dtrace.c revision 262038
1/* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 * 21 * $FreeBSD: stable/9/sys/cddl/contrib/opensolaris/uts/common/dtrace/dtrace.c 262038 2014-02-17 12:42:57Z avg $ 22 */ 23 24/* 25 * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 26 * Copyright (c) 2012 by Delphix. All rights reserved 27 * Use is subject to license terms. 28 */ 29 30#pragma ident "%Z%%M% %I% %E% SMI" 31 32/* 33 * DTrace - Dynamic Tracing for Solaris 34 * 35 * This is the implementation of the Solaris Dynamic Tracing framework 36 * (DTrace). The user-visible interface to DTrace is described at length in 37 * the "Solaris Dynamic Tracing Guide". The interfaces between the libdtrace 38 * library, the in-kernel DTrace framework, and the DTrace providers are 39 * described in the block comments in the <sys/dtrace.h> header file. The 40 * internal architecture of DTrace is described in the block comments in the 41 * <sys/dtrace_impl.h> header file. The comments contained within the DTrace 42 * implementation very much assume mastery of all of these sources; if one has 43 * an unanswered question about the implementation, one should consult them 44 * first. 45 * 46 * The functions here are ordered roughly as follows: 47 * 48 * - Probe context functions 49 * - Probe hashing functions 50 * - Non-probe context utility functions 51 * - Matching functions 52 * - Provider-to-Framework API functions 53 * - Probe management functions 54 * - DIF object functions 55 * - Format functions 56 * - Predicate functions 57 * - ECB functions 58 * - Buffer functions 59 * - Enabling functions 60 * - DOF functions 61 * - Anonymous enabling functions 62 * - Consumer state functions 63 * - Helper functions 64 * - Hook functions 65 * - Driver cookbook functions 66 * 67 * Each group of functions begins with a block comment labelled the "DTrace 68 * [Group] Functions", allowing one to find each block by searching forward 69 * on capital-f functions. 70 */ 71#include <sys/errno.h> 72#if !defined(sun) 73#include <sys/time.h> 74#endif 75#include <sys/stat.h> 76#include <sys/modctl.h> 77#include <sys/conf.h> 78#include <sys/systm.h> 79#if defined(sun) 80#include <sys/ddi.h> 81#include <sys/sunddi.h> 82#endif 83#include <sys/cpuvar.h> 84#include <sys/kmem.h> 85#if defined(sun) 86#include <sys/strsubr.h> 87#endif 88#include <sys/sysmacros.h> 89#include <sys/dtrace_impl.h> 90#include <sys/atomic.h> 91#include <sys/cmn_err.h> 92#if defined(sun) 93#include <sys/mutex_impl.h> 94#include <sys/rwlock_impl.h> 95#endif 96#include <sys/ctf_api.h> 97#if defined(sun) 98#include <sys/panic.h> 99#include <sys/priv_impl.h> 100#endif 101#include <sys/policy.h> 102#if defined(sun) 103#include <sys/cred_impl.h> 104#include <sys/procfs_isa.h> 105#endif 106#include <sys/taskq.h> 107#if defined(sun) 108#include <sys/mkdev.h> 109#include <sys/kdi.h> 110#endif 111#include <sys/zone.h> 112#include <sys/socket.h> 113#include <netinet/in.h> 114 115/* FreeBSD includes: */ 116#if !defined(sun) 117#include <sys/callout.h> 118#include <sys/ctype.h> 119#include <sys/eventhandler.h> 120#include <sys/limits.h> 121#include <sys/kdb.h> 122#include <sys/kernel.h> 123#include <sys/malloc.h> 124#include <sys/sysctl.h> 125#include <sys/lock.h> 126#include <sys/mutex.h> 127#include <sys/rwlock.h> 128#include <sys/sx.h> 129#include <sys/dtrace_bsd.h> 130#include <netinet/in.h> 131#include "dtrace_cddl.h" 132#include "dtrace_debug.c" 133#endif 134 135/* 136 * DTrace Tunable Variables 137 * 138 * The following variables may be tuned by adding a line to /etc/system that 139 * includes both the name of the DTrace module ("dtrace") and the name of the 140 * variable. For example: 141 * 142 * set dtrace:dtrace_destructive_disallow = 1 143 * 144 * In general, the only variables that one should be tuning this way are those 145 * that affect system-wide DTrace behavior, and for which the default behavior 146 * is undesirable. Most of these variables are tunable on a per-consumer 147 * basis using DTrace options, and need not be tuned on a system-wide basis. 148 * When tuning these variables, avoid pathological values; while some attempt 149 * is made to verify the integrity of these variables, they are not considered 150 * part of the supported interface to DTrace, and they are therefore not 151 * checked comprehensively. Further, these variables should not be tuned 152 * dynamically via "mdb -kw" or other means; they should only be tuned via 153 * /etc/system. 154 */ 155int dtrace_destructive_disallow = 0; 156dtrace_optval_t dtrace_nonroot_maxsize = (16 * 1024 * 1024); 157size_t dtrace_difo_maxsize = (256 * 1024); 158dtrace_optval_t dtrace_dof_maxsize = (256 * 1024); 159size_t dtrace_global_maxsize = (16 * 1024); 160size_t dtrace_actions_max = (16 * 1024); 161size_t dtrace_retain_max = 1024; 162dtrace_optval_t dtrace_helper_actions_max = 128; 163dtrace_optval_t dtrace_helper_providers_max = 32; 164dtrace_optval_t dtrace_dstate_defsize = (1 * 1024 * 1024); 165size_t dtrace_strsize_default = 256; 166dtrace_optval_t dtrace_cleanrate_default = 9900990; /* 101 hz */ 167dtrace_optval_t dtrace_cleanrate_min = 200000; /* 5000 hz */ 168dtrace_optval_t dtrace_cleanrate_max = (uint64_t)60 * NANOSEC; /* 1/minute */ 169dtrace_optval_t dtrace_aggrate_default = NANOSEC; /* 1 hz */ 170dtrace_optval_t dtrace_statusrate_default = NANOSEC; /* 1 hz */ 171dtrace_optval_t dtrace_statusrate_max = (hrtime_t)10 * NANOSEC; /* 6/minute */ 172dtrace_optval_t dtrace_switchrate_default = NANOSEC; /* 1 hz */ 173dtrace_optval_t dtrace_nspec_default = 1; 174dtrace_optval_t dtrace_specsize_default = 32 * 1024; 175dtrace_optval_t dtrace_stackframes_default = 20; 176dtrace_optval_t dtrace_ustackframes_default = 20; 177dtrace_optval_t dtrace_jstackframes_default = 50; 178dtrace_optval_t dtrace_jstackstrsize_default = 512; 179int dtrace_msgdsize_max = 128; 180hrtime_t dtrace_chill_max = 500 * (NANOSEC / MILLISEC); /* 500 ms */ 181hrtime_t dtrace_chill_interval = NANOSEC; /* 1000 ms */ 182int dtrace_devdepth_max = 32; 183int dtrace_err_verbose; 184hrtime_t dtrace_deadman_interval = NANOSEC; 185hrtime_t dtrace_deadman_timeout = (hrtime_t)10 * NANOSEC; 186hrtime_t dtrace_deadman_user = (hrtime_t)30 * NANOSEC; 187hrtime_t dtrace_unregister_defunct_reap = (hrtime_t)60 * NANOSEC; 188 189/* 190 * DTrace External Variables 191 * 192 * As dtrace(7D) is a kernel module, any DTrace variables are obviously 193 * available to DTrace consumers via the backtick (`) syntax. One of these, 194 * dtrace_zero, is made deliberately so: it is provided as a source of 195 * well-known, zero-filled memory. While this variable is not documented, 196 * it is used by some translators as an implementation detail. 197 */ 198const char dtrace_zero[256] = { 0 }; /* zero-filled memory */ 199 200/* 201 * DTrace Internal Variables 202 */ 203#if defined(sun) 204static dev_info_t *dtrace_devi; /* device info */ 205#endif 206#if defined(sun) 207static vmem_t *dtrace_arena; /* probe ID arena */ 208static vmem_t *dtrace_minor; /* minor number arena */ 209#else 210static taskq_t *dtrace_taskq; /* task queue */ 211static struct unrhdr *dtrace_arena; /* Probe ID number. */ 212#endif 213static dtrace_probe_t **dtrace_probes; /* array of all probes */ 214static int dtrace_nprobes; /* number of probes */ 215static dtrace_provider_t *dtrace_provider; /* provider list */ 216static dtrace_meta_t *dtrace_meta_pid; /* user-land meta provider */ 217static int dtrace_opens; /* number of opens */ 218static int dtrace_helpers; /* number of helpers */ 219#if defined(sun) 220static void *dtrace_softstate; /* softstate pointer */ 221#endif 222static dtrace_hash_t *dtrace_bymod; /* probes hashed by module */ 223static dtrace_hash_t *dtrace_byfunc; /* probes hashed by function */ 224static dtrace_hash_t *dtrace_byname; /* probes hashed by name */ 225static dtrace_toxrange_t *dtrace_toxrange; /* toxic range array */ 226static int dtrace_toxranges; /* number of toxic ranges */ 227static int dtrace_toxranges_max; /* size of toxic range array */ 228static dtrace_anon_t dtrace_anon; /* anonymous enabling */ 229static kmem_cache_t *dtrace_state_cache; /* cache for dynamic state */ 230static uint64_t dtrace_vtime_references; /* number of vtimestamp refs */ 231static kthread_t *dtrace_panicked; /* panicking thread */ 232static dtrace_ecb_t *dtrace_ecb_create_cache; /* cached created ECB */ 233static dtrace_genid_t dtrace_probegen; /* current probe generation */ 234static dtrace_helpers_t *dtrace_deferred_pid; /* deferred helper list */ 235static dtrace_enabling_t *dtrace_retained; /* list of retained enablings */ 236static dtrace_dynvar_t dtrace_dynhash_sink; /* end of dynamic hash chains */ 237#if !defined(sun) 238static struct mtx dtrace_unr_mtx; 239MTX_SYSINIT(dtrace_unr_mtx, &dtrace_unr_mtx, "Unique resource identifier", MTX_DEF); 240int dtrace_in_probe; /* non-zero if executing a probe */ 241#if defined(__i386__) || defined(__amd64__) 242uintptr_t dtrace_in_probe_addr; /* Address of invop when already in probe */ 243#endif 244static eventhandler_tag dtrace_kld_load_tag; 245static eventhandler_tag dtrace_kld_unload_try_tag; 246#endif 247 248/* 249 * DTrace Locking 250 * DTrace is protected by three (relatively coarse-grained) locks: 251 * 252 * (1) dtrace_lock is required to manipulate essentially any DTrace state, 253 * including enabling state, probes, ECBs, consumer state, helper state, 254 * etc. Importantly, dtrace_lock is _not_ required when in probe context; 255 * probe context is lock-free -- synchronization is handled via the 256 * dtrace_sync() cross call mechanism. 257 * 258 * (2) dtrace_provider_lock is required when manipulating provider state, or 259 * when provider state must be held constant. 260 * 261 * (3) dtrace_meta_lock is required when manipulating meta provider state, or 262 * when meta provider state must be held constant. 263 * 264 * The lock ordering between these three locks is dtrace_meta_lock before 265 * dtrace_provider_lock before dtrace_lock. (In particular, there are 266 * several places where dtrace_provider_lock is held by the framework as it 267 * calls into the providers -- which then call back into the framework, 268 * grabbing dtrace_lock.) 269 * 270 * There are two other locks in the mix: mod_lock and cpu_lock. With respect 271 * to dtrace_provider_lock and dtrace_lock, cpu_lock continues its historical 272 * role as a coarse-grained lock; it is acquired before both of these locks. 273 * With respect to dtrace_meta_lock, its behavior is stranger: cpu_lock must 274 * be acquired _between_ dtrace_meta_lock and any other DTrace locks. 275 * mod_lock is similar with respect to dtrace_provider_lock in that it must be 276 * acquired _between_ dtrace_provider_lock and dtrace_lock. 277 */ 278static kmutex_t dtrace_lock; /* probe state lock */ 279static kmutex_t dtrace_provider_lock; /* provider state lock */ 280static kmutex_t dtrace_meta_lock; /* meta-provider state lock */ 281 282#if !defined(sun) 283/* XXX FreeBSD hacks. */ 284static kmutex_t mod_lock; 285 286#define cr_suid cr_svuid 287#define cr_sgid cr_svgid 288#define ipaddr_t in_addr_t 289#define mod_modname pathname 290#define vuprintf vprintf 291#define ttoproc(_a) ((_a)->td_proc) 292#define crgetzoneid(_a) 0 293#define NCPU MAXCPU 294#define SNOCD 0 295#define CPU_ON_INTR(_a) 0 296 297#define PRIV_EFFECTIVE (1 << 0) 298#define PRIV_DTRACE_KERNEL (1 << 1) 299#define PRIV_DTRACE_PROC (1 << 2) 300#define PRIV_DTRACE_USER (1 << 3) 301#define PRIV_PROC_OWNER (1 << 4) 302#define PRIV_PROC_ZONE (1 << 5) 303#define PRIV_ALL ~0 304 305SYSCTL_NODE(_debug, OID_AUTO, dtrace, CTLFLAG_RD, 0, "DTrace Information"); 306#endif 307 308#if defined(sun) 309#define curcpu CPU->cpu_id 310#endif 311 312 313/* 314 * DTrace Provider Variables 315 * 316 * These are the variables relating to DTrace as a provider (that is, the 317 * provider of the BEGIN, END, and ERROR probes). 318 */ 319static dtrace_pattr_t dtrace_provider_attr = { 320{ DTRACE_STABILITY_STABLE, DTRACE_STABILITY_STABLE, DTRACE_CLASS_COMMON }, 321{ DTRACE_STABILITY_PRIVATE, DTRACE_STABILITY_PRIVATE, DTRACE_CLASS_UNKNOWN }, 322{ DTRACE_STABILITY_PRIVATE, DTRACE_STABILITY_PRIVATE, DTRACE_CLASS_UNKNOWN }, 323{ DTRACE_STABILITY_STABLE, DTRACE_STABILITY_STABLE, DTRACE_CLASS_COMMON }, 324{ DTRACE_STABILITY_STABLE, DTRACE_STABILITY_STABLE, DTRACE_CLASS_COMMON }, 325}; 326 327static void 328dtrace_nullop(void) 329{} 330 331static dtrace_pops_t dtrace_provider_ops = { 332 (void (*)(void *, dtrace_probedesc_t *))dtrace_nullop, 333 (void (*)(void *, modctl_t *))dtrace_nullop, 334 (void (*)(void *, dtrace_id_t, void *))dtrace_nullop, 335 (void (*)(void *, dtrace_id_t, void *))dtrace_nullop, 336 (void (*)(void *, dtrace_id_t, void *))dtrace_nullop, 337 (void (*)(void *, dtrace_id_t, void *))dtrace_nullop, 338 NULL, 339 NULL, 340 NULL, 341 (void (*)(void *, dtrace_id_t, void *))dtrace_nullop 342}; 343 344static dtrace_id_t dtrace_probeid_begin; /* special BEGIN probe */ 345static dtrace_id_t dtrace_probeid_end; /* special END probe */ 346dtrace_id_t dtrace_probeid_error; /* special ERROR probe */ 347 348/* 349 * DTrace Helper Tracing Variables 350 */ 351uint32_t dtrace_helptrace_next = 0; 352uint32_t dtrace_helptrace_nlocals; 353char *dtrace_helptrace_buffer; 354int dtrace_helptrace_bufsize = 512 * 1024; 355 356#ifdef DEBUG 357int dtrace_helptrace_enabled = 1; 358#else 359int dtrace_helptrace_enabled = 0; 360#endif 361 362/* 363 * DTrace Error Hashing 364 * 365 * On DEBUG kernels, DTrace will track the errors that has seen in a hash 366 * table. This is very useful for checking coverage of tests that are 367 * expected to induce DIF or DOF processing errors, and may be useful for 368 * debugging problems in the DIF code generator or in DOF generation . The 369 * error hash may be examined with the ::dtrace_errhash MDB dcmd. 370 */ 371#ifdef DEBUG 372static dtrace_errhash_t dtrace_errhash[DTRACE_ERRHASHSZ]; 373static const char *dtrace_errlast; 374static kthread_t *dtrace_errthread; 375static kmutex_t dtrace_errlock; 376#endif 377 378/* 379 * DTrace Macros and Constants 380 * 381 * These are various macros that are useful in various spots in the 382 * implementation, along with a few random constants that have no meaning 383 * outside of the implementation. There is no real structure to this cpp 384 * mishmash -- but is there ever? 385 */ 386#define DTRACE_HASHSTR(hash, probe) \ 387 dtrace_hash_str(*((char **)((uintptr_t)(probe) + (hash)->dth_stroffs))) 388 389#define DTRACE_HASHNEXT(hash, probe) \ 390 (dtrace_probe_t **)((uintptr_t)(probe) + (hash)->dth_nextoffs) 391 392#define DTRACE_HASHPREV(hash, probe) \ 393 (dtrace_probe_t **)((uintptr_t)(probe) + (hash)->dth_prevoffs) 394 395#define DTRACE_HASHEQ(hash, lhs, rhs) \ 396 (strcmp(*((char **)((uintptr_t)(lhs) + (hash)->dth_stroffs)), \ 397 *((char **)((uintptr_t)(rhs) + (hash)->dth_stroffs))) == 0) 398 399#define DTRACE_AGGHASHSIZE_SLEW 17 400 401#define DTRACE_V4MAPPED_OFFSET (sizeof (uint32_t) * 3) 402 403/* 404 * The key for a thread-local variable consists of the lower 61 bits of the 405 * t_did, plus the 3 bits of the highest active interrupt above LOCK_LEVEL. 406 * We add DIF_VARIABLE_MAX to t_did to assure that the thread key is never 407 * equal to a variable identifier. This is necessary (but not sufficient) to 408 * assure that global associative arrays never collide with thread-local 409 * variables. To guarantee that they cannot collide, we must also define the 410 * order for keying dynamic variables. That order is: 411 * 412 * [ key0 ] ... [ keyn ] [ variable-key ] [ tls-key ] 413 * 414 * Because the variable-key and the tls-key are in orthogonal spaces, there is 415 * no way for a global variable key signature to match a thread-local key 416 * signature. 417 */ 418#if defined(sun) 419#define DTRACE_TLS_THRKEY(where) { \ 420 uint_t intr = 0; \ 421 uint_t actv = CPU->cpu_intr_actv >> (LOCK_LEVEL + 1); \ 422 for (; actv; actv >>= 1) \ 423 intr++; \ 424 ASSERT(intr < (1 << 3)); \ 425 (where) = ((curthread->t_did + DIF_VARIABLE_MAX) & \ 426 (((uint64_t)1 << 61) - 1)) | ((uint64_t)intr << 61); \ 427} 428#else 429#define DTRACE_TLS_THRKEY(where) { \ 430 solaris_cpu_t *_c = &solaris_cpu[curcpu]; \ 431 uint_t intr = 0; \ 432 uint_t actv = _c->cpu_intr_actv; \ 433 for (; actv; actv >>= 1) \ 434 intr++; \ 435 ASSERT(intr < (1 << 3)); \ 436 (where) = ((curthread->td_tid + DIF_VARIABLE_MAX) & \ 437 (((uint64_t)1 << 61) - 1)) | ((uint64_t)intr << 61); \ 438} 439#endif 440 441#define DT_BSWAP_8(x) ((x) & 0xff) 442#define DT_BSWAP_16(x) ((DT_BSWAP_8(x) << 8) | DT_BSWAP_8((x) >> 8)) 443#define DT_BSWAP_32(x) ((DT_BSWAP_16(x) << 16) | DT_BSWAP_16((x) >> 16)) 444#define DT_BSWAP_64(x) ((DT_BSWAP_32(x) << 32) | DT_BSWAP_32((x) >> 32)) 445 446#define DT_MASK_LO 0x00000000FFFFFFFFULL 447 448#define DTRACE_STORE(type, tomax, offset, what) \ 449 *((type *)((uintptr_t)(tomax) + (uintptr_t)offset)) = (type)(what); 450 451#ifndef __x86 452#define DTRACE_ALIGNCHECK(addr, size, flags) \ 453 if (addr & (size - 1)) { \ 454 *flags |= CPU_DTRACE_BADALIGN; \ 455 cpu_core[curcpu].cpuc_dtrace_illval = addr; \ 456 return (0); \ 457 } 458#else 459#define DTRACE_ALIGNCHECK(addr, size, flags) 460#endif 461 462/* 463 * Test whether a range of memory starting at testaddr of size testsz falls 464 * within the range of memory described by addr, sz. We take care to avoid 465 * problems with overflow and underflow of the unsigned quantities, and 466 * disallow all negative sizes. Ranges of size 0 are allowed. 467 */ 468#define DTRACE_INRANGE(testaddr, testsz, baseaddr, basesz) \ 469 ((testaddr) - (baseaddr) < (basesz) && \ 470 (testaddr) + (testsz) - (baseaddr) <= (basesz) && \ 471 (testaddr) + (testsz) >= (testaddr)) 472 473/* 474 * Test whether alloc_sz bytes will fit in the scratch region. We isolate 475 * alloc_sz on the righthand side of the comparison in order to avoid overflow 476 * or underflow in the comparison with it. This is simpler than the INRANGE 477 * check above, because we know that the dtms_scratch_ptr is valid in the 478 * range. Allocations of size zero are allowed. 479 */ 480#define DTRACE_INSCRATCH(mstate, alloc_sz) \ 481 ((mstate)->dtms_scratch_base + (mstate)->dtms_scratch_size - \ 482 (mstate)->dtms_scratch_ptr >= (alloc_sz)) 483 484#define DTRACE_LOADFUNC(bits) \ 485/*CSTYLED*/ \ 486uint##bits##_t \ 487dtrace_load##bits(uintptr_t addr) \ 488{ \ 489 size_t size = bits / NBBY; \ 490 /*CSTYLED*/ \ 491 uint##bits##_t rval; \ 492 int i; \ 493 volatile uint16_t *flags = (volatile uint16_t *) \ 494 &cpu_core[curcpu].cpuc_dtrace_flags; \ 495 \ 496 DTRACE_ALIGNCHECK(addr, size, flags); \ 497 \ 498 for (i = 0; i < dtrace_toxranges; i++) { \ 499 if (addr >= dtrace_toxrange[i].dtt_limit) \ 500 continue; \ 501 \ 502 if (addr + size <= dtrace_toxrange[i].dtt_base) \ 503 continue; \ 504 \ 505 /* \ 506 * This address falls within a toxic region; return 0. \ 507 */ \ 508 *flags |= CPU_DTRACE_BADADDR; \ 509 cpu_core[curcpu].cpuc_dtrace_illval = addr; \ 510 return (0); \ 511 } \ 512 \ 513 *flags |= CPU_DTRACE_NOFAULT; \ 514 /*CSTYLED*/ \ 515 rval = *((volatile uint##bits##_t *)addr); \ 516 *flags &= ~CPU_DTRACE_NOFAULT; \ 517 \ 518 return (!(*flags & CPU_DTRACE_FAULT) ? rval : 0); \ 519} 520 521#ifdef _LP64 522#define dtrace_loadptr dtrace_load64 523#else 524#define dtrace_loadptr dtrace_load32 525#endif 526 527#define DTRACE_DYNHASH_FREE 0 528#define DTRACE_DYNHASH_SINK 1 529#define DTRACE_DYNHASH_VALID 2 530 531#define DTRACE_MATCH_NEXT 0 532#define DTRACE_MATCH_DONE 1 533#define DTRACE_ANCHORED(probe) ((probe)->dtpr_func[0] != '\0') 534#define DTRACE_STATE_ALIGN 64 535 536#define DTRACE_FLAGS2FLT(flags) \ 537 (((flags) & CPU_DTRACE_BADADDR) ? DTRACEFLT_BADADDR : \ 538 ((flags) & CPU_DTRACE_ILLOP) ? DTRACEFLT_ILLOP : \ 539 ((flags) & CPU_DTRACE_DIVZERO) ? DTRACEFLT_DIVZERO : \ 540 ((flags) & CPU_DTRACE_KPRIV) ? DTRACEFLT_KPRIV : \ 541 ((flags) & CPU_DTRACE_UPRIV) ? DTRACEFLT_UPRIV : \ 542 ((flags) & CPU_DTRACE_TUPOFLOW) ? DTRACEFLT_TUPOFLOW : \ 543 ((flags) & CPU_DTRACE_BADALIGN) ? DTRACEFLT_BADALIGN : \ 544 ((flags) & CPU_DTRACE_NOSCRATCH) ? DTRACEFLT_NOSCRATCH : \ 545 ((flags) & CPU_DTRACE_BADSTACK) ? DTRACEFLT_BADSTACK : \ 546 DTRACEFLT_UNKNOWN) 547 548#define DTRACEACT_ISSTRING(act) \ 549 ((act)->dta_kind == DTRACEACT_DIFEXPR && \ 550 (act)->dta_difo->dtdo_rtype.dtdt_kind == DIF_TYPE_STRING) 551 552/* Function prototype definitions: */ 553static size_t dtrace_strlen(const char *, size_t); 554static dtrace_probe_t *dtrace_probe_lookup_id(dtrace_id_t id); 555static void dtrace_enabling_provide(dtrace_provider_t *); 556static int dtrace_enabling_match(dtrace_enabling_t *, int *); 557static void dtrace_enabling_matchall(void); 558static void dtrace_enabling_reap(void); 559static dtrace_state_t *dtrace_anon_grab(void); 560static uint64_t dtrace_helper(int, dtrace_mstate_t *, 561 dtrace_state_t *, uint64_t, uint64_t); 562static dtrace_helpers_t *dtrace_helpers_create(proc_t *); 563static void dtrace_buffer_drop(dtrace_buffer_t *); 564static int dtrace_buffer_consumed(dtrace_buffer_t *, hrtime_t when); 565static intptr_t dtrace_buffer_reserve(dtrace_buffer_t *, size_t, size_t, 566 dtrace_state_t *, dtrace_mstate_t *); 567static int dtrace_state_option(dtrace_state_t *, dtrace_optid_t, 568 dtrace_optval_t); 569static int dtrace_ecb_create_enable(dtrace_probe_t *, void *); 570static void dtrace_helper_provider_destroy(dtrace_helper_provider_t *); 571uint16_t dtrace_load16(uintptr_t); 572uint32_t dtrace_load32(uintptr_t); 573uint64_t dtrace_load64(uintptr_t); 574uint8_t dtrace_load8(uintptr_t); 575void dtrace_dynvar_clean(dtrace_dstate_t *); 576dtrace_dynvar_t *dtrace_dynvar(dtrace_dstate_t *, uint_t, dtrace_key_t *, 577 size_t, dtrace_dynvar_op_t, dtrace_mstate_t *, dtrace_vstate_t *); 578uintptr_t dtrace_dif_varstr(uintptr_t, dtrace_state_t *, dtrace_mstate_t *); 579 580/* 581 * DTrace Probe Context Functions 582 * 583 * These functions are called from probe context. Because probe context is 584 * any context in which C may be called, arbitrarily locks may be held, 585 * interrupts may be disabled, we may be in arbitrary dispatched state, etc. 586 * As a result, functions called from probe context may only call other DTrace 587 * support functions -- they may not interact at all with the system at large. 588 * (Note that the ASSERT macro is made probe-context safe by redefining it in 589 * terms of dtrace_assfail(), a probe-context safe function.) If arbitrary 590 * loads are to be performed from probe context, they _must_ be in terms of 591 * the safe dtrace_load*() variants. 592 * 593 * Some functions in this block are not actually called from probe context; 594 * for these functions, there will be a comment above the function reading 595 * "Note: not called from probe context." 596 */ 597void 598dtrace_panic(const char *format, ...) 599{ 600 va_list alist; 601 602 va_start(alist, format); 603 dtrace_vpanic(format, alist); 604 va_end(alist); 605} 606 607int 608dtrace_assfail(const char *a, const char *f, int l) 609{ 610 dtrace_panic("assertion failed: %s, file: %s, line: %d", a, f, l); 611 612 /* 613 * We just need something here that even the most clever compiler 614 * cannot optimize away. 615 */ 616 return (a[(uintptr_t)f]); 617} 618 619/* 620 * Atomically increment a specified error counter from probe context. 621 */ 622static void 623dtrace_error(uint32_t *counter) 624{ 625 /* 626 * Most counters stored to in probe context are per-CPU counters. 627 * However, there are some error conditions that are sufficiently 628 * arcane that they don't merit per-CPU storage. If these counters 629 * are incremented concurrently on different CPUs, scalability will be 630 * adversely affected -- but we don't expect them to be white-hot in a 631 * correctly constructed enabling... 632 */ 633 uint32_t oval, nval; 634 635 do { 636 oval = *counter; 637 638 if ((nval = oval + 1) == 0) { 639 /* 640 * If the counter would wrap, set it to 1 -- assuring 641 * that the counter is never zero when we have seen 642 * errors. (The counter must be 32-bits because we 643 * aren't guaranteed a 64-bit compare&swap operation.) 644 * To save this code both the infamy of being fingered 645 * by a priggish news story and the indignity of being 646 * the target of a neo-puritan witch trial, we're 647 * carefully avoiding any colorful description of the 648 * likelihood of this condition -- but suffice it to 649 * say that it is only slightly more likely than the 650 * overflow of predicate cache IDs, as discussed in 651 * dtrace_predicate_create(). 652 */ 653 nval = 1; 654 } 655 } while (dtrace_cas32(counter, oval, nval) != oval); 656} 657 658/* 659 * Use the DTRACE_LOADFUNC macro to define functions for each of loading a 660 * uint8_t, a uint16_t, a uint32_t and a uint64_t. 661 */ 662DTRACE_LOADFUNC(8) 663DTRACE_LOADFUNC(16) 664DTRACE_LOADFUNC(32) 665DTRACE_LOADFUNC(64) 666 667static int 668dtrace_inscratch(uintptr_t dest, size_t size, dtrace_mstate_t *mstate) 669{ 670 if (dest < mstate->dtms_scratch_base) 671 return (0); 672 673 if (dest + size < dest) 674 return (0); 675 676 if (dest + size > mstate->dtms_scratch_ptr) 677 return (0); 678 679 return (1); 680} 681 682static int 683dtrace_canstore_statvar(uint64_t addr, size_t sz, 684 dtrace_statvar_t **svars, int nsvars) 685{ 686 int i; 687 688 for (i = 0; i < nsvars; i++) { 689 dtrace_statvar_t *svar = svars[i]; 690 691 if (svar == NULL || svar->dtsv_size == 0) 692 continue; 693 694 if (DTRACE_INRANGE(addr, sz, svar->dtsv_data, svar->dtsv_size)) 695 return (1); 696 } 697 698 return (0); 699} 700 701/* 702 * Check to see if the address is within a memory region to which a store may 703 * be issued. This includes the DTrace scratch areas, and any DTrace variable 704 * region. The caller of dtrace_canstore() is responsible for performing any 705 * alignment checks that are needed before stores are actually executed. 706 */ 707static int 708dtrace_canstore(uint64_t addr, size_t sz, dtrace_mstate_t *mstate, 709 dtrace_vstate_t *vstate) 710{ 711 /* 712 * First, check to see if the address is in scratch space... 713 */ 714 if (DTRACE_INRANGE(addr, sz, mstate->dtms_scratch_base, 715 mstate->dtms_scratch_size)) 716 return (1); 717 718 /* 719 * Now check to see if it's a dynamic variable. This check will pick 720 * up both thread-local variables and any global dynamically-allocated 721 * variables. 722 */ 723 if (DTRACE_INRANGE(addr, sz, (uintptr_t)vstate->dtvs_dynvars.dtds_base, 724 vstate->dtvs_dynvars.dtds_size)) { 725 dtrace_dstate_t *dstate = &vstate->dtvs_dynvars; 726 uintptr_t base = (uintptr_t)dstate->dtds_base + 727 (dstate->dtds_hashsize * sizeof (dtrace_dynhash_t)); 728 uintptr_t chunkoffs; 729 730 /* 731 * Before we assume that we can store here, we need to make 732 * sure that it isn't in our metadata -- storing to our 733 * dynamic variable metadata would corrupt our state. For 734 * the range to not include any dynamic variable metadata, 735 * it must: 736 * 737 * (1) Start above the hash table that is at the base of 738 * the dynamic variable space 739 * 740 * (2) Have a starting chunk offset that is beyond the 741 * dtrace_dynvar_t that is at the base of every chunk 742 * 743 * (3) Not span a chunk boundary 744 * 745 */ 746 if (addr < base) 747 return (0); 748 749 chunkoffs = (addr - base) % dstate->dtds_chunksize; 750 751 if (chunkoffs < sizeof (dtrace_dynvar_t)) 752 return (0); 753 754 if (chunkoffs + sz > dstate->dtds_chunksize) 755 return (0); 756 757 return (1); 758 } 759 760 /* 761 * Finally, check the static local and global variables. These checks 762 * take the longest, so we perform them last. 763 */ 764 if (dtrace_canstore_statvar(addr, sz, 765 vstate->dtvs_locals, vstate->dtvs_nlocals)) 766 return (1); 767 768 if (dtrace_canstore_statvar(addr, sz, 769 vstate->dtvs_globals, vstate->dtvs_nglobals)) 770 return (1); 771 772 return (0); 773} 774 775 776/* 777 * Convenience routine to check to see if the address is within a memory 778 * region in which a load may be issued given the user's privilege level; 779 * if not, it sets the appropriate error flags and loads 'addr' into the 780 * illegal value slot. 781 * 782 * DTrace subroutines (DIF_SUBR_*) should use this helper to implement 783 * appropriate memory access protection. 784 */ 785static int 786dtrace_canload(uint64_t addr, size_t sz, dtrace_mstate_t *mstate, 787 dtrace_vstate_t *vstate) 788{ 789 volatile uintptr_t *illval = &cpu_core[curcpu].cpuc_dtrace_illval; 790 791 /* 792 * If we hold the privilege to read from kernel memory, then 793 * everything is readable. 794 */ 795 if ((mstate->dtms_access & DTRACE_ACCESS_KERNEL) != 0) 796 return (1); 797 798 /* 799 * You can obviously read that which you can store. 800 */ 801 if (dtrace_canstore(addr, sz, mstate, vstate)) 802 return (1); 803 804 /* 805 * We're allowed to read from our own string table. 806 */ 807 if (DTRACE_INRANGE(addr, sz, (uintptr_t)mstate->dtms_difo->dtdo_strtab, 808 mstate->dtms_difo->dtdo_strlen)) 809 return (1); 810 811 DTRACE_CPUFLAG_SET(CPU_DTRACE_KPRIV); 812 *illval = addr; 813 return (0); 814} 815 816/* 817 * Convenience routine to check to see if a given string is within a memory 818 * region in which a load may be issued given the user's privilege level; 819 * this exists so that we don't need to issue unnecessary dtrace_strlen() 820 * calls in the event that the user has all privileges. 821 */ 822static int 823dtrace_strcanload(uint64_t addr, size_t sz, dtrace_mstate_t *mstate, 824 dtrace_vstate_t *vstate) 825{ 826 size_t strsz; 827 828 /* 829 * If we hold the privilege to read from kernel memory, then 830 * everything is readable. 831 */ 832 if ((mstate->dtms_access & DTRACE_ACCESS_KERNEL) != 0) 833 return (1); 834 835 strsz = 1 + dtrace_strlen((char *)(uintptr_t)addr, sz); 836 if (dtrace_canload(addr, strsz, mstate, vstate)) 837 return (1); 838 839 return (0); 840} 841 842/* 843 * Convenience routine to check to see if a given variable is within a memory 844 * region in which a load may be issued given the user's privilege level. 845 */ 846static int 847dtrace_vcanload(void *src, dtrace_diftype_t *type, dtrace_mstate_t *mstate, 848 dtrace_vstate_t *vstate) 849{ 850 size_t sz; 851 ASSERT(type->dtdt_flags & DIF_TF_BYREF); 852 853 /* 854 * If we hold the privilege to read from kernel memory, then 855 * everything is readable. 856 */ 857 if ((mstate->dtms_access & DTRACE_ACCESS_KERNEL) != 0) 858 return (1); 859 860 if (type->dtdt_kind == DIF_TYPE_STRING) 861 sz = dtrace_strlen(src, 862 vstate->dtvs_state->dts_options[DTRACEOPT_STRSIZE]) + 1; 863 else 864 sz = type->dtdt_size; 865 866 return (dtrace_canload((uintptr_t)src, sz, mstate, vstate)); 867} 868 869/* 870 * Compare two strings using safe loads. 871 */ 872static int 873dtrace_strncmp(char *s1, char *s2, size_t limit) 874{ 875 uint8_t c1, c2; 876 volatile uint16_t *flags; 877 878 if (s1 == s2 || limit == 0) 879 return (0); 880 881 flags = (volatile uint16_t *)&cpu_core[curcpu].cpuc_dtrace_flags; 882 883 do { 884 if (s1 == NULL) { 885 c1 = '\0'; 886 } else { 887 c1 = dtrace_load8((uintptr_t)s1++); 888 } 889 890 if (s2 == NULL) { 891 c2 = '\0'; 892 } else { 893 c2 = dtrace_load8((uintptr_t)s2++); 894 } 895 896 if (c1 != c2) 897 return (c1 - c2); 898 } while (--limit && c1 != '\0' && !(*flags & CPU_DTRACE_FAULT)); 899 900 return (0); 901} 902 903/* 904 * Compute strlen(s) for a string using safe memory accesses. The additional 905 * len parameter is used to specify a maximum length to ensure completion. 906 */ 907static size_t 908dtrace_strlen(const char *s, size_t lim) 909{ 910 uint_t len; 911 912 for (len = 0; len != lim; len++) { 913 if (dtrace_load8((uintptr_t)s++) == '\0') 914 break; 915 } 916 917 return (len); 918} 919 920/* 921 * Check if an address falls within a toxic region. 922 */ 923static int 924dtrace_istoxic(uintptr_t kaddr, size_t size) 925{ 926 uintptr_t taddr, tsize; 927 int i; 928 929 for (i = 0; i < dtrace_toxranges; i++) { 930 taddr = dtrace_toxrange[i].dtt_base; 931 tsize = dtrace_toxrange[i].dtt_limit - taddr; 932 933 if (kaddr - taddr < tsize) { 934 DTRACE_CPUFLAG_SET(CPU_DTRACE_BADADDR); 935 cpu_core[curcpu].cpuc_dtrace_illval = kaddr; 936 return (1); 937 } 938 939 if (taddr - kaddr < size) { 940 DTRACE_CPUFLAG_SET(CPU_DTRACE_BADADDR); 941 cpu_core[curcpu].cpuc_dtrace_illval = taddr; 942 return (1); 943 } 944 } 945 946 return (0); 947} 948 949/* 950 * Copy src to dst using safe memory accesses. The src is assumed to be unsafe 951 * memory specified by the DIF program. The dst is assumed to be safe memory 952 * that we can store to directly because it is managed by DTrace. As with 953 * standard bcopy, overlapping copies are handled properly. 954 */ 955static void 956dtrace_bcopy(const void *src, void *dst, size_t len) 957{ 958 if (len != 0) { 959 uint8_t *s1 = dst; 960 const uint8_t *s2 = src; 961 962 if (s1 <= s2) { 963 do { 964 *s1++ = dtrace_load8((uintptr_t)s2++); 965 } while (--len != 0); 966 } else { 967 s2 += len; 968 s1 += len; 969 970 do { 971 *--s1 = dtrace_load8((uintptr_t)--s2); 972 } while (--len != 0); 973 } 974 } 975} 976 977/* 978 * Copy src to dst using safe memory accesses, up to either the specified 979 * length, or the point that a nul byte is encountered. The src is assumed to 980 * be unsafe memory specified by the DIF program. The dst is assumed to be 981 * safe memory that we can store to directly because it is managed by DTrace. 982 * Unlike dtrace_bcopy(), overlapping regions are not handled. 983 */ 984static void 985dtrace_strcpy(const void *src, void *dst, size_t len) 986{ 987 if (len != 0) { 988 uint8_t *s1 = dst, c; 989 const uint8_t *s2 = src; 990 991 do { 992 *s1++ = c = dtrace_load8((uintptr_t)s2++); 993 } while (--len != 0 && c != '\0'); 994 } 995} 996 997/* 998 * Copy src to dst, deriving the size and type from the specified (BYREF) 999 * variable type. The src is assumed to be unsafe memory specified by the DIF 1000 * program. The dst is assumed to be DTrace variable memory that is of the 1001 * specified type; we assume that we can store to directly. 1002 */ 1003static void 1004dtrace_vcopy(void *src, void *dst, dtrace_diftype_t *type) 1005{ 1006 ASSERT(type->dtdt_flags & DIF_TF_BYREF); 1007 1008 if (type->dtdt_kind == DIF_TYPE_STRING) { 1009 dtrace_strcpy(src, dst, type->dtdt_size); 1010 } else { 1011 dtrace_bcopy(src, dst, type->dtdt_size); 1012 } 1013} 1014 1015/* 1016 * Compare s1 to s2 using safe memory accesses. The s1 data is assumed to be 1017 * unsafe memory specified by the DIF program. The s2 data is assumed to be 1018 * safe memory that we can access directly because it is managed by DTrace. 1019 */ 1020static int 1021dtrace_bcmp(const void *s1, const void *s2, size_t len) 1022{ 1023 volatile uint16_t *flags; 1024 1025 flags = (volatile uint16_t *)&cpu_core[curcpu].cpuc_dtrace_flags; 1026 1027 if (s1 == s2) 1028 return (0); 1029 1030 if (s1 == NULL || s2 == NULL) 1031 return (1); 1032 1033 if (s1 != s2 && len != 0) { 1034 const uint8_t *ps1 = s1; 1035 const uint8_t *ps2 = s2; 1036 1037 do { 1038 if (dtrace_load8((uintptr_t)ps1++) != *ps2++) 1039 return (1); 1040 } while (--len != 0 && !(*flags & CPU_DTRACE_FAULT)); 1041 } 1042 return (0); 1043} 1044 1045/* 1046 * Zero the specified region using a simple byte-by-byte loop. Note that this 1047 * is for safe DTrace-managed memory only. 1048 */ 1049static void 1050dtrace_bzero(void *dst, size_t len) 1051{ 1052 uchar_t *cp; 1053 1054 for (cp = dst; len != 0; len--) 1055 *cp++ = 0; 1056} 1057 1058static void 1059dtrace_add_128(uint64_t *addend1, uint64_t *addend2, uint64_t *sum) 1060{ 1061 uint64_t result[2]; 1062 1063 result[0] = addend1[0] + addend2[0]; 1064 result[1] = addend1[1] + addend2[1] + 1065 (result[0] < addend1[0] || result[0] < addend2[0] ? 1 : 0); 1066 1067 sum[0] = result[0]; 1068 sum[1] = result[1]; 1069} 1070 1071/* 1072 * Shift the 128-bit value in a by b. If b is positive, shift left. 1073 * If b is negative, shift right. 1074 */ 1075static void 1076dtrace_shift_128(uint64_t *a, int b) 1077{ 1078 uint64_t mask; 1079 1080 if (b == 0) 1081 return; 1082 1083 if (b < 0) { 1084 b = -b; 1085 if (b >= 64) { 1086 a[0] = a[1] >> (b - 64); 1087 a[1] = 0; 1088 } else { 1089 a[0] >>= b; 1090 mask = 1LL << (64 - b); 1091 mask -= 1; 1092 a[0] |= ((a[1] & mask) << (64 - b)); 1093 a[1] >>= b; 1094 } 1095 } else { 1096 if (b >= 64) { 1097 a[1] = a[0] << (b - 64); 1098 a[0] = 0; 1099 } else { 1100 a[1] <<= b; 1101 mask = a[0] >> (64 - b); 1102 a[1] |= mask; 1103 a[0] <<= b; 1104 } 1105 } 1106} 1107 1108/* 1109 * The basic idea is to break the 2 64-bit values into 4 32-bit values, 1110 * use native multiplication on those, and then re-combine into the 1111 * resulting 128-bit value. 1112 * 1113 * (hi1 << 32 + lo1) * (hi2 << 32 + lo2) = 1114 * hi1 * hi2 << 64 + 1115 * hi1 * lo2 << 32 + 1116 * hi2 * lo1 << 32 + 1117 * lo1 * lo2 1118 */ 1119static void 1120dtrace_multiply_128(uint64_t factor1, uint64_t factor2, uint64_t *product) 1121{ 1122 uint64_t hi1, hi2, lo1, lo2; 1123 uint64_t tmp[2]; 1124 1125 hi1 = factor1 >> 32; 1126 hi2 = factor2 >> 32; 1127 1128 lo1 = factor1 & DT_MASK_LO; 1129 lo2 = factor2 & DT_MASK_LO; 1130 1131 product[0] = lo1 * lo2; 1132 product[1] = hi1 * hi2; 1133 1134 tmp[0] = hi1 * lo2; 1135 tmp[1] = 0; 1136 dtrace_shift_128(tmp, 32); 1137 dtrace_add_128(product, tmp, product); 1138 1139 tmp[0] = hi2 * lo1; 1140 tmp[1] = 0; 1141 dtrace_shift_128(tmp, 32); 1142 dtrace_add_128(product, tmp, product); 1143} 1144 1145/* 1146 * This privilege check should be used by actions and subroutines to 1147 * verify that the user credentials of the process that enabled the 1148 * invoking ECB match the target credentials 1149 */ 1150static int 1151dtrace_priv_proc_common_user(dtrace_state_t *state) 1152{ 1153 cred_t *cr, *s_cr = state->dts_cred.dcr_cred; 1154 1155 /* 1156 * We should always have a non-NULL state cred here, since if cred 1157 * is null (anonymous tracing), we fast-path bypass this routine. 1158 */ 1159 ASSERT(s_cr != NULL); 1160 1161 if ((cr = CRED()) != NULL && 1162 s_cr->cr_uid == cr->cr_uid && 1163 s_cr->cr_uid == cr->cr_ruid && 1164 s_cr->cr_uid == cr->cr_suid && 1165 s_cr->cr_gid == cr->cr_gid && 1166 s_cr->cr_gid == cr->cr_rgid && 1167 s_cr->cr_gid == cr->cr_sgid) 1168 return (1); 1169 1170 return (0); 1171} 1172 1173/* 1174 * This privilege check should be used by actions and subroutines to 1175 * verify that the zone of the process that enabled the invoking ECB 1176 * matches the target credentials 1177 */ 1178static int 1179dtrace_priv_proc_common_zone(dtrace_state_t *state) 1180{ 1181#if defined(sun) 1182 cred_t *cr, *s_cr = state->dts_cred.dcr_cred; 1183 1184 /* 1185 * We should always have a non-NULL state cred here, since if cred 1186 * is null (anonymous tracing), we fast-path bypass this routine. 1187 */ 1188 ASSERT(s_cr != NULL); 1189 1190 if ((cr = CRED()) != NULL && 1191 s_cr->cr_zone == cr->cr_zone) 1192 return (1); 1193 1194 return (0); 1195#else 1196 return (1); 1197#endif 1198} 1199 1200/* 1201 * This privilege check should be used by actions and subroutines to 1202 * verify that the process has not setuid or changed credentials. 1203 */ 1204static int 1205dtrace_priv_proc_common_nocd(void) 1206{ 1207 proc_t *proc; 1208 1209 if ((proc = ttoproc(curthread)) != NULL && 1210 !(proc->p_flag & SNOCD)) 1211 return (1); 1212 1213 return (0); 1214} 1215 1216static int 1217dtrace_priv_proc_destructive(dtrace_state_t *state) 1218{ 1219 int action = state->dts_cred.dcr_action; 1220 1221 if (((action & DTRACE_CRA_PROC_DESTRUCTIVE_ALLZONE) == 0) && 1222 dtrace_priv_proc_common_zone(state) == 0) 1223 goto bad; 1224 1225 if (((action & DTRACE_CRA_PROC_DESTRUCTIVE_ALLUSER) == 0) && 1226 dtrace_priv_proc_common_user(state) == 0) 1227 goto bad; 1228 1229 if (((action & DTRACE_CRA_PROC_DESTRUCTIVE_CREDCHG) == 0) && 1230 dtrace_priv_proc_common_nocd() == 0) 1231 goto bad; 1232 1233 return (1); 1234 1235bad: 1236 cpu_core[curcpu].cpuc_dtrace_flags |= CPU_DTRACE_UPRIV; 1237 1238 return (0); 1239} 1240 1241static int 1242dtrace_priv_proc_control(dtrace_state_t *state) 1243{ 1244 if (state->dts_cred.dcr_action & DTRACE_CRA_PROC_CONTROL) 1245 return (1); 1246 1247 if (dtrace_priv_proc_common_zone(state) && 1248 dtrace_priv_proc_common_user(state) && 1249 dtrace_priv_proc_common_nocd()) 1250 return (1); 1251 1252 cpu_core[curcpu].cpuc_dtrace_flags |= CPU_DTRACE_UPRIV; 1253 1254 return (0); 1255} 1256 1257static int 1258dtrace_priv_proc(dtrace_state_t *state) 1259{ 1260 if (state->dts_cred.dcr_action & DTRACE_CRA_PROC) 1261 return (1); 1262 1263 cpu_core[curcpu].cpuc_dtrace_flags |= CPU_DTRACE_UPRIV; 1264 1265 return (0); 1266} 1267 1268static int 1269dtrace_priv_kernel(dtrace_state_t *state) 1270{ 1271 if (state->dts_cred.dcr_action & DTRACE_CRA_KERNEL) 1272 return (1); 1273 1274 cpu_core[curcpu].cpuc_dtrace_flags |= CPU_DTRACE_KPRIV; 1275 1276 return (0); 1277} 1278 1279static int 1280dtrace_priv_kernel_destructive(dtrace_state_t *state) 1281{ 1282 if (state->dts_cred.dcr_action & DTRACE_CRA_KERNEL_DESTRUCTIVE) 1283 return (1); 1284 1285 cpu_core[curcpu].cpuc_dtrace_flags |= CPU_DTRACE_KPRIV; 1286 1287 return (0); 1288} 1289 1290/* 1291 * Note: not called from probe context. This function is called 1292 * asynchronously (and at a regular interval) from outside of probe context to 1293 * clean the dirty dynamic variable lists on all CPUs. Dynamic variable 1294 * cleaning is explained in detail in <sys/dtrace_impl.h>. 1295 */ 1296void 1297dtrace_dynvar_clean(dtrace_dstate_t *dstate) 1298{ 1299 dtrace_dynvar_t *dirty; 1300 dtrace_dstate_percpu_t *dcpu; 1301 int i, work = 0; 1302 1303 for (i = 0; i < NCPU; i++) { 1304 dcpu = &dstate->dtds_percpu[i]; 1305 1306 ASSERT(dcpu->dtdsc_rinsing == NULL); 1307 1308 /* 1309 * If the dirty list is NULL, there is no dirty work to do. 1310 */ 1311 if (dcpu->dtdsc_dirty == NULL) 1312 continue; 1313 1314 /* 1315 * If the clean list is non-NULL, then we're not going to do 1316 * any work for this CPU -- it means that there has not been 1317 * a dtrace_dynvar() allocation on this CPU (or from this CPU) 1318 * since the last time we cleaned house. 1319 */ 1320 if (dcpu->dtdsc_clean != NULL) 1321 continue; 1322 1323 work = 1; 1324 1325 /* 1326 * Atomically move the dirty list aside. 1327 */ 1328 do { 1329 dirty = dcpu->dtdsc_dirty; 1330 1331 /* 1332 * Before we zap the dirty list, set the rinsing list. 1333 * (This allows for a potential assertion in 1334 * dtrace_dynvar(): if a free dynamic variable appears 1335 * on a hash chain, either the dirty list or the 1336 * rinsing list for some CPU must be non-NULL.) 1337 */ 1338 dcpu->dtdsc_rinsing = dirty; 1339 dtrace_membar_producer(); 1340 } while (dtrace_casptr(&dcpu->dtdsc_dirty, 1341 dirty, NULL) != dirty); 1342 } 1343 1344 if (!work) { 1345 /* 1346 * We have no work to do; we can simply return. 1347 */ 1348 return; 1349 } 1350 1351 dtrace_sync(); 1352 1353 for (i = 0; i < NCPU; i++) { 1354 dcpu = &dstate->dtds_percpu[i]; 1355 1356 if (dcpu->dtdsc_rinsing == NULL) 1357 continue; 1358 1359 /* 1360 * We are now guaranteed that no hash chain contains a pointer 1361 * into this dirty list; we can make it clean. 1362 */ 1363 ASSERT(dcpu->dtdsc_clean == NULL); 1364 dcpu->dtdsc_clean = dcpu->dtdsc_rinsing; 1365 dcpu->dtdsc_rinsing = NULL; 1366 } 1367 1368 /* 1369 * Before we actually set the state to be DTRACE_DSTATE_CLEAN, make 1370 * sure that all CPUs have seen all of the dtdsc_clean pointers. 1371 * This prevents a race whereby a CPU incorrectly decides that 1372 * the state should be something other than DTRACE_DSTATE_CLEAN 1373 * after dtrace_dynvar_clean() has completed. 1374 */ 1375 dtrace_sync(); 1376 1377 dstate->dtds_state = DTRACE_DSTATE_CLEAN; 1378} 1379 1380/* 1381 * Depending on the value of the op parameter, this function looks-up, 1382 * allocates or deallocates an arbitrarily-keyed dynamic variable. If an 1383 * allocation is requested, this function will return a pointer to a 1384 * dtrace_dynvar_t corresponding to the allocated variable -- or NULL if no 1385 * variable can be allocated. If NULL is returned, the appropriate counter 1386 * will be incremented. 1387 */ 1388dtrace_dynvar_t * 1389dtrace_dynvar(dtrace_dstate_t *dstate, uint_t nkeys, 1390 dtrace_key_t *key, size_t dsize, dtrace_dynvar_op_t op, 1391 dtrace_mstate_t *mstate, dtrace_vstate_t *vstate) 1392{ 1393 uint64_t hashval = DTRACE_DYNHASH_VALID; 1394 dtrace_dynhash_t *hash = dstate->dtds_hash; 1395 dtrace_dynvar_t *free, *new_free, *next, *dvar, *start, *prev = NULL; 1396 processorid_t me = curcpu, cpu = me; 1397 dtrace_dstate_percpu_t *dcpu = &dstate->dtds_percpu[me]; 1398 size_t bucket, ksize; 1399 size_t chunksize = dstate->dtds_chunksize; 1400 uintptr_t kdata, lock, nstate; 1401 uint_t i; 1402 1403 ASSERT(nkeys != 0); 1404 1405 /* 1406 * Hash the key. As with aggregations, we use Jenkins' "One-at-a-time" 1407 * algorithm. For the by-value portions, we perform the algorithm in 1408 * 16-bit chunks (as opposed to 8-bit chunks). This speeds things up a 1409 * bit, and seems to have only a minute effect on distribution. For 1410 * the by-reference data, we perform "One-at-a-time" iterating (safely) 1411 * over each referenced byte. It's painful to do this, but it's much 1412 * better than pathological hash distribution. The efficacy of the 1413 * hashing algorithm (and a comparison with other algorithms) may be 1414 * found by running the ::dtrace_dynstat MDB dcmd. 1415 */ 1416 for (i = 0; i < nkeys; i++) { 1417 if (key[i].dttk_size == 0) { 1418 uint64_t val = key[i].dttk_value; 1419 1420 hashval += (val >> 48) & 0xffff; 1421 hashval += (hashval << 10); 1422 hashval ^= (hashval >> 6); 1423 1424 hashval += (val >> 32) & 0xffff; 1425 hashval += (hashval << 10); 1426 hashval ^= (hashval >> 6); 1427 1428 hashval += (val >> 16) & 0xffff; 1429 hashval += (hashval << 10); 1430 hashval ^= (hashval >> 6); 1431 1432 hashval += val & 0xffff; 1433 hashval += (hashval << 10); 1434 hashval ^= (hashval >> 6); 1435 } else { 1436 /* 1437 * This is incredibly painful, but it beats the hell 1438 * out of the alternative. 1439 */ 1440 uint64_t j, size = key[i].dttk_size; 1441 uintptr_t base = (uintptr_t)key[i].dttk_value; 1442 1443 if (!dtrace_canload(base, size, mstate, vstate)) 1444 break; 1445 1446 for (j = 0; j < size; j++) { 1447 hashval += dtrace_load8(base + j); 1448 hashval += (hashval << 10); 1449 hashval ^= (hashval >> 6); 1450 } 1451 } 1452 } 1453 1454 if (DTRACE_CPUFLAG_ISSET(CPU_DTRACE_FAULT)) 1455 return (NULL); 1456 1457 hashval += (hashval << 3); 1458 hashval ^= (hashval >> 11); 1459 hashval += (hashval << 15); 1460 1461 /* 1462 * There is a remote chance (ideally, 1 in 2^31) that our hashval 1463 * comes out to be one of our two sentinel hash values. If this 1464 * actually happens, we set the hashval to be a value known to be a 1465 * non-sentinel value. 1466 */ 1467 if (hashval == DTRACE_DYNHASH_FREE || hashval == DTRACE_DYNHASH_SINK) 1468 hashval = DTRACE_DYNHASH_VALID; 1469 1470 /* 1471 * Yes, it's painful to do a divide here. If the cycle count becomes 1472 * important here, tricks can be pulled to reduce it. (However, it's 1473 * critical that hash collisions be kept to an absolute minimum; 1474 * they're much more painful than a divide.) It's better to have a 1475 * solution that generates few collisions and still keeps things 1476 * relatively simple. 1477 */ 1478 bucket = hashval % dstate->dtds_hashsize; 1479 1480 if (op == DTRACE_DYNVAR_DEALLOC) { 1481 volatile uintptr_t *lockp = &hash[bucket].dtdh_lock; 1482 1483 for (;;) { 1484 while ((lock = *lockp) & 1) 1485 continue; 1486 1487 if (dtrace_casptr((volatile void *)lockp, 1488 (volatile void *)lock, (volatile void *)(lock + 1)) == (void *)lock) 1489 break; 1490 } 1491 1492 dtrace_membar_producer(); 1493 } 1494 1495top: 1496 prev = NULL; 1497 lock = hash[bucket].dtdh_lock; 1498 1499 dtrace_membar_consumer(); 1500 1501 start = hash[bucket].dtdh_chain; 1502 ASSERT(start != NULL && (start->dtdv_hashval == DTRACE_DYNHASH_SINK || 1503 start->dtdv_hashval != DTRACE_DYNHASH_FREE || 1504 op != DTRACE_DYNVAR_DEALLOC)); 1505 1506 for (dvar = start; dvar != NULL; dvar = dvar->dtdv_next) { 1507 dtrace_tuple_t *dtuple = &dvar->dtdv_tuple; 1508 dtrace_key_t *dkey = &dtuple->dtt_key[0]; 1509 1510 if (dvar->dtdv_hashval != hashval) { 1511 if (dvar->dtdv_hashval == DTRACE_DYNHASH_SINK) { 1512 /* 1513 * We've reached the sink, and therefore the 1514 * end of the hash chain; we can kick out of 1515 * the loop knowing that we have seen a valid 1516 * snapshot of state. 1517 */ 1518 ASSERT(dvar->dtdv_next == NULL); 1519 ASSERT(dvar == &dtrace_dynhash_sink); 1520 break; 1521 } 1522 1523 if (dvar->dtdv_hashval == DTRACE_DYNHASH_FREE) { 1524 /* 1525 * We've gone off the rails: somewhere along 1526 * the line, one of the members of this hash 1527 * chain was deleted. Note that we could also 1528 * detect this by simply letting this loop run 1529 * to completion, as we would eventually hit 1530 * the end of the dirty list. However, we 1531 * want to avoid running the length of the 1532 * dirty list unnecessarily (it might be quite 1533 * long), so we catch this as early as 1534 * possible by detecting the hash marker. In 1535 * this case, we simply set dvar to NULL and 1536 * break; the conditional after the loop will 1537 * send us back to top. 1538 */ 1539 dvar = NULL; 1540 break; 1541 } 1542 1543 goto next; 1544 } 1545 1546 if (dtuple->dtt_nkeys != nkeys) 1547 goto next; 1548 1549 for (i = 0; i < nkeys; i++, dkey++) { 1550 if (dkey->dttk_size != key[i].dttk_size) 1551 goto next; /* size or type mismatch */ 1552 1553 if (dkey->dttk_size != 0) { 1554 if (dtrace_bcmp( 1555 (void *)(uintptr_t)key[i].dttk_value, 1556 (void *)(uintptr_t)dkey->dttk_value, 1557 dkey->dttk_size)) 1558 goto next; 1559 } else { 1560 if (dkey->dttk_value != key[i].dttk_value) 1561 goto next; 1562 } 1563 } 1564 1565 if (op != DTRACE_DYNVAR_DEALLOC) 1566 return (dvar); 1567 1568 ASSERT(dvar->dtdv_next == NULL || 1569 dvar->dtdv_next->dtdv_hashval != DTRACE_DYNHASH_FREE); 1570 1571 if (prev != NULL) { 1572 ASSERT(hash[bucket].dtdh_chain != dvar); 1573 ASSERT(start != dvar); 1574 ASSERT(prev->dtdv_next == dvar); 1575 prev->dtdv_next = dvar->dtdv_next; 1576 } else { 1577 if (dtrace_casptr(&hash[bucket].dtdh_chain, 1578 start, dvar->dtdv_next) != start) { 1579 /* 1580 * We have failed to atomically swing the 1581 * hash table head pointer, presumably because 1582 * of a conflicting allocation on another CPU. 1583 * We need to reread the hash chain and try 1584 * again. 1585 */ 1586 goto top; 1587 } 1588 } 1589 1590 dtrace_membar_producer(); 1591 1592 /* 1593 * Now set the hash value to indicate that it's free. 1594 */ 1595 ASSERT(hash[bucket].dtdh_chain != dvar); 1596 dvar->dtdv_hashval = DTRACE_DYNHASH_FREE; 1597 1598 dtrace_membar_producer(); 1599 1600 /* 1601 * Set the next pointer to point at the dirty list, and 1602 * atomically swing the dirty pointer to the newly freed dvar. 1603 */ 1604 do { 1605 next = dcpu->dtdsc_dirty; 1606 dvar->dtdv_next = next; 1607 } while (dtrace_casptr(&dcpu->dtdsc_dirty, next, dvar) != next); 1608 1609 /* 1610 * Finally, unlock this hash bucket. 1611 */ 1612 ASSERT(hash[bucket].dtdh_lock == lock); 1613 ASSERT(lock & 1); 1614 hash[bucket].dtdh_lock++; 1615 1616 return (NULL); 1617next: 1618 prev = dvar; 1619 continue; 1620 } 1621 1622 if (dvar == NULL) { 1623 /* 1624 * If dvar is NULL, it is because we went off the rails: 1625 * one of the elements that we traversed in the hash chain 1626 * was deleted while we were traversing it. In this case, 1627 * we assert that we aren't doing a dealloc (deallocs lock 1628 * the hash bucket to prevent themselves from racing with 1629 * one another), and retry the hash chain traversal. 1630 */ 1631 ASSERT(op != DTRACE_DYNVAR_DEALLOC); 1632 goto top; 1633 } 1634 1635 if (op != DTRACE_DYNVAR_ALLOC) { 1636 /* 1637 * If we are not to allocate a new variable, we want to 1638 * return NULL now. Before we return, check that the value 1639 * of the lock word hasn't changed. If it has, we may have 1640 * seen an inconsistent snapshot. 1641 */ 1642 if (op == DTRACE_DYNVAR_NOALLOC) { 1643 if (hash[bucket].dtdh_lock != lock) 1644 goto top; 1645 } else { 1646 ASSERT(op == DTRACE_DYNVAR_DEALLOC); 1647 ASSERT(hash[bucket].dtdh_lock == lock); 1648 ASSERT(lock & 1); 1649 hash[bucket].dtdh_lock++; 1650 } 1651 1652 return (NULL); 1653 } 1654 1655 /* 1656 * We need to allocate a new dynamic variable. The size we need is the 1657 * size of dtrace_dynvar plus the size of nkeys dtrace_key_t's plus the 1658 * size of any auxiliary key data (rounded up to 8-byte alignment) plus 1659 * the size of any referred-to data (dsize). We then round the final 1660 * size up to the chunksize for allocation. 1661 */ 1662 for (ksize = 0, i = 0; i < nkeys; i++) 1663 ksize += P2ROUNDUP(key[i].dttk_size, sizeof (uint64_t)); 1664 1665 /* 1666 * This should be pretty much impossible, but could happen if, say, 1667 * strange DIF specified the tuple. Ideally, this should be an 1668 * assertion and not an error condition -- but that requires that the 1669 * chunksize calculation in dtrace_difo_chunksize() be absolutely 1670 * bullet-proof. (That is, it must not be able to be fooled by 1671 * malicious DIF.) Given the lack of backwards branches in DIF, 1672 * solving this would presumably not amount to solving the Halting 1673 * Problem -- but it still seems awfully hard. 1674 */ 1675 if (sizeof (dtrace_dynvar_t) + sizeof (dtrace_key_t) * (nkeys - 1) + 1676 ksize + dsize > chunksize) { 1677 dcpu->dtdsc_drops++; 1678 return (NULL); 1679 } 1680 1681 nstate = DTRACE_DSTATE_EMPTY; 1682 1683 do { 1684retry: 1685 free = dcpu->dtdsc_free; 1686 1687 if (free == NULL) { 1688 dtrace_dynvar_t *clean = dcpu->dtdsc_clean; 1689 void *rval; 1690 1691 if (clean == NULL) { 1692 /* 1693 * We're out of dynamic variable space on 1694 * this CPU. Unless we have tried all CPUs, 1695 * we'll try to allocate from a different 1696 * CPU. 1697 */ 1698 switch (dstate->dtds_state) { 1699 case DTRACE_DSTATE_CLEAN: { 1700 void *sp = &dstate->dtds_state; 1701 1702 if (++cpu >= NCPU) 1703 cpu = 0; 1704 1705 if (dcpu->dtdsc_dirty != NULL && 1706 nstate == DTRACE_DSTATE_EMPTY) 1707 nstate = DTRACE_DSTATE_DIRTY; 1708 1709 if (dcpu->dtdsc_rinsing != NULL) 1710 nstate = DTRACE_DSTATE_RINSING; 1711 1712 dcpu = &dstate->dtds_percpu[cpu]; 1713 1714 if (cpu != me) 1715 goto retry; 1716 1717 (void) dtrace_cas32(sp, 1718 DTRACE_DSTATE_CLEAN, nstate); 1719 1720 /* 1721 * To increment the correct bean 1722 * counter, take another lap. 1723 */ 1724 goto retry; 1725 } 1726 1727 case DTRACE_DSTATE_DIRTY: 1728 dcpu->dtdsc_dirty_drops++; 1729 break; 1730 1731 case DTRACE_DSTATE_RINSING: 1732 dcpu->dtdsc_rinsing_drops++; 1733 break; 1734 1735 case DTRACE_DSTATE_EMPTY: 1736 dcpu->dtdsc_drops++; 1737 break; 1738 } 1739 1740 DTRACE_CPUFLAG_SET(CPU_DTRACE_DROP); 1741 return (NULL); 1742 } 1743 1744 /* 1745 * The clean list appears to be non-empty. We want to 1746 * move the clean list to the free list; we start by 1747 * moving the clean pointer aside. 1748 */ 1749 if (dtrace_casptr(&dcpu->dtdsc_clean, 1750 clean, NULL) != clean) { 1751 /* 1752 * We are in one of two situations: 1753 * 1754 * (a) The clean list was switched to the 1755 * free list by another CPU. 1756 * 1757 * (b) The clean list was added to by the 1758 * cleansing cyclic. 1759 * 1760 * In either of these situations, we can 1761 * just reattempt the free list allocation. 1762 */ 1763 goto retry; 1764 } 1765 1766 ASSERT(clean->dtdv_hashval == DTRACE_DYNHASH_FREE); 1767 1768 /* 1769 * Now we'll move the clean list to the free list. 1770 * It's impossible for this to fail: the only way 1771 * the free list can be updated is through this 1772 * code path, and only one CPU can own the clean list. 1773 * Thus, it would only be possible for this to fail if 1774 * this code were racing with dtrace_dynvar_clean(). 1775 * (That is, if dtrace_dynvar_clean() updated the clean 1776 * list, and we ended up racing to update the free 1777 * list.) This race is prevented by the dtrace_sync() 1778 * in dtrace_dynvar_clean() -- which flushes the 1779 * owners of the clean lists out before resetting 1780 * the clean lists. 1781 */ 1782 rval = dtrace_casptr(&dcpu->dtdsc_free, NULL, clean); 1783 ASSERT(rval == NULL); 1784 goto retry; 1785 } 1786 1787 dvar = free; 1788 new_free = dvar->dtdv_next; 1789 } while (dtrace_casptr(&dcpu->dtdsc_free, free, new_free) != free); 1790 1791 /* 1792 * We have now allocated a new chunk. We copy the tuple keys into the 1793 * tuple array and copy any referenced key data into the data space 1794 * following the tuple array. As we do this, we relocate dttk_value 1795 * in the final tuple to point to the key data address in the chunk. 1796 */ 1797 kdata = (uintptr_t)&dvar->dtdv_tuple.dtt_key[nkeys]; 1798 dvar->dtdv_data = (void *)(kdata + ksize); 1799 dvar->dtdv_tuple.dtt_nkeys = nkeys; 1800 1801 for (i = 0; i < nkeys; i++) { 1802 dtrace_key_t *dkey = &dvar->dtdv_tuple.dtt_key[i]; 1803 size_t kesize = key[i].dttk_size; 1804 1805 if (kesize != 0) { 1806 dtrace_bcopy( 1807 (const void *)(uintptr_t)key[i].dttk_value, 1808 (void *)kdata, kesize); 1809 dkey->dttk_value = kdata; 1810 kdata += P2ROUNDUP(kesize, sizeof (uint64_t)); 1811 } else { 1812 dkey->dttk_value = key[i].dttk_value; 1813 } 1814 1815 dkey->dttk_size = kesize; 1816 } 1817 1818 ASSERT(dvar->dtdv_hashval == DTRACE_DYNHASH_FREE); 1819 dvar->dtdv_hashval = hashval; 1820 dvar->dtdv_next = start; 1821 1822 if (dtrace_casptr(&hash[bucket].dtdh_chain, start, dvar) == start) 1823 return (dvar); 1824 1825 /* 1826 * The cas has failed. Either another CPU is adding an element to 1827 * this hash chain, or another CPU is deleting an element from this 1828 * hash chain. The simplest way to deal with both of these cases 1829 * (though not necessarily the most efficient) is to free our 1830 * allocated block and tail-call ourselves. Note that the free is 1831 * to the dirty list and _not_ to the free list. This is to prevent 1832 * races with allocators, above. 1833 */ 1834 dvar->dtdv_hashval = DTRACE_DYNHASH_FREE; 1835 1836 dtrace_membar_producer(); 1837 1838 do { 1839 free = dcpu->dtdsc_dirty; 1840 dvar->dtdv_next = free; 1841 } while (dtrace_casptr(&dcpu->dtdsc_dirty, free, dvar) != free); 1842 1843 return (dtrace_dynvar(dstate, nkeys, key, dsize, op, mstate, vstate)); 1844} 1845 1846/*ARGSUSED*/ 1847static void 1848dtrace_aggregate_min(uint64_t *oval, uint64_t nval, uint64_t arg) 1849{ 1850 if ((int64_t)nval < (int64_t)*oval) 1851 *oval = nval; 1852} 1853 1854/*ARGSUSED*/ 1855static void 1856dtrace_aggregate_max(uint64_t *oval, uint64_t nval, uint64_t arg) 1857{ 1858 if ((int64_t)nval > (int64_t)*oval) 1859 *oval = nval; 1860} 1861 1862static void 1863dtrace_aggregate_quantize(uint64_t *quanta, uint64_t nval, uint64_t incr) 1864{ 1865 int i, zero = DTRACE_QUANTIZE_ZEROBUCKET; 1866 int64_t val = (int64_t)nval; 1867 1868 if (val < 0) { 1869 for (i = 0; i < zero; i++) { 1870 if (val <= DTRACE_QUANTIZE_BUCKETVAL(i)) { 1871 quanta[i] += incr; 1872 return; 1873 } 1874 } 1875 } else { 1876 for (i = zero + 1; i < DTRACE_QUANTIZE_NBUCKETS; i++) { 1877 if (val < DTRACE_QUANTIZE_BUCKETVAL(i)) { 1878 quanta[i - 1] += incr; 1879 return; 1880 } 1881 } 1882 1883 quanta[DTRACE_QUANTIZE_NBUCKETS - 1] += incr; 1884 return; 1885 } 1886 1887 ASSERT(0); 1888} 1889 1890static void 1891dtrace_aggregate_lquantize(uint64_t *lquanta, uint64_t nval, uint64_t incr) 1892{ 1893 uint64_t arg = *lquanta++; 1894 int32_t base = DTRACE_LQUANTIZE_BASE(arg); 1895 uint16_t step = DTRACE_LQUANTIZE_STEP(arg); 1896 uint16_t levels = DTRACE_LQUANTIZE_LEVELS(arg); 1897 int32_t val = (int32_t)nval, level; 1898 1899 ASSERT(step != 0); 1900 ASSERT(levels != 0); 1901 1902 if (val < base) { 1903 /* 1904 * This is an underflow. 1905 */ 1906 lquanta[0] += incr; 1907 return; 1908 } 1909 1910 level = (val - base) / step; 1911 1912 if (level < levels) { 1913 lquanta[level + 1] += incr; 1914 return; 1915 } 1916 1917 /* 1918 * This is an overflow. 1919 */ 1920 lquanta[levels + 1] += incr; 1921} 1922 1923static int 1924dtrace_aggregate_llquantize_bucket(uint16_t factor, uint16_t low, 1925 uint16_t high, uint16_t nsteps, int64_t value) 1926{ 1927 int64_t this = 1, last, next; 1928 int base = 1, order; 1929 1930 ASSERT(factor <= nsteps); 1931 ASSERT(nsteps % factor == 0); 1932 1933 for (order = 0; order < low; order++) 1934 this *= factor; 1935 1936 /* 1937 * If our value is less than our factor taken to the power of the 1938 * low order of magnitude, it goes into the zeroth bucket. 1939 */ 1940 if (value < (last = this)) 1941 return (0); 1942 1943 for (this *= factor; order <= high; order++) { 1944 int nbuckets = this > nsteps ? nsteps : this; 1945 1946 if ((next = this * factor) < this) { 1947 /* 1948 * We should not generally get log/linear quantizations 1949 * with a high magnitude that allows 64-bits to 1950 * overflow, but we nonetheless protect against this 1951 * by explicitly checking for overflow, and clamping 1952 * our value accordingly. 1953 */ 1954 value = this - 1; 1955 } 1956 1957 if (value < this) { 1958 /* 1959 * If our value lies within this order of magnitude, 1960 * determine its position by taking the offset within 1961 * the order of magnitude, dividing by the bucket 1962 * width, and adding to our (accumulated) base. 1963 */ 1964 return (base + (value - last) / (this / nbuckets)); 1965 } 1966 1967 base += nbuckets - (nbuckets / factor); 1968 last = this; 1969 this = next; 1970 } 1971 1972 /* 1973 * Our value is greater than or equal to our factor taken to the 1974 * power of one plus the high magnitude -- return the top bucket. 1975 */ 1976 return (base); 1977} 1978 1979static void 1980dtrace_aggregate_llquantize(uint64_t *llquanta, uint64_t nval, uint64_t incr) 1981{ 1982 uint64_t arg = *llquanta++; 1983 uint16_t factor = DTRACE_LLQUANTIZE_FACTOR(arg); 1984 uint16_t low = DTRACE_LLQUANTIZE_LOW(arg); 1985 uint16_t high = DTRACE_LLQUANTIZE_HIGH(arg); 1986 uint16_t nsteps = DTRACE_LLQUANTIZE_NSTEP(arg); 1987 1988 llquanta[dtrace_aggregate_llquantize_bucket(factor, 1989 low, high, nsteps, nval)] += incr; 1990} 1991 1992/*ARGSUSED*/ 1993static void 1994dtrace_aggregate_avg(uint64_t *data, uint64_t nval, uint64_t arg) 1995{ 1996 data[0]++; 1997 data[1] += nval; 1998} 1999 2000/*ARGSUSED*/ 2001static void 2002dtrace_aggregate_stddev(uint64_t *data, uint64_t nval, uint64_t arg) 2003{ 2004 int64_t snval = (int64_t)nval; 2005 uint64_t tmp[2]; 2006 2007 data[0]++; 2008 data[1] += nval; 2009 2010 /* 2011 * What we want to say here is: 2012 * 2013 * data[2] += nval * nval; 2014 * 2015 * But given that nval is 64-bit, we could easily overflow, so 2016 * we do this as 128-bit arithmetic. 2017 */ 2018 if (snval < 0) 2019 snval = -snval; 2020 2021 dtrace_multiply_128((uint64_t)snval, (uint64_t)snval, tmp); 2022 dtrace_add_128(data + 2, tmp, data + 2); 2023} 2024 2025/*ARGSUSED*/ 2026static void 2027dtrace_aggregate_count(uint64_t *oval, uint64_t nval, uint64_t arg) 2028{ 2029 *oval = *oval + 1; 2030} 2031 2032/*ARGSUSED*/ 2033static void 2034dtrace_aggregate_sum(uint64_t *oval, uint64_t nval, uint64_t arg) 2035{ 2036 *oval += nval; 2037} 2038 2039/* 2040 * Aggregate given the tuple in the principal data buffer, and the aggregating 2041 * action denoted by the specified dtrace_aggregation_t. The aggregation 2042 * buffer is specified as the buf parameter. This routine does not return 2043 * failure; if there is no space in the aggregation buffer, the data will be 2044 * dropped, and a corresponding counter incremented. 2045 */ 2046static void 2047dtrace_aggregate(dtrace_aggregation_t *agg, dtrace_buffer_t *dbuf, 2048 intptr_t offset, dtrace_buffer_t *buf, uint64_t expr, uint64_t arg) 2049{ 2050 dtrace_recdesc_t *rec = &agg->dtag_action.dta_rec; 2051 uint32_t i, ndx, size, fsize; 2052 uint32_t align = sizeof (uint64_t) - 1; 2053 dtrace_aggbuffer_t *agb; 2054 dtrace_aggkey_t *key; 2055 uint32_t hashval = 0, limit, isstr; 2056 caddr_t tomax, data, kdata; 2057 dtrace_actkind_t action; 2058 dtrace_action_t *act; 2059 uintptr_t offs; 2060 2061 if (buf == NULL) 2062 return; 2063 2064 if (!agg->dtag_hasarg) { 2065 /* 2066 * Currently, only quantize() and lquantize() take additional 2067 * arguments, and they have the same semantics: an increment 2068 * value that defaults to 1 when not present. If additional 2069 * aggregating actions take arguments, the setting of the 2070 * default argument value will presumably have to become more 2071 * sophisticated... 2072 */ 2073 arg = 1; 2074 } 2075 2076 action = agg->dtag_action.dta_kind - DTRACEACT_AGGREGATION; 2077 size = rec->dtrd_offset - agg->dtag_base; 2078 fsize = size + rec->dtrd_size; 2079 2080 ASSERT(dbuf->dtb_tomax != NULL); 2081 data = dbuf->dtb_tomax + offset + agg->dtag_base; 2082 2083 if ((tomax = buf->dtb_tomax) == NULL) { 2084 dtrace_buffer_drop(buf); 2085 return; 2086 } 2087 2088 /* 2089 * The metastructure is always at the bottom of the buffer. 2090 */ 2091 agb = (dtrace_aggbuffer_t *)(tomax + buf->dtb_size - 2092 sizeof (dtrace_aggbuffer_t)); 2093 2094 if (buf->dtb_offset == 0) { 2095 /* 2096 * We just kludge up approximately 1/8th of the size to be 2097 * buckets. If this guess ends up being routinely 2098 * off-the-mark, we may need to dynamically readjust this 2099 * based on past performance. 2100 */ 2101 uintptr_t hashsize = (buf->dtb_size >> 3) / sizeof (uintptr_t); 2102 2103 if ((uintptr_t)agb - hashsize * sizeof (dtrace_aggkey_t *) < 2104 (uintptr_t)tomax || hashsize == 0) { 2105 /* 2106 * We've been given a ludicrously small buffer; 2107 * increment our drop count and leave. 2108 */ 2109 dtrace_buffer_drop(buf); 2110 return; 2111 } 2112 2113 /* 2114 * And now, a pathetic attempt to try to get a an odd (or 2115 * perchance, a prime) hash size for better hash distribution. 2116 */ 2117 if (hashsize > (DTRACE_AGGHASHSIZE_SLEW << 3)) 2118 hashsize -= DTRACE_AGGHASHSIZE_SLEW; 2119 2120 agb->dtagb_hashsize = hashsize; 2121 agb->dtagb_hash = (dtrace_aggkey_t **)((uintptr_t)agb - 2122 agb->dtagb_hashsize * sizeof (dtrace_aggkey_t *)); 2123 agb->dtagb_free = (uintptr_t)agb->dtagb_hash; 2124 2125 for (i = 0; i < agb->dtagb_hashsize; i++) 2126 agb->dtagb_hash[i] = NULL; 2127 } 2128 2129 ASSERT(agg->dtag_first != NULL); 2130 ASSERT(agg->dtag_first->dta_intuple); 2131 2132 /* 2133 * Calculate the hash value based on the key. Note that we _don't_ 2134 * include the aggid in the hashing (but we will store it as part of 2135 * the key). The hashing algorithm is Bob Jenkins' "One-at-a-time" 2136 * algorithm: a simple, quick algorithm that has no known funnels, and 2137 * gets good distribution in practice. The efficacy of the hashing 2138 * algorithm (and a comparison with other algorithms) may be found by 2139 * running the ::dtrace_aggstat MDB dcmd. 2140 */ 2141 for (act = agg->dtag_first; act->dta_intuple; act = act->dta_next) { 2142 i = act->dta_rec.dtrd_offset - agg->dtag_base; 2143 limit = i + act->dta_rec.dtrd_size; 2144 ASSERT(limit <= size); 2145 isstr = DTRACEACT_ISSTRING(act); 2146 2147 for (; i < limit; i++) { 2148 hashval += data[i]; 2149 hashval += (hashval << 10); 2150 hashval ^= (hashval >> 6); 2151 2152 if (isstr && data[i] == '\0') 2153 break; 2154 } 2155 } 2156 2157 hashval += (hashval << 3); 2158 hashval ^= (hashval >> 11); 2159 hashval += (hashval << 15); 2160 2161 /* 2162 * Yes, the divide here is expensive -- but it's generally the least 2163 * of the performance issues given the amount of data that we iterate 2164 * over to compute hash values, compare data, etc. 2165 */ 2166 ndx = hashval % agb->dtagb_hashsize; 2167 2168 for (key = agb->dtagb_hash[ndx]; key != NULL; key = key->dtak_next) { 2169 ASSERT((caddr_t)key >= tomax); 2170 ASSERT((caddr_t)key < tomax + buf->dtb_size); 2171 2172 if (hashval != key->dtak_hashval || key->dtak_size != size) 2173 continue; 2174 2175 kdata = key->dtak_data; 2176 ASSERT(kdata >= tomax && kdata < tomax + buf->dtb_size); 2177 2178 for (act = agg->dtag_first; act->dta_intuple; 2179 act = act->dta_next) { 2180 i = act->dta_rec.dtrd_offset - agg->dtag_base; 2181 limit = i + act->dta_rec.dtrd_size; 2182 ASSERT(limit <= size); 2183 isstr = DTRACEACT_ISSTRING(act); 2184 2185 for (; i < limit; i++) { 2186 if (kdata[i] != data[i]) 2187 goto next; 2188 2189 if (isstr && data[i] == '\0') 2190 break; 2191 } 2192 } 2193 2194 if (action != key->dtak_action) { 2195 /* 2196 * We are aggregating on the same value in the same 2197 * aggregation with two different aggregating actions. 2198 * (This should have been picked up in the compiler, 2199 * so we may be dealing with errant or devious DIF.) 2200 * This is an error condition; we indicate as much, 2201 * and return. 2202 */ 2203 DTRACE_CPUFLAG_SET(CPU_DTRACE_ILLOP); 2204 return; 2205 } 2206 2207 /* 2208 * This is a hit: we need to apply the aggregator to 2209 * the value at this key. 2210 */ 2211 agg->dtag_aggregate((uint64_t *)(kdata + size), expr, arg); 2212 return; 2213next: 2214 continue; 2215 } 2216 2217 /* 2218 * We didn't find it. We need to allocate some zero-filled space, 2219 * link it into the hash table appropriately, and apply the aggregator 2220 * to the (zero-filled) value. 2221 */ 2222 offs = buf->dtb_offset; 2223 while (offs & (align - 1)) 2224 offs += sizeof (uint32_t); 2225 2226 /* 2227 * If we don't have enough room to both allocate a new key _and_ 2228 * its associated data, increment the drop count and return. 2229 */ 2230 if ((uintptr_t)tomax + offs + fsize > 2231 agb->dtagb_free - sizeof (dtrace_aggkey_t)) { 2232 dtrace_buffer_drop(buf); 2233 return; 2234 } 2235 2236 /*CONSTCOND*/ 2237 ASSERT(!(sizeof (dtrace_aggkey_t) & (sizeof (uintptr_t) - 1))); 2238 key = (dtrace_aggkey_t *)(agb->dtagb_free - sizeof (dtrace_aggkey_t)); 2239 agb->dtagb_free -= sizeof (dtrace_aggkey_t); 2240 2241 key->dtak_data = kdata = tomax + offs; 2242 buf->dtb_offset = offs + fsize; 2243 2244 /* 2245 * Now copy the data across. 2246 */ 2247 *((dtrace_aggid_t *)kdata) = agg->dtag_id; 2248 2249 for (i = sizeof (dtrace_aggid_t); i < size; i++) 2250 kdata[i] = data[i]; 2251 2252 /* 2253 * Because strings are not zeroed out by default, we need to iterate 2254 * looking for actions that store strings, and we need to explicitly 2255 * pad these strings out with zeroes. 2256 */ 2257 for (act = agg->dtag_first; act->dta_intuple; act = act->dta_next) { 2258 int nul; 2259 2260 if (!DTRACEACT_ISSTRING(act)) 2261 continue; 2262 2263 i = act->dta_rec.dtrd_offset - agg->dtag_base; 2264 limit = i + act->dta_rec.dtrd_size; 2265 ASSERT(limit <= size); 2266 2267 for (nul = 0; i < limit; i++) { 2268 if (nul) { 2269 kdata[i] = '\0'; 2270 continue; 2271 } 2272 2273 if (data[i] != '\0') 2274 continue; 2275 2276 nul = 1; 2277 } 2278 } 2279 2280 for (i = size; i < fsize; i++) 2281 kdata[i] = 0; 2282 2283 key->dtak_hashval = hashval; 2284 key->dtak_size = size; 2285 key->dtak_action = action; 2286 key->dtak_next = agb->dtagb_hash[ndx]; 2287 agb->dtagb_hash[ndx] = key; 2288 2289 /* 2290 * Finally, apply the aggregator. 2291 */ 2292 *((uint64_t *)(key->dtak_data + size)) = agg->dtag_initial; 2293 agg->dtag_aggregate((uint64_t *)(key->dtak_data + size), expr, arg); 2294} 2295 2296/* 2297 * Given consumer state, this routine finds a speculation in the INACTIVE 2298 * state and transitions it into the ACTIVE state. If there is no speculation 2299 * in the INACTIVE state, 0 is returned. In this case, no error counter is 2300 * incremented -- it is up to the caller to take appropriate action. 2301 */ 2302static int 2303dtrace_speculation(dtrace_state_t *state) 2304{ 2305 int i = 0; 2306 dtrace_speculation_state_t current; 2307 uint32_t *stat = &state->dts_speculations_unavail, count; 2308 2309 while (i < state->dts_nspeculations) { 2310 dtrace_speculation_t *spec = &state->dts_speculations[i]; 2311 2312 current = spec->dtsp_state; 2313 2314 if (current != DTRACESPEC_INACTIVE) { 2315 if (current == DTRACESPEC_COMMITTINGMANY || 2316 current == DTRACESPEC_COMMITTING || 2317 current == DTRACESPEC_DISCARDING) 2318 stat = &state->dts_speculations_busy; 2319 i++; 2320 continue; 2321 } 2322 2323 if (dtrace_cas32((uint32_t *)&spec->dtsp_state, 2324 current, DTRACESPEC_ACTIVE) == current) 2325 return (i + 1); 2326 } 2327 2328 /* 2329 * We couldn't find a speculation. If we found as much as a single 2330 * busy speculation buffer, we'll attribute this failure as "busy" 2331 * instead of "unavail". 2332 */ 2333 do { 2334 count = *stat; 2335 } while (dtrace_cas32(stat, count, count + 1) != count); 2336 2337 return (0); 2338} 2339 2340/* 2341 * This routine commits an active speculation. If the specified speculation 2342 * is not in a valid state to perform a commit(), this routine will silently do 2343 * nothing. The state of the specified speculation is transitioned according 2344 * to the state transition diagram outlined in <sys/dtrace_impl.h> 2345 */ 2346static void 2347dtrace_speculation_commit(dtrace_state_t *state, processorid_t cpu, 2348 dtrace_specid_t which) 2349{ 2350 dtrace_speculation_t *spec; 2351 dtrace_buffer_t *src, *dest; 2352 uintptr_t daddr, saddr, dlimit, slimit; 2353 dtrace_speculation_state_t current, new = 0; 2354 intptr_t offs; 2355 uint64_t timestamp; 2356 2357 if (which == 0) 2358 return; 2359 2360 if (which > state->dts_nspeculations) { 2361 cpu_core[cpu].cpuc_dtrace_flags |= CPU_DTRACE_ILLOP; 2362 return; 2363 } 2364 2365 spec = &state->dts_speculations[which - 1]; 2366 src = &spec->dtsp_buffer[cpu]; 2367 dest = &state->dts_buffer[cpu]; 2368 2369 do { 2370 current = spec->dtsp_state; 2371 2372 if (current == DTRACESPEC_COMMITTINGMANY) 2373 break; 2374 2375 switch (current) { 2376 case DTRACESPEC_INACTIVE: 2377 case DTRACESPEC_DISCARDING: 2378 return; 2379 2380 case DTRACESPEC_COMMITTING: 2381 /* 2382 * This is only possible if we are (a) commit()'ing 2383 * without having done a prior speculate() on this CPU 2384 * and (b) racing with another commit() on a different 2385 * CPU. There's nothing to do -- we just assert that 2386 * our offset is 0. 2387 */ 2388 ASSERT(src->dtb_offset == 0); 2389 return; 2390 2391 case DTRACESPEC_ACTIVE: 2392 new = DTRACESPEC_COMMITTING; 2393 break; 2394 2395 case DTRACESPEC_ACTIVEONE: 2396 /* 2397 * This speculation is active on one CPU. If our 2398 * buffer offset is non-zero, we know that the one CPU 2399 * must be us. Otherwise, we are committing on a 2400 * different CPU from the speculate(), and we must 2401 * rely on being asynchronously cleaned. 2402 */ 2403 if (src->dtb_offset != 0) { 2404 new = DTRACESPEC_COMMITTING; 2405 break; 2406 } 2407 /*FALLTHROUGH*/ 2408 2409 case DTRACESPEC_ACTIVEMANY: 2410 new = DTRACESPEC_COMMITTINGMANY; 2411 break; 2412 2413 default: 2414 ASSERT(0); 2415 } 2416 } while (dtrace_cas32((uint32_t *)&spec->dtsp_state, 2417 current, new) != current); 2418 2419 /* 2420 * We have set the state to indicate that we are committing this 2421 * speculation. Now reserve the necessary space in the destination 2422 * buffer. 2423 */ 2424 if ((offs = dtrace_buffer_reserve(dest, src->dtb_offset, 2425 sizeof (uint64_t), state, NULL)) < 0) { 2426 dtrace_buffer_drop(dest); 2427 goto out; 2428 } 2429 2430 /* 2431 * We have sufficient space to copy the speculative buffer into the 2432 * primary buffer. First, modify the speculative buffer, filling 2433 * in the timestamp of all entries with the current time. The data 2434 * must have the commit() time rather than the time it was traced, 2435 * so that all entries in the primary buffer are in timestamp order. 2436 */ 2437 timestamp = dtrace_gethrtime(); 2438 saddr = (uintptr_t)src->dtb_tomax; 2439 slimit = saddr + src->dtb_offset; 2440 while (saddr < slimit) { 2441 size_t size; 2442 dtrace_rechdr_t *dtrh = (dtrace_rechdr_t *)saddr; 2443 2444 if (dtrh->dtrh_epid == DTRACE_EPIDNONE) { 2445 saddr += sizeof (dtrace_epid_t); 2446 continue; 2447 } 2448 ASSERT3U(dtrh->dtrh_epid, <=, state->dts_necbs); 2449 size = state->dts_ecbs[dtrh->dtrh_epid - 1]->dte_size; 2450 2451 ASSERT3U(saddr + size, <=, slimit); 2452 ASSERT3U(size, >=, sizeof (dtrace_rechdr_t)); 2453 ASSERT3U(DTRACE_RECORD_LOAD_TIMESTAMP(dtrh), ==, UINT64_MAX); 2454 2455 DTRACE_RECORD_STORE_TIMESTAMP(dtrh, timestamp); 2456 2457 saddr += size; 2458 } 2459 2460 /* 2461 * Copy the buffer across. (Note that this is a 2462 * highly subobtimal bcopy(); in the unlikely event that this becomes 2463 * a serious performance issue, a high-performance DTrace-specific 2464 * bcopy() should obviously be invented.) 2465 */ 2466 daddr = (uintptr_t)dest->dtb_tomax + offs; 2467 dlimit = daddr + src->dtb_offset; 2468 saddr = (uintptr_t)src->dtb_tomax; 2469 2470 /* 2471 * First, the aligned portion. 2472 */ 2473 while (dlimit - daddr >= sizeof (uint64_t)) { 2474 *((uint64_t *)daddr) = *((uint64_t *)saddr); 2475 2476 daddr += sizeof (uint64_t); 2477 saddr += sizeof (uint64_t); 2478 } 2479 2480 /* 2481 * Now any left-over bit... 2482 */ 2483 while (dlimit - daddr) 2484 *((uint8_t *)daddr++) = *((uint8_t *)saddr++); 2485 2486 /* 2487 * Finally, commit the reserved space in the destination buffer. 2488 */ 2489 dest->dtb_offset = offs + src->dtb_offset; 2490 2491out: 2492 /* 2493 * If we're lucky enough to be the only active CPU on this speculation 2494 * buffer, we can just set the state back to DTRACESPEC_INACTIVE. 2495 */ 2496 if (current == DTRACESPEC_ACTIVE || 2497 (current == DTRACESPEC_ACTIVEONE && new == DTRACESPEC_COMMITTING)) { 2498 uint32_t rval = dtrace_cas32((uint32_t *)&spec->dtsp_state, 2499 DTRACESPEC_COMMITTING, DTRACESPEC_INACTIVE); 2500 2501 ASSERT(rval == DTRACESPEC_COMMITTING); 2502 } 2503 2504 src->dtb_offset = 0; 2505 src->dtb_xamot_drops += src->dtb_drops; 2506 src->dtb_drops = 0; 2507} 2508 2509/* 2510 * This routine discards an active speculation. If the specified speculation 2511 * is not in a valid state to perform a discard(), this routine will silently 2512 * do nothing. The state of the specified speculation is transitioned 2513 * according to the state transition diagram outlined in <sys/dtrace_impl.h> 2514 */ 2515static void 2516dtrace_speculation_discard(dtrace_state_t *state, processorid_t cpu, 2517 dtrace_specid_t which) 2518{ 2519 dtrace_speculation_t *spec; 2520 dtrace_speculation_state_t current, new = 0; 2521 dtrace_buffer_t *buf; 2522 2523 if (which == 0) 2524 return; 2525 2526 if (which > state->dts_nspeculations) { 2527 cpu_core[cpu].cpuc_dtrace_flags |= CPU_DTRACE_ILLOP; 2528 return; 2529 } 2530 2531 spec = &state->dts_speculations[which - 1]; 2532 buf = &spec->dtsp_buffer[cpu]; 2533 2534 do { 2535 current = spec->dtsp_state; 2536 2537 switch (current) { 2538 case DTRACESPEC_INACTIVE: 2539 case DTRACESPEC_COMMITTINGMANY: 2540 case DTRACESPEC_COMMITTING: 2541 case DTRACESPEC_DISCARDING: 2542 return; 2543 2544 case DTRACESPEC_ACTIVE: 2545 case DTRACESPEC_ACTIVEMANY: 2546 new = DTRACESPEC_DISCARDING; 2547 break; 2548 2549 case DTRACESPEC_ACTIVEONE: 2550 if (buf->dtb_offset != 0) { 2551 new = DTRACESPEC_INACTIVE; 2552 } else { 2553 new = DTRACESPEC_DISCARDING; 2554 } 2555 break; 2556 2557 default: 2558 ASSERT(0); 2559 } 2560 } while (dtrace_cas32((uint32_t *)&spec->dtsp_state, 2561 current, new) != current); 2562 2563 buf->dtb_offset = 0; 2564 buf->dtb_drops = 0; 2565} 2566 2567/* 2568 * Note: not called from probe context. This function is called 2569 * asynchronously from cross call context to clean any speculations that are 2570 * in the COMMITTINGMANY or DISCARDING states. These speculations may not be 2571 * transitioned back to the INACTIVE state until all CPUs have cleaned the 2572 * speculation. 2573 */ 2574static void 2575dtrace_speculation_clean_here(dtrace_state_t *state) 2576{ 2577 dtrace_icookie_t cookie; 2578 processorid_t cpu = curcpu; 2579 dtrace_buffer_t *dest = &state->dts_buffer[cpu]; 2580 dtrace_specid_t i; 2581 2582 cookie = dtrace_interrupt_disable(); 2583 2584 if (dest->dtb_tomax == NULL) { 2585 dtrace_interrupt_enable(cookie); 2586 return; 2587 } 2588 2589 for (i = 0; i < state->dts_nspeculations; i++) { 2590 dtrace_speculation_t *spec = &state->dts_speculations[i]; 2591 dtrace_buffer_t *src = &spec->dtsp_buffer[cpu]; 2592 2593 if (src->dtb_tomax == NULL) 2594 continue; 2595 2596 if (spec->dtsp_state == DTRACESPEC_DISCARDING) { 2597 src->dtb_offset = 0; 2598 continue; 2599 } 2600 2601 if (spec->dtsp_state != DTRACESPEC_COMMITTINGMANY) 2602 continue; 2603 2604 if (src->dtb_offset == 0) 2605 continue; 2606 2607 dtrace_speculation_commit(state, cpu, i + 1); 2608 } 2609 2610 dtrace_interrupt_enable(cookie); 2611} 2612 2613/* 2614 * Note: not called from probe context. This function is called 2615 * asynchronously (and at a regular interval) to clean any speculations that 2616 * are in the COMMITTINGMANY or DISCARDING states. If it discovers that there 2617 * is work to be done, it cross calls all CPUs to perform that work; 2618 * COMMITMANY and DISCARDING speculations may not be transitioned back to the 2619 * INACTIVE state until they have been cleaned by all CPUs. 2620 */ 2621static void 2622dtrace_speculation_clean(dtrace_state_t *state) 2623{ 2624 int work = 0, rv; 2625 dtrace_specid_t i; 2626 2627 for (i = 0; i < state->dts_nspeculations; i++) { 2628 dtrace_speculation_t *spec = &state->dts_speculations[i]; 2629 2630 ASSERT(!spec->dtsp_cleaning); 2631 2632 if (spec->dtsp_state != DTRACESPEC_DISCARDING && 2633 spec->dtsp_state != DTRACESPEC_COMMITTINGMANY) 2634 continue; 2635 2636 work++; 2637 spec->dtsp_cleaning = 1; 2638 } 2639 2640 if (!work) 2641 return; 2642 2643 dtrace_xcall(DTRACE_CPUALL, 2644 (dtrace_xcall_t)dtrace_speculation_clean_here, state); 2645 2646 /* 2647 * We now know that all CPUs have committed or discarded their 2648 * speculation buffers, as appropriate. We can now set the state 2649 * to inactive. 2650 */ 2651 for (i = 0; i < state->dts_nspeculations; i++) { 2652 dtrace_speculation_t *spec = &state->dts_speculations[i]; 2653 dtrace_speculation_state_t current, new; 2654 2655 if (!spec->dtsp_cleaning) 2656 continue; 2657 2658 current = spec->dtsp_state; 2659 ASSERT(current == DTRACESPEC_DISCARDING || 2660 current == DTRACESPEC_COMMITTINGMANY); 2661 2662 new = DTRACESPEC_INACTIVE; 2663 2664 rv = dtrace_cas32((uint32_t *)&spec->dtsp_state, current, new); 2665 ASSERT(rv == current); 2666 spec->dtsp_cleaning = 0; 2667 } 2668} 2669 2670/* 2671 * Called as part of a speculate() to get the speculative buffer associated 2672 * with a given speculation. Returns NULL if the specified speculation is not 2673 * in an ACTIVE state. If the speculation is in the ACTIVEONE state -- and 2674 * the active CPU is not the specified CPU -- the speculation will be 2675 * atomically transitioned into the ACTIVEMANY state. 2676 */ 2677static dtrace_buffer_t * 2678dtrace_speculation_buffer(dtrace_state_t *state, processorid_t cpuid, 2679 dtrace_specid_t which) 2680{ 2681 dtrace_speculation_t *spec; 2682 dtrace_speculation_state_t current, new = 0; 2683 dtrace_buffer_t *buf; 2684 2685 if (which == 0) 2686 return (NULL); 2687 2688 if (which > state->dts_nspeculations) { 2689 cpu_core[cpuid].cpuc_dtrace_flags |= CPU_DTRACE_ILLOP; 2690 return (NULL); 2691 } 2692 2693 spec = &state->dts_speculations[which - 1]; 2694 buf = &spec->dtsp_buffer[cpuid]; 2695 2696 do { 2697 current = spec->dtsp_state; 2698 2699 switch (current) { 2700 case DTRACESPEC_INACTIVE: 2701 case DTRACESPEC_COMMITTINGMANY: 2702 case DTRACESPEC_DISCARDING: 2703 return (NULL); 2704 2705 case DTRACESPEC_COMMITTING: 2706 ASSERT(buf->dtb_offset == 0); 2707 return (NULL); 2708 2709 case DTRACESPEC_ACTIVEONE: 2710 /* 2711 * This speculation is currently active on one CPU. 2712 * Check the offset in the buffer; if it's non-zero, 2713 * that CPU must be us (and we leave the state alone). 2714 * If it's zero, assume that we're starting on a new 2715 * CPU -- and change the state to indicate that the 2716 * speculation is active on more than one CPU. 2717 */ 2718 if (buf->dtb_offset != 0) 2719 return (buf); 2720 2721 new = DTRACESPEC_ACTIVEMANY; 2722 break; 2723 2724 case DTRACESPEC_ACTIVEMANY: 2725 return (buf); 2726 2727 case DTRACESPEC_ACTIVE: 2728 new = DTRACESPEC_ACTIVEONE; 2729 break; 2730 2731 default: 2732 ASSERT(0); 2733 } 2734 } while (dtrace_cas32((uint32_t *)&spec->dtsp_state, 2735 current, new) != current); 2736 2737 ASSERT(new == DTRACESPEC_ACTIVEONE || new == DTRACESPEC_ACTIVEMANY); 2738 return (buf); 2739} 2740 2741/* 2742 * Return a string. In the event that the user lacks the privilege to access 2743 * arbitrary kernel memory, we copy the string out to scratch memory so that we 2744 * don't fail access checking. 2745 * 2746 * dtrace_dif_variable() uses this routine as a helper for various 2747 * builtin values such as 'execname' and 'probefunc.' 2748 */ 2749uintptr_t 2750dtrace_dif_varstr(uintptr_t addr, dtrace_state_t *state, 2751 dtrace_mstate_t *mstate) 2752{ 2753 uint64_t size = state->dts_options[DTRACEOPT_STRSIZE]; 2754 uintptr_t ret; 2755 size_t strsz; 2756 2757 /* 2758 * The easy case: this probe is allowed to read all of memory, so 2759 * we can just return this as a vanilla pointer. 2760 */ 2761 if ((mstate->dtms_access & DTRACE_ACCESS_KERNEL) != 0) 2762 return (addr); 2763 2764 /* 2765 * This is the tougher case: we copy the string in question from 2766 * kernel memory into scratch memory and return it that way: this 2767 * ensures that we won't trip up when access checking tests the 2768 * BYREF return value. 2769 */ 2770 strsz = dtrace_strlen((char *)addr, size) + 1; 2771 2772 if (mstate->dtms_scratch_ptr + strsz > 2773 mstate->dtms_scratch_base + mstate->dtms_scratch_size) { 2774 DTRACE_CPUFLAG_SET(CPU_DTRACE_NOSCRATCH); 2775 return (0); 2776 } 2777 2778 dtrace_strcpy((const void *)addr, (void *)mstate->dtms_scratch_ptr, 2779 strsz); 2780 ret = mstate->dtms_scratch_ptr; 2781 mstate->dtms_scratch_ptr += strsz; 2782 return (ret); 2783} 2784 2785/* 2786 * Return a string from a memoy address which is known to have one or 2787 * more concatenated, individually zero terminated, sub-strings. 2788 * In the event that the user lacks the privilege to access 2789 * arbitrary kernel memory, we copy the string out to scratch memory so that we 2790 * don't fail access checking. 2791 * 2792 * dtrace_dif_variable() uses this routine as a helper for various 2793 * builtin values such as 'execargs'. 2794 */ 2795static uintptr_t 2796dtrace_dif_varstrz(uintptr_t addr, size_t strsz, dtrace_state_t *state, 2797 dtrace_mstate_t *mstate) 2798{ 2799 char *p; 2800 size_t i; 2801 uintptr_t ret; 2802 2803 if (mstate->dtms_scratch_ptr + strsz > 2804 mstate->dtms_scratch_base + mstate->dtms_scratch_size) { 2805 DTRACE_CPUFLAG_SET(CPU_DTRACE_NOSCRATCH); 2806 return (0); 2807 } 2808 2809 dtrace_bcopy((const void *)addr, (void *)mstate->dtms_scratch_ptr, 2810 strsz); 2811 2812 /* Replace sub-string termination characters with a space. */ 2813 for (p = (char *) mstate->dtms_scratch_ptr, i = 0; i < strsz - 1; 2814 p++, i++) 2815 if (*p == '\0') 2816 *p = ' '; 2817 2818 ret = mstate->dtms_scratch_ptr; 2819 mstate->dtms_scratch_ptr += strsz; 2820 return (ret); 2821} 2822 2823/* 2824 * This function implements the DIF emulator's variable lookups. The emulator 2825 * passes a reserved variable identifier and optional built-in array index. 2826 */ 2827static uint64_t 2828dtrace_dif_variable(dtrace_mstate_t *mstate, dtrace_state_t *state, uint64_t v, 2829 uint64_t ndx) 2830{ 2831 /* 2832 * If we're accessing one of the uncached arguments, we'll turn this 2833 * into a reference in the args array. 2834 */ 2835 if (v >= DIF_VAR_ARG0 && v <= DIF_VAR_ARG9) { 2836 ndx = v - DIF_VAR_ARG0; 2837 v = DIF_VAR_ARGS; 2838 } 2839 2840 switch (v) { 2841 case DIF_VAR_ARGS: 2842 ASSERT(mstate->dtms_present & DTRACE_MSTATE_ARGS); 2843 if (ndx >= sizeof (mstate->dtms_arg) / 2844 sizeof (mstate->dtms_arg[0])) { 2845 int aframes = mstate->dtms_probe->dtpr_aframes + 2; 2846 dtrace_provider_t *pv; 2847 uint64_t val; 2848 2849 pv = mstate->dtms_probe->dtpr_provider; 2850 if (pv->dtpv_pops.dtps_getargval != NULL) 2851 val = pv->dtpv_pops.dtps_getargval(pv->dtpv_arg, 2852 mstate->dtms_probe->dtpr_id, 2853 mstate->dtms_probe->dtpr_arg, ndx, aframes); 2854 else 2855 val = dtrace_getarg(ndx, aframes); 2856 2857 /* 2858 * This is regrettably required to keep the compiler 2859 * from tail-optimizing the call to dtrace_getarg(). 2860 * The condition always evaluates to true, but the 2861 * compiler has no way of figuring that out a priori. 2862 * (None of this would be necessary if the compiler 2863 * could be relied upon to _always_ tail-optimize 2864 * the call to dtrace_getarg() -- but it can't.) 2865 */ 2866 if (mstate->dtms_probe != NULL) 2867 return (val); 2868 2869 ASSERT(0); 2870 } 2871 2872 return (mstate->dtms_arg[ndx]); 2873 2874#if defined(sun) 2875 case DIF_VAR_UREGS: { 2876 klwp_t *lwp; 2877 2878 if (!dtrace_priv_proc(state)) 2879 return (0); 2880 2881 if ((lwp = curthread->t_lwp) == NULL) { 2882 DTRACE_CPUFLAG_SET(CPU_DTRACE_BADADDR); 2883 cpu_core[curcpu].cpuc_dtrace_illval = NULL; 2884 return (0); 2885 } 2886 2887 return (dtrace_getreg(lwp->lwp_regs, ndx)); 2888 return (0); 2889 } 2890#else 2891 case DIF_VAR_UREGS: { 2892 struct trapframe *tframe; 2893 2894 if (!dtrace_priv_proc(state)) 2895 return (0); 2896 2897 if ((tframe = curthread->td_frame) == NULL) { 2898 DTRACE_CPUFLAG_SET(CPU_DTRACE_BADADDR); 2899 cpu_core[curcpu].cpuc_dtrace_illval = 0; 2900 return (0); 2901 } 2902 2903 return (dtrace_getreg(tframe, ndx)); 2904 } 2905#endif 2906 2907 case DIF_VAR_CURTHREAD: 2908 if (!dtrace_priv_kernel(state)) 2909 return (0); 2910 return ((uint64_t)(uintptr_t)curthread); 2911 2912 case DIF_VAR_TIMESTAMP: 2913 if (!(mstate->dtms_present & DTRACE_MSTATE_TIMESTAMP)) { 2914 mstate->dtms_timestamp = dtrace_gethrtime(); 2915 mstate->dtms_present |= DTRACE_MSTATE_TIMESTAMP; 2916 } 2917 return (mstate->dtms_timestamp); 2918 2919 case DIF_VAR_VTIMESTAMP: 2920 ASSERT(dtrace_vtime_references != 0); 2921 return (curthread->t_dtrace_vtime); 2922 2923 case DIF_VAR_WALLTIMESTAMP: 2924 if (!(mstate->dtms_present & DTRACE_MSTATE_WALLTIMESTAMP)) { 2925 mstate->dtms_walltimestamp = dtrace_gethrestime(); 2926 mstate->dtms_present |= DTRACE_MSTATE_WALLTIMESTAMP; 2927 } 2928 return (mstate->dtms_walltimestamp); 2929 2930#if defined(sun) 2931 case DIF_VAR_IPL: 2932 if (!dtrace_priv_kernel(state)) 2933 return (0); 2934 if (!(mstate->dtms_present & DTRACE_MSTATE_IPL)) { 2935 mstate->dtms_ipl = dtrace_getipl(); 2936 mstate->dtms_present |= DTRACE_MSTATE_IPL; 2937 } 2938 return (mstate->dtms_ipl); 2939#endif 2940 2941 case DIF_VAR_EPID: 2942 ASSERT(mstate->dtms_present & DTRACE_MSTATE_EPID); 2943 return (mstate->dtms_epid); 2944 2945 case DIF_VAR_ID: 2946 ASSERT(mstate->dtms_present & DTRACE_MSTATE_PROBE); 2947 return (mstate->dtms_probe->dtpr_id); 2948 2949 case DIF_VAR_STACKDEPTH: 2950 if (!dtrace_priv_kernel(state)) 2951 return (0); 2952 if (!(mstate->dtms_present & DTRACE_MSTATE_STACKDEPTH)) { 2953 int aframes = mstate->dtms_probe->dtpr_aframes + 2; 2954 2955 mstate->dtms_stackdepth = dtrace_getstackdepth(aframes); 2956 mstate->dtms_present |= DTRACE_MSTATE_STACKDEPTH; 2957 } 2958 return (mstate->dtms_stackdepth); 2959 2960 case DIF_VAR_USTACKDEPTH: 2961 if (!dtrace_priv_proc(state)) 2962 return (0); 2963 if (!(mstate->dtms_present & DTRACE_MSTATE_USTACKDEPTH)) { 2964 /* 2965 * See comment in DIF_VAR_PID. 2966 */ 2967 if (DTRACE_ANCHORED(mstate->dtms_probe) && 2968 CPU_ON_INTR(CPU)) { 2969 mstate->dtms_ustackdepth = 0; 2970 } else { 2971 DTRACE_CPUFLAG_SET(CPU_DTRACE_NOFAULT); 2972 mstate->dtms_ustackdepth = 2973 dtrace_getustackdepth(); 2974 DTRACE_CPUFLAG_CLEAR(CPU_DTRACE_NOFAULT); 2975 } 2976 mstate->dtms_present |= DTRACE_MSTATE_USTACKDEPTH; 2977 } 2978 return (mstate->dtms_ustackdepth); 2979 2980 case DIF_VAR_CALLER: 2981 if (!dtrace_priv_kernel(state)) 2982 return (0); 2983 if (!(mstate->dtms_present & DTRACE_MSTATE_CALLER)) { 2984 int aframes = mstate->dtms_probe->dtpr_aframes + 2; 2985 2986 if (!DTRACE_ANCHORED(mstate->dtms_probe)) { 2987 /* 2988 * If this is an unanchored probe, we are 2989 * required to go through the slow path: 2990 * dtrace_caller() only guarantees correct 2991 * results for anchored probes. 2992 */ 2993 pc_t caller[2] = {0, 0}; 2994 2995 dtrace_getpcstack(caller, 2, aframes, 2996 (uint32_t *)(uintptr_t)mstate->dtms_arg[0]); 2997 mstate->dtms_caller = caller[1]; 2998 } else if ((mstate->dtms_caller = 2999 dtrace_caller(aframes)) == -1) { 3000 /* 3001 * We have failed to do this the quick way; 3002 * we must resort to the slower approach of 3003 * calling dtrace_getpcstack(). 3004 */ 3005 pc_t caller = 0; 3006 3007 dtrace_getpcstack(&caller, 1, aframes, NULL); 3008 mstate->dtms_caller = caller; 3009 } 3010 3011 mstate->dtms_present |= DTRACE_MSTATE_CALLER; 3012 } 3013 return (mstate->dtms_caller); 3014 3015 case DIF_VAR_UCALLER: 3016 if (!dtrace_priv_proc(state)) 3017 return (0); 3018 3019 if (!(mstate->dtms_present & DTRACE_MSTATE_UCALLER)) { 3020 uint64_t ustack[3]; 3021 3022 /* 3023 * dtrace_getupcstack() fills in the first uint64_t 3024 * with the current PID. The second uint64_t will 3025 * be the program counter at user-level. The third 3026 * uint64_t will contain the caller, which is what 3027 * we're after. 3028 */ 3029 ustack[2] = 0; 3030 DTRACE_CPUFLAG_SET(CPU_DTRACE_NOFAULT); 3031 dtrace_getupcstack(ustack, 3); 3032 DTRACE_CPUFLAG_CLEAR(CPU_DTRACE_NOFAULT); 3033 mstate->dtms_ucaller = ustack[2]; 3034 mstate->dtms_present |= DTRACE_MSTATE_UCALLER; 3035 } 3036 3037 return (mstate->dtms_ucaller); 3038 3039 case DIF_VAR_PROBEPROV: 3040 ASSERT(mstate->dtms_present & DTRACE_MSTATE_PROBE); 3041 return (dtrace_dif_varstr( 3042 (uintptr_t)mstate->dtms_probe->dtpr_provider->dtpv_name, 3043 state, mstate)); 3044 3045 case DIF_VAR_PROBEMOD: 3046 ASSERT(mstate->dtms_present & DTRACE_MSTATE_PROBE); 3047 return (dtrace_dif_varstr( 3048 (uintptr_t)mstate->dtms_probe->dtpr_mod, 3049 state, mstate)); 3050 3051 case DIF_VAR_PROBEFUNC: 3052 ASSERT(mstate->dtms_present & DTRACE_MSTATE_PROBE); 3053 return (dtrace_dif_varstr( 3054 (uintptr_t)mstate->dtms_probe->dtpr_func, 3055 state, mstate)); 3056 3057 case DIF_VAR_PROBENAME: 3058 ASSERT(mstate->dtms_present & DTRACE_MSTATE_PROBE); 3059 return (dtrace_dif_varstr( 3060 (uintptr_t)mstate->dtms_probe->dtpr_name, 3061 state, mstate)); 3062 3063 case DIF_VAR_PID: 3064 if (!dtrace_priv_proc(state)) 3065 return (0); 3066 3067#if defined(sun) 3068 /* 3069 * Note that we are assuming that an unanchored probe is 3070 * always due to a high-level interrupt. (And we're assuming 3071 * that there is only a single high level interrupt.) 3072 */ 3073 if (DTRACE_ANCHORED(mstate->dtms_probe) && CPU_ON_INTR(CPU)) 3074 return (pid0.pid_id); 3075 3076 /* 3077 * It is always safe to dereference one's own t_procp pointer: 3078 * it always points to a valid, allocated proc structure. 3079 * Further, it is always safe to dereference the p_pidp member 3080 * of one's own proc structure. (These are truisms becuase 3081 * threads and processes don't clean up their own state -- 3082 * they leave that task to whomever reaps them.) 3083 */ 3084 return ((uint64_t)curthread->t_procp->p_pidp->pid_id); 3085#else 3086 return ((uint64_t)curproc->p_pid); 3087#endif 3088 3089 case DIF_VAR_PPID: 3090 if (!dtrace_priv_proc(state)) 3091 return (0); 3092 3093#if defined(sun) 3094 /* 3095 * See comment in DIF_VAR_PID. 3096 */ 3097 if (DTRACE_ANCHORED(mstate->dtms_probe) && CPU_ON_INTR(CPU)) 3098 return (pid0.pid_id); 3099 3100 /* 3101 * It is always safe to dereference one's own t_procp pointer: 3102 * it always points to a valid, allocated proc structure. 3103 * (This is true because threads don't clean up their own 3104 * state -- they leave that task to whomever reaps them.) 3105 */ 3106 return ((uint64_t)curthread->t_procp->p_ppid); 3107#else 3108 return ((uint64_t)curproc->p_pptr->p_pid); 3109#endif 3110 3111 case DIF_VAR_TID: 3112#if defined(sun) 3113 /* 3114 * See comment in DIF_VAR_PID. 3115 */ 3116 if (DTRACE_ANCHORED(mstate->dtms_probe) && CPU_ON_INTR(CPU)) 3117 return (0); 3118#endif 3119 3120 return ((uint64_t)curthread->t_tid); 3121 3122 case DIF_VAR_EXECARGS: { 3123 struct pargs *p_args = curthread->td_proc->p_args; 3124 3125 if (p_args == NULL) 3126 return(0); 3127 3128 return (dtrace_dif_varstrz( 3129 (uintptr_t) p_args->ar_args, p_args->ar_length, state, mstate)); 3130 } 3131 3132 case DIF_VAR_EXECNAME: 3133#if defined(sun) 3134 if (!dtrace_priv_proc(state)) 3135 return (0); 3136 3137 /* 3138 * See comment in DIF_VAR_PID. 3139 */ 3140 if (DTRACE_ANCHORED(mstate->dtms_probe) && CPU_ON_INTR(CPU)) 3141 return ((uint64_t)(uintptr_t)p0.p_user.u_comm); 3142 3143 /* 3144 * It is always safe to dereference one's own t_procp pointer: 3145 * it always points to a valid, allocated proc structure. 3146 * (This is true because threads don't clean up their own 3147 * state -- they leave that task to whomever reaps them.) 3148 */ 3149 return (dtrace_dif_varstr( 3150 (uintptr_t)curthread->t_procp->p_user.u_comm, 3151 state, mstate)); 3152#else 3153 return (dtrace_dif_varstr( 3154 (uintptr_t) curthread->td_proc->p_comm, state, mstate)); 3155#endif 3156 3157 case DIF_VAR_ZONENAME: 3158#if defined(sun) 3159 if (!dtrace_priv_proc(state)) 3160 return (0); 3161 3162 /* 3163 * See comment in DIF_VAR_PID. 3164 */ 3165 if (DTRACE_ANCHORED(mstate->dtms_probe) && CPU_ON_INTR(CPU)) 3166 return ((uint64_t)(uintptr_t)p0.p_zone->zone_name); 3167 3168 /* 3169 * It is always safe to dereference one's own t_procp pointer: 3170 * it always points to a valid, allocated proc structure. 3171 * (This is true because threads don't clean up their own 3172 * state -- they leave that task to whomever reaps them.) 3173 */ 3174 return (dtrace_dif_varstr( 3175 (uintptr_t)curthread->t_procp->p_zone->zone_name, 3176 state, mstate)); 3177#else 3178 return (0); 3179#endif 3180 3181 case DIF_VAR_UID: 3182 if (!dtrace_priv_proc(state)) 3183 return (0); 3184 3185#if defined(sun) 3186 /* 3187 * See comment in DIF_VAR_PID. 3188 */ 3189 if (DTRACE_ANCHORED(mstate->dtms_probe) && CPU_ON_INTR(CPU)) 3190 return ((uint64_t)p0.p_cred->cr_uid); 3191#endif 3192 3193 /* 3194 * It is always safe to dereference one's own t_procp pointer: 3195 * it always points to a valid, allocated proc structure. 3196 * (This is true because threads don't clean up their own 3197 * state -- they leave that task to whomever reaps them.) 3198 * 3199 * Additionally, it is safe to dereference one's own process 3200 * credential, since this is never NULL after process birth. 3201 */ 3202 return ((uint64_t)curthread->t_procp->p_cred->cr_uid); 3203 3204 case DIF_VAR_GID: 3205 if (!dtrace_priv_proc(state)) 3206 return (0); 3207 3208#if defined(sun) 3209 /* 3210 * See comment in DIF_VAR_PID. 3211 */ 3212 if (DTRACE_ANCHORED(mstate->dtms_probe) && CPU_ON_INTR(CPU)) 3213 return ((uint64_t)p0.p_cred->cr_gid); 3214#endif 3215 3216 /* 3217 * It is always safe to dereference one's own t_procp pointer: 3218 * it always points to a valid, allocated proc structure. 3219 * (This is true because threads don't clean up their own 3220 * state -- they leave that task to whomever reaps them.) 3221 * 3222 * Additionally, it is safe to dereference one's own process 3223 * credential, since this is never NULL after process birth. 3224 */ 3225 return ((uint64_t)curthread->t_procp->p_cred->cr_gid); 3226 3227 case DIF_VAR_ERRNO: { 3228#if defined(sun) 3229 klwp_t *lwp; 3230 if (!dtrace_priv_proc(state)) 3231 return (0); 3232 3233 /* 3234 * See comment in DIF_VAR_PID. 3235 */ 3236 if (DTRACE_ANCHORED(mstate->dtms_probe) && CPU_ON_INTR(CPU)) 3237 return (0); 3238 3239 /* 3240 * It is always safe to dereference one's own t_lwp pointer in 3241 * the event that this pointer is non-NULL. (This is true 3242 * because threads and lwps don't clean up their own state -- 3243 * they leave that task to whomever reaps them.) 3244 */ 3245 if ((lwp = curthread->t_lwp) == NULL) 3246 return (0); 3247 3248 return ((uint64_t)lwp->lwp_errno); 3249#else 3250 return (curthread->td_errno); 3251#endif 3252 } 3253#if !defined(sun) 3254 case DIF_VAR_CPU: { 3255 return curcpu; 3256 } 3257#endif 3258 default: 3259 DTRACE_CPUFLAG_SET(CPU_DTRACE_ILLOP); 3260 return (0); 3261 } 3262} 3263 3264/* 3265 * Emulate the execution of DTrace ID subroutines invoked by the call opcode. 3266 * Notice that we don't bother validating the proper number of arguments or 3267 * their types in the tuple stack. This isn't needed because all argument 3268 * interpretation is safe because of our load safety -- the worst that can 3269 * happen is that a bogus program can obtain bogus results. 3270 */ 3271static void 3272dtrace_dif_subr(uint_t subr, uint_t rd, uint64_t *regs, 3273 dtrace_key_t *tupregs, int nargs, 3274 dtrace_mstate_t *mstate, dtrace_state_t *state) 3275{ 3276 volatile uint16_t *flags = &cpu_core[curcpu].cpuc_dtrace_flags; 3277 volatile uintptr_t *illval = &cpu_core[curcpu].cpuc_dtrace_illval; 3278 dtrace_vstate_t *vstate = &state->dts_vstate; 3279 3280#if defined(sun) 3281 union { 3282 mutex_impl_t mi; 3283 uint64_t mx; 3284 } m; 3285 3286 union { 3287 krwlock_t ri; 3288 uintptr_t rw; 3289 } r; 3290#else 3291 struct thread *lowner; 3292 union { 3293 struct lock_object *li; 3294 uintptr_t lx; 3295 } l; 3296#endif 3297 3298 switch (subr) { 3299 case DIF_SUBR_RAND: 3300 regs[rd] = (dtrace_gethrtime() * 2416 + 374441) % 1771875; 3301 break; 3302 3303#if defined(sun) 3304 case DIF_SUBR_MUTEX_OWNED: 3305 if (!dtrace_canload(tupregs[0].dttk_value, sizeof (kmutex_t), 3306 mstate, vstate)) { 3307 regs[rd] = 0; 3308 break; 3309 } 3310 3311 m.mx = dtrace_load64(tupregs[0].dttk_value); 3312 if (MUTEX_TYPE_ADAPTIVE(&m.mi)) 3313 regs[rd] = MUTEX_OWNER(&m.mi) != MUTEX_NO_OWNER; 3314 else 3315 regs[rd] = LOCK_HELD(&m.mi.m_spin.m_spinlock); 3316 break; 3317 3318 case DIF_SUBR_MUTEX_OWNER: 3319 if (!dtrace_canload(tupregs[0].dttk_value, sizeof (kmutex_t), 3320 mstate, vstate)) { 3321 regs[rd] = 0; 3322 break; 3323 } 3324 3325 m.mx = dtrace_load64(tupregs[0].dttk_value); 3326 if (MUTEX_TYPE_ADAPTIVE(&m.mi) && 3327 MUTEX_OWNER(&m.mi) != MUTEX_NO_OWNER) 3328 regs[rd] = (uintptr_t)MUTEX_OWNER(&m.mi); 3329 else 3330 regs[rd] = 0; 3331 break; 3332 3333 case DIF_SUBR_MUTEX_TYPE_ADAPTIVE: 3334 if (!dtrace_canload(tupregs[0].dttk_value, sizeof (kmutex_t), 3335 mstate, vstate)) { 3336 regs[rd] = 0; 3337 break; 3338 } 3339 3340 m.mx = dtrace_load64(tupregs[0].dttk_value); 3341 regs[rd] = MUTEX_TYPE_ADAPTIVE(&m.mi); 3342 break; 3343 3344 case DIF_SUBR_MUTEX_TYPE_SPIN: 3345 if (!dtrace_canload(tupregs[0].dttk_value, sizeof (kmutex_t), 3346 mstate, vstate)) { 3347 regs[rd] = 0; 3348 break; 3349 } 3350 3351 m.mx = dtrace_load64(tupregs[0].dttk_value); 3352 regs[rd] = MUTEX_TYPE_SPIN(&m.mi); 3353 break; 3354 3355 case DIF_SUBR_RW_READ_HELD: { 3356 uintptr_t tmp; 3357 3358 if (!dtrace_canload(tupregs[0].dttk_value, sizeof (uintptr_t), 3359 mstate, vstate)) { 3360 regs[rd] = 0; 3361 break; 3362 } 3363 3364 r.rw = dtrace_loadptr(tupregs[0].dttk_value); 3365 regs[rd] = _RW_READ_HELD(&r.ri, tmp); 3366 break; 3367 } 3368 3369 case DIF_SUBR_RW_WRITE_HELD: 3370 if (!dtrace_canload(tupregs[0].dttk_value, sizeof (krwlock_t), 3371 mstate, vstate)) { 3372 regs[rd] = 0; 3373 break; 3374 } 3375 3376 r.rw = dtrace_loadptr(tupregs[0].dttk_value); 3377 regs[rd] = _RW_WRITE_HELD(&r.ri); 3378 break; 3379 3380 case DIF_SUBR_RW_ISWRITER: 3381 if (!dtrace_canload(tupregs[0].dttk_value, sizeof (krwlock_t), 3382 mstate, vstate)) { 3383 regs[rd] = 0; 3384 break; 3385 } 3386 3387 r.rw = dtrace_loadptr(tupregs[0].dttk_value); 3388 regs[rd] = _RW_ISWRITER(&r.ri); 3389 break; 3390 3391#else 3392 case DIF_SUBR_MUTEX_OWNED: 3393 if (!dtrace_canload(tupregs[0].dttk_value, 3394 sizeof (struct lock_object), mstate, vstate)) { 3395 regs[rd] = 0; 3396 break; 3397 } 3398 l.lx = dtrace_loadptr((uintptr_t)&tupregs[0].dttk_value); 3399 regs[rd] = LOCK_CLASS(l.li)->lc_owner(l.li, &lowner); 3400 break; 3401 3402 case DIF_SUBR_MUTEX_OWNER: 3403 if (!dtrace_canload(tupregs[0].dttk_value, 3404 sizeof (struct lock_object), mstate, vstate)) { 3405 regs[rd] = 0; 3406 break; 3407 } 3408 l.lx = dtrace_loadptr((uintptr_t)&tupregs[0].dttk_value); 3409 LOCK_CLASS(l.li)->lc_owner(l.li, &lowner); 3410 regs[rd] = (uintptr_t)lowner; 3411 break; 3412 3413 case DIF_SUBR_MUTEX_TYPE_ADAPTIVE: 3414 if (!dtrace_canload(tupregs[0].dttk_value, sizeof (struct mtx), 3415 mstate, vstate)) { 3416 regs[rd] = 0; 3417 break; 3418 } 3419 l.lx = dtrace_loadptr((uintptr_t)&tupregs[0].dttk_value); 3420 /* XXX - should be only LC_SLEEPABLE? */ 3421 regs[rd] = (LOCK_CLASS(l.li)->lc_flags & 3422 (LC_SLEEPLOCK | LC_SLEEPABLE)) != 0; 3423 break; 3424 3425 case DIF_SUBR_MUTEX_TYPE_SPIN: 3426 if (!dtrace_canload(tupregs[0].dttk_value, sizeof (struct mtx), 3427 mstate, vstate)) { 3428 regs[rd] = 0; 3429 break; 3430 } 3431 l.lx = dtrace_loadptr((uintptr_t)&tupregs[0].dttk_value); 3432 regs[rd] = (LOCK_CLASS(l.li)->lc_flags & LC_SPINLOCK) != 0; 3433 break; 3434 3435 case DIF_SUBR_RW_READ_HELD: 3436 case DIF_SUBR_SX_SHARED_HELD: 3437 if (!dtrace_canload(tupregs[0].dttk_value, sizeof (uintptr_t), 3438 mstate, vstate)) { 3439 regs[rd] = 0; 3440 break; 3441 } 3442 l.lx = dtrace_loadptr((uintptr_t)&tupregs[0].dttk_value); 3443 regs[rd] = LOCK_CLASS(l.li)->lc_owner(l.li, &lowner) && 3444 lowner == NULL; 3445 break; 3446 3447 case DIF_SUBR_RW_WRITE_HELD: 3448 case DIF_SUBR_SX_EXCLUSIVE_HELD: 3449 if (!dtrace_canload(tupregs[0].dttk_value, sizeof (uintptr_t), 3450 mstate, vstate)) { 3451 regs[rd] = 0; 3452 break; 3453 } 3454 l.lx = dtrace_loadptr(tupregs[0].dttk_value); 3455 LOCK_CLASS(l.li)->lc_owner(l.li, &lowner); 3456 regs[rd] = (lowner == curthread); 3457 break; 3458 3459 case DIF_SUBR_RW_ISWRITER: 3460 case DIF_SUBR_SX_ISEXCLUSIVE: 3461 if (!dtrace_canload(tupregs[0].dttk_value, sizeof (uintptr_t), 3462 mstate, vstate)) { 3463 regs[rd] = 0; 3464 break; 3465 } 3466 l.lx = dtrace_loadptr(tupregs[0].dttk_value); 3467 regs[rd] = LOCK_CLASS(l.li)->lc_owner(l.li, &lowner) && 3468 lowner != NULL; 3469 break; 3470#endif /* ! defined(sun) */ 3471 3472 case DIF_SUBR_BCOPY: { 3473 /* 3474 * We need to be sure that the destination is in the scratch 3475 * region -- no other region is allowed. 3476 */ 3477 uintptr_t src = tupregs[0].dttk_value; 3478 uintptr_t dest = tupregs[1].dttk_value; 3479 size_t size = tupregs[2].dttk_value; 3480 3481 if (!dtrace_inscratch(dest, size, mstate)) { 3482 *flags |= CPU_DTRACE_BADADDR; 3483 *illval = regs[rd]; 3484 break; 3485 } 3486 3487 if (!dtrace_canload(src, size, mstate, vstate)) { 3488 regs[rd] = 0; 3489 break; 3490 } 3491 3492 dtrace_bcopy((void *)src, (void *)dest, size); 3493 break; 3494 } 3495 3496 case DIF_SUBR_ALLOCA: 3497 case DIF_SUBR_COPYIN: { 3498 uintptr_t dest = P2ROUNDUP(mstate->dtms_scratch_ptr, 8); 3499 uint64_t size = 3500 tupregs[subr == DIF_SUBR_ALLOCA ? 0 : 1].dttk_value; 3501 size_t scratch_size = (dest - mstate->dtms_scratch_ptr) + size; 3502 3503 /* 3504 * This action doesn't require any credential checks since 3505 * probes will not activate in user contexts to which the 3506 * enabling user does not have permissions. 3507 */ 3508 3509 /* 3510 * Rounding up the user allocation size could have overflowed 3511 * a large, bogus allocation (like -1ULL) to 0. 3512 */ 3513 if (scratch_size < size || 3514 !DTRACE_INSCRATCH(mstate, scratch_size)) { 3515 DTRACE_CPUFLAG_SET(CPU_DTRACE_NOSCRATCH); 3516 regs[rd] = 0; 3517 break; 3518 } 3519 3520 if (subr == DIF_SUBR_COPYIN) { 3521 DTRACE_CPUFLAG_SET(CPU_DTRACE_NOFAULT); 3522 dtrace_copyin(tupregs[0].dttk_value, dest, size, flags); 3523 DTRACE_CPUFLAG_CLEAR(CPU_DTRACE_NOFAULT); 3524 } 3525 3526 mstate->dtms_scratch_ptr += scratch_size; 3527 regs[rd] = dest; 3528 break; 3529 } 3530 3531 case DIF_SUBR_COPYINTO: { 3532 uint64_t size = tupregs[1].dttk_value; 3533 uintptr_t dest = tupregs[2].dttk_value; 3534 3535 /* 3536 * This action doesn't require any credential checks since 3537 * probes will not activate in user contexts to which the 3538 * enabling user does not have permissions. 3539 */ 3540 if (!dtrace_inscratch(dest, size, mstate)) { 3541 *flags |= CPU_DTRACE_BADADDR; 3542 *illval = regs[rd]; 3543 break; 3544 } 3545 3546 DTRACE_CPUFLAG_SET(CPU_DTRACE_NOFAULT); 3547 dtrace_copyin(tupregs[0].dttk_value, dest, size, flags); 3548 DTRACE_CPUFLAG_CLEAR(CPU_DTRACE_NOFAULT); 3549 break; 3550 } 3551 3552 case DIF_SUBR_COPYINSTR: { 3553 uintptr_t dest = mstate->dtms_scratch_ptr; 3554 uint64_t size = state->dts_options[DTRACEOPT_STRSIZE]; 3555 3556 if (nargs > 1 && tupregs[1].dttk_value < size) 3557 size = tupregs[1].dttk_value + 1; 3558 3559 /* 3560 * This action doesn't require any credential checks since 3561 * probes will not activate in user contexts to which the 3562 * enabling user does not have permissions. 3563 */ 3564 if (!DTRACE_INSCRATCH(mstate, size)) { 3565 DTRACE_CPUFLAG_SET(CPU_DTRACE_NOSCRATCH); 3566 regs[rd] = 0; 3567 break; 3568 } 3569 3570 DTRACE_CPUFLAG_SET(CPU_DTRACE_NOFAULT); 3571 dtrace_copyinstr(tupregs[0].dttk_value, dest, size, flags); 3572 DTRACE_CPUFLAG_CLEAR(CPU_DTRACE_NOFAULT); 3573 3574 ((char *)dest)[size - 1] = '\0'; 3575 mstate->dtms_scratch_ptr += size; 3576 regs[rd] = dest; 3577 break; 3578 } 3579 3580#if defined(sun) 3581 case DIF_SUBR_MSGSIZE: 3582 case DIF_SUBR_MSGDSIZE: { 3583 uintptr_t baddr = tupregs[0].dttk_value, daddr; 3584 uintptr_t wptr, rptr; 3585 size_t count = 0; 3586 int cont = 0; 3587 3588 while (baddr != 0 && !(*flags & CPU_DTRACE_FAULT)) { 3589 3590 if (!dtrace_canload(baddr, sizeof (mblk_t), mstate, 3591 vstate)) { 3592 regs[rd] = 0; 3593 break; 3594 } 3595 3596 wptr = dtrace_loadptr(baddr + 3597 offsetof(mblk_t, b_wptr)); 3598 3599 rptr = dtrace_loadptr(baddr + 3600 offsetof(mblk_t, b_rptr)); 3601 3602 if (wptr < rptr) { 3603 *flags |= CPU_DTRACE_BADADDR; 3604 *illval = tupregs[0].dttk_value; 3605 break; 3606 } 3607 3608 daddr = dtrace_loadptr(baddr + 3609 offsetof(mblk_t, b_datap)); 3610 3611 baddr = dtrace_loadptr(baddr + 3612 offsetof(mblk_t, b_cont)); 3613 3614 /* 3615 * We want to prevent against denial-of-service here, 3616 * so we're only going to search the list for 3617 * dtrace_msgdsize_max mblks. 3618 */ 3619 if (cont++ > dtrace_msgdsize_max) { 3620 *flags |= CPU_DTRACE_ILLOP; 3621 break; 3622 } 3623 3624 if (subr == DIF_SUBR_MSGDSIZE) { 3625 if (dtrace_load8(daddr + 3626 offsetof(dblk_t, db_type)) != M_DATA) 3627 continue; 3628 } 3629 3630 count += wptr - rptr; 3631 } 3632 3633 if (!(*flags & CPU_DTRACE_FAULT)) 3634 regs[rd] = count; 3635 3636 break; 3637 } 3638#endif 3639 3640 case DIF_SUBR_PROGENYOF: { 3641 pid_t pid = tupregs[0].dttk_value; 3642 proc_t *p; 3643 int rval = 0; 3644 3645 DTRACE_CPUFLAG_SET(CPU_DTRACE_NOFAULT); 3646 3647 for (p = curthread->t_procp; p != NULL; p = p->p_parent) { 3648#if defined(sun) 3649 if (p->p_pidp->pid_id == pid) { 3650#else 3651 if (p->p_pid == pid) { 3652#endif 3653 rval = 1; 3654 break; 3655 } 3656 } 3657 3658 DTRACE_CPUFLAG_CLEAR(CPU_DTRACE_NOFAULT); 3659 3660 regs[rd] = rval; 3661 break; 3662 } 3663 3664 case DIF_SUBR_SPECULATION: 3665 regs[rd] = dtrace_speculation(state); 3666 break; 3667 3668 case DIF_SUBR_COPYOUT: { 3669 uintptr_t kaddr = tupregs[0].dttk_value; 3670 uintptr_t uaddr = tupregs[1].dttk_value; 3671 uint64_t size = tupregs[2].dttk_value; 3672 3673 if (!dtrace_destructive_disallow && 3674 dtrace_priv_proc_control(state) && 3675 !dtrace_istoxic(kaddr, size)) { 3676 DTRACE_CPUFLAG_SET(CPU_DTRACE_NOFAULT); 3677 dtrace_copyout(kaddr, uaddr, size, flags); 3678 DTRACE_CPUFLAG_CLEAR(CPU_DTRACE_NOFAULT); 3679 } 3680 break; 3681 } 3682 3683 case DIF_SUBR_COPYOUTSTR: { 3684 uintptr_t kaddr = tupregs[0].dttk_value; 3685 uintptr_t uaddr = tupregs[1].dttk_value; 3686 uint64_t size = tupregs[2].dttk_value; 3687 3688 if (!dtrace_destructive_disallow && 3689 dtrace_priv_proc_control(state) && 3690 !dtrace_istoxic(kaddr, size)) { 3691 DTRACE_CPUFLAG_SET(CPU_DTRACE_NOFAULT); 3692 dtrace_copyoutstr(kaddr, uaddr, size, flags); 3693 DTRACE_CPUFLAG_CLEAR(CPU_DTRACE_NOFAULT); 3694 } 3695 break; 3696 } 3697 3698 case DIF_SUBR_STRLEN: { 3699 size_t sz; 3700 uintptr_t addr = (uintptr_t)tupregs[0].dttk_value; 3701 sz = dtrace_strlen((char *)addr, 3702 state->dts_options[DTRACEOPT_STRSIZE]); 3703 3704 if (!dtrace_canload(addr, sz + 1, mstate, vstate)) { 3705 regs[rd] = 0; 3706 break; 3707 } 3708 3709 regs[rd] = sz; 3710 3711 break; 3712 } 3713 3714 case DIF_SUBR_STRCHR: 3715 case DIF_SUBR_STRRCHR: { 3716 /* 3717 * We're going to iterate over the string looking for the 3718 * specified character. We will iterate until we have reached 3719 * the string length or we have found the character. If this 3720 * is DIF_SUBR_STRRCHR, we will look for the last occurrence 3721 * of the specified character instead of the first. 3722 */ 3723 uintptr_t saddr = tupregs[0].dttk_value; 3724 uintptr_t addr = tupregs[0].dttk_value; 3725 uintptr_t limit = addr + state->dts_options[DTRACEOPT_STRSIZE]; 3726 char c, target = (char)tupregs[1].dttk_value; 3727 3728 for (regs[rd] = 0; addr < limit; addr++) { 3729 if ((c = dtrace_load8(addr)) == target) { 3730 regs[rd] = addr; 3731 3732 if (subr == DIF_SUBR_STRCHR) 3733 break; 3734 } 3735 3736 if (c == '\0') 3737 break; 3738 } 3739 3740 if (!dtrace_canload(saddr, addr - saddr, mstate, vstate)) { 3741 regs[rd] = 0; 3742 break; 3743 } 3744 3745 break; 3746 } 3747 3748 case DIF_SUBR_STRSTR: 3749 case DIF_SUBR_INDEX: 3750 case DIF_SUBR_RINDEX: { 3751 /* 3752 * We're going to iterate over the string looking for the 3753 * specified string. We will iterate until we have reached 3754 * the string length or we have found the string. (Yes, this 3755 * is done in the most naive way possible -- but considering 3756 * that the string we're searching for is likely to be 3757 * relatively short, the complexity of Rabin-Karp or similar 3758 * hardly seems merited.) 3759 */ 3760 char *addr = (char *)(uintptr_t)tupregs[0].dttk_value; 3761 char *substr = (char *)(uintptr_t)tupregs[1].dttk_value; 3762 uint64_t size = state->dts_options[DTRACEOPT_STRSIZE]; 3763 size_t len = dtrace_strlen(addr, size); 3764 size_t sublen = dtrace_strlen(substr, size); 3765 char *limit = addr + len, *orig = addr; 3766 int notfound = subr == DIF_SUBR_STRSTR ? 0 : -1; 3767 int inc = 1; 3768 3769 regs[rd] = notfound; 3770 3771 if (!dtrace_canload((uintptr_t)addr, len + 1, mstate, vstate)) { 3772 regs[rd] = 0; 3773 break; 3774 } 3775 3776 if (!dtrace_canload((uintptr_t)substr, sublen + 1, mstate, 3777 vstate)) { 3778 regs[rd] = 0; 3779 break; 3780 } 3781 3782 /* 3783 * strstr() and index()/rindex() have similar semantics if 3784 * both strings are the empty string: strstr() returns a 3785 * pointer to the (empty) string, and index() and rindex() 3786 * both return index 0 (regardless of any position argument). 3787 */ 3788 if (sublen == 0 && len == 0) { 3789 if (subr == DIF_SUBR_STRSTR) 3790 regs[rd] = (uintptr_t)addr; 3791 else 3792 regs[rd] = 0; 3793 break; 3794 } 3795 3796 if (subr != DIF_SUBR_STRSTR) { 3797 if (subr == DIF_SUBR_RINDEX) { 3798 limit = orig - 1; 3799 addr += len; 3800 inc = -1; 3801 } 3802 3803 /* 3804 * Both index() and rindex() take an optional position 3805 * argument that denotes the starting position. 3806 */ 3807 if (nargs == 3) { 3808 int64_t pos = (int64_t)tupregs[2].dttk_value; 3809 3810 /* 3811 * If the position argument to index() is 3812 * negative, Perl implicitly clamps it at 3813 * zero. This semantic is a little surprising 3814 * given the special meaning of negative 3815 * positions to similar Perl functions like 3816 * substr(), but it appears to reflect a 3817 * notion that index() can start from a 3818 * negative index and increment its way up to 3819 * the string. Given this notion, Perl's 3820 * rindex() is at least self-consistent in 3821 * that it implicitly clamps positions greater 3822 * than the string length to be the string 3823 * length. Where Perl completely loses 3824 * coherence, however, is when the specified 3825 * substring is the empty string (""). In 3826 * this case, even if the position is 3827 * negative, rindex() returns 0 -- and even if 3828 * the position is greater than the length, 3829 * index() returns the string length. These 3830 * semantics violate the notion that index() 3831 * should never return a value less than the 3832 * specified position and that rindex() should 3833 * never return a value greater than the 3834 * specified position. (One assumes that 3835 * these semantics are artifacts of Perl's 3836 * implementation and not the results of 3837 * deliberate design -- it beggars belief that 3838 * even Larry Wall could desire such oddness.) 3839 * While in the abstract one would wish for 3840 * consistent position semantics across 3841 * substr(), index() and rindex() -- or at the 3842 * very least self-consistent position 3843 * semantics for index() and rindex() -- we 3844 * instead opt to keep with the extant Perl 3845 * semantics, in all their broken glory. (Do 3846 * we have more desire to maintain Perl's 3847 * semantics than Perl does? Probably.) 3848 */ 3849 if (subr == DIF_SUBR_RINDEX) { 3850 if (pos < 0) { 3851 if (sublen == 0) 3852 regs[rd] = 0; 3853 break; 3854 } 3855 3856 if (pos > len) 3857 pos = len; 3858 } else { 3859 if (pos < 0) 3860 pos = 0; 3861 3862 if (pos >= len) { 3863 if (sublen == 0) 3864 regs[rd] = len; 3865 break; 3866 } 3867 } 3868 3869 addr = orig + pos; 3870 } 3871 } 3872 3873 for (regs[rd] = notfound; addr != limit; addr += inc) { 3874 if (dtrace_strncmp(addr, substr, sublen) == 0) { 3875 if (subr != DIF_SUBR_STRSTR) { 3876 /* 3877 * As D index() and rindex() are 3878 * modeled on Perl (and not on awk), 3879 * we return a zero-based (and not a 3880 * one-based) index. (For you Perl 3881 * weenies: no, we're not going to add 3882 * $[ -- and shouldn't you be at a con 3883 * or something?) 3884 */ 3885 regs[rd] = (uintptr_t)(addr - orig); 3886 break; 3887 } 3888 3889 ASSERT(subr == DIF_SUBR_STRSTR); 3890 regs[rd] = (uintptr_t)addr; 3891 break; 3892 } 3893 } 3894 3895 break; 3896 } 3897 3898 case DIF_SUBR_STRTOK: { 3899 uintptr_t addr = tupregs[0].dttk_value; 3900 uintptr_t tokaddr = tupregs[1].dttk_value; 3901 uint64_t size = state->dts_options[DTRACEOPT_STRSIZE]; 3902 uintptr_t limit, toklimit = tokaddr + size; 3903 uint8_t c = 0, tokmap[32]; /* 256 / 8 */ 3904 char *dest = (char *)mstate->dtms_scratch_ptr; 3905 int i; 3906 3907 /* 3908 * Check both the token buffer and (later) the input buffer, 3909 * since both could be non-scratch addresses. 3910 */ 3911 if (!dtrace_strcanload(tokaddr, size, mstate, vstate)) { 3912 regs[rd] = 0; 3913 break; 3914 } 3915 3916 if (!DTRACE_INSCRATCH(mstate, size)) { 3917 DTRACE_CPUFLAG_SET(CPU_DTRACE_NOSCRATCH); 3918 regs[rd] = 0; 3919 break; 3920 } 3921 3922 if (addr == 0) { 3923 /* 3924 * If the address specified is NULL, we use our saved 3925 * strtok pointer from the mstate. Note that this 3926 * means that the saved strtok pointer is _only_ 3927 * valid within multiple enablings of the same probe -- 3928 * it behaves like an implicit clause-local variable. 3929 */ 3930 addr = mstate->dtms_strtok; 3931 } else { 3932 /* 3933 * If the user-specified address is non-NULL we must 3934 * access check it. This is the only time we have 3935 * a chance to do so, since this address may reside 3936 * in the string table of this clause-- future calls 3937 * (when we fetch addr from mstate->dtms_strtok) 3938 * would fail this access check. 3939 */ 3940 if (!dtrace_strcanload(addr, size, mstate, vstate)) { 3941 regs[rd] = 0; 3942 break; 3943 } 3944 } 3945 3946 /* 3947 * First, zero the token map, and then process the token 3948 * string -- setting a bit in the map for every character 3949 * found in the token string. 3950 */ 3951 for (i = 0; i < sizeof (tokmap); i++) 3952 tokmap[i] = 0; 3953 3954 for (; tokaddr < toklimit; tokaddr++) { 3955 if ((c = dtrace_load8(tokaddr)) == '\0') 3956 break; 3957 3958 ASSERT((c >> 3) < sizeof (tokmap)); 3959 tokmap[c >> 3] |= (1 << (c & 0x7)); 3960 } 3961 3962 for (limit = addr + size; addr < limit; addr++) { 3963 /* 3964 * We're looking for a character that is _not_ contained 3965 * in the token string. 3966 */ 3967 if ((c = dtrace_load8(addr)) == '\0') 3968 break; 3969 3970 if (!(tokmap[c >> 3] & (1 << (c & 0x7)))) 3971 break; 3972 } 3973 3974 if (c == '\0') { 3975 /* 3976 * We reached the end of the string without finding 3977 * any character that was not in the token string. 3978 * We return NULL in this case, and we set the saved 3979 * address to NULL as well. 3980 */ 3981 regs[rd] = 0; 3982 mstate->dtms_strtok = 0; 3983 break; 3984 } 3985 3986 /* 3987 * From here on, we're copying into the destination string. 3988 */ 3989 for (i = 0; addr < limit && i < size - 1; addr++) { 3990 if ((c = dtrace_load8(addr)) == '\0') 3991 break; 3992 3993 if (tokmap[c >> 3] & (1 << (c & 0x7))) 3994 break; 3995 3996 ASSERT(i < size); 3997 dest[i++] = c; 3998 } 3999 4000 ASSERT(i < size); 4001 dest[i] = '\0'; 4002 regs[rd] = (uintptr_t)dest; 4003 mstate->dtms_scratch_ptr += size; 4004 mstate->dtms_strtok = addr; 4005 break; 4006 } 4007 4008 case DIF_SUBR_SUBSTR: { 4009 uintptr_t s = tupregs[0].dttk_value; 4010 uint64_t size = state->dts_options[DTRACEOPT_STRSIZE]; 4011 char *d = (char *)mstate->dtms_scratch_ptr; 4012 int64_t index = (int64_t)tupregs[1].dttk_value; 4013 int64_t remaining = (int64_t)tupregs[2].dttk_value; 4014 size_t len = dtrace_strlen((char *)s, size); 4015 int64_t i = 0; 4016 4017 if (!dtrace_canload(s, len + 1, mstate, vstate)) { 4018 regs[rd] = 0; 4019 break; 4020 } 4021 4022 if (!DTRACE_INSCRATCH(mstate, size)) { 4023 DTRACE_CPUFLAG_SET(CPU_DTRACE_NOSCRATCH); 4024 regs[rd] = 0; 4025 break; 4026 } 4027 4028 if (nargs <= 2) 4029 remaining = (int64_t)size; 4030 4031 if (index < 0) { 4032 index += len; 4033 4034 if (index < 0 && index + remaining > 0) { 4035 remaining += index; 4036 index = 0; 4037 } 4038 } 4039 4040 if (index >= len || index < 0) { 4041 remaining = 0; 4042 } else if (remaining < 0) { 4043 remaining += len - index; 4044 } else if (index + remaining > size) { 4045 remaining = size - index; 4046 } 4047 4048 for (i = 0; i < remaining; i++) { 4049 if ((d[i] = dtrace_load8(s + index + i)) == '\0') 4050 break; 4051 } 4052 4053 d[i] = '\0'; 4054 4055 mstate->dtms_scratch_ptr += size; 4056 regs[rd] = (uintptr_t)d; 4057 break; 4058 } 4059 4060 case DIF_SUBR_TOUPPER: 4061 case DIF_SUBR_TOLOWER: { 4062 uintptr_t s = tupregs[0].dttk_value; 4063 uint64_t size = state->dts_options[DTRACEOPT_STRSIZE]; 4064 char *dest = (char *)mstate->dtms_scratch_ptr, c; 4065 size_t len = dtrace_strlen((char *)s, size); 4066 char lower, upper, convert; 4067 int64_t i; 4068 4069 if (subr == DIF_SUBR_TOUPPER) { 4070 lower = 'a'; 4071 upper = 'z'; 4072 convert = 'A'; 4073 } else { 4074 lower = 'A'; 4075 upper = 'Z'; 4076 convert = 'a'; 4077 } 4078 4079 if (!dtrace_canload(s, len + 1, mstate, vstate)) { 4080 regs[rd] = 0; 4081 break; 4082 } 4083 4084 if (!DTRACE_INSCRATCH(mstate, size)) { 4085 DTRACE_CPUFLAG_SET(CPU_DTRACE_NOSCRATCH); 4086 regs[rd] = 0; 4087 break; 4088 } 4089 4090 for (i = 0; i < size - 1; i++) { 4091 if ((c = dtrace_load8(s + i)) == '\0') 4092 break; 4093 4094 if (c >= lower && c <= upper) 4095 c = convert + (c - lower); 4096 4097 dest[i] = c; 4098 } 4099 4100 ASSERT(i < size); 4101 dest[i] = '\0'; 4102 regs[rd] = (uintptr_t)dest; 4103 mstate->dtms_scratch_ptr += size; 4104 break; 4105 } 4106 4107#if defined(sun) 4108 case DIF_SUBR_GETMAJOR: 4109#ifdef _LP64 4110 regs[rd] = (tupregs[0].dttk_value >> NBITSMINOR64) & MAXMAJ64; 4111#else 4112 regs[rd] = (tupregs[0].dttk_value >> NBITSMINOR) & MAXMAJ; 4113#endif 4114 break; 4115 4116 case DIF_SUBR_GETMINOR: 4117#ifdef _LP64 4118 regs[rd] = tupregs[0].dttk_value & MAXMIN64; 4119#else 4120 regs[rd] = tupregs[0].dttk_value & MAXMIN; 4121#endif 4122 break; 4123 4124 case DIF_SUBR_DDI_PATHNAME: { 4125 /* 4126 * This one is a galactic mess. We are going to roughly 4127 * emulate ddi_pathname(), but it's made more complicated 4128 * by the fact that we (a) want to include the minor name and 4129 * (b) must proceed iteratively instead of recursively. 4130 */ 4131 uintptr_t dest = mstate->dtms_scratch_ptr; 4132 uint64_t size = state->dts_options[DTRACEOPT_STRSIZE]; 4133 char *start = (char *)dest, *end = start + size - 1; 4134 uintptr_t daddr = tupregs[0].dttk_value; 4135 int64_t minor = (int64_t)tupregs[1].dttk_value; 4136 char *s; 4137 int i, len, depth = 0; 4138 4139 /* 4140 * Due to all the pointer jumping we do and context we must 4141 * rely upon, we just mandate that the user must have kernel 4142 * read privileges to use this routine. 4143 */ 4144 if ((mstate->dtms_access & DTRACE_ACCESS_KERNEL) == 0) { 4145 *flags |= CPU_DTRACE_KPRIV; 4146 *illval = daddr; 4147 regs[rd] = 0; 4148 } 4149 4150 if (!DTRACE_INSCRATCH(mstate, size)) { 4151 DTRACE_CPUFLAG_SET(CPU_DTRACE_NOSCRATCH); 4152 regs[rd] = 0; 4153 break; 4154 } 4155 4156 *end = '\0'; 4157 4158 /* 4159 * We want to have a name for the minor. In order to do this, 4160 * we need to walk the minor list from the devinfo. We want 4161 * to be sure that we don't infinitely walk a circular list, 4162 * so we check for circularity by sending a scout pointer 4163 * ahead two elements for every element that we iterate over; 4164 * if the list is circular, these will ultimately point to the 4165 * same element. You may recognize this little trick as the 4166 * answer to a stupid interview question -- one that always 4167 * seems to be asked by those who had to have it laboriously 4168 * explained to them, and who can't even concisely describe 4169 * the conditions under which one would be forced to resort to 4170 * this technique. Needless to say, those conditions are 4171 * found here -- and probably only here. Is this the only use 4172 * of this infamous trick in shipping, production code? If it 4173 * isn't, it probably should be... 4174 */ 4175 if (minor != -1) { 4176 uintptr_t maddr = dtrace_loadptr(daddr + 4177 offsetof(struct dev_info, devi_minor)); 4178 4179 uintptr_t next = offsetof(struct ddi_minor_data, next); 4180 uintptr_t name = offsetof(struct ddi_minor_data, 4181 d_minor) + offsetof(struct ddi_minor, name); 4182 uintptr_t dev = offsetof(struct ddi_minor_data, 4183 d_minor) + offsetof(struct ddi_minor, dev); 4184 uintptr_t scout; 4185 4186 if (maddr != NULL) 4187 scout = dtrace_loadptr(maddr + next); 4188 4189 while (maddr != NULL && !(*flags & CPU_DTRACE_FAULT)) { 4190 uint64_t m; 4191#ifdef _LP64 4192 m = dtrace_load64(maddr + dev) & MAXMIN64; 4193#else 4194 m = dtrace_load32(maddr + dev) & MAXMIN; 4195#endif 4196 if (m != minor) { 4197 maddr = dtrace_loadptr(maddr + next); 4198 4199 if (scout == NULL) 4200 continue; 4201 4202 scout = dtrace_loadptr(scout + next); 4203 4204 if (scout == NULL) 4205 continue; 4206 4207 scout = dtrace_loadptr(scout + next); 4208 4209 if (scout == NULL) 4210 continue; 4211 4212 if (scout == maddr) { 4213 *flags |= CPU_DTRACE_ILLOP; 4214 break; 4215 } 4216 4217 continue; 4218 } 4219 4220 /* 4221 * We have the minor data. Now we need to 4222 * copy the minor's name into the end of the 4223 * pathname. 4224 */ 4225 s = (char *)dtrace_loadptr(maddr + name); 4226 len = dtrace_strlen(s, size); 4227 4228 if (*flags & CPU_DTRACE_FAULT) 4229 break; 4230 4231 if (len != 0) { 4232 if ((end -= (len + 1)) < start) 4233 break; 4234 4235 *end = ':'; 4236 } 4237 4238 for (i = 1; i <= len; i++) 4239 end[i] = dtrace_load8((uintptr_t)s++); 4240 break; 4241 } 4242 } 4243 4244 while (daddr != NULL && !(*flags & CPU_DTRACE_FAULT)) { 4245 ddi_node_state_t devi_state; 4246 4247 devi_state = dtrace_load32(daddr + 4248 offsetof(struct dev_info, devi_node_state)); 4249 4250 if (*flags & CPU_DTRACE_FAULT) 4251 break; 4252 4253 if (devi_state >= DS_INITIALIZED) { 4254 s = (char *)dtrace_loadptr(daddr + 4255 offsetof(struct dev_info, devi_addr)); 4256 len = dtrace_strlen(s, size); 4257 4258 if (*flags & CPU_DTRACE_FAULT) 4259 break; 4260 4261 if (len != 0) { 4262 if ((end -= (len + 1)) < start) 4263 break; 4264 4265 *end = '@'; 4266 } 4267 4268 for (i = 1; i <= len; i++) 4269 end[i] = dtrace_load8((uintptr_t)s++); 4270 } 4271 4272 /* 4273 * Now for the node name... 4274 */ 4275 s = (char *)dtrace_loadptr(daddr + 4276 offsetof(struct dev_info, devi_node_name)); 4277 4278 daddr = dtrace_loadptr(daddr + 4279 offsetof(struct dev_info, devi_parent)); 4280 4281 /* 4282 * If our parent is NULL (that is, if we're the root 4283 * node), we're going to use the special path 4284 * "devices". 4285 */ 4286 if (daddr == 0) 4287 s = "devices"; 4288 4289 len = dtrace_strlen(s, size); 4290 if (*flags & CPU_DTRACE_FAULT) 4291 break; 4292 4293 if ((end -= (len + 1)) < start) 4294 break; 4295 4296 for (i = 1; i <= len; i++) 4297 end[i] = dtrace_load8((uintptr_t)s++); 4298 *end = '/'; 4299 4300 if (depth++ > dtrace_devdepth_max) { 4301 *flags |= CPU_DTRACE_ILLOP; 4302 break; 4303 } 4304 } 4305 4306 if (end < start) 4307 DTRACE_CPUFLAG_SET(CPU_DTRACE_NOSCRATCH); 4308 4309 if (daddr == 0) { 4310 regs[rd] = (uintptr_t)end; 4311 mstate->dtms_scratch_ptr += size; 4312 } 4313 4314 break; 4315 } 4316#endif 4317 4318 case DIF_SUBR_STRJOIN: { 4319 char *d = (char *)mstate->dtms_scratch_ptr; 4320 uint64_t size = state->dts_options[DTRACEOPT_STRSIZE]; 4321 uintptr_t s1 = tupregs[0].dttk_value; 4322 uintptr_t s2 = tupregs[1].dttk_value; 4323 int i = 0; 4324 4325 if (!dtrace_strcanload(s1, size, mstate, vstate) || 4326 !dtrace_strcanload(s2, size, mstate, vstate)) { 4327 regs[rd] = 0; 4328 break; 4329 } 4330 4331 if (!DTRACE_INSCRATCH(mstate, size)) { 4332 DTRACE_CPUFLAG_SET(CPU_DTRACE_NOSCRATCH); 4333 regs[rd] = 0; 4334 break; 4335 } 4336 4337 for (;;) { 4338 if (i >= size) { 4339 DTRACE_CPUFLAG_SET(CPU_DTRACE_NOSCRATCH); 4340 regs[rd] = 0; 4341 break; 4342 } 4343 4344 if ((d[i++] = dtrace_load8(s1++)) == '\0') { 4345 i--; 4346 break; 4347 } 4348 } 4349 4350 for (;;) { 4351 if (i >= size) { 4352 DTRACE_CPUFLAG_SET(CPU_DTRACE_NOSCRATCH); 4353 regs[rd] = 0; 4354 break; 4355 } 4356 4357 if ((d[i++] = dtrace_load8(s2++)) == '\0') 4358 break; 4359 } 4360 4361 if (i < size) { 4362 mstate->dtms_scratch_ptr += i; 4363 regs[rd] = (uintptr_t)d; 4364 } 4365 4366 break; 4367 } 4368 4369 case DIF_SUBR_LLTOSTR: { 4370 int64_t i = (int64_t)tupregs[0].dttk_value; 4371 uint64_t val, digit; 4372 uint64_t size = 65; /* enough room for 2^64 in binary */ 4373 char *end = (char *)mstate->dtms_scratch_ptr + size - 1; 4374 int base = 10; 4375 4376 if (nargs > 1) { 4377 if ((base = tupregs[1].dttk_value) <= 1 || 4378 base > ('z' - 'a' + 1) + ('9' - '0' + 1)) { 4379 *flags |= CPU_DTRACE_ILLOP; 4380 break; 4381 } 4382 } 4383 4384 val = (base == 10 && i < 0) ? i * -1 : i; 4385 4386 if (!DTRACE_INSCRATCH(mstate, size)) { 4387 DTRACE_CPUFLAG_SET(CPU_DTRACE_NOSCRATCH); 4388 regs[rd] = 0; 4389 break; 4390 } 4391 4392 for (*end-- = '\0'; val; val /= base) { 4393 if ((digit = val % base) <= '9' - '0') { 4394 *end-- = '0' + digit; 4395 } else { 4396 *end-- = 'a' + (digit - ('9' - '0') - 1); 4397 } 4398 } 4399 4400 if (i == 0 && base == 16) 4401 *end-- = '0'; 4402 4403 if (base == 16) 4404 *end-- = 'x'; 4405 4406 if (i == 0 || base == 8 || base == 16) 4407 *end-- = '0'; 4408 4409 if (i < 0 && base == 10) 4410 *end-- = '-'; 4411 4412 regs[rd] = (uintptr_t)end + 1; 4413 mstate->dtms_scratch_ptr += size; 4414 break; 4415 } 4416 4417 case DIF_SUBR_HTONS: 4418 case DIF_SUBR_NTOHS: 4419#if BYTE_ORDER == BIG_ENDIAN 4420 regs[rd] = (uint16_t)tupregs[0].dttk_value; 4421#else 4422 regs[rd] = DT_BSWAP_16((uint16_t)tupregs[0].dttk_value); 4423#endif 4424 break; 4425 4426 4427 case DIF_SUBR_HTONL: 4428 case DIF_SUBR_NTOHL: 4429#if BYTE_ORDER == BIG_ENDIAN 4430 regs[rd] = (uint32_t)tupregs[0].dttk_value; 4431#else 4432 regs[rd] = DT_BSWAP_32((uint32_t)tupregs[0].dttk_value); 4433#endif 4434 break; 4435 4436 4437 case DIF_SUBR_HTONLL: 4438 case DIF_SUBR_NTOHLL: 4439#if BYTE_ORDER == BIG_ENDIAN 4440 regs[rd] = (uint64_t)tupregs[0].dttk_value; 4441#else 4442 regs[rd] = DT_BSWAP_64((uint64_t)tupregs[0].dttk_value); 4443#endif 4444 break; 4445 4446 4447 case DIF_SUBR_DIRNAME: 4448 case DIF_SUBR_BASENAME: { 4449 char *dest = (char *)mstate->dtms_scratch_ptr; 4450 uint64_t size = state->dts_options[DTRACEOPT_STRSIZE]; 4451 uintptr_t src = tupregs[0].dttk_value; 4452 int i, j, len = dtrace_strlen((char *)src, size); 4453 int lastbase = -1, firstbase = -1, lastdir = -1; 4454 int start, end; 4455 4456 if (!dtrace_canload(src, len + 1, mstate, vstate)) { 4457 regs[rd] = 0; 4458 break; 4459 } 4460 4461 if (!DTRACE_INSCRATCH(mstate, size)) { 4462 DTRACE_CPUFLAG_SET(CPU_DTRACE_NOSCRATCH); 4463 regs[rd] = 0; 4464 break; 4465 } 4466 4467 /* 4468 * The basename and dirname for a zero-length string is 4469 * defined to be "." 4470 */ 4471 if (len == 0) { 4472 len = 1; 4473 src = (uintptr_t)"."; 4474 } 4475 4476 /* 4477 * Start from the back of the string, moving back toward the 4478 * front until we see a character that isn't a slash. That 4479 * character is the last character in the basename. 4480 */ 4481 for (i = len - 1; i >= 0; i--) { 4482 if (dtrace_load8(src + i) != '/') 4483 break; 4484 } 4485 4486 if (i >= 0) 4487 lastbase = i; 4488 4489 /* 4490 * Starting from the last character in the basename, move 4491 * towards the front until we find a slash. The character 4492 * that we processed immediately before that is the first 4493 * character in the basename. 4494 */ 4495 for (; i >= 0; i--) { 4496 if (dtrace_load8(src + i) == '/') 4497 break; 4498 } 4499 4500 if (i >= 0) 4501 firstbase = i + 1; 4502 4503 /* 4504 * Now keep going until we find a non-slash character. That 4505 * character is the last character in the dirname. 4506 */ 4507 for (; i >= 0; i--) { 4508 if (dtrace_load8(src + i) != '/') 4509 break; 4510 } 4511 4512 if (i >= 0) 4513 lastdir = i; 4514 4515 ASSERT(!(lastbase == -1 && firstbase != -1)); 4516 ASSERT(!(firstbase == -1 && lastdir != -1)); 4517 4518 if (lastbase == -1) { 4519 /* 4520 * We didn't find a non-slash character. We know that 4521 * the length is non-zero, so the whole string must be 4522 * slashes. In either the dirname or the basename 4523 * case, we return '/'. 4524 */ 4525 ASSERT(firstbase == -1); 4526 firstbase = lastbase = lastdir = 0; 4527 } 4528 4529 if (firstbase == -1) { 4530 /* 4531 * The entire string consists only of a basename 4532 * component. If we're looking for dirname, we need 4533 * to change our string to be just "."; if we're 4534 * looking for a basename, we'll just set the first 4535 * character of the basename to be 0. 4536 */ 4537 if (subr == DIF_SUBR_DIRNAME) { 4538 ASSERT(lastdir == -1); 4539 src = (uintptr_t)"."; 4540 lastdir = 0; 4541 } else { 4542 firstbase = 0; 4543 } 4544 } 4545 4546 if (subr == DIF_SUBR_DIRNAME) { 4547 if (lastdir == -1) { 4548 /* 4549 * We know that we have a slash in the name -- 4550 * or lastdir would be set to 0, above. And 4551 * because lastdir is -1, we know that this 4552 * slash must be the first character. (That 4553 * is, the full string must be of the form 4554 * "/basename".) In this case, the last 4555 * character of the directory name is 0. 4556 */ 4557 lastdir = 0; 4558 } 4559 4560 start = 0; 4561 end = lastdir; 4562 } else { 4563 ASSERT(subr == DIF_SUBR_BASENAME); 4564 ASSERT(firstbase != -1 && lastbase != -1); 4565 start = firstbase; 4566 end = lastbase; 4567 } 4568 4569 for (i = start, j = 0; i <= end && j < size - 1; i++, j++) 4570 dest[j] = dtrace_load8(src + i); 4571 4572 dest[j] = '\0'; 4573 regs[rd] = (uintptr_t)dest; 4574 mstate->dtms_scratch_ptr += size; 4575 break; 4576 } 4577 4578 case DIF_SUBR_CLEANPATH: { 4579 char *dest = (char *)mstate->dtms_scratch_ptr, c; 4580 uint64_t size = state->dts_options[DTRACEOPT_STRSIZE]; 4581 uintptr_t src = tupregs[0].dttk_value; 4582 int i = 0, j = 0; 4583 4584 if (!dtrace_strcanload(src, size, mstate, vstate)) { 4585 regs[rd] = 0; 4586 break; 4587 } 4588 4589 if (!DTRACE_INSCRATCH(mstate, size)) { 4590 DTRACE_CPUFLAG_SET(CPU_DTRACE_NOSCRATCH); 4591 regs[rd] = 0; 4592 break; 4593 } 4594 4595 /* 4596 * Move forward, loading each character. 4597 */ 4598 do { 4599 c = dtrace_load8(src + i++); 4600next: 4601 if (j + 5 >= size) /* 5 = strlen("/..c\0") */ 4602 break; 4603 4604 if (c != '/') { 4605 dest[j++] = c; 4606 continue; 4607 } 4608 4609 c = dtrace_load8(src + i++); 4610 4611 if (c == '/') { 4612 /* 4613 * We have two slashes -- we can just advance 4614 * to the next character. 4615 */ 4616 goto next; 4617 } 4618 4619 if (c != '.') { 4620 /* 4621 * This is not "." and it's not ".." -- we can 4622 * just store the "/" and this character and 4623 * drive on. 4624 */ 4625 dest[j++] = '/'; 4626 dest[j++] = c; 4627 continue; 4628 } 4629 4630 c = dtrace_load8(src + i++); 4631 4632 if (c == '/') { 4633 /* 4634 * This is a "/./" component. We're not going 4635 * to store anything in the destination buffer; 4636 * we're just going to go to the next component. 4637 */ 4638 goto next; 4639 } 4640 4641 if (c != '.') { 4642 /* 4643 * This is not ".." -- we can just store the 4644 * "/." and this character and continue 4645 * processing. 4646 */ 4647 dest[j++] = '/'; 4648 dest[j++] = '.'; 4649 dest[j++] = c; 4650 continue; 4651 } 4652 4653 c = dtrace_load8(src + i++); 4654 4655 if (c != '/' && c != '\0') { 4656 /* 4657 * This is not ".." -- it's "..[mumble]". 4658 * We'll store the "/.." and this character 4659 * and continue processing. 4660 */ 4661 dest[j++] = '/'; 4662 dest[j++] = '.'; 4663 dest[j++] = '.'; 4664 dest[j++] = c; 4665 continue; 4666 } 4667 4668 /* 4669 * This is "/../" or "/..\0". We need to back up 4670 * our destination pointer until we find a "/". 4671 */ 4672 i--; 4673 while (j != 0 && dest[--j] != '/') 4674 continue; 4675 4676 if (c == '\0') 4677 dest[++j] = '/'; 4678 } while (c != '\0'); 4679 4680 dest[j] = '\0'; 4681 regs[rd] = (uintptr_t)dest; 4682 mstate->dtms_scratch_ptr += size; 4683 break; 4684 } 4685 4686 case DIF_SUBR_INET_NTOA: 4687 case DIF_SUBR_INET_NTOA6: 4688 case DIF_SUBR_INET_NTOP: { 4689 size_t size; 4690 int af, argi, i; 4691 char *base, *end; 4692 4693 if (subr == DIF_SUBR_INET_NTOP) { 4694 af = (int)tupregs[0].dttk_value; 4695 argi = 1; 4696 } else { 4697 af = subr == DIF_SUBR_INET_NTOA ? AF_INET: AF_INET6; 4698 argi = 0; 4699 } 4700 4701 if (af == AF_INET) { 4702 ipaddr_t ip4; 4703 uint8_t *ptr8, val; 4704 4705 /* 4706 * Safely load the IPv4 address. 4707 */ 4708 ip4 = dtrace_load32(tupregs[argi].dttk_value); 4709 4710 /* 4711 * Check an IPv4 string will fit in scratch. 4712 */ 4713 size = INET_ADDRSTRLEN; 4714 if (!DTRACE_INSCRATCH(mstate, size)) { 4715 DTRACE_CPUFLAG_SET(CPU_DTRACE_NOSCRATCH); 4716 regs[rd] = 0; 4717 break; 4718 } 4719 base = (char *)mstate->dtms_scratch_ptr; 4720 end = (char *)mstate->dtms_scratch_ptr + size - 1; 4721 4722 /* 4723 * Stringify as a dotted decimal quad. 4724 */ 4725 *end-- = '\0'; 4726 ptr8 = (uint8_t *)&ip4; 4727 for (i = 3; i >= 0; i--) { 4728 val = ptr8[i]; 4729 4730 if (val == 0) { 4731 *end-- = '0'; 4732 } else { 4733 for (; val; val /= 10) { 4734 *end-- = '0' + (val % 10); 4735 } 4736 } 4737 4738 if (i > 0) 4739 *end-- = '.'; 4740 } 4741 ASSERT(end + 1 >= base); 4742 4743 } else if (af == AF_INET6) { 4744 struct in6_addr ip6; 4745 int firstzero, tryzero, numzero, v6end; 4746 uint16_t val; 4747 const char digits[] = "0123456789abcdef"; 4748 4749 /* 4750 * Stringify using RFC 1884 convention 2 - 16 bit 4751 * hexadecimal values with a zero-run compression. 4752 * Lower case hexadecimal digits are used. 4753 * eg, fe80::214:4fff:fe0b:76c8. 4754 * The IPv4 embedded form is returned for inet_ntop, 4755 * just the IPv4 string is returned for inet_ntoa6. 4756 */ 4757 4758 /* 4759 * Safely load the IPv6 address. 4760 */ 4761 dtrace_bcopy( 4762 (void *)(uintptr_t)tupregs[argi].dttk_value, 4763 (void *)(uintptr_t)&ip6, sizeof (struct in6_addr)); 4764 4765 /* 4766 * Check an IPv6 string will fit in scratch. 4767 */ 4768 size = INET6_ADDRSTRLEN; 4769 if (!DTRACE_INSCRATCH(mstate, size)) { 4770 DTRACE_CPUFLAG_SET(CPU_DTRACE_NOSCRATCH); 4771 regs[rd] = 0; 4772 break; 4773 } 4774 base = (char *)mstate->dtms_scratch_ptr; 4775 end = (char *)mstate->dtms_scratch_ptr + size - 1; 4776 *end-- = '\0'; 4777 4778 /* 4779 * Find the longest run of 16 bit zero values 4780 * for the single allowed zero compression - "::". 4781 */ 4782 firstzero = -1; 4783 tryzero = -1; 4784 numzero = 1; 4785 for (i = 0; i < sizeof (struct in6_addr); i++) { 4786#if defined(sun) 4787 if (ip6._S6_un._S6_u8[i] == 0 && 4788#else 4789 if (ip6.__u6_addr.__u6_addr8[i] == 0 && 4790#endif 4791 tryzero == -1 && i % 2 == 0) { 4792 tryzero = i; 4793 continue; 4794 } 4795 4796 if (tryzero != -1 && 4797#if defined(sun) 4798 (ip6._S6_un._S6_u8[i] != 0 || 4799#else 4800 (ip6.__u6_addr.__u6_addr8[i] != 0 || 4801#endif 4802 i == sizeof (struct in6_addr) - 1)) { 4803 4804 if (i - tryzero <= numzero) { 4805 tryzero = -1; 4806 continue; 4807 } 4808 4809 firstzero = tryzero; 4810 numzero = i - i % 2 - tryzero; 4811 tryzero = -1; 4812 4813#if defined(sun) 4814 if (ip6._S6_un._S6_u8[i] == 0 && 4815#else 4816 if (ip6.__u6_addr.__u6_addr8[i] == 0 && 4817#endif 4818 i == sizeof (struct in6_addr) - 1) 4819 numzero += 2; 4820 } 4821 } 4822 ASSERT(firstzero + numzero <= sizeof (struct in6_addr)); 4823 4824 /* 4825 * Check for an IPv4 embedded address. 4826 */ 4827 v6end = sizeof (struct in6_addr) - 2; 4828 if (IN6_IS_ADDR_V4MAPPED(&ip6) || 4829 IN6_IS_ADDR_V4COMPAT(&ip6)) { 4830 for (i = sizeof (struct in6_addr) - 1; 4831 i >= DTRACE_V4MAPPED_OFFSET; i--) { 4832 ASSERT(end >= base); 4833 4834#if defined(sun) 4835 val = ip6._S6_un._S6_u8[i]; 4836#else 4837 val = ip6.__u6_addr.__u6_addr8[i]; 4838#endif 4839 4840 if (val == 0) { 4841 *end-- = '0'; 4842 } else { 4843 for (; val; val /= 10) { 4844 *end-- = '0' + val % 10; 4845 } 4846 } 4847 4848 if (i > DTRACE_V4MAPPED_OFFSET) 4849 *end-- = '.'; 4850 } 4851 4852 if (subr == DIF_SUBR_INET_NTOA6) 4853 goto inetout; 4854 4855 /* 4856 * Set v6end to skip the IPv4 address that 4857 * we have already stringified. 4858 */ 4859 v6end = 10; 4860 } 4861 4862 /* 4863 * Build the IPv6 string by working through the 4864 * address in reverse. 4865 */ 4866 for (i = v6end; i >= 0; i -= 2) { 4867 ASSERT(end >= base); 4868 4869 if (i == firstzero + numzero - 2) { 4870 *end-- = ':'; 4871 *end-- = ':'; 4872 i -= numzero - 2; 4873 continue; 4874 } 4875 4876 if (i < 14 && i != firstzero - 2) 4877 *end-- = ':'; 4878 4879#if defined(sun) 4880 val = (ip6._S6_un._S6_u8[i] << 8) + 4881 ip6._S6_un._S6_u8[i + 1]; 4882#else 4883 val = (ip6.__u6_addr.__u6_addr8[i] << 8) + 4884 ip6.__u6_addr.__u6_addr8[i + 1]; 4885#endif 4886 4887 if (val == 0) { 4888 *end-- = '0'; 4889 } else { 4890 for (; val; val /= 16) { 4891 *end-- = digits[val % 16]; 4892 } 4893 } 4894 } 4895 ASSERT(end + 1 >= base); 4896 4897 } else { 4898 /* 4899 * The user didn't use AH_INET or AH_INET6. 4900 */ 4901 DTRACE_CPUFLAG_SET(CPU_DTRACE_ILLOP); 4902 regs[rd] = 0; 4903 break; 4904 } 4905 4906inetout: regs[rd] = (uintptr_t)end + 1; 4907 mstate->dtms_scratch_ptr += size; 4908 break; 4909 } 4910 4911 case DIF_SUBR_MEMREF: { 4912 uintptr_t size = 2 * sizeof(uintptr_t); 4913 uintptr_t *memref = (uintptr_t *) P2ROUNDUP(mstate->dtms_scratch_ptr, sizeof(uintptr_t)); 4914 size_t scratch_size = ((uintptr_t) memref - mstate->dtms_scratch_ptr) + size; 4915 4916 /* address and length */ 4917 memref[0] = tupregs[0].dttk_value; 4918 memref[1] = tupregs[1].dttk_value; 4919 4920 regs[rd] = (uintptr_t) memref; 4921 mstate->dtms_scratch_ptr += scratch_size; 4922 break; 4923 } 4924 4925 case DIF_SUBR_TYPEREF: { 4926 uintptr_t size = 4 * sizeof(uintptr_t); 4927 uintptr_t *typeref = (uintptr_t *) P2ROUNDUP(mstate->dtms_scratch_ptr, sizeof(uintptr_t)); 4928 size_t scratch_size = ((uintptr_t) typeref - mstate->dtms_scratch_ptr) + size; 4929 4930 /* address, num_elements, type_str, type_len */ 4931 typeref[0] = tupregs[0].dttk_value; 4932 typeref[1] = tupregs[1].dttk_value; 4933 typeref[2] = tupregs[2].dttk_value; 4934 typeref[3] = tupregs[3].dttk_value; 4935 4936 regs[rd] = (uintptr_t) typeref; 4937 mstate->dtms_scratch_ptr += scratch_size; 4938 break; 4939 } 4940 } 4941} 4942 4943/* 4944 * Emulate the execution of DTrace IR instructions specified by the given 4945 * DIF object. This function is deliberately void of assertions as all of 4946 * the necessary checks are handled by a call to dtrace_difo_validate(). 4947 */ 4948static uint64_t 4949dtrace_dif_emulate(dtrace_difo_t *difo, dtrace_mstate_t *mstate, 4950 dtrace_vstate_t *vstate, dtrace_state_t *state) 4951{ 4952 const dif_instr_t *text = difo->dtdo_buf; 4953 const uint_t textlen = difo->dtdo_len; 4954 const char *strtab = difo->dtdo_strtab; 4955 const uint64_t *inttab = difo->dtdo_inttab; 4956 4957 uint64_t rval = 0; 4958 dtrace_statvar_t *svar; 4959 dtrace_dstate_t *dstate = &vstate->dtvs_dynvars; 4960 dtrace_difv_t *v; 4961 volatile uint16_t *flags = &cpu_core[curcpu].cpuc_dtrace_flags; 4962 volatile uintptr_t *illval = &cpu_core[curcpu].cpuc_dtrace_illval; 4963 4964 dtrace_key_t tupregs[DIF_DTR_NREGS + 2]; /* +2 for thread and id */ 4965 uint64_t regs[DIF_DIR_NREGS]; 4966 uint64_t *tmp; 4967 4968 uint8_t cc_n = 0, cc_z = 0, cc_v = 0, cc_c = 0; 4969 int64_t cc_r; 4970 uint_t pc = 0, id, opc = 0; 4971 uint8_t ttop = 0; 4972 dif_instr_t instr; 4973 uint_t r1, r2, rd; 4974 4975 /* 4976 * We stash the current DIF object into the machine state: we need it 4977 * for subsequent access checking. 4978 */ 4979 mstate->dtms_difo = difo; 4980 4981 regs[DIF_REG_R0] = 0; /* %r0 is fixed at zero */ 4982 4983 while (pc < textlen && !(*flags & CPU_DTRACE_FAULT)) { 4984 opc = pc; 4985 4986 instr = text[pc++]; 4987 r1 = DIF_INSTR_R1(instr); 4988 r2 = DIF_INSTR_R2(instr); 4989 rd = DIF_INSTR_RD(instr); 4990 4991 switch (DIF_INSTR_OP(instr)) { 4992 case DIF_OP_OR: 4993 regs[rd] = regs[r1] | regs[r2]; 4994 break; 4995 case DIF_OP_XOR: 4996 regs[rd] = regs[r1] ^ regs[r2]; 4997 break; 4998 case DIF_OP_AND: 4999 regs[rd] = regs[r1] & regs[r2]; 5000 break; 5001 case DIF_OP_SLL: 5002 regs[rd] = regs[r1] << regs[r2]; 5003 break; 5004 case DIF_OP_SRL: 5005 regs[rd] = regs[r1] >> regs[r2]; 5006 break; 5007 case DIF_OP_SUB: 5008 regs[rd] = regs[r1] - regs[r2]; 5009 break; 5010 case DIF_OP_ADD: 5011 regs[rd] = regs[r1] + regs[r2]; 5012 break; 5013 case DIF_OP_MUL: 5014 regs[rd] = regs[r1] * regs[r2]; 5015 break; 5016 case DIF_OP_SDIV: 5017 if (regs[r2] == 0) { 5018 regs[rd] = 0; 5019 *flags |= CPU_DTRACE_DIVZERO; 5020 } else { 5021 regs[rd] = (int64_t)regs[r1] / 5022 (int64_t)regs[r2]; 5023 } 5024 break; 5025 5026 case DIF_OP_UDIV: 5027 if (regs[r2] == 0) { 5028 regs[rd] = 0; 5029 *flags |= CPU_DTRACE_DIVZERO; 5030 } else { 5031 regs[rd] = regs[r1] / regs[r2]; 5032 } 5033 break; 5034 5035 case DIF_OP_SREM: 5036 if (regs[r2] == 0) { 5037 regs[rd] = 0; 5038 *flags |= CPU_DTRACE_DIVZERO; 5039 } else { 5040 regs[rd] = (int64_t)regs[r1] % 5041 (int64_t)regs[r2]; 5042 } 5043 break; 5044 5045 case DIF_OP_UREM: 5046 if (regs[r2] == 0) { 5047 regs[rd] = 0; 5048 *flags |= CPU_DTRACE_DIVZERO; 5049 } else { 5050 regs[rd] = regs[r1] % regs[r2]; 5051 } 5052 break; 5053 5054 case DIF_OP_NOT: 5055 regs[rd] = ~regs[r1]; 5056 break; 5057 case DIF_OP_MOV: 5058 regs[rd] = regs[r1]; 5059 break; 5060 case DIF_OP_CMP: 5061 cc_r = regs[r1] - regs[r2]; 5062 cc_n = cc_r < 0; 5063 cc_z = cc_r == 0; 5064 cc_v = 0; 5065 cc_c = regs[r1] < regs[r2]; 5066 break; 5067 case DIF_OP_TST: 5068 cc_n = cc_v = cc_c = 0; 5069 cc_z = regs[r1] == 0; 5070 break; 5071 case DIF_OP_BA: 5072 pc = DIF_INSTR_LABEL(instr); 5073 break; 5074 case DIF_OP_BE: 5075 if (cc_z) 5076 pc = DIF_INSTR_LABEL(instr); 5077 break; 5078 case DIF_OP_BNE: 5079 if (cc_z == 0) 5080 pc = DIF_INSTR_LABEL(instr); 5081 break; 5082 case DIF_OP_BG: 5083 if ((cc_z | (cc_n ^ cc_v)) == 0) 5084 pc = DIF_INSTR_LABEL(instr); 5085 break; 5086 case DIF_OP_BGU: 5087 if ((cc_c | cc_z) == 0) 5088 pc = DIF_INSTR_LABEL(instr); 5089 break; 5090 case DIF_OP_BGE: 5091 if ((cc_n ^ cc_v) == 0) 5092 pc = DIF_INSTR_LABEL(instr); 5093 break; 5094 case DIF_OP_BGEU: 5095 if (cc_c == 0) 5096 pc = DIF_INSTR_LABEL(instr); 5097 break; 5098 case DIF_OP_BL: 5099 if (cc_n ^ cc_v) 5100 pc = DIF_INSTR_LABEL(instr); 5101 break; 5102 case DIF_OP_BLU: 5103 if (cc_c) 5104 pc = DIF_INSTR_LABEL(instr); 5105 break; 5106 case DIF_OP_BLE: 5107 if (cc_z | (cc_n ^ cc_v)) 5108 pc = DIF_INSTR_LABEL(instr); 5109 break; 5110 case DIF_OP_BLEU: 5111 if (cc_c | cc_z) 5112 pc = DIF_INSTR_LABEL(instr); 5113 break; 5114 case DIF_OP_RLDSB: 5115 if (!dtrace_canstore(regs[r1], 1, mstate, vstate)) { 5116 *flags |= CPU_DTRACE_KPRIV; 5117 *illval = regs[r1]; 5118 break; 5119 } 5120 /*FALLTHROUGH*/ 5121 case DIF_OP_LDSB: 5122 regs[rd] = (int8_t)dtrace_load8(regs[r1]); 5123 break; 5124 case DIF_OP_RLDSH: 5125 if (!dtrace_canstore(regs[r1], 2, mstate, vstate)) { 5126 *flags |= CPU_DTRACE_KPRIV; 5127 *illval = regs[r1]; 5128 break; 5129 } 5130 /*FALLTHROUGH*/ 5131 case DIF_OP_LDSH: 5132 regs[rd] = (int16_t)dtrace_load16(regs[r1]); 5133 break; 5134 case DIF_OP_RLDSW: 5135 if (!dtrace_canstore(regs[r1], 4, mstate, vstate)) { 5136 *flags |= CPU_DTRACE_KPRIV; 5137 *illval = regs[r1]; 5138 break; 5139 } 5140 /*FALLTHROUGH*/ 5141 case DIF_OP_LDSW: 5142 regs[rd] = (int32_t)dtrace_load32(regs[r1]); 5143 break; 5144 case DIF_OP_RLDUB: 5145 if (!dtrace_canstore(regs[r1], 1, mstate, vstate)) { 5146 *flags |= CPU_DTRACE_KPRIV; 5147 *illval = regs[r1]; 5148 break; 5149 } 5150 /*FALLTHROUGH*/ 5151 case DIF_OP_LDUB: 5152 regs[rd] = dtrace_load8(regs[r1]); 5153 break; 5154 case DIF_OP_RLDUH: 5155 if (!dtrace_canstore(regs[r1], 2, mstate, vstate)) { 5156 *flags |= CPU_DTRACE_KPRIV; 5157 *illval = regs[r1]; 5158 break; 5159 } 5160 /*FALLTHROUGH*/ 5161 case DIF_OP_LDUH: 5162 regs[rd] = dtrace_load16(regs[r1]); 5163 break; 5164 case DIF_OP_RLDUW: 5165 if (!dtrace_canstore(regs[r1], 4, mstate, vstate)) { 5166 *flags |= CPU_DTRACE_KPRIV; 5167 *illval = regs[r1]; 5168 break; 5169 } 5170 /*FALLTHROUGH*/ 5171 case DIF_OP_LDUW: 5172 regs[rd] = dtrace_load32(regs[r1]); 5173 break; 5174 case DIF_OP_RLDX: 5175 if (!dtrace_canstore(regs[r1], 8, mstate, vstate)) { 5176 *flags |= CPU_DTRACE_KPRIV; 5177 *illval = regs[r1]; 5178 break; 5179 } 5180 /*FALLTHROUGH*/ 5181 case DIF_OP_LDX: 5182 regs[rd] = dtrace_load64(regs[r1]); 5183 break; 5184 case DIF_OP_ULDSB: 5185 regs[rd] = (int8_t) 5186 dtrace_fuword8((void *)(uintptr_t)regs[r1]); 5187 break; 5188 case DIF_OP_ULDSH: 5189 regs[rd] = (int16_t) 5190 dtrace_fuword16((void *)(uintptr_t)regs[r1]); 5191 break; 5192 case DIF_OP_ULDSW: 5193 regs[rd] = (int32_t) 5194 dtrace_fuword32((void *)(uintptr_t)regs[r1]); 5195 break; 5196 case DIF_OP_ULDUB: 5197 regs[rd] = 5198 dtrace_fuword8((void *)(uintptr_t)regs[r1]); 5199 break; 5200 case DIF_OP_ULDUH: 5201 regs[rd] = 5202 dtrace_fuword16((void *)(uintptr_t)regs[r1]); 5203 break; 5204 case DIF_OP_ULDUW: 5205 regs[rd] = 5206 dtrace_fuword32((void *)(uintptr_t)regs[r1]); 5207 break; 5208 case DIF_OP_ULDX: 5209 regs[rd] = 5210 dtrace_fuword64((void *)(uintptr_t)regs[r1]); 5211 break; 5212 case DIF_OP_RET: 5213 rval = regs[rd]; 5214 pc = textlen; 5215 break; 5216 case DIF_OP_NOP: 5217 break; 5218 case DIF_OP_SETX: 5219 regs[rd] = inttab[DIF_INSTR_INTEGER(instr)]; 5220 break; 5221 case DIF_OP_SETS: 5222 regs[rd] = (uint64_t)(uintptr_t) 5223 (strtab + DIF_INSTR_STRING(instr)); 5224 break; 5225 case DIF_OP_SCMP: { 5226 size_t sz = state->dts_options[DTRACEOPT_STRSIZE]; 5227 uintptr_t s1 = regs[r1]; 5228 uintptr_t s2 = regs[r2]; 5229 5230 if (s1 != 0 && 5231 !dtrace_strcanload(s1, sz, mstate, vstate)) 5232 break; 5233 if (s2 != 0 && 5234 !dtrace_strcanload(s2, sz, mstate, vstate)) 5235 break; 5236 5237 cc_r = dtrace_strncmp((char *)s1, (char *)s2, sz); 5238 5239 cc_n = cc_r < 0; 5240 cc_z = cc_r == 0; 5241 cc_v = cc_c = 0; 5242 break; 5243 } 5244 case DIF_OP_LDGA: 5245 regs[rd] = dtrace_dif_variable(mstate, state, 5246 r1, regs[r2]); 5247 break; 5248 case DIF_OP_LDGS: 5249 id = DIF_INSTR_VAR(instr); 5250 5251 if (id >= DIF_VAR_OTHER_UBASE) { 5252 uintptr_t a; 5253 5254 id -= DIF_VAR_OTHER_UBASE; 5255 svar = vstate->dtvs_globals[id]; 5256 ASSERT(svar != NULL); 5257 v = &svar->dtsv_var; 5258 5259 if (!(v->dtdv_type.dtdt_flags & DIF_TF_BYREF)) { 5260 regs[rd] = svar->dtsv_data; 5261 break; 5262 } 5263 5264 a = (uintptr_t)svar->dtsv_data; 5265 5266 if (*(uint8_t *)a == UINT8_MAX) { 5267 /* 5268 * If the 0th byte is set to UINT8_MAX 5269 * then this is to be treated as a 5270 * reference to a NULL variable. 5271 */ 5272 regs[rd] = 0; 5273 } else { 5274 regs[rd] = a + sizeof (uint64_t); 5275 } 5276 5277 break; 5278 } 5279 5280 regs[rd] = dtrace_dif_variable(mstate, state, id, 0); 5281 break; 5282 5283 case DIF_OP_STGS: 5284 id = DIF_INSTR_VAR(instr); 5285 5286 ASSERT(id >= DIF_VAR_OTHER_UBASE); 5287 id -= DIF_VAR_OTHER_UBASE; 5288 5289 svar = vstate->dtvs_globals[id]; 5290 ASSERT(svar != NULL); 5291 v = &svar->dtsv_var; 5292 5293 if (v->dtdv_type.dtdt_flags & DIF_TF_BYREF) { 5294 uintptr_t a = (uintptr_t)svar->dtsv_data; 5295 5296 ASSERT(a != 0); 5297 ASSERT(svar->dtsv_size != 0); 5298 5299 if (regs[rd] == 0) { 5300 *(uint8_t *)a = UINT8_MAX; 5301 break; 5302 } else { 5303 *(uint8_t *)a = 0; 5304 a += sizeof (uint64_t); 5305 } 5306 if (!dtrace_vcanload( 5307 (void *)(uintptr_t)regs[rd], &v->dtdv_type, 5308 mstate, vstate)) 5309 break; 5310 5311 dtrace_vcopy((void *)(uintptr_t)regs[rd], 5312 (void *)a, &v->dtdv_type); 5313 break; 5314 } 5315 5316 svar->dtsv_data = regs[rd]; 5317 break; 5318 5319 case DIF_OP_LDTA: 5320 /* 5321 * There are no DTrace built-in thread-local arrays at 5322 * present. This opcode is saved for future work. 5323 */ 5324 *flags |= CPU_DTRACE_ILLOP; 5325 regs[rd] = 0; 5326 break; 5327 5328 case DIF_OP_LDLS: 5329 id = DIF_INSTR_VAR(instr); 5330 5331 if (id < DIF_VAR_OTHER_UBASE) { 5332 /* 5333 * For now, this has no meaning. 5334 */ 5335 regs[rd] = 0; 5336 break; 5337 } 5338 5339 id -= DIF_VAR_OTHER_UBASE; 5340 5341 ASSERT(id < vstate->dtvs_nlocals); 5342 ASSERT(vstate->dtvs_locals != NULL); 5343 5344 svar = vstate->dtvs_locals[id]; 5345 ASSERT(svar != NULL); 5346 v = &svar->dtsv_var; 5347 5348 if (v->dtdv_type.dtdt_flags & DIF_TF_BYREF) { 5349 uintptr_t a = (uintptr_t)svar->dtsv_data; 5350 size_t sz = v->dtdv_type.dtdt_size; 5351 5352 sz += sizeof (uint64_t); 5353 ASSERT(svar->dtsv_size == NCPU * sz); 5354 a += curcpu * sz; 5355 5356 if (*(uint8_t *)a == UINT8_MAX) { 5357 /* 5358 * If the 0th byte is set to UINT8_MAX 5359 * then this is to be treated as a 5360 * reference to a NULL variable. 5361 */ 5362 regs[rd] = 0; 5363 } else { 5364 regs[rd] = a + sizeof (uint64_t); 5365 } 5366 5367 break; 5368 } 5369 5370 ASSERT(svar->dtsv_size == NCPU * sizeof (uint64_t)); 5371 tmp = (uint64_t *)(uintptr_t)svar->dtsv_data; 5372 regs[rd] = tmp[curcpu]; 5373 break; 5374 5375 case DIF_OP_STLS: 5376 id = DIF_INSTR_VAR(instr); 5377 5378 ASSERT(id >= DIF_VAR_OTHER_UBASE); 5379 id -= DIF_VAR_OTHER_UBASE; 5380 ASSERT(id < vstate->dtvs_nlocals); 5381 5382 ASSERT(vstate->dtvs_locals != NULL); 5383 svar = vstate->dtvs_locals[id]; 5384 ASSERT(svar != NULL); 5385 v = &svar->dtsv_var; 5386 5387 if (v->dtdv_type.dtdt_flags & DIF_TF_BYREF) { 5388 uintptr_t a = (uintptr_t)svar->dtsv_data; 5389 size_t sz = v->dtdv_type.dtdt_size; 5390 5391 sz += sizeof (uint64_t); 5392 ASSERT(svar->dtsv_size == NCPU * sz); 5393 a += curcpu * sz; 5394 5395 if (regs[rd] == 0) { 5396 *(uint8_t *)a = UINT8_MAX; 5397 break; 5398 } else { 5399 *(uint8_t *)a = 0; 5400 a += sizeof (uint64_t); 5401 } 5402 5403 if (!dtrace_vcanload( 5404 (void *)(uintptr_t)regs[rd], &v->dtdv_type, 5405 mstate, vstate)) 5406 break; 5407 5408 dtrace_vcopy((void *)(uintptr_t)regs[rd], 5409 (void *)a, &v->dtdv_type); 5410 break; 5411 } 5412 5413 ASSERT(svar->dtsv_size == NCPU * sizeof (uint64_t)); 5414 tmp = (uint64_t *)(uintptr_t)svar->dtsv_data; 5415 tmp[curcpu] = regs[rd]; 5416 break; 5417 5418 case DIF_OP_LDTS: { 5419 dtrace_dynvar_t *dvar; 5420 dtrace_key_t *key; 5421 5422 id = DIF_INSTR_VAR(instr); 5423 ASSERT(id >= DIF_VAR_OTHER_UBASE); 5424 id -= DIF_VAR_OTHER_UBASE; 5425 v = &vstate->dtvs_tlocals[id]; 5426 5427 key = &tupregs[DIF_DTR_NREGS]; 5428 key[0].dttk_value = (uint64_t)id; 5429 key[0].dttk_size = 0; 5430 DTRACE_TLS_THRKEY(key[1].dttk_value); 5431 key[1].dttk_size = 0; 5432 5433 dvar = dtrace_dynvar(dstate, 2, key, 5434 sizeof (uint64_t), DTRACE_DYNVAR_NOALLOC, 5435 mstate, vstate); 5436 5437 if (dvar == NULL) { 5438 regs[rd] = 0; 5439 break; 5440 } 5441 5442 if (v->dtdv_type.dtdt_flags & DIF_TF_BYREF) { 5443 regs[rd] = (uint64_t)(uintptr_t)dvar->dtdv_data; 5444 } else { 5445 regs[rd] = *((uint64_t *)dvar->dtdv_data); 5446 } 5447 5448 break; 5449 } 5450 5451 case DIF_OP_STTS: { 5452 dtrace_dynvar_t *dvar; 5453 dtrace_key_t *key; 5454 5455 id = DIF_INSTR_VAR(instr); 5456 ASSERT(id >= DIF_VAR_OTHER_UBASE); 5457 id -= DIF_VAR_OTHER_UBASE; 5458 5459 key = &tupregs[DIF_DTR_NREGS]; 5460 key[0].dttk_value = (uint64_t)id; 5461 key[0].dttk_size = 0; 5462 DTRACE_TLS_THRKEY(key[1].dttk_value); 5463 key[1].dttk_size = 0; 5464 v = &vstate->dtvs_tlocals[id]; 5465 5466 dvar = dtrace_dynvar(dstate, 2, key, 5467 v->dtdv_type.dtdt_size > sizeof (uint64_t) ? 5468 v->dtdv_type.dtdt_size : sizeof (uint64_t), 5469 regs[rd] ? DTRACE_DYNVAR_ALLOC : 5470 DTRACE_DYNVAR_DEALLOC, mstate, vstate); 5471 5472 /* 5473 * Given that we're storing to thread-local data, 5474 * we need to flush our predicate cache. 5475 */ 5476 curthread->t_predcache = 0; 5477 5478 if (dvar == NULL) 5479 break; 5480 5481 if (v->dtdv_type.dtdt_flags & DIF_TF_BYREF) { 5482 if (!dtrace_vcanload( 5483 (void *)(uintptr_t)regs[rd], 5484 &v->dtdv_type, mstate, vstate)) 5485 break; 5486 5487 dtrace_vcopy((void *)(uintptr_t)regs[rd], 5488 dvar->dtdv_data, &v->dtdv_type); 5489 } else { 5490 *((uint64_t *)dvar->dtdv_data) = regs[rd]; 5491 } 5492 5493 break; 5494 } 5495 5496 case DIF_OP_SRA: 5497 regs[rd] = (int64_t)regs[r1] >> regs[r2]; 5498 break; 5499 5500 case DIF_OP_CALL: 5501 dtrace_dif_subr(DIF_INSTR_SUBR(instr), rd, 5502 regs, tupregs, ttop, mstate, state); 5503 break; 5504 5505 case DIF_OP_PUSHTR: 5506 if (ttop == DIF_DTR_NREGS) { 5507 *flags |= CPU_DTRACE_TUPOFLOW; 5508 break; 5509 } 5510 5511 if (r1 == DIF_TYPE_STRING) { 5512 /* 5513 * If this is a string type and the size is 0, 5514 * we'll use the system-wide default string 5515 * size. Note that we are _not_ looking at 5516 * the value of the DTRACEOPT_STRSIZE option; 5517 * had this been set, we would expect to have 5518 * a non-zero size value in the "pushtr". 5519 */ 5520 tupregs[ttop].dttk_size = 5521 dtrace_strlen((char *)(uintptr_t)regs[rd], 5522 regs[r2] ? regs[r2] : 5523 dtrace_strsize_default) + 1; 5524 } else { 5525 tupregs[ttop].dttk_size = regs[r2]; 5526 } 5527 5528 tupregs[ttop++].dttk_value = regs[rd]; 5529 break; 5530 5531 case DIF_OP_PUSHTV: 5532 if (ttop == DIF_DTR_NREGS) { 5533 *flags |= CPU_DTRACE_TUPOFLOW; 5534 break; 5535 } 5536 5537 tupregs[ttop].dttk_value = regs[rd]; 5538 tupregs[ttop++].dttk_size = 0; 5539 break; 5540 5541 case DIF_OP_POPTS: 5542 if (ttop != 0) 5543 ttop--; 5544 break; 5545 5546 case DIF_OP_FLUSHTS: 5547 ttop = 0; 5548 break; 5549 5550 case DIF_OP_LDGAA: 5551 case DIF_OP_LDTAA: { 5552 dtrace_dynvar_t *dvar; 5553 dtrace_key_t *key = tupregs; 5554 uint_t nkeys = ttop; 5555 5556 id = DIF_INSTR_VAR(instr); 5557 ASSERT(id >= DIF_VAR_OTHER_UBASE); 5558 id -= DIF_VAR_OTHER_UBASE; 5559 5560 key[nkeys].dttk_value = (uint64_t)id; 5561 key[nkeys++].dttk_size = 0; 5562 5563 if (DIF_INSTR_OP(instr) == DIF_OP_LDTAA) { 5564 DTRACE_TLS_THRKEY(key[nkeys].dttk_value); 5565 key[nkeys++].dttk_size = 0; 5566 v = &vstate->dtvs_tlocals[id]; 5567 } else { 5568 v = &vstate->dtvs_globals[id]->dtsv_var; 5569 } 5570 5571 dvar = dtrace_dynvar(dstate, nkeys, key, 5572 v->dtdv_type.dtdt_size > sizeof (uint64_t) ? 5573 v->dtdv_type.dtdt_size : sizeof (uint64_t), 5574 DTRACE_DYNVAR_NOALLOC, mstate, vstate); 5575 5576 if (dvar == NULL) { 5577 regs[rd] = 0; 5578 break; 5579 } 5580 5581 if (v->dtdv_type.dtdt_flags & DIF_TF_BYREF) { 5582 regs[rd] = (uint64_t)(uintptr_t)dvar->dtdv_data; 5583 } else { 5584 regs[rd] = *((uint64_t *)dvar->dtdv_data); 5585 } 5586 5587 break; 5588 } 5589 5590 case DIF_OP_STGAA: 5591 case DIF_OP_STTAA: { 5592 dtrace_dynvar_t *dvar; 5593 dtrace_key_t *key = tupregs; 5594 uint_t nkeys = ttop; 5595 5596 id = DIF_INSTR_VAR(instr); 5597 ASSERT(id >= DIF_VAR_OTHER_UBASE); 5598 id -= DIF_VAR_OTHER_UBASE; 5599 5600 key[nkeys].dttk_value = (uint64_t)id; 5601 key[nkeys++].dttk_size = 0; 5602 5603 if (DIF_INSTR_OP(instr) == DIF_OP_STTAA) { 5604 DTRACE_TLS_THRKEY(key[nkeys].dttk_value); 5605 key[nkeys++].dttk_size = 0; 5606 v = &vstate->dtvs_tlocals[id]; 5607 } else { 5608 v = &vstate->dtvs_globals[id]->dtsv_var; 5609 } 5610 5611 dvar = dtrace_dynvar(dstate, nkeys, key, 5612 v->dtdv_type.dtdt_size > sizeof (uint64_t) ? 5613 v->dtdv_type.dtdt_size : sizeof (uint64_t), 5614 regs[rd] ? DTRACE_DYNVAR_ALLOC : 5615 DTRACE_DYNVAR_DEALLOC, mstate, vstate); 5616 5617 if (dvar == NULL) 5618 break; 5619 5620 if (v->dtdv_type.dtdt_flags & DIF_TF_BYREF) { 5621 if (!dtrace_vcanload( 5622 (void *)(uintptr_t)regs[rd], &v->dtdv_type, 5623 mstate, vstate)) 5624 break; 5625 5626 dtrace_vcopy((void *)(uintptr_t)regs[rd], 5627 dvar->dtdv_data, &v->dtdv_type); 5628 } else { 5629 *((uint64_t *)dvar->dtdv_data) = regs[rd]; 5630 } 5631 5632 break; 5633 } 5634 5635 case DIF_OP_ALLOCS: { 5636 uintptr_t ptr = P2ROUNDUP(mstate->dtms_scratch_ptr, 8); 5637 size_t size = ptr - mstate->dtms_scratch_ptr + regs[r1]; 5638 5639 /* 5640 * Rounding up the user allocation size could have 5641 * overflowed large, bogus allocations (like -1ULL) to 5642 * 0. 5643 */ 5644 if (size < regs[r1] || 5645 !DTRACE_INSCRATCH(mstate, size)) { 5646 DTRACE_CPUFLAG_SET(CPU_DTRACE_NOSCRATCH); 5647 regs[rd] = 0; 5648 break; 5649 } 5650 5651 dtrace_bzero((void *) mstate->dtms_scratch_ptr, size); 5652 mstate->dtms_scratch_ptr += size; 5653 regs[rd] = ptr; 5654 break; 5655 } 5656 5657 case DIF_OP_COPYS: 5658 if (!dtrace_canstore(regs[rd], regs[r2], 5659 mstate, vstate)) { 5660 *flags |= CPU_DTRACE_BADADDR; 5661 *illval = regs[rd]; 5662 break; 5663 } 5664 5665 if (!dtrace_canload(regs[r1], regs[r2], mstate, vstate)) 5666 break; 5667 5668 dtrace_bcopy((void *)(uintptr_t)regs[r1], 5669 (void *)(uintptr_t)regs[rd], (size_t)regs[r2]); 5670 break; 5671 5672 case DIF_OP_STB: 5673 if (!dtrace_canstore(regs[rd], 1, mstate, vstate)) { 5674 *flags |= CPU_DTRACE_BADADDR; 5675 *illval = regs[rd]; 5676 break; 5677 } 5678 *((uint8_t *)(uintptr_t)regs[rd]) = (uint8_t)regs[r1]; 5679 break; 5680 5681 case DIF_OP_STH: 5682 if (!dtrace_canstore(regs[rd], 2, mstate, vstate)) { 5683 *flags |= CPU_DTRACE_BADADDR; 5684 *illval = regs[rd]; 5685 break; 5686 } 5687 if (regs[rd] & 1) { 5688 *flags |= CPU_DTRACE_BADALIGN; 5689 *illval = regs[rd]; 5690 break; 5691 } 5692 *((uint16_t *)(uintptr_t)regs[rd]) = (uint16_t)regs[r1]; 5693 break; 5694 5695 case DIF_OP_STW: 5696 if (!dtrace_canstore(regs[rd], 4, mstate, vstate)) { 5697 *flags |= CPU_DTRACE_BADADDR; 5698 *illval = regs[rd]; 5699 break; 5700 } 5701 if (regs[rd] & 3) { 5702 *flags |= CPU_DTRACE_BADALIGN; 5703 *illval = regs[rd]; 5704 break; 5705 } 5706 *((uint32_t *)(uintptr_t)regs[rd]) = (uint32_t)regs[r1]; 5707 break; 5708 5709 case DIF_OP_STX: 5710 if (!dtrace_canstore(regs[rd], 8, mstate, vstate)) { 5711 *flags |= CPU_DTRACE_BADADDR; 5712 *illval = regs[rd]; 5713 break; 5714 } 5715 if (regs[rd] & 7) { 5716 *flags |= CPU_DTRACE_BADALIGN; 5717 *illval = regs[rd]; 5718 break; 5719 } 5720 *((uint64_t *)(uintptr_t)regs[rd]) = regs[r1]; 5721 break; 5722 } 5723 } 5724 5725 if (!(*flags & CPU_DTRACE_FAULT)) 5726 return (rval); 5727 5728 mstate->dtms_fltoffs = opc * sizeof (dif_instr_t); 5729 mstate->dtms_present |= DTRACE_MSTATE_FLTOFFS; 5730 5731 return (0); 5732} 5733 5734static void 5735dtrace_action_breakpoint(dtrace_ecb_t *ecb) 5736{ 5737 dtrace_probe_t *probe = ecb->dte_probe; 5738 dtrace_provider_t *prov = probe->dtpr_provider; 5739 char c[DTRACE_FULLNAMELEN + 80], *str; 5740 char *msg = "dtrace: breakpoint action at probe "; 5741 char *ecbmsg = " (ecb "; 5742 uintptr_t mask = (0xf << (sizeof (uintptr_t) * NBBY / 4)); 5743 uintptr_t val = (uintptr_t)ecb; 5744 int shift = (sizeof (uintptr_t) * NBBY) - 4, i = 0; 5745 5746 if (dtrace_destructive_disallow) 5747 return; 5748 5749 /* 5750 * It's impossible to be taking action on the NULL probe. 5751 */ 5752 ASSERT(probe != NULL); 5753 5754 /* 5755 * This is a poor man's (destitute man's?) sprintf(): we want to 5756 * print the provider name, module name, function name and name of 5757 * the probe, along with the hex address of the ECB with the breakpoint 5758 * action -- all of which we must place in the character buffer by 5759 * hand. 5760 */ 5761 while (*msg != '\0') 5762 c[i++] = *msg++; 5763 5764 for (str = prov->dtpv_name; *str != '\0'; str++) 5765 c[i++] = *str; 5766 c[i++] = ':'; 5767 5768 for (str = probe->dtpr_mod; *str != '\0'; str++) 5769 c[i++] = *str; 5770 c[i++] = ':'; 5771 5772 for (str = probe->dtpr_func; *str != '\0'; str++) 5773 c[i++] = *str; 5774 c[i++] = ':'; 5775 5776 for (str = probe->dtpr_name; *str != '\0'; str++) 5777 c[i++] = *str; 5778 5779 while (*ecbmsg != '\0') 5780 c[i++] = *ecbmsg++; 5781 5782 while (shift >= 0) { 5783 mask = (uintptr_t)0xf << shift; 5784 5785 if (val >= ((uintptr_t)1 << shift)) 5786 c[i++] = "0123456789abcdef"[(val & mask) >> shift]; 5787 shift -= 4; 5788 } 5789 5790 c[i++] = ')'; 5791 c[i] = '\0'; 5792 5793#if defined(sun) 5794 debug_enter(c); 5795#else 5796 kdb_enter(KDB_WHY_DTRACE, "breakpoint action"); 5797#endif 5798} 5799 5800static void 5801dtrace_action_panic(dtrace_ecb_t *ecb) 5802{ 5803 dtrace_probe_t *probe = ecb->dte_probe; 5804 5805 /* 5806 * It's impossible to be taking action on the NULL probe. 5807 */ 5808 ASSERT(probe != NULL); 5809 5810 if (dtrace_destructive_disallow) 5811 return; 5812 5813 if (dtrace_panicked != NULL) 5814 return; 5815 5816 if (dtrace_casptr(&dtrace_panicked, NULL, curthread) != NULL) 5817 return; 5818 5819 /* 5820 * We won the right to panic. (We want to be sure that only one 5821 * thread calls panic() from dtrace_probe(), and that panic() is 5822 * called exactly once.) 5823 */ 5824 dtrace_panic("dtrace: panic action at probe %s:%s:%s:%s (ecb %p)", 5825 probe->dtpr_provider->dtpv_name, probe->dtpr_mod, 5826 probe->dtpr_func, probe->dtpr_name, (void *)ecb); 5827} 5828 5829static void 5830dtrace_action_raise(uint64_t sig) 5831{ 5832 if (dtrace_destructive_disallow) 5833 return; 5834 5835 if (sig >= NSIG) { 5836 DTRACE_CPUFLAG_SET(CPU_DTRACE_ILLOP); 5837 return; 5838 } 5839 5840#if defined(sun) 5841 /* 5842 * raise() has a queue depth of 1 -- we ignore all subsequent 5843 * invocations of the raise() action. 5844 */ 5845 if (curthread->t_dtrace_sig == 0) 5846 curthread->t_dtrace_sig = (uint8_t)sig; 5847 5848 curthread->t_sig_check = 1; 5849 aston(curthread); 5850#else 5851 struct proc *p = curproc; 5852 PROC_LOCK(p); 5853 kern_psignal(p, sig); 5854 PROC_UNLOCK(p); 5855#endif 5856} 5857 5858static void 5859dtrace_action_stop(void) 5860{ 5861 if (dtrace_destructive_disallow) 5862 return; 5863 5864#if defined(sun) 5865 if (!curthread->t_dtrace_stop) { 5866 curthread->t_dtrace_stop = 1; 5867 curthread->t_sig_check = 1; 5868 aston(curthread); 5869 } 5870#else 5871 struct proc *p = curproc; 5872 PROC_LOCK(p); 5873 kern_psignal(p, SIGSTOP); 5874 PROC_UNLOCK(p); 5875#endif 5876} 5877 5878static void 5879dtrace_action_chill(dtrace_mstate_t *mstate, hrtime_t val) 5880{ 5881 hrtime_t now; 5882 volatile uint16_t *flags; 5883#if defined(sun) 5884 cpu_t *cpu = CPU; 5885#else 5886 cpu_t *cpu = &solaris_cpu[curcpu]; 5887#endif 5888 5889 if (dtrace_destructive_disallow) 5890 return; 5891 5892 flags = (volatile uint16_t *)&cpu_core[cpu->cpu_id].cpuc_dtrace_flags; 5893 5894 now = dtrace_gethrtime(); 5895 5896 if (now - cpu->cpu_dtrace_chillmark > dtrace_chill_interval) { 5897 /* 5898 * We need to advance the mark to the current time. 5899 */ 5900 cpu->cpu_dtrace_chillmark = now; 5901 cpu->cpu_dtrace_chilled = 0; 5902 } 5903 5904 /* 5905 * Now check to see if the requested chill time would take us over 5906 * the maximum amount of time allowed in the chill interval. (Or 5907 * worse, if the calculation itself induces overflow.) 5908 */ 5909 if (cpu->cpu_dtrace_chilled + val > dtrace_chill_max || 5910 cpu->cpu_dtrace_chilled + val < cpu->cpu_dtrace_chilled) { 5911 *flags |= CPU_DTRACE_ILLOP; 5912 return; 5913 } 5914 5915 while (dtrace_gethrtime() - now < val) 5916 continue; 5917 5918 /* 5919 * Normally, we assure that the value of the variable "timestamp" does 5920 * not change within an ECB. The presence of chill() represents an 5921 * exception to this rule, however. 5922 */ 5923 mstate->dtms_present &= ~DTRACE_MSTATE_TIMESTAMP; 5924 cpu->cpu_dtrace_chilled += val; 5925} 5926 5927static void 5928dtrace_action_ustack(dtrace_mstate_t *mstate, dtrace_state_t *state, 5929 uint64_t *buf, uint64_t arg) 5930{ 5931 int nframes = DTRACE_USTACK_NFRAMES(arg); 5932 int strsize = DTRACE_USTACK_STRSIZE(arg); 5933 uint64_t *pcs = &buf[1], *fps; 5934 char *str = (char *)&pcs[nframes]; 5935 int size, offs = 0, i, j; 5936 uintptr_t old = mstate->dtms_scratch_ptr, saved; 5937 uint16_t *flags = &cpu_core[curcpu].cpuc_dtrace_flags; 5938 char *sym; 5939 5940 /* 5941 * Should be taking a faster path if string space has not been 5942 * allocated. 5943 */ 5944 ASSERT(strsize != 0); 5945 5946 /* 5947 * We will first allocate some temporary space for the frame pointers. 5948 */ 5949 fps = (uint64_t *)P2ROUNDUP(mstate->dtms_scratch_ptr, 8); 5950 size = (uintptr_t)fps - mstate->dtms_scratch_ptr + 5951 (nframes * sizeof (uint64_t)); 5952 5953 if (!DTRACE_INSCRATCH(mstate, size)) { 5954 /* 5955 * Not enough room for our frame pointers -- need to indicate 5956 * that we ran out of scratch space. 5957 */ 5958 DTRACE_CPUFLAG_SET(CPU_DTRACE_NOSCRATCH); 5959 return; 5960 } 5961 5962 mstate->dtms_scratch_ptr += size; 5963 saved = mstate->dtms_scratch_ptr; 5964 5965 /* 5966 * Now get a stack with both program counters and frame pointers. 5967 */ 5968 DTRACE_CPUFLAG_SET(CPU_DTRACE_NOFAULT); 5969 dtrace_getufpstack(buf, fps, nframes + 1); 5970 DTRACE_CPUFLAG_CLEAR(CPU_DTRACE_NOFAULT); 5971 5972 /* 5973 * If that faulted, we're cooked. 5974 */ 5975 if (*flags & CPU_DTRACE_FAULT) 5976 goto out; 5977 5978 /* 5979 * Now we want to walk up the stack, calling the USTACK helper. For 5980 * each iteration, we restore the scratch pointer. 5981 */ 5982 for (i = 0; i < nframes; i++) { 5983 mstate->dtms_scratch_ptr = saved; 5984 5985 if (offs >= strsize) 5986 break; 5987 5988 sym = (char *)(uintptr_t)dtrace_helper( 5989 DTRACE_HELPER_ACTION_USTACK, 5990 mstate, state, pcs[i], fps[i]); 5991 5992 /* 5993 * If we faulted while running the helper, we're going to 5994 * clear the fault and null out the corresponding string. 5995 */ 5996 if (*flags & CPU_DTRACE_FAULT) { 5997 *flags &= ~CPU_DTRACE_FAULT; 5998 str[offs++] = '\0'; 5999 continue; 6000 } 6001 6002 if (sym == NULL) { 6003 str[offs++] = '\0'; 6004 continue; 6005 } 6006 6007 DTRACE_CPUFLAG_SET(CPU_DTRACE_NOFAULT); 6008 6009 /* 6010 * Now copy in the string that the helper returned to us. 6011 */ 6012 for (j = 0; offs + j < strsize; j++) { 6013 if ((str[offs + j] = sym[j]) == '\0') 6014 break; 6015 } 6016 6017 DTRACE_CPUFLAG_CLEAR(CPU_DTRACE_NOFAULT); 6018 6019 offs += j + 1; 6020 } 6021 6022 if (offs >= strsize) { 6023 /* 6024 * If we didn't have room for all of the strings, we don't 6025 * abort processing -- this needn't be a fatal error -- but we 6026 * still want to increment a counter (dts_stkstroverflows) to 6027 * allow this condition to be warned about. (If this is from 6028 * a jstack() action, it is easily tuned via jstackstrsize.) 6029 */ 6030 dtrace_error(&state->dts_stkstroverflows); 6031 } 6032 6033 while (offs < strsize) 6034 str[offs++] = '\0'; 6035 6036out: 6037 mstate->dtms_scratch_ptr = old; 6038} 6039 6040/* 6041 * If you're looking for the epicenter of DTrace, you just found it. This 6042 * is the function called by the provider to fire a probe -- from which all 6043 * subsequent probe-context DTrace activity emanates. 6044 */ 6045void 6046dtrace_probe(dtrace_id_t id, uintptr_t arg0, uintptr_t arg1, 6047 uintptr_t arg2, uintptr_t arg3, uintptr_t arg4) 6048{ 6049 processorid_t cpuid; 6050 dtrace_icookie_t cookie; 6051 dtrace_probe_t *probe; 6052 dtrace_mstate_t mstate; 6053 dtrace_ecb_t *ecb; 6054 dtrace_action_t *act; 6055 intptr_t offs; 6056 size_t size; 6057 int vtime, onintr; 6058 volatile uint16_t *flags; 6059 hrtime_t now; 6060 6061 if (panicstr != NULL) 6062 return; 6063 6064#if defined(sun) 6065 /* 6066 * Kick out immediately if this CPU is still being born (in which case 6067 * curthread will be set to -1) or the current thread can't allow 6068 * probes in its current context. 6069 */ 6070 if (((uintptr_t)curthread & 1) || (curthread->t_flag & T_DONTDTRACE)) 6071 return; 6072#endif 6073 6074 cookie = dtrace_interrupt_disable(); 6075 probe = dtrace_probes[id - 1]; 6076 cpuid = curcpu; 6077 onintr = CPU_ON_INTR(CPU); 6078 6079 if (!onintr && probe->dtpr_predcache != DTRACE_CACHEIDNONE && 6080 probe->dtpr_predcache == curthread->t_predcache) { 6081 /* 6082 * We have hit in the predicate cache; we know that 6083 * this predicate would evaluate to be false. 6084 */ 6085 dtrace_interrupt_enable(cookie); 6086 return; 6087 } 6088 6089#if defined(sun) 6090 if (panic_quiesce) { 6091#else 6092 if (panicstr != NULL) { 6093#endif 6094 /* 6095 * We don't trace anything if we're panicking. 6096 */ 6097 dtrace_interrupt_enable(cookie); 6098 return; 6099 } 6100 6101 now = dtrace_gethrtime(); 6102 vtime = dtrace_vtime_references != 0; 6103 6104 if (vtime && curthread->t_dtrace_start) 6105 curthread->t_dtrace_vtime += now - curthread->t_dtrace_start; 6106 6107 mstate.dtms_difo = NULL; 6108 mstate.dtms_probe = probe; 6109 mstate.dtms_strtok = 0; 6110 mstate.dtms_arg[0] = arg0; 6111 mstate.dtms_arg[1] = arg1; 6112 mstate.dtms_arg[2] = arg2; 6113 mstate.dtms_arg[3] = arg3; 6114 mstate.dtms_arg[4] = arg4; 6115 6116 flags = (volatile uint16_t *)&cpu_core[cpuid].cpuc_dtrace_flags; 6117 6118 for (ecb = probe->dtpr_ecb; ecb != NULL; ecb = ecb->dte_next) { 6119 dtrace_predicate_t *pred = ecb->dte_predicate; 6120 dtrace_state_t *state = ecb->dte_state; 6121 dtrace_buffer_t *buf = &state->dts_buffer[cpuid]; 6122 dtrace_buffer_t *aggbuf = &state->dts_aggbuffer[cpuid]; 6123 dtrace_vstate_t *vstate = &state->dts_vstate; 6124 dtrace_provider_t *prov = probe->dtpr_provider; 6125 uint64_t tracememsize = 0; 6126 int committed = 0; 6127 caddr_t tomax; 6128 6129 /* 6130 * A little subtlety with the following (seemingly innocuous) 6131 * declaration of the automatic 'val': by looking at the 6132 * code, you might think that it could be declared in the 6133 * action processing loop, below. (That is, it's only used in 6134 * the action processing loop.) However, it must be declared 6135 * out of that scope because in the case of DIF expression 6136 * arguments to aggregating actions, one iteration of the 6137 * action loop will use the last iteration's value. 6138 */ 6139 uint64_t val = 0; 6140 6141 mstate.dtms_present = DTRACE_MSTATE_ARGS | DTRACE_MSTATE_PROBE; 6142 *flags &= ~CPU_DTRACE_ERROR; 6143 6144 if (prov == dtrace_provider) { 6145 /* 6146 * If dtrace itself is the provider of this probe, 6147 * we're only going to continue processing the ECB if 6148 * arg0 (the dtrace_state_t) is equal to the ECB's 6149 * creating state. (This prevents disjoint consumers 6150 * from seeing one another's metaprobes.) 6151 */ 6152 if (arg0 != (uint64_t)(uintptr_t)state) 6153 continue; 6154 } 6155 6156 if (state->dts_activity != DTRACE_ACTIVITY_ACTIVE) { 6157 /* 6158 * We're not currently active. If our provider isn't 6159 * the dtrace pseudo provider, we're not interested. 6160 */ 6161 if (prov != dtrace_provider) 6162 continue; 6163 6164 /* 6165 * Now we must further check if we are in the BEGIN 6166 * probe. If we are, we will only continue processing 6167 * if we're still in WARMUP -- if one BEGIN enabling 6168 * has invoked the exit() action, we don't want to 6169 * evaluate subsequent BEGIN enablings. 6170 */ 6171 if (probe->dtpr_id == dtrace_probeid_begin && 6172 state->dts_activity != DTRACE_ACTIVITY_WARMUP) { 6173 ASSERT(state->dts_activity == 6174 DTRACE_ACTIVITY_DRAINING); 6175 continue; 6176 } 6177 } 6178 6179 if (ecb->dte_cond) { 6180 /* 6181 * If the dte_cond bits indicate that this 6182 * consumer is only allowed to see user-mode firings 6183 * of this probe, call the provider's dtps_usermode() 6184 * entry point to check that the probe was fired 6185 * while in a user context. Skip this ECB if that's 6186 * not the case. 6187 */ 6188 if ((ecb->dte_cond & DTRACE_COND_USERMODE) && 6189 prov->dtpv_pops.dtps_usermode(prov->dtpv_arg, 6190 probe->dtpr_id, probe->dtpr_arg) == 0) 6191 continue; 6192 6193#if defined(sun) 6194 /* 6195 * This is more subtle than it looks. We have to be 6196 * absolutely certain that CRED() isn't going to 6197 * change out from under us so it's only legit to 6198 * examine that structure if we're in constrained 6199 * situations. Currently, the only times we'll this 6200 * check is if a non-super-user has enabled the 6201 * profile or syscall providers -- providers that 6202 * allow visibility of all processes. For the 6203 * profile case, the check above will ensure that 6204 * we're examining a user context. 6205 */ 6206 if (ecb->dte_cond & DTRACE_COND_OWNER) { 6207 cred_t *cr; 6208 cred_t *s_cr = 6209 ecb->dte_state->dts_cred.dcr_cred; 6210 proc_t *proc; 6211 6212 ASSERT(s_cr != NULL); 6213 6214 if ((cr = CRED()) == NULL || 6215 s_cr->cr_uid != cr->cr_uid || 6216 s_cr->cr_uid != cr->cr_ruid || 6217 s_cr->cr_uid != cr->cr_suid || 6218 s_cr->cr_gid != cr->cr_gid || 6219 s_cr->cr_gid != cr->cr_rgid || 6220 s_cr->cr_gid != cr->cr_sgid || 6221 (proc = ttoproc(curthread)) == NULL || 6222 (proc->p_flag & SNOCD)) 6223 continue; 6224 } 6225 6226 if (ecb->dte_cond & DTRACE_COND_ZONEOWNER) { 6227 cred_t *cr; 6228 cred_t *s_cr = 6229 ecb->dte_state->dts_cred.dcr_cred; 6230 6231 ASSERT(s_cr != NULL); 6232 6233 if ((cr = CRED()) == NULL || 6234 s_cr->cr_zone->zone_id != 6235 cr->cr_zone->zone_id) 6236 continue; 6237 } 6238#endif 6239 } 6240 6241 if (now - state->dts_alive > dtrace_deadman_timeout) { 6242 /* 6243 * We seem to be dead. Unless we (a) have kernel 6244 * destructive permissions (b) have explicitly enabled 6245 * destructive actions and (c) destructive actions have 6246 * not been disabled, we're going to transition into 6247 * the KILLED state, from which no further processing 6248 * on this state will be performed. 6249 */ 6250 if (!dtrace_priv_kernel_destructive(state) || 6251 !state->dts_cred.dcr_destructive || 6252 dtrace_destructive_disallow) { 6253 void *activity = &state->dts_activity; 6254 dtrace_activity_t current; 6255 6256 do { 6257 current = state->dts_activity; 6258 } while (dtrace_cas32(activity, current, 6259 DTRACE_ACTIVITY_KILLED) != current); 6260 6261 continue; 6262 } 6263 } 6264 6265 if ((offs = dtrace_buffer_reserve(buf, ecb->dte_needed, 6266 ecb->dte_alignment, state, &mstate)) < 0) 6267 continue; 6268 6269 tomax = buf->dtb_tomax; 6270 ASSERT(tomax != NULL); 6271 6272 if (ecb->dte_size != 0) { 6273 dtrace_rechdr_t dtrh; 6274 if (!(mstate.dtms_present & DTRACE_MSTATE_TIMESTAMP)) { 6275 mstate.dtms_timestamp = dtrace_gethrtime(); 6276 mstate.dtms_present |= DTRACE_MSTATE_TIMESTAMP; 6277 } 6278 ASSERT3U(ecb->dte_size, >=, sizeof (dtrace_rechdr_t)); 6279 dtrh.dtrh_epid = ecb->dte_epid; 6280 DTRACE_RECORD_STORE_TIMESTAMP(&dtrh, 6281 mstate.dtms_timestamp); 6282 *((dtrace_rechdr_t *)(tomax + offs)) = dtrh; 6283 } 6284 6285 mstate.dtms_epid = ecb->dte_epid; 6286 mstate.dtms_present |= DTRACE_MSTATE_EPID; 6287 6288 if (state->dts_cred.dcr_visible & DTRACE_CRV_KERNEL) 6289 mstate.dtms_access = DTRACE_ACCESS_KERNEL; 6290 else 6291 mstate.dtms_access = 0; 6292 6293 if (pred != NULL) { 6294 dtrace_difo_t *dp = pred->dtp_difo; 6295 int rval; 6296 6297 rval = dtrace_dif_emulate(dp, &mstate, vstate, state); 6298 6299 if (!(*flags & CPU_DTRACE_ERROR) && !rval) { 6300 dtrace_cacheid_t cid = probe->dtpr_predcache; 6301 6302 if (cid != DTRACE_CACHEIDNONE && !onintr) { 6303 /* 6304 * Update the predicate cache... 6305 */ 6306 ASSERT(cid == pred->dtp_cacheid); 6307 curthread->t_predcache = cid; 6308 } 6309 6310 continue; 6311 } 6312 } 6313 6314 for (act = ecb->dte_action; !(*flags & CPU_DTRACE_ERROR) && 6315 act != NULL; act = act->dta_next) { 6316 size_t valoffs; 6317 dtrace_difo_t *dp; 6318 dtrace_recdesc_t *rec = &act->dta_rec; 6319 6320 size = rec->dtrd_size; 6321 valoffs = offs + rec->dtrd_offset; 6322 6323 if (DTRACEACT_ISAGG(act->dta_kind)) { 6324 uint64_t v = 0xbad; 6325 dtrace_aggregation_t *agg; 6326 6327 agg = (dtrace_aggregation_t *)act; 6328 6329 if ((dp = act->dta_difo) != NULL) 6330 v = dtrace_dif_emulate(dp, 6331 &mstate, vstate, state); 6332 6333 if (*flags & CPU_DTRACE_ERROR) 6334 continue; 6335 6336 /* 6337 * Note that we always pass the expression 6338 * value from the previous iteration of the 6339 * action loop. This value will only be used 6340 * if there is an expression argument to the 6341 * aggregating action, denoted by the 6342 * dtag_hasarg field. 6343 */ 6344 dtrace_aggregate(agg, buf, 6345 offs, aggbuf, v, val); 6346 continue; 6347 } 6348 6349 switch (act->dta_kind) { 6350 case DTRACEACT_STOP: 6351 if (dtrace_priv_proc_destructive(state)) 6352 dtrace_action_stop(); 6353 continue; 6354 6355 case DTRACEACT_BREAKPOINT: 6356 if (dtrace_priv_kernel_destructive(state)) 6357 dtrace_action_breakpoint(ecb); 6358 continue; 6359 6360 case DTRACEACT_PANIC: 6361 if (dtrace_priv_kernel_destructive(state)) 6362 dtrace_action_panic(ecb); 6363 continue; 6364 6365 case DTRACEACT_STACK: 6366 if (!dtrace_priv_kernel(state)) 6367 continue; 6368 6369 dtrace_getpcstack((pc_t *)(tomax + valoffs), 6370 size / sizeof (pc_t), probe->dtpr_aframes, 6371 DTRACE_ANCHORED(probe) ? NULL : 6372 (uint32_t *)arg0); 6373 continue; 6374 6375 case DTRACEACT_JSTACK: 6376 case DTRACEACT_USTACK: 6377 if (!dtrace_priv_proc(state)) 6378 continue; 6379 6380 /* 6381 * See comment in DIF_VAR_PID. 6382 */ 6383 if (DTRACE_ANCHORED(mstate.dtms_probe) && 6384 CPU_ON_INTR(CPU)) { 6385 int depth = DTRACE_USTACK_NFRAMES( 6386 rec->dtrd_arg) + 1; 6387 6388 dtrace_bzero((void *)(tomax + valoffs), 6389 DTRACE_USTACK_STRSIZE(rec->dtrd_arg) 6390 + depth * sizeof (uint64_t)); 6391 6392 continue; 6393 } 6394 6395 if (DTRACE_USTACK_STRSIZE(rec->dtrd_arg) != 0 && 6396 curproc->p_dtrace_helpers != NULL) { 6397 /* 6398 * This is the slow path -- we have 6399 * allocated string space, and we're 6400 * getting the stack of a process that 6401 * has helpers. Call into a separate 6402 * routine to perform this processing. 6403 */ 6404 dtrace_action_ustack(&mstate, state, 6405 (uint64_t *)(tomax + valoffs), 6406 rec->dtrd_arg); 6407 continue; 6408 } 6409 6410 DTRACE_CPUFLAG_SET(CPU_DTRACE_NOFAULT); 6411 dtrace_getupcstack((uint64_t *) 6412 (tomax + valoffs), 6413 DTRACE_USTACK_NFRAMES(rec->dtrd_arg) + 1); 6414 DTRACE_CPUFLAG_CLEAR(CPU_DTRACE_NOFAULT); 6415 continue; 6416 6417 default: 6418 break; 6419 } 6420 6421 dp = act->dta_difo; 6422 ASSERT(dp != NULL); 6423 6424 val = dtrace_dif_emulate(dp, &mstate, vstate, state); 6425 6426 if (*flags & CPU_DTRACE_ERROR) 6427 continue; 6428 6429 switch (act->dta_kind) { 6430 case DTRACEACT_SPECULATE: { 6431 dtrace_rechdr_t *dtrh; 6432 6433 ASSERT(buf == &state->dts_buffer[cpuid]); 6434 buf = dtrace_speculation_buffer(state, 6435 cpuid, val); 6436 6437 if (buf == NULL) { 6438 *flags |= CPU_DTRACE_DROP; 6439 continue; 6440 } 6441 6442 offs = dtrace_buffer_reserve(buf, 6443 ecb->dte_needed, ecb->dte_alignment, 6444 state, NULL); 6445 6446 if (offs < 0) { 6447 *flags |= CPU_DTRACE_DROP; 6448 continue; 6449 } 6450 6451 tomax = buf->dtb_tomax; 6452 ASSERT(tomax != NULL); 6453 6454 if (ecb->dte_size == 0) 6455 continue; 6456 6457 ASSERT3U(ecb->dte_size, >=, 6458 sizeof (dtrace_rechdr_t)); 6459 dtrh = ((void *)(tomax + offs)); 6460 dtrh->dtrh_epid = ecb->dte_epid; 6461 /* 6462 * When the speculation is committed, all of 6463 * the records in the speculative buffer will 6464 * have their timestamps set to the commit 6465 * time. Until then, it is set to a sentinel 6466 * value, for debugability. 6467 */ 6468 DTRACE_RECORD_STORE_TIMESTAMP(dtrh, UINT64_MAX); 6469 continue; 6470 } 6471 6472 case DTRACEACT_PRINTM: { 6473 /* The DIF returns a 'memref'. */ 6474 uintptr_t *memref = (uintptr_t *)(uintptr_t) val; 6475 6476 /* Get the size from the memref. */ 6477 size = memref[1]; 6478 6479 /* 6480 * Check if the size exceeds the allocated 6481 * buffer size. 6482 */ 6483 if (size + sizeof(uintptr_t) > dp->dtdo_rtype.dtdt_size) { 6484 /* Flag a drop! */ 6485 *flags |= CPU_DTRACE_DROP; 6486 continue; 6487 } 6488 6489 /* Store the size in the buffer first. */ 6490 DTRACE_STORE(uintptr_t, tomax, 6491 valoffs, size); 6492 6493 /* 6494 * Offset the buffer address to the start 6495 * of the data. 6496 */ 6497 valoffs += sizeof(uintptr_t); 6498 6499 /* 6500 * Reset to the memory address rather than 6501 * the memref array, then let the BYREF 6502 * code below do the work to store the 6503 * memory data in the buffer. 6504 */ 6505 val = memref[0]; 6506 break; 6507 } 6508 6509 case DTRACEACT_PRINTT: { 6510 /* The DIF returns a 'typeref'. */ 6511 uintptr_t *typeref = (uintptr_t *)(uintptr_t) val; 6512 char c = '\0' + 1; 6513 size_t s; 6514 6515 /* 6516 * Get the type string length and round it 6517 * up so that the data that follows is 6518 * aligned for easy access. 6519 */ 6520 size_t typs = strlen((char *) typeref[2]) + 1; 6521 typs = roundup(typs, sizeof(uintptr_t)); 6522 6523 /* 6524 *Get the size from the typeref using the 6525 * number of elements and the type size. 6526 */ 6527 size = typeref[1] * typeref[3]; 6528 6529 /* 6530 * Check if the size exceeds the allocated 6531 * buffer size. 6532 */ 6533 if (size + typs + 2 * sizeof(uintptr_t) > dp->dtdo_rtype.dtdt_size) { 6534 /* Flag a drop! */ 6535 *flags |= CPU_DTRACE_DROP; 6536 6537 } 6538 6539 /* Store the size in the buffer first. */ 6540 DTRACE_STORE(uintptr_t, tomax, 6541 valoffs, size); 6542 valoffs += sizeof(uintptr_t); 6543 6544 /* Store the type size in the buffer. */ 6545 DTRACE_STORE(uintptr_t, tomax, 6546 valoffs, typeref[3]); 6547 valoffs += sizeof(uintptr_t); 6548 6549 val = typeref[2]; 6550 6551 for (s = 0; s < typs; s++) { 6552 if (c != '\0') 6553 c = dtrace_load8(val++); 6554 6555 DTRACE_STORE(uint8_t, tomax, 6556 valoffs++, c); 6557 } 6558 6559 /* 6560 * Reset to the memory address rather than 6561 * the typeref array, then let the BYREF 6562 * code below do the work to store the 6563 * memory data in the buffer. 6564 */ 6565 val = typeref[0]; 6566 break; 6567 } 6568 6569 case DTRACEACT_CHILL: 6570 if (dtrace_priv_kernel_destructive(state)) 6571 dtrace_action_chill(&mstate, val); 6572 continue; 6573 6574 case DTRACEACT_RAISE: 6575 if (dtrace_priv_proc_destructive(state)) 6576 dtrace_action_raise(val); 6577 continue; 6578 6579 case DTRACEACT_COMMIT: 6580 ASSERT(!committed); 6581 6582 /* 6583 * We need to commit our buffer state. 6584 */ 6585 if (ecb->dte_size) 6586 buf->dtb_offset = offs + ecb->dte_size; 6587 buf = &state->dts_buffer[cpuid]; 6588 dtrace_speculation_commit(state, cpuid, val); 6589 committed = 1; 6590 continue; 6591 6592 case DTRACEACT_DISCARD: 6593 dtrace_speculation_discard(state, cpuid, val); 6594 continue; 6595 6596 case DTRACEACT_DIFEXPR: 6597 case DTRACEACT_LIBACT: 6598 case DTRACEACT_PRINTF: 6599 case DTRACEACT_PRINTA: 6600 case DTRACEACT_SYSTEM: 6601 case DTRACEACT_FREOPEN: 6602 case DTRACEACT_TRACEMEM: 6603 break; 6604 6605 case DTRACEACT_TRACEMEM_DYNSIZE: 6606 tracememsize = val; 6607 break; 6608 6609 case DTRACEACT_SYM: 6610 case DTRACEACT_MOD: 6611 if (!dtrace_priv_kernel(state)) 6612 continue; 6613 break; 6614 6615 case DTRACEACT_USYM: 6616 case DTRACEACT_UMOD: 6617 case DTRACEACT_UADDR: { 6618#if defined(sun) 6619 struct pid *pid = curthread->t_procp->p_pidp; 6620#endif 6621 6622 if (!dtrace_priv_proc(state)) 6623 continue; 6624 6625 DTRACE_STORE(uint64_t, tomax, 6626#if defined(sun) 6627 valoffs, (uint64_t)pid->pid_id); 6628#else 6629 valoffs, (uint64_t) curproc->p_pid); 6630#endif 6631 DTRACE_STORE(uint64_t, tomax, 6632 valoffs + sizeof (uint64_t), val); 6633 6634 continue; 6635 } 6636 6637 case DTRACEACT_EXIT: { 6638 /* 6639 * For the exit action, we are going to attempt 6640 * to atomically set our activity to be 6641 * draining. If this fails (either because 6642 * another CPU has beat us to the exit action, 6643 * or because our current activity is something 6644 * other than ACTIVE or WARMUP), we will 6645 * continue. This assures that the exit action 6646 * can be successfully recorded at most once 6647 * when we're in the ACTIVE state. If we're 6648 * encountering the exit() action while in 6649 * COOLDOWN, however, we want to honor the new 6650 * status code. (We know that we're the only 6651 * thread in COOLDOWN, so there is no race.) 6652 */ 6653 void *activity = &state->dts_activity; 6654 dtrace_activity_t current = state->dts_activity; 6655 6656 if (current == DTRACE_ACTIVITY_COOLDOWN) 6657 break; 6658 6659 if (current != DTRACE_ACTIVITY_WARMUP) 6660 current = DTRACE_ACTIVITY_ACTIVE; 6661 6662 if (dtrace_cas32(activity, current, 6663 DTRACE_ACTIVITY_DRAINING) != current) { 6664 *flags |= CPU_DTRACE_DROP; 6665 continue; 6666 } 6667 6668 break; 6669 } 6670 6671 default: 6672 ASSERT(0); 6673 } 6674 6675 if (dp->dtdo_rtype.dtdt_flags & DIF_TF_BYREF) { 6676 uintptr_t end = valoffs + size; 6677 6678 if (tracememsize != 0 && 6679 valoffs + tracememsize < end) { 6680 end = valoffs + tracememsize; 6681 tracememsize = 0; 6682 } 6683 6684 if (!dtrace_vcanload((void *)(uintptr_t)val, 6685 &dp->dtdo_rtype, &mstate, vstate)) 6686 continue; 6687 6688 /* 6689 * If this is a string, we're going to only 6690 * load until we find the zero byte -- after 6691 * which we'll store zero bytes. 6692 */ 6693 if (dp->dtdo_rtype.dtdt_kind == 6694 DIF_TYPE_STRING) { 6695 char c = '\0' + 1; 6696 int intuple = act->dta_intuple; 6697 size_t s; 6698 6699 for (s = 0; s < size; s++) { 6700 if (c != '\0') 6701 c = dtrace_load8(val++); 6702 6703 DTRACE_STORE(uint8_t, tomax, 6704 valoffs++, c); 6705 6706 if (c == '\0' && intuple) 6707 break; 6708 } 6709 6710 continue; 6711 } 6712 6713 while (valoffs < end) { 6714 DTRACE_STORE(uint8_t, tomax, valoffs++, 6715 dtrace_load8(val++)); 6716 } 6717 6718 continue; 6719 } 6720 6721 switch (size) { 6722 case 0: 6723 break; 6724 6725 case sizeof (uint8_t): 6726 DTRACE_STORE(uint8_t, tomax, valoffs, val); 6727 break; 6728 case sizeof (uint16_t): 6729 DTRACE_STORE(uint16_t, tomax, valoffs, val); 6730 break; 6731 case sizeof (uint32_t): 6732 DTRACE_STORE(uint32_t, tomax, valoffs, val); 6733 break; 6734 case sizeof (uint64_t): 6735 DTRACE_STORE(uint64_t, tomax, valoffs, val); 6736 break; 6737 default: 6738 /* 6739 * Any other size should have been returned by 6740 * reference, not by value. 6741 */ 6742 ASSERT(0); 6743 break; 6744 } 6745 } 6746 6747 if (*flags & CPU_DTRACE_DROP) 6748 continue; 6749 6750 if (*flags & CPU_DTRACE_FAULT) { 6751 int ndx; 6752 dtrace_action_t *err; 6753 6754 buf->dtb_errors++; 6755 6756 if (probe->dtpr_id == dtrace_probeid_error) { 6757 /* 6758 * There's nothing we can do -- we had an 6759 * error on the error probe. We bump an 6760 * error counter to at least indicate that 6761 * this condition happened. 6762 */ 6763 dtrace_error(&state->dts_dblerrors); 6764 continue; 6765 } 6766 6767 if (vtime) { 6768 /* 6769 * Before recursing on dtrace_probe(), we 6770 * need to explicitly clear out our start 6771 * time to prevent it from being accumulated 6772 * into t_dtrace_vtime. 6773 */ 6774 curthread->t_dtrace_start = 0; 6775 } 6776 6777 /* 6778 * Iterate over the actions to figure out which action 6779 * we were processing when we experienced the error. 6780 * Note that act points _past_ the faulting action; if 6781 * act is ecb->dte_action, the fault was in the 6782 * predicate, if it's ecb->dte_action->dta_next it's 6783 * in action #1, and so on. 6784 */ 6785 for (err = ecb->dte_action, ndx = 0; 6786 err != act; err = err->dta_next, ndx++) 6787 continue; 6788 6789 dtrace_probe_error(state, ecb->dte_epid, ndx, 6790 (mstate.dtms_present & DTRACE_MSTATE_FLTOFFS) ? 6791 mstate.dtms_fltoffs : -1, DTRACE_FLAGS2FLT(*flags), 6792 cpu_core[cpuid].cpuc_dtrace_illval); 6793 6794 continue; 6795 } 6796 6797 if (!committed) 6798 buf->dtb_offset = offs + ecb->dte_size; 6799 } 6800 6801 if (vtime) 6802 curthread->t_dtrace_start = dtrace_gethrtime(); 6803 6804 dtrace_interrupt_enable(cookie); 6805} 6806 6807/* 6808 * DTrace Probe Hashing Functions 6809 * 6810 * The functions in this section (and indeed, the functions in remaining 6811 * sections) are not _called_ from probe context. (Any exceptions to this are 6812 * marked with a "Note:".) Rather, they are called from elsewhere in the 6813 * DTrace framework to look-up probes in, add probes to and remove probes from 6814 * the DTrace probe hashes. (Each probe is hashed by each element of the 6815 * probe tuple -- allowing for fast lookups, regardless of what was 6816 * specified.) 6817 */ 6818static uint_t 6819dtrace_hash_str(const char *p) 6820{ 6821 unsigned int g; 6822 uint_t hval = 0; 6823 6824 while (*p) { 6825 hval = (hval << 4) + *p++; 6826 if ((g = (hval & 0xf0000000)) != 0) 6827 hval ^= g >> 24; 6828 hval &= ~g; 6829 } 6830 return (hval); 6831} 6832 6833static dtrace_hash_t * 6834dtrace_hash_create(uintptr_t stroffs, uintptr_t nextoffs, uintptr_t prevoffs) 6835{ 6836 dtrace_hash_t *hash = kmem_zalloc(sizeof (dtrace_hash_t), KM_SLEEP); 6837 6838 hash->dth_stroffs = stroffs; 6839 hash->dth_nextoffs = nextoffs; 6840 hash->dth_prevoffs = prevoffs; 6841 6842 hash->dth_size = 1; 6843 hash->dth_mask = hash->dth_size - 1; 6844 6845 hash->dth_tab = kmem_zalloc(hash->dth_size * 6846 sizeof (dtrace_hashbucket_t *), KM_SLEEP); 6847 6848 return (hash); 6849} 6850 6851static void 6852dtrace_hash_destroy(dtrace_hash_t *hash) 6853{ 6854#ifdef DEBUG 6855 int i; 6856 6857 for (i = 0; i < hash->dth_size; i++) 6858 ASSERT(hash->dth_tab[i] == NULL); 6859#endif 6860 6861 kmem_free(hash->dth_tab, 6862 hash->dth_size * sizeof (dtrace_hashbucket_t *)); 6863 kmem_free(hash, sizeof (dtrace_hash_t)); 6864} 6865 6866static void 6867dtrace_hash_resize(dtrace_hash_t *hash) 6868{ 6869 int size = hash->dth_size, i, ndx; 6870 int new_size = hash->dth_size << 1; 6871 int new_mask = new_size - 1; 6872 dtrace_hashbucket_t **new_tab, *bucket, *next; 6873 6874 ASSERT((new_size & new_mask) == 0); 6875 6876 new_tab = kmem_zalloc(new_size * sizeof (void *), KM_SLEEP); 6877 6878 for (i = 0; i < size; i++) { 6879 for (bucket = hash->dth_tab[i]; bucket != NULL; bucket = next) { 6880 dtrace_probe_t *probe = bucket->dthb_chain; 6881 6882 ASSERT(probe != NULL); 6883 ndx = DTRACE_HASHSTR(hash, probe) & new_mask; 6884 6885 next = bucket->dthb_next; 6886 bucket->dthb_next = new_tab[ndx]; 6887 new_tab[ndx] = bucket; 6888 } 6889 } 6890 6891 kmem_free(hash->dth_tab, hash->dth_size * sizeof (void *)); 6892 hash->dth_tab = new_tab; 6893 hash->dth_size = new_size; 6894 hash->dth_mask = new_mask; 6895} 6896 6897static void 6898dtrace_hash_add(dtrace_hash_t *hash, dtrace_probe_t *new) 6899{ 6900 int hashval = DTRACE_HASHSTR(hash, new); 6901 int ndx = hashval & hash->dth_mask; 6902 dtrace_hashbucket_t *bucket = hash->dth_tab[ndx]; 6903 dtrace_probe_t **nextp, **prevp; 6904 6905 for (; bucket != NULL; bucket = bucket->dthb_next) { 6906 if (DTRACE_HASHEQ(hash, bucket->dthb_chain, new)) 6907 goto add; 6908 } 6909 6910 if ((hash->dth_nbuckets >> 1) > hash->dth_size) { 6911 dtrace_hash_resize(hash); 6912 dtrace_hash_add(hash, new); 6913 return; 6914 } 6915 6916 bucket = kmem_zalloc(sizeof (dtrace_hashbucket_t), KM_SLEEP); 6917 bucket->dthb_next = hash->dth_tab[ndx]; 6918 hash->dth_tab[ndx] = bucket; 6919 hash->dth_nbuckets++; 6920 6921add: 6922 nextp = DTRACE_HASHNEXT(hash, new); 6923 ASSERT(*nextp == NULL && *(DTRACE_HASHPREV(hash, new)) == NULL); 6924 *nextp = bucket->dthb_chain; 6925 6926 if (bucket->dthb_chain != NULL) { 6927 prevp = DTRACE_HASHPREV(hash, bucket->dthb_chain); 6928 ASSERT(*prevp == NULL); 6929 *prevp = new; 6930 } 6931 6932 bucket->dthb_chain = new; 6933 bucket->dthb_len++; 6934} 6935 6936static dtrace_probe_t * 6937dtrace_hash_lookup(dtrace_hash_t *hash, dtrace_probe_t *template) 6938{ 6939 int hashval = DTRACE_HASHSTR(hash, template); 6940 int ndx = hashval & hash->dth_mask; 6941 dtrace_hashbucket_t *bucket = hash->dth_tab[ndx]; 6942 6943 for (; bucket != NULL; bucket = bucket->dthb_next) { 6944 if (DTRACE_HASHEQ(hash, bucket->dthb_chain, template)) 6945 return (bucket->dthb_chain); 6946 } 6947 6948 return (NULL); 6949} 6950 6951static int 6952dtrace_hash_collisions(dtrace_hash_t *hash, dtrace_probe_t *template) 6953{ 6954 int hashval = DTRACE_HASHSTR(hash, template); 6955 int ndx = hashval & hash->dth_mask; 6956 dtrace_hashbucket_t *bucket = hash->dth_tab[ndx]; 6957 6958 for (; bucket != NULL; bucket = bucket->dthb_next) { 6959 if (DTRACE_HASHEQ(hash, bucket->dthb_chain, template)) 6960 return (bucket->dthb_len); 6961 } 6962 6963 return (0); 6964} 6965 6966static void 6967dtrace_hash_remove(dtrace_hash_t *hash, dtrace_probe_t *probe) 6968{ 6969 int ndx = DTRACE_HASHSTR(hash, probe) & hash->dth_mask; 6970 dtrace_hashbucket_t *bucket = hash->dth_tab[ndx]; 6971 6972 dtrace_probe_t **prevp = DTRACE_HASHPREV(hash, probe); 6973 dtrace_probe_t **nextp = DTRACE_HASHNEXT(hash, probe); 6974 6975 /* 6976 * Find the bucket that we're removing this probe from. 6977 */ 6978 for (; bucket != NULL; bucket = bucket->dthb_next) { 6979 if (DTRACE_HASHEQ(hash, bucket->dthb_chain, probe)) 6980 break; 6981 } 6982 6983 ASSERT(bucket != NULL); 6984 6985 if (*prevp == NULL) { 6986 if (*nextp == NULL) { 6987 /* 6988 * The removed probe was the only probe on this 6989 * bucket; we need to remove the bucket. 6990 */ 6991 dtrace_hashbucket_t *b = hash->dth_tab[ndx]; 6992 6993 ASSERT(bucket->dthb_chain == probe); 6994 ASSERT(b != NULL); 6995 6996 if (b == bucket) { 6997 hash->dth_tab[ndx] = bucket->dthb_next; 6998 } else { 6999 while (b->dthb_next != bucket) 7000 b = b->dthb_next; 7001 b->dthb_next = bucket->dthb_next; 7002 } 7003 7004 ASSERT(hash->dth_nbuckets > 0); 7005 hash->dth_nbuckets--; 7006 kmem_free(bucket, sizeof (dtrace_hashbucket_t)); 7007 return; 7008 } 7009 7010 bucket->dthb_chain = *nextp; 7011 } else { 7012 *(DTRACE_HASHNEXT(hash, *prevp)) = *nextp; 7013 } 7014 7015 if (*nextp != NULL) 7016 *(DTRACE_HASHPREV(hash, *nextp)) = *prevp; 7017} 7018 7019/* 7020 * DTrace Utility Functions 7021 * 7022 * These are random utility functions that are _not_ called from probe context. 7023 */ 7024static int 7025dtrace_badattr(const dtrace_attribute_t *a) 7026{ 7027 return (a->dtat_name > DTRACE_STABILITY_MAX || 7028 a->dtat_data > DTRACE_STABILITY_MAX || 7029 a->dtat_class > DTRACE_CLASS_MAX); 7030} 7031 7032/* 7033 * Return a duplicate copy of a string. If the specified string is NULL, 7034 * this function returns a zero-length string. 7035 */ 7036static char * 7037dtrace_strdup(const char *str) 7038{ 7039 char *new = kmem_zalloc((str != NULL ? strlen(str) : 0) + 1, KM_SLEEP); 7040 7041 if (str != NULL) 7042 (void) strcpy(new, str); 7043 7044 return (new); 7045} 7046 7047#define DTRACE_ISALPHA(c) \ 7048 (((c) >= 'a' && (c) <= 'z') || ((c) >= 'A' && (c) <= 'Z')) 7049 7050static int 7051dtrace_badname(const char *s) 7052{ 7053 char c; 7054 7055 if (s == NULL || (c = *s++) == '\0') 7056 return (0); 7057 7058 if (!DTRACE_ISALPHA(c) && c != '-' && c != '_' && c != '.') 7059 return (1); 7060 7061 while ((c = *s++) != '\0') { 7062 if (!DTRACE_ISALPHA(c) && (c < '0' || c > '9') && 7063 c != '-' && c != '_' && c != '.' && c != '`') 7064 return (1); 7065 } 7066 7067 return (0); 7068} 7069 7070static void 7071dtrace_cred2priv(cred_t *cr, uint32_t *privp, uid_t *uidp, zoneid_t *zoneidp) 7072{ 7073 uint32_t priv; 7074 7075#if defined(sun) 7076 if (cr == NULL || PRIV_POLICY_ONLY(cr, PRIV_ALL, B_FALSE)) { 7077 /* 7078 * For DTRACE_PRIV_ALL, the uid and zoneid don't matter. 7079 */ 7080 priv = DTRACE_PRIV_ALL; 7081 } else { 7082 *uidp = crgetuid(cr); 7083 *zoneidp = crgetzoneid(cr); 7084 7085 priv = 0; 7086 if (PRIV_POLICY_ONLY(cr, PRIV_DTRACE_KERNEL, B_FALSE)) 7087 priv |= DTRACE_PRIV_KERNEL | DTRACE_PRIV_USER; 7088 else if (PRIV_POLICY_ONLY(cr, PRIV_DTRACE_USER, B_FALSE)) 7089 priv |= DTRACE_PRIV_USER; 7090 if (PRIV_POLICY_ONLY(cr, PRIV_DTRACE_PROC, B_FALSE)) 7091 priv |= DTRACE_PRIV_PROC; 7092 if (PRIV_POLICY_ONLY(cr, PRIV_PROC_OWNER, B_FALSE)) 7093 priv |= DTRACE_PRIV_OWNER; 7094 if (PRIV_POLICY_ONLY(cr, PRIV_PROC_ZONE, B_FALSE)) 7095 priv |= DTRACE_PRIV_ZONEOWNER; 7096 } 7097#else 7098 priv = DTRACE_PRIV_ALL; 7099#endif 7100 7101 *privp = priv; 7102} 7103 7104#ifdef DTRACE_ERRDEBUG 7105static void 7106dtrace_errdebug(const char *str) 7107{ 7108 int hval = dtrace_hash_str(str) % DTRACE_ERRHASHSZ; 7109 int occupied = 0; 7110 7111 mutex_enter(&dtrace_errlock); 7112 dtrace_errlast = str; 7113 dtrace_errthread = curthread; 7114 7115 while (occupied++ < DTRACE_ERRHASHSZ) { 7116 if (dtrace_errhash[hval].dter_msg == str) { 7117 dtrace_errhash[hval].dter_count++; 7118 goto out; 7119 } 7120 7121 if (dtrace_errhash[hval].dter_msg != NULL) { 7122 hval = (hval + 1) % DTRACE_ERRHASHSZ; 7123 continue; 7124 } 7125 7126 dtrace_errhash[hval].dter_msg = str; 7127 dtrace_errhash[hval].dter_count = 1; 7128 goto out; 7129 } 7130 7131 panic("dtrace: undersized error hash"); 7132out: 7133 mutex_exit(&dtrace_errlock); 7134} 7135#endif 7136 7137/* 7138 * DTrace Matching Functions 7139 * 7140 * These functions are used to match groups of probes, given some elements of 7141 * a probe tuple, or some globbed expressions for elements of a probe tuple. 7142 */ 7143static int 7144dtrace_match_priv(const dtrace_probe_t *prp, uint32_t priv, uid_t uid, 7145 zoneid_t zoneid) 7146{ 7147 if (priv != DTRACE_PRIV_ALL) { 7148 uint32_t ppriv = prp->dtpr_provider->dtpv_priv.dtpp_flags; 7149 uint32_t match = priv & ppriv; 7150 7151 /* 7152 * No PRIV_DTRACE_* privileges... 7153 */ 7154 if ((priv & (DTRACE_PRIV_PROC | DTRACE_PRIV_USER | 7155 DTRACE_PRIV_KERNEL)) == 0) 7156 return (0); 7157 7158 /* 7159 * No matching bits, but there were bits to match... 7160 */ 7161 if (match == 0 && ppriv != 0) 7162 return (0); 7163 7164 /* 7165 * Need to have permissions to the process, but don't... 7166 */ 7167 if (((ppriv & ~match) & DTRACE_PRIV_OWNER) != 0 && 7168 uid != prp->dtpr_provider->dtpv_priv.dtpp_uid) { 7169 return (0); 7170 } 7171 7172 /* 7173 * Need to be in the same zone unless we possess the 7174 * privilege to examine all zones. 7175 */ 7176 if (((ppriv & ~match) & DTRACE_PRIV_ZONEOWNER) != 0 && 7177 zoneid != prp->dtpr_provider->dtpv_priv.dtpp_zoneid) { 7178 return (0); 7179 } 7180 } 7181 7182 return (1); 7183} 7184 7185/* 7186 * dtrace_match_probe compares a dtrace_probe_t to a pre-compiled key, which 7187 * consists of input pattern strings and an ops-vector to evaluate them. 7188 * This function returns >0 for match, 0 for no match, and <0 for error. 7189 */ 7190static int 7191dtrace_match_probe(const dtrace_probe_t *prp, const dtrace_probekey_t *pkp, 7192 uint32_t priv, uid_t uid, zoneid_t zoneid) 7193{ 7194 dtrace_provider_t *pvp = prp->dtpr_provider; 7195 int rv; 7196 7197 if (pvp->dtpv_defunct) 7198 return (0); 7199 7200 if ((rv = pkp->dtpk_pmatch(pvp->dtpv_name, pkp->dtpk_prov, 0)) <= 0) 7201 return (rv); 7202 7203 if ((rv = pkp->dtpk_mmatch(prp->dtpr_mod, pkp->dtpk_mod, 0)) <= 0) 7204 return (rv); 7205 7206 if ((rv = pkp->dtpk_fmatch(prp->dtpr_func, pkp->dtpk_func, 0)) <= 0) 7207 return (rv); 7208 7209 if ((rv = pkp->dtpk_nmatch(prp->dtpr_name, pkp->dtpk_name, 0)) <= 0) 7210 return (rv); 7211 7212 if (dtrace_match_priv(prp, priv, uid, zoneid) == 0) 7213 return (0); 7214 7215 return (rv); 7216} 7217 7218/* 7219 * dtrace_match_glob() is a safe kernel implementation of the gmatch(3GEN) 7220 * interface for matching a glob pattern 'p' to an input string 's'. Unlike 7221 * libc's version, the kernel version only applies to 8-bit ASCII strings. 7222 * In addition, all of the recursion cases except for '*' matching have been 7223 * unwound. For '*', we still implement recursive evaluation, but a depth 7224 * counter is maintained and matching is aborted if we recurse too deep. 7225 * The function returns 0 if no match, >0 if match, and <0 if recursion error. 7226 */ 7227static int 7228dtrace_match_glob(const char *s, const char *p, int depth) 7229{ 7230 const char *olds; 7231 char s1, c; 7232 int gs; 7233 7234 if (depth > DTRACE_PROBEKEY_MAXDEPTH) 7235 return (-1); 7236 7237 if (s == NULL) 7238 s = ""; /* treat NULL as empty string */ 7239 7240top: 7241 olds = s; 7242 s1 = *s++; 7243 7244 if (p == NULL) 7245 return (0); 7246 7247 if ((c = *p++) == '\0') 7248 return (s1 == '\0'); 7249 7250 switch (c) { 7251 case '[': { 7252 int ok = 0, notflag = 0; 7253 char lc = '\0'; 7254 7255 if (s1 == '\0') 7256 return (0); 7257 7258 if (*p == '!') { 7259 notflag = 1; 7260 p++; 7261 } 7262 7263 if ((c = *p++) == '\0') 7264 return (0); 7265 7266 do { 7267 if (c == '-' && lc != '\0' && *p != ']') { 7268 if ((c = *p++) == '\0') 7269 return (0); 7270 if (c == '\\' && (c = *p++) == '\0') 7271 return (0); 7272 7273 if (notflag) { 7274 if (s1 < lc || s1 > c) 7275 ok++; 7276 else 7277 return (0); 7278 } else if (lc <= s1 && s1 <= c) 7279 ok++; 7280 7281 } else if (c == '\\' && (c = *p++) == '\0') 7282 return (0); 7283 7284 lc = c; /* save left-hand 'c' for next iteration */ 7285 7286 if (notflag) { 7287 if (s1 != c) 7288 ok++; 7289 else 7290 return (0); 7291 } else if (s1 == c) 7292 ok++; 7293 7294 if ((c = *p++) == '\0') 7295 return (0); 7296 7297 } while (c != ']'); 7298 7299 if (ok) 7300 goto top; 7301 7302 return (0); 7303 } 7304 7305 case '\\': 7306 if ((c = *p++) == '\0') 7307 return (0); 7308 /*FALLTHRU*/ 7309 7310 default: 7311 if (c != s1) 7312 return (0); 7313 /*FALLTHRU*/ 7314 7315 case '?': 7316 if (s1 != '\0') 7317 goto top; 7318 return (0); 7319 7320 case '*': 7321 while (*p == '*') 7322 p++; /* consecutive *'s are identical to a single one */ 7323 7324 if (*p == '\0') 7325 return (1); 7326 7327 for (s = olds; *s != '\0'; s++) { 7328 if ((gs = dtrace_match_glob(s, p, depth + 1)) != 0) 7329 return (gs); 7330 } 7331 7332 return (0); 7333 } 7334} 7335 7336/*ARGSUSED*/ 7337static int 7338dtrace_match_string(const char *s, const char *p, int depth) 7339{ 7340 return (s != NULL && strcmp(s, p) == 0); 7341} 7342 7343/*ARGSUSED*/ 7344static int 7345dtrace_match_nul(const char *s, const char *p, int depth) 7346{ 7347 return (1); /* always match the empty pattern */ 7348} 7349 7350/*ARGSUSED*/ 7351static int 7352dtrace_match_nonzero(const char *s, const char *p, int depth) 7353{ 7354 return (s != NULL && s[0] != '\0'); 7355} 7356 7357static int 7358dtrace_match(const dtrace_probekey_t *pkp, uint32_t priv, uid_t uid, 7359 zoneid_t zoneid, int (*matched)(dtrace_probe_t *, void *), void *arg) 7360{ 7361 dtrace_probe_t template, *probe; 7362 dtrace_hash_t *hash = NULL; 7363 int len, best = INT_MAX, nmatched = 0; 7364 dtrace_id_t i; 7365 7366 ASSERT(MUTEX_HELD(&dtrace_lock)); 7367 7368 /* 7369 * If the probe ID is specified in the key, just lookup by ID and 7370 * invoke the match callback once if a matching probe is found. 7371 */ 7372 if (pkp->dtpk_id != DTRACE_IDNONE) { 7373 if ((probe = dtrace_probe_lookup_id(pkp->dtpk_id)) != NULL && 7374 dtrace_match_probe(probe, pkp, priv, uid, zoneid) > 0) { 7375 (void) (*matched)(probe, arg); 7376 nmatched++; 7377 } 7378 return (nmatched); 7379 } 7380 7381 template.dtpr_mod = (char *)pkp->dtpk_mod; 7382 template.dtpr_func = (char *)pkp->dtpk_func; 7383 template.dtpr_name = (char *)pkp->dtpk_name; 7384 7385 /* 7386 * We want to find the most distinct of the module name, function 7387 * name, and name. So for each one that is not a glob pattern or 7388 * empty string, we perform a lookup in the corresponding hash and 7389 * use the hash table with the fewest collisions to do our search. 7390 */ 7391 if (pkp->dtpk_mmatch == &dtrace_match_string && 7392 (len = dtrace_hash_collisions(dtrace_bymod, &template)) < best) { 7393 best = len; 7394 hash = dtrace_bymod; 7395 } 7396 7397 if (pkp->dtpk_fmatch == &dtrace_match_string && 7398 (len = dtrace_hash_collisions(dtrace_byfunc, &template)) < best) { 7399 best = len; 7400 hash = dtrace_byfunc; 7401 } 7402 7403 if (pkp->dtpk_nmatch == &dtrace_match_string && 7404 (len = dtrace_hash_collisions(dtrace_byname, &template)) < best) { 7405 best = len; 7406 hash = dtrace_byname; 7407 } 7408 7409 /* 7410 * If we did not select a hash table, iterate over every probe and 7411 * invoke our callback for each one that matches our input probe key. 7412 */ 7413 if (hash == NULL) { 7414 for (i = 0; i < dtrace_nprobes; i++) { 7415 if ((probe = dtrace_probes[i]) == NULL || 7416 dtrace_match_probe(probe, pkp, priv, uid, 7417 zoneid) <= 0) 7418 continue; 7419 7420 nmatched++; 7421 7422 if ((*matched)(probe, arg) != DTRACE_MATCH_NEXT) 7423 break; 7424 } 7425 7426 return (nmatched); 7427 } 7428 7429 /* 7430 * If we selected a hash table, iterate over each probe of the same key 7431 * name and invoke the callback for every probe that matches the other 7432 * attributes of our input probe key. 7433 */ 7434 for (probe = dtrace_hash_lookup(hash, &template); probe != NULL; 7435 probe = *(DTRACE_HASHNEXT(hash, probe))) { 7436 7437 if (dtrace_match_probe(probe, pkp, priv, uid, zoneid) <= 0) 7438 continue; 7439 7440 nmatched++; 7441 7442 if ((*matched)(probe, arg) != DTRACE_MATCH_NEXT) 7443 break; 7444 } 7445 7446 return (nmatched); 7447} 7448 7449/* 7450 * Return the function pointer dtrace_probecmp() should use to compare the 7451 * specified pattern with a string. For NULL or empty patterns, we select 7452 * dtrace_match_nul(). For glob pattern strings, we use dtrace_match_glob(). 7453 * For non-empty non-glob strings, we use dtrace_match_string(). 7454 */ 7455static dtrace_probekey_f * 7456dtrace_probekey_func(const char *p) 7457{ 7458 char c; 7459 7460 if (p == NULL || *p == '\0') 7461 return (&dtrace_match_nul); 7462 7463 while ((c = *p++) != '\0') { 7464 if (c == '[' || c == '?' || c == '*' || c == '\\') 7465 return (&dtrace_match_glob); 7466 } 7467 7468 return (&dtrace_match_string); 7469} 7470 7471/* 7472 * Build a probe comparison key for use with dtrace_match_probe() from the 7473 * given probe description. By convention, a null key only matches anchored 7474 * probes: if each field is the empty string, reset dtpk_fmatch to 7475 * dtrace_match_nonzero(). 7476 */ 7477static void 7478dtrace_probekey(dtrace_probedesc_t *pdp, dtrace_probekey_t *pkp) 7479{ 7480 pkp->dtpk_prov = pdp->dtpd_provider; 7481 pkp->dtpk_pmatch = dtrace_probekey_func(pdp->dtpd_provider); 7482 7483 pkp->dtpk_mod = pdp->dtpd_mod; 7484 pkp->dtpk_mmatch = dtrace_probekey_func(pdp->dtpd_mod); 7485 7486 pkp->dtpk_func = pdp->dtpd_func; 7487 pkp->dtpk_fmatch = dtrace_probekey_func(pdp->dtpd_func); 7488 7489 pkp->dtpk_name = pdp->dtpd_name; 7490 pkp->dtpk_nmatch = dtrace_probekey_func(pdp->dtpd_name); 7491 7492 pkp->dtpk_id = pdp->dtpd_id; 7493 7494 if (pkp->dtpk_id == DTRACE_IDNONE && 7495 pkp->dtpk_pmatch == &dtrace_match_nul && 7496 pkp->dtpk_mmatch == &dtrace_match_nul && 7497 pkp->dtpk_fmatch == &dtrace_match_nul && 7498 pkp->dtpk_nmatch == &dtrace_match_nul) 7499 pkp->dtpk_fmatch = &dtrace_match_nonzero; 7500} 7501 7502/* 7503 * DTrace Provider-to-Framework API Functions 7504 * 7505 * These functions implement much of the Provider-to-Framework API, as 7506 * described in <sys/dtrace.h>. The parts of the API not in this section are 7507 * the functions in the API for probe management (found below), and 7508 * dtrace_probe() itself (found above). 7509 */ 7510 7511/* 7512 * Register the calling provider with the DTrace framework. This should 7513 * generally be called by DTrace providers in their attach(9E) entry point. 7514 */ 7515int 7516dtrace_register(const char *name, const dtrace_pattr_t *pap, uint32_t priv, 7517 cred_t *cr, const dtrace_pops_t *pops, void *arg, dtrace_provider_id_t *idp) 7518{ 7519 dtrace_provider_t *provider; 7520 7521 if (name == NULL || pap == NULL || pops == NULL || idp == NULL) { 7522 cmn_err(CE_WARN, "failed to register provider '%s': invalid " 7523 "arguments", name ? name : "<NULL>"); 7524 return (EINVAL); 7525 } 7526 7527 if (name[0] == '\0' || dtrace_badname(name)) { 7528 cmn_err(CE_WARN, "failed to register provider '%s': invalid " 7529 "provider name", name); 7530 return (EINVAL); 7531 } 7532 7533 if ((pops->dtps_provide == NULL && pops->dtps_provide_module == NULL) || 7534 pops->dtps_enable == NULL || pops->dtps_disable == NULL || 7535 pops->dtps_destroy == NULL || 7536 ((pops->dtps_resume == NULL) != (pops->dtps_suspend == NULL))) { 7537 cmn_err(CE_WARN, "failed to register provider '%s': invalid " 7538 "provider ops", name); 7539 return (EINVAL); 7540 } 7541 7542 if (dtrace_badattr(&pap->dtpa_provider) || 7543 dtrace_badattr(&pap->dtpa_mod) || 7544 dtrace_badattr(&pap->dtpa_func) || 7545 dtrace_badattr(&pap->dtpa_name) || 7546 dtrace_badattr(&pap->dtpa_args)) { 7547 cmn_err(CE_WARN, "failed to register provider '%s': invalid " 7548 "provider attributes", name); 7549 return (EINVAL); 7550 } 7551 7552 if (priv & ~DTRACE_PRIV_ALL) { 7553 cmn_err(CE_WARN, "failed to register provider '%s': invalid " 7554 "privilege attributes", name); 7555 return (EINVAL); 7556 } 7557 7558 if ((priv & DTRACE_PRIV_KERNEL) && 7559 (priv & (DTRACE_PRIV_USER | DTRACE_PRIV_OWNER)) && 7560 pops->dtps_usermode == NULL) { 7561 cmn_err(CE_WARN, "failed to register provider '%s': need " 7562 "dtps_usermode() op for given privilege attributes", name); 7563 return (EINVAL); 7564 } 7565 7566 provider = kmem_zalloc(sizeof (dtrace_provider_t), KM_SLEEP); 7567 provider->dtpv_name = kmem_alloc(strlen(name) + 1, KM_SLEEP); 7568 (void) strcpy(provider->dtpv_name, name); 7569 7570 provider->dtpv_attr = *pap; 7571 provider->dtpv_priv.dtpp_flags = priv; 7572 if (cr != NULL) { 7573 provider->dtpv_priv.dtpp_uid = crgetuid(cr); 7574 provider->dtpv_priv.dtpp_zoneid = crgetzoneid(cr); 7575 } 7576 provider->dtpv_pops = *pops; 7577 7578 if (pops->dtps_provide == NULL) { 7579 ASSERT(pops->dtps_provide_module != NULL); 7580 provider->dtpv_pops.dtps_provide = 7581 (void (*)(void *, dtrace_probedesc_t *))dtrace_nullop; 7582 } 7583 7584 if (pops->dtps_provide_module == NULL) { 7585 ASSERT(pops->dtps_provide != NULL); 7586 provider->dtpv_pops.dtps_provide_module = 7587 (void (*)(void *, modctl_t *))dtrace_nullop; 7588 } 7589 7590 if (pops->dtps_suspend == NULL) { 7591 ASSERT(pops->dtps_resume == NULL); 7592 provider->dtpv_pops.dtps_suspend = 7593 (void (*)(void *, dtrace_id_t, void *))dtrace_nullop; 7594 provider->dtpv_pops.dtps_resume = 7595 (void (*)(void *, dtrace_id_t, void *))dtrace_nullop; 7596 } 7597 7598 provider->dtpv_arg = arg; 7599 *idp = (dtrace_provider_id_t)provider; 7600 7601 if (pops == &dtrace_provider_ops) { 7602 ASSERT(MUTEX_HELD(&dtrace_provider_lock)); 7603 ASSERT(MUTEX_HELD(&dtrace_lock)); 7604 ASSERT(dtrace_anon.dta_enabling == NULL); 7605 7606 /* 7607 * We make sure that the DTrace provider is at the head of 7608 * the provider chain. 7609 */ 7610 provider->dtpv_next = dtrace_provider; 7611 dtrace_provider = provider; 7612 return (0); 7613 } 7614 7615 mutex_enter(&dtrace_provider_lock); 7616 mutex_enter(&dtrace_lock); 7617 7618 /* 7619 * If there is at least one provider registered, we'll add this 7620 * provider after the first provider. 7621 */ 7622 if (dtrace_provider != NULL) { 7623 provider->dtpv_next = dtrace_provider->dtpv_next; 7624 dtrace_provider->dtpv_next = provider; 7625 } else { 7626 dtrace_provider = provider; 7627 } 7628 7629 if (dtrace_retained != NULL) { 7630 dtrace_enabling_provide(provider); 7631 7632 /* 7633 * Now we need to call dtrace_enabling_matchall() -- which 7634 * will acquire cpu_lock and dtrace_lock. We therefore need 7635 * to drop all of our locks before calling into it... 7636 */ 7637 mutex_exit(&dtrace_lock); 7638 mutex_exit(&dtrace_provider_lock); 7639 dtrace_enabling_matchall(); 7640 7641 return (0); 7642 } 7643 7644 mutex_exit(&dtrace_lock); 7645 mutex_exit(&dtrace_provider_lock); 7646 7647 return (0); 7648} 7649 7650/* 7651 * Unregister the specified provider from the DTrace framework. This should 7652 * generally be called by DTrace providers in their detach(9E) entry point. 7653 */ 7654int 7655dtrace_unregister(dtrace_provider_id_t id) 7656{ 7657 dtrace_provider_t *old = (dtrace_provider_t *)id; 7658 dtrace_provider_t *prev = NULL; 7659 int i, self = 0, noreap = 0; 7660 dtrace_probe_t *probe, *first = NULL; 7661 7662 if (old->dtpv_pops.dtps_enable == 7663 (void (*)(void *, dtrace_id_t, void *))dtrace_nullop) { 7664 /* 7665 * If DTrace itself is the provider, we're called with locks 7666 * already held. 7667 */ 7668 ASSERT(old == dtrace_provider); 7669#if defined(sun) 7670 ASSERT(dtrace_devi != NULL); 7671#endif 7672 ASSERT(MUTEX_HELD(&dtrace_provider_lock)); 7673 ASSERT(MUTEX_HELD(&dtrace_lock)); 7674 self = 1; 7675 7676 if (dtrace_provider->dtpv_next != NULL) { 7677 /* 7678 * There's another provider here; return failure. 7679 */ 7680 return (EBUSY); 7681 } 7682 } else { 7683 mutex_enter(&dtrace_provider_lock); 7684 mutex_enter(&mod_lock); 7685 mutex_enter(&dtrace_lock); 7686 } 7687 7688 /* 7689 * If anyone has /dev/dtrace open, or if there are anonymous enabled 7690 * probes, we refuse to let providers slither away, unless this 7691 * provider has already been explicitly invalidated. 7692 */ 7693 if (!old->dtpv_defunct && 7694 (dtrace_opens || (dtrace_anon.dta_state != NULL && 7695 dtrace_anon.dta_state->dts_necbs > 0))) { 7696 if (!self) { 7697 mutex_exit(&dtrace_lock); 7698 mutex_exit(&mod_lock); 7699 mutex_exit(&dtrace_provider_lock); 7700 } 7701 return (EBUSY); 7702 } 7703 7704 /* 7705 * Attempt to destroy the probes associated with this provider. 7706 */ 7707 for (i = 0; i < dtrace_nprobes; i++) { 7708 if ((probe = dtrace_probes[i]) == NULL) 7709 continue; 7710 7711 if (probe->dtpr_provider != old) 7712 continue; 7713 7714 if (probe->dtpr_ecb == NULL) 7715 continue; 7716 7717 /* 7718 * If we are trying to unregister a defunct provider, and the 7719 * provider was made defunct within the interval dictated by 7720 * dtrace_unregister_defunct_reap, we'll (asynchronously) 7721 * attempt to reap our enablings. To denote that the provider 7722 * should reattempt to unregister itself at some point in the 7723 * future, we will return a differentiable error code (EAGAIN 7724 * instead of EBUSY) in this case. 7725 */ 7726 if (dtrace_gethrtime() - old->dtpv_defunct > 7727 dtrace_unregister_defunct_reap) 7728 noreap = 1; 7729 7730 if (!self) { 7731 mutex_exit(&dtrace_lock); 7732 mutex_exit(&mod_lock); 7733 mutex_exit(&dtrace_provider_lock); 7734 } 7735 7736 if (noreap) 7737 return (EBUSY); 7738 7739 (void) taskq_dispatch(dtrace_taskq, 7740 (task_func_t *)dtrace_enabling_reap, NULL, TQ_SLEEP); 7741 7742 return (EAGAIN); 7743 } 7744 7745 /* 7746 * All of the probes for this provider are disabled; we can safely 7747 * remove all of them from their hash chains and from the probe array. 7748 */ 7749 for (i = 0; i < dtrace_nprobes; i++) { 7750 if ((probe = dtrace_probes[i]) == NULL) 7751 continue; 7752 7753 if (probe->dtpr_provider != old) 7754 continue; 7755 7756 dtrace_probes[i] = NULL; 7757 7758 dtrace_hash_remove(dtrace_bymod, probe); 7759 dtrace_hash_remove(dtrace_byfunc, probe); 7760 dtrace_hash_remove(dtrace_byname, probe); 7761 7762 if (first == NULL) { 7763 first = probe; 7764 probe->dtpr_nextmod = NULL; 7765 } else { 7766 probe->dtpr_nextmod = first; 7767 first = probe; 7768 } 7769 } 7770 7771 /* 7772 * The provider's probes have been removed from the hash chains and 7773 * from the probe array. Now issue a dtrace_sync() to be sure that 7774 * everyone has cleared out from any probe array processing. 7775 */ 7776 dtrace_sync(); 7777 7778 for (probe = first; probe != NULL; probe = first) { 7779 first = probe->dtpr_nextmod; 7780 7781 old->dtpv_pops.dtps_destroy(old->dtpv_arg, probe->dtpr_id, 7782 probe->dtpr_arg); 7783 kmem_free(probe->dtpr_mod, strlen(probe->dtpr_mod) + 1); 7784 kmem_free(probe->dtpr_func, strlen(probe->dtpr_func) + 1); 7785 kmem_free(probe->dtpr_name, strlen(probe->dtpr_name) + 1); 7786#if defined(sun) 7787 vmem_free(dtrace_arena, (void *)(uintptr_t)(probe->dtpr_id), 1); 7788#else 7789 free_unr(dtrace_arena, probe->dtpr_id); 7790#endif 7791 kmem_free(probe, sizeof (dtrace_probe_t)); 7792 } 7793 7794 if ((prev = dtrace_provider) == old) { 7795#if defined(sun) 7796 ASSERT(self || dtrace_devi == NULL); 7797 ASSERT(old->dtpv_next == NULL || dtrace_devi == NULL); 7798#endif 7799 dtrace_provider = old->dtpv_next; 7800 } else { 7801 while (prev != NULL && prev->dtpv_next != old) 7802 prev = prev->dtpv_next; 7803 7804 if (prev == NULL) { 7805 panic("attempt to unregister non-existent " 7806 "dtrace provider %p\n", (void *)id); 7807 } 7808 7809 prev->dtpv_next = old->dtpv_next; 7810 } 7811 7812 if (!self) { 7813 mutex_exit(&dtrace_lock); 7814 mutex_exit(&mod_lock); 7815 mutex_exit(&dtrace_provider_lock); 7816 } 7817 7818 kmem_free(old->dtpv_name, strlen(old->dtpv_name) + 1); 7819 kmem_free(old, sizeof (dtrace_provider_t)); 7820 7821 return (0); 7822} 7823 7824/* 7825 * Invalidate the specified provider. All subsequent probe lookups for the 7826 * specified provider will fail, but its probes will not be removed. 7827 */ 7828void 7829dtrace_invalidate(dtrace_provider_id_t id) 7830{ 7831 dtrace_provider_t *pvp = (dtrace_provider_t *)id; 7832 7833 ASSERT(pvp->dtpv_pops.dtps_enable != 7834 (void (*)(void *, dtrace_id_t, void *))dtrace_nullop); 7835 7836 mutex_enter(&dtrace_provider_lock); 7837 mutex_enter(&dtrace_lock); 7838 7839 pvp->dtpv_defunct = dtrace_gethrtime(); 7840 7841 mutex_exit(&dtrace_lock); 7842 mutex_exit(&dtrace_provider_lock); 7843} 7844 7845/* 7846 * Indicate whether or not DTrace has attached. 7847 */ 7848int 7849dtrace_attached(void) 7850{ 7851 /* 7852 * dtrace_provider will be non-NULL iff the DTrace driver has 7853 * attached. (It's non-NULL because DTrace is always itself a 7854 * provider.) 7855 */ 7856 return (dtrace_provider != NULL); 7857} 7858 7859/* 7860 * Remove all the unenabled probes for the given provider. This function is 7861 * not unlike dtrace_unregister(), except that it doesn't remove the provider 7862 * -- just as many of its associated probes as it can. 7863 */ 7864int 7865dtrace_condense(dtrace_provider_id_t id) 7866{ 7867 dtrace_provider_t *prov = (dtrace_provider_t *)id; 7868 int i; 7869 dtrace_probe_t *probe; 7870 7871 /* 7872 * Make sure this isn't the dtrace provider itself. 7873 */ 7874 ASSERT(prov->dtpv_pops.dtps_enable != 7875 (void (*)(void *, dtrace_id_t, void *))dtrace_nullop); 7876 7877 mutex_enter(&dtrace_provider_lock); 7878 mutex_enter(&dtrace_lock); 7879 7880 /* 7881 * Attempt to destroy the probes associated with this provider. 7882 */ 7883 for (i = 0; i < dtrace_nprobes; i++) { 7884 if ((probe = dtrace_probes[i]) == NULL) 7885 continue; 7886 7887 if (probe->dtpr_provider != prov) 7888 continue; 7889 7890 if (probe->dtpr_ecb != NULL) 7891 continue; 7892 7893 dtrace_probes[i] = NULL; 7894 7895 dtrace_hash_remove(dtrace_bymod, probe); 7896 dtrace_hash_remove(dtrace_byfunc, probe); 7897 dtrace_hash_remove(dtrace_byname, probe); 7898 7899 prov->dtpv_pops.dtps_destroy(prov->dtpv_arg, i + 1, 7900 probe->dtpr_arg); 7901 kmem_free(probe->dtpr_mod, strlen(probe->dtpr_mod) + 1); 7902 kmem_free(probe->dtpr_func, strlen(probe->dtpr_func) + 1); 7903 kmem_free(probe->dtpr_name, strlen(probe->dtpr_name) + 1); 7904 kmem_free(probe, sizeof (dtrace_probe_t)); 7905#if defined(sun) 7906 vmem_free(dtrace_arena, (void *)((uintptr_t)i + 1), 1); 7907#else 7908 free_unr(dtrace_arena, i + 1); 7909#endif 7910 } 7911 7912 mutex_exit(&dtrace_lock); 7913 mutex_exit(&dtrace_provider_lock); 7914 7915 return (0); 7916} 7917 7918/* 7919 * DTrace Probe Management Functions 7920 * 7921 * The functions in this section perform the DTrace probe management, 7922 * including functions to create probes, look-up probes, and call into the 7923 * providers to request that probes be provided. Some of these functions are 7924 * in the Provider-to-Framework API; these functions can be identified by the 7925 * fact that they are not declared "static". 7926 */ 7927 7928/* 7929 * Create a probe with the specified module name, function name, and name. 7930 */ 7931dtrace_id_t 7932dtrace_probe_create(dtrace_provider_id_t prov, const char *mod, 7933 const char *func, const char *name, int aframes, void *arg) 7934{ 7935 dtrace_probe_t *probe, **probes; 7936 dtrace_provider_t *provider = (dtrace_provider_t *)prov; 7937 dtrace_id_t id; 7938 7939 if (provider == dtrace_provider) { 7940 ASSERT(MUTEX_HELD(&dtrace_lock)); 7941 } else { 7942 mutex_enter(&dtrace_lock); 7943 } 7944 7945#if defined(sun) 7946 id = (dtrace_id_t)(uintptr_t)vmem_alloc(dtrace_arena, 1, 7947 VM_BESTFIT | VM_SLEEP); 7948#else 7949 id = alloc_unr(dtrace_arena); 7950#endif 7951 probe = kmem_zalloc(sizeof (dtrace_probe_t), KM_SLEEP); 7952 7953 probe->dtpr_id = id; 7954 probe->dtpr_gen = dtrace_probegen++; 7955 probe->dtpr_mod = dtrace_strdup(mod); 7956 probe->dtpr_func = dtrace_strdup(func); 7957 probe->dtpr_name = dtrace_strdup(name); 7958 probe->dtpr_arg = arg; 7959 probe->dtpr_aframes = aframes; 7960 probe->dtpr_provider = provider; 7961 7962 dtrace_hash_add(dtrace_bymod, probe); 7963 dtrace_hash_add(dtrace_byfunc, probe); 7964 dtrace_hash_add(dtrace_byname, probe); 7965 7966 if (id - 1 >= dtrace_nprobes) { 7967 size_t osize = dtrace_nprobes * sizeof (dtrace_probe_t *); 7968 size_t nsize = osize << 1; 7969 7970 if (nsize == 0) { 7971 ASSERT(osize == 0); 7972 ASSERT(dtrace_probes == NULL); 7973 nsize = sizeof (dtrace_probe_t *); 7974 } 7975 7976 probes = kmem_zalloc(nsize, KM_SLEEP); 7977 7978 if (dtrace_probes == NULL) { 7979 ASSERT(osize == 0); 7980 dtrace_probes = probes; 7981 dtrace_nprobes = 1; 7982 } else { 7983 dtrace_probe_t **oprobes = dtrace_probes; 7984 7985 bcopy(oprobes, probes, osize); 7986 dtrace_membar_producer(); 7987 dtrace_probes = probes; 7988 7989 dtrace_sync(); 7990 7991 /* 7992 * All CPUs are now seeing the new probes array; we can 7993 * safely free the old array. 7994 */ 7995 kmem_free(oprobes, osize); 7996 dtrace_nprobes <<= 1; 7997 } 7998 7999 ASSERT(id - 1 < dtrace_nprobes); 8000 } 8001 8002 ASSERT(dtrace_probes[id - 1] == NULL); 8003 dtrace_probes[id - 1] = probe; 8004 8005 if (provider != dtrace_provider) 8006 mutex_exit(&dtrace_lock); 8007 8008 return (id); 8009} 8010 8011static dtrace_probe_t * 8012dtrace_probe_lookup_id(dtrace_id_t id) 8013{ 8014 ASSERT(MUTEX_HELD(&dtrace_lock)); 8015 8016 if (id == 0 || id > dtrace_nprobes) 8017 return (NULL); 8018 8019 return (dtrace_probes[id - 1]); 8020} 8021 8022static int 8023dtrace_probe_lookup_match(dtrace_probe_t *probe, void *arg) 8024{ 8025 *((dtrace_id_t *)arg) = probe->dtpr_id; 8026 8027 return (DTRACE_MATCH_DONE); 8028} 8029 8030/* 8031 * Look up a probe based on provider and one or more of module name, function 8032 * name and probe name. 8033 */ 8034dtrace_id_t 8035dtrace_probe_lookup(dtrace_provider_id_t prid, char *mod, 8036 char *func, char *name) 8037{ 8038 dtrace_probekey_t pkey; 8039 dtrace_id_t id; 8040 int match; 8041 8042 pkey.dtpk_prov = ((dtrace_provider_t *)prid)->dtpv_name; 8043 pkey.dtpk_pmatch = &dtrace_match_string; 8044 pkey.dtpk_mod = mod; 8045 pkey.dtpk_mmatch = mod ? &dtrace_match_string : &dtrace_match_nul; 8046 pkey.dtpk_func = func; 8047 pkey.dtpk_fmatch = func ? &dtrace_match_string : &dtrace_match_nul; 8048 pkey.dtpk_name = name; 8049 pkey.dtpk_nmatch = name ? &dtrace_match_string : &dtrace_match_nul; 8050 pkey.dtpk_id = DTRACE_IDNONE; 8051 8052 mutex_enter(&dtrace_lock); 8053 match = dtrace_match(&pkey, DTRACE_PRIV_ALL, 0, 0, 8054 dtrace_probe_lookup_match, &id); 8055 mutex_exit(&dtrace_lock); 8056 8057 ASSERT(match == 1 || match == 0); 8058 return (match ? id : 0); 8059} 8060 8061/* 8062 * Returns the probe argument associated with the specified probe. 8063 */ 8064void * 8065dtrace_probe_arg(dtrace_provider_id_t id, dtrace_id_t pid) 8066{ 8067 dtrace_probe_t *probe; 8068 void *rval = NULL; 8069 8070 mutex_enter(&dtrace_lock); 8071 8072 if ((probe = dtrace_probe_lookup_id(pid)) != NULL && 8073 probe->dtpr_provider == (dtrace_provider_t *)id) 8074 rval = probe->dtpr_arg; 8075 8076 mutex_exit(&dtrace_lock); 8077 8078 return (rval); 8079} 8080 8081/* 8082 * Copy a probe into a probe description. 8083 */ 8084static void 8085dtrace_probe_description(const dtrace_probe_t *prp, dtrace_probedesc_t *pdp) 8086{ 8087 bzero(pdp, sizeof (dtrace_probedesc_t)); 8088 pdp->dtpd_id = prp->dtpr_id; 8089 8090 (void) strncpy(pdp->dtpd_provider, 8091 prp->dtpr_provider->dtpv_name, DTRACE_PROVNAMELEN - 1); 8092 8093 (void) strncpy(pdp->dtpd_mod, prp->dtpr_mod, DTRACE_MODNAMELEN - 1); 8094 (void) strncpy(pdp->dtpd_func, prp->dtpr_func, DTRACE_FUNCNAMELEN - 1); 8095 (void) strncpy(pdp->dtpd_name, prp->dtpr_name, DTRACE_NAMELEN - 1); 8096} 8097 8098/* 8099 * Called to indicate that a probe -- or probes -- should be provided by a 8100 * specfied provider. If the specified description is NULL, the provider will 8101 * be told to provide all of its probes. (This is done whenever a new 8102 * consumer comes along, or whenever a retained enabling is to be matched.) If 8103 * the specified description is non-NULL, the provider is given the 8104 * opportunity to dynamically provide the specified probe, allowing providers 8105 * to support the creation of probes on-the-fly. (So-called _autocreated_ 8106 * probes.) If the provider is NULL, the operations will be applied to all 8107 * providers; if the provider is non-NULL the operations will only be applied 8108 * to the specified provider. The dtrace_provider_lock must be held, and the 8109 * dtrace_lock must _not_ be held -- the provider's dtps_provide() operation 8110 * will need to grab the dtrace_lock when it reenters the framework through 8111 * dtrace_probe_lookup(), dtrace_probe_create(), etc. 8112 */ 8113static void 8114dtrace_probe_provide(dtrace_probedesc_t *desc, dtrace_provider_t *prv) 8115{ 8116#if defined(sun) 8117 modctl_t *ctl; 8118#endif 8119 int all = 0; 8120 8121 ASSERT(MUTEX_HELD(&dtrace_provider_lock)); 8122 8123 if (prv == NULL) { 8124 all = 1; 8125 prv = dtrace_provider; 8126 } 8127 8128 do { 8129 /* 8130 * First, call the blanket provide operation. 8131 */ 8132 prv->dtpv_pops.dtps_provide(prv->dtpv_arg, desc); 8133 8134 /* 8135 * Now call the per-module provide operation. We will grab 8136 * mod_lock to prevent the list from being modified. Note 8137 * that this also prevents the mod_busy bits from changing. 8138 * (mod_busy can only be changed with mod_lock held.) 8139 */ 8140 mutex_enter(&mod_lock); 8141 8142#if defined(sun) 8143 ctl = &modules; 8144 do { 8145 if (ctl->mod_busy || ctl->mod_mp == NULL) 8146 continue; 8147 8148 prv->dtpv_pops.dtps_provide_module(prv->dtpv_arg, ctl); 8149 8150 } while ((ctl = ctl->mod_next) != &modules); 8151#endif 8152 8153 mutex_exit(&mod_lock); 8154 } while (all && (prv = prv->dtpv_next) != NULL); 8155} 8156 8157#if defined(sun) 8158/* 8159 * Iterate over each probe, and call the Framework-to-Provider API function 8160 * denoted by offs. 8161 */ 8162static void 8163dtrace_probe_foreach(uintptr_t offs) 8164{ 8165 dtrace_provider_t *prov; 8166 void (*func)(void *, dtrace_id_t, void *); 8167 dtrace_probe_t *probe; 8168 dtrace_icookie_t cookie; 8169 int i; 8170 8171 /* 8172 * We disable interrupts to walk through the probe array. This is 8173 * safe -- the dtrace_sync() in dtrace_unregister() assures that we 8174 * won't see stale data. 8175 */ 8176 cookie = dtrace_interrupt_disable(); 8177 8178 for (i = 0; i < dtrace_nprobes; i++) { 8179 if ((probe = dtrace_probes[i]) == NULL) 8180 continue; 8181 8182 if (probe->dtpr_ecb == NULL) { 8183 /* 8184 * This probe isn't enabled -- don't call the function. 8185 */ 8186 continue; 8187 } 8188 8189 prov = probe->dtpr_provider; 8190 func = *((void(**)(void *, dtrace_id_t, void *)) 8191 ((uintptr_t)&prov->dtpv_pops + offs)); 8192 8193 func(prov->dtpv_arg, i + 1, probe->dtpr_arg); 8194 } 8195 8196 dtrace_interrupt_enable(cookie); 8197} 8198#endif 8199 8200static int 8201dtrace_probe_enable(dtrace_probedesc_t *desc, dtrace_enabling_t *enab) 8202{ 8203 dtrace_probekey_t pkey; 8204 uint32_t priv; 8205 uid_t uid; 8206 zoneid_t zoneid; 8207 8208 ASSERT(MUTEX_HELD(&dtrace_lock)); 8209 dtrace_ecb_create_cache = NULL; 8210 8211 if (desc == NULL) { 8212 /* 8213 * If we're passed a NULL description, we're being asked to 8214 * create an ECB with a NULL probe. 8215 */ 8216 (void) dtrace_ecb_create_enable(NULL, enab); 8217 return (0); 8218 } 8219 8220 dtrace_probekey(desc, &pkey); 8221 dtrace_cred2priv(enab->dten_vstate->dtvs_state->dts_cred.dcr_cred, 8222 &priv, &uid, &zoneid); 8223 8224 return (dtrace_match(&pkey, priv, uid, zoneid, dtrace_ecb_create_enable, 8225 enab)); 8226} 8227 8228/* 8229 * DTrace Helper Provider Functions 8230 */ 8231static void 8232dtrace_dofattr2attr(dtrace_attribute_t *attr, const dof_attr_t dofattr) 8233{ 8234 attr->dtat_name = DOF_ATTR_NAME(dofattr); 8235 attr->dtat_data = DOF_ATTR_DATA(dofattr); 8236 attr->dtat_class = DOF_ATTR_CLASS(dofattr); 8237} 8238 8239static void 8240dtrace_dofprov2hprov(dtrace_helper_provdesc_t *hprov, 8241 const dof_provider_t *dofprov, char *strtab) 8242{ 8243 hprov->dthpv_provname = strtab + dofprov->dofpv_name; 8244 dtrace_dofattr2attr(&hprov->dthpv_pattr.dtpa_provider, 8245 dofprov->dofpv_provattr); 8246 dtrace_dofattr2attr(&hprov->dthpv_pattr.dtpa_mod, 8247 dofprov->dofpv_modattr); 8248 dtrace_dofattr2attr(&hprov->dthpv_pattr.dtpa_func, 8249 dofprov->dofpv_funcattr); 8250 dtrace_dofattr2attr(&hprov->dthpv_pattr.dtpa_name, 8251 dofprov->dofpv_nameattr); 8252 dtrace_dofattr2attr(&hprov->dthpv_pattr.dtpa_args, 8253 dofprov->dofpv_argsattr); 8254} 8255 8256static void 8257dtrace_helper_provide_one(dof_helper_t *dhp, dof_sec_t *sec, pid_t pid) 8258{ 8259 uintptr_t daddr = (uintptr_t)dhp->dofhp_dof; 8260 dof_hdr_t *dof = (dof_hdr_t *)daddr; 8261 dof_sec_t *str_sec, *prb_sec, *arg_sec, *off_sec, *enoff_sec; 8262 dof_provider_t *provider; 8263 dof_probe_t *probe; 8264 uint32_t *off, *enoff; 8265 uint8_t *arg; 8266 char *strtab; 8267 uint_t i, nprobes; 8268 dtrace_helper_provdesc_t dhpv; 8269 dtrace_helper_probedesc_t dhpb; 8270 dtrace_meta_t *meta = dtrace_meta_pid; 8271 dtrace_mops_t *mops = &meta->dtm_mops; 8272 void *parg; 8273 8274 provider = (dof_provider_t *)(uintptr_t)(daddr + sec->dofs_offset); 8275 str_sec = (dof_sec_t *)(uintptr_t)(daddr + dof->dofh_secoff + 8276 provider->dofpv_strtab * dof->dofh_secsize); 8277 prb_sec = (dof_sec_t *)(uintptr_t)(daddr + dof->dofh_secoff + 8278 provider->dofpv_probes * dof->dofh_secsize); 8279 arg_sec = (dof_sec_t *)(uintptr_t)(daddr + dof->dofh_secoff + 8280 provider->dofpv_prargs * dof->dofh_secsize); 8281 off_sec = (dof_sec_t *)(uintptr_t)(daddr + dof->dofh_secoff + 8282 provider->dofpv_proffs * dof->dofh_secsize); 8283 8284 strtab = (char *)(uintptr_t)(daddr + str_sec->dofs_offset); 8285 off = (uint32_t *)(uintptr_t)(daddr + off_sec->dofs_offset); 8286 arg = (uint8_t *)(uintptr_t)(daddr + arg_sec->dofs_offset); 8287 enoff = NULL; 8288 8289 /* 8290 * See dtrace_helper_provider_validate(). 8291 */ 8292 if (dof->dofh_ident[DOF_ID_VERSION] != DOF_VERSION_1 && 8293 provider->dofpv_prenoffs != DOF_SECT_NONE) { 8294 enoff_sec = (dof_sec_t *)(uintptr_t)(daddr + dof->dofh_secoff + 8295 provider->dofpv_prenoffs * dof->dofh_secsize); 8296 enoff = (uint32_t *)(uintptr_t)(daddr + enoff_sec->dofs_offset); 8297 } 8298 8299 nprobes = prb_sec->dofs_size / prb_sec->dofs_entsize; 8300 8301 /* 8302 * Create the provider. 8303 */ 8304 dtrace_dofprov2hprov(&dhpv, provider, strtab); 8305 8306 if ((parg = mops->dtms_provide_pid(meta->dtm_arg, &dhpv, pid)) == NULL) 8307 return; 8308 8309 meta->dtm_count++; 8310 8311 /* 8312 * Create the probes. 8313 */ 8314 for (i = 0; i < nprobes; i++) { 8315 probe = (dof_probe_t *)(uintptr_t)(daddr + 8316 prb_sec->dofs_offset + i * prb_sec->dofs_entsize); 8317 8318 dhpb.dthpb_mod = dhp->dofhp_mod; 8319 dhpb.dthpb_func = strtab + probe->dofpr_func; 8320 dhpb.dthpb_name = strtab + probe->dofpr_name; 8321 dhpb.dthpb_base = probe->dofpr_addr; 8322 dhpb.dthpb_offs = off + probe->dofpr_offidx; 8323 dhpb.dthpb_noffs = probe->dofpr_noffs; 8324 if (enoff != NULL) { 8325 dhpb.dthpb_enoffs = enoff + probe->dofpr_enoffidx; 8326 dhpb.dthpb_nenoffs = probe->dofpr_nenoffs; 8327 } else { 8328 dhpb.dthpb_enoffs = NULL; 8329 dhpb.dthpb_nenoffs = 0; 8330 } 8331 dhpb.dthpb_args = arg + probe->dofpr_argidx; 8332 dhpb.dthpb_nargc = probe->dofpr_nargc; 8333 dhpb.dthpb_xargc = probe->dofpr_xargc; 8334 dhpb.dthpb_ntypes = strtab + probe->dofpr_nargv; 8335 dhpb.dthpb_xtypes = strtab + probe->dofpr_xargv; 8336 8337 mops->dtms_create_probe(meta->dtm_arg, parg, &dhpb); 8338 } 8339} 8340 8341static void 8342dtrace_helper_provide(dof_helper_t *dhp, pid_t pid) 8343{ 8344 uintptr_t daddr = (uintptr_t)dhp->dofhp_dof; 8345 dof_hdr_t *dof = (dof_hdr_t *)daddr; 8346 int i; 8347 8348 ASSERT(MUTEX_HELD(&dtrace_meta_lock)); 8349 8350 for (i = 0; i < dof->dofh_secnum; i++) { 8351 dof_sec_t *sec = (dof_sec_t *)(uintptr_t)(daddr + 8352 dof->dofh_secoff + i * dof->dofh_secsize); 8353 8354 if (sec->dofs_type != DOF_SECT_PROVIDER) 8355 continue; 8356 8357 dtrace_helper_provide_one(dhp, sec, pid); 8358 } 8359 8360 /* 8361 * We may have just created probes, so we must now rematch against 8362 * any retained enablings. Note that this call will acquire both 8363 * cpu_lock and dtrace_lock; the fact that we are holding 8364 * dtrace_meta_lock now is what defines the ordering with respect to 8365 * these three locks. 8366 */ 8367 dtrace_enabling_matchall(); 8368} 8369 8370static void 8371dtrace_helper_provider_remove_one(dof_helper_t *dhp, dof_sec_t *sec, pid_t pid) 8372{ 8373 uintptr_t daddr = (uintptr_t)dhp->dofhp_dof; 8374 dof_hdr_t *dof = (dof_hdr_t *)daddr; 8375 dof_sec_t *str_sec; 8376 dof_provider_t *provider; 8377 char *strtab; 8378 dtrace_helper_provdesc_t dhpv; 8379 dtrace_meta_t *meta = dtrace_meta_pid; 8380 dtrace_mops_t *mops = &meta->dtm_mops; 8381 8382 provider = (dof_provider_t *)(uintptr_t)(daddr + sec->dofs_offset); 8383 str_sec = (dof_sec_t *)(uintptr_t)(daddr + dof->dofh_secoff + 8384 provider->dofpv_strtab * dof->dofh_secsize); 8385 8386 strtab = (char *)(uintptr_t)(daddr + str_sec->dofs_offset); 8387 8388 /* 8389 * Create the provider. 8390 */ 8391 dtrace_dofprov2hprov(&dhpv, provider, strtab); 8392 8393 mops->dtms_remove_pid(meta->dtm_arg, &dhpv, pid); 8394 8395 meta->dtm_count--; 8396} 8397 8398static void 8399dtrace_helper_provider_remove(dof_helper_t *dhp, pid_t pid) 8400{ 8401 uintptr_t daddr = (uintptr_t)dhp->dofhp_dof; 8402 dof_hdr_t *dof = (dof_hdr_t *)daddr; 8403 int i; 8404 8405 ASSERT(MUTEX_HELD(&dtrace_meta_lock)); 8406 8407 for (i = 0; i < dof->dofh_secnum; i++) { 8408 dof_sec_t *sec = (dof_sec_t *)(uintptr_t)(daddr + 8409 dof->dofh_secoff + i * dof->dofh_secsize); 8410 8411 if (sec->dofs_type != DOF_SECT_PROVIDER) 8412 continue; 8413 8414 dtrace_helper_provider_remove_one(dhp, sec, pid); 8415 } 8416} 8417 8418/* 8419 * DTrace Meta Provider-to-Framework API Functions 8420 * 8421 * These functions implement the Meta Provider-to-Framework API, as described 8422 * in <sys/dtrace.h>. 8423 */ 8424int 8425dtrace_meta_register(const char *name, const dtrace_mops_t *mops, void *arg, 8426 dtrace_meta_provider_id_t *idp) 8427{ 8428 dtrace_meta_t *meta; 8429 dtrace_helpers_t *help, *next; 8430 int i; 8431 8432 *idp = DTRACE_METAPROVNONE; 8433 8434 /* 8435 * We strictly don't need the name, but we hold onto it for 8436 * debuggability. All hail error queues! 8437 */ 8438 if (name == NULL) { 8439 cmn_err(CE_WARN, "failed to register meta-provider: " 8440 "invalid name"); 8441 return (EINVAL); 8442 } 8443 8444 if (mops == NULL || 8445 mops->dtms_create_probe == NULL || 8446 mops->dtms_provide_pid == NULL || 8447 mops->dtms_remove_pid == NULL) { 8448 cmn_err(CE_WARN, "failed to register meta-register %s: " 8449 "invalid ops", name); 8450 return (EINVAL); 8451 } 8452 8453 meta = kmem_zalloc(sizeof (dtrace_meta_t), KM_SLEEP); 8454 meta->dtm_mops = *mops; 8455 meta->dtm_name = kmem_alloc(strlen(name) + 1, KM_SLEEP); 8456 (void) strcpy(meta->dtm_name, name); 8457 meta->dtm_arg = arg; 8458 8459 mutex_enter(&dtrace_meta_lock); 8460 mutex_enter(&dtrace_lock); 8461 8462 if (dtrace_meta_pid != NULL) { 8463 mutex_exit(&dtrace_lock); 8464 mutex_exit(&dtrace_meta_lock); 8465 cmn_err(CE_WARN, "failed to register meta-register %s: " 8466 "user-land meta-provider exists", name); 8467 kmem_free(meta->dtm_name, strlen(meta->dtm_name) + 1); 8468 kmem_free(meta, sizeof (dtrace_meta_t)); 8469 return (EINVAL); 8470 } 8471 8472 dtrace_meta_pid = meta; 8473 *idp = (dtrace_meta_provider_id_t)meta; 8474 8475 /* 8476 * If there are providers and probes ready to go, pass them 8477 * off to the new meta provider now. 8478 */ 8479 8480 help = dtrace_deferred_pid; 8481 dtrace_deferred_pid = NULL; 8482 8483 mutex_exit(&dtrace_lock); 8484 8485 while (help != NULL) { 8486 for (i = 0; i < help->dthps_nprovs; i++) { 8487 dtrace_helper_provide(&help->dthps_provs[i]->dthp_prov, 8488 help->dthps_pid); 8489 } 8490 8491 next = help->dthps_next; 8492 help->dthps_next = NULL; 8493 help->dthps_prev = NULL; 8494 help->dthps_deferred = 0; 8495 help = next; 8496 } 8497 8498 mutex_exit(&dtrace_meta_lock); 8499 8500 return (0); 8501} 8502 8503int 8504dtrace_meta_unregister(dtrace_meta_provider_id_t id) 8505{ 8506 dtrace_meta_t **pp, *old = (dtrace_meta_t *)id; 8507 8508 mutex_enter(&dtrace_meta_lock); 8509 mutex_enter(&dtrace_lock); 8510 8511 if (old == dtrace_meta_pid) { 8512 pp = &dtrace_meta_pid; 8513 } else { 8514 panic("attempt to unregister non-existent " 8515 "dtrace meta-provider %p\n", (void *)old); 8516 } 8517 8518 if (old->dtm_count != 0) { 8519 mutex_exit(&dtrace_lock); 8520 mutex_exit(&dtrace_meta_lock); 8521 return (EBUSY); 8522 } 8523 8524 *pp = NULL; 8525 8526 mutex_exit(&dtrace_lock); 8527 mutex_exit(&dtrace_meta_lock); 8528 8529 kmem_free(old->dtm_name, strlen(old->dtm_name) + 1); 8530 kmem_free(old, sizeof (dtrace_meta_t)); 8531 8532 return (0); 8533} 8534 8535 8536/* 8537 * DTrace DIF Object Functions 8538 */ 8539static int 8540dtrace_difo_err(uint_t pc, const char *format, ...) 8541{ 8542 if (dtrace_err_verbose) { 8543 va_list alist; 8544 8545 (void) uprintf("dtrace DIF object error: [%u]: ", pc); 8546 va_start(alist, format); 8547 (void) vuprintf(format, alist); 8548 va_end(alist); 8549 } 8550 8551#ifdef DTRACE_ERRDEBUG 8552 dtrace_errdebug(format); 8553#endif 8554 return (1); 8555} 8556 8557/* 8558 * Validate a DTrace DIF object by checking the IR instructions. The following 8559 * rules are currently enforced by dtrace_difo_validate(): 8560 * 8561 * 1. Each instruction must have a valid opcode 8562 * 2. Each register, string, variable, or subroutine reference must be valid 8563 * 3. No instruction can modify register %r0 (must be zero) 8564 * 4. All instruction reserved bits must be set to zero 8565 * 5. The last instruction must be a "ret" instruction 8566 * 6. All branch targets must reference a valid instruction _after_ the branch 8567 */ 8568static int 8569dtrace_difo_validate(dtrace_difo_t *dp, dtrace_vstate_t *vstate, uint_t nregs, 8570 cred_t *cr) 8571{ 8572 int err = 0, i; 8573 int (*efunc)(uint_t pc, const char *, ...) = dtrace_difo_err; 8574 int kcheckload; 8575 uint_t pc; 8576 8577 kcheckload = cr == NULL || 8578 (vstate->dtvs_state->dts_cred.dcr_visible & DTRACE_CRV_KERNEL) == 0; 8579 8580 dp->dtdo_destructive = 0; 8581 8582 for (pc = 0; pc < dp->dtdo_len && err == 0; pc++) { 8583 dif_instr_t instr = dp->dtdo_buf[pc]; 8584 8585 uint_t r1 = DIF_INSTR_R1(instr); 8586 uint_t r2 = DIF_INSTR_R2(instr); 8587 uint_t rd = DIF_INSTR_RD(instr); 8588 uint_t rs = DIF_INSTR_RS(instr); 8589 uint_t label = DIF_INSTR_LABEL(instr); 8590 uint_t v = DIF_INSTR_VAR(instr); 8591 uint_t subr = DIF_INSTR_SUBR(instr); 8592 uint_t type = DIF_INSTR_TYPE(instr); 8593 uint_t op = DIF_INSTR_OP(instr); 8594 8595 switch (op) { 8596 case DIF_OP_OR: 8597 case DIF_OP_XOR: 8598 case DIF_OP_AND: 8599 case DIF_OP_SLL: 8600 case DIF_OP_SRL: 8601 case DIF_OP_SRA: 8602 case DIF_OP_SUB: 8603 case DIF_OP_ADD: 8604 case DIF_OP_MUL: 8605 case DIF_OP_SDIV: 8606 case DIF_OP_UDIV: 8607 case DIF_OP_SREM: 8608 case DIF_OP_UREM: 8609 case DIF_OP_COPYS: 8610 if (r1 >= nregs) 8611 err += efunc(pc, "invalid register %u\n", r1); 8612 if (r2 >= nregs) 8613 err += efunc(pc, "invalid register %u\n", r2); 8614 if (rd >= nregs) 8615 err += efunc(pc, "invalid register %u\n", rd); 8616 if (rd == 0) 8617 err += efunc(pc, "cannot write to %r0\n"); 8618 break; 8619 case DIF_OP_NOT: 8620 case DIF_OP_MOV: 8621 case DIF_OP_ALLOCS: 8622 if (r1 >= nregs) 8623 err += efunc(pc, "invalid register %u\n", r1); 8624 if (r2 != 0) 8625 err += efunc(pc, "non-zero reserved bits\n"); 8626 if (rd >= nregs) 8627 err += efunc(pc, "invalid register %u\n", rd); 8628 if (rd == 0) 8629 err += efunc(pc, "cannot write to %r0\n"); 8630 break; 8631 case DIF_OP_LDSB: 8632 case DIF_OP_LDSH: 8633 case DIF_OP_LDSW: 8634 case DIF_OP_LDUB: 8635 case DIF_OP_LDUH: 8636 case DIF_OP_LDUW: 8637 case DIF_OP_LDX: 8638 if (r1 >= nregs) 8639 err += efunc(pc, "invalid register %u\n", r1); 8640 if (r2 != 0) 8641 err += efunc(pc, "non-zero reserved bits\n"); 8642 if (rd >= nregs) 8643 err += efunc(pc, "invalid register %u\n", rd); 8644 if (rd == 0) 8645 err += efunc(pc, "cannot write to %r0\n"); 8646 if (kcheckload) 8647 dp->dtdo_buf[pc] = DIF_INSTR_LOAD(op + 8648 DIF_OP_RLDSB - DIF_OP_LDSB, r1, rd); 8649 break; 8650 case DIF_OP_RLDSB: 8651 case DIF_OP_RLDSH: 8652 case DIF_OP_RLDSW: 8653 case DIF_OP_RLDUB: 8654 case DIF_OP_RLDUH: 8655 case DIF_OP_RLDUW: 8656 case DIF_OP_RLDX: 8657 if (r1 >= nregs) 8658 err += efunc(pc, "invalid register %u\n", r1); 8659 if (r2 != 0) 8660 err += efunc(pc, "non-zero reserved bits\n"); 8661 if (rd >= nregs) 8662 err += efunc(pc, "invalid register %u\n", rd); 8663 if (rd == 0) 8664 err += efunc(pc, "cannot write to %r0\n"); 8665 break; 8666 case DIF_OP_ULDSB: 8667 case DIF_OP_ULDSH: 8668 case DIF_OP_ULDSW: 8669 case DIF_OP_ULDUB: 8670 case DIF_OP_ULDUH: 8671 case DIF_OP_ULDUW: 8672 case DIF_OP_ULDX: 8673 if (r1 >= nregs) 8674 err += efunc(pc, "invalid register %u\n", r1); 8675 if (r2 != 0) 8676 err += efunc(pc, "non-zero reserved bits\n"); 8677 if (rd >= nregs) 8678 err += efunc(pc, "invalid register %u\n", rd); 8679 if (rd == 0) 8680 err += efunc(pc, "cannot write to %r0\n"); 8681 break; 8682 case DIF_OP_STB: 8683 case DIF_OP_STH: 8684 case DIF_OP_STW: 8685 case DIF_OP_STX: 8686 if (r1 >= nregs) 8687 err += efunc(pc, "invalid register %u\n", r1); 8688 if (r2 != 0) 8689 err += efunc(pc, "non-zero reserved bits\n"); 8690 if (rd >= nregs) 8691 err += efunc(pc, "invalid register %u\n", rd); 8692 if (rd == 0) 8693 err += efunc(pc, "cannot write to 0 address\n"); 8694 break; 8695 case DIF_OP_CMP: 8696 case DIF_OP_SCMP: 8697 if (r1 >= nregs) 8698 err += efunc(pc, "invalid register %u\n", r1); 8699 if (r2 >= nregs) 8700 err += efunc(pc, "invalid register %u\n", r2); 8701 if (rd != 0) 8702 err += efunc(pc, "non-zero reserved bits\n"); 8703 break; 8704 case DIF_OP_TST: 8705 if (r1 >= nregs) 8706 err += efunc(pc, "invalid register %u\n", r1); 8707 if (r2 != 0 || rd != 0) 8708 err += efunc(pc, "non-zero reserved bits\n"); 8709 break; 8710 case DIF_OP_BA: 8711 case DIF_OP_BE: 8712 case DIF_OP_BNE: 8713 case DIF_OP_BG: 8714 case DIF_OP_BGU: 8715 case DIF_OP_BGE: 8716 case DIF_OP_BGEU: 8717 case DIF_OP_BL: 8718 case DIF_OP_BLU: 8719 case DIF_OP_BLE: 8720 case DIF_OP_BLEU: 8721 if (label >= dp->dtdo_len) { 8722 err += efunc(pc, "invalid branch target %u\n", 8723 label); 8724 } 8725 if (label <= pc) { 8726 err += efunc(pc, "backward branch to %u\n", 8727 label); 8728 } 8729 break; 8730 case DIF_OP_RET: 8731 if (r1 != 0 || r2 != 0) 8732 err += efunc(pc, "non-zero reserved bits\n"); 8733 if (rd >= nregs) 8734 err += efunc(pc, "invalid register %u\n", rd); 8735 break; 8736 case DIF_OP_NOP: 8737 case DIF_OP_POPTS: 8738 case DIF_OP_FLUSHTS: 8739 if (r1 != 0 || r2 != 0 || rd != 0) 8740 err += efunc(pc, "non-zero reserved bits\n"); 8741 break; 8742 case DIF_OP_SETX: 8743 if (DIF_INSTR_INTEGER(instr) >= dp->dtdo_intlen) { 8744 err += efunc(pc, "invalid integer ref %u\n", 8745 DIF_INSTR_INTEGER(instr)); 8746 } 8747 if (rd >= nregs) 8748 err += efunc(pc, "invalid register %u\n", rd); 8749 if (rd == 0) 8750 err += efunc(pc, "cannot write to %r0\n"); 8751 break; 8752 case DIF_OP_SETS: 8753 if (DIF_INSTR_STRING(instr) >= dp->dtdo_strlen) { 8754 err += efunc(pc, "invalid string ref %u\n", 8755 DIF_INSTR_STRING(instr)); 8756 } 8757 if (rd >= nregs) 8758 err += efunc(pc, "invalid register %u\n", rd); 8759 if (rd == 0) 8760 err += efunc(pc, "cannot write to %r0\n"); 8761 break; 8762 case DIF_OP_LDGA: 8763 case DIF_OP_LDTA: 8764 if (r1 > DIF_VAR_ARRAY_MAX) 8765 err += efunc(pc, "invalid array %u\n", r1); 8766 if (r2 >= nregs) 8767 err += efunc(pc, "invalid register %u\n", r2); 8768 if (rd >= nregs) 8769 err += efunc(pc, "invalid register %u\n", rd); 8770 if (rd == 0) 8771 err += efunc(pc, "cannot write to %r0\n"); 8772 break; 8773 case DIF_OP_LDGS: 8774 case DIF_OP_LDTS: 8775 case DIF_OP_LDLS: 8776 case DIF_OP_LDGAA: 8777 case DIF_OP_LDTAA: 8778 if (v < DIF_VAR_OTHER_MIN || v > DIF_VAR_OTHER_MAX) 8779 err += efunc(pc, "invalid variable %u\n", v); 8780 if (rd >= nregs) 8781 err += efunc(pc, "invalid register %u\n", rd); 8782 if (rd == 0) 8783 err += efunc(pc, "cannot write to %r0\n"); 8784 break; 8785 case DIF_OP_STGS: 8786 case DIF_OP_STTS: 8787 case DIF_OP_STLS: 8788 case DIF_OP_STGAA: 8789 case DIF_OP_STTAA: 8790 if (v < DIF_VAR_OTHER_UBASE || v > DIF_VAR_OTHER_MAX) 8791 err += efunc(pc, "invalid variable %u\n", v); 8792 if (rs >= nregs) 8793 err += efunc(pc, "invalid register %u\n", rd); 8794 break; 8795 case DIF_OP_CALL: 8796 if (subr > DIF_SUBR_MAX) 8797 err += efunc(pc, "invalid subr %u\n", subr); 8798 if (rd >= nregs) 8799 err += efunc(pc, "invalid register %u\n", rd); 8800 if (rd == 0) 8801 err += efunc(pc, "cannot write to %r0\n"); 8802 8803 if (subr == DIF_SUBR_COPYOUT || 8804 subr == DIF_SUBR_COPYOUTSTR) { 8805 dp->dtdo_destructive = 1; 8806 } 8807 break; 8808 case DIF_OP_PUSHTR: 8809 if (type != DIF_TYPE_STRING && type != DIF_TYPE_CTF) 8810 err += efunc(pc, "invalid ref type %u\n", type); 8811 if (r2 >= nregs) 8812 err += efunc(pc, "invalid register %u\n", r2); 8813 if (rs >= nregs) 8814 err += efunc(pc, "invalid register %u\n", rs); 8815 break; 8816 case DIF_OP_PUSHTV: 8817 if (type != DIF_TYPE_CTF) 8818 err += efunc(pc, "invalid val type %u\n", type); 8819 if (r2 >= nregs) 8820 err += efunc(pc, "invalid register %u\n", r2); 8821 if (rs >= nregs) 8822 err += efunc(pc, "invalid register %u\n", rs); 8823 break; 8824 default: 8825 err += efunc(pc, "invalid opcode %u\n", 8826 DIF_INSTR_OP(instr)); 8827 } 8828 } 8829 8830 if (dp->dtdo_len != 0 && 8831 DIF_INSTR_OP(dp->dtdo_buf[dp->dtdo_len - 1]) != DIF_OP_RET) { 8832 err += efunc(dp->dtdo_len - 1, 8833 "expected 'ret' as last DIF instruction\n"); 8834 } 8835 8836 if (!(dp->dtdo_rtype.dtdt_flags & DIF_TF_BYREF)) { 8837 /* 8838 * If we're not returning by reference, the size must be either 8839 * 0 or the size of one of the base types. 8840 */ 8841 switch (dp->dtdo_rtype.dtdt_size) { 8842 case 0: 8843 case sizeof (uint8_t): 8844 case sizeof (uint16_t): 8845 case sizeof (uint32_t): 8846 case sizeof (uint64_t): 8847 break; 8848 8849 default: 8850 err += efunc(dp->dtdo_len - 1, "bad return size"); 8851 } 8852 } 8853 8854 for (i = 0; i < dp->dtdo_varlen && err == 0; i++) { 8855 dtrace_difv_t *v = &dp->dtdo_vartab[i], *existing = NULL; 8856 dtrace_diftype_t *vt, *et; 8857 uint_t id, ndx; 8858 8859 if (v->dtdv_scope != DIFV_SCOPE_GLOBAL && 8860 v->dtdv_scope != DIFV_SCOPE_THREAD && 8861 v->dtdv_scope != DIFV_SCOPE_LOCAL) { 8862 err += efunc(i, "unrecognized variable scope %d\n", 8863 v->dtdv_scope); 8864 break; 8865 } 8866 8867 if (v->dtdv_kind != DIFV_KIND_ARRAY && 8868 v->dtdv_kind != DIFV_KIND_SCALAR) { 8869 err += efunc(i, "unrecognized variable type %d\n", 8870 v->dtdv_kind); 8871 break; 8872 } 8873 8874 if ((id = v->dtdv_id) > DIF_VARIABLE_MAX) { 8875 err += efunc(i, "%d exceeds variable id limit\n", id); 8876 break; 8877 } 8878 8879 if (id < DIF_VAR_OTHER_UBASE) 8880 continue; 8881 8882 /* 8883 * For user-defined variables, we need to check that this 8884 * definition is identical to any previous definition that we 8885 * encountered. 8886 */ 8887 ndx = id - DIF_VAR_OTHER_UBASE; 8888 8889 switch (v->dtdv_scope) { 8890 case DIFV_SCOPE_GLOBAL: 8891 if (ndx < vstate->dtvs_nglobals) { 8892 dtrace_statvar_t *svar; 8893 8894 if ((svar = vstate->dtvs_globals[ndx]) != NULL) 8895 existing = &svar->dtsv_var; 8896 } 8897 8898 break; 8899 8900 case DIFV_SCOPE_THREAD: 8901 if (ndx < vstate->dtvs_ntlocals) 8902 existing = &vstate->dtvs_tlocals[ndx]; 8903 break; 8904 8905 case DIFV_SCOPE_LOCAL: 8906 if (ndx < vstate->dtvs_nlocals) { 8907 dtrace_statvar_t *svar; 8908 8909 if ((svar = vstate->dtvs_locals[ndx]) != NULL) 8910 existing = &svar->dtsv_var; 8911 } 8912 8913 break; 8914 } 8915 8916 vt = &v->dtdv_type; 8917 8918 if (vt->dtdt_flags & DIF_TF_BYREF) { 8919 if (vt->dtdt_size == 0) { 8920 err += efunc(i, "zero-sized variable\n"); 8921 break; 8922 } 8923 8924 if (v->dtdv_scope == DIFV_SCOPE_GLOBAL && 8925 vt->dtdt_size > dtrace_global_maxsize) { 8926 err += efunc(i, "oversized by-ref global\n"); 8927 break; 8928 } 8929 } 8930 8931 if (existing == NULL || existing->dtdv_id == 0) 8932 continue; 8933 8934 ASSERT(existing->dtdv_id == v->dtdv_id); 8935 ASSERT(existing->dtdv_scope == v->dtdv_scope); 8936 8937 if (existing->dtdv_kind != v->dtdv_kind) 8938 err += efunc(i, "%d changed variable kind\n", id); 8939 8940 et = &existing->dtdv_type; 8941 8942 if (vt->dtdt_flags != et->dtdt_flags) { 8943 err += efunc(i, "%d changed variable type flags\n", id); 8944 break; 8945 } 8946 8947 if (vt->dtdt_size != 0 && vt->dtdt_size != et->dtdt_size) { 8948 err += efunc(i, "%d changed variable type size\n", id); 8949 break; 8950 } 8951 } 8952 8953 return (err); 8954} 8955 8956/* 8957 * Validate a DTrace DIF object that it is to be used as a helper. Helpers 8958 * are much more constrained than normal DIFOs. Specifically, they may 8959 * not: 8960 * 8961 * 1. Make calls to subroutines other than copyin(), copyinstr() or 8962 * miscellaneous string routines 8963 * 2. Access DTrace variables other than the args[] array, and the 8964 * curthread, pid, ppid, tid, execname, zonename, uid and gid variables. 8965 * 3. Have thread-local variables. 8966 * 4. Have dynamic variables. 8967 */ 8968static int 8969dtrace_difo_validate_helper(dtrace_difo_t *dp) 8970{ 8971 int (*efunc)(uint_t pc, const char *, ...) = dtrace_difo_err; 8972 int err = 0; 8973 uint_t pc; 8974 8975 for (pc = 0; pc < dp->dtdo_len; pc++) { 8976 dif_instr_t instr = dp->dtdo_buf[pc]; 8977 8978 uint_t v = DIF_INSTR_VAR(instr); 8979 uint_t subr = DIF_INSTR_SUBR(instr); 8980 uint_t op = DIF_INSTR_OP(instr); 8981 8982 switch (op) { 8983 case DIF_OP_OR: 8984 case DIF_OP_XOR: 8985 case DIF_OP_AND: 8986 case DIF_OP_SLL: 8987 case DIF_OP_SRL: 8988 case DIF_OP_SRA: 8989 case DIF_OP_SUB: 8990 case DIF_OP_ADD: 8991 case DIF_OP_MUL: 8992 case DIF_OP_SDIV: 8993 case DIF_OP_UDIV: 8994 case DIF_OP_SREM: 8995 case DIF_OP_UREM: 8996 case DIF_OP_COPYS: 8997 case DIF_OP_NOT: 8998 case DIF_OP_MOV: 8999 case DIF_OP_RLDSB: 9000 case DIF_OP_RLDSH: 9001 case DIF_OP_RLDSW: 9002 case DIF_OP_RLDUB: 9003 case DIF_OP_RLDUH: 9004 case DIF_OP_RLDUW: 9005 case DIF_OP_RLDX: 9006 case DIF_OP_ULDSB: 9007 case DIF_OP_ULDSH: 9008 case DIF_OP_ULDSW: 9009 case DIF_OP_ULDUB: 9010 case DIF_OP_ULDUH: 9011 case DIF_OP_ULDUW: 9012 case DIF_OP_ULDX: 9013 case DIF_OP_STB: 9014 case DIF_OP_STH: 9015 case DIF_OP_STW: 9016 case DIF_OP_STX: 9017 case DIF_OP_ALLOCS: 9018 case DIF_OP_CMP: 9019 case DIF_OP_SCMP: 9020 case DIF_OP_TST: 9021 case DIF_OP_BA: 9022 case DIF_OP_BE: 9023 case DIF_OP_BNE: 9024 case DIF_OP_BG: 9025 case DIF_OP_BGU: 9026 case DIF_OP_BGE: 9027 case DIF_OP_BGEU: 9028 case DIF_OP_BL: 9029 case DIF_OP_BLU: 9030 case DIF_OP_BLE: 9031 case DIF_OP_BLEU: 9032 case DIF_OP_RET: 9033 case DIF_OP_NOP: 9034 case DIF_OP_POPTS: 9035 case DIF_OP_FLUSHTS: 9036 case DIF_OP_SETX: 9037 case DIF_OP_SETS: 9038 case DIF_OP_LDGA: 9039 case DIF_OP_LDLS: 9040 case DIF_OP_STGS: 9041 case DIF_OP_STLS: 9042 case DIF_OP_PUSHTR: 9043 case DIF_OP_PUSHTV: 9044 break; 9045 9046 case DIF_OP_LDGS: 9047 if (v >= DIF_VAR_OTHER_UBASE) 9048 break; 9049 9050 if (v >= DIF_VAR_ARG0 && v <= DIF_VAR_ARG9) 9051 break; 9052 9053 if (v == DIF_VAR_CURTHREAD || v == DIF_VAR_PID || 9054 v == DIF_VAR_PPID || v == DIF_VAR_TID || 9055 v == DIF_VAR_EXECARGS || 9056 v == DIF_VAR_EXECNAME || v == DIF_VAR_ZONENAME || 9057 v == DIF_VAR_UID || v == DIF_VAR_GID) 9058 break; 9059 9060 err += efunc(pc, "illegal variable %u\n", v); 9061 break; 9062 9063 case DIF_OP_LDTA: 9064 case DIF_OP_LDTS: 9065 case DIF_OP_LDGAA: 9066 case DIF_OP_LDTAA: 9067 err += efunc(pc, "illegal dynamic variable load\n"); 9068 break; 9069 9070 case DIF_OP_STTS: 9071 case DIF_OP_STGAA: 9072 case DIF_OP_STTAA: 9073 err += efunc(pc, "illegal dynamic variable store\n"); 9074 break; 9075 9076 case DIF_OP_CALL: 9077 if (subr == DIF_SUBR_ALLOCA || 9078 subr == DIF_SUBR_BCOPY || 9079 subr == DIF_SUBR_COPYIN || 9080 subr == DIF_SUBR_COPYINTO || 9081 subr == DIF_SUBR_COPYINSTR || 9082 subr == DIF_SUBR_INDEX || 9083 subr == DIF_SUBR_INET_NTOA || 9084 subr == DIF_SUBR_INET_NTOA6 || 9085 subr == DIF_SUBR_INET_NTOP || 9086 subr == DIF_SUBR_LLTOSTR || 9087 subr == DIF_SUBR_RINDEX || 9088 subr == DIF_SUBR_STRCHR || 9089 subr == DIF_SUBR_STRJOIN || 9090 subr == DIF_SUBR_STRRCHR || 9091 subr == DIF_SUBR_STRSTR || 9092 subr == DIF_SUBR_HTONS || 9093 subr == DIF_SUBR_HTONL || 9094 subr == DIF_SUBR_HTONLL || 9095 subr == DIF_SUBR_NTOHS || 9096 subr == DIF_SUBR_NTOHL || 9097 subr == DIF_SUBR_NTOHLL || 9098 subr == DIF_SUBR_MEMREF || 9099 subr == DIF_SUBR_TYPEREF) 9100 break; 9101 9102 err += efunc(pc, "invalid subr %u\n", subr); 9103 break; 9104 9105 default: 9106 err += efunc(pc, "invalid opcode %u\n", 9107 DIF_INSTR_OP(instr)); 9108 } 9109 } 9110 9111 return (err); 9112} 9113 9114/* 9115 * Returns 1 if the expression in the DIF object can be cached on a per-thread 9116 * basis; 0 if not. 9117 */ 9118static int 9119dtrace_difo_cacheable(dtrace_difo_t *dp) 9120{ 9121 int i; 9122 9123 if (dp == NULL) 9124 return (0); 9125 9126 for (i = 0; i < dp->dtdo_varlen; i++) { 9127 dtrace_difv_t *v = &dp->dtdo_vartab[i]; 9128 9129 if (v->dtdv_scope != DIFV_SCOPE_GLOBAL) 9130 continue; 9131 9132 switch (v->dtdv_id) { 9133 case DIF_VAR_CURTHREAD: 9134 case DIF_VAR_PID: 9135 case DIF_VAR_TID: 9136 case DIF_VAR_EXECARGS: 9137 case DIF_VAR_EXECNAME: 9138 case DIF_VAR_ZONENAME: 9139 break; 9140 9141 default: 9142 return (0); 9143 } 9144 } 9145 9146 /* 9147 * This DIF object may be cacheable. Now we need to look for any 9148 * array loading instructions, any memory loading instructions, or 9149 * any stores to thread-local variables. 9150 */ 9151 for (i = 0; i < dp->dtdo_len; i++) { 9152 uint_t op = DIF_INSTR_OP(dp->dtdo_buf[i]); 9153 9154 if ((op >= DIF_OP_LDSB && op <= DIF_OP_LDX) || 9155 (op >= DIF_OP_ULDSB && op <= DIF_OP_ULDX) || 9156 (op >= DIF_OP_RLDSB && op <= DIF_OP_RLDX) || 9157 op == DIF_OP_LDGA || op == DIF_OP_STTS) 9158 return (0); 9159 } 9160 9161 return (1); 9162} 9163 9164static void 9165dtrace_difo_hold(dtrace_difo_t *dp) 9166{ 9167 int i; 9168 9169 ASSERT(MUTEX_HELD(&dtrace_lock)); 9170 9171 dp->dtdo_refcnt++; 9172 ASSERT(dp->dtdo_refcnt != 0); 9173 9174 /* 9175 * We need to check this DIF object for references to the variable 9176 * DIF_VAR_VTIMESTAMP. 9177 */ 9178 for (i = 0; i < dp->dtdo_varlen; i++) { 9179 dtrace_difv_t *v = &dp->dtdo_vartab[i]; 9180 9181 if (v->dtdv_id != DIF_VAR_VTIMESTAMP) 9182 continue; 9183 9184 if (dtrace_vtime_references++ == 0) 9185 dtrace_vtime_enable(); 9186 } 9187} 9188 9189/* 9190 * This routine calculates the dynamic variable chunksize for a given DIF 9191 * object. The calculation is not fool-proof, and can probably be tricked by 9192 * malicious DIF -- but it works for all compiler-generated DIF. Because this 9193 * calculation is likely imperfect, dtrace_dynvar() is able to gracefully fail 9194 * if a dynamic variable size exceeds the chunksize. 9195 */ 9196static void 9197dtrace_difo_chunksize(dtrace_difo_t *dp, dtrace_vstate_t *vstate) 9198{ 9199 uint64_t sval = 0; 9200 dtrace_key_t tupregs[DIF_DTR_NREGS + 2]; /* +2 for thread and id */ 9201 const dif_instr_t *text = dp->dtdo_buf; 9202 uint_t pc, srd = 0; 9203 uint_t ttop = 0; 9204 size_t size, ksize; 9205 uint_t id, i; 9206 9207 for (pc = 0; pc < dp->dtdo_len; pc++) { 9208 dif_instr_t instr = text[pc]; 9209 uint_t op = DIF_INSTR_OP(instr); 9210 uint_t rd = DIF_INSTR_RD(instr); 9211 uint_t r1 = DIF_INSTR_R1(instr); 9212 uint_t nkeys = 0; 9213 uchar_t scope = 0; 9214 9215 dtrace_key_t *key = tupregs; 9216 9217 switch (op) { 9218 case DIF_OP_SETX: 9219 sval = dp->dtdo_inttab[DIF_INSTR_INTEGER(instr)]; 9220 srd = rd; 9221 continue; 9222 9223 case DIF_OP_STTS: 9224 key = &tupregs[DIF_DTR_NREGS]; 9225 key[0].dttk_size = 0; 9226 key[1].dttk_size = 0; 9227 nkeys = 2; 9228 scope = DIFV_SCOPE_THREAD; 9229 break; 9230 9231 case DIF_OP_STGAA: 9232 case DIF_OP_STTAA: 9233 nkeys = ttop; 9234 9235 if (DIF_INSTR_OP(instr) == DIF_OP_STTAA) 9236 key[nkeys++].dttk_size = 0; 9237 9238 key[nkeys++].dttk_size = 0; 9239 9240 if (op == DIF_OP_STTAA) { 9241 scope = DIFV_SCOPE_THREAD; 9242 } else { 9243 scope = DIFV_SCOPE_GLOBAL; 9244 } 9245 9246 break; 9247 9248 case DIF_OP_PUSHTR: 9249 if (ttop == DIF_DTR_NREGS) 9250 return; 9251 9252 if ((srd == 0 || sval == 0) && r1 == DIF_TYPE_STRING) { 9253 /* 9254 * If the register for the size of the "pushtr" 9255 * is %r0 (or the value is 0) and the type is 9256 * a string, we'll use the system-wide default 9257 * string size. 9258 */ 9259 tupregs[ttop++].dttk_size = 9260 dtrace_strsize_default; 9261 } else { 9262 if (srd == 0) 9263 return; 9264 9265 tupregs[ttop++].dttk_size = sval; 9266 } 9267 9268 break; 9269 9270 case DIF_OP_PUSHTV: 9271 if (ttop == DIF_DTR_NREGS) 9272 return; 9273 9274 tupregs[ttop++].dttk_size = 0; 9275 break; 9276 9277 case DIF_OP_FLUSHTS: 9278 ttop = 0; 9279 break; 9280 9281 case DIF_OP_POPTS: 9282 if (ttop != 0) 9283 ttop--; 9284 break; 9285 } 9286 9287 sval = 0; 9288 srd = 0; 9289 9290 if (nkeys == 0) 9291 continue; 9292 9293 /* 9294 * We have a dynamic variable allocation; calculate its size. 9295 */ 9296 for (ksize = 0, i = 0; i < nkeys; i++) 9297 ksize += P2ROUNDUP(key[i].dttk_size, sizeof (uint64_t)); 9298 9299 size = sizeof (dtrace_dynvar_t); 9300 size += sizeof (dtrace_key_t) * (nkeys - 1); 9301 size += ksize; 9302 9303 /* 9304 * Now we need to determine the size of the stored data. 9305 */ 9306 id = DIF_INSTR_VAR(instr); 9307 9308 for (i = 0; i < dp->dtdo_varlen; i++) { 9309 dtrace_difv_t *v = &dp->dtdo_vartab[i]; 9310 9311 if (v->dtdv_id == id && v->dtdv_scope == scope) { 9312 size += v->dtdv_type.dtdt_size; 9313 break; 9314 } 9315 } 9316 9317 if (i == dp->dtdo_varlen) 9318 return; 9319 9320 /* 9321 * We have the size. If this is larger than the chunk size 9322 * for our dynamic variable state, reset the chunk size. 9323 */ 9324 size = P2ROUNDUP(size, sizeof (uint64_t)); 9325 9326 if (size > vstate->dtvs_dynvars.dtds_chunksize) 9327 vstate->dtvs_dynvars.dtds_chunksize = size; 9328 } 9329} 9330 9331static void 9332dtrace_difo_init(dtrace_difo_t *dp, dtrace_vstate_t *vstate) 9333{ 9334 int i, oldsvars, osz, nsz, otlocals, ntlocals; 9335 uint_t id; 9336 9337 ASSERT(MUTEX_HELD(&dtrace_lock)); 9338 ASSERT(dp->dtdo_buf != NULL && dp->dtdo_len != 0); 9339 9340 for (i = 0; i < dp->dtdo_varlen; i++) { 9341 dtrace_difv_t *v = &dp->dtdo_vartab[i]; 9342 dtrace_statvar_t *svar, ***svarp = NULL; 9343 size_t dsize = 0; 9344 uint8_t scope = v->dtdv_scope; 9345 int *np = NULL; 9346 9347 if ((id = v->dtdv_id) < DIF_VAR_OTHER_UBASE) 9348 continue; 9349 9350 id -= DIF_VAR_OTHER_UBASE; 9351 9352 switch (scope) { 9353 case DIFV_SCOPE_THREAD: 9354 while (id >= (otlocals = vstate->dtvs_ntlocals)) { 9355 dtrace_difv_t *tlocals; 9356 9357 if ((ntlocals = (otlocals << 1)) == 0) 9358 ntlocals = 1; 9359 9360 osz = otlocals * sizeof (dtrace_difv_t); 9361 nsz = ntlocals * sizeof (dtrace_difv_t); 9362 9363 tlocals = kmem_zalloc(nsz, KM_SLEEP); 9364 9365 if (osz != 0) { 9366 bcopy(vstate->dtvs_tlocals, 9367 tlocals, osz); 9368 kmem_free(vstate->dtvs_tlocals, osz); 9369 } 9370 9371 vstate->dtvs_tlocals = tlocals; 9372 vstate->dtvs_ntlocals = ntlocals; 9373 } 9374 9375 vstate->dtvs_tlocals[id] = *v; 9376 continue; 9377 9378 case DIFV_SCOPE_LOCAL: 9379 np = &vstate->dtvs_nlocals; 9380 svarp = &vstate->dtvs_locals; 9381 9382 if (v->dtdv_type.dtdt_flags & DIF_TF_BYREF) 9383 dsize = NCPU * (v->dtdv_type.dtdt_size + 9384 sizeof (uint64_t)); 9385 else 9386 dsize = NCPU * sizeof (uint64_t); 9387 9388 break; 9389 9390 case DIFV_SCOPE_GLOBAL: 9391 np = &vstate->dtvs_nglobals; 9392 svarp = &vstate->dtvs_globals; 9393 9394 if (v->dtdv_type.dtdt_flags & DIF_TF_BYREF) 9395 dsize = v->dtdv_type.dtdt_size + 9396 sizeof (uint64_t); 9397 9398 break; 9399 9400 default: 9401 ASSERT(0); 9402 } 9403 9404 while (id >= (oldsvars = *np)) { 9405 dtrace_statvar_t **statics; 9406 int newsvars, oldsize, newsize; 9407 9408 if ((newsvars = (oldsvars << 1)) == 0) 9409 newsvars = 1; 9410 9411 oldsize = oldsvars * sizeof (dtrace_statvar_t *); 9412 newsize = newsvars * sizeof (dtrace_statvar_t *); 9413 9414 statics = kmem_zalloc(newsize, KM_SLEEP); 9415 9416 if (oldsize != 0) { 9417 bcopy(*svarp, statics, oldsize); 9418 kmem_free(*svarp, oldsize); 9419 } 9420 9421 *svarp = statics; 9422 *np = newsvars; 9423 } 9424 9425 if ((svar = (*svarp)[id]) == NULL) { 9426 svar = kmem_zalloc(sizeof (dtrace_statvar_t), KM_SLEEP); 9427 svar->dtsv_var = *v; 9428 9429 if ((svar->dtsv_size = dsize) != 0) { 9430 svar->dtsv_data = (uint64_t)(uintptr_t) 9431 kmem_zalloc(dsize, KM_SLEEP); 9432 } 9433 9434 (*svarp)[id] = svar; 9435 } 9436 9437 svar->dtsv_refcnt++; 9438 } 9439 9440 dtrace_difo_chunksize(dp, vstate); 9441 dtrace_difo_hold(dp); 9442} 9443 9444static dtrace_difo_t * 9445dtrace_difo_duplicate(dtrace_difo_t *dp, dtrace_vstate_t *vstate) 9446{ 9447 dtrace_difo_t *new; 9448 size_t sz; 9449 9450 ASSERT(dp->dtdo_buf != NULL); 9451 ASSERT(dp->dtdo_refcnt != 0); 9452 9453 new = kmem_zalloc(sizeof (dtrace_difo_t), KM_SLEEP); 9454 9455 ASSERT(dp->dtdo_buf != NULL); 9456 sz = dp->dtdo_len * sizeof (dif_instr_t); 9457 new->dtdo_buf = kmem_alloc(sz, KM_SLEEP); 9458 bcopy(dp->dtdo_buf, new->dtdo_buf, sz); 9459 new->dtdo_len = dp->dtdo_len; 9460 9461 if (dp->dtdo_strtab != NULL) { 9462 ASSERT(dp->dtdo_strlen != 0); 9463 new->dtdo_strtab = kmem_alloc(dp->dtdo_strlen, KM_SLEEP); 9464 bcopy(dp->dtdo_strtab, new->dtdo_strtab, dp->dtdo_strlen); 9465 new->dtdo_strlen = dp->dtdo_strlen; 9466 } 9467 9468 if (dp->dtdo_inttab != NULL) { 9469 ASSERT(dp->dtdo_intlen != 0); 9470 sz = dp->dtdo_intlen * sizeof (uint64_t); 9471 new->dtdo_inttab = kmem_alloc(sz, KM_SLEEP); 9472 bcopy(dp->dtdo_inttab, new->dtdo_inttab, sz); 9473 new->dtdo_intlen = dp->dtdo_intlen; 9474 } 9475 9476 if (dp->dtdo_vartab != NULL) { 9477 ASSERT(dp->dtdo_varlen != 0); 9478 sz = dp->dtdo_varlen * sizeof (dtrace_difv_t); 9479 new->dtdo_vartab = kmem_alloc(sz, KM_SLEEP); 9480 bcopy(dp->dtdo_vartab, new->dtdo_vartab, sz); 9481 new->dtdo_varlen = dp->dtdo_varlen; 9482 } 9483 9484 dtrace_difo_init(new, vstate); 9485 return (new); 9486} 9487 9488static void 9489dtrace_difo_destroy(dtrace_difo_t *dp, dtrace_vstate_t *vstate) 9490{ 9491 int i; 9492 9493 ASSERT(dp->dtdo_refcnt == 0); 9494 9495 for (i = 0; i < dp->dtdo_varlen; i++) { 9496 dtrace_difv_t *v = &dp->dtdo_vartab[i]; 9497 dtrace_statvar_t *svar, **svarp = NULL; 9498 uint_t id; 9499 uint8_t scope = v->dtdv_scope; 9500 int *np = NULL; 9501 9502 switch (scope) { 9503 case DIFV_SCOPE_THREAD: 9504 continue; 9505 9506 case DIFV_SCOPE_LOCAL: 9507 np = &vstate->dtvs_nlocals; 9508 svarp = vstate->dtvs_locals; 9509 break; 9510 9511 case DIFV_SCOPE_GLOBAL: 9512 np = &vstate->dtvs_nglobals; 9513 svarp = vstate->dtvs_globals; 9514 break; 9515 9516 default: 9517 ASSERT(0); 9518 } 9519 9520 if ((id = v->dtdv_id) < DIF_VAR_OTHER_UBASE) 9521 continue; 9522 9523 id -= DIF_VAR_OTHER_UBASE; 9524 ASSERT(id < *np); 9525 9526 svar = svarp[id]; 9527 ASSERT(svar != NULL); 9528 ASSERT(svar->dtsv_refcnt > 0); 9529 9530 if (--svar->dtsv_refcnt > 0) 9531 continue; 9532 9533 if (svar->dtsv_size != 0) { 9534 ASSERT(svar->dtsv_data != 0); 9535 kmem_free((void *)(uintptr_t)svar->dtsv_data, 9536 svar->dtsv_size); 9537 } 9538 9539 kmem_free(svar, sizeof (dtrace_statvar_t)); 9540 svarp[id] = NULL; 9541 } 9542 9543 if (dp->dtdo_buf != NULL) 9544 kmem_free(dp->dtdo_buf, dp->dtdo_len * sizeof (dif_instr_t)); 9545 if (dp->dtdo_inttab != NULL) 9546 kmem_free(dp->dtdo_inttab, dp->dtdo_intlen * sizeof (uint64_t)); 9547 if (dp->dtdo_strtab != NULL) 9548 kmem_free(dp->dtdo_strtab, dp->dtdo_strlen); 9549 if (dp->dtdo_vartab != NULL) 9550 kmem_free(dp->dtdo_vartab, dp->dtdo_varlen * sizeof (dtrace_difv_t)); 9551 9552 kmem_free(dp, sizeof (dtrace_difo_t)); 9553} 9554 9555static void 9556dtrace_difo_release(dtrace_difo_t *dp, dtrace_vstate_t *vstate) 9557{ 9558 int i; 9559 9560 ASSERT(MUTEX_HELD(&dtrace_lock)); 9561 ASSERT(dp->dtdo_refcnt != 0); 9562 9563 for (i = 0; i < dp->dtdo_varlen; i++) { 9564 dtrace_difv_t *v = &dp->dtdo_vartab[i]; 9565 9566 if (v->dtdv_id != DIF_VAR_VTIMESTAMP) 9567 continue; 9568 9569 ASSERT(dtrace_vtime_references > 0); 9570 if (--dtrace_vtime_references == 0) 9571 dtrace_vtime_disable(); 9572 } 9573 9574 if (--dp->dtdo_refcnt == 0) 9575 dtrace_difo_destroy(dp, vstate); 9576} 9577 9578/* 9579 * DTrace Format Functions 9580 */ 9581static uint16_t 9582dtrace_format_add(dtrace_state_t *state, char *str) 9583{ 9584 char *fmt, **new; 9585 uint16_t ndx, len = strlen(str) + 1; 9586 9587 fmt = kmem_zalloc(len, KM_SLEEP); 9588 bcopy(str, fmt, len); 9589 9590 for (ndx = 0; ndx < state->dts_nformats; ndx++) { 9591 if (state->dts_formats[ndx] == NULL) { 9592 state->dts_formats[ndx] = fmt; 9593 return (ndx + 1); 9594 } 9595 } 9596 9597 if (state->dts_nformats == USHRT_MAX) { 9598 /* 9599 * This is only likely if a denial-of-service attack is being 9600 * attempted. As such, it's okay to fail silently here. 9601 */ 9602 kmem_free(fmt, len); 9603 return (0); 9604 } 9605 9606 /* 9607 * For simplicity, we always resize the formats array to be exactly the 9608 * number of formats. 9609 */ 9610 ndx = state->dts_nformats++; 9611 new = kmem_alloc((ndx + 1) * sizeof (char *), KM_SLEEP); 9612 9613 if (state->dts_formats != NULL) { 9614 ASSERT(ndx != 0); 9615 bcopy(state->dts_formats, new, ndx * sizeof (char *)); 9616 kmem_free(state->dts_formats, ndx * sizeof (char *)); 9617 } 9618 9619 state->dts_formats = new; 9620 state->dts_formats[ndx] = fmt; 9621 9622 return (ndx + 1); 9623} 9624 9625static void 9626dtrace_format_remove(dtrace_state_t *state, uint16_t format) 9627{ 9628 char *fmt; 9629 9630 ASSERT(state->dts_formats != NULL); 9631 ASSERT(format <= state->dts_nformats); 9632 ASSERT(state->dts_formats[format - 1] != NULL); 9633 9634 fmt = state->dts_formats[format - 1]; 9635 kmem_free(fmt, strlen(fmt) + 1); 9636 state->dts_formats[format - 1] = NULL; 9637} 9638 9639static void 9640dtrace_format_destroy(dtrace_state_t *state) 9641{ 9642 int i; 9643 9644 if (state->dts_nformats == 0) { 9645 ASSERT(state->dts_formats == NULL); 9646 return; 9647 } 9648 9649 ASSERT(state->dts_formats != NULL); 9650 9651 for (i = 0; i < state->dts_nformats; i++) { 9652 char *fmt = state->dts_formats[i]; 9653 9654 if (fmt == NULL) 9655 continue; 9656 9657 kmem_free(fmt, strlen(fmt) + 1); 9658 } 9659 9660 kmem_free(state->dts_formats, state->dts_nformats * sizeof (char *)); 9661 state->dts_nformats = 0; 9662 state->dts_formats = NULL; 9663} 9664 9665/* 9666 * DTrace Predicate Functions 9667 */ 9668static dtrace_predicate_t * 9669dtrace_predicate_create(dtrace_difo_t *dp) 9670{ 9671 dtrace_predicate_t *pred; 9672 9673 ASSERT(MUTEX_HELD(&dtrace_lock)); 9674 ASSERT(dp->dtdo_refcnt != 0); 9675 9676 pred = kmem_zalloc(sizeof (dtrace_predicate_t), KM_SLEEP); 9677 pred->dtp_difo = dp; 9678 pred->dtp_refcnt = 1; 9679 9680 if (!dtrace_difo_cacheable(dp)) 9681 return (pred); 9682 9683 if (dtrace_predcache_id == DTRACE_CACHEIDNONE) { 9684 /* 9685 * This is only theoretically possible -- we have had 2^32 9686 * cacheable predicates on this machine. We cannot allow any 9687 * more predicates to become cacheable: as unlikely as it is, 9688 * there may be a thread caching a (now stale) predicate cache 9689 * ID. (N.B.: the temptation is being successfully resisted to 9690 * have this cmn_err() "Holy shit -- we executed this code!") 9691 */ 9692 return (pred); 9693 } 9694 9695 pred->dtp_cacheid = dtrace_predcache_id++; 9696 9697 return (pred); 9698} 9699 9700static void 9701dtrace_predicate_hold(dtrace_predicate_t *pred) 9702{ 9703 ASSERT(MUTEX_HELD(&dtrace_lock)); 9704 ASSERT(pred->dtp_difo != NULL && pred->dtp_difo->dtdo_refcnt != 0); 9705 ASSERT(pred->dtp_refcnt > 0); 9706 9707 pred->dtp_refcnt++; 9708} 9709 9710static void 9711dtrace_predicate_release(dtrace_predicate_t *pred, dtrace_vstate_t *vstate) 9712{ 9713 dtrace_difo_t *dp = pred->dtp_difo; 9714 9715 ASSERT(MUTEX_HELD(&dtrace_lock)); 9716 ASSERT(dp != NULL && dp->dtdo_refcnt != 0); 9717 ASSERT(pred->dtp_refcnt > 0); 9718 9719 if (--pred->dtp_refcnt == 0) { 9720 dtrace_difo_release(pred->dtp_difo, vstate); 9721 kmem_free(pred, sizeof (dtrace_predicate_t)); 9722 } 9723} 9724 9725/* 9726 * DTrace Action Description Functions 9727 */ 9728static dtrace_actdesc_t * 9729dtrace_actdesc_create(dtrace_actkind_t kind, uint32_t ntuple, 9730 uint64_t uarg, uint64_t arg) 9731{ 9732 dtrace_actdesc_t *act; 9733 9734#if defined(sun) 9735 ASSERT(!DTRACEACT_ISPRINTFLIKE(kind) || (arg != NULL && 9736 arg >= KERNELBASE) || (arg == NULL && kind == DTRACEACT_PRINTA)); 9737#endif 9738 9739 act = kmem_zalloc(sizeof (dtrace_actdesc_t), KM_SLEEP); 9740 act->dtad_kind = kind; 9741 act->dtad_ntuple = ntuple; 9742 act->dtad_uarg = uarg; 9743 act->dtad_arg = arg; 9744 act->dtad_refcnt = 1; 9745 9746 return (act); 9747} 9748 9749static void 9750dtrace_actdesc_hold(dtrace_actdesc_t *act) 9751{ 9752 ASSERT(act->dtad_refcnt >= 1); 9753 act->dtad_refcnt++; 9754} 9755 9756static void 9757dtrace_actdesc_release(dtrace_actdesc_t *act, dtrace_vstate_t *vstate) 9758{ 9759 dtrace_actkind_t kind = act->dtad_kind; 9760 dtrace_difo_t *dp; 9761 9762 ASSERT(act->dtad_refcnt >= 1); 9763 9764 if (--act->dtad_refcnt != 0) 9765 return; 9766 9767 if ((dp = act->dtad_difo) != NULL) 9768 dtrace_difo_release(dp, vstate); 9769 9770 if (DTRACEACT_ISPRINTFLIKE(kind)) { 9771 char *str = (char *)(uintptr_t)act->dtad_arg; 9772 9773#if defined(sun) 9774 ASSERT((str != NULL && (uintptr_t)str >= KERNELBASE) || 9775 (str == NULL && act->dtad_kind == DTRACEACT_PRINTA)); 9776#endif 9777 9778 if (str != NULL) 9779 kmem_free(str, strlen(str) + 1); 9780 } 9781 9782 kmem_free(act, sizeof (dtrace_actdesc_t)); 9783} 9784 9785/* 9786 * DTrace ECB Functions 9787 */ 9788static dtrace_ecb_t * 9789dtrace_ecb_add(dtrace_state_t *state, dtrace_probe_t *probe) 9790{ 9791 dtrace_ecb_t *ecb; 9792 dtrace_epid_t epid; 9793 9794 ASSERT(MUTEX_HELD(&dtrace_lock)); 9795 9796 ecb = kmem_zalloc(sizeof (dtrace_ecb_t), KM_SLEEP); 9797 ecb->dte_predicate = NULL; 9798 ecb->dte_probe = probe; 9799 9800 /* 9801 * The default size is the size of the default action: recording 9802 * the header. 9803 */ 9804 ecb->dte_size = ecb->dte_needed = sizeof (dtrace_rechdr_t); 9805 ecb->dte_alignment = sizeof (dtrace_epid_t); 9806 9807 epid = state->dts_epid++; 9808 9809 if (epid - 1 >= state->dts_necbs) { 9810 dtrace_ecb_t **oecbs = state->dts_ecbs, **ecbs; 9811 int necbs = state->dts_necbs << 1; 9812 9813 ASSERT(epid == state->dts_necbs + 1); 9814 9815 if (necbs == 0) { 9816 ASSERT(oecbs == NULL); 9817 necbs = 1; 9818 } 9819 9820 ecbs = kmem_zalloc(necbs * sizeof (*ecbs), KM_SLEEP); 9821 9822 if (oecbs != NULL) 9823 bcopy(oecbs, ecbs, state->dts_necbs * sizeof (*ecbs)); 9824 9825 dtrace_membar_producer(); 9826 state->dts_ecbs = ecbs; 9827 9828 if (oecbs != NULL) { 9829 /* 9830 * If this state is active, we must dtrace_sync() 9831 * before we can free the old dts_ecbs array: we're 9832 * coming in hot, and there may be active ring 9833 * buffer processing (which indexes into the dts_ecbs 9834 * array) on another CPU. 9835 */ 9836 if (state->dts_activity != DTRACE_ACTIVITY_INACTIVE) 9837 dtrace_sync(); 9838 9839 kmem_free(oecbs, state->dts_necbs * sizeof (*ecbs)); 9840 } 9841 9842 dtrace_membar_producer(); 9843 state->dts_necbs = necbs; 9844 } 9845 9846 ecb->dte_state = state; 9847 9848 ASSERT(state->dts_ecbs[epid - 1] == NULL); 9849 dtrace_membar_producer(); 9850 state->dts_ecbs[(ecb->dte_epid = epid) - 1] = ecb; 9851 9852 return (ecb); 9853} 9854 9855static void 9856dtrace_ecb_enable(dtrace_ecb_t *ecb) 9857{ 9858 dtrace_probe_t *probe = ecb->dte_probe; 9859 9860 ASSERT(MUTEX_HELD(&cpu_lock)); 9861 ASSERT(MUTEX_HELD(&dtrace_lock)); 9862 ASSERT(ecb->dte_next == NULL); 9863 9864 if (probe == NULL) { 9865 /* 9866 * This is the NULL probe -- there's nothing to do. 9867 */ 9868 return; 9869 } 9870 9871 if (probe->dtpr_ecb == NULL) { 9872 dtrace_provider_t *prov = probe->dtpr_provider; 9873 9874 /* 9875 * We're the first ECB on this probe. 9876 */ 9877 probe->dtpr_ecb = probe->dtpr_ecb_last = ecb; 9878 9879 if (ecb->dte_predicate != NULL) 9880 probe->dtpr_predcache = ecb->dte_predicate->dtp_cacheid; 9881 9882 prov->dtpv_pops.dtps_enable(prov->dtpv_arg, 9883 probe->dtpr_id, probe->dtpr_arg); 9884 } else { 9885 /* 9886 * This probe is already active. Swing the last pointer to 9887 * point to the new ECB, and issue a dtrace_sync() to assure 9888 * that all CPUs have seen the change. 9889 */ 9890 ASSERT(probe->dtpr_ecb_last != NULL); 9891 probe->dtpr_ecb_last->dte_next = ecb; 9892 probe->dtpr_ecb_last = ecb; 9893 probe->dtpr_predcache = 0; 9894 9895 dtrace_sync(); 9896 } 9897} 9898 9899static void 9900dtrace_ecb_resize(dtrace_ecb_t *ecb) 9901{ 9902 dtrace_action_t *act; 9903 uint32_t curneeded = UINT32_MAX; 9904 uint32_t aggbase = UINT32_MAX; 9905 9906 /* 9907 * If we record anything, we always record the dtrace_rechdr_t. (And 9908 * we always record it first.) 9909 */ 9910 ecb->dte_size = sizeof (dtrace_rechdr_t); 9911 ecb->dte_alignment = sizeof (dtrace_epid_t); 9912 9913 for (act = ecb->dte_action; act != NULL; act = act->dta_next) { 9914 dtrace_recdesc_t *rec = &act->dta_rec; 9915 ASSERT(rec->dtrd_size > 0 || rec->dtrd_alignment == 1); 9916 9917 ecb->dte_alignment = MAX(ecb->dte_alignment, 9918 rec->dtrd_alignment); 9919 9920 if (DTRACEACT_ISAGG(act->dta_kind)) { 9921 dtrace_aggregation_t *agg = (dtrace_aggregation_t *)act; 9922 9923 ASSERT(rec->dtrd_size != 0); 9924 ASSERT(agg->dtag_first != NULL); 9925 ASSERT(act->dta_prev->dta_intuple); 9926 ASSERT(aggbase != UINT32_MAX); 9927 ASSERT(curneeded != UINT32_MAX); 9928 9929 agg->dtag_base = aggbase; 9930 9931 curneeded = P2ROUNDUP(curneeded, rec->dtrd_alignment); 9932 rec->dtrd_offset = curneeded; 9933 curneeded += rec->dtrd_size; 9934 ecb->dte_needed = MAX(ecb->dte_needed, curneeded); 9935 9936 aggbase = UINT32_MAX; 9937 curneeded = UINT32_MAX; 9938 } else if (act->dta_intuple) { 9939 if (curneeded == UINT32_MAX) { 9940 /* 9941 * This is the first record in a tuple. Align 9942 * curneeded to be at offset 4 in an 8-byte 9943 * aligned block. 9944 */ 9945 ASSERT(act->dta_prev == NULL || 9946 !act->dta_prev->dta_intuple); 9947 ASSERT3U(aggbase, ==, UINT32_MAX); 9948 curneeded = P2PHASEUP(ecb->dte_size, 9949 sizeof (uint64_t), sizeof (dtrace_aggid_t)); 9950 9951 aggbase = curneeded - sizeof (dtrace_aggid_t); 9952 ASSERT(IS_P2ALIGNED(aggbase, 9953 sizeof (uint64_t))); 9954 } 9955 curneeded = P2ROUNDUP(curneeded, rec->dtrd_alignment); 9956 rec->dtrd_offset = curneeded; 9957 curneeded += rec->dtrd_size; 9958 } else { 9959 /* tuples must be followed by an aggregation */ 9960 ASSERT(act->dta_prev == NULL || 9961 !act->dta_prev->dta_intuple); 9962 9963 ecb->dte_size = P2ROUNDUP(ecb->dte_size, 9964 rec->dtrd_alignment); 9965 rec->dtrd_offset = ecb->dte_size; 9966 ecb->dte_size += rec->dtrd_size; 9967 ecb->dte_needed = MAX(ecb->dte_needed, ecb->dte_size); 9968 } 9969 } 9970 9971 if ((act = ecb->dte_action) != NULL && 9972 !(act->dta_kind == DTRACEACT_SPECULATE && act->dta_next == NULL) && 9973 ecb->dte_size == sizeof (dtrace_rechdr_t)) { 9974 /* 9975 * If the size is still sizeof (dtrace_rechdr_t), then all 9976 * actions store no data; set the size to 0. 9977 */ 9978 ecb->dte_size = 0; 9979 } 9980 9981 ecb->dte_size = P2ROUNDUP(ecb->dte_size, sizeof (dtrace_epid_t)); 9982 ecb->dte_needed = P2ROUNDUP(ecb->dte_needed, (sizeof (dtrace_epid_t))); 9983 ecb->dte_state->dts_needed = MAX(ecb->dte_state->dts_needed, 9984 ecb->dte_needed); 9985} 9986 9987static dtrace_action_t * 9988dtrace_ecb_aggregation_create(dtrace_ecb_t *ecb, dtrace_actdesc_t *desc) 9989{ 9990 dtrace_aggregation_t *agg; 9991 size_t size = sizeof (uint64_t); 9992 int ntuple = desc->dtad_ntuple; 9993 dtrace_action_t *act; 9994 dtrace_recdesc_t *frec; 9995 dtrace_aggid_t aggid; 9996 dtrace_state_t *state = ecb->dte_state; 9997 9998 agg = kmem_zalloc(sizeof (dtrace_aggregation_t), KM_SLEEP); 9999 agg->dtag_ecb = ecb; 10000 10001 ASSERT(DTRACEACT_ISAGG(desc->dtad_kind)); 10002 10003 switch (desc->dtad_kind) { 10004 case DTRACEAGG_MIN: 10005 agg->dtag_initial = INT64_MAX; 10006 agg->dtag_aggregate = dtrace_aggregate_min; 10007 break; 10008 10009 case DTRACEAGG_MAX: 10010 agg->dtag_initial = INT64_MIN; 10011 agg->dtag_aggregate = dtrace_aggregate_max; 10012 break; 10013 10014 case DTRACEAGG_COUNT: 10015 agg->dtag_aggregate = dtrace_aggregate_count; 10016 break; 10017 10018 case DTRACEAGG_QUANTIZE: 10019 agg->dtag_aggregate = dtrace_aggregate_quantize; 10020 size = (((sizeof (uint64_t) * NBBY) - 1) * 2 + 1) * 10021 sizeof (uint64_t); 10022 break; 10023 10024 case DTRACEAGG_LQUANTIZE: { 10025 uint16_t step = DTRACE_LQUANTIZE_STEP(desc->dtad_arg); 10026 uint16_t levels = DTRACE_LQUANTIZE_LEVELS(desc->dtad_arg); 10027 10028 agg->dtag_initial = desc->dtad_arg; 10029 agg->dtag_aggregate = dtrace_aggregate_lquantize; 10030 10031 if (step == 0 || levels == 0) 10032 goto err; 10033 10034 size = levels * sizeof (uint64_t) + 3 * sizeof (uint64_t); 10035 break; 10036 } 10037 10038 case DTRACEAGG_LLQUANTIZE: { 10039 uint16_t factor = DTRACE_LLQUANTIZE_FACTOR(desc->dtad_arg); 10040 uint16_t low = DTRACE_LLQUANTIZE_LOW(desc->dtad_arg); 10041 uint16_t high = DTRACE_LLQUANTIZE_HIGH(desc->dtad_arg); 10042 uint16_t nsteps = DTRACE_LLQUANTIZE_NSTEP(desc->dtad_arg); 10043 int64_t v; 10044 10045 agg->dtag_initial = desc->dtad_arg; 10046 agg->dtag_aggregate = dtrace_aggregate_llquantize; 10047 10048 if (factor < 2 || low >= high || nsteps < factor) 10049 goto err; 10050 10051 /* 10052 * Now check that the number of steps evenly divides a power 10053 * of the factor. (This assures both integer bucket size and 10054 * linearity within each magnitude.) 10055 */ 10056 for (v = factor; v < nsteps; v *= factor) 10057 continue; 10058 10059 if ((v % nsteps) || (nsteps % factor)) 10060 goto err; 10061 10062 size = (dtrace_aggregate_llquantize_bucket(factor, 10063 low, high, nsteps, INT64_MAX) + 2) * sizeof (uint64_t); 10064 break; 10065 } 10066 10067 case DTRACEAGG_AVG: 10068 agg->dtag_aggregate = dtrace_aggregate_avg; 10069 size = sizeof (uint64_t) * 2; 10070 break; 10071 10072 case DTRACEAGG_STDDEV: 10073 agg->dtag_aggregate = dtrace_aggregate_stddev; 10074 size = sizeof (uint64_t) * 4; 10075 break; 10076 10077 case DTRACEAGG_SUM: 10078 agg->dtag_aggregate = dtrace_aggregate_sum; 10079 break; 10080 10081 default: 10082 goto err; 10083 } 10084 10085 agg->dtag_action.dta_rec.dtrd_size = size; 10086 10087 if (ntuple == 0) 10088 goto err; 10089 10090 /* 10091 * We must make sure that we have enough actions for the n-tuple. 10092 */ 10093 for (act = ecb->dte_action_last; act != NULL; act = act->dta_prev) { 10094 if (DTRACEACT_ISAGG(act->dta_kind)) 10095 break; 10096 10097 if (--ntuple == 0) { 10098 /* 10099 * This is the action with which our n-tuple begins. 10100 */ 10101 agg->dtag_first = act; 10102 goto success; 10103 } 10104 } 10105 10106 /* 10107 * This n-tuple is short by ntuple elements. Return failure. 10108 */ 10109 ASSERT(ntuple != 0); 10110err: 10111 kmem_free(agg, sizeof (dtrace_aggregation_t)); 10112 return (NULL); 10113 10114success: 10115 /* 10116 * If the last action in the tuple has a size of zero, it's actually 10117 * an expression argument for the aggregating action. 10118 */ 10119 ASSERT(ecb->dte_action_last != NULL); 10120 act = ecb->dte_action_last; 10121 10122 if (act->dta_kind == DTRACEACT_DIFEXPR) { 10123 ASSERT(act->dta_difo != NULL); 10124 10125 if (act->dta_difo->dtdo_rtype.dtdt_size == 0) 10126 agg->dtag_hasarg = 1; 10127 } 10128 10129 /* 10130 * We need to allocate an id for this aggregation. 10131 */ 10132#if defined(sun) 10133 aggid = (dtrace_aggid_t)(uintptr_t)vmem_alloc(state->dts_aggid_arena, 1, 10134 VM_BESTFIT | VM_SLEEP); 10135#else 10136 aggid = alloc_unr(state->dts_aggid_arena); 10137#endif 10138 10139 if (aggid - 1 >= state->dts_naggregations) { 10140 dtrace_aggregation_t **oaggs = state->dts_aggregations; 10141 dtrace_aggregation_t **aggs; 10142 int naggs = state->dts_naggregations << 1; 10143 int onaggs = state->dts_naggregations; 10144 10145 ASSERT(aggid == state->dts_naggregations + 1); 10146 10147 if (naggs == 0) { 10148 ASSERT(oaggs == NULL); 10149 naggs = 1; 10150 } 10151 10152 aggs = kmem_zalloc(naggs * sizeof (*aggs), KM_SLEEP); 10153 10154 if (oaggs != NULL) { 10155 bcopy(oaggs, aggs, onaggs * sizeof (*aggs)); 10156 kmem_free(oaggs, onaggs * sizeof (*aggs)); 10157 } 10158 10159 state->dts_aggregations = aggs; 10160 state->dts_naggregations = naggs; 10161 } 10162 10163 ASSERT(state->dts_aggregations[aggid - 1] == NULL); 10164 state->dts_aggregations[(agg->dtag_id = aggid) - 1] = agg; 10165 10166 frec = &agg->dtag_first->dta_rec; 10167 if (frec->dtrd_alignment < sizeof (dtrace_aggid_t)) 10168 frec->dtrd_alignment = sizeof (dtrace_aggid_t); 10169 10170 for (act = agg->dtag_first; act != NULL; act = act->dta_next) { 10171 ASSERT(!act->dta_intuple); 10172 act->dta_intuple = 1; 10173 } 10174 10175 return (&agg->dtag_action); 10176} 10177 10178static void 10179dtrace_ecb_aggregation_destroy(dtrace_ecb_t *ecb, dtrace_action_t *act) 10180{ 10181 dtrace_aggregation_t *agg = (dtrace_aggregation_t *)act; 10182 dtrace_state_t *state = ecb->dte_state; 10183 dtrace_aggid_t aggid = agg->dtag_id; 10184 10185 ASSERT(DTRACEACT_ISAGG(act->dta_kind)); 10186#if defined(sun) 10187 vmem_free(state->dts_aggid_arena, (void *)(uintptr_t)aggid, 1); 10188#else 10189 free_unr(state->dts_aggid_arena, aggid); 10190#endif 10191 10192 ASSERT(state->dts_aggregations[aggid - 1] == agg); 10193 state->dts_aggregations[aggid - 1] = NULL; 10194 10195 kmem_free(agg, sizeof (dtrace_aggregation_t)); 10196} 10197 10198static int 10199dtrace_ecb_action_add(dtrace_ecb_t *ecb, dtrace_actdesc_t *desc) 10200{ 10201 dtrace_action_t *action, *last; 10202 dtrace_difo_t *dp = desc->dtad_difo; 10203 uint32_t size = 0, align = sizeof (uint8_t), mask; 10204 uint16_t format = 0; 10205 dtrace_recdesc_t *rec; 10206 dtrace_state_t *state = ecb->dte_state; 10207 dtrace_optval_t *opt = state->dts_options, nframes = 0, strsize; 10208 uint64_t arg = desc->dtad_arg; 10209 10210 ASSERT(MUTEX_HELD(&dtrace_lock)); 10211 ASSERT(ecb->dte_action == NULL || ecb->dte_action->dta_refcnt == 1); 10212 10213 if (DTRACEACT_ISAGG(desc->dtad_kind)) { 10214 /* 10215 * If this is an aggregating action, there must be neither 10216 * a speculate nor a commit on the action chain. 10217 */ 10218 dtrace_action_t *act; 10219 10220 for (act = ecb->dte_action; act != NULL; act = act->dta_next) { 10221 if (act->dta_kind == DTRACEACT_COMMIT) 10222 return (EINVAL); 10223 10224 if (act->dta_kind == DTRACEACT_SPECULATE) 10225 return (EINVAL); 10226 } 10227 10228 action = dtrace_ecb_aggregation_create(ecb, desc); 10229 10230 if (action == NULL) 10231 return (EINVAL); 10232 } else { 10233 if (DTRACEACT_ISDESTRUCTIVE(desc->dtad_kind) || 10234 (desc->dtad_kind == DTRACEACT_DIFEXPR && 10235 dp != NULL && dp->dtdo_destructive)) { 10236 state->dts_destructive = 1; 10237 } 10238 10239 switch (desc->dtad_kind) { 10240 case DTRACEACT_PRINTF: 10241 case DTRACEACT_PRINTA: 10242 case DTRACEACT_SYSTEM: 10243 case DTRACEACT_FREOPEN: 10244 case DTRACEACT_DIFEXPR: 10245 /* 10246 * We know that our arg is a string -- turn it into a 10247 * format. 10248 */ 10249 if (arg == 0) { 10250 ASSERT(desc->dtad_kind == DTRACEACT_PRINTA || 10251 desc->dtad_kind == DTRACEACT_DIFEXPR); 10252 format = 0; 10253 } else { 10254 ASSERT(arg != 0); 10255#if defined(sun) 10256 ASSERT(arg > KERNELBASE); 10257#endif 10258 format = dtrace_format_add(state, 10259 (char *)(uintptr_t)arg); 10260 } 10261 10262 /*FALLTHROUGH*/ 10263 case DTRACEACT_LIBACT: 10264 case DTRACEACT_TRACEMEM: 10265 case DTRACEACT_TRACEMEM_DYNSIZE: 10266 if (dp == NULL) 10267 return (EINVAL); 10268 10269 if ((size = dp->dtdo_rtype.dtdt_size) != 0) 10270 break; 10271 10272 if (dp->dtdo_rtype.dtdt_kind == DIF_TYPE_STRING) { 10273 if (!(dp->dtdo_rtype.dtdt_flags & DIF_TF_BYREF)) 10274 return (EINVAL); 10275 10276 size = opt[DTRACEOPT_STRSIZE]; 10277 } 10278 10279 break; 10280 10281 case DTRACEACT_STACK: 10282 if ((nframes = arg) == 0) { 10283 nframes = opt[DTRACEOPT_STACKFRAMES]; 10284 ASSERT(nframes > 0); 10285 arg = nframes; 10286 } 10287 10288 size = nframes * sizeof (pc_t); 10289 break; 10290 10291 case DTRACEACT_JSTACK: 10292 if ((strsize = DTRACE_USTACK_STRSIZE(arg)) == 0) 10293 strsize = opt[DTRACEOPT_JSTACKSTRSIZE]; 10294 10295 if ((nframes = DTRACE_USTACK_NFRAMES(arg)) == 0) 10296 nframes = opt[DTRACEOPT_JSTACKFRAMES]; 10297 10298 arg = DTRACE_USTACK_ARG(nframes, strsize); 10299 10300 /*FALLTHROUGH*/ 10301 case DTRACEACT_USTACK: 10302 if (desc->dtad_kind != DTRACEACT_JSTACK && 10303 (nframes = DTRACE_USTACK_NFRAMES(arg)) == 0) { 10304 strsize = DTRACE_USTACK_STRSIZE(arg); 10305 nframes = opt[DTRACEOPT_USTACKFRAMES]; 10306 ASSERT(nframes > 0); 10307 arg = DTRACE_USTACK_ARG(nframes, strsize); 10308 } 10309 10310 /* 10311 * Save a slot for the pid. 10312 */ 10313 size = (nframes + 1) * sizeof (uint64_t); 10314 size += DTRACE_USTACK_STRSIZE(arg); 10315 size = P2ROUNDUP(size, (uint32_t)(sizeof (uintptr_t))); 10316 10317 break; 10318 10319 case DTRACEACT_SYM: 10320 case DTRACEACT_MOD: 10321 if (dp == NULL || ((size = dp->dtdo_rtype.dtdt_size) != 10322 sizeof (uint64_t)) || 10323 (dp->dtdo_rtype.dtdt_flags & DIF_TF_BYREF)) 10324 return (EINVAL); 10325 break; 10326 10327 case DTRACEACT_USYM: 10328 case DTRACEACT_UMOD: 10329 case DTRACEACT_UADDR: 10330 if (dp == NULL || 10331 (dp->dtdo_rtype.dtdt_size != sizeof (uint64_t)) || 10332 (dp->dtdo_rtype.dtdt_flags & DIF_TF_BYREF)) 10333 return (EINVAL); 10334 10335 /* 10336 * We have a slot for the pid, plus a slot for the 10337 * argument. To keep things simple (aligned with 10338 * bitness-neutral sizing), we store each as a 64-bit 10339 * quantity. 10340 */ 10341 size = 2 * sizeof (uint64_t); 10342 break; 10343 10344 case DTRACEACT_STOP: 10345 case DTRACEACT_BREAKPOINT: 10346 case DTRACEACT_PANIC: 10347 break; 10348 10349 case DTRACEACT_CHILL: 10350 case DTRACEACT_DISCARD: 10351 case DTRACEACT_RAISE: 10352 if (dp == NULL) 10353 return (EINVAL); 10354 break; 10355 10356 case DTRACEACT_EXIT: 10357 if (dp == NULL || 10358 (size = dp->dtdo_rtype.dtdt_size) != sizeof (int) || 10359 (dp->dtdo_rtype.dtdt_flags & DIF_TF_BYREF)) 10360 return (EINVAL); 10361 break; 10362 10363 case DTRACEACT_SPECULATE: 10364 if (ecb->dte_size > sizeof (dtrace_rechdr_t)) 10365 return (EINVAL); 10366 10367 if (dp == NULL) 10368 return (EINVAL); 10369 10370 state->dts_speculates = 1; 10371 break; 10372 10373 case DTRACEACT_PRINTM: 10374 size = dp->dtdo_rtype.dtdt_size; 10375 break; 10376 10377 case DTRACEACT_PRINTT: 10378 size = dp->dtdo_rtype.dtdt_size; 10379 break; 10380 10381 case DTRACEACT_COMMIT: { 10382 dtrace_action_t *act = ecb->dte_action; 10383 10384 for (; act != NULL; act = act->dta_next) { 10385 if (act->dta_kind == DTRACEACT_COMMIT) 10386 return (EINVAL); 10387 } 10388 10389 if (dp == NULL) 10390 return (EINVAL); 10391 break; 10392 } 10393 10394 default: 10395 return (EINVAL); 10396 } 10397 10398 if (size != 0 || desc->dtad_kind == DTRACEACT_SPECULATE) { 10399 /* 10400 * If this is a data-storing action or a speculate, 10401 * we must be sure that there isn't a commit on the 10402 * action chain. 10403 */ 10404 dtrace_action_t *act = ecb->dte_action; 10405 10406 for (; act != NULL; act = act->dta_next) { 10407 if (act->dta_kind == DTRACEACT_COMMIT) 10408 return (EINVAL); 10409 } 10410 } 10411 10412 action = kmem_zalloc(sizeof (dtrace_action_t), KM_SLEEP); 10413 action->dta_rec.dtrd_size = size; 10414 } 10415 10416 action->dta_refcnt = 1; 10417 rec = &action->dta_rec; 10418 size = rec->dtrd_size; 10419 10420 for (mask = sizeof (uint64_t) - 1; size != 0 && mask > 0; mask >>= 1) { 10421 if (!(size & mask)) { 10422 align = mask + 1; 10423 break; 10424 } 10425 } 10426 10427 action->dta_kind = desc->dtad_kind; 10428 10429 if ((action->dta_difo = dp) != NULL) 10430 dtrace_difo_hold(dp); 10431 10432 rec->dtrd_action = action->dta_kind; 10433 rec->dtrd_arg = arg; 10434 rec->dtrd_uarg = desc->dtad_uarg; 10435 rec->dtrd_alignment = (uint16_t)align; 10436 rec->dtrd_format = format; 10437 10438 if ((last = ecb->dte_action_last) != NULL) { 10439 ASSERT(ecb->dte_action != NULL); 10440 action->dta_prev = last; 10441 last->dta_next = action; 10442 } else { 10443 ASSERT(ecb->dte_action == NULL); 10444 ecb->dte_action = action; 10445 } 10446 10447 ecb->dte_action_last = action; 10448 10449 return (0); 10450} 10451 10452static void 10453dtrace_ecb_action_remove(dtrace_ecb_t *ecb) 10454{ 10455 dtrace_action_t *act = ecb->dte_action, *next; 10456 dtrace_vstate_t *vstate = &ecb->dte_state->dts_vstate; 10457 dtrace_difo_t *dp; 10458 uint16_t format; 10459 10460 if (act != NULL && act->dta_refcnt > 1) { 10461 ASSERT(act->dta_next == NULL || act->dta_next->dta_refcnt == 1); 10462 act->dta_refcnt--; 10463 } else { 10464 for (; act != NULL; act = next) { 10465 next = act->dta_next; 10466 ASSERT(next != NULL || act == ecb->dte_action_last); 10467 ASSERT(act->dta_refcnt == 1); 10468 10469 if ((format = act->dta_rec.dtrd_format) != 0) 10470 dtrace_format_remove(ecb->dte_state, format); 10471 10472 if ((dp = act->dta_difo) != NULL) 10473 dtrace_difo_release(dp, vstate); 10474 10475 if (DTRACEACT_ISAGG(act->dta_kind)) { 10476 dtrace_ecb_aggregation_destroy(ecb, act); 10477 } else { 10478 kmem_free(act, sizeof (dtrace_action_t)); 10479 } 10480 } 10481 } 10482 10483 ecb->dte_action = NULL; 10484 ecb->dte_action_last = NULL; 10485 ecb->dte_size = 0; 10486} 10487 10488static void 10489dtrace_ecb_disable(dtrace_ecb_t *ecb) 10490{ 10491 /* 10492 * We disable the ECB by removing it from its probe. 10493 */ 10494 dtrace_ecb_t *pecb, *prev = NULL; 10495 dtrace_probe_t *probe = ecb->dte_probe; 10496 10497 ASSERT(MUTEX_HELD(&dtrace_lock)); 10498 10499 if (probe == NULL) { 10500 /* 10501 * This is the NULL probe; there is nothing to disable. 10502 */ 10503 return; 10504 } 10505 10506 for (pecb = probe->dtpr_ecb; pecb != NULL; pecb = pecb->dte_next) { 10507 if (pecb == ecb) 10508 break; 10509 prev = pecb; 10510 } 10511 10512 ASSERT(pecb != NULL); 10513 10514 if (prev == NULL) { 10515 probe->dtpr_ecb = ecb->dte_next; 10516 } else { 10517 prev->dte_next = ecb->dte_next; 10518 } 10519 10520 if (ecb == probe->dtpr_ecb_last) { 10521 ASSERT(ecb->dte_next == NULL); 10522 probe->dtpr_ecb_last = prev; 10523 } 10524 10525 /* 10526 * The ECB has been disconnected from the probe; now sync to assure 10527 * that all CPUs have seen the change before returning. 10528 */ 10529 dtrace_sync(); 10530 10531 if (probe->dtpr_ecb == NULL) { 10532 /* 10533 * That was the last ECB on the probe; clear the predicate 10534 * cache ID for the probe, disable it and sync one more time 10535 * to assure that we'll never hit it again. 10536 */ 10537 dtrace_provider_t *prov = probe->dtpr_provider; 10538 10539 ASSERT(ecb->dte_next == NULL); 10540 ASSERT(probe->dtpr_ecb_last == NULL); 10541 probe->dtpr_predcache = DTRACE_CACHEIDNONE; 10542 prov->dtpv_pops.dtps_disable(prov->dtpv_arg, 10543 probe->dtpr_id, probe->dtpr_arg); 10544 dtrace_sync(); 10545 } else { 10546 /* 10547 * There is at least one ECB remaining on the probe. If there 10548 * is _exactly_ one, set the probe's predicate cache ID to be 10549 * the predicate cache ID of the remaining ECB. 10550 */ 10551 ASSERT(probe->dtpr_ecb_last != NULL); 10552 ASSERT(probe->dtpr_predcache == DTRACE_CACHEIDNONE); 10553 10554 if (probe->dtpr_ecb == probe->dtpr_ecb_last) { 10555 dtrace_predicate_t *p = probe->dtpr_ecb->dte_predicate; 10556 10557 ASSERT(probe->dtpr_ecb->dte_next == NULL); 10558 10559 if (p != NULL) 10560 probe->dtpr_predcache = p->dtp_cacheid; 10561 } 10562 10563 ecb->dte_next = NULL; 10564 } 10565} 10566 10567static void 10568dtrace_ecb_destroy(dtrace_ecb_t *ecb) 10569{ 10570 dtrace_state_t *state = ecb->dte_state; 10571 dtrace_vstate_t *vstate = &state->dts_vstate; 10572 dtrace_predicate_t *pred; 10573 dtrace_epid_t epid = ecb->dte_epid; 10574 10575 ASSERT(MUTEX_HELD(&dtrace_lock)); 10576 ASSERT(ecb->dte_next == NULL); 10577 ASSERT(ecb->dte_probe == NULL || ecb->dte_probe->dtpr_ecb != ecb); 10578 10579 if ((pred = ecb->dte_predicate) != NULL) 10580 dtrace_predicate_release(pred, vstate); 10581 10582 dtrace_ecb_action_remove(ecb); 10583 10584 ASSERT(state->dts_ecbs[epid - 1] == ecb); 10585 state->dts_ecbs[epid - 1] = NULL; 10586 10587 kmem_free(ecb, sizeof (dtrace_ecb_t)); 10588} 10589 10590static dtrace_ecb_t * 10591dtrace_ecb_create(dtrace_state_t *state, dtrace_probe_t *probe, 10592 dtrace_enabling_t *enab) 10593{ 10594 dtrace_ecb_t *ecb; 10595 dtrace_predicate_t *pred; 10596 dtrace_actdesc_t *act; 10597 dtrace_provider_t *prov; 10598 dtrace_ecbdesc_t *desc = enab->dten_current; 10599 10600 ASSERT(MUTEX_HELD(&dtrace_lock)); 10601 ASSERT(state != NULL); 10602 10603 ecb = dtrace_ecb_add(state, probe); 10604 ecb->dte_uarg = desc->dted_uarg; 10605 10606 if ((pred = desc->dted_pred.dtpdd_predicate) != NULL) { 10607 dtrace_predicate_hold(pred); 10608 ecb->dte_predicate = pred; 10609 } 10610 10611 if (probe != NULL) { 10612 /* 10613 * If the provider shows more leg than the consumer is old 10614 * enough to see, we need to enable the appropriate implicit 10615 * predicate bits to prevent the ecb from activating at 10616 * revealing times. 10617 * 10618 * Providers specifying DTRACE_PRIV_USER at register time 10619 * are stating that they need the /proc-style privilege 10620 * model to be enforced, and this is what DTRACE_COND_OWNER 10621 * and DTRACE_COND_ZONEOWNER will then do at probe time. 10622 */ 10623 prov = probe->dtpr_provider; 10624 if (!(state->dts_cred.dcr_visible & DTRACE_CRV_ALLPROC) && 10625 (prov->dtpv_priv.dtpp_flags & DTRACE_PRIV_USER)) 10626 ecb->dte_cond |= DTRACE_COND_OWNER; 10627 10628 if (!(state->dts_cred.dcr_visible & DTRACE_CRV_ALLZONE) && 10629 (prov->dtpv_priv.dtpp_flags & DTRACE_PRIV_USER)) 10630 ecb->dte_cond |= DTRACE_COND_ZONEOWNER; 10631 10632 /* 10633 * If the provider shows us kernel innards and the user 10634 * is lacking sufficient privilege, enable the 10635 * DTRACE_COND_USERMODE implicit predicate. 10636 */ 10637 if (!(state->dts_cred.dcr_visible & DTRACE_CRV_KERNEL) && 10638 (prov->dtpv_priv.dtpp_flags & DTRACE_PRIV_KERNEL)) 10639 ecb->dte_cond |= DTRACE_COND_USERMODE; 10640 } 10641 10642 if (dtrace_ecb_create_cache != NULL) { 10643 /* 10644 * If we have a cached ecb, we'll use its action list instead 10645 * of creating our own (saving both time and space). 10646 */ 10647 dtrace_ecb_t *cached = dtrace_ecb_create_cache; 10648 dtrace_action_t *act = cached->dte_action; 10649 10650 if (act != NULL) { 10651 ASSERT(act->dta_refcnt > 0); 10652 act->dta_refcnt++; 10653 ecb->dte_action = act; 10654 ecb->dte_action_last = cached->dte_action_last; 10655 ecb->dte_needed = cached->dte_needed; 10656 ecb->dte_size = cached->dte_size; 10657 ecb->dte_alignment = cached->dte_alignment; 10658 } 10659 10660 return (ecb); 10661 } 10662 10663 for (act = desc->dted_action; act != NULL; act = act->dtad_next) { 10664 if ((enab->dten_error = dtrace_ecb_action_add(ecb, act)) != 0) { 10665 dtrace_ecb_destroy(ecb); 10666 return (NULL); 10667 } 10668 } 10669 10670 dtrace_ecb_resize(ecb); 10671 10672 return (dtrace_ecb_create_cache = ecb); 10673} 10674 10675static int 10676dtrace_ecb_create_enable(dtrace_probe_t *probe, void *arg) 10677{ 10678 dtrace_ecb_t *ecb; 10679 dtrace_enabling_t *enab = arg; 10680 dtrace_state_t *state = enab->dten_vstate->dtvs_state; 10681 10682 ASSERT(state != NULL); 10683 10684 if (probe != NULL && probe->dtpr_gen < enab->dten_probegen) { 10685 /* 10686 * This probe was created in a generation for which this 10687 * enabling has previously created ECBs; we don't want to 10688 * enable it again, so just kick out. 10689 */ 10690 return (DTRACE_MATCH_NEXT); 10691 } 10692 10693 if ((ecb = dtrace_ecb_create(state, probe, enab)) == NULL) 10694 return (DTRACE_MATCH_DONE); 10695 10696 dtrace_ecb_enable(ecb); 10697 return (DTRACE_MATCH_NEXT); 10698} 10699 10700static dtrace_ecb_t * 10701dtrace_epid2ecb(dtrace_state_t *state, dtrace_epid_t id) 10702{ 10703 dtrace_ecb_t *ecb; 10704 10705 ASSERT(MUTEX_HELD(&dtrace_lock)); 10706 10707 if (id == 0 || id > state->dts_necbs) 10708 return (NULL); 10709 10710 ASSERT(state->dts_necbs > 0 && state->dts_ecbs != NULL); 10711 ASSERT((ecb = state->dts_ecbs[id - 1]) == NULL || ecb->dte_epid == id); 10712 10713 return (state->dts_ecbs[id - 1]); 10714} 10715 10716static dtrace_aggregation_t * 10717dtrace_aggid2agg(dtrace_state_t *state, dtrace_aggid_t id) 10718{ 10719 dtrace_aggregation_t *agg; 10720 10721 ASSERT(MUTEX_HELD(&dtrace_lock)); 10722 10723 if (id == 0 || id > state->dts_naggregations) 10724 return (NULL); 10725 10726 ASSERT(state->dts_naggregations > 0 && state->dts_aggregations != NULL); 10727 ASSERT((agg = state->dts_aggregations[id - 1]) == NULL || 10728 agg->dtag_id == id); 10729 10730 return (state->dts_aggregations[id - 1]); 10731} 10732 10733/* 10734 * DTrace Buffer Functions 10735 * 10736 * The following functions manipulate DTrace buffers. Most of these functions 10737 * are called in the context of establishing or processing consumer state; 10738 * exceptions are explicitly noted. 10739 */ 10740 10741/* 10742 * Note: called from cross call context. This function switches the two 10743 * buffers on a given CPU. The atomicity of this operation is assured by 10744 * disabling interrupts while the actual switch takes place; the disabling of 10745 * interrupts serializes the execution with any execution of dtrace_probe() on 10746 * the same CPU. 10747 */ 10748static void 10749dtrace_buffer_switch(dtrace_buffer_t *buf) 10750{ 10751 caddr_t tomax = buf->dtb_tomax; 10752 caddr_t xamot = buf->dtb_xamot; 10753 dtrace_icookie_t cookie; 10754 hrtime_t now; 10755 10756 ASSERT(!(buf->dtb_flags & DTRACEBUF_NOSWITCH)); 10757 ASSERT(!(buf->dtb_flags & DTRACEBUF_RING)); 10758 10759 cookie = dtrace_interrupt_disable(); 10760 now = dtrace_gethrtime(); 10761 buf->dtb_tomax = xamot; 10762 buf->dtb_xamot = tomax; 10763 buf->dtb_xamot_drops = buf->dtb_drops; 10764 buf->dtb_xamot_offset = buf->dtb_offset; 10765 buf->dtb_xamot_errors = buf->dtb_errors; 10766 buf->dtb_xamot_flags = buf->dtb_flags; 10767 buf->dtb_offset = 0; 10768 buf->dtb_drops = 0; 10769 buf->dtb_errors = 0; 10770 buf->dtb_flags &= ~(DTRACEBUF_ERROR | DTRACEBUF_DROPPED); 10771 buf->dtb_interval = now - buf->dtb_switched; 10772 buf->dtb_switched = now; 10773 dtrace_interrupt_enable(cookie); 10774} 10775 10776/* 10777 * Note: called from cross call context. This function activates a buffer 10778 * on a CPU. As with dtrace_buffer_switch(), the atomicity of the operation 10779 * is guaranteed by the disabling of interrupts. 10780 */ 10781static void 10782dtrace_buffer_activate(dtrace_state_t *state) 10783{ 10784 dtrace_buffer_t *buf; 10785 dtrace_icookie_t cookie = dtrace_interrupt_disable(); 10786 10787 buf = &state->dts_buffer[curcpu]; 10788 10789 if (buf->dtb_tomax != NULL) { 10790 /* 10791 * We might like to assert that the buffer is marked inactive, 10792 * but this isn't necessarily true: the buffer for the CPU 10793 * that processes the BEGIN probe has its buffer activated 10794 * manually. In this case, we take the (harmless) action 10795 * re-clearing the bit INACTIVE bit. 10796 */ 10797 buf->dtb_flags &= ~DTRACEBUF_INACTIVE; 10798 } 10799 10800 dtrace_interrupt_enable(cookie); 10801} 10802 10803static int 10804dtrace_buffer_alloc(dtrace_buffer_t *bufs, size_t size, int flags, 10805 processorid_t cpu) 10806{ 10807#if defined(sun) 10808 cpu_t *cp; 10809#endif 10810 dtrace_buffer_t *buf; 10811 10812#if defined(sun) 10813 ASSERT(MUTEX_HELD(&cpu_lock)); 10814 ASSERT(MUTEX_HELD(&dtrace_lock)); 10815 10816 if (size > dtrace_nonroot_maxsize && 10817 !PRIV_POLICY_CHOICE(CRED(), PRIV_ALL, B_FALSE)) 10818 return (EFBIG); 10819 10820 cp = cpu_list; 10821 10822 do { 10823 if (cpu != DTRACE_CPUALL && cpu != cp->cpu_id) 10824 continue; 10825 10826 buf = &bufs[cp->cpu_id]; 10827 10828 /* 10829 * If there is already a buffer allocated for this CPU, it 10830 * is only possible that this is a DR event. In this case, 10831 */ 10832 if (buf->dtb_tomax != NULL) { 10833 ASSERT(buf->dtb_size == size); 10834 continue; 10835 } 10836 10837 ASSERT(buf->dtb_xamot == NULL); 10838 10839 if ((buf->dtb_tomax = kmem_zalloc(size, KM_NOSLEEP)) == NULL) 10840 goto err; 10841 10842 buf->dtb_size = size; 10843 buf->dtb_flags = flags; 10844 buf->dtb_offset = 0; 10845 buf->dtb_drops = 0; 10846 10847 if (flags & DTRACEBUF_NOSWITCH) 10848 continue; 10849 10850 if ((buf->dtb_xamot = kmem_zalloc(size, KM_NOSLEEP)) == NULL) 10851 goto err; 10852 } while ((cp = cp->cpu_next) != cpu_list); 10853 10854 return (0); 10855 10856err: 10857 cp = cpu_list; 10858 10859 do { 10860 if (cpu != DTRACE_CPUALL && cpu != cp->cpu_id) 10861 continue; 10862 10863 buf = &bufs[cp->cpu_id]; 10864 10865 if (buf->dtb_xamot != NULL) { 10866 ASSERT(buf->dtb_tomax != NULL); 10867 ASSERT(buf->dtb_size == size); 10868 kmem_free(buf->dtb_xamot, size); 10869 } 10870 10871 if (buf->dtb_tomax != NULL) { 10872 ASSERT(buf->dtb_size == size); 10873 kmem_free(buf->dtb_tomax, size); 10874 } 10875 10876 buf->dtb_tomax = NULL; 10877 buf->dtb_xamot = NULL; 10878 buf->dtb_size = 0; 10879 } while ((cp = cp->cpu_next) != cpu_list); 10880 10881 return (ENOMEM); 10882#else 10883 int i; 10884 10885#if defined(__amd64__) 10886 /* 10887 * FreeBSD isn't good at limiting the amount of memory we 10888 * ask to malloc, so let's place a limit here before trying 10889 * to do something that might well end in tears at bedtime. 10890 */ 10891 if (size > physmem * PAGE_SIZE / (128 * (mp_maxid + 1))) 10892 return(ENOMEM); 10893#endif 10894 10895 ASSERT(MUTEX_HELD(&dtrace_lock)); 10896 CPU_FOREACH(i) { 10897 if (cpu != DTRACE_CPUALL && cpu != i) 10898 continue; 10899 10900 buf = &bufs[i]; 10901 10902 /* 10903 * If there is already a buffer allocated for this CPU, it 10904 * is only possible that this is a DR event. In this case, 10905 * the buffer size must match our specified size. 10906 */ 10907 if (buf->dtb_tomax != NULL) { 10908 ASSERT(buf->dtb_size == size); 10909 continue; 10910 } 10911 10912 ASSERT(buf->dtb_xamot == NULL); 10913 10914 if ((buf->dtb_tomax = kmem_zalloc(size, KM_NOSLEEP)) == NULL) 10915 goto err; 10916 10917 buf->dtb_size = size; 10918 buf->dtb_flags = flags; 10919 buf->dtb_offset = 0; 10920 buf->dtb_drops = 0; 10921 10922 if (flags & DTRACEBUF_NOSWITCH) 10923 continue; 10924 10925 if ((buf->dtb_xamot = kmem_zalloc(size, KM_NOSLEEP)) == NULL) 10926 goto err; 10927 } 10928 10929 return (0); 10930 10931err: 10932 /* 10933 * Error allocating memory, so free the buffers that were 10934 * allocated before the failed allocation. 10935 */ 10936 CPU_FOREACH(i) { 10937 if (cpu != DTRACE_CPUALL && cpu != i) 10938 continue; 10939 10940 buf = &bufs[i]; 10941 10942 if (buf->dtb_xamot != NULL) { 10943 ASSERT(buf->dtb_tomax != NULL); 10944 ASSERT(buf->dtb_size == size); 10945 kmem_free(buf->dtb_xamot, size); 10946 } 10947 10948 if (buf->dtb_tomax != NULL) { 10949 ASSERT(buf->dtb_size == size); 10950 kmem_free(buf->dtb_tomax, size); 10951 } 10952 10953 buf->dtb_tomax = NULL; 10954 buf->dtb_xamot = NULL; 10955 buf->dtb_size = 0; 10956 10957 } 10958 10959 return (ENOMEM); 10960#endif 10961} 10962 10963/* 10964 * Note: called from probe context. This function just increments the drop 10965 * count on a buffer. It has been made a function to allow for the 10966 * possibility of understanding the source of mysterious drop counts. (A 10967 * problem for which one may be particularly disappointed that DTrace cannot 10968 * be used to understand DTrace.) 10969 */ 10970static void 10971dtrace_buffer_drop(dtrace_buffer_t *buf) 10972{ 10973 buf->dtb_drops++; 10974} 10975 10976/* 10977 * Note: called from probe context. This function is called to reserve space 10978 * in a buffer. If mstate is non-NULL, sets the scratch base and size in the 10979 * mstate. Returns the new offset in the buffer, or a negative value if an 10980 * error has occurred. 10981 */ 10982static intptr_t 10983dtrace_buffer_reserve(dtrace_buffer_t *buf, size_t needed, size_t align, 10984 dtrace_state_t *state, dtrace_mstate_t *mstate) 10985{ 10986 intptr_t offs = buf->dtb_offset, soffs; 10987 intptr_t woffs; 10988 caddr_t tomax; 10989 size_t total; 10990 10991 if (buf->dtb_flags & DTRACEBUF_INACTIVE) 10992 return (-1); 10993 10994 if ((tomax = buf->dtb_tomax) == NULL) { 10995 dtrace_buffer_drop(buf); 10996 return (-1); 10997 } 10998 10999 if (!(buf->dtb_flags & (DTRACEBUF_RING | DTRACEBUF_FILL))) { 11000 while (offs & (align - 1)) { 11001 /* 11002 * Assert that our alignment is off by a number which 11003 * is itself sizeof (uint32_t) aligned. 11004 */ 11005 ASSERT(!((align - (offs & (align - 1))) & 11006 (sizeof (uint32_t) - 1))); 11007 DTRACE_STORE(uint32_t, tomax, offs, DTRACE_EPIDNONE); 11008 offs += sizeof (uint32_t); 11009 } 11010 11011 if ((soffs = offs + needed) > buf->dtb_size) { 11012 dtrace_buffer_drop(buf); 11013 return (-1); 11014 } 11015 11016 if (mstate == NULL) 11017 return (offs); 11018 11019 mstate->dtms_scratch_base = (uintptr_t)tomax + soffs; 11020 mstate->dtms_scratch_size = buf->dtb_size - soffs; 11021 mstate->dtms_scratch_ptr = mstate->dtms_scratch_base; 11022 11023 return (offs); 11024 } 11025 11026 if (buf->dtb_flags & DTRACEBUF_FILL) { 11027 if (state->dts_activity != DTRACE_ACTIVITY_COOLDOWN && 11028 (buf->dtb_flags & DTRACEBUF_FULL)) 11029 return (-1); 11030 goto out; 11031 } 11032 11033 total = needed + (offs & (align - 1)); 11034 11035 /* 11036 * For a ring buffer, life is quite a bit more complicated. Before 11037 * we can store any padding, we need to adjust our wrapping offset. 11038 * (If we've never before wrapped or we're not about to, no adjustment 11039 * is required.) 11040 */ 11041 if ((buf->dtb_flags & DTRACEBUF_WRAPPED) || 11042 offs + total > buf->dtb_size) { 11043 woffs = buf->dtb_xamot_offset; 11044 11045 if (offs + total > buf->dtb_size) { 11046 /* 11047 * We can't fit in the end of the buffer. First, a 11048 * sanity check that we can fit in the buffer at all. 11049 */ 11050 if (total > buf->dtb_size) { 11051 dtrace_buffer_drop(buf); 11052 return (-1); 11053 } 11054 11055 /* 11056 * We're going to be storing at the top of the buffer, 11057 * so now we need to deal with the wrapped offset. We 11058 * only reset our wrapped offset to 0 if it is 11059 * currently greater than the current offset. If it 11060 * is less than the current offset, it is because a 11061 * previous allocation induced a wrap -- but the 11062 * allocation didn't subsequently take the space due 11063 * to an error or false predicate evaluation. In this 11064 * case, we'll just leave the wrapped offset alone: if 11065 * the wrapped offset hasn't been advanced far enough 11066 * for this allocation, it will be adjusted in the 11067 * lower loop. 11068 */ 11069 if (buf->dtb_flags & DTRACEBUF_WRAPPED) { 11070 if (woffs >= offs) 11071 woffs = 0; 11072 } else { 11073 woffs = 0; 11074 } 11075 11076 /* 11077 * Now we know that we're going to be storing to the 11078 * top of the buffer and that there is room for us 11079 * there. We need to clear the buffer from the current 11080 * offset to the end (there may be old gunk there). 11081 */ 11082 while (offs < buf->dtb_size) 11083 tomax[offs++] = 0; 11084 11085 /* 11086 * We need to set our offset to zero. And because we 11087 * are wrapping, we need to set the bit indicating as 11088 * much. We can also adjust our needed space back 11089 * down to the space required by the ECB -- we know 11090 * that the top of the buffer is aligned. 11091 */ 11092 offs = 0; 11093 total = needed; 11094 buf->dtb_flags |= DTRACEBUF_WRAPPED; 11095 } else { 11096 /* 11097 * There is room for us in the buffer, so we simply 11098 * need to check the wrapped offset. 11099 */ 11100 if (woffs < offs) { 11101 /* 11102 * The wrapped offset is less than the offset. 11103 * This can happen if we allocated buffer space 11104 * that induced a wrap, but then we didn't 11105 * subsequently take the space due to an error 11106 * or false predicate evaluation. This is 11107 * okay; we know that _this_ allocation isn't 11108 * going to induce a wrap. We still can't 11109 * reset the wrapped offset to be zero, 11110 * however: the space may have been trashed in 11111 * the previous failed probe attempt. But at 11112 * least the wrapped offset doesn't need to 11113 * be adjusted at all... 11114 */ 11115 goto out; 11116 } 11117 } 11118 11119 while (offs + total > woffs) { 11120 dtrace_epid_t epid = *(uint32_t *)(tomax + woffs); 11121 size_t size; 11122 11123 if (epid == DTRACE_EPIDNONE) { 11124 size = sizeof (uint32_t); 11125 } else { 11126 ASSERT3U(epid, <=, state->dts_necbs); 11127 ASSERT(state->dts_ecbs[epid - 1] != NULL); 11128 11129 size = state->dts_ecbs[epid - 1]->dte_size; 11130 } 11131 11132 ASSERT(woffs + size <= buf->dtb_size); 11133 ASSERT(size != 0); 11134 11135 if (woffs + size == buf->dtb_size) { 11136 /* 11137 * We've reached the end of the buffer; we want 11138 * to set the wrapped offset to 0 and break 11139 * out. However, if the offs is 0, then we're 11140 * in a strange edge-condition: the amount of 11141 * space that we want to reserve plus the size 11142 * of the record that we're overwriting is 11143 * greater than the size of the buffer. This 11144 * is problematic because if we reserve the 11145 * space but subsequently don't consume it (due 11146 * to a failed predicate or error) the wrapped 11147 * offset will be 0 -- yet the EPID at offset 0 11148 * will not be committed. This situation is 11149 * relatively easy to deal with: if we're in 11150 * this case, the buffer is indistinguishable 11151 * from one that hasn't wrapped; we need only 11152 * finish the job by clearing the wrapped bit, 11153 * explicitly setting the offset to be 0, and 11154 * zero'ing out the old data in the buffer. 11155 */ 11156 if (offs == 0) { 11157 buf->dtb_flags &= ~DTRACEBUF_WRAPPED; 11158 buf->dtb_offset = 0; 11159 woffs = total; 11160 11161 while (woffs < buf->dtb_size) 11162 tomax[woffs++] = 0; 11163 } 11164 11165 woffs = 0; 11166 break; 11167 } 11168 11169 woffs += size; 11170 } 11171 11172 /* 11173 * We have a wrapped offset. It may be that the wrapped offset 11174 * has become zero -- that's okay. 11175 */ 11176 buf->dtb_xamot_offset = woffs; 11177 } 11178 11179out: 11180 /* 11181 * Now we can plow the buffer with any necessary padding. 11182 */ 11183 while (offs & (align - 1)) { 11184 /* 11185 * Assert that our alignment is off by a number which 11186 * is itself sizeof (uint32_t) aligned. 11187 */ 11188 ASSERT(!((align - (offs & (align - 1))) & 11189 (sizeof (uint32_t) - 1))); 11190 DTRACE_STORE(uint32_t, tomax, offs, DTRACE_EPIDNONE); 11191 offs += sizeof (uint32_t); 11192 } 11193 11194 if (buf->dtb_flags & DTRACEBUF_FILL) { 11195 if (offs + needed > buf->dtb_size - state->dts_reserve) { 11196 buf->dtb_flags |= DTRACEBUF_FULL; 11197 return (-1); 11198 } 11199 } 11200 11201 if (mstate == NULL) 11202 return (offs); 11203 11204 /* 11205 * For ring buffers and fill buffers, the scratch space is always 11206 * the inactive buffer. 11207 */ 11208 mstate->dtms_scratch_base = (uintptr_t)buf->dtb_xamot; 11209 mstate->dtms_scratch_size = buf->dtb_size; 11210 mstate->dtms_scratch_ptr = mstate->dtms_scratch_base; 11211 11212 return (offs); 11213} 11214 11215static void 11216dtrace_buffer_polish(dtrace_buffer_t *buf) 11217{ 11218 ASSERT(buf->dtb_flags & DTRACEBUF_RING); 11219 ASSERT(MUTEX_HELD(&dtrace_lock)); 11220 11221 if (!(buf->dtb_flags & DTRACEBUF_WRAPPED)) 11222 return; 11223 11224 /* 11225 * We need to polish the ring buffer. There are three cases: 11226 * 11227 * - The first (and presumably most common) is that there is no gap 11228 * between the buffer offset and the wrapped offset. In this case, 11229 * there is nothing in the buffer that isn't valid data; we can 11230 * mark the buffer as polished and return. 11231 * 11232 * - The second (less common than the first but still more common 11233 * than the third) is that there is a gap between the buffer offset 11234 * and the wrapped offset, and the wrapped offset is larger than the 11235 * buffer offset. This can happen because of an alignment issue, or 11236 * can happen because of a call to dtrace_buffer_reserve() that 11237 * didn't subsequently consume the buffer space. In this case, 11238 * we need to zero the data from the buffer offset to the wrapped 11239 * offset. 11240 * 11241 * - The third (and least common) is that there is a gap between the 11242 * buffer offset and the wrapped offset, but the wrapped offset is 11243 * _less_ than the buffer offset. This can only happen because a 11244 * call to dtrace_buffer_reserve() induced a wrap, but the space 11245 * was not subsequently consumed. In this case, we need to zero the 11246 * space from the offset to the end of the buffer _and_ from the 11247 * top of the buffer to the wrapped offset. 11248 */ 11249 if (buf->dtb_offset < buf->dtb_xamot_offset) { 11250 bzero(buf->dtb_tomax + buf->dtb_offset, 11251 buf->dtb_xamot_offset - buf->dtb_offset); 11252 } 11253 11254 if (buf->dtb_offset > buf->dtb_xamot_offset) { 11255 bzero(buf->dtb_tomax + buf->dtb_offset, 11256 buf->dtb_size - buf->dtb_offset); 11257 bzero(buf->dtb_tomax, buf->dtb_xamot_offset); 11258 } 11259} 11260 11261/* 11262 * This routine determines if data generated at the specified time has likely 11263 * been entirely consumed at user-level. This routine is called to determine 11264 * if an ECB on a defunct probe (but for an active enabling) can be safely 11265 * disabled and destroyed. 11266 */ 11267static int 11268dtrace_buffer_consumed(dtrace_buffer_t *bufs, hrtime_t when) 11269{ 11270 int i; 11271 11272 for (i = 0; i < NCPU; i++) { 11273 dtrace_buffer_t *buf = &bufs[i]; 11274 11275 if (buf->dtb_size == 0) 11276 continue; 11277 11278 if (buf->dtb_flags & DTRACEBUF_RING) 11279 return (0); 11280 11281 if (!buf->dtb_switched && buf->dtb_offset != 0) 11282 return (0); 11283 11284 if (buf->dtb_switched - buf->dtb_interval < when) 11285 return (0); 11286 } 11287 11288 return (1); 11289} 11290 11291static void 11292dtrace_buffer_free(dtrace_buffer_t *bufs) 11293{ 11294 int i; 11295 11296 for (i = 0; i < NCPU; i++) { 11297 dtrace_buffer_t *buf = &bufs[i]; 11298 11299 if (buf->dtb_tomax == NULL) { 11300 ASSERT(buf->dtb_xamot == NULL); 11301 ASSERT(buf->dtb_size == 0); 11302 continue; 11303 } 11304 11305 if (buf->dtb_xamot != NULL) { 11306 ASSERT(!(buf->dtb_flags & DTRACEBUF_NOSWITCH)); 11307 kmem_free(buf->dtb_xamot, buf->dtb_size); 11308 } 11309 11310 kmem_free(buf->dtb_tomax, buf->dtb_size); 11311 buf->dtb_size = 0; 11312 buf->dtb_tomax = NULL; 11313 buf->dtb_xamot = NULL; 11314 } 11315} 11316 11317/* 11318 * DTrace Enabling Functions 11319 */ 11320static dtrace_enabling_t * 11321dtrace_enabling_create(dtrace_vstate_t *vstate) 11322{ 11323 dtrace_enabling_t *enab; 11324 11325 enab = kmem_zalloc(sizeof (dtrace_enabling_t), KM_SLEEP); 11326 enab->dten_vstate = vstate; 11327 11328 return (enab); 11329} 11330 11331static void 11332dtrace_enabling_add(dtrace_enabling_t *enab, dtrace_ecbdesc_t *ecb) 11333{ 11334 dtrace_ecbdesc_t **ndesc; 11335 size_t osize, nsize; 11336 11337 /* 11338 * We can't add to enablings after we've enabled them, or after we've 11339 * retained them. 11340 */ 11341 ASSERT(enab->dten_probegen == 0); 11342 ASSERT(enab->dten_next == NULL && enab->dten_prev == NULL); 11343 11344 if (enab->dten_ndesc < enab->dten_maxdesc) { 11345 enab->dten_desc[enab->dten_ndesc++] = ecb; 11346 return; 11347 } 11348 11349 osize = enab->dten_maxdesc * sizeof (dtrace_enabling_t *); 11350 11351 if (enab->dten_maxdesc == 0) { 11352 enab->dten_maxdesc = 1; 11353 } else { 11354 enab->dten_maxdesc <<= 1; 11355 } 11356 11357 ASSERT(enab->dten_ndesc < enab->dten_maxdesc); 11358 11359 nsize = enab->dten_maxdesc * sizeof (dtrace_enabling_t *); 11360 ndesc = kmem_zalloc(nsize, KM_SLEEP); 11361 bcopy(enab->dten_desc, ndesc, osize); 11362 if (enab->dten_desc != NULL) 11363 kmem_free(enab->dten_desc, osize); 11364 11365 enab->dten_desc = ndesc; 11366 enab->dten_desc[enab->dten_ndesc++] = ecb; 11367} 11368 11369static void 11370dtrace_enabling_addlike(dtrace_enabling_t *enab, dtrace_ecbdesc_t *ecb, 11371 dtrace_probedesc_t *pd) 11372{ 11373 dtrace_ecbdesc_t *new; 11374 dtrace_predicate_t *pred; 11375 dtrace_actdesc_t *act; 11376 11377 /* 11378 * We're going to create a new ECB description that matches the 11379 * specified ECB in every way, but has the specified probe description. 11380 */ 11381 new = kmem_zalloc(sizeof (dtrace_ecbdesc_t), KM_SLEEP); 11382 11383 if ((pred = ecb->dted_pred.dtpdd_predicate) != NULL) 11384 dtrace_predicate_hold(pred); 11385 11386 for (act = ecb->dted_action; act != NULL; act = act->dtad_next) 11387 dtrace_actdesc_hold(act); 11388 11389 new->dted_action = ecb->dted_action; 11390 new->dted_pred = ecb->dted_pred; 11391 new->dted_probe = *pd; 11392 new->dted_uarg = ecb->dted_uarg; 11393 11394 dtrace_enabling_add(enab, new); 11395} 11396 11397static void 11398dtrace_enabling_dump(dtrace_enabling_t *enab) 11399{ 11400 int i; 11401 11402 for (i = 0; i < enab->dten_ndesc; i++) { 11403 dtrace_probedesc_t *desc = &enab->dten_desc[i]->dted_probe; 11404 11405 cmn_err(CE_NOTE, "enabling probe %d (%s:%s:%s:%s)", i, 11406 desc->dtpd_provider, desc->dtpd_mod, 11407 desc->dtpd_func, desc->dtpd_name); 11408 } 11409} 11410 11411static void 11412dtrace_enabling_destroy(dtrace_enabling_t *enab) 11413{ 11414 int i; 11415 dtrace_ecbdesc_t *ep; 11416 dtrace_vstate_t *vstate = enab->dten_vstate; 11417 11418 ASSERT(MUTEX_HELD(&dtrace_lock)); 11419 11420 for (i = 0; i < enab->dten_ndesc; i++) { 11421 dtrace_actdesc_t *act, *next; 11422 dtrace_predicate_t *pred; 11423 11424 ep = enab->dten_desc[i]; 11425 11426 if ((pred = ep->dted_pred.dtpdd_predicate) != NULL) 11427 dtrace_predicate_release(pred, vstate); 11428 11429 for (act = ep->dted_action; act != NULL; act = next) { 11430 next = act->dtad_next; 11431 dtrace_actdesc_release(act, vstate); 11432 } 11433 11434 kmem_free(ep, sizeof (dtrace_ecbdesc_t)); 11435 } 11436 11437 if (enab->dten_desc != NULL) 11438 kmem_free(enab->dten_desc, 11439 enab->dten_maxdesc * sizeof (dtrace_enabling_t *)); 11440 11441 /* 11442 * If this was a retained enabling, decrement the dts_nretained count 11443 * and take it off of the dtrace_retained list. 11444 */ 11445 if (enab->dten_prev != NULL || enab->dten_next != NULL || 11446 dtrace_retained == enab) { 11447 ASSERT(enab->dten_vstate->dtvs_state != NULL); 11448 ASSERT(enab->dten_vstate->dtvs_state->dts_nretained > 0); 11449 enab->dten_vstate->dtvs_state->dts_nretained--; 11450 } 11451 11452 if (enab->dten_prev == NULL) { 11453 if (dtrace_retained == enab) { 11454 dtrace_retained = enab->dten_next; 11455 11456 if (dtrace_retained != NULL) 11457 dtrace_retained->dten_prev = NULL; 11458 } 11459 } else { 11460 ASSERT(enab != dtrace_retained); 11461 ASSERT(dtrace_retained != NULL); 11462 enab->dten_prev->dten_next = enab->dten_next; 11463 } 11464 11465 if (enab->dten_next != NULL) { 11466 ASSERT(dtrace_retained != NULL); 11467 enab->dten_next->dten_prev = enab->dten_prev; 11468 } 11469 11470 kmem_free(enab, sizeof (dtrace_enabling_t)); 11471} 11472 11473static int 11474dtrace_enabling_retain(dtrace_enabling_t *enab) 11475{ 11476 dtrace_state_t *state; 11477 11478 ASSERT(MUTEX_HELD(&dtrace_lock)); 11479 ASSERT(enab->dten_next == NULL && enab->dten_prev == NULL); 11480 ASSERT(enab->dten_vstate != NULL); 11481 11482 state = enab->dten_vstate->dtvs_state; 11483 ASSERT(state != NULL); 11484 11485 /* 11486 * We only allow each state to retain dtrace_retain_max enablings. 11487 */ 11488 if (state->dts_nretained >= dtrace_retain_max) 11489 return (ENOSPC); 11490 11491 state->dts_nretained++; 11492 11493 if (dtrace_retained == NULL) { 11494 dtrace_retained = enab; 11495 return (0); 11496 } 11497 11498 enab->dten_next = dtrace_retained; 11499 dtrace_retained->dten_prev = enab; 11500 dtrace_retained = enab; 11501 11502 return (0); 11503} 11504 11505static int 11506dtrace_enabling_replicate(dtrace_state_t *state, dtrace_probedesc_t *match, 11507 dtrace_probedesc_t *create) 11508{ 11509 dtrace_enabling_t *new, *enab; 11510 int found = 0, err = ENOENT; 11511 11512 ASSERT(MUTEX_HELD(&dtrace_lock)); 11513 ASSERT(strlen(match->dtpd_provider) < DTRACE_PROVNAMELEN); 11514 ASSERT(strlen(match->dtpd_mod) < DTRACE_MODNAMELEN); 11515 ASSERT(strlen(match->dtpd_func) < DTRACE_FUNCNAMELEN); 11516 ASSERT(strlen(match->dtpd_name) < DTRACE_NAMELEN); 11517 11518 new = dtrace_enabling_create(&state->dts_vstate); 11519 11520 /* 11521 * Iterate over all retained enablings, looking for enablings that 11522 * match the specified state. 11523 */ 11524 for (enab = dtrace_retained; enab != NULL; enab = enab->dten_next) { 11525 int i; 11526 11527 /* 11528 * dtvs_state can only be NULL for helper enablings -- and 11529 * helper enablings can't be retained. 11530 */ 11531 ASSERT(enab->dten_vstate->dtvs_state != NULL); 11532 11533 if (enab->dten_vstate->dtvs_state != state) 11534 continue; 11535 11536 /* 11537 * Now iterate over each probe description; we're looking for 11538 * an exact match to the specified probe description. 11539 */ 11540 for (i = 0; i < enab->dten_ndesc; i++) { 11541 dtrace_ecbdesc_t *ep = enab->dten_desc[i]; 11542 dtrace_probedesc_t *pd = &ep->dted_probe; 11543 11544 if (strcmp(pd->dtpd_provider, match->dtpd_provider)) 11545 continue; 11546 11547 if (strcmp(pd->dtpd_mod, match->dtpd_mod)) 11548 continue; 11549 11550 if (strcmp(pd->dtpd_func, match->dtpd_func)) 11551 continue; 11552 11553 if (strcmp(pd->dtpd_name, match->dtpd_name)) 11554 continue; 11555 11556 /* 11557 * We have a winning probe! Add it to our growing 11558 * enabling. 11559 */ 11560 found = 1; 11561 dtrace_enabling_addlike(new, ep, create); 11562 } 11563 } 11564 11565 if (!found || (err = dtrace_enabling_retain(new)) != 0) { 11566 dtrace_enabling_destroy(new); 11567 return (err); 11568 } 11569 11570 return (0); 11571} 11572 11573static void 11574dtrace_enabling_retract(dtrace_state_t *state) 11575{ 11576 dtrace_enabling_t *enab, *next; 11577 11578 ASSERT(MUTEX_HELD(&dtrace_lock)); 11579 11580 /* 11581 * Iterate over all retained enablings, destroy the enablings retained 11582 * for the specified state. 11583 */ 11584 for (enab = dtrace_retained; enab != NULL; enab = next) { 11585 next = enab->dten_next; 11586 11587 /* 11588 * dtvs_state can only be NULL for helper enablings -- and 11589 * helper enablings can't be retained. 11590 */ 11591 ASSERT(enab->dten_vstate->dtvs_state != NULL); 11592 11593 if (enab->dten_vstate->dtvs_state == state) { 11594 ASSERT(state->dts_nretained > 0); 11595 dtrace_enabling_destroy(enab); 11596 } 11597 } 11598 11599 ASSERT(state->dts_nretained == 0); 11600} 11601 11602static int 11603dtrace_enabling_match(dtrace_enabling_t *enab, int *nmatched) 11604{ 11605 int i = 0; 11606 int matched = 0; 11607 11608 ASSERT(MUTEX_HELD(&cpu_lock)); 11609 ASSERT(MUTEX_HELD(&dtrace_lock)); 11610 11611 for (i = 0; i < enab->dten_ndesc; i++) { 11612 dtrace_ecbdesc_t *ep = enab->dten_desc[i]; 11613 11614 enab->dten_current = ep; 11615 enab->dten_error = 0; 11616 11617 matched += dtrace_probe_enable(&ep->dted_probe, enab); 11618 11619 if (enab->dten_error != 0) { 11620 /* 11621 * If we get an error half-way through enabling the 11622 * probes, we kick out -- perhaps with some number of 11623 * them enabled. Leaving enabled probes enabled may 11624 * be slightly confusing for user-level, but we expect 11625 * that no one will attempt to actually drive on in 11626 * the face of such errors. If this is an anonymous 11627 * enabling (indicated with a NULL nmatched pointer), 11628 * we cmn_err() a message. We aren't expecting to 11629 * get such an error -- such as it can exist at all, 11630 * it would be a result of corrupted DOF in the driver 11631 * properties. 11632 */ 11633 if (nmatched == NULL) { 11634 cmn_err(CE_WARN, "dtrace_enabling_match() " 11635 "error on %p: %d", (void *)ep, 11636 enab->dten_error); 11637 } 11638 11639 return (enab->dten_error); 11640 } 11641 } 11642 11643 enab->dten_probegen = dtrace_probegen; 11644 if (nmatched != NULL) 11645 *nmatched = matched; 11646 11647 return (0); 11648} 11649 11650static void 11651dtrace_enabling_matchall(void) 11652{ 11653 dtrace_enabling_t *enab; 11654 11655 mutex_enter(&cpu_lock); 11656 mutex_enter(&dtrace_lock); 11657 11658 /* 11659 * Iterate over all retained enablings to see if any probes match 11660 * against them. We only perform this operation on enablings for which 11661 * we have sufficient permissions by virtue of being in the global zone 11662 * or in the same zone as the DTrace client. Because we can be called 11663 * after dtrace_detach() has been called, we cannot assert that there 11664 * are retained enablings. We can safely load from dtrace_retained, 11665 * however: the taskq_destroy() at the end of dtrace_detach() will 11666 * block pending our completion. 11667 */ 11668 for (enab = dtrace_retained; enab != NULL; enab = enab->dten_next) { 11669#if defined(sun) 11670 cred_t *cr = enab->dten_vstate->dtvs_state->dts_cred.dcr_cred; 11671 11672 if (INGLOBALZONE(curproc) || getzoneid() == crgetzoneid(cr)) 11673#endif 11674 (void) dtrace_enabling_match(enab, NULL); 11675 } 11676 11677 mutex_exit(&dtrace_lock); 11678 mutex_exit(&cpu_lock); 11679} 11680 11681/* 11682 * If an enabling is to be enabled without having matched probes (that is, if 11683 * dtrace_state_go() is to be called on the underlying dtrace_state_t), the 11684 * enabling must be _primed_ by creating an ECB for every ECB description. 11685 * This must be done to assure that we know the number of speculations, the 11686 * number of aggregations, the minimum buffer size needed, etc. before we 11687 * transition out of DTRACE_ACTIVITY_INACTIVE. To do this without actually 11688 * enabling any probes, we create ECBs for every ECB decription, but with a 11689 * NULL probe -- which is exactly what this function does. 11690 */ 11691static void 11692dtrace_enabling_prime(dtrace_state_t *state) 11693{ 11694 dtrace_enabling_t *enab; 11695 int i; 11696 11697 for (enab = dtrace_retained; enab != NULL; enab = enab->dten_next) { 11698 ASSERT(enab->dten_vstate->dtvs_state != NULL); 11699 11700 if (enab->dten_vstate->dtvs_state != state) 11701 continue; 11702 11703 /* 11704 * We don't want to prime an enabling more than once, lest 11705 * we allow a malicious user to induce resource exhaustion. 11706 * (The ECBs that result from priming an enabling aren't 11707 * leaked -- but they also aren't deallocated until the 11708 * consumer state is destroyed.) 11709 */ 11710 if (enab->dten_primed) 11711 continue; 11712 11713 for (i = 0; i < enab->dten_ndesc; i++) { 11714 enab->dten_current = enab->dten_desc[i]; 11715 (void) dtrace_probe_enable(NULL, enab); 11716 } 11717 11718 enab->dten_primed = 1; 11719 } 11720} 11721 11722/* 11723 * Called to indicate that probes should be provided due to retained 11724 * enablings. This is implemented in terms of dtrace_probe_provide(), but it 11725 * must take an initial lap through the enabling calling the dtps_provide() 11726 * entry point explicitly to allow for autocreated probes. 11727 */ 11728static void 11729dtrace_enabling_provide(dtrace_provider_t *prv) 11730{ 11731 int i, all = 0; 11732 dtrace_probedesc_t desc; 11733 11734 ASSERT(MUTEX_HELD(&dtrace_lock)); 11735 ASSERT(MUTEX_HELD(&dtrace_provider_lock)); 11736 11737 if (prv == NULL) { 11738 all = 1; 11739 prv = dtrace_provider; 11740 } 11741 11742 do { 11743 dtrace_enabling_t *enab = dtrace_retained; 11744 void *parg = prv->dtpv_arg; 11745 11746 for (; enab != NULL; enab = enab->dten_next) { 11747 for (i = 0; i < enab->dten_ndesc; i++) { 11748 desc = enab->dten_desc[i]->dted_probe; 11749 mutex_exit(&dtrace_lock); 11750 prv->dtpv_pops.dtps_provide(parg, &desc); 11751 mutex_enter(&dtrace_lock); 11752 } 11753 } 11754 } while (all && (prv = prv->dtpv_next) != NULL); 11755 11756 mutex_exit(&dtrace_lock); 11757 dtrace_probe_provide(NULL, all ? NULL : prv); 11758 mutex_enter(&dtrace_lock); 11759} 11760 11761/* 11762 * Called to reap ECBs that are attached to probes from defunct providers. 11763 */ 11764static void 11765dtrace_enabling_reap(void) 11766{ 11767 dtrace_provider_t *prov; 11768 dtrace_probe_t *probe; 11769 dtrace_ecb_t *ecb; 11770 hrtime_t when; 11771 int i; 11772 11773 mutex_enter(&cpu_lock); 11774 mutex_enter(&dtrace_lock); 11775 11776 for (i = 0; i < dtrace_nprobes; i++) { 11777 if ((probe = dtrace_probes[i]) == NULL) 11778 continue; 11779 11780 if (probe->dtpr_ecb == NULL) 11781 continue; 11782 11783 prov = probe->dtpr_provider; 11784 11785 if ((when = prov->dtpv_defunct) == 0) 11786 continue; 11787 11788 /* 11789 * We have ECBs on a defunct provider: we want to reap these 11790 * ECBs to allow the provider to unregister. The destruction 11791 * of these ECBs must be done carefully: if we destroy the ECB 11792 * and the consumer later wishes to consume an EPID that 11793 * corresponds to the destroyed ECB (and if the EPID metadata 11794 * has not been previously consumed), the consumer will abort 11795 * processing on the unknown EPID. To reduce (but not, sadly, 11796 * eliminate) the possibility of this, we will only destroy an 11797 * ECB for a defunct provider if, for the state that 11798 * corresponds to the ECB: 11799 * 11800 * (a) There is no speculative tracing (which can effectively 11801 * cache an EPID for an arbitrary amount of time). 11802 * 11803 * (b) The principal buffers have been switched twice since the 11804 * provider became defunct. 11805 * 11806 * (c) The aggregation buffers are of zero size or have been 11807 * switched twice since the provider became defunct. 11808 * 11809 * We use dts_speculates to determine (a) and call a function 11810 * (dtrace_buffer_consumed()) to determine (b) and (c). Note 11811 * that as soon as we've been unable to destroy one of the ECBs 11812 * associated with the probe, we quit trying -- reaping is only 11813 * fruitful in as much as we can destroy all ECBs associated 11814 * with the defunct provider's probes. 11815 */ 11816 while ((ecb = probe->dtpr_ecb) != NULL) { 11817 dtrace_state_t *state = ecb->dte_state; 11818 dtrace_buffer_t *buf = state->dts_buffer; 11819 dtrace_buffer_t *aggbuf = state->dts_aggbuffer; 11820 11821 if (state->dts_speculates) 11822 break; 11823 11824 if (!dtrace_buffer_consumed(buf, when)) 11825 break; 11826 11827 if (!dtrace_buffer_consumed(aggbuf, when)) 11828 break; 11829 11830 dtrace_ecb_disable(ecb); 11831 ASSERT(probe->dtpr_ecb != ecb); 11832 dtrace_ecb_destroy(ecb); 11833 } 11834 } 11835 11836 mutex_exit(&dtrace_lock); 11837 mutex_exit(&cpu_lock); 11838} 11839 11840/* 11841 * DTrace DOF Functions 11842 */ 11843/*ARGSUSED*/ 11844static void 11845dtrace_dof_error(dof_hdr_t *dof, const char *str) 11846{ 11847 if (dtrace_err_verbose) 11848 cmn_err(CE_WARN, "failed to process DOF: %s", str); 11849 11850#ifdef DTRACE_ERRDEBUG 11851 dtrace_errdebug(str); 11852#endif 11853} 11854 11855/* 11856 * Create DOF out of a currently enabled state. Right now, we only create 11857 * DOF containing the run-time options -- but this could be expanded to create 11858 * complete DOF representing the enabled state. 11859 */ 11860static dof_hdr_t * 11861dtrace_dof_create(dtrace_state_t *state) 11862{ 11863 dof_hdr_t *dof; 11864 dof_sec_t *sec; 11865 dof_optdesc_t *opt; 11866 int i, len = sizeof (dof_hdr_t) + 11867 roundup(sizeof (dof_sec_t), sizeof (uint64_t)) + 11868 sizeof (dof_optdesc_t) * DTRACEOPT_MAX; 11869 11870 ASSERT(MUTEX_HELD(&dtrace_lock)); 11871 11872 dof = kmem_zalloc(len, KM_SLEEP); 11873 dof->dofh_ident[DOF_ID_MAG0] = DOF_MAG_MAG0; 11874 dof->dofh_ident[DOF_ID_MAG1] = DOF_MAG_MAG1; 11875 dof->dofh_ident[DOF_ID_MAG2] = DOF_MAG_MAG2; 11876 dof->dofh_ident[DOF_ID_MAG3] = DOF_MAG_MAG3; 11877 11878 dof->dofh_ident[DOF_ID_MODEL] = DOF_MODEL_NATIVE; 11879 dof->dofh_ident[DOF_ID_ENCODING] = DOF_ENCODE_NATIVE; 11880 dof->dofh_ident[DOF_ID_VERSION] = DOF_VERSION; 11881 dof->dofh_ident[DOF_ID_DIFVERS] = DIF_VERSION; 11882 dof->dofh_ident[DOF_ID_DIFIREG] = DIF_DIR_NREGS; 11883 dof->dofh_ident[DOF_ID_DIFTREG] = DIF_DTR_NREGS; 11884 11885 dof->dofh_flags = 0; 11886 dof->dofh_hdrsize = sizeof (dof_hdr_t); 11887 dof->dofh_secsize = sizeof (dof_sec_t); 11888 dof->dofh_secnum = 1; /* only DOF_SECT_OPTDESC */ 11889 dof->dofh_secoff = sizeof (dof_hdr_t); 11890 dof->dofh_loadsz = len; 11891 dof->dofh_filesz = len; 11892 dof->dofh_pad = 0; 11893 11894 /* 11895 * Fill in the option section header... 11896 */ 11897 sec = (dof_sec_t *)((uintptr_t)dof + sizeof (dof_hdr_t)); 11898 sec->dofs_type = DOF_SECT_OPTDESC; 11899 sec->dofs_align = sizeof (uint64_t); 11900 sec->dofs_flags = DOF_SECF_LOAD; 11901 sec->dofs_entsize = sizeof (dof_optdesc_t); 11902 11903 opt = (dof_optdesc_t *)((uintptr_t)sec + 11904 roundup(sizeof (dof_sec_t), sizeof (uint64_t))); 11905 11906 sec->dofs_offset = (uintptr_t)opt - (uintptr_t)dof; 11907 sec->dofs_size = sizeof (dof_optdesc_t) * DTRACEOPT_MAX; 11908 11909 for (i = 0; i < DTRACEOPT_MAX; i++) { 11910 opt[i].dofo_option = i; 11911 opt[i].dofo_strtab = DOF_SECIDX_NONE; 11912 opt[i].dofo_value = state->dts_options[i]; 11913 } 11914 11915 return (dof); 11916} 11917 11918static dof_hdr_t * 11919dtrace_dof_copyin(uintptr_t uarg, int *errp) 11920{ 11921 dof_hdr_t hdr, *dof; 11922 11923 ASSERT(!MUTEX_HELD(&dtrace_lock)); 11924 11925 /* 11926 * First, we're going to copyin() the sizeof (dof_hdr_t). 11927 */ 11928 if (copyin((void *)uarg, &hdr, sizeof (hdr)) != 0) { 11929 dtrace_dof_error(NULL, "failed to copyin DOF header"); 11930 *errp = EFAULT; 11931 return (NULL); 11932 } 11933 11934 /* 11935 * Now we'll allocate the entire DOF and copy it in -- provided 11936 * that the length isn't outrageous. 11937 */ 11938 if (hdr.dofh_loadsz >= dtrace_dof_maxsize) { 11939 dtrace_dof_error(&hdr, "load size exceeds maximum"); 11940 *errp = E2BIG; 11941 return (NULL); 11942 } 11943 11944 if (hdr.dofh_loadsz < sizeof (hdr)) { 11945 dtrace_dof_error(&hdr, "invalid load size"); 11946 *errp = EINVAL; 11947 return (NULL); 11948 } 11949 11950 dof = kmem_alloc(hdr.dofh_loadsz, KM_SLEEP); 11951 11952 if (copyin((void *)uarg, dof, hdr.dofh_loadsz) != 0) { 11953 kmem_free(dof, hdr.dofh_loadsz); 11954 *errp = EFAULT; 11955 return (NULL); 11956 } 11957 11958 return (dof); 11959} 11960 11961#if !defined(sun) 11962static __inline uchar_t 11963dtrace_dof_char(char c) { 11964 switch (c) { 11965 case '0': 11966 case '1': 11967 case '2': 11968 case '3': 11969 case '4': 11970 case '5': 11971 case '6': 11972 case '7': 11973 case '8': 11974 case '9': 11975 return (c - '0'); 11976 case 'A': 11977 case 'B': 11978 case 'C': 11979 case 'D': 11980 case 'E': 11981 case 'F': 11982 return (c - 'A' + 10); 11983 case 'a': 11984 case 'b': 11985 case 'c': 11986 case 'd': 11987 case 'e': 11988 case 'f': 11989 return (c - 'a' + 10); 11990 } 11991 /* Should not reach here. */ 11992 return (0); 11993} 11994#endif 11995 11996static dof_hdr_t * 11997dtrace_dof_property(const char *name) 11998{ 11999 uchar_t *buf; 12000 uint64_t loadsz; 12001 unsigned int len, i; 12002 dof_hdr_t *dof; 12003 12004#if defined(sun) 12005 /* 12006 * Unfortunately, array of values in .conf files are always (and 12007 * only) interpreted to be integer arrays. We must read our DOF 12008 * as an integer array, and then squeeze it into a byte array. 12009 */ 12010 if (ddi_prop_lookup_int_array(DDI_DEV_T_ANY, dtrace_devi, 0, 12011 (char *)name, (int **)&buf, &len) != DDI_PROP_SUCCESS) 12012 return (NULL); 12013 12014 for (i = 0; i < len; i++) 12015 buf[i] = (uchar_t)(((int *)buf)[i]); 12016 12017 if (len < sizeof (dof_hdr_t)) { 12018 ddi_prop_free(buf); 12019 dtrace_dof_error(NULL, "truncated header"); 12020 return (NULL); 12021 } 12022 12023 if (len < (loadsz = ((dof_hdr_t *)buf)->dofh_loadsz)) { 12024 ddi_prop_free(buf); 12025 dtrace_dof_error(NULL, "truncated DOF"); 12026 return (NULL); 12027 } 12028 12029 if (loadsz >= dtrace_dof_maxsize) { 12030 ddi_prop_free(buf); 12031 dtrace_dof_error(NULL, "oversized DOF"); 12032 return (NULL); 12033 } 12034 12035 dof = kmem_alloc(loadsz, KM_SLEEP); 12036 bcopy(buf, dof, loadsz); 12037 ddi_prop_free(buf); 12038#else 12039 char *p; 12040 char *p_env; 12041 12042 if ((p_env = getenv(name)) == NULL) 12043 return (NULL); 12044 12045 len = strlen(p_env) / 2; 12046 12047 buf = kmem_alloc(len, KM_SLEEP); 12048 12049 dof = (dof_hdr_t *) buf; 12050 12051 p = p_env; 12052 12053 for (i = 0; i < len; i++) { 12054 buf[i] = (dtrace_dof_char(p[0]) << 4) | 12055 dtrace_dof_char(p[1]); 12056 p += 2; 12057 } 12058 12059 freeenv(p_env); 12060 12061 if (len < sizeof (dof_hdr_t)) { 12062 kmem_free(buf, 0); 12063 dtrace_dof_error(NULL, "truncated header"); 12064 return (NULL); 12065 } 12066 12067 if (len < (loadsz = dof->dofh_loadsz)) { 12068 kmem_free(buf, 0); 12069 dtrace_dof_error(NULL, "truncated DOF"); 12070 return (NULL); 12071 } 12072 12073 if (loadsz >= dtrace_dof_maxsize) { 12074 kmem_free(buf, 0); 12075 dtrace_dof_error(NULL, "oversized DOF"); 12076 return (NULL); 12077 } 12078#endif 12079 12080 return (dof); 12081} 12082 12083static void 12084dtrace_dof_destroy(dof_hdr_t *dof) 12085{ 12086 kmem_free(dof, dof->dofh_loadsz); 12087} 12088 12089/* 12090 * Return the dof_sec_t pointer corresponding to a given section index. If the 12091 * index is not valid, dtrace_dof_error() is called and NULL is returned. If 12092 * a type other than DOF_SECT_NONE is specified, the header is checked against 12093 * this type and NULL is returned if the types do not match. 12094 */ 12095static dof_sec_t * 12096dtrace_dof_sect(dof_hdr_t *dof, uint32_t type, dof_secidx_t i) 12097{ 12098 dof_sec_t *sec = (dof_sec_t *)(uintptr_t) 12099 ((uintptr_t)dof + dof->dofh_secoff + i * dof->dofh_secsize); 12100 12101 if (i >= dof->dofh_secnum) { 12102 dtrace_dof_error(dof, "referenced section index is invalid"); 12103 return (NULL); 12104 } 12105 12106 if (!(sec->dofs_flags & DOF_SECF_LOAD)) { 12107 dtrace_dof_error(dof, "referenced section is not loadable"); 12108 return (NULL); 12109 } 12110 12111 if (type != DOF_SECT_NONE && type != sec->dofs_type) { 12112 dtrace_dof_error(dof, "referenced section is the wrong type"); 12113 return (NULL); 12114 } 12115 12116 return (sec); 12117} 12118 12119static dtrace_probedesc_t * 12120dtrace_dof_probedesc(dof_hdr_t *dof, dof_sec_t *sec, dtrace_probedesc_t *desc) 12121{ 12122 dof_probedesc_t *probe; 12123 dof_sec_t *strtab; 12124 uintptr_t daddr = (uintptr_t)dof; 12125 uintptr_t str; 12126 size_t size; 12127 12128 if (sec->dofs_type != DOF_SECT_PROBEDESC) { 12129 dtrace_dof_error(dof, "invalid probe section"); 12130 return (NULL); 12131 } 12132 12133 if (sec->dofs_align != sizeof (dof_secidx_t)) { 12134 dtrace_dof_error(dof, "bad alignment in probe description"); 12135 return (NULL); 12136 } 12137 12138 if (sec->dofs_offset + sizeof (dof_probedesc_t) > dof->dofh_loadsz) { 12139 dtrace_dof_error(dof, "truncated probe description"); 12140 return (NULL); 12141 } 12142 12143 probe = (dof_probedesc_t *)(uintptr_t)(daddr + sec->dofs_offset); 12144 strtab = dtrace_dof_sect(dof, DOF_SECT_STRTAB, probe->dofp_strtab); 12145 12146 if (strtab == NULL) 12147 return (NULL); 12148 12149 str = daddr + strtab->dofs_offset; 12150 size = strtab->dofs_size; 12151 12152 if (probe->dofp_provider >= strtab->dofs_size) { 12153 dtrace_dof_error(dof, "corrupt probe provider"); 12154 return (NULL); 12155 } 12156 12157 (void) strncpy(desc->dtpd_provider, 12158 (char *)(str + probe->dofp_provider), 12159 MIN(DTRACE_PROVNAMELEN - 1, size - probe->dofp_provider)); 12160 12161 if (probe->dofp_mod >= strtab->dofs_size) { 12162 dtrace_dof_error(dof, "corrupt probe module"); 12163 return (NULL); 12164 } 12165 12166 (void) strncpy(desc->dtpd_mod, (char *)(str + probe->dofp_mod), 12167 MIN(DTRACE_MODNAMELEN - 1, size - probe->dofp_mod)); 12168 12169 if (probe->dofp_func >= strtab->dofs_size) { 12170 dtrace_dof_error(dof, "corrupt probe function"); 12171 return (NULL); 12172 } 12173 12174 (void) strncpy(desc->dtpd_func, (char *)(str + probe->dofp_func), 12175 MIN(DTRACE_FUNCNAMELEN - 1, size - probe->dofp_func)); 12176 12177 if (probe->dofp_name >= strtab->dofs_size) { 12178 dtrace_dof_error(dof, "corrupt probe name"); 12179 return (NULL); 12180 } 12181 12182 (void) strncpy(desc->dtpd_name, (char *)(str + probe->dofp_name), 12183 MIN(DTRACE_NAMELEN - 1, size - probe->dofp_name)); 12184 12185 return (desc); 12186} 12187 12188static dtrace_difo_t * 12189dtrace_dof_difo(dof_hdr_t *dof, dof_sec_t *sec, dtrace_vstate_t *vstate, 12190 cred_t *cr) 12191{ 12192 dtrace_difo_t *dp; 12193 size_t ttl = 0; 12194 dof_difohdr_t *dofd; 12195 uintptr_t daddr = (uintptr_t)dof; 12196 size_t max = dtrace_difo_maxsize; 12197 int i, l, n; 12198 12199 static const struct { 12200 int section; 12201 int bufoffs; 12202 int lenoffs; 12203 int entsize; 12204 int align; 12205 const char *msg; 12206 } difo[] = { 12207 { DOF_SECT_DIF, offsetof(dtrace_difo_t, dtdo_buf), 12208 offsetof(dtrace_difo_t, dtdo_len), sizeof (dif_instr_t), 12209 sizeof (dif_instr_t), "multiple DIF sections" }, 12210 12211 { DOF_SECT_INTTAB, offsetof(dtrace_difo_t, dtdo_inttab), 12212 offsetof(dtrace_difo_t, dtdo_intlen), sizeof (uint64_t), 12213 sizeof (uint64_t), "multiple integer tables" }, 12214 12215 { DOF_SECT_STRTAB, offsetof(dtrace_difo_t, dtdo_strtab), 12216 offsetof(dtrace_difo_t, dtdo_strlen), 0, 12217 sizeof (char), "multiple string tables" }, 12218 12219 { DOF_SECT_VARTAB, offsetof(dtrace_difo_t, dtdo_vartab), 12220 offsetof(dtrace_difo_t, dtdo_varlen), sizeof (dtrace_difv_t), 12221 sizeof (uint_t), "multiple variable tables" }, 12222 12223 { DOF_SECT_NONE, 0, 0, 0, 0, NULL } 12224 }; 12225 12226 if (sec->dofs_type != DOF_SECT_DIFOHDR) { 12227 dtrace_dof_error(dof, "invalid DIFO header section"); 12228 return (NULL); 12229 } 12230 12231 if (sec->dofs_align != sizeof (dof_secidx_t)) { 12232 dtrace_dof_error(dof, "bad alignment in DIFO header"); 12233 return (NULL); 12234 } 12235 12236 if (sec->dofs_size < sizeof (dof_difohdr_t) || 12237 sec->dofs_size % sizeof (dof_secidx_t)) { 12238 dtrace_dof_error(dof, "bad size in DIFO header"); 12239 return (NULL); 12240 } 12241 12242 dofd = (dof_difohdr_t *)(uintptr_t)(daddr + sec->dofs_offset); 12243 n = (sec->dofs_size - sizeof (*dofd)) / sizeof (dof_secidx_t) + 1; 12244 12245 dp = kmem_zalloc(sizeof (dtrace_difo_t), KM_SLEEP); 12246 dp->dtdo_rtype = dofd->dofd_rtype; 12247 12248 for (l = 0; l < n; l++) { 12249 dof_sec_t *subsec; 12250 void **bufp; 12251 uint32_t *lenp; 12252 12253 if ((subsec = dtrace_dof_sect(dof, DOF_SECT_NONE, 12254 dofd->dofd_links[l])) == NULL) 12255 goto err; /* invalid section link */ 12256 12257 if (ttl + subsec->dofs_size > max) { 12258 dtrace_dof_error(dof, "exceeds maximum size"); 12259 goto err; 12260 } 12261 12262 ttl += subsec->dofs_size; 12263 12264 for (i = 0; difo[i].section != DOF_SECT_NONE; i++) { 12265 if (subsec->dofs_type != difo[i].section) 12266 continue; 12267 12268 if (!(subsec->dofs_flags & DOF_SECF_LOAD)) { 12269 dtrace_dof_error(dof, "section not loaded"); 12270 goto err; 12271 } 12272 12273 if (subsec->dofs_align != difo[i].align) { 12274 dtrace_dof_error(dof, "bad alignment"); 12275 goto err; 12276 } 12277 12278 bufp = (void **)((uintptr_t)dp + difo[i].bufoffs); 12279 lenp = (uint32_t *)((uintptr_t)dp + difo[i].lenoffs); 12280 12281 if (*bufp != NULL) { 12282 dtrace_dof_error(dof, difo[i].msg); 12283 goto err; 12284 } 12285 12286 if (difo[i].entsize != subsec->dofs_entsize) { 12287 dtrace_dof_error(dof, "entry size mismatch"); 12288 goto err; 12289 } 12290 12291 if (subsec->dofs_entsize != 0 && 12292 (subsec->dofs_size % subsec->dofs_entsize) != 0) { 12293 dtrace_dof_error(dof, "corrupt entry size"); 12294 goto err; 12295 } 12296 12297 *lenp = subsec->dofs_size; 12298 *bufp = kmem_alloc(subsec->dofs_size, KM_SLEEP); 12299 bcopy((char *)(uintptr_t)(daddr + subsec->dofs_offset), 12300 *bufp, subsec->dofs_size); 12301 12302 if (subsec->dofs_entsize != 0) 12303 *lenp /= subsec->dofs_entsize; 12304 12305 break; 12306 } 12307 12308 /* 12309 * If we encounter a loadable DIFO sub-section that is not 12310 * known to us, assume this is a broken program and fail. 12311 */ 12312 if (difo[i].section == DOF_SECT_NONE && 12313 (subsec->dofs_flags & DOF_SECF_LOAD)) { 12314 dtrace_dof_error(dof, "unrecognized DIFO subsection"); 12315 goto err; 12316 } 12317 } 12318 12319 if (dp->dtdo_buf == NULL) { 12320 /* 12321 * We can't have a DIF object without DIF text. 12322 */ 12323 dtrace_dof_error(dof, "missing DIF text"); 12324 goto err; 12325 } 12326 12327 /* 12328 * Before we validate the DIF object, run through the variable table 12329 * looking for the strings -- if any of their size are under, we'll set 12330 * their size to be the system-wide default string size. Note that 12331 * this should _not_ happen if the "strsize" option has been set -- 12332 * in this case, the compiler should have set the size to reflect the 12333 * setting of the option. 12334 */ 12335 for (i = 0; i < dp->dtdo_varlen; i++) { 12336 dtrace_difv_t *v = &dp->dtdo_vartab[i]; 12337 dtrace_diftype_t *t = &v->dtdv_type; 12338 12339 if (v->dtdv_id < DIF_VAR_OTHER_UBASE) 12340 continue; 12341 12342 if (t->dtdt_kind == DIF_TYPE_STRING && t->dtdt_size == 0) 12343 t->dtdt_size = dtrace_strsize_default; 12344 } 12345 12346 if (dtrace_difo_validate(dp, vstate, DIF_DIR_NREGS, cr) != 0) 12347 goto err; 12348 12349 dtrace_difo_init(dp, vstate); 12350 return (dp); 12351 12352err: 12353 kmem_free(dp->dtdo_buf, dp->dtdo_len * sizeof (dif_instr_t)); 12354 kmem_free(dp->dtdo_inttab, dp->dtdo_intlen * sizeof (uint64_t)); 12355 kmem_free(dp->dtdo_strtab, dp->dtdo_strlen); 12356 kmem_free(dp->dtdo_vartab, dp->dtdo_varlen * sizeof (dtrace_difv_t)); 12357 12358 kmem_free(dp, sizeof (dtrace_difo_t)); 12359 return (NULL); 12360} 12361 12362static dtrace_predicate_t * 12363dtrace_dof_predicate(dof_hdr_t *dof, dof_sec_t *sec, dtrace_vstate_t *vstate, 12364 cred_t *cr) 12365{ 12366 dtrace_difo_t *dp; 12367 12368 if ((dp = dtrace_dof_difo(dof, sec, vstate, cr)) == NULL) 12369 return (NULL); 12370 12371 return (dtrace_predicate_create(dp)); 12372} 12373 12374static dtrace_actdesc_t * 12375dtrace_dof_actdesc(dof_hdr_t *dof, dof_sec_t *sec, dtrace_vstate_t *vstate, 12376 cred_t *cr) 12377{ 12378 dtrace_actdesc_t *act, *first = NULL, *last = NULL, *next; 12379 dof_actdesc_t *desc; 12380 dof_sec_t *difosec; 12381 size_t offs; 12382 uintptr_t daddr = (uintptr_t)dof; 12383 uint64_t arg; 12384 dtrace_actkind_t kind; 12385 12386 if (sec->dofs_type != DOF_SECT_ACTDESC) { 12387 dtrace_dof_error(dof, "invalid action section"); 12388 return (NULL); 12389 } 12390 12391 if (sec->dofs_offset + sizeof (dof_actdesc_t) > dof->dofh_loadsz) { 12392 dtrace_dof_error(dof, "truncated action description"); 12393 return (NULL); 12394 } 12395 12396 if (sec->dofs_align != sizeof (uint64_t)) { 12397 dtrace_dof_error(dof, "bad alignment in action description"); 12398 return (NULL); 12399 } 12400 12401 if (sec->dofs_size < sec->dofs_entsize) { 12402 dtrace_dof_error(dof, "section entry size exceeds total size"); 12403 return (NULL); 12404 } 12405 12406 if (sec->dofs_entsize != sizeof (dof_actdesc_t)) { 12407 dtrace_dof_error(dof, "bad entry size in action description"); 12408 return (NULL); 12409 } 12410 12411 if (sec->dofs_size / sec->dofs_entsize > dtrace_actions_max) { 12412 dtrace_dof_error(dof, "actions exceed dtrace_actions_max"); 12413 return (NULL); 12414 } 12415 12416 for (offs = 0; offs < sec->dofs_size; offs += sec->dofs_entsize) { 12417 desc = (dof_actdesc_t *)(daddr + 12418 (uintptr_t)sec->dofs_offset + offs); 12419 kind = (dtrace_actkind_t)desc->dofa_kind; 12420 12421 if ((DTRACEACT_ISPRINTFLIKE(kind) && 12422 (kind != DTRACEACT_PRINTA || 12423 desc->dofa_strtab != DOF_SECIDX_NONE)) || 12424 (kind == DTRACEACT_DIFEXPR && 12425 desc->dofa_strtab != DOF_SECIDX_NONE)) { 12426 dof_sec_t *strtab; 12427 char *str, *fmt; 12428 uint64_t i; 12429 12430 /* 12431 * The argument to these actions is an index into the 12432 * DOF string table. For printf()-like actions, this 12433 * is the format string. For print(), this is the 12434 * CTF type of the expression result. 12435 */ 12436 if ((strtab = dtrace_dof_sect(dof, 12437 DOF_SECT_STRTAB, desc->dofa_strtab)) == NULL) 12438 goto err; 12439 12440 str = (char *)((uintptr_t)dof + 12441 (uintptr_t)strtab->dofs_offset); 12442 12443 for (i = desc->dofa_arg; i < strtab->dofs_size; i++) { 12444 if (str[i] == '\0') 12445 break; 12446 } 12447 12448 if (i >= strtab->dofs_size) { 12449 dtrace_dof_error(dof, "bogus format string"); 12450 goto err; 12451 } 12452 12453 if (i == desc->dofa_arg) { 12454 dtrace_dof_error(dof, "empty format string"); 12455 goto err; 12456 } 12457 12458 i -= desc->dofa_arg; 12459 fmt = kmem_alloc(i + 1, KM_SLEEP); 12460 bcopy(&str[desc->dofa_arg], fmt, i + 1); 12461 arg = (uint64_t)(uintptr_t)fmt; 12462 } else { 12463 if (kind == DTRACEACT_PRINTA) { 12464 ASSERT(desc->dofa_strtab == DOF_SECIDX_NONE); 12465 arg = 0; 12466 } else { 12467 arg = desc->dofa_arg; 12468 } 12469 } 12470 12471 act = dtrace_actdesc_create(kind, desc->dofa_ntuple, 12472 desc->dofa_uarg, arg); 12473 12474 if (last != NULL) { 12475 last->dtad_next = act; 12476 } else { 12477 first = act; 12478 } 12479 12480 last = act; 12481 12482 if (desc->dofa_difo == DOF_SECIDX_NONE) 12483 continue; 12484 12485 if ((difosec = dtrace_dof_sect(dof, 12486 DOF_SECT_DIFOHDR, desc->dofa_difo)) == NULL) 12487 goto err; 12488 12489 act->dtad_difo = dtrace_dof_difo(dof, difosec, vstate, cr); 12490 12491 if (act->dtad_difo == NULL) 12492 goto err; 12493 } 12494 12495 ASSERT(first != NULL); 12496 return (first); 12497 12498err: 12499 for (act = first; act != NULL; act = next) { 12500 next = act->dtad_next; 12501 dtrace_actdesc_release(act, vstate); 12502 } 12503 12504 return (NULL); 12505} 12506 12507static dtrace_ecbdesc_t * 12508dtrace_dof_ecbdesc(dof_hdr_t *dof, dof_sec_t *sec, dtrace_vstate_t *vstate, 12509 cred_t *cr) 12510{ 12511 dtrace_ecbdesc_t *ep; 12512 dof_ecbdesc_t *ecb; 12513 dtrace_probedesc_t *desc; 12514 dtrace_predicate_t *pred = NULL; 12515 12516 if (sec->dofs_size < sizeof (dof_ecbdesc_t)) { 12517 dtrace_dof_error(dof, "truncated ECB description"); 12518 return (NULL); 12519 } 12520 12521 if (sec->dofs_align != sizeof (uint64_t)) { 12522 dtrace_dof_error(dof, "bad alignment in ECB description"); 12523 return (NULL); 12524 } 12525 12526 ecb = (dof_ecbdesc_t *)((uintptr_t)dof + (uintptr_t)sec->dofs_offset); 12527 sec = dtrace_dof_sect(dof, DOF_SECT_PROBEDESC, ecb->dofe_probes); 12528 12529 if (sec == NULL) 12530 return (NULL); 12531 12532 ep = kmem_zalloc(sizeof (dtrace_ecbdesc_t), KM_SLEEP); 12533 ep->dted_uarg = ecb->dofe_uarg; 12534 desc = &ep->dted_probe; 12535 12536 if (dtrace_dof_probedesc(dof, sec, desc) == NULL) 12537 goto err; 12538 12539 if (ecb->dofe_pred != DOF_SECIDX_NONE) { 12540 if ((sec = dtrace_dof_sect(dof, 12541 DOF_SECT_DIFOHDR, ecb->dofe_pred)) == NULL) 12542 goto err; 12543 12544 if ((pred = dtrace_dof_predicate(dof, sec, vstate, cr)) == NULL) 12545 goto err; 12546 12547 ep->dted_pred.dtpdd_predicate = pred; 12548 } 12549 12550 if (ecb->dofe_actions != DOF_SECIDX_NONE) { 12551 if ((sec = dtrace_dof_sect(dof, 12552 DOF_SECT_ACTDESC, ecb->dofe_actions)) == NULL) 12553 goto err; 12554 12555 ep->dted_action = dtrace_dof_actdesc(dof, sec, vstate, cr); 12556 12557 if (ep->dted_action == NULL) 12558 goto err; 12559 } 12560 12561 return (ep); 12562 12563err: 12564 if (pred != NULL) 12565 dtrace_predicate_release(pred, vstate); 12566 kmem_free(ep, sizeof (dtrace_ecbdesc_t)); 12567 return (NULL); 12568} 12569 12570/* 12571 * Apply the relocations from the specified 'sec' (a DOF_SECT_URELHDR) to the 12572 * specified DOF. At present, this amounts to simply adding 'ubase' to the 12573 * site of any user SETX relocations to account for load object base address. 12574 * In the future, if we need other relocations, this function can be extended. 12575 */ 12576static int 12577dtrace_dof_relocate(dof_hdr_t *dof, dof_sec_t *sec, uint64_t ubase) 12578{ 12579 uintptr_t daddr = (uintptr_t)dof; 12580 dof_relohdr_t *dofr = 12581 (dof_relohdr_t *)(uintptr_t)(daddr + sec->dofs_offset); 12582 dof_sec_t *ss, *rs, *ts; 12583 dof_relodesc_t *r; 12584 uint_t i, n; 12585 12586 if (sec->dofs_size < sizeof (dof_relohdr_t) || 12587 sec->dofs_align != sizeof (dof_secidx_t)) { 12588 dtrace_dof_error(dof, "invalid relocation header"); 12589 return (-1); 12590 } 12591 12592 ss = dtrace_dof_sect(dof, DOF_SECT_STRTAB, dofr->dofr_strtab); 12593 rs = dtrace_dof_sect(dof, DOF_SECT_RELTAB, dofr->dofr_relsec); 12594 ts = dtrace_dof_sect(dof, DOF_SECT_NONE, dofr->dofr_tgtsec); 12595 12596 if (ss == NULL || rs == NULL || ts == NULL) 12597 return (-1); /* dtrace_dof_error() has been called already */ 12598 12599 if (rs->dofs_entsize < sizeof (dof_relodesc_t) || 12600 rs->dofs_align != sizeof (uint64_t)) { 12601 dtrace_dof_error(dof, "invalid relocation section"); 12602 return (-1); 12603 } 12604 12605 r = (dof_relodesc_t *)(uintptr_t)(daddr + rs->dofs_offset); 12606 n = rs->dofs_size / rs->dofs_entsize; 12607 12608 for (i = 0; i < n; i++) { 12609 uintptr_t taddr = daddr + ts->dofs_offset + r->dofr_offset; 12610 12611 switch (r->dofr_type) { 12612 case DOF_RELO_NONE: 12613 break; 12614 case DOF_RELO_SETX: 12615 if (r->dofr_offset >= ts->dofs_size || r->dofr_offset + 12616 sizeof (uint64_t) > ts->dofs_size) { 12617 dtrace_dof_error(dof, "bad relocation offset"); 12618 return (-1); 12619 } 12620 12621 if (!IS_P2ALIGNED(taddr, sizeof (uint64_t))) { 12622 dtrace_dof_error(dof, "misaligned setx relo"); 12623 return (-1); 12624 } 12625 12626 *(uint64_t *)taddr += ubase; 12627 break; 12628 default: 12629 dtrace_dof_error(dof, "invalid relocation type"); 12630 return (-1); 12631 } 12632 12633 r = (dof_relodesc_t *)((uintptr_t)r + rs->dofs_entsize); 12634 } 12635 12636 return (0); 12637} 12638 12639/* 12640 * The dof_hdr_t passed to dtrace_dof_slurp() should be a partially validated 12641 * header: it should be at the front of a memory region that is at least 12642 * sizeof (dof_hdr_t) in size -- and then at least dof_hdr.dofh_loadsz in 12643 * size. It need not be validated in any other way. 12644 */ 12645static int 12646dtrace_dof_slurp(dof_hdr_t *dof, dtrace_vstate_t *vstate, cred_t *cr, 12647 dtrace_enabling_t **enabp, uint64_t ubase, int noprobes) 12648{ 12649 uint64_t len = dof->dofh_loadsz, seclen; 12650 uintptr_t daddr = (uintptr_t)dof; 12651 dtrace_ecbdesc_t *ep; 12652 dtrace_enabling_t *enab; 12653 uint_t i; 12654 12655 ASSERT(MUTEX_HELD(&dtrace_lock)); 12656 ASSERT(dof->dofh_loadsz >= sizeof (dof_hdr_t)); 12657 12658 /* 12659 * Check the DOF header identification bytes. In addition to checking 12660 * valid settings, we also verify that unused bits/bytes are zeroed so 12661 * we can use them later without fear of regressing existing binaries. 12662 */ 12663 if (bcmp(&dof->dofh_ident[DOF_ID_MAG0], 12664 DOF_MAG_STRING, DOF_MAG_STRLEN) != 0) { 12665 dtrace_dof_error(dof, "DOF magic string mismatch"); 12666 return (-1); 12667 } 12668 12669 if (dof->dofh_ident[DOF_ID_MODEL] != DOF_MODEL_ILP32 && 12670 dof->dofh_ident[DOF_ID_MODEL] != DOF_MODEL_LP64) { 12671 dtrace_dof_error(dof, "DOF has invalid data model"); 12672 return (-1); 12673 } 12674 12675 if (dof->dofh_ident[DOF_ID_ENCODING] != DOF_ENCODE_NATIVE) { 12676 dtrace_dof_error(dof, "DOF encoding mismatch"); 12677 return (-1); 12678 } 12679 12680 if (dof->dofh_ident[DOF_ID_VERSION] != DOF_VERSION_1 && 12681 dof->dofh_ident[DOF_ID_VERSION] != DOF_VERSION_2) { 12682 dtrace_dof_error(dof, "DOF version mismatch"); 12683 return (-1); 12684 } 12685 12686 if (dof->dofh_ident[DOF_ID_DIFVERS] != DIF_VERSION_2) { 12687 dtrace_dof_error(dof, "DOF uses unsupported instruction set"); 12688 return (-1); 12689 } 12690 12691 if (dof->dofh_ident[DOF_ID_DIFIREG] > DIF_DIR_NREGS) { 12692 dtrace_dof_error(dof, "DOF uses too many integer registers"); 12693 return (-1); 12694 } 12695 12696 if (dof->dofh_ident[DOF_ID_DIFTREG] > DIF_DTR_NREGS) { 12697 dtrace_dof_error(dof, "DOF uses too many tuple registers"); 12698 return (-1); 12699 } 12700 12701 for (i = DOF_ID_PAD; i < DOF_ID_SIZE; i++) { 12702 if (dof->dofh_ident[i] != 0) { 12703 dtrace_dof_error(dof, "DOF has invalid ident byte set"); 12704 return (-1); 12705 } 12706 } 12707 12708 if (dof->dofh_flags & ~DOF_FL_VALID) { 12709 dtrace_dof_error(dof, "DOF has invalid flag bits set"); 12710 return (-1); 12711 } 12712 12713 if (dof->dofh_secsize == 0) { 12714 dtrace_dof_error(dof, "zero section header size"); 12715 return (-1); 12716 } 12717 12718 /* 12719 * Check that the section headers don't exceed the amount of DOF 12720 * data. Note that we cast the section size and number of sections 12721 * to uint64_t's to prevent possible overflow in the multiplication. 12722 */ 12723 seclen = (uint64_t)dof->dofh_secnum * (uint64_t)dof->dofh_secsize; 12724 12725 if (dof->dofh_secoff > len || seclen > len || 12726 dof->dofh_secoff + seclen > len) { 12727 dtrace_dof_error(dof, "truncated section headers"); 12728 return (-1); 12729 } 12730 12731 if (!IS_P2ALIGNED(dof->dofh_secoff, sizeof (uint64_t))) { 12732 dtrace_dof_error(dof, "misaligned section headers"); 12733 return (-1); 12734 } 12735 12736 if (!IS_P2ALIGNED(dof->dofh_secsize, sizeof (uint64_t))) { 12737 dtrace_dof_error(dof, "misaligned section size"); 12738 return (-1); 12739 } 12740 12741 /* 12742 * Take an initial pass through the section headers to be sure that 12743 * the headers don't have stray offsets. If the 'noprobes' flag is 12744 * set, do not permit sections relating to providers, probes, or args. 12745 */ 12746 for (i = 0; i < dof->dofh_secnum; i++) { 12747 dof_sec_t *sec = (dof_sec_t *)(daddr + 12748 (uintptr_t)dof->dofh_secoff + i * dof->dofh_secsize); 12749 12750 if (noprobes) { 12751 switch (sec->dofs_type) { 12752 case DOF_SECT_PROVIDER: 12753 case DOF_SECT_PROBES: 12754 case DOF_SECT_PRARGS: 12755 case DOF_SECT_PROFFS: 12756 dtrace_dof_error(dof, "illegal sections " 12757 "for enabling"); 12758 return (-1); 12759 } 12760 } 12761 12762 if (!(sec->dofs_flags & DOF_SECF_LOAD)) 12763 continue; /* just ignore non-loadable sections */ 12764 12765 if (sec->dofs_align & (sec->dofs_align - 1)) { 12766 dtrace_dof_error(dof, "bad section alignment"); 12767 return (-1); 12768 } 12769 12770 if (sec->dofs_offset & (sec->dofs_align - 1)) { 12771 dtrace_dof_error(dof, "misaligned section"); 12772 return (-1); 12773 } 12774 12775 if (sec->dofs_offset > len || sec->dofs_size > len || 12776 sec->dofs_offset + sec->dofs_size > len) { 12777 dtrace_dof_error(dof, "corrupt section header"); 12778 return (-1); 12779 } 12780 12781 if (sec->dofs_type == DOF_SECT_STRTAB && *((char *)daddr + 12782 sec->dofs_offset + sec->dofs_size - 1) != '\0') { 12783 dtrace_dof_error(dof, "non-terminating string table"); 12784 return (-1); 12785 } 12786 } 12787 12788 /* 12789 * Take a second pass through the sections and locate and perform any 12790 * relocations that are present. We do this after the first pass to 12791 * be sure that all sections have had their headers validated. 12792 */ 12793 for (i = 0; i < dof->dofh_secnum; i++) { 12794 dof_sec_t *sec = (dof_sec_t *)(daddr + 12795 (uintptr_t)dof->dofh_secoff + i * dof->dofh_secsize); 12796 12797 if (!(sec->dofs_flags & DOF_SECF_LOAD)) 12798 continue; /* skip sections that are not loadable */ 12799 12800 switch (sec->dofs_type) { 12801 case DOF_SECT_URELHDR: 12802 if (dtrace_dof_relocate(dof, sec, ubase) != 0) 12803 return (-1); 12804 break; 12805 } 12806 } 12807 12808 if ((enab = *enabp) == NULL) 12809 enab = *enabp = dtrace_enabling_create(vstate); 12810 12811 for (i = 0; i < dof->dofh_secnum; i++) { 12812 dof_sec_t *sec = (dof_sec_t *)(daddr + 12813 (uintptr_t)dof->dofh_secoff + i * dof->dofh_secsize); 12814 12815 if (sec->dofs_type != DOF_SECT_ECBDESC) 12816 continue; 12817 12818 if ((ep = dtrace_dof_ecbdesc(dof, sec, vstate, cr)) == NULL) { 12819 dtrace_enabling_destroy(enab); 12820 *enabp = NULL; 12821 return (-1); 12822 } 12823 12824 dtrace_enabling_add(enab, ep); 12825 } 12826 12827 return (0); 12828} 12829 12830/* 12831 * Process DOF for any options. This routine assumes that the DOF has been 12832 * at least processed by dtrace_dof_slurp(). 12833 */ 12834static int 12835dtrace_dof_options(dof_hdr_t *dof, dtrace_state_t *state) 12836{ 12837 int i, rval; 12838 uint32_t entsize; 12839 size_t offs; 12840 dof_optdesc_t *desc; 12841 12842 for (i = 0; i < dof->dofh_secnum; i++) { 12843 dof_sec_t *sec = (dof_sec_t *)((uintptr_t)dof + 12844 (uintptr_t)dof->dofh_secoff + i * dof->dofh_secsize); 12845 12846 if (sec->dofs_type != DOF_SECT_OPTDESC) 12847 continue; 12848 12849 if (sec->dofs_align != sizeof (uint64_t)) { 12850 dtrace_dof_error(dof, "bad alignment in " 12851 "option description"); 12852 return (EINVAL); 12853 } 12854 12855 if ((entsize = sec->dofs_entsize) == 0) { 12856 dtrace_dof_error(dof, "zeroed option entry size"); 12857 return (EINVAL); 12858 } 12859 12860 if (entsize < sizeof (dof_optdesc_t)) { 12861 dtrace_dof_error(dof, "bad option entry size"); 12862 return (EINVAL); 12863 } 12864 12865 for (offs = 0; offs < sec->dofs_size; offs += entsize) { 12866 desc = (dof_optdesc_t *)((uintptr_t)dof + 12867 (uintptr_t)sec->dofs_offset + offs); 12868 12869 if (desc->dofo_strtab != DOF_SECIDX_NONE) { 12870 dtrace_dof_error(dof, "non-zero option string"); 12871 return (EINVAL); 12872 } 12873 12874 if (desc->dofo_value == DTRACEOPT_UNSET) { 12875 dtrace_dof_error(dof, "unset option"); 12876 return (EINVAL); 12877 } 12878 12879 if ((rval = dtrace_state_option(state, 12880 desc->dofo_option, desc->dofo_value)) != 0) { 12881 dtrace_dof_error(dof, "rejected option"); 12882 return (rval); 12883 } 12884 } 12885 } 12886 12887 return (0); 12888} 12889 12890/* 12891 * DTrace Consumer State Functions 12892 */ 12893static int 12894dtrace_dstate_init(dtrace_dstate_t *dstate, size_t size) 12895{ 12896 size_t hashsize, maxper, min, chunksize = dstate->dtds_chunksize; 12897 void *base; 12898 uintptr_t limit; 12899 dtrace_dynvar_t *dvar, *next, *start; 12900 int i; 12901 12902 ASSERT(MUTEX_HELD(&dtrace_lock)); 12903 ASSERT(dstate->dtds_base == NULL && dstate->dtds_percpu == NULL); 12904 12905 bzero(dstate, sizeof (dtrace_dstate_t)); 12906 12907 if ((dstate->dtds_chunksize = chunksize) == 0) 12908 dstate->dtds_chunksize = DTRACE_DYNVAR_CHUNKSIZE; 12909 12910 if (size < (min = dstate->dtds_chunksize + sizeof (dtrace_dynhash_t))) 12911 size = min; 12912 12913 if ((base = kmem_zalloc(size, KM_NOSLEEP)) == NULL) 12914 return (ENOMEM); 12915 12916 dstate->dtds_size = size; 12917 dstate->dtds_base = base; 12918 dstate->dtds_percpu = kmem_cache_alloc(dtrace_state_cache, KM_SLEEP); 12919 bzero(dstate->dtds_percpu, NCPU * sizeof (dtrace_dstate_percpu_t)); 12920 12921 hashsize = size / (dstate->dtds_chunksize + sizeof (dtrace_dynhash_t)); 12922 12923 if (hashsize != 1 && (hashsize & 1)) 12924 hashsize--; 12925 12926 dstate->dtds_hashsize = hashsize; 12927 dstate->dtds_hash = dstate->dtds_base; 12928 12929 /* 12930 * Set all of our hash buckets to point to the single sink, and (if 12931 * it hasn't already been set), set the sink's hash value to be the 12932 * sink sentinel value. The sink is needed for dynamic variable 12933 * lookups to know that they have iterated over an entire, valid hash 12934 * chain. 12935 */ 12936 for (i = 0; i < hashsize; i++) 12937 dstate->dtds_hash[i].dtdh_chain = &dtrace_dynhash_sink; 12938 12939 if (dtrace_dynhash_sink.dtdv_hashval != DTRACE_DYNHASH_SINK) 12940 dtrace_dynhash_sink.dtdv_hashval = DTRACE_DYNHASH_SINK; 12941 12942 /* 12943 * Determine number of active CPUs. Divide free list evenly among 12944 * active CPUs. 12945 */ 12946 start = (dtrace_dynvar_t *) 12947 ((uintptr_t)base + hashsize * sizeof (dtrace_dynhash_t)); 12948 limit = (uintptr_t)base + size; 12949 12950 maxper = (limit - (uintptr_t)start) / NCPU; 12951 maxper = (maxper / dstate->dtds_chunksize) * dstate->dtds_chunksize; 12952 12953#if !defined(sun) 12954 CPU_FOREACH(i) { 12955#else 12956 for (i = 0; i < NCPU; i++) { 12957#endif 12958 dstate->dtds_percpu[i].dtdsc_free = dvar = start; 12959 12960 /* 12961 * If we don't even have enough chunks to make it once through 12962 * NCPUs, we're just going to allocate everything to the first 12963 * CPU. And if we're on the last CPU, we're going to allocate 12964 * whatever is left over. In either case, we set the limit to 12965 * be the limit of the dynamic variable space. 12966 */ 12967 if (maxper == 0 || i == NCPU - 1) { 12968 limit = (uintptr_t)base + size; 12969 start = NULL; 12970 } else { 12971 limit = (uintptr_t)start + maxper; 12972 start = (dtrace_dynvar_t *)limit; 12973 } 12974 12975 ASSERT(limit <= (uintptr_t)base + size); 12976 12977 for (;;) { 12978 next = (dtrace_dynvar_t *)((uintptr_t)dvar + 12979 dstate->dtds_chunksize); 12980 12981 if ((uintptr_t)next + dstate->dtds_chunksize >= limit) 12982 break; 12983 12984 dvar->dtdv_next = next; 12985 dvar = next; 12986 } 12987 12988 if (maxper == 0) 12989 break; 12990 } 12991 12992 return (0); 12993} 12994 12995static void 12996dtrace_dstate_fini(dtrace_dstate_t *dstate) 12997{ 12998 ASSERT(MUTEX_HELD(&cpu_lock)); 12999 13000 if (dstate->dtds_base == NULL) 13001 return; 13002 13003 kmem_free(dstate->dtds_base, dstate->dtds_size); 13004 kmem_cache_free(dtrace_state_cache, dstate->dtds_percpu); 13005} 13006 13007static void 13008dtrace_vstate_fini(dtrace_vstate_t *vstate) 13009{ 13010 /* 13011 * Logical XOR, where are you? 13012 */ 13013 ASSERT((vstate->dtvs_nglobals == 0) ^ (vstate->dtvs_globals != NULL)); 13014 13015 if (vstate->dtvs_nglobals > 0) { 13016 kmem_free(vstate->dtvs_globals, vstate->dtvs_nglobals * 13017 sizeof (dtrace_statvar_t *)); 13018 } 13019 13020 if (vstate->dtvs_ntlocals > 0) { 13021 kmem_free(vstate->dtvs_tlocals, vstate->dtvs_ntlocals * 13022 sizeof (dtrace_difv_t)); 13023 } 13024 13025 ASSERT((vstate->dtvs_nlocals == 0) ^ (vstate->dtvs_locals != NULL)); 13026 13027 if (vstate->dtvs_nlocals > 0) { 13028 kmem_free(vstate->dtvs_locals, vstate->dtvs_nlocals * 13029 sizeof (dtrace_statvar_t *)); 13030 } 13031} 13032 13033#if defined(sun) 13034static void 13035dtrace_state_clean(dtrace_state_t *state) 13036{ 13037 if (state->dts_activity == DTRACE_ACTIVITY_INACTIVE) 13038 return; 13039 13040 dtrace_dynvar_clean(&state->dts_vstate.dtvs_dynvars); 13041 dtrace_speculation_clean(state); 13042} 13043 13044static void 13045dtrace_state_deadman(dtrace_state_t *state) 13046{ 13047 hrtime_t now; 13048 13049 dtrace_sync(); 13050 13051 now = dtrace_gethrtime(); 13052 13053 if (state != dtrace_anon.dta_state && 13054 now - state->dts_laststatus >= dtrace_deadman_user) 13055 return; 13056 13057 /* 13058 * We must be sure that dts_alive never appears to be less than the 13059 * value upon entry to dtrace_state_deadman(), and because we lack a 13060 * dtrace_cas64(), we cannot store to it atomically. We thus instead 13061 * store INT64_MAX to it, followed by a memory barrier, followed by 13062 * the new value. This assures that dts_alive never appears to be 13063 * less than its true value, regardless of the order in which the 13064 * stores to the underlying storage are issued. 13065 */ 13066 state->dts_alive = INT64_MAX; 13067 dtrace_membar_producer(); 13068 state->dts_alive = now; 13069} 13070#else 13071static void 13072dtrace_state_clean(void *arg) 13073{ 13074 dtrace_state_t *state = arg; 13075 dtrace_optval_t *opt = state->dts_options; 13076 13077 if (state->dts_activity == DTRACE_ACTIVITY_INACTIVE) 13078 return; 13079 13080 dtrace_dynvar_clean(&state->dts_vstate.dtvs_dynvars); 13081 dtrace_speculation_clean(state); 13082 13083 callout_reset(&state->dts_cleaner, hz * opt[DTRACEOPT_CLEANRATE] / NANOSEC, 13084 dtrace_state_clean, state); 13085} 13086 13087static void 13088dtrace_state_deadman(void *arg) 13089{ 13090 dtrace_state_t *state = arg; 13091 hrtime_t now; 13092 13093 dtrace_sync(); 13094 13095 dtrace_debug_output(); 13096 13097 now = dtrace_gethrtime(); 13098 13099 if (state != dtrace_anon.dta_state && 13100 now - state->dts_laststatus >= dtrace_deadman_user) 13101 return; 13102 13103 /* 13104 * We must be sure that dts_alive never appears to be less than the 13105 * value upon entry to dtrace_state_deadman(), and because we lack a 13106 * dtrace_cas64(), we cannot store to it atomically. We thus instead 13107 * store INT64_MAX to it, followed by a memory barrier, followed by 13108 * the new value. This assures that dts_alive never appears to be 13109 * less than its true value, regardless of the order in which the 13110 * stores to the underlying storage are issued. 13111 */ 13112 state->dts_alive = INT64_MAX; 13113 dtrace_membar_producer(); 13114 state->dts_alive = now; 13115 13116 callout_reset(&state->dts_deadman, hz * dtrace_deadman_interval / NANOSEC, 13117 dtrace_state_deadman, state); 13118} 13119#endif 13120 13121static dtrace_state_t * 13122#if defined(sun) 13123dtrace_state_create(dev_t *devp, cred_t *cr) 13124#else 13125dtrace_state_create(struct cdev *dev) 13126#endif 13127{ 13128#if defined(sun) 13129 minor_t minor; 13130 major_t major; 13131#else 13132 cred_t *cr = NULL; 13133 int m = 0; 13134#endif 13135 char c[30]; 13136 dtrace_state_t *state; 13137 dtrace_optval_t *opt; 13138 int bufsize = NCPU * sizeof (dtrace_buffer_t), i; 13139 13140 ASSERT(MUTEX_HELD(&dtrace_lock)); 13141 ASSERT(MUTEX_HELD(&cpu_lock)); 13142 13143#if defined(sun) 13144 minor = (minor_t)(uintptr_t)vmem_alloc(dtrace_minor, 1, 13145 VM_BESTFIT | VM_SLEEP); 13146 13147 if (ddi_soft_state_zalloc(dtrace_softstate, minor) != DDI_SUCCESS) { 13148 vmem_free(dtrace_minor, (void *)(uintptr_t)minor, 1); 13149 return (NULL); 13150 } 13151 13152 state = ddi_get_soft_state(dtrace_softstate, minor); 13153#else 13154 if (dev != NULL) { 13155 cr = dev->si_cred; 13156 m = dev2unit(dev); 13157 } 13158 13159 /* Allocate memory for the state. */ 13160 state = kmem_zalloc(sizeof(dtrace_state_t), KM_SLEEP); 13161#endif 13162 13163 state->dts_epid = DTRACE_EPIDNONE + 1; 13164 13165 (void) snprintf(c, sizeof (c), "dtrace_aggid_%d", m); 13166#if defined(sun) 13167 state->dts_aggid_arena = vmem_create(c, (void *)1, UINT32_MAX, 1, 13168 NULL, NULL, NULL, 0, VM_SLEEP | VMC_IDENTIFIER); 13169 13170 if (devp != NULL) { 13171 major = getemajor(*devp); 13172 } else { 13173 major = ddi_driver_major(dtrace_devi); 13174 } 13175 13176 state->dts_dev = makedevice(major, minor); 13177 13178 if (devp != NULL) 13179 *devp = state->dts_dev; 13180#else 13181 state->dts_aggid_arena = new_unrhdr(1, INT_MAX, &dtrace_unr_mtx); 13182 state->dts_dev = dev; 13183#endif 13184 13185 /* 13186 * We allocate NCPU buffers. On the one hand, this can be quite 13187 * a bit of memory per instance (nearly 36K on a Starcat). On the 13188 * other hand, it saves an additional memory reference in the probe 13189 * path. 13190 */ 13191 state->dts_buffer = kmem_zalloc(bufsize, KM_SLEEP); 13192 state->dts_aggbuffer = kmem_zalloc(bufsize, KM_SLEEP); 13193 13194#if defined(sun) 13195 state->dts_cleaner = CYCLIC_NONE; 13196 state->dts_deadman = CYCLIC_NONE; 13197#else 13198 callout_init(&state->dts_cleaner, CALLOUT_MPSAFE); 13199 callout_init(&state->dts_deadman, CALLOUT_MPSAFE); 13200#endif 13201 state->dts_vstate.dtvs_state = state; 13202 13203 for (i = 0; i < DTRACEOPT_MAX; i++) 13204 state->dts_options[i] = DTRACEOPT_UNSET; 13205 13206 /* 13207 * Set the default options. 13208 */ 13209 opt = state->dts_options; 13210 opt[DTRACEOPT_BUFPOLICY] = DTRACEOPT_BUFPOLICY_SWITCH; 13211 opt[DTRACEOPT_BUFRESIZE] = DTRACEOPT_BUFRESIZE_AUTO; 13212 opt[DTRACEOPT_NSPEC] = dtrace_nspec_default; 13213 opt[DTRACEOPT_SPECSIZE] = dtrace_specsize_default; 13214 opt[DTRACEOPT_CPU] = (dtrace_optval_t)DTRACE_CPUALL; 13215 opt[DTRACEOPT_STRSIZE] = dtrace_strsize_default; 13216 opt[DTRACEOPT_STACKFRAMES] = dtrace_stackframes_default; 13217 opt[DTRACEOPT_USTACKFRAMES] = dtrace_ustackframes_default; 13218 opt[DTRACEOPT_CLEANRATE] = dtrace_cleanrate_default; 13219 opt[DTRACEOPT_AGGRATE] = dtrace_aggrate_default; 13220 opt[DTRACEOPT_SWITCHRATE] = dtrace_switchrate_default; 13221 opt[DTRACEOPT_STATUSRATE] = dtrace_statusrate_default; 13222 opt[DTRACEOPT_JSTACKFRAMES] = dtrace_jstackframes_default; 13223 opt[DTRACEOPT_JSTACKSTRSIZE] = dtrace_jstackstrsize_default; 13224 13225 state->dts_activity = DTRACE_ACTIVITY_INACTIVE; 13226 13227 /* 13228 * Depending on the user credentials, we set flag bits which alter probe 13229 * visibility or the amount of destructiveness allowed. In the case of 13230 * actual anonymous tracing, or the possession of all privileges, all of 13231 * the normal checks are bypassed. 13232 */ 13233 if (cr == NULL || PRIV_POLICY_ONLY(cr, PRIV_ALL, B_FALSE)) { 13234 state->dts_cred.dcr_visible = DTRACE_CRV_ALL; 13235 state->dts_cred.dcr_action = DTRACE_CRA_ALL; 13236 } else { 13237 /* 13238 * Set up the credentials for this instantiation. We take a 13239 * hold on the credential to prevent it from disappearing on 13240 * us; this in turn prevents the zone_t referenced by this 13241 * credential from disappearing. This means that we can 13242 * examine the credential and the zone from probe context. 13243 */ 13244 crhold(cr); 13245 state->dts_cred.dcr_cred = cr; 13246 13247 /* 13248 * CRA_PROC means "we have *some* privilege for dtrace" and 13249 * unlocks the use of variables like pid, zonename, etc. 13250 */ 13251 if (PRIV_POLICY_ONLY(cr, PRIV_DTRACE_USER, B_FALSE) || 13252 PRIV_POLICY_ONLY(cr, PRIV_DTRACE_PROC, B_FALSE)) { 13253 state->dts_cred.dcr_action |= DTRACE_CRA_PROC; 13254 } 13255 13256 /* 13257 * dtrace_user allows use of syscall and profile providers. 13258 * If the user also has proc_owner and/or proc_zone, we 13259 * extend the scope to include additional visibility and 13260 * destructive power. 13261 */ 13262 if (PRIV_POLICY_ONLY(cr, PRIV_DTRACE_USER, B_FALSE)) { 13263 if (PRIV_POLICY_ONLY(cr, PRIV_PROC_OWNER, B_FALSE)) { 13264 state->dts_cred.dcr_visible |= 13265 DTRACE_CRV_ALLPROC; 13266 13267 state->dts_cred.dcr_action |= 13268 DTRACE_CRA_PROC_DESTRUCTIVE_ALLUSER; 13269 } 13270 13271 if (PRIV_POLICY_ONLY(cr, PRIV_PROC_ZONE, B_FALSE)) { 13272 state->dts_cred.dcr_visible |= 13273 DTRACE_CRV_ALLZONE; 13274 13275 state->dts_cred.dcr_action |= 13276 DTRACE_CRA_PROC_DESTRUCTIVE_ALLZONE; 13277 } 13278 13279 /* 13280 * If we have all privs in whatever zone this is, 13281 * we can do destructive things to processes which 13282 * have altered credentials. 13283 */ 13284#if defined(sun) 13285 if (priv_isequalset(priv_getset(cr, PRIV_EFFECTIVE), 13286 cr->cr_zone->zone_privset)) { 13287 state->dts_cred.dcr_action |= 13288 DTRACE_CRA_PROC_DESTRUCTIVE_CREDCHG; 13289 } 13290#endif 13291 } 13292 13293 /* 13294 * Holding the dtrace_kernel privilege also implies that 13295 * the user has the dtrace_user privilege from a visibility 13296 * perspective. But without further privileges, some 13297 * destructive actions are not available. 13298 */ 13299 if (PRIV_POLICY_ONLY(cr, PRIV_DTRACE_KERNEL, B_FALSE)) { 13300 /* 13301 * Make all probes in all zones visible. However, 13302 * this doesn't mean that all actions become available 13303 * to all zones. 13304 */ 13305 state->dts_cred.dcr_visible |= DTRACE_CRV_KERNEL | 13306 DTRACE_CRV_ALLPROC | DTRACE_CRV_ALLZONE; 13307 13308 state->dts_cred.dcr_action |= DTRACE_CRA_KERNEL | 13309 DTRACE_CRA_PROC; 13310 /* 13311 * Holding proc_owner means that destructive actions 13312 * for *this* zone are allowed. 13313 */ 13314 if (PRIV_POLICY_ONLY(cr, PRIV_PROC_OWNER, B_FALSE)) 13315 state->dts_cred.dcr_action |= 13316 DTRACE_CRA_PROC_DESTRUCTIVE_ALLUSER; 13317 13318 /* 13319 * Holding proc_zone means that destructive actions 13320 * for this user/group ID in all zones is allowed. 13321 */ 13322 if (PRIV_POLICY_ONLY(cr, PRIV_PROC_ZONE, B_FALSE)) 13323 state->dts_cred.dcr_action |= 13324 DTRACE_CRA_PROC_DESTRUCTIVE_ALLZONE; 13325 13326#if defined(sun) 13327 /* 13328 * If we have all privs in whatever zone this is, 13329 * we can do destructive things to processes which 13330 * have altered credentials. 13331 */ 13332 if (priv_isequalset(priv_getset(cr, PRIV_EFFECTIVE), 13333 cr->cr_zone->zone_privset)) { 13334 state->dts_cred.dcr_action |= 13335 DTRACE_CRA_PROC_DESTRUCTIVE_CREDCHG; 13336 } 13337#endif 13338 } 13339 13340 /* 13341 * Holding the dtrace_proc privilege gives control over fasttrap 13342 * and pid providers. We need to grant wider destructive 13343 * privileges in the event that the user has proc_owner and/or 13344 * proc_zone. 13345 */ 13346 if (PRIV_POLICY_ONLY(cr, PRIV_DTRACE_PROC, B_FALSE)) { 13347 if (PRIV_POLICY_ONLY(cr, PRIV_PROC_OWNER, B_FALSE)) 13348 state->dts_cred.dcr_action |= 13349 DTRACE_CRA_PROC_DESTRUCTIVE_ALLUSER; 13350 13351 if (PRIV_POLICY_ONLY(cr, PRIV_PROC_ZONE, B_FALSE)) 13352 state->dts_cred.dcr_action |= 13353 DTRACE_CRA_PROC_DESTRUCTIVE_ALLZONE; 13354 } 13355 } 13356 13357 return (state); 13358} 13359 13360static int 13361dtrace_state_buffer(dtrace_state_t *state, dtrace_buffer_t *buf, int which) 13362{ 13363 dtrace_optval_t *opt = state->dts_options, size; 13364 processorid_t cpu = 0;; 13365 int flags = 0, rval; 13366 13367 ASSERT(MUTEX_HELD(&dtrace_lock)); 13368 ASSERT(MUTEX_HELD(&cpu_lock)); 13369 ASSERT(which < DTRACEOPT_MAX); 13370 ASSERT(state->dts_activity == DTRACE_ACTIVITY_INACTIVE || 13371 (state == dtrace_anon.dta_state && 13372 state->dts_activity == DTRACE_ACTIVITY_ACTIVE)); 13373 13374 if (opt[which] == DTRACEOPT_UNSET || opt[which] == 0) 13375 return (0); 13376 13377 if (opt[DTRACEOPT_CPU] != DTRACEOPT_UNSET) 13378 cpu = opt[DTRACEOPT_CPU]; 13379 13380 if (which == DTRACEOPT_SPECSIZE) 13381 flags |= DTRACEBUF_NOSWITCH; 13382 13383 if (which == DTRACEOPT_BUFSIZE) { 13384 if (opt[DTRACEOPT_BUFPOLICY] == DTRACEOPT_BUFPOLICY_RING) 13385 flags |= DTRACEBUF_RING; 13386 13387 if (opt[DTRACEOPT_BUFPOLICY] == DTRACEOPT_BUFPOLICY_FILL) 13388 flags |= DTRACEBUF_FILL; 13389 13390 if (state != dtrace_anon.dta_state || 13391 state->dts_activity != DTRACE_ACTIVITY_ACTIVE) 13392 flags |= DTRACEBUF_INACTIVE; 13393 } 13394 13395 for (size = opt[which]; size >= sizeof (uint64_t); size >>= 1) { 13396 /* 13397 * The size must be 8-byte aligned. If the size is not 8-byte 13398 * aligned, drop it down by the difference. 13399 */ 13400 if (size & (sizeof (uint64_t) - 1)) 13401 size -= size & (sizeof (uint64_t) - 1); 13402 13403 if (size < state->dts_reserve) { 13404 /* 13405 * Buffers always must be large enough to accommodate 13406 * their prereserved space. We return E2BIG instead 13407 * of ENOMEM in this case to allow for user-level 13408 * software to differentiate the cases. 13409 */ 13410 return (E2BIG); 13411 } 13412 13413 rval = dtrace_buffer_alloc(buf, size, flags, cpu); 13414 13415 if (rval != ENOMEM) { 13416 opt[which] = size; 13417 return (rval); 13418 } 13419 13420 if (opt[DTRACEOPT_BUFRESIZE] == DTRACEOPT_BUFRESIZE_MANUAL) 13421 return (rval); 13422 } 13423 13424 return (ENOMEM); 13425} 13426 13427static int 13428dtrace_state_buffers(dtrace_state_t *state) 13429{ 13430 dtrace_speculation_t *spec = state->dts_speculations; 13431 int rval, i; 13432 13433 if ((rval = dtrace_state_buffer(state, state->dts_buffer, 13434 DTRACEOPT_BUFSIZE)) != 0) 13435 return (rval); 13436 13437 if ((rval = dtrace_state_buffer(state, state->dts_aggbuffer, 13438 DTRACEOPT_AGGSIZE)) != 0) 13439 return (rval); 13440 13441 for (i = 0; i < state->dts_nspeculations; i++) { 13442 if ((rval = dtrace_state_buffer(state, 13443 spec[i].dtsp_buffer, DTRACEOPT_SPECSIZE)) != 0) 13444 return (rval); 13445 } 13446 13447 return (0); 13448} 13449 13450static void 13451dtrace_state_prereserve(dtrace_state_t *state) 13452{ 13453 dtrace_ecb_t *ecb; 13454 dtrace_probe_t *probe; 13455 13456 state->dts_reserve = 0; 13457 13458 if (state->dts_options[DTRACEOPT_BUFPOLICY] != DTRACEOPT_BUFPOLICY_FILL) 13459 return; 13460 13461 /* 13462 * If our buffer policy is a "fill" buffer policy, we need to set the 13463 * prereserved space to be the space required by the END probes. 13464 */ 13465 probe = dtrace_probes[dtrace_probeid_end - 1]; 13466 ASSERT(probe != NULL); 13467 13468 for (ecb = probe->dtpr_ecb; ecb != NULL; ecb = ecb->dte_next) { 13469 if (ecb->dte_state != state) 13470 continue; 13471 13472 state->dts_reserve += ecb->dte_needed + ecb->dte_alignment; 13473 } 13474} 13475 13476static int 13477dtrace_state_go(dtrace_state_t *state, processorid_t *cpu) 13478{ 13479 dtrace_optval_t *opt = state->dts_options, sz, nspec; 13480 dtrace_speculation_t *spec; 13481 dtrace_buffer_t *buf; 13482#if defined(sun) 13483 cyc_handler_t hdlr; 13484 cyc_time_t when; 13485#endif 13486 int rval = 0, i, bufsize = NCPU * sizeof (dtrace_buffer_t); 13487 dtrace_icookie_t cookie; 13488 13489 mutex_enter(&cpu_lock); 13490 mutex_enter(&dtrace_lock); 13491 13492 if (state->dts_activity != DTRACE_ACTIVITY_INACTIVE) { 13493 rval = EBUSY; 13494 goto out; 13495 } 13496 13497 /* 13498 * Before we can perform any checks, we must prime all of the 13499 * retained enablings that correspond to this state. 13500 */ 13501 dtrace_enabling_prime(state); 13502 13503 if (state->dts_destructive && !state->dts_cred.dcr_destructive) { 13504 rval = EACCES; 13505 goto out; 13506 } 13507 13508 dtrace_state_prereserve(state); 13509 13510 /* 13511 * Now we want to do is try to allocate our speculations. 13512 * We do not automatically resize the number of speculations; if 13513 * this fails, we will fail the operation. 13514 */ 13515 nspec = opt[DTRACEOPT_NSPEC]; 13516 ASSERT(nspec != DTRACEOPT_UNSET); 13517 13518 if (nspec > INT_MAX) { 13519 rval = ENOMEM; 13520 goto out; 13521 } 13522 13523 spec = kmem_zalloc(nspec * sizeof (dtrace_speculation_t), KM_NOSLEEP); 13524 13525 if (spec == NULL) { 13526 rval = ENOMEM; 13527 goto out; 13528 } 13529 13530 state->dts_speculations = spec; 13531 state->dts_nspeculations = (int)nspec; 13532 13533 for (i = 0; i < nspec; i++) { 13534 if ((buf = kmem_zalloc(bufsize, KM_NOSLEEP)) == NULL) { 13535 rval = ENOMEM; 13536 goto err; 13537 } 13538 13539 spec[i].dtsp_buffer = buf; 13540 } 13541 13542 if (opt[DTRACEOPT_GRABANON] != DTRACEOPT_UNSET) { 13543 if (dtrace_anon.dta_state == NULL) { 13544 rval = ENOENT; 13545 goto out; 13546 } 13547 13548 if (state->dts_necbs != 0) { 13549 rval = EALREADY; 13550 goto out; 13551 } 13552 13553 state->dts_anon = dtrace_anon_grab(); 13554 ASSERT(state->dts_anon != NULL); 13555 state = state->dts_anon; 13556 13557 /* 13558 * We want "grabanon" to be set in the grabbed state, so we'll 13559 * copy that option value from the grabbing state into the 13560 * grabbed state. 13561 */ 13562 state->dts_options[DTRACEOPT_GRABANON] = 13563 opt[DTRACEOPT_GRABANON]; 13564 13565 *cpu = dtrace_anon.dta_beganon; 13566 13567 /* 13568 * If the anonymous state is active (as it almost certainly 13569 * is if the anonymous enabling ultimately matched anything), 13570 * we don't allow any further option processing -- but we 13571 * don't return failure. 13572 */ 13573 if (state->dts_activity != DTRACE_ACTIVITY_INACTIVE) 13574 goto out; 13575 } 13576 13577 if (opt[DTRACEOPT_AGGSIZE] != DTRACEOPT_UNSET && 13578 opt[DTRACEOPT_AGGSIZE] != 0) { 13579 if (state->dts_aggregations == NULL) { 13580 /* 13581 * We're not going to create an aggregation buffer 13582 * because we don't have any ECBs that contain 13583 * aggregations -- set this option to 0. 13584 */ 13585 opt[DTRACEOPT_AGGSIZE] = 0; 13586 } else { 13587 /* 13588 * If we have an aggregation buffer, we must also have 13589 * a buffer to use as scratch. 13590 */ 13591 if (opt[DTRACEOPT_BUFSIZE] == DTRACEOPT_UNSET || 13592 opt[DTRACEOPT_BUFSIZE] < state->dts_needed) { 13593 opt[DTRACEOPT_BUFSIZE] = state->dts_needed; 13594 } 13595 } 13596 } 13597 13598 if (opt[DTRACEOPT_SPECSIZE] != DTRACEOPT_UNSET && 13599 opt[DTRACEOPT_SPECSIZE] != 0) { 13600 if (!state->dts_speculates) { 13601 /* 13602 * We're not going to create speculation buffers 13603 * because we don't have any ECBs that actually 13604 * speculate -- set the speculation size to 0. 13605 */ 13606 opt[DTRACEOPT_SPECSIZE] = 0; 13607 } 13608 } 13609 13610 /* 13611 * The bare minimum size for any buffer that we're actually going to 13612 * do anything to is sizeof (uint64_t). 13613 */ 13614 sz = sizeof (uint64_t); 13615 13616 if ((state->dts_needed != 0 && opt[DTRACEOPT_BUFSIZE] < sz) || 13617 (state->dts_speculates && opt[DTRACEOPT_SPECSIZE] < sz) || 13618 (state->dts_aggregations != NULL && opt[DTRACEOPT_AGGSIZE] < sz)) { 13619 /* 13620 * A buffer size has been explicitly set to 0 (or to a size 13621 * that will be adjusted to 0) and we need the space -- we 13622 * need to return failure. We return ENOSPC to differentiate 13623 * it from failing to allocate a buffer due to failure to meet 13624 * the reserve (for which we return E2BIG). 13625 */ 13626 rval = ENOSPC; 13627 goto out; 13628 } 13629 13630 if ((rval = dtrace_state_buffers(state)) != 0) 13631 goto err; 13632 13633 if ((sz = opt[DTRACEOPT_DYNVARSIZE]) == DTRACEOPT_UNSET) 13634 sz = dtrace_dstate_defsize; 13635 13636 do { 13637 rval = dtrace_dstate_init(&state->dts_vstate.dtvs_dynvars, sz); 13638 13639 if (rval == 0) 13640 break; 13641 13642 if (opt[DTRACEOPT_BUFRESIZE] == DTRACEOPT_BUFRESIZE_MANUAL) 13643 goto err; 13644 } while (sz >>= 1); 13645 13646 opt[DTRACEOPT_DYNVARSIZE] = sz; 13647 13648 if (rval != 0) 13649 goto err; 13650 13651 if (opt[DTRACEOPT_STATUSRATE] > dtrace_statusrate_max) 13652 opt[DTRACEOPT_STATUSRATE] = dtrace_statusrate_max; 13653 13654 if (opt[DTRACEOPT_CLEANRATE] == 0) 13655 opt[DTRACEOPT_CLEANRATE] = dtrace_cleanrate_max; 13656 13657 if (opt[DTRACEOPT_CLEANRATE] < dtrace_cleanrate_min) 13658 opt[DTRACEOPT_CLEANRATE] = dtrace_cleanrate_min; 13659 13660 if (opt[DTRACEOPT_CLEANRATE] > dtrace_cleanrate_max) 13661 opt[DTRACEOPT_CLEANRATE] = dtrace_cleanrate_max; 13662 13663 state->dts_alive = state->dts_laststatus = dtrace_gethrtime(); 13664#if defined(sun) 13665 hdlr.cyh_func = (cyc_func_t)dtrace_state_clean; 13666 hdlr.cyh_arg = state; 13667 hdlr.cyh_level = CY_LOW_LEVEL; 13668 13669 when.cyt_when = 0; 13670 when.cyt_interval = opt[DTRACEOPT_CLEANRATE]; 13671 13672 state->dts_cleaner = cyclic_add(&hdlr, &when); 13673 13674 hdlr.cyh_func = (cyc_func_t)dtrace_state_deadman; 13675 hdlr.cyh_arg = state; 13676 hdlr.cyh_level = CY_LOW_LEVEL; 13677 13678 when.cyt_when = 0; 13679 when.cyt_interval = dtrace_deadman_interval; 13680 13681 state->dts_deadman = cyclic_add(&hdlr, &when); 13682#else 13683 callout_reset(&state->dts_cleaner, hz * opt[DTRACEOPT_CLEANRATE] / NANOSEC, 13684 dtrace_state_clean, state); 13685 callout_reset(&state->dts_deadman, hz * dtrace_deadman_interval / NANOSEC, 13686 dtrace_state_deadman, state); 13687#endif 13688 13689 state->dts_activity = DTRACE_ACTIVITY_WARMUP; 13690 13691 /* 13692 * Now it's time to actually fire the BEGIN probe. We need to disable 13693 * interrupts here both to record the CPU on which we fired the BEGIN 13694 * probe (the data from this CPU will be processed first at user 13695 * level) and to manually activate the buffer for this CPU. 13696 */ 13697 cookie = dtrace_interrupt_disable(); 13698 *cpu = curcpu; 13699 ASSERT(state->dts_buffer[*cpu].dtb_flags & DTRACEBUF_INACTIVE); 13700 state->dts_buffer[*cpu].dtb_flags &= ~DTRACEBUF_INACTIVE; 13701 13702 dtrace_probe(dtrace_probeid_begin, 13703 (uint64_t)(uintptr_t)state, 0, 0, 0, 0); 13704 dtrace_interrupt_enable(cookie); 13705 /* 13706 * We may have had an exit action from a BEGIN probe; only change our 13707 * state to ACTIVE if we're still in WARMUP. 13708 */ 13709 ASSERT(state->dts_activity == DTRACE_ACTIVITY_WARMUP || 13710 state->dts_activity == DTRACE_ACTIVITY_DRAINING); 13711 13712 if (state->dts_activity == DTRACE_ACTIVITY_WARMUP) 13713 state->dts_activity = DTRACE_ACTIVITY_ACTIVE; 13714 13715 /* 13716 * Regardless of whether or not now we're in ACTIVE or DRAINING, we 13717 * want each CPU to transition its principal buffer out of the 13718 * INACTIVE state. Doing this assures that no CPU will suddenly begin 13719 * processing an ECB halfway down a probe's ECB chain; all CPUs will 13720 * atomically transition from processing none of a state's ECBs to 13721 * processing all of them. 13722 */ 13723 dtrace_xcall(DTRACE_CPUALL, 13724 (dtrace_xcall_t)dtrace_buffer_activate, state); 13725 goto out; 13726 13727err: 13728 dtrace_buffer_free(state->dts_buffer); 13729 dtrace_buffer_free(state->dts_aggbuffer); 13730 13731 if ((nspec = state->dts_nspeculations) == 0) { 13732 ASSERT(state->dts_speculations == NULL); 13733 goto out; 13734 } 13735 13736 spec = state->dts_speculations; 13737 ASSERT(spec != NULL); 13738 13739 for (i = 0; i < state->dts_nspeculations; i++) { 13740 if ((buf = spec[i].dtsp_buffer) == NULL) 13741 break; 13742 13743 dtrace_buffer_free(buf); 13744 kmem_free(buf, bufsize); 13745 } 13746 13747 kmem_free(spec, nspec * sizeof (dtrace_speculation_t)); 13748 state->dts_nspeculations = 0; 13749 state->dts_speculations = NULL; 13750 13751out: 13752 mutex_exit(&dtrace_lock); 13753 mutex_exit(&cpu_lock); 13754 13755 return (rval); 13756} 13757 13758static int 13759dtrace_state_stop(dtrace_state_t *state, processorid_t *cpu) 13760{ 13761 dtrace_icookie_t cookie; 13762 13763 ASSERT(MUTEX_HELD(&dtrace_lock)); 13764 13765 if (state->dts_activity != DTRACE_ACTIVITY_ACTIVE && 13766 state->dts_activity != DTRACE_ACTIVITY_DRAINING) 13767 return (EINVAL); 13768 13769 /* 13770 * We'll set the activity to DTRACE_ACTIVITY_DRAINING, and issue a sync 13771 * to be sure that every CPU has seen it. See below for the details 13772 * on why this is done. 13773 */ 13774 state->dts_activity = DTRACE_ACTIVITY_DRAINING; 13775 dtrace_sync(); 13776 13777 /* 13778 * By this point, it is impossible for any CPU to be still processing 13779 * with DTRACE_ACTIVITY_ACTIVE. We can thus set our activity to 13780 * DTRACE_ACTIVITY_COOLDOWN and know that we're not racing with any 13781 * other CPU in dtrace_buffer_reserve(). This allows dtrace_probe() 13782 * and callees to know that the activity is DTRACE_ACTIVITY_COOLDOWN 13783 * iff we're in the END probe. 13784 */ 13785 state->dts_activity = DTRACE_ACTIVITY_COOLDOWN; 13786 dtrace_sync(); 13787 ASSERT(state->dts_activity == DTRACE_ACTIVITY_COOLDOWN); 13788 13789 /* 13790 * Finally, we can release the reserve and call the END probe. We 13791 * disable interrupts across calling the END probe to allow us to 13792 * return the CPU on which we actually called the END probe. This 13793 * allows user-land to be sure that this CPU's principal buffer is 13794 * processed last. 13795 */ 13796 state->dts_reserve = 0; 13797 13798 cookie = dtrace_interrupt_disable(); 13799 *cpu = curcpu; 13800 dtrace_probe(dtrace_probeid_end, 13801 (uint64_t)(uintptr_t)state, 0, 0, 0, 0); 13802 dtrace_interrupt_enable(cookie); 13803 13804 state->dts_activity = DTRACE_ACTIVITY_STOPPED; 13805 dtrace_sync(); 13806 13807 return (0); 13808} 13809 13810static int 13811dtrace_state_option(dtrace_state_t *state, dtrace_optid_t option, 13812 dtrace_optval_t val) 13813{ 13814 ASSERT(MUTEX_HELD(&dtrace_lock)); 13815 13816 if (state->dts_activity != DTRACE_ACTIVITY_INACTIVE) 13817 return (EBUSY); 13818 13819 if (option >= DTRACEOPT_MAX) 13820 return (EINVAL); 13821 13822 if (option != DTRACEOPT_CPU && val < 0) 13823 return (EINVAL); 13824 13825 switch (option) { 13826 case DTRACEOPT_DESTRUCTIVE: 13827 if (dtrace_destructive_disallow) 13828 return (EACCES); 13829 13830 state->dts_cred.dcr_destructive = 1; 13831 break; 13832 13833 case DTRACEOPT_BUFSIZE: 13834 case DTRACEOPT_DYNVARSIZE: 13835 case DTRACEOPT_AGGSIZE: 13836 case DTRACEOPT_SPECSIZE: 13837 case DTRACEOPT_STRSIZE: 13838 if (val < 0) 13839 return (EINVAL); 13840 13841 if (val >= LONG_MAX) { 13842 /* 13843 * If this is an otherwise negative value, set it to 13844 * the highest multiple of 128m less than LONG_MAX. 13845 * Technically, we're adjusting the size without 13846 * regard to the buffer resizing policy, but in fact, 13847 * this has no effect -- if we set the buffer size to 13848 * ~LONG_MAX and the buffer policy is ultimately set to 13849 * be "manual", the buffer allocation is guaranteed to 13850 * fail, if only because the allocation requires two 13851 * buffers. (We set the the size to the highest 13852 * multiple of 128m because it ensures that the size 13853 * will remain a multiple of a megabyte when 13854 * repeatedly halved -- all the way down to 15m.) 13855 */ 13856 val = LONG_MAX - (1 << 27) + 1; 13857 } 13858 } 13859 13860 state->dts_options[option] = val; 13861 13862 return (0); 13863} 13864 13865static void 13866dtrace_state_destroy(dtrace_state_t *state) 13867{ 13868 dtrace_ecb_t *ecb; 13869 dtrace_vstate_t *vstate = &state->dts_vstate; 13870#if defined(sun) 13871 minor_t minor = getminor(state->dts_dev); 13872#endif 13873 int i, bufsize = NCPU * sizeof (dtrace_buffer_t); 13874 dtrace_speculation_t *spec = state->dts_speculations; 13875 int nspec = state->dts_nspeculations; 13876 uint32_t match; 13877 13878 ASSERT(MUTEX_HELD(&dtrace_lock)); 13879 ASSERT(MUTEX_HELD(&cpu_lock)); 13880 13881 /* 13882 * First, retract any retained enablings for this state. 13883 */ 13884 dtrace_enabling_retract(state); 13885 ASSERT(state->dts_nretained == 0); 13886 13887 if (state->dts_activity == DTRACE_ACTIVITY_ACTIVE || 13888 state->dts_activity == DTRACE_ACTIVITY_DRAINING) { 13889 /* 13890 * We have managed to come into dtrace_state_destroy() on a 13891 * hot enabling -- almost certainly because of a disorderly 13892 * shutdown of a consumer. (That is, a consumer that is 13893 * exiting without having called dtrace_stop().) In this case, 13894 * we're going to set our activity to be KILLED, and then 13895 * issue a sync to be sure that everyone is out of probe 13896 * context before we start blowing away ECBs. 13897 */ 13898 state->dts_activity = DTRACE_ACTIVITY_KILLED; 13899 dtrace_sync(); 13900 } 13901 13902 /* 13903 * Release the credential hold we took in dtrace_state_create(). 13904 */ 13905 if (state->dts_cred.dcr_cred != NULL) 13906 crfree(state->dts_cred.dcr_cred); 13907 13908 /* 13909 * Now we can safely disable and destroy any enabled probes. Because 13910 * any DTRACE_PRIV_KERNEL probes may actually be slowing our progress 13911 * (especially if they're all enabled), we take two passes through the 13912 * ECBs: in the first, we disable just DTRACE_PRIV_KERNEL probes, and 13913 * in the second we disable whatever is left over. 13914 */ 13915 for (match = DTRACE_PRIV_KERNEL; ; match = 0) { 13916 for (i = 0; i < state->dts_necbs; i++) { 13917 if ((ecb = state->dts_ecbs[i]) == NULL) 13918 continue; 13919 13920 if (match && ecb->dte_probe != NULL) { 13921 dtrace_probe_t *probe = ecb->dte_probe; 13922 dtrace_provider_t *prov = probe->dtpr_provider; 13923 13924 if (!(prov->dtpv_priv.dtpp_flags & match)) 13925 continue; 13926 } 13927 13928 dtrace_ecb_disable(ecb); 13929 dtrace_ecb_destroy(ecb); 13930 } 13931 13932 if (!match) 13933 break; 13934 } 13935 13936 /* 13937 * Before we free the buffers, perform one more sync to assure that 13938 * every CPU is out of probe context. 13939 */ 13940 dtrace_sync(); 13941 13942 dtrace_buffer_free(state->dts_buffer); 13943 dtrace_buffer_free(state->dts_aggbuffer); 13944 13945 for (i = 0; i < nspec; i++) 13946 dtrace_buffer_free(spec[i].dtsp_buffer); 13947 13948#if defined(sun) 13949 if (state->dts_cleaner != CYCLIC_NONE) 13950 cyclic_remove(state->dts_cleaner); 13951 13952 if (state->dts_deadman != CYCLIC_NONE) 13953 cyclic_remove(state->dts_deadman); 13954#else 13955 callout_stop(&state->dts_cleaner); 13956 callout_drain(&state->dts_cleaner); 13957 callout_stop(&state->dts_deadman); 13958 callout_drain(&state->dts_deadman); 13959#endif 13960 13961 dtrace_dstate_fini(&vstate->dtvs_dynvars); 13962 dtrace_vstate_fini(vstate); 13963 if (state->dts_ecbs != NULL) 13964 kmem_free(state->dts_ecbs, state->dts_necbs * sizeof (dtrace_ecb_t *)); 13965 13966 if (state->dts_aggregations != NULL) { 13967#ifdef DEBUG 13968 for (i = 0; i < state->dts_naggregations; i++) 13969 ASSERT(state->dts_aggregations[i] == NULL); 13970#endif 13971 ASSERT(state->dts_naggregations > 0); 13972 kmem_free(state->dts_aggregations, 13973 state->dts_naggregations * sizeof (dtrace_aggregation_t *)); 13974 } 13975 13976 kmem_free(state->dts_buffer, bufsize); 13977 kmem_free(state->dts_aggbuffer, bufsize); 13978 13979 for (i = 0; i < nspec; i++) 13980 kmem_free(spec[i].dtsp_buffer, bufsize); 13981 13982 if (spec != NULL) 13983 kmem_free(spec, nspec * sizeof (dtrace_speculation_t)); 13984 13985 dtrace_format_destroy(state); 13986 13987 if (state->dts_aggid_arena != NULL) { 13988#if defined(sun) 13989 vmem_destroy(state->dts_aggid_arena); 13990#else 13991 delete_unrhdr(state->dts_aggid_arena); 13992#endif 13993 state->dts_aggid_arena = NULL; 13994 } 13995#if defined(sun) 13996 ddi_soft_state_free(dtrace_softstate, minor); 13997 vmem_free(dtrace_minor, (void *)(uintptr_t)minor, 1); 13998#endif 13999} 14000 14001/* 14002 * DTrace Anonymous Enabling Functions 14003 */ 14004static dtrace_state_t * 14005dtrace_anon_grab(void) 14006{ 14007 dtrace_state_t *state; 14008 14009 ASSERT(MUTEX_HELD(&dtrace_lock)); 14010 14011 if ((state = dtrace_anon.dta_state) == NULL) { 14012 ASSERT(dtrace_anon.dta_enabling == NULL); 14013 return (NULL); 14014 } 14015 14016 ASSERT(dtrace_anon.dta_enabling != NULL); 14017 ASSERT(dtrace_retained != NULL); 14018 14019 dtrace_enabling_destroy(dtrace_anon.dta_enabling); 14020 dtrace_anon.dta_enabling = NULL; 14021 dtrace_anon.dta_state = NULL; 14022 14023 return (state); 14024} 14025 14026static void 14027dtrace_anon_property(void) 14028{ 14029 int i, rv; 14030 dtrace_state_t *state; 14031 dof_hdr_t *dof; 14032 char c[32]; /* enough for "dof-data-" + digits */ 14033 14034 ASSERT(MUTEX_HELD(&dtrace_lock)); 14035 ASSERT(MUTEX_HELD(&cpu_lock)); 14036 14037 for (i = 0; ; i++) { 14038 (void) snprintf(c, sizeof (c), "dof-data-%d", i); 14039 14040 dtrace_err_verbose = 1; 14041 14042 if ((dof = dtrace_dof_property(c)) == NULL) { 14043 dtrace_err_verbose = 0; 14044 break; 14045 } 14046 14047#if defined(sun) 14048 /* 14049 * We want to create anonymous state, so we need to transition 14050 * the kernel debugger to indicate that DTrace is active. If 14051 * this fails (e.g. because the debugger has modified text in 14052 * some way), we won't continue with the processing. 14053 */ 14054 if (kdi_dtrace_set(KDI_DTSET_DTRACE_ACTIVATE) != 0) { 14055 cmn_err(CE_NOTE, "kernel debugger active; anonymous " 14056 "enabling ignored."); 14057 dtrace_dof_destroy(dof); 14058 break; 14059 } 14060#endif 14061 14062 /* 14063 * If we haven't allocated an anonymous state, we'll do so now. 14064 */ 14065 if ((state = dtrace_anon.dta_state) == NULL) { 14066#if defined(sun) 14067 state = dtrace_state_create(NULL, NULL); 14068#else 14069 state = dtrace_state_create(NULL); 14070#endif 14071 dtrace_anon.dta_state = state; 14072 14073 if (state == NULL) { 14074 /* 14075 * This basically shouldn't happen: the only 14076 * failure mode from dtrace_state_create() is a 14077 * failure of ddi_soft_state_zalloc() that 14078 * itself should never happen. Still, the 14079 * interface allows for a failure mode, and 14080 * we want to fail as gracefully as possible: 14081 * we'll emit an error message and cease 14082 * processing anonymous state in this case. 14083 */ 14084 cmn_err(CE_WARN, "failed to create " 14085 "anonymous state"); 14086 dtrace_dof_destroy(dof); 14087 break; 14088 } 14089 } 14090 14091 rv = dtrace_dof_slurp(dof, &state->dts_vstate, CRED(), 14092 &dtrace_anon.dta_enabling, 0, B_TRUE); 14093 14094 if (rv == 0) 14095 rv = dtrace_dof_options(dof, state); 14096 14097 dtrace_err_verbose = 0; 14098 dtrace_dof_destroy(dof); 14099 14100 if (rv != 0) { 14101 /* 14102 * This is malformed DOF; chuck any anonymous state 14103 * that we created. 14104 */ 14105 ASSERT(dtrace_anon.dta_enabling == NULL); 14106 dtrace_state_destroy(state); 14107 dtrace_anon.dta_state = NULL; 14108 break; 14109 } 14110 14111 ASSERT(dtrace_anon.dta_enabling != NULL); 14112 } 14113 14114 if (dtrace_anon.dta_enabling != NULL) { 14115 int rval; 14116 14117 /* 14118 * dtrace_enabling_retain() can only fail because we are 14119 * trying to retain more enablings than are allowed -- but 14120 * we only have one anonymous enabling, and we are guaranteed 14121 * to be allowed at least one retained enabling; we assert 14122 * that dtrace_enabling_retain() returns success. 14123 */ 14124 rval = dtrace_enabling_retain(dtrace_anon.dta_enabling); 14125 ASSERT(rval == 0); 14126 14127 dtrace_enabling_dump(dtrace_anon.dta_enabling); 14128 } 14129} 14130 14131/* 14132 * DTrace Helper Functions 14133 */ 14134static void 14135dtrace_helper_trace(dtrace_helper_action_t *helper, 14136 dtrace_mstate_t *mstate, dtrace_vstate_t *vstate, int where) 14137{ 14138 uint32_t size, next, nnext, i; 14139 dtrace_helptrace_t *ent; 14140 uint16_t flags = cpu_core[curcpu].cpuc_dtrace_flags; 14141 14142 if (!dtrace_helptrace_enabled) 14143 return; 14144 14145 ASSERT(vstate->dtvs_nlocals <= dtrace_helptrace_nlocals); 14146 14147 /* 14148 * What would a tracing framework be without its own tracing 14149 * framework? (Well, a hell of a lot simpler, for starters...) 14150 */ 14151 size = sizeof (dtrace_helptrace_t) + dtrace_helptrace_nlocals * 14152 sizeof (uint64_t) - sizeof (uint64_t); 14153 14154 /* 14155 * Iterate until we can allocate a slot in the trace buffer. 14156 */ 14157 do { 14158 next = dtrace_helptrace_next; 14159 14160 if (next + size < dtrace_helptrace_bufsize) { 14161 nnext = next + size; 14162 } else { 14163 nnext = size; 14164 } 14165 } while (dtrace_cas32(&dtrace_helptrace_next, next, nnext) != next); 14166 14167 /* 14168 * We have our slot; fill it in. 14169 */ 14170 if (nnext == size) 14171 next = 0; 14172 14173 ent = (dtrace_helptrace_t *)&dtrace_helptrace_buffer[next]; 14174 ent->dtht_helper = helper; 14175 ent->dtht_where = where; 14176 ent->dtht_nlocals = vstate->dtvs_nlocals; 14177 14178 ent->dtht_fltoffs = (mstate->dtms_present & DTRACE_MSTATE_FLTOFFS) ? 14179 mstate->dtms_fltoffs : -1; 14180 ent->dtht_fault = DTRACE_FLAGS2FLT(flags); 14181 ent->dtht_illval = cpu_core[curcpu].cpuc_dtrace_illval; 14182 14183 for (i = 0; i < vstate->dtvs_nlocals; i++) { 14184 dtrace_statvar_t *svar; 14185 14186 if ((svar = vstate->dtvs_locals[i]) == NULL) 14187 continue; 14188 14189 ASSERT(svar->dtsv_size >= NCPU * sizeof (uint64_t)); 14190 ent->dtht_locals[i] = 14191 ((uint64_t *)(uintptr_t)svar->dtsv_data)[curcpu]; 14192 } 14193} 14194 14195static uint64_t 14196dtrace_helper(int which, dtrace_mstate_t *mstate, 14197 dtrace_state_t *state, uint64_t arg0, uint64_t arg1) 14198{ 14199 uint16_t *flags = &cpu_core[curcpu].cpuc_dtrace_flags; 14200 uint64_t sarg0 = mstate->dtms_arg[0]; 14201 uint64_t sarg1 = mstate->dtms_arg[1]; 14202 uint64_t rval = 0; 14203 dtrace_helpers_t *helpers = curproc->p_dtrace_helpers; 14204 dtrace_helper_action_t *helper; 14205 dtrace_vstate_t *vstate; 14206 dtrace_difo_t *pred; 14207 int i, trace = dtrace_helptrace_enabled; 14208 14209 ASSERT(which >= 0 && which < DTRACE_NHELPER_ACTIONS); 14210 14211 if (helpers == NULL) 14212 return (0); 14213 14214 if ((helper = helpers->dthps_actions[which]) == NULL) 14215 return (0); 14216 14217 vstate = &helpers->dthps_vstate; 14218 mstate->dtms_arg[0] = arg0; 14219 mstate->dtms_arg[1] = arg1; 14220 14221 /* 14222 * Now iterate over each helper. If its predicate evaluates to 'true', 14223 * we'll call the corresponding actions. Note that the below calls 14224 * to dtrace_dif_emulate() may set faults in machine state. This is 14225 * okay: our caller (the outer dtrace_dif_emulate()) will simply plow 14226 * the stored DIF offset with its own (which is the desired behavior). 14227 * Also, note the calls to dtrace_dif_emulate() may allocate scratch 14228 * from machine state; this is okay, too. 14229 */ 14230 for (; helper != NULL; helper = helper->dtha_next) { 14231 if ((pred = helper->dtha_predicate) != NULL) { 14232 if (trace) 14233 dtrace_helper_trace(helper, mstate, vstate, 0); 14234 14235 if (!dtrace_dif_emulate(pred, mstate, vstate, state)) 14236 goto next; 14237 14238 if (*flags & CPU_DTRACE_FAULT) 14239 goto err; 14240 } 14241 14242 for (i = 0; i < helper->dtha_nactions; i++) { 14243 if (trace) 14244 dtrace_helper_trace(helper, 14245 mstate, vstate, i + 1); 14246 14247 rval = dtrace_dif_emulate(helper->dtha_actions[i], 14248 mstate, vstate, state); 14249 14250 if (*flags & CPU_DTRACE_FAULT) 14251 goto err; 14252 } 14253 14254next: 14255 if (trace) 14256 dtrace_helper_trace(helper, mstate, vstate, 14257 DTRACE_HELPTRACE_NEXT); 14258 } 14259 14260 if (trace) 14261 dtrace_helper_trace(helper, mstate, vstate, 14262 DTRACE_HELPTRACE_DONE); 14263 14264 /* 14265 * Restore the arg0 that we saved upon entry. 14266 */ 14267 mstate->dtms_arg[0] = sarg0; 14268 mstate->dtms_arg[1] = sarg1; 14269 14270 return (rval); 14271 14272err: 14273 if (trace) 14274 dtrace_helper_trace(helper, mstate, vstate, 14275 DTRACE_HELPTRACE_ERR); 14276 14277 /* 14278 * Restore the arg0 that we saved upon entry. 14279 */ 14280 mstate->dtms_arg[0] = sarg0; 14281 mstate->dtms_arg[1] = sarg1; 14282 14283 return (0); 14284} 14285 14286static void 14287dtrace_helper_action_destroy(dtrace_helper_action_t *helper, 14288 dtrace_vstate_t *vstate) 14289{ 14290 int i; 14291 14292 if (helper->dtha_predicate != NULL) 14293 dtrace_difo_release(helper->dtha_predicate, vstate); 14294 14295 for (i = 0; i < helper->dtha_nactions; i++) { 14296 ASSERT(helper->dtha_actions[i] != NULL); 14297 dtrace_difo_release(helper->dtha_actions[i], vstate); 14298 } 14299 14300 kmem_free(helper->dtha_actions, 14301 helper->dtha_nactions * sizeof (dtrace_difo_t *)); 14302 kmem_free(helper, sizeof (dtrace_helper_action_t)); 14303} 14304 14305static int 14306dtrace_helper_destroygen(int gen) 14307{ 14308 proc_t *p = curproc; 14309 dtrace_helpers_t *help = p->p_dtrace_helpers; 14310 dtrace_vstate_t *vstate; 14311 int i; 14312 14313 ASSERT(MUTEX_HELD(&dtrace_lock)); 14314 14315 if (help == NULL || gen > help->dthps_generation) 14316 return (EINVAL); 14317 14318 vstate = &help->dthps_vstate; 14319 14320 for (i = 0; i < DTRACE_NHELPER_ACTIONS; i++) { 14321 dtrace_helper_action_t *last = NULL, *h, *next; 14322 14323 for (h = help->dthps_actions[i]; h != NULL; h = next) { 14324 next = h->dtha_next; 14325 14326 if (h->dtha_generation == gen) { 14327 if (last != NULL) { 14328 last->dtha_next = next; 14329 } else { 14330 help->dthps_actions[i] = next; 14331 } 14332 14333 dtrace_helper_action_destroy(h, vstate); 14334 } else { 14335 last = h; 14336 } 14337 } 14338 } 14339 14340 /* 14341 * Interate until we've cleared out all helper providers with the 14342 * given generation number. 14343 */ 14344 for (;;) { 14345 dtrace_helper_provider_t *prov; 14346 14347 /* 14348 * Look for a helper provider with the right generation. We 14349 * have to start back at the beginning of the list each time 14350 * because we drop dtrace_lock. It's unlikely that we'll make 14351 * more than two passes. 14352 */ 14353 for (i = 0; i < help->dthps_nprovs; i++) { 14354 prov = help->dthps_provs[i]; 14355 14356 if (prov->dthp_generation == gen) 14357 break; 14358 } 14359 14360 /* 14361 * If there were no matches, we're done. 14362 */ 14363 if (i == help->dthps_nprovs) 14364 break; 14365 14366 /* 14367 * Move the last helper provider into this slot. 14368 */ 14369 help->dthps_nprovs--; 14370 help->dthps_provs[i] = help->dthps_provs[help->dthps_nprovs]; 14371 help->dthps_provs[help->dthps_nprovs] = NULL; 14372 14373 mutex_exit(&dtrace_lock); 14374 14375 /* 14376 * If we have a meta provider, remove this helper provider. 14377 */ 14378 mutex_enter(&dtrace_meta_lock); 14379 if (dtrace_meta_pid != NULL) { 14380 ASSERT(dtrace_deferred_pid == NULL); 14381 dtrace_helper_provider_remove(&prov->dthp_prov, 14382 p->p_pid); 14383 } 14384 mutex_exit(&dtrace_meta_lock); 14385 14386 dtrace_helper_provider_destroy(prov); 14387 14388 mutex_enter(&dtrace_lock); 14389 } 14390 14391 return (0); 14392} 14393 14394static int 14395dtrace_helper_validate(dtrace_helper_action_t *helper) 14396{ 14397 int err = 0, i; 14398 dtrace_difo_t *dp; 14399 14400 if ((dp = helper->dtha_predicate) != NULL) 14401 err += dtrace_difo_validate_helper(dp); 14402 14403 for (i = 0; i < helper->dtha_nactions; i++) 14404 err += dtrace_difo_validate_helper(helper->dtha_actions[i]); 14405 14406 return (err == 0); 14407} 14408 14409static int 14410dtrace_helper_action_add(int which, dtrace_ecbdesc_t *ep) 14411{ 14412 dtrace_helpers_t *help; 14413 dtrace_helper_action_t *helper, *last; 14414 dtrace_actdesc_t *act; 14415 dtrace_vstate_t *vstate; 14416 dtrace_predicate_t *pred; 14417 int count = 0, nactions = 0, i; 14418 14419 if (which < 0 || which >= DTRACE_NHELPER_ACTIONS) 14420 return (EINVAL); 14421 14422 help = curproc->p_dtrace_helpers; 14423 last = help->dthps_actions[which]; 14424 vstate = &help->dthps_vstate; 14425 14426 for (count = 0; last != NULL; last = last->dtha_next) { 14427 count++; 14428 if (last->dtha_next == NULL) 14429 break; 14430 } 14431 14432 /* 14433 * If we already have dtrace_helper_actions_max helper actions for this 14434 * helper action type, we'll refuse to add a new one. 14435 */ 14436 if (count >= dtrace_helper_actions_max) 14437 return (ENOSPC); 14438 14439 helper = kmem_zalloc(sizeof (dtrace_helper_action_t), KM_SLEEP); 14440 helper->dtha_generation = help->dthps_generation; 14441 14442 if ((pred = ep->dted_pred.dtpdd_predicate) != NULL) { 14443 ASSERT(pred->dtp_difo != NULL); 14444 dtrace_difo_hold(pred->dtp_difo); 14445 helper->dtha_predicate = pred->dtp_difo; 14446 } 14447 14448 for (act = ep->dted_action; act != NULL; act = act->dtad_next) { 14449 if (act->dtad_kind != DTRACEACT_DIFEXPR) 14450 goto err; 14451 14452 if (act->dtad_difo == NULL) 14453 goto err; 14454 14455 nactions++; 14456 } 14457 14458 helper->dtha_actions = kmem_zalloc(sizeof (dtrace_difo_t *) * 14459 (helper->dtha_nactions = nactions), KM_SLEEP); 14460 14461 for (act = ep->dted_action, i = 0; act != NULL; act = act->dtad_next) { 14462 dtrace_difo_hold(act->dtad_difo); 14463 helper->dtha_actions[i++] = act->dtad_difo; 14464 } 14465 14466 if (!dtrace_helper_validate(helper)) 14467 goto err; 14468 14469 if (last == NULL) { 14470 help->dthps_actions[which] = helper; 14471 } else { 14472 last->dtha_next = helper; 14473 } 14474 14475 if (vstate->dtvs_nlocals > dtrace_helptrace_nlocals) { 14476 dtrace_helptrace_nlocals = vstate->dtvs_nlocals; 14477 dtrace_helptrace_next = 0; 14478 } 14479 14480 return (0); 14481err: 14482 dtrace_helper_action_destroy(helper, vstate); 14483 return (EINVAL); 14484} 14485 14486static void 14487dtrace_helper_provider_register(proc_t *p, dtrace_helpers_t *help, 14488 dof_helper_t *dofhp) 14489{ 14490 ASSERT(MUTEX_NOT_HELD(&dtrace_lock)); 14491 14492 mutex_enter(&dtrace_meta_lock); 14493 mutex_enter(&dtrace_lock); 14494 14495 if (!dtrace_attached() || dtrace_meta_pid == NULL) { 14496 /* 14497 * If the dtrace module is loaded but not attached, or if 14498 * there aren't isn't a meta provider registered to deal with 14499 * these provider descriptions, we need to postpone creating 14500 * the actual providers until later. 14501 */ 14502 14503 if (help->dthps_next == NULL && help->dthps_prev == NULL && 14504 dtrace_deferred_pid != help) { 14505 help->dthps_deferred = 1; 14506 help->dthps_pid = p->p_pid; 14507 help->dthps_next = dtrace_deferred_pid; 14508 help->dthps_prev = NULL; 14509 if (dtrace_deferred_pid != NULL) 14510 dtrace_deferred_pid->dthps_prev = help; 14511 dtrace_deferred_pid = help; 14512 } 14513 14514 mutex_exit(&dtrace_lock); 14515 14516 } else if (dofhp != NULL) { 14517 /* 14518 * If the dtrace module is loaded and we have a particular 14519 * helper provider description, pass that off to the 14520 * meta provider. 14521 */ 14522 14523 mutex_exit(&dtrace_lock); 14524 14525 dtrace_helper_provide(dofhp, p->p_pid); 14526 14527 } else { 14528 /* 14529 * Otherwise, just pass all the helper provider descriptions 14530 * off to the meta provider. 14531 */ 14532 14533 int i; 14534 mutex_exit(&dtrace_lock); 14535 14536 for (i = 0; i < help->dthps_nprovs; i++) { 14537 dtrace_helper_provide(&help->dthps_provs[i]->dthp_prov, 14538 p->p_pid); 14539 } 14540 } 14541 14542 mutex_exit(&dtrace_meta_lock); 14543} 14544 14545static int 14546dtrace_helper_provider_add(dof_helper_t *dofhp, int gen) 14547{ 14548 dtrace_helpers_t *help; 14549 dtrace_helper_provider_t *hprov, **tmp_provs; 14550 uint_t tmp_maxprovs, i; 14551 14552 ASSERT(MUTEX_HELD(&dtrace_lock)); 14553 14554 help = curproc->p_dtrace_helpers; 14555 ASSERT(help != NULL); 14556 14557 /* 14558 * If we already have dtrace_helper_providers_max helper providers, 14559 * we're refuse to add a new one. 14560 */ 14561 if (help->dthps_nprovs >= dtrace_helper_providers_max) 14562 return (ENOSPC); 14563 14564 /* 14565 * Check to make sure this isn't a duplicate. 14566 */ 14567 for (i = 0; i < help->dthps_nprovs; i++) { 14568 if (dofhp->dofhp_addr == 14569 help->dthps_provs[i]->dthp_prov.dofhp_addr) 14570 return (EALREADY); 14571 } 14572 14573 hprov = kmem_zalloc(sizeof (dtrace_helper_provider_t), KM_SLEEP); 14574 hprov->dthp_prov = *dofhp; 14575 hprov->dthp_ref = 1; 14576 hprov->dthp_generation = gen; 14577 14578 /* 14579 * Allocate a bigger table for helper providers if it's already full. 14580 */ 14581 if (help->dthps_maxprovs == help->dthps_nprovs) { 14582 tmp_maxprovs = help->dthps_maxprovs; 14583 tmp_provs = help->dthps_provs; 14584 14585 if (help->dthps_maxprovs == 0) 14586 help->dthps_maxprovs = 2; 14587 else 14588 help->dthps_maxprovs *= 2; 14589 if (help->dthps_maxprovs > dtrace_helper_providers_max) 14590 help->dthps_maxprovs = dtrace_helper_providers_max; 14591 14592 ASSERT(tmp_maxprovs < help->dthps_maxprovs); 14593 14594 help->dthps_provs = kmem_zalloc(help->dthps_maxprovs * 14595 sizeof (dtrace_helper_provider_t *), KM_SLEEP); 14596 14597 if (tmp_provs != NULL) { 14598 bcopy(tmp_provs, help->dthps_provs, tmp_maxprovs * 14599 sizeof (dtrace_helper_provider_t *)); 14600 kmem_free(tmp_provs, tmp_maxprovs * 14601 sizeof (dtrace_helper_provider_t *)); 14602 } 14603 } 14604 14605 help->dthps_provs[help->dthps_nprovs] = hprov; 14606 help->dthps_nprovs++; 14607 14608 return (0); 14609} 14610 14611static void 14612dtrace_helper_provider_destroy(dtrace_helper_provider_t *hprov) 14613{ 14614 mutex_enter(&dtrace_lock); 14615 14616 if (--hprov->dthp_ref == 0) { 14617 dof_hdr_t *dof; 14618 mutex_exit(&dtrace_lock); 14619 dof = (dof_hdr_t *)(uintptr_t)hprov->dthp_prov.dofhp_dof; 14620 dtrace_dof_destroy(dof); 14621 kmem_free(hprov, sizeof (dtrace_helper_provider_t)); 14622 } else { 14623 mutex_exit(&dtrace_lock); 14624 } 14625} 14626 14627static int 14628dtrace_helper_provider_validate(dof_hdr_t *dof, dof_sec_t *sec) 14629{ 14630 uintptr_t daddr = (uintptr_t)dof; 14631 dof_sec_t *str_sec, *prb_sec, *arg_sec, *off_sec, *enoff_sec; 14632 dof_provider_t *provider; 14633 dof_probe_t *probe; 14634 uint8_t *arg; 14635 char *strtab, *typestr; 14636 dof_stridx_t typeidx; 14637 size_t typesz; 14638 uint_t nprobes, j, k; 14639 14640 ASSERT(sec->dofs_type == DOF_SECT_PROVIDER); 14641 14642 if (sec->dofs_offset & (sizeof (uint_t) - 1)) { 14643 dtrace_dof_error(dof, "misaligned section offset"); 14644 return (-1); 14645 } 14646 14647 /* 14648 * The section needs to be large enough to contain the DOF provider 14649 * structure appropriate for the given version. 14650 */ 14651 if (sec->dofs_size < 14652 ((dof->dofh_ident[DOF_ID_VERSION] == DOF_VERSION_1) ? 14653 offsetof(dof_provider_t, dofpv_prenoffs) : 14654 sizeof (dof_provider_t))) { 14655 dtrace_dof_error(dof, "provider section too small"); 14656 return (-1); 14657 } 14658 14659 provider = (dof_provider_t *)(uintptr_t)(daddr + sec->dofs_offset); 14660 str_sec = dtrace_dof_sect(dof, DOF_SECT_STRTAB, provider->dofpv_strtab); 14661 prb_sec = dtrace_dof_sect(dof, DOF_SECT_PROBES, provider->dofpv_probes); 14662 arg_sec = dtrace_dof_sect(dof, DOF_SECT_PRARGS, provider->dofpv_prargs); 14663 off_sec = dtrace_dof_sect(dof, DOF_SECT_PROFFS, provider->dofpv_proffs); 14664 14665 if (str_sec == NULL || prb_sec == NULL || 14666 arg_sec == NULL || off_sec == NULL) 14667 return (-1); 14668 14669 enoff_sec = NULL; 14670 14671 if (dof->dofh_ident[DOF_ID_VERSION] != DOF_VERSION_1 && 14672 provider->dofpv_prenoffs != DOF_SECT_NONE && 14673 (enoff_sec = dtrace_dof_sect(dof, DOF_SECT_PRENOFFS, 14674 provider->dofpv_prenoffs)) == NULL) 14675 return (-1); 14676 14677 strtab = (char *)(uintptr_t)(daddr + str_sec->dofs_offset); 14678 14679 if (provider->dofpv_name >= str_sec->dofs_size || 14680 strlen(strtab + provider->dofpv_name) >= DTRACE_PROVNAMELEN) { 14681 dtrace_dof_error(dof, "invalid provider name"); 14682 return (-1); 14683 } 14684 14685 if (prb_sec->dofs_entsize == 0 || 14686 prb_sec->dofs_entsize > prb_sec->dofs_size) { 14687 dtrace_dof_error(dof, "invalid entry size"); 14688 return (-1); 14689 } 14690 14691 if (prb_sec->dofs_entsize & (sizeof (uintptr_t) - 1)) { 14692 dtrace_dof_error(dof, "misaligned entry size"); 14693 return (-1); 14694 } 14695 14696 if (off_sec->dofs_entsize != sizeof (uint32_t)) { 14697 dtrace_dof_error(dof, "invalid entry size"); 14698 return (-1); 14699 } 14700 14701 if (off_sec->dofs_offset & (sizeof (uint32_t) - 1)) { 14702 dtrace_dof_error(dof, "misaligned section offset"); 14703 return (-1); 14704 } 14705 14706 if (arg_sec->dofs_entsize != sizeof (uint8_t)) { 14707 dtrace_dof_error(dof, "invalid entry size"); 14708 return (-1); 14709 } 14710 14711 arg = (uint8_t *)(uintptr_t)(daddr + arg_sec->dofs_offset); 14712 14713 nprobes = prb_sec->dofs_size / prb_sec->dofs_entsize; 14714 14715 /* 14716 * Take a pass through the probes to check for errors. 14717 */ 14718 for (j = 0; j < nprobes; j++) { 14719 probe = (dof_probe_t *)(uintptr_t)(daddr + 14720 prb_sec->dofs_offset + j * prb_sec->dofs_entsize); 14721 14722 if (probe->dofpr_func >= str_sec->dofs_size) { 14723 dtrace_dof_error(dof, "invalid function name"); 14724 return (-1); 14725 } 14726 14727 if (strlen(strtab + probe->dofpr_func) >= DTRACE_FUNCNAMELEN) { 14728 dtrace_dof_error(dof, "function name too long"); 14729 return (-1); 14730 } 14731 14732 if (probe->dofpr_name >= str_sec->dofs_size || 14733 strlen(strtab + probe->dofpr_name) >= DTRACE_NAMELEN) { 14734 dtrace_dof_error(dof, "invalid probe name"); 14735 return (-1); 14736 } 14737 14738 /* 14739 * The offset count must not wrap the index, and the offsets 14740 * must also not overflow the section's data. 14741 */ 14742 if (probe->dofpr_offidx + probe->dofpr_noffs < 14743 probe->dofpr_offidx || 14744 (probe->dofpr_offidx + probe->dofpr_noffs) * 14745 off_sec->dofs_entsize > off_sec->dofs_size) { 14746 dtrace_dof_error(dof, "invalid probe offset"); 14747 return (-1); 14748 } 14749 14750 if (dof->dofh_ident[DOF_ID_VERSION] != DOF_VERSION_1) { 14751 /* 14752 * If there's no is-enabled offset section, make sure 14753 * there aren't any is-enabled offsets. Otherwise 14754 * perform the same checks as for probe offsets 14755 * (immediately above). 14756 */ 14757 if (enoff_sec == NULL) { 14758 if (probe->dofpr_enoffidx != 0 || 14759 probe->dofpr_nenoffs != 0) { 14760 dtrace_dof_error(dof, "is-enabled " 14761 "offsets with null section"); 14762 return (-1); 14763 } 14764 } else if (probe->dofpr_enoffidx + 14765 probe->dofpr_nenoffs < probe->dofpr_enoffidx || 14766 (probe->dofpr_enoffidx + probe->dofpr_nenoffs) * 14767 enoff_sec->dofs_entsize > enoff_sec->dofs_size) { 14768 dtrace_dof_error(dof, "invalid is-enabled " 14769 "offset"); 14770 return (-1); 14771 } 14772 14773 if (probe->dofpr_noffs + probe->dofpr_nenoffs == 0) { 14774 dtrace_dof_error(dof, "zero probe and " 14775 "is-enabled offsets"); 14776 return (-1); 14777 } 14778 } else if (probe->dofpr_noffs == 0) { 14779 dtrace_dof_error(dof, "zero probe offsets"); 14780 return (-1); 14781 } 14782 14783 if (probe->dofpr_argidx + probe->dofpr_xargc < 14784 probe->dofpr_argidx || 14785 (probe->dofpr_argidx + probe->dofpr_xargc) * 14786 arg_sec->dofs_entsize > arg_sec->dofs_size) { 14787 dtrace_dof_error(dof, "invalid args"); 14788 return (-1); 14789 } 14790 14791 typeidx = probe->dofpr_nargv; 14792 typestr = strtab + probe->dofpr_nargv; 14793 for (k = 0; k < probe->dofpr_nargc; k++) { 14794 if (typeidx >= str_sec->dofs_size) { 14795 dtrace_dof_error(dof, "bad " 14796 "native argument type"); 14797 return (-1); 14798 } 14799 14800 typesz = strlen(typestr) + 1; 14801 if (typesz > DTRACE_ARGTYPELEN) { 14802 dtrace_dof_error(dof, "native " 14803 "argument type too long"); 14804 return (-1); 14805 } 14806 typeidx += typesz; 14807 typestr += typesz; 14808 } 14809 14810 typeidx = probe->dofpr_xargv; 14811 typestr = strtab + probe->dofpr_xargv; 14812 for (k = 0; k < probe->dofpr_xargc; k++) { 14813 if (arg[probe->dofpr_argidx + k] > probe->dofpr_nargc) { 14814 dtrace_dof_error(dof, "bad " 14815 "native argument index"); 14816 return (-1); 14817 } 14818 14819 if (typeidx >= str_sec->dofs_size) { 14820 dtrace_dof_error(dof, "bad " 14821 "translated argument type"); 14822 return (-1); 14823 } 14824 14825 typesz = strlen(typestr) + 1; 14826 if (typesz > DTRACE_ARGTYPELEN) { 14827 dtrace_dof_error(dof, "translated argument " 14828 "type too long"); 14829 return (-1); 14830 } 14831 14832 typeidx += typesz; 14833 typestr += typesz; 14834 } 14835 } 14836 14837 return (0); 14838} 14839 14840static int 14841dtrace_helper_slurp(dof_hdr_t *dof, dof_helper_t *dhp) 14842{ 14843 dtrace_helpers_t *help; 14844 dtrace_vstate_t *vstate; 14845 dtrace_enabling_t *enab = NULL; 14846 int i, gen, rv, nhelpers = 0, nprovs = 0, destroy = 1; 14847 uintptr_t daddr = (uintptr_t)dof; 14848 14849 ASSERT(MUTEX_HELD(&dtrace_lock)); 14850 14851 if ((help = curproc->p_dtrace_helpers) == NULL) 14852 help = dtrace_helpers_create(curproc); 14853 14854 vstate = &help->dthps_vstate; 14855 14856 if ((rv = dtrace_dof_slurp(dof, vstate, NULL, &enab, 14857 dhp != NULL ? dhp->dofhp_addr : 0, B_FALSE)) != 0) { 14858 dtrace_dof_destroy(dof); 14859 return (rv); 14860 } 14861 14862 /* 14863 * Look for helper providers and validate their descriptions. 14864 */ 14865 if (dhp != NULL) { 14866 for (i = 0; i < dof->dofh_secnum; i++) { 14867 dof_sec_t *sec = (dof_sec_t *)(uintptr_t)(daddr + 14868 dof->dofh_secoff + i * dof->dofh_secsize); 14869 14870 if (sec->dofs_type != DOF_SECT_PROVIDER) 14871 continue; 14872 14873 if (dtrace_helper_provider_validate(dof, sec) != 0) { 14874 dtrace_enabling_destroy(enab); 14875 dtrace_dof_destroy(dof); 14876 return (-1); 14877 } 14878 14879 nprovs++; 14880 } 14881 } 14882 14883 /* 14884 * Now we need to walk through the ECB descriptions in the enabling. 14885 */ 14886 for (i = 0; i < enab->dten_ndesc; i++) { 14887 dtrace_ecbdesc_t *ep = enab->dten_desc[i]; 14888 dtrace_probedesc_t *desc = &ep->dted_probe; 14889 14890 if (strcmp(desc->dtpd_provider, "dtrace") != 0) 14891 continue; 14892 14893 if (strcmp(desc->dtpd_mod, "helper") != 0) 14894 continue; 14895 14896 if (strcmp(desc->dtpd_func, "ustack") != 0) 14897 continue; 14898 14899 if ((rv = dtrace_helper_action_add(DTRACE_HELPER_ACTION_USTACK, 14900 ep)) != 0) { 14901 /* 14902 * Adding this helper action failed -- we are now going 14903 * to rip out the entire generation and return failure. 14904 */ 14905 (void) dtrace_helper_destroygen(help->dthps_generation); 14906 dtrace_enabling_destroy(enab); 14907 dtrace_dof_destroy(dof); 14908 return (-1); 14909 } 14910 14911 nhelpers++; 14912 } 14913 14914 if (nhelpers < enab->dten_ndesc) 14915 dtrace_dof_error(dof, "unmatched helpers"); 14916 14917 gen = help->dthps_generation++; 14918 dtrace_enabling_destroy(enab); 14919 14920 if (dhp != NULL && nprovs > 0) { 14921 dhp->dofhp_dof = (uint64_t)(uintptr_t)dof; 14922 if (dtrace_helper_provider_add(dhp, gen) == 0) { 14923 mutex_exit(&dtrace_lock); 14924 dtrace_helper_provider_register(curproc, help, dhp); 14925 mutex_enter(&dtrace_lock); 14926 14927 destroy = 0; 14928 } 14929 } 14930 14931 if (destroy) 14932 dtrace_dof_destroy(dof); 14933 14934 return (gen); 14935} 14936 14937static dtrace_helpers_t * 14938dtrace_helpers_create(proc_t *p) 14939{ 14940 dtrace_helpers_t *help; 14941 14942 ASSERT(MUTEX_HELD(&dtrace_lock)); 14943 ASSERT(p->p_dtrace_helpers == NULL); 14944 14945 help = kmem_zalloc(sizeof (dtrace_helpers_t), KM_SLEEP); 14946 help->dthps_actions = kmem_zalloc(sizeof (dtrace_helper_action_t *) * 14947 DTRACE_NHELPER_ACTIONS, KM_SLEEP); 14948 14949 p->p_dtrace_helpers = help; 14950 dtrace_helpers++; 14951 14952 return (help); 14953} 14954 14955#if defined(sun) 14956static 14957#endif 14958void 14959dtrace_helpers_destroy(proc_t *p) 14960{ 14961 dtrace_helpers_t *help; 14962 dtrace_vstate_t *vstate; 14963#if defined(sun) 14964 proc_t *p = curproc; 14965#endif 14966 int i; 14967 14968 mutex_enter(&dtrace_lock); 14969 14970 ASSERT(p->p_dtrace_helpers != NULL); 14971 ASSERT(dtrace_helpers > 0); 14972 14973 help = p->p_dtrace_helpers; 14974 vstate = &help->dthps_vstate; 14975 14976 /* 14977 * We're now going to lose the help from this process. 14978 */ 14979 p->p_dtrace_helpers = NULL; 14980 dtrace_sync(); 14981 14982 /* 14983 * Destory the helper actions. 14984 */ 14985 for (i = 0; i < DTRACE_NHELPER_ACTIONS; i++) { 14986 dtrace_helper_action_t *h, *next; 14987 14988 for (h = help->dthps_actions[i]; h != NULL; h = next) { 14989 next = h->dtha_next; 14990 dtrace_helper_action_destroy(h, vstate); 14991 h = next; 14992 } 14993 } 14994 14995 mutex_exit(&dtrace_lock); 14996 14997 /* 14998 * Destroy the helper providers. 14999 */ 15000 if (help->dthps_maxprovs > 0) { 15001 mutex_enter(&dtrace_meta_lock); 15002 if (dtrace_meta_pid != NULL) { 15003 ASSERT(dtrace_deferred_pid == NULL); 15004 15005 for (i = 0; i < help->dthps_nprovs; i++) { 15006 dtrace_helper_provider_remove( 15007 &help->dthps_provs[i]->dthp_prov, p->p_pid); 15008 } 15009 } else { 15010 mutex_enter(&dtrace_lock); 15011 ASSERT(help->dthps_deferred == 0 || 15012 help->dthps_next != NULL || 15013 help->dthps_prev != NULL || 15014 help == dtrace_deferred_pid); 15015 15016 /* 15017 * Remove the helper from the deferred list. 15018 */ 15019 if (help->dthps_next != NULL) 15020 help->dthps_next->dthps_prev = help->dthps_prev; 15021 if (help->dthps_prev != NULL) 15022 help->dthps_prev->dthps_next = help->dthps_next; 15023 if (dtrace_deferred_pid == help) { 15024 dtrace_deferred_pid = help->dthps_next; 15025 ASSERT(help->dthps_prev == NULL); 15026 } 15027 15028 mutex_exit(&dtrace_lock); 15029 } 15030 15031 mutex_exit(&dtrace_meta_lock); 15032 15033 for (i = 0; i < help->dthps_nprovs; i++) { 15034 dtrace_helper_provider_destroy(help->dthps_provs[i]); 15035 } 15036 15037 kmem_free(help->dthps_provs, help->dthps_maxprovs * 15038 sizeof (dtrace_helper_provider_t *)); 15039 } 15040 15041 mutex_enter(&dtrace_lock); 15042 15043 dtrace_vstate_fini(&help->dthps_vstate); 15044 kmem_free(help->dthps_actions, 15045 sizeof (dtrace_helper_action_t *) * DTRACE_NHELPER_ACTIONS); 15046 kmem_free(help, sizeof (dtrace_helpers_t)); 15047 15048 --dtrace_helpers; 15049 mutex_exit(&dtrace_lock); 15050} 15051 15052#if defined(sun) 15053static 15054#endif 15055void 15056dtrace_helpers_duplicate(proc_t *from, proc_t *to) 15057{ 15058 dtrace_helpers_t *help, *newhelp; 15059 dtrace_helper_action_t *helper, *new, *last; 15060 dtrace_difo_t *dp; 15061 dtrace_vstate_t *vstate; 15062 int i, j, sz, hasprovs = 0; 15063 15064 mutex_enter(&dtrace_lock); 15065 ASSERT(from->p_dtrace_helpers != NULL); 15066 ASSERT(dtrace_helpers > 0); 15067 15068 help = from->p_dtrace_helpers; 15069 newhelp = dtrace_helpers_create(to); 15070 ASSERT(to->p_dtrace_helpers != NULL); 15071 15072 newhelp->dthps_generation = help->dthps_generation; 15073 vstate = &newhelp->dthps_vstate; 15074 15075 /* 15076 * Duplicate the helper actions. 15077 */ 15078 for (i = 0; i < DTRACE_NHELPER_ACTIONS; i++) { 15079 if ((helper = help->dthps_actions[i]) == NULL) 15080 continue; 15081 15082 for (last = NULL; helper != NULL; helper = helper->dtha_next) { 15083 new = kmem_zalloc(sizeof (dtrace_helper_action_t), 15084 KM_SLEEP); 15085 new->dtha_generation = helper->dtha_generation; 15086 15087 if ((dp = helper->dtha_predicate) != NULL) { 15088 dp = dtrace_difo_duplicate(dp, vstate); 15089 new->dtha_predicate = dp; 15090 } 15091 15092 new->dtha_nactions = helper->dtha_nactions; 15093 sz = sizeof (dtrace_difo_t *) * new->dtha_nactions; 15094 new->dtha_actions = kmem_alloc(sz, KM_SLEEP); 15095 15096 for (j = 0; j < new->dtha_nactions; j++) { 15097 dtrace_difo_t *dp = helper->dtha_actions[j]; 15098 15099 ASSERT(dp != NULL); 15100 dp = dtrace_difo_duplicate(dp, vstate); 15101 new->dtha_actions[j] = dp; 15102 } 15103 15104 if (last != NULL) { 15105 last->dtha_next = new; 15106 } else { 15107 newhelp->dthps_actions[i] = new; 15108 } 15109 15110 last = new; 15111 } 15112 } 15113 15114 /* 15115 * Duplicate the helper providers and register them with the 15116 * DTrace framework. 15117 */ 15118 if (help->dthps_nprovs > 0) { 15119 newhelp->dthps_nprovs = help->dthps_nprovs; 15120 newhelp->dthps_maxprovs = help->dthps_nprovs; 15121 newhelp->dthps_provs = kmem_alloc(newhelp->dthps_nprovs * 15122 sizeof (dtrace_helper_provider_t *), KM_SLEEP); 15123 for (i = 0; i < newhelp->dthps_nprovs; i++) { 15124 newhelp->dthps_provs[i] = help->dthps_provs[i]; 15125 newhelp->dthps_provs[i]->dthp_ref++; 15126 } 15127 15128 hasprovs = 1; 15129 } 15130 15131 mutex_exit(&dtrace_lock); 15132 15133 if (hasprovs) 15134 dtrace_helper_provider_register(to, newhelp, NULL); 15135} 15136 15137/* 15138 * DTrace Hook Functions 15139 */ 15140static void 15141dtrace_module_loaded(modctl_t *ctl) 15142{ 15143 dtrace_provider_t *prv; 15144 15145 mutex_enter(&dtrace_provider_lock); 15146 mutex_enter(&mod_lock); 15147 15148#if defined(sun) 15149 ASSERT(ctl->mod_busy); 15150#endif 15151 15152 /* 15153 * We're going to call each providers per-module provide operation 15154 * specifying only this module. 15155 */ 15156 for (prv = dtrace_provider; prv != NULL; prv = prv->dtpv_next) 15157 prv->dtpv_pops.dtps_provide_module(prv->dtpv_arg, ctl); 15158 15159 mutex_exit(&mod_lock); 15160 mutex_exit(&dtrace_provider_lock); 15161 15162 /* 15163 * If we have any retained enablings, we need to match against them. 15164 * Enabling probes requires that cpu_lock be held, and we cannot hold 15165 * cpu_lock here -- it is legal for cpu_lock to be held when loading a 15166 * module. (In particular, this happens when loading scheduling 15167 * classes.) So if we have any retained enablings, we need to dispatch 15168 * our task queue to do the match for us. 15169 */ 15170 mutex_enter(&dtrace_lock); 15171 15172 if (dtrace_retained == NULL) { 15173 mutex_exit(&dtrace_lock); 15174 return; 15175 } 15176 15177 (void) taskq_dispatch(dtrace_taskq, 15178 (task_func_t *)dtrace_enabling_matchall, NULL, TQ_SLEEP); 15179 15180 mutex_exit(&dtrace_lock); 15181 15182 /* 15183 * And now, for a little heuristic sleaze: in general, we want to 15184 * match modules as soon as they load. However, we cannot guarantee 15185 * this, because it would lead us to the lock ordering violation 15186 * outlined above. The common case, of course, is that cpu_lock is 15187 * _not_ held -- so we delay here for a clock tick, hoping that that's 15188 * long enough for the task queue to do its work. If it's not, it's 15189 * not a serious problem -- it just means that the module that we 15190 * just loaded may not be immediately instrumentable. 15191 */ 15192 delay(1); 15193} 15194 15195static void 15196#if defined(sun) 15197dtrace_module_unloaded(modctl_t *ctl) 15198#else 15199dtrace_module_unloaded(modctl_t *ctl, int *error) 15200#endif 15201{ 15202 dtrace_probe_t template, *probe, *first, *next; 15203 dtrace_provider_t *prov; 15204#if !defined(sun) 15205 char modname[DTRACE_MODNAMELEN]; 15206 size_t len; 15207#endif 15208 15209#if defined(sun) 15210 template.dtpr_mod = ctl->mod_modname; 15211#else 15212 /* Handle the fact that ctl->filename may end in ".ko". */ 15213 strlcpy(modname, ctl->filename, sizeof(modname)); 15214 len = strlen(ctl->filename); 15215 if (len > 3 && strcmp(modname + len - 3, ".ko") == 0) 15216 modname[len - 3] = '\0'; 15217 template.dtpr_mod = modname; 15218#endif 15219 15220 mutex_enter(&dtrace_provider_lock); 15221 mutex_enter(&mod_lock); 15222 mutex_enter(&dtrace_lock); 15223 15224#if !defined(sun) 15225 if (ctl->nenabled > 0) { 15226 /* Don't allow unloads if a probe is enabled. */ 15227 mutex_exit(&dtrace_provider_lock); 15228 mutex_exit(&dtrace_lock); 15229 *error = -1; 15230 printf( 15231 "kldunload: attempt to unload module that has DTrace probes enabled\n"); 15232 return; 15233 } 15234#endif 15235 15236 if (dtrace_bymod == NULL) { 15237 /* 15238 * The DTrace module is loaded (obviously) but not attached; 15239 * we don't have any work to do. 15240 */ 15241 mutex_exit(&dtrace_provider_lock); 15242 mutex_exit(&mod_lock); 15243 mutex_exit(&dtrace_lock); 15244 return; 15245 } 15246 15247 for (probe = first = dtrace_hash_lookup(dtrace_bymod, &template); 15248 probe != NULL; probe = probe->dtpr_nextmod) { 15249 if (probe->dtpr_ecb != NULL) { 15250 mutex_exit(&dtrace_provider_lock); 15251 mutex_exit(&mod_lock); 15252 mutex_exit(&dtrace_lock); 15253 15254 /* 15255 * This shouldn't _actually_ be possible -- we're 15256 * unloading a module that has an enabled probe in it. 15257 * (It's normally up to the provider to make sure that 15258 * this can't happen.) However, because dtps_enable() 15259 * doesn't have a failure mode, there can be an 15260 * enable/unload race. Upshot: we don't want to 15261 * assert, but we're not going to disable the 15262 * probe, either. 15263 */ 15264 if (dtrace_err_verbose) { 15265#if defined(sun) 15266 cmn_err(CE_WARN, "unloaded module '%s' had " 15267 "enabled probes", ctl->mod_modname); 15268#else 15269 cmn_err(CE_WARN, "unloaded module '%s' had " 15270 "enabled probes", modname); 15271#endif 15272 } 15273 15274 return; 15275 } 15276 } 15277 15278 probe = first; 15279 15280 for (first = NULL; probe != NULL; probe = next) { 15281 ASSERT(dtrace_probes[probe->dtpr_id - 1] == probe); 15282 15283 dtrace_probes[probe->dtpr_id - 1] = NULL; 15284 15285 next = probe->dtpr_nextmod; 15286 dtrace_hash_remove(dtrace_bymod, probe); 15287 dtrace_hash_remove(dtrace_byfunc, probe); 15288 dtrace_hash_remove(dtrace_byname, probe); 15289 15290 if (first == NULL) { 15291 first = probe; 15292 probe->dtpr_nextmod = NULL; 15293 } else { 15294 probe->dtpr_nextmod = first; 15295 first = probe; 15296 } 15297 } 15298 15299 /* 15300 * We've removed all of the module's probes from the hash chains and 15301 * from the probe array. Now issue a dtrace_sync() to be sure that 15302 * everyone has cleared out from any probe array processing. 15303 */ 15304 dtrace_sync(); 15305 15306 for (probe = first; probe != NULL; probe = first) { 15307 first = probe->dtpr_nextmod; 15308 prov = probe->dtpr_provider; 15309 prov->dtpv_pops.dtps_destroy(prov->dtpv_arg, probe->dtpr_id, 15310 probe->dtpr_arg); 15311 kmem_free(probe->dtpr_mod, strlen(probe->dtpr_mod) + 1); 15312 kmem_free(probe->dtpr_func, strlen(probe->dtpr_func) + 1); 15313 kmem_free(probe->dtpr_name, strlen(probe->dtpr_name) + 1); 15314#if defined(sun) 15315 vmem_free(dtrace_arena, (void *)(uintptr_t)probe->dtpr_id, 1); 15316#else 15317 free_unr(dtrace_arena, probe->dtpr_id); 15318#endif 15319 kmem_free(probe, sizeof (dtrace_probe_t)); 15320 } 15321 15322 mutex_exit(&dtrace_lock); 15323 mutex_exit(&mod_lock); 15324 mutex_exit(&dtrace_provider_lock); 15325} 15326 15327#if !defined(sun) 15328static void 15329dtrace_kld_load(void *arg __unused, linker_file_t lf) 15330{ 15331 15332 dtrace_module_loaded(lf); 15333} 15334 15335static void 15336dtrace_kld_unload_try(void *arg __unused, linker_file_t lf, int *error) 15337{ 15338 15339 if (*error != 0) 15340 /* We already have an error, so don't do anything. */ 15341 return; 15342 dtrace_module_unloaded(lf, error); 15343} 15344#endif 15345 15346#if defined(sun) 15347static void 15348dtrace_suspend(void) 15349{ 15350 dtrace_probe_foreach(offsetof(dtrace_pops_t, dtps_suspend)); 15351} 15352 15353static void 15354dtrace_resume(void) 15355{ 15356 dtrace_probe_foreach(offsetof(dtrace_pops_t, dtps_resume)); 15357} 15358#endif 15359 15360static int 15361dtrace_cpu_setup(cpu_setup_t what, processorid_t cpu) 15362{ 15363 ASSERT(MUTEX_HELD(&cpu_lock)); 15364 mutex_enter(&dtrace_lock); 15365 15366 switch (what) { 15367 case CPU_CONFIG: { 15368 dtrace_state_t *state; 15369 dtrace_optval_t *opt, rs, c; 15370 15371 /* 15372 * For now, we only allocate a new buffer for anonymous state. 15373 */ 15374 if ((state = dtrace_anon.dta_state) == NULL) 15375 break; 15376 15377 if (state->dts_activity != DTRACE_ACTIVITY_ACTIVE) 15378 break; 15379 15380 opt = state->dts_options; 15381 c = opt[DTRACEOPT_CPU]; 15382 15383 if (c != DTRACE_CPUALL && c != DTRACEOPT_UNSET && c != cpu) 15384 break; 15385 15386 /* 15387 * Regardless of what the actual policy is, we're going to 15388 * temporarily set our resize policy to be manual. We're 15389 * also going to temporarily set our CPU option to denote 15390 * the newly configured CPU. 15391 */ 15392 rs = opt[DTRACEOPT_BUFRESIZE]; 15393 opt[DTRACEOPT_BUFRESIZE] = DTRACEOPT_BUFRESIZE_MANUAL; 15394 opt[DTRACEOPT_CPU] = (dtrace_optval_t)cpu; 15395 15396 (void) dtrace_state_buffers(state); 15397 15398 opt[DTRACEOPT_BUFRESIZE] = rs; 15399 opt[DTRACEOPT_CPU] = c; 15400 15401 break; 15402 } 15403 15404 case CPU_UNCONFIG: 15405 /* 15406 * We don't free the buffer in the CPU_UNCONFIG case. (The 15407 * buffer will be freed when the consumer exits.) 15408 */ 15409 break; 15410 15411 default: 15412 break; 15413 } 15414 15415 mutex_exit(&dtrace_lock); 15416 return (0); 15417} 15418 15419#if defined(sun) 15420static void 15421dtrace_cpu_setup_initial(processorid_t cpu) 15422{ 15423 (void) dtrace_cpu_setup(CPU_CONFIG, cpu); 15424} 15425#endif 15426 15427static void 15428dtrace_toxrange_add(uintptr_t base, uintptr_t limit) 15429{ 15430 if (dtrace_toxranges >= dtrace_toxranges_max) { 15431 int osize, nsize; 15432 dtrace_toxrange_t *range; 15433 15434 osize = dtrace_toxranges_max * sizeof (dtrace_toxrange_t); 15435 15436 if (osize == 0) { 15437 ASSERT(dtrace_toxrange == NULL); 15438 ASSERT(dtrace_toxranges_max == 0); 15439 dtrace_toxranges_max = 1; 15440 } else { 15441 dtrace_toxranges_max <<= 1; 15442 } 15443 15444 nsize = dtrace_toxranges_max * sizeof (dtrace_toxrange_t); 15445 range = kmem_zalloc(nsize, KM_SLEEP); 15446 15447 if (dtrace_toxrange != NULL) { 15448 ASSERT(osize != 0); 15449 bcopy(dtrace_toxrange, range, osize); 15450 kmem_free(dtrace_toxrange, osize); 15451 } 15452 15453 dtrace_toxrange = range; 15454 } 15455 15456 ASSERT(dtrace_toxrange[dtrace_toxranges].dtt_base == 0); 15457 ASSERT(dtrace_toxrange[dtrace_toxranges].dtt_limit == 0); 15458 15459 dtrace_toxrange[dtrace_toxranges].dtt_base = base; 15460 dtrace_toxrange[dtrace_toxranges].dtt_limit = limit; 15461 dtrace_toxranges++; 15462} 15463 15464/* 15465 * DTrace Driver Cookbook Functions 15466 */ 15467#if defined(sun) 15468/*ARGSUSED*/ 15469static int 15470dtrace_attach(dev_info_t *devi, ddi_attach_cmd_t cmd) 15471{ 15472 dtrace_provider_id_t id; 15473 dtrace_state_t *state = NULL; 15474 dtrace_enabling_t *enab; 15475 15476 mutex_enter(&cpu_lock); 15477 mutex_enter(&dtrace_provider_lock); 15478 mutex_enter(&dtrace_lock); 15479 15480 if (ddi_soft_state_init(&dtrace_softstate, 15481 sizeof (dtrace_state_t), 0) != 0) { 15482 cmn_err(CE_NOTE, "/dev/dtrace failed to initialize soft state"); 15483 mutex_exit(&cpu_lock); 15484 mutex_exit(&dtrace_provider_lock); 15485 mutex_exit(&dtrace_lock); 15486 return (DDI_FAILURE); 15487 } 15488 15489 if (ddi_create_minor_node(devi, DTRACEMNR_DTRACE, S_IFCHR, 15490 DTRACEMNRN_DTRACE, DDI_PSEUDO, NULL) == DDI_FAILURE || 15491 ddi_create_minor_node(devi, DTRACEMNR_HELPER, S_IFCHR, 15492 DTRACEMNRN_HELPER, DDI_PSEUDO, NULL) == DDI_FAILURE) { 15493 cmn_err(CE_NOTE, "/dev/dtrace couldn't create minor nodes"); 15494 ddi_remove_minor_node(devi, NULL); 15495 ddi_soft_state_fini(&dtrace_softstate); 15496 mutex_exit(&cpu_lock); 15497 mutex_exit(&dtrace_provider_lock); 15498 mutex_exit(&dtrace_lock); 15499 return (DDI_FAILURE); 15500 } 15501 15502 ddi_report_dev(devi); 15503 dtrace_devi = devi; 15504 15505 dtrace_modload = dtrace_module_loaded; 15506 dtrace_modunload = dtrace_module_unloaded; 15507 dtrace_cpu_init = dtrace_cpu_setup_initial; 15508 dtrace_helpers_cleanup = dtrace_helpers_destroy; 15509 dtrace_helpers_fork = dtrace_helpers_duplicate; 15510 dtrace_cpustart_init = dtrace_suspend; 15511 dtrace_cpustart_fini = dtrace_resume; 15512 dtrace_debugger_init = dtrace_suspend; 15513 dtrace_debugger_fini = dtrace_resume; 15514 15515 register_cpu_setup_func((cpu_setup_func_t *)dtrace_cpu_setup, NULL); 15516 15517 ASSERT(MUTEX_HELD(&cpu_lock)); 15518 15519 dtrace_arena = vmem_create("dtrace", (void *)1, UINT32_MAX, 1, 15520 NULL, NULL, NULL, 0, VM_SLEEP | VMC_IDENTIFIER); 15521 dtrace_minor = vmem_create("dtrace_minor", (void *)DTRACEMNRN_CLONE, 15522 UINT32_MAX - DTRACEMNRN_CLONE, 1, NULL, NULL, NULL, 0, 15523 VM_SLEEP | VMC_IDENTIFIER); 15524 dtrace_taskq = taskq_create("dtrace_taskq", 1, maxclsyspri, 15525 1, INT_MAX, 0); 15526 15527 dtrace_state_cache = kmem_cache_create("dtrace_state_cache", 15528 sizeof (dtrace_dstate_percpu_t) * NCPU, DTRACE_STATE_ALIGN, 15529 NULL, NULL, NULL, NULL, NULL, 0); 15530 15531 ASSERT(MUTEX_HELD(&cpu_lock)); 15532 dtrace_bymod = dtrace_hash_create(offsetof(dtrace_probe_t, dtpr_mod), 15533 offsetof(dtrace_probe_t, dtpr_nextmod), 15534 offsetof(dtrace_probe_t, dtpr_prevmod)); 15535 15536 dtrace_byfunc = dtrace_hash_create(offsetof(dtrace_probe_t, dtpr_func), 15537 offsetof(dtrace_probe_t, dtpr_nextfunc), 15538 offsetof(dtrace_probe_t, dtpr_prevfunc)); 15539 15540 dtrace_byname = dtrace_hash_create(offsetof(dtrace_probe_t, dtpr_name), 15541 offsetof(dtrace_probe_t, dtpr_nextname), 15542 offsetof(dtrace_probe_t, dtpr_prevname)); 15543 15544 if (dtrace_retain_max < 1) { 15545 cmn_err(CE_WARN, "illegal value (%lu) for dtrace_retain_max; " 15546 "setting to 1", dtrace_retain_max); 15547 dtrace_retain_max = 1; 15548 } 15549 15550 /* 15551 * Now discover our toxic ranges. 15552 */ 15553 dtrace_toxic_ranges(dtrace_toxrange_add); 15554 15555 /* 15556 * Before we register ourselves as a provider to our own framework, 15557 * we would like to assert that dtrace_provider is NULL -- but that's 15558 * not true if we were loaded as a dependency of a DTrace provider. 15559 * Once we've registered, we can assert that dtrace_provider is our 15560 * pseudo provider. 15561 */ 15562 (void) dtrace_register("dtrace", &dtrace_provider_attr, 15563 DTRACE_PRIV_NONE, 0, &dtrace_provider_ops, NULL, &id); 15564 15565 ASSERT(dtrace_provider != NULL); 15566 ASSERT((dtrace_provider_id_t)dtrace_provider == id); 15567 15568 dtrace_probeid_begin = dtrace_probe_create((dtrace_provider_id_t) 15569 dtrace_provider, NULL, NULL, "BEGIN", 0, NULL); 15570 dtrace_probeid_end = dtrace_probe_create((dtrace_provider_id_t) 15571 dtrace_provider, NULL, NULL, "END", 0, NULL); 15572 dtrace_probeid_error = dtrace_probe_create((dtrace_provider_id_t) 15573 dtrace_provider, NULL, NULL, "ERROR", 1, NULL); 15574 15575 dtrace_anon_property(); 15576 mutex_exit(&cpu_lock); 15577 15578 /* 15579 * If DTrace helper tracing is enabled, we need to allocate the 15580 * trace buffer and initialize the values. 15581 */ 15582 if (dtrace_helptrace_enabled) { 15583 ASSERT(dtrace_helptrace_buffer == NULL); 15584 dtrace_helptrace_buffer = 15585 kmem_zalloc(dtrace_helptrace_bufsize, KM_SLEEP); 15586 dtrace_helptrace_next = 0; 15587 } 15588 15589 /* 15590 * If there are already providers, we must ask them to provide their 15591 * probes, and then match any anonymous enabling against them. Note 15592 * that there should be no other retained enablings at this time: 15593 * the only retained enablings at this time should be the anonymous 15594 * enabling. 15595 */ 15596 if (dtrace_anon.dta_enabling != NULL) { 15597 ASSERT(dtrace_retained == dtrace_anon.dta_enabling); 15598 15599 dtrace_enabling_provide(NULL); 15600 state = dtrace_anon.dta_state; 15601 15602 /* 15603 * We couldn't hold cpu_lock across the above call to 15604 * dtrace_enabling_provide(), but we must hold it to actually 15605 * enable the probes. We have to drop all of our locks, pick 15606 * up cpu_lock, and regain our locks before matching the 15607 * retained anonymous enabling. 15608 */ 15609 mutex_exit(&dtrace_lock); 15610 mutex_exit(&dtrace_provider_lock); 15611 15612 mutex_enter(&cpu_lock); 15613 mutex_enter(&dtrace_provider_lock); 15614 mutex_enter(&dtrace_lock); 15615 15616 if ((enab = dtrace_anon.dta_enabling) != NULL) 15617 (void) dtrace_enabling_match(enab, NULL); 15618 15619 mutex_exit(&cpu_lock); 15620 } 15621 15622 mutex_exit(&dtrace_lock); 15623 mutex_exit(&dtrace_provider_lock); 15624 15625 if (state != NULL) { 15626 /* 15627 * If we created any anonymous state, set it going now. 15628 */ 15629 (void) dtrace_state_go(state, &dtrace_anon.dta_beganon); 15630 } 15631 15632 return (DDI_SUCCESS); 15633} 15634#endif 15635 15636#if !defined(sun) 15637#if __FreeBSD_version >= 800039 15638static void 15639dtrace_dtr(void *data __unused) 15640{ 15641} 15642#endif 15643#endif 15644 15645/*ARGSUSED*/ 15646static int 15647#if defined(sun) 15648dtrace_open(dev_t *devp, int flag, int otyp, cred_t *cred_p) 15649#else 15650dtrace_open(struct cdev *dev, int oflags, int devtype, struct thread *td) 15651#endif 15652{ 15653 dtrace_state_t *state; 15654 uint32_t priv; 15655 uid_t uid; 15656 zoneid_t zoneid; 15657 15658#if defined(sun) 15659 if (getminor(*devp) == DTRACEMNRN_HELPER) 15660 return (0); 15661 15662 /* 15663 * If this wasn't an open with the "helper" minor, then it must be 15664 * the "dtrace" minor. 15665 */ 15666 ASSERT(getminor(*devp) == DTRACEMNRN_DTRACE); 15667#else 15668 cred_t *cred_p = NULL; 15669 15670#if __FreeBSD_version < 800039 15671 /* 15672 * The first minor device is the one that is cloned so there is 15673 * nothing more to do here. 15674 */ 15675 if (dev2unit(dev) == 0) 15676 return 0; 15677 15678 /* 15679 * Devices are cloned, so if the DTrace state has already 15680 * been allocated, that means this device belongs to a 15681 * different client. Each client should open '/dev/dtrace' 15682 * to get a cloned device. 15683 */ 15684 if (dev->si_drv1 != NULL) 15685 return (EBUSY); 15686#endif 15687 15688 cred_p = dev->si_cred; 15689#endif 15690 15691 /* 15692 * If no DTRACE_PRIV_* bits are set in the credential, then the 15693 * caller lacks sufficient permission to do anything with DTrace. 15694 */ 15695 dtrace_cred2priv(cred_p, &priv, &uid, &zoneid); 15696 if (priv == DTRACE_PRIV_NONE) { 15697#if !defined(sun) 15698#if __FreeBSD_version < 800039 15699 /* Destroy the cloned device. */ 15700 destroy_dev(dev); 15701#endif 15702#endif 15703 15704 return (EACCES); 15705 } 15706 15707 /* 15708 * Ask all providers to provide all their probes. 15709 */ 15710 mutex_enter(&dtrace_provider_lock); 15711 dtrace_probe_provide(NULL, NULL); 15712 mutex_exit(&dtrace_provider_lock); 15713 15714 mutex_enter(&cpu_lock); 15715 mutex_enter(&dtrace_lock); 15716 dtrace_opens++; 15717 dtrace_membar_producer(); 15718 15719#if defined(sun) 15720 /* 15721 * If the kernel debugger is active (that is, if the kernel debugger 15722 * modified text in some way), we won't allow the open. 15723 */ 15724 if (kdi_dtrace_set(KDI_DTSET_DTRACE_ACTIVATE) != 0) { 15725 dtrace_opens--; 15726 mutex_exit(&cpu_lock); 15727 mutex_exit(&dtrace_lock); 15728 return (EBUSY); 15729 } 15730 15731 state = dtrace_state_create(devp, cred_p); 15732#else 15733 state = dtrace_state_create(dev); 15734#if __FreeBSD_version < 800039 15735 dev->si_drv1 = state; 15736#else 15737 devfs_set_cdevpriv(state, dtrace_dtr); 15738#endif 15739 /* This code actually belongs in dtrace_attach() */ 15740 if (dtrace_opens == 1) 15741 dtrace_taskq = taskq_create("dtrace_taskq", 1, maxclsyspri, 15742 1, INT_MAX, 0); 15743#endif 15744 15745 mutex_exit(&cpu_lock); 15746 15747 if (state == NULL) { 15748#if defined(sun) 15749 if (--dtrace_opens == 0) 15750 (void) kdi_dtrace_set(KDI_DTSET_DTRACE_DEACTIVATE); 15751#else 15752 --dtrace_opens; 15753#endif 15754 mutex_exit(&dtrace_lock); 15755#if !defined(sun) 15756#if __FreeBSD_version < 800039 15757 /* Destroy the cloned device. */ 15758 destroy_dev(dev); 15759#endif 15760#endif 15761 return (EAGAIN); 15762 } 15763 15764 mutex_exit(&dtrace_lock); 15765 15766 return (0); 15767} 15768 15769/*ARGSUSED*/ 15770static int 15771#if defined(sun) 15772dtrace_close(dev_t dev, int flag, int otyp, cred_t *cred_p) 15773#else 15774dtrace_close(struct cdev *dev, int flags, int fmt __unused, struct thread *td) 15775#endif 15776{ 15777#if defined(sun) 15778 minor_t minor = getminor(dev); 15779 dtrace_state_t *state; 15780 15781 if (minor == DTRACEMNRN_HELPER) 15782 return (0); 15783 15784 state = ddi_get_soft_state(dtrace_softstate, minor); 15785#else 15786#if __FreeBSD_version < 800039 15787 dtrace_state_t *state = dev->si_drv1; 15788 15789 /* Check if this is not a cloned device. */ 15790 if (dev2unit(dev) == 0) 15791 return (0); 15792#else 15793 dtrace_state_t *state; 15794 devfs_get_cdevpriv((void **) &state); 15795#endif 15796 15797#endif 15798 15799 mutex_enter(&cpu_lock); 15800 mutex_enter(&dtrace_lock); 15801 15802 if (state != NULL) { 15803 if (state->dts_anon) { 15804 /* 15805 * There is anonymous state. Destroy that first. 15806 */ 15807 ASSERT(dtrace_anon.dta_state == NULL); 15808 dtrace_state_destroy(state->dts_anon); 15809 } 15810 15811 dtrace_state_destroy(state); 15812 15813#if !defined(sun) 15814 kmem_free(state, 0); 15815#if __FreeBSD_version < 800039 15816 dev->si_drv1 = NULL; 15817#endif 15818#endif 15819 } 15820 15821 ASSERT(dtrace_opens > 0); 15822#if defined(sun) 15823 if (--dtrace_opens == 0) 15824 (void) kdi_dtrace_set(KDI_DTSET_DTRACE_DEACTIVATE); 15825#else 15826 --dtrace_opens; 15827 /* This code actually belongs in dtrace_detach() */ 15828 if ((dtrace_opens == 0) && (dtrace_taskq != NULL)) { 15829 taskq_destroy(dtrace_taskq); 15830 dtrace_taskq = NULL; 15831 } 15832#endif 15833 15834 mutex_exit(&dtrace_lock); 15835 mutex_exit(&cpu_lock); 15836 15837#if __FreeBSD_version < 800039 15838 /* Schedule this cloned device to be destroyed. */ 15839 destroy_dev_sched(dev); 15840#endif 15841 15842 return (0); 15843} 15844 15845#if defined(sun) 15846/*ARGSUSED*/ 15847static int 15848dtrace_ioctl_helper(int cmd, intptr_t arg, int *rv) 15849{ 15850 int rval; 15851 dof_helper_t help, *dhp = NULL; 15852 15853 switch (cmd) { 15854 case DTRACEHIOC_ADDDOF: 15855 if (copyin((void *)arg, &help, sizeof (help)) != 0) { 15856 dtrace_dof_error(NULL, "failed to copyin DOF helper"); 15857 return (EFAULT); 15858 } 15859 15860 dhp = &help; 15861 arg = (intptr_t)help.dofhp_dof; 15862 /*FALLTHROUGH*/ 15863 15864 case DTRACEHIOC_ADD: { 15865 dof_hdr_t *dof = dtrace_dof_copyin(arg, &rval); 15866 15867 if (dof == NULL) 15868 return (rval); 15869 15870 mutex_enter(&dtrace_lock); 15871 15872 /* 15873 * dtrace_helper_slurp() takes responsibility for the dof -- 15874 * it may free it now or it may save it and free it later. 15875 */ 15876 if ((rval = dtrace_helper_slurp(dof, dhp)) != -1) { 15877 *rv = rval; 15878 rval = 0; 15879 } else { 15880 rval = EINVAL; 15881 } 15882 15883 mutex_exit(&dtrace_lock); 15884 return (rval); 15885 } 15886 15887 case DTRACEHIOC_REMOVE: { 15888 mutex_enter(&dtrace_lock); 15889 rval = dtrace_helper_destroygen(arg); 15890 mutex_exit(&dtrace_lock); 15891 15892 return (rval); 15893 } 15894 15895 default: 15896 break; 15897 } 15898 15899 return (ENOTTY); 15900} 15901 15902/*ARGSUSED*/ 15903static int 15904dtrace_ioctl(dev_t dev, int cmd, intptr_t arg, int md, cred_t *cr, int *rv) 15905{ 15906 minor_t minor = getminor(dev); 15907 dtrace_state_t *state; 15908 int rval; 15909 15910 if (minor == DTRACEMNRN_HELPER) 15911 return (dtrace_ioctl_helper(cmd, arg, rv)); 15912 15913 state = ddi_get_soft_state(dtrace_softstate, minor); 15914 15915 if (state->dts_anon) { 15916 ASSERT(dtrace_anon.dta_state == NULL); 15917 state = state->dts_anon; 15918 } 15919 15920 switch (cmd) { 15921 case DTRACEIOC_PROVIDER: { 15922 dtrace_providerdesc_t pvd; 15923 dtrace_provider_t *pvp; 15924 15925 if (copyin((void *)arg, &pvd, sizeof (pvd)) != 0) 15926 return (EFAULT); 15927 15928 pvd.dtvd_name[DTRACE_PROVNAMELEN - 1] = '\0'; 15929 mutex_enter(&dtrace_provider_lock); 15930 15931 for (pvp = dtrace_provider; pvp != NULL; pvp = pvp->dtpv_next) { 15932 if (strcmp(pvp->dtpv_name, pvd.dtvd_name) == 0) 15933 break; 15934 } 15935 15936 mutex_exit(&dtrace_provider_lock); 15937 15938 if (pvp == NULL) 15939 return (ESRCH); 15940 15941 bcopy(&pvp->dtpv_priv, &pvd.dtvd_priv, sizeof (dtrace_ppriv_t)); 15942 bcopy(&pvp->dtpv_attr, &pvd.dtvd_attr, sizeof (dtrace_pattr_t)); 15943 15944 if (copyout(&pvd, (void *)arg, sizeof (pvd)) != 0) 15945 return (EFAULT); 15946 15947 return (0); 15948 } 15949 15950 case DTRACEIOC_EPROBE: { 15951 dtrace_eprobedesc_t epdesc; 15952 dtrace_ecb_t *ecb; 15953 dtrace_action_t *act; 15954 void *buf; 15955 size_t size; 15956 uintptr_t dest; 15957 int nrecs; 15958 15959 if (copyin((void *)arg, &epdesc, sizeof (epdesc)) != 0) 15960 return (EFAULT); 15961 15962 mutex_enter(&dtrace_lock); 15963 15964 if ((ecb = dtrace_epid2ecb(state, epdesc.dtepd_epid)) == NULL) { 15965 mutex_exit(&dtrace_lock); 15966 return (EINVAL); 15967 } 15968 15969 if (ecb->dte_probe == NULL) { 15970 mutex_exit(&dtrace_lock); 15971 return (EINVAL); 15972 } 15973 15974 epdesc.dtepd_probeid = ecb->dte_probe->dtpr_id; 15975 epdesc.dtepd_uarg = ecb->dte_uarg; 15976 epdesc.dtepd_size = ecb->dte_size; 15977 15978 nrecs = epdesc.dtepd_nrecs; 15979 epdesc.dtepd_nrecs = 0; 15980 for (act = ecb->dte_action; act != NULL; act = act->dta_next) { 15981 if (DTRACEACT_ISAGG(act->dta_kind) || act->dta_intuple) 15982 continue; 15983 15984 epdesc.dtepd_nrecs++; 15985 } 15986 15987 /* 15988 * Now that we have the size, we need to allocate a temporary 15989 * buffer in which to store the complete description. We need 15990 * the temporary buffer to be able to drop dtrace_lock() 15991 * across the copyout(), below. 15992 */ 15993 size = sizeof (dtrace_eprobedesc_t) + 15994 (epdesc.dtepd_nrecs * sizeof (dtrace_recdesc_t)); 15995 15996 buf = kmem_alloc(size, KM_SLEEP); 15997 dest = (uintptr_t)buf; 15998 15999 bcopy(&epdesc, (void *)dest, sizeof (epdesc)); 16000 dest += offsetof(dtrace_eprobedesc_t, dtepd_rec[0]); 16001 16002 for (act = ecb->dte_action; act != NULL; act = act->dta_next) { 16003 if (DTRACEACT_ISAGG(act->dta_kind) || act->dta_intuple) 16004 continue; 16005 16006 if (nrecs-- == 0) 16007 break; 16008 16009 bcopy(&act->dta_rec, (void *)dest, 16010 sizeof (dtrace_recdesc_t)); 16011 dest += sizeof (dtrace_recdesc_t); 16012 } 16013 16014 mutex_exit(&dtrace_lock); 16015 16016 if (copyout(buf, (void *)arg, dest - (uintptr_t)buf) != 0) { 16017 kmem_free(buf, size); 16018 return (EFAULT); 16019 } 16020 16021 kmem_free(buf, size); 16022 return (0); 16023 } 16024 16025 case DTRACEIOC_AGGDESC: { 16026 dtrace_aggdesc_t aggdesc; 16027 dtrace_action_t *act; 16028 dtrace_aggregation_t *agg; 16029 int nrecs; 16030 uint32_t offs; 16031 dtrace_recdesc_t *lrec; 16032 void *buf; 16033 size_t size; 16034 uintptr_t dest; 16035 16036 if (copyin((void *)arg, &aggdesc, sizeof (aggdesc)) != 0) 16037 return (EFAULT); 16038 16039 mutex_enter(&dtrace_lock); 16040 16041 if ((agg = dtrace_aggid2agg(state, aggdesc.dtagd_id)) == NULL) { 16042 mutex_exit(&dtrace_lock); 16043 return (EINVAL); 16044 } 16045 16046 aggdesc.dtagd_epid = agg->dtag_ecb->dte_epid; 16047 16048 nrecs = aggdesc.dtagd_nrecs; 16049 aggdesc.dtagd_nrecs = 0; 16050 16051 offs = agg->dtag_base; 16052 lrec = &agg->dtag_action.dta_rec; 16053 aggdesc.dtagd_size = lrec->dtrd_offset + lrec->dtrd_size - offs; 16054 16055 for (act = agg->dtag_first; ; act = act->dta_next) { 16056 ASSERT(act->dta_intuple || 16057 DTRACEACT_ISAGG(act->dta_kind)); 16058 16059 /* 16060 * If this action has a record size of zero, it 16061 * denotes an argument to the aggregating action. 16062 * Because the presence of this record doesn't (or 16063 * shouldn't) affect the way the data is interpreted, 16064 * we don't copy it out to save user-level the 16065 * confusion of dealing with a zero-length record. 16066 */ 16067 if (act->dta_rec.dtrd_size == 0) { 16068 ASSERT(agg->dtag_hasarg); 16069 continue; 16070 } 16071 16072 aggdesc.dtagd_nrecs++; 16073 16074 if (act == &agg->dtag_action) 16075 break; 16076 } 16077 16078 /* 16079 * Now that we have the size, we need to allocate a temporary 16080 * buffer in which to store the complete description. We need 16081 * the temporary buffer to be able to drop dtrace_lock() 16082 * across the copyout(), below. 16083 */ 16084 size = sizeof (dtrace_aggdesc_t) + 16085 (aggdesc.dtagd_nrecs * sizeof (dtrace_recdesc_t)); 16086 16087 buf = kmem_alloc(size, KM_SLEEP); 16088 dest = (uintptr_t)buf; 16089 16090 bcopy(&aggdesc, (void *)dest, sizeof (aggdesc)); 16091 dest += offsetof(dtrace_aggdesc_t, dtagd_rec[0]); 16092 16093 for (act = agg->dtag_first; ; act = act->dta_next) { 16094 dtrace_recdesc_t rec = act->dta_rec; 16095 16096 /* 16097 * See the comment in the above loop for why we pass 16098 * over zero-length records. 16099 */ 16100 if (rec.dtrd_size == 0) { 16101 ASSERT(agg->dtag_hasarg); 16102 continue; 16103 } 16104 16105 if (nrecs-- == 0) 16106 break; 16107 16108 rec.dtrd_offset -= offs; 16109 bcopy(&rec, (void *)dest, sizeof (rec)); 16110 dest += sizeof (dtrace_recdesc_t); 16111 16112 if (act == &agg->dtag_action) 16113 break; 16114 } 16115 16116 mutex_exit(&dtrace_lock); 16117 16118 if (copyout(buf, (void *)arg, dest - (uintptr_t)buf) != 0) { 16119 kmem_free(buf, size); 16120 return (EFAULT); 16121 } 16122 16123 kmem_free(buf, size); 16124 return (0); 16125 } 16126 16127 case DTRACEIOC_ENABLE: { 16128 dof_hdr_t *dof; 16129 dtrace_enabling_t *enab = NULL; 16130 dtrace_vstate_t *vstate; 16131 int err = 0; 16132 16133 *rv = 0; 16134 16135 /* 16136 * If a NULL argument has been passed, we take this as our 16137 * cue to reevaluate our enablings. 16138 */ 16139 if (arg == NULL) { 16140 dtrace_enabling_matchall(); 16141 16142 return (0); 16143 } 16144 16145 if ((dof = dtrace_dof_copyin(arg, &rval)) == NULL) 16146 return (rval); 16147 16148 mutex_enter(&cpu_lock); 16149 mutex_enter(&dtrace_lock); 16150 vstate = &state->dts_vstate; 16151 16152 if (state->dts_activity != DTRACE_ACTIVITY_INACTIVE) { 16153 mutex_exit(&dtrace_lock); 16154 mutex_exit(&cpu_lock); 16155 dtrace_dof_destroy(dof); 16156 return (EBUSY); 16157 } 16158 16159 if (dtrace_dof_slurp(dof, vstate, cr, &enab, 0, B_TRUE) != 0) { 16160 mutex_exit(&dtrace_lock); 16161 mutex_exit(&cpu_lock); 16162 dtrace_dof_destroy(dof); 16163 return (EINVAL); 16164 } 16165 16166 if ((rval = dtrace_dof_options(dof, state)) != 0) { 16167 dtrace_enabling_destroy(enab); 16168 mutex_exit(&dtrace_lock); 16169 mutex_exit(&cpu_lock); 16170 dtrace_dof_destroy(dof); 16171 return (rval); 16172 } 16173 16174 if ((err = dtrace_enabling_match(enab, rv)) == 0) { 16175 err = dtrace_enabling_retain(enab); 16176 } else { 16177 dtrace_enabling_destroy(enab); 16178 } 16179 16180 mutex_exit(&cpu_lock); 16181 mutex_exit(&dtrace_lock); 16182 dtrace_dof_destroy(dof); 16183 16184 return (err); 16185 } 16186 16187 case DTRACEIOC_REPLICATE: { 16188 dtrace_repldesc_t desc; 16189 dtrace_probedesc_t *match = &desc.dtrpd_match; 16190 dtrace_probedesc_t *create = &desc.dtrpd_create; 16191 int err; 16192 16193 if (copyin((void *)arg, &desc, sizeof (desc)) != 0) 16194 return (EFAULT); 16195 16196 match->dtpd_provider[DTRACE_PROVNAMELEN - 1] = '\0'; 16197 match->dtpd_mod[DTRACE_MODNAMELEN - 1] = '\0'; 16198 match->dtpd_func[DTRACE_FUNCNAMELEN - 1] = '\0'; 16199 match->dtpd_name[DTRACE_NAMELEN - 1] = '\0'; 16200 16201 create->dtpd_provider[DTRACE_PROVNAMELEN - 1] = '\0'; 16202 create->dtpd_mod[DTRACE_MODNAMELEN - 1] = '\0'; 16203 create->dtpd_func[DTRACE_FUNCNAMELEN - 1] = '\0'; 16204 create->dtpd_name[DTRACE_NAMELEN - 1] = '\0'; 16205 16206 mutex_enter(&dtrace_lock); 16207 err = dtrace_enabling_replicate(state, match, create); 16208 mutex_exit(&dtrace_lock); 16209 16210 return (err); 16211 } 16212 16213 case DTRACEIOC_PROBEMATCH: 16214 case DTRACEIOC_PROBES: { 16215 dtrace_probe_t *probe = NULL; 16216 dtrace_probedesc_t desc; 16217 dtrace_probekey_t pkey; 16218 dtrace_id_t i; 16219 int m = 0; 16220 uint32_t priv; 16221 uid_t uid; 16222 zoneid_t zoneid; 16223 16224 if (copyin((void *)arg, &desc, sizeof (desc)) != 0) 16225 return (EFAULT); 16226 16227 desc.dtpd_provider[DTRACE_PROVNAMELEN - 1] = '\0'; 16228 desc.dtpd_mod[DTRACE_MODNAMELEN - 1] = '\0'; 16229 desc.dtpd_func[DTRACE_FUNCNAMELEN - 1] = '\0'; 16230 desc.dtpd_name[DTRACE_NAMELEN - 1] = '\0'; 16231 16232 /* 16233 * Before we attempt to match this probe, we want to give 16234 * all providers the opportunity to provide it. 16235 */ 16236 if (desc.dtpd_id == DTRACE_IDNONE) { 16237 mutex_enter(&dtrace_provider_lock); 16238 dtrace_probe_provide(&desc, NULL); 16239 mutex_exit(&dtrace_provider_lock); 16240 desc.dtpd_id++; 16241 } 16242 16243 if (cmd == DTRACEIOC_PROBEMATCH) { 16244 dtrace_probekey(&desc, &pkey); 16245 pkey.dtpk_id = DTRACE_IDNONE; 16246 } 16247 16248 dtrace_cred2priv(cr, &priv, &uid, &zoneid); 16249 16250 mutex_enter(&dtrace_lock); 16251 16252 if (cmd == DTRACEIOC_PROBEMATCH) { 16253 for (i = desc.dtpd_id; i <= dtrace_nprobes; i++) { 16254 if ((probe = dtrace_probes[i - 1]) != NULL && 16255 (m = dtrace_match_probe(probe, &pkey, 16256 priv, uid, zoneid)) != 0) 16257 break; 16258 } 16259 16260 if (m < 0) { 16261 mutex_exit(&dtrace_lock); 16262 return (EINVAL); 16263 } 16264 16265 } else { 16266 for (i = desc.dtpd_id; i <= dtrace_nprobes; i++) { 16267 if ((probe = dtrace_probes[i - 1]) != NULL && 16268 dtrace_match_priv(probe, priv, uid, zoneid)) 16269 break; 16270 } 16271 } 16272 16273 if (probe == NULL) { 16274 mutex_exit(&dtrace_lock); 16275 return (ESRCH); 16276 } 16277 16278 dtrace_probe_description(probe, &desc); 16279 mutex_exit(&dtrace_lock); 16280 16281 if (copyout(&desc, (void *)arg, sizeof (desc)) != 0) 16282 return (EFAULT); 16283 16284 return (0); 16285 } 16286 16287 case DTRACEIOC_PROBEARG: { 16288 dtrace_argdesc_t desc; 16289 dtrace_probe_t *probe; 16290 dtrace_provider_t *prov; 16291 16292 if (copyin((void *)arg, &desc, sizeof (desc)) != 0) 16293 return (EFAULT); 16294 16295 if (desc.dtargd_id == DTRACE_IDNONE) 16296 return (EINVAL); 16297 16298 if (desc.dtargd_ndx == DTRACE_ARGNONE) 16299 return (EINVAL); 16300 16301 mutex_enter(&dtrace_provider_lock); 16302 mutex_enter(&mod_lock); 16303 mutex_enter(&dtrace_lock); 16304 16305 if (desc.dtargd_id > dtrace_nprobes) { 16306 mutex_exit(&dtrace_lock); 16307 mutex_exit(&mod_lock); 16308 mutex_exit(&dtrace_provider_lock); 16309 return (EINVAL); 16310 } 16311 16312 if ((probe = dtrace_probes[desc.dtargd_id - 1]) == NULL) { 16313 mutex_exit(&dtrace_lock); 16314 mutex_exit(&mod_lock); 16315 mutex_exit(&dtrace_provider_lock); 16316 return (EINVAL); 16317 } 16318 16319 mutex_exit(&dtrace_lock); 16320 16321 prov = probe->dtpr_provider; 16322 16323 if (prov->dtpv_pops.dtps_getargdesc == NULL) { 16324 /* 16325 * There isn't any typed information for this probe. 16326 * Set the argument number to DTRACE_ARGNONE. 16327 */ 16328 desc.dtargd_ndx = DTRACE_ARGNONE; 16329 } else { 16330 desc.dtargd_native[0] = '\0'; 16331 desc.dtargd_xlate[0] = '\0'; 16332 desc.dtargd_mapping = desc.dtargd_ndx; 16333 16334 prov->dtpv_pops.dtps_getargdesc(prov->dtpv_arg, 16335 probe->dtpr_id, probe->dtpr_arg, &desc); 16336 } 16337 16338 mutex_exit(&mod_lock); 16339 mutex_exit(&dtrace_provider_lock); 16340 16341 if (copyout(&desc, (void *)arg, sizeof (desc)) != 0) 16342 return (EFAULT); 16343 16344 return (0); 16345 } 16346 16347 case DTRACEIOC_GO: { 16348 processorid_t cpuid; 16349 rval = dtrace_state_go(state, &cpuid); 16350 16351 if (rval != 0) 16352 return (rval); 16353 16354 if (copyout(&cpuid, (void *)arg, sizeof (cpuid)) != 0) 16355 return (EFAULT); 16356 16357 return (0); 16358 } 16359 16360 case DTRACEIOC_STOP: { 16361 processorid_t cpuid; 16362 16363 mutex_enter(&dtrace_lock); 16364 rval = dtrace_state_stop(state, &cpuid); 16365 mutex_exit(&dtrace_lock); 16366 16367 if (rval != 0) 16368 return (rval); 16369 16370 if (copyout(&cpuid, (void *)arg, sizeof (cpuid)) != 0) 16371 return (EFAULT); 16372 16373 return (0); 16374 } 16375 16376 case DTRACEIOC_DOFGET: { 16377 dof_hdr_t hdr, *dof; 16378 uint64_t len; 16379 16380 if (copyin((void *)arg, &hdr, sizeof (hdr)) != 0) 16381 return (EFAULT); 16382 16383 mutex_enter(&dtrace_lock); 16384 dof = dtrace_dof_create(state); 16385 mutex_exit(&dtrace_lock); 16386 16387 len = MIN(hdr.dofh_loadsz, dof->dofh_loadsz); 16388 rval = copyout(dof, (void *)arg, len); 16389 dtrace_dof_destroy(dof); 16390 16391 return (rval == 0 ? 0 : EFAULT); 16392 } 16393 16394 case DTRACEIOC_AGGSNAP: 16395 case DTRACEIOC_BUFSNAP: { 16396 dtrace_bufdesc_t desc; 16397 caddr_t cached; 16398 dtrace_buffer_t *buf; 16399 16400 if (copyin((void *)arg, &desc, sizeof (desc)) != 0) 16401 return (EFAULT); 16402 16403 if (desc.dtbd_cpu < 0 || desc.dtbd_cpu >= NCPU) 16404 return (EINVAL); 16405 16406 mutex_enter(&dtrace_lock); 16407 16408 if (cmd == DTRACEIOC_BUFSNAP) { 16409 buf = &state->dts_buffer[desc.dtbd_cpu]; 16410 } else { 16411 buf = &state->dts_aggbuffer[desc.dtbd_cpu]; 16412 } 16413 16414 if (buf->dtb_flags & (DTRACEBUF_RING | DTRACEBUF_FILL)) { 16415 size_t sz = buf->dtb_offset; 16416 16417 if (state->dts_activity != DTRACE_ACTIVITY_STOPPED) { 16418 mutex_exit(&dtrace_lock); 16419 return (EBUSY); 16420 } 16421 16422 /* 16423 * If this buffer has already been consumed, we're 16424 * going to indicate that there's nothing left here 16425 * to consume. 16426 */ 16427 if (buf->dtb_flags & DTRACEBUF_CONSUMED) { 16428 mutex_exit(&dtrace_lock); 16429 16430 desc.dtbd_size = 0; 16431 desc.dtbd_drops = 0; 16432 desc.dtbd_errors = 0; 16433 desc.dtbd_oldest = 0; 16434 sz = sizeof (desc); 16435 16436 if (copyout(&desc, (void *)arg, sz) != 0) 16437 return (EFAULT); 16438 16439 return (0); 16440 } 16441 16442 /* 16443 * If this is a ring buffer that has wrapped, we want 16444 * to copy the whole thing out. 16445 */ 16446 if (buf->dtb_flags & DTRACEBUF_WRAPPED) { 16447 dtrace_buffer_polish(buf); 16448 sz = buf->dtb_size; 16449 } 16450 16451 if (copyout(buf->dtb_tomax, desc.dtbd_data, sz) != 0) { 16452 mutex_exit(&dtrace_lock); 16453 return (EFAULT); 16454 } 16455 16456 desc.dtbd_size = sz; 16457 desc.dtbd_drops = buf->dtb_drops; 16458 desc.dtbd_errors = buf->dtb_errors; 16459 desc.dtbd_oldest = buf->dtb_xamot_offset; 16460 desc.dtbd_timestamp = dtrace_gethrtime(); 16461 16462 mutex_exit(&dtrace_lock); 16463 16464 if (copyout(&desc, (void *)arg, sizeof (desc)) != 0) 16465 return (EFAULT); 16466 16467 buf->dtb_flags |= DTRACEBUF_CONSUMED; 16468 16469 return (0); 16470 } 16471 16472 if (buf->dtb_tomax == NULL) { 16473 ASSERT(buf->dtb_xamot == NULL); 16474 mutex_exit(&dtrace_lock); 16475 return (ENOENT); 16476 } 16477 16478 cached = buf->dtb_tomax; 16479 ASSERT(!(buf->dtb_flags & DTRACEBUF_NOSWITCH)); 16480 16481 dtrace_xcall(desc.dtbd_cpu, 16482 (dtrace_xcall_t)dtrace_buffer_switch, buf); 16483 16484 state->dts_errors += buf->dtb_xamot_errors; 16485 16486 /* 16487 * If the buffers did not actually switch, then the cross call 16488 * did not take place -- presumably because the given CPU is 16489 * not in the ready set. If this is the case, we'll return 16490 * ENOENT. 16491 */ 16492 if (buf->dtb_tomax == cached) { 16493 ASSERT(buf->dtb_xamot != cached); 16494 mutex_exit(&dtrace_lock); 16495 return (ENOENT); 16496 } 16497 16498 ASSERT(cached == buf->dtb_xamot); 16499 16500 /* 16501 * We have our snapshot; now copy it out. 16502 */ 16503 if (copyout(buf->dtb_xamot, desc.dtbd_data, 16504 buf->dtb_xamot_offset) != 0) { 16505 mutex_exit(&dtrace_lock); 16506 return (EFAULT); 16507 } 16508 16509 desc.dtbd_size = buf->dtb_xamot_offset; 16510 desc.dtbd_drops = buf->dtb_xamot_drops; 16511 desc.dtbd_errors = buf->dtb_xamot_errors; 16512 desc.dtbd_oldest = 0; 16513 desc.dtbd_timestamp = buf->dtb_switched; 16514 16515 mutex_exit(&dtrace_lock); 16516 16517 /* 16518 * Finally, copy out the buffer description. 16519 */ 16520 if (copyout(&desc, (void *)arg, sizeof (desc)) != 0) 16521 return (EFAULT); 16522 16523 return (0); 16524 } 16525 16526 case DTRACEIOC_CONF: { 16527 dtrace_conf_t conf; 16528 16529 bzero(&conf, sizeof (conf)); 16530 conf.dtc_difversion = DIF_VERSION; 16531 conf.dtc_difintregs = DIF_DIR_NREGS; 16532 conf.dtc_diftupregs = DIF_DTR_NREGS; 16533 conf.dtc_ctfmodel = CTF_MODEL_NATIVE; 16534 16535 if (copyout(&conf, (void *)arg, sizeof (conf)) != 0) 16536 return (EFAULT); 16537 16538 return (0); 16539 } 16540 16541 case DTRACEIOC_STATUS: { 16542 dtrace_status_t stat; 16543 dtrace_dstate_t *dstate; 16544 int i, j; 16545 uint64_t nerrs; 16546 16547 /* 16548 * See the comment in dtrace_state_deadman() for the reason 16549 * for setting dts_laststatus to INT64_MAX before setting 16550 * it to the correct value. 16551 */ 16552 state->dts_laststatus = INT64_MAX; 16553 dtrace_membar_producer(); 16554 state->dts_laststatus = dtrace_gethrtime(); 16555 16556 bzero(&stat, sizeof (stat)); 16557 16558 mutex_enter(&dtrace_lock); 16559 16560 if (state->dts_activity == DTRACE_ACTIVITY_INACTIVE) { 16561 mutex_exit(&dtrace_lock); 16562 return (ENOENT); 16563 } 16564 16565 if (state->dts_activity == DTRACE_ACTIVITY_DRAINING) 16566 stat.dtst_exiting = 1; 16567 16568 nerrs = state->dts_errors; 16569 dstate = &state->dts_vstate.dtvs_dynvars; 16570 16571 for (i = 0; i < NCPU; i++) { 16572 dtrace_dstate_percpu_t *dcpu = &dstate->dtds_percpu[i]; 16573 16574 stat.dtst_dyndrops += dcpu->dtdsc_drops; 16575 stat.dtst_dyndrops_dirty += dcpu->dtdsc_dirty_drops; 16576 stat.dtst_dyndrops_rinsing += dcpu->dtdsc_rinsing_drops; 16577 16578 if (state->dts_buffer[i].dtb_flags & DTRACEBUF_FULL) 16579 stat.dtst_filled++; 16580 16581 nerrs += state->dts_buffer[i].dtb_errors; 16582 16583 for (j = 0; j < state->dts_nspeculations; j++) { 16584 dtrace_speculation_t *spec; 16585 dtrace_buffer_t *buf; 16586 16587 spec = &state->dts_speculations[j]; 16588 buf = &spec->dtsp_buffer[i]; 16589 stat.dtst_specdrops += buf->dtb_xamot_drops; 16590 } 16591 } 16592 16593 stat.dtst_specdrops_busy = state->dts_speculations_busy; 16594 stat.dtst_specdrops_unavail = state->dts_speculations_unavail; 16595 stat.dtst_stkstroverflows = state->dts_stkstroverflows; 16596 stat.dtst_dblerrors = state->dts_dblerrors; 16597 stat.dtst_killed = 16598 (state->dts_activity == DTRACE_ACTIVITY_KILLED); 16599 stat.dtst_errors = nerrs; 16600 16601 mutex_exit(&dtrace_lock); 16602 16603 if (copyout(&stat, (void *)arg, sizeof (stat)) != 0) 16604 return (EFAULT); 16605 16606 return (0); 16607 } 16608 16609 case DTRACEIOC_FORMAT: { 16610 dtrace_fmtdesc_t fmt; 16611 char *str; 16612 int len; 16613 16614 if (copyin((void *)arg, &fmt, sizeof (fmt)) != 0) 16615 return (EFAULT); 16616 16617 mutex_enter(&dtrace_lock); 16618 16619 if (fmt.dtfd_format == 0 || 16620 fmt.dtfd_format > state->dts_nformats) { 16621 mutex_exit(&dtrace_lock); 16622 return (EINVAL); 16623 } 16624 16625 /* 16626 * Format strings are allocated contiguously and they are 16627 * never freed; if a format index is less than the number 16628 * of formats, we can assert that the format map is non-NULL 16629 * and that the format for the specified index is non-NULL. 16630 */ 16631 ASSERT(state->dts_formats != NULL); 16632 str = state->dts_formats[fmt.dtfd_format - 1]; 16633 ASSERT(str != NULL); 16634 16635 len = strlen(str) + 1; 16636 16637 if (len > fmt.dtfd_length) { 16638 fmt.dtfd_length = len; 16639 16640 if (copyout(&fmt, (void *)arg, sizeof (fmt)) != 0) { 16641 mutex_exit(&dtrace_lock); 16642 return (EINVAL); 16643 } 16644 } else { 16645 if (copyout(str, fmt.dtfd_string, len) != 0) { 16646 mutex_exit(&dtrace_lock); 16647 return (EINVAL); 16648 } 16649 } 16650 16651 mutex_exit(&dtrace_lock); 16652 return (0); 16653 } 16654 16655 default: 16656 break; 16657 } 16658 16659 return (ENOTTY); 16660} 16661 16662/*ARGSUSED*/ 16663static int 16664dtrace_detach(dev_info_t *dip, ddi_detach_cmd_t cmd) 16665{ 16666 dtrace_state_t *state; 16667 16668 switch (cmd) { 16669 case DDI_DETACH: 16670 break; 16671 16672 case DDI_SUSPEND: 16673 return (DDI_SUCCESS); 16674 16675 default: 16676 return (DDI_FAILURE); 16677 } 16678 16679 mutex_enter(&cpu_lock); 16680 mutex_enter(&dtrace_provider_lock); 16681 mutex_enter(&dtrace_lock); 16682 16683 ASSERT(dtrace_opens == 0); 16684 16685 if (dtrace_helpers > 0) { 16686 mutex_exit(&dtrace_provider_lock); 16687 mutex_exit(&dtrace_lock); 16688 mutex_exit(&cpu_lock); 16689 return (DDI_FAILURE); 16690 } 16691 16692 if (dtrace_unregister((dtrace_provider_id_t)dtrace_provider) != 0) { 16693 mutex_exit(&dtrace_provider_lock); 16694 mutex_exit(&dtrace_lock); 16695 mutex_exit(&cpu_lock); 16696 return (DDI_FAILURE); 16697 } 16698 16699 dtrace_provider = NULL; 16700 16701 if ((state = dtrace_anon_grab()) != NULL) { 16702 /* 16703 * If there were ECBs on this state, the provider should 16704 * have not been allowed to detach; assert that there is 16705 * none. 16706 */ 16707 ASSERT(state->dts_necbs == 0); 16708 dtrace_state_destroy(state); 16709 16710 /* 16711 * If we're being detached with anonymous state, we need to 16712 * indicate to the kernel debugger that DTrace is now inactive. 16713 */ 16714 (void) kdi_dtrace_set(KDI_DTSET_DTRACE_DEACTIVATE); 16715 } 16716 16717 bzero(&dtrace_anon, sizeof (dtrace_anon_t)); 16718 unregister_cpu_setup_func((cpu_setup_func_t *)dtrace_cpu_setup, NULL); 16719 dtrace_cpu_init = NULL; 16720 dtrace_helpers_cleanup = NULL; 16721 dtrace_helpers_fork = NULL; 16722 dtrace_cpustart_init = NULL; 16723 dtrace_cpustart_fini = NULL; 16724 dtrace_debugger_init = NULL; 16725 dtrace_debugger_fini = NULL; 16726 dtrace_modload = NULL; 16727 dtrace_modunload = NULL; 16728 16729 mutex_exit(&cpu_lock); 16730 16731 if (dtrace_helptrace_enabled) { 16732 kmem_free(dtrace_helptrace_buffer, dtrace_helptrace_bufsize); 16733 dtrace_helptrace_buffer = NULL; 16734 } 16735 16736 kmem_free(dtrace_probes, dtrace_nprobes * sizeof (dtrace_probe_t *)); 16737 dtrace_probes = NULL; 16738 dtrace_nprobes = 0; 16739 16740 dtrace_hash_destroy(dtrace_bymod); 16741 dtrace_hash_destroy(dtrace_byfunc); 16742 dtrace_hash_destroy(dtrace_byname); 16743 dtrace_bymod = NULL; 16744 dtrace_byfunc = NULL; 16745 dtrace_byname = NULL; 16746 16747 kmem_cache_destroy(dtrace_state_cache); 16748 vmem_destroy(dtrace_minor); 16749 vmem_destroy(dtrace_arena); 16750 16751 if (dtrace_toxrange != NULL) { 16752 kmem_free(dtrace_toxrange, 16753 dtrace_toxranges_max * sizeof (dtrace_toxrange_t)); 16754 dtrace_toxrange = NULL; 16755 dtrace_toxranges = 0; 16756 dtrace_toxranges_max = 0; 16757 } 16758 16759 ddi_remove_minor_node(dtrace_devi, NULL); 16760 dtrace_devi = NULL; 16761 16762 ddi_soft_state_fini(&dtrace_softstate); 16763 16764 ASSERT(dtrace_vtime_references == 0); 16765 ASSERT(dtrace_opens == 0); 16766 ASSERT(dtrace_retained == NULL); 16767 16768 mutex_exit(&dtrace_lock); 16769 mutex_exit(&dtrace_provider_lock); 16770 16771 /* 16772 * We don't destroy the task queue until after we have dropped our 16773 * locks (taskq_destroy() may block on running tasks). To prevent 16774 * attempting to do work after we have effectively detached but before 16775 * the task queue has been destroyed, all tasks dispatched via the 16776 * task queue must check that DTrace is still attached before 16777 * performing any operation. 16778 */ 16779 taskq_destroy(dtrace_taskq); 16780 dtrace_taskq = NULL; 16781 16782 return (DDI_SUCCESS); 16783} 16784#endif 16785 16786#if defined(sun) 16787/*ARGSUSED*/ 16788static int 16789dtrace_info(dev_info_t *dip, ddi_info_cmd_t infocmd, void *arg, void **result) 16790{ 16791 int error; 16792 16793 switch (infocmd) { 16794 case DDI_INFO_DEVT2DEVINFO: 16795 *result = (void *)dtrace_devi; 16796 error = DDI_SUCCESS; 16797 break; 16798 case DDI_INFO_DEVT2INSTANCE: 16799 *result = (void *)0; 16800 error = DDI_SUCCESS; 16801 break; 16802 default: 16803 error = DDI_FAILURE; 16804 } 16805 return (error); 16806} 16807#endif 16808 16809#if defined(sun) 16810static struct cb_ops dtrace_cb_ops = { 16811 dtrace_open, /* open */ 16812 dtrace_close, /* close */ 16813 nulldev, /* strategy */ 16814 nulldev, /* print */ 16815 nodev, /* dump */ 16816 nodev, /* read */ 16817 nodev, /* write */ 16818 dtrace_ioctl, /* ioctl */ 16819 nodev, /* devmap */ 16820 nodev, /* mmap */ 16821 nodev, /* segmap */ 16822 nochpoll, /* poll */ 16823 ddi_prop_op, /* cb_prop_op */ 16824 0, /* streamtab */ 16825 D_NEW | D_MP /* Driver compatibility flag */ 16826}; 16827 16828static struct dev_ops dtrace_ops = { 16829 DEVO_REV, /* devo_rev */ 16830 0, /* refcnt */ 16831 dtrace_info, /* get_dev_info */ 16832 nulldev, /* identify */ 16833 nulldev, /* probe */ 16834 dtrace_attach, /* attach */ 16835 dtrace_detach, /* detach */ 16836 nodev, /* reset */ 16837 &dtrace_cb_ops, /* driver operations */ 16838 NULL, /* bus operations */ 16839 nodev /* dev power */ 16840}; 16841 16842static struct modldrv modldrv = { 16843 &mod_driverops, /* module type (this is a pseudo driver) */ 16844 "Dynamic Tracing", /* name of module */ 16845 &dtrace_ops, /* driver ops */ 16846}; 16847 16848static struct modlinkage modlinkage = { 16849 MODREV_1, 16850 (void *)&modldrv, 16851 NULL 16852}; 16853 16854int 16855_init(void) 16856{ 16857 return (mod_install(&modlinkage)); 16858} 16859 16860int 16861_info(struct modinfo *modinfop) 16862{ 16863 return (mod_info(&modlinkage, modinfop)); 16864} 16865 16866int 16867_fini(void) 16868{ 16869 return (mod_remove(&modlinkage)); 16870} 16871#else 16872 16873static d_ioctl_t dtrace_ioctl; 16874static d_ioctl_t dtrace_ioctl_helper; 16875static void dtrace_load(void *); 16876static int dtrace_unload(void); 16877#if __FreeBSD_version < 800039 16878static void dtrace_clone(void *, struct ucred *, char *, int , struct cdev **); 16879static struct clonedevs *dtrace_clones; /* Ptr to the array of cloned devices. */ 16880static eventhandler_tag eh_tag; /* Event handler tag. */ 16881#else 16882static struct cdev *dtrace_dev; 16883static struct cdev *helper_dev; 16884#endif 16885 16886void dtrace_invop_init(void); 16887void dtrace_invop_uninit(void); 16888 16889static struct cdevsw dtrace_cdevsw = { 16890 .d_version = D_VERSION, 16891 .d_flags = D_TRACKCLOSE | D_NEEDMINOR, 16892 .d_close = dtrace_close, 16893 .d_ioctl = dtrace_ioctl, 16894 .d_open = dtrace_open, 16895 .d_name = "dtrace", 16896}; 16897 16898static struct cdevsw helper_cdevsw = { 16899 .d_version = D_VERSION, 16900 .d_flags = D_TRACKCLOSE | D_NEEDMINOR, 16901 .d_ioctl = dtrace_ioctl_helper, 16902 .d_name = "helper", 16903}; 16904 16905#include <dtrace_anon.c> 16906#if __FreeBSD_version < 800039 16907#include <dtrace_clone.c> 16908#endif 16909#include <dtrace_ioctl.c> 16910#include <dtrace_load.c> 16911#include <dtrace_modevent.c> 16912#include <dtrace_sysctl.c> 16913#include <dtrace_unload.c> 16914#include <dtrace_vtime.c> 16915#include <dtrace_hacks.c> 16916#include <dtrace_isa.c> 16917 16918SYSINIT(dtrace_load, SI_SUB_DTRACE, SI_ORDER_FIRST, dtrace_load, NULL); 16919SYSUNINIT(dtrace_unload, SI_SUB_DTRACE, SI_ORDER_FIRST, dtrace_unload, NULL); 16920SYSINIT(dtrace_anon_init, SI_SUB_DTRACE_ANON, SI_ORDER_FIRST, dtrace_anon_init, NULL); 16921 16922DEV_MODULE(dtrace, dtrace_modevent, NULL); 16923MODULE_VERSION(dtrace, 1); 16924MODULE_DEPEND(dtrace, cyclic, 1, 1, 1); 16925MODULE_DEPEND(dtrace, opensolaris, 1, 1, 1); 16926#endif 16927