasttrap_timeout != (timeout_id_t)1) { 2226 tmp = fasttrap_timeout; 2227 fasttrap_timeout = (timeout_id_t)1; 2228 2229 if (tmp != 0) { 2230 mutex_exit(&fasttrap_cleanup_mtx); 2231 (void) untimeout(tmp); 2232 mutex_enter(&fasttrap_cleanup_mtx); 2233 } 2234 } 2235 2236 fasttrap_cleanup_work = 0; 2237 mutex_exit(&fasttrap_cleanup_mtx); 2238 2239 /* 2240 * Iterate over all of our providers. If there's still a process 2241 * that corresponds to that pid, fail to detach. 2242 */ 2243 for (i = 0; i < fasttrap_provs.fth_nent; i++) { 2244 fasttrap_provider_t **fpp, *fp; 2245 fasttrap_bucket_t *bucket = &fasttrap_provs.fth_table[i]; 2246 2247 mutex_enter(&bucket->ftb_mtx); 2248 fpp = (fasttrap_provider_t **)&bucket->ftb_data; 2249 while ((fp = *fpp) != NULL) { 2250 /* 2251 * Acquire and release the lock as a simple way of 2252 * waiting for any other consumer to finish with 2253 * this provider. A thread must first acquire the 2254 * bucket lock so there's no chance of another thread 2255 * blocking on the provider's lock. 2256 */ 2257 mutex_enter(&fp->ftp_mtx); 2258 mutex_exit(&fp->ftp_mtx); 2259 2260 if (dtrace_unregister(fp->ftp_provid) != 0) { 2261 fail = 1; 2262 fpp = &fp->ftp_next; 2263 } else { 2264 *fpp = fp->ftp_next; 2265 fasttrap_provider_free(fp); 2266 } 2267 } 2268 2269 mutex_exit(&bucket->ftb_mtx); 2270 } 2271 2272 if (fail) { 2273 uint_t work; 2274 /* 2275 * If we're failing to detach, we need to unblock timeouts 2276 * and start a new timeout if any work has accumulated while 2277 * we've been unsuccessfully trying to detach. 2278 */ 2279 mutex_enter(&fasttrap_cleanup_mtx); 2280 fasttrap_timeout = 0; 2281 work = fasttrap_cleanup_work; 2282 mutex_exit(&fasttrap_cleanup_mtx); 2283 2284 if (work) 2285 fasttrap_pid_cleanup(); 2286 2287 (void) dtrace_meta_register("fasttrap", &fasttrap_mops, NULL, 2288 &fasttrap_meta_id); 2289 2290 return (DDI_FAILURE); 2291 } 2292 2293 #ifdef DEBUG 2294 mutex_enter(&fasttrap_count_mtx); 2295 ASSERT(fasttrap_pid_count == 0); 2296 mutex_exit(&fasttrap_count_mtx); 2297 #endif 2298 2299 kmem_free(fasttrap_tpoints.fth_table, 2300 fasttrap_tpoints.fth_nent * sizeof (fasttrap_bucket_t)); 2301 fasttrap_tpoints.fth_nent = 0; 2302 2303 kmem_free(fasttrap_provs.fth_table, 2304 fasttrap_provs.fth_nent * sizeof (fasttrap_bucket_t)); 2305 fasttrap_provs.fth_nent = 0; 2306 2307 kmem_free(fasttrap_procs.fth_table, 2308 fasttrap_procs.fth_nent * sizeof (fasttrap_bucket_t)); 2309 fasttrap_procs.fth_nent = 0; 2310 2311 /* 2312 * We know there are no tracepoints in any process anywhere in 2313 * the system so there is no process which has its p_dtrace_count 2314 * greater than zero, therefore we know that no thread can actively 2315 * be executing code in fasttrap_fork(). Similarly for p_dtrace_probes 2316 * and fasttrap_exec() and fasttrap_exit(). 2317 */ 2318 ASSERT(dtrace_fasttrap_fork_ptr == &fasttrap_fork); 2319 dtrace_fasttrap_fork_ptr = NULL; 2320 2321 ASSERT(dtrace_fasttrap_exec_ptr == &fasttrap_exec_exit); 2322 dtrace_fasttrap_exec_ptr = NULL; 2323 2324 ASSERT(dtrace_fasttrap_exit_ptr == &fasttrap_exec_exit); 2325 dtrace_fasttrap_exit_ptr = NULL; 2326 2327 ddi_remove_minor_node(devi, NULL); 2328 2329 return (DDI_SUCCESS); 2330 } 2331 2332 static struct dev_ops fasttrap_ops = { 2333 DEVO_REV, /* devo_rev */ 2334 0, /* refcnt */ 2335 fasttrap_info, /* get_dev_info */ 2336 nulldev, /* identify */ 2337 nulldev, /* probe */ 2338 fasttrap_attach, /* attach */ 2339 fasttrap_detach, /* detach */ 2340 nodev, /* reset */ 2341 &fasttrap_cb_ops, /* driver operations */ 2342 NULL, /* bus operations */ 2343 nodev, /* dev power */ 2344 ddi_quiesce_not_needed, /* quiesce */ 2345 }; 2346 2347 /* 2348 * Module linkage information for the kernel. 2349 */ 2350 static struct modldrv modldrv = { 2351 &mod_driverops, /* module type (this is a pseudo driver) */ 2352 "Fasttrap Tracing", /* name of module */ 2353 &fasttrap_ops, /* driver ops */ 2354 }; 2355 2356 static struct modlinkage modlinkage = { 2357 MODREV_1, 2358 (void *)&modldrv, 2359 NULL 2360 }; 2361 2362 int 2363 _init(void) 2364 { 2365 return (mod_install(&modlinkage)); 2366 } 2367 2368 int 2369 _info(struct modinfo *modinfop) 2370 { 2371 return (mod_info(&modlinkage, modinfop)); 2372 } 2373 2374 int 2375 _fini(void) 2376 { 2377 return (mod_remove(&modlinkage)); 2378 } 2379
Indexes created Thu Nov 26 20:23:21 UTC 2009
Terms of Use |
Privacy |
Trademarks |
Copyright Policy |
Site Guidelines |
Help
Your use of this web site or any of its content or software indicates your agreement to be bound by these Terms of Use.
Copyright © 1995-2008 Sun Microsystems, Inc.