1/* SPDX-License-Identifier: LGPL-2.1 WITH Linux-syscall-note */ 2/* 3 * cn_proc.h - process events connector 4 * 5 * Copyright (C) Matt Helsley, IBM Corp. 2005 6 * Based on cn_fork.h by Nguyen Anh Quynh and Guillaume Thouvenin 7 * Copyright (C) 2005 Nguyen Anh Quynh <aquynh@gmail.com> 8 * Copyright (C) 2005 Guillaume Thouvenin <guillaume.thouvenin@bull.net> 9 * 10 * This program is free software; you can redistribute it and/or modify it 11 * under the terms of version 2.1 of the GNU Lesser General Public License 12 * as published by the Free Software Foundation. 13 * 14 * This program is distributed in the hope that it would be useful, but 15 * WITHOUT ANY WARRANTY; without even the implied warranty of 16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 17 */ 18 19#ifndef _UAPICN_PROC_H 20#define _UAPICN_PROC_H 21 22#include <linux/types.h> 23 24/* 25 * Userspace sends this enum to register with the kernel that it is listening 26 * for events on the connector. 27 */ 28enum proc_cn_mcast_op { 29 PROC_CN_MCAST_LISTEN = 1, 30 PROC_CN_MCAST_IGNORE = 2 31}; 32 33#define PROC_EVENT_ALL (PROC_EVENT_FORK | PROC_EVENT_EXEC | PROC_EVENT_UID | \ 34 PROC_EVENT_GID | PROC_EVENT_SID | PROC_EVENT_PTRACE | \ 35 PROC_EVENT_COMM | PROC_EVENT_NONZERO_EXIT | \ 36 PROC_EVENT_COREDUMP | PROC_EVENT_EXIT) 37 38/* 39 * If you add an entry in proc_cn_event, make sure you add it in 40 * PROC_EVENT_ALL above as well. 41 */ 42enum proc_cn_event { 43 /* Use successive bits so the enums can be used to record 44 * sets of events as well 45 */ 46 PROC_EVENT_NONE = 0x00000000, 47 PROC_EVENT_FORK = 0x00000001, 48 PROC_EVENT_EXEC = 0x00000002, 49 PROC_EVENT_UID = 0x00000004, 50 PROC_EVENT_GID = 0x00000040, 51 PROC_EVENT_SID = 0x00000080, 52 PROC_EVENT_PTRACE = 0x00000100, 53 PROC_EVENT_COMM = 0x00000200, 54 /* "next" should be 0x00000400 */ 55 /* "last" is the last process event: exit, 56 * while "next to last" is coredumping event 57 * before that is report only if process dies 58 * with non-zero exit status 59 */ 60 PROC_EVENT_NONZERO_EXIT = 0x20000000, 61 PROC_EVENT_COREDUMP = 0x40000000, 62 PROC_EVENT_EXIT = 0x80000000 63}; 64 65struct proc_input { 66 enum proc_cn_mcast_op mcast_op; 67 enum proc_cn_event event_type; 68}; 69 70static inline enum proc_cn_event valid_event(enum proc_cn_event ev_type) 71{ 72 ev_type &= PROC_EVENT_ALL; 73 return ev_type; 74} 75 76/* 77 * From the user's point of view, the process 78 * ID is the thread group ID and thread ID is the internal 79 * kernel "pid". So, fields are assigned as follow: 80 * 81 * In user space - In kernel space 82 * 83 * parent process ID = parent->tgid 84 * parent thread ID = parent->pid 85 * child process ID = child->tgid 86 * child thread ID = child->pid 87 */ 88 89struct proc_event { 90 enum proc_cn_event what; 91 __u32 cpu; 92 __u64 __attribute__((aligned(8))) timestamp_ns; 93 /* Number of nano seconds since system boot */ 94 union { /* must be last field of proc_event struct */ 95 struct { 96 __u32 err; 97 } ack; 98 99 struct fork_proc_event { 100 __kernel_pid_t parent_pid; 101 __kernel_pid_t parent_tgid; 102 __kernel_pid_t child_pid; 103 __kernel_pid_t child_tgid; 104 } fork; 105 106 struct exec_proc_event { 107 __kernel_pid_t process_pid; 108 __kernel_pid_t process_tgid; 109 } exec; 110 111 struct id_proc_event { 112 __kernel_pid_t process_pid; 113 __kernel_pid_t process_tgid; 114 union { 115 __u32 ruid; /* task uid */ 116 __u32 rgid; /* task gid */ 117 } r; 118 union { 119 __u32 euid; 120 __u32 egid; 121 } e; 122 } id; 123 124 struct sid_proc_event { 125 __kernel_pid_t process_pid; 126 __kernel_pid_t process_tgid; 127 } sid; 128 129 struct ptrace_proc_event { 130 __kernel_pid_t process_pid; 131 __kernel_pid_t process_tgid; 132 __kernel_pid_t tracer_pid; 133 __kernel_pid_t tracer_tgid; 134 } ptrace; 135 136 struct comm_proc_event { 137 __kernel_pid_t process_pid; 138 __kernel_pid_t process_tgid; 139 char comm[16]; 140 } comm; 141 142 struct coredump_proc_event { 143 __kernel_pid_t process_pid; 144 __kernel_pid_t process_tgid; 145 __kernel_pid_t parent_pid; 146 __kernel_pid_t parent_tgid; 147 } coredump; 148 149 struct exit_proc_event { 150 __kernel_pid_t process_pid; 151 __kernel_pid_t process_tgid; 152 __u32 exit_code, exit_signal; 153 __kernel_pid_t parent_pid; 154 __kernel_pid_t parent_tgid; 155 } exit; 156 157 } event_data; 158}; 159 160#endif /* _UAPICN_PROC_H */ 161