Print this page
OS-1723 DTrace should speak JSON
Reviewed by: Bryan Cantrill <bmc@joyent.com>
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/uts/common/dtrace/dtrace.c
+++ new/usr/src/uts/common/dtrace/dtrace.c
1 1 /*
2 2 * CDDL HEADER START
3 3 *
4 4 * The contents of this file are subject to the terms of the
5 5 * Common Development and Distribution License (the "License").
6 6 * You may not use this file except in compliance with the License.
7 7 *
8 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 9 * or http://www.opensolaris.org/os/licensing.
10 10 * See the License for the specific language governing permissions
11 11 * and limitations under the License.
12 12 *
13 13 * When distributing Covered Code, include this CDDL HEADER in each
14 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 15 * If applicable, add the following below this CDDL HEADER, with the
16 16 * fields enclosed by brackets "[]" replaced with your own identifying
17 17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 18 *
19 19 * CDDL HEADER END
20 20 */
21 21
22 22 /*
23 23 * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
24 24 * Copyright (c) 2012, Joyent, Inc. All rights reserved.
25 25 * Copyright (c) 2012 by Delphix. All rights reserved.
26 26 */
27 27
28 28 /*
29 29 * DTrace - Dynamic Tracing for Solaris
30 30 *
31 31 * This is the implementation of the Solaris Dynamic Tracing framework
32 32 * (DTrace). The user-visible interface to DTrace is described at length in
33 33 * the "Solaris Dynamic Tracing Guide". The interfaces between the libdtrace
34 34 * library, the in-kernel DTrace framework, and the DTrace providers are
35 35 * described in the block comments in the <sys/dtrace.h> header file. The
36 36 * internal architecture of DTrace is described in the block comments in the
37 37 * <sys/dtrace_impl.h> header file. The comments contained within the DTrace
38 38 * implementation very much assume mastery of all of these sources; if one has
39 39 * an unanswered question about the implementation, one should consult them
40 40 * first.
41 41 *
42 42 * The functions here are ordered roughly as follows:
43 43 *
44 44 * - Probe context functions
45 45 * - Probe hashing functions
46 46 * - Non-probe context utility functions
47 47 * - Matching functions
48 48 * - Provider-to-Framework API functions
49 49 * - Probe management functions
50 50 * - DIF object functions
51 51 * - Format functions
52 52 * - Predicate functions
53 53 * - ECB functions
54 54 * - Buffer functions
55 55 * - Enabling functions
56 56 * - DOF functions
57 57 * - Anonymous enabling functions
58 58 * - Consumer state functions
59 59 * - Helper functions
60 60 * - Hook functions
61 61 * - Driver cookbook functions
62 62 *
63 63 * Each group of functions begins with a block comment labelled the "DTrace
64 64 * [Group] Functions", allowing one to find each block by searching forward
65 65 * on capital-f functions.
66 66 */
67 67 #include <sys/errno.h>
68 68 #include <sys/stat.h>
69 69 #include <sys/modctl.h>
70 70 #include <sys/conf.h>
71 71 #include <sys/systm.h>
72 72 #include <sys/ddi.h>
73 73 #include <sys/sunddi.h>
74 74 #include <sys/cpuvar.h>
75 75 #include <sys/kmem.h>
76 76 #include <sys/strsubr.h>
77 77 #include <sys/sysmacros.h>
78 78 #include <sys/dtrace_impl.h>
79 79 #include <sys/atomic.h>
80 80 #include <sys/cmn_err.h>
81 81 #include <sys/mutex_impl.h>
82 82 #include <sys/rwlock_impl.h>
83 83 #include <sys/ctf_api.h>
84 84 #include <sys/panic.h>
|
↓ open down ↓ |
84 lines elided |
↑ open up ↑ |
85 85 #include <sys/priv_impl.h>
86 86 #include <sys/policy.h>
87 87 #include <sys/cred_impl.h>
88 88 #include <sys/procfs_isa.h>
89 89 #include <sys/taskq.h>
90 90 #include <sys/mkdev.h>
91 91 #include <sys/kdi.h>
92 92 #include <sys/zone.h>
93 93 #include <sys/socket.h>
94 94 #include <netinet/in.h>
95 +#include "strtolctype.h"
95 96
96 97 /*
97 98 * DTrace Tunable Variables
98 99 *
99 100 * The following variables may be tuned by adding a line to /etc/system that
100 101 * includes both the name of the DTrace module ("dtrace") and the name of the
101 102 * variable. For example:
102 103 *
103 104 * set dtrace:dtrace_destructive_disallow = 1
104 105 *
105 106 * In general, the only variables that one should be tuning this way are those
106 107 * that affect system-wide DTrace behavior, and for which the default behavior
107 108 * is undesirable. Most of these variables are tunable on a per-consumer
108 109 * basis using DTrace options, and need not be tuned on a system-wide basis.
109 110 * When tuning these variables, avoid pathological values; while some attempt
110 111 * is made to verify the integrity of these variables, they are not considered
111 112 * part of the supported interface to DTrace, and they are therefore not
112 113 * checked comprehensively. Further, these variables should not be tuned
113 114 * dynamically via "mdb -kw" or other means; they should only be tuned via
114 115 * /etc/system.
115 116 */
116 117 int dtrace_destructive_disallow = 0;
117 118 dtrace_optval_t dtrace_nonroot_maxsize = (16 * 1024 * 1024);
118 119 size_t dtrace_difo_maxsize = (256 * 1024);
119 120 dtrace_optval_t dtrace_dof_maxsize = (8 * 1024 * 1024);
120 121 size_t dtrace_global_maxsize = (16 * 1024);
121 122 size_t dtrace_actions_max = (16 * 1024);
122 123 size_t dtrace_retain_max = 1024;
123 124 dtrace_optval_t dtrace_helper_actions_max = 1024;
124 125 dtrace_optval_t dtrace_helper_providers_max = 32;
125 126 dtrace_optval_t dtrace_dstate_defsize = (1 * 1024 * 1024);
126 127 size_t dtrace_strsize_default = 256;
127 128 dtrace_optval_t dtrace_cleanrate_default = 9900990; /* 101 hz */
128 129 dtrace_optval_t dtrace_cleanrate_min = 200000; /* 5000 hz */
129 130 dtrace_optval_t dtrace_cleanrate_max = (uint64_t)60 * NANOSEC; /* 1/minute */
130 131 dtrace_optval_t dtrace_aggrate_default = NANOSEC; /* 1 hz */
131 132 dtrace_optval_t dtrace_statusrate_default = NANOSEC; /* 1 hz */
132 133 dtrace_optval_t dtrace_statusrate_max = (hrtime_t)10 * NANOSEC; /* 6/minute */
133 134 dtrace_optval_t dtrace_switchrate_default = NANOSEC; /* 1 hz */
134 135 dtrace_optval_t dtrace_nspec_default = 1;
135 136 dtrace_optval_t dtrace_specsize_default = 32 * 1024;
136 137 dtrace_optval_t dtrace_stackframes_default = 20;
137 138 dtrace_optval_t dtrace_ustackframes_default = 20;
138 139 dtrace_optval_t dtrace_jstackframes_default = 50;
139 140 dtrace_optval_t dtrace_jstackstrsize_default = 512;
140 141 int dtrace_msgdsize_max = 128;
141 142 hrtime_t dtrace_chill_max = 500 * (NANOSEC / MILLISEC); /* 500 ms */
142 143 hrtime_t dtrace_chill_interval = NANOSEC; /* 1000 ms */
143 144 int dtrace_devdepth_max = 32;
144 145 int dtrace_err_verbose;
145 146 hrtime_t dtrace_deadman_interval = NANOSEC;
146 147 hrtime_t dtrace_deadman_timeout = (hrtime_t)10 * NANOSEC;
147 148 hrtime_t dtrace_deadman_user = (hrtime_t)30 * NANOSEC;
148 149 hrtime_t dtrace_unregister_defunct_reap = (hrtime_t)60 * NANOSEC;
149 150
150 151 /*
151 152 * DTrace External Variables
152 153 *
153 154 * As dtrace(7D) is a kernel module, any DTrace variables are obviously
154 155 * available to DTrace consumers via the backtick (`) syntax. One of these,
155 156 * dtrace_zero, is made deliberately so: it is provided as a source of
156 157 * well-known, zero-filled memory. While this variable is not documented,
157 158 * it is used by some translators as an implementation detail.
158 159 */
159 160 const char dtrace_zero[256] = { 0 }; /* zero-filled memory */
160 161
161 162 /*
162 163 * DTrace Internal Variables
163 164 */
164 165 static dev_info_t *dtrace_devi; /* device info */
165 166 static vmem_t *dtrace_arena; /* probe ID arena */
166 167 static vmem_t *dtrace_minor; /* minor number arena */
167 168 static taskq_t *dtrace_taskq; /* task queue */
168 169 static dtrace_probe_t **dtrace_probes; /* array of all probes */
169 170 static int dtrace_nprobes; /* number of probes */
170 171 static dtrace_provider_t *dtrace_provider; /* provider list */
171 172 static dtrace_meta_t *dtrace_meta_pid; /* user-land meta provider */
172 173 static int dtrace_opens; /* number of opens */
173 174 static int dtrace_helpers; /* number of helpers */
174 175 static int dtrace_getf; /* number of unpriv getf()s */
175 176 static void *dtrace_softstate; /* softstate pointer */
176 177 static dtrace_hash_t *dtrace_bymod; /* probes hashed by module */
177 178 static dtrace_hash_t *dtrace_byfunc; /* probes hashed by function */
178 179 static dtrace_hash_t *dtrace_byname; /* probes hashed by name */
179 180 static dtrace_toxrange_t *dtrace_toxrange; /* toxic range array */
180 181 static int dtrace_toxranges; /* number of toxic ranges */
181 182 static int dtrace_toxranges_max; /* size of toxic range array */
182 183 static dtrace_anon_t dtrace_anon; /* anonymous enabling */
183 184 static kmem_cache_t *dtrace_state_cache; /* cache for dynamic state */
184 185 static uint64_t dtrace_vtime_references; /* number of vtimestamp refs */
185 186 static kthread_t *dtrace_panicked; /* panicking thread */
186 187 static dtrace_ecb_t *dtrace_ecb_create_cache; /* cached created ECB */
187 188 static dtrace_genid_t dtrace_probegen; /* current probe generation */
188 189 static dtrace_helpers_t *dtrace_deferred_pid; /* deferred helper list */
189 190 static dtrace_enabling_t *dtrace_retained; /* list of retained enablings */
190 191 static dtrace_genid_t dtrace_retained_gen; /* current retained enab gen */
191 192 static dtrace_dynvar_t dtrace_dynhash_sink; /* end of dynamic hash chains */
192 193 static int dtrace_dynvar_failclean; /* dynvars failed to clean */
193 194
194 195 /*
195 196 * DTrace Locking
196 197 * DTrace is protected by three (relatively coarse-grained) locks:
197 198 *
198 199 * (1) dtrace_lock is required to manipulate essentially any DTrace state,
199 200 * including enabling state, probes, ECBs, consumer state, helper state,
200 201 * etc. Importantly, dtrace_lock is _not_ required when in probe context;
201 202 * probe context is lock-free -- synchronization is handled via the
202 203 * dtrace_sync() cross call mechanism.
203 204 *
204 205 * (2) dtrace_provider_lock is required when manipulating provider state, or
205 206 * when provider state must be held constant.
206 207 *
207 208 * (3) dtrace_meta_lock is required when manipulating meta provider state, or
208 209 * when meta provider state must be held constant.
209 210 *
210 211 * The lock ordering between these three locks is dtrace_meta_lock before
211 212 * dtrace_provider_lock before dtrace_lock. (In particular, there are
212 213 * several places where dtrace_provider_lock is held by the framework as it
213 214 * calls into the providers -- which then call back into the framework,
214 215 * grabbing dtrace_lock.)
215 216 *
216 217 * There are two other locks in the mix: mod_lock and cpu_lock. With respect
217 218 * to dtrace_provider_lock and dtrace_lock, cpu_lock continues its historical
218 219 * role as a coarse-grained lock; it is acquired before both of these locks.
219 220 * With respect to dtrace_meta_lock, its behavior is stranger: cpu_lock must
220 221 * be acquired _between_ dtrace_meta_lock and any other DTrace locks.
221 222 * mod_lock is similar with respect to dtrace_provider_lock in that it must be
222 223 * acquired _between_ dtrace_provider_lock and dtrace_lock.
223 224 */
224 225 static kmutex_t dtrace_lock; /* probe state lock */
225 226 static kmutex_t dtrace_provider_lock; /* provider state lock */
226 227 static kmutex_t dtrace_meta_lock; /* meta-provider state lock */
227 228
228 229 /*
229 230 * DTrace Provider Variables
230 231 *
231 232 * These are the variables relating to DTrace as a provider (that is, the
232 233 * provider of the BEGIN, END, and ERROR probes).
233 234 */
234 235 static dtrace_pattr_t dtrace_provider_attr = {
235 236 { DTRACE_STABILITY_STABLE, DTRACE_STABILITY_STABLE, DTRACE_CLASS_COMMON },
236 237 { DTRACE_STABILITY_PRIVATE, DTRACE_STABILITY_PRIVATE, DTRACE_CLASS_UNKNOWN },
237 238 { DTRACE_STABILITY_PRIVATE, DTRACE_STABILITY_PRIVATE, DTRACE_CLASS_UNKNOWN },
238 239 { DTRACE_STABILITY_STABLE, DTRACE_STABILITY_STABLE, DTRACE_CLASS_COMMON },
239 240 { DTRACE_STABILITY_STABLE, DTRACE_STABILITY_STABLE, DTRACE_CLASS_COMMON },
240 241 };
241 242
242 243 static void
243 244 dtrace_nullop(void)
244 245 {}
245 246
246 247 static int
247 248 dtrace_enable_nullop(void)
248 249 {
249 250 return (0);
250 251 }
251 252
252 253 static dtrace_pops_t dtrace_provider_ops = {
253 254 (void (*)(void *, const dtrace_probedesc_t *))dtrace_nullop,
254 255 (void (*)(void *, struct modctl *))dtrace_nullop,
255 256 (int (*)(void *, dtrace_id_t, void *))dtrace_enable_nullop,
256 257 (void (*)(void *, dtrace_id_t, void *))dtrace_nullop,
257 258 (void (*)(void *, dtrace_id_t, void *))dtrace_nullop,
258 259 (void (*)(void *, dtrace_id_t, void *))dtrace_nullop,
259 260 NULL,
260 261 NULL,
261 262 NULL,
262 263 (void (*)(void *, dtrace_id_t, void *))dtrace_nullop
263 264 };
264 265
265 266 static dtrace_id_t dtrace_probeid_begin; /* special BEGIN probe */
266 267 static dtrace_id_t dtrace_probeid_end; /* special END probe */
267 268 dtrace_id_t dtrace_probeid_error; /* special ERROR probe */
268 269
269 270 /*
270 271 * DTrace Helper Tracing Variables
271 272 *
272 273 * These variables should be set dynamically to enable helper tracing. The
273 274 * only variables that should be set are dtrace_helptrace_enable (which should
274 275 * be set to a non-zero value to allocate helper tracing buffers on the next
275 276 * open of /dev/dtrace) and dtrace_helptrace_disable (which should be set to a
276 277 * non-zero value to deallocate helper tracing buffers on the next close of
277 278 * /dev/dtrace). When (and only when) helper tracing is disabled, the
278 279 * buffer size may also be set via dtrace_helptrace_bufsize.
279 280 */
280 281 int dtrace_helptrace_enable = 0;
281 282 int dtrace_helptrace_disable = 0;
282 283 int dtrace_helptrace_bufsize = 16 * 1024 * 1024;
283 284 uint32_t dtrace_helptrace_nlocals;
284 285 static dtrace_helptrace_t *dtrace_helptrace_buffer;
285 286 static uint32_t dtrace_helptrace_next = 0;
286 287 static int dtrace_helptrace_wrapped = 0;
287 288
288 289 /*
289 290 * DTrace Error Hashing
290 291 *
291 292 * On DEBUG kernels, DTrace will track the errors that has seen in a hash
292 293 * table. This is very useful for checking coverage of tests that are
293 294 * expected to induce DIF or DOF processing errors, and may be useful for
294 295 * debugging problems in the DIF code generator or in DOF generation . The
295 296 * error hash may be examined with the ::dtrace_errhash MDB dcmd.
296 297 */
297 298 #ifdef DEBUG
298 299 static dtrace_errhash_t dtrace_errhash[DTRACE_ERRHASHSZ];
299 300 static const char *dtrace_errlast;
300 301 static kthread_t *dtrace_errthread;
301 302 static kmutex_t dtrace_errlock;
302 303 #endif
303 304
304 305 /*
305 306 * DTrace Macros and Constants
306 307 *
307 308 * These are various macros that are useful in various spots in the
308 309 * implementation, along with a few random constants that have no meaning
309 310 * outside of the implementation. There is no real structure to this cpp
310 311 * mishmash -- but is there ever?
311 312 */
312 313 #define DTRACE_HASHSTR(hash, probe) \
313 314 dtrace_hash_str(*((char **)((uintptr_t)(probe) + (hash)->dth_stroffs)))
314 315
315 316 #define DTRACE_HASHNEXT(hash, probe) \
316 317 (dtrace_probe_t **)((uintptr_t)(probe) + (hash)->dth_nextoffs)
317 318
318 319 #define DTRACE_HASHPREV(hash, probe) \
319 320 (dtrace_probe_t **)((uintptr_t)(probe) + (hash)->dth_prevoffs)
320 321
321 322 #define DTRACE_HASHEQ(hash, lhs, rhs) \
322 323 (strcmp(*((char **)((uintptr_t)(lhs) + (hash)->dth_stroffs)), \
323 324 *((char **)((uintptr_t)(rhs) + (hash)->dth_stroffs))) == 0)
324 325
325 326 #define DTRACE_AGGHASHSIZE_SLEW 17
326 327
327 328 #define DTRACE_V4MAPPED_OFFSET (sizeof (uint32_t) * 3)
328 329
329 330 /*
330 331 * The key for a thread-local variable consists of the lower 61 bits of the
331 332 * t_did, plus the 3 bits of the highest active interrupt above LOCK_LEVEL.
332 333 * We add DIF_VARIABLE_MAX to t_did to assure that the thread key is never
333 334 * equal to a variable identifier. This is necessary (but not sufficient) to
334 335 * assure that global associative arrays never collide with thread-local
335 336 * variables. To guarantee that they cannot collide, we must also define the
336 337 * order for keying dynamic variables. That order is:
337 338 *
338 339 * [ key0 ] ... [ keyn ] [ variable-key ] [ tls-key ]
339 340 *
340 341 * Because the variable-key and the tls-key are in orthogonal spaces, there is
341 342 * no way for a global variable key signature to match a thread-local key
342 343 * signature.
343 344 */
344 345 #define DTRACE_TLS_THRKEY(where) { \
345 346 uint_t intr = 0; \
346 347 uint_t actv = CPU->cpu_intr_actv >> (LOCK_LEVEL + 1); \
347 348 for (; actv; actv >>= 1) \
348 349 intr++; \
349 350 ASSERT(intr < (1 << 3)); \
350 351 (where) = ((curthread->t_did + DIF_VARIABLE_MAX) & \
351 352 (((uint64_t)1 << 61) - 1)) | ((uint64_t)intr << 61); \
352 353 }
353 354
354 355 #define DT_BSWAP_8(x) ((x) & 0xff)
355 356 #define DT_BSWAP_16(x) ((DT_BSWAP_8(x) << 8) | DT_BSWAP_8((x) >> 8))
356 357 #define DT_BSWAP_32(x) ((DT_BSWAP_16(x) << 16) | DT_BSWAP_16((x) >> 16))
357 358 #define DT_BSWAP_64(x) ((DT_BSWAP_32(x) << 32) | DT_BSWAP_32((x) >> 32))
358 359
359 360 #define DT_MASK_LO 0x00000000FFFFFFFFULL
360 361
361 362 #define DTRACE_STORE(type, tomax, offset, what) \
362 363 *((type *)((uintptr_t)(tomax) + (uintptr_t)offset)) = (type)(what);
363 364
364 365 #ifndef __i386
365 366 #define DTRACE_ALIGNCHECK(addr, size, flags) \
366 367 if (addr & (size - 1)) { \
367 368 *flags |= CPU_DTRACE_BADALIGN; \
368 369 cpu_core[CPU->cpu_id].cpuc_dtrace_illval = addr; \
369 370 return (0); \
370 371 }
371 372 #else
372 373 #define DTRACE_ALIGNCHECK(addr, size, flags)
373 374 #endif
374 375
375 376 /*
376 377 * Test whether a range of memory starting at testaddr of size testsz falls
377 378 * within the range of memory described by addr, sz. We take care to avoid
378 379 * problems with overflow and underflow of the unsigned quantities, and
379 380 * disallow all negative sizes. Ranges of size 0 are allowed.
380 381 */
381 382 #define DTRACE_INRANGE(testaddr, testsz, baseaddr, basesz) \
382 383 ((testaddr) - (uintptr_t)(baseaddr) < (basesz) && \
383 384 (testaddr) + (testsz) - (uintptr_t)(baseaddr) <= (basesz) && \
384 385 (testaddr) + (testsz) >= (testaddr))
385 386
386 387 /*
387 388 * Test whether alloc_sz bytes will fit in the scratch region. We isolate
388 389 * alloc_sz on the righthand side of the comparison in order to avoid overflow
389 390 * or underflow in the comparison with it. This is simpler than the INRANGE
390 391 * check above, because we know that the dtms_scratch_ptr is valid in the
391 392 * range. Allocations of size zero are allowed.
392 393 */
393 394 #define DTRACE_INSCRATCH(mstate, alloc_sz) \
394 395 ((mstate)->dtms_scratch_base + (mstate)->dtms_scratch_size - \
395 396 (mstate)->dtms_scratch_ptr >= (alloc_sz))
396 397
397 398 #define DTRACE_LOADFUNC(bits) \
398 399 /*CSTYLED*/ \
399 400 uint##bits##_t \
400 401 dtrace_load##bits(uintptr_t addr) \
401 402 { \
402 403 size_t size = bits / NBBY; \
403 404 /*CSTYLED*/ \
404 405 uint##bits##_t rval; \
405 406 int i; \
406 407 volatile uint16_t *flags = (volatile uint16_t *) \
407 408 &cpu_core[CPU->cpu_id].cpuc_dtrace_flags; \
408 409 \
409 410 DTRACE_ALIGNCHECK(addr, size, flags); \
410 411 \
411 412 for (i = 0; i < dtrace_toxranges; i++) { \
412 413 if (addr >= dtrace_toxrange[i].dtt_limit) \
413 414 continue; \
414 415 \
415 416 if (addr + size <= dtrace_toxrange[i].dtt_base) \
416 417 continue; \
417 418 \
418 419 /* \
419 420 * This address falls within a toxic region; return 0. \
420 421 */ \
421 422 *flags |= CPU_DTRACE_BADADDR; \
422 423 cpu_core[CPU->cpu_id].cpuc_dtrace_illval = addr; \
423 424 return (0); \
424 425 } \
425 426 \
426 427 *flags |= CPU_DTRACE_NOFAULT; \
427 428 /*CSTYLED*/ \
428 429 rval = *((volatile uint##bits##_t *)addr); \
429 430 *flags &= ~CPU_DTRACE_NOFAULT; \
430 431 \
431 432 return (!(*flags & CPU_DTRACE_FAULT) ? rval : 0); \
432 433 }
433 434
434 435 #ifdef _LP64
435 436 #define dtrace_loadptr dtrace_load64
436 437 #else
437 438 #define dtrace_loadptr dtrace_load32
438 439 #endif
439 440
440 441 #define DTRACE_DYNHASH_FREE 0
441 442 #define DTRACE_DYNHASH_SINK 1
442 443 #define DTRACE_DYNHASH_VALID 2
443 444
444 445 #define DTRACE_MATCH_FAIL -1
445 446 #define DTRACE_MATCH_NEXT 0
446 447 #define DTRACE_MATCH_DONE 1
447 448 #define DTRACE_ANCHORED(probe) ((probe)->dtpr_func[0] != '\0')
448 449 #define DTRACE_STATE_ALIGN 64
449 450
450 451 #define DTRACE_FLAGS2FLT(flags) \
451 452 (((flags) & CPU_DTRACE_BADADDR) ? DTRACEFLT_BADADDR : \
452 453 ((flags) & CPU_DTRACE_ILLOP) ? DTRACEFLT_ILLOP : \
453 454 ((flags) & CPU_DTRACE_DIVZERO) ? DTRACEFLT_DIVZERO : \
454 455 ((flags) & CPU_DTRACE_KPRIV) ? DTRACEFLT_KPRIV : \
455 456 ((flags) & CPU_DTRACE_UPRIV) ? DTRACEFLT_UPRIV : \
456 457 ((flags) & CPU_DTRACE_TUPOFLOW) ? DTRACEFLT_TUPOFLOW : \
457 458 ((flags) & CPU_DTRACE_BADALIGN) ? DTRACEFLT_BADALIGN : \
458 459 ((flags) & CPU_DTRACE_NOSCRATCH) ? DTRACEFLT_NOSCRATCH : \
459 460 ((flags) & CPU_DTRACE_BADSTACK) ? DTRACEFLT_BADSTACK : \
460 461 DTRACEFLT_UNKNOWN)
461 462
462 463 #define DTRACEACT_ISSTRING(act) \
463 464 ((act)->dta_kind == DTRACEACT_DIFEXPR && \
464 465 (act)->dta_difo->dtdo_rtype.dtdt_kind == DIF_TYPE_STRING)
465 466
466 467 static size_t dtrace_strlen(const char *, size_t);
467 468 static dtrace_probe_t *dtrace_probe_lookup_id(dtrace_id_t id);
468 469 static void dtrace_enabling_provide(dtrace_provider_t *);
469 470 static int dtrace_enabling_match(dtrace_enabling_t *, int *);
470 471 static void dtrace_enabling_matchall(void);
471 472 static void dtrace_enabling_reap(void);
472 473 static dtrace_state_t *dtrace_anon_grab(void);
473 474 static uint64_t dtrace_helper(int, dtrace_mstate_t *,
474 475 dtrace_state_t *, uint64_t, uint64_t);
475 476 static dtrace_helpers_t *dtrace_helpers_create(proc_t *);
476 477 static void dtrace_buffer_drop(dtrace_buffer_t *);
477 478 static int dtrace_buffer_consumed(dtrace_buffer_t *, hrtime_t when);
478 479 static intptr_t dtrace_buffer_reserve(dtrace_buffer_t *, size_t, size_t,
479 480 dtrace_state_t *, dtrace_mstate_t *);
480 481 static int dtrace_state_option(dtrace_state_t *, dtrace_optid_t,
481 482 dtrace_optval_t);
482 483 static int dtrace_ecb_create_enable(dtrace_probe_t *, void *);
483 484 static void dtrace_helper_provider_destroy(dtrace_helper_provider_t *);
484 485 static int dtrace_priv_proc(dtrace_state_t *, dtrace_mstate_t *);
485 486 static void dtrace_getf_barrier(void);
486 487
487 488 /*
488 489 * DTrace Probe Context Functions
489 490 *
490 491 * These functions are called from probe context. Because probe context is
491 492 * any context in which C may be called, arbitrarily locks may be held,
492 493 * interrupts may be disabled, we may be in arbitrary dispatched state, etc.
493 494 * As a result, functions called from probe context may only call other DTrace
494 495 * support functions -- they may not interact at all with the system at large.
495 496 * (Note that the ASSERT macro is made probe-context safe by redefining it in
496 497 * terms of dtrace_assfail(), a probe-context safe function.) If arbitrary
497 498 * loads are to be performed from probe context, they _must_ be in terms of
498 499 * the safe dtrace_load*() variants.
499 500 *
500 501 * Some functions in this block are not actually called from probe context;
501 502 * for these functions, there will be a comment above the function reading
502 503 * "Note: not called from probe context."
503 504 */
504 505 void
505 506 dtrace_panic(const char *format, ...)
506 507 {
507 508 va_list alist;
508 509
509 510 va_start(alist, format);
510 511 dtrace_vpanic(format, alist);
511 512 va_end(alist);
512 513 }
513 514
514 515 int
515 516 dtrace_assfail(const char *a, const char *f, int l)
516 517 {
517 518 dtrace_panic("assertion failed: %s, file: %s, line: %d", a, f, l);
518 519
519 520 /*
520 521 * We just need something here that even the most clever compiler
521 522 * cannot optimize away.
522 523 */
523 524 return (a[(uintptr_t)f]);
524 525 }
525 526
526 527 /*
527 528 * Atomically increment a specified error counter from probe context.
528 529 */
529 530 static void
530 531 dtrace_error(uint32_t *counter)
531 532 {
532 533 /*
533 534 * Most counters stored to in probe context are per-CPU counters.
534 535 * However, there are some error conditions that are sufficiently
535 536 * arcane that they don't merit per-CPU storage. If these counters
536 537 * are incremented concurrently on different CPUs, scalability will be
537 538 * adversely affected -- but we don't expect them to be white-hot in a
538 539 * correctly constructed enabling...
539 540 */
540 541 uint32_t oval, nval;
541 542
542 543 do {
543 544 oval = *counter;
544 545
545 546 if ((nval = oval + 1) == 0) {
546 547 /*
547 548 * If the counter would wrap, set it to 1 -- assuring
548 549 * that the counter is never zero when we have seen
549 550 * errors. (The counter must be 32-bits because we
550 551 * aren't guaranteed a 64-bit compare&swap operation.)
551 552 * To save this code both the infamy of being fingered
552 553 * by a priggish news story and the indignity of being
553 554 * the target of a neo-puritan witch trial, we're
554 555 * carefully avoiding any colorful description of the
555 556 * likelihood of this condition -- but suffice it to
556 557 * say that it is only slightly more likely than the
557 558 * overflow of predicate cache IDs, as discussed in
558 559 * dtrace_predicate_create().
559 560 */
560 561 nval = 1;
561 562 }
562 563 } while (dtrace_cas32(counter, oval, nval) != oval);
563 564 }
564 565
565 566 /*
566 567 * Use the DTRACE_LOADFUNC macro to define functions for each of loading a
567 568 * uint8_t, a uint16_t, a uint32_t and a uint64_t.
568 569 */
569 570 DTRACE_LOADFUNC(8)
570 571 DTRACE_LOADFUNC(16)
571 572 DTRACE_LOADFUNC(32)
572 573 DTRACE_LOADFUNC(64)
573 574
574 575 static int
575 576 dtrace_inscratch(uintptr_t dest, size_t size, dtrace_mstate_t *mstate)
576 577 {
577 578 if (dest < mstate->dtms_scratch_base)
578 579 return (0);
579 580
580 581 if (dest + size < dest)
581 582 return (0);
582 583
583 584 if (dest + size > mstate->dtms_scratch_ptr)
584 585 return (0);
585 586
586 587 return (1);
587 588 }
588 589
589 590 static int
590 591 dtrace_canstore_statvar(uint64_t addr, size_t sz,
591 592 dtrace_statvar_t **svars, int nsvars)
592 593 {
593 594 int i;
594 595
595 596 for (i = 0; i < nsvars; i++) {
596 597 dtrace_statvar_t *svar = svars[i];
597 598
598 599 if (svar == NULL || svar->dtsv_size == 0)
599 600 continue;
600 601
601 602 if (DTRACE_INRANGE(addr, sz, svar->dtsv_data, svar->dtsv_size))
602 603 return (1);
603 604 }
604 605
605 606 return (0);
606 607 }
607 608
608 609 /*
609 610 * Check to see if the address is within a memory region to which a store may
610 611 * be issued. This includes the DTrace scratch areas, and any DTrace variable
611 612 * region. The caller of dtrace_canstore() is responsible for performing any
612 613 * alignment checks that are needed before stores are actually executed.
613 614 */
614 615 static int
615 616 dtrace_canstore(uint64_t addr, size_t sz, dtrace_mstate_t *mstate,
616 617 dtrace_vstate_t *vstate)
617 618 {
618 619 /*
619 620 * First, check to see if the address is in scratch space...
620 621 */
621 622 if (DTRACE_INRANGE(addr, sz, mstate->dtms_scratch_base,
622 623 mstate->dtms_scratch_size))
623 624 return (1);
624 625
625 626 /*
626 627 * Now check to see if it's a dynamic variable. This check will pick
627 628 * up both thread-local variables and any global dynamically-allocated
628 629 * variables.
629 630 */
630 631 if (DTRACE_INRANGE(addr, sz, vstate->dtvs_dynvars.dtds_base,
631 632 vstate->dtvs_dynvars.dtds_size)) {
632 633 dtrace_dstate_t *dstate = &vstate->dtvs_dynvars;
633 634 uintptr_t base = (uintptr_t)dstate->dtds_base +
634 635 (dstate->dtds_hashsize * sizeof (dtrace_dynhash_t));
635 636 uintptr_t chunkoffs;
636 637
637 638 /*
638 639 * Before we assume that we can store here, we need to make
639 640 * sure that it isn't in our metadata -- storing to our
640 641 * dynamic variable metadata would corrupt our state. For
641 642 * the range to not include any dynamic variable metadata,
642 643 * it must:
643 644 *
644 645 * (1) Start above the hash table that is at the base of
645 646 * the dynamic variable space
646 647 *
647 648 * (2) Have a starting chunk offset that is beyond the
648 649 * dtrace_dynvar_t that is at the base of every chunk
649 650 *
650 651 * (3) Not span a chunk boundary
651 652 *
652 653 */
653 654 if (addr < base)
654 655 return (0);
655 656
656 657 chunkoffs = (addr - base) % dstate->dtds_chunksize;
657 658
658 659 if (chunkoffs < sizeof (dtrace_dynvar_t))
659 660 return (0);
660 661
661 662 if (chunkoffs + sz > dstate->dtds_chunksize)
662 663 return (0);
663 664
664 665 return (1);
665 666 }
666 667
667 668 /*
668 669 * Finally, check the static local and global variables. These checks
669 670 * take the longest, so we perform them last.
670 671 */
671 672 if (dtrace_canstore_statvar(addr, sz,
672 673 vstate->dtvs_locals, vstate->dtvs_nlocals))
673 674 return (1);
674 675
675 676 if (dtrace_canstore_statvar(addr, sz,
676 677 vstate->dtvs_globals, vstate->dtvs_nglobals))
677 678 return (1);
678 679
679 680 return (0);
680 681 }
681 682
682 683
683 684 /*
684 685 * Convenience routine to check to see if the address is within a memory
685 686 * region in which a load may be issued given the user's privilege level;
686 687 * if not, it sets the appropriate error flags and loads 'addr' into the
687 688 * illegal value slot.
688 689 *
689 690 * DTrace subroutines (DIF_SUBR_*) should use this helper to implement
690 691 * appropriate memory access protection.
691 692 */
692 693 static int
693 694 dtrace_canload(uint64_t addr, size_t sz, dtrace_mstate_t *mstate,
694 695 dtrace_vstate_t *vstate)
695 696 {
696 697 volatile uintptr_t *illval = &cpu_core[CPU->cpu_id].cpuc_dtrace_illval;
697 698 file_t *fp;
698 699
699 700 /*
700 701 * If we hold the privilege to read from kernel memory, then
701 702 * everything is readable.
702 703 */
703 704 if ((mstate->dtms_access & DTRACE_ACCESS_KERNEL) != 0)
704 705 return (1);
705 706
706 707 /*
707 708 * You can obviously read that which you can store.
708 709 */
709 710 if (dtrace_canstore(addr, sz, mstate, vstate))
710 711 return (1);
711 712
712 713 /*
713 714 * We're allowed to read from our own string table.
714 715 */
715 716 if (DTRACE_INRANGE(addr, sz, mstate->dtms_difo->dtdo_strtab,
716 717 mstate->dtms_difo->dtdo_strlen))
717 718 return (1);
718 719
719 720 if (vstate->dtvs_state != NULL &&
720 721 dtrace_priv_proc(vstate->dtvs_state, mstate)) {
721 722 proc_t *p;
722 723
723 724 /*
724 725 * When we have privileges to the current process, there are
725 726 * several context-related kernel structures that are safe to
726 727 * read, even absent the privilege to read from kernel memory.
727 728 * These reads are safe because these structures contain only
728 729 * state that (1) we're permitted to read, (2) is harmless or
729 730 * (3) contains pointers to additional kernel state that we're
730 731 * not permitted to read (and as such, do not present an
731 732 * opportunity for privilege escalation). Finally (and
732 733 * critically), because of the nature of their relation with
733 734 * the current thread context, the memory associated with these
734 735 * structures cannot change over the duration of probe context,
735 736 * and it is therefore impossible for this memory to be
736 737 * deallocated and reallocated as something else while it's
737 738 * being operated upon.
738 739 */
739 740 if (DTRACE_INRANGE(addr, sz, curthread, sizeof (kthread_t)))
740 741 return (1);
741 742
742 743 if ((p = curthread->t_procp) != NULL && DTRACE_INRANGE(addr,
743 744 sz, curthread->t_procp, sizeof (proc_t))) {
744 745 return (1);
745 746 }
746 747
747 748 if (curthread->t_cred != NULL && DTRACE_INRANGE(addr, sz,
748 749 curthread->t_cred, sizeof (cred_t))) {
749 750 return (1);
750 751 }
751 752
752 753 if (p != NULL && p->p_pidp != NULL && DTRACE_INRANGE(addr, sz,
753 754 &(p->p_pidp->pid_id), sizeof (pid_t))) {
754 755 return (1);
755 756 }
756 757
757 758 if (curthread->t_cpu != NULL && DTRACE_INRANGE(addr, sz,
758 759 curthread->t_cpu, offsetof(cpu_t, cpu_pause_thread))) {
759 760 return (1);
760 761 }
761 762 }
762 763
763 764 if ((fp = mstate->dtms_getf) != NULL) {
764 765 uintptr_t psz = sizeof (void *);
765 766 vnode_t *vp;
766 767 vnodeops_t *op;
767 768
768 769 /*
769 770 * When getf() returns a file_t, the enabling is implicitly
770 771 * granted the (transient) right to read the returned file_t
771 772 * as well as the v_path and v_op->vnop_name of the underlying
772 773 * vnode. These accesses are allowed after a successful
773 774 * getf() because the members that they refer to cannot change
774 775 * once set -- and the barrier logic in the kernel's closef()
775 776 * path assures that the file_t and its referenced vode_t
776 777 * cannot themselves be stale (that is, it impossible for
777 778 * either dtms_getf itself or its f_vnode member to reference
778 779 * freed memory).
779 780 */
780 781 if (DTRACE_INRANGE(addr, sz, fp, sizeof (file_t)))
781 782 return (1);
782 783
783 784 if ((vp = fp->f_vnode) != NULL) {
784 785 if (DTRACE_INRANGE(addr, sz, &vp->v_path, psz))
785 786 return (1);
786 787
787 788 if (vp->v_path != NULL && DTRACE_INRANGE(addr, sz,
788 789 vp->v_path, strlen(vp->v_path) + 1)) {
789 790 return (1);
790 791 }
791 792
792 793 if (DTRACE_INRANGE(addr, sz, &vp->v_op, psz))
793 794 return (1);
794 795
795 796 if ((op = vp->v_op) != NULL &&
796 797 DTRACE_INRANGE(addr, sz, &op->vnop_name, psz)) {
797 798 return (1);
798 799 }
799 800
800 801 if (op != NULL && op->vnop_name != NULL &&
801 802 DTRACE_INRANGE(addr, sz, op->vnop_name,
802 803 strlen(op->vnop_name) + 1)) {
803 804 return (1);
804 805 }
805 806 }
806 807 }
807 808
808 809 DTRACE_CPUFLAG_SET(CPU_DTRACE_KPRIV);
809 810 *illval = addr;
810 811 return (0);
811 812 }
812 813
813 814 /*
814 815 * Convenience routine to check to see if a given string is within a memory
815 816 * region in which a load may be issued given the user's privilege level;
816 817 * this exists so that we don't need to issue unnecessary dtrace_strlen()
817 818 * calls in the event that the user has all privileges.
818 819 */
819 820 static int
820 821 dtrace_strcanload(uint64_t addr, size_t sz, dtrace_mstate_t *mstate,
821 822 dtrace_vstate_t *vstate)
822 823 {
823 824 size_t strsz;
824 825
825 826 /*
826 827 * If we hold the privilege to read from kernel memory, then
827 828 * everything is readable.
828 829 */
829 830 if ((mstate->dtms_access & DTRACE_ACCESS_KERNEL) != 0)
830 831 return (1);
831 832
832 833 strsz = 1 + dtrace_strlen((char *)(uintptr_t)addr, sz);
833 834 if (dtrace_canload(addr, strsz, mstate, vstate))
834 835 return (1);
835 836
836 837 return (0);
837 838 }
838 839
839 840 /*
840 841 * Convenience routine to check to see if a given variable is within a memory
841 842 * region in which a load may be issued given the user's privilege level.
842 843 */
843 844 static int
844 845 dtrace_vcanload(void *src, dtrace_diftype_t *type, dtrace_mstate_t *mstate,
845 846 dtrace_vstate_t *vstate)
846 847 {
847 848 size_t sz, strsize;
848 849 ASSERT(type->dtdt_flags & DIF_TF_BYREF);
849 850
850 851 /*
851 852 * If we hold the privilege to read from kernel memory, then
852 853 * everything is readable.
853 854 */
854 855 if ((mstate->dtms_access & DTRACE_ACCESS_KERNEL) != 0)
855 856 return (1);
856 857
857 858 if (type->dtdt_kind == DIF_TYPE_STRING) {
858 859 dtrace_state_t *state = vstate->dtvs_state;
859 860
860 861 if (state != NULL) {
861 862 strsize = state->dts_options[DTRACEOPT_STRSIZE];
862 863 } else {
863 864 /*
864 865 * In helper context, we have a NULL state; fall back
865 866 * to using the system-wide default for the string size
866 867 * in this case.
867 868 */
868 869 strsize = dtrace_strsize_default;
869 870 }
|
↓ open down ↓ |
765 lines elided |
↑ open up ↑ |
870 871
871 872 sz = dtrace_strlen(src, strsize) + 1;
872 873 } else {
873 874 sz = type->dtdt_size;
874 875 }
875 876
876 877 return (dtrace_canload((uintptr_t)src, sz, mstate, vstate));
877 878 }
878 879
879 880 /*
881 + * Convert a string to a signed integer using safe loads.
882 + *
883 + * NOTE: This function uses various macros from strtolctype.h to manipulate
884 + * digit values, etc -- these have all been checked to ensure they make
885 + * no additional function calls.
886 + */
887 +static int64_t
888 +dtrace_strtoll(char *input, int base, size_t limit)
889 +{
890 + uintptr_t pos = (uintptr_t)input;
891 + int64_t val = 0;
892 + int x;
893 + boolean_t neg = B_FALSE;
894 + char c, cc, ccc;
895 + uintptr_t end = pos + limit;
896 +
897 + /*
898 + * Consume any whitespace preceding digits.
899 + */
900 + while ((c = dtrace_load8(pos)) == ' ' || c == '\t')
901 + pos++;
902 +
903 + /*
904 + * Handle an explicit sign if one is present.
905 + */
906 + if (c == '-' || c == '+') {
907 + if (c == '-')
908 + neg = B_TRUE;
909 + c = dtrace_load8(++pos);
910 + }
911 +
912 + /*
913 + * Check for an explicit hexadecimal prefix ("0x" or "0X") and skip it
914 + * if present.
915 + */
916 + if (base == 16 && c == '0' && ((cc = dtrace_load8(pos + 1)) == 'x' ||
917 + cc == 'X') && isxdigit(ccc = dtrace_load8(pos + 2))) {
918 + pos += 2;
919 + c = ccc;
920 + }
921 +
922 + /*
923 + * Read in contiguous digits until the first non-digit character.
924 + */
925 + for (; pos < end && c != '\0' && lisalnum(c) && (x = DIGIT(c)) < base;
926 + c = dtrace_load8(++pos))
927 + val = val * base + x;
928 +
929 + return (neg ? -val : val);
930 +}
931 +
932 +/*
880 933 * Compare two strings using safe loads.
881 934 */
882 935 static int
883 936 dtrace_strncmp(char *s1, char *s2, size_t limit)
884 937 {
885 938 uint8_t c1, c2;
886 939 volatile uint16_t *flags;
887 940
888 941 if (s1 == s2 || limit == 0)
889 942 return (0);
890 943
891 944 flags = (volatile uint16_t *)&cpu_core[CPU->cpu_id].cpuc_dtrace_flags;
892 945
893 946 do {
894 947 if (s1 == NULL) {
895 948 c1 = '\0';
896 949 } else {
897 950 c1 = dtrace_load8((uintptr_t)s1++);
898 951 }
899 952
900 953 if (s2 == NULL) {
901 954 c2 = '\0';
902 955 } else {
903 956 c2 = dtrace_load8((uintptr_t)s2++);
904 957 }
905 958
906 959 if (c1 != c2)
907 960 return (c1 - c2);
908 961 } while (--limit && c1 != '\0' && !(*flags & CPU_DTRACE_FAULT));
909 962
910 963 return (0);
911 964 }
912 965
913 966 /*
914 967 * Compute strlen(s) for a string using safe memory accesses. The additional
915 968 * len parameter is used to specify a maximum length to ensure completion.
916 969 */
917 970 static size_t
918 971 dtrace_strlen(const char *s, size_t lim)
919 972 {
920 973 uint_t len;
921 974
922 975 for (len = 0; len != lim; len++) {
923 976 if (dtrace_load8((uintptr_t)s++) == '\0')
924 977 break;
925 978 }
926 979
927 980 return (len);
928 981 }
929 982
930 983 /*
931 984 * Check if an address falls within a toxic region.
932 985 */
933 986 static int
934 987 dtrace_istoxic(uintptr_t kaddr, size_t size)
935 988 {
936 989 uintptr_t taddr, tsize;
937 990 int i;
938 991
939 992 for (i = 0; i < dtrace_toxranges; i++) {
940 993 taddr = dtrace_toxrange[i].dtt_base;
941 994 tsize = dtrace_toxrange[i].dtt_limit - taddr;
942 995
943 996 if (kaddr - taddr < tsize) {
944 997 DTRACE_CPUFLAG_SET(CPU_DTRACE_BADADDR);
945 998 cpu_core[CPU->cpu_id].cpuc_dtrace_illval = kaddr;
946 999 return (1);
947 1000 }
948 1001
949 1002 if (taddr - kaddr < size) {
950 1003 DTRACE_CPUFLAG_SET(CPU_DTRACE_BADADDR);
951 1004 cpu_core[CPU->cpu_id].cpuc_dtrace_illval = taddr;
952 1005 return (1);
953 1006 }
954 1007 }
955 1008
956 1009 return (0);
957 1010 }
958 1011
959 1012 /*
960 1013 * Copy src to dst using safe memory accesses. The src is assumed to be unsafe
961 1014 * memory specified by the DIF program. The dst is assumed to be safe memory
962 1015 * that we can store to directly because it is managed by DTrace. As with
963 1016 * standard bcopy, overlapping copies are handled properly.
964 1017 */
965 1018 static void
966 1019 dtrace_bcopy(const void *src, void *dst, size_t len)
967 1020 {
968 1021 if (len != 0) {
969 1022 uint8_t *s1 = dst;
970 1023 const uint8_t *s2 = src;
971 1024
972 1025 if (s1 <= s2) {
973 1026 do {
974 1027 *s1++ = dtrace_load8((uintptr_t)s2++);
975 1028 } while (--len != 0);
976 1029 } else {
977 1030 s2 += len;
978 1031 s1 += len;
979 1032
980 1033 do {
981 1034 *--s1 = dtrace_load8((uintptr_t)--s2);
982 1035 } while (--len != 0);
983 1036 }
984 1037 }
985 1038 }
986 1039
987 1040 /*
988 1041 * Copy src to dst using safe memory accesses, up to either the specified
989 1042 * length, or the point that a nul byte is encountered. The src is assumed to
990 1043 * be unsafe memory specified by the DIF program. The dst is assumed to be
991 1044 * safe memory that we can store to directly because it is managed by DTrace.
992 1045 * Unlike dtrace_bcopy(), overlapping regions are not handled.
993 1046 */
994 1047 static void
995 1048 dtrace_strcpy(const void *src, void *dst, size_t len)
996 1049 {
997 1050 if (len != 0) {
998 1051 uint8_t *s1 = dst, c;
999 1052 const uint8_t *s2 = src;
1000 1053
1001 1054 do {
1002 1055 *s1++ = c = dtrace_load8((uintptr_t)s2++);
1003 1056 } while (--len != 0 && c != '\0');
1004 1057 }
1005 1058 }
1006 1059
1007 1060 /*
1008 1061 * Copy src to dst, deriving the size and type from the specified (BYREF)
1009 1062 * variable type. The src is assumed to be unsafe memory specified by the DIF
1010 1063 * program. The dst is assumed to be DTrace variable memory that is of the
1011 1064 * specified type; we assume that we can store to directly.
1012 1065 */
1013 1066 static void
1014 1067 dtrace_vcopy(void *src, void *dst, dtrace_diftype_t *type)
1015 1068 {
1016 1069 ASSERT(type->dtdt_flags & DIF_TF_BYREF);
1017 1070
1018 1071 if (type->dtdt_kind == DIF_TYPE_STRING) {
1019 1072 dtrace_strcpy(src, dst, type->dtdt_size);
1020 1073 } else {
1021 1074 dtrace_bcopy(src, dst, type->dtdt_size);
1022 1075 }
1023 1076 }
1024 1077
1025 1078 /*
1026 1079 * Compare s1 to s2 using safe memory accesses. The s1 data is assumed to be
1027 1080 * unsafe memory specified by the DIF program. The s2 data is assumed to be
1028 1081 * safe memory that we can access directly because it is managed by DTrace.
1029 1082 */
1030 1083 static int
1031 1084 dtrace_bcmp(const void *s1, const void *s2, size_t len)
1032 1085 {
1033 1086 volatile uint16_t *flags;
1034 1087
1035 1088 flags = (volatile uint16_t *)&cpu_core[CPU->cpu_id].cpuc_dtrace_flags;
1036 1089
1037 1090 if (s1 == s2)
1038 1091 return (0);
1039 1092
1040 1093 if (s1 == NULL || s2 == NULL)
1041 1094 return (1);
1042 1095
1043 1096 if (s1 != s2 && len != 0) {
1044 1097 const uint8_t *ps1 = s1;
1045 1098 const uint8_t *ps2 = s2;
1046 1099
1047 1100 do {
1048 1101 if (dtrace_load8((uintptr_t)ps1++) != *ps2++)
1049 1102 return (1);
1050 1103 } while (--len != 0 && !(*flags & CPU_DTRACE_FAULT));
1051 1104 }
1052 1105 return (0);
1053 1106 }
1054 1107
1055 1108 /*
1056 1109 * Zero the specified region using a simple byte-by-byte loop. Note that this
1057 1110 * is for safe DTrace-managed memory only.
1058 1111 */
1059 1112 static void
1060 1113 dtrace_bzero(void *dst, size_t len)
1061 1114 {
1062 1115 uchar_t *cp;
1063 1116
1064 1117 for (cp = dst; len != 0; len--)
1065 1118 *cp++ = 0;
1066 1119 }
1067 1120
1068 1121 static void
1069 1122 dtrace_add_128(uint64_t *addend1, uint64_t *addend2, uint64_t *sum)
1070 1123 {
1071 1124 uint64_t result[2];
1072 1125
1073 1126 result[0] = addend1[0] + addend2[0];
1074 1127 result[1] = addend1[1] + addend2[1] +
1075 1128 (result[0] < addend1[0] || result[0] < addend2[0] ? 1 : 0);
1076 1129
1077 1130 sum[0] = result[0];
1078 1131 sum[1] = result[1];
1079 1132 }
1080 1133
1081 1134 /*
1082 1135 * Shift the 128-bit value in a by b. If b is positive, shift left.
1083 1136 * If b is negative, shift right.
1084 1137 */
1085 1138 static void
1086 1139 dtrace_shift_128(uint64_t *a, int b)
1087 1140 {
1088 1141 uint64_t mask;
1089 1142
1090 1143 if (b == 0)
1091 1144 return;
1092 1145
1093 1146 if (b < 0) {
1094 1147 b = -b;
1095 1148 if (b >= 64) {
1096 1149 a[0] = a[1] >> (b - 64);
1097 1150 a[1] = 0;
1098 1151 } else {
1099 1152 a[0] >>= b;
1100 1153 mask = 1LL << (64 - b);
1101 1154 mask -= 1;
1102 1155 a[0] |= ((a[1] & mask) << (64 - b));
1103 1156 a[1] >>= b;
1104 1157 }
1105 1158 } else {
1106 1159 if (b >= 64) {
1107 1160 a[1] = a[0] << (b - 64);
1108 1161 a[0] = 0;
1109 1162 } else {
1110 1163 a[1] <<= b;
1111 1164 mask = a[0] >> (64 - b);
1112 1165 a[1] |= mask;
1113 1166 a[0] <<= b;
1114 1167 }
1115 1168 }
1116 1169 }
1117 1170
1118 1171 /*
1119 1172 * The basic idea is to break the 2 64-bit values into 4 32-bit values,
1120 1173 * use native multiplication on those, and then re-combine into the
1121 1174 * resulting 128-bit value.
1122 1175 *
1123 1176 * (hi1 << 32 + lo1) * (hi2 << 32 + lo2) =
1124 1177 * hi1 * hi2 << 64 +
1125 1178 * hi1 * lo2 << 32 +
1126 1179 * hi2 * lo1 << 32 +
1127 1180 * lo1 * lo2
1128 1181 */
1129 1182 static void
1130 1183 dtrace_multiply_128(uint64_t factor1, uint64_t factor2, uint64_t *product)
1131 1184 {
1132 1185 uint64_t hi1, hi2, lo1, lo2;
1133 1186 uint64_t tmp[2];
1134 1187
1135 1188 hi1 = factor1 >> 32;
1136 1189 hi2 = factor2 >> 32;
1137 1190
1138 1191 lo1 = factor1 & DT_MASK_LO;
1139 1192 lo2 = factor2 & DT_MASK_LO;
1140 1193
1141 1194 product[0] = lo1 * lo2;
1142 1195 product[1] = hi1 * hi2;
1143 1196
1144 1197 tmp[0] = hi1 * lo2;
1145 1198 tmp[1] = 0;
1146 1199 dtrace_shift_128(tmp, 32);
1147 1200 dtrace_add_128(product, tmp, product);
1148 1201
1149 1202 tmp[0] = hi2 * lo1;
1150 1203 tmp[1] = 0;
1151 1204 dtrace_shift_128(tmp, 32);
1152 1205 dtrace_add_128(product, tmp, product);
1153 1206 }
1154 1207
1155 1208 /*
1156 1209 * This privilege check should be used by actions and subroutines to
1157 1210 * verify that the user credentials of the process that enabled the
1158 1211 * invoking ECB match the target credentials
1159 1212 */
1160 1213 static int
1161 1214 dtrace_priv_proc_common_user(dtrace_state_t *state)
1162 1215 {
1163 1216 cred_t *cr, *s_cr = state->dts_cred.dcr_cred;
1164 1217
1165 1218 /*
1166 1219 * We should always have a non-NULL state cred here, since if cred
1167 1220 * is null (anonymous tracing), we fast-path bypass this routine.
1168 1221 */
1169 1222 ASSERT(s_cr != NULL);
1170 1223
1171 1224 if ((cr = CRED()) != NULL &&
1172 1225 s_cr->cr_uid == cr->cr_uid &&
1173 1226 s_cr->cr_uid == cr->cr_ruid &&
1174 1227 s_cr->cr_uid == cr->cr_suid &&
1175 1228 s_cr->cr_gid == cr->cr_gid &&
1176 1229 s_cr->cr_gid == cr->cr_rgid &&
1177 1230 s_cr->cr_gid == cr->cr_sgid)
1178 1231 return (1);
1179 1232
1180 1233 return (0);
1181 1234 }
1182 1235
1183 1236 /*
1184 1237 * This privilege check should be used by actions and subroutines to
1185 1238 * verify that the zone of the process that enabled the invoking ECB
1186 1239 * matches the target credentials
1187 1240 */
1188 1241 static int
1189 1242 dtrace_priv_proc_common_zone(dtrace_state_t *state)
1190 1243 {
1191 1244 cred_t *cr, *s_cr = state->dts_cred.dcr_cred;
1192 1245
1193 1246 /*
1194 1247 * We should always have a non-NULL state cred here, since if cred
1195 1248 * is null (anonymous tracing), we fast-path bypass this routine.
1196 1249 */
1197 1250 ASSERT(s_cr != NULL);
1198 1251
1199 1252 if ((cr = CRED()) != NULL && s_cr->cr_zone == cr->cr_zone)
1200 1253 return (1);
1201 1254
1202 1255 return (0);
1203 1256 }
1204 1257
1205 1258 /*
1206 1259 * This privilege check should be used by actions and subroutines to
1207 1260 * verify that the process has not setuid or changed credentials.
1208 1261 */
1209 1262 static int
1210 1263 dtrace_priv_proc_common_nocd()
1211 1264 {
1212 1265 proc_t *proc;
1213 1266
1214 1267 if ((proc = ttoproc(curthread)) != NULL &&
1215 1268 !(proc->p_flag & SNOCD))
1216 1269 return (1);
1217 1270
1218 1271 return (0);
1219 1272 }
1220 1273
1221 1274 static int
1222 1275 dtrace_priv_proc_destructive(dtrace_state_t *state, dtrace_mstate_t *mstate)
1223 1276 {
1224 1277 int action = state->dts_cred.dcr_action;
1225 1278
1226 1279 if (!(mstate->dtms_access & DTRACE_ACCESS_PROC))
1227 1280 goto bad;
1228 1281
1229 1282 if (((action & DTRACE_CRA_PROC_DESTRUCTIVE_ALLZONE) == 0) &&
1230 1283 dtrace_priv_proc_common_zone(state) == 0)
1231 1284 goto bad;
1232 1285
1233 1286 if (((action & DTRACE_CRA_PROC_DESTRUCTIVE_ALLUSER) == 0) &&
1234 1287 dtrace_priv_proc_common_user(state) == 0)
1235 1288 goto bad;
1236 1289
1237 1290 if (((action & DTRACE_CRA_PROC_DESTRUCTIVE_CREDCHG) == 0) &&
1238 1291 dtrace_priv_proc_common_nocd() == 0)
1239 1292 goto bad;
1240 1293
1241 1294 return (1);
1242 1295
1243 1296 bad:
1244 1297 cpu_core[CPU->cpu_id].cpuc_dtrace_flags |= CPU_DTRACE_UPRIV;
1245 1298
1246 1299 return (0);
1247 1300 }
1248 1301
1249 1302 static int
1250 1303 dtrace_priv_proc_control(dtrace_state_t *state, dtrace_mstate_t *mstate)
1251 1304 {
1252 1305 if (mstate->dtms_access & DTRACE_ACCESS_PROC) {
1253 1306 if (state->dts_cred.dcr_action & DTRACE_CRA_PROC_CONTROL)
1254 1307 return (1);
1255 1308
1256 1309 if (dtrace_priv_proc_common_zone(state) &&
1257 1310 dtrace_priv_proc_common_user(state) &&
1258 1311 dtrace_priv_proc_common_nocd())
1259 1312 return (1);
1260 1313 }
1261 1314
1262 1315 cpu_core[CPU->cpu_id].cpuc_dtrace_flags |= CPU_DTRACE_UPRIV;
1263 1316
1264 1317 return (0);
1265 1318 }
1266 1319
1267 1320 static int
1268 1321 dtrace_priv_proc(dtrace_state_t *state, dtrace_mstate_t *mstate)
1269 1322 {
1270 1323 if ((mstate->dtms_access & DTRACE_ACCESS_PROC) &&
1271 1324 (state->dts_cred.dcr_action & DTRACE_CRA_PROC))
1272 1325 return (1);
1273 1326
1274 1327 cpu_core[CPU->cpu_id].cpuc_dtrace_flags |= CPU_DTRACE_UPRIV;
1275 1328
1276 1329 return (0);
1277 1330 }
1278 1331
1279 1332 static int
1280 1333 dtrace_priv_kernel(dtrace_state_t *state)
1281 1334 {
1282 1335 if (state->dts_cred.dcr_action & DTRACE_CRA_KERNEL)
1283 1336 return (1);
1284 1337
1285 1338 cpu_core[CPU->cpu_id].cpuc_dtrace_flags |= CPU_DTRACE_KPRIV;
1286 1339
1287 1340 return (0);
1288 1341 }
1289 1342
1290 1343 static int
1291 1344 dtrace_priv_kernel_destructive(dtrace_state_t *state)
1292 1345 {
1293 1346 if (state->dts_cred.dcr_action & DTRACE_CRA_KERNEL_DESTRUCTIVE)
1294 1347 return (1);
1295 1348
1296 1349 cpu_core[CPU->cpu_id].cpuc_dtrace_flags |= CPU_DTRACE_KPRIV;
1297 1350
1298 1351 return (0);
1299 1352 }
1300 1353
1301 1354 /*
1302 1355 * Determine if the dte_cond of the specified ECB allows for processing of
1303 1356 * the current probe to continue. Note that this routine may allow continued
1304 1357 * processing, but with access(es) stripped from the mstate's dtms_access
1305 1358 * field.
1306 1359 */
1307 1360 static int
1308 1361 dtrace_priv_probe(dtrace_state_t *state, dtrace_mstate_t *mstate,
1309 1362 dtrace_ecb_t *ecb)
1310 1363 {
1311 1364 dtrace_probe_t *probe = ecb->dte_probe;
1312 1365 dtrace_provider_t *prov = probe->dtpr_provider;
1313 1366 dtrace_pops_t *pops = &prov->dtpv_pops;
1314 1367 int mode = DTRACE_MODE_NOPRIV_DROP;
1315 1368
1316 1369 ASSERT(ecb->dte_cond);
1317 1370
1318 1371 if (pops->dtps_mode != NULL) {
1319 1372 mode = pops->dtps_mode(prov->dtpv_arg,
1320 1373 probe->dtpr_id, probe->dtpr_arg);
1321 1374
1322 1375 ASSERT(mode & (DTRACE_MODE_USER | DTRACE_MODE_KERNEL));
1323 1376 ASSERT(mode & (DTRACE_MODE_NOPRIV_RESTRICT |
1324 1377 DTRACE_MODE_NOPRIV_DROP));
1325 1378 }
1326 1379
1327 1380 /*
1328 1381 * If the dte_cond bits indicate that this consumer is only allowed to
1329 1382 * see user-mode firings of this probe, check that the probe was fired
1330 1383 * while in a user context. If that's not the case, use the policy
1331 1384 * specified by the provider to determine if we drop the probe or
1332 1385 * merely restrict operation.
1333 1386 */
1334 1387 if (ecb->dte_cond & DTRACE_COND_USERMODE) {
1335 1388 ASSERT(mode != DTRACE_MODE_NOPRIV_DROP);
1336 1389
1337 1390 if (!(mode & DTRACE_MODE_USER)) {
1338 1391 if (mode & DTRACE_MODE_NOPRIV_DROP)
1339 1392 return (0);
1340 1393
1341 1394 mstate->dtms_access &= ~DTRACE_ACCESS_ARGS;
1342 1395 }
1343 1396 }
1344 1397
1345 1398 /*
1346 1399 * This is more subtle than it looks. We have to be absolutely certain
1347 1400 * that CRED() isn't going to change out from under us so it's only
1348 1401 * legit to examine that structure if we're in constrained situations.
1349 1402 * Currently, the only times we'll this check is if a non-super-user
1350 1403 * has enabled the profile or syscall providers -- providers that
1351 1404 * allow visibility of all processes. For the profile case, the check
1352 1405 * above will ensure that we're examining a user context.
1353 1406 */
1354 1407 if (ecb->dte_cond & DTRACE_COND_OWNER) {
1355 1408 cred_t *cr;
1356 1409 cred_t *s_cr = state->dts_cred.dcr_cred;
1357 1410 proc_t *proc;
1358 1411
1359 1412 ASSERT(s_cr != NULL);
1360 1413
1361 1414 if ((cr = CRED()) == NULL ||
1362 1415 s_cr->cr_uid != cr->cr_uid ||
1363 1416 s_cr->cr_uid != cr->cr_ruid ||
1364 1417 s_cr->cr_uid != cr->cr_suid ||
1365 1418 s_cr->cr_gid != cr->cr_gid ||
1366 1419 s_cr->cr_gid != cr->cr_rgid ||
1367 1420 s_cr->cr_gid != cr->cr_sgid ||
1368 1421 (proc = ttoproc(curthread)) == NULL ||
1369 1422 (proc->p_flag & SNOCD)) {
1370 1423 if (mode & DTRACE_MODE_NOPRIV_DROP)
1371 1424 return (0);
1372 1425
1373 1426 mstate->dtms_access &= ~DTRACE_ACCESS_PROC;
1374 1427 }
1375 1428 }
1376 1429
1377 1430 /*
1378 1431 * If our dte_cond is set to DTRACE_COND_ZONEOWNER and we are not
1379 1432 * in our zone, check to see if our mode policy is to restrict rather
1380 1433 * than to drop; if to restrict, strip away both DTRACE_ACCESS_PROC
1381 1434 * and DTRACE_ACCESS_ARGS
1382 1435 */
1383 1436 if (ecb->dte_cond & DTRACE_COND_ZONEOWNER) {
1384 1437 cred_t *cr;
1385 1438 cred_t *s_cr = state->dts_cred.dcr_cred;
1386 1439
1387 1440 ASSERT(s_cr != NULL);
1388 1441
1389 1442 if ((cr = CRED()) == NULL ||
1390 1443 s_cr->cr_zone->zone_id != cr->cr_zone->zone_id) {
1391 1444 if (mode & DTRACE_MODE_NOPRIV_DROP)
1392 1445 return (0);
1393 1446
1394 1447 mstate->dtms_access &=
1395 1448 ~(DTRACE_ACCESS_PROC | DTRACE_ACCESS_ARGS);
1396 1449 }
1397 1450 }
1398 1451
1399 1452 /*
1400 1453 * By merits of being in this code path at all, we have limited
1401 1454 * privileges. If the provider has indicated that limited privileges
1402 1455 * are to denote restricted operation, strip off the ability to access
1403 1456 * arguments.
1404 1457 */
1405 1458 if (mode & DTRACE_MODE_LIMITEDPRIV_RESTRICT)
1406 1459 mstate->dtms_access &= ~DTRACE_ACCESS_ARGS;
1407 1460
1408 1461 return (1);
1409 1462 }
1410 1463
1411 1464 /*
1412 1465 * Note: not called from probe context. This function is called
1413 1466 * asynchronously (and at a regular interval) from outside of probe context to
1414 1467 * clean the dirty dynamic variable lists on all CPUs. Dynamic variable
1415 1468 * cleaning is explained in detail in <sys/dtrace_impl.h>.
1416 1469 */
1417 1470 void
1418 1471 dtrace_dynvar_clean(dtrace_dstate_t *dstate)
1419 1472 {
1420 1473 dtrace_dynvar_t *dirty;
1421 1474 dtrace_dstate_percpu_t *dcpu;
1422 1475 dtrace_dynvar_t **rinsep;
1423 1476 int i, j, work = 0;
1424 1477
1425 1478 for (i = 0; i < NCPU; i++) {
1426 1479 dcpu = &dstate->dtds_percpu[i];
1427 1480 rinsep = &dcpu->dtdsc_rinsing;
1428 1481
1429 1482 /*
1430 1483 * If the dirty list is NULL, there is no dirty work to do.
1431 1484 */
1432 1485 if (dcpu->dtdsc_dirty == NULL)
1433 1486 continue;
1434 1487
1435 1488 if (dcpu->dtdsc_rinsing != NULL) {
1436 1489 /*
1437 1490 * If the rinsing list is non-NULL, then it is because
1438 1491 * this CPU was selected to accept another CPU's
1439 1492 * dirty list -- and since that time, dirty buffers
1440 1493 * have accumulated. This is a highly unlikely
1441 1494 * condition, but we choose to ignore the dirty
1442 1495 * buffers -- they'll be picked up a future cleanse.
1443 1496 */
1444 1497 continue;
1445 1498 }
1446 1499
1447 1500 if (dcpu->dtdsc_clean != NULL) {
1448 1501 /*
1449 1502 * If the clean list is non-NULL, then we're in a
1450 1503 * situation where a CPU has done deallocations (we
1451 1504 * have a non-NULL dirty list) but no allocations (we
1452 1505 * also have a non-NULL clean list). We can't simply
1453 1506 * move the dirty list into the clean list on this
1454 1507 * CPU, yet we also don't want to allow this condition
1455 1508 * to persist, lest a short clean list prevent a
1456 1509 * massive dirty list from being cleaned (which in
1457 1510 * turn could lead to otherwise avoidable dynamic
1458 1511 * drops). To deal with this, we look for some CPU
1459 1512 * with a NULL clean list, NULL dirty list, and NULL
1460 1513 * rinsing list -- and then we borrow this CPU to
1461 1514 * rinse our dirty list.
1462 1515 */
1463 1516 for (j = 0; j < NCPU; j++) {
1464 1517 dtrace_dstate_percpu_t *rinser;
1465 1518
1466 1519 rinser = &dstate->dtds_percpu[j];
1467 1520
1468 1521 if (rinser->dtdsc_rinsing != NULL)
1469 1522 continue;
1470 1523
1471 1524 if (rinser->dtdsc_dirty != NULL)
1472 1525 continue;
1473 1526
1474 1527 if (rinser->dtdsc_clean != NULL)
1475 1528 continue;
1476 1529
1477 1530 rinsep = &rinser->dtdsc_rinsing;
1478 1531 break;
1479 1532 }
1480 1533
1481 1534 if (j == NCPU) {
1482 1535 /*
1483 1536 * We were unable to find another CPU that
1484 1537 * could accept this dirty list -- we are
1485 1538 * therefore unable to clean it now.
1486 1539 */
1487 1540 dtrace_dynvar_failclean++;
1488 1541 continue;
1489 1542 }
1490 1543 }
1491 1544
1492 1545 work = 1;
1493 1546
1494 1547 /*
1495 1548 * Atomically move the dirty list aside.
1496 1549 */
1497 1550 do {
1498 1551 dirty = dcpu->dtdsc_dirty;
1499 1552
1500 1553 /*
1501 1554 * Before we zap the dirty list, set the rinsing list.
1502 1555 * (This allows for a potential assertion in
1503 1556 * dtrace_dynvar(): if a free dynamic variable appears
1504 1557 * on a hash chain, either the dirty list or the
1505 1558 * rinsing list for some CPU must be non-NULL.)
1506 1559 */
1507 1560 *rinsep = dirty;
1508 1561 dtrace_membar_producer();
1509 1562 } while (dtrace_casptr(&dcpu->dtdsc_dirty,
1510 1563 dirty, NULL) != dirty);
1511 1564 }
1512 1565
1513 1566 if (!work) {
1514 1567 /*
1515 1568 * We have no work to do; we can simply return.
1516 1569 */
1517 1570 return;
1518 1571 }
1519 1572
1520 1573 dtrace_sync();
1521 1574
1522 1575 for (i = 0; i < NCPU; i++) {
1523 1576 dcpu = &dstate->dtds_percpu[i];
1524 1577
1525 1578 if (dcpu->dtdsc_rinsing == NULL)
1526 1579 continue;
1527 1580
1528 1581 /*
1529 1582 * We are now guaranteed that no hash chain contains a pointer
1530 1583 * into this dirty list; we can make it clean.
1531 1584 */
1532 1585 ASSERT(dcpu->dtdsc_clean == NULL);
1533 1586 dcpu->dtdsc_clean = dcpu->dtdsc_rinsing;
1534 1587 dcpu->dtdsc_rinsing = NULL;
1535 1588 }
1536 1589
1537 1590 /*
1538 1591 * Before we actually set the state to be DTRACE_DSTATE_CLEAN, make
1539 1592 * sure that all CPUs have seen all of the dtdsc_clean pointers.
1540 1593 * This prevents a race whereby a CPU incorrectly decides that
1541 1594 * the state should be something other than DTRACE_DSTATE_CLEAN
1542 1595 * after dtrace_dynvar_clean() has completed.
1543 1596 */
1544 1597 dtrace_sync();
1545 1598
1546 1599 dstate->dtds_state = DTRACE_DSTATE_CLEAN;
1547 1600 }
1548 1601
1549 1602 /*
1550 1603 * Depending on the value of the op parameter, this function looks-up,
1551 1604 * allocates or deallocates an arbitrarily-keyed dynamic variable. If an
1552 1605 * allocation is requested, this function will return a pointer to a
1553 1606 * dtrace_dynvar_t corresponding to the allocated variable -- or NULL if no
1554 1607 * variable can be allocated. If NULL is returned, the appropriate counter
1555 1608 * will be incremented.
1556 1609 */
1557 1610 dtrace_dynvar_t *
1558 1611 dtrace_dynvar(dtrace_dstate_t *dstate, uint_t nkeys,
1559 1612 dtrace_key_t *key, size_t dsize, dtrace_dynvar_op_t op,
1560 1613 dtrace_mstate_t *mstate, dtrace_vstate_t *vstate)
1561 1614 {
1562 1615 uint64_t hashval = DTRACE_DYNHASH_VALID;
1563 1616 dtrace_dynhash_t *hash = dstate->dtds_hash;
1564 1617 dtrace_dynvar_t *free, *new_free, *next, *dvar, *start, *prev = NULL;
1565 1618 processorid_t me = CPU->cpu_id, cpu = me;
1566 1619 dtrace_dstate_percpu_t *dcpu = &dstate->dtds_percpu[me];
1567 1620 size_t bucket, ksize;
1568 1621 size_t chunksize = dstate->dtds_chunksize;
1569 1622 uintptr_t kdata, lock, nstate;
1570 1623 uint_t i;
1571 1624
1572 1625 ASSERT(nkeys != 0);
1573 1626
1574 1627 /*
1575 1628 * Hash the key. As with aggregations, we use Jenkins' "One-at-a-time"
1576 1629 * algorithm. For the by-value portions, we perform the algorithm in
1577 1630 * 16-bit chunks (as opposed to 8-bit chunks). This speeds things up a
1578 1631 * bit, and seems to have only a minute effect on distribution. For
1579 1632 * the by-reference data, we perform "One-at-a-time" iterating (safely)
1580 1633 * over each referenced byte. It's painful to do this, but it's much
1581 1634 * better than pathological hash distribution. The efficacy of the
1582 1635 * hashing algorithm (and a comparison with other algorithms) may be
1583 1636 * found by running the ::dtrace_dynstat MDB dcmd.
1584 1637 */
1585 1638 for (i = 0; i < nkeys; i++) {
1586 1639 if (key[i].dttk_size == 0) {
1587 1640 uint64_t val = key[i].dttk_value;
1588 1641
1589 1642 hashval += (val >> 48) & 0xffff;
1590 1643 hashval += (hashval << 10);
1591 1644 hashval ^= (hashval >> 6);
1592 1645
1593 1646 hashval += (val >> 32) & 0xffff;
1594 1647 hashval += (hashval << 10);
1595 1648 hashval ^= (hashval >> 6);
1596 1649
1597 1650 hashval += (val >> 16) & 0xffff;
1598 1651 hashval += (hashval << 10);
1599 1652 hashval ^= (hashval >> 6);
1600 1653
1601 1654 hashval += val & 0xffff;
1602 1655 hashval += (hashval << 10);
1603 1656 hashval ^= (hashval >> 6);
1604 1657 } else {
1605 1658 /*
1606 1659 * This is incredibly painful, but it beats the hell
1607 1660 * out of the alternative.
1608 1661 */
1609 1662 uint64_t j, size = key[i].dttk_size;
1610 1663 uintptr_t base = (uintptr_t)key[i].dttk_value;
1611 1664
1612 1665 if (!dtrace_canload(base, size, mstate, vstate))
1613 1666 break;
1614 1667
1615 1668 for (j = 0; j < size; j++) {
1616 1669 hashval += dtrace_load8(base + j);
1617 1670 hashval += (hashval << 10);
1618 1671 hashval ^= (hashval >> 6);
1619 1672 }
1620 1673 }
1621 1674 }
1622 1675
1623 1676 if (DTRACE_CPUFLAG_ISSET(CPU_DTRACE_FAULT))
1624 1677 return (NULL);
1625 1678
1626 1679 hashval += (hashval << 3);
1627 1680 hashval ^= (hashval >> 11);
1628 1681 hashval += (hashval << 15);
1629 1682
1630 1683 /*
1631 1684 * There is a remote chance (ideally, 1 in 2^31) that our hashval
1632 1685 * comes out to be one of our two sentinel hash values. If this
1633 1686 * actually happens, we set the hashval to be a value known to be a
1634 1687 * non-sentinel value.
1635 1688 */
1636 1689 if (hashval == DTRACE_DYNHASH_FREE || hashval == DTRACE_DYNHASH_SINK)
1637 1690 hashval = DTRACE_DYNHASH_VALID;
1638 1691
1639 1692 /*
1640 1693 * Yes, it's painful to do a divide here. If the cycle count becomes
1641 1694 * important here, tricks can be pulled to reduce it. (However, it's
1642 1695 * critical that hash collisions be kept to an absolute minimum;
1643 1696 * they're much more painful than a divide.) It's better to have a
1644 1697 * solution that generates few collisions and still keeps things
1645 1698 * relatively simple.
1646 1699 */
1647 1700 bucket = hashval % dstate->dtds_hashsize;
1648 1701
1649 1702 if (op == DTRACE_DYNVAR_DEALLOC) {
1650 1703 volatile uintptr_t *lockp = &hash[bucket].dtdh_lock;
1651 1704
1652 1705 for (;;) {
1653 1706 while ((lock = *lockp) & 1)
1654 1707 continue;
1655 1708
1656 1709 if (dtrace_casptr((void *)lockp,
1657 1710 (void *)lock, (void *)(lock + 1)) == (void *)lock)
1658 1711 break;
1659 1712 }
1660 1713
1661 1714 dtrace_membar_producer();
1662 1715 }
1663 1716
1664 1717 top:
1665 1718 prev = NULL;
1666 1719 lock = hash[bucket].dtdh_lock;
1667 1720
1668 1721 dtrace_membar_consumer();
1669 1722
1670 1723 start = hash[bucket].dtdh_chain;
1671 1724 ASSERT(start != NULL && (start->dtdv_hashval == DTRACE_DYNHASH_SINK ||
1672 1725 start->dtdv_hashval != DTRACE_DYNHASH_FREE ||
1673 1726 op != DTRACE_DYNVAR_DEALLOC));
1674 1727
1675 1728 for (dvar = start; dvar != NULL; dvar = dvar->dtdv_next) {
1676 1729 dtrace_tuple_t *dtuple = &dvar->dtdv_tuple;
1677 1730 dtrace_key_t *dkey = &dtuple->dtt_key[0];
1678 1731
1679 1732 if (dvar->dtdv_hashval != hashval) {
1680 1733 if (dvar->dtdv_hashval == DTRACE_DYNHASH_SINK) {
1681 1734 /*
1682 1735 * We've reached the sink, and therefore the
1683 1736 * end of the hash chain; we can kick out of
1684 1737 * the loop knowing that we have seen a valid
1685 1738 * snapshot of state.
1686 1739 */
1687 1740 ASSERT(dvar->dtdv_next == NULL);
1688 1741 ASSERT(dvar == &dtrace_dynhash_sink);
1689 1742 break;
1690 1743 }
1691 1744
1692 1745 if (dvar->dtdv_hashval == DTRACE_DYNHASH_FREE) {
1693 1746 /*
1694 1747 * We've gone off the rails: somewhere along
1695 1748 * the line, one of the members of this hash
1696 1749 * chain was deleted. Note that we could also
1697 1750 * detect this by simply letting this loop run
1698 1751 * to completion, as we would eventually hit
1699 1752 * the end of the dirty list. However, we
1700 1753 * want to avoid running the length of the
1701 1754 * dirty list unnecessarily (it might be quite
1702 1755 * long), so we catch this as early as
1703 1756 * possible by detecting the hash marker. In
1704 1757 * this case, we simply set dvar to NULL and
1705 1758 * break; the conditional after the loop will
1706 1759 * send us back to top.
1707 1760 */
1708 1761 dvar = NULL;
1709 1762 break;
1710 1763 }
1711 1764
1712 1765 goto next;
1713 1766 }
1714 1767
1715 1768 if (dtuple->dtt_nkeys != nkeys)
1716 1769 goto next;
1717 1770
1718 1771 for (i = 0; i < nkeys; i++, dkey++) {
1719 1772 if (dkey->dttk_size != key[i].dttk_size)
1720 1773 goto next; /* size or type mismatch */
1721 1774
1722 1775 if (dkey->dttk_size != 0) {
1723 1776 if (dtrace_bcmp(
1724 1777 (void *)(uintptr_t)key[i].dttk_value,
1725 1778 (void *)(uintptr_t)dkey->dttk_value,
1726 1779 dkey->dttk_size))
1727 1780 goto next;
1728 1781 } else {
1729 1782 if (dkey->dttk_value != key[i].dttk_value)
1730 1783 goto next;
1731 1784 }
1732 1785 }
1733 1786
1734 1787 if (op != DTRACE_DYNVAR_DEALLOC)
1735 1788 return (dvar);
1736 1789
1737 1790 ASSERT(dvar->dtdv_next == NULL ||
1738 1791 dvar->dtdv_next->dtdv_hashval != DTRACE_DYNHASH_FREE);
1739 1792
1740 1793 if (prev != NULL) {
1741 1794 ASSERT(hash[bucket].dtdh_chain != dvar);
1742 1795 ASSERT(start != dvar);
1743 1796 ASSERT(prev->dtdv_next == dvar);
1744 1797 prev->dtdv_next = dvar->dtdv_next;
1745 1798 } else {
1746 1799 if (dtrace_casptr(&hash[bucket].dtdh_chain,
1747 1800 start, dvar->dtdv_next) != start) {
1748 1801 /*
1749 1802 * We have failed to atomically swing the
1750 1803 * hash table head pointer, presumably because
1751 1804 * of a conflicting allocation on another CPU.
1752 1805 * We need to reread the hash chain and try
1753 1806 * again.
1754 1807 */
1755 1808 goto top;
1756 1809 }
1757 1810 }
1758 1811
1759 1812 dtrace_membar_producer();
1760 1813
1761 1814 /*
1762 1815 * Now set the hash value to indicate that it's free.
1763 1816 */
1764 1817 ASSERT(hash[bucket].dtdh_chain != dvar);
1765 1818 dvar->dtdv_hashval = DTRACE_DYNHASH_FREE;
1766 1819
1767 1820 dtrace_membar_producer();
1768 1821
1769 1822 /*
1770 1823 * Set the next pointer to point at the dirty list, and
1771 1824 * atomically swing the dirty pointer to the newly freed dvar.
1772 1825 */
1773 1826 do {
1774 1827 next = dcpu->dtdsc_dirty;
1775 1828 dvar->dtdv_next = next;
1776 1829 } while (dtrace_casptr(&dcpu->dtdsc_dirty, next, dvar) != next);
1777 1830
1778 1831 /*
1779 1832 * Finally, unlock this hash bucket.
1780 1833 */
1781 1834 ASSERT(hash[bucket].dtdh_lock == lock);
1782 1835 ASSERT(lock & 1);
1783 1836 hash[bucket].dtdh_lock++;
1784 1837
1785 1838 return (NULL);
1786 1839 next:
1787 1840 prev = dvar;
1788 1841 continue;
1789 1842 }
1790 1843
1791 1844 if (dvar == NULL) {
1792 1845 /*
1793 1846 * If dvar is NULL, it is because we went off the rails:
1794 1847 * one of the elements that we traversed in the hash chain
1795 1848 * was deleted while we were traversing it. In this case,
1796 1849 * we assert that we aren't doing a dealloc (deallocs lock
1797 1850 * the hash bucket to prevent themselves from racing with
1798 1851 * one another), and retry the hash chain traversal.
1799 1852 */
1800 1853 ASSERT(op != DTRACE_DYNVAR_DEALLOC);
1801 1854 goto top;
1802 1855 }
1803 1856
1804 1857 if (op != DTRACE_DYNVAR_ALLOC) {
1805 1858 /*
1806 1859 * If we are not to allocate a new variable, we want to
1807 1860 * return NULL now. Before we return, check that the value
1808 1861 * of the lock word hasn't changed. If it has, we may have
1809 1862 * seen an inconsistent snapshot.
1810 1863 */
1811 1864 if (op == DTRACE_DYNVAR_NOALLOC) {
1812 1865 if (hash[bucket].dtdh_lock != lock)
1813 1866 goto top;
1814 1867 } else {
1815 1868 ASSERT(op == DTRACE_DYNVAR_DEALLOC);
1816 1869 ASSERT(hash[bucket].dtdh_lock == lock);
1817 1870 ASSERT(lock & 1);
1818 1871 hash[bucket].dtdh_lock++;
1819 1872 }
1820 1873
1821 1874 return (NULL);
1822 1875 }
1823 1876
1824 1877 /*
1825 1878 * We need to allocate a new dynamic variable. The size we need is the
1826 1879 * size of dtrace_dynvar plus the size of nkeys dtrace_key_t's plus the
1827 1880 * size of any auxiliary key data (rounded up to 8-byte alignment) plus
1828 1881 * the size of any referred-to data (dsize). We then round the final
1829 1882 * size up to the chunksize for allocation.
1830 1883 */
1831 1884 for (ksize = 0, i = 0; i < nkeys; i++)
1832 1885 ksize += P2ROUNDUP(key[i].dttk_size, sizeof (uint64_t));
1833 1886
1834 1887 /*
1835 1888 * This should be pretty much impossible, but could happen if, say,
1836 1889 * strange DIF specified the tuple. Ideally, this should be an
1837 1890 * assertion and not an error condition -- but that requires that the
1838 1891 * chunksize calculation in dtrace_difo_chunksize() be absolutely
1839 1892 * bullet-proof. (That is, it must not be able to be fooled by
1840 1893 * malicious DIF.) Given the lack of backwards branches in DIF,
1841 1894 * solving this would presumably not amount to solving the Halting
1842 1895 * Problem -- but it still seems awfully hard.
1843 1896 */
1844 1897 if (sizeof (dtrace_dynvar_t) + sizeof (dtrace_key_t) * (nkeys - 1) +
1845 1898 ksize + dsize > chunksize) {
1846 1899 dcpu->dtdsc_drops++;
1847 1900 return (NULL);
1848 1901 }
1849 1902
1850 1903 nstate = DTRACE_DSTATE_EMPTY;
1851 1904
1852 1905 do {
1853 1906 retry:
1854 1907 free = dcpu->dtdsc_free;
1855 1908
1856 1909 if (free == NULL) {
1857 1910 dtrace_dynvar_t *clean = dcpu->dtdsc_clean;
1858 1911 void *rval;
1859 1912
1860 1913 if (clean == NULL) {
1861 1914 /*
1862 1915 * We're out of dynamic variable space on
1863 1916 * this CPU. Unless we have tried all CPUs,
1864 1917 * we'll try to allocate from a different
1865 1918 * CPU.
1866 1919 */
1867 1920 switch (dstate->dtds_state) {
1868 1921 case DTRACE_DSTATE_CLEAN: {
1869 1922 void *sp = &dstate->dtds_state;
1870 1923
1871 1924 if (++cpu >= NCPU)
1872 1925 cpu = 0;
1873 1926
1874 1927 if (dcpu->dtdsc_dirty != NULL &&
1875 1928 nstate == DTRACE_DSTATE_EMPTY)
1876 1929 nstate = DTRACE_DSTATE_DIRTY;
1877 1930
1878 1931 if (dcpu->dtdsc_rinsing != NULL)
1879 1932 nstate = DTRACE_DSTATE_RINSING;
1880 1933
1881 1934 dcpu = &dstate->dtds_percpu[cpu];
1882 1935
1883 1936 if (cpu != me)
1884 1937 goto retry;
1885 1938
1886 1939 (void) dtrace_cas32(sp,
1887 1940 DTRACE_DSTATE_CLEAN, nstate);
1888 1941
1889 1942 /*
1890 1943 * To increment the correct bean
1891 1944 * counter, take another lap.
1892 1945 */
1893 1946 goto retry;
1894 1947 }
1895 1948
1896 1949 case DTRACE_DSTATE_DIRTY:
1897 1950 dcpu->dtdsc_dirty_drops++;
1898 1951 break;
1899 1952
1900 1953 case DTRACE_DSTATE_RINSING:
1901 1954 dcpu->dtdsc_rinsing_drops++;
1902 1955 break;
1903 1956
1904 1957 case DTRACE_DSTATE_EMPTY:
1905 1958 dcpu->dtdsc_drops++;
1906 1959 break;
1907 1960 }
1908 1961
1909 1962 DTRACE_CPUFLAG_SET(CPU_DTRACE_DROP);
1910 1963 return (NULL);
1911 1964 }
1912 1965
1913 1966 /*
1914 1967 * The clean list appears to be non-empty. We want to
1915 1968 * move the clean list to the free list; we start by
1916 1969 * moving the clean pointer aside.
1917 1970 */
1918 1971 if (dtrace_casptr(&dcpu->dtdsc_clean,
1919 1972 clean, NULL) != clean) {
1920 1973 /*
1921 1974 * We are in one of two situations:
1922 1975 *
1923 1976 * (a) The clean list was switched to the
1924 1977 * free list by another CPU.
1925 1978 *
1926 1979 * (b) The clean list was added to by the
1927 1980 * cleansing cyclic.
1928 1981 *
1929 1982 * In either of these situations, we can
1930 1983 * just reattempt the free list allocation.
1931 1984 */
1932 1985 goto retry;
1933 1986 }
1934 1987
1935 1988 ASSERT(clean->dtdv_hashval == DTRACE_DYNHASH_FREE);
1936 1989
1937 1990 /*
1938 1991 * Now we'll move the clean list to our free list.
1939 1992 * It's impossible for this to fail: the only way
1940 1993 * the free list can be updated is through this
1941 1994 * code path, and only one CPU can own the clean list.
1942 1995 * Thus, it would only be possible for this to fail if
1943 1996 * this code were racing with dtrace_dynvar_clean().
1944 1997 * (That is, if dtrace_dynvar_clean() updated the clean
1945 1998 * list, and we ended up racing to update the free
1946 1999 * list.) This race is prevented by the dtrace_sync()
1947 2000 * in dtrace_dynvar_clean() -- which flushes the
1948 2001 * owners of the clean lists out before resetting
1949 2002 * the clean lists.
1950 2003 */
1951 2004 dcpu = &dstate->dtds_percpu[me];
1952 2005 rval = dtrace_casptr(&dcpu->dtdsc_free, NULL, clean);
1953 2006 ASSERT(rval == NULL);
1954 2007 goto retry;
1955 2008 }
1956 2009
1957 2010 dvar = free;
1958 2011 new_free = dvar->dtdv_next;
1959 2012 } while (dtrace_casptr(&dcpu->dtdsc_free, free, new_free) != free);
1960 2013
1961 2014 /*
1962 2015 * We have now allocated a new chunk. We copy the tuple keys into the
1963 2016 * tuple array and copy any referenced key data into the data space
1964 2017 * following the tuple array. As we do this, we relocate dttk_value
1965 2018 * in the final tuple to point to the key data address in the chunk.
1966 2019 */
1967 2020 kdata = (uintptr_t)&dvar->dtdv_tuple.dtt_key[nkeys];
1968 2021 dvar->dtdv_data = (void *)(kdata + ksize);
1969 2022 dvar->dtdv_tuple.dtt_nkeys = nkeys;
1970 2023
1971 2024 for (i = 0; i < nkeys; i++) {
1972 2025 dtrace_key_t *dkey = &dvar->dtdv_tuple.dtt_key[i];
1973 2026 size_t kesize = key[i].dttk_size;
1974 2027
1975 2028 if (kesize != 0) {
1976 2029 dtrace_bcopy(
1977 2030 (const void *)(uintptr_t)key[i].dttk_value,
1978 2031 (void *)kdata, kesize);
1979 2032 dkey->dttk_value = kdata;
1980 2033 kdata += P2ROUNDUP(kesize, sizeof (uint64_t));
1981 2034 } else {
1982 2035 dkey->dttk_value = key[i].dttk_value;
1983 2036 }
1984 2037
1985 2038 dkey->dttk_size = kesize;
1986 2039 }
1987 2040
1988 2041 ASSERT(dvar->dtdv_hashval == DTRACE_DYNHASH_FREE);
1989 2042 dvar->dtdv_hashval = hashval;
1990 2043 dvar->dtdv_next = start;
1991 2044
1992 2045 if (dtrace_casptr(&hash[bucket].dtdh_chain, start, dvar) == start)
1993 2046 return (dvar);
1994 2047
1995 2048 /*
1996 2049 * The cas has failed. Either another CPU is adding an element to
1997 2050 * this hash chain, or another CPU is deleting an element from this
1998 2051 * hash chain. The simplest way to deal with both of these cases
1999 2052 * (though not necessarily the most efficient) is to free our
2000 2053 * allocated block and tail-call ourselves. Note that the free is
2001 2054 * to the dirty list and _not_ to the free list. This is to prevent
2002 2055 * races with allocators, above.
2003 2056 */
2004 2057 dvar->dtdv_hashval = DTRACE_DYNHASH_FREE;
2005 2058
2006 2059 dtrace_membar_producer();
2007 2060
2008 2061 do {
2009 2062 free = dcpu->dtdsc_dirty;
2010 2063 dvar->dtdv_next = free;
2011 2064 } while (dtrace_casptr(&dcpu->dtdsc_dirty, free, dvar) != free);
2012 2065
2013 2066 return (dtrace_dynvar(dstate, nkeys, key, dsize, op, mstate, vstate));
2014 2067 }
2015 2068
2016 2069 /*ARGSUSED*/
2017 2070 static void
2018 2071 dtrace_aggregate_min(uint64_t *oval, uint64_t nval, uint64_t arg)
2019 2072 {
2020 2073 if ((int64_t)nval < (int64_t)*oval)
2021 2074 *oval = nval;
2022 2075 }
2023 2076
2024 2077 /*ARGSUSED*/
2025 2078 static void
2026 2079 dtrace_aggregate_max(uint64_t *oval, uint64_t nval, uint64_t arg)
2027 2080 {
2028 2081 if ((int64_t)nval > (int64_t)*oval)
2029 2082 *oval = nval;
2030 2083 }
2031 2084
2032 2085 static void
2033 2086 dtrace_aggregate_quantize(uint64_t *quanta, uint64_t nval, uint64_t incr)
2034 2087 {
2035 2088 int i, zero = DTRACE_QUANTIZE_ZEROBUCKET;
2036 2089 int64_t val = (int64_t)nval;
2037 2090
2038 2091 if (val < 0) {
2039 2092 for (i = 0; i < zero; i++) {
2040 2093 if (val <= DTRACE_QUANTIZE_BUCKETVAL(i)) {
2041 2094 quanta[i] += incr;
2042 2095 return;
2043 2096 }
2044 2097 }
2045 2098 } else {
2046 2099 for (i = zero + 1; i < DTRACE_QUANTIZE_NBUCKETS; i++) {
2047 2100 if (val < DTRACE_QUANTIZE_BUCKETVAL(i)) {
2048 2101 quanta[i - 1] += incr;
2049 2102 return;
2050 2103 }
2051 2104 }
2052 2105
2053 2106 quanta[DTRACE_QUANTIZE_NBUCKETS - 1] += incr;
2054 2107 return;
2055 2108 }
2056 2109
2057 2110 ASSERT(0);
2058 2111 }
2059 2112
2060 2113 static void
2061 2114 dtrace_aggregate_lquantize(uint64_t *lquanta, uint64_t nval, uint64_t incr)
2062 2115 {
2063 2116 uint64_t arg = *lquanta++;
2064 2117 int32_t base = DTRACE_LQUANTIZE_BASE(arg);
2065 2118 uint16_t step = DTRACE_LQUANTIZE_STEP(arg);
2066 2119 uint16_t levels = DTRACE_LQUANTIZE_LEVELS(arg);
2067 2120 int32_t val = (int32_t)nval, level;
2068 2121
2069 2122 ASSERT(step != 0);
2070 2123 ASSERT(levels != 0);
2071 2124
2072 2125 if (val < base) {
2073 2126 /*
2074 2127 * This is an underflow.
2075 2128 */
2076 2129 lquanta[0] += incr;
2077 2130 return;
2078 2131 }
2079 2132
2080 2133 level = (val - base) / step;
2081 2134
2082 2135 if (level < levels) {
2083 2136 lquanta[level + 1] += incr;
2084 2137 return;
2085 2138 }
2086 2139
2087 2140 /*
2088 2141 * This is an overflow.
2089 2142 */
2090 2143 lquanta[levels + 1] += incr;
2091 2144 }
2092 2145
2093 2146 static int
2094 2147 dtrace_aggregate_llquantize_bucket(uint16_t factor, uint16_t low,
2095 2148 uint16_t high, uint16_t nsteps, int64_t value)
2096 2149 {
2097 2150 int64_t this = 1, last, next;
2098 2151 int base = 1, order;
2099 2152
2100 2153 ASSERT(factor <= nsteps);
2101 2154 ASSERT(nsteps % factor == 0);
2102 2155
2103 2156 for (order = 0; order < low; order++)
2104 2157 this *= factor;
2105 2158
2106 2159 /*
2107 2160 * If our value is less than our factor taken to the power of the
2108 2161 * low order of magnitude, it goes into the zeroth bucket.
2109 2162 */
2110 2163 if (value < (last = this))
2111 2164 return (0);
2112 2165
2113 2166 for (this *= factor; order <= high; order++) {
2114 2167 int nbuckets = this > nsteps ? nsteps : this;
2115 2168
2116 2169 if ((next = this * factor) < this) {
2117 2170 /*
2118 2171 * We should not generally get log/linear quantizations
2119 2172 * with a high magnitude that allows 64-bits to
2120 2173 * overflow, but we nonetheless protect against this
2121 2174 * by explicitly checking for overflow, and clamping
2122 2175 * our value accordingly.
2123 2176 */
2124 2177 value = this - 1;
2125 2178 }
2126 2179
2127 2180 if (value < this) {
2128 2181 /*
2129 2182 * If our value lies within this order of magnitude,
2130 2183 * determine its position by taking the offset within
2131 2184 * the order of magnitude, dividing by the bucket
2132 2185 * width, and adding to our (accumulated) base.
2133 2186 */
2134 2187 return (base + (value - last) / (this / nbuckets));
2135 2188 }
2136 2189
2137 2190 base += nbuckets - (nbuckets / factor);
2138 2191 last = this;
2139 2192 this = next;
2140 2193 }
2141 2194
2142 2195 /*
2143 2196 * Our value is greater than or equal to our factor taken to the
2144 2197 * power of one plus the high magnitude -- return the top bucket.
2145 2198 */
2146 2199 return (base);
2147 2200 }
2148 2201
2149 2202 static void
2150 2203 dtrace_aggregate_llquantize(uint64_t *llquanta, uint64_t nval, uint64_t incr)
2151 2204 {
2152 2205 uint64_t arg = *llquanta++;
2153 2206 uint16_t factor = DTRACE_LLQUANTIZE_FACTOR(arg);
2154 2207 uint16_t low = DTRACE_LLQUANTIZE_LOW(arg);
2155 2208 uint16_t high = DTRACE_LLQUANTIZE_HIGH(arg);
2156 2209 uint16_t nsteps = DTRACE_LLQUANTIZE_NSTEP(arg);
2157 2210
2158 2211 llquanta[dtrace_aggregate_llquantize_bucket(factor,
2159 2212 low, high, nsteps, nval)] += incr;
2160 2213 }
2161 2214
2162 2215 /*ARGSUSED*/
2163 2216 static void
2164 2217 dtrace_aggregate_avg(uint64_t *data, uint64_t nval, uint64_t arg)
2165 2218 {
2166 2219 data[0]++;
2167 2220 data[1] += nval;
2168 2221 }
2169 2222
2170 2223 /*ARGSUSED*/
2171 2224 static void
2172 2225 dtrace_aggregate_stddev(uint64_t *data, uint64_t nval, uint64_t arg)
2173 2226 {
2174 2227 int64_t snval = (int64_t)nval;
2175 2228 uint64_t tmp[2];
2176 2229
2177 2230 data[0]++;
2178 2231 data[1] += nval;
2179 2232
2180 2233 /*
2181 2234 * What we want to say here is:
2182 2235 *
2183 2236 * data[2] += nval * nval;
2184 2237 *
2185 2238 * But given that nval is 64-bit, we could easily overflow, so
2186 2239 * we do this as 128-bit arithmetic.
2187 2240 */
2188 2241 if (snval < 0)
2189 2242 snval = -snval;
2190 2243
2191 2244 dtrace_multiply_128((uint64_t)snval, (uint64_t)snval, tmp);
2192 2245 dtrace_add_128(data + 2, tmp, data + 2);
2193 2246 }
2194 2247
2195 2248 /*ARGSUSED*/
2196 2249 static void
2197 2250 dtrace_aggregate_count(uint64_t *oval, uint64_t nval, uint64_t arg)
2198 2251 {
2199 2252 *oval = *oval + 1;
2200 2253 }
2201 2254
2202 2255 /*ARGSUSED*/
2203 2256 static void
2204 2257 dtrace_aggregate_sum(uint64_t *oval, uint64_t nval, uint64_t arg)
2205 2258 {
2206 2259 *oval += nval;
2207 2260 }
2208 2261
2209 2262 /*
2210 2263 * Aggregate given the tuple in the principal data buffer, and the aggregating
2211 2264 * action denoted by the specified dtrace_aggregation_t. The aggregation
2212 2265 * buffer is specified as the buf parameter. This routine does not return
2213 2266 * failure; if there is no space in the aggregation buffer, the data will be
2214 2267 * dropped, and a corresponding counter incremented.
2215 2268 */
2216 2269 static void
2217 2270 dtrace_aggregate(dtrace_aggregation_t *agg, dtrace_buffer_t *dbuf,
2218 2271 intptr_t offset, dtrace_buffer_t *buf, uint64_t expr, uint64_t arg)
2219 2272 {
2220 2273 dtrace_recdesc_t *rec = &agg->dtag_action.dta_rec;
2221 2274 uint32_t i, ndx, size, fsize;
2222 2275 uint32_t align = sizeof (uint64_t) - 1;
2223 2276 dtrace_aggbuffer_t *agb;
2224 2277 dtrace_aggkey_t *key;
2225 2278 uint32_t hashval = 0, limit, isstr;
2226 2279 caddr_t tomax, data, kdata;
2227 2280 dtrace_actkind_t action;
2228 2281 dtrace_action_t *act;
2229 2282 uintptr_t offs;
2230 2283
2231 2284 if (buf == NULL)
2232 2285 return;
2233 2286
2234 2287 if (!agg->dtag_hasarg) {
2235 2288 /*
2236 2289 * Currently, only quantize() and lquantize() take additional
2237 2290 * arguments, and they have the same semantics: an increment
2238 2291 * value that defaults to 1 when not present. If additional
2239 2292 * aggregating actions take arguments, the setting of the
2240 2293 * default argument value will presumably have to become more
2241 2294 * sophisticated...
2242 2295 */
2243 2296 arg = 1;
2244 2297 }
2245 2298
2246 2299 action = agg->dtag_action.dta_kind - DTRACEACT_AGGREGATION;
2247 2300 size = rec->dtrd_offset - agg->dtag_base;
2248 2301 fsize = size + rec->dtrd_size;
2249 2302
2250 2303 ASSERT(dbuf->dtb_tomax != NULL);
2251 2304 data = dbuf->dtb_tomax + offset + agg->dtag_base;
2252 2305
2253 2306 if ((tomax = buf->dtb_tomax) == NULL) {
2254 2307 dtrace_buffer_drop(buf);
2255 2308 return;
2256 2309 }
2257 2310
2258 2311 /*
2259 2312 * The metastructure is always at the bottom of the buffer.
2260 2313 */
2261 2314 agb = (dtrace_aggbuffer_t *)(tomax + buf->dtb_size -
2262 2315 sizeof (dtrace_aggbuffer_t));
2263 2316
2264 2317 if (buf->dtb_offset == 0) {
2265 2318 /*
2266 2319 * We just kludge up approximately 1/8th of the size to be
2267 2320 * buckets. If this guess ends up being routinely
2268 2321 * off-the-mark, we may need to dynamically readjust this
2269 2322 * based on past performance.
2270 2323 */
2271 2324 uintptr_t hashsize = (buf->dtb_size >> 3) / sizeof (uintptr_t);
2272 2325
2273 2326 if ((uintptr_t)agb - hashsize * sizeof (dtrace_aggkey_t *) <
2274 2327 (uintptr_t)tomax || hashsize == 0) {
2275 2328 /*
2276 2329 * We've been given a ludicrously small buffer;
2277 2330 * increment our drop count and leave.
2278 2331 */
2279 2332 dtrace_buffer_drop(buf);
2280 2333 return;
2281 2334 }
2282 2335
2283 2336 /*
2284 2337 * And now, a pathetic attempt to try to get a an odd (or
2285 2338 * perchance, a prime) hash size for better hash distribution.
2286 2339 */
2287 2340 if (hashsize > (DTRACE_AGGHASHSIZE_SLEW << 3))
2288 2341 hashsize -= DTRACE_AGGHASHSIZE_SLEW;
2289 2342
2290 2343 agb->dtagb_hashsize = hashsize;
2291 2344 agb->dtagb_hash = (dtrace_aggkey_t **)((uintptr_t)agb -
2292 2345 agb->dtagb_hashsize * sizeof (dtrace_aggkey_t *));
2293 2346 agb->dtagb_free = (uintptr_t)agb->dtagb_hash;
2294 2347
2295 2348 for (i = 0; i < agb->dtagb_hashsize; i++)
2296 2349 agb->dtagb_hash[i] = NULL;
2297 2350 }
2298 2351
2299 2352 ASSERT(agg->dtag_first != NULL);
2300 2353 ASSERT(agg->dtag_first->dta_intuple);
2301 2354
2302 2355 /*
2303 2356 * Calculate the hash value based on the key. Note that we _don't_
2304 2357 * include the aggid in the hashing (but we will store it as part of
2305 2358 * the key). The hashing algorithm is Bob Jenkins' "One-at-a-time"
2306 2359 * algorithm: a simple, quick algorithm that has no known funnels, and
2307 2360 * gets good distribution in practice. The efficacy of the hashing
2308 2361 * algorithm (and a comparison with other algorithms) may be found by
2309 2362 * running the ::dtrace_aggstat MDB dcmd.
2310 2363 */
2311 2364 for (act = agg->dtag_first; act->dta_intuple; act = act->dta_next) {
2312 2365 i = act->dta_rec.dtrd_offset - agg->dtag_base;
2313 2366 limit = i + act->dta_rec.dtrd_size;
2314 2367 ASSERT(limit <= size);
2315 2368 isstr = DTRACEACT_ISSTRING(act);
2316 2369
2317 2370 for (; i < limit; i++) {
2318 2371 hashval += data[i];
2319 2372 hashval += (hashval << 10);
2320 2373 hashval ^= (hashval >> 6);
2321 2374
2322 2375 if (isstr && data[i] == '\0')
2323 2376 break;
2324 2377 }
2325 2378 }
2326 2379
2327 2380 hashval += (hashval << 3);
2328 2381 hashval ^= (hashval >> 11);
2329 2382 hashval += (hashval << 15);
2330 2383
2331 2384 /*
2332 2385 * Yes, the divide here is expensive -- but it's generally the least
2333 2386 * of the performance issues given the amount of data that we iterate
2334 2387 * over to compute hash values, compare data, etc.
2335 2388 */
2336 2389 ndx = hashval % agb->dtagb_hashsize;
2337 2390
2338 2391 for (key = agb->dtagb_hash[ndx]; key != NULL; key = key->dtak_next) {
2339 2392 ASSERT((caddr_t)key >= tomax);
2340 2393 ASSERT((caddr_t)key < tomax + buf->dtb_size);
2341 2394
2342 2395 if (hashval != key->dtak_hashval || key->dtak_size != size)
2343 2396 continue;
2344 2397
2345 2398 kdata = key->dtak_data;
2346 2399 ASSERT(kdata >= tomax && kdata < tomax + buf->dtb_size);
2347 2400
2348 2401 for (act = agg->dtag_first; act->dta_intuple;
2349 2402 act = act->dta_next) {
2350 2403 i = act->dta_rec.dtrd_offset - agg->dtag_base;
2351 2404 limit = i + act->dta_rec.dtrd_size;
2352 2405 ASSERT(limit <= size);
2353 2406 isstr = DTRACEACT_ISSTRING(act);
2354 2407
2355 2408 for (; i < limit; i++) {
2356 2409 if (kdata[i] != data[i])
2357 2410 goto next;
2358 2411
2359 2412 if (isstr && data[i] == '\0')
2360 2413 break;
2361 2414 }
2362 2415 }
2363 2416
2364 2417 if (action != key->dtak_action) {
2365 2418 /*
2366 2419 * We are aggregating on the same value in the same
2367 2420 * aggregation with two different aggregating actions.
2368 2421 * (This should have been picked up in the compiler,
2369 2422 * so we may be dealing with errant or devious DIF.)
2370 2423 * This is an error condition; we indicate as much,
2371 2424 * and return.
2372 2425 */
2373 2426 DTRACE_CPUFLAG_SET(CPU_DTRACE_ILLOP);
2374 2427 return;
2375 2428 }
2376 2429
2377 2430 /*
2378 2431 * This is a hit: we need to apply the aggregator to
2379 2432 * the value at this key.
2380 2433 */
2381 2434 agg->dtag_aggregate((uint64_t *)(kdata + size), expr, arg);
2382 2435 return;
2383 2436 next:
2384 2437 continue;
2385 2438 }
2386 2439
2387 2440 /*
2388 2441 * We didn't find it. We need to allocate some zero-filled space,
2389 2442 * link it into the hash table appropriately, and apply the aggregator
2390 2443 * to the (zero-filled) value.
2391 2444 */
2392 2445 offs = buf->dtb_offset;
2393 2446 while (offs & (align - 1))
2394 2447 offs += sizeof (uint32_t);
2395 2448
2396 2449 /*
2397 2450 * If we don't have enough room to both allocate a new key _and_
2398 2451 * its associated data, increment the drop count and return.
2399 2452 */
2400 2453 if ((uintptr_t)tomax + offs + fsize >
2401 2454 agb->dtagb_free - sizeof (dtrace_aggkey_t)) {
2402 2455 dtrace_buffer_drop(buf);
2403 2456 return;
2404 2457 }
2405 2458
2406 2459 /*CONSTCOND*/
2407 2460 ASSERT(!(sizeof (dtrace_aggkey_t) & (sizeof (uintptr_t) - 1)));
2408 2461 key = (dtrace_aggkey_t *)(agb->dtagb_free - sizeof (dtrace_aggkey_t));
2409 2462 agb->dtagb_free -= sizeof (dtrace_aggkey_t);
2410 2463
2411 2464 key->dtak_data = kdata = tomax + offs;
2412 2465 buf->dtb_offset = offs + fsize;
2413 2466
2414 2467 /*
2415 2468 * Now copy the data across.
2416 2469 */
2417 2470 *((dtrace_aggid_t *)kdata) = agg->dtag_id;
2418 2471
2419 2472 for (i = sizeof (dtrace_aggid_t); i < size; i++)
2420 2473 kdata[i] = data[i];
2421 2474
2422 2475 /*
2423 2476 * Because strings are not zeroed out by default, we need to iterate
2424 2477 * looking for actions that store strings, and we need to explicitly
2425 2478 * pad these strings out with zeroes.
2426 2479 */
2427 2480 for (act = agg->dtag_first; act->dta_intuple; act = act->dta_next) {
2428 2481 int nul;
2429 2482
2430 2483 if (!DTRACEACT_ISSTRING(act))
2431 2484 continue;
2432 2485
2433 2486 i = act->dta_rec.dtrd_offset - agg->dtag_base;
2434 2487 limit = i + act->dta_rec.dtrd_size;
2435 2488 ASSERT(limit <= size);
2436 2489
2437 2490 for (nul = 0; i < limit; i++) {
2438 2491 if (nul) {
2439 2492 kdata[i] = '\0';
2440 2493 continue;
2441 2494 }
2442 2495
2443 2496 if (data[i] != '\0')
2444 2497 continue;
2445 2498
2446 2499 nul = 1;
2447 2500 }
2448 2501 }
2449 2502
2450 2503 for (i = size; i < fsize; i++)
2451 2504 kdata[i] = 0;
2452 2505
2453 2506 key->dtak_hashval = hashval;
2454 2507 key->dtak_size = size;
2455 2508 key->dtak_action = action;
2456 2509 key->dtak_next = agb->dtagb_hash[ndx];
2457 2510 agb->dtagb_hash[ndx] = key;
2458 2511
2459 2512 /*
2460 2513 * Finally, apply the aggregator.
2461 2514 */
2462 2515 *((uint64_t *)(key->dtak_data + size)) = agg->dtag_initial;
2463 2516 agg->dtag_aggregate((uint64_t *)(key->dtak_data + size), expr, arg);
2464 2517 }
2465 2518
2466 2519 /*
2467 2520 * Given consumer state, this routine finds a speculation in the INACTIVE
2468 2521 * state and transitions it into the ACTIVE state. If there is no speculation
2469 2522 * in the INACTIVE state, 0 is returned. In this case, no error counter is
2470 2523 * incremented -- it is up to the caller to take appropriate action.
2471 2524 */
2472 2525 static int
2473 2526 dtrace_speculation(dtrace_state_t *state)
2474 2527 {
2475 2528 int i = 0;
2476 2529 dtrace_speculation_state_t current;
2477 2530 uint32_t *stat = &state->dts_speculations_unavail, count;
2478 2531
2479 2532 while (i < state->dts_nspeculations) {
2480 2533 dtrace_speculation_t *spec = &state->dts_speculations[i];
2481 2534
2482 2535 current = spec->dtsp_state;
2483 2536
2484 2537 if (current != DTRACESPEC_INACTIVE) {
2485 2538 if (current == DTRACESPEC_COMMITTINGMANY ||
2486 2539 current == DTRACESPEC_COMMITTING ||
2487 2540 current == DTRACESPEC_DISCARDING)
2488 2541 stat = &state->dts_speculations_busy;
2489 2542 i++;
2490 2543 continue;
2491 2544 }
2492 2545
2493 2546 if (dtrace_cas32((uint32_t *)&spec->dtsp_state,
2494 2547 current, DTRACESPEC_ACTIVE) == current)
2495 2548 return (i + 1);
2496 2549 }
2497 2550
2498 2551 /*
2499 2552 * We couldn't find a speculation. If we found as much as a single
2500 2553 * busy speculation buffer, we'll attribute this failure as "busy"
2501 2554 * instead of "unavail".
2502 2555 */
2503 2556 do {
2504 2557 count = *stat;
2505 2558 } while (dtrace_cas32(stat, count, count + 1) != count);
2506 2559
2507 2560 return (0);
2508 2561 }
2509 2562
2510 2563 /*
2511 2564 * This routine commits an active speculation. If the specified speculation
2512 2565 * is not in a valid state to perform a commit(), this routine will silently do
2513 2566 * nothing. The state of the specified speculation is transitioned according
2514 2567 * to the state transition diagram outlined in <sys/dtrace_impl.h>
2515 2568 */
2516 2569 static void
2517 2570 dtrace_speculation_commit(dtrace_state_t *state, processorid_t cpu,
2518 2571 dtrace_specid_t which)
2519 2572 {
2520 2573 dtrace_speculation_t *spec;
2521 2574 dtrace_buffer_t *src, *dest;
2522 2575 uintptr_t daddr, saddr, dlimit, slimit;
2523 2576 dtrace_speculation_state_t current, new;
2524 2577 intptr_t offs;
2525 2578 uint64_t timestamp;
2526 2579
2527 2580 if (which == 0)
2528 2581 return;
2529 2582
2530 2583 if (which > state->dts_nspeculations) {
2531 2584 cpu_core[cpu].cpuc_dtrace_flags |= CPU_DTRACE_ILLOP;
2532 2585 return;
2533 2586 }
2534 2587
2535 2588 spec = &state->dts_speculations[which - 1];
2536 2589 src = &spec->dtsp_buffer[cpu];
2537 2590 dest = &state->dts_buffer[cpu];
2538 2591
2539 2592 do {
2540 2593 current = spec->dtsp_state;
2541 2594
2542 2595 if (current == DTRACESPEC_COMMITTINGMANY)
2543 2596 break;
2544 2597
2545 2598 switch (current) {
2546 2599 case DTRACESPEC_INACTIVE:
2547 2600 case DTRACESPEC_DISCARDING:
2548 2601 return;
2549 2602
2550 2603 case DTRACESPEC_COMMITTING:
2551 2604 /*
2552 2605 * This is only possible if we are (a) commit()'ing
2553 2606 * without having done a prior speculate() on this CPU
2554 2607 * and (b) racing with another commit() on a different
2555 2608 * CPU. There's nothing to do -- we just assert that
2556 2609 * our offset is 0.
2557 2610 */
2558 2611 ASSERT(src->dtb_offset == 0);
2559 2612 return;
2560 2613
2561 2614 case DTRACESPEC_ACTIVE:
2562 2615 new = DTRACESPEC_COMMITTING;
2563 2616 break;
2564 2617
2565 2618 case DTRACESPEC_ACTIVEONE:
2566 2619 /*
2567 2620 * This speculation is active on one CPU. If our
2568 2621 * buffer offset is non-zero, we know that the one CPU
2569 2622 * must be us. Otherwise, we are committing on a
2570 2623 * different CPU from the speculate(), and we must
2571 2624 * rely on being asynchronously cleaned.
2572 2625 */
2573 2626 if (src->dtb_offset != 0) {
2574 2627 new = DTRACESPEC_COMMITTING;
2575 2628 break;
2576 2629 }
2577 2630 /*FALLTHROUGH*/
2578 2631
2579 2632 case DTRACESPEC_ACTIVEMANY:
2580 2633 new = DTRACESPEC_COMMITTINGMANY;
2581 2634 break;
2582 2635
2583 2636 default:
2584 2637 ASSERT(0);
2585 2638 }
2586 2639 } while (dtrace_cas32((uint32_t *)&spec->dtsp_state,
2587 2640 current, new) != current);
2588 2641
2589 2642 /*
2590 2643 * We have set the state to indicate that we are committing this
2591 2644 * speculation. Now reserve the necessary space in the destination
2592 2645 * buffer.
2593 2646 */
2594 2647 if ((offs = dtrace_buffer_reserve(dest, src->dtb_offset,
2595 2648 sizeof (uint64_t), state, NULL)) < 0) {
2596 2649 dtrace_buffer_drop(dest);
2597 2650 goto out;
2598 2651 }
2599 2652
2600 2653 /*
2601 2654 * We have sufficient space to copy the speculative buffer into the
2602 2655 * primary buffer. First, modify the speculative buffer, filling
2603 2656 * in the timestamp of all entries with the current time. The data
2604 2657 * must have the commit() time rather than the time it was traced,
2605 2658 * so that all entries in the primary buffer are in timestamp order.
2606 2659 */
2607 2660 timestamp = dtrace_gethrtime();
2608 2661 saddr = (uintptr_t)src->dtb_tomax;
2609 2662 slimit = saddr + src->dtb_offset;
2610 2663 while (saddr < slimit) {
2611 2664 size_t size;
2612 2665 dtrace_rechdr_t *dtrh = (dtrace_rechdr_t *)saddr;
2613 2666
2614 2667 if (dtrh->dtrh_epid == DTRACE_EPIDNONE) {
2615 2668 saddr += sizeof (dtrace_epid_t);
2616 2669 continue;
2617 2670 }
2618 2671 ASSERT3U(dtrh->dtrh_epid, <=, state->dts_necbs);
2619 2672 size = state->dts_ecbs[dtrh->dtrh_epid - 1]->dte_size;
2620 2673
2621 2674 ASSERT3U(saddr + size, <=, slimit);
2622 2675 ASSERT3U(size, >=, sizeof (dtrace_rechdr_t));
2623 2676 ASSERT3U(DTRACE_RECORD_LOAD_TIMESTAMP(dtrh), ==, UINT64_MAX);
2624 2677
2625 2678 DTRACE_RECORD_STORE_TIMESTAMP(dtrh, timestamp);
2626 2679
2627 2680 saddr += size;
2628 2681 }
2629 2682
2630 2683 /*
2631 2684 * Copy the buffer across. (Note that this is a
2632 2685 * highly subobtimal bcopy(); in the unlikely event that this becomes
2633 2686 * a serious performance issue, a high-performance DTrace-specific
2634 2687 * bcopy() should obviously be invented.)
2635 2688 */
2636 2689 daddr = (uintptr_t)dest->dtb_tomax + offs;
2637 2690 dlimit = daddr + src->dtb_offset;
2638 2691 saddr = (uintptr_t)src->dtb_tomax;
2639 2692
2640 2693 /*
2641 2694 * First, the aligned portion.
2642 2695 */
2643 2696 while (dlimit - daddr >= sizeof (uint64_t)) {
2644 2697 *((uint64_t *)daddr) = *((uint64_t *)saddr);
2645 2698
2646 2699 daddr += sizeof (uint64_t);
2647 2700 saddr += sizeof (uint64_t);
2648 2701 }
2649 2702
2650 2703 /*
2651 2704 * Now any left-over bit...
2652 2705 */
2653 2706 while (dlimit - daddr)
2654 2707 *((uint8_t *)daddr++) = *((uint8_t *)saddr++);
2655 2708
2656 2709 /*
2657 2710 * Finally, commit the reserved space in the destination buffer.
2658 2711 */
2659 2712 dest->dtb_offset = offs + src->dtb_offset;
2660 2713
2661 2714 out:
2662 2715 /*
2663 2716 * If we're lucky enough to be the only active CPU on this speculation
2664 2717 * buffer, we can just set the state back to DTRACESPEC_INACTIVE.
2665 2718 */
2666 2719 if (current == DTRACESPEC_ACTIVE ||
2667 2720 (current == DTRACESPEC_ACTIVEONE && new == DTRACESPEC_COMMITTING)) {
2668 2721 uint32_t rval = dtrace_cas32((uint32_t *)&spec->dtsp_state,
2669 2722 DTRACESPEC_COMMITTING, DTRACESPEC_INACTIVE);
2670 2723
2671 2724 ASSERT(rval == DTRACESPEC_COMMITTING);
2672 2725 }
2673 2726
2674 2727 src->dtb_offset = 0;
2675 2728 src->dtb_xamot_drops += src->dtb_drops;
2676 2729 src->dtb_drops = 0;
2677 2730 }
2678 2731
2679 2732 /*
2680 2733 * This routine discards an active speculation. If the specified speculation
2681 2734 * is not in a valid state to perform a discard(), this routine will silently
2682 2735 * do nothing. The state of the specified speculation is transitioned
2683 2736 * according to the state transition diagram outlined in <sys/dtrace_impl.h>
2684 2737 */
2685 2738 static void
2686 2739 dtrace_speculation_discard(dtrace_state_t *state, processorid_t cpu,
2687 2740 dtrace_specid_t which)
2688 2741 {
2689 2742 dtrace_speculation_t *spec;
2690 2743 dtrace_speculation_state_t current, new;
2691 2744 dtrace_buffer_t *buf;
2692 2745
2693 2746 if (which == 0)
2694 2747 return;
2695 2748
2696 2749 if (which > state->dts_nspeculations) {
2697 2750 cpu_core[cpu].cpuc_dtrace_flags |= CPU_DTRACE_ILLOP;
2698 2751 return;
2699 2752 }
2700 2753
2701 2754 spec = &state->dts_speculations[which - 1];
2702 2755 buf = &spec->dtsp_buffer[cpu];
2703 2756
2704 2757 do {
2705 2758 current = spec->dtsp_state;
2706 2759
2707 2760 switch (current) {
2708 2761 case DTRACESPEC_INACTIVE:
2709 2762 case DTRACESPEC_COMMITTINGMANY:
2710 2763 case DTRACESPEC_COMMITTING:
2711 2764 case DTRACESPEC_DISCARDING:
2712 2765 return;
2713 2766
2714 2767 case DTRACESPEC_ACTIVE:
2715 2768 case DTRACESPEC_ACTIVEMANY:
2716 2769 new = DTRACESPEC_DISCARDING;
2717 2770 break;
2718 2771
2719 2772 case DTRACESPEC_ACTIVEONE:
2720 2773 if (buf->dtb_offset != 0) {
2721 2774 new = DTRACESPEC_INACTIVE;
2722 2775 } else {
2723 2776 new = DTRACESPEC_DISCARDING;
2724 2777 }
2725 2778 break;
2726 2779
2727 2780 default:
2728 2781 ASSERT(0);
2729 2782 }
2730 2783 } while (dtrace_cas32((uint32_t *)&spec->dtsp_state,
2731 2784 current, new) != current);
2732 2785
2733 2786 buf->dtb_offset = 0;
2734 2787 buf->dtb_drops = 0;
2735 2788 }
2736 2789
2737 2790 /*
2738 2791 * Note: not called from probe context. This function is called
2739 2792 * asynchronously from cross call context to clean any speculations that are
2740 2793 * in the COMMITTINGMANY or DISCARDING states. These speculations may not be
2741 2794 * transitioned back to the INACTIVE state until all CPUs have cleaned the
2742 2795 * speculation.
2743 2796 */
2744 2797 static void
2745 2798 dtrace_speculation_clean_here(dtrace_state_t *state)
2746 2799 {
2747 2800 dtrace_icookie_t cookie;
2748 2801 processorid_t cpu = CPU->cpu_id;
2749 2802 dtrace_buffer_t *dest = &state->dts_buffer[cpu];
2750 2803 dtrace_specid_t i;
2751 2804
2752 2805 cookie = dtrace_interrupt_disable();
2753 2806
2754 2807 if (dest->dtb_tomax == NULL) {
2755 2808 dtrace_interrupt_enable(cookie);
2756 2809 return;
2757 2810 }
2758 2811
2759 2812 for (i = 0; i < state->dts_nspeculations; i++) {
2760 2813 dtrace_speculation_t *spec = &state->dts_speculations[i];
2761 2814 dtrace_buffer_t *src = &spec->dtsp_buffer[cpu];
2762 2815
2763 2816 if (src->dtb_tomax == NULL)
2764 2817 continue;
2765 2818
2766 2819 if (spec->dtsp_state == DTRACESPEC_DISCARDING) {
2767 2820 src->dtb_offset = 0;
2768 2821 continue;
2769 2822 }
2770 2823
2771 2824 if (spec->dtsp_state != DTRACESPEC_COMMITTINGMANY)
2772 2825 continue;
2773 2826
2774 2827 if (src->dtb_offset == 0)
2775 2828 continue;
2776 2829
2777 2830 dtrace_speculation_commit(state, cpu, i + 1);
2778 2831 }
2779 2832
2780 2833 dtrace_interrupt_enable(cookie);
2781 2834 }
2782 2835
2783 2836 /*
2784 2837 * Note: not called from probe context. This function is called
2785 2838 * asynchronously (and at a regular interval) to clean any speculations that
2786 2839 * are in the COMMITTINGMANY or DISCARDING states. If it discovers that there
2787 2840 * is work to be done, it cross calls all CPUs to perform that work;
2788 2841 * COMMITMANY and DISCARDING speculations may not be transitioned back to the
2789 2842 * INACTIVE state until they have been cleaned by all CPUs.
2790 2843 */
2791 2844 static void
2792 2845 dtrace_speculation_clean(dtrace_state_t *state)
2793 2846 {
2794 2847 int work = 0, rv;
2795 2848 dtrace_specid_t i;
2796 2849
2797 2850 for (i = 0; i < state->dts_nspeculations; i++) {
2798 2851 dtrace_speculation_t *spec = &state->dts_speculations[i];
2799 2852
2800 2853 ASSERT(!spec->dtsp_cleaning);
2801 2854
2802 2855 if (spec->dtsp_state != DTRACESPEC_DISCARDING &&
2803 2856 spec->dtsp_state != DTRACESPEC_COMMITTINGMANY)
2804 2857 continue;
2805 2858
2806 2859 work++;
2807 2860 spec->dtsp_cleaning = 1;
2808 2861 }
2809 2862
2810 2863 if (!work)
2811 2864 return;
2812 2865
2813 2866 dtrace_xcall(DTRACE_CPUALL,
2814 2867 (dtrace_xcall_t)dtrace_speculation_clean_here, state);
2815 2868
2816 2869 /*
2817 2870 * We now know that all CPUs have committed or discarded their
2818 2871 * speculation buffers, as appropriate. We can now set the state
2819 2872 * to inactive.
2820 2873 */
2821 2874 for (i = 0; i < state->dts_nspeculations; i++) {
2822 2875 dtrace_speculation_t *spec = &state->dts_speculations[i];
2823 2876 dtrace_speculation_state_t current, new;
2824 2877
2825 2878 if (!spec->dtsp_cleaning)
2826 2879 continue;
2827 2880
2828 2881 current = spec->dtsp_state;
2829 2882 ASSERT(current == DTRACESPEC_DISCARDING ||
2830 2883 current == DTRACESPEC_COMMITTINGMANY);
2831 2884
2832 2885 new = DTRACESPEC_INACTIVE;
2833 2886
2834 2887 rv = dtrace_cas32((uint32_t *)&spec->dtsp_state, current, new);
2835 2888 ASSERT(rv == current);
2836 2889 spec->dtsp_cleaning = 0;
2837 2890 }
2838 2891 }
2839 2892
2840 2893 /*
2841 2894 * Called as part of a speculate() to get the speculative buffer associated
2842 2895 * with a given speculation. Returns NULL if the specified speculation is not
2843 2896 * in an ACTIVE state. If the speculation is in the ACTIVEONE state -- and
2844 2897 * the active CPU is not the specified CPU -- the speculation will be
2845 2898 * atomically transitioned into the ACTIVEMANY state.
2846 2899 */
2847 2900 static dtrace_buffer_t *
2848 2901 dtrace_speculation_buffer(dtrace_state_t *state, processorid_t cpuid,
2849 2902 dtrace_specid_t which)
2850 2903 {
2851 2904 dtrace_speculation_t *spec;
2852 2905 dtrace_speculation_state_t current, new;
2853 2906 dtrace_buffer_t *buf;
2854 2907
2855 2908 if (which == 0)
2856 2909 return (NULL);
2857 2910
2858 2911 if (which > state->dts_nspeculations) {
2859 2912 cpu_core[cpuid].cpuc_dtrace_flags |= CPU_DTRACE_ILLOP;
2860 2913 return (NULL);
2861 2914 }
2862 2915
2863 2916 spec = &state->dts_speculations[which - 1];
2864 2917 buf = &spec->dtsp_buffer[cpuid];
2865 2918
2866 2919 do {
2867 2920 current = spec->dtsp_state;
2868 2921
2869 2922 switch (current) {
2870 2923 case DTRACESPEC_INACTIVE:
2871 2924 case DTRACESPEC_COMMITTINGMANY:
2872 2925 case DTRACESPEC_DISCARDING:
2873 2926 return (NULL);
2874 2927
2875 2928 case DTRACESPEC_COMMITTING:
2876 2929 ASSERT(buf->dtb_offset == 0);
2877 2930 return (NULL);
2878 2931
2879 2932 case DTRACESPEC_ACTIVEONE:
2880 2933 /*
2881 2934 * This speculation is currently active on one CPU.
2882 2935 * Check the offset in the buffer; if it's non-zero,
2883 2936 * that CPU must be us (and we leave the state alone).
2884 2937 * If it's zero, assume that we're starting on a new
2885 2938 * CPU -- and change the state to indicate that the
2886 2939 * speculation is active on more than one CPU.
2887 2940 */
2888 2941 if (buf->dtb_offset != 0)
2889 2942 return (buf);
2890 2943
2891 2944 new = DTRACESPEC_ACTIVEMANY;
2892 2945 break;
2893 2946
2894 2947 case DTRACESPEC_ACTIVEMANY:
2895 2948 return (buf);
2896 2949
2897 2950 case DTRACESPEC_ACTIVE:
2898 2951 new = DTRACESPEC_ACTIVEONE;
2899 2952 break;
2900 2953
2901 2954 default:
2902 2955 ASSERT(0);
2903 2956 }
2904 2957 } while (dtrace_cas32((uint32_t *)&spec->dtsp_state,
2905 2958 current, new) != current);
2906 2959
2907 2960 ASSERT(new == DTRACESPEC_ACTIVEONE || new == DTRACESPEC_ACTIVEMANY);
2908 2961 return (buf);
2909 2962 }
2910 2963
2911 2964 /*
2912 2965 * Return a string. In the event that the user lacks the privilege to access
2913 2966 * arbitrary kernel memory, we copy the string out to scratch memory so that we
2914 2967 * don't fail access checking.
2915 2968 *
2916 2969 * dtrace_dif_variable() uses this routine as a helper for various
2917 2970 * builtin values such as 'execname' and 'probefunc.'
2918 2971 */
2919 2972 uintptr_t
2920 2973 dtrace_dif_varstr(uintptr_t addr, dtrace_state_t *state,
2921 2974 dtrace_mstate_t *mstate)
2922 2975 {
2923 2976 uint64_t size = state->dts_options[DTRACEOPT_STRSIZE];
2924 2977 uintptr_t ret;
2925 2978 size_t strsz;
2926 2979
2927 2980 /*
2928 2981 * The easy case: this probe is allowed to read all of memory, so
2929 2982 * we can just return this as a vanilla pointer.
2930 2983 */
2931 2984 if ((mstate->dtms_access & DTRACE_ACCESS_KERNEL) != 0)
2932 2985 return (addr);
2933 2986
2934 2987 /*
2935 2988 * This is the tougher case: we copy the string in question from
2936 2989 * kernel memory into scratch memory and return it that way: this
2937 2990 * ensures that we won't trip up when access checking tests the
2938 2991 * BYREF return value.
2939 2992 */
2940 2993 strsz = dtrace_strlen((char *)addr, size) + 1;
2941 2994
2942 2995 if (mstate->dtms_scratch_ptr + strsz >
2943 2996 mstate->dtms_scratch_base + mstate->dtms_scratch_size) {
2944 2997 DTRACE_CPUFLAG_SET(CPU_DTRACE_NOSCRATCH);
2945 2998 return (NULL);
2946 2999 }
2947 3000
2948 3001 dtrace_strcpy((const void *)addr, (void *)mstate->dtms_scratch_ptr,
2949 3002 strsz);
2950 3003 ret = mstate->dtms_scratch_ptr;
2951 3004 mstate->dtms_scratch_ptr += strsz;
2952 3005 return (ret);
2953 3006 }
2954 3007
2955 3008 /*
2956 3009 * This function implements the DIF emulator's variable lookups. The emulator
2957 3010 * passes a reserved variable identifier and optional built-in array index.
2958 3011 */
2959 3012 static uint64_t
2960 3013 dtrace_dif_variable(dtrace_mstate_t *mstate, dtrace_state_t *state, uint64_t v,
2961 3014 uint64_t ndx)
2962 3015 {
2963 3016 /*
2964 3017 * If we're accessing one of the uncached arguments, we'll turn this
2965 3018 * into a reference in the args array.
2966 3019 */
2967 3020 if (v >= DIF_VAR_ARG0 && v <= DIF_VAR_ARG9) {
2968 3021 ndx = v - DIF_VAR_ARG0;
2969 3022 v = DIF_VAR_ARGS;
2970 3023 }
2971 3024
2972 3025 switch (v) {
2973 3026 case DIF_VAR_ARGS:
2974 3027 if (!(mstate->dtms_access & DTRACE_ACCESS_ARGS)) {
2975 3028 cpu_core[CPU->cpu_id].cpuc_dtrace_flags |=
2976 3029 CPU_DTRACE_KPRIV;
2977 3030 return (0);
2978 3031 }
2979 3032
2980 3033 ASSERT(mstate->dtms_present & DTRACE_MSTATE_ARGS);
2981 3034 if (ndx >= sizeof (mstate->dtms_arg) /
2982 3035 sizeof (mstate->dtms_arg[0])) {
2983 3036 int aframes = mstate->dtms_probe->dtpr_aframes + 2;
2984 3037 dtrace_provider_t *pv;
2985 3038 uint64_t val;
2986 3039
2987 3040 pv = mstate->dtms_probe->dtpr_provider;
2988 3041 if (pv->dtpv_pops.dtps_getargval != NULL)
2989 3042 val = pv->dtpv_pops.dtps_getargval(pv->dtpv_arg,
2990 3043 mstate->dtms_probe->dtpr_id,
2991 3044 mstate->dtms_probe->dtpr_arg, ndx, aframes);
2992 3045 else
2993 3046 val = dtrace_getarg(ndx, aframes);
2994 3047
2995 3048 /*
2996 3049 * This is regrettably required to keep the compiler
2997 3050 * from tail-optimizing the call to dtrace_getarg().
2998 3051 * The condition always evaluates to true, but the
2999 3052 * compiler has no way of figuring that out a priori.
3000 3053 * (None of this would be necessary if the compiler
3001 3054 * could be relied upon to _always_ tail-optimize
3002 3055 * the call to dtrace_getarg() -- but it can't.)
3003 3056 */
3004 3057 if (mstate->dtms_probe != NULL)
3005 3058 return (val);
3006 3059
3007 3060 ASSERT(0);
3008 3061 }
3009 3062
3010 3063 return (mstate->dtms_arg[ndx]);
3011 3064
3012 3065 case DIF_VAR_UREGS: {
3013 3066 klwp_t *lwp;
3014 3067
3015 3068 if (!dtrace_priv_proc(state, mstate))
3016 3069 return (0);
3017 3070
3018 3071 if ((lwp = curthread->t_lwp) == NULL) {
3019 3072 DTRACE_CPUFLAG_SET(CPU_DTRACE_BADADDR);
3020 3073 cpu_core[CPU->cpu_id].cpuc_dtrace_illval = NULL;
3021 3074 return (0);
3022 3075 }
3023 3076
3024 3077 return (dtrace_getreg(lwp->lwp_regs, ndx));
3025 3078 }
3026 3079
3027 3080 case DIF_VAR_VMREGS: {
3028 3081 uint64_t rval;
3029 3082
3030 3083 if (!dtrace_priv_kernel(state))
3031 3084 return (0);
3032 3085
3033 3086 DTRACE_CPUFLAG_SET(CPU_DTRACE_NOFAULT);
3034 3087
3035 3088 rval = dtrace_getvmreg(ndx,
3036 3089 &cpu_core[CPU->cpu_id].cpuc_dtrace_flags);
3037 3090
3038 3091 DTRACE_CPUFLAG_CLEAR(CPU_DTRACE_NOFAULT);
3039 3092
3040 3093 return (rval);
3041 3094 }
3042 3095
3043 3096 case DIF_VAR_CURTHREAD:
3044 3097 if (!dtrace_priv_proc(state, mstate))
3045 3098 return (0);
3046 3099 return ((uint64_t)(uintptr_t)curthread);
3047 3100
3048 3101 case DIF_VAR_TIMESTAMP:
3049 3102 if (!(mstate->dtms_present & DTRACE_MSTATE_TIMESTAMP)) {
3050 3103 mstate->dtms_timestamp = dtrace_gethrtime();
3051 3104 mstate->dtms_present |= DTRACE_MSTATE_TIMESTAMP;
3052 3105 }
3053 3106 return (mstate->dtms_timestamp);
3054 3107
3055 3108 case DIF_VAR_VTIMESTAMP:
3056 3109 ASSERT(dtrace_vtime_references != 0);
3057 3110 return (curthread->t_dtrace_vtime);
3058 3111
3059 3112 case DIF_VAR_WALLTIMESTAMP:
3060 3113 if (!(mstate->dtms_present & DTRACE_MSTATE_WALLTIMESTAMP)) {
3061 3114 mstate->dtms_walltimestamp = dtrace_gethrestime();
3062 3115 mstate->dtms_present |= DTRACE_MSTATE_WALLTIMESTAMP;
3063 3116 }
3064 3117 return (mstate->dtms_walltimestamp);
3065 3118
3066 3119 case DIF_VAR_IPL:
3067 3120 if (!dtrace_priv_kernel(state))
3068 3121 return (0);
3069 3122 if (!(mstate->dtms_present & DTRACE_MSTATE_IPL)) {
3070 3123 mstate->dtms_ipl = dtrace_getipl();
3071 3124 mstate->dtms_present |= DTRACE_MSTATE_IPL;
3072 3125 }
3073 3126 return (mstate->dtms_ipl);
3074 3127
3075 3128 case DIF_VAR_EPID:
3076 3129 ASSERT(mstate->dtms_present & DTRACE_MSTATE_EPID);
3077 3130 return (mstate->dtms_epid);
3078 3131
3079 3132 case DIF_VAR_ID:
3080 3133 ASSERT(mstate->dtms_present & DTRACE_MSTATE_PROBE);
3081 3134 return (mstate->dtms_probe->dtpr_id);
3082 3135
3083 3136 case DIF_VAR_STACKDEPTH:
3084 3137 if (!dtrace_priv_kernel(state))
3085 3138 return (0);
3086 3139 if (!(mstate->dtms_present & DTRACE_MSTATE_STACKDEPTH)) {
3087 3140 int aframes = mstate->dtms_probe->dtpr_aframes + 2;
3088 3141
3089 3142 mstate->dtms_stackdepth = dtrace_getstackdepth(aframes);
3090 3143 mstate->dtms_present |= DTRACE_MSTATE_STACKDEPTH;
3091 3144 }
3092 3145 return (mstate->dtms_stackdepth);
3093 3146
3094 3147 case DIF_VAR_USTACKDEPTH:
3095 3148 if (!dtrace_priv_proc(state, mstate))
3096 3149 return (0);
3097 3150 if (!(mstate->dtms_present & DTRACE_MSTATE_USTACKDEPTH)) {
3098 3151 /*
3099 3152 * See comment in DIF_VAR_PID.
3100 3153 */
3101 3154 if (DTRACE_ANCHORED(mstate->dtms_probe) &&
3102 3155 CPU_ON_INTR(CPU)) {
3103 3156 mstate->dtms_ustackdepth = 0;
3104 3157 } else {
3105 3158 DTRACE_CPUFLAG_SET(CPU_DTRACE_NOFAULT);
3106 3159 mstate->dtms_ustackdepth =
3107 3160 dtrace_getustackdepth();
3108 3161 DTRACE_CPUFLAG_CLEAR(CPU_DTRACE_NOFAULT);
3109 3162 }
3110 3163 mstate->dtms_present |= DTRACE_MSTATE_USTACKDEPTH;
3111 3164 }
3112 3165 return (mstate->dtms_ustackdepth);
3113 3166
3114 3167 case DIF_VAR_CALLER:
3115 3168 if (!dtrace_priv_kernel(state))
3116 3169 return (0);
3117 3170 if (!(mstate->dtms_present & DTRACE_MSTATE_CALLER)) {
3118 3171 int aframes = mstate->dtms_probe->dtpr_aframes + 2;
3119 3172
3120 3173 if (!DTRACE_ANCHORED(mstate->dtms_probe)) {
3121 3174 /*
3122 3175 * If this is an unanchored probe, we are
3123 3176 * required to go through the slow path:
3124 3177 * dtrace_caller() only guarantees correct
3125 3178 * results for anchored probes.
3126 3179 */
3127 3180 pc_t caller[2];
3128 3181
3129 3182 dtrace_getpcstack(caller, 2, aframes,
3130 3183 (uint32_t *)(uintptr_t)mstate->dtms_arg[0]);
3131 3184 mstate->dtms_caller = caller[1];
3132 3185 } else if ((mstate->dtms_caller =
3133 3186 dtrace_caller(aframes)) == -1) {
3134 3187 /*
3135 3188 * We have failed to do this the quick way;
3136 3189 * we must resort to the slower approach of
3137 3190 * calling dtrace_getpcstack().
3138 3191 */
3139 3192 pc_t caller;
3140 3193
3141 3194 dtrace_getpcstack(&caller, 1, aframes, NULL);
3142 3195 mstate->dtms_caller = caller;
3143 3196 }
3144 3197
3145 3198 mstate->dtms_present |= DTRACE_MSTATE_CALLER;
3146 3199 }
3147 3200 return (mstate->dtms_caller);
3148 3201
3149 3202 case DIF_VAR_UCALLER:
3150 3203 if (!dtrace_priv_proc(state, mstate))
3151 3204 return (0);
3152 3205
3153 3206 if (!(mstate->dtms_present & DTRACE_MSTATE_UCALLER)) {
3154 3207 uint64_t ustack[3];
3155 3208
3156 3209 /*
3157 3210 * dtrace_getupcstack() fills in the first uint64_t
3158 3211 * with the current PID. The second uint64_t will
3159 3212 * be the program counter at user-level. The third
3160 3213 * uint64_t will contain the caller, which is what
3161 3214 * we're after.
3162 3215 */
3163 3216 ustack[2] = NULL;
3164 3217 DTRACE_CPUFLAG_SET(CPU_DTRACE_NOFAULT);
3165 3218 dtrace_getupcstack(ustack, 3);
3166 3219 DTRACE_CPUFLAG_CLEAR(CPU_DTRACE_NOFAULT);
3167 3220 mstate->dtms_ucaller = ustack[2];
3168 3221 mstate->dtms_present |= DTRACE_MSTATE_UCALLER;
3169 3222 }
3170 3223
3171 3224 return (mstate->dtms_ucaller);
3172 3225
3173 3226 case DIF_VAR_PROBEPROV:
3174 3227 ASSERT(mstate->dtms_present & DTRACE_MSTATE_PROBE);
3175 3228 return (dtrace_dif_varstr(
3176 3229 (uintptr_t)mstate->dtms_probe->dtpr_provider->dtpv_name,
3177 3230 state, mstate));
3178 3231
3179 3232 case DIF_VAR_PROBEMOD:
3180 3233 ASSERT(mstate->dtms_present & DTRACE_MSTATE_PROBE);
3181 3234 return (dtrace_dif_varstr(
3182 3235 (uintptr_t)mstate->dtms_probe->dtpr_mod,
3183 3236 state, mstate));
3184 3237
3185 3238 case DIF_VAR_PROBEFUNC:
3186 3239 ASSERT(mstate->dtms_present & DTRACE_MSTATE_PROBE);
3187 3240 return (dtrace_dif_varstr(
3188 3241 (uintptr_t)mstate->dtms_probe->dtpr_func,
3189 3242 state, mstate));
3190 3243
3191 3244 case DIF_VAR_PROBENAME:
3192 3245 ASSERT(mstate->dtms_present & DTRACE_MSTATE_PROBE);
3193 3246 return (dtrace_dif_varstr(
3194 3247 (uintptr_t)mstate->dtms_probe->dtpr_name,
3195 3248 state, mstate));
3196 3249
3197 3250 case DIF_VAR_PID:
3198 3251 if (!dtrace_priv_proc(state, mstate))
3199 3252 return (0);
3200 3253
3201 3254 /*
3202 3255 * Note that we are assuming that an unanchored probe is
3203 3256 * always due to a high-level interrupt. (And we're assuming
3204 3257 * that there is only a single high level interrupt.)
3205 3258 */
3206 3259 if (DTRACE_ANCHORED(mstate->dtms_probe) && CPU_ON_INTR(CPU))
3207 3260 return (pid0.pid_id);
3208 3261
3209 3262 /*
3210 3263 * It is always safe to dereference one's own t_procp pointer:
3211 3264 * it always points to a valid, allocated proc structure.
3212 3265 * Further, it is always safe to dereference the p_pidp member
3213 3266 * of one's own proc structure. (These are truisms becuase
3214 3267 * threads and processes don't clean up their own state --
3215 3268 * they leave that task to whomever reaps them.)
3216 3269 */
3217 3270 return ((uint64_t)curthread->t_procp->p_pidp->pid_id);
3218 3271
3219 3272 case DIF_VAR_PPID:
3220 3273 if (!dtrace_priv_proc(state, mstate))
3221 3274 return (0);
3222 3275
3223 3276 /*
3224 3277 * See comment in DIF_VAR_PID.
3225 3278 */
3226 3279 if (DTRACE_ANCHORED(mstate->dtms_probe) && CPU_ON_INTR(CPU))
3227 3280 return (pid0.pid_id);
3228 3281
3229 3282 /*
3230 3283 * It is always safe to dereference one's own t_procp pointer:
3231 3284 * it always points to a valid, allocated proc structure.
3232 3285 * (This is true because threads don't clean up their own
3233 3286 * state -- they leave that task to whomever reaps them.)
3234 3287 */
3235 3288 return ((uint64_t)curthread->t_procp->p_ppid);
3236 3289
3237 3290 case DIF_VAR_TID:
3238 3291 /*
3239 3292 * See comment in DIF_VAR_PID.
3240 3293 */
3241 3294 if (DTRACE_ANCHORED(mstate->dtms_probe) && CPU_ON_INTR(CPU))
3242 3295 return (0);
3243 3296
3244 3297 return ((uint64_t)curthread->t_tid);
3245 3298
3246 3299 case DIF_VAR_EXECNAME:
3247 3300 if (!dtrace_priv_proc(state, mstate))
3248 3301 return (0);
3249 3302
3250 3303 /*
3251 3304 * See comment in DIF_VAR_PID.
3252 3305 */
3253 3306 if (DTRACE_ANCHORED(mstate->dtms_probe) && CPU_ON_INTR(CPU))
3254 3307 return ((uint64_t)(uintptr_t)p0.p_user.u_comm);
3255 3308
3256 3309 /*
3257 3310 * It is always safe to dereference one's own t_procp pointer:
3258 3311 * it always points to a valid, allocated proc structure.
3259 3312 * (This is true because threads don't clean up their own
3260 3313 * state -- they leave that task to whomever reaps them.)
3261 3314 */
3262 3315 return (dtrace_dif_varstr(
3263 3316 (uintptr_t)curthread->t_procp->p_user.u_comm,
3264 3317 state, mstate));
3265 3318
3266 3319 case DIF_VAR_ZONENAME:
3267 3320 if (!dtrace_priv_proc(state, mstate))
3268 3321 return (0);
3269 3322
3270 3323 /*
3271 3324 * See comment in DIF_VAR_PID.
3272 3325 */
3273 3326 if (DTRACE_ANCHORED(mstate->dtms_probe) && CPU_ON_INTR(CPU))
3274 3327 return ((uint64_t)(uintptr_t)p0.p_zone->zone_name);
3275 3328
3276 3329 /*
3277 3330 * It is always safe to dereference one's own t_procp pointer:
3278 3331 * it always points to a valid, allocated proc structure.
3279 3332 * (This is true because threads don't clean up their own
3280 3333 * state -- they leave that task to whomever reaps them.)
3281 3334 */
3282 3335 return (dtrace_dif_varstr(
3283 3336 (uintptr_t)curthread->t_procp->p_zone->zone_name,
3284 3337 state, mstate));
3285 3338
3286 3339 case DIF_VAR_UID:
3287 3340 if (!dtrace_priv_proc(state, mstate))
3288 3341 return (0);
3289 3342
3290 3343 /*
3291 3344 * See comment in DIF_VAR_PID.
3292 3345 */
3293 3346 if (DTRACE_ANCHORED(mstate->dtms_probe) && CPU_ON_INTR(CPU))
3294 3347 return ((uint64_t)p0.p_cred->cr_uid);
3295 3348
3296 3349 /*
3297 3350 * It is always safe to dereference one's own t_procp pointer:
3298 3351 * it always points to a valid, allocated proc structure.
3299 3352 * (This is true because threads don't clean up their own
3300 3353 * state -- they leave that task to whomever reaps them.)
3301 3354 *
3302 3355 * Additionally, it is safe to dereference one's own process
3303 3356 * credential, since this is never NULL after process birth.
3304 3357 */
3305 3358 return ((uint64_t)curthread->t_procp->p_cred->cr_uid);
3306 3359
3307 3360 case DIF_VAR_GID:
3308 3361 if (!dtrace_priv_proc(state, mstate))
3309 3362 return (0);
3310 3363
3311 3364 /*
3312 3365 * See comment in DIF_VAR_PID.
3313 3366 */
3314 3367 if (DTRACE_ANCHORED(mstate->dtms_probe) && CPU_ON_INTR(CPU))
3315 3368 return ((uint64_t)p0.p_cred->cr_gid);
3316 3369
3317 3370 /*
3318 3371 * It is always safe to dereference one's own t_procp pointer:
3319 3372 * it always points to a valid, allocated proc structure.
3320 3373 * (This is true because threads don't clean up their own
3321 3374 * state -- they leave that task to whomever reaps them.)
3322 3375 *
3323 3376 * Additionally, it is safe to dereference one's own process
3324 3377 * credential, since this is never NULL after process birth.
3325 3378 */
3326 3379 return ((uint64_t)curthread->t_procp->p_cred->cr_gid);
3327 3380
3328 3381 case DIF_VAR_ERRNO: {
3329 3382 klwp_t *lwp;
3330 3383 if (!dtrace_priv_proc(state, mstate))
3331 3384 return (0);
3332 3385
3333 3386 /*
3334 3387 * See comment in DIF_VAR_PID.
3335 3388 */
3336 3389 if (DTRACE_ANCHORED(mstate->dtms_probe) && CPU_ON_INTR(CPU))
3337 3390 return (0);
3338 3391
3339 3392 /*
3340 3393 * It is always safe to dereference one's own t_lwp pointer in
3341 3394 * the event that this pointer is non-NULL. (This is true
3342 3395 * because threads and lwps don't clean up their own state --
3343 3396 * they leave that task to whomever reaps them.)
3344 3397 */
3345 3398 if ((lwp = curthread->t_lwp) == NULL)
|
↓ open down ↓ |
2456 lines elided |
↑ open up ↑ |
3346 3399 return (0);
3347 3400
3348 3401 return ((uint64_t)lwp->lwp_errno);
3349 3402 }
3350 3403 default:
3351 3404 DTRACE_CPUFLAG_SET(CPU_DTRACE_ILLOP);
3352 3405 return (0);
3353 3406 }
3354 3407 }
3355 3408
3409 +
3410 +typedef enum dtrace_json_state {
3411 + DTRACE_JSON_REST = 1,
3412 + DTRACE_JSON_OBJECT,
3413 + DTRACE_JSON_STRING,
3414 + DTRACE_JSON_STRING_ESCAPE,
3415 + DTRACE_JSON_STRING_ESCAPE_UNICODE,
3416 + DTRACE_JSON_COLON,
3417 + DTRACE_JSON_COMMA,
3418 + DTRACE_JSON_VALUE,
3419 + DTRACE_JSON_IDENTIFIER,
3420 + DTRACE_JSON_NUMBER,
3421 + DTRACE_JSON_NUMBER_FRAC,
3422 + DTRACE_JSON_NUMBER_EXP,
3423 + DTRACE_JSON_COLLECT_OBJECT
3424 +} dtrace_json_state_t;
3425 +
3356 3426 /*
3427 + * This function possesses just enough knowledge about JSON to extract a single
3428 + * value from a JSON string and store it in the scratch buffer. It is able
3429 + * to extract nested object values, and members of arrays by index.
3430 + *
3431 + * elemlist is a list of JSON keys, stored as packed NUL-terminated strings, to
3432 + * be looked up as we descend into the object tree. e.g.
3433 + *
3434 + * foo[0].bar.baz[32] --> "foo" NUL "0" NUL "bar" NUL "baz" NUL "32" NUL
3435 + * with nelems = 5.
3436 + *
3437 + * The run time of this function must be bounded above by strsize to limit the
3438 + * amount of work done in probe context. As such, it is implemented as a
3439 + * simple state machine, reading one character at a time using safe loads
3440 + * until we find the requested element, hit a parsing error or run off the
3441 + * end of the object or string.
3442 + *
3443 + * As there is no way for a subroutine to return an error without interrupting
3444 + * clause execution, we simply return NULL in the event of a missing key or any
3445 + * other error condition. Each NULL return in this function is commented with
3446 + * the error condition it represents -- parsing or otherwise.
3447 + *
3448 + * The set of states for the state machine closely matches the JSON
3449 + * specification (http://json.org/). Briefly:
3450 + *
3451 + * DTRACE_JSON_REST:
3452 + * Skip whitespace until we find either a top-level Object, moving
3453 + * to DTRACE_JSON_OBJECT; or an Array, moving to DTRACE_JSON_VALUE.
3454 + *
3455 + * DTRACE_JSON_OBJECT:
3456 + * Locate the next key String in an Object. Sets a flag to denote
3457 + * the next String as a key string and moves to DTRACE_JSON_STRING.
3458 + *
3459 + * DTRACE_JSON_COLON:
3460 + * Skip whitespace until we find the colon that separates key Strings
3461 + * from their values. Once found, move to DTRACE_JSON_VALUE.
3462 + *
3463 + * DTRACE_JSON_VALUE:
3464 + * Detects the type of the next value (String, Number, Identifier, Object
3465 + * or Array) and routes to the states that process that type. Here we also
3466 + * deal with the element selector list if we are requested to traverse down
3467 + * into the object tree.
3468 + *
3469 + * DTRACE_JSON_COMMA:
3470 + * Skip whitespace until we find the comma that separates key-value pairs
3471 + * in Objects (returning to DTRACE_JSON_OBJECT) or values in Arrays
3472 + * (similarly DTRACE_JSON_VALUE). All following literal value processing
3473 + * states return to this state at the end of their value, unless otherwise
3474 + * noted.
3475 + *
3476 + * DTRACE_JSON_NUMBER, DTRACE_JSON_NUMBER_FRAC, DTRACE_JSON_NUMBER_EXP:
3477 + * Processes a Number literal from the JSON, including any exponent
3478 + * component that may be present. Numbers are returned as strings, which
3479 + * may be passed to strtoll() if an integer is required.
3480 + *
3481 + * DTRACE_JSON_IDENTIFIER:
3482 + * Processes a "true", "false" or "null" literal in the JSON.
3483 + *
3484 + * DTRACE_JSON_STRING, DTRACE_JSON_STRING_ESCAPE,
3485 + * DTRACE_JSON_STRING_ESCAPE_UNICODE:
3486 + * Processes a String literal from the JSON, whether the String denotes
3487 + * a key, a value or part of a larger Object. Handles all escape sequences
3488 + * present in the specification, including four-digit unicode characters,
3489 + * but merely includes the escape sequence without converting it to the
3490 + * actual escaped character. If the String is flagged as a key, we
3491 + * move to DTRACE_JSON_COLON rather than DTRACE_JSON_COMMA.
3492 + *
3493 + * DTRACE_JSON_COLLECT_OBJECT:
3494 + * This state collects an entire Object (or Array), correctly handling
3495 + * embedded strings. If the full element selector list matches this nested
3496 + * object, we return the Object in full as a string. If not, we use this
3497 + * state to skip to the next value at this level and continue processing.
3498 + *
3499 + * NOTE: This function uses various macros from strtolctype.h to manipulate
3500 + * digit values, etc -- these have all been checked to ensure they make
3501 + * no additional function calls.
3502 + */
3503 +static char *
3504 +dtrace_json(uint64_t size, uintptr_t json, char *elemlist, int nelems,
3505 + char *dest)
3506 +{
3507 + dtrace_json_state_t state = DTRACE_JSON_REST;
3508 + int64_t array_elem = INT64_MIN;
3509 + int64_t array_pos = 0;
3510 + uint8_t escape_unicount = 0;
3511 + boolean_t string_is_key = B_FALSE;
3512 + boolean_t collect_object = B_FALSE;
3513 + boolean_t found_key = B_FALSE;
3514 + boolean_t in_array = B_FALSE;
3515 + uint32_t braces = 0, brackets = 0;
3516 + char *elem = elemlist;
3517 + char *dd = dest;
3518 + uintptr_t cur;
3519 +
3520 + for (cur = json; cur < json + size; cur++) {
3521 + char cc = dtrace_load8(cur);
3522 + if (cc == '\0')
3523 + return (NULL);
3524 +
3525 + switch (state) {
3526 + case DTRACE_JSON_REST:
3527 + if (isspace(cc))
3528 + break;
3529 +
3530 + if (cc == '{') {
3531 + state = DTRACE_JSON_OBJECT;
3532 + break;
3533 + }
3534 +
3535 + if (cc == '[') {
3536 + in_array = B_TRUE;
3537 + array_pos = 0;
3538 + array_elem = dtrace_strtoll(elem, 10, size);
3539 + found_key = array_elem == 0 ? B_TRUE : B_FALSE;
3540 + state = DTRACE_JSON_VALUE;
3541 + break;
3542 + }
3543 +
3544 + /*
3545 + * ERROR: expected to find a top-level object or array.
3546 + */
3547 + return (NULL);
3548 + case DTRACE_JSON_OBJECT:
3549 + if (isspace(cc))
3550 + break;
3551 +
3552 + if (cc == '"') {
3553 + state = DTRACE_JSON_STRING;
3554 + string_is_key = B_TRUE;
3555 + break;
3556 + }
3557 +
3558 + /*
3559 + * ERROR: either the object did not start with a key
3560 + * string, or we've run off the end of the object
3561 + * without finding the requested key.
3562 + */
3563 + return (NULL);
3564 + case DTRACE_JSON_STRING:
3565 + if (cc == '\\') {
3566 + *dd++ = '\\';
3567 + state = DTRACE_JSON_STRING_ESCAPE;
3568 + break;
3569 + }
3570 +
3571 + if (cc == '"') {
3572 + if (collect_object) {
3573 + /*
3574 + * We don't reset the dest here, as
3575 + * the string is part of a larger
3576 + * object being collected.
3577 + */
3578 + *dd++ = cc;
3579 + collect_object = B_FALSE;
3580 + state = DTRACE_JSON_COLLECT_OBJECT;
3581 + break;
3582 + }
3583 + *dd = '\0';
3584 + dd = dest; /* reset string buffer */
3585 + if (string_is_key) {
3586 + if (dtrace_strncmp(dest, elem,
3587 + size) == 0)
3588 + found_key = B_TRUE;
3589 + } else if (found_key) {
3590 + if (nelems > 1) {
3591 + /*
3592 + * We expected an object, not
3593 + * this string.
3594 + */
3595 + return (NULL);
3596 + }
3597 + return (dest);
3598 + }
3599 + state = string_is_key ? DTRACE_JSON_COLON :
3600 + DTRACE_JSON_COMMA;
3601 + string_is_key = B_FALSE;
3602 + break;
3603 + }
3604 +
3605 + *dd++ = cc;
3606 + break;
3607 + case DTRACE_JSON_STRING_ESCAPE:
3608 + *dd++ = cc;
3609 + if (cc == 'u') {
3610 + escape_unicount = 0;
3611 + state = DTRACE_JSON_STRING_ESCAPE_UNICODE;
3612 + } else {
3613 + state = DTRACE_JSON_STRING;
3614 + }
3615 + break;
3616 + case DTRACE_JSON_STRING_ESCAPE_UNICODE:
3617 + if (!isxdigit(cc)) {
3618 + /*
3619 + * ERROR: invalid unicode escape, expected
3620 + * four valid hexidecimal digits.
3621 + */
3622 + return (NULL);
3623 + }
3624 +
3625 + *dd++ = cc;
3626 + if (++escape_unicount == 4)
3627 + state = DTRACE_JSON_STRING;
3628 + break;
3629 + case DTRACE_JSON_COLON:
3630 + if (isspace(cc))
3631 + break;
3632 +
3633 + if (cc == ':') {
3634 + state = DTRACE_JSON_VALUE;
3635 + break;
3636 + }
3637 +
3638 + /*
3639 + * ERROR: expected a colon.
3640 + */
3641 + return (NULL);
3642 + case DTRACE_JSON_COMMA:
3643 + if (isspace(cc))
3644 + break;
3645 +
3646 + if (cc == ',') {
3647 + if (in_array) {
3648 + state = DTRACE_JSON_VALUE;
3649 + if (++array_pos == array_elem)
3650 + found_key = B_TRUE;
3651 + } else {
3652 + state = DTRACE_JSON_OBJECT;
3653 + }
3654 + break;
3655 + }
3656 +
3657 + /*
3658 + * ERROR: either we hit an unexpected character, or
3659 + * we reached the end of the object or array without
3660 + * finding the requested key.
3661 + */
3662 + return (NULL);
3663 + case DTRACE_JSON_IDENTIFIER:
3664 + if (islower(cc)) {
3665 + *dd++ = cc;
3666 + break;
3667 + }
3668 +
3669 + *dd = '\0';
3670 + dd = dest; /* reset string buffer */
3671 +
3672 + if (dtrace_strncmp(dest, "true", 5) == 0 ||
3673 + dtrace_strncmp(dest, "false", 6) == 0 ||
3674 + dtrace_strncmp(dest, "null", 5) == 0) {
3675 + if (found_key) {
3676 + if (nelems > 1) {
3677 + /*
3678 + * ERROR: We expected an object,
3679 + * not this identifier.
3680 + */
3681 + return (NULL);
3682 + }
3683 + return (dest);
3684 + } else {
3685 + cur--;
3686 + state = DTRACE_JSON_COMMA;
3687 + break;
3688 + }
3689 + }
3690 +
3691 + /*
3692 + * ERROR: we did not recognise the identifier as one
3693 + * of those in the JSON specification.
3694 + */
3695 + return (NULL);
3696 + case DTRACE_JSON_NUMBER:
3697 + if (cc == '.') {
3698 + *dd++ = cc;
3699 + state = DTRACE_JSON_NUMBER_FRAC;
3700 + break;
3701 + }
3702 +
3703 + if (cc == 'x' || cc == 'X') {
3704 + /*
3705 + * ERROR: specification explicitly excludes
3706 + * hexidecimal or octal numbers.
3707 + */
3708 + return (NULL);
3709 + }
3710 +
3711 + /* FALLTHRU */
3712 + case DTRACE_JSON_NUMBER_FRAC:
3713 + if (cc == 'e' || cc == 'E') {
3714 + *dd++ = cc;
3715 + state = DTRACE_JSON_NUMBER_EXP;
3716 + break;
3717 + }
3718 +
3719 + if (cc == '+' || cc == '-') {
3720 + /*
3721 + * ERROR: expect sign as part of exponent only.
3722 + */
3723 + return (NULL);
3724 + }
3725 + /* FALLTHRU */
3726 + case DTRACE_JSON_NUMBER_EXP:
3727 + if (isdigit(cc) || cc == '+' || cc == '-') {
3728 + *dd++ = cc;
3729 + break;
3730 + }
3731 +
3732 + *dd = '\0';
3733 + dd = dest; /* reset string buffer */
3734 + if (found_key) {
3735 + if (nelems > 1) {
3736 + /*
3737 + * ERROR: We expected an object, not
3738 + * this number.
3739 + */
3740 + return (NULL);
3741 + }
3742 + return (dest);
3743 + }
3744 +
3745 + cur--;
3746 + state = DTRACE_JSON_COMMA;
3747 + break;
3748 + case DTRACE_JSON_VALUE:
3749 + if (isspace(cc))
3750 + break;
3751 +
3752 + if (cc == '{' || cc == '[') {
3753 + if (nelems > 1 && found_key) {
3754 + in_array = cc == '[' ? B_TRUE : B_FALSE;
3755 + /*
3756 + * If our element selector directs us
3757 + * to descend into this nested object,
3758 + * then move to the next selector
3759 + * element in the list and restart the
3760 + * state machine.
3761 + */
3762 + while (*elem != '\0')
3763 + elem++;
3764 + elem++; /* skip the inter-element NUL */
3765 + nelems--;
3766 + dd = dest;
3767 + if (in_array) {
3768 + state = DTRACE_JSON_VALUE;
3769 + array_pos = 0;
3770 + array_elem = dtrace_strtoll(
3771 + elem, 10, size);
3772 + found_key = array_elem == 0 ?
3773 + B_TRUE : B_FALSE;
3774 + } else {
3775 + found_key = B_FALSE;
3776 + state = DTRACE_JSON_OBJECT;
3777 + }
3778 + break;
3779 + }
3780 +
3781 + /*
3782 + * Otherwise, we wish to either skip this
3783 + * nested object or return it in full.
3784 + */
3785 + if (cc == '[')
3786 + brackets = 1;
3787 + else
3788 + braces = 1;
3789 + *dd++ = cc;
3790 + state = DTRACE_JSON_COLLECT_OBJECT;
3791 + break;
3792 + }
3793 +
3794 + if (cc == '"') {
3795 + state = DTRACE_JSON_STRING;
3796 + break;
3797 + }
3798 +
3799 + if (islower(cc)) {
3800 + /*
3801 + * Here we deal with true, false and null.
3802 + */
3803 + *dd++ = cc;
3804 + state = DTRACE_JSON_IDENTIFIER;
3805 + break;
3806 + }
3807 +
3808 + if (cc == '-' || isdigit(cc)) {
3809 + *dd++ = cc;
3810 + state = DTRACE_JSON_NUMBER;
3811 + break;
3812 + }
3813 +
3814 + /*
3815 + * ERROR: unexpected character at start of value.
3816 + */
3817 + return (NULL);
3818 + case DTRACE_JSON_COLLECT_OBJECT:
3819 + if (cc == '\0')
3820 + /*
3821 + * ERROR: unexpected end of input.
3822 + */
3823 + return (NULL);
3824 +
3825 + *dd++ = cc;
3826 + if (cc == '"') {
3827 + collect_object = B_TRUE;
3828 + state = DTRACE_JSON_STRING;
3829 + break;
3830 + }
3831 +
3832 + if (cc == ']') {
3833 + if (brackets-- == 0) {
3834 + /*
3835 + * ERROR: unbalanced brackets.
3836 + */
3837 + return (NULL);
3838 + }
3839 + } else if (cc == '}') {
3840 + if (braces-- == 0) {
3841 + /*
3842 + * ERROR: unbalanced braces.
3843 + */
3844 + return (NULL);
3845 + }
3846 + } else if (cc == '{') {
3847 + braces++;
3848 + } else if (cc == '[') {
3849 + brackets++;
3850 + }
3851 +
3852 + if (brackets == 0 && braces == 0) {
3853 + if (found_key) {
3854 + *dd = '\0';
3855 + return (dest);
3856 + }
3857 + dd = dest; /* reset string buffer */
3858 + state = DTRACE_JSON_COMMA;
3859 + }
3860 + break;
3861 + }
3862 + }
3863 + return (NULL);
3864 +}
3865 +
3866 +/*
3357 3867 * Emulate the execution of DTrace ID subroutines invoked by the call opcode.
3358 3868 * Notice that we don't bother validating the proper number of arguments or
3359 3869 * their types in the tuple stack. This isn't needed because all argument
3360 3870 * interpretation is safe because of our load safety -- the worst that can
3361 3871 * happen is that a bogus program can obtain bogus results.
3362 3872 */
3363 3873 static void
3364 3874 dtrace_dif_subr(uint_t subr, uint_t rd, uint64_t *regs,
3365 3875 dtrace_key_t *tupregs, int nargs,
3366 3876 dtrace_mstate_t *mstate, dtrace_state_t *state)
3367 3877 {
3368 3878 volatile uint16_t *flags = &cpu_core[CPU->cpu_id].cpuc_dtrace_flags;
3369 3879 volatile uintptr_t *illval = &cpu_core[CPU->cpu_id].cpuc_dtrace_illval;
3370 3880 dtrace_vstate_t *vstate = &state->dts_vstate;
3371 3881
3372 3882 union {
3373 3883 mutex_impl_t mi;
3374 3884 uint64_t mx;
3375 3885 } m;
3376 3886
3377 3887 union {
3378 3888 krwlock_t ri;
3379 3889 uintptr_t rw;
3380 3890 } r;
3381 3891
3382 3892 switch (subr) {
3383 3893 case DIF_SUBR_RAND:
3384 3894 regs[rd] = (dtrace_gethrtime() * 2416 + 374441) % 1771875;
3385 3895 break;
3386 3896
3387 3897 case DIF_SUBR_MUTEX_OWNED:
3388 3898 if (!dtrace_canload(tupregs[0].dttk_value, sizeof (kmutex_t),
3389 3899 mstate, vstate)) {
3390 3900 regs[rd] = NULL;
3391 3901 break;
3392 3902 }
3393 3903
3394 3904 m.mx = dtrace_load64(tupregs[0].dttk_value);
3395 3905 if (MUTEX_TYPE_ADAPTIVE(&m.mi))
3396 3906 regs[rd] = MUTEX_OWNER(&m.mi) != MUTEX_NO_OWNER;
3397 3907 else
3398 3908 regs[rd] = LOCK_HELD(&m.mi.m_spin.m_spinlock);
3399 3909 break;
3400 3910
3401 3911 case DIF_SUBR_MUTEX_OWNER:
3402 3912 if (!dtrace_canload(tupregs[0].dttk_value, sizeof (kmutex_t),
3403 3913 mstate, vstate)) {
3404 3914 regs[rd] = NULL;
3405 3915 break;
3406 3916 }
3407 3917
3408 3918 m.mx = dtrace_load64(tupregs[0].dttk_value);
3409 3919 if (MUTEX_TYPE_ADAPTIVE(&m.mi) &&
3410 3920 MUTEX_OWNER(&m.mi) != MUTEX_NO_OWNER)
3411 3921 regs[rd] = (uintptr_t)MUTEX_OWNER(&m.mi);
3412 3922 else
3413 3923 regs[rd] = 0;
3414 3924 break;
3415 3925
3416 3926 case DIF_SUBR_MUTEX_TYPE_ADAPTIVE:
3417 3927 if (!dtrace_canload(tupregs[0].dttk_value, sizeof (kmutex_t),
3418 3928 mstate, vstate)) {
3419 3929 regs[rd] = NULL;
3420 3930 break;
3421 3931 }
3422 3932
3423 3933 m.mx = dtrace_load64(tupregs[0].dttk_value);
3424 3934 regs[rd] = MUTEX_TYPE_ADAPTIVE(&m.mi);
3425 3935 break;
3426 3936
3427 3937 case DIF_SUBR_MUTEX_TYPE_SPIN:
3428 3938 if (!dtrace_canload(tupregs[0].dttk_value, sizeof (kmutex_t),
3429 3939 mstate, vstate)) {
3430 3940 regs[rd] = NULL;
3431 3941 break;
3432 3942 }
3433 3943
3434 3944 m.mx = dtrace_load64(tupregs[0].dttk_value);
3435 3945 regs[rd] = MUTEX_TYPE_SPIN(&m.mi);
3436 3946 break;
3437 3947
3438 3948 case DIF_SUBR_RW_READ_HELD: {
3439 3949 uintptr_t tmp;
3440 3950
3441 3951 if (!dtrace_canload(tupregs[0].dttk_value, sizeof (uintptr_t),
3442 3952 mstate, vstate)) {
3443 3953 regs[rd] = NULL;
3444 3954 break;
3445 3955 }
3446 3956
3447 3957 r.rw = dtrace_loadptr(tupregs[0].dttk_value);
3448 3958 regs[rd] = _RW_READ_HELD(&r.ri, tmp);
3449 3959 break;
3450 3960 }
3451 3961
3452 3962 case DIF_SUBR_RW_WRITE_HELD:
3453 3963 if (!dtrace_canload(tupregs[0].dttk_value, sizeof (krwlock_t),
3454 3964 mstate, vstate)) {
3455 3965 regs[rd] = NULL;
3456 3966 break;
3457 3967 }
3458 3968
3459 3969 r.rw = dtrace_loadptr(tupregs[0].dttk_value);
3460 3970 regs[rd] = _RW_WRITE_HELD(&r.ri);
3461 3971 break;
3462 3972
3463 3973 case DIF_SUBR_RW_ISWRITER:
3464 3974 if (!dtrace_canload(tupregs[0].dttk_value, sizeof (krwlock_t),
3465 3975 mstate, vstate)) {
3466 3976 regs[rd] = NULL;
3467 3977 break;
3468 3978 }
3469 3979
3470 3980 r.rw = dtrace_loadptr(tupregs[0].dttk_value);
3471 3981 regs[rd] = _RW_ISWRITER(&r.ri);
3472 3982 break;
3473 3983
3474 3984 case DIF_SUBR_BCOPY: {
3475 3985 /*
3476 3986 * We need to be sure that the destination is in the scratch
3477 3987 * region -- no other region is allowed.
3478 3988 */
3479 3989 uintptr_t src = tupregs[0].dttk_value;
3480 3990 uintptr_t dest = tupregs[1].dttk_value;
3481 3991 size_t size = tupregs[2].dttk_value;
3482 3992
3483 3993 if (!dtrace_inscratch(dest, size, mstate)) {
3484 3994 *flags |= CPU_DTRACE_BADADDR;
3485 3995 *illval = regs[rd];
3486 3996 break;
3487 3997 }
3488 3998
3489 3999 if (!dtrace_canload(src, size, mstate, vstate)) {
3490 4000 regs[rd] = NULL;
3491 4001 break;
3492 4002 }
3493 4003
3494 4004 dtrace_bcopy((void *)src, (void *)dest, size);
3495 4005 break;
3496 4006 }
3497 4007
3498 4008 case DIF_SUBR_ALLOCA:
3499 4009 case DIF_SUBR_COPYIN: {
3500 4010 uintptr_t dest = P2ROUNDUP(mstate->dtms_scratch_ptr, 8);
3501 4011 uint64_t size =
3502 4012 tupregs[subr == DIF_SUBR_ALLOCA ? 0 : 1].dttk_value;
3503 4013 size_t scratch_size = (dest - mstate->dtms_scratch_ptr) + size;
3504 4014
3505 4015 /*
3506 4016 * This action doesn't require any credential checks since
3507 4017 * probes will not activate in user contexts to which the
3508 4018 * enabling user does not have permissions.
3509 4019 */
3510 4020
3511 4021 /*
3512 4022 * Rounding up the user allocation size could have overflowed
3513 4023 * a large, bogus allocation (like -1ULL) to 0.
3514 4024 */
3515 4025 if (scratch_size < size ||
3516 4026 !DTRACE_INSCRATCH(mstate, scratch_size)) {
3517 4027 DTRACE_CPUFLAG_SET(CPU_DTRACE_NOSCRATCH);
3518 4028 regs[rd] = NULL;
3519 4029 break;
3520 4030 }
3521 4031
3522 4032 if (subr == DIF_SUBR_COPYIN) {
3523 4033 DTRACE_CPUFLAG_SET(CPU_DTRACE_NOFAULT);
3524 4034 dtrace_copyin(tupregs[0].dttk_value, dest, size, flags);
3525 4035 DTRACE_CPUFLAG_CLEAR(CPU_DTRACE_NOFAULT);
3526 4036 }
3527 4037
3528 4038 mstate->dtms_scratch_ptr += scratch_size;
3529 4039 regs[rd] = dest;
3530 4040 break;
3531 4041 }
3532 4042
3533 4043 case DIF_SUBR_COPYINTO: {
3534 4044 uint64_t size = tupregs[1].dttk_value;
3535 4045 uintptr_t dest = tupregs[2].dttk_value;
3536 4046
3537 4047 /*
3538 4048 * This action doesn't require any credential checks since
3539 4049 * probes will not activate in user contexts to which the
3540 4050 * enabling user does not have permissions.
3541 4051 */
3542 4052 if (!dtrace_inscratch(dest, size, mstate)) {
3543 4053 *flags |= CPU_DTRACE_BADADDR;
3544 4054 *illval = regs[rd];
3545 4055 break;
3546 4056 }
3547 4057
3548 4058 DTRACE_CPUFLAG_SET(CPU_DTRACE_NOFAULT);
3549 4059 dtrace_copyin(tupregs[0].dttk_value, dest, size, flags);
3550 4060 DTRACE_CPUFLAG_CLEAR(CPU_DTRACE_NOFAULT);
3551 4061 break;
3552 4062 }
3553 4063
3554 4064 case DIF_SUBR_COPYINSTR: {
3555 4065 uintptr_t dest = mstate->dtms_scratch_ptr;
3556 4066 uint64_t size = state->dts_options[DTRACEOPT_STRSIZE];
3557 4067
3558 4068 if (nargs > 1 && tupregs[1].dttk_value < size)
3559 4069 size = tupregs[1].dttk_value + 1;
3560 4070
3561 4071 /*
3562 4072 * This action doesn't require any credential checks since
3563 4073 * probes will not activate in user contexts to which the
3564 4074 * enabling user does not have permissions.
3565 4075 */
3566 4076 if (!DTRACE_INSCRATCH(mstate, size)) {
3567 4077 DTRACE_CPUFLAG_SET(CPU_DTRACE_NOSCRATCH);
3568 4078 regs[rd] = NULL;
3569 4079 break;
3570 4080 }
3571 4081
3572 4082 DTRACE_CPUFLAG_SET(CPU_DTRACE_NOFAULT);
3573 4083 dtrace_copyinstr(tupregs[0].dttk_value, dest, size, flags);
3574 4084 DTRACE_CPUFLAG_CLEAR(CPU_DTRACE_NOFAULT);
3575 4085
3576 4086 ((char *)dest)[size - 1] = '\0';
3577 4087 mstate->dtms_scratch_ptr += size;
3578 4088 regs[rd] = dest;
3579 4089 break;
3580 4090 }
3581 4091
3582 4092 case DIF_SUBR_MSGSIZE:
3583 4093 case DIF_SUBR_MSGDSIZE: {
3584 4094 uintptr_t baddr = tupregs[0].dttk_value, daddr;
3585 4095 uintptr_t wptr, rptr;
3586 4096 size_t count = 0;
3587 4097 int cont = 0;
3588 4098
3589 4099 while (baddr != NULL && !(*flags & CPU_DTRACE_FAULT)) {
3590 4100
3591 4101 if (!dtrace_canload(baddr, sizeof (mblk_t), mstate,
3592 4102 vstate)) {
3593 4103 regs[rd] = NULL;
3594 4104 break;
3595 4105 }
3596 4106
3597 4107 wptr = dtrace_loadptr(baddr +
3598 4108 offsetof(mblk_t, b_wptr));
3599 4109
3600 4110 rptr = dtrace_loadptr(baddr +
3601 4111 offsetof(mblk_t, b_rptr));
3602 4112
3603 4113 if (wptr < rptr) {
3604 4114 *flags |= CPU_DTRACE_BADADDR;
3605 4115 *illval = tupregs[0].dttk_value;
3606 4116 break;
3607 4117 }
3608 4118
3609 4119 daddr = dtrace_loadptr(baddr +
3610 4120 offsetof(mblk_t, b_datap));
3611 4121
3612 4122 baddr = dtrace_loadptr(baddr +
3613 4123 offsetof(mblk_t, b_cont));
3614 4124
3615 4125 /*
3616 4126 * We want to prevent against denial-of-service here,
3617 4127 * so we're only going to search the list for
3618 4128 * dtrace_msgdsize_max mblks.
3619 4129 */
3620 4130 if (cont++ > dtrace_msgdsize_max) {
3621 4131 *flags |= CPU_DTRACE_ILLOP;
3622 4132 break;
3623 4133 }
3624 4134
3625 4135 if (subr == DIF_SUBR_MSGDSIZE) {
3626 4136 if (dtrace_load8(daddr +
3627 4137 offsetof(dblk_t, db_type)) != M_DATA)
3628 4138 continue;
3629 4139 }
3630 4140
3631 4141 count += wptr - rptr;
3632 4142 }
3633 4143
3634 4144 if (!(*flags & CPU_DTRACE_FAULT))
3635 4145 regs[rd] = count;
3636 4146
3637 4147 break;
3638 4148 }
3639 4149
3640 4150 case DIF_SUBR_PROGENYOF: {
3641 4151 pid_t pid = tupregs[0].dttk_value;
3642 4152 proc_t *p;
3643 4153 int rval = 0;
3644 4154
3645 4155 DTRACE_CPUFLAG_SET(CPU_DTRACE_NOFAULT);
3646 4156
3647 4157 for (p = curthread->t_procp; p != NULL; p = p->p_parent) {
3648 4158 if (p->p_pidp->pid_id == pid) {
3649 4159 rval = 1;
3650 4160 break;
3651 4161 }
3652 4162 }
3653 4163
3654 4164 DTRACE_CPUFLAG_CLEAR(CPU_DTRACE_NOFAULT);
3655 4165
3656 4166 regs[rd] = rval;
3657 4167 break;
3658 4168 }
3659 4169
3660 4170 case DIF_SUBR_SPECULATION:
3661 4171 regs[rd] = dtrace_speculation(state);
3662 4172 break;
3663 4173
3664 4174 case DIF_SUBR_COPYOUT: {
3665 4175 uintptr_t kaddr = tupregs[0].dttk_value;
3666 4176 uintptr_t uaddr = tupregs[1].dttk_value;
3667 4177 uint64_t size = tupregs[2].dttk_value;
3668 4178
3669 4179 if (!dtrace_destructive_disallow &&
3670 4180 dtrace_priv_proc_control(state, mstate) &&
3671 4181 !dtrace_istoxic(kaddr, size)) {
3672 4182 DTRACE_CPUFLAG_SET(CPU_DTRACE_NOFAULT);
3673 4183 dtrace_copyout(kaddr, uaddr, size, flags);
3674 4184 DTRACE_CPUFLAG_CLEAR(CPU_DTRACE_NOFAULT);
3675 4185 }
3676 4186 break;
3677 4187 }
3678 4188
3679 4189 case DIF_SUBR_COPYOUTSTR: {
3680 4190 uintptr_t kaddr = tupregs[0].dttk_value;
3681 4191 uintptr_t uaddr = tupregs[1].dttk_value;
3682 4192 uint64_t size = tupregs[2].dttk_value;
3683 4193
3684 4194 if (!dtrace_destructive_disallow &&
3685 4195 dtrace_priv_proc_control(state, mstate) &&
3686 4196 !dtrace_istoxic(kaddr, size)) {
3687 4197 DTRACE_CPUFLAG_SET(CPU_DTRACE_NOFAULT);
3688 4198 dtrace_copyoutstr(kaddr, uaddr, size, flags);
3689 4199 DTRACE_CPUFLAG_CLEAR(CPU_DTRACE_NOFAULT);
3690 4200 }
3691 4201 break;
3692 4202 }
3693 4203
3694 4204 case DIF_SUBR_STRLEN: {
3695 4205 size_t sz;
3696 4206 uintptr_t addr = (uintptr_t)tupregs[0].dttk_value;
3697 4207 sz = dtrace_strlen((char *)addr,
3698 4208 state->dts_options[DTRACEOPT_STRSIZE]);
3699 4209
3700 4210 if (!dtrace_canload(addr, sz + 1, mstate, vstate)) {
3701 4211 regs[rd] = NULL;
3702 4212 break;
3703 4213 }
3704 4214
3705 4215 regs[rd] = sz;
3706 4216
3707 4217 break;
3708 4218 }
3709 4219
3710 4220 case DIF_SUBR_STRCHR:
3711 4221 case DIF_SUBR_STRRCHR: {
3712 4222 /*
3713 4223 * We're going to iterate over the string looking for the
3714 4224 * specified character. We will iterate until we have reached
3715 4225 * the string length or we have found the character. If this
3716 4226 * is DIF_SUBR_STRRCHR, we will look for the last occurrence
3717 4227 * of the specified character instead of the first.
3718 4228 */
3719 4229 uintptr_t saddr = tupregs[0].dttk_value;
3720 4230 uintptr_t addr = tupregs[0].dttk_value;
3721 4231 uintptr_t limit = addr + state->dts_options[DTRACEOPT_STRSIZE];
3722 4232 char c, target = (char)tupregs[1].dttk_value;
3723 4233
3724 4234 for (regs[rd] = NULL; addr < limit; addr++) {
3725 4235 if ((c = dtrace_load8(addr)) == target) {
3726 4236 regs[rd] = addr;
3727 4237
3728 4238 if (subr == DIF_SUBR_STRCHR)
3729 4239 break;
3730 4240 }
3731 4241
3732 4242 if (c == '\0')
3733 4243 break;
3734 4244 }
3735 4245
3736 4246 if (!dtrace_canload(saddr, addr - saddr, mstate, vstate)) {
3737 4247 regs[rd] = NULL;
3738 4248 break;
3739 4249 }
3740 4250
3741 4251 break;
3742 4252 }
3743 4253
3744 4254 case DIF_SUBR_STRSTR:
3745 4255 case DIF_SUBR_INDEX:
3746 4256 case DIF_SUBR_RINDEX: {
3747 4257 /*
3748 4258 * We're going to iterate over the string looking for the
3749 4259 * specified string. We will iterate until we have reached
3750 4260 * the string length or we have found the string. (Yes, this
3751 4261 * is done in the most naive way possible -- but considering
3752 4262 * that the string we're searching for is likely to be
3753 4263 * relatively short, the complexity of Rabin-Karp or similar
3754 4264 * hardly seems merited.)
3755 4265 */
3756 4266 char *addr = (char *)(uintptr_t)tupregs[0].dttk_value;
3757 4267 char *substr = (char *)(uintptr_t)tupregs[1].dttk_value;
3758 4268 uint64_t size = state->dts_options[DTRACEOPT_STRSIZE];
3759 4269 size_t len = dtrace_strlen(addr, size);
3760 4270 size_t sublen = dtrace_strlen(substr, size);
3761 4271 char *limit = addr + len, *orig = addr;
3762 4272 int notfound = subr == DIF_SUBR_STRSTR ? 0 : -1;
3763 4273 int inc = 1;
3764 4274
3765 4275 regs[rd] = notfound;
3766 4276
3767 4277 if (!dtrace_canload((uintptr_t)addr, len + 1, mstate, vstate)) {
3768 4278 regs[rd] = NULL;
3769 4279 break;
3770 4280 }
3771 4281
3772 4282 if (!dtrace_canload((uintptr_t)substr, sublen + 1, mstate,
3773 4283 vstate)) {
3774 4284 regs[rd] = NULL;
3775 4285 break;
3776 4286 }
3777 4287
3778 4288 /*
3779 4289 * strstr() and index()/rindex() have similar semantics if
3780 4290 * both strings are the empty string: strstr() returns a
3781 4291 * pointer to the (empty) string, and index() and rindex()
3782 4292 * both return index 0 (regardless of any position argument).
3783 4293 */
3784 4294 if (sublen == 0 && len == 0) {
3785 4295 if (subr == DIF_SUBR_STRSTR)
3786 4296 regs[rd] = (uintptr_t)addr;
3787 4297 else
3788 4298 regs[rd] = 0;
3789 4299 break;
3790 4300 }
3791 4301
3792 4302 if (subr != DIF_SUBR_STRSTR) {
3793 4303 if (subr == DIF_SUBR_RINDEX) {
3794 4304 limit = orig - 1;
3795 4305 addr += len;
3796 4306 inc = -1;
3797 4307 }
3798 4308
3799 4309 /*
3800 4310 * Both index() and rindex() take an optional position
3801 4311 * argument that denotes the starting position.
3802 4312 */
3803 4313 if (nargs == 3) {
3804 4314 int64_t pos = (int64_t)tupregs[2].dttk_value;
3805 4315
3806 4316 /*
3807 4317 * If the position argument to index() is
3808 4318 * negative, Perl implicitly clamps it at
3809 4319 * zero. This semantic is a little surprising
3810 4320 * given the special meaning of negative
3811 4321 * positions to similar Perl functions like
3812 4322 * substr(), but it appears to reflect a
3813 4323 * notion that index() can start from a
3814 4324 * negative index and increment its way up to
3815 4325 * the string. Given this notion, Perl's
3816 4326 * rindex() is at least self-consistent in
3817 4327 * that it implicitly clamps positions greater
3818 4328 * than the string length to be the string
3819 4329 * length. Where Perl completely loses
3820 4330 * coherence, however, is when the specified
3821 4331 * substring is the empty string (""). In
3822 4332 * this case, even if the position is
3823 4333 * negative, rindex() returns 0 -- and even if
3824 4334 * the position is greater than the length,
3825 4335 * index() returns the string length. These
3826 4336 * semantics violate the notion that index()
3827 4337 * should never return a value less than the
3828 4338 * specified position and that rindex() should
3829 4339 * never return a value greater than the
3830 4340 * specified position. (One assumes that
3831 4341 * these semantics are artifacts of Perl's
3832 4342 * implementation and not the results of
3833 4343 * deliberate design -- it beggars belief that
3834 4344 * even Larry Wall could desire such oddness.)
3835 4345 * While in the abstract one would wish for
3836 4346 * consistent position semantics across
3837 4347 * substr(), index() and rindex() -- or at the
3838 4348 * very least self-consistent position
3839 4349 * semantics for index() and rindex() -- we
3840 4350 * instead opt to keep with the extant Perl
3841 4351 * semantics, in all their broken glory. (Do
3842 4352 * we have more desire to maintain Perl's
3843 4353 * semantics than Perl does? Probably.)
3844 4354 */
3845 4355 if (subr == DIF_SUBR_RINDEX) {
3846 4356 if (pos < 0) {
3847 4357 if (sublen == 0)
3848 4358 regs[rd] = 0;
3849 4359 break;
3850 4360 }
3851 4361
3852 4362 if (pos > len)
3853 4363 pos = len;
3854 4364 } else {
3855 4365 if (pos < 0)
3856 4366 pos = 0;
3857 4367
3858 4368 if (pos >= len) {
3859 4369 if (sublen == 0)
3860 4370 regs[rd] = len;
3861 4371 break;
3862 4372 }
3863 4373 }
3864 4374
3865 4375 addr = orig + pos;
3866 4376 }
3867 4377 }
3868 4378
3869 4379 for (regs[rd] = notfound; addr != limit; addr += inc) {
3870 4380 if (dtrace_strncmp(addr, substr, sublen) == 0) {
3871 4381 if (subr != DIF_SUBR_STRSTR) {
3872 4382 /*
3873 4383 * As D index() and rindex() are
3874 4384 * modeled on Perl (and not on awk),
3875 4385 * we return a zero-based (and not a
3876 4386 * one-based) index. (For you Perl
3877 4387 * weenies: no, we're not going to add
3878 4388 * $[ -- and shouldn't you be at a con
3879 4389 * or something?)
3880 4390 */
3881 4391 regs[rd] = (uintptr_t)(addr - orig);
3882 4392 break;
3883 4393 }
3884 4394
3885 4395 ASSERT(subr == DIF_SUBR_STRSTR);
3886 4396 regs[rd] = (uintptr_t)addr;
3887 4397 break;
3888 4398 }
3889 4399 }
3890 4400
3891 4401 break;
3892 4402 }
3893 4403
3894 4404 case DIF_SUBR_STRTOK: {
3895 4405 uintptr_t addr = tupregs[0].dttk_value;
3896 4406 uintptr_t tokaddr = tupregs[1].dttk_value;
3897 4407 uint64_t size = state->dts_options[DTRACEOPT_STRSIZE];
3898 4408 uintptr_t limit, toklimit = tokaddr + size;
3899 4409 uint8_t c, tokmap[32]; /* 256 / 8 */
3900 4410 char *dest = (char *)mstate->dtms_scratch_ptr;
3901 4411 int i;
3902 4412
3903 4413 /*
3904 4414 * Check both the token buffer and (later) the input buffer,
3905 4415 * since both could be non-scratch addresses.
3906 4416 */
3907 4417 if (!dtrace_strcanload(tokaddr, size, mstate, vstate)) {
3908 4418 regs[rd] = NULL;
3909 4419 break;
3910 4420 }
3911 4421
3912 4422 if (!DTRACE_INSCRATCH(mstate, size)) {
3913 4423 DTRACE_CPUFLAG_SET(CPU_DTRACE_NOSCRATCH);
3914 4424 regs[rd] = NULL;
3915 4425 break;
3916 4426 }
3917 4427
3918 4428 if (addr == NULL) {
3919 4429 /*
3920 4430 * If the address specified is NULL, we use our saved
3921 4431 * strtok pointer from the mstate. Note that this
3922 4432 * means that the saved strtok pointer is _only_
3923 4433 * valid within multiple enablings of the same probe --
3924 4434 * it behaves like an implicit clause-local variable.
3925 4435 */
3926 4436 addr = mstate->dtms_strtok;
3927 4437 } else {
3928 4438 /*
3929 4439 * If the user-specified address is non-NULL we must
3930 4440 * access check it. This is the only time we have
3931 4441 * a chance to do so, since this address may reside
3932 4442 * in the string table of this clause-- future calls
3933 4443 * (when we fetch addr from mstate->dtms_strtok)
3934 4444 * would fail this access check.
3935 4445 */
3936 4446 if (!dtrace_strcanload(addr, size, mstate, vstate)) {
3937 4447 regs[rd] = NULL;
3938 4448 break;
3939 4449 }
3940 4450 }
3941 4451
3942 4452 /*
3943 4453 * First, zero the token map, and then process the token
3944 4454 * string -- setting a bit in the map for every character
3945 4455 * found in the token string.
3946 4456 */
3947 4457 for (i = 0; i < sizeof (tokmap); i++)
3948 4458 tokmap[i] = 0;
3949 4459
3950 4460 for (; tokaddr < toklimit; tokaddr++) {
3951 4461 if ((c = dtrace_load8(tokaddr)) == '\0')
3952 4462 break;
3953 4463
3954 4464 ASSERT((c >> 3) < sizeof (tokmap));
3955 4465 tokmap[c >> 3] |= (1 << (c & 0x7));
3956 4466 }
3957 4467
3958 4468 for (limit = addr + size; addr < limit; addr++) {
3959 4469 /*
3960 4470 * We're looking for a character that is _not_ contained
3961 4471 * in the token string.
3962 4472 */
3963 4473 if ((c = dtrace_load8(addr)) == '\0')
3964 4474 break;
3965 4475
3966 4476 if (!(tokmap[c >> 3] & (1 << (c & 0x7))))
3967 4477 break;
3968 4478 }
3969 4479
3970 4480 if (c == '\0') {
3971 4481 /*
3972 4482 * We reached the end of the string without finding
3973 4483 * any character that was not in the token string.
3974 4484 * We return NULL in this case, and we set the saved
3975 4485 * address to NULL as well.
3976 4486 */
3977 4487 regs[rd] = NULL;
3978 4488 mstate->dtms_strtok = NULL;
3979 4489 break;
3980 4490 }
3981 4491
3982 4492 /*
3983 4493 * From here on, we're copying into the destination string.
3984 4494 */
3985 4495 for (i = 0; addr < limit && i < size - 1; addr++) {
3986 4496 if ((c = dtrace_load8(addr)) == '\0')
3987 4497 break;
3988 4498
3989 4499 if (tokmap[c >> 3] & (1 << (c & 0x7)))
3990 4500 break;
3991 4501
3992 4502 ASSERT(i < size);
3993 4503 dest[i++] = c;
3994 4504 }
3995 4505
3996 4506 ASSERT(i < size);
3997 4507 dest[i] = '\0';
3998 4508 regs[rd] = (uintptr_t)dest;
3999 4509 mstate->dtms_scratch_ptr += size;
4000 4510 mstate->dtms_strtok = addr;
4001 4511 break;
4002 4512 }
4003 4513
4004 4514 case DIF_SUBR_SUBSTR: {
4005 4515 uintptr_t s = tupregs[0].dttk_value;
4006 4516 uint64_t size = state->dts_options[DTRACEOPT_STRSIZE];
4007 4517 char *d = (char *)mstate->dtms_scratch_ptr;
4008 4518 int64_t index = (int64_t)tupregs[1].dttk_value;
4009 4519 int64_t remaining = (int64_t)tupregs[2].dttk_value;
4010 4520 size_t len = dtrace_strlen((char *)s, size);
4011 4521 int64_t i;
4012 4522
4013 4523 if (!dtrace_canload(s, len + 1, mstate, vstate)) {
4014 4524 regs[rd] = NULL;
4015 4525 break;
4016 4526 }
4017 4527
4018 4528 if (!DTRACE_INSCRATCH(mstate, size)) {
4019 4529 DTRACE_CPUFLAG_SET(CPU_DTRACE_NOSCRATCH);
4020 4530 regs[rd] = NULL;
4021 4531 break;
4022 4532 }
4023 4533
4024 4534 if (nargs <= 2)
4025 4535 remaining = (int64_t)size;
4026 4536
4027 4537 if (index < 0) {
4028 4538 index += len;
4029 4539
4030 4540 if (index < 0 && index + remaining > 0) {
4031 4541 remaining += index;
4032 4542 index = 0;
4033 4543 }
4034 4544 }
4035 4545
4036 4546 if (index >= len || index < 0) {
4037 4547 remaining = 0;
4038 4548 } else if (remaining < 0) {
4039 4549 remaining += len - index;
4040 4550 } else if (index + remaining > size) {
4041 4551 remaining = size - index;
4042 4552 }
4043 4553
4044 4554 for (i = 0; i < remaining; i++) {
4045 4555 if ((d[i] = dtrace_load8(s + index + i)) == '\0')
|
↓ open down ↓ |
679 lines elided |
↑ open up ↑ |
4046 4556 break;
4047 4557 }
4048 4558
4049 4559 d[i] = '\0';
4050 4560
4051 4561 mstate->dtms_scratch_ptr += size;
4052 4562 regs[rd] = (uintptr_t)d;
4053 4563 break;
4054 4564 }
4055 4565
4566 + case DIF_SUBR_JSON: {
4567 + uint64_t size = state->dts_options[DTRACEOPT_STRSIZE];
4568 + uintptr_t json = tupregs[0].dttk_value;
4569 + size_t jsonlen = dtrace_strlen((char *)json, size);
4570 + uintptr_t elem = tupregs[1].dttk_value;
4571 + size_t elemlen = dtrace_strlen((char *)elem, size);
4572 +
4573 + char *dest = (char *)mstate->dtms_scratch_ptr;
4574 + char *elemlist = (char *)mstate->dtms_scratch_ptr + jsonlen + 1;
4575 + char *ee = elemlist;
4576 + int nelems = 1;
4577 + uintptr_t cur;
4578 +
4579 + if (!dtrace_canload(json, jsonlen + 1, mstate, vstate) ||
4580 + !dtrace_canload(elem, elemlen + 1, mstate, vstate)) {
4581 + regs[rd] = NULL;
4582 + break;
4583 + }
4584 +
4585 + if (!DTRACE_INSCRATCH(mstate, jsonlen + 1 + elemlen + 1)) {
4586 + DTRACE_CPUFLAG_SET(CPU_DTRACE_NOSCRATCH);
4587 + regs[rd] = NULL;
4588 + break;
4589 + }
4590 +
4591 + /*
4592 + * Read the element selector and split it up into a packed list
4593 + * of strings.
4594 + */
4595 + for (cur = elem; cur < elem + elemlen; cur++) {
4596 + char cc = dtrace_load8(cur);
4597 +
4598 + if (cur == elem && cc == '[') {
4599 + /*
4600 + * If the first element selector key is
4601 + * actually an array index then ignore the
4602 + * bracket.
4603 + */
4604 + continue;
4605 + }
4606 +
4607 + if (cc == ']')
4608 + continue;
4609 +
4610 + if (cc == '.' || cc == '[') {
4611 + nelems++;
4612 + cc = '\0';
4613 + }
4614 +
4615 + *ee++ = cc;
4616 + }
4617 + *ee++ = '\0';
4618 +
4619 + if ((regs[rd] = (uintptr_t)dtrace_json(size, json, elemlist,
4620 + nelems, dest)) != NULL)
4621 + mstate->dtms_scratch_ptr += jsonlen + 1;
4622 + break;
4623 + }
4624 +
4056 4625 case DIF_SUBR_TOUPPER:
4057 4626 case DIF_SUBR_TOLOWER: {
4058 4627 uintptr_t s = tupregs[0].dttk_value;
4059 4628 uint64_t size = state->dts_options[DTRACEOPT_STRSIZE];
4060 4629 char *dest = (char *)mstate->dtms_scratch_ptr, c;
4061 4630 size_t len = dtrace_strlen((char *)s, size);
4062 4631 char lower, upper, convert;
4063 4632 int64_t i;
4064 4633
4065 4634 if (subr == DIF_SUBR_TOUPPER) {
4066 4635 lower = 'a';
4067 4636 upper = 'z';
4068 4637 convert = 'A';
4069 4638 } else {
4070 4639 lower = 'A';
4071 4640 upper = 'Z';
4072 4641 convert = 'a';
4073 4642 }
4074 4643
4075 4644 if (!dtrace_canload(s, len + 1, mstate, vstate)) {
4076 4645 regs[rd] = NULL;
4077 4646 break;
4078 4647 }
4079 4648
4080 4649 if (!DTRACE_INSCRATCH(mstate, size)) {
4081 4650 DTRACE_CPUFLAG_SET(CPU_DTRACE_NOSCRATCH);
4082 4651 regs[rd] = NULL;
4083 4652 break;
4084 4653 }
4085 4654
4086 4655 for (i = 0; i < size - 1; i++) {
4087 4656 if ((c = dtrace_load8(s + i)) == '\0')
4088 4657 break;
4089 4658
4090 4659 if (c >= lower && c <= upper)
4091 4660 c = convert + (c - lower);
4092 4661
4093 4662 dest[i] = c;
4094 4663 }
4095 4664
4096 4665 ASSERT(i < size);
4097 4666 dest[i] = '\0';
4098 4667 regs[rd] = (uintptr_t)dest;
4099 4668 mstate->dtms_scratch_ptr += size;
4100 4669 break;
4101 4670 }
4102 4671
4103 4672 case DIF_SUBR_GETMAJOR:
4104 4673 #ifdef _LP64
4105 4674 regs[rd] = (tupregs[0].dttk_value >> NBITSMINOR64) & MAXMAJ64;
4106 4675 #else
4107 4676 regs[rd] = (tupregs[0].dttk_value >> NBITSMINOR) & MAXMAJ;
4108 4677 #endif
4109 4678 break;
4110 4679
4111 4680 case DIF_SUBR_GETMINOR:
4112 4681 #ifdef _LP64
4113 4682 regs[rd] = tupregs[0].dttk_value & MAXMIN64;
4114 4683 #else
4115 4684 regs[rd] = tupregs[0].dttk_value & MAXMIN;
4116 4685 #endif
4117 4686 break;
4118 4687
4119 4688 case DIF_SUBR_DDI_PATHNAME: {
4120 4689 /*
4121 4690 * This one is a galactic mess. We are going to roughly
4122 4691 * emulate ddi_pathname(), but it's made more complicated
4123 4692 * by the fact that we (a) want to include the minor name and
4124 4693 * (b) must proceed iteratively instead of recursively.
4125 4694 */
4126 4695 uintptr_t dest = mstate->dtms_scratch_ptr;
4127 4696 uint64_t size = state->dts_options[DTRACEOPT_STRSIZE];
4128 4697 char *start = (char *)dest, *end = start + size - 1;
4129 4698 uintptr_t daddr = tupregs[0].dttk_value;
4130 4699 int64_t minor = (int64_t)tupregs[1].dttk_value;
4131 4700 char *s;
4132 4701 int i, len, depth = 0;
4133 4702
4134 4703 /*
4135 4704 * Due to all the pointer jumping we do and context we must
4136 4705 * rely upon, we just mandate that the user must have kernel
4137 4706 * read privileges to use this routine.
4138 4707 */
4139 4708 if ((mstate->dtms_access & DTRACE_ACCESS_KERNEL) == 0) {
4140 4709 *flags |= CPU_DTRACE_KPRIV;
4141 4710 *illval = daddr;
4142 4711 regs[rd] = NULL;
4143 4712 }
4144 4713
4145 4714 if (!DTRACE_INSCRATCH(mstate, size)) {
4146 4715 DTRACE_CPUFLAG_SET(CPU_DTRACE_NOSCRATCH);
4147 4716 regs[rd] = NULL;
4148 4717 break;
4149 4718 }
4150 4719
4151 4720 *end = '\0';
4152 4721
4153 4722 /*
4154 4723 * We want to have a name for the minor. In order to do this,
4155 4724 * we need to walk the minor list from the devinfo. We want
4156 4725 * to be sure that we don't infinitely walk a circular list,
4157 4726 * so we check for circularity by sending a scout pointer
4158 4727 * ahead two elements for every element that we iterate over;
4159 4728 * if the list is circular, these will ultimately point to the
4160 4729 * same element. You may recognize this little trick as the
4161 4730 * answer to a stupid interview question -- one that always
4162 4731 * seems to be asked by those who had to have it laboriously
4163 4732 * explained to them, and who can't even concisely describe
4164 4733 * the conditions under which one would be forced to resort to
4165 4734 * this technique. Needless to say, those conditions are
4166 4735 * found here -- and probably only here. Is this the only use
4167 4736 * of this infamous trick in shipping, production code? If it
4168 4737 * isn't, it probably should be...
4169 4738 */
4170 4739 if (minor != -1) {
4171 4740 uintptr_t maddr = dtrace_loadptr(daddr +
4172 4741 offsetof(struct dev_info, devi_minor));
4173 4742
4174 4743 uintptr_t next = offsetof(struct ddi_minor_data, next);
4175 4744 uintptr_t name = offsetof(struct ddi_minor_data,
4176 4745 d_minor) + offsetof(struct ddi_minor, name);
4177 4746 uintptr_t dev = offsetof(struct ddi_minor_data,
4178 4747 d_minor) + offsetof(struct ddi_minor, dev);
4179 4748 uintptr_t scout;
4180 4749
4181 4750 if (maddr != NULL)
4182 4751 scout = dtrace_loadptr(maddr + next);
4183 4752
4184 4753 while (maddr != NULL && !(*flags & CPU_DTRACE_FAULT)) {
4185 4754 uint64_t m;
4186 4755 #ifdef _LP64
4187 4756 m = dtrace_load64(maddr + dev) & MAXMIN64;
4188 4757 #else
4189 4758 m = dtrace_load32(maddr + dev) & MAXMIN;
4190 4759 #endif
4191 4760 if (m != minor) {
4192 4761 maddr = dtrace_loadptr(maddr + next);
4193 4762
4194 4763 if (scout == NULL)
4195 4764 continue;
4196 4765
4197 4766 scout = dtrace_loadptr(scout + next);
4198 4767
4199 4768 if (scout == NULL)
4200 4769 continue;
4201 4770
4202 4771 scout = dtrace_loadptr(scout + next);
4203 4772
4204 4773 if (scout == NULL)
4205 4774 continue;
4206 4775
4207 4776 if (scout == maddr) {
4208 4777 *flags |= CPU_DTRACE_ILLOP;
4209 4778 break;
4210 4779 }
4211 4780
4212 4781 continue;
4213 4782 }
4214 4783
4215 4784 /*
4216 4785 * We have the minor data. Now we need to
4217 4786 * copy the minor's name into the end of the
4218 4787 * pathname.
4219 4788 */
4220 4789 s = (char *)dtrace_loadptr(maddr + name);
4221 4790 len = dtrace_strlen(s, size);
4222 4791
4223 4792 if (*flags & CPU_DTRACE_FAULT)
4224 4793 break;
4225 4794
4226 4795 if (len != 0) {
4227 4796 if ((end -= (len + 1)) < start)
4228 4797 break;
4229 4798
4230 4799 *end = ':';
4231 4800 }
4232 4801
4233 4802 for (i = 1; i <= len; i++)
4234 4803 end[i] = dtrace_load8((uintptr_t)s++);
4235 4804 break;
4236 4805 }
4237 4806 }
4238 4807
4239 4808 while (daddr != NULL && !(*flags & CPU_DTRACE_FAULT)) {
4240 4809 ddi_node_state_t devi_state;
4241 4810
4242 4811 devi_state = dtrace_load32(daddr +
4243 4812 offsetof(struct dev_info, devi_node_state));
4244 4813
4245 4814 if (*flags & CPU_DTRACE_FAULT)
4246 4815 break;
4247 4816
4248 4817 if (devi_state >= DS_INITIALIZED) {
4249 4818 s = (char *)dtrace_loadptr(daddr +
4250 4819 offsetof(struct dev_info, devi_addr));
4251 4820 len = dtrace_strlen(s, size);
4252 4821
4253 4822 if (*flags & CPU_DTRACE_FAULT)
4254 4823 break;
4255 4824
4256 4825 if (len != 0) {
4257 4826 if ((end -= (len + 1)) < start)
4258 4827 break;
4259 4828
4260 4829 *end = '@';
4261 4830 }
4262 4831
4263 4832 for (i = 1; i <= len; i++)
4264 4833 end[i] = dtrace_load8((uintptr_t)s++);
4265 4834 }
4266 4835
4267 4836 /*
4268 4837 * Now for the node name...
4269 4838 */
4270 4839 s = (char *)dtrace_loadptr(daddr +
4271 4840 offsetof(struct dev_info, devi_node_name));
4272 4841
4273 4842 daddr = dtrace_loadptr(daddr +
4274 4843 offsetof(struct dev_info, devi_parent));
4275 4844
4276 4845 /*
4277 4846 * If our parent is NULL (that is, if we're the root
4278 4847 * node), we're going to use the special path
4279 4848 * "devices".
4280 4849 */
4281 4850 if (daddr == NULL)
4282 4851 s = "devices";
4283 4852
4284 4853 len = dtrace_strlen(s, size);
4285 4854 if (*flags & CPU_DTRACE_FAULT)
4286 4855 break;
4287 4856
4288 4857 if ((end -= (len + 1)) < start)
4289 4858 break;
4290 4859
4291 4860 for (i = 1; i <= len; i++)
4292 4861 end[i] = dtrace_load8((uintptr_t)s++);
4293 4862 *end = '/';
4294 4863
4295 4864 if (depth++ > dtrace_devdepth_max) {
4296 4865 *flags |= CPU_DTRACE_ILLOP;
4297 4866 break;
4298 4867 }
4299 4868 }
4300 4869
4301 4870 if (end < start)
4302 4871 DTRACE_CPUFLAG_SET(CPU_DTRACE_NOSCRATCH);
4303 4872
4304 4873 if (daddr == NULL) {
4305 4874 regs[rd] = (uintptr_t)end;
4306 4875 mstate->dtms_scratch_ptr += size;
4307 4876 }
4308 4877
4309 4878 break;
4310 4879 }
4311 4880
4312 4881 case DIF_SUBR_STRJOIN: {
4313 4882 char *d = (char *)mstate->dtms_scratch_ptr;
4314 4883 uint64_t size = state->dts_options[DTRACEOPT_STRSIZE];
4315 4884 uintptr_t s1 = tupregs[0].dttk_value;
4316 4885 uintptr_t s2 = tupregs[1].dttk_value;
4317 4886 int i = 0;
4318 4887
4319 4888 if (!dtrace_strcanload(s1, size, mstate, vstate) ||
4320 4889 !dtrace_strcanload(s2, size, mstate, vstate)) {
4321 4890 regs[rd] = NULL;
4322 4891 break;
4323 4892 }
4324 4893
4325 4894 if (!DTRACE_INSCRATCH(mstate, size)) {
4326 4895 DTRACE_CPUFLAG_SET(CPU_DTRACE_NOSCRATCH);
4327 4896 regs[rd] = NULL;
4328 4897 break;
4329 4898 }
4330 4899
4331 4900 for (;;) {
4332 4901 if (i >= size) {
4333 4902 DTRACE_CPUFLAG_SET(CPU_DTRACE_NOSCRATCH);
4334 4903 regs[rd] = NULL;
4335 4904 break;
4336 4905 }
4337 4906
4338 4907 if ((d[i++] = dtrace_load8(s1++)) == '\0') {
4339 4908 i--;
4340 4909 break;
4341 4910 }
4342 4911 }
4343 4912
4344 4913 for (;;) {
4345 4914 if (i >= size) {
4346 4915 DTRACE_CPUFLAG_SET(CPU_DTRACE_NOSCRATCH);
4347 4916 regs[rd] = NULL;
4348 4917 break;
4349 4918 }
4350 4919
4351 4920 if ((d[i++] = dtrace_load8(s2++)) == '\0')
4352 4921 break;
|
↓ open down ↓ |
287 lines elided |
↑ open up ↑ |
4353 4922 }
4354 4923
4355 4924 if (i < size) {
4356 4925 mstate->dtms_scratch_ptr += i;
4357 4926 regs[rd] = (uintptr_t)d;
4358 4927 }
4359 4928
4360 4929 break;
4361 4930 }
4362 4931
4932 + case DIF_SUBR_STRTOLL: {
4933 + uintptr_t s = tupregs[0].dttk_value;
4934 + uint64_t size = state->dts_options[DTRACEOPT_STRSIZE];
4935 + int base = 10;
4936 +
4937 + if (nargs > 1) {
4938 + if ((base = tupregs[1].dttk_value) <= 1 ||
4939 + base > ('z' - 'a' + 1) + ('9' - '0' + 1)) {
4940 + *flags |= CPU_DTRACE_ILLOP;
4941 + break;
4942 + }
4943 + }
4944 +
4945 + if (!dtrace_strcanload(s, size, mstate, vstate)) {
4946 + regs[rd] = INT64_MIN;
4947 + break;
4948 + }
4949 +
4950 + regs[rd] = dtrace_strtoll((char *)s, base, size);
4951 + break;
4952 + }
4953 +
4363 4954 case DIF_SUBR_LLTOSTR: {
4364 4955 int64_t i = (int64_t)tupregs[0].dttk_value;
4365 4956 uint64_t val, digit;
4366 4957 uint64_t size = 65; /* enough room for 2^64 in binary */
4367 4958 char *end = (char *)mstate->dtms_scratch_ptr + size - 1;
4368 4959 int base = 10;
4369 4960
4370 4961 if (nargs > 1) {
4371 4962 if ((base = tupregs[1].dttk_value) <= 1 ||
4372 4963 base > ('z' - 'a' + 1) + ('9' - '0' + 1)) {
4373 4964 *flags |= CPU_DTRACE_ILLOP;
4374 4965 break;
4375 4966 }
4376 4967 }
4377 4968
4378 4969 val = (base == 10 && i < 0) ? i * -1 : i;
4379 4970
4380 4971 if (!DTRACE_INSCRATCH(mstate, size)) {
4381 4972 DTRACE_CPUFLAG_SET(CPU_DTRACE_NOSCRATCH);
4382 4973 regs[rd] = NULL;
4383 4974 break;
4384 4975 }
4385 4976
4386 4977 for (*end-- = '\0'; val; val /= base) {
4387 4978 if ((digit = val % base) <= '9' - '0') {
4388 4979 *end-- = '0' + digit;
4389 4980 } else {
4390 4981 *end-- = 'a' + (digit - ('9' - '0') - 1);
4391 4982 }
4392 4983 }
4393 4984
4394 4985 if (i == 0 && base == 16)
4395 4986 *end-- = '0';
4396 4987
4397 4988 if (base == 16)
4398 4989 *end-- = 'x';
4399 4990
4400 4991 if (i == 0 || base == 8 || base == 16)
4401 4992 *end-- = '0';
4402 4993
4403 4994 if (i < 0 && base == 10)
4404 4995 *end-- = '-';
4405 4996
4406 4997 regs[rd] = (uintptr_t)end + 1;
4407 4998 mstate->dtms_scratch_ptr += size;
4408 4999 break;
4409 5000 }
4410 5001
4411 5002 case DIF_SUBR_HTONS:
4412 5003 case DIF_SUBR_NTOHS:
4413 5004 #ifdef _BIG_ENDIAN
4414 5005 regs[rd] = (uint16_t)tupregs[0].dttk_value;
4415 5006 #else
4416 5007 regs[rd] = DT_BSWAP_16((uint16_t)tupregs[0].dttk_value);
4417 5008 #endif
4418 5009 break;
4419 5010
4420 5011
4421 5012 case DIF_SUBR_HTONL:
4422 5013 case DIF_SUBR_NTOHL:
4423 5014 #ifdef _BIG_ENDIAN
4424 5015 regs[rd] = (uint32_t)tupregs[0].dttk_value;
4425 5016 #else
4426 5017 regs[rd] = DT_BSWAP_32((uint32_t)tupregs[0].dttk_value);
4427 5018 #endif
4428 5019 break;
4429 5020
4430 5021
4431 5022 case DIF_SUBR_HTONLL:
4432 5023 case DIF_SUBR_NTOHLL:
4433 5024 #ifdef _BIG_ENDIAN
4434 5025 regs[rd] = (uint64_t)tupregs[0].dttk_value;
4435 5026 #else
4436 5027 regs[rd] = DT_BSWAP_64((uint64_t)tupregs[0].dttk_value);
4437 5028 #endif
4438 5029 break;
4439 5030
4440 5031
4441 5032 case DIF_SUBR_DIRNAME:
4442 5033 case DIF_SUBR_BASENAME: {
4443 5034 char *dest = (char *)mstate->dtms_scratch_ptr;
4444 5035 uint64_t size = state->dts_options[DTRACEOPT_STRSIZE];
4445 5036 uintptr_t src = tupregs[0].dttk_value;
4446 5037 int i, j, len = dtrace_strlen((char *)src, size);
4447 5038 int lastbase = -1, firstbase = -1, lastdir = -1;
4448 5039 int start, end;
4449 5040
4450 5041 if (!dtrace_canload(src, len + 1, mstate, vstate)) {
4451 5042 regs[rd] = NULL;
4452 5043 break;
4453 5044 }
4454 5045
4455 5046 if (!DTRACE_INSCRATCH(mstate, size)) {
4456 5047 DTRACE_CPUFLAG_SET(CPU_DTRACE_NOSCRATCH);
4457 5048 regs[rd] = NULL;
4458 5049 break;
4459 5050 }
4460 5051
4461 5052 /*
4462 5053 * The basename and dirname for a zero-length string is
4463 5054 * defined to be "."
4464 5055 */
4465 5056 if (len == 0) {
4466 5057 len = 1;
4467 5058 src = (uintptr_t)".";
4468 5059 }
4469 5060
4470 5061 /*
4471 5062 * Start from the back of the string, moving back toward the
4472 5063 * front until we see a character that isn't a slash. That
4473 5064 * character is the last character in the basename.
4474 5065 */
4475 5066 for (i = len - 1; i >= 0; i--) {
4476 5067 if (dtrace_load8(src + i) != '/')
4477 5068 break;
4478 5069 }
4479 5070
4480 5071 if (i >= 0)
4481 5072 lastbase = i;
4482 5073
4483 5074 /*
4484 5075 * Starting from the last character in the basename, move
4485 5076 * towards the front until we find a slash. The character
4486 5077 * that we processed immediately before that is the first
4487 5078 * character in the basename.
4488 5079 */
4489 5080 for (; i >= 0; i--) {
4490 5081 if (dtrace_load8(src + i) == '/')
4491 5082 break;
4492 5083 }
4493 5084
4494 5085 if (i >= 0)
4495 5086 firstbase = i + 1;
4496 5087
4497 5088 /*
4498 5089 * Now keep going until we find a non-slash character. That
4499 5090 * character is the last character in the dirname.
4500 5091 */
4501 5092 for (; i >= 0; i--) {
4502 5093 if (dtrace_load8(src + i) != '/')
4503 5094 break;
4504 5095 }
4505 5096
4506 5097 if (i >= 0)
4507 5098 lastdir = i;
4508 5099
4509 5100 ASSERT(!(lastbase == -1 && firstbase != -1));
4510 5101 ASSERT(!(firstbase == -1 && lastdir != -1));
4511 5102
4512 5103 if (lastbase == -1) {
4513 5104 /*
4514 5105 * We didn't find a non-slash character. We know that
4515 5106 * the length is non-zero, so the whole string must be
4516 5107 * slashes. In either the dirname or the basename
4517 5108 * case, we return '/'.
4518 5109 */
4519 5110 ASSERT(firstbase == -1);
4520 5111 firstbase = lastbase = lastdir = 0;
4521 5112 }
4522 5113
4523 5114 if (firstbase == -1) {
4524 5115 /*
4525 5116 * The entire string consists only of a basename
4526 5117 * component. If we're looking for dirname, we need
4527 5118 * to change our string to be just "."; if we're
4528 5119 * looking for a basename, we'll just set the first
4529 5120 * character of the basename to be 0.
4530 5121 */
4531 5122 if (subr == DIF_SUBR_DIRNAME) {
4532 5123 ASSERT(lastdir == -1);
4533 5124 src = (uintptr_t)".";
4534 5125 lastdir = 0;
4535 5126 } else {
4536 5127 firstbase = 0;
4537 5128 }
4538 5129 }
4539 5130
4540 5131 if (subr == DIF_SUBR_DIRNAME) {
4541 5132 if (lastdir == -1) {
4542 5133 /*
4543 5134 * We know that we have a slash in the name --
4544 5135 * or lastdir would be set to 0, above. And
4545 5136 * because lastdir is -1, we know that this
4546 5137 * slash must be the first character. (That
4547 5138 * is, the full string must be of the form
4548 5139 * "/basename".) In this case, the last
4549 5140 * character of the directory name is 0.
4550 5141 */
4551 5142 lastdir = 0;
4552 5143 }
4553 5144
4554 5145 start = 0;
4555 5146 end = lastdir;
4556 5147 } else {
4557 5148 ASSERT(subr == DIF_SUBR_BASENAME);
4558 5149 ASSERT(firstbase != -1 && lastbase != -1);
4559 5150 start = firstbase;
4560 5151 end = lastbase;
4561 5152 }
4562 5153
4563 5154 for (i = start, j = 0; i <= end && j < size - 1; i++, j++)
4564 5155 dest[j] = dtrace_load8(src + i);
4565 5156
4566 5157 dest[j] = '\0';
4567 5158 regs[rd] = (uintptr_t)dest;
4568 5159 mstate->dtms_scratch_ptr += size;
4569 5160 break;
4570 5161 }
4571 5162
4572 5163 case DIF_SUBR_GETF: {
4573 5164 uintptr_t fd = tupregs[0].dttk_value;
4574 5165 uf_info_t *finfo = &curthread->t_procp->p_user.u_finfo;
4575 5166 file_t *fp;
4576 5167
4577 5168 if (!dtrace_priv_proc(state, mstate)) {
4578 5169 regs[rd] = NULL;
4579 5170 break;
4580 5171 }
4581 5172
4582 5173 /*
4583 5174 * This is safe because fi_nfiles only increases, and the
4584 5175 * fi_list array is not freed when the array size doubles.
4585 5176 * (See the comment in flist_grow() for details on the
4586 5177 * management of the u_finfo structure.)
4587 5178 */
4588 5179 fp = fd < finfo->fi_nfiles ? finfo->fi_list[fd].uf_file : NULL;
4589 5180
4590 5181 mstate->dtms_getf = fp;
4591 5182 regs[rd] = (uintptr_t)fp;
4592 5183 break;
4593 5184 }
4594 5185
4595 5186 case DIF_SUBR_CLEANPATH: {
4596 5187 char *dest = (char *)mstate->dtms_scratch_ptr, c;
4597 5188 uint64_t size = state->dts_options[DTRACEOPT_STRSIZE];
4598 5189 uintptr_t src = tupregs[0].dttk_value;
4599 5190 int i = 0, j = 0;
4600 5191 zone_t *z;
4601 5192
4602 5193 if (!dtrace_strcanload(src, size, mstate, vstate)) {
4603 5194 regs[rd] = NULL;
4604 5195 break;
4605 5196 }
4606 5197
4607 5198 if (!DTRACE_INSCRATCH(mstate, size)) {
4608 5199 DTRACE_CPUFLAG_SET(CPU_DTRACE_NOSCRATCH);
4609 5200 regs[rd] = NULL;
4610 5201 break;
4611 5202 }
4612 5203
4613 5204 /*
4614 5205 * Move forward, loading each character.
4615 5206 */
4616 5207 do {
4617 5208 c = dtrace_load8(src + i++);
4618 5209 next:
4619 5210 if (j + 5 >= size) /* 5 = strlen("/..c\0") */
4620 5211 break;
4621 5212
4622 5213 if (c != '/') {
4623 5214 dest[j++] = c;
4624 5215 continue;
4625 5216 }
4626 5217
4627 5218 c = dtrace_load8(src + i++);
4628 5219
4629 5220 if (c == '/') {
4630 5221 /*
4631 5222 * We have two slashes -- we can just advance
4632 5223 * to the next character.
4633 5224 */
4634 5225 goto next;
4635 5226 }
4636 5227
4637 5228 if (c != '.') {
4638 5229 /*
4639 5230 * This is not "." and it's not ".." -- we can
4640 5231 * just store the "/" and this character and
4641 5232 * drive on.
4642 5233 */
4643 5234 dest[j++] = '/';
4644 5235 dest[j++] = c;
4645 5236 continue;
4646 5237 }
4647 5238
4648 5239 c = dtrace_load8(src + i++);
4649 5240
4650 5241 if (c == '/') {
4651 5242 /*
4652 5243 * This is a "/./" component. We're not going
4653 5244 * to store anything in the destination buffer;
4654 5245 * we're just going to go to the next component.
4655 5246 */
4656 5247 goto next;
4657 5248 }
4658 5249
4659 5250 if (c != '.') {
4660 5251 /*
4661 5252 * This is not ".." -- we can just store the
4662 5253 * "/." and this character and continue
4663 5254 * processing.
4664 5255 */
4665 5256 dest[j++] = '/';
4666 5257 dest[j++] = '.';
4667 5258 dest[j++] = c;
4668 5259 continue;
4669 5260 }
4670 5261
4671 5262 c = dtrace_load8(src + i++);
4672 5263
4673 5264 if (c != '/' && c != '\0') {
4674 5265 /*
4675 5266 * This is not ".." -- it's "..[mumble]".
4676 5267 * We'll store the "/.." and this character
4677 5268 * and continue processing.
4678 5269 */
4679 5270 dest[j++] = '/';
4680 5271 dest[j++] = '.';
4681 5272 dest[j++] = '.';
4682 5273 dest[j++] = c;
4683 5274 continue;
4684 5275 }
4685 5276
4686 5277 /*
4687 5278 * This is "/../" or "/..\0". We need to back up
4688 5279 * our destination pointer until we find a "/".
4689 5280 */
4690 5281 i--;
4691 5282 while (j != 0 && dest[--j] != '/')
4692 5283 continue;
4693 5284
4694 5285 if (c == '\0')
4695 5286 dest[++j] = '/';
4696 5287 } while (c != '\0');
4697 5288
4698 5289 dest[j] = '\0';
4699 5290
4700 5291 if (mstate->dtms_getf != NULL &&
4701 5292 !(mstate->dtms_access & DTRACE_ACCESS_KERNEL) &&
4702 5293 (z = state->dts_cred.dcr_cred->cr_zone) != kcred->cr_zone) {
4703 5294 /*
4704 5295 * If we've done a getf() as a part of this ECB and we
4705 5296 * don't have kernel access (and we're not in the global
4706 5297 * zone), check if the path we cleaned up begins with
4707 5298 * the zone's root path, and trim it off if so. Note
4708 5299 * that this is an output cleanliness issue, not a
4709 5300 * security issue: knowing one's zone root path does
4710 5301 * not enable privilege escalation.
4711 5302 */
4712 5303 if (strstr(dest, z->zone_rootpath) == dest)
4713 5304 dest += strlen(z->zone_rootpath) - 1;
4714 5305 }
4715 5306
4716 5307 regs[rd] = (uintptr_t)dest;
4717 5308 mstate->dtms_scratch_ptr += size;
4718 5309 break;
4719 5310 }
4720 5311
4721 5312 case DIF_SUBR_INET_NTOA:
4722 5313 case DIF_SUBR_INET_NTOA6:
4723 5314 case DIF_SUBR_INET_NTOP: {
4724 5315 size_t size;
4725 5316 int af, argi, i;
4726 5317 char *base, *end;
4727 5318
4728 5319 if (subr == DIF_SUBR_INET_NTOP) {
4729 5320 af = (int)tupregs[0].dttk_value;
4730 5321 argi = 1;
4731 5322 } else {
4732 5323 af = subr == DIF_SUBR_INET_NTOA ? AF_INET: AF_INET6;
4733 5324 argi = 0;
4734 5325 }
4735 5326
4736 5327 if (af == AF_INET) {
4737 5328 ipaddr_t ip4;
4738 5329 uint8_t *ptr8, val;
4739 5330
4740 5331 /*
4741 5332 * Safely load the IPv4 address.
4742 5333 */
4743 5334 ip4 = dtrace_load32(tupregs[argi].dttk_value);
4744 5335
4745 5336 /*
4746 5337 * Check an IPv4 string will fit in scratch.
4747 5338 */
4748 5339 size = INET_ADDRSTRLEN;
4749 5340 if (!DTRACE_INSCRATCH(mstate, size)) {
4750 5341 DTRACE_CPUFLAG_SET(CPU_DTRACE_NOSCRATCH);
4751 5342 regs[rd] = NULL;
4752 5343 break;
4753 5344 }
4754 5345 base = (char *)mstate->dtms_scratch_ptr;
4755 5346 end = (char *)mstate->dtms_scratch_ptr + size - 1;
4756 5347
4757 5348 /*
4758 5349 * Stringify as a dotted decimal quad.
4759 5350 */
4760 5351 *end-- = '\0';
4761 5352 ptr8 = (uint8_t *)&ip4;
4762 5353 for (i = 3; i >= 0; i--) {
4763 5354 val = ptr8[i];
4764 5355
4765 5356 if (val == 0) {
4766 5357 *end-- = '0';
4767 5358 } else {
4768 5359 for (; val; val /= 10) {
4769 5360 *end-- = '0' + (val % 10);
4770 5361 }
4771 5362 }
4772 5363
4773 5364 if (i > 0)
4774 5365 *end-- = '.';
4775 5366 }
4776 5367 ASSERT(end + 1 >= base);
4777 5368
4778 5369 } else if (af == AF_INET6) {
4779 5370 struct in6_addr ip6;
4780 5371 int firstzero, tryzero, numzero, v6end;
4781 5372 uint16_t val;
4782 5373 const char digits[] = "0123456789abcdef";
4783 5374
4784 5375 /*
4785 5376 * Stringify using RFC 1884 convention 2 - 16 bit
4786 5377 * hexadecimal values with a zero-run compression.
4787 5378 * Lower case hexadecimal digits are used.
4788 5379 * eg, fe80::214:4fff:fe0b:76c8.
4789 5380 * The IPv4 embedded form is returned for inet_ntop,
4790 5381 * just the IPv4 string is returned for inet_ntoa6.
4791 5382 */
4792 5383
4793 5384 /*
4794 5385 * Safely load the IPv6 address.
4795 5386 */
4796 5387 dtrace_bcopy(
4797 5388 (void *)(uintptr_t)tupregs[argi].dttk_value,
4798 5389 (void *)(uintptr_t)&ip6, sizeof (struct in6_addr));
4799 5390
4800 5391 /*
4801 5392 * Check an IPv6 string will fit in scratch.
4802 5393 */
4803 5394 size = INET6_ADDRSTRLEN;
4804 5395 if (!DTRACE_INSCRATCH(mstate, size)) {
4805 5396 DTRACE_CPUFLAG_SET(CPU_DTRACE_NOSCRATCH);
4806 5397 regs[rd] = NULL;
4807 5398 break;
4808 5399 }
4809 5400 base = (char *)mstate->dtms_scratch_ptr;
4810 5401 end = (char *)mstate->dtms_scratch_ptr + size - 1;
4811 5402 *end-- = '\0';
4812 5403
4813 5404 /*
4814 5405 * Find the longest run of 16 bit zero values
4815 5406 * for the single allowed zero compression - "::".
4816 5407 */
4817 5408 firstzero = -1;
4818 5409 tryzero = -1;
4819 5410 numzero = 1;
4820 5411 for (i = 0; i < sizeof (struct in6_addr); i++) {
4821 5412 if (ip6._S6_un._S6_u8[i] == 0 &&
4822 5413 tryzero == -1 && i % 2 == 0) {
4823 5414 tryzero = i;
4824 5415 continue;
4825 5416 }
4826 5417
4827 5418 if (tryzero != -1 &&
4828 5419 (ip6._S6_un._S6_u8[i] != 0 ||
4829 5420 i == sizeof (struct in6_addr) - 1)) {
4830 5421
4831 5422 if (i - tryzero <= numzero) {
4832 5423 tryzero = -1;
4833 5424 continue;
4834 5425 }
4835 5426
4836 5427 firstzero = tryzero;
4837 5428 numzero = i - i % 2 - tryzero;
4838 5429 tryzero = -1;
4839 5430
4840 5431 if (ip6._S6_un._S6_u8[i] == 0 &&
4841 5432 i == sizeof (struct in6_addr) - 1)
4842 5433 numzero += 2;
4843 5434 }
4844 5435 }
4845 5436 ASSERT(firstzero + numzero <= sizeof (struct in6_addr));
4846 5437
4847 5438 /*
4848 5439 * Check for an IPv4 embedded address.
4849 5440 */
4850 5441 v6end = sizeof (struct in6_addr) - 2;
4851 5442 if (IN6_IS_ADDR_V4MAPPED(&ip6) ||
4852 5443 IN6_IS_ADDR_V4COMPAT(&ip6)) {
4853 5444 for (i = sizeof (struct in6_addr) - 1;
4854 5445 i >= DTRACE_V4MAPPED_OFFSET; i--) {
4855 5446 ASSERT(end >= base);
4856 5447
4857 5448 val = ip6._S6_un._S6_u8[i];
4858 5449
4859 5450 if (val == 0) {
4860 5451 *end-- = '0';
4861 5452 } else {
4862 5453 for (; val; val /= 10) {
4863 5454 *end-- = '0' + val % 10;
4864 5455 }
4865 5456 }
4866 5457
4867 5458 if (i > DTRACE_V4MAPPED_OFFSET)
4868 5459 *end-- = '.';
4869 5460 }
4870 5461
4871 5462 if (subr == DIF_SUBR_INET_NTOA6)
4872 5463 goto inetout;
4873 5464
4874 5465 /*
4875 5466 * Set v6end to skip the IPv4 address that
4876 5467 * we have already stringified.
4877 5468 */
4878 5469 v6end = 10;
4879 5470 }
4880 5471
4881 5472 /*
4882 5473 * Build the IPv6 string by working through the
4883 5474 * address in reverse.
4884 5475 */
4885 5476 for (i = v6end; i >= 0; i -= 2) {
4886 5477 ASSERT(end >= base);
4887 5478
4888 5479 if (i == firstzero + numzero - 2) {
4889 5480 *end-- = ':';
4890 5481 *end-- = ':';
4891 5482 i -= numzero - 2;
4892 5483 continue;
4893 5484 }
4894 5485
4895 5486 if (i < 14 && i != firstzero - 2)
4896 5487 *end-- = ':';
4897 5488
4898 5489 val = (ip6._S6_un._S6_u8[i] << 8) +
4899 5490 ip6._S6_un._S6_u8[i + 1];
4900 5491
4901 5492 if (val == 0) {
4902 5493 *end-- = '0';
4903 5494 } else {
4904 5495 for (; val; val /= 16) {
4905 5496 *end-- = digits[val % 16];
4906 5497 }
4907 5498 }
4908 5499 }
4909 5500 ASSERT(end + 1 >= base);
4910 5501
4911 5502 } else {
4912 5503 /*
4913 5504 * The user didn't use AH_INET or AH_INET6.
4914 5505 */
4915 5506 DTRACE_CPUFLAG_SET(CPU_DTRACE_ILLOP);
4916 5507 regs[rd] = NULL;
4917 5508 break;
4918 5509 }
4919 5510
4920 5511 inetout: regs[rd] = (uintptr_t)end + 1;
4921 5512 mstate->dtms_scratch_ptr += size;
4922 5513 break;
4923 5514 }
4924 5515
4925 5516 }
4926 5517 }
4927 5518
4928 5519 /*
4929 5520 * Emulate the execution of DTrace IR instructions specified by the given
4930 5521 * DIF object. This function is deliberately void of assertions as all of
4931 5522 * the necessary checks are handled by a call to dtrace_difo_validate().
4932 5523 */
4933 5524 static uint64_t
4934 5525 dtrace_dif_emulate(dtrace_difo_t *difo, dtrace_mstate_t *mstate,
4935 5526 dtrace_vstate_t *vstate, dtrace_state_t *state)
4936 5527 {
4937 5528 const dif_instr_t *text = difo->dtdo_buf;
4938 5529 const uint_t textlen = difo->dtdo_len;
4939 5530 const char *strtab = difo->dtdo_strtab;
4940 5531 const uint64_t *inttab = difo->dtdo_inttab;
4941 5532
4942 5533 uint64_t rval = 0;
4943 5534 dtrace_statvar_t *svar;
4944 5535 dtrace_dstate_t *dstate = &vstate->dtvs_dynvars;
4945 5536 dtrace_difv_t *v;
4946 5537 volatile uint16_t *flags = &cpu_core[CPU->cpu_id].cpuc_dtrace_flags;
4947 5538 volatile uintptr_t *illval = &cpu_core[CPU->cpu_id].cpuc_dtrace_illval;
4948 5539
4949 5540 dtrace_key_t tupregs[DIF_DTR_NREGS + 2]; /* +2 for thread and id */
4950 5541 uint64_t regs[DIF_DIR_NREGS];
4951 5542 uint64_t *tmp;
4952 5543
4953 5544 uint8_t cc_n = 0, cc_z = 0, cc_v = 0, cc_c = 0;
4954 5545 int64_t cc_r;
4955 5546 uint_t pc = 0, id, opc;
4956 5547 uint8_t ttop = 0;
4957 5548 dif_instr_t instr;
4958 5549 uint_t r1, r2, rd;
4959 5550
4960 5551 /*
4961 5552 * We stash the current DIF object into the machine state: we need it
4962 5553 * for subsequent access checking.
4963 5554 */
4964 5555 mstate->dtms_difo = difo;
4965 5556
4966 5557 regs[DIF_REG_R0] = 0; /* %r0 is fixed at zero */
4967 5558
4968 5559 while (pc < textlen && !(*flags & CPU_DTRACE_FAULT)) {
4969 5560 opc = pc;
4970 5561
4971 5562 instr = text[pc++];
4972 5563 r1 = DIF_INSTR_R1(instr);
4973 5564 r2 = DIF_INSTR_R2(instr);
4974 5565 rd = DIF_INSTR_RD(instr);
4975 5566
4976 5567 switch (DIF_INSTR_OP(instr)) {
4977 5568 case DIF_OP_OR:
4978 5569 regs[rd] = regs[r1] | regs[r2];
4979 5570 break;
4980 5571 case DIF_OP_XOR:
4981 5572 regs[rd] = regs[r1] ^ regs[r2];
4982 5573 break;
4983 5574 case DIF_OP_AND:
4984 5575 regs[rd] = regs[r1] & regs[r2];
4985 5576 break;
4986 5577 case DIF_OP_SLL:
4987 5578 regs[rd] = regs[r1] << regs[r2];
4988 5579 break;
4989 5580 case DIF_OP_SRL:
4990 5581 regs[rd] = regs[r1] >> regs[r2];
4991 5582 break;
4992 5583 case DIF_OP_SUB:
4993 5584 regs[rd] = regs[r1] - regs[r2];
4994 5585 break;
4995 5586 case DIF_OP_ADD:
4996 5587 regs[rd] = regs[r1] + regs[r2];
4997 5588 break;
4998 5589 case DIF_OP_MUL:
4999 5590 regs[rd] = regs[r1] * regs[r2];
5000 5591 break;
5001 5592 case DIF_OP_SDIV:
5002 5593 if (regs[r2] == 0) {
5003 5594 regs[rd] = 0;
5004 5595 *flags |= CPU_DTRACE_DIVZERO;
5005 5596 } else {
5006 5597 regs[rd] = (int64_t)regs[r1] /
5007 5598 (int64_t)regs[r2];
5008 5599 }
5009 5600 break;
5010 5601
5011 5602 case DIF_OP_UDIV:
5012 5603 if (regs[r2] == 0) {
5013 5604 regs[rd] = 0;
5014 5605 *flags |= CPU_DTRACE_DIVZERO;
5015 5606 } else {
5016 5607 regs[rd] = regs[r1] / regs[r2];
5017 5608 }
5018 5609 break;
5019 5610
5020 5611 case DIF_OP_SREM:
5021 5612 if (regs[r2] == 0) {
5022 5613 regs[rd] = 0;
5023 5614 *flags |= CPU_DTRACE_DIVZERO;
5024 5615 } else {
5025 5616 regs[rd] = (int64_t)regs[r1] %
5026 5617 (int64_t)regs[r2];
5027 5618 }
5028 5619 break;
5029 5620
5030 5621 case DIF_OP_UREM:
5031 5622 if (regs[r2] == 0) {
5032 5623 regs[rd] = 0;
5033 5624 *flags |= CPU_DTRACE_DIVZERO;
5034 5625 } else {
5035 5626 regs[rd] = regs[r1] % regs[r2];
5036 5627 }
5037 5628 break;
5038 5629
5039 5630 case DIF_OP_NOT:
5040 5631 regs[rd] = ~regs[r1];
5041 5632 break;
5042 5633 case DIF_OP_MOV:
5043 5634 regs[rd] = regs[r1];
5044 5635 break;
5045 5636 case DIF_OP_CMP:
5046 5637 cc_r = regs[r1] - regs[r2];
5047 5638 cc_n = cc_r < 0;
5048 5639 cc_z = cc_r == 0;
5049 5640 cc_v = 0;
5050 5641 cc_c = regs[r1] < regs[r2];
5051 5642 break;
5052 5643 case DIF_OP_TST:
5053 5644 cc_n = cc_v = cc_c = 0;
5054 5645 cc_z = regs[r1] == 0;
5055 5646 break;
5056 5647 case DIF_OP_BA:
5057 5648 pc = DIF_INSTR_LABEL(instr);
5058 5649 break;
5059 5650 case DIF_OP_BE:
5060 5651 if (cc_z)
5061 5652 pc = DIF_INSTR_LABEL(instr);
5062 5653 break;
5063 5654 case DIF_OP_BNE:
5064 5655 if (cc_z == 0)
5065 5656 pc = DIF_INSTR_LABEL(instr);
5066 5657 break;
5067 5658 case DIF_OP_BG:
5068 5659 if ((cc_z | (cc_n ^ cc_v)) == 0)
5069 5660 pc = DIF_INSTR_LABEL(instr);
5070 5661 break;
5071 5662 case DIF_OP_BGU:
5072 5663 if ((cc_c | cc_z) == 0)
5073 5664 pc = DIF_INSTR_LABEL(instr);
5074 5665 break;
5075 5666 case DIF_OP_BGE:
5076 5667 if ((cc_n ^ cc_v) == 0)
5077 5668 pc = DIF_INSTR_LABEL(instr);
5078 5669 break;
5079 5670 case DIF_OP_BGEU:
5080 5671 if (cc_c == 0)
5081 5672 pc = DIF_INSTR_LABEL(instr);
5082 5673 break;
5083 5674 case DIF_OP_BL:
5084 5675 if (cc_n ^ cc_v)
5085 5676 pc = DIF_INSTR_LABEL(instr);
5086 5677 break;
5087 5678 case DIF_OP_BLU:
5088 5679 if (cc_c)
5089 5680 pc = DIF_INSTR_LABEL(instr);
5090 5681 break;
5091 5682 case DIF_OP_BLE:
5092 5683 if (cc_z | (cc_n ^ cc_v))
5093 5684 pc = DIF_INSTR_LABEL(instr);
5094 5685 break;
5095 5686 case DIF_OP_BLEU:
5096 5687 if (cc_c | cc_z)
5097 5688 pc = DIF_INSTR_LABEL(instr);
5098 5689 break;
5099 5690 case DIF_OP_RLDSB:
5100 5691 if (!dtrace_canload(regs[r1], 1, mstate, vstate))
5101 5692 break;
5102 5693 /*FALLTHROUGH*/
5103 5694 case DIF_OP_LDSB:
5104 5695 regs[rd] = (int8_t)dtrace_load8(regs[r1]);
5105 5696 break;
5106 5697 case DIF_OP_RLDSH:
5107 5698 if (!dtrace_canload(regs[r1], 2, mstate, vstate))
5108 5699 break;
5109 5700 /*FALLTHROUGH*/
5110 5701 case DIF_OP_LDSH:
5111 5702 regs[rd] = (int16_t)dtrace_load16(regs[r1]);
5112 5703 break;
5113 5704 case DIF_OP_RLDSW:
5114 5705 if (!dtrace_canload(regs[r1], 4, mstate, vstate))
5115 5706 break;
5116 5707 /*FALLTHROUGH*/
5117 5708 case DIF_OP_LDSW:
5118 5709 regs[rd] = (int32_t)dtrace_load32(regs[r1]);
5119 5710 break;
5120 5711 case DIF_OP_RLDUB:
5121 5712 if (!dtrace_canload(regs[r1], 1, mstate, vstate))
5122 5713 break;
5123 5714 /*FALLTHROUGH*/
5124 5715 case DIF_OP_LDUB:
5125 5716 regs[rd] = dtrace_load8(regs[r1]);
5126 5717 break;
5127 5718 case DIF_OP_RLDUH:
5128 5719 if (!dtrace_canload(regs[r1], 2, mstate, vstate))
5129 5720 break;
5130 5721 /*FALLTHROUGH*/
5131 5722 case DIF_OP_LDUH:
5132 5723 regs[rd] = dtrace_load16(regs[r1]);
5133 5724 break;
5134 5725 case DIF_OP_RLDUW:
5135 5726 if (!dtrace_canload(regs[r1], 4, mstate, vstate))
5136 5727 break;
5137 5728 /*FALLTHROUGH*/
5138 5729 case DIF_OP_LDUW:
5139 5730 regs[rd] = dtrace_load32(regs[r1]);
5140 5731 break;
5141 5732 case DIF_OP_RLDX:
5142 5733 if (!dtrace_canload(regs[r1], 8, mstate, vstate))
5143 5734 break;
5144 5735 /*FALLTHROUGH*/
5145 5736 case DIF_OP_LDX:
5146 5737 regs[rd] = dtrace_load64(regs[r1]);
5147 5738 break;
5148 5739 case DIF_OP_ULDSB:
5149 5740 regs[rd] = (int8_t)
5150 5741 dtrace_fuword8((void *)(uintptr_t)regs[r1]);
5151 5742 break;
5152 5743 case DIF_OP_ULDSH:
5153 5744 regs[rd] = (int16_t)
5154 5745 dtrace_fuword16((void *)(uintptr_t)regs[r1]);
5155 5746 break;
5156 5747 case DIF_OP_ULDSW:
5157 5748 regs[rd] = (int32_t)
5158 5749 dtrace_fuword32((void *)(uintptr_t)regs[r1]);
5159 5750 break;
5160 5751 case DIF_OP_ULDUB:
5161 5752 regs[rd] =
5162 5753 dtrace_fuword8((void *)(uintptr_t)regs[r1]);
5163 5754 break;
5164 5755 case DIF_OP_ULDUH:
5165 5756 regs[rd] =
5166 5757 dtrace_fuword16((void *)(uintptr_t)regs[r1]);
5167 5758 break;
5168 5759 case DIF_OP_ULDUW:
5169 5760 regs[rd] =
5170 5761 dtrace_fuword32((void *)(uintptr_t)regs[r1]);
5171 5762 break;
5172 5763 case DIF_OP_ULDX:
5173 5764 regs[rd] =
5174 5765 dtrace_fuword64((void *)(uintptr_t)regs[r1]);
5175 5766 break;
5176 5767 case DIF_OP_RET:
5177 5768 rval = regs[rd];
5178 5769 pc = textlen;
5179 5770 break;
5180 5771 case DIF_OP_NOP:
5181 5772 break;
5182 5773 case DIF_OP_SETX:
5183 5774 regs[rd] = inttab[DIF_INSTR_INTEGER(instr)];
5184 5775 break;
5185 5776 case DIF_OP_SETS:
5186 5777 regs[rd] = (uint64_t)(uintptr_t)
5187 5778 (strtab + DIF_INSTR_STRING(instr));
5188 5779 break;
5189 5780 case DIF_OP_SCMP: {
5190 5781 size_t sz = state->dts_options[DTRACEOPT_STRSIZE];
5191 5782 uintptr_t s1 = regs[r1];
5192 5783 uintptr_t s2 = regs[r2];
5193 5784
5194 5785 if (s1 != NULL &&
5195 5786 !dtrace_strcanload(s1, sz, mstate, vstate))
5196 5787 break;
5197 5788 if (s2 != NULL &&
5198 5789 !dtrace_strcanload(s2, sz, mstate, vstate))
5199 5790 break;
5200 5791
5201 5792 cc_r = dtrace_strncmp((char *)s1, (char *)s2, sz);
5202 5793
5203 5794 cc_n = cc_r < 0;
5204 5795 cc_z = cc_r == 0;
5205 5796 cc_v = cc_c = 0;
5206 5797 break;
5207 5798 }
5208 5799 case DIF_OP_LDGA:
5209 5800 regs[rd] = dtrace_dif_variable(mstate, state,
5210 5801 r1, regs[r2]);
5211 5802 break;
5212 5803 case DIF_OP_LDGS:
5213 5804 id = DIF_INSTR_VAR(instr);
5214 5805
5215 5806 if (id >= DIF_VAR_OTHER_UBASE) {
5216 5807 uintptr_t a;
5217 5808
5218 5809 id -= DIF_VAR_OTHER_UBASE;
5219 5810 svar = vstate->dtvs_globals[id];
5220 5811 ASSERT(svar != NULL);
5221 5812 v = &svar->dtsv_var;
5222 5813
5223 5814 if (!(v->dtdv_type.dtdt_flags & DIF_TF_BYREF)) {
5224 5815 regs[rd] = svar->dtsv_data;
5225 5816 break;
5226 5817 }
5227 5818
5228 5819 a = (uintptr_t)svar->dtsv_data;
5229 5820
5230 5821 if (*(uint8_t *)a == UINT8_MAX) {
5231 5822 /*
5232 5823 * If the 0th byte is set to UINT8_MAX
5233 5824 * then this is to be treated as a
5234 5825 * reference to a NULL variable.
5235 5826 */
5236 5827 regs[rd] = NULL;
5237 5828 } else {
5238 5829 regs[rd] = a + sizeof (uint64_t);
5239 5830 }
5240 5831
5241 5832 break;
5242 5833 }
5243 5834
5244 5835 regs[rd] = dtrace_dif_variable(mstate, state, id, 0);
5245 5836 break;
5246 5837
5247 5838 case DIF_OP_STGS:
5248 5839 id = DIF_INSTR_VAR(instr);
5249 5840
5250 5841 ASSERT(id >= DIF_VAR_OTHER_UBASE);
5251 5842 id -= DIF_VAR_OTHER_UBASE;
5252 5843
5253 5844 svar = vstate->dtvs_globals[id];
5254 5845 ASSERT(svar != NULL);
5255 5846 v = &svar->dtsv_var;
5256 5847
5257 5848 if (v->dtdv_type.dtdt_flags & DIF_TF_BYREF) {
5258 5849 uintptr_t a = (uintptr_t)svar->dtsv_data;
5259 5850
5260 5851 ASSERT(a != NULL);
5261 5852 ASSERT(svar->dtsv_size != 0);
5262 5853
5263 5854 if (regs[rd] == NULL) {
5264 5855 *(uint8_t *)a = UINT8_MAX;
5265 5856 break;
5266 5857 } else {
5267 5858 *(uint8_t *)a = 0;
5268 5859 a += sizeof (uint64_t);
5269 5860 }
5270 5861 if (!dtrace_vcanload(
5271 5862 (void *)(uintptr_t)regs[rd], &v->dtdv_type,
5272 5863 mstate, vstate))
5273 5864 break;
5274 5865
5275 5866 dtrace_vcopy((void *)(uintptr_t)regs[rd],
5276 5867 (void *)a, &v->dtdv_type);
5277 5868 break;
5278 5869 }
5279 5870
5280 5871 svar->dtsv_data = regs[rd];
5281 5872 break;
5282 5873
5283 5874 case DIF_OP_LDTA:
5284 5875 /*
5285 5876 * There are no DTrace built-in thread-local arrays at
5286 5877 * present. This opcode is saved for future work.
5287 5878 */
5288 5879 *flags |= CPU_DTRACE_ILLOP;
5289 5880 regs[rd] = 0;
5290 5881 break;
5291 5882
5292 5883 case DIF_OP_LDLS:
5293 5884 id = DIF_INSTR_VAR(instr);
5294 5885
5295 5886 if (id < DIF_VAR_OTHER_UBASE) {
5296 5887 /*
5297 5888 * For now, this has no meaning.
5298 5889 */
5299 5890 regs[rd] = 0;
5300 5891 break;
5301 5892 }
5302 5893
5303 5894 id -= DIF_VAR_OTHER_UBASE;
5304 5895
5305 5896 ASSERT(id < vstate->dtvs_nlocals);
5306 5897 ASSERT(vstate->dtvs_locals != NULL);
5307 5898
5308 5899 svar = vstate->dtvs_locals[id];
5309 5900 ASSERT(svar != NULL);
5310 5901 v = &svar->dtsv_var;
5311 5902
5312 5903 if (v->dtdv_type.dtdt_flags & DIF_TF_BYREF) {
5313 5904 uintptr_t a = (uintptr_t)svar->dtsv_data;
5314 5905 size_t sz = v->dtdv_type.dtdt_size;
5315 5906
5316 5907 sz += sizeof (uint64_t);
5317 5908 ASSERT(svar->dtsv_size == NCPU * sz);
5318 5909 a += CPU->cpu_id * sz;
5319 5910
5320 5911 if (*(uint8_t *)a == UINT8_MAX) {
5321 5912 /*
5322 5913 * If the 0th byte is set to UINT8_MAX
5323 5914 * then this is to be treated as a
5324 5915 * reference to a NULL variable.
5325 5916 */
5326 5917 regs[rd] = NULL;
5327 5918 } else {
5328 5919 regs[rd] = a + sizeof (uint64_t);
5329 5920 }
5330 5921
5331 5922 break;
5332 5923 }
5333 5924
5334 5925 ASSERT(svar->dtsv_size == NCPU * sizeof (uint64_t));
5335 5926 tmp = (uint64_t *)(uintptr_t)svar->dtsv_data;
5336 5927 regs[rd] = tmp[CPU->cpu_id];
5337 5928 break;
5338 5929
5339 5930 case DIF_OP_STLS:
5340 5931 id = DIF_INSTR_VAR(instr);
5341 5932
5342 5933 ASSERT(id >= DIF_VAR_OTHER_UBASE);
5343 5934 id -= DIF_VAR_OTHER_UBASE;
5344 5935 ASSERT(id < vstate->dtvs_nlocals);
5345 5936
5346 5937 ASSERT(vstate->dtvs_locals != NULL);
5347 5938 svar = vstate->dtvs_locals[id];
5348 5939 ASSERT(svar != NULL);
5349 5940 v = &svar->dtsv_var;
5350 5941
5351 5942 if (v->dtdv_type.dtdt_flags & DIF_TF_BYREF) {
5352 5943 uintptr_t a = (uintptr_t)svar->dtsv_data;
5353 5944 size_t sz = v->dtdv_type.dtdt_size;
5354 5945
5355 5946 sz += sizeof (uint64_t);
5356 5947 ASSERT(svar->dtsv_size == NCPU * sz);
5357 5948 a += CPU->cpu_id * sz;
5358 5949
5359 5950 if (regs[rd] == NULL) {
5360 5951 *(uint8_t *)a = UINT8_MAX;
5361 5952 break;
5362 5953 } else {
5363 5954 *(uint8_t *)a = 0;
5364 5955 a += sizeof (uint64_t);
5365 5956 }
5366 5957
5367 5958 if (!dtrace_vcanload(
5368 5959 (void *)(uintptr_t)regs[rd], &v->dtdv_type,
5369 5960 mstate, vstate))
5370 5961 break;
5371 5962
5372 5963 dtrace_vcopy((void *)(uintptr_t)regs[rd],
5373 5964 (void *)a, &v->dtdv_type);
5374 5965 break;
5375 5966 }
5376 5967
5377 5968 ASSERT(svar->dtsv_size == NCPU * sizeof (uint64_t));
5378 5969 tmp = (uint64_t *)(uintptr_t)svar->dtsv_data;
5379 5970 tmp[CPU->cpu_id] = regs[rd];
5380 5971 break;
5381 5972
5382 5973 case DIF_OP_LDTS: {
5383 5974 dtrace_dynvar_t *dvar;
5384 5975 dtrace_key_t *key;
5385 5976
5386 5977 id = DIF_INSTR_VAR(instr);
5387 5978 ASSERT(id >= DIF_VAR_OTHER_UBASE);
5388 5979 id -= DIF_VAR_OTHER_UBASE;
5389 5980 v = &vstate->dtvs_tlocals[id];
5390 5981
5391 5982 key = &tupregs[DIF_DTR_NREGS];
5392 5983 key[0].dttk_value = (uint64_t)id;
5393 5984 key[0].dttk_size = 0;
5394 5985 DTRACE_TLS_THRKEY(key[1].dttk_value);
5395 5986 key[1].dttk_size = 0;
5396 5987
5397 5988 dvar = dtrace_dynvar(dstate, 2, key,
5398 5989 sizeof (uint64_t), DTRACE_DYNVAR_NOALLOC,
5399 5990 mstate, vstate);
5400 5991
5401 5992 if (dvar == NULL) {
5402 5993 regs[rd] = 0;
5403 5994 break;
5404 5995 }
5405 5996
5406 5997 if (v->dtdv_type.dtdt_flags & DIF_TF_BYREF) {
5407 5998 regs[rd] = (uint64_t)(uintptr_t)dvar->dtdv_data;
5408 5999 } else {
5409 6000 regs[rd] = *((uint64_t *)dvar->dtdv_data);
5410 6001 }
5411 6002
5412 6003 break;
5413 6004 }
5414 6005
5415 6006 case DIF_OP_STTS: {
5416 6007 dtrace_dynvar_t *dvar;
5417 6008 dtrace_key_t *key;
5418 6009
5419 6010 id = DIF_INSTR_VAR(instr);
5420 6011 ASSERT(id >= DIF_VAR_OTHER_UBASE);
5421 6012 id -= DIF_VAR_OTHER_UBASE;
5422 6013
5423 6014 key = &tupregs[DIF_DTR_NREGS];
5424 6015 key[0].dttk_value = (uint64_t)id;
5425 6016 key[0].dttk_size = 0;
5426 6017 DTRACE_TLS_THRKEY(key[1].dttk_value);
5427 6018 key[1].dttk_size = 0;
5428 6019 v = &vstate->dtvs_tlocals[id];
5429 6020
5430 6021 dvar = dtrace_dynvar(dstate, 2, key,
5431 6022 v->dtdv_type.dtdt_size > sizeof (uint64_t) ?
5432 6023 v->dtdv_type.dtdt_size : sizeof (uint64_t),
5433 6024 regs[rd] ? DTRACE_DYNVAR_ALLOC :
5434 6025 DTRACE_DYNVAR_DEALLOC, mstate, vstate);
5435 6026
5436 6027 /*
5437 6028 * Given that we're storing to thread-local data,
5438 6029 * we need to flush our predicate cache.
5439 6030 */
5440 6031 curthread->t_predcache = NULL;
5441 6032
5442 6033 if (dvar == NULL)
5443 6034 break;
5444 6035
5445 6036 if (v->dtdv_type.dtdt_flags & DIF_TF_BYREF) {
5446 6037 if (!dtrace_vcanload(
5447 6038 (void *)(uintptr_t)regs[rd],
5448 6039 &v->dtdv_type, mstate, vstate))
5449 6040 break;
5450 6041
5451 6042 dtrace_vcopy((void *)(uintptr_t)regs[rd],
5452 6043 dvar->dtdv_data, &v->dtdv_type);
5453 6044 } else {
5454 6045 *((uint64_t *)dvar->dtdv_data) = regs[rd];
5455 6046 }
5456 6047
5457 6048 break;
5458 6049 }
5459 6050
5460 6051 case DIF_OP_SRA:
5461 6052 regs[rd] = (int64_t)regs[r1] >> regs[r2];
5462 6053 break;
5463 6054
5464 6055 case DIF_OP_CALL:
5465 6056 dtrace_dif_subr(DIF_INSTR_SUBR(instr), rd,
5466 6057 regs, tupregs, ttop, mstate, state);
5467 6058 break;
5468 6059
5469 6060 case DIF_OP_PUSHTR:
5470 6061 if (ttop == DIF_DTR_NREGS) {
5471 6062 *flags |= CPU_DTRACE_TUPOFLOW;
5472 6063 break;
5473 6064 }
5474 6065
5475 6066 if (r1 == DIF_TYPE_STRING) {
5476 6067 /*
5477 6068 * If this is a string type and the size is 0,
5478 6069 * we'll use the system-wide default string
5479 6070 * size. Note that we are _not_ looking at
5480 6071 * the value of the DTRACEOPT_STRSIZE option;
5481 6072 * had this been set, we would expect to have
5482 6073 * a non-zero size value in the "pushtr".
5483 6074 */
5484 6075 tupregs[ttop].dttk_size =
5485 6076 dtrace_strlen((char *)(uintptr_t)regs[rd],
5486 6077 regs[r2] ? regs[r2] :
5487 6078 dtrace_strsize_default) + 1;
5488 6079 } else {
5489 6080 tupregs[ttop].dttk_size = regs[r2];
5490 6081 }
5491 6082
5492 6083 tupregs[ttop++].dttk_value = regs[rd];
5493 6084 break;
5494 6085
5495 6086 case DIF_OP_PUSHTV:
5496 6087 if (ttop == DIF_DTR_NREGS) {
5497 6088 *flags |= CPU_DTRACE_TUPOFLOW;
5498 6089 break;
5499 6090 }
5500 6091
5501 6092 tupregs[ttop].dttk_value = regs[rd];
5502 6093 tupregs[ttop++].dttk_size = 0;
5503 6094 break;
5504 6095
5505 6096 case DIF_OP_POPTS:
5506 6097 if (ttop != 0)
5507 6098 ttop--;
5508 6099 break;
5509 6100
5510 6101 case DIF_OP_FLUSHTS:
5511 6102 ttop = 0;
5512 6103 break;
5513 6104
5514 6105 case DIF_OP_LDGAA:
5515 6106 case DIF_OP_LDTAA: {
5516 6107 dtrace_dynvar_t *dvar;
5517 6108 dtrace_key_t *key = tupregs;
5518 6109 uint_t nkeys = ttop;
5519 6110
5520 6111 id = DIF_INSTR_VAR(instr);
5521 6112 ASSERT(id >= DIF_VAR_OTHER_UBASE);
5522 6113 id -= DIF_VAR_OTHER_UBASE;
5523 6114
5524 6115 key[nkeys].dttk_value = (uint64_t)id;
5525 6116 key[nkeys++].dttk_size = 0;
5526 6117
5527 6118 if (DIF_INSTR_OP(instr) == DIF_OP_LDTAA) {
5528 6119 DTRACE_TLS_THRKEY(key[nkeys].dttk_value);
5529 6120 key[nkeys++].dttk_size = 0;
5530 6121 v = &vstate->dtvs_tlocals[id];
5531 6122 } else {
5532 6123 v = &vstate->dtvs_globals[id]->dtsv_var;
5533 6124 }
5534 6125
5535 6126 dvar = dtrace_dynvar(dstate, nkeys, key,
5536 6127 v->dtdv_type.dtdt_size > sizeof (uint64_t) ?
5537 6128 v->dtdv_type.dtdt_size : sizeof (uint64_t),
5538 6129 DTRACE_DYNVAR_NOALLOC, mstate, vstate);
5539 6130
5540 6131 if (dvar == NULL) {
5541 6132 regs[rd] = 0;
5542 6133 break;
5543 6134 }
5544 6135
5545 6136 if (v->dtdv_type.dtdt_flags & DIF_TF_BYREF) {
5546 6137 regs[rd] = (uint64_t)(uintptr_t)dvar->dtdv_data;
5547 6138 } else {
5548 6139 regs[rd] = *((uint64_t *)dvar->dtdv_data);
5549 6140 }
5550 6141
5551 6142 break;
5552 6143 }
5553 6144
5554 6145 case DIF_OP_STGAA:
5555 6146 case DIF_OP_STTAA: {
5556 6147 dtrace_dynvar_t *dvar;
5557 6148 dtrace_key_t *key = tupregs;
5558 6149 uint_t nkeys = ttop;
5559 6150
5560 6151 id = DIF_INSTR_VAR(instr);
5561 6152 ASSERT(id >= DIF_VAR_OTHER_UBASE);
5562 6153 id -= DIF_VAR_OTHER_UBASE;
5563 6154
5564 6155 key[nkeys].dttk_value = (uint64_t)id;
5565 6156 key[nkeys++].dttk_size = 0;
5566 6157
5567 6158 if (DIF_INSTR_OP(instr) == DIF_OP_STTAA) {
5568 6159 DTRACE_TLS_THRKEY(key[nkeys].dttk_value);
5569 6160 key[nkeys++].dttk_size = 0;
5570 6161 v = &vstate->dtvs_tlocals[id];
5571 6162 } else {
5572 6163 v = &vstate->dtvs_globals[id]->dtsv_var;
5573 6164 }
5574 6165
5575 6166 dvar = dtrace_dynvar(dstate, nkeys, key,
5576 6167 v->dtdv_type.dtdt_size > sizeof (uint64_t) ?
5577 6168 v->dtdv_type.dtdt_size : sizeof (uint64_t),
5578 6169 regs[rd] ? DTRACE_DYNVAR_ALLOC :
5579 6170 DTRACE_DYNVAR_DEALLOC, mstate, vstate);
5580 6171
5581 6172 if (dvar == NULL)
5582 6173 break;
5583 6174
5584 6175 if (v->dtdv_type.dtdt_flags & DIF_TF_BYREF) {
5585 6176 if (!dtrace_vcanload(
5586 6177 (void *)(uintptr_t)regs[rd], &v->dtdv_type,
5587 6178 mstate, vstate))
5588 6179 break;
5589 6180
5590 6181 dtrace_vcopy((void *)(uintptr_t)regs[rd],
5591 6182 dvar->dtdv_data, &v->dtdv_type);
5592 6183 } else {
5593 6184 *((uint64_t *)dvar->dtdv_data) = regs[rd];
5594 6185 }
5595 6186
5596 6187 break;
5597 6188 }
5598 6189
5599 6190 case DIF_OP_ALLOCS: {
5600 6191 uintptr_t ptr = P2ROUNDUP(mstate->dtms_scratch_ptr, 8);
5601 6192 size_t size = ptr - mstate->dtms_scratch_ptr + regs[r1];
5602 6193
5603 6194 /*
5604 6195 * Rounding up the user allocation size could have
5605 6196 * overflowed large, bogus allocations (like -1ULL) to
5606 6197 * 0.
5607 6198 */
5608 6199 if (size < regs[r1] ||
5609 6200 !DTRACE_INSCRATCH(mstate, size)) {
5610 6201 DTRACE_CPUFLAG_SET(CPU_DTRACE_NOSCRATCH);
5611 6202 regs[rd] = NULL;
5612 6203 break;
5613 6204 }
5614 6205
5615 6206 dtrace_bzero((void *) mstate->dtms_scratch_ptr, size);
5616 6207 mstate->dtms_scratch_ptr += size;
5617 6208 regs[rd] = ptr;
5618 6209 break;
5619 6210 }
5620 6211
5621 6212 case DIF_OP_COPYS:
5622 6213 if (!dtrace_canstore(regs[rd], regs[r2],
5623 6214 mstate, vstate)) {
5624 6215 *flags |= CPU_DTRACE_BADADDR;
5625 6216 *illval = regs[rd];
5626 6217 break;
5627 6218 }
5628 6219
5629 6220 if (!dtrace_canload(regs[r1], regs[r2], mstate, vstate))
5630 6221 break;
5631 6222
5632 6223 dtrace_bcopy((void *)(uintptr_t)regs[r1],
5633 6224 (void *)(uintptr_t)regs[rd], (size_t)regs[r2]);
5634 6225 break;
5635 6226
5636 6227 case DIF_OP_STB:
5637 6228 if (!dtrace_canstore(regs[rd], 1, mstate, vstate)) {
5638 6229 *flags |= CPU_DTRACE_BADADDR;
5639 6230 *illval = regs[rd];
5640 6231 break;
5641 6232 }
5642 6233 *((uint8_t *)(uintptr_t)regs[rd]) = (uint8_t)regs[r1];
5643 6234 break;
5644 6235
5645 6236 case DIF_OP_STH:
5646 6237 if (!dtrace_canstore(regs[rd], 2, mstate, vstate)) {
5647 6238 *flags |= CPU_DTRACE_BADADDR;
5648 6239 *illval = regs[rd];
5649 6240 break;
5650 6241 }
5651 6242 if (regs[rd] & 1) {
5652 6243 *flags |= CPU_DTRACE_BADALIGN;
5653 6244 *illval = regs[rd];
5654 6245 break;
5655 6246 }
5656 6247 *((uint16_t *)(uintptr_t)regs[rd]) = (uint16_t)regs[r1];
5657 6248 break;
5658 6249
5659 6250 case DIF_OP_STW:
5660 6251 if (!dtrace_canstore(regs[rd], 4, mstate, vstate)) {
5661 6252 *flags |= CPU_DTRACE_BADADDR;
5662 6253 *illval = regs[rd];
5663 6254 break;
5664 6255 }
5665 6256 if (regs[rd] & 3) {
5666 6257 *flags |= CPU_DTRACE_BADALIGN;
5667 6258 *illval = regs[rd];
5668 6259 break;
5669 6260 }
5670 6261 *((uint32_t *)(uintptr_t)regs[rd]) = (uint32_t)regs[r1];
5671 6262 break;
5672 6263
5673 6264 case DIF_OP_STX:
5674 6265 if (!dtrace_canstore(regs[rd], 8, mstate, vstate)) {
5675 6266 *flags |= CPU_DTRACE_BADADDR;
5676 6267 *illval = regs[rd];
5677 6268 break;
5678 6269 }
5679 6270 if (regs[rd] & 7) {
5680 6271 *flags |= CPU_DTRACE_BADALIGN;
5681 6272 *illval = regs[rd];
5682 6273 break;
5683 6274 }
5684 6275 *((uint64_t *)(uintptr_t)regs[rd]) = regs[r1];
5685 6276 break;
5686 6277 }
5687 6278 }
5688 6279
5689 6280 if (!(*flags & CPU_DTRACE_FAULT))
5690 6281 return (rval);
5691 6282
5692 6283 mstate->dtms_fltoffs = opc * sizeof (dif_instr_t);
5693 6284 mstate->dtms_present |= DTRACE_MSTATE_FLTOFFS;
5694 6285
5695 6286 return (0);
5696 6287 }
5697 6288
5698 6289 static void
5699 6290 dtrace_action_breakpoint(dtrace_ecb_t *ecb)
5700 6291 {
5701 6292 dtrace_probe_t *probe = ecb->dte_probe;
5702 6293 dtrace_provider_t *prov = probe->dtpr_provider;
5703 6294 char c[DTRACE_FULLNAMELEN + 80], *str;
5704 6295 char *msg = "dtrace: breakpoint action at probe ";
5705 6296 char *ecbmsg = " (ecb ";
5706 6297 uintptr_t mask = (0xf << (sizeof (uintptr_t) * NBBY / 4));
5707 6298 uintptr_t val = (uintptr_t)ecb;
5708 6299 int shift = (sizeof (uintptr_t) * NBBY) - 4, i = 0;
5709 6300
5710 6301 if (dtrace_destructive_disallow)
5711 6302 return;
5712 6303
5713 6304 /*
5714 6305 * It's impossible to be taking action on the NULL probe.
5715 6306 */
5716 6307 ASSERT(probe != NULL);
5717 6308
5718 6309 /*
5719 6310 * This is a poor man's (destitute man's?) sprintf(): we want to
5720 6311 * print the provider name, module name, function name and name of
5721 6312 * the probe, along with the hex address of the ECB with the breakpoint
5722 6313 * action -- all of which we must place in the character buffer by
5723 6314 * hand.
5724 6315 */
5725 6316 while (*msg != '\0')
5726 6317 c[i++] = *msg++;
5727 6318
5728 6319 for (str = prov->dtpv_name; *str != '\0'; str++)
5729 6320 c[i++] = *str;
5730 6321 c[i++] = ':';
5731 6322
5732 6323 for (str = probe->dtpr_mod; *str != '\0'; str++)
5733 6324 c[i++] = *str;
5734 6325 c[i++] = ':';
5735 6326
5736 6327 for (str = probe->dtpr_func; *str != '\0'; str++)
5737 6328 c[i++] = *str;
5738 6329 c[i++] = ':';
5739 6330
5740 6331 for (str = probe->dtpr_name; *str != '\0'; str++)
5741 6332 c[i++] = *str;
5742 6333
5743 6334 while (*ecbmsg != '\0')
5744 6335 c[i++] = *ecbmsg++;
5745 6336
5746 6337 while (shift >= 0) {
5747 6338 mask = (uintptr_t)0xf << shift;
5748 6339
5749 6340 if (val >= ((uintptr_t)1 << shift))
5750 6341 c[i++] = "0123456789abcdef"[(val & mask) >> shift];
5751 6342 shift -= 4;
5752 6343 }
5753 6344
5754 6345 c[i++] = ')';
5755 6346 c[i] = '\0';
5756 6347
5757 6348 debug_enter(c);
5758 6349 }
5759 6350
5760 6351 static void
5761 6352 dtrace_action_panic(dtrace_ecb_t *ecb)
5762 6353 {
5763 6354 dtrace_probe_t *probe = ecb->dte_probe;
5764 6355
5765 6356 /*
5766 6357 * It's impossible to be taking action on the NULL probe.
5767 6358 */
5768 6359 ASSERT(probe != NULL);
5769 6360
5770 6361 if (dtrace_destructive_disallow)
5771 6362 return;
5772 6363
5773 6364 if (dtrace_panicked != NULL)
5774 6365 return;
5775 6366
5776 6367 if (dtrace_casptr(&dtrace_panicked, NULL, curthread) != NULL)
5777 6368 return;
5778 6369
5779 6370 /*
5780 6371 * We won the right to panic. (We want to be sure that only one
5781 6372 * thread calls panic() from dtrace_probe(), and that panic() is
5782 6373 * called exactly once.)
5783 6374 */
5784 6375 dtrace_panic("dtrace: panic action at probe %s:%s:%s:%s (ecb %p)",
5785 6376 probe->dtpr_provider->dtpv_name, probe->dtpr_mod,
5786 6377 probe->dtpr_func, probe->dtpr_name, (void *)ecb);
5787 6378 }
5788 6379
5789 6380 static void
5790 6381 dtrace_action_raise(uint64_t sig)
5791 6382 {
5792 6383 if (dtrace_destructive_disallow)
5793 6384 return;
5794 6385
5795 6386 if (sig >= NSIG) {
5796 6387 DTRACE_CPUFLAG_SET(CPU_DTRACE_ILLOP);
5797 6388 return;
5798 6389 }
5799 6390
5800 6391 /*
5801 6392 * raise() has a queue depth of 1 -- we ignore all subsequent
5802 6393 * invocations of the raise() action.
5803 6394 */
5804 6395 if (curthread->t_dtrace_sig == 0)
5805 6396 curthread->t_dtrace_sig = (uint8_t)sig;
5806 6397
5807 6398 curthread->t_sig_check = 1;
5808 6399 aston(curthread);
5809 6400 }
5810 6401
5811 6402 static void
5812 6403 dtrace_action_stop(void)
5813 6404 {
5814 6405 if (dtrace_destructive_disallow)
5815 6406 return;
5816 6407
5817 6408 if (!curthread->t_dtrace_stop) {
5818 6409 curthread->t_dtrace_stop = 1;
5819 6410 curthread->t_sig_check = 1;
5820 6411 aston(curthread);
5821 6412 }
5822 6413 }
5823 6414
5824 6415 static void
5825 6416 dtrace_action_chill(dtrace_mstate_t *mstate, hrtime_t val)
5826 6417 {
5827 6418 hrtime_t now;
5828 6419 volatile uint16_t *flags;
5829 6420 cpu_t *cpu = CPU;
5830 6421
5831 6422 if (dtrace_destructive_disallow)
5832 6423 return;
5833 6424
5834 6425 flags = (volatile uint16_t *)&cpu_core[cpu->cpu_id].cpuc_dtrace_flags;
5835 6426
5836 6427 now = dtrace_gethrtime();
5837 6428
5838 6429 if (now - cpu->cpu_dtrace_chillmark > dtrace_chill_interval) {
5839 6430 /*
5840 6431 * We need to advance the mark to the current time.
5841 6432 */
5842 6433 cpu->cpu_dtrace_chillmark = now;
5843 6434 cpu->cpu_dtrace_chilled = 0;
5844 6435 }
5845 6436
5846 6437 /*
5847 6438 * Now check to see if the requested chill time would take us over
5848 6439 * the maximum amount of time allowed in the chill interval. (Or
5849 6440 * worse, if the calculation itself induces overflow.)
5850 6441 */
5851 6442 if (cpu->cpu_dtrace_chilled + val > dtrace_chill_max ||
5852 6443 cpu->cpu_dtrace_chilled + val < cpu->cpu_dtrace_chilled) {
5853 6444 *flags |= CPU_DTRACE_ILLOP;
5854 6445 return;
5855 6446 }
5856 6447
5857 6448 while (dtrace_gethrtime() - now < val)
5858 6449 continue;
5859 6450
5860 6451 /*
5861 6452 * Normally, we assure that the value of the variable "timestamp" does
5862 6453 * not change within an ECB. The presence of chill() represents an
5863 6454 * exception to this rule, however.
5864 6455 */
5865 6456 mstate->dtms_present &= ~DTRACE_MSTATE_TIMESTAMP;
5866 6457 cpu->cpu_dtrace_chilled += val;
5867 6458 }
5868 6459
5869 6460 static void
5870 6461 dtrace_action_ustack(dtrace_mstate_t *mstate, dtrace_state_t *state,
5871 6462 uint64_t *buf, uint64_t arg)
5872 6463 {
5873 6464 int nframes = DTRACE_USTACK_NFRAMES(arg);
5874 6465 int strsize = DTRACE_USTACK_STRSIZE(arg);
5875 6466 uint64_t *pcs = &buf[1], *fps;
5876 6467 char *str = (char *)&pcs[nframes];
5877 6468 int size, offs = 0, i, j;
5878 6469 uintptr_t old = mstate->dtms_scratch_ptr, saved;
5879 6470 uint16_t *flags = &cpu_core[CPU->cpu_id].cpuc_dtrace_flags;
5880 6471 char *sym;
5881 6472
5882 6473 /*
5883 6474 * Should be taking a faster path if string space has not been
5884 6475 * allocated.
5885 6476 */
5886 6477 ASSERT(strsize != 0);
5887 6478
5888 6479 /*
5889 6480 * We will first allocate some temporary space for the frame pointers.
5890 6481 */
5891 6482 fps = (uint64_t *)P2ROUNDUP(mstate->dtms_scratch_ptr, 8);
5892 6483 size = (uintptr_t)fps - mstate->dtms_scratch_ptr +
5893 6484 (nframes * sizeof (uint64_t));
5894 6485
5895 6486 if (!DTRACE_INSCRATCH(mstate, size)) {
5896 6487 /*
5897 6488 * Not enough room for our frame pointers -- need to indicate
5898 6489 * that we ran out of scratch space.
5899 6490 */
5900 6491 DTRACE_CPUFLAG_SET(CPU_DTRACE_NOSCRATCH);
5901 6492 return;
5902 6493 }
5903 6494
5904 6495 mstate->dtms_scratch_ptr += size;
5905 6496 saved = mstate->dtms_scratch_ptr;
5906 6497
5907 6498 /*
5908 6499 * Now get a stack with both program counters and frame pointers.
5909 6500 */
5910 6501 DTRACE_CPUFLAG_SET(CPU_DTRACE_NOFAULT);
5911 6502 dtrace_getufpstack(buf, fps, nframes + 1);
5912 6503 DTRACE_CPUFLAG_CLEAR(CPU_DTRACE_NOFAULT);
5913 6504
5914 6505 /*
5915 6506 * If that faulted, we're cooked.
5916 6507 */
5917 6508 if (*flags & CPU_DTRACE_FAULT)
5918 6509 goto out;
5919 6510
5920 6511 /*
5921 6512 * Now we want to walk up the stack, calling the USTACK helper. For
5922 6513 * each iteration, we restore the scratch pointer.
5923 6514 */
5924 6515 for (i = 0; i < nframes; i++) {
5925 6516 mstate->dtms_scratch_ptr = saved;
5926 6517
5927 6518 if (offs >= strsize)
5928 6519 break;
5929 6520
5930 6521 sym = (char *)(uintptr_t)dtrace_helper(
5931 6522 DTRACE_HELPER_ACTION_USTACK,
5932 6523 mstate, state, pcs[i], fps[i]);
5933 6524
5934 6525 /*
5935 6526 * If we faulted while running the helper, we're going to
5936 6527 * clear the fault and null out the corresponding string.
5937 6528 */
5938 6529 if (*flags & CPU_DTRACE_FAULT) {
5939 6530 *flags &= ~CPU_DTRACE_FAULT;
5940 6531 str[offs++] = '\0';
5941 6532 continue;
5942 6533 }
5943 6534
5944 6535 if (sym == NULL) {
5945 6536 str[offs++] = '\0';
5946 6537 continue;
5947 6538 }
5948 6539
5949 6540 DTRACE_CPUFLAG_SET(CPU_DTRACE_NOFAULT);
5950 6541
5951 6542 /*
5952 6543 * Now copy in the string that the helper returned to us.
5953 6544 */
5954 6545 for (j = 0; offs + j < strsize; j++) {
5955 6546 if ((str[offs + j] = sym[j]) == '\0')
5956 6547 break;
5957 6548 }
5958 6549
5959 6550 DTRACE_CPUFLAG_CLEAR(CPU_DTRACE_NOFAULT);
5960 6551
5961 6552 offs += j + 1;
5962 6553 }
5963 6554
5964 6555 if (offs >= strsize) {
5965 6556 /*
5966 6557 * If we didn't have room for all of the strings, we don't
5967 6558 * abort processing -- this needn't be a fatal error -- but we
5968 6559 * still want to increment a counter (dts_stkstroverflows) to
5969 6560 * allow this condition to be warned about. (If this is from
5970 6561 * a jstack() action, it is easily tuned via jstackstrsize.)
5971 6562 */
5972 6563 dtrace_error(&state->dts_stkstroverflows);
5973 6564 }
5974 6565
5975 6566 while (offs < strsize)
5976 6567 str[offs++] = '\0';
5977 6568
5978 6569 out:
5979 6570 mstate->dtms_scratch_ptr = old;
5980 6571 }
5981 6572
5982 6573 /*
5983 6574 * If you're looking for the epicenter of DTrace, you just found it. This
5984 6575 * is the function called by the provider to fire a probe -- from which all
5985 6576 * subsequent probe-context DTrace activity emanates.
5986 6577 */
5987 6578 void
5988 6579 dtrace_probe(dtrace_id_t id, uintptr_t arg0, uintptr_t arg1,
5989 6580 uintptr_t arg2, uintptr_t arg3, uintptr_t arg4)
5990 6581 {
5991 6582 processorid_t cpuid;
5992 6583 dtrace_icookie_t cookie;
5993 6584 dtrace_probe_t *probe;
5994 6585 dtrace_mstate_t mstate;
5995 6586 dtrace_ecb_t *ecb;
5996 6587 dtrace_action_t *act;
5997 6588 intptr_t offs;
5998 6589 size_t size;
5999 6590 int vtime, onintr;
6000 6591 volatile uint16_t *flags;
6001 6592 hrtime_t now;
6002 6593
6003 6594 /*
6004 6595 * Kick out immediately if this CPU is still being born (in which case
6005 6596 * curthread will be set to -1) or the current thread can't allow
6006 6597 * probes in its current context.
6007 6598 */
6008 6599 if (((uintptr_t)curthread & 1) || (curthread->t_flag & T_DONTDTRACE))
6009 6600 return;
6010 6601
6011 6602 cookie = dtrace_interrupt_disable();
6012 6603 probe = dtrace_probes[id - 1];
6013 6604 cpuid = CPU->cpu_id;
6014 6605 onintr = CPU_ON_INTR(CPU);
6015 6606
6016 6607 if (!onintr && probe->dtpr_predcache != DTRACE_CACHEIDNONE &&
6017 6608 probe->dtpr_predcache == curthread->t_predcache) {
6018 6609 /*
6019 6610 * We have hit in the predicate cache; we know that
6020 6611 * this predicate would evaluate to be false.
6021 6612 */
6022 6613 dtrace_interrupt_enable(cookie);
6023 6614 return;
6024 6615 }
6025 6616
6026 6617 if (panic_quiesce) {
6027 6618 /*
6028 6619 * We don't trace anything if we're panicking.
6029 6620 */
6030 6621 dtrace_interrupt_enable(cookie);
6031 6622 return;
6032 6623 }
6033 6624
6034 6625 now = dtrace_gethrtime();
6035 6626 vtime = dtrace_vtime_references != 0;
6036 6627
6037 6628 if (vtime && curthread->t_dtrace_start)
6038 6629 curthread->t_dtrace_vtime += now - curthread->t_dtrace_start;
6039 6630
6040 6631 mstate.dtms_difo = NULL;
6041 6632 mstate.dtms_probe = probe;
6042 6633 mstate.dtms_strtok = NULL;
6043 6634 mstate.dtms_arg[0] = arg0;
6044 6635 mstate.dtms_arg[1] = arg1;
6045 6636 mstate.dtms_arg[2] = arg2;
6046 6637 mstate.dtms_arg[3] = arg3;
6047 6638 mstate.dtms_arg[4] = arg4;
6048 6639
6049 6640 flags = (volatile uint16_t *)&cpu_core[cpuid].cpuc_dtrace_flags;
6050 6641
6051 6642 for (ecb = probe->dtpr_ecb; ecb != NULL; ecb = ecb->dte_next) {
6052 6643 dtrace_predicate_t *pred = ecb->dte_predicate;
6053 6644 dtrace_state_t *state = ecb->dte_state;
6054 6645 dtrace_buffer_t *buf = &state->dts_buffer[cpuid];
6055 6646 dtrace_buffer_t *aggbuf = &state->dts_aggbuffer[cpuid];
6056 6647 dtrace_vstate_t *vstate = &state->dts_vstate;
6057 6648 dtrace_provider_t *prov = probe->dtpr_provider;
6058 6649 uint64_t tracememsize = 0;
6059 6650 int committed = 0;
6060 6651 caddr_t tomax;
6061 6652
6062 6653 /*
6063 6654 * A little subtlety with the following (seemingly innocuous)
6064 6655 * declaration of the automatic 'val': by looking at the
6065 6656 * code, you might think that it could be declared in the
6066 6657 * action processing loop, below. (That is, it's only used in
6067 6658 * the action processing loop.) However, it must be declared
6068 6659 * out of that scope because in the case of DIF expression
6069 6660 * arguments to aggregating actions, one iteration of the
6070 6661 * action loop will use the last iteration's value.
6071 6662 */
6072 6663 #ifdef lint
6073 6664 uint64_t val = 0;
6074 6665 #else
6075 6666 uint64_t val;
6076 6667 #endif
6077 6668
6078 6669 mstate.dtms_present = DTRACE_MSTATE_ARGS | DTRACE_MSTATE_PROBE;
6079 6670 mstate.dtms_access = DTRACE_ACCESS_ARGS | DTRACE_ACCESS_PROC;
6080 6671 mstate.dtms_getf = NULL;
6081 6672
6082 6673 *flags &= ~CPU_DTRACE_ERROR;
6083 6674
6084 6675 if (prov == dtrace_provider) {
6085 6676 /*
6086 6677 * If dtrace itself is the provider of this probe,
6087 6678 * we're only going to continue processing the ECB if
6088 6679 * arg0 (the dtrace_state_t) is equal to the ECB's
6089 6680 * creating state. (This prevents disjoint consumers
6090 6681 * from seeing one another's metaprobes.)
6091 6682 */
6092 6683 if (arg0 != (uint64_t)(uintptr_t)state)
6093 6684 continue;
6094 6685 }
6095 6686
6096 6687 if (state->dts_activity != DTRACE_ACTIVITY_ACTIVE) {
6097 6688 /*
6098 6689 * We're not currently active. If our provider isn't
6099 6690 * the dtrace pseudo provider, we're not interested.
6100 6691 */
6101 6692 if (prov != dtrace_provider)
6102 6693 continue;
6103 6694
6104 6695 /*
6105 6696 * Now we must further check if we are in the BEGIN
6106 6697 * probe. If we are, we will only continue processing
6107 6698 * if we're still in WARMUP -- if one BEGIN enabling
6108 6699 * has invoked the exit() action, we don't want to
6109 6700 * evaluate subsequent BEGIN enablings.
6110 6701 */
6111 6702 if (probe->dtpr_id == dtrace_probeid_begin &&
6112 6703 state->dts_activity != DTRACE_ACTIVITY_WARMUP) {
6113 6704 ASSERT(state->dts_activity ==
6114 6705 DTRACE_ACTIVITY_DRAINING);
6115 6706 continue;
6116 6707 }
6117 6708 }
6118 6709
6119 6710 if (ecb->dte_cond && !dtrace_priv_probe(state, &mstate, ecb))
6120 6711 continue;
6121 6712
6122 6713 if (now - state->dts_alive > dtrace_deadman_timeout) {
6123 6714 /*
6124 6715 * We seem to be dead. Unless we (a) have kernel
6125 6716 * destructive permissions (b) have explicitly enabled
6126 6717 * destructive actions and (c) destructive actions have
6127 6718 * not been disabled, we're going to transition into
6128 6719 * the KILLED state, from which no further processing
6129 6720 * on this state will be performed.
6130 6721 */
6131 6722 if (!dtrace_priv_kernel_destructive(state) ||
6132 6723 !state->dts_cred.dcr_destructive ||
6133 6724 dtrace_destructive_disallow) {
6134 6725 void *activity = &state->dts_activity;
6135 6726 dtrace_activity_t current;
6136 6727
6137 6728 do {
6138 6729 current = state->dts_activity;
6139 6730 } while (dtrace_cas32(activity, current,
6140 6731 DTRACE_ACTIVITY_KILLED) != current);
6141 6732
6142 6733 continue;
6143 6734 }
6144 6735 }
6145 6736
6146 6737 if ((offs = dtrace_buffer_reserve(buf, ecb->dte_needed,
6147 6738 ecb->dte_alignment, state, &mstate)) < 0)
6148 6739 continue;
6149 6740
6150 6741 tomax = buf->dtb_tomax;
6151 6742 ASSERT(tomax != NULL);
6152 6743
6153 6744 if (ecb->dte_size != 0) {
6154 6745 dtrace_rechdr_t dtrh;
6155 6746 if (!(mstate.dtms_present & DTRACE_MSTATE_TIMESTAMP)) {
6156 6747 mstate.dtms_timestamp = dtrace_gethrtime();
6157 6748 mstate.dtms_present |= DTRACE_MSTATE_TIMESTAMP;
6158 6749 }
6159 6750 ASSERT3U(ecb->dte_size, >=, sizeof (dtrace_rechdr_t));
6160 6751 dtrh.dtrh_epid = ecb->dte_epid;
6161 6752 DTRACE_RECORD_STORE_TIMESTAMP(&dtrh,
6162 6753 mstate.dtms_timestamp);
6163 6754 *((dtrace_rechdr_t *)(tomax + offs)) = dtrh;
6164 6755 }
6165 6756
6166 6757 mstate.dtms_epid = ecb->dte_epid;
6167 6758 mstate.dtms_present |= DTRACE_MSTATE_EPID;
6168 6759
6169 6760 if (state->dts_cred.dcr_visible & DTRACE_CRV_KERNEL)
6170 6761 mstate.dtms_access |= DTRACE_ACCESS_KERNEL;
6171 6762
6172 6763 if (pred != NULL) {
6173 6764 dtrace_difo_t *dp = pred->dtp_difo;
6174 6765 int rval;
6175 6766
6176 6767 rval = dtrace_dif_emulate(dp, &mstate, vstate, state);
6177 6768
6178 6769 if (!(*flags & CPU_DTRACE_ERROR) && !rval) {
6179 6770 dtrace_cacheid_t cid = probe->dtpr_predcache;
6180 6771
6181 6772 if (cid != DTRACE_CACHEIDNONE && !onintr) {
6182 6773 /*
6183 6774 * Update the predicate cache...
6184 6775 */
6185 6776 ASSERT(cid == pred->dtp_cacheid);
6186 6777 curthread->t_predcache = cid;
6187 6778 }
6188 6779
6189 6780 continue;
6190 6781 }
6191 6782 }
6192 6783
6193 6784 for (act = ecb->dte_action; !(*flags & CPU_DTRACE_ERROR) &&
6194 6785 act != NULL; act = act->dta_next) {
6195 6786 size_t valoffs;
6196 6787 dtrace_difo_t *dp;
6197 6788 dtrace_recdesc_t *rec = &act->dta_rec;
6198 6789
6199 6790 size = rec->dtrd_size;
6200 6791 valoffs = offs + rec->dtrd_offset;
6201 6792
6202 6793 if (DTRACEACT_ISAGG(act->dta_kind)) {
6203 6794 uint64_t v = 0xbad;
6204 6795 dtrace_aggregation_t *agg;
6205 6796
6206 6797 agg = (dtrace_aggregation_t *)act;
6207 6798
6208 6799 if ((dp = act->dta_difo) != NULL)
6209 6800 v = dtrace_dif_emulate(dp,
6210 6801 &mstate, vstate, state);
6211 6802
6212 6803 if (*flags & CPU_DTRACE_ERROR)
6213 6804 continue;
6214 6805
6215 6806 /*
6216 6807 * Note that we always pass the expression
6217 6808 * value from the previous iteration of the
6218 6809 * action loop. This value will only be used
6219 6810 * if there is an expression argument to the
6220 6811 * aggregating action, denoted by the
6221 6812 * dtag_hasarg field.
6222 6813 */
6223 6814 dtrace_aggregate(agg, buf,
6224 6815 offs, aggbuf, v, val);
6225 6816 continue;
6226 6817 }
6227 6818
6228 6819 switch (act->dta_kind) {
6229 6820 case DTRACEACT_STOP:
6230 6821 if (dtrace_priv_proc_destructive(state,
6231 6822 &mstate))
6232 6823 dtrace_action_stop();
6233 6824 continue;
6234 6825
6235 6826 case DTRACEACT_BREAKPOINT:
6236 6827 if (dtrace_priv_kernel_destructive(state))
6237 6828 dtrace_action_breakpoint(ecb);
6238 6829 continue;
6239 6830
6240 6831 case DTRACEACT_PANIC:
6241 6832 if (dtrace_priv_kernel_destructive(state))
6242 6833 dtrace_action_panic(ecb);
6243 6834 continue;
6244 6835
6245 6836 case DTRACEACT_STACK:
6246 6837 if (!dtrace_priv_kernel(state))
6247 6838 continue;
6248 6839
6249 6840 dtrace_getpcstack((pc_t *)(tomax + valoffs),
6250 6841 size / sizeof (pc_t), probe->dtpr_aframes,
6251 6842 DTRACE_ANCHORED(probe) ? NULL :
6252 6843 (uint32_t *)arg0);
6253 6844
6254 6845 continue;
6255 6846
6256 6847 case DTRACEACT_JSTACK:
6257 6848 case DTRACEACT_USTACK:
6258 6849 if (!dtrace_priv_proc(state, &mstate))
6259 6850 continue;
6260 6851
6261 6852 /*
6262 6853 * See comment in DIF_VAR_PID.
6263 6854 */
6264 6855 if (DTRACE_ANCHORED(mstate.dtms_probe) &&
6265 6856 CPU_ON_INTR(CPU)) {
6266 6857 int depth = DTRACE_USTACK_NFRAMES(
6267 6858 rec->dtrd_arg) + 1;
6268 6859
6269 6860 dtrace_bzero((void *)(tomax + valoffs),
6270 6861 DTRACE_USTACK_STRSIZE(rec->dtrd_arg)
6271 6862 + depth * sizeof (uint64_t));
6272 6863
6273 6864 continue;
6274 6865 }
6275 6866
6276 6867 if (DTRACE_USTACK_STRSIZE(rec->dtrd_arg) != 0 &&
6277 6868 curproc->p_dtrace_helpers != NULL) {
6278 6869 /*
6279 6870 * This is the slow path -- we have
6280 6871 * allocated string space, and we're
6281 6872 * getting the stack of a process that
6282 6873 * has helpers. Call into a separate
6283 6874 * routine to perform this processing.
6284 6875 */
6285 6876 dtrace_action_ustack(&mstate, state,
6286 6877 (uint64_t *)(tomax + valoffs),
6287 6878 rec->dtrd_arg);
6288 6879 continue;
6289 6880 }
6290 6881
6291 6882 /*
6292 6883 * Clear the string space, since there's no
6293 6884 * helper to do it for us.
6294 6885 */
6295 6886 if (DTRACE_USTACK_STRSIZE(rec->dtrd_arg) != 0) {
6296 6887 int depth = DTRACE_USTACK_NFRAMES(
6297 6888 rec->dtrd_arg);
6298 6889 size_t strsize = DTRACE_USTACK_STRSIZE(
6299 6890 rec->dtrd_arg);
6300 6891 uint64_t *buf = (uint64_t *)(tomax +
6301 6892 valoffs);
6302 6893 void *strspace = &buf[depth + 1];
6303 6894
6304 6895 dtrace_bzero(strspace,
6305 6896 MIN(depth, strsize));
6306 6897 }
6307 6898
6308 6899 DTRACE_CPUFLAG_SET(CPU_DTRACE_NOFAULT);
6309 6900 dtrace_getupcstack((uint64_t *)
6310 6901 (tomax + valoffs),
6311 6902 DTRACE_USTACK_NFRAMES(rec->dtrd_arg) + 1);
6312 6903 DTRACE_CPUFLAG_CLEAR(CPU_DTRACE_NOFAULT);
6313 6904 continue;
6314 6905
6315 6906 default:
6316 6907 break;
6317 6908 }
6318 6909
6319 6910 dp = act->dta_difo;
6320 6911 ASSERT(dp != NULL);
6321 6912
6322 6913 val = dtrace_dif_emulate(dp, &mstate, vstate, state);
6323 6914
6324 6915 if (*flags & CPU_DTRACE_ERROR)
6325 6916 continue;
6326 6917
6327 6918 switch (act->dta_kind) {
6328 6919 case DTRACEACT_SPECULATE: {
6329 6920 dtrace_rechdr_t *dtrh;
6330 6921
6331 6922 ASSERT(buf == &state->dts_buffer[cpuid]);
6332 6923 buf = dtrace_speculation_buffer(state,
6333 6924 cpuid, val);
6334 6925
6335 6926 if (buf == NULL) {
6336 6927 *flags |= CPU_DTRACE_DROP;
6337 6928 continue;
6338 6929 }
6339 6930
6340 6931 offs = dtrace_buffer_reserve(buf,
6341 6932 ecb->dte_needed, ecb->dte_alignment,
6342 6933 state, NULL);
6343 6934
6344 6935 if (offs < 0) {
6345 6936 *flags |= CPU_DTRACE_DROP;
6346 6937 continue;
6347 6938 }
6348 6939
6349 6940 tomax = buf->dtb_tomax;
6350 6941 ASSERT(tomax != NULL);
6351 6942
6352 6943 if (ecb->dte_size == 0)
6353 6944 continue;
6354 6945
6355 6946 ASSERT3U(ecb->dte_size, >=,
6356 6947 sizeof (dtrace_rechdr_t));
6357 6948 dtrh = ((void *)(tomax + offs));
6358 6949 dtrh->dtrh_epid = ecb->dte_epid;
6359 6950 /*
6360 6951 * When the speculation is committed, all of
6361 6952 * the records in the speculative buffer will
6362 6953 * have their timestamps set to the commit
6363 6954 * time. Until then, it is set to a sentinel
6364 6955 * value, for debugability.
6365 6956 */
6366 6957 DTRACE_RECORD_STORE_TIMESTAMP(dtrh, UINT64_MAX);
6367 6958 continue;
6368 6959 }
6369 6960
6370 6961 case DTRACEACT_CHILL:
6371 6962 if (dtrace_priv_kernel_destructive(state))
6372 6963 dtrace_action_chill(&mstate, val);
6373 6964 continue;
6374 6965
6375 6966 case DTRACEACT_RAISE:
6376 6967 if (dtrace_priv_proc_destructive(state,
6377 6968 &mstate))
6378 6969 dtrace_action_raise(val);
6379 6970 continue;
6380 6971
6381 6972 case DTRACEACT_COMMIT:
6382 6973 ASSERT(!committed);
6383 6974
6384 6975 /*
6385 6976 * We need to commit our buffer state.
6386 6977 */
6387 6978 if (ecb->dte_size)
6388 6979 buf->dtb_offset = offs + ecb->dte_size;
6389 6980 buf = &state->dts_buffer[cpuid];
6390 6981 dtrace_speculation_commit(state, cpuid, val);
6391 6982 committed = 1;
6392 6983 continue;
6393 6984
6394 6985 case DTRACEACT_DISCARD:
6395 6986 dtrace_speculation_discard(state, cpuid, val);
6396 6987 continue;
6397 6988
6398 6989 case DTRACEACT_DIFEXPR:
6399 6990 case DTRACEACT_LIBACT:
6400 6991 case DTRACEACT_PRINTF:
6401 6992 case DTRACEACT_PRINTA:
6402 6993 case DTRACEACT_SYSTEM:
6403 6994 case DTRACEACT_FREOPEN:
6404 6995 case DTRACEACT_TRACEMEM:
6405 6996 break;
6406 6997
6407 6998 case DTRACEACT_TRACEMEM_DYNSIZE:
6408 6999 tracememsize = val;
6409 7000 break;
6410 7001
6411 7002 case DTRACEACT_SYM:
6412 7003 case DTRACEACT_MOD:
6413 7004 if (!dtrace_priv_kernel(state))
6414 7005 continue;
6415 7006 break;
6416 7007
6417 7008 case DTRACEACT_USYM:
6418 7009 case DTRACEACT_UMOD:
6419 7010 case DTRACEACT_UADDR: {
6420 7011 struct pid *pid = curthread->t_procp->p_pidp;
6421 7012
6422 7013 if (!dtrace_priv_proc(state, &mstate))
6423 7014 continue;
6424 7015
6425 7016 DTRACE_STORE(uint64_t, tomax,
6426 7017 valoffs, (uint64_t)pid->pid_id);
6427 7018 DTRACE_STORE(uint64_t, tomax,
6428 7019 valoffs + sizeof (uint64_t), val);
6429 7020
6430 7021 continue;
6431 7022 }
6432 7023
6433 7024 case DTRACEACT_EXIT: {
6434 7025 /*
6435 7026 * For the exit action, we are going to attempt
6436 7027 * to atomically set our activity to be
6437 7028 * draining. If this fails (either because
6438 7029 * another CPU has beat us to the exit action,
6439 7030 * or because our current activity is something
6440 7031 * other than ACTIVE or WARMUP), we will
6441 7032 * continue. This assures that the exit action
6442 7033 * can be successfully recorded at most once
6443 7034 * when we're in the ACTIVE state. If we're
6444 7035 * encountering the exit() action while in
6445 7036 * COOLDOWN, however, we want to honor the new
6446 7037 * status code. (We know that we're the only
6447 7038 * thread in COOLDOWN, so there is no race.)
6448 7039 */
6449 7040 void *activity = &state->dts_activity;
6450 7041 dtrace_activity_t current = state->dts_activity;
6451 7042
6452 7043 if (current == DTRACE_ACTIVITY_COOLDOWN)
6453 7044 break;
6454 7045
6455 7046 if (current != DTRACE_ACTIVITY_WARMUP)
6456 7047 current = DTRACE_ACTIVITY_ACTIVE;
6457 7048
6458 7049 if (dtrace_cas32(activity, current,
6459 7050 DTRACE_ACTIVITY_DRAINING) != current) {
6460 7051 *flags |= CPU_DTRACE_DROP;
6461 7052 continue;
6462 7053 }
6463 7054
6464 7055 break;
6465 7056 }
6466 7057
6467 7058 default:
6468 7059 ASSERT(0);
6469 7060 }
6470 7061
6471 7062 if (dp->dtdo_rtype.dtdt_flags & DIF_TF_BYREF) {
6472 7063 uintptr_t end = valoffs + size;
6473 7064
6474 7065 if (tracememsize != 0 &&
6475 7066 valoffs + tracememsize < end) {
6476 7067 end = valoffs + tracememsize;
6477 7068 tracememsize = 0;
6478 7069 }
6479 7070
6480 7071 if (!dtrace_vcanload((void *)(uintptr_t)val,
6481 7072 &dp->dtdo_rtype, &mstate, vstate))
6482 7073 continue;
6483 7074
6484 7075 /*
6485 7076 * If this is a string, we're going to only
6486 7077 * load until we find the zero byte -- after
6487 7078 * which we'll store zero bytes.
6488 7079 */
6489 7080 if (dp->dtdo_rtype.dtdt_kind ==
6490 7081 DIF_TYPE_STRING) {
6491 7082 char c = '\0' + 1;
6492 7083 int intuple = act->dta_intuple;
6493 7084 size_t s;
6494 7085
6495 7086 for (s = 0; s < size; s++) {
6496 7087 if (c != '\0')
6497 7088 c = dtrace_load8(val++);
6498 7089
6499 7090 DTRACE_STORE(uint8_t, tomax,
6500 7091 valoffs++, c);
6501 7092
6502 7093 if (c == '\0' && intuple)
6503 7094 break;
6504 7095 }
6505 7096
6506 7097 continue;
6507 7098 }
6508 7099
6509 7100 while (valoffs < end) {
6510 7101 DTRACE_STORE(uint8_t, tomax, valoffs++,
6511 7102 dtrace_load8(val++));
6512 7103 }
6513 7104
6514 7105 continue;
6515 7106 }
6516 7107
6517 7108 switch (size) {
6518 7109 case 0:
6519 7110 break;
6520 7111
6521 7112 case sizeof (uint8_t):
6522 7113 DTRACE_STORE(uint8_t, tomax, valoffs, val);
6523 7114 break;
6524 7115 case sizeof (uint16_t):
6525 7116 DTRACE_STORE(uint16_t, tomax, valoffs, val);
6526 7117 break;
6527 7118 case sizeof (uint32_t):
6528 7119 DTRACE_STORE(uint32_t, tomax, valoffs, val);
6529 7120 break;
6530 7121 case sizeof (uint64_t):
6531 7122 DTRACE_STORE(uint64_t, tomax, valoffs, val);
6532 7123 break;
6533 7124 default:
6534 7125 /*
6535 7126 * Any other size should have been returned by
6536 7127 * reference, not by value.
6537 7128 */
6538 7129 ASSERT(0);
6539 7130 break;
6540 7131 }
6541 7132 }
6542 7133
6543 7134 if (*flags & CPU_DTRACE_DROP)
6544 7135 continue;
6545 7136
6546 7137 if (*flags & CPU_DTRACE_FAULT) {
6547 7138 int ndx;
6548 7139 dtrace_action_t *err;
6549 7140
6550 7141 buf->dtb_errors++;
6551 7142
6552 7143 if (probe->dtpr_id == dtrace_probeid_error) {
6553 7144 /*
6554 7145 * There's nothing we can do -- we had an
6555 7146 * error on the error probe. We bump an
6556 7147 * error counter to at least indicate that
6557 7148 * this condition happened.
6558 7149 */
6559 7150 dtrace_error(&state->dts_dblerrors);
6560 7151 continue;
6561 7152 }
6562 7153
6563 7154 if (vtime) {
6564 7155 /*
6565 7156 * Before recursing on dtrace_probe(), we
6566 7157 * need to explicitly clear out our start
6567 7158 * time to prevent it from being accumulated
6568 7159 * into t_dtrace_vtime.
6569 7160 */
6570 7161 curthread->t_dtrace_start = 0;
6571 7162 }
6572 7163
6573 7164 /*
6574 7165 * Iterate over the actions to figure out which action
6575 7166 * we were processing when we experienced the error.
6576 7167 * Note that act points _past_ the faulting action; if
6577 7168 * act is ecb->dte_action, the fault was in the
6578 7169 * predicate, if it's ecb->dte_action->dta_next it's
6579 7170 * in action #1, and so on.
6580 7171 */
6581 7172 for (err = ecb->dte_action, ndx = 0;
6582 7173 err != act; err = err->dta_next, ndx++)
6583 7174 continue;
6584 7175
6585 7176 dtrace_probe_error(state, ecb->dte_epid, ndx,
6586 7177 (mstate.dtms_present & DTRACE_MSTATE_FLTOFFS) ?
6587 7178 mstate.dtms_fltoffs : -1, DTRACE_FLAGS2FLT(*flags),
6588 7179 cpu_core[cpuid].cpuc_dtrace_illval);
6589 7180
6590 7181 continue;
6591 7182 }
6592 7183
6593 7184 if (!committed)
6594 7185 buf->dtb_offset = offs + ecb->dte_size;
6595 7186 }
6596 7187
6597 7188 if (vtime)
6598 7189 curthread->t_dtrace_start = dtrace_gethrtime();
6599 7190
6600 7191 dtrace_interrupt_enable(cookie);
6601 7192 }
6602 7193
6603 7194 /*
6604 7195 * DTrace Probe Hashing Functions
6605 7196 *
6606 7197 * The functions in this section (and indeed, the functions in remaining
6607 7198 * sections) are not _called_ from probe context. (Any exceptions to this are
6608 7199 * marked with a "Note:".) Rather, they are called from elsewhere in the
6609 7200 * DTrace framework to look-up probes in, add probes to and remove probes from
6610 7201 * the DTrace probe hashes. (Each probe is hashed by each element of the
6611 7202 * probe tuple -- allowing for fast lookups, regardless of what was
6612 7203 * specified.)
6613 7204 */
6614 7205 static uint_t
6615 7206 dtrace_hash_str(char *p)
6616 7207 {
6617 7208 unsigned int g;
6618 7209 uint_t hval = 0;
6619 7210
6620 7211 while (*p) {
6621 7212 hval = (hval << 4) + *p++;
6622 7213 if ((g = (hval & 0xf0000000)) != 0)
6623 7214 hval ^= g >> 24;
6624 7215 hval &= ~g;
6625 7216 }
6626 7217 return (hval);
6627 7218 }
6628 7219
6629 7220 static dtrace_hash_t *
6630 7221 dtrace_hash_create(uintptr_t stroffs, uintptr_t nextoffs, uintptr_t prevoffs)
6631 7222 {
6632 7223 dtrace_hash_t *hash = kmem_zalloc(sizeof (dtrace_hash_t), KM_SLEEP);
6633 7224
6634 7225 hash->dth_stroffs = stroffs;
6635 7226 hash->dth_nextoffs = nextoffs;
6636 7227 hash->dth_prevoffs = prevoffs;
6637 7228
6638 7229 hash->dth_size = 1;
6639 7230 hash->dth_mask = hash->dth_size - 1;
6640 7231
6641 7232 hash->dth_tab = kmem_zalloc(hash->dth_size *
6642 7233 sizeof (dtrace_hashbucket_t *), KM_SLEEP);
6643 7234
6644 7235 return (hash);
6645 7236 }
6646 7237
6647 7238 static void
6648 7239 dtrace_hash_destroy(dtrace_hash_t *hash)
6649 7240 {
6650 7241 #ifdef DEBUG
6651 7242 int i;
6652 7243
6653 7244 for (i = 0; i < hash->dth_size; i++)
6654 7245 ASSERT(hash->dth_tab[i] == NULL);
6655 7246 #endif
6656 7247
6657 7248 kmem_free(hash->dth_tab,
6658 7249 hash->dth_size * sizeof (dtrace_hashbucket_t *));
6659 7250 kmem_free(hash, sizeof (dtrace_hash_t));
6660 7251 }
6661 7252
6662 7253 static void
6663 7254 dtrace_hash_resize(dtrace_hash_t *hash)
6664 7255 {
6665 7256 int size = hash->dth_size, i, ndx;
6666 7257 int new_size = hash->dth_size << 1;
6667 7258 int new_mask = new_size - 1;
6668 7259 dtrace_hashbucket_t **new_tab, *bucket, *next;
6669 7260
6670 7261 ASSERT((new_size & new_mask) == 0);
6671 7262
6672 7263 new_tab = kmem_zalloc(new_size * sizeof (void *), KM_SLEEP);
6673 7264
6674 7265 for (i = 0; i < size; i++) {
6675 7266 for (bucket = hash->dth_tab[i]; bucket != NULL; bucket = next) {
6676 7267 dtrace_probe_t *probe = bucket->dthb_chain;
6677 7268
6678 7269 ASSERT(probe != NULL);
6679 7270 ndx = DTRACE_HASHSTR(hash, probe) & new_mask;
6680 7271
6681 7272 next = bucket->dthb_next;
6682 7273 bucket->dthb_next = new_tab[ndx];
6683 7274 new_tab[ndx] = bucket;
6684 7275 }
6685 7276 }
6686 7277
6687 7278 kmem_free(hash->dth_tab, hash->dth_size * sizeof (void *));
6688 7279 hash->dth_tab = new_tab;
6689 7280 hash->dth_size = new_size;
6690 7281 hash->dth_mask = new_mask;
6691 7282 }
6692 7283
6693 7284 static void
6694 7285 dtrace_hash_add(dtrace_hash_t *hash, dtrace_probe_t *new)
6695 7286 {
6696 7287 int hashval = DTRACE_HASHSTR(hash, new);
6697 7288 int ndx = hashval & hash->dth_mask;
6698 7289 dtrace_hashbucket_t *bucket = hash->dth_tab[ndx];
6699 7290 dtrace_probe_t **nextp, **prevp;
6700 7291
6701 7292 for (; bucket != NULL; bucket = bucket->dthb_next) {
6702 7293 if (DTRACE_HASHEQ(hash, bucket->dthb_chain, new))
6703 7294 goto add;
6704 7295 }
6705 7296
6706 7297 if ((hash->dth_nbuckets >> 1) > hash->dth_size) {
6707 7298 dtrace_hash_resize(hash);
6708 7299 dtrace_hash_add(hash, new);
6709 7300 return;
6710 7301 }
6711 7302
6712 7303 bucket = kmem_zalloc(sizeof (dtrace_hashbucket_t), KM_SLEEP);
6713 7304 bucket->dthb_next = hash->dth_tab[ndx];
6714 7305 hash->dth_tab[ndx] = bucket;
6715 7306 hash->dth_nbuckets++;
6716 7307
6717 7308 add:
6718 7309 nextp = DTRACE_HASHNEXT(hash, new);
6719 7310 ASSERT(*nextp == NULL && *(DTRACE_HASHPREV(hash, new)) == NULL);
6720 7311 *nextp = bucket->dthb_chain;
6721 7312
6722 7313 if (bucket->dthb_chain != NULL) {
6723 7314 prevp = DTRACE_HASHPREV(hash, bucket->dthb_chain);
6724 7315 ASSERT(*prevp == NULL);
6725 7316 *prevp = new;
6726 7317 }
6727 7318
6728 7319 bucket->dthb_chain = new;
6729 7320 bucket->dthb_len++;
6730 7321 }
6731 7322
6732 7323 static dtrace_probe_t *
6733 7324 dtrace_hash_lookup(dtrace_hash_t *hash, dtrace_probe_t *template)
6734 7325 {
6735 7326 int hashval = DTRACE_HASHSTR(hash, template);
6736 7327 int ndx = hashval & hash->dth_mask;
6737 7328 dtrace_hashbucket_t *bucket = hash->dth_tab[ndx];
6738 7329
6739 7330 for (; bucket != NULL; bucket = bucket->dthb_next) {
6740 7331 if (DTRACE_HASHEQ(hash, bucket->dthb_chain, template))
6741 7332 return (bucket->dthb_chain);
6742 7333 }
6743 7334
6744 7335 return (NULL);
6745 7336 }
6746 7337
6747 7338 static int
6748 7339 dtrace_hash_collisions(dtrace_hash_t *hash, dtrace_probe_t *template)
6749 7340 {
6750 7341 int hashval = DTRACE_HASHSTR(hash, template);
6751 7342 int ndx = hashval & hash->dth_mask;
6752 7343 dtrace_hashbucket_t *bucket = hash->dth_tab[ndx];
6753 7344
6754 7345 for (; bucket != NULL; bucket = bucket->dthb_next) {
6755 7346 if (DTRACE_HASHEQ(hash, bucket->dthb_chain, template))
6756 7347 return (bucket->dthb_len);
6757 7348 }
6758 7349
6759 7350 return (NULL);
6760 7351 }
6761 7352
6762 7353 static void
6763 7354 dtrace_hash_remove(dtrace_hash_t *hash, dtrace_probe_t *probe)
6764 7355 {
6765 7356 int ndx = DTRACE_HASHSTR(hash, probe) & hash->dth_mask;
6766 7357 dtrace_hashbucket_t *bucket = hash->dth_tab[ndx];
6767 7358
6768 7359 dtrace_probe_t **prevp = DTRACE_HASHPREV(hash, probe);
6769 7360 dtrace_probe_t **nextp = DTRACE_HASHNEXT(hash, probe);
6770 7361
6771 7362 /*
6772 7363 * Find the bucket that we're removing this probe from.
6773 7364 */
6774 7365 for (; bucket != NULL; bucket = bucket->dthb_next) {
6775 7366 if (DTRACE_HASHEQ(hash, bucket->dthb_chain, probe))
6776 7367 break;
6777 7368 }
6778 7369
6779 7370 ASSERT(bucket != NULL);
6780 7371
6781 7372 if (*prevp == NULL) {
6782 7373 if (*nextp == NULL) {
6783 7374 /*
6784 7375 * The removed probe was the only probe on this
6785 7376 * bucket; we need to remove the bucket.
6786 7377 */
6787 7378 dtrace_hashbucket_t *b = hash->dth_tab[ndx];
6788 7379
6789 7380 ASSERT(bucket->dthb_chain == probe);
6790 7381 ASSERT(b != NULL);
6791 7382
6792 7383 if (b == bucket) {
6793 7384 hash->dth_tab[ndx] = bucket->dthb_next;
6794 7385 } else {
6795 7386 while (b->dthb_next != bucket)
6796 7387 b = b->dthb_next;
6797 7388 b->dthb_next = bucket->dthb_next;
6798 7389 }
6799 7390
6800 7391 ASSERT(hash->dth_nbuckets > 0);
6801 7392 hash->dth_nbuckets--;
6802 7393 kmem_free(bucket, sizeof (dtrace_hashbucket_t));
6803 7394 return;
6804 7395 }
6805 7396
6806 7397 bucket->dthb_chain = *nextp;
6807 7398 } else {
6808 7399 *(DTRACE_HASHNEXT(hash, *prevp)) = *nextp;
6809 7400 }
6810 7401
6811 7402 if (*nextp != NULL)
6812 7403 *(DTRACE_HASHPREV(hash, *nextp)) = *prevp;
6813 7404 }
6814 7405
6815 7406 /*
6816 7407 * DTrace Utility Functions
6817 7408 *
6818 7409 * These are random utility functions that are _not_ called from probe context.
6819 7410 */
6820 7411 static int
6821 7412 dtrace_badattr(const dtrace_attribute_t *a)
6822 7413 {
6823 7414 return (a->dtat_name > DTRACE_STABILITY_MAX ||
6824 7415 a->dtat_data > DTRACE_STABILITY_MAX ||
6825 7416 a->dtat_class > DTRACE_CLASS_MAX);
6826 7417 }
6827 7418
6828 7419 /*
6829 7420 * Return a duplicate copy of a string. If the specified string is NULL,
6830 7421 * this function returns a zero-length string.
6831 7422 */
6832 7423 static char *
6833 7424 dtrace_strdup(const char *str)
6834 7425 {
6835 7426 char *new = kmem_zalloc((str != NULL ? strlen(str) : 0) + 1, KM_SLEEP);
6836 7427
6837 7428 if (str != NULL)
6838 7429 (void) strcpy(new, str);
6839 7430
6840 7431 return (new);
6841 7432 }
6842 7433
6843 7434 #define DTRACE_ISALPHA(c) \
6844 7435 (((c) >= 'a' && (c) <= 'z') || ((c) >= 'A' && (c) <= 'Z'))
6845 7436
6846 7437 static int
6847 7438 dtrace_badname(const char *s)
6848 7439 {
6849 7440 char c;
6850 7441
6851 7442 if (s == NULL || (c = *s++) == '\0')
6852 7443 return (0);
6853 7444
6854 7445 if (!DTRACE_ISALPHA(c) && c != '-' && c != '_' && c != '.')
6855 7446 return (1);
6856 7447
6857 7448 while ((c = *s++) != '\0') {
6858 7449 if (!DTRACE_ISALPHA(c) && (c < '0' || c > '9') &&
6859 7450 c != '-' && c != '_' && c != '.' && c != '`')
6860 7451 return (1);
6861 7452 }
6862 7453
6863 7454 return (0);
6864 7455 }
6865 7456
6866 7457 static void
6867 7458 dtrace_cred2priv(cred_t *cr, uint32_t *privp, uid_t *uidp, zoneid_t *zoneidp)
6868 7459 {
6869 7460 uint32_t priv;
6870 7461
6871 7462 if (cr == NULL || PRIV_POLICY_ONLY(cr, PRIV_ALL, B_FALSE)) {
6872 7463 /*
6873 7464 * For DTRACE_PRIV_ALL, the uid and zoneid don't matter.
6874 7465 */
6875 7466 priv = DTRACE_PRIV_ALL;
6876 7467 } else {
6877 7468 *uidp = crgetuid(cr);
6878 7469 *zoneidp = crgetzonedid(cr);
6879 7470
6880 7471 priv = 0;
6881 7472 if (PRIV_POLICY_ONLY(cr, PRIV_DTRACE_KERNEL, B_FALSE))
6882 7473 priv |= DTRACE_PRIV_KERNEL | DTRACE_PRIV_USER;
6883 7474 else if (PRIV_POLICY_ONLY(cr, PRIV_DTRACE_USER, B_FALSE))
6884 7475 priv |= DTRACE_PRIV_USER;
6885 7476 if (PRIV_POLICY_ONLY(cr, PRIV_DTRACE_PROC, B_FALSE))
6886 7477 priv |= DTRACE_PRIV_PROC;
6887 7478 if (PRIV_POLICY_ONLY(cr, PRIV_PROC_OWNER, B_FALSE))
6888 7479 priv |= DTRACE_PRIV_OWNER;
6889 7480 if (PRIV_POLICY_ONLY(cr, PRIV_PROC_ZONE, B_FALSE))
6890 7481 priv |= DTRACE_PRIV_ZONEOWNER;
6891 7482 }
6892 7483
6893 7484 *privp = priv;
6894 7485 }
6895 7486
6896 7487 #ifdef DTRACE_ERRDEBUG
6897 7488 static void
6898 7489 dtrace_errdebug(const char *str)
6899 7490 {
6900 7491 int hval = dtrace_hash_str((char *)str) % DTRACE_ERRHASHSZ;
6901 7492 int occupied = 0;
6902 7493
6903 7494 mutex_enter(&dtrace_errlock);
6904 7495 dtrace_errlast = str;
6905 7496 dtrace_errthread = curthread;
6906 7497
6907 7498 while (occupied++ < DTRACE_ERRHASHSZ) {
6908 7499 if (dtrace_errhash[hval].dter_msg == str) {
6909 7500 dtrace_errhash[hval].dter_count++;
6910 7501 goto out;
6911 7502 }
6912 7503
6913 7504 if (dtrace_errhash[hval].dter_msg != NULL) {
6914 7505 hval = (hval + 1) % DTRACE_ERRHASHSZ;
6915 7506 continue;
6916 7507 }
6917 7508
6918 7509 dtrace_errhash[hval].dter_msg = str;
6919 7510 dtrace_errhash[hval].dter_count = 1;
6920 7511 goto out;
6921 7512 }
6922 7513
6923 7514 panic("dtrace: undersized error hash");
6924 7515 out:
6925 7516 mutex_exit(&dtrace_errlock);
6926 7517 }
6927 7518 #endif
6928 7519
6929 7520 /*
6930 7521 * DTrace Matching Functions
6931 7522 *
6932 7523 * These functions are used to match groups of probes, given some elements of
6933 7524 * a probe tuple, or some globbed expressions for elements of a probe tuple.
6934 7525 */
6935 7526 static int
6936 7527 dtrace_match_priv(const dtrace_probe_t *prp, uint32_t priv, uid_t uid,
6937 7528 zoneid_t zoneid)
6938 7529 {
6939 7530 if (priv != DTRACE_PRIV_ALL) {
6940 7531 uint32_t ppriv = prp->dtpr_provider->dtpv_priv.dtpp_flags;
6941 7532 uint32_t match = priv & ppriv;
6942 7533
6943 7534 /*
6944 7535 * No PRIV_DTRACE_* privileges...
6945 7536 */
6946 7537 if ((priv & (DTRACE_PRIV_PROC | DTRACE_PRIV_USER |
6947 7538 DTRACE_PRIV_KERNEL)) == 0)
6948 7539 return (0);
6949 7540
6950 7541 /*
6951 7542 * No matching bits, but there were bits to match...
6952 7543 */
6953 7544 if (match == 0 && ppriv != 0)
6954 7545 return (0);
6955 7546
6956 7547 /*
6957 7548 * Need to have permissions to the process, but don't...
6958 7549 */
6959 7550 if (((ppriv & ~match) & DTRACE_PRIV_OWNER) != 0 &&
6960 7551 uid != prp->dtpr_provider->dtpv_priv.dtpp_uid) {
6961 7552 return (0);
6962 7553 }
6963 7554
6964 7555 /*
6965 7556 * Need to be in the same zone unless we possess the
6966 7557 * privilege to examine all zones.
6967 7558 */
6968 7559 if (((ppriv & ~match) & DTRACE_PRIV_ZONEOWNER) != 0 &&
6969 7560 zoneid != prp->dtpr_provider->dtpv_priv.dtpp_zoneid) {
6970 7561 return (0);
6971 7562 }
6972 7563 }
6973 7564
6974 7565 return (1);
6975 7566 }
6976 7567
6977 7568 /*
6978 7569 * dtrace_match_probe compares a dtrace_probe_t to a pre-compiled key, which
6979 7570 * consists of input pattern strings and an ops-vector to evaluate them.
6980 7571 * This function returns >0 for match, 0 for no match, and <0 for error.
6981 7572 */
6982 7573 static int
6983 7574 dtrace_match_probe(const dtrace_probe_t *prp, const dtrace_probekey_t *pkp,
6984 7575 uint32_t priv, uid_t uid, zoneid_t zoneid)
6985 7576 {
6986 7577 dtrace_provider_t *pvp = prp->dtpr_provider;
6987 7578 int rv;
6988 7579
6989 7580 if (pvp->dtpv_defunct)
6990 7581 return (0);
6991 7582
6992 7583 if ((rv = pkp->dtpk_pmatch(pvp->dtpv_name, pkp->dtpk_prov, 0)) <= 0)
6993 7584 return (rv);
6994 7585
6995 7586 if ((rv = pkp->dtpk_mmatch(prp->dtpr_mod, pkp->dtpk_mod, 0)) <= 0)
6996 7587 return (rv);
6997 7588
6998 7589 if ((rv = pkp->dtpk_fmatch(prp->dtpr_func, pkp->dtpk_func, 0)) <= 0)
6999 7590 return (rv);
7000 7591
7001 7592 if ((rv = pkp->dtpk_nmatch(prp->dtpr_name, pkp->dtpk_name, 0)) <= 0)
7002 7593 return (rv);
7003 7594
7004 7595 if (dtrace_match_priv(prp, priv, uid, zoneid) == 0)
7005 7596 return (0);
7006 7597
7007 7598 return (rv);
7008 7599 }
7009 7600
7010 7601 /*
7011 7602 * dtrace_match_glob() is a safe kernel implementation of the gmatch(3GEN)
7012 7603 * interface for matching a glob pattern 'p' to an input string 's'. Unlike
7013 7604 * libc's version, the kernel version only applies to 8-bit ASCII strings.
7014 7605 * In addition, all of the recursion cases except for '*' matching have been
7015 7606 * unwound. For '*', we still implement recursive evaluation, but a depth
7016 7607 * counter is maintained and matching is aborted if we recurse too deep.
7017 7608 * The function returns 0 if no match, >0 if match, and <0 if recursion error.
7018 7609 */
7019 7610 static int
7020 7611 dtrace_match_glob(const char *s, const char *p, int depth)
7021 7612 {
7022 7613 const char *olds;
7023 7614 char s1, c;
7024 7615 int gs;
7025 7616
7026 7617 if (depth > DTRACE_PROBEKEY_MAXDEPTH)
7027 7618 return (-1);
7028 7619
7029 7620 if (s == NULL)
7030 7621 s = ""; /* treat NULL as empty string */
7031 7622
7032 7623 top:
7033 7624 olds = s;
7034 7625 s1 = *s++;
7035 7626
7036 7627 if (p == NULL)
7037 7628 return (0);
7038 7629
7039 7630 if ((c = *p++) == '\0')
7040 7631 return (s1 == '\0');
7041 7632
7042 7633 switch (c) {
7043 7634 case '[': {
7044 7635 int ok = 0, notflag = 0;
7045 7636 char lc = '\0';
7046 7637
7047 7638 if (s1 == '\0')
7048 7639 return (0);
7049 7640
7050 7641 if (*p == '!') {
7051 7642 notflag = 1;
7052 7643 p++;
7053 7644 }
7054 7645
7055 7646 if ((c = *p++) == '\0')
7056 7647 return (0);
7057 7648
7058 7649 do {
7059 7650 if (c == '-' && lc != '\0' && *p != ']') {
7060 7651 if ((c = *p++) == '\0')
7061 7652 return (0);
7062 7653 if (c == '\\' && (c = *p++) == '\0')
7063 7654 return (0);
7064 7655
7065 7656 if (notflag) {
7066 7657 if (s1 < lc || s1 > c)
7067 7658 ok++;
7068 7659 else
7069 7660 return (0);
7070 7661 } else if (lc <= s1 && s1 <= c)
7071 7662 ok++;
7072 7663
7073 7664 } else if (c == '\\' && (c = *p++) == '\0')
7074 7665 return (0);
7075 7666
7076 7667 lc = c; /* save left-hand 'c' for next iteration */
7077 7668
7078 7669 if (notflag) {
7079 7670 if (s1 != c)
7080 7671 ok++;
7081 7672 else
7082 7673 return (0);
7083 7674 } else if (s1 == c)
7084 7675 ok++;
7085 7676
7086 7677 if ((c = *p++) == '\0')
7087 7678 return (0);
7088 7679
7089 7680 } while (c != ']');
7090 7681
7091 7682 if (ok)
7092 7683 goto top;
7093 7684
7094 7685 return (0);
7095 7686 }
7096 7687
7097 7688 case '\\':
7098 7689 if ((c = *p++) == '\0')
7099 7690 return (0);
7100 7691 /*FALLTHRU*/
7101 7692
7102 7693 default:
7103 7694 if (c != s1)
7104 7695 return (0);
7105 7696 /*FALLTHRU*/
7106 7697
7107 7698 case '?':
7108 7699 if (s1 != '\0')
7109 7700 goto top;
7110 7701 return (0);
7111 7702
7112 7703 case '*':
7113 7704 while (*p == '*')
7114 7705 p++; /* consecutive *'s are identical to a single one */
7115 7706
7116 7707 if (*p == '\0')
7117 7708 return (1);
7118 7709
7119 7710 for (s = olds; *s != '\0'; s++) {
7120 7711 if ((gs = dtrace_match_glob(s, p, depth + 1)) != 0)
7121 7712 return (gs);
7122 7713 }
7123 7714
7124 7715 return (0);
7125 7716 }
7126 7717 }
7127 7718
7128 7719 /*ARGSUSED*/
7129 7720 static int
7130 7721 dtrace_match_string(const char *s, const char *p, int depth)
7131 7722 {
7132 7723 return (s != NULL && strcmp(s, p) == 0);
7133 7724 }
7134 7725
7135 7726 /*ARGSUSED*/
7136 7727 static int
7137 7728 dtrace_match_nul(const char *s, const char *p, int depth)
7138 7729 {
7139 7730 return (1); /* always match the empty pattern */
7140 7731 }
7141 7732
7142 7733 /*ARGSUSED*/
7143 7734 static int
7144 7735 dtrace_match_nonzero(const char *s, const char *p, int depth)
7145 7736 {
7146 7737 return (s != NULL && s[0] != '\0');
7147 7738 }
7148 7739
7149 7740 static int
7150 7741 dtrace_match(const dtrace_probekey_t *pkp, uint32_t priv, uid_t uid,
7151 7742 zoneid_t zoneid, int (*matched)(dtrace_probe_t *, void *), void *arg)
7152 7743 {
7153 7744 dtrace_probe_t template, *probe;
7154 7745 dtrace_hash_t *hash = NULL;
7155 7746 int len, rc, best = INT_MAX, nmatched = 0;
7156 7747 dtrace_id_t i;
7157 7748
7158 7749 ASSERT(MUTEX_HELD(&dtrace_lock));
7159 7750
7160 7751 /*
7161 7752 * If the probe ID is specified in the key, just lookup by ID and
7162 7753 * invoke the match callback once if a matching probe is found.
7163 7754 */
7164 7755 if (pkp->dtpk_id != DTRACE_IDNONE) {
7165 7756 if ((probe = dtrace_probe_lookup_id(pkp->dtpk_id)) != NULL &&
7166 7757 dtrace_match_probe(probe, pkp, priv, uid, zoneid) > 0) {
7167 7758 if ((*matched)(probe, arg) == DTRACE_MATCH_FAIL)
7168 7759 return (DTRACE_MATCH_FAIL);
7169 7760 nmatched++;
7170 7761 }
7171 7762 return (nmatched);
7172 7763 }
7173 7764
7174 7765 template.dtpr_mod = (char *)pkp->dtpk_mod;
7175 7766 template.dtpr_func = (char *)pkp->dtpk_func;
7176 7767 template.dtpr_name = (char *)pkp->dtpk_name;
7177 7768
7178 7769 /*
7179 7770 * We want to find the most distinct of the module name, function
7180 7771 * name, and name. So for each one that is not a glob pattern or
7181 7772 * empty string, we perform a lookup in the corresponding hash and
7182 7773 * use the hash table with the fewest collisions to do our search.
7183 7774 */
7184 7775 if (pkp->dtpk_mmatch == &dtrace_match_string &&
7185 7776 (len = dtrace_hash_collisions(dtrace_bymod, &template)) < best) {
7186 7777 best = len;
7187 7778 hash = dtrace_bymod;
7188 7779 }
7189 7780
7190 7781 if (pkp->dtpk_fmatch == &dtrace_match_string &&
7191 7782 (len = dtrace_hash_collisions(dtrace_byfunc, &template)) < best) {
7192 7783 best = len;
7193 7784 hash = dtrace_byfunc;
7194 7785 }
7195 7786
7196 7787 if (pkp->dtpk_nmatch == &dtrace_match_string &&
7197 7788 (len = dtrace_hash_collisions(dtrace_byname, &template)) < best) {
7198 7789 best = len;
7199 7790 hash = dtrace_byname;
7200 7791 }
7201 7792
7202 7793 /*
7203 7794 * If we did not select a hash table, iterate over every probe and
7204 7795 * invoke our callback for each one that matches our input probe key.
7205 7796 */
7206 7797 if (hash == NULL) {
7207 7798 for (i = 0; i < dtrace_nprobes; i++) {
7208 7799 if ((probe = dtrace_probes[i]) == NULL ||
7209 7800 dtrace_match_probe(probe, pkp, priv, uid,
7210 7801 zoneid) <= 0)
7211 7802 continue;
7212 7803
7213 7804 nmatched++;
7214 7805
7215 7806 if ((rc = (*matched)(probe, arg)) !=
7216 7807 DTRACE_MATCH_NEXT) {
7217 7808 if (rc == DTRACE_MATCH_FAIL)
7218 7809 return (DTRACE_MATCH_FAIL);
7219 7810 break;
7220 7811 }
7221 7812 }
7222 7813
7223 7814 return (nmatched);
7224 7815 }
7225 7816
7226 7817 /*
7227 7818 * If we selected a hash table, iterate over each probe of the same key
7228 7819 * name and invoke the callback for every probe that matches the other
7229 7820 * attributes of our input probe key.
7230 7821 */
7231 7822 for (probe = dtrace_hash_lookup(hash, &template); probe != NULL;
7232 7823 probe = *(DTRACE_HASHNEXT(hash, probe))) {
7233 7824
7234 7825 if (dtrace_match_probe(probe, pkp, priv, uid, zoneid) <= 0)
7235 7826 continue;
7236 7827
7237 7828 nmatched++;
7238 7829
7239 7830 if ((rc = (*matched)(probe, arg)) != DTRACE_MATCH_NEXT) {
7240 7831 if (rc == DTRACE_MATCH_FAIL)
7241 7832 return (DTRACE_MATCH_FAIL);
7242 7833 break;
7243 7834 }
7244 7835 }
7245 7836
7246 7837 return (nmatched);
7247 7838 }
7248 7839
7249 7840 /*
7250 7841 * Return the function pointer dtrace_probecmp() should use to compare the
7251 7842 * specified pattern with a string. For NULL or empty patterns, we select
7252 7843 * dtrace_match_nul(). For glob pattern strings, we use dtrace_match_glob().
7253 7844 * For non-empty non-glob strings, we use dtrace_match_string().
7254 7845 */
7255 7846 static dtrace_probekey_f *
7256 7847 dtrace_probekey_func(const char *p)
7257 7848 {
7258 7849 char c;
7259 7850
7260 7851 if (p == NULL || *p == '\0')
7261 7852 return (&dtrace_match_nul);
7262 7853
7263 7854 while ((c = *p++) != '\0') {
7264 7855 if (c == '[' || c == '?' || c == '*' || c == '\\')
7265 7856 return (&dtrace_match_glob);
7266 7857 }
7267 7858
7268 7859 return (&dtrace_match_string);
7269 7860 }
7270 7861
7271 7862 /*
7272 7863 * Build a probe comparison key for use with dtrace_match_probe() from the
7273 7864 * given probe description. By convention, a null key only matches anchored
7274 7865 * probes: if each field is the empty string, reset dtpk_fmatch to
7275 7866 * dtrace_match_nonzero().
7276 7867 */
7277 7868 static void
7278 7869 dtrace_probekey(const dtrace_probedesc_t *pdp, dtrace_probekey_t *pkp)
7279 7870 {
7280 7871 pkp->dtpk_prov = pdp->dtpd_provider;
7281 7872 pkp->dtpk_pmatch = dtrace_probekey_func(pdp->dtpd_provider);
7282 7873
7283 7874 pkp->dtpk_mod = pdp->dtpd_mod;
7284 7875 pkp->dtpk_mmatch = dtrace_probekey_func(pdp->dtpd_mod);
7285 7876
7286 7877 pkp->dtpk_func = pdp->dtpd_func;
7287 7878 pkp->dtpk_fmatch = dtrace_probekey_func(pdp->dtpd_func);
7288 7879
7289 7880 pkp->dtpk_name = pdp->dtpd_name;
7290 7881 pkp->dtpk_nmatch = dtrace_probekey_func(pdp->dtpd_name);
7291 7882
7292 7883 pkp->dtpk_id = pdp->dtpd_id;
7293 7884
7294 7885 if (pkp->dtpk_id == DTRACE_IDNONE &&
7295 7886 pkp->dtpk_pmatch == &dtrace_match_nul &&
7296 7887 pkp->dtpk_mmatch == &dtrace_match_nul &&
7297 7888 pkp->dtpk_fmatch == &dtrace_match_nul &&
7298 7889 pkp->dtpk_nmatch == &dtrace_match_nul)
7299 7890 pkp->dtpk_fmatch = &dtrace_match_nonzero;
7300 7891 }
7301 7892
7302 7893 /*
7303 7894 * DTrace Provider-to-Framework API Functions
7304 7895 *
7305 7896 * These functions implement much of the Provider-to-Framework API, as
7306 7897 * described in <sys/dtrace.h>. The parts of the API not in this section are
7307 7898 * the functions in the API for probe management (found below), and
7308 7899 * dtrace_probe() itself (found above).
7309 7900 */
7310 7901
7311 7902 /*
7312 7903 * Register the calling provider with the DTrace framework. This should
7313 7904 * generally be called by DTrace providers in their attach(9E) entry point.
7314 7905 */
7315 7906 int
7316 7907 dtrace_register(const char *name, const dtrace_pattr_t *pap, uint32_t priv,
7317 7908 cred_t *cr, const dtrace_pops_t *pops, void *arg, dtrace_provider_id_t *idp)
7318 7909 {
7319 7910 dtrace_provider_t *provider;
7320 7911
7321 7912 if (name == NULL || pap == NULL || pops == NULL || idp == NULL) {
7322 7913 cmn_err(CE_WARN, "failed to register provider '%s': invalid "
7323 7914 "arguments", name ? name : "<NULL>");
7324 7915 return (EINVAL);
7325 7916 }
7326 7917
7327 7918 if (name[0] == '\0' || dtrace_badname(name)) {
7328 7919 cmn_err(CE_WARN, "failed to register provider '%s': invalid "
7329 7920 "provider name", name);
7330 7921 return (EINVAL);
7331 7922 }
7332 7923
7333 7924 if ((pops->dtps_provide == NULL && pops->dtps_provide_module == NULL) ||
7334 7925 pops->dtps_enable == NULL || pops->dtps_disable == NULL ||
7335 7926 pops->dtps_destroy == NULL ||
7336 7927 ((pops->dtps_resume == NULL) != (pops->dtps_suspend == NULL))) {
7337 7928 cmn_err(CE_WARN, "failed to register provider '%s': invalid "
7338 7929 "provider ops", name);
7339 7930 return (EINVAL);
7340 7931 }
7341 7932
7342 7933 if (dtrace_badattr(&pap->dtpa_provider) ||
7343 7934 dtrace_badattr(&pap->dtpa_mod) ||
7344 7935 dtrace_badattr(&pap->dtpa_func) ||
7345 7936 dtrace_badattr(&pap->dtpa_name) ||
7346 7937 dtrace_badattr(&pap->dtpa_args)) {
7347 7938 cmn_err(CE_WARN, "failed to register provider '%s': invalid "
7348 7939 "provider attributes", name);
7349 7940 return (EINVAL);
7350 7941 }
7351 7942
7352 7943 if (priv & ~DTRACE_PRIV_ALL) {
7353 7944 cmn_err(CE_WARN, "failed to register provider '%s': invalid "
7354 7945 "privilege attributes", name);
7355 7946 return (EINVAL);
7356 7947 }
7357 7948
7358 7949 if ((priv & DTRACE_PRIV_KERNEL) &&
7359 7950 (priv & (DTRACE_PRIV_USER | DTRACE_PRIV_OWNER)) &&
7360 7951 pops->dtps_mode == NULL) {
7361 7952 cmn_err(CE_WARN, "failed to register provider '%s': need "
7362 7953 "dtps_mode() op for given privilege attributes", name);
7363 7954 return (EINVAL);
7364 7955 }
7365 7956
7366 7957 provider = kmem_zalloc(sizeof (dtrace_provider_t), KM_SLEEP);
7367 7958 provider->dtpv_name = kmem_alloc(strlen(name) + 1, KM_SLEEP);
7368 7959 (void) strcpy(provider->dtpv_name, name);
7369 7960
7370 7961 provider->dtpv_attr = *pap;
7371 7962 provider->dtpv_priv.dtpp_flags = priv;
7372 7963 if (cr != NULL) {
7373 7964 provider->dtpv_priv.dtpp_uid = crgetuid(cr);
7374 7965 provider->dtpv_priv.dtpp_zoneid = crgetzonedid(cr);
7375 7966 }
7376 7967 provider->dtpv_pops = *pops;
7377 7968
7378 7969 if (pops->dtps_provide == NULL) {
7379 7970 ASSERT(pops->dtps_provide_module != NULL);
7380 7971 provider->dtpv_pops.dtps_provide =
7381 7972 (void (*)(void *, const dtrace_probedesc_t *))dtrace_nullop;
7382 7973 }
7383 7974
7384 7975 if (pops->dtps_provide_module == NULL) {
7385 7976 ASSERT(pops->dtps_provide != NULL);
7386 7977 provider->dtpv_pops.dtps_provide_module =
7387 7978 (void (*)(void *, struct modctl *))dtrace_nullop;
7388 7979 }
7389 7980
7390 7981 if (pops->dtps_suspend == NULL) {
7391 7982 ASSERT(pops->dtps_resume == NULL);
7392 7983 provider->dtpv_pops.dtps_suspend =
7393 7984 (void (*)(void *, dtrace_id_t, void *))dtrace_nullop;
7394 7985 provider->dtpv_pops.dtps_resume =
7395 7986 (void (*)(void *, dtrace_id_t, void *))dtrace_nullop;
7396 7987 }
7397 7988
7398 7989 provider->dtpv_arg = arg;
7399 7990 *idp = (dtrace_provider_id_t)provider;
7400 7991
7401 7992 if (pops == &dtrace_provider_ops) {
7402 7993 ASSERT(MUTEX_HELD(&dtrace_provider_lock));
7403 7994 ASSERT(MUTEX_HELD(&dtrace_lock));
7404 7995 ASSERT(dtrace_anon.dta_enabling == NULL);
7405 7996
7406 7997 /*
7407 7998 * We make sure that the DTrace provider is at the head of
7408 7999 * the provider chain.
7409 8000 */
7410 8001 provider->dtpv_next = dtrace_provider;
7411 8002 dtrace_provider = provider;
7412 8003 return (0);
7413 8004 }
7414 8005
7415 8006 mutex_enter(&dtrace_provider_lock);
7416 8007 mutex_enter(&dtrace_lock);
7417 8008
7418 8009 /*
7419 8010 * If there is at least one provider registered, we'll add this
7420 8011 * provider after the first provider.
7421 8012 */
7422 8013 if (dtrace_provider != NULL) {
7423 8014 provider->dtpv_next = dtrace_provider->dtpv_next;
7424 8015 dtrace_provider->dtpv_next = provider;
7425 8016 } else {
7426 8017 dtrace_provider = provider;
7427 8018 }
7428 8019
7429 8020 if (dtrace_retained != NULL) {
7430 8021 dtrace_enabling_provide(provider);
7431 8022
7432 8023 /*
7433 8024 * Now we need to call dtrace_enabling_matchall() -- which
7434 8025 * will acquire cpu_lock and dtrace_lock. We therefore need
7435 8026 * to drop all of our locks before calling into it...
7436 8027 */
7437 8028 mutex_exit(&dtrace_lock);
7438 8029 mutex_exit(&dtrace_provider_lock);
7439 8030 dtrace_enabling_matchall();
7440 8031
7441 8032 return (0);
7442 8033 }
7443 8034
7444 8035 mutex_exit(&dtrace_lock);
7445 8036 mutex_exit(&dtrace_provider_lock);
7446 8037
7447 8038 return (0);
7448 8039 }
7449 8040
7450 8041 /*
7451 8042 * Unregister the specified provider from the DTrace framework. This should
7452 8043 * generally be called by DTrace providers in their detach(9E) entry point.
7453 8044 */
7454 8045 int
7455 8046 dtrace_unregister(dtrace_provider_id_t id)
7456 8047 {
7457 8048 dtrace_provider_t *old = (dtrace_provider_t *)id;
7458 8049 dtrace_provider_t *prev = NULL;
7459 8050 int i, self = 0, noreap = 0;
7460 8051 dtrace_probe_t *probe, *first = NULL;
7461 8052
7462 8053 if (old->dtpv_pops.dtps_enable ==
7463 8054 (int (*)(void *, dtrace_id_t, void *))dtrace_enable_nullop) {
7464 8055 /*
7465 8056 * If DTrace itself is the provider, we're called with locks
7466 8057 * already held.
7467 8058 */
7468 8059 ASSERT(old == dtrace_provider);
7469 8060 ASSERT(dtrace_devi != NULL);
7470 8061 ASSERT(MUTEX_HELD(&dtrace_provider_lock));
7471 8062 ASSERT(MUTEX_HELD(&dtrace_lock));
7472 8063 self = 1;
7473 8064
7474 8065 if (dtrace_provider->dtpv_next != NULL) {
7475 8066 /*
7476 8067 * There's another provider here; return failure.
7477 8068 */
7478 8069 return (EBUSY);
7479 8070 }
7480 8071 } else {
7481 8072 mutex_enter(&dtrace_provider_lock);
7482 8073 mutex_enter(&mod_lock);
7483 8074 mutex_enter(&dtrace_lock);
7484 8075 }
7485 8076
7486 8077 /*
7487 8078 * If anyone has /dev/dtrace open, or if there are anonymous enabled
7488 8079 * probes, we refuse to let providers slither away, unless this
7489 8080 * provider has already been explicitly invalidated.
7490 8081 */
7491 8082 if (!old->dtpv_defunct &&
7492 8083 (dtrace_opens || (dtrace_anon.dta_state != NULL &&
7493 8084 dtrace_anon.dta_state->dts_necbs > 0))) {
7494 8085 if (!self) {
7495 8086 mutex_exit(&dtrace_lock);
7496 8087 mutex_exit(&mod_lock);
7497 8088 mutex_exit(&dtrace_provider_lock);
7498 8089 }
7499 8090 return (EBUSY);
7500 8091 }
7501 8092
7502 8093 /*
7503 8094 * Attempt to destroy the probes associated with this provider.
7504 8095 */
7505 8096 for (i = 0; i < dtrace_nprobes; i++) {
7506 8097 if ((probe = dtrace_probes[i]) == NULL)
7507 8098 continue;
7508 8099
7509 8100 if (probe->dtpr_provider != old)
7510 8101 continue;
7511 8102
7512 8103 if (probe->dtpr_ecb == NULL)
7513 8104 continue;
7514 8105
7515 8106 /*
7516 8107 * If we are trying to unregister a defunct provider, and the
7517 8108 * provider was made defunct within the interval dictated by
7518 8109 * dtrace_unregister_defunct_reap, we'll (asynchronously)
7519 8110 * attempt to reap our enablings. To denote that the provider
7520 8111 * should reattempt to unregister itself at some point in the
7521 8112 * future, we will return a differentiable error code (EAGAIN
7522 8113 * instead of EBUSY) in this case.
7523 8114 */
7524 8115 if (dtrace_gethrtime() - old->dtpv_defunct >
7525 8116 dtrace_unregister_defunct_reap)
7526 8117 noreap = 1;
7527 8118
7528 8119 if (!self) {
7529 8120 mutex_exit(&dtrace_lock);
7530 8121 mutex_exit(&mod_lock);
7531 8122 mutex_exit(&dtrace_provider_lock);
7532 8123 }
7533 8124
7534 8125 if (noreap)
7535 8126 return (EBUSY);
7536 8127
7537 8128 (void) taskq_dispatch(dtrace_taskq,
7538 8129 (task_func_t *)dtrace_enabling_reap, NULL, TQ_SLEEP);
7539 8130
7540 8131 return (EAGAIN);
7541 8132 }
7542 8133
7543 8134 /*
7544 8135 * All of the probes for this provider are disabled; we can safely
7545 8136 * remove all of them from their hash chains and from the probe array.
7546 8137 */
7547 8138 for (i = 0; i < dtrace_nprobes; i++) {
7548 8139 if ((probe = dtrace_probes[i]) == NULL)
7549 8140 continue;
7550 8141
7551 8142 if (probe->dtpr_provider != old)
7552 8143 continue;
7553 8144
7554 8145 dtrace_probes[i] = NULL;
7555 8146
7556 8147 dtrace_hash_remove(dtrace_bymod, probe);
7557 8148 dtrace_hash_remove(dtrace_byfunc, probe);
7558 8149 dtrace_hash_remove(dtrace_byname, probe);
7559 8150
7560 8151 if (first == NULL) {
7561 8152 first = probe;
7562 8153 probe->dtpr_nextmod = NULL;
7563 8154 } else {
7564 8155 probe->dtpr_nextmod = first;
7565 8156 first = probe;
7566 8157 }
7567 8158 }
7568 8159
7569 8160 /*
7570 8161 * The provider's probes have been removed from the hash chains and
7571 8162 * from the probe array. Now issue a dtrace_sync() to be sure that
7572 8163 * everyone has cleared out from any probe array processing.
7573 8164 */
7574 8165 dtrace_sync();
7575 8166
7576 8167 for (probe = first; probe != NULL; probe = first) {
7577 8168 first = probe->dtpr_nextmod;
7578 8169
7579 8170 old->dtpv_pops.dtps_destroy(old->dtpv_arg, probe->dtpr_id,
7580 8171 probe->dtpr_arg);
7581 8172 kmem_free(probe->dtpr_mod, strlen(probe->dtpr_mod) + 1);
7582 8173 kmem_free(probe->dtpr_func, strlen(probe->dtpr_func) + 1);
7583 8174 kmem_free(probe->dtpr_name, strlen(probe->dtpr_name) + 1);
7584 8175 vmem_free(dtrace_arena, (void *)(uintptr_t)(probe->dtpr_id), 1);
7585 8176 kmem_free(probe, sizeof (dtrace_probe_t));
7586 8177 }
7587 8178
7588 8179 if ((prev = dtrace_provider) == old) {
7589 8180 ASSERT(self || dtrace_devi == NULL);
7590 8181 ASSERT(old->dtpv_next == NULL || dtrace_devi == NULL);
7591 8182 dtrace_provider = old->dtpv_next;
7592 8183 } else {
7593 8184 while (prev != NULL && prev->dtpv_next != old)
7594 8185 prev = prev->dtpv_next;
7595 8186
7596 8187 if (prev == NULL) {
7597 8188 panic("attempt to unregister non-existent "
7598 8189 "dtrace provider %p\n", (void *)id);
7599 8190 }
7600 8191
7601 8192 prev->dtpv_next = old->dtpv_next;
7602 8193 }
7603 8194
7604 8195 if (!self) {
7605 8196 mutex_exit(&dtrace_lock);
7606 8197 mutex_exit(&mod_lock);
7607 8198 mutex_exit(&dtrace_provider_lock);
7608 8199 }
7609 8200
7610 8201 kmem_free(old->dtpv_name, strlen(old->dtpv_name) + 1);
7611 8202 kmem_free(old, sizeof (dtrace_provider_t));
7612 8203
7613 8204 return (0);
7614 8205 }
7615 8206
7616 8207 /*
7617 8208 * Invalidate the specified provider. All subsequent probe lookups for the
7618 8209 * specified provider will fail, but its probes will not be removed.
7619 8210 */
7620 8211 void
7621 8212 dtrace_invalidate(dtrace_provider_id_t id)
7622 8213 {
7623 8214 dtrace_provider_t *pvp = (dtrace_provider_t *)id;
7624 8215
7625 8216 ASSERT(pvp->dtpv_pops.dtps_enable !=
7626 8217 (int (*)(void *, dtrace_id_t, void *))dtrace_enable_nullop);
7627 8218
7628 8219 mutex_enter(&dtrace_provider_lock);
7629 8220 mutex_enter(&dtrace_lock);
7630 8221
7631 8222 pvp->dtpv_defunct = dtrace_gethrtime();
7632 8223
7633 8224 mutex_exit(&dtrace_lock);
7634 8225 mutex_exit(&dtrace_provider_lock);
7635 8226 }
7636 8227
7637 8228 /*
7638 8229 * Indicate whether or not DTrace has attached.
7639 8230 */
7640 8231 int
7641 8232 dtrace_attached(void)
7642 8233 {
7643 8234 /*
7644 8235 * dtrace_provider will be non-NULL iff the DTrace driver has
7645 8236 * attached. (It's non-NULL because DTrace is always itself a
7646 8237 * provider.)
7647 8238 */
7648 8239 return (dtrace_provider != NULL);
7649 8240 }
7650 8241
7651 8242 /*
7652 8243 * Remove all the unenabled probes for the given provider. This function is
7653 8244 * not unlike dtrace_unregister(), except that it doesn't remove the provider
7654 8245 * -- just as many of its associated probes as it can.
7655 8246 */
7656 8247 int
7657 8248 dtrace_condense(dtrace_provider_id_t id)
7658 8249 {
7659 8250 dtrace_provider_t *prov = (dtrace_provider_t *)id;
7660 8251 int i;
7661 8252 dtrace_probe_t *probe;
7662 8253
7663 8254 /*
7664 8255 * Make sure this isn't the dtrace provider itself.
7665 8256 */
7666 8257 ASSERT(prov->dtpv_pops.dtps_enable !=
7667 8258 (int (*)(void *, dtrace_id_t, void *))dtrace_enable_nullop);
7668 8259
7669 8260 mutex_enter(&dtrace_provider_lock);
7670 8261 mutex_enter(&dtrace_lock);
7671 8262
7672 8263 /*
7673 8264 * Attempt to destroy the probes associated with this provider.
7674 8265 */
7675 8266 for (i = 0; i < dtrace_nprobes; i++) {
7676 8267 if ((probe = dtrace_probes[i]) == NULL)
7677 8268 continue;
7678 8269
7679 8270 if (probe->dtpr_provider != prov)
7680 8271 continue;
7681 8272
7682 8273 if (probe->dtpr_ecb != NULL)
7683 8274 continue;
7684 8275
7685 8276 dtrace_probes[i] = NULL;
7686 8277
7687 8278 dtrace_hash_remove(dtrace_bymod, probe);
7688 8279 dtrace_hash_remove(dtrace_byfunc, probe);
7689 8280 dtrace_hash_remove(dtrace_byname, probe);
7690 8281
7691 8282 prov->dtpv_pops.dtps_destroy(prov->dtpv_arg, i + 1,
7692 8283 probe->dtpr_arg);
7693 8284 kmem_free(probe->dtpr_mod, strlen(probe->dtpr_mod) + 1);
7694 8285 kmem_free(probe->dtpr_func, strlen(probe->dtpr_func) + 1);
7695 8286 kmem_free(probe->dtpr_name, strlen(probe->dtpr_name) + 1);
7696 8287 kmem_free(probe, sizeof (dtrace_probe_t));
7697 8288 vmem_free(dtrace_arena, (void *)((uintptr_t)i + 1), 1);
7698 8289 }
7699 8290
7700 8291 mutex_exit(&dtrace_lock);
7701 8292 mutex_exit(&dtrace_provider_lock);
7702 8293
7703 8294 return (0);
7704 8295 }
7705 8296
7706 8297 /*
7707 8298 * DTrace Probe Management Functions
7708 8299 *
7709 8300 * The functions in this section perform the DTrace probe management,
7710 8301 * including functions to create probes, look-up probes, and call into the
7711 8302 * providers to request that probes be provided. Some of these functions are
7712 8303 * in the Provider-to-Framework API; these functions can be identified by the
7713 8304 * fact that they are not declared "static".
7714 8305 */
7715 8306
7716 8307 /*
7717 8308 * Create a probe with the specified module name, function name, and name.
7718 8309 */
7719 8310 dtrace_id_t
7720 8311 dtrace_probe_create(dtrace_provider_id_t prov, const char *mod,
7721 8312 const char *func, const char *name, int aframes, void *arg)
7722 8313 {
7723 8314 dtrace_probe_t *probe, **probes;
7724 8315 dtrace_provider_t *provider = (dtrace_provider_t *)prov;
7725 8316 dtrace_id_t id;
7726 8317
7727 8318 if (provider == dtrace_provider) {
7728 8319 ASSERT(MUTEX_HELD(&dtrace_lock));
7729 8320 } else {
7730 8321 mutex_enter(&dtrace_lock);
7731 8322 }
7732 8323
7733 8324 id = (dtrace_id_t)(uintptr_t)vmem_alloc(dtrace_arena, 1,
7734 8325 VM_BESTFIT | VM_SLEEP);
7735 8326 probe = kmem_zalloc(sizeof (dtrace_probe_t), KM_SLEEP);
7736 8327
7737 8328 probe->dtpr_id = id;
7738 8329 probe->dtpr_gen = dtrace_probegen++;
7739 8330 probe->dtpr_mod = dtrace_strdup(mod);
7740 8331 probe->dtpr_func = dtrace_strdup(func);
7741 8332 probe->dtpr_name = dtrace_strdup(name);
7742 8333 probe->dtpr_arg = arg;
7743 8334 probe->dtpr_aframes = aframes;
7744 8335 probe->dtpr_provider = provider;
7745 8336
7746 8337 dtrace_hash_add(dtrace_bymod, probe);
7747 8338 dtrace_hash_add(dtrace_byfunc, probe);
7748 8339 dtrace_hash_add(dtrace_byname, probe);
7749 8340
7750 8341 if (id - 1 >= dtrace_nprobes) {
7751 8342 size_t osize = dtrace_nprobes * sizeof (dtrace_probe_t *);
7752 8343 size_t nsize = osize << 1;
7753 8344
7754 8345 if (nsize == 0) {
7755 8346 ASSERT(osize == 0);
7756 8347 ASSERT(dtrace_probes == NULL);
7757 8348 nsize = sizeof (dtrace_probe_t *);
7758 8349 }
7759 8350
7760 8351 probes = kmem_zalloc(nsize, KM_SLEEP);
7761 8352
7762 8353 if (dtrace_probes == NULL) {
7763 8354 ASSERT(osize == 0);
7764 8355 dtrace_probes = probes;
7765 8356 dtrace_nprobes = 1;
7766 8357 } else {
7767 8358 dtrace_probe_t **oprobes = dtrace_probes;
7768 8359
7769 8360 bcopy(oprobes, probes, osize);
7770 8361 dtrace_membar_producer();
7771 8362 dtrace_probes = probes;
7772 8363
7773 8364 dtrace_sync();
7774 8365
7775 8366 /*
7776 8367 * All CPUs are now seeing the new probes array; we can
7777 8368 * safely free the old array.
7778 8369 */
7779 8370 kmem_free(oprobes, osize);
7780 8371 dtrace_nprobes <<= 1;
7781 8372 }
7782 8373
7783 8374 ASSERT(id - 1 < dtrace_nprobes);
7784 8375 }
7785 8376
7786 8377 ASSERT(dtrace_probes[id - 1] == NULL);
7787 8378 dtrace_probes[id - 1] = probe;
7788 8379
7789 8380 if (provider != dtrace_provider)
7790 8381 mutex_exit(&dtrace_lock);
7791 8382
7792 8383 return (id);
7793 8384 }
7794 8385
7795 8386 static dtrace_probe_t *
7796 8387 dtrace_probe_lookup_id(dtrace_id_t id)
7797 8388 {
7798 8389 ASSERT(MUTEX_HELD(&dtrace_lock));
7799 8390
7800 8391 if (id == 0 || id > dtrace_nprobes)
7801 8392 return (NULL);
7802 8393
7803 8394 return (dtrace_probes[id - 1]);
7804 8395 }
7805 8396
7806 8397 static int
7807 8398 dtrace_probe_lookup_match(dtrace_probe_t *probe, void *arg)
7808 8399 {
7809 8400 *((dtrace_id_t *)arg) = probe->dtpr_id;
7810 8401
7811 8402 return (DTRACE_MATCH_DONE);
7812 8403 }
7813 8404
7814 8405 /*
7815 8406 * Look up a probe based on provider and one or more of module name, function
7816 8407 * name and probe name.
7817 8408 */
7818 8409 dtrace_id_t
7819 8410 dtrace_probe_lookup(dtrace_provider_id_t prid, const char *mod,
7820 8411 const char *func, const char *name)
7821 8412 {
7822 8413 dtrace_probekey_t pkey;
7823 8414 dtrace_id_t id;
7824 8415 int match;
7825 8416
7826 8417 pkey.dtpk_prov = ((dtrace_provider_t *)prid)->dtpv_name;
7827 8418 pkey.dtpk_pmatch = &dtrace_match_string;
7828 8419 pkey.dtpk_mod = mod;
7829 8420 pkey.dtpk_mmatch = mod ? &dtrace_match_string : &dtrace_match_nul;
7830 8421 pkey.dtpk_func = func;
7831 8422 pkey.dtpk_fmatch = func ? &dtrace_match_string : &dtrace_match_nul;
7832 8423 pkey.dtpk_name = name;
7833 8424 pkey.dtpk_nmatch = name ? &dtrace_match_string : &dtrace_match_nul;
7834 8425 pkey.dtpk_id = DTRACE_IDNONE;
7835 8426
7836 8427 mutex_enter(&dtrace_lock);
7837 8428 match = dtrace_match(&pkey, DTRACE_PRIV_ALL, 0, 0,
7838 8429 dtrace_probe_lookup_match, &id);
7839 8430 mutex_exit(&dtrace_lock);
7840 8431
7841 8432 ASSERT(match == 1 || match == 0);
7842 8433 return (match ? id : 0);
7843 8434 }
7844 8435
7845 8436 /*
7846 8437 * Returns the probe argument associated with the specified probe.
7847 8438 */
7848 8439 void *
7849 8440 dtrace_probe_arg(dtrace_provider_id_t id, dtrace_id_t pid)
7850 8441 {
7851 8442 dtrace_probe_t *probe;
7852 8443 void *rval = NULL;
7853 8444
7854 8445 mutex_enter(&dtrace_lock);
7855 8446
7856 8447 if ((probe = dtrace_probe_lookup_id(pid)) != NULL &&
7857 8448 probe->dtpr_provider == (dtrace_provider_t *)id)
7858 8449 rval = probe->dtpr_arg;
7859 8450
7860 8451 mutex_exit(&dtrace_lock);
7861 8452
7862 8453 return (rval);
7863 8454 }
7864 8455
7865 8456 /*
7866 8457 * Copy a probe into a probe description.
7867 8458 */
7868 8459 static void
7869 8460 dtrace_probe_description(const dtrace_probe_t *prp, dtrace_probedesc_t *pdp)
7870 8461 {
7871 8462 bzero(pdp, sizeof (dtrace_probedesc_t));
7872 8463 pdp->dtpd_id = prp->dtpr_id;
7873 8464
7874 8465 (void) strncpy(pdp->dtpd_provider,
7875 8466 prp->dtpr_provider->dtpv_name, DTRACE_PROVNAMELEN - 1);
7876 8467
7877 8468 (void) strncpy(pdp->dtpd_mod, prp->dtpr_mod, DTRACE_MODNAMELEN - 1);
7878 8469 (void) strncpy(pdp->dtpd_func, prp->dtpr_func, DTRACE_FUNCNAMELEN - 1);
7879 8470 (void) strncpy(pdp->dtpd_name, prp->dtpr_name, DTRACE_NAMELEN - 1);
7880 8471 }
7881 8472
7882 8473 /*
7883 8474 * Called to indicate that a probe -- or probes -- should be provided by a
7884 8475 * specfied provider. If the specified description is NULL, the provider will
7885 8476 * be told to provide all of its probes. (This is done whenever a new
7886 8477 * consumer comes along, or whenever a retained enabling is to be matched.) If
7887 8478 * the specified description is non-NULL, the provider is given the
7888 8479 * opportunity to dynamically provide the specified probe, allowing providers
7889 8480 * to support the creation of probes on-the-fly. (So-called _autocreated_
7890 8481 * probes.) If the provider is NULL, the operations will be applied to all
7891 8482 * providers; if the provider is non-NULL the operations will only be applied
7892 8483 * to the specified provider. The dtrace_provider_lock must be held, and the
7893 8484 * dtrace_lock must _not_ be held -- the provider's dtps_provide() operation
7894 8485 * will need to grab the dtrace_lock when it reenters the framework through
7895 8486 * dtrace_probe_lookup(), dtrace_probe_create(), etc.
7896 8487 */
7897 8488 static void
7898 8489 dtrace_probe_provide(dtrace_probedesc_t *desc, dtrace_provider_t *prv)
7899 8490 {
7900 8491 struct modctl *ctl;
7901 8492 int all = 0;
7902 8493
7903 8494 ASSERT(MUTEX_HELD(&dtrace_provider_lock));
7904 8495
7905 8496 if (prv == NULL) {
7906 8497 all = 1;
7907 8498 prv = dtrace_provider;
7908 8499 }
7909 8500
7910 8501 do {
7911 8502 /*
7912 8503 * First, call the blanket provide operation.
7913 8504 */
7914 8505 prv->dtpv_pops.dtps_provide(prv->dtpv_arg, desc);
7915 8506
7916 8507 /*
7917 8508 * Now call the per-module provide operation. We will grab
7918 8509 * mod_lock to prevent the list from being modified. Note
7919 8510 * that this also prevents the mod_busy bits from changing.
7920 8511 * (mod_busy can only be changed with mod_lock held.)
7921 8512 */
7922 8513 mutex_enter(&mod_lock);
7923 8514
7924 8515 ctl = &modules;
7925 8516 do {
7926 8517 if (ctl->mod_busy || ctl->mod_mp == NULL)
7927 8518 continue;
7928 8519
7929 8520 prv->dtpv_pops.dtps_provide_module(prv->dtpv_arg, ctl);
7930 8521
7931 8522 } while ((ctl = ctl->mod_next) != &modules);
7932 8523
7933 8524 mutex_exit(&mod_lock);
7934 8525 } while (all && (prv = prv->dtpv_next) != NULL);
7935 8526 }
7936 8527
7937 8528 /*
7938 8529 * Iterate over each probe, and call the Framework-to-Provider API function
7939 8530 * denoted by offs.
7940 8531 */
7941 8532 static void
7942 8533 dtrace_probe_foreach(uintptr_t offs)
7943 8534 {
7944 8535 dtrace_provider_t *prov;
7945 8536 void (*func)(void *, dtrace_id_t, void *);
7946 8537 dtrace_probe_t *probe;
7947 8538 dtrace_icookie_t cookie;
7948 8539 int i;
7949 8540
7950 8541 /*
7951 8542 * We disable interrupts to walk through the probe array. This is
7952 8543 * safe -- the dtrace_sync() in dtrace_unregister() assures that we
7953 8544 * won't see stale data.
7954 8545 */
7955 8546 cookie = dtrace_interrupt_disable();
7956 8547
7957 8548 for (i = 0; i < dtrace_nprobes; i++) {
7958 8549 if ((probe = dtrace_probes[i]) == NULL)
7959 8550 continue;
7960 8551
7961 8552 if (probe->dtpr_ecb == NULL) {
7962 8553 /*
7963 8554 * This probe isn't enabled -- don't call the function.
7964 8555 */
7965 8556 continue;
7966 8557 }
7967 8558
7968 8559 prov = probe->dtpr_provider;
7969 8560 func = *((void(**)(void *, dtrace_id_t, void *))
7970 8561 ((uintptr_t)&prov->dtpv_pops + offs));
7971 8562
7972 8563 func(prov->dtpv_arg, i + 1, probe->dtpr_arg);
7973 8564 }
7974 8565
7975 8566 dtrace_interrupt_enable(cookie);
7976 8567 }
7977 8568
7978 8569 static int
7979 8570 dtrace_probe_enable(const dtrace_probedesc_t *desc, dtrace_enabling_t *enab)
7980 8571 {
7981 8572 dtrace_probekey_t pkey;
7982 8573 uint32_t priv;
7983 8574 uid_t uid;
7984 8575 zoneid_t zoneid;
7985 8576 dtrace_state_t *state = enab->dten_vstate->dtvs_state;
7986 8577
7987 8578 ASSERT(MUTEX_HELD(&dtrace_lock));
7988 8579 dtrace_ecb_create_cache = NULL;
7989 8580
7990 8581 if (desc == NULL) {
7991 8582 /*
7992 8583 * If we're passed a NULL description, we're being asked to
7993 8584 * create an ECB with a NULL probe.
7994 8585 */
7995 8586 (void) dtrace_ecb_create_enable(NULL, enab);
7996 8587 return (0);
7997 8588 }
7998 8589
7999 8590 dtrace_probekey(desc, &pkey);
8000 8591 dtrace_cred2priv(state->dts_cred.dcr_cred, &priv, &uid, &zoneid);
8001 8592
8002 8593 if ((priv & DTRACE_PRIV_ZONEOWNER) &&
8003 8594 state->dts_options[DTRACEOPT_ZONE] != DTRACEOPT_UNSET) {
8004 8595 /*
8005 8596 * If we have the privilege of instrumenting all zones but we
8006 8597 * have been told to instrument but one, we will spoof this up
8007 8598 * depriving ourselves of DTRACE_PRIV_ZONEOWNER for purposes
8008 8599 * of dtrace_match(). (Note that DTRACEOPT_ZONE is not for
8009 8600 * security but rather for performance: it allows the global
8010 8601 * zone to instrument USDT probes in a local zone without
8011 8602 * requiring all zones to be instrumented.)
8012 8603 */
8013 8604 priv &= ~DTRACE_PRIV_ZONEOWNER;
8014 8605 zoneid = state->dts_options[DTRACEOPT_ZONE];
8015 8606 }
8016 8607
8017 8608 return (dtrace_match(&pkey, priv, uid, zoneid, dtrace_ecb_create_enable,
8018 8609 enab));
8019 8610 }
8020 8611
8021 8612 /*
8022 8613 * DTrace Helper Provider Functions
8023 8614 */
8024 8615 static void
8025 8616 dtrace_dofattr2attr(dtrace_attribute_t *attr, const dof_attr_t dofattr)
8026 8617 {
8027 8618 attr->dtat_name = DOF_ATTR_NAME(dofattr);
8028 8619 attr->dtat_data = DOF_ATTR_DATA(dofattr);
8029 8620 attr->dtat_class = DOF_ATTR_CLASS(dofattr);
8030 8621 }
8031 8622
8032 8623 static void
8033 8624 dtrace_dofprov2hprov(dtrace_helper_provdesc_t *hprov,
8034 8625 const dof_provider_t *dofprov, char *strtab)
8035 8626 {
8036 8627 hprov->dthpv_provname = strtab + dofprov->dofpv_name;
8037 8628 dtrace_dofattr2attr(&hprov->dthpv_pattr.dtpa_provider,
8038 8629 dofprov->dofpv_provattr);
8039 8630 dtrace_dofattr2attr(&hprov->dthpv_pattr.dtpa_mod,
8040 8631 dofprov->dofpv_modattr);
8041 8632 dtrace_dofattr2attr(&hprov->dthpv_pattr.dtpa_func,
8042 8633 dofprov->dofpv_funcattr);
8043 8634 dtrace_dofattr2attr(&hprov->dthpv_pattr.dtpa_name,
8044 8635 dofprov->dofpv_nameattr);
8045 8636 dtrace_dofattr2attr(&hprov->dthpv_pattr.dtpa_args,
8046 8637 dofprov->dofpv_argsattr);
8047 8638 }
8048 8639
8049 8640 static void
8050 8641 dtrace_helper_provide_one(dof_helper_t *dhp, dof_sec_t *sec, pid_t pid)
8051 8642 {
8052 8643 uintptr_t daddr = (uintptr_t)dhp->dofhp_dof;
8053 8644 dof_hdr_t *dof = (dof_hdr_t *)daddr;
8054 8645 dof_sec_t *str_sec, *prb_sec, *arg_sec, *off_sec, *enoff_sec;
8055 8646 dof_provider_t *provider;
8056 8647 dof_probe_t *probe;
8057 8648 uint32_t *off, *enoff;
8058 8649 uint8_t *arg;
8059 8650 char *strtab;
8060 8651 uint_t i, nprobes;
8061 8652 dtrace_helper_provdesc_t dhpv;
8062 8653 dtrace_helper_probedesc_t dhpb;
8063 8654 dtrace_meta_t *meta = dtrace_meta_pid;
8064 8655 dtrace_mops_t *mops = &meta->dtm_mops;
8065 8656 void *parg;
8066 8657
8067 8658 provider = (dof_provider_t *)(uintptr_t)(daddr + sec->dofs_offset);
8068 8659 str_sec = (dof_sec_t *)(uintptr_t)(daddr + dof->dofh_secoff +
8069 8660 provider->dofpv_strtab * dof->dofh_secsize);
8070 8661 prb_sec = (dof_sec_t *)(uintptr_t)(daddr + dof->dofh_secoff +
8071 8662 provider->dofpv_probes * dof->dofh_secsize);
8072 8663 arg_sec = (dof_sec_t *)(uintptr_t)(daddr + dof->dofh_secoff +
8073 8664 provider->dofpv_prargs * dof->dofh_secsize);
8074 8665 off_sec = (dof_sec_t *)(uintptr_t)(daddr + dof->dofh_secoff +
8075 8666 provider->dofpv_proffs * dof->dofh_secsize);
8076 8667
8077 8668 strtab = (char *)(uintptr_t)(daddr + str_sec->dofs_offset);
8078 8669 off = (uint32_t *)(uintptr_t)(daddr + off_sec->dofs_offset);
8079 8670 arg = (uint8_t *)(uintptr_t)(daddr + arg_sec->dofs_offset);
8080 8671 enoff = NULL;
8081 8672
8082 8673 /*
8083 8674 * See dtrace_helper_provider_validate().
8084 8675 */
8085 8676 if (dof->dofh_ident[DOF_ID_VERSION] != DOF_VERSION_1 &&
8086 8677 provider->dofpv_prenoffs != DOF_SECT_NONE) {
8087 8678 enoff_sec = (dof_sec_t *)(uintptr_t)(daddr + dof->dofh_secoff +
8088 8679 provider->dofpv_prenoffs * dof->dofh_secsize);
8089 8680 enoff = (uint32_t *)(uintptr_t)(daddr + enoff_sec->dofs_offset);
8090 8681 }
8091 8682
8092 8683 nprobes = prb_sec->dofs_size / prb_sec->dofs_entsize;
8093 8684
8094 8685 /*
8095 8686 * Create the provider.
8096 8687 */
8097 8688 dtrace_dofprov2hprov(&dhpv, provider, strtab);
8098 8689
8099 8690 if ((parg = mops->dtms_provide_pid(meta->dtm_arg, &dhpv, pid)) == NULL)
8100 8691 return;
8101 8692
8102 8693 meta->dtm_count++;
8103 8694
8104 8695 /*
8105 8696 * Create the probes.
8106 8697 */
8107 8698 for (i = 0; i < nprobes; i++) {
8108 8699 probe = (dof_probe_t *)(uintptr_t)(daddr +
8109 8700 prb_sec->dofs_offset + i * prb_sec->dofs_entsize);
8110 8701
8111 8702 dhpb.dthpb_mod = dhp->dofhp_mod;
8112 8703 dhpb.dthpb_func = strtab + probe->dofpr_func;
8113 8704 dhpb.dthpb_name = strtab + probe->dofpr_name;
8114 8705 dhpb.dthpb_base = probe->dofpr_addr;
8115 8706 dhpb.dthpb_offs = off + probe->dofpr_offidx;
8116 8707 dhpb.dthpb_noffs = probe->dofpr_noffs;
8117 8708 if (enoff != NULL) {
8118 8709 dhpb.dthpb_enoffs = enoff + probe->dofpr_enoffidx;
8119 8710 dhpb.dthpb_nenoffs = probe->dofpr_nenoffs;
8120 8711 } else {
8121 8712 dhpb.dthpb_enoffs = NULL;
8122 8713 dhpb.dthpb_nenoffs = 0;
8123 8714 }
8124 8715 dhpb.dthpb_args = arg + probe->dofpr_argidx;
8125 8716 dhpb.dthpb_nargc = probe->dofpr_nargc;
8126 8717 dhpb.dthpb_xargc = probe->dofpr_xargc;
8127 8718 dhpb.dthpb_ntypes = strtab + probe->dofpr_nargv;
8128 8719 dhpb.dthpb_xtypes = strtab + probe->dofpr_xargv;
8129 8720
8130 8721 mops->dtms_create_probe(meta->dtm_arg, parg, &dhpb);
8131 8722 }
8132 8723 }
8133 8724
8134 8725 static void
8135 8726 dtrace_helper_provide(dof_helper_t *dhp, pid_t pid)
8136 8727 {
8137 8728 uintptr_t daddr = (uintptr_t)dhp->dofhp_dof;
8138 8729 dof_hdr_t *dof = (dof_hdr_t *)daddr;
8139 8730 int i;
8140 8731
8141 8732 ASSERT(MUTEX_HELD(&dtrace_meta_lock));
8142 8733
8143 8734 for (i = 0; i < dof->dofh_secnum; i++) {
8144 8735 dof_sec_t *sec = (dof_sec_t *)(uintptr_t)(daddr +
8145 8736 dof->dofh_secoff + i * dof->dofh_secsize);
8146 8737
8147 8738 if (sec->dofs_type != DOF_SECT_PROVIDER)
8148 8739 continue;
8149 8740
8150 8741 dtrace_helper_provide_one(dhp, sec, pid);
8151 8742 }
8152 8743
8153 8744 /*
8154 8745 * We may have just created probes, so we must now rematch against
8155 8746 * any retained enablings. Note that this call will acquire both
8156 8747 * cpu_lock and dtrace_lock; the fact that we are holding
8157 8748 * dtrace_meta_lock now is what defines the ordering with respect to
8158 8749 * these three locks.
8159 8750 */
8160 8751 dtrace_enabling_matchall();
8161 8752 }
8162 8753
8163 8754 static void
8164 8755 dtrace_helper_provider_remove_one(dof_helper_t *dhp, dof_sec_t *sec, pid_t pid)
8165 8756 {
8166 8757 uintptr_t daddr = (uintptr_t)dhp->dofhp_dof;
8167 8758 dof_hdr_t *dof = (dof_hdr_t *)daddr;
8168 8759 dof_sec_t *str_sec;
8169 8760 dof_provider_t *provider;
8170 8761 char *strtab;
8171 8762 dtrace_helper_provdesc_t dhpv;
8172 8763 dtrace_meta_t *meta = dtrace_meta_pid;
8173 8764 dtrace_mops_t *mops = &meta->dtm_mops;
8174 8765
8175 8766 provider = (dof_provider_t *)(uintptr_t)(daddr + sec->dofs_offset);
8176 8767 str_sec = (dof_sec_t *)(uintptr_t)(daddr + dof->dofh_secoff +
8177 8768 provider->dofpv_strtab * dof->dofh_secsize);
8178 8769
8179 8770 strtab = (char *)(uintptr_t)(daddr + str_sec->dofs_offset);
8180 8771
8181 8772 /*
8182 8773 * Create the provider.
8183 8774 */
8184 8775 dtrace_dofprov2hprov(&dhpv, provider, strtab);
8185 8776
8186 8777 mops->dtms_remove_pid(meta->dtm_arg, &dhpv, pid);
8187 8778
8188 8779 meta->dtm_count--;
8189 8780 }
8190 8781
8191 8782 static void
8192 8783 dtrace_helper_provider_remove(dof_helper_t *dhp, pid_t pid)
8193 8784 {
8194 8785 uintptr_t daddr = (uintptr_t)dhp->dofhp_dof;
8195 8786 dof_hdr_t *dof = (dof_hdr_t *)daddr;
8196 8787 int i;
8197 8788
8198 8789 ASSERT(MUTEX_HELD(&dtrace_meta_lock));
8199 8790
8200 8791 for (i = 0; i < dof->dofh_secnum; i++) {
8201 8792 dof_sec_t *sec = (dof_sec_t *)(uintptr_t)(daddr +
8202 8793 dof->dofh_secoff + i * dof->dofh_secsize);
8203 8794
8204 8795 if (sec->dofs_type != DOF_SECT_PROVIDER)
8205 8796 continue;
8206 8797
8207 8798 dtrace_helper_provider_remove_one(dhp, sec, pid);
8208 8799 }
8209 8800 }
8210 8801
8211 8802 /*
8212 8803 * DTrace Meta Provider-to-Framework API Functions
8213 8804 *
8214 8805 * These functions implement the Meta Provider-to-Framework API, as described
8215 8806 * in <sys/dtrace.h>.
8216 8807 */
8217 8808 int
8218 8809 dtrace_meta_register(const char *name, const dtrace_mops_t *mops, void *arg,
8219 8810 dtrace_meta_provider_id_t *idp)
8220 8811 {
8221 8812 dtrace_meta_t *meta;
8222 8813 dtrace_helpers_t *help, *next;
8223 8814 int i;
8224 8815
8225 8816 *idp = DTRACE_METAPROVNONE;
8226 8817
8227 8818 /*
8228 8819 * We strictly don't need the name, but we hold onto it for
8229 8820 * debuggability. All hail error queues!
8230 8821 */
8231 8822 if (name == NULL) {
8232 8823 cmn_err(CE_WARN, "failed to register meta-provider: "
8233 8824 "invalid name");
8234 8825 return (EINVAL);
8235 8826 }
8236 8827
8237 8828 if (mops == NULL ||
8238 8829 mops->dtms_create_probe == NULL ||
8239 8830 mops->dtms_provide_pid == NULL ||
8240 8831 mops->dtms_remove_pid == NULL) {
8241 8832 cmn_err(CE_WARN, "failed to register meta-register %s: "
8242 8833 "invalid ops", name);
8243 8834 return (EINVAL);
8244 8835 }
8245 8836
8246 8837 meta = kmem_zalloc(sizeof (dtrace_meta_t), KM_SLEEP);
8247 8838 meta->dtm_mops = *mops;
8248 8839 meta->dtm_name = kmem_alloc(strlen(name) + 1, KM_SLEEP);
8249 8840 (void) strcpy(meta->dtm_name, name);
8250 8841 meta->dtm_arg = arg;
8251 8842
8252 8843 mutex_enter(&dtrace_meta_lock);
8253 8844 mutex_enter(&dtrace_lock);
8254 8845
8255 8846 if (dtrace_meta_pid != NULL) {
8256 8847 mutex_exit(&dtrace_lock);
8257 8848 mutex_exit(&dtrace_meta_lock);
8258 8849 cmn_err(CE_WARN, "failed to register meta-register %s: "
8259 8850 "user-land meta-provider exists", name);
8260 8851 kmem_free(meta->dtm_name, strlen(meta->dtm_name) + 1);
8261 8852 kmem_free(meta, sizeof (dtrace_meta_t));
8262 8853 return (EINVAL);
8263 8854 }
8264 8855
8265 8856 dtrace_meta_pid = meta;
8266 8857 *idp = (dtrace_meta_provider_id_t)meta;
8267 8858
8268 8859 /*
8269 8860 * If there are providers and probes ready to go, pass them
8270 8861 * off to the new meta provider now.
8271 8862 */
8272 8863
8273 8864 help = dtrace_deferred_pid;
8274 8865 dtrace_deferred_pid = NULL;
8275 8866
8276 8867 mutex_exit(&dtrace_lock);
8277 8868
8278 8869 while (help != NULL) {
8279 8870 for (i = 0; i < help->dthps_nprovs; i++) {
8280 8871 dtrace_helper_provide(&help->dthps_provs[i]->dthp_prov,
8281 8872 help->dthps_pid);
8282 8873 }
8283 8874
8284 8875 next = help->dthps_next;
8285 8876 help->dthps_next = NULL;
8286 8877 help->dthps_prev = NULL;
8287 8878 help->dthps_deferred = 0;
8288 8879 help = next;
8289 8880 }
8290 8881
8291 8882 mutex_exit(&dtrace_meta_lock);
8292 8883
8293 8884 return (0);
8294 8885 }
8295 8886
8296 8887 int
8297 8888 dtrace_meta_unregister(dtrace_meta_provider_id_t id)
8298 8889 {
8299 8890 dtrace_meta_t **pp, *old = (dtrace_meta_t *)id;
8300 8891
8301 8892 mutex_enter(&dtrace_meta_lock);
8302 8893 mutex_enter(&dtrace_lock);
8303 8894
8304 8895 if (old == dtrace_meta_pid) {
8305 8896 pp = &dtrace_meta_pid;
8306 8897 } else {
8307 8898 panic("attempt to unregister non-existent "
8308 8899 "dtrace meta-provider %p\n", (void *)old);
8309 8900 }
8310 8901
8311 8902 if (old->dtm_count != 0) {
8312 8903 mutex_exit(&dtrace_lock);
8313 8904 mutex_exit(&dtrace_meta_lock);
8314 8905 return (EBUSY);
8315 8906 }
8316 8907
8317 8908 *pp = NULL;
8318 8909
8319 8910 mutex_exit(&dtrace_lock);
8320 8911 mutex_exit(&dtrace_meta_lock);
8321 8912
8322 8913 kmem_free(old->dtm_name, strlen(old->dtm_name) + 1);
8323 8914 kmem_free(old, sizeof (dtrace_meta_t));
8324 8915
8325 8916 return (0);
8326 8917 }
8327 8918
8328 8919
8329 8920 /*
8330 8921 * DTrace DIF Object Functions
8331 8922 */
8332 8923 static int
8333 8924 dtrace_difo_err(uint_t pc, const char *format, ...)
8334 8925 {
8335 8926 if (dtrace_err_verbose) {
8336 8927 va_list alist;
8337 8928
8338 8929 (void) uprintf("dtrace DIF object error: [%u]: ", pc);
8339 8930 va_start(alist, format);
8340 8931 (void) vuprintf(format, alist);
8341 8932 va_end(alist);
8342 8933 }
8343 8934
8344 8935 #ifdef DTRACE_ERRDEBUG
8345 8936 dtrace_errdebug(format);
8346 8937 #endif
8347 8938 return (1);
8348 8939 }
8349 8940
8350 8941 /*
8351 8942 * Validate a DTrace DIF object by checking the IR instructions. The following
8352 8943 * rules are currently enforced by dtrace_difo_validate():
8353 8944 *
8354 8945 * 1. Each instruction must have a valid opcode
8355 8946 * 2. Each register, string, variable, or subroutine reference must be valid
8356 8947 * 3. No instruction can modify register %r0 (must be zero)
8357 8948 * 4. All instruction reserved bits must be set to zero
8358 8949 * 5. The last instruction must be a "ret" instruction
8359 8950 * 6. All branch targets must reference a valid instruction _after_ the branch
8360 8951 */
8361 8952 static int
8362 8953 dtrace_difo_validate(dtrace_difo_t *dp, dtrace_vstate_t *vstate, uint_t nregs,
8363 8954 cred_t *cr)
8364 8955 {
8365 8956 int err = 0, i;
8366 8957 int (*efunc)(uint_t pc, const char *, ...) = dtrace_difo_err;
8367 8958 int kcheckload;
8368 8959 uint_t pc;
8369 8960
8370 8961 kcheckload = cr == NULL ||
8371 8962 (vstate->dtvs_state->dts_cred.dcr_visible & DTRACE_CRV_KERNEL) == 0;
8372 8963
8373 8964 dp->dtdo_destructive = 0;
8374 8965
8375 8966 for (pc = 0; pc < dp->dtdo_len && err == 0; pc++) {
8376 8967 dif_instr_t instr = dp->dtdo_buf[pc];
8377 8968
8378 8969 uint_t r1 = DIF_INSTR_R1(instr);
8379 8970 uint_t r2 = DIF_INSTR_R2(instr);
8380 8971 uint_t rd = DIF_INSTR_RD(instr);
8381 8972 uint_t rs = DIF_INSTR_RS(instr);
8382 8973 uint_t label = DIF_INSTR_LABEL(instr);
8383 8974 uint_t v = DIF_INSTR_VAR(instr);
8384 8975 uint_t subr = DIF_INSTR_SUBR(instr);
8385 8976 uint_t type = DIF_INSTR_TYPE(instr);
8386 8977 uint_t op = DIF_INSTR_OP(instr);
8387 8978
8388 8979 switch (op) {
8389 8980 case DIF_OP_OR:
8390 8981 case DIF_OP_XOR:
8391 8982 case DIF_OP_AND:
8392 8983 case DIF_OP_SLL:
8393 8984 case DIF_OP_SRL:
8394 8985 case DIF_OP_SRA:
8395 8986 case DIF_OP_SUB:
8396 8987 case DIF_OP_ADD:
8397 8988 case DIF_OP_MUL:
8398 8989 case DIF_OP_SDIV:
8399 8990 case DIF_OP_UDIV:
8400 8991 case DIF_OP_SREM:
8401 8992 case DIF_OP_UREM:
8402 8993 case DIF_OP_COPYS:
8403 8994 if (r1 >= nregs)
8404 8995 err += efunc(pc, "invalid register %u\n", r1);
8405 8996 if (r2 >= nregs)
8406 8997 err += efunc(pc, "invalid register %u\n", r2);
8407 8998 if (rd >= nregs)
8408 8999 err += efunc(pc, "invalid register %u\n", rd);
8409 9000 if (rd == 0)
8410 9001 err += efunc(pc, "cannot write to %r0\n");
8411 9002 break;
8412 9003 case DIF_OP_NOT:
8413 9004 case DIF_OP_MOV:
8414 9005 case DIF_OP_ALLOCS:
8415 9006 if (r1 >= nregs)
8416 9007 err += efunc(pc, "invalid register %u\n", r1);
8417 9008 if (r2 != 0)
8418 9009 err += efunc(pc, "non-zero reserved bits\n");
8419 9010 if (rd >= nregs)
8420 9011 err += efunc(pc, "invalid register %u\n", rd);
8421 9012 if (rd == 0)
8422 9013 err += efunc(pc, "cannot write to %r0\n");
8423 9014 break;
8424 9015 case DIF_OP_LDSB:
8425 9016 case DIF_OP_LDSH:
8426 9017 case DIF_OP_LDSW:
8427 9018 case DIF_OP_LDUB:
8428 9019 case DIF_OP_LDUH:
8429 9020 case DIF_OP_LDUW:
8430 9021 case DIF_OP_LDX:
8431 9022 if (r1 >= nregs)
8432 9023 err += efunc(pc, "invalid register %u\n", r1);
8433 9024 if (r2 != 0)
8434 9025 err += efunc(pc, "non-zero reserved bits\n");
8435 9026 if (rd >= nregs)
8436 9027 err += efunc(pc, "invalid register %u\n", rd);
8437 9028 if (rd == 0)
8438 9029 err += efunc(pc, "cannot write to %r0\n");
8439 9030 if (kcheckload)
8440 9031 dp->dtdo_buf[pc] = DIF_INSTR_LOAD(op +
8441 9032 DIF_OP_RLDSB - DIF_OP_LDSB, r1, rd);
8442 9033 break;
8443 9034 case DIF_OP_RLDSB:
8444 9035 case DIF_OP_RLDSH:
8445 9036 case DIF_OP_RLDSW:
8446 9037 case DIF_OP_RLDUB:
8447 9038 case DIF_OP_RLDUH:
8448 9039 case DIF_OP_RLDUW:
8449 9040 case DIF_OP_RLDX:
8450 9041 if (r1 >= nregs)
8451 9042 err += efunc(pc, "invalid register %u\n", r1);
8452 9043 if (r2 != 0)
8453 9044 err += efunc(pc, "non-zero reserved bits\n");
8454 9045 if (rd >= nregs)
8455 9046 err += efunc(pc, "invalid register %u\n", rd);
8456 9047 if (rd == 0)
8457 9048 err += efunc(pc, "cannot write to %r0\n");
8458 9049 break;
8459 9050 case DIF_OP_ULDSB:
8460 9051 case DIF_OP_ULDSH:
8461 9052 case DIF_OP_ULDSW:
8462 9053 case DIF_OP_ULDUB:
8463 9054 case DIF_OP_ULDUH:
8464 9055 case DIF_OP_ULDUW:
8465 9056 case DIF_OP_ULDX:
8466 9057 if (r1 >= nregs)
8467 9058 err += efunc(pc, "invalid register %u\n", r1);
8468 9059 if (r2 != 0)
8469 9060 err += efunc(pc, "non-zero reserved bits\n");
8470 9061 if (rd >= nregs)
8471 9062 err += efunc(pc, "invalid register %u\n", rd);
8472 9063 if (rd == 0)
8473 9064 err += efunc(pc, "cannot write to %r0\n");
8474 9065 break;
8475 9066 case DIF_OP_STB:
8476 9067 case DIF_OP_STH:
8477 9068 case DIF_OP_STW:
8478 9069 case DIF_OP_STX:
8479 9070 if (r1 >= nregs)
8480 9071 err += efunc(pc, "invalid register %u\n", r1);
8481 9072 if (r2 != 0)
8482 9073 err += efunc(pc, "non-zero reserved bits\n");
8483 9074 if (rd >= nregs)
8484 9075 err += efunc(pc, "invalid register %u\n", rd);
8485 9076 if (rd == 0)
8486 9077 err += efunc(pc, "cannot write to 0 address\n");
8487 9078 break;
8488 9079 case DIF_OP_CMP:
8489 9080 case DIF_OP_SCMP:
8490 9081 if (r1 >= nregs)
8491 9082 err += efunc(pc, "invalid register %u\n", r1);
8492 9083 if (r2 >= nregs)
8493 9084 err += efunc(pc, "invalid register %u\n", r2);
8494 9085 if (rd != 0)
8495 9086 err += efunc(pc, "non-zero reserved bits\n");
8496 9087 break;
8497 9088 case DIF_OP_TST:
8498 9089 if (r1 >= nregs)
8499 9090 err += efunc(pc, "invalid register %u\n", r1);
8500 9091 if (r2 != 0 || rd != 0)
8501 9092 err += efunc(pc, "non-zero reserved bits\n");
8502 9093 break;
8503 9094 case DIF_OP_BA:
8504 9095 case DIF_OP_BE:
8505 9096 case DIF_OP_BNE:
8506 9097 case DIF_OP_BG:
8507 9098 case DIF_OP_BGU:
8508 9099 case DIF_OP_BGE:
8509 9100 case DIF_OP_BGEU:
8510 9101 case DIF_OP_BL:
8511 9102 case DIF_OP_BLU:
8512 9103 case DIF_OP_BLE:
8513 9104 case DIF_OP_BLEU:
8514 9105 if (label >= dp->dtdo_len) {
8515 9106 err += efunc(pc, "invalid branch target %u\n",
8516 9107 label);
8517 9108 }
8518 9109 if (label <= pc) {
8519 9110 err += efunc(pc, "backward branch to %u\n",
8520 9111 label);
8521 9112 }
8522 9113 break;
8523 9114 case DIF_OP_RET:
8524 9115 if (r1 != 0 || r2 != 0)
8525 9116 err += efunc(pc, "non-zero reserved bits\n");
8526 9117 if (rd >= nregs)
8527 9118 err += efunc(pc, "invalid register %u\n", rd);
8528 9119 break;
8529 9120 case DIF_OP_NOP:
8530 9121 case DIF_OP_POPTS:
8531 9122 case DIF_OP_FLUSHTS:
8532 9123 if (r1 != 0 || r2 != 0 || rd != 0)
8533 9124 err += efunc(pc, "non-zero reserved bits\n");
8534 9125 break;
8535 9126 case DIF_OP_SETX:
8536 9127 if (DIF_INSTR_INTEGER(instr) >= dp->dtdo_intlen) {
8537 9128 err += efunc(pc, "invalid integer ref %u\n",
8538 9129 DIF_INSTR_INTEGER(instr));
8539 9130 }
8540 9131 if (rd >= nregs)
8541 9132 err += efunc(pc, "invalid register %u\n", rd);
8542 9133 if (rd == 0)
8543 9134 err += efunc(pc, "cannot write to %r0\n");
8544 9135 break;
8545 9136 case DIF_OP_SETS:
8546 9137 if (DIF_INSTR_STRING(instr) >= dp->dtdo_strlen) {
8547 9138 err += efunc(pc, "invalid string ref %u\n",
8548 9139 DIF_INSTR_STRING(instr));
8549 9140 }
8550 9141 if (rd >= nregs)
8551 9142 err += efunc(pc, "invalid register %u\n", rd);
8552 9143 if (rd == 0)
8553 9144 err += efunc(pc, "cannot write to %r0\n");
8554 9145 break;
8555 9146 case DIF_OP_LDGA:
8556 9147 case DIF_OP_LDTA:
8557 9148 if (r1 > DIF_VAR_ARRAY_MAX)
8558 9149 err += efunc(pc, "invalid array %u\n", r1);
8559 9150 if (r2 >= nregs)
8560 9151 err += efunc(pc, "invalid register %u\n", r2);
8561 9152 if (rd >= nregs)
8562 9153 err += efunc(pc, "invalid register %u\n", rd);
8563 9154 if (rd == 0)
8564 9155 err += efunc(pc, "cannot write to %r0\n");
8565 9156 break;
8566 9157 case DIF_OP_LDGS:
8567 9158 case DIF_OP_LDTS:
8568 9159 case DIF_OP_LDLS:
8569 9160 case DIF_OP_LDGAA:
8570 9161 case DIF_OP_LDTAA:
8571 9162 if (v < DIF_VAR_OTHER_MIN || v > DIF_VAR_OTHER_MAX)
8572 9163 err += efunc(pc, "invalid variable %u\n", v);
8573 9164 if (rd >= nregs)
8574 9165 err += efunc(pc, "invalid register %u\n", rd);
8575 9166 if (rd == 0)
8576 9167 err += efunc(pc, "cannot write to %r0\n");
8577 9168 break;
8578 9169 case DIF_OP_STGS:
8579 9170 case DIF_OP_STTS:
8580 9171 case DIF_OP_STLS:
8581 9172 case DIF_OP_STGAA:
8582 9173 case DIF_OP_STTAA:
8583 9174 if (v < DIF_VAR_OTHER_UBASE || v > DIF_VAR_OTHER_MAX)
8584 9175 err += efunc(pc, "invalid variable %u\n", v);
8585 9176 if (rs >= nregs)
8586 9177 err += efunc(pc, "invalid register %u\n", rd);
8587 9178 break;
8588 9179 case DIF_OP_CALL:
8589 9180 if (subr > DIF_SUBR_MAX)
8590 9181 err += efunc(pc, "invalid subr %u\n", subr);
8591 9182 if (rd >= nregs)
8592 9183 err += efunc(pc, "invalid register %u\n", rd);
8593 9184 if (rd == 0)
8594 9185 err += efunc(pc, "cannot write to %r0\n");
8595 9186
8596 9187 if (subr == DIF_SUBR_COPYOUT ||
8597 9188 subr == DIF_SUBR_COPYOUTSTR) {
8598 9189 dp->dtdo_destructive = 1;
8599 9190 }
8600 9191
8601 9192 if (subr == DIF_SUBR_GETF) {
8602 9193 /*
8603 9194 * If we have a getf() we need to record that
8604 9195 * in our state. Note that our state can be
8605 9196 * NULL if this is a helper -- but in that
8606 9197 * case, the call to getf() is itself illegal,
8607 9198 * and will be caught (slightly later) when
8608 9199 * the helper is validated.
8609 9200 */
8610 9201 if (vstate->dtvs_state != NULL)
8611 9202 vstate->dtvs_state->dts_getf++;
8612 9203 }
8613 9204
8614 9205 break;
8615 9206 case DIF_OP_PUSHTR:
8616 9207 if (type != DIF_TYPE_STRING && type != DIF_TYPE_CTF)
8617 9208 err += efunc(pc, "invalid ref type %u\n", type);
8618 9209 if (r2 >= nregs)
8619 9210 err += efunc(pc, "invalid register %u\n", r2);
8620 9211 if (rs >= nregs)
8621 9212 err += efunc(pc, "invalid register %u\n", rs);
8622 9213 break;
8623 9214 case DIF_OP_PUSHTV:
8624 9215 if (type != DIF_TYPE_CTF)
8625 9216 err += efunc(pc, "invalid val type %u\n", type);
8626 9217 if (r2 >= nregs)
8627 9218 err += efunc(pc, "invalid register %u\n", r2);
8628 9219 if (rs >= nregs)
8629 9220 err += efunc(pc, "invalid register %u\n", rs);
8630 9221 break;
8631 9222 default:
8632 9223 err += efunc(pc, "invalid opcode %u\n",
8633 9224 DIF_INSTR_OP(instr));
8634 9225 }
8635 9226 }
8636 9227
8637 9228 if (dp->dtdo_len != 0 &&
8638 9229 DIF_INSTR_OP(dp->dtdo_buf[dp->dtdo_len - 1]) != DIF_OP_RET) {
8639 9230 err += efunc(dp->dtdo_len - 1,
8640 9231 "expected 'ret' as last DIF instruction\n");
8641 9232 }
8642 9233
8643 9234 if (!(dp->dtdo_rtype.dtdt_flags & DIF_TF_BYREF)) {
8644 9235 /*
8645 9236 * If we're not returning by reference, the size must be either
8646 9237 * 0 or the size of one of the base types.
8647 9238 */
8648 9239 switch (dp->dtdo_rtype.dtdt_size) {
8649 9240 case 0:
8650 9241 case sizeof (uint8_t):
8651 9242 case sizeof (uint16_t):
8652 9243 case sizeof (uint32_t):
8653 9244 case sizeof (uint64_t):
8654 9245 break;
8655 9246
8656 9247 default:
8657 9248 err += efunc(dp->dtdo_len - 1, "bad return size\n");
8658 9249 }
8659 9250 }
8660 9251
8661 9252 for (i = 0; i < dp->dtdo_varlen && err == 0; i++) {
8662 9253 dtrace_difv_t *v = &dp->dtdo_vartab[i], *existing = NULL;
8663 9254 dtrace_diftype_t *vt, *et;
8664 9255 uint_t id, ndx;
8665 9256
8666 9257 if (v->dtdv_scope != DIFV_SCOPE_GLOBAL &&
8667 9258 v->dtdv_scope != DIFV_SCOPE_THREAD &&
8668 9259 v->dtdv_scope != DIFV_SCOPE_LOCAL) {
8669 9260 err += efunc(i, "unrecognized variable scope %d\n",
8670 9261 v->dtdv_scope);
8671 9262 break;
8672 9263 }
8673 9264
8674 9265 if (v->dtdv_kind != DIFV_KIND_ARRAY &&
8675 9266 v->dtdv_kind != DIFV_KIND_SCALAR) {
8676 9267 err += efunc(i, "unrecognized variable type %d\n",
8677 9268 v->dtdv_kind);
8678 9269 break;
8679 9270 }
8680 9271
8681 9272 if ((id = v->dtdv_id) > DIF_VARIABLE_MAX) {
8682 9273 err += efunc(i, "%d exceeds variable id limit\n", id);
8683 9274 break;
8684 9275 }
8685 9276
8686 9277 if (id < DIF_VAR_OTHER_UBASE)
8687 9278 continue;
8688 9279
8689 9280 /*
8690 9281 * For user-defined variables, we need to check that this
8691 9282 * definition is identical to any previous definition that we
8692 9283 * encountered.
8693 9284 */
8694 9285 ndx = id - DIF_VAR_OTHER_UBASE;
8695 9286
8696 9287 switch (v->dtdv_scope) {
8697 9288 case DIFV_SCOPE_GLOBAL:
8698 9289 if (ndx < vstate->dtvs_nglobals) {
8699 9290 dtrace_statvar_t *svar;
8700 9291
8701 9292 if ((svar = vstate->dtvs_globals[ndx]) != NULL)
8702 9293 existing = &svar->dtsv_var;
8703 9294 }
8704 9295
8705 9296 break;
8706 9297
8707 9298 case DIFV_SCOPE_THREAD:
8708 9299 if (ndx < vstate->dtvs_ntlocals)
8709 9300 existing = &vstate->dtvs_tlocals[ndx];
8710 9301 break;
8711 9302
8712 9303 case DIFV_SCOPE_LOCAL:
8713 9304 if (ndx < vstate->dtvs_nlocals) {
8714 9305 dtrace_statvar_t *svar;
8715 9306
8716 9307 if ((svar = vstate->dtvs_locals[ndx]) != NULL)
8717 9308 existing = &svar->dtsv_var;
8718 9309 }
8719 9310
8720 9311 break;
8721 9312 }
8722 9313
8723 9314 vt = &v->dtdv_type;
8724 9315
8725 9316 if (vt->dtdt_flags & DIF_TF_BYREF) {
8726 9317 if (vt->dtdt_size == 0) {
8727 9318 err += efunc(i, "zero-sized variable\n");
8728 9319 break;
8729 9320 }
8730 9321
8731 9322 if (v->dtdv_scope == DIFV_SCOPE_GLOBAL &&
8732 9323 vt->dtdt_size > dtrace_global_maxsize) {
8733 9324 err += efunc(i, "oversized by-ref global\n");
8734 9325 break;
8735 9326 }
8736 9327 }
8737 9328
8738 9329 if (existing == NULL || existing->dtdv_id == 0)
8739 9330 continue;
8740 9331
8741 9332 ASSERT(existing->dtdv_id == v->dtdv_id);
8742 9333 ASSERT(existing->dtdv_scope == v->dtdv_scope);
8743 9334
8744 9335 if (existing->dtdv_kind != v->dtdv_kind)
8745 9336 err += efunc(i, "%d changed variable kind\n", id);
8746 9337
8747 9338 et = &existing->dtdv_type;
8748 9339
8749 9340 if (vt->dtdt_flags != et->dtdt_flags) {
8750 9341 err += efunc(i, "%d changed variable type flags\n", id);
8751 9342 break;
8752 9343 }
8753 9344
8754 9345 if (vt->dtdt_size != 0 && vt->dtdt_size != et->dtdt_size) {
8755 9346 err += efunc(i, "%d changed variable type size\n", id);
8756 9347 break;
8757 9348 }
8758 9349 }
8759 9350
8760 9351 return (err);
8761 9352 }
8762 9353
8763 9354 /*
8764 9355 * Validate a DTrace DIF object that it is to be used as a helper. Helpers
8765 9356 * are much more constrained than normal DIFOs. Specifically, they may
8766 9357 * not:
8767 9358 *
8768 9359 * 1. Make calls to subroutines other than copyin(), copyinstr() or
8769 9360 * miscellaneous string routines
8770 9361 * 2. Access DTrace variables other than the args[] array, and the
8771 9362 * curthread, pid, ppid, tid, execname, zonename, uid and gid variables.
8772 9363 * 3. Have thread-local variables.
8773 9364 * 4. Have dynamic variables.
8774 9365 */
8775 9366 static int
8776 9367 dtrace_difo_validate_helper(dtrace_difo_t *dp)
8777 9368 {
8778 9369 int (*efunc)(uint_t pc, const char *, ...) = dtrace_difo_err;
8779 9370 int err = 0;
8780 9371 uint_t pc;
8781 9372
8782 9373 for (pc = 0; pc < dp->dtdo_len; pc++) {
8783 9374 dif_instr_t instr = dp->dtdo_buf[pc];
8784 9375
8785 9376 uint_t v = DIF_INSTR_VAR(instr);
8786 9377 uint_t subr = DIF_INSTR_SUBR(instr);
8787 9378 uint_t op = DIF_INSTR_OP(instr);
8788 9379
8789 9380 switch (op) {
8790 9381 case DIF_OP_OR:
8791 9382 case DIF_OP_XOR:
8792 9383 case DIF_OP_AND:
8793 9384 case DIF_OP_SLL:
8794 9385 case DIF_OP_SRL:
8795 9386 case DIF_OP_SRA:
8796 9387 case DIF_OP_SUB:
8797 9388 case DIF_OP_ADD:
8798 9389 case DIF_OP_MUL:
8799 9390 case DIF_OP_SDIV:
8800 9391 case DIF_OP_UDIV:
8801 9392 case DIF_OP_SREM:
8802 9393 case DIF_OP_UREM:
8803 9394 case DIF_OP_COPYS:
8804 9395 case DIF_OP_NOT:
8805 9396 case DIF_OP_MOV:
8806 9397 case DIF_OP_RLDSB:
8807 9398 case DIF_OP_RLDSH:
8808 9399 case DIF_OP_RLDSW:
8809 9400 case DIF_OP_RLDUB:
8810 9401 case DIF_OP_RLDUH:
8811 9402 case DIF_OP_RLDUW:
8812 9403 case DIF_OP_RLDX:
8813 9404 case DIF_OP_ULDSB:
8814 9405 case DIF_OP_ULDSH:
8815 9406 case DIF_OP_ULDSW:
8816 9407 case DIF_OP_ULDUB:
8817 9408 case DIF_OP_ULDUH:
8818 9409 case DIF_OP_ULDUW:
8819 9410 case DIF_OP_ULDX:
8820 9411 case DIF_OP_STB:
8821 9412 case DIF_OP_STH:
8822 9413 case DIF_OP_STW:
8823 9414 case DIF_OP_STX:
8824 9415 case DIF_OP_ALLOCS:
8825 9416 case DIF_OP_CMP:
8826 9417 case DIF_OP_SCMP:
8827 9418 case DIF_OP_TST:
8828 9419 case DIF_OP_BA:
8829 9420 case DIF_OP_BE:
8830 9421 case DIF_OP_BNE:
8831 9422 case DIF_OP_BG:
8832 9423 case DIF_OP_BGU:
8833 9424 case DIF_OP_BGE:
8834 9425 case DIF_OP_BGEU:
8835 9426 case DIF_OP_BL:
8836 9427 case DIF_OP_BLU:
8837 9428 case DIF_OP_BLE:
8838 9429 case DIF_OP_BLEU:
8839 9430 case DIF_OP_RET:
8840 9431 case DIF_OP_NOP:
8841 9432 case DIF_OP_POPTS:
8842 9433 case DIF_OP_FLUSHTS:
8843 9434 case DIF_OP_SETX:
8844 9435 case DIF_OP_SETS:
8845 9436 case DIF_OP_LDGA:
8846 9437 case DIF_OP_LDLS:
8847 9438 case DIF_OP_STGS:
8848 9439 case DIF_OP_STLS:
8849 9440 case DIF_OP_PUSHTR:
8850 9441 case DIF_OP_PUSHTV:
8851 9442 break;
8852 9443
8853 9444 case DIF_OP_LDGS:
8854 9445 if (v >= DIF_VAR_OTHER_UBASE)
8855 9446 break;
8856 9447
8857 9448 if (v >= DIF_VAR_ARG0 && v <= DIF_VAR_ARG9)
8858 9449 break;
8859 9450
8860 9451 if (v == DIF_VAR_CURTHREAD || v == DIF_VAR_PID ||
8861 9452 v == DIF_VAR_PPID || v == DIF_VAR_TID ||
8862 9453 v == DIF_VAR_EXECNAME || v == DIF_VAR_ZONENAME ||
8863 9454 v == DIF_VAR_UID || v == DIF_VAR_GID)
8864 9455 break;
8865 9456
8866 9457 err += efunc(pc, "illegal variable %u\n", v);
8867 9458 break;
8868 9459
8869 9460 case DIF_OP_LDTA:
8870 9461 case DIF_OP_LDTS:
8871 9462 case DIF_OP_LDGAA:
8872 9463 case DIF_OP_LDTAA:
8873 9464 err += efunc(pc, "illegal dynamic variable load\n");
8874 9465 break;
8875 9466
8876 9467 case DIF_OP_STTS:
8877 9468 case DIF_OP_STGAA:
8878 9469 case DIF_OP_STTAA:
8879 9470 err += efunc(pc, "illegal dynamic variable store\n");
8880 9471 break;
8881 9472
|
↓ open down ↓ |
4509 lines elided |
↑ open up ↑ |
8882 9473 case DIF_OP_CALL:
8883 9474 if (subr == DIF_SUBR_ALLOCA ||
8884 9475 subr == DIF_SUBR_BCOPY ||
8885 9476 subr == DIF_SUBR_COPYIN ||
8886 9477 subr == DIF_SUBR_COPYINTO ||
8887 9478 subr == DIF_SUBR_COPYINSTR ||
8888 9479 subr == DIF_SUBR_INDEX ||
8889 9480 subr == DIF_SUBR_INET_NTOA ||
8890 9481 subr == DIF_SUBR_INET_NTOA6 ||
8891 9482 subr == DIF_SUBR_INET_NTOP ||
9483 + subr == DIF_SUBR_JSON ||
8892 9484 subr == DIF_SUBR_LLTOSTR ||
9485 + subr == DIF_SUBR_STRTOLL ||
8893 9486 subr == DIF_SUBR_RINDEX ||
8894 9487 subr == DIF_SUBR_STRCHR ||
8895 9488 subr == DIF_SUBR_STRJOIN ||
8896 9489 subr == DIF_SUBR_STRRCHR ||
8897 9490 subr == DIF_SUBR_STRSTR ||
8898 9491 subr == DIF_SUBR_HTONS ||
8899 9492 subr == DIF_SUBR_HTONL ||
8900 9493 subr == DIF_SUBR_HTONLL ||
8901 9494 subr == DIF_SUBR_NTOHS ||
8902 9495 subr == DIF_SUBR_NTOHL ||
8903 9496 subr == DIF_SUBR_NTOHLL)
8904 9497 break;
8905 9498
8906 9499 err += efunc(pc, "invalid subr %u\n", subr);
8907 9500 break;
8908 9501
8909 9502 default:
8910 9503 err += efunc(pc, "invalid opcode %u\n",
8911 9504 DIF_INSTR_OP(instr));
8912 9505 }
8913 9506 }
8914 9507
8915 9508 return (err);
8916 9509 }
8917 9510
8918 9511 /*
8919 9512 * Returns 1 if the expression in the DIF object can be cached on a per-thread
8920 9513 * basis; 0 if not.
8921 9514 */
8922 9515 static int
8923 9516 dtrace_difo_cacheable(dtrace_difo_t *dp)
8924 9517 {
8925 9518 int i;
8926 9519
8927 9520 if (dp == NULL)
8928 9521 return (0);
8929 9522
8930 9523 for (i = 0; i < dp->dtdo_varlen; i++) {
8931 9524 dtrace_difv_t *v = &dp->dtdo_vartab[i];
8932 9525
8933 9526 if (v->dtdv_scope != DIFV_SCOPE_GLOBAL)
8934 9527 continue;
8935 9528
8936 9529 switch (v->dtdv_id) {
8937 9530 case DIF_VAR_CURTHREAD:
8938 9531 case DIF_VAR_PID:
8939 9532 case DIF_VAR_TID:
8940 9533 case DIF_VAR_EXECNAME:
8941 9534 case DIF_VAR_ZONENAME:
8942 9535 break;
8943 9536
8944 9537 default:
8945 9538 return (0);
8946 9539 }
8947 9540 }
8948 9541
8949 9542 /*
8950 9543 * This DIF object may be cacheable. Now we need to look for any
8951 9544 * array loading instructions, any memory loading instructions, or
8952 9545 * any stores to thread-local variables.
8953 9546 */
8954 9547 for (i = 0; i < dp->dtdo_len; i++) {
8955 9548 uint_t op = DIF_INSTR_OP(dp->dtdo_buf[i]);
8956 9549
8957 9550 if ((op >= DIF_OP_LDSB && op <= DIF_OP_LDX) ||
8958 9551 (op >= DIF_OP_ULDSB && op <= DIF_OP_ULDX) ||
8959 9552 (op >= DIF_OP_RLDSB && op <= DIF_OP_RLDX) ||
8960 9553 op == DIF_OP_LDGA || op == DIF_OP_STTS)
8961 9554 return (0);
8962 9555 }
8963 9556
8964 9557 return (1);
8965 9558 }
8966 9559
8967 9560 static void
8968 9561 dtrace_difo_hold(dtrace_difo_t *dp)
8969 9562 {
8970 9563 int i;
8971 9564
8972 9565 ASSERT(MUTEX_HELD(&dtrace_lock));
8973 9566
8974 9567 dp->dtdo_refcnt++;
8975 9568 ASSERT(dp->dtdo_refcnt != 0);
8976 9569
8977 9570 /*
8978 9571 * We need to check this DIF object for references to the variable
8979 9572 * DIF_VAR_VTIMESTAMP.
8980 9573 */
8981 9574 for (i = 0; i < dp->dtdo_varlen; i++) {
8982 9575 dtrace_difv_t *v = &dp->dtdo_vartab[i];
8983 9576
8984 9577 if (v->dtdv_id != DIF_VAR_VTIMESTAMP)
8985 9578 continue;
8986 9579
8987 9580 if (dtrace_vtime_references++ == 0)
8988 9581 dtrace_vtime_enable();
8989 9582 }
8990 9583 }
8991 9584
8992 9585 /*
8993 9586 * This routine calculates the dynamic variable chunksize for a given DIF
8994 9587 * object. The calculation is not fool-proof, and can probably be tricked by
8995 9588 * malicious DIF -- but it works for all compiler-generated DIF. Because this
8996 9589 * calculation is likely imperfect, dtrace_dynvar() is able to gracefully fail
8997 9590 * if a dynamic variable size exceeds the chunksize.
8998 9591 */
8999 9592 static void
9000 9593 dtrace_difo_chunksize(dtrace_difo_t *dp, dtrace_vstate_t *vstate)
9001 9594 {
9002 9595 uint64_t sval;
9003 9596 dtrace_key_t tupregs[DIF_DTR_NREGS + 2]; /* +2 for thread and id */
9004 9597 const dif_instr_t *text = dp->dtdo_buf;
9005 9598 uint_t pc, srd = 0;
9006 9599 uint_t ttop = 0;
9007 9600 size_t size, ksize;
9008 9601 uint_t id, i;
9009 9602
9010 9603 for (pc = 0; pc < dp->dtdo_len; pc++) {
9011 9604 dif_instr_t instr = text[pc];
9012 9605 uint_t op = DIF_INSTR_OP(instr);
9013 9606 uint_t rd = DIF_INSTR_RD(instr);
9014 9607 uint_t r1 = DIF_INSTR_R1(instr);
9015 9608 uint_t nkeys = 0;
9016 9609 uchar_t scope;
9017 9610
9018 9611 dtrace_key_t *key = tupregs;
9019 9612
9020 9613 switch (op) {
9021 9614 case DIF_OP_SETX:
9022 9615 sval = dp->dtdo_inttab[DIF_INSTR_INTEGER(instr)];
9023 9616 srd = rd;
9024 9617 continue;
9025 9618
9026 9619 case DIF_OP_STTS:
9027 9620 key = &tupregs[DIF_DTR_NREGS];
9028 9621 key[0].dttk_size = 0;
9029 9622 key[1].dttk_size = 0;
9030 9623 nkeys = 2;
9031 9624 scope = DIFV_SCOPE_THREAD;
9032 9625 break;
9033 9626
9034 9627 case DIF_OP_STGAA:
9035 9628 case DIF_OP_STTAA:
9036 9629 nkeys = ttop;
9037 9630
9038 9631 if (DIF_INSTR_OP(instr) == DIF_OP_STTAA)
9039 9632 key[nkeys++].dttk_size = 0;
9040 9633
9041 9634 key[nkeys++].dttk_size = 0;
9042 9635
9043 9636 if (op == DIF_OP_STTAA) {
9044 9637 scope = DIFV_SCOPE_THREAD;
9045 9638 } else {
9046 9639 scope = DIFV_SCOPE_GLOBAL;
9047 9640 }
9048 9641
9049 9642 break;
9050 9643
9051 9644 case DIF_OP_PUSHTR:
9052 9645 if (ttop == DIF_DTR_NREGS)
9053 9646 return;
9054 9647
9055 9648 if ((srd == 0 || sval == 0) && r1 == DIF_TYPE_STRING) {
9056 9649 /*
9057 9650 * If the register for the size of the "pushtr"
9058 9651 * is %r0 (or the value is 0) and the type is
9059 9652 * a string, we'll use the system-wide default
9060 9653 * string size.
9061 9654 */
9062 9655 tupregs[ttop++].dttk_size =
9063 9656 dtrace_strsize_default;
9064 9657 } else {
9065 9658 if (srd == 0)
9066 9659 return;
9067 9660
9068 9661 tupregs[ttop++].dttk_size = sval;
9069 9662 }
9070 9663
9071 9664 break;
9072 9665
9073 9666 case DIF_OP_PUSHTV:
9074 9667 if (ttop == DIF_DTR_NREGS)
9075 9668 return;
9076 9669
9077 9670 tupregs[ttop++].dttk_size = 0;
9078 9671 break;
9079 9672
9080 9673 case DIF_OP_FLUSHTS:
9081 9674 ttop = 0;
9082 9675 break;
9083 9676
9084 9677 case DIF_OP_POPTS:
9085 9678 if (ttop != 0)
9086 9679 ttop--;
9087 9680 break;
9088 9681 }
9089 9682
9090 9683 sval = 0;
9091 9684 srd = 0;
9092 9685
9093 9686 if (nkeys == 0)
9094 9687 continue;
9095 9688
9096 9689 /*
9097 9690 * We have a dynamic variable allocation; calculate its size.
9098 9691 */
9099 9692 for (ksize = 0, i = 0; i < nkeys; i++)
9100 9693 ksize += P2ROUNDUP(key[i].dttk_size, sizeof (uint64_t));
9101 9694
9102 9695 size = sizeof (dtrace_dynvar_t);
9103 9696 size += sizeof (dtrace_key_t) * (nkeys - 1);
9104 9697 size += ksize;
9105 9698
9106 9699 /*
9107 9700 * Now we need to determine the size of the stored data.
9108 9701 */
9109 9702 id = DIF_INSTR_VAR(instr);
9110 9703
9111 9704 for (i = 0; i < dp->dtdo_varlen; i++) {
9112 9705 dtrace_difv_t *v = &dp->dtdo_vartab[i];
9113 9706
9114 9707 if (v->dtdv_id == id && v->dtdv_scope == scope) {
9115 9708 size += v->dtdv_type.dtdt_size;
9116 9709 break;
9117 9710 }
9118 9711 }
9119 9712
9120 9713 if (i == dp->dtdo_varlen)
9121 9714 return;
9122 9715
9123 9716 /*
9124 9717 * We have the size. If this is larger than the chunk size
9125 9718 * for our dynamic variable state, reset the chunk size.
9126 9719 */
9127 9720 size = P2ROUNDUP(size, sizeof (uint64_t));
9128 9721
9129 9722 if (size > vstate->dtvs_dynvars.dtds_chunksize)
9130 9723 vstate->dtvs_dynvars.dtds_chunksize = size;
9131 9724 }
9132 9725 }
9133 9726
9134 9727 static void
9135 9728 dtrace_difo_init(dtrace_difo_t *dp, dtrace_vstate_t *vstate)
9136 9729 {
9137 9730 int i, oldsvars, osz, nsz, otlocals, ntlocals;
9138 9731 uint_t id;
9139 9732
9140 9733 ASSERT(MUTEX_HELD(&dtrace_lock));
9141 9734 ASSERT(dp->dtdo_buf != NULL && dp->dtdo_len != 0);
9142 9735
9143 9736 for (i = 0; i < dp->dtdo_varlen; i++) {
9144 9737 dtrace_difv_t *v = &dp->dtdo_vartab[i];
9145 9738 dtrace_statvar_t *svar, ***svarp;
9146 9739 size_t dsize = 0;
9147 9740 uint8_t scope = v->dtdv_scope;
9148 9741 int *np;
9149 9742
9150 9743 if ((id = v->dtdv_id) < DIF_VAR_OTHER_UBASE)
9151 9744 continue;
9152 9745
9153 9746 id -= DIF_VAR_OTHER_UBASE;
9154 9747
9155 9748 switch (scope) {
9156 9749 case DIFV_SCOPE_THREAD:
9157 9750 while (id >= (otlocals = vstate->dtvs_ntlocals)) {
9158 9751 dtrace_difv_t *tlocals;
9159 9752
9160 9753 if ((ntlocals = (otlocals << 1)) == 0)
9161 9754 ntlocals = 1;
9162 9755
9163 9756 osz = otlocals * sizeof (dtrace_difv_t);
9164 9757 nsz = ntlocals * sizeof (dtrace_difv_t);
9165 9758
9166 9759 tlocals = kmem_zalloc(nsz, KM_SLEEP);
9167 9760
9168 9761 if (osz != 0) {
9169 9762 bcopy(vstate->dtvs_tlocals,
9170 9763 tlocals, osz);
9171 9764 kmem_free(vstate->dtvs_tlocals, osz);
9172 9765 }
9173 9766
9174 9767 vstate->dtvs_tlocals = tlocals;
9175 9768 vstate->dtvs_ntlocals = ntlocals;
9176 9769 }
9177 9770
9178 9771 vstate->dtvs_tlocals[id] = *v;
9179 9772 continue;
9180 9773
9181 9774 case DIFV_SCOPE_LOCAL:
9182 9775 np = &vstate->dtvs_nlocals;
9183 9776 svarp = &vstate->dtvs_locals;
9184 9777
9185 9778 if (v->dtdv_type.dtdt_flags & DIF_TF_BYREF)
9186 9779 dsize = NCPU * (v->dtdv_type.dtdt_size +
9187 9780 sizeof (uint64_t));
9188 9781 else
9189 9782 dsize = NCPU * sizeof (uint64_t);
9190 9783
9191 9784 break;
9192 9785
9193 9786 case DIFV_SCOPE_GLOBAL:
9194 9787 np = &vstate->dtvs_nglobals;
9195 9788 svarp = &vstate->dtvs_globals;
9196 9789
9197 9790 if (v->dtdv_type.dtdt_flags & DIF_TF_BYREF)
9198 9791 dsize = v->dtdv_type.dtdt_size +
9199 9792 sizeof (uint64_t);
9200 9793
9201 9794 break;
9202 9795
9203 9796 default:
9204 9797 ASSERT(0);
9205 9798 }
9206 9799
9207 9800 while (id >= (oldsvars = *np)) {
9208 9801 dtrace_statvar_t **statics;
9209 9802 int newsvars, oldsize, newsize;
9210 9803
9211 9804 if ((newsvars = (oldsvars << 1)) == 0)
9212 9805 newsvars = 1;
9213 9806
9214 9807 oldsize = oldsvars * sizeof (dtrace_statvar_t *);
9215 9808 newsize = newsvars * sizeof (dtrace_statvar_t *);
9216 9809
9217 9810 statics = kmem_zalloc(newsize, KM_SLEEP);
9218 9811
9219 9812 if (oldsize != 0) {
9220 9813 bcopy(*svarp, statics, oldsize);
9221 9814 kmem_free(*svarp, oldsize);
9222 9815 }
9223 9816
9224 9817 *svarp = statics;
9225 9818 *np = newsvars;
9226 9819 }
9227 9820
9228 9821 if ((svar = (*svarp)[id]) == NULL) {
9229 9822 svar = kmem_zalloc(sizeof (dtrace_statvar_t), KM_SLEEP);
9230 9823 svar->dtsv_var = *v;
9231 9824
9232 9825 if ((svar->dtsv_size = dsize) != 0) {
9233 9826 svar->dtsv_data = (uint64_t)(uintptr_t)
9234 9827 kmem_zalloc(dsize, KM_SLEEP);
9235 9828 }
9236 9829
9237 9830 (*svarp)[id] = svar;
9238 9831 }
9239 9832
9240 9833 svar->dtsv_refcnt++;
9241 9834 }
9242 9835
9243 9836 dtrace_difo_chunksize(dp, vstate);
9244 9837 dtrace_difo_hold(dp);
9245 9838 }
9246 9839
9247 9840 static dtrace_difo_t *
9248 9841 dtrace_difo_duplicate(dtrace_difo_t *dp, dtrace_vstate_t *vstate)
9249 9842 {
9250 9843 dtrace_difo_t *new;
9251 9844 size_t sz;
9252 9845
9253 9846 ASSERT(dp->dtdo_buf != NULL);
9254 9847 ASSERT(dp->dtdo_refcnt != 0);
9255 9848
9256 9849 new = kmem_zalloc(sizeof (dtrace_difo_t), KM_SLEEP);
9257 9850
9258 9851 ASSERT(dp->dtdo_buf != NULL);
9259 9852 sz = dp->dtdo_len * sizeof (dif_instr_t);
9260 9853 new->dtdo_buf = kmem_alloc(sz, KM_SLEEP);
9261 9854 bcopy(dp->dtdo_buf, new->dtdo_buf, sz);
9262 9855 new->dtdo_len = dp->dtdo_len;
9263 9856
9264 9857 if (dp->dtdo_strtab != NULL) {
9265 9858 ASSERT(dp->dtdo_strlen != 0);
9266 9859 new->dtdo_strtab = kmem_alloc(dp->dtdo_strlen, KM_SLEEP);
9267 9860 bcopy(dp->dtdo_strtab, new->dtdo_strtab, dp->dtdo_strlen);
9268 9861 new->dtdo_strlen = dp->dtdo_strlen;
9269 9862 }
9270 9863
9271 9864 if (dp->dtdo_inttab != NULL) {
9272 9865 ASSERT(dp->dtdo_intlen != 0);
9273 9866 sz = dp->dtdo_intlen * sizeof (uint64_t);
9274 9867 new->dtdo_inttab = kmem_alloc(sz, KM_SLEEP);
9275 9868 bcopy(dp->dtdo_inttab, new->dtdo_inttab, sz);
9276 9869 new->dtdo_intlen = dp->dtdo_intlen;
9277 9870 }
9278 9871
9279 9872 if (dp->dtdo_vartab != NULL) {
9280 9873 ASSERT(dp->dtdo_varlen != 0);
9281 9874 sz = dp->dtdo_varlen * sizeof (dtrace_difv_t);
9282 9875 new->dtdo_vartab = kmem_alloc(sz, KM_SLEEP);
9283 9876 bcopy(dp->dtdo_vartab, new->dtdo_vartab, sz);
9284 9877 new->dtdo_varlen = dp->dtdo_varlen;
9285 9878 }
9286 9879
9287 9880 dtrace_difo_init(new, vstate);
9288 9881 return (new);
9289 9882 }
9290 9883
9291 9884 static void
9292 9885 dtrace_difo_destroy(dtrace_difo_t *dp, dtrace_vstate_t *vstate)
9293 9886 {
9294 9887 int i;
9295 9888
9296 9889 ASSERT(dp->dtdo_refcnt == 0);
9297 9890
9298 9891 for (i = 0; i < dp->dtdo_varlen; i++) {
9299 9892 dtrace_difv_t *v = &dp->dtdo_vartab[i];
9300 9893 dtrace_statvar_t *svar, **svarp;
9301 9894 uint_t id;
9302 9895 uint8_t scope = v->dtdv_scope;
9303 9896 int *np;
9304 9897
9305 9898 switch (scope) {
9306 9899 case DIFV_SCOPE_THREAD:
9307 9900 continue;
9308 9901
9309 9902 case DIFV_SCOPE_LOCAL:
9310 9903 np = &vstate->dtvs_nlocals;
9311 9904 svarp = vstate->dtvs_locals;
9312 9905 break;
9313 9906
9314 9907 case DIFV_SCOPE_GLOBAL:
9315 9908 np = &vstate->dtvs_nglobals;
9316 9909 svarp = vstate->dtvs_globals;
9317 9910 break;
9318 9911
9319 9912 default:
9320 9913 ASSERT(0);
9321 9914 }
9322 9915
9323 9916 if ((id = v->dtdv_id) < DIF_VAR_OTHER_UBASE)
9324 9917 continue;
9325 9918
9326 9919 id -= DIF_VAR_OTHER_UBASE;
9327 9920 ASSERT(id < *np);
9328 9921
9329 9922 svar = svarp[id];
9330 9923 ASSERT(svar != NULL);
9331 9924 ASSERT(svar->dtsv_refcnt > 0);
9332 9925
9333 9926 if (--svar->dtsv_refcnt > 0)
9334 9927 continue;
9335 9928
9336 9929 if (svar->dtsv_size != 0) {
9337 9930 ASSERT(svar->dtsv_data != NULL);
9338 9931 kmem_free((void *)(uintptr_t)svar->dtsv_data,
9339 9932 svar->dtsv_size);
9340 9933 }
9341 9934
9342 9935 kmem_free(svar, sizeof (dtrace_statvar_t));
9343 9936 svarp[id] = NULL;
9344 9937 }
9345 9938
9346 9939 kmem_free(dp->dtdo_buf, dp->dtdo_len * sizeof (dif_instr_t));
9347 9940 kmem_free(dp->dtdo_inttab, dp->dtdo_intlen * sizeof (uint64_t));
9348 9941 kmem_free(dp->dtdo_strtab, dp->dtdo_strlen);
9349 9942 kmem_free(dp->dtdo_vartab, dp->dtdo_varlen * sizeof (dtrace_difv_t));
9350 9943
9351 9944 kmem_free(dp, sizeof (dtrace_difo_t));
9352 9945 }
9353 9946
9354 9947 static void
9355 9948 dtrace_difo_release(dtrace_difo_t *dp, dtrace_vstate_t *vstate)
9356 9949 {
9357 9950 int i;
9358 9951
9359 9952 ASSERT(MUTEX_HELD(&dtrace_lock));
9360 9953 ASSERT(dp->dtdo_refcnt != 0);
9361 9954
9362 9955 for (i = 0; i < dp->dtdo_varlen; i++) {
9363 9956 dtrace_difv_t *v = &dp->dtdo_vartab[i];
9364 9957
9365 9958 if (v->dtdv_id != DIF_VAR_VTIMESTAMP)
9366 9959 continue;
9367 9960
9368 9961 ASSERT(dtrace_vtime_references > 0);
9369 9962 if (--dtrace_vtime_references == 0)
9370 9963 dtrace_vtime_disable();
9371 9964 }
9372 9965
9373 9966 if (--dp->dtdo_refcnt == 0)
9374 9967 dtrace_difo_destroy(dp, vstate);
9375 9968 }
9376 9969
9377 9970 /*
9378 9971 * DTrace Format Functions
9379 9972 */
9380 9973 static uint16_t
9381 9974 dtrace_format_add(dtrace_state_t *state, char *str)
9382 9975 {
9383 9976 char *fmt, **new;
9384 9977 uint16_t ndx, len = strlen(str) + 1;
9385 9978
9386 9979 fmt = kmem_zalloc(len, KM_SLEEP);
9387 9980 bcopy(str, fmt, len);
9388 9981
9389 9982 for (ndx = 0; ndx < state->dts_nformats; ndx++) {
9390 9983 if (state->dts_formats[ndx] == NULL) {
9391 9984 state->dts_formats[ndx] = fmt;
9392 9985 return (ndx + 1);
9393 9986 }
9394 9987 }
9395 9988
9396 9989 if (state->dts_nformats == USHRT_MAX) {
9397 9990 /*
9398 9991 * This is only likely if a denial-of-service attack is being
9399 9992 * attempted. As such, it's okay to fail silently here.
9400 9993 */
9401 9994 kmem_free(fmt, len);
9402 9995 return (0);
9403 9996 }
9404 9997
9405 9998 /*
9406 9999 * For simplicity, we always resize the formats array to be exactly the
9407 10000 * number of formats.
9408 10001 */
9409 10002 ndx = state->dts_nformats++;
9410 10003 new = kmem_alloc((ndx + 1) * sizeof (char *), KM_SLEEP);
9411 10004
9412 10005 if (state->dts_formats != NULL) {
9413 10006 ASSERT(ndx != 0);
9414 10007 bcopy(state->dts_formats, new, ndx * sizeof (char *));
9415 10008 kmem_free(state->dts_formats, ndx * sizeof (char *));
9416 10009 }
9417 10010
9418 10011 state->dts_formats = new;
9419 10012 state->dts_formats[ndx] = fmt;
9420 10013
9421 10014 return (ndx + 1);
9422 10015 }
9423 10016
9424 10017 static void
9425 10018 dtrace_format_remove(dtrace_state_t *state, uint16_t format)
9426 10019 {
9427 10020 char *fmt;
9428 10021
9429 10022 ASSERT(state->dts_formats != NULL);
9430 10023 ASSERT(format <= state->dts_nformats);
9431 10024 ASSERT(state->dts_formats[format - 1] != NULL);
9432 10025
9433 10026 fmt = state->dts_formats[format - 1];
9434 10027 kmem_free(fmt, strlen(fmt) + 1);
9435 10028 state->dts_formats[format - 1] = NULL;
9436 10029 }
9437 10030
9438 10031 static void
9439 10032 dtrace_format_destroy(dtrace_state_t *state)
9440 10033 {
9441 10034 int i;
9442 10035
9443 10036 if (state->dts_nformats == 0) {
9444 10037 ASSERT(state->dts_formats == NULL);
9445 10038 return;
9446 10039 }
9447 10040
9448 10041 ASSERT(state->dts_formats != NULL);
9449 10042
9450 10043 for (i = 0; i < state->dts_nformats; i++) {
9451 10044 char *fmt = state->dts_formats[i];
9452 10045
9453 10046 if (fmt == NULL)
9454 10047 continue;
9455 10048
9456 10049 kmem_free(fmt, strlen(fmt) + 1);
9457 10050 }
9458 10051
9459 10052 kmem_free(state->dts_formats, state->dts_nformats * sizeof (char *));
9460 10053 state->dts_nformats = 0;
9461 10054 state->dts_formats = NULL;
9462 10055 }
9463 10056
9464 10057 /*
9465 10058 * DTrace Predicate Functions
9466 10059 */
9467 10060 static dtrace_predicate_t *
9468 10061 dtrace_predicate_create(dtrace_difo_t *dp)
9469 10062 {
9470 10063 dtrace_predicate_t *pred;
9471 10064
9472 10065 ASSERT(MUTEX_HELD(&dtrace_lock));
9473 10066 ASSERT(dp->dtdo_refcnt != 0);
9474 10067
9475 10068 pred = kmem_zalloc(sizeof (dtrace_predicate_t), KM_SLEEP);
9476 10069 pred->dtp_difo = dp;
9477 10070 pred->dtp_refcnt = 1;
9478 10071
9479 10072 if (!dtrace_difo_cacheable(dp))
9480 10073 return (pred);
9481 10074
9482 10075 if (dtrace_predcache_id == DTRACE_CACHEIDNONE) {
9483 10076 /*
9484 10077 * This is only theoretically possible -- we have had 2^32
9485 10078 * cacheable predicates on this machine. We cannot allow any
9486 10079 * more predicates to become cacheable: as unlikely as it is,
9487 10080 * there may be a thread caching a (now stale) predicate cache
9488 10081 * ID. (N.B.: the temptation is being successfully resisted to
9489 10082 * have this cmn_err() "Holy shit -- we executed this code!")
9490 10083 */
9491 10084 return (pred);
9492 10085 }
9493 10086
9494 10087 pred->dtp_cacheid = dtrace_predcache_id++;
9495 10088
9496 10089 return (pred);
9497 10090 }
9498 10091
9499 10092 static void
9500 10093 dtrace_predicate_hold(dtrace_predicate_t *pred)
9501 10094 {
9502 10095 ASSERT(MUTEX_HELD(&dtrace_lock));
9503 10096 ASSERT(pred->dtp_difo != NULL && pred->dtp_difo->dtdo_refcnt != 0);
9504 10097 ASSERT(pred->dtp_refcnt > 0);
9505 10098
9506 10099 pred->dtp_refcnt++;
9507 10100 }
9508 10101
9509 10102 static void
9510 10103 dtrace_predicate_release(dtrace_predicate_t *pred, dtrace_vstate_t *vstate)
9511 10104 {
9512 10105 dtrace_difo_t *dp = pred->dtp_difo;
9513 10106
9514 10107 ASSERT(MUTEX_HELD(&dtrace_lock));
9515 10108 ASSERT(dp != NULL && dp->dtdo_refcnt != 0);
9516 10109 ASSERT(pred->dtp_refcnt > 0);
9517 10110
9518 10111 if (--pred->dtp_refcnt == 0) {
9519 10112 dtrace_difo_release(pred->dtp_difo, vstate);
9520 10113 kmem_free(pred, sizeof (dtrace_predicate_t));
9521 10114 }
9522 10115 }
9523 10116
9524 10117 /*
9525 10118 * DTrace Action Description Functions
9526 10119 */
9527 10120 static dtrace_actdesc_t *
9528 10121 dtrace_actdesc_create(dtrace_actkind_t kind, uint32_t ntuple,
9529 10122 uint64_t uarg, uint64_t arg)
9530 10123 {
9531 10124 dtrace_actdesc_t *act;
9532 10125
9533 10126 ASSERT(!DTRACEACT_ISPRINTFLIKE(kind) || (arg != NULL &&
9534 10127 arg >= KERNELBASE) || (arg == NULL && kind == DTRACEACT_PRINTA));
9535 10128
9536 10129 act = kmem_zalloc(sizeof (dtrace_actdesc_t), KM_SLEEP);
9537 10130 act->dtad_kind = kind;
9538 10131 act->dtad_ntuple = ntuple;
9539 10132 act->dtad_uarg = uarg;
9540 10133 act->dtad_arg = arg;
9541 10134 act->dtad_refcnt = 1;
9542 10135
9543 10136 return (act);
9544 10137 }
9545 10138
9546 10139 static void
9547 10140 dtrace_actdesc_hold(dtrace_actdesc_t *act)
9548 10141 {
9549 10142 ASSERT(act->dtad_refcnt >= 1);
9550 10143 act->dtad_refcnt++;
9551 10144 }
9552 10145
9553 10146 static void
9554 10147 dtrace_actdesc_release(dtrace_actdesc_t *act, dtrace_vstate_t *vstate)
9555 10148 {
9556 10149 dtrace_actkind_t kind = act->dtad_kind;
9557 10150 dtrace_difo_t *dp;
9558 10151
9559 10152 ASSERT(act->dtad_refcnt >= 1);
9560 10153
9561 10154 if (--act->dtad_refcnt != 0)
9562 10155 return;
9563 10156
9564 10157 if ((dp = act->dtad_difo) != NULL)
9565 10158 dtrace_difo_release(dp, vstate);
9566 10159
9567 10160 if (DTRACEACT_ISPRINTFLIKE(kind)) {
9568 10161 char *str = (char *)(uintptr_t)act->dtad_arg;
9569 10162
9570 10163 ASSERT((str != NULL && (uintptr_t)str >= KERNELBASE) ||
9571 10164 (str == NULL && act->dtad_kind == DTRACEACT_PRINTA));
9572 10165
9573 10166 if (str != NULL)
9574 10167 kmem_free(str, strlen(str) + 1);
9575 10168 }
9576 10169
9577 10170 kmem_free(act, sizeof (dtrace_actdesc_t));
9578 10171 }
9579 10172
9580 10173 /*
9581 10174 * DTrace ECB Functions
9582 10175 */
9583 10176 static dtrace_ecb_t *
9584 10177 dtrace_ecb_add(dtrace_state_t *state, dtrace_probe_t *probe)
9585 10178 {
9586 10179 dtrace_ecb_t *ecb;
9587 10180 dtrace_epid_t epid;
9588 10181
9589 10182 ASSERT(MUTEX_HELD(&dtrace_lock));
9590 10183
9591 10184 ecb = kmem_zalloc(sizeof (dtrace_ecb_t), KM_SLEEP);
9592 10185 ecb->dte_predicate = NULL;
9593 10186 ecb->dte_probe = probe;
9594 10187
9595 10188 /*
9596 10189 * The default size is the size of the default action: recording
9597 10190 * the header.
9598 10191 */
9599 10192 ecb->dte_size = ecb->dte_needed = sizeof (dtrace_rechdr_t);
9600 10193 ecb->dte_alignment = sizeof (dtrace_epid_t);
9601 10194
9602 10195 epid = state->dts_epid++;
9603 10196
9604 10197 if (epid - 1 >= state->dts_necbs) {
9605 10198 dtrace_ecb_t **oecbs = state->dts_ecbs, **ecbs;
9606 10199 int necbs = state->dts_necbs << 1;
9607 10200
9608 10201 ASSERT(epid == state->dts_necbs + 1);
9609 10202
9610 10203 if (necbs == 0) {
9611 10204 ASSERT(oecbs == NULL);
9612 10205 necbs = 1;
9613 10206 }
9614 10207
9615 10208 ecbs = kmem_zalloc(necbs * sizeof (*ecbs), KM_SLEEP);
9616 10209
9617 10210 if (oecbs != NULL)
9618 10211 bcopy(oecbs, ecbs, state->dts_necbs * sizeof (*ecbs));
9619 10212
9620 10213 dtrace_membar_producer();
9621 10214 state->dts_ecbs = ecbs;
9622 10215
9623 10216 if (oecbs != NULL) {
9624 10217 /*
9625 10218 * If this state is active, we must dtrace_sync()
9626 10219 * before we can free the old dts_ecbs array: we're
9627 10220 * coming in hot, and there may be active ring
9628 10221 * buffer processing (which indexes into the dts_ecbs
9629 10222 * array) on another CPU.
9630 10223 */
9631 10224 if (state->dts_activity != DTRACE_ACTIVITY_INACTIVE)
9632 10225 dtrace_sync();
9633 10226
9634 10227 kmem_free(oecbs, state->dts_necbs * sizeof (*ecbs));
9635 10228 }
9636 10229
9637 10230 dtrace_membar_producer();
9638 10231 state->dts_necbs = necbs;
9639 10232 }
9640 10233
9641 10234 ecb->dte_state = state;
9642 10235
9643 10236 ASSERT(state->dts_ecbs[epid - 1] == NULL);
9644 10237 dtrace_membar_producer();
9645 10238 state->dts_ecbs[(ecb->dte_epid = epid) - 1] = ecb;
9646 10239
9647 10240 return (ecb);
9648 10241 }
9649 10242
9650 10243 static int
9651 10244 dtrace_ecb_enable(dtrace_ecb_t *ecb)
9652 10245 {
9653 10246 dtrace_probe_t *probe = ecb->dte_probe;
9654 10247
9655 10248 ASSERT(MUTEX_HELD(&cpu_lock));
9656 10249 ASSERT(MUTEX_HELD(&dtrace_lock));
9657 10250 ASSERT(ecb->dte_next == NULL);
9658 10251
9659 10252 if (probe == NULL) {
9660 10253 /*
9661 10254 * This is the NULL probe -- there's nothing to do.
9662 10255 */
9663 10256 return (0);
9664 10257 }
9665 10258
9666 10259 if (probe->dtpr_ecb == NULL) {
9667 10260 dtrace_provider_t *prov = probe->dtpr_provider;
9668 10261
9669 10262 /*
9670 10263 * We're the first ECB on this probe.
9671 10264 */
9672 10265 probe->dtpr_ecb = probe->dtpr_ecb_last = ecb;
9673 10266
9674 10267 if (ecb->dte_predicate != NULL)
9675 10268 probe->dtpr_predcache = ecb->dte_predicate->dtp_cacheid;
9676 10269
9677 10270 return (prov->dtpv_pops.dtps_enable(prov->dtpv_arg,
9678 10271 probe->dtpr_id, probe->dtpr_arg));
9679 10272 } else {
9680 10273 /*
9681 10274 * This probe is already active. Swing the last pointer to
9682 10275 * point to the new ECB, and issue a dtrace_sync() to assure
9683 10276 * that all CPUs have seen the change.
9684 10277 */
9685 10278 ASSERT(probe->dtpr_ecb_last != NULL);
9686 10279 probe->dtpr_ecb_last->dte_next = ecb;
9687 10280 probe->dtpr_ecb_last = ecb;
9688 10281 probe->dtpr_predcache = 0;
9689 10282
9690 10283 dtrace_sync();
9691 10284 return (0);
9692 10285 }
9693 10286 }
9694 10287
9695 10288 static void
9696 10289 dtrace_ecb_resize(dtrace_ecb_t *ecb)
9697 10290 {
9698 10291 dtrace_action_t *act;
9699 10292 uint32_t curneeded = UINT32_MAX;
9700 10293 uint32_t aggbase = UINT32_MAX;
9701 10294
9702 10295 /*
9703 10296 * If we record anything, we always record the dtrace_rechdr_t. (And
9704 10297 * we always record it first.)
9705 10298 */
9706 10299 ecb->dte_size = sizeof (dtrace_rechdr_t);
9707 10300 ecb->dte_alignment = sizeof (dtrace_epid_t);
9708 10301
9709 10302 for (act = ecb->dte_action; act != NULL; act = act->dta_next) {
9710 10303 dtrace_recdesc_t *rec = &act->dta_rec;
9711 10304 ASSERT(rec->dtrd_size > 0 || rec->dtrd_alignment == 1);
9712 10305
9713 10306 ecb->dte_alignment = MAX(ecb->dte_alignment,
9714 10307 rec->dtrd_alignment);
9715 10308
9716 10309 if (DTRACEACT_ISAGG(act->dta_kind)) {
9717 10310 dtrace_aggregation_t *agg = (dtrace_aggregation_t *)act;
9718 10311
9719 10312 ASSERT(rec->dtrd_size != 0);
9720 10313 ASSERT(agg->dtag_first != NULL);
9721 10314 ASSERT(act->dta_prev->dta_intuple);
9722 10315 ASSERT(aggbase != UINT32_MAX);
9723 10316 ASSERT(curneeded != UINT32_MAX);
9724 10317
9725 10318 agg->dtag_base = aggbase;
9726 10319
9727 10320 curneeded = P2ROUNDUP(curneeded, rec->dtrd_alignment);
9728 10321 rec->dtrd_offset = curneeded;
9729 10322 curneeded += rec->dtrd_size;
9730 10323 ecb->dte_needed = MAX(ecb->dte_needed, curneeded);
9731 10324
9732 10325 aggbase = UINT32_MAX;
9733 10326 curneeded = UINT32_MAX;
9734 10327 } else if (act->dta_intuple) {
9735 10328 if (curneeded == UINT32_MAX) {
9736 10329 /*
9737 10330 * This is the first record in a tuple. Align
9738 10331 * curneeded to be at offset 4 in an 8-byte
9739 10332 * aligned block.
9740 10333 */
9741 10334 ASSERT(act->dta_prev == NULL ||
9742 10335 !act->dta_prev->dta_intuple);
9743 10336 ASSERT3U(aggbase, ==, UINT32_MAX);
9744 10337 curneeded = P2PHASEUP(ecb->dte_size,
9745 10338 sizeof (uint64_t), sizeof (dtrace_aggid_t));
9746 10339
9747 10340 aggbase = curneeded - sizeof (dtrace_aggid_t);
9748 10341 ASSERT(IS_P2ALIGNED(aggbase,
9749 10342 sizeof (uint64_t)));
9750 10343 }
9751 10344 curneeded = P2ROUNDUP(curneeded, rec->dtrd_alignment);
9752 10345 rec->dtrd_offset = curneeded;
9753 10346 curneeded += rec->dtrd_size;
9754 10347 } else {
9755 10348 /* tuples must be followed by an aggregation */
9756 10349 ASSERT(act->dta_prev == NULL ||
9757 10350 !act->dta_prev->dta_intuple);
9758 10351
9759 10352 ecb->dte_size = P2ROUNDUP(ecb->dte_size,
9760 10353 rec->dtrd_alignment);
9761 10354 rec->dtrd_offset = ecb->dte_size;
9762 10355 ecb->dte_size += rec->dtrd_size;
9763 10356 ecb->dte_needed = MAX(ecb->dte_needed, ecb->dte_size);
9764 10357 }
9765 10358 }
9766 10359
9767 10360 if ((act = ecb->dte_action) != NULL &&
9768 10361 !(act->dta_kind == DTRACEACT_SPECULATE && act->dta_next == NULL) &&
9769 10362 ecb->dte_size == sizeof (dtrace_rechdr_t)) {
9770 10363 /*
9771 10364 * If the size is still sizeof (dtrace_rechdr_t), then all
9772 10365 * actions store no data; set the size to 0.
9773 10366 */
9774 10367 ecb->dte_size = 0;
9775 10368 }
9776 10369
9777 10370 ecb->dte_size = P2ROUNDUP(ecb->dte_size, sizeof (dtrace_epid_t));
9778 10371 ecb->dte_needed = P2ROUNDUP(ecb->dte_needed, (sizeof (dtrace_epid_t)));
9779 10372 ecb->dte_state->dts_needed = MAX(ecb->dte_state->dts_needed,
9780 10373 ecb->dte_needed);
9781 10374 }
9782 10375
9783 10376 static dtrace_action_t *
9784 10377 dtrace_ecb_aggregation_create(dtrace_ecb_t *ecb, dtrace_actdesc_t *desc)
9785 10378 {
9786 10379 dtrace_aggregation_t *agg;
9787 10380 size_t size = sizeof (uint64_t);
9788 10381 int ntuple = desc->dtad_ntuple;
9789 10382 dtrace_action_t *act;
9790 10383 dtrace_recdesc_t *frec;
9791 10384 dtrace_aggid_t aggid;
9792 10385 dtrace_state_t *state = ecb->dte_state;
9793 10386
9794 10387 agg = kmem_zalloc(sizeof (dtrace_aggregation_t), KM_SLEEP);
9795 10388 agg->dtag_ecb = ecb;
9796 10389
9797 10390 ASSERT(DTRACEACT_ISAGG(desc->dtad_kind));
9798 10391
9799 10392 switch (desc->dtad_kind) {
9800 10393 case DTRACEAGG_MIN:
9801 10394 agg->dtag_initial = INT64_MAX;
9802 10395 agg->dtag_aggregate = dtrace_aggregate_min;
9803 10396 break;
9804 10397
9805 10398 case DTRACEAGG_MAX:
9806 10399 agg->dtag_initial = INT64_MIN;
9807 10400 agg->dtag_aggregate = dtrace_aggregate_max;
9808 10401 break;
9809 10402
9810 10403 case DTRACEAGG_COUNT:
9811 10404 agg->dtag_aggregate = dtrace_aggregate_count;
9812 10405 break;
9813 10406
9814 10407 case DTRACEAGG_QUANTIZE:
9815 10408 agg->dtag_aggregate = dtrace_aggregate_quantize;
9816 10409 size = (((sizeof (uint64_t) * NBBY) - 1) * 2 + 1) *
9817 10410 sizeof (uint64_t);
9818 10411 break;
9819 10412
9820 10413 case DTRACEAGG_LQUANTIZE: {
9821 10414 uint16_t step = DTRACE_LQUANTIZE_STEP(desc->dtad_arg);
9822 10415 uint16_t levels = DTRACE_LQUANTIZE_LEVELS(desc->dtad_arg);
9823 10416
9824 10417 agg->dtag_initial = desc->dtad_arg;
9825 10418 agg->dtag_aggregate = dtrace_aggregate_lquantize;
9826 10419
9827 10420 if (step == 0 || levels == 0)
9828 10421 goto err;
9829 10422
9830 10423 size = levels * sizeof (uint64_t) + 3 * sizeof (uint64_t);
9831 10424 break;
9832 10425 }
9833 10426
9834 10427 case DTRACEAGG_LLQUANTIZE: {
9835 10428 uint16_t factor = DTRACE_LLQUANTIZE_FACTOR(desc->dtad_arg);
9836 10429 uint16_t low = DTRACE_LLQUANTIZE_LOW(desc->dtad_arg);
9837 10430 uint16_t high = DTRACE_LLQUANTIZE_HIGH(desc->dtad_arg);
9838 10431 uint16_t nsteps = DTRACE_LLQUANTIZE_NSTEP(desc->dtad_arg);
9839 10432 int64_t v;
9840 10433
9841 10434 agg->dtag_initial = desc->dtad_arg;
9842 10435 agg->dtag_aggregate = dtrace_aggregate_llquantize;
9843 10436
9844 10437 if (factor < 2 || low >= high || nsteps < factor)
9845 10438 goto err;
9846 10439
9847 10440 /*
9848 10441 * Now check that the number of steps evenly divides a power
9849 10442 * of the factor. (This assures both integer bucket size and
9850 10443 * linearity within each magnitude.)
9851 10444 */
9852 10445 for (v = factor; v < nsteps; v *= factor)
9853 10446 continue;
9854 10447
9855 10448 if ((v % nsteps) || (nsteps % factor))
9856 10449 goto err;
9857 10450
9858 10451 size = (dtrace_aggregate_llquantize_bucket(factor,
9859 10452 low, high, nsteps, INT64_MAX) + 2) * sizeof (uint64_t);
9860 10453 break;
9861 10454 }
9862 10455
9863 10456 case DTRACEAGG_AVG:
9864 10457 agg->dtag_aggregate = dtrace_aggregate_avg;
9865 10458 size = sizeof (uint64_t) * 2;
9866 10459 break;
9867 10460
9868 10461 case DTRACEAGG_STDDEV:
9869 10462 agg->dtag_aggregate = dtrace_aggregate_stddev;
9870 10463 size = sizeof (uint64_t) * 4;
9871 10464 break;
9872 10465
9873 10466 case DTRACEAGG_SUM:
9874 10467 agg->dtag_aggregate = dtrace_aggregate_sum;
9875 10468 break;
9876 10469
9877 10470 default:
9878 10471 goto err;
9879 10472 }
9880 10473
9881 10474 agg->dtag_action.dta_rec.dtrd_size = size;
9882 10475
9883 10476 if (ntuple == 0)
9884 10477 goto err;
9885 10478
9886 10479 /*
9887 10480 * We must make sure that we have enough actions for the n-tuple.
9888 10481 */
9889 10482 for (act = ecb->dte_action_last; act != NULL; act = act->dta_prev) {
9890 10483 if (DTRACEACT_ISAGG(act->dta_kind))
9891 10484 break;
9892 10485
9893 10486 if (--ntuple == 0) {
9894 10487 /*
9895 10488 * This is the action with which our n-tuple begins.
9896 10489 */
9897 10490 agg->dtag_first = act;
9898 10491 goto success;
9899 10492 }
9900 10493 }
9901 10494
9902 10495 /*
9903 10496 * This n-tuple is short by ntuple elements. Return failure.
9904 10497 */
9905 10498 ASSERT(ntuple != 0);
9906 10499 err:
9907 10500 kmem_free(agg, sizeof (dtrace_aggregation_t));
9908 10501 return (NULL);
9909 10502
9910 10503 success:
9911 10504 /*
9912 10505 * If the last action in the tuple has a size of zero, it's actually
9913 10506 * an expression argument for the aggregating action.
9914 10507 */
9915 10508 ASSERT(ecb->dte_action_last != NULL);
9916 10509 act = ecb->dte_action_last;
9917 10510
9918 10511 if (act->dta_kind == DTRACEACT_DIFEXPR) {
9919 10512 ASSERT(act->dta_difo != NULL);
9920 10513
9921 10514 if (act->dta_difo->dtdo_rtype.dtdt_size == 0)
9922 10515 agg->dtag_hasarg = 1;
9923 10516 }
9924 10517
9925 10518 /*
9926 10519 * We need to allocate an id for this aggregation.
9927 10520 */
9928 10521 aggid = (dtrace_aggid_t)(uintptr_t)vmem_alloc(state->dts_aggid_arena, 1,
9929 10522 VM_BESTFIT | VM_SLEEP);
9930 10523
9931 10524 if (aggid - 1 >= state->dts_naggregations) {
9932 10525 dtrace_aggregation_t **oaggs = state->dts_aggregations;
9933 10526 dtrace_aggregation_t **aggs;
9934 10527 int naggs = state->dts_naggregations << 1;
9935 10528 int onaggs = state->dts_naggregations;
9936 10529
9937 10530 ASSERT(aggid == state->dts_naggregations + 1);
9938 10531
9939 10532 if (naggs == 0) {
9940 10533 ASSERT(oaggs == NULL);
9941 10534 naggs = 1;
9942 10535 }
9943 10536
9944 10537 aggs = kmem_zalloc(naggs * sizeof (*aggs), KM_SLEEP);
9945 10538
9946 10539 if (oaggs != NULL) {
9947 10540 bcopy(oaggs, aggs, onaggs * sizeof (*aggs));
9948 10541 kmem_free(oaggs, onaggs * sizeof (*aggs));
9949 10542 }
9950 10543
9951 10544 state->dts_aggregations = aggs;
9952 10545 state->dts_naggregations = naggs;
9953 10546 }
9954 10547
9955 10548 ASSERT(state->dts_aggregations[aggid - 1] == NULL);
9956 10549 state->dts_aggregations[(agg->dtag_id = aggid) - 1] = agg;
9957 10550
9958 10551 frec = &agg->dtag_first->dta_rec;
9959 10552 if (frec->dtrd_alignment < sizeof (dtrace_aggid_t))
9960 10553 frec->dtrd_alignment = sizeof (dtrace_aggid_t);
9961 10554
9962 10555 for (act = agg->dtag_first; act != NULL; act = act->dta_next) {
9963 10556 ASSERT(!act->dta_intuple);
9964 10557 act->dta_intuple = 1;
9965 10558 }
9966 10559
9967 10560 return (&agg->dtag_action);
9968 10561 }
9969 10562
9970 10563 static void
9971 10564 dtrace_ecb_aggregation_destroy(dtrace_ecb_t *ecb, dtrace_action_t *act)
9972 10565 {
9973 10566 dtrace_aggregation_t *agg = (dtrace_aggregation_t *)act;
9974 10567 dtrace_state_t *state = ecb->dte_state;
9975 10568 dtrace_aggid_t aggid = agg->dtag_id;
9976 10569
9977 10570 ASSERT(DTRACEACT_ISAGG(act->dta_kind));
9978 10571 vmem_free(state->dts_aggid_arena, (void *)(uintptr_t)aggid, 1);
9979 10572
9980 10573 ASSERT(state->dts_aggregations[aggid - 1] == agg);
9981 10574 state->dts_aggregations[aggid - 1] = NULL;
9982 10575
9983 10576 kmem_free(agg, sizeof (dtrace_aggregation_t));
9984 10577 }
9985 10578
9986 10579 static int
9987 10580 dtrace_ecb_action_add(dtrace_ecb_t *ecb, dtrace_actdesc_t *desc)
9988 10581 {
9989 10582 dtrace_action_t *action, *last;
9990 10583 dtrace_difo_t *dp = desc->dtad_difo;
9991 10584 uint32_t size = 0, align = sizeof (uint8_t), mask;
9992 10585 uint16_t format = 0;
9993 10586 dtrace_recdesc_t *rec;
9994 10587 dtrace_state_t *state = ecb->dte_state;
9995 10588 dtrace_optval_t *opt = state->dts_options, nframes, strsize;
9996 10589 uint64_t arg = desc->dtad_arg;
9997 10590
9998 10591 ASSERT(MUTEX_HELD(&dtrace_lock));
9999 10592 ASSERT(ecb->dte_action == NULL || ecb->dte_action->dta_refcnt == 1);
10000 10593
10001 10594 if (DTRACEACT_ISAGG(desc->dtad_kind)) {
10002 10595 /*
10003 10596 * If this is an aggregating action, there must be neither
10004 10597 * a speculate nor a commit on the action chain.
10005 10598 */
10006 10599 dtrace_action_t *act;
10007 10600
10008 10601 for (act = ecb->dte_action; act != NULL; act = act->dta_next) {
10009 10602 if (act->dta_kind == DTRACEACT_COMMIT)
10010 10603 return (EINVAL);
10011 10604
10012 10605 if (act->dta_kind == DTRACEACT_SPECULATE)
10013 10606 return (EINVAL);
10014 10607 }
10015 10608
10016 10609 action = dtrace_ecb_aggregation_create(ecb, desc);
10017 10610
10018 10611 if (action == NULL)
10019 10612 return (EINVAL);
10020 10613 } else {
10021 10614 if (DTRACEACT_ISDESTRUCTIVE(desc->dtad_kind) ||
10022 10615 (desc->dtad_kind == DTRACEACT_DIFEXPR &&
10023 10616 dp != NULL && dp->dtdo_destructive)) {
10024 10617 state->dts_destructive = 1;
10025 10618 }
10026 10619
10027 10620 switch (desc->dtad_kind) {
10028 10621 case DTRACEACT_PRINTF:
10029 10622 case DTRACEACT_PRINTA:
10030 10623 case DTRACEACT_SYSTEM:
10031 10624 case DTRACEACT_FREOPEN:
10032 10625 case DTRACEACT_DIFEXPR:
10033 10626 /*
10034 10627 * We know that our arg is a string -- turn it into a
10035 10628 * format.
10036 10629 */
10037 10630 if (arg == NULL) {
10038 10631 ASSERT(desc->dtad_kind == DTRACEACT_PRINTA ||
10039 10632 desc->dtad_kind == DTRACEACT_DIFEXPR);
10040 10633 format = 0;
10041 10634 } else {
10042 10635 ASSERT(arg != NULL);
10043 10636 ASSERT(arg > KERNELBASE);
10044 10637 format = dtrace_format_add(state,
10045 10638 (char *)(uintptr_t)arg);
10046 10639 }
10047 10640
10048 10641 /*FALLTHROUGH*/
10049 10642 case DTRACEACT_LIBACT:
10050 10643 case DTRACEACT_TRACEMEM:
10051 10644 case DTRACEACT_TRACEMEM_DYNSIZE:
10052 10645 if (dp == NULL)
10053 10646 return (EINVAL);
10054 10647
10055 10648 if ((size = dp->dtdo_rtype.dtdt_size) != 0)
10056 10649 break;
10057 10650
10058 10651 if (dp->dtdo_rtype.dtdt_kind == DIF_TYPE_STRING) {
10059 10652 if (!(dp->dtdo_rtype.dtdt_flags & DIF_TF_BYREF))
10060 10653 return (EINVAL);
10061 10654
10062 10655 size = opt[DTRACEOPT_STRSIZE];
10063 10656 }
10064 10657
10065 10658 break;
10066 10659
10067 10660 case DTRACEACT_STACK:
10068 10661 if ((nframes = arg) == 0) {
10069 10662 nframes = opt[DTRACEOPT_STACKFRAMES];
10070 10663 ASSERT(nframes > 0);
10071 10664 arg = nframes;
10072 10665 }
10073 10666
10074 10667 size = nframes * sizeof (pc_t);
10075 10668 break;
10076 10669
10077 10670 case DTRACEACT_JSTACK:
10078 10671 if ((strsize = DTRACE_USTACK_STRSIZE(arg)) == 0)
10079 10672 strsize = opt[DTRACEOPT_JSTACKSTRSIZE];
10080 10673
10081 10674 if ((nframes = DTRACE_USTACK_NFRAMES(arg)) == 0)
10082 10675 nframes = opt[DTRACEOPT_JSTACKFRAMES];
10083 10676
10084 10677 arg = DTRACE_USTACK_ARG(nframes, strsize);
10085 10678
10086 10679 /*FALLTHROUGH*/
10087 10680 case DTRACEACT_USTACK:
10088 10681 if (desc->dtad_kind != DTRACEACT_JSTACK &&
10089 10682 (nframes = DTRACE_USTACK_NFRAMES(arg)) == 0) {
10090 10683 strsize = DTRACE_USTACK_STRSIZE(arg);
10091 10684 nframes = opt[DTRACEOPT_USTACKFRAMES];
10092 10685 ASSERT(nframes > 0);
10093 10686 arg = DTRACE_USTACK_ARG(nframes, strsize);
10094 10687 }
10095 10688
10096 10689 /*
10097 10690 * Save a slot for the pid.
10098 10691 */
10099 10692 size = (nframes + 1) * sizeof (uint64_t);
10100 10693 size += DTRACE_USTACK_STRSIZE(arg);
10101 10694 size = P2ROUNDUP(size, (uint32_t)(sizeof (uintptr_t)));
10102 10695
10103 10696 break;
10104 10697
10105 10698 case DTRACEACT_SYM:
10106 10699 case DTRACEACT_MOD:
10107 10700 if (dp == NULL || ((size = dp->dtdo_rtype.dtdt_size) !=
10108 10701 sizeof (uint64_t)) ||
10109 10702 (dp->dtdo_rtype.dtdt_flags & DIF_TF_BYREF))
10110 10703 return (EINVAL);
10111 10704 break;
10112 10705
10113 10706 case DTRACEACT_USYM:
10114 10707 case DTRACEACT_UMOD:
10115 10708 case DTRACEACT_UADDR:
10116 10709 if (dp == NULL ||
10117 10710 (dp->dtdo_rtype.dtdt_size != sizeof (uint64_t)) ||
10118 10711 (dp->dtdo_rtype.dtdt_flags & DIF_TF_BYREF))
10119 10712 return (EINVAL);
10120 10713
10121 10714 /*
10122 10715 * We have a slot for the pid, plus a slot for the
10123 10716 * argument. To keep things simple (aligned with
10124 10717 * bitness-neutral sizing), we store each as a 64-bit
10125 10718 * quantity.
10126 10719 */
10127 10720 size = 2 * sizeof (uint64_t);
10128 10721 break;
10129 10722
10130 10723 case DTRACEACT_STOP:
10131 10724 case DTRACEACT_BREAKPOINT:
10132 10725 case DTRACEACT_PANIC:
10133 10726 break;
10134 10727
10135 10728 case DTRACEACT_CHILL:
10136 10729 case DTRACEACT_DISCARD:
10137 10730 case DTRACEACT_RAISE:
10138 10731 if (dp == NULL)
10139 10732 return (EINVAL);
10140 10733 break;
10141 10734
10142 10735 case DTRACEACT_EXIT:
10143 10736 if (dp == NULL ||
10144 10737 (size = dp->dtdo_rtype.dtdt_size) != sizeof (int) ||
10145 10738 (dp->dtdo_rtype.dtdt_flags & DIF_TF_BYREF))
10146 10739 return (EINVAL);
10147 10740 break;
10148 10741
10149 10742 case DTRACEACT_SPECULATE:
10150 10743 if (ecb->dte_size > sizeof (dtrace_rechdr_t))
10151 10744 return (EINVAL);
10152 10745
10153 10746 if (dp == NULL)
10154 10747 return (EINVAL);
10155 10748
10156 10749 state->dts_speculates = 1;
10157 10750 break;
10158 10751
10159 10752 case DTRACEACT_COMMIT: {
10160 10753 dtrace_action_t *act = ecb->dte_action;
10161 10754
10162 10755 for (; act != NULL; act = act->dta_next) {
10163 10756 if (act->dta_kind == DTRACEACT_COMMIT)
10164 10757 return (EINVAL);
10165 10758 }
10166 10759
10167 10760 if (dp == NULL)
10168 10761 return (EINVAL);
10169 10762 break;
10170 10763 }
10171 10764
10172 10765 default:
10173 10766 return (EINVAL);
10174 10767 }
10175 10768
10176 10769 if (size != 0 || desc->dtad_kind == DTRACEACT_SPECULATE) {
10177 10770 /*
10178 10771 * If this is a data-storing action or a speculate,
10179 10772 * we must be sure that there isn't a commit on the
10180 10773 * action chain.
10181 10774 */
10182 10775 dtrace_action_t *act = ecb->dte_action;
10183 10776
10184 10777 for (; act != NULL; act = act->dta_next) {
10185 10778 if (act->dta_kind == DTRACEACT_COMMIT)
10186 10779 return (EINVAL);
10187 10780 }
10188 10781 }
10189 10782
10190 10783 action = kmem_zalloc(sizeof (dtrace_action_t), KM_SLEEP);
10191 10784 action->dta_rec.dtrd_size = size;
10192 10785 }
10193 10786
10194 10787 action->dta_refcnt = 1;
10195 10788 rec = &action->dta_rec;
10196 10789 size = rec->dtrd_size;
10197 10790
10198 10791 for (mask = sizeof (uint64_t) - 1; size != 0 && mask > 0; mask >>= 1) {
10199 10792 if (!(size & mask)) {
10200 10793 align = mask + 1;
10201 10794 break;
10202 10795 }
10203 10796 }
10204 10797
10205 10798 action->dta_kind = desc->dtad_kind;
10206 10799
10207 10800 if ((action->dta_difo = dp) != NULL)
10208 10801 dtrace_difo_hold(dp);
10209 10802
10210 10803 rec->dtrd_action = action->dta_kind;
10211 10804 rec->dtrd_arg = arg;
10212 10805 rec->dtrd_uarg = desc->dtad_uarg;
10213 10806 rec->dtrd_alignment = (uint16_t)align;
10214 10807 rec->dtrd_format = format;
10215 10808
10216 10809 if ((last = ecb->dte_action_last) != NULL) {
10217 10810 ASSERT(ecb->dte_action != NULL);
10218 10811 action->dta_prev = last;
10219 10812 last->dta_next = action;
10220 10813 } else {
10221 10814 ASSERT(ecb->dte_action == NULL);
10222 10815 ecb->dte_action = action;
10223 10816 }
10224 10817
10225 10818 ecb->dte_action_last = action;
10226 10819
10227 10820 return (0);
10228 10821 }
10229 10822
10230 10823 static void
10231 10824 dtrace_ecb_action_remove(dtrace_ecb_t *ecb)
10232 10825 {
10233 10826 dtrace_action_t *act = ecb->dte_action, *next;
10234 10827 dtrace_vstate_t *vstate = &ecb->dte_state->dts_vstate;
10235 10828 dtrace_difo_t *dp;
10236 10829 uint16_t format;
10237 10830
10238 10831 if (act != NULL && act->dta_refcnt > 1) {
10239 10832 ASSERT(act->dta_next == NULL || act->dta_next->dta_refcnt == 1);
10240 10833 act->dta_refcnt--;
10241 10834 } else {
10242 10835 for (; act != NULL; act = next) {
10243 10836 next = act->dta_next;
10244 10837 ASSERT(next != NULL || act == ecb->dte_action_last);
10245 10838 ASSERT(act->dta_refcnt == 1);
10246 10839
10247 10840 if ((format = act->dta_rec.dtrd_format) != 0)
10248 10841 dtrace_format_remove(ecb->dte_state, format);
10249 10842
10250 10843 if ((dp = act->dta_difo) != NULL)
10251 10844 dtrace_difo_release(dp, vstate);
10252 10845
10253 10846 if (DTRACEACT_ISAGG(act->dta_kind)) {
10254 10847 dtrace_ecb_aggregation_destroy(ecb, act);
10255 10848 } else {
10256 10849 kmem_free(act, sizeof (dtrace_action_t));
10257 10850 }
10258 10851 }
10259 10852 }
10260 10853
10261 10854 ecb->dte_action = NULL;
10262 10855 ecb->dte_action_last = NULL;
10263 10856 ecb->dte_size = 0;
10264 10857 }
10265 10858
10266 10859 static void
10267 10860 dtrace_ecb_disable(dtrace_ecb_t *ecb)
10268 10861 {
10269 10862 /*
10270 10863 * We disable the ECB by removing it from its probe.
10271 10864 */
10272 10865 dtrace_ecb_t *pecb, *prev = NULL;
10273 10866 dtrace_probe_t *probe = ecb->dte_probe;
10274 10867
10275 10868 ASSERT(MUTEX_HELD(&dtrace_lock));
10276 10869
10277 10870 if (probe == NULL) {
10278 10871 /*
10279 10872 * This is the NULL probe; there is nothing to disable.
10280 10873 */
10281 10874 return;
10282 10875 }
10283 10876
10284 10877 for (pecb = probe->dtpr_ecb; pecb != NULL; pecb = pecb->dte_next) {
10285 10878 if (pecb == ecb)
10286 10879 break;
10287 10880 prev = pecb;
10288 10881 }
10289 10882
10290 10883 ASSERT(pecb != NULL);
10291 10884
10292 10885 if (prev == NULL) {
10293 10886 probe->dtpr_ecb = ecb->dte_next;
10294 10887 } else {
10295 10888 prev->dte_next = ecb->dte_next;
10296 10889 }
10297 10890
10298 10891 if (ecb == probe->dtpr_ecb_last) {
10299 10892 ASSERT(ecb->dte_next == NULL);
10300 10893 probe->dtpr_ecb_last = prev;
10301 10894 }
10302 10895
10303 10896 /*
10304 10897 * The ECB has been disconnected from the probe; now sync to assure
10305 10898 * that all CPUs have seen the change before returning.
10306 10899 */
10307 10900 dtrace_sync();
10308 10901
10309 10902 if (probe->dtpr_ecb == NULL) {
10310 10903 /*
10311 10904 * That was the last ECB on the probe; clear the predicate
10312 10905 * cache ID for the probe, disable it and sync one more time
10313 10906 * to assure that we'll never hit it again.
10314 10907 */
10315 10908 dtrace_provider_t *prov = probe->dtpr_provider;
10316 10909
10317 10910 ASSERT(ecb->dte_next == NULL);
10318 10911 ASSERT(probe->dtpr_ecb_last == NULL);
10319 10912 probe->dtpr_predcache = DTRACE_CACHEIDNONE;
10320 10913 prov->dtpv_pops.dtps_disable(prov->dtpv_arg,
10321 10914 probe->dtpr_id, probe->dtpr_arg);
10322 10915 dtrace_sync();
10323 10916 } else {
10324 10917 /*
10325 10918 * There is at least one ECB remaining on the probe. If there
10326 10919 * is _exactly_ one, set the probe's predicate cache ID to be
10327 10920 * the predicate cache ID of the remaining ECB.
10328 10921 */
10329 10922 ASSERT(probe->dtpr_ecb_last != NULL);
10330 10923 ASSERT(probe->dtpr_predcache == DTRACE_CACHEIDNONE);
10331 10924
10332 10925 if (probe->dtpr_ecb == probe->dtpr_ecb_last) {
10333 10926 dtrace_predicate_t *p = probe->dtpr_ecb->dte_predicate;
10334 10927
10335 10928 ASSERT(probe->dtpr_ecb->dte_next == NULL);
10336 10929
10337 10930 if (p != NULL)
10338 10931 probe->dtpr_predcache = p->dtp_cacheid;
10339 10932 }
10340 10933
10341 10934 ecb->dte_next = NULL;
10342 10935 }
10343 10936 }
10344 10937
10345 10938 static void
10346 10939 dtrace_ecb_destroy(dtrace_ecb_t *ecb)
10347 10940 {
10348 10941 dtrace_state_t *state = ecb->dte_state;
10349 10942 dtrace_vstate_t *vstate = &state->dts_vstate;
10350 10943 dtrace_predicate_t *pred;
10351 10944 dtrace_epid_t epid = ecb->dte_epid;
10352 10945
10353 10946 ASSERT(MUTEX_HELD(&dtrace_lock));
10354 10947 ASSERT(ecb->dte_next == NULL);
10355 10948 ASSERT(ecb->dte_probe == NULL || ecb->dte_probe->dtpr_ecb != ecb);
10356 10949
10357 10950 if ((pred = ecb->dte_predicate) != NULL)
10358 10951 dtrace_predicate_release(pred, vstate);
10359 10952
10360 10953 dtrace_ecb_action_remove(ecb);
10361 10954
10362 10955 ASSERT(state->dts_ecbs[epid - 1] == ecb);
10363 10956 state->dts_ecbs[epid - 1] = NULL;
10364 10957
10365 10958 kmem_free(ecb, sizeof (dtrace_ecb_t));
10366 10959 }
10367 10960
10368 10961 static dtrace_ecb_t *
10369 10962 dtrace_ecb_create(dtrace_state_t *state, dtrace_probe_t *probe,
10370 10963 dtrace_enabling_t *enab)
10371 10964 {
10372 10965 dtrace_ecb_t *ecb;
10373 10966 dtrace_predicate_t *pred;
10374 10967 dtrace_actdesc_t *act;
10375 10968 dtrace_provider_t *prov;
10376 10969 dtrace_ecbdesc_t *desc = enab->dten_current;
10377 10970
10378 10971 ASSERT(MUTEX_HELD(&dtrace_lock));
10379 10972 ASSERT(state != NULL);
10380 10973
10381 10974 ecb = dtrace_ecb_add(state, probe);
10382 10975 ecb->dte_uarg = desc->dted_uarg;
10383 10976
10384 10977 if ((pred = desc->dted_pred.dtpdd_predicate) != NULL) {
10385 10978 dtrace_predicate_hold(pred);
10386 10979 ecb->dte_predicate = pred;
10387 10980 }
10388 10981
10389 10982 if (probe != NULL) {
10390 10983 /*
10391 10984 * If the provider shows more leg than the consumer is old
10392 10985 * enough to see, we need to enable the appropriate implicit
10393 10986 * predicate bits to prevent the ecb from activating at
10394 10987 * revealing times.
10395 10988 *
10396 10989 * Providers specifying DTRACE_PRIV_USER at register time
10397 10990 * are stating that they need the /proc-style privilege
10398 10991 * model to be enforced, and this is what DTRACE_COND_OWNER
10399 10992 * and DTRACE_COND_ZONEOWNER will then do at probe time.
10400 10993 */
10401 10994 prov = probe->dtpr_provider;
10402 10995 if (!(state->dts_cred.dcr_visible & DTRACE_CRV_ALLPROC) &&
10403 10996 (prov->dtpv_priv.dtpp_flags & DTRACE_PRIV_USER))
10404 10997 ecb->dte_cond |= DTRACE_COND_OWNER;
10405 10998
10406 10999 if (!(state->dts_cred.dcr_visible & DTRACE_CRV_ALLZONE) &&
10407 11000 (prov->dtpv_priv.dtpp_flags & DTRACE_PRIV_USER))
10408 11001 ecb->dte_cond |= DTRACE_COND_ZONEOWNER;
10409 11002
10410 11003 /*
10411 11004 * If the provider shows us kernel innards and the user
10412 11005 * is lacking sufficient privilege, enable the
10413 11006 * DTRACE_COND_USERMODE implicit predicate.
10414 11007 */
10415 11008 if (!(state->dts_cred.dcr_visible & DTRACE_CRV_KERNEL) &&
10416 11009 (prov->dtpv_priv.dtpp_flags & DTRACE_PRIV_KERNEL))
10417 11010 ecb->dte_cond |= DTRACE_COND_USERMODE;
10418 11011 }
10419 11012
10420 11013 if (dtrace_ecb_create_cache != NULL) {
10421 11014 /*
10422 11015 * If we have a cached ecb, we'll use its action list instead
10423 11016 * of creating our own (saving both time and space).
10424 11017 */
10425 11018 dtrace_ecb_t *cached = dtrace_ecb_create_cache;
10426 11019 dtrace_action_t *act = cached->dte_action;
10427 11020
10428 11021 if (act != NULL) {
10429 11022 ASSERT(act->dta_refcnt > 0);
10430 11023 act->dta_refcnt++;
10431 11024 ecb->dte_action = act;
10432 11025 ecb->dte_action_last = cached->dte_action_last;
10433 11026 ecb->dte_needed = cached->dte_needed;
10434 11027 ecb->dte_size = cached->dte_size;
10435 11028 ecb->dte_alignment = cached->dte_alignment;
10436 11029 }
10437 11030
10438 11031 return (ecb);
10439 11032 }
10440 11033
10441 11034 for (act = desc->dted_action; act != NULL; act = act->dtad_next) {
10442 11035 if ((enab->dten_error = dtrace_ecb_action_add(ecb, act)) != 0) {
10443 11036 dtrace_ecb_destroy(ecb);
10444 11037 return (NULL);
10445 11038 }
10446 11039 }
10447 11040
10448 11041 dtrace_ecb_resize(ecb);
10449 11042
10450 11043 return (dtrace_ecb_create_cache = ecb);
10451 11044 }
10452 11045
10453 11046 static int
10454 11047 dtrace_ecb_create_enable(dtrace_probe_t *probe, void *arg)
10455 11048 {
10456 11049 dtrace_ecb_t *ecb;
10457 11050 dtrace_enabling_t *enab = arg;
10458 11051 dtrace_state_t *state = enab->dten_vstate->dtvs_state;
10459 11052
10460 11053 ASSERT(state != NULL);
10461 11054
10462 11055 if (probe != NULL && probe->dtpr_gen < enab->dten_probegen) {
10463 11056 /*
10464 11057 * This probe was created in a generation for which this
10465 11058 * enabling has previously created ECBs; we don't want to
10466 11059 * enable it again, so just kick out.
10467 11060 */
10468 11061 return (DTRACE_MATCH_NEXT);
10469 11062 }
10470 11063
10471 11064 if ((ecb = dtrace_ecb_create(state, probe, enab)) == NULL)
10472 11065 return (DTRACE_MATCH_DONE);
10473 11066
10474 11067 if (dtrace_ecb_enable(ecb) < 0)
10475 11068 return (DTRACE_MATCH_FAIL);
10476 11069
10477 11070 return (DTRACE_MATCH_NEXT);
10478 11071 }
10479 11072
10480 11073 static dtrace_ecb_t *
10481 11074 dtrace_epid2ecb(dtrace_state_t *state, dtrace_epid_t id)
10482 11075 {
10483 11076 dtrace_ecb_t *ecb;
10484 11077
10485 11078 ASSERT(MUTEX_HELD(&dtrace_lock));
10486 11079
10487 11080 if (id == 0 || id > state->dts_necbs)
10488 11081 return (NULL);
10489 11082
10490 11083 ASSERT(state->dts_necbs > 0 && state->dts_ecbs != NULL);
10491 11084 ASSERT((ecb = state->dts_ecbs[id - 1]) == NULL || ecb->dte_epid == id);
10492 11085
10493 11086 return (state->dts_ecbs[id - 1]);
10494 11087 }
10495 11088
10496 11089 static dtrace_aggregation_t *
10497 11090 dtrace_aggid2agg(dtrace_state_t *state, dtrace_aggid_t id)
10498 11091 {
10499 11092 dtrace_aggregation_t *agg;
10500 11093
10501 11094 ASSERT(MUTEX_HELD(&dtrace_lock));
10502 11095
10503 11096 if (id == 0 || id > state->dts_naggregations)
10504 11097 return (NULL);
10505 11098
10506 11099 ASSERT(state->dts_naggregations > 0 && state->dts_aggregations != NULL);
10507 11100 ASSERT((agg = state->dts_aggregations[id - 1]) == NULL ||
10508 11101 agg->dtag_id == id);
10509 11102
10510 11103 return (state->dts_aggregations[id - 1]);
10511 11104 }
10512 11105
10513 11106 /*
10514 11107 * DTrace Buffer Functions
10515 11108 *
10516 11109 * The following functions manipulate DTrace buffers. Most of these functions
10517 11110 * are called in the context of establishing or processing consumer state;
10518 11111 * exceptions are explicitly noted.
10519 11112 */
10520 11113
10521 11114 /*
10522 11115 * Note: called from cross call context. This function switches the two
10523 11116 * buffers on a given CPU. The atomicity of this operation is assured by
10524 11117 * disabling interrupts while the actual switch takes place; the disabling of
10525 11118 * interrupts serializes the execution with any execution of dtrace_probe() on
10526 11119 * the same CPU.
10527 11120 */
10528 11121 static void
10529 11122 dtrace_buffer_switch(dtrace_buffer_t *buf)
10530 11123 {
10531 11124 caddr_t tomax = buf->dtb_tomax;
10532 11125 caddr_t xamot = buf->dtb_xamot;
10533 11126 dtrace_icookie_t cookie;
10534 11127 hrtime_t now;
10535 11128
10536 11129 ASSERT(!(buf->dtb_flags & DTRACEBUF_NOSWITCH));
10537 11130 ASSERT(!(buf->dtb_flags & DTRACEBUF_RING));
10538 11131
10539 11132 cookie = dtrace_interrupt_disable();
10540 11133 now = dtrace_gethrtime();
10541 11134 buf->dtb_tomax = xamot;
10542 11135 buf->dtb_xamot = tomax;
10543 11136 buf->dtb_xamot_drops = buf->dtb_drops;
10544 11137 buf->dtb_xamot_offset = buf->dtb_offset;
10545 11138 buf->dtb_xamot_errors = buf->dtb_errors;
10546 11139 buf->dtb_xamot_flags = buf->dtb_flags;
10547 11140 buf->dtb_offset = 0;
10548 11141 buf->dtb_drops = 0;
10549 11142 buf->dtb_errors = 0;
10550 11143 buf->dtb_flags &= ~(DTRACEBUF_ERROR | DTRACEBUF_DROPPED);
10551 11144 buf->dtb_interval = now - buf->dtb_switched;
10552 11145 buf->dtb_switched = now;
10553 11146 dtrace_interrupt_enable(cookie);
10554 11147 }
10555 11148
10556 11149 /*
10557 11150 * Note: called from cross call context. This function activates a buffer
10558 11151 * on a CPU. As with dtrace_buffer_switch(), the atomicity of the operation
10559 11152 * is guaranteed by the disabling of interrupts.
10560 11153 */
10561 11154 static void
10562 11155 dtrace_buffer_activate(dtrace_state_t *state)
10563 11156 {
10564 11157 dtrace_buffer_t *buf;
10565 11158 dtrace_icookie_t cookie = dtrace_interrupt_disable();
10566 11159
10567 11160 buf = &state->dts_buffer[CPU->cpu_id];
10568 11161
10569 11162 if (buf->dtb_tomax != NULL) {
10570 11163 /*
10571 11164 * We might like to assert that the buffer is marked inactive,
10572 11165 * but this isn't necessarily true: the buffer for the CPU
10573 11166 * that processes the BEGIN probe has its buffer activated
10574 11167 * manually. In this case, we take the (harmless) action
10575 11168 * re-clearing the bit INACTIVE bit.
10576 11169 */
10577 11170 buf->dtb_flags &= ~DTRACEBUF_INACTIVE;
10578 11171 }
10579 11172
10580 11173 dtrace_interrupt_enable(cookie);
10581 11174 }
10582 11175
10583 11176 static int
10584 11177 dtrace_buffer_alloc(dtrace_buffer_t *bufs, size_t size, int flags,
10585 11178 processorid_t cpu, int *factor)
10586 11179 {
10587 11180 cpu_t *cp;
10588 11181 dtrace_buffer_t *buf;
10589 11182 int allocated = 0, desired = 0;
10590 11183
10591 11184 ASSERT(MUTEX_HELD(&cpu_lock));
10592 11185 ASSERT(MUTEX_HELD(&dtrace_lock));
10593 11186
10594 11187 *factor = 1;
10595 11188
10596 11189 if (size > dtrace_nonroot_maxsize &&
10597 11190 !PRIV_POLICY_CHOICE(CRED(), PRIV_ALL, B_FALSE))
10598 11191 return (EFBIG);
10599 11192
10600 11193 cp = cpu_list;
10601 11194
10602 11195 do {
10603 11196 if (cpu != DTRACE_CPUALL && cpu != cp->cpu_id)
10604 11197 continue;
10605 11198
10606 11199 buf = &bufs[cp->cpu_id];
10607 11200
10608 11201 /*
10609 11202 * If there is already a buffer allocated for this CPU, it
10610 11203 * is only possible that this is a DR event. In this case,
10611 11204 * the buffer size must match our specified size.
10612 11205 */
10613 11206 if (buf->dtb_tomax != NULL) {
10614 11207 ASSERT(buf->dtb_size == size);
10615 11208 continue;
10616 11209 }
10617 11210
10618 11211 ASSERT(buf->dtb_xamot == NULL);
10619 11212
10620 11213 if ((buf->dtb_tomax = kmem_zalloc(size,
10621 11214 KM_NOSLEEP | KM_NORMALPRI)) == NULL)
10622 11215 goto err;
10623 11216
10624 11217 buf->dtb_size = size;
10625 11218 buf->dtb_flags = flags;
10626 11219 buf->dtb_offset = 0;
10627 11220 buf->dtb_drops = 0;
10628 11221
10629 11222 if (flags & DTRACEBUF_NOSWITCH)
10630 11223 continue;
10631 11224
10632 11225 if ((buf->dtb_xamot = kmem_zalloc(size,
10633 11226 KM_NOSLEEP | KM_NORMALPRI)) == NULL)
10634 11227 goto err;
10635 11228 } while ((cp = cp->cpu_next) != cpu_list);
10636 11229
10637 11230 return (0);
10638 11231
10639 11232 err:
10640 11233 cp = cpu_list;
10641 11234
10642 11235 do {
10643 11236 if (cpu != DTRACE_CPUALL && cpu != cp->cpu_id)
10644 11237 continue;
10645 11238
10646 11239 buf = &bufs[cp->cpu_id];
10647 11240 desired += 2;
10648 11241
10649 11242 if (buf->dtb_xamot != NULL) {
10650 11243 ASSERT(buf->dtb_tomax != NULL);
10651 11244 ASSERT(buf->dtb_size == size);
10652 11245 kmem_free(buf->dtb_xamot, size);
10653 11246 allocated++;
10654 11247 }
10655 11248
10656 11249 if (buf->dtb_tomax != NULL) {
10657 11250 ASSERT(buf->dtb_size == size);
10658 11251 kmem_free(buf->dtb_tomax, size);
10659 11252 allocated++;
10660 11253 }
10661 11254
10662 11255 buf->dtb_tomax = NULL;
10663 11256 buf->dtb_xamot = NULL;
10664 11257 buf->dtb_size = 0;
10665 11258 } while ((cp = cp->cpu_next) != cpu_list);
10666 11259
10667 11260 *factor = desired / (allocated > 0 ? allocated : 1);
10668 11261
10669 11262 return (ENOMEM);
10670 11263 }
10671 11264
10672 11265 /*
10673 11266 * Note: called from probe context. This function just increments the drop
10674 11267 * count on a buffer. It has been made a function to allow for the
10675 11268 * possibility of understanding the source of mysterious drop counts. (A
10676 11269 * problem for which one may be particularly disappointed that DTrace cannot
10677 11270 * be used to understand DTrace.)
10678 11271 */
10679 11272 static void
10680 11273 dtrace_buffer_drop(dtrace_buffer_t *buf)
10681 11274 {
10682 11275 buf->dtb_drops++;
10683 11276 }
10684 11277
10685 11278 /*
10686 11279 * Note: called from probe context. This function is called to reserve space
10687 11280 * in a buffer. If mstate is non-NULL, sets the scratch base and size in the
10688 11281 * mstate. Returns the new offset in the buffer, or a negative value if an
10689 11282 * error has occurred.
10690 11283 */
10691 11284 static intptr_t
10692 11285 dtrace_buffer_reserve(dtrace_buffer_t *buf, size_t needed, size_t align,
10693 11286 dtrace_state_t *state, dtrace_mstate_t *mstate)
10694 11287 {
10695 11288 intptr_t offs = buf->dtb_offset, soffs;
10696 11289 intptr_t woffs;
10697 11290 caddr_t tomax;
10698 11291 size_t total;
10699 11292
10700 11293 if (buf->dtb_flags & DTRACEBUF_INACTIVE)
10701 11294 return (-1);
10702 11295
10703 11296 if ((tomax = buf->dtb_tomax) == NULL) {
10704 11297 dtrace_buffer_drop(buf);
10705 11298 return (-1);
10706 11299 }
10707 11300
10708 11301 if (!(buf->dtb_flags & (DTRACEBUF_RING | DTRACEBUF_FILL))) {
10709 11302 while (offs & (align - 1)) {
10710 11303 /*
10711 11304 * Assert that our alignment is off by a number which
10712 11305 * is itself sizeof (uint32_t) aligned.
10713 11306 */
10714 11307 ASSERT(!((align - (offs & (align - 1))) &
10715 11308 (sizeof (uint32_t) - 1)));
10716 11309 DTRACE_STORE(uint32_t, tomax, offs, DTRACE_EPIDNONE);
10717 11310 offs += sizeof (uint32_t);
10718 11311 }
10719 11312
10720 11313 if ((soffs = offs + needed) > buf->dtb_size) {
10721 11314 dtrace_buffer_drop(buf);
10722 11315 return (-1);
10723 11316 }
10724 11317
10725 11318 if (mstate == NULL)
10726 11319 return (offs);
10727 11320
10728 11321 mstate->dtms_scratch_base = (uintptr_t)tomax + soffs;
10729 11322 mstate->dtms_scratch_size = buf->dtb_size - soffs;
10730 11323 mstate->dtms_scratch_ptr = mstate->dtms_scratch_base;
10731 11324
10732 11325 return (offs);
10733 11326 }
10734 11327
10735 11328 if (buf->dtb_flags & DTRACEBUF_FILL) {
10736 11329 if (state->dts_activity != DTRACE_ACTIVITY_COOLDOWN &&
10737 11330 (buf->dtb_flags & DTRACEBUF_FULL))
10738 11331 return (-1);
10739 11332 goto out;
10740 11333 }
10741 11334
10742 11335 total = needed + (offs & (align - 1));
10743 11336
10744 11337 /*
10745 11338 * For a ring buffer, life is quite a bit more complicated. Before
10746 11339 * we can store any padding, we need to adjust our wrapping offset.
10747 11340 * (If we've never before wrapped or we're not about to, no adjustment
10748 11341 * is required.)
10749 11342 */
10750 11343 if ((buf->dtb_flags & DTRACEBUF_WRAPPED) ||
10751 11344 offs + total > buf->dtb_size) {
10752 11345 woffs = buf->dtb_xamot_offset;
10753 11346
10754 11347 if (offs + total > buf->dtb_size) {
10755 11348 /*
10756 11349 * We can't fit in the end of the buffer. First, a
10757 11350 * sanity check that we can fit in the buffer at all.
10758 11351 */
10759 11352 if (total > buf->dtb_size) {
10760 11353 dtrace_buffer_drop(buf);
10761 11354 return (-1);
10762 11355 }
10763 11356
10764 11357 /*
10765 11358 * We're going to be storing at the top of the buffer,
10766 11359 * so now we need to deal with the wrapped offset. We
10767 11360 * only reset our wrapped offset to 0 if it is
10768 11361 * currently greater than the current offset. If it
10769 11362 * is less than the current offset, it is because a
10770 11363 * previous allocation induced a wrap -- but the
10771 11364 * allocation didn't subsequently take the space due
10772 11365 * to an error or false predicate evaluation. In this
10773 11366 * case, we'll just leave the wrapped offset alone: if
10774 11367 * the wrapped offset hasn't been advanced far enough
10775 11368 * for this allocation, it will be adjusted in the
10776 11369 * lower loop.
10777 11370 */
10778 11371 if (buf->dtb_flags & DTRACEBUF_WRAPPED) {
10779 11372 if (woffs >= offs)
10780 11373 woffs = 0;
10781 11374 } else {
10782 11375 woffs = 0;
10783 11376 }
10784 11377
10785 11378 /*
10786 11379 * Now we know that we're going to be storing to the
10787 11380 * top of the buffer and that there is room for us
10788 11381 * there. We need to clear the buffer from the current
10789 11382 * offset to the end (there may be old gunk there).
10790 11383 */
10791 11384 while (offs < buf->dtb_size)
10792 11385 tomax[offs++] = 0;
10793 11386
10794 11387 /*
10795 11388 * We need to set our offset to zero. And because we
10796 11389 * are wrapping, we need to set the bit indicating as
10797 11390 * much. We can also adjust our needed space back
10798 11391 * down to the space required by the ECB -- we know
10799 11392 * that the top of the buffer is aligned.
10800 11393 */
10801 11394 offs = 0;
10802 11395 total = needed;
10803 11396 buf->dtb_flags |= DTRACEBUF_WRAPPED;
10804 11397 } else {
10805 11398 /*
10806 11399 * There is room for us in the buffer, so we simply
10807 11400 * need to check the wrapped offset.
10808 11401 */
10809 11402 if (woffs < offs) {
10810 11403 /*
10811 11404 * The wrapped offset is less than the offset.
10812 11405 * This can happen if we allocated buffer space
10813 11406 * that induced a wrap, but then we didn't
10814 11407 * subsequently take the space due to an error
10815 11408 * or false predicate evaluation. This is
10816 11409 * okay; we know that _this_ allocation isn't
10817 11410 * going to induce a wrap. We still can't
10818 11411 * reset the wrapped offset to be zero,
10819 11412 * however: the space may have been trashed in
10820 11413 * the previous failed probe attempt. But at
10821 11414 * least the wrapped offset doesn't need to
10822 11415 * be adjusted at all...
10823 11416 */
10824 11417 goto out;
10825 11418 }
10826 11419 }
10827 11420
10828 11421 while (offs + total > woffs) {
10829 11422 dtrace_epid_t epid = *(uint32_t *)(tomax + woffs);
10830 11423 size_t size;
10831 11424
10832 11425 if (epid == DTRACE_EPIDNONE) {
10833 11426 size = sizeof (uint32_t);
10834 11427 } else {
10835 11428 ASSERT3U(epid, <=, state->dts_necbs);
10836 11429 ASSERT(state->dts_ecbs[epid - 1] != NULL);
10837 11430
10838 11431 size = state->dts_ecbs[epid - 1]->dte_size;
10839 11432 }
10840 11433
10841 11434 ASSERT(woffs + size <= buf->dtb_size);
10842 11435 ASSERT(size != 0);
10843 11436
10844 11437 if (woffs + size == buf->dtb_size) {
10845 11438 /*
10846 11439 * We've reached the end of the buffer; we want
10847 11440 * to set the wrapped offset to 0 and break
10848 11441 * out. However, if the offs is 0, then we're
10849 11442 * in a strange edge-condition: the amount of
10850 11443 * space that we want to reserve plus the size
10851 11444 * of the record that we're overwriting is
10852 11445 * greater than the size of the buffer. This
10853 11446 * is problematic because if we reserve the
10854 11447 * space but subsequently don't consume it (due
10855 11448 * to a failed predicate or error) the wrapped
10856 11449 * offset will be 0 -- yet the EPID at offset 0
10857 11450 * will not be committed. This situation is
10858 11451 * relatively easy to deal with: if we're in
10859 11452 * this case, the buffer is indistinguishable
10860 11453 * from one that hasn't wrapped; we need only
10861 11454 * finish the job by clearing the wrapped bit,
10862 11455 * explicitly setting the offset to be 0, and
10863 11456 * zero'ing out the old data in the buffer.
10864 11457 */
10865 11458 if (offs == 0) {
10866 11459 buf->dtb_flags &= ~DTRACEBUF_WRAPPED;
10867 11460 buf->dtb_offset = 0;
10868 11461 woffs = total;
10869 11462
10870 11463 while (woffs < buf->dtb_size)
10871 11464 tomax[woffs++] = 0;
10872 11465 }
10873 11466
10874 11467 woffs = 0;
10875 11468 break;
10876 11469 }
10877 11470
10878 11471 woffs += size;
10879 11472 }
10880 11473
10881 11474 /*
10882 11475 * We have a wrapped offset. It may be that the wrapped offset
10883 11476 * has become zero -- that's okay.
10884 11477 */
10885 11478 buf->dtb_xamot_offset = woffs;
10886 11479 }
10887 11480
10888 11481 out:
10889 11482 /*
10890 11483 * Now we can plow the buffer with any necessary padding.
10891 11484 */
10892 11485 while (offs & (align - 1)) {
10893 11486 /*
10894 11487 * Assert that our alignment is off by a number which
10895 11488 * is itself sizeof (uint32_t) aligned.
10896 11489 */
10897 11490 ASSERT(!((align - (offs & (align - 1))) &
10898 11491 (sizeof (uint32_t) - 1)));
10899 11492 DTRACE_STORE(uint32_t, tomax, offs, DTRACE_EPIDNONE);
10900 11493 offs += sizeof (uint32_t);
10901 11494 }
10902 11495
10903 11496 if (buf->dtb_flags & DTRACEBUF_FILL) {
10904 11497 if (offs + needed > buf->dtb_size - state->dts_reserve) {
10905 11498 buf->dtb_flags |= DTRACEBUF_FULL;
10906 11499 return (-1);
10907 11500 }
10908 11501 }
10909 11502
10910 11503 if (mstate == NULL)
10911 11504 return (offs);
10912 11505
10913 11506 /*
10914 11507 * For ring buffers and fill buffers, the scratch space is always
10915 11508 * the inactive buffer.
10916 11509 */
10917 11510 mstate->dtms_scratch_base = (uintptr_t)buf->dtb_xamot;
10918 11511 mstate->dtms_scratch_size = buf->dtb_size;
10919 11512 mstate->dtms_scratch_ptr = mstate->dtms_scratch_base;
10920 11513
10921 11514 return (offs);
10922 11515 }
10923 11516
10924 11517 static void
10925 11518 dtrace_buffer_polish(dtrace_buffer_t *buf)
10926 11519 {
10927 11520 ASSERT(buf->dtb_flags & DTRACEBUF_RING);
10928 11521 ASSERT(MUTEX_HELD(&dtrace_lock));
10929 11522
10930 11523 if (!(buf->dtb_flags & DTRACEBUF_WRAPPED))
10931 11524 return;
10932 11525
10933 11526 /*
10934 11527 * We need to polish the ring buffer. There are three cases:
10935 11528 *
10936 11529 * - The first (and presumably most common) is that there is no gap
10937 11530 * between the buffer offset and the wrapped offset. In this case,
10938 11531 * there is nothing in the buffer that isn't valid data; we can
10939 11532 * mark the buffer as polished and return.
10940 11533 *
10941 11534 * - The second (less common than the first but still more common
10942 11535 * than the third) is that there is a gap between the buffer offset
10943 11536 * and the wrapped offset, and the wrapped offset is larger than the
10944 11537 * buffer offset. This can happen because of an alignment issue, or
10945 11538 * can happen because of a call to dtrace_buffer_reserve() that
10946 11539 * didn't subsequently consume the buffer space. In this case,
10947 11540 * we need to zero the data from the buffer offset to the wrapped
10948 11541 * offset.
10949 11542 *
10950 11543 * - The third (and least common) is that there is a gap between the
10951 11544 * buffer offset and the wrapped offset, but the wrapped offset is
10952 11545 * _less_ than the buffer offset. This can only happen because a
10953 11546 * call to dtrace_buffer_reserve() induced a wrap, but the space
10954 11547 * was not subsequently consumed. In this case, we need to zero the
10955 11548 * space from the offset to the end of the buffer _and_ from the
10956 11549 * top of the buffer to the wrapped offset.
10957 11550 */
10958 11551 if (buf->dtb_offset < buf->dtb_xamot_offset) {
10959 11552 bzero(buf->dtb_tomax + buf->dtb_offset,
10960 11553 buf->dtb_xamot_offset - buf->dtb_offset);
10961 11554 }
10962 11555
10963 11556 if (buf->dtb_offset > buf->dtb_xamot_offset) {
10964 11557 bzero(buf->dtb_tomax + buf->dtb_offset,
10965 11558 buf->dtb_size - buf->dtb_offset);
10966 11559 bzero(buf->dtb_tomax, buf->dtb_xamot_offset);
10967 11560 }
10968 11561 }
10969 11562
10970 11563 /*
10971 11564 * This routine determines if data generated at the specified time has likely
10972 11565 * been entirely consumed at user-level. This routine is called to determine
10973 11566 * if an ECB on a defunct probe (but for an active enabling) can be safely
10974 11567 * disabled and destroyed.
10975 11568 */
10976 11569 static int
10977 11570 dtrace_buffer_consumed(dtrace_buffer_t *bufs, hrtime_t when)
10978 11571 {
10979 11572 int i;
10980 11573
10981 11574 for (i = 0; i < NCPU; i++) {
10982 11575 dtrace_buffer_t *buf = &bufs[i];
10983 11576
10984 11577 if (buf->dtb_size == 0)
10985 11578 continue;
10986 11579
10987 11580 if (buf->dtb_flags & DTRACEBUF_RING)
10988 11581 return (0);
10989 11582
10990 11583 if (!buf->dtb_switched && buf->dtb_offset != 0)
10991 11584 return (0);
10992 11585
10993 11586 if (buf->dtb_switched - buf->dtb_interval < when)
10994 11587 return (0);
10995 11588 }
10996 11589
10997 11590 return (1);
10998 11591 }
10999 11592
11000 11593 static void
11001 11594 dtrace_buffer_free(dtrace_buffer_t *bufs)
11002 11595 {
11003 11596 int i;
11004 11597
11005 11598 for (i = 0; i < NCPU; i++) {
11006 11599 dtrace_buffer_t *buf = &bufs[i];
11007 11600
11008 11601 if (buf->dtb_tomax == NULL) {
11009 11602 ASSERT(buf->dtb_xamot == NULL);
11010 11603 ASSERT(buf->dtb_size == 0);
11011 11604 continue;
11012 11605 }
11013 11606
11014 11607 if (buf->dtb_xamot != NULL) {
11015 11608 ASSERT(!(buf->dtb_flags & DTRACEBUF_NOSWITCH));
11016 11609 kmem_free(buf->dtb_xamot, buf->dtb_size);
11017 11610 }
11018 11611
11019 11612 kmem_free(buf->dtb_tomax, buf->dtb_size);
11020 11613 buf->dtb_size = 0;
11021 11614 buf->dtb_tomax = NULL;
11022 11615 buf->dtb_xamot = NULL;
11023 11616 }
11024 11617 }
11025 11618
11026 11619 /*
11027 11620 * DTrace Enabling Functions
11028 11621 */
11029 11622 static dtrace_enabling_t *
11030 11623 dtrace_enabling_create(dtrace_vstate_t *vstate)
11031 11624 {
11032 11625 dtrace_enabling_t *enab;
11033 11626
11034 11627 enab = kmem_zalloc(sizeof (dtrace_enabling_t), KM_SLEEP);
11035 11628 enab->dten_vstate = vstate;
11036 11629
11037 11630 return (enab);
11038 11631 }
11039 11632
11040 11633 static void
11041 11634 dtrace_enabling_add(dtrace_enabling_t *enab, dtrace_ecbdesc_t *ecb)
11042 11635 {
11043 11636 dtrace_ecbdesc_t **ndesc;
11044 11637 size_t osize, nsize;
11045 11638
11046 11639 /*
11047 11640 * We can't add to enablings after we've enabled them, or after we've
11048 11641 * retained them.
11049 11642 */
11050 11643 ASSERT(enab->dten_probegen == 0);
11051 11644 ASSERT(enab->dten_next == NULL && enab->dten_prev == NULL);
11052 11645
11053 11646 if (enab->dten_ndesc < enab->dten_maxdesc) {
11054 11647 enab->dten_desc[enab->dten_ndesc++] = ecb;
11055 11648 return;
11056 11649 }
11057 11650
11058 11651 osize = enab->dten_maxdesc * sizeof (dtrace_enabling_t *);
11059 11652
11060 11653 if (enab->dten_maxdesc == 0) {
11061 11654 enab->dten_maxdesc = 1;
11062 11655 } else {
11063 11656 enab->dten_maxdesc <<= 1;
11064 11657 }
11065 11658
11066 11659 ASSERT(enab->dten_ndesc < enab->dten_maxdesc);
11067 11660
11068 11661 nsize = enab->dten_maxdesc * sizeof (dtrace_enabling_t *);
11069 11662 ndesc = kmem_zalloc(nsize, KM_SLEEP);
11070 11663 bcopy(enab->dten_desc, ndesc, osize);
11071 11664 kmem_free(enab->dten_desc, osize);
11072 11665
11073 11666 enab->dten_desc = ndesc;
11074 11667 enab->dten_desc[enab->dten_ndesc++] = ecb;
11075 11668 }
11076 11669
11077 11670 static void
11078 11671 dtrace_enabling_addlike(dtrace_enabling_t *enab, dtrace_ecbdesc_t *ecb,
11079 11672 dtrace_probedesc_t *pd)
11080 11673 {
11081 11674 dtrace_ecbdesc_t *new;
11082 11675 dtrace_predicate_t *pred;
11083 11676 dtrace_actdesc_t *act;
11084 11677
11085 11678 /*
11086 11679 * We're going to create a new ECB description that matches the
11087 11680 * specified ECB in every way, but has the specified probe description.
11088 11681 */
11089 11682 new = kmem_zalloc(sizeof (dtrace_ecbdesc_t), KM_SLEEP);
11090 11683
11091 11684 if ((pred = ecb->dted_pred.dtpdd_predicate) != NULL)
11092 11685 dtrace_predicate_hold(pred);
11093 11686
11094 11687 for (act = ecb->dted_action; act != NULL; act = act->dtad_next)
11095 11688 dtrace_actdesc_hold(act);
11096 11689
11097 11690 new->dted_action = ecb->dted_action;
11098 11691 new->dted_pred = ecb->dted_pred;
11099 11692 new->dted_probe = *pd;
11100 11693 new->dted_uarg = ecb->dted_uarg;
11101 11694
11102 11695 dtrace_enabling_add(enab, new);
11103 11696 }
11104 11697
11105 11698 static void
11106 11699 dtrace_enabling_dump(dtrace_enabling_t *enab)
11107 11700 {
11108 11701 int i;
11109 11702
11110 11703 for (i = 0; i < enab->dten_ndesc; i++) {
11111 11704 dtrace_probedesc_t *desc = &enab->dten_desc[i]->dted_probe;
11112 11705
11113 11706 cmn_err(CE_NOTE, "enabling probe %d (%s:%s:%s:%s)", i,
11114 11707 desc->dtpd_provider, desc->dtpd_mod,
11115 11708 desc->dtpd_func, desc->dtpd_name);
11116 11709 }
11117 11710 }
11118 11711
11119 11712 static void
11120 11713 dtrace_enabling_destroy(dtrace_enabling_t *enab)
11121 11714 {
11122 11715 int i;
11123 11716 dtrace_ecbdesc_t *ep;
11124 11717 dtrace_vstate_t *vstate = enab->dten_vstate;
11125 11718
11126 11719 ASSERT(MUTEX_HELD(&dtrace_lock));
11127 11720
11128 11721 for (i = 0; i < enab->dten_ndesc; i++) {
11129 11722 dtrace_actdesc_t *act, *next;
11130 11723 dtrace_predicate_t *pred;
11131 11724
11132 11725 ep = enab->dten_desc[i];
11133 11726
11134 11727 if ((pred = ep->dted_pred.dtpdd_predicate) != NULL)
11135 11728 dtrace_predicate_release(pred, vstate);
11136 11729
11137 11730 for (act = ep->dted_action; act != NULL; act = next) {
11138 11731 next = act->dtad_next;
11139 11732 dtrace_actdesc_release(act, vstate);
11140 11733 }
11141 11734
11142 11735 kmem_free(ep, sizeof (dtrace_ecbdesc_t));
11143 11736 }
11144 11737
11145 11738 kmem_free(enab->dten_desc,
11146 11739 enab->dten_maxdesc * sizeof (dtrace_enabling_t *));
11147 11740
11148 11741 /*
11149 11742 * If this was a retained enabling, decrement the dts_nretained count
11150 11743 * and take it off of the dtrace_retained list.
11151 11744 */
11152 11745 if (enab->dten_prev != NULL || enab->dten_next != NULL ||
11153 11746 dtrace_retained == enab) {
11154 11747 ASSERT(enab->dten_vstate->dtvs_state != NULL);
11155 11748 ASSERT(enab->dten_vstate->dtvs_state->dts_nretained > 0);
11156 11749 enab->dten_vstate->dtvs_state->dts_nretained--;
11157 11750 dtrace_retained_gen++;
11158 11751 }
11159 11752
11160 11753 if (enab->dten_prev == NULL) {
11161 11754 if (dtrace_retained == enab) {
11162 11755 dtrace_retained = enab->dten_next;
11163 11756
11164 11757 if (dtrace_retained != NULL)
11165 11758 dtrace_retained->dten_prev = NULL;
11166 11759 }
11167 11760 } else {
11168 11761 ASSERT(enab != dtrace_retained);
11169 11762 ASSERT(dtrace_retained != NULL);
11170 11763 enab->dten_prev->dten_next = enab->dten_next;
11171 11764 }
11172 11765
11173 11766 if (enab->dten_next != NULL) {
11174 11767 ASSERT(dtrace_retained != NULL);
11175 11768 enab->dten_next->dten_prev = enab->dten_prev;
11176 11769 }
11177 11770
11178 11771 kmem_free(enab, sizeof (dtrace_enabling_t));
11179 11772 }
11180 11773
11181 11774 static int
11182 11775 dtrace_enabling_retain(dtrace_enabling_t *enab)
11183 11776 {
11184 11777 dtrace_state_t *state;
11185 11778
11186 11779 ASSERT(MUTEX_HELD(&dtrace_lock));
11187 11780 ASSERT(enab->dten_next == NULL && enab->dten_prev == NULL);
11188 11781 ASSERT(enab->dten_vstate != NULL);
11189 11782
11190 11783 state = enab->dten_vstate->dtvs_state;
11191 11784 ASSERT(state != NULL);
11192 11785
11193 11786 /*
11194 11787 * We only allow each state to retain dtrace_retain_max enablings.
11195 11788 */
11196 11789 if (state->dts_nretained >= dtrace_retain_max)
11197 11790 return (ENOSPC);
11198 11791
11199 11792 state->dts_nretained++;
11200 11793 dtrace_retained_gen++;
11201 11794
11202 11795 if (dtrace_retained == NULL) {
11203 11796 dtrace_retained = enab;
11204 11797 return (0);
11205 11798 }
11206 11799
11207 11800 enab->dten_next = dtrace_retained;
11208 11801 dtrace_retained->dten_prev = enab;
11209 11802 dtrace_retained = enab;
11210 11803
11211 11804 return (0);
11212 11805 }
11213 11806
11214 11807 static int
11215 11808 dtrace_enabling_replicate(dtrace_state_t *state, dtrace_probedesc_t *match,
11216 11809 dtrace_probedesc_t *create)
11217 11810 {
11218 11811 dtrace_enabling_t *new, *enab;
11219 11812 int found = 0, err = ENOENT;
11220 11813
11221 11814 ASSERT(MUTEX_HELD(&dtrace_lock));
11222 11815 ASSERT(strlen(match->dtpd_provider) < DTRACE_PROVNAMELEN);
11223 11816 ASSERT(strlen(match->dtpd_mod) < DTRACE_MODNAMELEN);
11224 11817 ASSERT(strlen(match->dtpd_func) < DTRACE_FUNCNAMELEN);
11225 11818 ASSERT(strlen(match->dtpd_name) < DTRACE_NAMELEN);
11226 11819
11227 11820 new = dtrace_enabling_create(&state->dts_vstate);
11228 11821
11229 11822 /*
11230 11823 * Iterate over all retained enablings, looking for enablings that
11231 11824 * match the specified state.
11232 11825 */
11233 11826 for (enab = dtrace_retained; enab != NULL; enab = enab->dten_next) {
11234 11827 int i;
11235 11828
11236 11829 /*
11237 11830 * dtvs_state can only be NULL for helper enablings -- and
11238 11831 * helper enablings can't be retained.
11239 11832 */
11240 11833 ASSERT(enab->dten_vstate->dtvs_state != NULL);
11241 11834
11242 11835 if (enab->dten_vstate->dtvs_state != state)
11243 11836 continue;
11244 11837
11245 11838 /*
11246 11839 * Now iterate over each probe description; we're looking for
11247 11840 * an exact match to the specified probe description.
11248 11841 */
11249 11842 for (i = 0; i < enab->dten_ndesc; i++) {
11250 11843 dtrace_ecbdesc_t *ep = enab->dten_desc[i];
11251 11844 dtrace_probedesc_t *pd = &ep->dted_probe;
11252 11845
11253 11846 if (strcmp(pd->dtpd_provider, match->dtpd_provider))
11254 11847 continue;
11255 11848
11256 11849 if (strcmp(pd->dtpd_mod, match->dtpd_mod))
11257 11850 continue;
11258 11851
11259 11852 if (strcmp(pd->dtpd_func, match->dtpd_func))
11260 11853 continue;
11261 11854
11262 11855 if (strcmp(pd->dtpd_name, match->dtpd_name))
11263 11856 continue;
11264 11857
11265 11858 /*
11266 11859 * We have a winning probe! Add it to our growing
11267 11860 * enabling.
11268 11861 */
11269 11862 found = 1;
11270 11863 dtrace_enabling_addlike(new, ep, create);
11271 11864 }
11272 11865 }
11273 11866
11274 11867 if (!found || (err = dtrace_enabling_retain(new)) != 0) {
11275 11868 dtrace_enabling_destroy(new);
11276 11869 return (err);
11277 11870 }
11278 11871
11279 11872 return (0);
11280 11873 }
11281 11874
11282 11875 static void
11283 11876 dtrace_enabling_retract(dtrace_state_t *state)
11284 11877 {
11285 11878 dtrace_enabling_t *enab, *next;
11286 11879
11287 11880 ASSERT(MUTEX_HELD(&dtrace_lock));
11288 11881
11289 11882 /*
11290 11883 * Iterate over all retained enablings, destroy the enablings retained
11291 11884 * for the specified state.
11292 11885 */
11293 11886 for (enab = dtrace_retained; enab != NULL; enab = next) {
11294 11887 next = enab->dten_next;
11295 11888
11296 11889 /*
11297 11890 * dtvs_state can only be NULL for helper enablings -- and
11298 11891 * helper enablings can't be retained.
11299 11892 */
11300 11893 ASSERT(enab->dten_vstate->dtvs_state != NULL);
11301 11894
11302 11895 if (enab->dten_vstate->dtvs_state == state) {
11303 11896 ASSERT(state->dts_nretained > 0);
11304 11897 dtrace_enabling_destroy(enab);
11305 11898 }
11306 11899 }
11307 11900
11308 11901 ASSERT(state->dts_nretained == 0);
11309 11902 }
11310 11903
11311 11904 static int
11312 11905 dtrace_enabling_match(dtrace_enabling_t *enab, int *nmatched)
11313 11906 {
11314 11907 int i = 0;
11315 11908 int total_matched = 0, matched = 0;
11316 11909
11317 11910 ASSERT(MUTEX_HELD(&cpu_lock));
11318 11911 ASSERT(MUTEX_HELD(&dtrace_lock));
11319 11912
11320 11913 for (i = 0; i < enab->dten_ndesc; i++) {
11321 11914 dtrace_ecbdesc_t *ep = enab->dten_desc[i];
11322 11915
11323 11916 enab->dten_current = ep;
11324 11917 enab->dten_error = 0;
11325 11918
11326 11919 /*
11327 11920 * If a provider failed to enable a probe then get out and
11328 11921 * let the consumer know we failed.
11329 11922 */
11330 11923 if ((matched = dtrace_probe_enable(&ep->dted_probe, enab)) < 0)
11331 11924 return (EBUSY);
11332 11925
11333 11926 total_matched += matched;
11334 11927
11335 11928 if (enab->dten_error != 0) {
11336 11929 /*
11337 11930 * If we get an error half-way through enabling the
11338 11931 * probes, we kick out -- perhaps with some number of
11339 11932 * them enabled. Leaving enabled probes enabled may
11340 11933 * be slightly confusing for user-level, but we expect
11341 11934 * that no one will attempt to actually drive on in
11342 11935 * the face of such errors. If this is an anonymous
11343 11936 * enabling (indicated with a NULL nmatched pointer),
11344 11937 * we cmn_err() a message. We aren't expecting to
11345 11938 * get such an error -- such as it can exist at all,
11346 11939 * it would be a result of corrupted DOF in the driver
11347 11940 * properties.
11348 11941 */
11349 11942 if (nmatched == NULL) {
11350 11943 cmn_err(CE_WARN, "dtrace_enabling_match() "
11351 11944 "error on %p: %d", (void *)ep,
11352 11945 enab->dten_error);
11353 11946 }
11354 11947
11355 11948 return (enab->dten_error);
11356 11949 }
11357 11950 }
11358 11951
11359 11952 enab->dten_probegen = dtrace_probegen;
11360 11953 if (nmatched != NULL)
11361 11954 *nmatched = total_matched;
11362 11955
11363 11956 return (0);
11364 11957 }
11365 11958
11366 11959 static void
11367 11960 dtrace_enabling_matchall(void)
11368 11961 {
11369 11962 dtrace_enabling_t *enab;
11370 11963
11371 11964 mutex_enter(&cpu_lock);
11372 11965 mutex_enter(&dtrace_lock);
11373 11966
11374 11967 /*
11375 11968 * Iterate over all retained enablings to see if any probes match
11376 11969 * against them. We only perform this operation on enablings for which
11377 11970 * we have sufficient permissions by virtue of being in the global zone
11378 11971 * or in the same zone as the DTrace client. Because we can be called
11379 11972 * after dtrace_detach() has been called, we cannot assert that there
11380 11973 * are retained enablings. We can safely load from dtrace_retained,
11381 11974 * however: the taskq_destroy() at the end of dtrace_detach() will
11382 11975 * block pending our completion.
11383 11976 */
11384 11977 for (enab = dtrace_retained; enab != NULL; enab = enab->dten_next) {
11385 11978 dtrace_cred_t *dcr = &enab->dten_vstate->dtvs_state->dts_cred;
11386 11979 cred_t *cr = dcr->dcr_cred;
11387 11980 zoneid_t zone = cr != NULL ? crgetzoneid(cr) : 0;
11388 11981
11389 11982 if ((dcr->dcr_visible & DTRACE_CRV_ALLZONE) || (cr != NULL &&
11390 11983 (zone == GLOBAL_ZONEID || getzoneid() == zone)))
11391 11984 (void) dtrace_enabling_match(enab, NULL);
11392 11985 }
11393 11986
11394 11987 mutex_exit(&dtrace_lock);
11395 11988 mutex_exit(&cpu_lock);
11396 11989 }
11397 11990
11398 11991 /*
11399 11992 * If an enabling is to be enabled without having matched probes (that is, if
11400 11993 * dtrace_state_go() is to be called on the underlying dtrace_state_t), the
11401 11994 * enabling must be _primed_ by creating an ECB for every ECB description.
11402 11995 * This must be done to assure that we know the number of speculations, the
11403 11996 * number of aggregations, the minimum buffer size needed, etc. before we
11404 11997 * transition out of DTRACE_ACTIVITY_INACTIVE. To do this without actually
11405 11998 * enabling any probes, we create ECBs for every ECB decription, but with a
11406 11999 * NULL probe -- which is exactly what this function does.
11407 12000 */
11408 12001 static void
11409 12002 dtrace_enabling_prime(dtrace_state_t *state)
11410 12003 {
11411 12004 dtrace_enabling_t *enab;
11412 12005 int i;
11413 12006
11414 12007 for (enab = dtrace_retained; enab != NULL; enab = enab->dten_next) {
11415 12008 ASSERT(enab->dten_vstate->dtvs_state != NULL);
11416 12009
11417 12010 if (enab->dten_vstate->dtvs_state != state)
11418 12011 continue;
11419 12012
11420 12013 /*
11421 12014 * We don't want to prime an enabling more than once, lest
11422 12015 * we allow a malicious user to induce resource exhaustion.
11423 12016 * (The ECBs that result from priming an enabling aren't
11424 12017 * leaked -- but they also aren't deallocated until the
11425 12018 * consumer state is destroyed.)
11426 12019 */
11427 12020 if (enab->dten_primed)
11428 12021 continue;
11429 12022
11430 12023 for (i = 0; i < enab->dten_ndesc; i++) {
11431 12024 enab->dten_current = enab->dten_desc[i];
11432 12025 (void) dtrace_probe_enable(NULL, enab);
11433 12026 }
11434 12027
11435 12028 enab->dten_primed = 1;
11436 12029 }
11437 12030 }
11438 12031
11439 12032 /*
11440 12033 * Called to indicate that probes should be provided due to retained
11441 12034 * enablings. This is implemented in terms of dtrace_probe_provide(), but it
11442 12035 * must take an initial lap through the enabling calling the dtps_provide()
11443 12036 * entry point explicitly to allow for autocreated probes.
11444 12037 */
11445 12038 static void
11446 12039 dtrace_enabling_provide(dtrace_provider_t *prv)
11447 12040 {
11448 12041 int i, all = 0;
11449 12042 dtrace_probedesc_t desc;
11450 12043 dtrace_genid_t gen;
11451 12044
11452 12045 ASSERT(MUTEX_HELD(&dtrace_lock));
11453 12046 ASSERT(MUTEX_HELD(&dtrace_provider_lock));
11454 12047
11455 12048 if (prv == NULL) {
11456 12049 all = 1;
11457 12050 prv = dtrace_provider;
11458 12051 }
11459 12052
11460 12053 do {
11461 12054 dtrace_enabling_t *enab;
11462 12055 void *parg = prv->dtpv_arg;
11463 12056
11464 12057 retry:
11465 12058 gen = dtrace_retained_gen;
11466 12059 for (enab = dtrace_retained; enab != NULL;
11467 12060 enab = enab->dten_next) {
11468 12061 for (i = 0; i < enab->dten_ndesc; i++) {
11469 12062 desc = enab->dten_desc[i]->dted_probe;
11470 12063 mutex_exit(&dtrace_lock);
11471 12064 prv->dtpv_pops.dtps_provide(parg, &desc);
11472 12065 mutex_enter(&dtrace_lock);
11473 12066 /*
11474 12067 * Process the retained enablings again if
11475 12068 * they have changed while we weren't holding
11476 12069 * dtrace_lock.
11477 12070 */
11478 12071 if (gen != dtrace_retained_gen)
11479 12072 goto retry;
11480 12073 }
11481 12074 }
11482 12075 } while (all && (prv = prv->dtpv_next) != NULL);
11483 12076
11484 12077 mutex_exit(&dtrace_lock);
11485 12078 dtrace_probe_provide(NULL, all ? NULL : prv);
11486 12079 mutex_enter(&dtrace_lock);
11487 12080 }
11488 12081
11489 12082 /*
11490 12083 * Called to reap ECBs that are attached to probes from defunct providers.
11491 12084 */
11492 12085 static void
11493 12086 dtrace_enabling_reap(void)
11494 12087 {
11495 12088 dtrace_provider_t *prov;
11496 12089 dtrace_probe_t *probe;
11497 12090 dtrace_ecb_t *ecb;
11498 12091 hrtime_t when;
11499 12092 int i;
11500 12093
11501 12094 mutex_enter(&cpu_lock);
11502 12095 mutex_enter(&dtrace_lock);
11503 12096
11504 12097 for (i = 0; i < dtrace_nprobes; i++) {
11505 12098 if ((probe = dtrace_probes[i]) == NULL)
11506 12099 continue;
11507 12100
11508 12101 if (probe->dtpr_ecb == NULL)
11509 12102 continue;
11510 12103
11511 12104 prov = probe->dtpr_provider;
11512 12105
11513 12106 if ((when = prov->dtpv_defunct) == 0)
11514 12107 continue;
11515 12108
11516 12109 /*
11517 12110 * We have ECBs on a defunct provider: we want to reap these
11518 12111 * ECBs to allow the provider to unregister. The destruction
11519 12112 * of these ECBs must be done carefully: if we destroy the ECB
11520 12113 * and the consumer later wishes to consume an EPID that
11521 12114 * corresponds to the destroyed ECB (and if the EPID metadata
11522 12115 * has not been previously consumed), the consumer will abort
11523 12116 * processing on the unknown EPID. To reduce (but not, sadly,
11524 12117 * eliminate) the possibility of this, we will only destroy an
11525 12118 * ECB for a defunct provider if, for the state that
11526 12119 * corresponds to the ECB:
11527 12120 *
11528 12121 * (a) There is no speculative tracing (which can effectively
11529 12122 * cache an EPID for an arbitrary amount of time).
11530 12123 *
11531 12124 * (b) The principal buffers have been switched twice since the
11532 12125 * provider became defunct.
11533 12126 *
11534 12127 * (c) The aggregation buffers are of zero size or have been
11535 12128 * switched twice since the provider became defunct.
11536 12129 *
11537 12130 * We use dts_speculates to determine (a) and call a function
11538 12131 * (dtrace_buffer_consumed()) to determine (b) and (c). Note
11539 12132 * that as soon as we've been unable to destroy one of the ECBs
11540 12133 * associated with the probe, we quit trying -- reaping is only
11541 12134 * fruitful in as much as we can destroy all ECBs associated
11542 12135 * with the defunct provider's probes.
11543 12136 */
11544 12137 while ((ecb = probe->dtpr_ecb) != NULL) {
11545 12138 dtrace_state_t *state = ecb->dte_state;
11546 12139 dtrace_buffer_t *buf = state->dts_buffer;
11547 12140 dtrace_buffer_t *aggbuf = state->dts_aggbuffer;
11548 12141
11549 12142 if (state->dts_speculates)
11550 12143 break;
11551 12144
11552 12145 if (!dtrace_buffer_consumed(buf, when))
11553 12146 break;
11554 12147
11555 12148 if (!dtrace_buffer_consumed(aggbuf, when))
11556 12149 break;
11557 12150
11558 12151 dtrace_ecb_disable(ecb);
11559 12152 ASSERT(probe->dtpr_ecb != ecb);
11560 12153 dtrace_ecb_destroy(ecb);
11561 12154 }
11562 12155 }
11563 12156
11564 12157 mutex_exit(&dtrace_lock);
11565 12158 mutex_exit(&cpu_lock);
11566 12159 }
11567 12160
11568 12161 /*
11569 12162 * DTrace DOF Functions
11570 12163 */
11571 12164 /*ARGSUSED*/
11572 12165 static void
11573 12166 dtrace_dof_error(dof_hdr_t *dof, const char *str)
11574 12167 {
11575 12168 if (dtrace_err_verbose)
11576 12169 cmn_err(CE_WARN, "failed to process DOF: %s", str);
11577 12170
11578 12171 #ifdef DTRACE_ERRDEBUG
11579 12172 dtrace_errdebug(str);
11580 12173 #endif
11581 12174 }
11582 12175
11583 12176 /*
11584 12177 * Create DOF out of a currently enabled state. Right now, we only create
11585 12178 * DOF containing the run-time options -- but this could be expanded to create
11586 12179 * complete DOF representing the enabled state.
11587 12180 */
11588 12181 static dof_hdr_t *
11589 12182 dtrace_dof_create(dtrace_state_t *state)
11590 12183 {
11591 12184 dof_hdr_t *dof;
11592 12185 dof_sec_t *sec;
11593 12186 dof_optdesc_t *opt;
11594 12187 int i, len = sizeof (dof_hdr_t) +
11595 12188 roundup(sizeof (dof_sec_t), sizeof (uint64_t)) +
11596 12189 sizeof (dof_optdesc_t) * DTRACEOPT_MAX;
11597 12190
11598 12191 ASSERT(MUTEX_HELD(&dtrace_lock));
11599 12192
11600 12193 dof = kmem_zalloc(len, KM_SLEEP);
11601 12194 dof->dofh_ident[DOF_ID_MAG0] = DOF_MAG_MAG0;
11602 12195 dof->dofh_ident[DOF_ID_MAG1] = DOF_MAG_MAG1;
11603 12196 dof->dofh_ident[DOF_ID_MAG2] = DOF_MAG_MAG2;
11604 12197 dof->dofh_ident[DOF_ID_MAG3] = DOF_MAG_MAG3;
11605 12198
11606 12199 dof->dofh_ident[DOF_ID_MODEL] = DOF_MODEL_NATIVE;
11607 12200 dof->dofh_ident[DOF_ID_ENCODING] = DOF_ENCODE_NATIVE;
11608 12201 dof->dofh_ident[DOF_ID_VERSION] = DOF_VERSION;
11609 12202 dof->dofh_ident[DOF_ID_DIFVERS] = DIF_VERSION;
11610 12203 dof->dofh_ident[DOF_ID_DIFIREG] = DIF_DIR_NREGS;
11611 12204 dof->dofh_ident[DOF_ID_DIFTREG] = DIF_DTR_NREGS;
11612 12205
11613 12206 dof->dofh_flags = 0;
11614 12207 dof->dofh_hdrsize = sizeof (dof_hdr_t);
11615 12208 dof->dofh_secsize = sizeof (dof_sec_t);
11616 12209 dof->dofh_secnum = 1; /* only DOF_SECT_OPTDESC */
11617 12210 dof->dofh_secoff = sizeof (dof_hdr_t);
11618 12211 dof->dofh_loadsz = len;
11619 12212 dof->dofh_filesz = len;
11620 12213 dof->dofh_pad = 0;
11621 12214
11622 12215 /*
11623 12216 * Fill in the option section header...
11624 12217 */
11625 12218 sec = (dof_sec_t *)((uintptr_t)dof + sizeof (dof_hdr_t));
11626 12219 sec->dofs_type = DOF_SECT_OPTDESC;
11627 12220 sec->dofs_align = sizeof (uint64_t);
11628 12221 sec->dofs_flags = DOF_SECF_LOAD;
11629 12222 sec->dofs_entsize = sizeof (dof_optdesc_t);
11630 12223
11631 12224 opt = (dof_optdesc_t *)((uintptr_t)sec +
11632 12225 roundup(sizeof (dof_sec_t), sizeof (uint64_t)));
11633 12226
11634 12227 sec->dofs_offset = (uintptr_t)opt - (uintptr_t)dof;
11635 12228 sec->dofs_size = sizeof (dof_optdesc_t) * DTRACEOPT_MAX;
11636 12229
11637 12230 for (i = 0; i < DTRACEOPT_MAX; i++) {
11638 12231 opt[i].dofo_option = i;
11639 12232 opt[i].dofo_strtab = DOF_SECIDX_NONE;
11640 12233 opt[i].dofo_value = state->dts_options[i];
11641 12234 }
11642 12235
11643 12236 return (dof);
11644 12237 }
11645 12238
11646 12239 static dof_hdr_t *
11647 12240 dtrace_dof_copyin(uintptr_t uarg, int *errp)
11648 12241 {
11649 12242 dof_hdr_t hdr, *dof;
11650 12243
11651 12244 ASSERT(!MUTEX_HELD(&dtrace_lock));
11652 12245
11653 12246 /*
11654 12247 * First, we're going to copyin() the sizeof (dof_hdr_t).
11655 12248 */
11656 12249 if (copyin((void *)uarg, &hdr, sizeof (hdr)) != 0) {
11657 12250 dtrace_dof_error(NULL, "failed to copyin DOF header");
11658 12251 *errp = EFAULT;
11659 12252 return (NULL);
11660 12253 }
11661 12254
11662 12255 /*
11663 12256 * Now we'll allocate the entire DOF and copy it in -- provided
11664 12257 * that the length isn't outrageous.
11665 12258 */
11666 12259 if (hdr.dofh_loadsz >= dtrace_dof_maxsize) {
11667 12260 dtrace_dof_error(&hdr, "load size exceeds maximum");
11668 12261 *errp = E2BIG;
11669 12262 return (NULL);
11670 12263 }
11671 12264
11672 12265 if (hdr.dofh_loadsz < sizeof (hdr)) {
11673 12266 dtrace_dof_error(&hdr, "invalid load size");
11674 12267 *errp = EINVAL;
11675 12268 return (NULL);
11676 12269 }
11677 12270
11678 12271 dof = kmem_alloc(hdr.dofh_loadsz, KM_SLEEP);
11679 12272
11680 12273 if (copyin((void *)uarg, dof, hdr.dofh_loadsz) != 0 ||
11681 12274 dof->dofh_loadsz != hdr.dofh_loadsz) {
11682 12275 kmem_free(dof, hdr.dofh_loadsz);
11683 12276 *errp = EFAULT;
11684 12277 return (NULL);
11685 12278 }
11686 12279
11687 12280 return (dof);
11688 12281 }
11689 12282
11690 12283 static dof_hdr_t *
11691 12284 dtrace_dof_property(const char *name)
11692 12285 {
11693 12286 uchar_t *buf;
11694 12287 uint64_t loadsz;
11695 12288 unsigned int len, i;
11696 12289 dof_hdr_t *dof;
11697 12290
11698 12291 /*
11699 12292 * Unfortunately, array of values in .conf files are always (and
11700 12293 * only) interpreted to be integer arrays. We must read our DOF
11701 12294 * as an integer array, and then squeeze it into a byte array.
11702 12295 */
11703 12296 if (ddi_prop_lookup_int_array(DDI_DEV_T_ANY, dtrace_devi, 0,
11704 12297 (char *)name, (int **)&buf, &len) != DDI_PROP_SUCCESS)
11705 12298 return (NULL);
11706 12299
11707 12300 for (i = 0; i < len; i++)
11708 12301 buf[i] = (uchar_t)(((int *)buf)[i]);
11709 12302
11710 12303 if (len < sizeof (dof_hdr_t)) {
11711 12304 ddi_prop_free(buf);
11712 12305 dtrace_dof_error(NULL, "truncated header");
11713 12306 return (NULL);
11714 12307 }
11715 12308
11716 12309 if (len < (loadsz = ((dof_hdr_t *)buf)->dofh_loadsz)) {
11717 12310 ddi_prop_free(buf);
11718 12311 dtrace_dof_error(NULL, "truncated DOF");
11719 12312 return (NULL);
11720 12313 }
11721 12314
11722 12315 if (loadsz >= dtrace_dof_maxsize) {
11723 12316 ddi_prop_free(buf);
11724 12317 dtrace_dof_error(NULL, "oversized DOF");
11725 12318 return (NULL);
11726 12319 }
11727 12320
11728 12321 dof = kmem_alloc(loadsz, KM_SLEEP);
11729 12322 bcopy(buf, dof, loadsz);
11730 12323 ddi_prop_free(buf);
11731 12324
11732 12325 return (dof);
11733 12326 }
11734 12327
11735 12328 static void
11736 12329 dtrace_dof_destroy(dof_hdr_t *dof)
11737 12330 {
11738 12331 kmem_free(dof, dof->dofh_loadsz);
11739 12332 }
11740 12333
11741 12334 /*
11742 12335 * Return the dof_sec_t pointer corresponding to a given section index. If the
11743 12336 * index is not valid, dtrace_dof_error() is called and NULL is returned. If
11744 12337 * a type other than DOF_SECT_NONE is specified, the header is checked against
11745 12338 * this type and NULL is returned if the types do not match.
11746 12339 */
11747 12340 static dof_sec_t *
11748 12341 dtrace_dof_sect(dof_hdr_t *dof, uint32_t type, dof_secidx_t i)
11749 12342 {
11750 12343 dof_sec_t *sec = (dof_sec_t *)(uintptr_t)
11751 12344 ((uintptr_t)dof + dof->dofh_secoff + i * dof->dofh_secsize);
11752 12345
11753 12346 if (i >= dof->dofh_secnum) {
11754 12347 dtrace_dof_error(dof, "referenced section index is invalid");
11755 12348 return (NULL);
11756 12349 }
11757 12350
11758 12351 if (!(sec->dofs_flags & DOF_SECF_LOAD)) {
11759 12352 dtrace_dof_error(dof, "referenced section is not loadable");
11760 12353 return (NULL);
11761 12354 }
11762 12355
11763 12356 if (type != DOF_SECT_NONE && type != sec->dofs_type) {
11764 12357 dtrace_dof_error(dof, "referenced section is the wrong type");
11765 12358 return (NULL);
11766 12359 }
11767 12360
11768 12361 return (sec);
11769 12362 }
11770 12363
11771 12364 static dtrace_probedesc_t *
11772 12365 dtrace_dof_probedesc(dof_hdr_t *dof, dof_sec_t *sec, dtrace_probedesc_t *desc)
11773 12366 {
11774 12367 dof_probedesc_t *probe;
11775 12368 dof_sec_t *strtab;
11776 12369 uintptr_t daddr = (uintptr_t)dof;
11777 12370 uintptr_t str;
11778 12371 size_t size;
11779 12372
11780 12373 if (sec->dofs_type != DOF_SECT_PROBEDESC) {
11781 12374 dtrace_dof_error(dof, "invalid probe section");
11782 12375 return (NULL);
11783 12376 }
11784 12377
11785 12378 if (sec->dofs_align != sizeof (dof_secidx_t)) {
11786 12379 dtrace_dof_error(dof, "bad alignment in probe description");
11787 12380 return (NULL);
11788 12381 }
11789 12382
11790 12383 if (sec->dofs_offset + sizeof (dof_probedesc_t) > dof->dofh_loadsz) {
11791 12384 dtrace_dof_error(dof, "truncated probe description");
11792 12385 return (NULL);
11793 12386 }
11794 12387
11795 12388 probe = (dof_probedesc_t *)(uintptr_t)(daddr + sec->dofs_offset);
11796 12389 strtab = dtrace_dof_sect(dof, DOF_SECT_STRTAB, probe->dofp_strtab);
11797 12390
11798 12391 if (strtab == NULL)
11799 12392 return (NULL);
11800 12393
11801 12394 str = daddr + strtab->dofs_offset;
11802 12395 size = strtab->dofs_size;
11803 12396
11804 12397 if (probe->dofp_provider >= strtab->dofs_size) {
11805 12398 dtrace_dof_error(dof, "corrupt probe provider");
11806 12399 return (NULL);
11807 12400 }
11808 12401
11809 12402 (void) strncpy(desc->dtpd_provider,
11810 12403 (char *)(str + probe->dofp_provider),
11811 12404 MIN(DTRACE_PROVNAMELEN - 1, size - probe->dofp_provider));
11812 12405
11813 12406 if (probe->dofp_mod >= strtab->dofs_size) {
11814 12407 dtrace_dof_error(dof, "corrupt probe module");
11815 12408 return (NULL);
11816 12409 }
11817 12410
11818 12411 (void) strncpy(desc->dtpd_mod, (char *)(str + probe->dofp_mod),
11819 12412 MIN(DTRACE_MODNAMELEN - 1, size - probe->dofp_mod));
11820 12413
11821 12414 if (probe->dofp_func >= strtab->dofs_size) {
11822 12415 dtrace_dof_error(dof, "corrupt probe function");
11823 12416 return (NULL);
11824 12417 }
11825 12418
11826 12419 (void) strncpy(desc->dtpd_func, (char *)(str + probe->dofp_func),
11827 12420 MIN(DTRACE_FUNCNAMELEN - 1, size - probe->dofp_func));
11828 12421
11829 12422 if (probe->dofp_name >= strtab->dofs_size) {
11830 12423 dtrace_dof_error(dof, "corrupt probe name");
11831 12424 return (NULL);
11832 12425 }
11833 12426
11834 12427 (void) strncpy(desc->dtpd_name, (char *)(str + probe->dofp_name),
11835 12428 MIN(DTRACE_NAMELEN - 1, size - probe->dofp_name));
11836 12429
11837 12430 return (desc);
11838 12431 }
11839 12432
11840 12433 static dtrace_difo_t *
11841 12434 dtrace_dof_difo(dof_hdr_t *dof, dof_sec_t *sec, dtrace_vstate_t *vstate,
11842 12435 cred_t *cr)
11843 12436 {
11844 12437 dtrace_difo_t *dp;
11845 12438 size_t ttl = 0;
11846 12439 dof_difohdr_t *dofd;
11847 12440 uintptr_t daddr = (uintptr_t)dof;
11848 12441 size_t max = dtrace_difo_maxsize;
11849 12442 int i, l, n;
11850 12443
11851 12444 static const struct {
11852 12445 int section;
11853 12446 int bufoffs;
11854 12447 int lenoffs;
11855 12448 int entsize;
11856 12449 int align;
11857 12450 const char *msg;
11858 12451 } difo[] = {
11859 12452 { DOF_SECT_DIF, offsetof(dtrace_difo_t, dtdo_buf),
11860 12453 offsetof(dtrace_difo_t, dtdo_len), sizeof (dif_instr_t),
11861 12454 sizeof (dif_instr_t), "multiple DIF sections" },
11862 12455
11863 12456 { DOF_SECT_INTTAB, offsetof(dtrace_difo_t, dtdo_inttab),
11864 12457 offsetof(dtrace_difo_t, dtdo_intlen), sizeof (uint64_t),
11865 12458 sizeof (uint64_t), "multiple integer tables" },
11866 12459
11867 12460 { DOF_SECT_STRTAB, offsetof(dtrace_difo_t, dtdo_strtab),
11868 12461 offsetof(dtrace_difo_t, dtdo_strlen), 0,
11869 12462 sizeof (char), "multiple string tables" },
11870 12463
11871 12464 { DOF_SECT_VARTAB, offsetof(dtrace_difo_t, dtdo_vartab),
11872 12465 offsetof(dtrace_difo_t, dtdo_varlen), sizeof (dtrace_difv_t),
11873 12466 sizeof (uint_t), "multiple variable tables" },
11874 12467
11875 12468 { DOF_SECT_NONE, 0, 0, 0, NULL }
11876 12469 };
11877 12470
11878 12471 if (sec->dofs_type != DOF_SECT_DIFOHDR) {
11879 12472 dtrace_dof_error(dof, "invalid DIFO header section");
11880 12473 return (NULL);
11881 12474 }
11882 12475
11883 12476 if (sec->dofs_align != sizeof (dof_secidx_t)) {
11884 12477 dtrace_dof_error(dof, "bad alignment in DIFO header");
11885 12478 return (NULL);
11886 12479 }
11887 12480
11888 12481 if (sec->dofs_size < sizeof (dof_difohdr_t) ||
11889 12482 sec->dofs_size % sizeof (dof_secidx_t)) {
11890 12483 dtrace_dof_error(dof, "bad size in DIFO header");
11891 12484 return (NULL);
11892 12485 }
11893 12486
11894 12487 dofd = (dof_difohdr_t *)(uintptr_t)(daddr + sec->dofs_offset);
11895 12488 n = (sec->dofs_size - sizeof (*dofd)) / sizeof (dof_secidx_t) + 1;
11896 12489
11897 12490 dp = kmem_zalloc(sizeof (dtrace_difo_t), KM_SLEEP);
11898 12491 dp->dtdo_rtype = dofd->dofd_rtype;
11899 12492
11900 12493 for (l = 0; l < n; l++) {
11901 12494 dof_sec_t *subsec;
11902 12495 void **bufp;
11903 12496 uint32_t *lenp;
11904 12497
11905 12498 if ((subsec = dtrace_dof_sect(dof, DOF_SECT_NONE,
11906 12499 dofd->dofd_links[l])) == NULL)
11907 12500 goto err; /* invalid section link */
11908 12501
11909 12502 if (ttl + subsec->dofs_size > max) {
11910 12503 dtrace_dof_error(dof, "exceeds maximum size");
11911 12504 goto err;
11912 12505 }
11913 12506
11914 12507 ttl += subsec->dofs_size;
11915 12508
11916 12509 for (i = 0; difo[i].section != DOF_SECT_NONE; i++) {
11917 12510 if (subsec->dofs_type != difo[i].section)
11918 12511 continue;
11919 12512
11920 12513 if (!(subsec->dofs_flags & DOF_SECF_LOAD)) {
11921 12514 dtrace_dof_error(dof, "section not loaded");
11922 12515 goto err;
11923 12516 }
11924 12517
11925 12518 if (subsec->dofs_align != difo[i].align) {
11926 12519 dtrace_dof_error(dof, "bad alignment");
11927 12520 goto err;
11928 12521 }
11929 12522
11930 12523 bufp = (void **)((uintptr_t)dp + difo[i].bufoffs);
11931 12524 lenp = (uint32_t *)((uintptr_t)dp + difo[i].lenoffs);
11932 12525
11933 12526 if (*bufp != NULL) {
11934 12527 dtrace_dof_error(dof, difo[i].msg);
11935 12528 goto err;
11936 12529 }
11937 12530
11938 12531 if (difo[i].entsize != subsec->dofs_entsize) {
11939 12532 dtrace_dof_error(dof, "entry size mismatch");
11940 12533 goto err;
11941 12534 }
11942 12535
11943 12536 if (subsec->dofs_entsize != 0 &&
11944 12537 (subsec->dofs_size % subsec->dofs_entsize) != 0) {
11945 12538 dtrace_dof_error(dof, "corrupt entry size");
11946 12539 goto err;
11947 12540 }
11948 12541
11949 12542 *lenp = subsec->dofs_size;
11950 12543 *bufp = kmem_alloc(subsec->dofs_size, KM_SLEEP);
11951 12544 bcopy((char *)(uintptr_t)(daddr + subsec->dofs_offset),
11952 12545 *bufp, subsec->dofs_size);
11953 12546
11954 12547 if (subsec->dofs_entsize != 0)
11955 12548 *lenp /= subsec->dofs_entsize;
11956 12549
11957 12550 break;
11958 12551 }
11959 12552
11960 12553 /*
11961 12554 * If we encounter a loadable DIFO sub-section that is not
11962 12555 * known to us, assume this is a broken program and fail.
11963 12556 */
11964 12557 if (difo[i].section == DOF_SECT_NONE &&
11965 12558 (subsec->dofs_flags & DOF_SECF_LOAD)) {
11966 12559 dtrace_dof_error(dof, "unrecognized DIFO subsection");
11967 12560 goto err;
11968 12561 }
11969 12562 }
11970 12563
11971 12564 if (dp->dtdo_buf == NULL) {
11972 12565 /*
11973 12566 * We can't have a DIF object without DIF text.
11974 12567 */
11975 12568 dtrace_dof_error(dof, "missing DIF text");
11976 12569 goto err;
11977 12570 }
11978 12571
11979 12572 /*
11980 12573 * Before we validate the DIF object, run through the variable table
11981 12574 * looking for the strings -- if any of their size are under, we'll set
11982 12575 * their size to be the system-wide default string size. Note that
11983 12576 * this should _not_ happen if the "strsize" option has been set --
11984 12577 * in this case, the compiler should have set the size to reflect the
11985 12578 * setting of the option.
11986 12579 */
11987 12580 for (i = 0; i < dp->dtdo_varlen; i++) {
11988 12581 dtrace_difv_t *v = &dp->dtdo_vartab[i];
11989 12582 dtrace_diftype_t *t = &v->dtdv_type;
11990 12583
11991 12584 if (v->dtdv_id < DIF_VAR_OTHER_UBASE)
11992 12585 continue;
11993 12586
11994 12587 if (t->dtdt_kind == DIF_TYPE_STRING && t->dtdt_size == 0)
11995 12588 t->dtdt_size = dtrace_strsize_default;
11996 12589 }
11997 12590
11998 12591 if (dtrace_difo_validate(dp, vstate, DIF_DIR_NREGS, cr) != 0)
11999 12592 goto err;
12000 12593
12001 12594 dtrace_difo_init(dp, vstate);
12002 12595 return (dp);
12003 12596
12004 12597 err:
12005 12598 kmem_free(dp->dtdo_buf, dp->dtdo_len * sizeof (dif_instr_t));
12006 12599 kmem_free(dp->dtdo_inttab, dp->dtdo_intlen * sizeof (uint64_t));
12007 12600 kmem_free(dp->dtdo_strtab, dp->dtdo_strlen);
12008 12601 kmem_free(dp->dtdo_vartab, dp->dtdo_varlen * sizeof (dtrace_difv_t));
12009 12602
12010 12603 kmem_free(dp, sizeof (dtrace_difo_t));
12011 12604 return (NULL);
12012 12605 }
12013 12606
12014 12607 static dtrace_predicate_t *
12015 12608 dtrace_dof_predicate(dof_hdr_t *dof, dof_sec_t *sec, dtrace_vstate_t *vstate,
12016 12609 cred_t *cr)
12017 12610 {
12018 12611 dtrace_difo_t *dp;
12019 12612
12020 12613 if ((dp = dtrace_dof_difo(dof, sec, vstate, cr)) == NULL)
12021 12614 return (NULL);
12022 12615
12023 12616 return (dtrace_predicate_create(dp));
12024 12617 }
12025 12618
12026 12619 static dtrace_actdesc_t *
12027 12620 dtrace_dof_actdesc(dof_hdr_t *dof, dof_sec_t *sec, dtrace_vstate_t *vstate,
12028 12621 cred_t *cr)
12029 12622 {
12030 12623 dtrace_actdesc_t *act, *first = NULL, *last = NULL, *next;
12031 12624 dof_actdesc_t *desc;
12032 12625 dof_sec_t *difosec;
12033 12626 size_t offs;
12034 12627 uintptr_t daddr = (uintptr_t)dof;
12035 12628 uint64_t arg;
12036 12629 dtrace_actkind_t kind;
12037 12630
12038 12631 if (sec->dofs_type != DOF_SECT_ACTDESC) {
12039 12632 dtrace_dof_error(dof, "invalid action section");
12040 12633 return (NULL);
12041 12634 }
12042 12635
12043 12636 if (sec->dofs_offset + sizeof (dof_actdesc_t) > dof->dofh_loadsz) {
12044 12637 dtrace_dof_error(dof, "truncated action description");
12045 12638 return (NULL);
12046 12639 }
12047 12640
12048 12641 if (sec->dofs_align != sizeof (uint64_t)) {
12049 12642 dtrace_dof_error(dof, "bad alignment in action description");
12050 12643 return (NULL);
12051 12644 }
12052 12645
12053 12646 if (sec->dofs_size < sec->dofs_entsize) {
12054 12647 dtrace_dof_error(dof, "section entry size exceeds total size");
12055 12648 return (NULL);
12056 12649 }
12057 12650
12058 12651 if (sec->dofs_entsize != sizeof (dof_actdesc_t)) {
12059 12652 dtrace_dof_error(dof, "bad entry size in action description");
12060 12653 return (NULL);
12061 12654 }
12062 12655
12063 12656 if (sec->dofs_size / sec->dofs_entsize > dtrace_actions_max) {
12064 12657 dtrace_dof_error(dof, "actions exceed dtrace_actions_max");
12065 12658 return (NULL);
12066 12659 }
12067 12660
12068 12661 for (offs = 0; offs < sec->dofs_size; offs += sec->dofs_entsize) {
12069 12662 desc = (dof_actdesc_t *)(daddr +
12070 12663 (uintptr_t)sec->dofs_offset + offs);
12071 12664 kind = (dtrace_actkind_t)desc->dofa_kind;
12072 12665
12073 12666 if ((DTRACEACT_ISPRINTFLIKE(kind) &&
12074 12667 (kind != DTRACEACT_PRINTA ||
12075 12668 desc->dofa_strtab != DOF_SECIDX_NONE)) ||
12076 12669 (kind == DTRACEACT_DIFEXPR &&
12077 12670 desc->dofa_strtab != DOF_SECIDX_NONE)) {
12078 12671 dof_sec_t *strtab;
12079 12672 char *str, *fmt;
12080 12673 uint64_t i;
12081 12674
12082 12675 /*
12083 12676 * The argument to these actions is an index into the
12084 12677 * DOF string table. For printf()-like actions, this
12085 12678 * is the format string. For print(), this is the
12086 12679 * CTF type of the expression result.
12087 12680 */
12088 12681 if ((strtab = dtrace_dof_sect(dof,
12089 12682 DOF_SECT_STRTAB, desc->dofa_strtab)) == NULL)
12090 12683 goto err;
12091 12684
12092 12685 str = (char *)((uintptr_t)dof +
12093 12686 (uintptr_t)strtab->dofs_offset);
12094 12687
12095 12688 for (i = desc->dofa_arg; i < strtab->dofs_size; i++) {
12096 12689 if (str[i] == '\0')
12097 12690 break;
12098 12691 }
12099 12692
12100 12693 if (i >= strtab->dofs_size) {
12101 12694 dtrace_dof_error(dof, "bogus format string");
12102 12695 goto err;
12103 12696 }
12104 12697
12105 12698 if (i == desc->dofa_arg) {
12106 12699 dtrace_dof_error(dof, "empty format string");
12107 12700 goto err;
12108 12701 }
12109 12702
12110 12703 i -= desc->dofa_arg;
12111 12704 fmt = kmem_alloc(i + 1, KM_SLEEP);
12112 12705 bcopy(&str[desc->dofa_arg], fmt, i + 1);
12113 12706 arg = (uint64_t)(uintptr_t)fmt;
12114 12707 } else {
12115 12708 if (kind == DTRACEACT_PRINTA) {
12116 12709 ASSERT(desc->dofa_strtab == DOF_SECIDX_NONE);
12117 12710 arg = 0;
12118 12711 } else {
12119 12712 arg = desc->dofa_arg;
12120 12713 }
12121 12714 }
12122 12715
12123 12716 act = dtrace_actdesc_create(kind, desc->dofa_ntuple,
12124 12717 desc->dofa_uarg, arg);
12125 12718
12126 12719 if (last != NULL) {
12127 12720 last->dtad_next = act;
12128 12721 } else {
12129 12722 first = act;
12130 12723 }
12131 12724
12132 12725 last = act;
12133 12726
12134 12727 if (desc->dofa_difo == DOF_SECIDX_NONE)
12135 12728 continue;
12136 12729
12137 12730 if ((difosec = dtrace_dof_sect(dof,
12138 12731 DOF_SECT_DIFOHDR, desc->dofa_difo)) == NULL)
12139 12732 goto err;
12140 12733
12141 12734 act->dtad_difo = dtrace_dof_difo(dof, difosec, vstate, cr);
12142 12735
12143 12736 if (act->dtad_difo == NULL)
12144 12737 goto err;
12145 12738 }
12146 12739
12147 12740 ASSERT(first != NULL);
12148 12741 return (first);
12149 12742
12150 12743 err:
12151 12744 for (act = first; act != NULL; act = next) {
12152 12745 next = act->dtad_next;
12153 12746 dtrace_actdesc_release(act, vstate);
12154 12747 }
12155 12748
12156 12749 return (NULL);
12157 12750 }
12158 12751
12159 12752 static dtrace_ecbdesc_t *
12160 12753 dtrace_dof_ecbdesc(dof_hdr_t *dof, dof_sec_t *sec, dtrace_vstate_t *vstate,
12161 12754 cred_t *cr)
12162 12755 {
12163 12756 dtrace_ecbdesc_t *ep;
12164 12757 dof_ecbdesc_t *ecb;
12165 12758 dtrace_probedesc_t *desc;
12166 12759 dtrace_predicate_t *pred = NULL;
12167 12760
12168 12761 if (sec->dofs_size < sizeof (dof_ecbdesc_t)) {
12169 12762 dtrace_dof_error(dof, "truncated ECB description");
12170 12763 return (NULL);
12171 12764 }
12172 12765
12173 12766 if (sec->dofs_align != sizeof (uint64_t)) {
12174 12767 dtrace_dof_error(dof, "bad alignment in ECB description");
12175 12768 return (NULL);
12176 12769 }
12177 12770
12178 12771 ecb = (dof_ecbdesc_t *)((uintptr_t)dof + (uintptr_t)sec->dofs_offset);
12179 12772 sec = dtrace_dof_sect(dof, DOF_SECT_PROBEDESC, ecb->dofe_probes);
12180 12773
12181 12774 if (sec == NULL)
12182 12775 return (NULL);
12183 12776
12184 12777 ep = kmem_zalloc(sizeof (dtrace_ecbdesc_t), KM_SLEEP);
12185 12778 ep->dted_uarg = ecb->dofe_uarg;
12186 12779 desc = &ep->dted_probe;
12187 12780
12188 12781 if (dtrace_dof_probedesc(dof, sec, desc) == NULL)
12189 12782 goto err;
12190 12783
12191 12784 if (ecb->dofe_pred != DOF_SECIDX_NONE) {
12192 12785 if ((sec = dtrace_dof_sect(dof,
12193 12786 DOF_SECT_DIFOHDR, ecb->dofe_pred)) == NULL)
12194 12787 goto err;
12195 12788
12196 12789 if ((pred = dtrace_dof_predicate(dof, sec, vstate, cr)) == NULL)
12197 12790 goto err;
12198 12791
12199 12792 ep->dted_pred.dtpdd_predicate = pred;
12200 12793 }
12201 12794
12202 12795 if (ecb->dofe_actions != DOF_SECIDX_NONE) {
12203 12796 if ((sec = dtrace_dof_sect(dof,
12204 12797 DOF_SECT_ACTDESC, ecb->dofe_actions)) == NULL)
12205 12798 goto err;
12206 12799
12207 12800 ep->dted_action = dtrace_dof_actdesc(dof, sec, vstate, cr);
12208 12801
12209 12802 if (ep->dted_action == NULL)
12210 12803 goto err;
12211 12804 }
12212 12805
12213 12806 return (ep);
12214 12807
12215 12808 err:
12216 12809 if (pred != NULL)
12217 12810 dtrace_predicate_release(pred, vstate);
12218 12811 kmem_free(ep, sizeof (dtrace_ecbdesc_t));
12219 12812 return (NULL);
12220 12813 }
12221 12814
12222 12815 /*
12223 12816 * Apply the relocations from the specified 'sec' (a DOF_SECT_URELHDR) to the
12224 12817 * specified DOF. At present, this amounts to simply adding 'ubase' to the
12225 12818 * site of any user SETX relocations to account for load object base address.
12226 12819 * In the future, if we need other relocations, this function can be extended.
12227 12820 */
12228 12821 static int
12229 12822 dtrace_dof_relocate(dof_hdr_t *dof, dof_sec_t *sec, uint64_t ubase)
12230 12823 {
12231 12824 uintptr_t daddr = (uintptr_t)dof;
12232 12825 dof_relohdr_t *dofr =
12233 12826 (dof_relohdr_t *)(uintptr_t)(daddr + sec->dofs_offset);
12234 12827 dof_sec_t *ss, *rs, *ts;
12235 12828 dof_relodesc_t *r;
12236 12829 uint_t i, n;
12237 12830
12238 12831 if (sec->dofs_size < sizeof (dof_relohdr_t) ||
12239 12832 sec->dofs_align != sizeof (dof_secidx_t)) {
12240 12833 dtrace_dof_error(dof, "invalid relocation header");
12241 12834 return (-1);
12242 12835 }
12243 12836
12244 12837 ss = dtrace_dof_sect(dof, DOF_SECT_STRTAB, dofr->dofr_strtab);
12245 12838 rs = dtrace_dof_sect(dof, DOF_SECT_RELTAB, dofr->dofr_relsec);
12246 12839 ts = dtrace_dof_sect(dof, DOF_SECT_NONE, dofr->dofr_tgtsec);
12247 12840
12248 12841 if (ss == NULL || rs == NULL || ts == NULL)
12249 12842 return (-1); /* dtrace_dof_error() has been called already */
12250 12843
12251 12844 if (rs->dofs_entsize < sizeof (dof_relodesc_t) ||
12252 12845 rs->dofs_align != sizeof (uint64_t)) {
12253 12846 dtrace_dof_error(dof, "invalid relocation section");
12254 12847 return (-1);
12255 12848 }
12256 12849
12257 12850 r = (dof_relodesc_t *)(uintptr_t)(daddr + rs->dofs_offset);
12258 12851 n = rs->dofs_size / rs->dofs_entsize;
12259 12852
12260 12853 for (i = 0; i < n; i++) {
12261 12854 uintptr_t taddr = daddr + ts->dofs_offset + r->dofr_offset;
12262 12855
12263 12856 switch (r->dofr_type) {
12264 12857 case DOF_RELO_NONE:
12265 12858 break;
12266 12859 case DOF_RELO_SETX:
12267 12860 if (r->dofr_offset >= ts->dofs_size || r->dofr_offset +
12268 12861 sizeof (uint64_t) > ts->dofs_size) {
12269 12862 dtrace_dof_error(dof, "bad relocation offset");
12270 12863 return (-1);
12271 12864 }
12272 12865
12273 12866 if (!IS_P2ALIGNED(taddr, sizeof (uint64_t))) {
12274 12867 dtrace_dof_error(dof, "misaligned setx relo");
12275 12868 return (-1);
12276 12869 }
12277 12870
12278 12871 *(uint64_t *)taddr += ubase;
12279 12872 break;
12280 12873 default:
12281 12874 dtrace_dof_error(dof, "invalid relocation type");
12282 12875 return (-1);
12283 12876 }
12284 12877
12285 12878 r = (dof_relodesc_t *)((uintptr_t)r + rs->dofs_entsize);
12286 12879 }
12287 12880
12288 12881 return (0);
12289 12882 }
12290 12883
12291 12884 /*
12292 12885 * The dof_hdr_t passed to dtrace_dof_slurp() should be a partially validated
12293 12886 * header: it should be at the front of a memory region that is at least
12294 12887 * sizeof (dof_hdr_t) in size -- and then at least dof_hdr.dofh_loadsz in
12295 12888 * size. It need not be validated in any other way.
12296 12889 */
12297 12890 static int
12298 12891 dtrace_dof_slurp(dof_hdr_t *dof, dtrace_vstate_t *vstate, cred_t *cr,
12299 12892 dtrace_enabling_t **enabp, uint64_t ubase, int noprobes)
12300 12893 {
12301 12894 uint64_t len = dof->dofh_loadsz, seclen;
12302 12895 uintptr_t daddr = (uintptr_t)dof;
12303 12896 dtrace_ecbdesc_t *ep;
12304 12897 dtrace_enabling_t *enab;
12305 12898 uint_t i;
12306 12899
12307 12900 ASSERT(MUTEX_HELD(&dtrace_lock));
12308 12901 ASSERT(dof->dofh_loadsz >= sizeof (dof_hdr_t));
12309 12902
12310 12903 /*
12311 12904 * Check the DOF header identification bytes. In addition to checking
12312 12905 * valid settings, we also verify that unused bits/bytes are zeroed so
12313 12906 * we can use them later without fear of regressing existing binaries.
12314 12907 */
12315 12908 if (bcmp(&dof->dofh_ident[DOF_ID_MAG0],
12316 12909 DOF_MAG_STRING, DOF_MAG_STRLEN) != 0) {
12317 12910 dtrace_dof_error(dof, "DOF magic string mismatch");
12318 12911 return (-1);
12319 12912 }
12320 12913
12321 12914 if (dof->dofh_ident[DOF_ID_MODEL] != DOF_MODEL_ILP32 &&
12322 12915 dof->dofh_ident[DOF_ID_MODEL] != DOF_MODEL_LP64) {
12323 12916 dtrace_dof_error(dof, "DOF has invalid data model");
12324 12917 return (-1);
12325 12918 }
12326 12919
12327 12920 if (dof->dofh_ident[DOF_ID_ENCODING] != DOF_ENCODE_NATIVE) {
12328 12921 dtrace_dof_error(dof, "DOF encoding mismatch");
12329 12922 return (-1);
12330 12923 }
12331 12924
12332 12925 if (dof->dofh_ident[DOF_ID_VERSION] != DOF_VERSION_1 &&
12333 12926 dof->dofh_ident[DOF_ID_VERSION] != DOF_VERSION_2) {
12334 12927 dtrace_dof_error(dof, "DOF version mismatch");
12335 12928 return (-1);
12336 12929 }
12337 12930
12338 12931 if (dof->dofh_ident[DOF_ID_DIFVERS] != DIF_VERSION_2) {
12339 12932 dtrace_dof_error(dof, "DOF uses unsupported instruction set");
12340 12933 return (-1);
12341 12934 }
12342 12935
12343 12936 if (dof->dofh_ident[DOF_ID_DIFIREG] > DIF_DIR_NREGS) {
12344 12937 dtrace_dof_error(dof, "DOF uses too many integer registers");
12345 12938 return (-1);
12346 12939 }
12347 12940
12348 12941 if (dof->dofh_ident[DOF_ID_DIFTREG] > DIF_DTR_NREGS) {
12349 12942 dtrace_dof_error(dof, "DOF uses too many tuple registers");
12350 12943 return (-1);
12351 12944 }
12352 12945
12353 12946 for (i = DOF_ID_PAD; i < DOF_ID_SIZE; i++) {
12354 12947 if (dof->dofh_ident[i] != 0) {
12355 12948 dtrace_dof_error(dof, "DOF has invalid ident byte set");
12356 12949 return (-1);
12357 12950 }
12358 12951 }
12359 12952
12360 12953 if (dof->dofh_flags & ~DOF_FL_VALID) {
12361 12954 dtrace_dof_error(dof, "DOF has invalid flag bits set");
12362 12955 return (-1);
12363 12956 }
12364 12957
12365 12958 if (dof->dofh_secsize == 0) {
12366 12959 dtrace_dof_error(dof, "zero section header size");
12367 12960 return (-1);
12368 12961 }
12369 12962
12370 12963 /*
12371 12964 * Check that the section headers don't exceed the amount of DOF
12372 12965 * data. Note that we cast the section size and number of sections
12373 12966 * to uint64_t's to prevent possible overflow in the multiplication.
12374 12967 */
12375 12968 seclen = (uint64_t)dof->dofh_secnum * (uint64_t)dof->dofh_secsize;
12376 12969
12377 12970 if (dof->dofh_secoff > len || seclen > len ||
12378 12971 dof->dofh_secoff + seclen > len) {
12379 12972 dtrace_dof_error(dof, "truncated section headers");
12380 12973 return (-1);
12381 12974 }
12382 12975
12383 12976 if (!IS_P2ALIGNED(dof->dofh_secoff, sizeof (uint64_t))) {
12384 12977 dtrace_dof_error(dof, "misaligned section headers");
12385 12978 return (-1);
12386 12979 }
12387 12980
12388 12981 if (!IS_P2ALIGNED(dof->dofh_secsize, sizeof (uint64_t))) {
12389 12982 dtrace_dof_error(dof, "misaligned section size");
12390 12983 return (-1);
12391 12984 }
12392 12985
12393 12986 /*
12394 12987 * Take an initial pass through the section headers to be sure that
12395 12988 * the headers don't have stray offsets. If the 'noprobes' flag is
12396 12989 * set, do not permit sections relating to providers, probes, or args.
12397 12990 */
12398 12991 for (i = 0; i < dof->dofh_secnum; i++) {
12399 12992 dof_sec_t *sec = (dof_sec_t *)(daddr +
12400 12993 (uintptr_t)dof->dofh_secoff + i * dof->dofh_secsize);
12401 12994
12402 12995 if (noprobes) {
12403 12996 switch (sec->dofs_type) {
12404 12997 case DOF_SECT_PROVIDER:
12405 12998 case DOF_SECT_PROBES:
12406 12999 case DOF_SECT_PRARGS:
12407 13000 case DOF_SECT_PROFFS:
12408 13001 dtrace_dof_error(dof, "illegal sections "
12409 13002 "for enabling");
12410 13003 return (-1);
12411 13004 }
12412 13005 }
12413 13006
12414 13007 if (DOF_SEC_ISLOADABLE(sec->dofs_type) &&
12415 13008 !(sec->dofs_flags & DOF_SECF_LOAD)) {
12416 13009 dtrace_dof_error(dof, "loadable section with load "
12417 13010 "flag unset");
12418 13011 return (-1);
12419 13012 }
12420 13013
12421 13014 if (!(sec->dofs_flags & DOF_SECF_LOAD))
12422 13015 continue; /* just ignore non-loadable sections */
12423 13016
12424 13017 if (sec->dofs_align & (sec->dofs_align - 1)) {
12425 13018 dtrace_dof_error(dof, "bad section alignment");
12426 13019 return (-1);
12427 13020 }
12428 13021
12429 13022 if (sec->dofs_offset & (sec->dofs_align - 1)) {
12430 13023 dtrace_dof_error(dof, "misaligned section");
12431 13024 return (-1);
12432 13025 }
12433 13026
12434 13027 if (sec->dofs_offset > len || sec->dofs_size > len ||
12435 13028 sec->dofs_offset + sec->dofs_size > len) {
12436 13029 dtrace_dof_error(dof, "corrupt section header");
12437 13030 return (-1);
12438 13031 }
12439 13032
12440 13033 if (sec->dofs_type == DOF_SECT_STRTAB && *((char *)daddr +
12441 13034 sec->dofs_offset + sec->dofs_size - 1) != '\0') {
12442 13035 dtrace_dof_error(dof, "non-terminating string table");
12443 13036 return (-1);
12444 13037 }
12445 13038 }
12446 13039
12447 13040 /*
12448 13041 * Take a second pass through the sections and locate and perform any
12449 13042 * relocations that are present. We do this after the first pass to
12450 13043 * be sure that all sections have had their headers validated.
12451 13044 */
12452 13045 for (i = 0; i < dof->dofh_secnum; i++) {
12453 13046 dof_sec_t *sec = (dof_sec_t *)(daddr +
12454 13047 (uintptr_t)dof->dofh_secoff + i * dof->dofh_secsize);
12455 13048
12456 13049 if (!(sec->dofs_flags & DOF_SECF_LOAD))
12457 13050 continue; /* skip sections that are not loadable */
12458 13051
12459 13052 switch (sec->dofs_type) {
12460 13053 case DOF_SECT_URELHDR:
12461 13054 if (dtrace_dof_relocate(dof, sec, ubase) != 0)
12462 13055 return (-1);
12463 13056 break;
12464 13057 }
12465 13058 }
12466 13059
12467 13060 if ((enab = *enabp) == NULL)
12468 13061 enab = *enabp = dtrace_enabling_create(vstate);
12469 13062
12470 13063 for (i = 0; i < dof->dofh_secnum; i++) {
12471 13064 dof_sec_t *sec = (dof_sec_t *)(daddr +
12472 13065 (uintptr_t)dof->dofh_secoff + i * dof->dofh_secsize);
12473 13066
12474 13067 if (sec->dofs_type != DOF_SECT_ECBDESC)
12475 13068 continue;
12476 13069
12477 13070 if ((ep = dtrace_dof_ecbdesc(dof, sec, vstate, cr)) == NULL) {
12478 13071 dtrace_enabling_destroy(enab);
12479 13072 *enabp = NULL;
12480 13073 return (-1);
12481 13074 }
12482 13075
12483 13076 dtrace_enabling_add(enab, ep);
12484 13077 }
12485 13078
12486 13079 return (0);
12487 13080 }
12488 13081
12489 13082 /*
12490 13083 * Process DOF for any options. This routine assumes that the DOF has been
12491 13084 * at least processed by dtrace_dof_slurp().
12492 13085 */
12493 13086 static int
12494 13087 dtrace_dof_options(dof_hdr_t *dof, dtrace_state_t *state)
12495 13088 {
12496 13089 int i, rval;
12497 13090 uint32_t entsize;
12498 13091 size_t offs;
12499 13092 dof_optdesc_t *desc;
12500 13093
12501 13094 for (i = 0; i < dof->dofh_secnum; i++) {
12502 13095 dof_sec_t *sec = (dof_sec_t *)((uintptr_t)dof +
12503 13096 (uintptr_t)dof->dofh_secoff + i * dof->dofh_secsize);
12504 13097
12505 13098 if (sec->dofs_type != DOF_SECT_OPTDESC)
12506 13099 continue;
12507 13100
12508 13101 if (sec->dofs_align != sizeof (uint64_t)) {
12509 13102 dtrace_dof_error(dof, "bad alignment in "
12510 13103 "option description");
12511 13104 return (EINVAL);
12512 13105 }
12513 13106
12514 13107 if ((entsize = sec->dofs_entsize) == 0) {
12515 13108 dtrace_dof_error(dof, "zeroed option entry size");
12516 13109 return (EINVAL);
12517 13110 }
12518 13111
12519 13112 if (entsize < sizeof (dof_optdesc_t)) {
12520 13113 dtrace_dof_error(dof, "bad option entry size");
12521 13114 return (EINVAL);
12522 13115 }
12523 13116
12524 13117 for (offs = 0; offs < sec->dofs_size; offs += entsize) {
12525 13118 desc = (dof_optdesc_t *)((uintptr_t)dof +
12526 13119 (uintptr_t)sec->dofs_offset + offs);
12527 13120
12528 13121 if (desc->dofo_strtab != DOF_SECIDX_NONE) {
12529 13122 dtrace_dof_error(dof, "non-zero option string");
12530 13123 return (EINVAL);
12531 13124 }
12532 13125
12533 13126 if (desc->dofo_value == DTRACEOPT_UNSET) {
12534 13127 dtrace_dof_error(dof, "unset option");
12535 13128 return (EINVAL);
12536 13129 }
12537 13130
12538 13131 if ((rval = dtrace_state_option(state,
12539 13132 desc->dofo_option, desc->dofo_value)) != 0) {
12540 13133 dtrace_dof_error(dof, "rejected option");
12541 13134 return (rval);
12542 13135 }
12543 13136 }
12544 13137 }
12545 13138
12546 13139 return (0);
12547 13140 }
12548 13141
12549 13142 /*
12550 13143 * DTrace Consumer State Functions
12551 13144 */
12552 13145 int
12553 13146 dtrace_dstate_init(dtrace_dstate_t *dstate, size_t size)
12554 13147 {
12555 13148 size_t hashsize, maxper, min, chunksize = dstate->dtds_chunksize;
12556 13149 void *base;
12557 13150 uintptr_t limit;
12558 13151 dtrace_dynvar_t *dvar, *next, *start;
12559 13152 int i;
12560 13153
12561 13154 ASSERT(MUTEX_HELD(&dtrace_lock));
12562 13155 ASSERT(dstate->dtds_base == NULL && dstate->dtds_percpu == NULL);
12563 13156
12564 13157 bzero(dstate, sizeof (dtrace_dstate_t));
12565 13158
12566 13159 if ((dstate->dtds_chunksize = chunksize) == 0)
12567 13160 dstate->dtds_chunksize = DTRACE_DYNVAR_CHUNKSIZE;
12568 13161
12569 13162 if (size < (min = dstate->dtds_chunksize + sizeof (dtrace_dynhash_t)))
12570 13163 size = min;
12571 13164
12572 13165 if ((base = kmem_zalloc(size, KM_NOSLEEP | KM_NORMALPRI)) == NULL)
12573 13166 return (ENOMEM);
12574 13167
12575 13168 dstate->dtds_size = size;
12576 13169 dstate->dtds_base = base;
12577 13170 dstate->dtds_percpu = kmem_cache_alloc(dtrace_state_cache, KM_SLEEP);
12578 13171 bzero(dstate->dtds_percpu, NCPU * sizeof (dtrace_dstate_percpu_t));
12579 13172
12580 13173 hashsize = size / (dstate->dtds_chunksize + sizeof (dtrace_dynhash_t));
12581 13174
12582 13175 if (hashsize != 1 && (hashsize & 1))
12583 13176 hashsize--;
12584 13177
12585 13178 dstate->dtds_hashsize = hashsize;
12586 13179 dstate->dtds_hash = dstate->dtds_base;
12587 13180
12588 13181 /*
12589 13182 * Set all of our hash buckets to point to the single sink, and (if
12590 13183 * it hasn't already been set), set the sink's hash value to be the
12591 13184 * sink sentinel value. The sink is needed for dynamic variable
12592 13185 * lookups to know that they have iterated over an entire, valid hash
12593 13186 * chain.
12594 13187 */
12595 13188 for (i = 0; i < hashsize; i++)
12596 13189 dstate->dtds_hash[i].dtdh_chain = &dtrace_dynhash_sink;
12597 13190
12598 13191 if (dtrace_dynhash_sink.dtdv_hashval != DTRACE_DYNHASH_SINK)
12599 13192 dtrace_dynhash_sink.dtdv_hashval = DTRACE_DYNHASH_SINK;
12600 13193
12601 13194 /*
12602 13195 * Determine number of active CPUs. Divide free list evenly among
12603 13196 * active CPUs.
12604 13197 */
12605 13198 start = (dtrace_dynvar_t *)
12606 13199 ((uintptr_t)base + hashsize * sizeof (dtrace_dynhash_t));
12607 13200 limit = (uintptr_t)base + size;
12608 13201
12609 13202 maxper = (limit - (uintptr_t)start) / NCPU;
12610 13203 maxper = (maxper / dstate->dtds_chunksize) * dstate->dtds_chunksize;
12611 13204
12612 13205 for (i = 0; i < NCPU; i++) {
12613 13206 dstate->dtds_percpu[i].dtdsc_free = dvar = start;
12614 13207
12615 13208 /*
12616 13209 * If we don't even have enough chunks to make it once through
12617 13210 * NCPUs, we're just going to allocate everything to the first
12618 13211 * CPU. And if we're on the last CPU, we're going to allocate
12619 13212 * whatever is left over. In either case, we set the limit to
12620 13213 * be the limit of the dynamic variable space.
12621 13214 */
12622 13215 if (maxper == 0 || i == NCPU - 1) {
12623 13216 limit = (uintptr_t)base + size;
12624 13217 start = NULL;
12625 13218 } else {
12626 13219 limit = (uintptr_t)start + maxper;
12627 13220 start = (dtrace_dynvar_t *)limit;
12628 13221 }
12629 13222
12630 13223 ASSERT(limit <= (uintptr_t)base + size);
12631 13224
12632 13225 for (;;) {
12633 13226 next = (dtrace_dynvar_t *)((uintptr_t)dvar +
12634 13227 dstate->dtds_chunksize);
12635 13228
12636 13229 if ((uintptr_t)next + dstate->dtds_chunksize >= limit)
12637 13230 break;
12638 13231
12639 13232 dvar->dtdv_next = next;
12640 13233 dvar = next;
12641 13234 }
12642 13235
12643 13236 if (maxper == 0)
12644 13237 break;
12645 13238 }
12646 13239
12647 13240 return (0);
12648 13241 }
12649 13242
12650 13243 void
12651 13244 dtrace_dstate_fini(dtrace_dstate_t *dstate)
12652 13245 {
12653 13246 ASSERT(MUTEX_HELD(&cpu_lock));
12654 13247
12655 13248 if (dstate->dtds_base == NULL)
12656 13249 return;
12657 13250
12658 13251 kmem_free(dstate->dtds_base, dstate->dtds_size);
12659 13252 kmem_cache_free(dtrace_state_cache, dstate->dtds_percpu);
12660 13253 }
12661 13254
12662 13255 static void
12663 13256 dtrace_vstate_fini(dtrace_vstate_t *vstate)
12664 13257 {
12665 13258 /*
12666 13259 * Logical XOR, where are you?
12667 13260 */
12668 13261 ASSERT((vstate->dtvs_nglobals == 0) ^ (vstate->dtvs_globals != NULL));
12669 13262
12670 13263 if (vstate->dtvs_nglobals > 0) {
12671 13264 kmem_free(vstate->dtvs_globals, vstate->dtvs_nglobals *
12672 13265 sizeof (dtrace_statvar_t *));
12673 13266 }
12674 13267
12675 13268 if (vstate->dtvs_ntlocals > 0) {
12676 13269 kmem_free(vstate->dtvs_tlocals, vstate->dtvs_ntlocals *
12677 13270 sizeof (dtrace_difv_t));
12678 13271 }
12679 13272
12680 13273 ASSERT((vstate->dtvs_nlocals == 0) ^ (vstate->dtvs_locals != NULL));
12681 13274
12682 13275 if (vstate->dtvs_nlocals > 0) {
12683 13276 kmem_free(vstate->dtvs_locals, vstate->dtvs_nlocals *
12684 13277 sizeof (dtrace_statvar_t *));
12685 13278 }
12686 13279 }
12687 13280
12688 13281 static void
12689 13282 dtrace_state_clean(dtrace_state_t *state)
12690 13283 {
12691 13284 if (state->dts_activity == DTRACE_ACTIVITY_INACTIVE)
12692 13285 return;
12693 13286
12694 13287 dtrace_dynvar_clean(&state->dts_vstate.dtvs_dynvars);
12695 13288 dtrace_speculation_clean(state);
12696 13289 }
12697 13290
12698 13291 static void
12699 13292 dtrace_state_deadman(dtrace_state_t *state)
12700 13293 {
12701 13294 hrtime_t now;
12702 13295
12703 13296 dtrace_sync();
12704 13297
12705 13298 now = dtrace_gethrtime();
12706 13299
12707 13300 if (state != dtrace_anon.dta_state &&
12708 13301 now - state->dts_laststatus >= dtrace_deadman_user)
12709 13302 return;
12710 13303
12711 13304 /*
12712 13305 * We must be sure that dts_alive never appears to be less than the
12713 13306 * value upon entry to dtrace_state_deadman(), and because we lack a
12714 13307 * dtrace_cas64(), we cannot store to it atomically. We thus instead
12715 13308 * store INT64_MAX to it, followed by a memory barrier, followed by
12716 13309 * the new value. This assures that dts_alive never appears to be
12717 13310 * less than its true value, regardless of the order in which the
12718 13311 * stores to the underlying storage are issued.
12719 13312 */
12720 13313 state->dts_alive = INT64_MAX;
12721 13314 dtrace_membar_producer();
12722 13315 state->dts_alive = now;
12723 13316 }
12724 13317
12725 13318 dtrace_state_t *
12726 13319 dtrace_state_create(dev_t *devp, cred_t *cr)
12727 13320 {
12728 13321 minor_t minor;
12729 13322 major_t major;
12730 13323 char c[30];
12731 13324 dtrace_state_t *state;
12732 13325 dtrace_optval_t *opt;
12733 13326 int bufsize = NCPU * sizeof (dtrace_buffer_t), i;
12734 13327
12735 13328 ASSERT(MUTEX_HELD(&dtrace_lock));
12736 13329 ASSERT(MUTEX_HELD(&cpu_lock));
12737 13330
12738 13331 minor = (minor_t)(uintptr_t)vmem_alloc(dtrace_minor, 1,
12739 13332 VM_BESTFIT | VM_SLEEP);
12740 13333
12741 13334 if (ddi_soft_state_zalloc(dtrace_softstate, minor) != DDI_SUCCESS) {
12742 13335 vmem_free(dtrace_minor, (void *)(uintptr_t)minor, 1);
12743 13336 return (NULL);
12744 13337 }
12745 13338
12746 13339 state = ddi_get_soft_state(dtrace_softstate, minor);
12747 13340 state->dts_epid = DTRACE_EPIDNONE + 1;
12748 13341
12749 13342 (void) snprintf(c, sizeof (c), "dtrace_aggid_%d", minor);
12750 13343 state->dts_aggid_arena = vmem_create(c, (void *)1, UINT32_MAX, 1,
12751 13344 NULL, NULL, NULL, 0, VM_SLEEP | VMC_IDENTIFIER);
12752 13345
12753 13346 if (devp != NULL) {
12754 13347 major = getemajor(*devp);
12755 13348 } else {
12756 13349 major = ddi_driver_major(dtrace_devi);
12757 13350 }
12758 13351
12759 13352 state->dts_dev = makedevice(major, minor);
12760 13353
12761 13354 if (devp != NULL)
12762 13355 *devp = state->dts_dev;
12763 13356
12764 13357 /*
12765 13358 * We allocate NCPU buffers. On the one hand, this can be quite
12766 13359 * a bit of memory per instance (nearly 36K on a Starcat). On the
12767 13360 * other hand, it saves an additional memory reference in the probe
12768 13361 * path.
12769 13362 */
12770 13363 state->dts_buffer = kmem_zalloc(bufsize, KM_SLEEP);
12771 13364 state->dts_aggbuffer = kmem_zalloc(bufsize, KM_SLEEP);
12772 13365 state->dts_cleaner = CYCLIC_NONE;
12773 13366 state->dts_deadman = CYCLIC_NONE;
12774 13367 state->dts_vstate.dtvs_state = state;
12775 13368
12776 13369 for (i = 0; i < DTRACEOPT_MAX; i++)
12777 13370 state->dts_options[i] = DTRACEOPT_UNSET;
12778 13371
12779 13372 /*
12780 13373 * Set the default options.
12781 13374 */
12782 13375 opt = state->dts_options;
12783 13376 opt[DTRACEOPT_BUFPOLICY] = DTRACEOPT_BUFPOLICY_SWITCH;
12784 13377 opt[DTRACEOPT_BUFRESIZE] = DTRACEOPT_BUFRESIZE_AUTO;
12785 13378 opt[DTRACEOPT_NSPEC] = dtrace_nspec_default;
12786 13379 opt[DTRACEOPT_SPECSIZE] = dtrace_specsize_default;
12787 13380 opt[DTRACEOPT_CPU] = (dtrace_optval_t)DTRACE_CPUALL;
12788 13381 opt[DTRACEOPT_STRSIZE] = dtrace_strsize_default;
12789 13382 opt[DTRACEOPT_STACKFRAMES] = dtrace_stackframes_default;
12790 13383 opt[DTRACEOPT_USTACKFRAMES] = dtrace_ustackframes_default;
12791 13384 opt[DTRACEOPT_CLEANRATE] = dtrace_cleanrate_default;
12792 13385 opt[DTRACEOPT_AGGRATE] = dtrace_aggrate_default;
12793 13386 opt[DTRACEOPT_SWITCHRATE] = dtrace_switchrate_default;
12794 13387 opt[DTRACEOPT_STATUSRATE] = dtrace_statusrate_default;
12795 13388 opt[DTRACEOPT_JSTACKFRAMES] = dtrace_jstackframes_default;
12796 13389 opt[DTRACEOPT_JSTACKSTRSIZE] = dtrace_jstackstrsize_default;
12797 13390
12798 13391 state->dts_activity = DTRACE_ACTIVITY_INACTIVE;
12799 13392
12800 13393 /*
12801 13394 * Depending on the user credentials, we set flag bits which alter probe
12802 13395 * visibility or the amount of destructiveness allowed. In the case of
12803 13396 * actual anonymous tracing, or the possession of all privileges, all of
12804 13397 * the normal checks are bypassed.
12805 13398 */
12806 13399 if (cr == NULL || PRIV_POLICY_ONLY(cr, PRIV_ALL, B_FALSE)) {
12807 13400 state->dts_cred.dcr_visible = DTRACE_CRV_ALL;
12808 13401 state->dts_cred.dcr_action = DTRACE_CRA_ALL;
12809 13402 } else {
12810 13403 /*
12811 13404 * Set up the credentials for this instantiation. We take a
12812 13405 * hold on the credential to prevent it from disappearing on
12813 13406 * us; this in turn prevents the zone_t referenced by this
12814 13407 * credential from disappearing. This means that we can
12815 13408 * examine the credential and the zone from probe context.
12816 13409 */
12817 13410 crhold(cr);
12818 13411 state->dts_cred.dcr_cred = cr;
12819 13412
12820 13413 /*
12821 13414 * CRA_PROC means "we have *some* privilege for dtrace" and
12822 13415 * unlocks the use of variables like pid, zonename, etc.
12823 13416 */
12824 13417 if (PRIV_POLICY_ONLY(cr, PRIV_DTRACE_USER, B_FALSE) ||
12825 13418 PRIV_POLICY_ONLY(cr, PRIV_DTRACE_PROC, B_FALSE)) {
12826 13419 state->dts_cred.dcr_action |= DTRACE_CRA_PROC;
12827 13420 }
12828 13421
12829 13422 /*
12830 13423 * dtrace_user allows use of syscall and profile providers.
12831 13424 * If the user also has proc_owner and/or proc_zone, we
12832 13425 * extend the scope to include additional visibility and
12833 13426 * destructive power.
12834 13427 */
12835 13428 if (PRIV_POLICY_ONLY(cr, PRIV_DTRACE_USER, B_FALSE)) {
12836 13429 if (PRIV_POLICY_ONLY(cr, PRIV_PROC_OWNER, B_FALSE)) {
12837 13430 state->dts_cred.dcr_visible |=
12838 13431 DTRACE_CRV_ALLPROC;
12839 13432
12840 13433 state->dts_cred.dcr_action |=
12841 13434 DTRACE_CRA_PROC_DESTRUCTIVE_ALLUSER;
12842 13435 }
12843 13436
12844 13437 if (PRIV_POLICY_ONLY(cr, PRIV_PROC_ZONE, B_FALSE)) {
12845 13438 state->dts_cred.dcr_visible |=
12846 13439 DTRACE_CRV_ALLZONE;
12847 13440
12848 13441 state->dts_cred.dcr_action |=
12849 13442 DTRACE_CRA_PROC_DESTRUCTIVE_ALLZONE;
12850 13443 }
12851 13444
12852 13445 /*
12853 13446 * If we have all privs in whatever zone this is,
12854 13447 * we can do destructive things to processes which
12855 13448 * have altered credentials.
12856 13449 */
12857 13450 if (priv_isequalset(priv_getset(cr, PRIV_EFFECTIVE),
12858 13451 cr->cr_zone->zone_privset)) {
12859 13452 state->dts_cred.dcr_action |=
12860 13453 DTRACE_CRA_PROC_DESTRUCTIVE_CREDCHG;
12861 13454 }
12862 13455 }
12863 13456
12864 13457 /*
12865 13458 * Holding the dtrace_kernel privilege also implies that
12866 13459 * the user has the dtrace_user privilege from a visibility
12867 13460 * perspective. But without further privileges, some
12868 13461 * destructive actions are not available.
12869 13462 */
12870 13463 if (PRIV_POLICY_ONLY(cr, PRIV_DTRACE_KERNEL, B_FALSE)) {
12871 13464 /*
12872 13465 * Make all probes in all zones visible. However,
12873 13466 * this doesn't mean that all actions become available
12874 13467 * to all zones.
12875 13468 */
12876 13469 state->dts_cred.dcr_visible |= DTRACE_CRV_KERNEL |
12877 13470 DTRACE_CRV_ALLPROC | DTRACE_CRV_ALLZONE;
12878 13471
12879 13472 state->dts_cred.dcr_action |= DTRACE_CRA_KERNEL |
12880 13473 DTRACE_CRA_PROC;
12881 13474 /*
12882 13475 * Holding proc_owner means that destructive actions
12883 13476 * for *this* zone are allowed.
12884 13477 */
12885 13478 if (PRIV_POLICY_ONLY(cr, PRIV_PROC_OWNER, B_FALSE))
12886 13479 state->dts_cred.dcr_action |=
12887 13480 DTRACE_CRA_PROC_DESTRUCTIVE_ALLUSER;
12888 13481
12889 13482 /*
12890 13483 * Holding proc_zone means that destructive actions
12891 13484 * for this user/group ID in all zones is allowed.
12892 13485 */
12893 13486 if (PRIV_POLICY_ONLY(cr, PRIV_PROC_ZONE, B_FALSE))
12894 13487 state->dts_cred.dcr_action |=
12895 13488 DTRACE_CRA_PROC_DESTRUCTIVE_ALLZONE;
12896 13489
12897 13490 /*
12898 13491 * If we have all privs in whatever zone this is,
12899 13492 * we can do destructive things to processes which
12900 13493 * have altered credentials.
12901 13494 */
12902 13495 if (priv_isequalset(priv_getset(cr, PRIV_EFFECTIVE),
12903 13496 cr->cr_zone->zone_privset)) {
12904 13497 state->dts_cred.dcr_action |=
12905 13498 DTRACE_CRA_PROC_DESTRUCTIVE_CREDCHG;
12906 13499 }
12907 13500 }
12908 13501
12909 13502 /*
12910 13503 * Holding the dtrace_proc privilege gives control over fasttrap
12911 13504 * and pid providers. We need to grant wider destructive
12912 13505 * privileges in the event that the user has proc_owner and/or
12913 13506 * proc_zone.
12914 13507 */
12915 13508 if (PRIV_POLICY_ONLY(cr, PRIV_DTRACE_PROC, B_FALSE)) {
12916 13509 if (PRIV_POLICY_ONLY(cr, PRIV_PROC_OWNER, B_FALSE))
12917 13510 state->dts_cred.dcr_action |=
12918 13511 DTRACE_CRA_PROC_DESTRUCTIVE_ALLUSER;
12919 13512
12920 13513 if (PRIV_POLICY_ONLY(cr, PRIV_PROC_ZONE, B_FALSE))
12921 13514 state->dts_cred.dcr_action |=
12922 13515 DTRACE_CRA_PROC_DESTRUCTIVE_ALLZONE;
12923 13516 }
12924 13517 }
12925 13518
12926 13519 return (state);
12927 13520 }
12928 13521
12929 13522 static int
12930 13523 dtrace_state_buffer(dtrace_state_t *state, dtrace_buffer_t *buf, int which)
12931 13524 {
12932 13525 dtrace_optval_t *opt = state->dts_options, size;
12933 13526 processorid_t cpu;
12934 13527 int flags = 0, rval, factor, divisor = 1;
12935 13528
12936 13529 ASSERT(MUTEX_HELD(&dtrace_lock));
12937 13530 ASSERT(MUTEX_HELD(&cpu_lock));
12938 13531 ASSERT(which < DTRACEOPT_MAX);
12939 13532 ASSERT(state->dts_activity == DTRACE_ACTIVITY_INACTIVE ||
12940 13533 (state == dtrace_anon.dta_state &&
12941 13534 state->dts_activity == DTRACE_ACTIVITY_ACTIVE));
12942 13535
12943 13536 if (opt[which] == DTRACEOPT_UNSET || opt[which] == 0)
12944 13537 return (0);
12945 13538
12946 13539 if (opt[DTRACEOPT_CPU] != DTRACEOPT_UNSET)
12947 13540 cpu = opt[DTRACEOPT_CPU];
12948 13541
12949 13542 if (which == DTRACEOPT_SPECSIZE)
12950 13543 flags |= DTRACEBUF_NOSWITCH;
12951 13544
12952 13545 if (which == DTRACEOPT_BUFSIZE) {
12953 13546 if (opt[DTRACEOPT_BUFPOLICY] == DTRACEOPT_BUFPOLICY_RING)
12954 13547 flags |= DTRACEBUF_RING;
12955 13548
12956 13549 if (opt[DTRACEOPT_BUFPOLICY] == DTRACEOPT_BUFPOLICY_FILL)
12957 13550 flags |= DTRACEBUF_FILL;
12958 13551
12959 13552 if (state != dtrace_anon.dta_state ||
12960 13553 state->dts_activity != DTRACE_ACTIVITY_ACTIVE)
12961 13554 flags |= DTRACEBUF_INACTIVE;
12962 13555 }
12963 13556
12964 13557 for (size = opt[which]; size >= sizeof (uint64_t); size /= divisor) {
12965 13558 /*
12966 13559 * The size must be 8-byte aligned. If the size is not 8-byte
12967 13560 * aligned, drop it down by the difference.
12968 13561 */
12969 13562 if (size & (sizeof (uint64_t) - 1))
12970 13563 size -= size & (sizeof (uint64_t) - 1);
12971 13564
12972 13565 if (size < state->dts_reserve) {
12973 13566 /*
12974 13567 * Buffers always must be large enough to accommodate
12975 13568 * their prereserved space. We return E2BIG instead
12976 13569 * of ENOMEM in this case to allow for user-level
12977 13570 * software to differentiate the cases.
12978 13571 */
12979 13572 return (E2BIG);
12980 13573 }
12981 13574
12982 13575 rval = dtrace_buffer_alloc(buf, size, flags, cpu, &factor);
12983 13576
12984 13577 if (rval != ENOMEM) {
12985 13578 opt[which] = size;
12986 13579 return (rval);
12987 13580 }
12988 13581
12989 13582 if (opt[DTRACEOPT_BUFRESIZE] == DTRACEOPT_BUFRESIZE_MANUAL)
12990 13583 return (rval);
12991 13584
12992 13585 for (divisor = 2; divisor < factor; divisor <<= 1)
12993 13586 continue;
12994 13587 }
12995 13588
12996 13589 return (ENOMEM);
12997 13590 }
12998 13591
12999 13592 static int
13000 13593 dtrace_state_buffers(dtrace_state_t *state)
13001 13594 {
13002 13595 dtrace_speculation_t *spec = state->dts_speculations;
13003 13596 int rval, i;
13004 13597
13005 13598 if ((rval = dtrace_state_buffer(state, state->dts_buffer,
13006 13599 DTRACEOPT_BUFSIZE)) != 0)
13007 13600 return (rval);
13008 13601
13009 13602 if ((rval = dtrace_state_buffer(state, state->dts_aggbuffer,
13010 13603 DTRACEOPT_AGGSIZE)) != 0)
13011 13604 return (rval);
13012 13605
13013 13606 for (i = 0; i < state->dts_nspeculations; i++) {
13014 13607 if ((rval = dtrace_state_buffer(state,
13015 13608 spec[i].dtsp_buffer, DTRACEOPT_SPECSIZE)) != 0)
13016 13609 return (rval);
13017 13610 }
13018 13611
13019 13612 return (0);
13020 13613 }
13021 13614
13022 13615 static void
13023 13616 dtrace_state_prereserve(dtrace_state_t *state)
13024 13617 {
13025 13618 dtrace_ecb_t *ecb;
13026 13619 dtrace_probe_t *probe;
13027 13620
13028 13621 state->dts_reserve = 0;
13029 13622
13030 13623 if (state->dts_options[DTRACEOPT_BUFPOLICY] != DTRACEOPT_BUFPOLICY_FILL)
13031 13624 return;
13032 13625
13033 13626 /*
13034 13627 * If our buffer policy is a "fill" buffer policy, we need to set the
13035 13628 * prereserved space to be the space required by the END probes.
13036 13629 */
13037 13630 probe = dtrace_probes[dtrace_probeid_end - 1];
13038 13631 ASSERT(probe != NULL);
13039 13632
13040 13633 for (ecb = probe->dtpr_ecb; ecb != NULL; ecb = ecb->dte_next) {
13041 13634 if (ecb->dte_state != state)
13042 13635 continue;
13043 13636
13044 13637 state->dts_reserve += ecb->dte_needed + ecb->dte_alignment;
13045 13638 }
13046 13639 }
13047 13640
13048 13641 static int
13049 13642 dtrace_state_go(dtrace_state_t *state, processorid_t *cpu)
13050 13643 {
13051 13644 dtrace_optval_t *opt = state->dts_options, sz, nspec;
13052 13645 dtrace_speculation_t *spec;
13053 13646 dtrace_buffer_t *buf;
13054 13647 cyc_handler_t hdlr;
13055 13648 cyc_time_t when;
13056 13649 int rval = 0, i, bufsize = NCPU * sizeof (dtrace_buffer_t);
13057 13650 dtrace_icookie_t cookie;
13058 13651
13059 13652 mutex_enter(&cpu_lock);
13060 13653 mutex_enter(&dtrace_lock);
13061 13654
13062 13655 if (state->dts_activity != DTRACE_ACTIVITY_INACTIVE) {
13063 13656 rval = EBUSY;
13064 13657 goto out;
13065 13658 }
13066 13659
13067 13660 /*
13068 13661 * Before we can perform any checks, we must prime all of the
13069 13662 * retained enablings that correspond to this state.
13070 13663 */
13071 13664 dtrace_enabling_prime(state);
13072 13665
13073 13666 if (state->dts_destructive && !state->dts_cred.dcr_destructive) {
13074 13667 rval = EACCES;
13075 13668 goto out;
13076 13669 }
13077 13670
13078 13671 dtrace_state_prereserve(state);
13079 13672
13080 13673 /*
13081 13674 * Now we want to do is try to allocate our speculations.
13082 13675 * We do not automatically resize the number of speculations; if
13083 13676 * this fails, we will fail the operation.
13084 13677 */
13085 13678 nspec = opt[DTRACEOPT_NSPEC];
13086 13679 ASSERT(nspec != DTRACEOPT_UNSET);
13087 13680
13088 13681 if (nspec > INT_MAX) {
13089 13682 rval = ENOMEM;
13090 13683 goto out;
13091 13684 }
13092 13685
13093 13686 spec = kmem_zalloc(nspec * sizeof (dtrace_speculation_t),
13094 13687 KM_NOSLEEP | KM_NORMALPRI);
13095 13688
13096 13689 if (spec == NULL) {
13097 13690 rval = ENOMEM;
13098 13691 goto out;
13099 13692 }
13100 13693
13101 13694 state->dts_speculations = spec;
13102 13695 state->dts_nspeculations = (int)nspec;
13103 13696
13104 13697 for (i = 0; i < nspec; i++) {
13105 13698 if ((buf = kmem_zalloc(bufsize,
13106 13699 KM_NOSLEEP | KM_NORMALPRI)) == NULL) {
13107 13700 rval = ENOMEM;
13108 13701 goto err;
13109 13702 }
13110 13703
13111 13704 spec[i].dtsp_buffer = buf;
13112 13705 }
13113 13706
13114 13707 if (opt[DTRACEOPT_GRABANON] != DTRACEOPT_UNSET) {
13115 13708 if (dtrace_anon.dta_state == NULL) {
13116 13709 rval = ENOENT;
13117 13710 goto out;
13118 13711 }
13119 13712
13120 13713 if (state->dts_necbs != 0) {
13121 13714 rval = EALREADY;
13122 13715 goto out;
13123 13716 }
13124 13717
13125 13718 state->dts_anon = dtrace_anon_grab();
13126 13719 ASSERT(state->dts_anon != NULL);
13127 13720 state = state->dts_anon;
13128 13721
13129 13722 /*
13130 13723 * We want "grabanon" to be set in the grabbed state, so we'll
13131 13724 * copy that option value from the grabbing state into the
13132 13725 * grabbed state.
13133 13726 */
13134 13727 state->dts_options[DTRACEOPT_GRABANON] =
13135 13728 opt[DTRACEOPT_GRABANON];
13136 13729
13137 13730 *cpu = dtrace_anon.dta_beganon;
13138 13731
13139 13732 /*
13140 13733 * If the anonymous state is active (as it almost certainly
13141 13734 * is if the anonymous enabling ultimately matched anything),
13142 13735 * we don't allow any further option processing -- but we
13143 13736 * don't return failure.
13144 13737 */
13145 13738 if (state->dts_activity != DTRACE_ACTIVITY_INACTIVE)
13146 13739 goto out;
13147 13740 }
13148 13741
13149 13742 if (opt[DTRACEOPT_AGGSIZE] != DTRACEOPT_UNSET &&
13150 13743 opt[DTRACEOPT_AGGSIZE] != 0) {
13151 13744 if (state->dts_aggregations == NULL) {
13152 13745 /*
13153 13746 * We're not going to create an aggregation buffer
13154 13747 * because we don't have any ECBs that contain
13155 13748 * aggregations -- set this option to 0.
13156 13749 */
13157 13750 opt[DTRACEOPT_AGGSIZE] = 0;
13158 13751 } else {
13159 13752 /*
13160 13753 * If we have an aggregation buffer, we must also have
13161 13754 * a buffer to use as scratch.
13162 13755 */
13163 13756 if (opt[DTRACEOPT_BUFSIZE] == DTRACEOPT_UNSET ||
13164 13757 opt[DTRACEOPT_BUFSIZE] < state->dts_needed) {
13165 13758 opt[DTRACEOPT_BUFSIZE] = state->dts_needed;
13166 13759 }
13167 13760 }
13168 13761 }
13169 13762
13170 13763 if (opt[DTRACEOPT_SPECSIZE] != DTRACEOPT_UNSET &&
13171 13764 opt[DTRACEOPT_SPECSIZE] != 0) {
13172 13765 if (!state->dts_speculates) {
13173 13766 /*
13174 13767 * We're not going to create speculation buffers
13175 13768 * because we don't have any ECBs that actually
13176 13769 * speculate -- set the speculation size to 0.
13177 13770 */
13178 13771 opt[DTRACEOPT_SPECSIZE] = 0;
13179 13772 }
13180 13773 }
13181 13774
13182 13775 /*
13183 13776 * The bare minimum size for any buffer that we're actually going to
13184 13777 * do anything to is sizeof (uint64_t).
13185 13778 */
13186 13779 sz = sizeof (uint64_t);
13187 13780
13188 13781 if ((state->dts_needed != 0 && opt[DTRACEOPT_BUFSIZE] < sz) ||
13189 13782 (state->dts_speculates && opt[DTRACEOPT_SPECSIZE] < sz) ||
13190 13783 (state->dts_aggregations != NULL && opt[DTRACEOPT_AGGSIZE] < sz)) {
13191 13784 /*
13192 13785 * A buffer size has been explicitly set to 0 (or to a size
13193 13786 * that will be adjusted to 0) and we need the space -- we
13194 13787 * need to return failure. We return ENOSPC to differentiate
13195 13788 * it from failing to allocate a buffer due to failure to meet
13196 13789 * the reserve (for which we return E2BIG).
13197 13790 */
13198 13791 rval = ENOSPC;
13199 13792 goto out;
13200 13793 }
13201 13794
13202 13795 if ((rval = dtrace_state_buffers(state)) != 0)
13203 13796 goto err;
13204 13797
13205 13798 if ((sz = opt[DTRACEOPT_DYNVARSIZE]) == DTRACEOPT_UNSET)
13206 13799 sz = dtrace_dstate_defsize;
13207 13800
13208 13801 do {
13209 13802 rval = dtrace_dstate_init(&state->dts_vstate.dtvs_dynvars, sz);
13210 13803
13211 13804 if (rval == 0)
13212 13805 break;
13213 13806
13214 13807 if (opt[DTRACEOPT_BUFRESIZE] == DTRACEOPT_BUFRESIZE_MANUAL)
13215 13808 goto err;
13216 13809 } while (sz >>= 1);
13217 13810
13218 13811 opt[DTRACEOPT_DYNVARSIZE] = sz;
13219 13812
13220 13813 if (rval != 0)
13221 13814 goto err;
13222 13815
13223 13816 if (opt[DTRACEOPT_STATUSRATE] > dtrace_statusrate_max)
13224 13817 opt[DTRACEOPT_STATUSRATE] = dtrace_statusrate_max;
13225 13818
13226 13819 if (opt[DTRACEOPT_CLEANRATE] == 0)
13227 13820 opt[DTRACEOPT_CLEANRATE] = dtrace_cleanrate_max;
13228 13821
13229 13822 if (opt[DTRACEOPT_CLEANRATE] < dtrace_cleanrate_min)
13230 13823 opt[DTRACEOPT_CLEANRATE] = dtrace_cleanrate_min;
13231 13824
13232 13825 if (opt[DTRACEOPT_CLEANRATE] > dtrace_cleanrate_max)
13233 13826 opt[DTRACEOPT_CLEANRATE] = dtrace_cleanrate_max;
13234 13827
13235 13828 hdlr.cyh_func = (cyc_func_t)dtrace_state_clean;
13236 13829 hdlr.cyh_arg = state;
13237 13830 hdlr.cyh_level = CY_LOW_LEVEL;
13238 13831
13239 13832 when.cyt_when = 0;
13240 13833 when.cyt_interval = opt[DTRACEOPT_CLEANRATE];
13241 13834
13242 13835 state->dts_cleaner = cyclic_add(&hdlr, &when);
13243 13836
13244 13837 hdlr.cyh_func = (cyc_func_t)dtrace_state_deadman;
13245 13838 hdlr.cyh_arg = state;
13246 13839 hdlr.cyh_level = CY_LOW_LEVEL;
13247 13840
13248 13841 when.cyt_when = 0;
13249 13842 when.cyt_interval = dtrace_deadman_interval;
13250 13843
13251 13844 state->dts_alive = state->dts_laststatus = dtrace_gethrtime();
13252 13845 state->dts_deadman = cyclic_add(&hdlr, &when);
13253 13846
13254 13847 state->dts_activity = DTRACE_ACTIVITY_WARMUP;
13255 13848
13256 13849 if (state->dts_getf != 0 &&
13257 13850 !(state->dts_cred.dcr_visible & DTRACE_CRV_KERNEL)) {
13258 13851 /*
13259 13852 * We don't have kernel privs but we have at least one call
13260 13853 * to getf(); we need to bump our zone's count, and (if
13261 13854 * this is the first enabling to have an unprivileged call
13262 13855 * to getf()) we need to hook into closef().
13263 13856 */
13264 13857 state->dts_cred.dcr_cred->cr_zone->zone_dtrace_getf++;
13265 13858
13266 13859 if (dtrace_getf++ == 0) {
13267 13860 ASSERT(dtrace_closef == NULL);
13268 13861 dtrace_closef = dtrace_getf_barrier;
13269 13862 }
13270 13863 }
13271 13864
13272 13865 /*
13273 13866 * Now it's time to actually fire the BEGIN probe. We need to disable
13274 13867 * interrupts here both to record the CPU on which we fired the BEGIN
13275 13868 * probe (the data from this CPU will be processed first at user
13276 13869 * level) and to manually activate the buffer for this CPU.
13277 13870 */
13278 13871 cookie = dtrace_interrupt_disable();
13279 13872 *cpu = CPU->cpu_id;
13280 13873 ASSERT(state->dts_buffer[*cpu].dtb_flags & DTRACEBUF_INACTIVE);
13281 13874 state->dts_buffer[*cpu].dtb_flags &= ~DTRACEBUF_INACTIVE;
13282 13875
13283 13876 dtrace_probe(dtrace_probeid_begin,
13284 13877 (uint64_t)(uintptr_t)state, 0, 0, 0, 0);
13285 13878 dtrace_interrupt_enable(cookie);
13286 13879 /*
13287 13880 * We may have had an exit action from a BEGIN probe; only change our
13288 13881 * state to ACTIVE if we're still in WARMUP.
13289 13882 */
13290 13883 ASSERT(state->dts_activity == DTRACE_ACTIVITY_WARMUP ||
13291 13884 state->dts_activity == DTRACE_ACTIVITY_DRAINING);
13292 13885
13293 13886 if (state->dts_activity == DTRACE_ACTIVITY_WARMUP)
13294 13887 state->dts_activity = DTRACE_ACTIVITY_ACTIVE;
13295 13888
13296 13889 /*
13297 13890 * Regardless of whether or not now we're in ACTIVE or DRAINING, we
13298 13891 * want each CPU to transition its principal buffer out of the
13299 13892 * INACTIVE state. Doing this assures that no CPU will suddenly begin
13300 13893 * processing an ECB halfway down a probe's ECB chain; all CPUs will
13301 13894 * atomically transition from processing none of a state's ECBs to
13302 13895 * processing all of them.
13303 13896 */
13304 13897 dtrace_xcall(DTRACE_CPUALL,
13305 13898 (dtrace_xcall_t)dtrace_buffer_activate, state);
13306 13899 goto out;
13307 13900
13308 13901 err:
13309 13902 dtrace_buffer_free(state->dts_buffer);
13310 13903 dtrace_buffer_free(state->dts_aggbuffer);
13311 13904
13312 13905 if ((nspec = state->dts_nspeculations) == 0) {
13313 13906 ASSERT(state->dts_speculations == NULL);
13314 13907 goto out;
13315 13908 }
13316 13909
13317 13910 spec = state->dts_speculations;
13318 13911 ASSERT(spec != NULL);
13319 13912
13320 13913 for (i = 0; i < state->dts_nspeculations; i++) {
13321 13914 if ((buf = spec[i].dtsp_buffer) == NULL)
13322 13915 break;
13323 13916
13324 13917 dtrace_buffer_free(buf);
13325 13918 kmem_free(buf, bufsize);
13326 13919 }
13327 13920
13328 13921 kmem_free(spec, nspec * sizeof (dtrace_speculation_t));
13329 13922 state->dts_nspeculations = 0;
13330 13923 state->dts_speculations = NULL;
13331 13924
13332 13925 out:
13333 13926 mutex_exit(&dtrace_lock);
13334 13927 mutex_exit(&cpu_lock);
13335 13928
13336 13929 return (rval);
13337 13930 }
13338 13931
13339 13932 static int
13340 13933 dtrace_state_stop(dtrace_state_t *state, processorid_t *cpu)
13341 13934 {
13342 13935 dtrace_icookie_t cookie;
13343 13936
13344 13937 ASSERT(MUTEX_HELD(&dtrace_lock));
13345 13938
13346 13939 if (state->dts_activity != DTRACE_ACTIVITY_ACTIVE &&
13347 13940 state->dts_activity != DTRACE_ACTIVITY_DRAINING)
13348 13941 return (EINVAL);
13349 13942
13350 13943 /*
13351 13944 * We'll set the activity to DTRACE_ACTIVITY_DRAINING, and issue a sync
13352 13945 * to be sure that every CPU has seen it. See below for the details
13353 13946 * on why this is done.
13354 13947 */
13355 13948 state->dts_activity = DTRACE_ACTIVITY_DRAINING;
13356 13949 dtrace_sync();
13357 13950
13358 13951 /*
13359 13952 * By this point, it is impossible for any CPU to be still processing
13360 13953 * with DTRACE_ACTIVITY_ACTIVE. We can thus set our activity to
13361 13954 * DTRACE_ACTIVITY_COOLDOWN and know that we're not racing with any
13362 13955 * other CPU in dtrace_buffer_reserve(). This allows dtrace_probe()
13363 13956 * and callees to know that the activity is DTRACE_ACTIVITY_COOLDOWN
13364 13957 * iff we're in the END probe.
13365 13958 */
13366 13959 state->dts_activity = DTRACE_ACTIVITY_COOLDOWN;
13367 13960 dtrace_sync();
13368 13961 ASSERT(state->dts_activity == DTRACE_ACTIVITY_COOLDOWN);
13369 13962
13370 13963 /*
13371 13964 * Finally, we can release the reserve and call the END probe. We
13372 13965 * disable interrupts across calling the END probe to allow us to
13373 13966 * return the CPU on which we actually called the END probe. This
13374 13967 * allows user-land to be sure that this CPU's principal buffer is
13375 13968 * processed last.
13376 13969 */
13377 13970 state->dts_reserve = 0;
13378 13971
13379 13972 cookie = dtrace_interrupt_disable();
13380 13973 *cpu = CPU->cpu_id;
13381 13974 dtrace_probe(dtrace_probeid_end,
13382 13975 (uint64_t)(uintptr_t)state, 0, 0, 0, 0);
13383 13976 dtrace_interrupt_enable(cookie);
13384 13977
13385 13978 state->dts_activity = DTRACE_ACTIVITY_STOPPED;
13386 13979 dtrace_sync();
13387 13980
13388 13981 if (state->dts_getf != 0 &&
13389 13982 !(state->dts_cred.dcr_visible & DTRACE_CRV_KERNEL)) {
13390 13983 /*
13391 13984 * We don't have kernel privs but we have at least one call
13392 13985 * to getf(); we need to lower our zone's count, and (if
13393 13986 * this is the last enabling to have an unprivileged call
13394 13987 * to getf()) we need to clear the closef() hook.
13395 13988 */
13396 13989 ASSERT(state->dts_cred.dcr_cred->cr_zone->zone_dtrace_getf > 0);
13397 13990 ASSERT(dtrace_closef == dtrace_getf_barrier);
13398 13991 ASSERT(dtrace_getf > 0);
13399 13992
13400 13993 state->dts_cred.dcr_cred->cr_zone->zone_dtrace_getf--;
13401 13994
13402 13995 if (--dtrace_getf == 0)
13403 13996 dtrace_closef = NULL;
13404 13997 }
13405 13998
13406 13999 return (0);
13407 14000 }
13408 14001
13409 14002 static int
13410 14003 dtrace_state_option(dtrace_state_t *state, dtrace_optid_t option,
13411 14004 dtrace_optval_t val)
13412 14005 {
13413 14006 ASSERT(MUTEX_HELD(&dtrace_lock));
13414 14007
13415 14008 if (state->dts_activity != DTRACE_ACTIVITY_INACTIVE)
13416 14009 return (EBUSY);
13417 14010
13418 14011 if (option >= DTRACEOPT_MAX)
13419 14012 return (EINVAL);
13420 14013
13421 14014 if (option != DTRACEOPT_CPU && val < 0)
13422 14015 return (EINVAL);
13423 14016
13424 14017 switch (option) {
13425 14018 case DTRACEOPT_DESTRUCTIVE:
13426 14019 if (dtrace_destructive_disallow)
13427 14020 return (EACCES);
13428 14021
13429 14022 state->dts_cred.dcr_destructive = 1;
13430 14023 break;
13431 14024
13432 14025 case DTRACEOPT_BUFSIZE:
13433 14026 case DTRACEOPT_DYNVARSIZE:
13434 14027 case DTRACEOPT_AGGSIZE:
13435 14028 case DTRACEOPT_SPECSIZE:
13436 14029 case DTRACEOPT_STRSIZE:
13437 14030 if (val < 0)
13438 14031 return (EINVAL);
13439 14032
13440 14033 if (val >= LONG_MAX) {
13441 14034 /*
13442 14035 * If this is an otherwise negative value, set it to
13443 14036 * the highest multiple of 128m less than LONG_MAX.
13444 14037 * Technically, we're adjusting the size without
13445 14038 * regard to the buffer resizing policy, but in fact,
13446 14039 * this has no effect -- if we set the buffer size to
13447 14040 * ~LONG_MAX and the buffer policy is ultimately set to
13448 14041 * be "manual", the buffer allocation is guaranteed to
13449 14042 * fail, if only because the allocation requires two
13450 14043 * buffers. (We set the the size to the highest
13451 14044 * multiple of 128m because it ensures that the size
13452 14045 * will remain a multiple of a megabyte when
13453 14046 * repeatedly halved -- all the way down to 15m.)
13454 14047 */
13455 14048 val = LONG_MAX - (1 << 27) + 1;
13456 14049 }
13457 14050 }
13458 14051
13459 14052 state->dts_options[option] = val;
13460 14053
13461 14054 return (0);
13462 14055 }
13463 14056
13464 14057 static void
13465 14058 dtrace_state_destroy(dtrace_state_t *state)
13466 14059 {
13467 14060 dtrace_ecb_t *ecb;
13468 14061 dtrace_vstate_t *vstate = &state->dts_vstate;
13469 14062 minor_t minor = getminor(state->dts_dev);
13470 14063 int i, bufsize = NCPU * sizeof (dtrace_buffer_t);
13471 14064 dtrace_speculation_t *spec = state->dts_speculations;
13472 14065 int nspec = state->dts_nspeculations;
13473 14066 uint32_t match;
13474 14067
13475 14068 ASSERT(MUTEX_HELD(&dtrace_lock));
13476 14069 ASSERT(MUTEX_HELD(&cpu_lock));
13477 14070
13478 14071 /*
13479 14072 * First, retract any retained enablings for this state.
13480 14073 */
13481 14074 dtrace_enabling_retract(state);
13482 14075 ASSERT(state->dts_nretained == 0);
13483 14076
13484 14077 if (state->dts_activity == DTRACE_ACTIVITY_ACTIVE ||
13485 14078 state->dts_activity == DTRACE_ACTIVITY_DRAINING) {
13486 14079 /*
13487 14080 * We have managed to come into dtrace_state_destroy() on a
13488 14081 * hot enabling -- almost certainly because of a disorderly
13489 14082 * shutdown of a consumer. (That is, a consumer that is
13490 14083 * exiting without having called dtrace_stop().) In this case,
13491 14084 * we're going to set our activity to be KILLED, and then
13492 14085 * issue a sync to be sure that everyone is out of probe
13493 14086 * context before we start blowing away ECBs.
13494 14087 */
13495 14088 state->dts_activity = DTRACE_ACTIVITY_KILLED;
13496 14089 dtrace_sync();
13497 14090 }
13498 14091
13499 14092 /*
13500 14093 * Release the credential hold we took in dtrace_state_create().
13501 14094 */
13502 14095 if (state->dts_cred.dcr_cred != NULL)
13503 14096 crfree(state->dts_cred.dcr_cred);
13504 14097
13505 14098 /*
13506 14099 * Now we can safely disable and destroy any enabled probes. Because
13507 14100 * any DTRACE_PRIV_KERNEL probes may actually be slowing our progress
13508 14101 * (especially if they're all enabled), we take two passes through the
13509 14102 * ECBs: in the first, we disable just DTRACE_PRIV_KERNEL probes, and
13510 14103 * in the second we disable whatever is left over.
13511 14104 */
13512 14105 for (match = DTRACE_PRIV_KERNEL; ; match = 0) {
13513 14106 for (i = 0; i < state->dts_necbs; i++) {
13514 14107 if ((ecb = state->dts_ecbs[i]) == NULL)
13515 14108 continue;
13516 14109
13517 14110 if (match && ecb->dte_probe != NULL) {
13518 14111 dtrace_probe_t *probe = ecb->dte_probe;
13519 14112 dtrace_provider_t *prov = probe->dtpr_provider;
13520 14113
13521 14114 if (!(prov->dtpv_priv.dtpp_flags & match))
13522 14115 continue;
13523 14116 }
13524 14117
13525 14118 dtrace_ecb_disable(ecb);
13526 14119 dtrace_ecb_destroy(ecb);
13527 14120 }
13528 14121
13529 14122 if (!match)
13530 14123 break;
13531 14124 }
13532 14125
13533 14126 /*
13534 14127 * Before we free the buffers, perform one more sync to assure that
13535 14128 * every CPU is out of probe context.
13536 14129 */
13537 14130 dtrace_sync();
13538 14131
13539 14132 dtrace_buffer_free(state->dts_buffer);
13540 14133 dtrace_buffer_free(state->dts_aggbuffer);
13541 14134
13542 14135 for (i = 0; i < nspec; i++)
13543 14136 dtrace_buffer_free(spec[i].dtsp_buffer);
13544 14137
13545 14138 if (state->dts_cleaner != CYCLIC_NONE)
13546 14139 cyclic_remove(state->dts_cleaner);
13547 14140
13548 14141 if (state->dts_deadman != CYCLIC_NONE)
13549 14142 cyclic_remove(state->dts_deadman);
13550 14143
13551 14144 dtrace_dstate_fini(&vstate->dtvs_dynvars);
13552 14145 dtrace_vstate_fini(vstate);
13553 14146 kmem_free(state->dts_ecbs, state->dts_necbs * sizeof (dtrace_ecb_t *));
13554 14147
13555 14148 if (state->dts_aggregations != NULL) {
13556 14149 #ifdef DEBUG
13557 14150 for (i = 0; i < state->dts_naggregations; i++)
13558 14151 ASSERT(state->dts_aggregations[i] == NULL);
13559 14152 #endif
13560 14153 ASSERT(state->dts_naggregations > 0);
13561 14154 kmem_free(state->dts_aggregations,
13562 14155 state->dts_naggregations * sizeof (dtrace_aggregation_t *));
13563 14156 }
13564 14157
13565 14158 kmem_free(state->dts_buffer, bufsize);
13566 14159 kmem_free(state->dts_aggbuffer, bufsize);
13567 14160
13568 14161 for (i = 0; i < nspec; i++)
13569 14162 kmem_free(spec[i].dtsp_buffer, bufsize);
13570 14163
13571 14164 kmem_free(spec, nspec * sizeof (dtrace_speculation_t));
13572 14165
13573 14166 dtrace_format_destroy(state);
13574 14167
13575 14168 vmem_destroy(state->dts_aggid_arena);
13576 14169 ddi_soft_state_free(dtrace_softstate, minor);
13577 14170 vmem_free(dtrace_minor, (void *)(uintptr_t)minor, 1);
13578 14171 }
13579 14172
13580 14173 /*
13581 14174 * DTrace Anonymous Enabling Functions
13582 14175 */
13583 14176 static dtrace_state_t *
13584 14177 dtrace_anon_grab(void)
13585 14178 {
13586 14179 dtrace_state_t *state;
13587 14180
13588 14181 ASSERT(MUTEX_HELD(&dtrace_lock));
13589 14182
13590 14183 if ((state = dtrace_anon.dta_state) == NULL) {
13591 14184 ASSERT(dtrace_anon.dta_enabling == NULL);
13592 14185 return (NULL);
13593 14186 }
13594 14187
13595 14188 ASSERT(dtrace_anon.dta_enabling != NULL);
13596 14189 ASSERT(dtrace_retained != NULL);
13597 14190
13598 14191 dtrace_enabling_destroy(dtrace_anon.dta_enabling);
13599 14192 dtrace_anon.dta_enabling = NULL;
13600 14193 dtrace_anon.dta_state = NULL;
13601 14194
13602 14195 return (state);
13603 14196 }
13604 14197
13605 14198 static void
13606 14199 dtrace_anon_property(void)
13607 14200 {
13608 14201 int i, rv;
13609 14202 dtrace_state_t *state;
13610 14203 dof_hdr_t *dof;
13611 14204 char c[32]; /* enough for "dof-data-" + digits */
13612 14205
13613 14206 ASSERT(MUTEX_HELD(&dtrace_lock));
13614 14207 ASSERT(MUTEX_HELD(&cpu_lock));
13615 14208
13616 14209 for (i = 0; ; i++) {
13617 14210 (void) snprintf(c, sizeof (c), "dof-data-%d", i);
13618 14211
13619 14212 dtrace_err_verbose = 1;
13620 14213
13621 14214 if ((dof = dtrace_dof_property(c)) == NULL) {
13622 14215 dtrace_err_verbose = 0;
13623 14216 break;
13624 14217 }
13625 14218
13626 14219 /*
13627 14220 * We want to create anonymous state, so we need to transition
13628 14221 * the kernel debugger to indicate that DTrace is active. If
13629 14222 * this fails (e.g. because the debugger has modified text in
13630 14223 * some way), we won't continue with the processing.
13631 14224 */
13632 14225 if (kdi_dtrace_set(KDI_DTSET_DTRACE_ACTIVATE) != 0) {
13633 14226 cmn_err(CE_NOTE, "kernel debugger active; anonymous "
13634 14227 "enabling ignored.");
13635 14228 dtrace_dof_destroy(dof);
13636 14229 break;
13637 14230 }
13638 14231
13639 14232 /*
13640 14233 * If we haven't allocated an anonymous state, we'll do so now.
13641 14234 */
13642 14235 if ((state = dtrace_anon.dta_state) == NULL) {
13643 14236 state = dtrace_state_create(NULL, NULL);
13644 14237 dtrace_anon.dta_state = state;
13645 14238
13646 14239 if (state == NULL) {
13647 14240 /*
13648 14241 * This basically shouldn't happen: the only
13649 14242 * failure mode from dtrace_state_create() is a
13650 14243 * failure of ddi_soft_state_zalloc() that
13651 14244 * itself should never happen. Still, the
13652 14245 * interface allows for a failure mode, and
13653 14246 * we want to fail as gracefully as possible:
13654 14247 * we'll emit an error message and cease
13655 14248 * processing anonymous state in this case.
13656 14249 */
13657 14250 cmn_err(CE_WARN, "failed to create "
13658 14251 "anonymous state");
13659 14252 dtrace_dof_destroy(dof);
13660 14253 break;
13661 14254 }
13662 14255 }
13663 14256
13664 14257 rv = dtrace_dof_slurp(dof, &state->dts_vstate, CRED(),
13665 14258 &dtrace_anon.dta_enabling, 0, B_TRUE);
13666 14259
13667 14260 if (rv == 0)
13668 14261 rv = dtrace_dof_options(dof, state);
13669 14262
13670 14263 dtrace_err_verbose = 0;
13671 14264 dtrace_dof_destroy(dof);
13672 14265
13673 14266 if (rv != 0) {
13674 14267 /*
13675 14268 * This is malformed DOF; chuck any anonymous state
13676 14269 * that we created.
13677 14270 */
13678 14271 ASSERT(dtrace_anon.dta_enabling == NULL);
13679 14272 dtrace_state_destroy(state);
13680 14273 dtrace_anon.dta_state = NULL;
13681 14274 break;
13682 14275 }
13683 14276
13684 14277 ASSERT(dtrace_anon.dta_enabling != NULL);
13685 14278 }
13686 14279
13687 14280 if (dtrace_anon.dta_enabling != NULL) {
13688 14281 int rval;
13689 14282
13690 14283 /*
13691 14284 * dtrace_enabling_retain() can only fail because we are
13692 14285 * trying to retain more enablings than are allowed -- but
13693 14286 * we only have one anonymous enabling, and we are guaranteed
13694 14287 * to be allowed at least one retained enabling; we assert
13695 14288 * that dtrace_enabling_retain() returns success.
13696 14289 */
13697 14290 rval = dtrace_enabling_retain(dtrace_anon.dta_enabling);
13698 14291 ASSERT(rval == 0);
13699 14292
13700 14293 dtrace_enabling_dump(dtrace_anon.dta_enabling);
13701 14294 }
13702 14295 }
13703 14296
13704 14297 /*
13705 14298 * DTrace Helper Functions
13706 14299 */
13707 14300 static void
13708 14301 dtrace_helper_trace(dtrace_helper_action_t *helper,
13709 14302 dtrace_mstate_t *mstate, dtrace_vstate_t *vstate, int where)
13710 14303 {
13711 14304 uint32_t size, next, nnext, i;
13712 14305 dtrace_helptrace_t *ent, *buffer;
13713 14306 uint16_t flags = cpu_core[CPU->cpu_id].cpuc_dtrace_flags;
13714 14307
13715 14308 if ((buffer = dtrace_helptrace_buffer) == NULL)
13716 14309 return;
13717 14310
13718 14311 ASSERT(vstate->dtvs_nlocals <= dtrace_helptrace_nlocals);
13719 14312
13720 14313 /*
13721 14314 * What would a tracing framework be without its own tracing
13722 14315 * framework? (Well, a hell of a lot simpler, for starters...)
13723 14316 */
13724 14317 size = sizeof (dtrace_helptrace_t) + dtrace_helptrace_nlocals *
13725 14318 sizeof (uint64_t) - sizeof (uint64_t);
13726 14319
13727 14320 /*
13728 14321 * Iterate until we can allocate a slot in the trace buffer.
13729 14322 */
13730 14323 do {
13731 14324 next = dtrace_helptrace_next;
13732 14325
13733 14326 if (next + size < dtrace_helptrace_bufsize) {
13734 14327 nnext = next + size;
13735 14328 } else {
13736 14329 nnext = size;
13737 14330 }
13738 14331 } while (dtrace_cas32(&dtrace_helptrace_next, next, nnext) != next);
13739 14332
13740 14333 /*
13741 14334 * We have our slot; fill it in.
13742 14335 */
13743 14336 if (nnext == size) {
13744 14337 dtrace_helptrace_wrapped++;
13745 14338 next = 0;
13746 14339 }
13747 14340
13748 14341 ent = (dtrace_helptrace_t *)((uintptr_t)buffer + next);
13749 14342 ent->dtht_helper = helper;
13750 14343 ent->dtht_where = where;
13751 14344 ent->dtht_nlocals = vstate->dtvs_nlocals;
13752 14345
13753 14346 ent->dtht_fltoffs = (mstate->dtms_present & DTRACE_MSTATE_FLTOFFS) ?
13754 14347 mstate->dtms_fltoffs : -1;
13755 14348 ent->dtht_fault = DTRACE_FLAGS2FLT(flags);
13756 14349 ent->dtht_illval = cpu_core[CPU->cpu_id].cpuc_dtrace_illval;
13757 14350
13758 14351 for (i = 0; i < vstate->dtvs_nlocals; i++) {
13759 14352 dtrace_statvar_t *svar;
13760 14353
13761 14354 if ((svar = vstate->dtvs_locals[i]) == NULL)
13762 14355 continue;
13763 14356
13764 14357 ASSERT(svar->dtsv_size >= NCPU * sizeof (uint64_t));
13765 14358 ent->dtht_locals[i] =
13766 14359 ((uint64_t *)(uintptr_t)svar->dtsv_data)[CPU->cpu_id];
13767 14360 }
13768 14361 }
13769 14362
13770 14363 static uint64_t
13771 14364 dtrace_helper(int which, dtrace_mstate_t *mstate,
13772 14365 dtrace_state_t *state, uint64_t arg0, uint64_t arg1)
13773 14366 {
13774 14367 uint16_t *flags = &cpu_core[CPU->cpu_id].cpuc_dtrace_flags;
13775 14368 uint64_t sarg0 = mstate->dtms_arg[0];
13776 14369 uint64_t sarg1 = mstate->dtms_arg[1];
13777 14370 uint64_t rval;
13778 14371 dtrace_helpers_t *helpers = curproc->p_dtrace_helpers;
13779 14372 dtrace_helper_action_t *helper;
13780 14373 dtrace_vstate_t *vstate;
13781 14374 dtrace_difo_t *pred;
13782 14375 int i, trace = dtrace_helptrace_buffer != NULL;
13783 14376
13784 14377 ASSERT(which >= 0 && which < DTRACE_NHELPER_ACTIONS);
13785 14378
13786 14379 if (helpers == NULL)
13787 14380 return (0);
13788 14381
13789 14382 if ((helper = helpers->dthps_actions[which]) == NULL)
13790 14383 return (0);
13791 14384
13792 14385 vstate = &helpers->dthps_vstate;
13793 14386 mstate->dtms_arg[0] = arg0;
13794 14387 mstate->dtms_arg[1] = arg1;
13795 14388
13796 14389 /*
13797 14390 * Now iterate over each helper. If its predicate evaluates to 'true',
13798 14391 * we'll call the corresponding actions. Note that the below calls
13799 14392 * to dtrace_dif_emulate() may set faults in machine state. This is
13800 14393 * okay: our caller (the outer dtrace_dif_emulate()) will simply plow
13801 14394 * the stored DIF offset with its own (which is the desired behavior).
13802 14395 * Also, note the calls to dtrace_dif_emulate() may allocate scratch
13803 14396 * from machine state; this is okay, too.
13804 14397 */
13805 14398 for (; helper != NULL; helper = helper->dtha_next) {
13806 14399 if ((pred = helper->dtha_predicate) != NULL) {
13807 14400 if (trace)
13808 14401 dtrace_helper_trace(helper, mstate, vstate, 0);
13809 14402
13810 14403 if (!dtrace_dif_emulate(pred, mstate, vstate, state))
13811 14404 goto next;
13812 14405
13813 14406 if (*flags & CPU_DTRACE_FAULT)
13814 14407 goto err;
13815 14408 }
13816 14409
13817 14410 for (i = 0; i < helper->dtha_nactions; i++) {
13818 14411 if (trace)
13819 14412 dtrace_helper_trace(helper,
13820 14413 mstate, vstate, i + 1);
13821 14414
13822 14415 rval = dtrace_dif_emulate(helper->dtha_actions[i],
13823 14416 mstate, vstate, state);
13824 14417
13825 14418 if (*flags & CPU_DTRACE_FAULT)
13826 14419 goto err;
13827 14420 }
13828 14421
13829 14422 next:
13830 14423 if (trace)
13831 14424 dtrace_helper_trace(helper, mstate, vstate,
13832 14425 DTRACE_HELPTRACE_NEXT);
13833 14426 }
13834 14427
13835 14428 if (trace)
13836 14429 dtrace_helper_trace(helper, mstate, vstate,
13837 14430 DTRACE_HELPTRACE_DONE);
13838 14431
13839 14432 /*
13840 14433 * Restore the arg0 that we saved upon entry.
13841 14434 */
13842 14435 mstate->dtms_arg[0] = sarg0;
13843 14436 mstate->dtms_arg[1] = sarg1;
13844 14437
13845 14438 return (rval);
13846 14439
13847 14440 err:
13848 14441 if (trace)
13849 14442 dtrace_helper_trace(helper, mstate, vstate,
13850 14443 DTRACE_HELPTRACE_ERR);
13851 14444
13852 14445 /*
13853 14446 * Restore the arg0 that we saved upon entry.
13854 14447 */
13855 14448 mstate->dtms_arg[0] = sarg0;
13856 14449 mstate->dtms_arg[1] = sarg1;
13857 14450
13858 14451 return (NULL);
13859 14452 }
13860 14453
13861 14454 static void
13862 14455 dtrace_helper_action_destroy(dtrace_helper_action_t *helper,
13863 14456 dtrace_vstate_t *vstate)
13864 14457 {
13865 14458 int i;
13866 14459
13867 14460 if (helper->dtha_predicate != NULL)
13868 14461 dtrace_difo_release(helper->dtha_predicate, vstate);
13869 14462
13870 14463 for (i = 0; i < helper->dtha_nactions; i++) {
13871 14464 ASSERT(helper->dtha_actions[i] != NULL);
13872 14465 dtrace_difo_release(helper->dtha_actions[i], vstate);
13873 14466 }
13874 14467
13875 14468 kmem_free(helper->dtha_actions,
13876 14469 helper->dtha_nactions * sizeof (dtrace_difo_t *));
13877 14470 kmem_free(helper, sizeof (dtrace_helper_action_t));
13878 14471 }
13879 14472
13880 14473 static int
13881 14474 dtrace_helper_destroygen(int gen)
13882 14475 {
13883 14476 proc_t *p = curproc;
13884 14477 dtrace_helpers_t *help = p->p_dtrace_helpers;
13885 14478 dtrace_vstate_t *vstate;
13886 14479 int i;
13887 14480
13888 14481 ASSERT(MUTEX_HELD(&dtrace_lock));
13889 14482
13890 14483 if (help == NULL || gen > help->dthps_generation)
13891 14484 return (EINVAL);
13892 14485
13893 14486 vstate = &help->dthps_vstate;
13894 14487
13895 14488 for (i = 0; i < DTRACE_NHELPER_ACTIONS; i++) {
13896 14489 dtrace_helper_action_t *last = NULL, *h, *next;
13897 14490
13898 14491 for (h = help->dthps_actions[i]; h != NULL; h = next) {
13899 14492 next = h->dtha_next;
13900 14493
13901 14494 if (h->dtha_generation == gen) {
13902 14495 if (last != NULL) {
13903 14496 last->dtha_next = next;
13904 14497 } else {
13905 14498 help->dthps_actions[i] = next;
13906 14499 }
13907 14500
13908 14501 dtrace_helper_action_destroy(h, vstate);
13909 14502 } else {
13910 14503 last = h;
13911 14504 }
13912 14505 }
13913 14506 }
13914 14507
13915 14508 /*
13916 14509 * Interate until we've cleared out all helper providers with the
13917 14510 * given generation number.
13918 14511 */
13919 14512 for (;;) {
13920 14513 dtrace_helper_provider_t *prov;
13921 14514
13922 14515 /*
13923 14516 * Look for a helper provider with the right generation. We
13924 14517 * have to start back at the beginning of the list each time
13925 14518 * because we drop dtrace_lock. It's unlikely that we'll make
13926 14519 * more than two passes.
13927 14520 */
13928 14521 for (i = 0; i < help->dthps_nprovs; i++) {
13929 14522 prov = help->dthps_provs[i];
13930 14523
13931 14524 if (prov->dthp_generation == gen)
13932 14525 break;
13933 14526 }
13934 14527
13935 14528 /*
13936 14529 * If there were no matches, we're done.
13937 14530 */
13938 14531 if (i == help->dthps_nprovs)
13939 14532 break;
13940 14533
13941 14534 /*
13942 14535 * Move the last helper provider into this slot.
13943 14536 */
13944 14537 help->dthps_nprovs--;
13945 14538 help->dthps_provs[i] = help->dthps_provs[help->dthps_nprovs];
13946 14539 help->dthps_provs[help->dthps_nprovs] = NULL;
13947 14540
13948 14541 mutex_exit(&dtrace_lock);
13949 14542
13950 14543 /*
13951 14544 * If we have a meta provider, remove this helper provider.
13952 14545 */
13953 14546 mutex_enter(&dtrace_meta_lock);
13954 14547 if (dtrace_meta_pid != NULL) {
13955 14548 ASSERT(dtrace_deferred_pid == NULL);
13956 14549 dtrace_helper_provider_remove(&prov->dthp_prov,
13957 14550 p->p_pid);
13958 14551 }
13959 14552 mutex_exit(&dtrace_meta_lock);
13960 14553
13961 14554 dtrace_helper_provider_destroy(prov);
13962 14555
13963 14556 mutex_enter(&dtrace_lock);
13964 14557 }
13965 14558
13966 14559 return (0);
13967 14560 }
13968 14561
13969 14562 static int
13970 14563 dtrace_helper_validate(dtrace_helper_action_t *helper)
13971 14564 {
13972 14565 int err = 0, i;
13973 14566 dtrace_difo_t *dp;
13974 14567
13975 14568 if ((dp = helper->dtha_predicate) != NULL)
13976 14569 err += dtrace_difo_validate_helper(dp);
13977 14570
13978 14571 for (i = 0; i < helper->dtha_nactions; i++)
13979 14572 err += dtrace_difo_validate_helper(helper->dtha_actions[i]);
13980 14573
13981 14574 return (err == 0);
13982 14575 }
13983 14576
13984 14577 static int
13985 14578 dtrace_helper_action_add(int which, dtrace_ecbdesc_t *ep)
13986 14579 {
13987 14580 dtrace_helpers_t *help;
13988 14581 dtrace_helper_action_t *helper, *last;
13989 14582 dtrace_actdesc_t *act;
13990 14583 dtrace_vstate_t *vstate;
13991 14584 dtrace_predicate_t *pred;
13992 14585 int count = 0, nactions = 0, i;
13993 14586
13994 14587 if (which < 0 || which >= DTRACE_NHELPER_ACTIONS)
13995 14588 return (EINVAL);
13996 14589
13997 14590 help = curproc->p_dtrace_helpers;
13998 14591 last = help->dthps_actions[which];
13999 14592 vstate = &help->dthps_vstate;
14000 14593
14001 14594 for (count = 0; last != NULL; last = last->dtha_next) {
14002 14595 count++;
14003 14596 if (last->dtha_next == NULL)
14004 14597 break;
14005 14598 }
14006 14599
14007 14600 /*
14008 14601 * If we already have dtrace_helper_actions_max helper actions for this
14009 14602 * helper action type, we'll refuse to add a new one.
14010 14603 */
14011 14604 if (count >= dtrace_helper_actions_max)
14012 14605 return (ENOSPC);
14013 14606
14014 14607 helper = kmem_zalloc(sizeof (dtrace_helper_action_t), KM_SLEEP);
14015 14608 helper->dtha_generation = help->dthps_generation;
14016 14609
14017 14610 if ((pred = ep->dted_pred.dtpdd_predicate) != NULL) {
14018 14611 ASSERT(pred->dtp_difo != NULL);
14019 14612 dtrace_difo_hold(pred->dtp_difo);
14020 14613 helper->dtha_predicate = pred->dtp_difo;
14021 14614 }
14022 14615
14023 14616 for (act = ep->dted_action; act != NULL; act = act->dtad_next) {
14024 14617 if (act->dtad_kind != DTRACEACT_DIFEXPR)
14025 14618 goto err;
14026 14619
14027 14620 if (act->dtad_difo == NULL)
14028 14621 goto err;
14029 14622
14030 14623 nactions++;
14031 14624 }
14032 14625
14033 14626 helper->dtha_actions = kmem_zalloc(sizeof (dtrace_difo_t *) *
14034 14627 (helper->dtha_nactions = nactions), KM_SLEEP);
14035 14628
14036 14629 for (act = ep->dted_action, i = 0; act != NULL; act = act->dtad_next) {
14037 14630 dtrace_difo_hold(act->dtad_difo);
14038 14631 helper->dtha_actions[i++] = act->dtad_difo;
14039 14632 }
14040 14633
14041 14634 if (!dtrace_helper_validate(helper))
14042 14635 goto err;
14043 14636
14044 14637 if (last == NULL) {
14045 14638 help->dthps_actions[which] = helper;
14046 14639 } else {
14047 14640 last->dtha_next = helper;
14048 14641 }
14049 14642
14050 14643 if (vstate->dtvs_nlocals > dtrace_helptrace_nlocals) {
14051 14644 dtrace_helptrace_nlocals = vstate->dtvs_nlocals;
14052 14645 dtrace_helptrace_next = 0;
14053 14646 }
14054 14647
14055 14648 return (0);
14056 14649 err:
14057 14650 dtrace_helper_action_destroy(helper, vstate);
14058 14651 return (EINVAL);
14059 14652 }
14060 14653
14061 14654 static void
14062 14655 dtrace_helper_provider_register(proc_t *p, dtrace_helpers_t *help,
14063 14656 dof_helper_t *dofhp)
14064 14657 {
14065 14658 ASSERT(MUTEX_NOT_HELD(&dtrace_lock));
14066 14659
14067 14660 mutex_enter(&dtrace_meta_lock);
14068 14661 mutex_enter(&dtrace_lock);
14069 14662
14070 14663 if (!dtrace_attached() || dtrace_meta_pid == NULL) {
14071 14664 /*
14072 14665 * If the dtrace module is loaded but not attached, or if
14073 14666 * there aren't isn't a meta provider registered to deal with
14074 14667 * these provider descriptions, we need to postpone creating
14075 14668 * the actual providers until later.
14076 14669 */
14077 14670
14078 14671 if (help->dthps_next == NULL && help->dthps_prev == NULL &&
14079 14672 dtrace_deferred_pid != help) {
14080 14673 help->dthps_deferred = 1;
14081 14674 help->dthps_pid = p->p_pid;
14082 14675 help->dthps_next = dtrace_deferred_pid;
14083 14676 help->dthps_prev = NULL;
14084 14677 if (dtrace_deferred_pid != NULL)
14085 14678 dtrace_deferred_pid->dthps_prev = help;
14086 14679 dtrace_deferred_pid = help;
14087 14680 }
14088 14681
14089 14682 mutex_exit(&dtrace_lock);
14090 14683
14091 14684 } else if (dofhp != NULL) {
14092 14685 /*
14093 14686 * If the dtrace module is loaded and we have a particular
14094 14687 * helper provider description, pass that off to the
14095 14688 * meta provider.
14096 14689 */
14097 14690
14098 14691 mutex_exit(&dtrace_lock);
14099 14692
14100 14693 dtrace_helper_provide(dofhp, p->p_pid);
14101 14694
14102 14695 } else {
14103 14696 /*
14104 14697 * Otherwise, just pass all the helper provider descriptions
14105 14698 * off to the meta provider.
14106 14699 */
14107 14700
14108 14701 int i;
14109 14702 mutex_exit(&dtrace_lock);
14110 14703
14111 14704 for (i = 0; i < help->dthps_nprovs; i++) {
14112 14705 dtrace_helper_provide(&help->dthps_provs[i]->dthp_prov,
14113 14706 p->p_pid);
14114 14707 }
14115 14708 }
14116 14709
14117 14710 mutex_exit(&dtrace_meta_lock);
14118 14711 }
14119 14712
14120 14713 static int
14121 14714 dtrace_helper_provider_add(dof_helper_t *dofhp, int gen)
14122 14715 {
14123 14716 dtrace_helpers_t *help;
14124 14717 dtrace_helper_provider_t *hprov, **tmp_provs;
14125 14718 uint_t tmp_maxprovs, i;
14126 14719
14127 14720 ASSERT(MUTEX_HELD(&dtrace_lock));
14128 14721
14129 14722 help = curproc->p_dtrace_helpers;
14130 14723 ASSERT(help != NULL);
14131 14724
14132 14725 /*
14133 14726 * If we already have dtrace_helper_providers_max helper providers,
14134 14727 * we're refuse to add a new one.
14135 14728 */
14136 14729 if (help->dthps_nprovs >= dtrace_helper_providers_max)
14137 14730 return (ENOSPC);
14138 14731
14139 14732 /*
14140 14733 * Check to make sure this isn't a duplicate.
14141 14734 */
14142 14735 for (i = 0; i < help->dthps_nprovs; i++) {
14143 14736 if (dofhp->dofhp_addr ==
14144 14737 help->dthps_provs[i]->dthp_prov.dofhp_addr)
14145 14738 return (EALREADY);
14146 14739 }
14147 14740
14148 14741 hprov = kmem_zalloc(sizeof (dtrace_helper_provider_t), KM_SLEEP);
14149 14742 hprov->dthp_prov = *dofhp;
14150 14743 hprov->dthp_ref = 1;
14151 14744 hprov->dthp_generation = gen;
14152 14745
14153 14746 /*
14154 14747 * Allocate a bigger table for helper providers if it's already full.
14155 14748 */
14156 14749 if (help->dthps_maxprovs == help->dthps_nprovs) {
14157 14750 tmp_maxprovs = help->dthps_maxprovs;
14158 14751 tmp_provs = help->dthps_provs;
14159 14752
14160 14753 if (help->dthps_maxprovs == 0)
14161 14754 help->dthps_maxprovs = 2;
14162 14755 else
14163 14756 help->dthps_maxprovs *= 2;
14164 14757 if (help->dthps_maxprovs > dtrace_helper_providers_max)
14165 14758 help->dthps_maxprovs = dtrace_helper_providers_max;
14166 14759
14167 14760 ASSERT(tmp_maxprovs < help->dthps_maxprovs);
14168 14761
14169 14762 help->dthps_provs = kmem_zalloc(help->dthps_maxprovs *
14170 14763 sizeof (dtrace_helper_provider_t *), KM_SLEEP);
14171 14764
14172 14765 if (tmp_provs != NULL) {
14173 14766 bcopy(tmp_provs, help->dthps_provs, tmp_maxprovs *
14174 14767 sizeof (dtrace_helper_provider_t *));
14175 14768 kmem_free(tmp_provs, tmp_maxprovs *
14176 14769 sizeof (dtrace_helper_provider_t *));
14177 14770 }
14178 14771 }
14179 14772
14180 14773 help->dthps_provs[help->dthps_nprovs] = hprov;
14181 14774 help->dthps_nprovs++;
14182 14775
14183 14776 return (0);
14184 14777 }
14185 14778
14186 14779 static void
14187 14780 dtrace_helper_provider_destroy(dtrace_helper_provider_t *hprov)
14188 14781 {
14189 14782 mutex_enter(&dtrace_lock);
14190 14783
14191 14784 if (--hprov->dthp_ref == 0) {
14192 14785 dof_hdr_t *dof;
14193 14786 mutex_exit(&dtrace_lock);
14194 14787 dof = (dof_hdr_t *)(uintptr_t)hprov->dthp_prov.dofhp_dof;
14195 14788 dtrace_dof_destroy(dof);
14196 14789 kmem_free(hprov, sizeof (dtrace_helper_provider_t));
14197 14790 } else {
14198 14791 mutex_exit(&dtrace_lock);
14199 14792 }
14200 14793 }
14201 14794
14202 14795 static int
14203 14796 dtrace_helper_provider_validate(dof_hdr_t *dof, dof_sec_t *sec)
14204 14797 {
14205 14798 uintptr_t daddr = (uintptr_t)dof;
14206 14799 dof_sec_t *str_sec, *prb_sec, *arg_sec, *off_sec, *enoff_sec;
14207 14800 dof_provider_t *provider;
14208 14801 dof_probe_t *probe;
14209 14802 uint8_t *arg;
14210 14803 char *strtab, *typestr;
14211 14804 dof_stridx_t typeidx;
14212 14805 size_t typesz;
14213 14806 uint_t nprobes, j, k;
14214 14807
14215 14808 ASSERT(sec->dofs_type == DOF_SECT_PROVIDER);
14216 14809
14217 14810 if (sec->dofs_offset & (sizeof (uint_t) - 1)) {
14218 14811 dtrace_dof_error(dof, "misaligned section offset");
14219 14812 return (-1);
14220 14813 }
14221 14814
14222 14815 /*
14223 14816 * The section needs to be large enough to contain the DOF provider
14224 14817 * structure appropriate for the given version.
14225 14818 */
14226 14819 if (sec->dofs_size <
14227 14820 ((dof->dofh_ident[DOF_ID_VERSION] == DOF_VERSION_1) ?
14228 14821 offsetof(dof_provider_t, dofpv_prenoffs) :
14229 14822 sizeof (dof_provider_t))) {
14230 14823 dtrace_dof_error(dof, "provider section too small");
14231 14824 return (-1);
14232 14825 }
14233 14826
14234 14827 provider = (dof_provider_t *)(uintptr_t)(daddr + sec->dofs_offset);
14235 14828 str_sec = dtrace_dof_sect(dof, DOF_SECT_STRTAB, provider->dofpv_strtab);
14236 14829 prb_sec = dtrace_dof_sect(dof, DOF_SECT_PROBES, provider->dofpv_probes);
14237 14830 arg_sec = dtrace_dof_sect(dof, DOF_SECT_PRARGS, provider->dofpv_prargs);
14238 14831 off_sec = dtrace_dof_sect(dof, DOF_SECT_PROFFS, provider->dofpv_proffs);
14239 14832
14240 14833 if (str_sec == NULL || prb_sec == NULL ||
14241 14834 arg_sec == NULL || off_sec == NULL)
14242 14835 return (-1);
14243 14836
14244 14837 enoff_sec = NULL;
14245 14838
14246 14839 if (dof->dofh_ident[DOF_ID_VERSION] != DOF_VERSION_1 &&
14247 14840 provider->dofpv_prenoffs != DOF_SECT_NONE &&
14248 14841 (enoff_sec = dtrace_dof_sect(dof, DOF_SECT_PRENOFFS,
14249 14842 provider->dofpv_prenoffs)) == NULL)
14250 14843 return (-1);
14251 14844
14252 14845 strtab = (char *)(uintptr_t)(daddr + str_sec->dofs_offset);
14253 14846
14254 14847 if (provider->dofpv_name >= str_sec->dofs_size ||
14255 14848 strlen(strtab + provider->dofpv_name) >= DTRACE_PROVNAMELEN) {
14256 14849 dtrace_dof_error(dof, "invalid provider name");
14257 14850 return (-1);
14258 14851 }
14259 14852
14260 14853 if (prb_sec->dofs_entsize == 0 ||
14261 14854 prb_sec->dofs_entsize > prb_sec->dofs_size) {
14262 14855 dtrace_dof_error(dof, "invalid entry size");
14263 14856 return (-1);
14264 14857 }
14265 14858
14266 14859 if (prb_sec->dofs_entsize & (sizeof (uintptr_t) - 1)) {
14267 14860 dtrace_dof_error(dof, "misaligned entry size");
14268 14861 return (-1);
14269 14862 }
14270 14863
14271 14864 if (off_sec->dofs_entsize != sizeof (uint32_t)) {
14272 14865 dtrace_dof_error(dof, "invalid entry size");
14273 14866 return (-1);
14274 14867 }
14275 14868
14276 14869 if (off_sec->dofs_offset & (sizeof (uint32_t) - 1)) {
14277 14870 dtrace_dof_error(dof, "misaligned section offset");
14278 14871 return (-1);
14279 14872 }
14280 14873
14281 14874 if (arg_sec->dofs_entsize != sizeof (uint8_t)) {
14282 14875 dtrace_dof_error(dof, "invalid entry size");
14283 14876 return (-1);
14284 14877 }
14285 14878
14286 14879 arg = (uint8_t *)(uintptr_t)(daddr + arg_sec->dofs_offset);
14287 14880
14288 14881 nprobes = prb_sec->dofs_size / prb_sec->dofs_entsize;
14289 14882
14290 14883 /*
14291 14884 * Take a pass through the probes to check for errors.
14292 14885 */
14293 14886 for (j = 0; j < nprobes; j++) {
14294 14887 probe = (dof_probe_t *)(uintptr_t)(daddr +
14295 14888 prb_sec->dofs_offset + j * prb_sec->dofs_entsize);
14296 14889
14297 14890 if (probe->dofpr_func >= str_sec->dofs_size) {
14298 14891 dtrace_dof_error(dof, "invalid function name");
14299 14892 return (-1);
14300 14893 }
14301 14894
14302 14895 if (strlen(strtab + probe->dofpr_func) >= DTRACE_FUNCNAMELEN) {
14303 14896 dtrace_dof_error(dof, "function name too long");
14304 14897 return (-1);
14305 14898 }
14306 14899
14307 14900 if (probe->dofpr_name >= str_sec->dofs_size ||
14308 14901 strlen(strtab + probe->dofpr_name) >= DTRACE_NAMELEN) {
14309 14902 dtrace_dof_error(dof, "invalid probe name");
14310 14903 return (-1);
14311 14904 }
14312 14905
14313 14906 /*
14314 14907 * The offset count must not wrap the index, and the offsets
14315 14908 * must also not overflow the section's data.
14316 14909 */
14317 14910 if (probe->dofpr_offidx + probe->dofpr_noffs <
14318 14911 probe->dofpr_offidx ||
14319 14912 (probe->dofpr_offidx + probe->dofpr_noffs) *
14320 14913 off_sec->dofs_entsize > off_sec->dofs_size) {
14321 14914 dtrace_dof_error(dof, "invalid probe offset");
14322 14915 return (-1);
14323 14916 }
14324 14917
14325 14918 if (dof->dofh_ident[DOF_ID_VERSION] != DOF_VERSION_1) {
14326 14919 /*
14327 14920 * If there's no is-enabled offset section, make sure
14328 14921 * there aren't any is-enabled offsets. Otherwise
14329 14922 * perform the same checks as for probe offsets
14330 14923 * (immediately above).
14331 14924 */
14332 14925 if (enoff_sec == NULL) {
14333 14926 if (probe->dofpr_enoffidx != 0 ||
14334 14927 probe->dofpr_nenoffs != 0) {
14335 14928 dtrace_dof_error(dof, "is-enabled "
14336 14929 "offsets with null section");
14337 14930 return (-1);
14338 14931 }
14339 14932 } else if (probe->dofpr_enoffidx +
14340 14933 probe->dofpr_nenoffs < probe->dofpr_enoffidx ||
14341 14934 (probe->dofpr_enoffidx + probe->dofpr_nenoffs) *
14342 14935 enoff_sec->dofs_entsize > enoff_sec->dofs_size) {
14343 14936 dtrace_dof_error(dof, "invalid is-enabled "
14344 14937 "offset");
14345 14938 return (-1);
14346 14939 }
14347 14940
14348 14941 if (probe->dofpr_noffs + probe->dofpr_nenoffs == 0) {
14349 14942 dtrace_dof_error(dof, "zero probe and "
14350 14943 "is-enabled offsets");
14351 14944 return (-1);
14352 14945 }
14353 14946 } else if (probe->dofpr_noffs == 0) {
14354 14947 dtrace_dof_error(dof, "zero probe offsets");
14355 14948 return (-1);
14356 14949 }
14357 14950
14358 14951 if (probe->dofpr_argidx + probe->dofpr_xargc <
14359 14952 probe->dofpr_argidx ||
14360 14953 (probe->dofpr_argidx + probe->dofpr_xargc) *
14361 14954 arg_sec->dofs_entsize > arg_sec->dofs_size) {
14362 14955 dtrace_dof_error(dof, "invalid args");
14363 14956 return (-1);
14364 14957 }
14365 14958
14366 14959 typeidx = probe->dofpr_nargv;
14367 14960 typestr = strtab + probe->dofpr_nargv;
14368 14961 for (k = 0; k < probe->dofpr_nargc; k++) {
14369 14962 if (typeidx >= str_sec->dofs_size) {
14370 14963 dtrace_dof_error(dof, "bad "
14371 14964 "native argument type");
14372 14965 return (-1);
14373 14966 }
14374 14967
14375 14968 typesz = strlen(typestr) + 1;
14376 14969 if (typesz > DTRACE_ARGTYPELEN) {
14377 14970 dtrace_dof_error(dof, "native "
14378 14971 "argument type too long");
14379 14972 return (-1);
14380 14973 }
14381 14974 typeidx += typesz;
14382 14975 typestr += typesz;
14383 14976 }
14384 14977
14385 14978 typeidx = probe->dofpr_xargv;
14386 14979 typestr = strtab + probe->dofpr_xargv;
14387 14980 for (k = 0; k < probe->dofpr_xargc; k++) {
14388 14981 if (arg[probe->dofpr_argidx + k] > probe->dofpr_nargc) {
14389 14982 dtrace_dof_error(dof, "bad "
14390 14983 "native argument index");
14391 14984 return (-1);
14392 14985 }
14393 14986
14394 14987 if (typeidx >= str_sec->dofs_size) {
14395 14988 dtrace_dof_error(dof, "bad "
14396 14989 "translated argument type");
14397 14990 return (-1);
14398 14991 }
14399 14992
14400 14993 typesz = strlen(typestr) + 1;
14401 14994 if (typesz > DTRACE_ARGTYPELEN) {
14402 14995 dtrace_dof_error(dof, "translated argument "
14403 14996 "type too long");
14404 14997 return (-1);
14405 14998 }
14406 14999
14407 15000 typeidx += typesz;
14408 15001 typestr += typesz;
14409 15002 }
14410 15003 }
14411 15004
14412 15005 return (0);
14413 15006 }
14414 15007
14415 15008 static int
14416 15009 dtrace_helper_slurp(dof_hdr_t *dof, dof_helper_t *dhp)
14417 15010 {
14418 15011 dtrace_helpers_t *help;
14419 15012 dtrace_vstate_t *vstate;
14420 15013 dtrace_enabling_t *enab = NULL;
14421 15014 int i, gen, rv, nhelpers = 0, nprovs = 0, destroy = 1;
14422 15015 uintptr_t daddr = (uintptr_t)dof;
14423 15016
14424 15017 ASSERT(MUTEX_HELD(&dtrace_lock));
14425 15018
14426 15019 if ((help = curproc->p_dtrace_helpers) == NULL)
14427 15020 help = dtrace_helpers_create(curproc);
14428 15021
14429 15022 vstate = &help->dthps_vstate;
14430 15023
14431 15024 if ((rv = dtrace_dof_slurp(dof, vstate, NULL, &enab,
14432 15025 dhp != NULL ? dhp->dofhp_addr : 0, B_FALSE)) != 0) {
14433 15026 dtrace_dof_destroy(dof);
14434 15027 return (rv);
14435 15028 }
14436 15029
14437 15030 /*
14438 15031 * Look for helper providers and validate their descriptions.
14439 15032 */
14440 15033 if (dhp != NULL) {
14441 15034 for (i = 0; i < dof->dofh_secnum; i++) {
14442 15035 dof_sec_t *sec = (dof_sec_t *)(uintptr_t)(daddr +
14443 15036 dof->dofh_secoff + i * dof->dofh_secsize);
14444 15037
14445 15038 if (sec->dofs_type != DOF_SECT_PROVIDER)
14446 15039 continue;
14447 15040
14448 15041 if (dtrace_helper_provider_validate(dof, sec) != 0) {
14449 15042 dtrace_enabling_destroy(enab);
14450 15043 dtrace_dof_destroy(dof);
14451 15044 return (-1);
14452 15045 }
14453 15046
14454 15047 nprovs++;
14455 15048 }
14456 15049 }
14457 15050
14458 15051 /*
14459 15052 * Now we need to walk through the ECB descriptions in the enabling.
14460 15053 */
14461 15054 for (i = 0; i < enab->dten_ndesc; i++) {
14462 15055 dtrace_ecbdesc_t *ep = enab->dten_desc[i];
14463 15056 dtrace_probedesc_t *desc = &ep->dted_probe;
14464 15057
14465 15058 if (strcmp(desc->dtpd_provider, "dtrace") != 0)
14466 15059 continue;
14467 15060
14468 15061 if (strcmp(desc->dtpd_mod, "helper") != 0)
14469 15062 continue;
14470 15063
14471 15064 if (strcmp(desc->dtpd_func, "ustack") != 0)
14472 15065 continue;
14473 15066
14474 15067 if ((rv = dtrace_helper_action_add(DTRACE_HELPER_ACTION_USTACK,
14475 15068 ep)) != 0) {
14476 15069 /*
14477 15070 * Adding this helper action failed -- we are now going
14478 15071 * to rip out the entire generation and return failure.
14479 15072 */
14480 15073 (void) dtrace_helper_destroygen(help->dthps_generation);
14481 15074 dtrace_enabling_destroy(enab);
14482 15075 dtrace_dof_destroy(dof);
14483 15076 return (-1);
14484 15077 }
14485 15078
14486 15079 nhelpers++;
14487 15080 }
14488 15081
14489 15082 if (nhelpers < enab->dten_ndesc)
14490 15083 dtrace_dof_error(dof, "unmatched helpers");
14491 15084
14492 15085 gen = help->dthps_generation++;
14493 15086 dtrace_enabling_destroy(enab);
14494 15087
14495 15088 if (dhp != NULL && nprovs > 0) {
14496 15089 dhp->dofhp_dof = (uint64_t)(uintptr_t)dof;
14497 15090 if (dtrace_helper_provider_add(dhp, gen) == 0) {
14498 15091 mutex_exit(&dtrace_lock);
14499 15092 dtrace_helper_provider_register(curproc, help, dhp);
14500 15093 mutex_enter(&dtrace_lock);
14501 15094
14502 15095 destroy = 0;
14503 15096 }
14504 15097 }
14505 15098
14506 15099 if (destroy)
14507 15100 dtrace_dof_destroy(dof);
14508 15101
14509 15102 return (gen);
14510 15103 }
14511 15104
14512 15105 static dtrace_helpers_t *
14513 15106 dtrace_helpers_create(proc_t *p)
14514 15107 {
14515 15108 dtrace_helpers_t *help;
14516 15109
14517 15110 ASSERT(MUTEX_HELD(&dtrace_lock));
14518 15111 ASSERT(p->p_dtrace_helpers == NULL);
14519 15112
14520 15113 help = kmem_zalloc(sizeof (dtrace_helpers_t), KM_SLEEP);
14521 15114 help->dthps_actions = kmem_zalloc(sizeof (dtrace_helper_action_t *) *
14522 15115 DTRACE_NHELPER_ACTIONS, KM_SLEEP);
14523 15116
14524 15117 p->p_dtrace_helpers = help;
14525 15118 dtrace_helpers++;
14526 15119
14527 15120 return (help);
14528 15121 }
14529 15122
14530 15123 static void
14531 15124 dtrace_helpers_destroy(void)
14532 15125 {
14533 15126 dtrace_helpers_t *help;
14534 15127 dtrace_vstate_t *vstate;
14535 15128 proc_t *p = curproc;
14536 15129 int i;
14537 15130
14538 15131 mutex_enter(&dtrace_lock);
14539 15132
14540 15133 ASSERT(p->p_dtrace_helpers != NULL);
14541 15134 ASSERT(dtrace_helpers > 0);
14542 15135
14543 15136 help = p->p_dtrace_helpers;
14544 15137 vstate = &help->dthps_vstate;
14545 15138
14546 15139 /*
14547 15140 * We're now going to lose the help from this process.
14548 15141 */
14549 15142 p->p_dtrace_helpers = NULL;
14550 15143 dtrace_sync();
14551 15144
14552 15145 /*
14553 15146 * Destory the helper actions.
14554 15147 */
14555 15148 for (i = 0; i < DTRACE_NHELPER_ACTIONS; i++) {
14556 15149 dtrace_helper_action_t *h, *next;
14557 15150
14558 15151 for (h = help->dthps_actions[i]; h != NULL; h = next) {
14559 15152 next = h->dtha_next;
14560 15153 dtrace_helper_action_destroy(h, vstate);
14561 15154 h = next;
14562 15155 }
14563 15156 }
14564 15157
14565 15158 mutex_exit(&dtrace_lock);
14566 15159
14567 15160 /*
14568 15161 * Destroy the helper providers.
14569 15162 */
14570 15163 if (help->dthps_maxprovs > 0) {
14571 15164 mutex_enter(&dtrace_meta_lock);
14572 15165 if (dtrace_meta_pid != NULL) {
14573 15166 ASSERT(dtrace_deferred_pid == NULL);
14574 15167
14575 15168 for (i = 0; i < help->dthps_nprovs; i++) {
14576 15169 dtrace_helper_provider_remove(
14577 15170 &help->dthps_provs[i]->dthp_prov, p->p_pid);
14578 15171 }
14579 15172 } else {
14580 15173 mutex_enter(&dtrace_lock);
14581 15174 ASSERT(help->dthps_deferred == 0 ||
14582 15175 help->dthps_next != NULL ||
14583 15176 help->dthps_prev != NULL ||
14584 15177 help == dtrace_deferred_pid);
14585 15178
14586 15179 /*
14587 15180 * Remove the helper from the deferred list.
14588 15181 */
14589 15182 if (help->dthps_next != NULL)
14590 15183 help->dthps_next->dthps_prev = help->dthps_prev;
14591 15184 if (help->dthps_prev != NULL)
14592 15185 help->dthps_prev->dthps_next = help->dthps_next;
14593 15186 if (dtrace_deferred_pid == help) {
14594 15187 dtrace_deferred_pid = help->dthps_next;
14595 15188 ASSERT(help->dthps_prev == NULL);
14596 15189 }
14597 15190
14598 15191 mutex_exit(&dtrace_lock);
14599 15192 }
14600 15193
14601 15194 mutex_exit(&dtrace_meta_lock);
14602 15195
14603 15196 for (i = 0; i < help->dthps_nprovs; i++) {
14604 15197 dtrace_helper_provider_destroy(help->dthps_provs[i]);
14605 15198 }
14606 15199
14607 15200 kmem_free(help->dthps_provs, help->dthps_maxprovs *
14608 15201 sizeof (dtrace_helper_provider_t *));
14609 15202 }
14610 15203
14611 15204 mutex_enter(&dtrace_lock);
14612 15205
14613 15206 dtrace_vstate_fini(&help->dthps_vstate);
14614 15207 kmem_free(help->dthps_actions,
14615 15208 sizeof (dtrace_helper_action_t *) * DTRACE_NHELPER_ACTIONS);
14616 15209 kmem_free(help, sizeof (dtrace_helpers_t));
14617 15210
14618 15211 --dtrace_helpers;
14619 15212 mutex_exit(&dtrace_lock);
14620 15213 }
14621 15214
14622 15215 static void
14623 15216 dtrace_helpers_duplicate(proc_t *from, proc_t *to)
14624 15217 {
14625 15218 dtrace_helpers_t *help, *newhelp;
14626 15219 dtrace_helper_action_t *helper, *new, *last;
14627 15220 dtrace_difo_t *dp;
14628 15221 dtrace_vstate_t *vstate;
14629 15222 int i, j, sz, hasprovs = 0;
14630 15223
14631 15224 mutex_enter(&dtrace_lock);
14632 15225 ASSERT(from->p_dtrace_helpers != NULL);
14633 15226 ASSERT(dtrace_helpers > 0);
14634 15227
14635 15228 help = from->p_dtrace_helpers;
14636 15229 newhelp = dtrace_helpers_create(to);
14637 15230 ASSERT(to->p_dtrace_helpers != NULL);
14638 15231
14639 15232 newhelp->dthps_generation = help->dthps_generation;
14640 15233 vstate = &newhelp->dthps_vstate;
14641 15234
14642 15235 /*
14643 15236 * Duplicate the helper actions.
14644 15237 */
14645 15238 for (i = 0; i < DTRACE_NHELPER_ACTIONS; i++) {
14646 15239 if ((helper = help->dthps_actions[i]) == NULL)
14647 15240 continue;
14648 15241
14649 15242 for (last = NULL; helper != NULL; helper = helper->dtha_next) {
14650 15243 new = kmem_zalloc(sizeof (dtrace_helper_action_t),
14651 15244 KM_SLEEP);
14652 15245 new->dtha_generation = helper->dtha_generation;
14653 15246
14654 15247 if ((dp = helper->dtha_predicate) != NULL) {
14655 15248 dp = dtrace_difo_duplicate(dp, vstate);
14656 15249 new->dtha_predicate = dp;
14657 15250 }
14658 15251
14659 15252 new->dtha_nactions = helper->dtha_nactions;
14660 15253 sz = sizeof (dtrace_difo_t *) * new->dtha_nactions;
14661 15254 new->dtha_actions = kmem_alloc(sz, KM_SLEEP);
14662 15255
14663 15256 for (j = 0; j < new->dtha_nactions; j++) {
14664 15257 dtrace_difo_t *dp = helper->dtha_actions[j];
14665 15258
14666 15259 ASSERT(dp != NULL);
14667 15260 dp = dtrace_difo_duplicate(dp, vstate);
14668 15261 new->dtha_actions[j] = dp;
14669 15262 }
14670 15263
14671 15264 if (last != NULL) {
14672 15265 last->dtha_next = new;
14673 15266 } else {
14674 15267 newhelp->dthps_actions[i] = new;
14675 15268 }
14676 15269
14677 15270 last = new;
14678 15271 }
14679 15272 }
14680 15273
14681 15274 /*
14682 15275 * Duplicate the helper providers and register them with the
14683 15276 * DTrace framework.
14684 15277 */
14685 15278 if (help->dthps_nprovs > 0) {
14686 15279 newhelp->dthps_nprovs = help->dthps_nprovs;
14687 15280 newhelp->dthps_maxprovs = help->dthps_nprovs;
14688 15281 newhelp->dthps_provs = kmem_alloc(newhelp->dthps_nprovs *
14689 15282 sizeof (dtrace_helper_provider_t *), KM_SLEEP);
14690 15283 for (i = 0; i < newhelp->dthps_nprovs; i++) {
14691 15284 newhelp->dthps_provs[i] = help->dthps_provs[i];
14692 15285 newhelp->dthps_provs[i]->dthp_ref++;
14693 15286 }
14694 15287
14695 15288 hasprovs = 1;
14696 15289 }
14697 15290
14698 15291 mutex_exit(&dtrace_lock);
14699 15292
14700 15293 if (hasprovs)
14701 15294 dtrace_helper_provider_register(to, newhelp, NULL);
14702 15295 }
14703 15296
14704 15297 /*
14705 15298 * DTrace Hook Functions
14706 15299 */
14707 15300 static void
14708 15301 dtrace_module_loaded(struct modctl *ctl)
14709 15302 {
14710 15303 dtrace_provider_t *prv;
14711 15304
14712 15305 mutex_enter(&dtrace_provider_lock);
14713 15306 mutex_enter(&mod_lock);
14714 15307
14715 15308 ASSERT(ctl->mod_busy);
14716 15309
14717 15310 /*
14718 15311 * We're going to call each providers per-module provide operation
14719 15312 * specifying only this module.
14720 15313 */
14721 15314 for (prv = dtrace_provider; prv != NULL; prv = prv->dtpv_next)
14722 15315 prv->dtpv_pops.dtps_provide_module(prv->dtpv_arg, ctl);
14723 15316
14724 15317 mutex_exit(&mod_lock);
14725 15318 mutex_exit(&dtrace_provider_lock);
14726 15319
14727 15320 /*
14728 15321 * If we have any retained enablings, we need to match against them.
14729 15322 * Enabling probes requires that cpu_lock be held, and we cannot hold
14730 15323 * cpu_lock here -- it is legal for cpu_lock to be held when loading a
14731 15324 * module. (In particular, this happens when loading scheduling
14732 15325 * classes.) So if we have any retained enablings, we need to dispatch
14733 15326 * our task queue to do the match for us.
14734 15327 */
14735 15328 mutex_enter(&dtrace_lock);
14736 15329
14737 15330 if (dtrace_retained == NULL) {
14738 15331 mutex_exit(&dtrace_lock);
14739 15332 return;
14740 15333 }
14741 15334
14742 15335 (void) taskq_dispatch(dtrace_taskq,
14743 15336 (task_func_t *)dtrace_enabling_matchall, NULL, TQ_SLEEP);
14744 15337
14745 15338 mutex_exit(&dtrace_lock);
14746 15339
14747 15340 /*
14748 15341 * And now, for a little heuristic sleaze: in general, we want to
14749 15342 * match modules as soon as they load. However, we cannot guarantee
14750 15343 * this, because it would lead us to the lock ordering violation
14751 15344 * outlined above. The common case, of course, is that cpu_lock is
14752 15345 * _not_ held -- so we delay here for a clock tick, hoping that that's
14753 15346 * long enough for the task queue to do its work. If it's not, it's
14754 15347 * not a serious problem -- it just means that the module that we
14755 15348 * just loaded may not be immediately instrumentable.
14756 15349 */
14757 15350 delay(1);
14758 15351 }
14759 15352
14760 15353 static void
14761 15354 dtrace_module_unloaded(struct modctl *ctl)
14762 15355 {
14763 15356 dtrace_probe_t template, *probe, *first, *next;
14764 15357 dtrace_provider_t *prov;
14765 15358
14766 15359 template.dtpr_mod = ctl->mod_modname;
14767 15360
14768 15361 mutex_enter(&dtrace_provider_lock);
14769 15362 mutex_enter(&mod_lock);
14770 15363 mutex_enter(&dtrace_lock);
14771 15364
14772 15365 if (dtrace_bymod == NULL) {
14773 15366 /*
14774 15367 * The DTrace module is loaded (obviously) but not attached;
14775 15368 * we don't have any work to do.
14776 15369 */
14777 15370 mutex_exit(&dtrace_provider_lock);
14778 15371 mutex_exit(&mod_lock);
14779 15372 mutex_exit(&dtrace_lock);
14780 15373 return;
14781 15374 }
14782 15375
14783 15376 for (probe = first = dtrace_hash_lookup(dtrace_bymod, &template);
14784 15377 probe != NULL; probe = probe->dtpr_nextmod) {
14785 15378 if (probe->dtpr_ecb != NULL) {
14786 15379 mutex_exit(&dtrace_provider_lock);
14787 15380 mutex_exit(&mod_lock);
14788 15381 mutex_exit(&dtrace_lock);
14789 15382
14790 15383 /*
14791 15384 * This shouldn't _actually_ be possible -- we're
14792 15385 * unloading a module that has an enabled probe in it.
14793 15386 * (It's normally up to the provider to make sure that
14794 15387 * this can't happen.) However, because dtps_enable()
14795 15388 * doesn't have a failure mode, there can be an
14796 15389 * enable/unload race. Upshot: we don't want to
14797 15390 * assert, but we're not going to disable the
14798 15391 * probe, either.
14799 15392 */
14800 15393 if (dtrace_err_verbose) {
14801 15394 cmn_err(CE_WARN, "unloaded module '%s' had "
14802 15395 "enabled probes", ctl->mod_modname);
14803 15396 }
14804 15397
14805 15398 return;
14806 15399 }
14807 15400 }
14808 15401
14809 15402 probe = first;
14810 15403
14811 15404 for (first = NULL; probe != NULL; probe = next) {
14812 15405 ASSERT(dtrace_probes[probe->dtpr_id - 1] == probe);
14813 15406
14814 15407 dtrace_probes[probe->dtpr_id - 1] = NULL;
14815 15408
14816 15409 next = probe->dtpr_nextmod;
14817 15410 dtrace_hash_remove(dtrace_bymod, probe);
14818 15411 dtrace_hash_remove(dtrace_byfunc, probe);
14819 15412 dtrace_hash_remove(dtrace_byname, probe);
14820 15413
14821 15414 if (first == NULL) {
14822 15415 first = probe;
14823 15416 probe->dtpr_nextmod = NULL;
14824 15417 } else {
14825 15418 probe->dtpr_nextmod = first;
14826 15419 first = probe;
14827 15420 }
14828 15421 }
14829 15422
14830 15423 /*
14831 15424 * We've removed all of the module's probes from the hash chains and
14832 15425 * from the probe array. Now issue a dtrace_sync() to be sure that
14833 15426 * everyone has cleared out from any probe array processing.
14834 15427 */
14835 15428 dtrace_sync();
14836 15429
14837 15430 for (probe = first; probe != NULL; probe = first) {
14838 15431 first = probe->dtpr_nextmod;
14839 15432 prov = probe->dtpr_provider;
14840 15433 prov->dtpv_pops.dtps_destroy(prov->dtpv_arg, probe->dtpr_id,
14841 15434 probe->dtpr_arg);
14842 15435 kmem_free(probe->dtpr_mod, strlen(probe->dtpr_mod) + 1);
14843 15436 kmem_free(probe->dtpr_func, strlen(probe->dtpr_func) + 1);
14844 15437 kmem_free(probe->dtpr_name, strlen(probe->dtpr_name) + 1);
14845 15438 vmem_free(dtrace_arena, (void *)(uintptr_t)probe->dtpr_id, 1);
14846 15439 kmem_free(probe, sizeof (dtrace_probe_t));
14847 15440 }
14848 15441
14849 15442 mutex_exit(&dtrace_lock);
14850 15443 mutex_exit(&mod_lock);
14851 15444 mutex_exit(&dtrace_provider_lock);
14852 15445 }
14853 15446
14854 15447 void
14855 15448 dtrace_suspend(void)
14856 15449 {
14857 15450 dtrace_probe_foreach(offsetof(dtrace_pops_t, dtps_suspend));
14858 15451 }
14859 15452
14860 15453 void
14861 15454 dtrace_resume(void)
14862 15455 {
14863 15456 dtrace_probe_foreach(offsetof(dtrace_pops_t, dtps_resume));
14864 15457 }
14865 15458
14866 15459 static int
14867 15460 dtrace_cpu_setup(cpu_setup_t what, processorid_t cpu)
14868 15461 {
14869 15462 ASSERT(MUTEX_HELD(&cpu_lock));
14870 15463 mutex_enter(&dtrace_lock);
14871 15464
14872 15465 switch (what) {
14873 15466 case CPU_CONFIG: {
14874 15467 dtrace_state_t *state;
14875 15468 dtrace_optval_t *opt, rs, c;
14876 15469
14877 15470 /*
14878 15471 * For now, we only allocate a new buffer for anonymous state.
14879 15472 */
14880 15473 if ((state = dtrace_anon.dta_state) == NULL)
14881 15474 break;
14882 15475
14883 15476 if (state->dts_activity != DTRACE_ACTIVITY_ACTIVE)
14884 15477 break;
14885 15478
14886 15479 opt = state->dts_options;
14887 15480 c = opt[DTRACEOPT_CPU];
14888 15481
14889 15482 if (c != DTRACE_CPUALL && c != DTRACEOPT_UNSET && c != cpu)
14890 15483 break;
14891 15484
14892 15485 /*
14893 15486 * Regardless of what the actual policy is, we're going to
14894 15487 * temporarily set our resize policy to be manual. We're
14895 15488 * also going to temporarily set our CPU option to denote
14896 15489 * the newly configured CPU.
14897 15490 */
14898 15491 rs = opt[DTRACEOPT_BUFRESIZE];
14899 15492 opt[DTRACEOPT_BUFRESIZE] = DTRACEOPT_BUFRESIZE_MANUAL;
14900 15493 opt[DTRACEOPT_CPU] = (dtrace_optval_t)cpu;
14901 15494
14902 15495 (void) dtrace_state_buffers(state);
14903 15496
14904 15497 opt[DTRACEOPT_BUFRESIZE] = rs;
14905 15498 opt[DTRACEOPT_CPU] = c;
14906 15499
14907 15500 break;
14908 15501 }
14909 15502
14910 15503 case CPU_UNCONFIG:
14911 15504 /*
14912 15505 * We don't free the buffer in the CPU_UNCONFIG case. (The
14913 15506 * buffer will be freed when the consumer exits.)
14914 15507 */
14915 15508 break;
14916 15509
14917 15510 default:
14918 15511 break;
14919 15512 }
14920 15513
14921 15514 mutex_exit(&dtrace_lock);
14922 15515 return (0);
14923 15516 }
14924 15517
14925 15518 static void
14926 15519 dtrace_cpu_setup_initial(processorid_t cpu)
14927 15520 {
14928 15521 (void) dtrace_cpu_setup(CPU_CONFIG, cpu);
14929 15522 }
14930 15523
14931 15524 static void
14932 15525 dtrace_toxrange_add(uintptr_t base, uintptr_t limit)
14933 15526 {
14934 15527 if (dtrace_toxranges >= dtrace_toxranges_max) {
14935 15528 int osize, nsize;
14936 15529 dtrace_toxrange_t *range;
14937 15530
14938 15531 osize = dtrace_toxranges_max * sizeof (dtrace_toxrange_t);
14939 15532
14940 15533 if (osize == 0) {
14941 15534 ASSERT(dtrace_toxrange == NULL);
14942 15535 ASSERT(dtrace_toxranges_max == 0);
14943 15536 dtrace_toxranges_max = 1;
14944 15537 } else {
14945 15538 dtrace_toxranges_max <<= 1;
14946 15539 }
14947 15540
14948 15541 nsize = dtrace_toxranges_max * sizeof (dtrace_toxrange_t);
14949 15542 range = kmem_zalloc(nsize, KM_SLEEP);
14950 15543
14951 15544 if (dtrace_toxrange != NULL) {
14952 15545 ASSERT(osize != 0);
14953 15546 bcopy(dtrace_toxrange, range, osize);
14954 15547 kmem_free(dtrace_toxrange, osize);
14955 15548 }
14956 15549
14957 15550 dtrace_toxrange = range;
14958 15551 }
14959 15552
14960 15553 ASSERT(dtrace_toxrange[dtrace_toxranges].dtt_base == NULL);
14961 15554 ASSERT(dtrace_toxrange[dtrace_toxranges].dtt_limit == NULL);
14962 15555
14963 15556 dtrace_toxrange[dtrace_toxranges].dtt_base = base;
14964 15557 dtrace_toxrange[dtrace_toxranges].dtt_limit = limit;
14965 15558 dtrace_toxranges++;
14966 15559 }
14967 15560
14968 15561 static void
14969 15562 dtrace_getf_barrier()
14970 15563 {
14971 15564 /*
14972 15565 * When we have unprivileged (that is, non-DTRACE_CRV_KERNEL) enablings
14973 15566 * that contain calls to getf(), this routine will be called on every
14974 15567 * closef() before either the underlying vnode is released or the
14975 15568 * file_t itself is freed. By the time we are here, it is essential
14976 15569 * that the file_t can no longer be accessed from a call to getf()
14977 15570 * in probe context -- that assures that a dtrace_sync() can be used
14978 15571 * to clear out any enablings referring to the old structures.
14979 15572 */
14980 15573 if (curthread->t_procp->p_zone->zone_dtrace_getf != 0 ||
14981 15574 kcred->cr_zone->zone_dtrace_getf != 0)
14982 15575 dtrace_sync();
14983 15576 }
14984 15577
14985 15578 /*
14986 15579 * DTrace Driver Cookbook Functions
14987 15580 */
14988 15581 /*ARGSUSED*/
14989 15582 static int
14990 15583 dtrace_attach(dev_info_t *devi, ddi_attach_cmd_t cmd)
14991 15584 {
14992 15585 dtrace_provider_id_t id;
14993 15586 dtrace_state_t *state = NULL;
14994 15587 dtrace_enabling_t *enab;
14995 15588
14996 15589 mutex_enter(&cpu_lock);
14997 15590 mutex_enter(&dtrace_provider_lock);
14998 15591 mutex_enter(&dtrace_lock);
14999 15592
15000 15593 if (ddi_soft_state_init(&dtrace_softstate,
15001 15594 sizeof (dtrace_state_t), 0) != 0) {
15002 15595 cmn_err(CE_NOTE, "/dev/dtrace failed to initialize soft state");
15003 15596 mutex_exit(&cpu_lock);
15004 15597 mutex_exit(&dtrace_provider_lock);
15005 15598 mutex_exit(&dtrace_lock);
15006 15599 return (DDI_FAILURE);
15007 15600 }
15008 15601
15009 15602 if (ddi_create_minor_node(devi, DTRACEMNR_DTRACE, S_IFCHR,
15010 15603 DTRACEMNRN_DTRACE, DDI_PSEUDO, NULL) == DDI_FAILURE ||
15011 15604 ddi_create_minor_node(devi, DTRACEMNR_HELPER, S_IFCHR,
15012 15605 DTRACEMNRN_HELPER, DDI_PSEUDO, NULL) == DDI_FAILURE) {
15013 15606 cmn_err(CE_NOTE, "/dev/dtrace couldn't create minor nodes");
15014 15607 ddi_remove_minor_node(devi, NULL);
15015 15608 ddi_soft_state_fini(&dtrace_softstate);
15016 15609 mutex_exit(&cpu_lock);
15017 15610 mutex_exit(&dtrace_provider_lock);
15018 15611 mutex_exit(&dtrace_lock);
15019 15612 return (DDI_FAILURE);
15020 15613 }
15021 15614
15022 15615 ddi_report_dev(devi);
15023 15616 dtrace_devi = devi;
15024 15617
15025 15618 dtrace_modload = dtrace_module_loaded;
15026 15619 dtrace_modunload = dtrace_module_unloaded;
15027 15620 dtrace_cpu_init = dtrace_cpu_setup_initial;
15028 15621 dtrace_helpers_cleanup = dtrace_helpers_destroy;
15029 15622 dtrace_helpers_fork = dtrace_helpers_duplicate;
15030 15623 dtrace_cpustart_init = dtrace_suspend;
15031 15624 dtrace_cpustart_fini = dtrace_resume;
15032 15625 dtrace_debugger_init = dtrace_suspend;
15033 15626 dtrace_debugger_fini = dtrace_resume;
15034 15627
15035 15628 register_cpu_setup_func((cpu_setup_func_t *)dtrace_cpu_setup, NULL);
15036 15629
15037 15630 ASSERT(MUTEX_HELD(&cpu_lock));
15038 15631
15039 15632 dtrace_arena = vmem_create("dtrace", (void *)1, UINT32_MAX, 1,
15040 15633 NULL, NULL, NULL, 0, VM_SLEEP | VMC_IDENTIFIER);
15041 15634 dtrace_minor = vmem_create("dtrace_minor", (void *)DTRACEMNRN_CLONE,
15042 15635 UINT32_MAX - DTRACEMNRN_CLONE, 1, NULL, NULL, NULL, 0,
15043 15636 VM_SLEEP | VMC_IDENTIFIER);
15044 15637 dtrace_taskq = taskq_create("dtrace_taskq", 1, maxclsyspri,
15045 15638 1, INT_MAX, 0);
15046 15639
15047 15640 dtrace_state_cache = kmem_cache_create("dtrace_state_cache",
15048 15641 sizeof (dtrace_dstate_percpu_t) * NCPU, DTRACE_STATE_ALIGN,
15049 15642 NULL, NULL, NULL, NULL, NULL, 0);
15050 15643
15051 15644 ASSERT(MUTEX_HELD(&cpu_lock));
15052 15645 dtrace_bymod = dtrace_hash_create(offsetof(dtrace_probe_t, dtpr_mod),
15053 15646 offsetof(dtrace_probe_t, dtpr_nextmod),
15054 15647 offsetof(dtrace_probe_t, dtpr_prevmod));
15055 15648
15056 15649 dtrace_byfunc = dtrace_hash_create(offsetof(dtrace_probe_t, dtpr_func),
15057 15650 offsetof(dtrace_probe_t, dtpr_nextfunc),
15058 15651 offsetof(dtrace_probe_t, dtpr_prevfunc));
15059 15652
15060 15653 dtrace_byname = dtrace_hash_create(offsetof(dtrace_probe_t, dtpr_name),
15061 15654 offsetof(dtrace_probe_t, dtpr_nextname),
15062 15655 offsetof(dtrace_probe_t, dtpr_prevname));
15063 15656
15064 15657 if (dtrace_retain_max < 1) {
15065 15658 cmn_err(CE_WARN, "illegal value (%lu) for dtrace_retain_max; "
15066 15659 "setting to 1", dtrace_retain_max);
15067 15660 dtrace_retain_max = 1;
15068 15661 }
15069 15662
15070 15663 /*
15071 15664 * Now discover our toxic ranges.
15072 15665 */
15073 15666 dtrace_toxic_ranges(dtrace_toxrange_add);
15074 15667
15075 15668 /*
15076 15669 * Before we register ourselves as a provider to our own framework,
15077 15670 * we would like to assert that dtrace_provider is NULL -- but that's
15078 15671 * not true if we were loaded as a dependency of a DTrace provider.
15079 15672 * Once we've registered, we can assert that dtrace_provider is our
15080 15673 * pseudo provider.
15081 15674 */
15082 15675 (void) dtrace_register("dtrace", &dtrace_provider_attr,
15083 15676 DTRACE_PRIV_NONE, 0, &dtrace_provider_ops, NULL, &id);
15084 15677
15085 15678 ASSERT(dtrace_provider != NULL);
15086 15679 ASSERT((dtrace_provider_id_t)dtrace_provider == id);
15087 15680
15088 15681 dtrace_probeid_begin = dtrace_probe_create((dtrace_provider_id_t)
15089 15682 dtrace_provider, NULL, NULL, "BEGIN", 0, NULL);
15090 15683 dtrace_probeid_end = dtrace_probe_create((dtrace_provider_id_t)
15091 15684 dtrace_provider, NULL, NULL, "END", 0, NULL);
15092 15685 dtrace_probeid_error = dtrace_probe_create((dtrace_provider_id_t)
15093 15686 dtrace_provider, NULL, NULL, "ERROR", 1, NULL);
15094 15687
15095 15688 dtrace_anon_property();
15096 15689 mutex_exit(&cpu_lock);
15097 15690
15098 15691 /*
15099 15692 * If there are already providers, we must ask them to provide their
15100 15693 * probes, and then match any anonymous enabling against them. Note
15101 15694 * that there should be no other retained enablings at this time:
15102 15695 * the only retained enablings at this time should be the anonymous
15103 15696 * enabling.
15104 15697 */
15105 15698 if (dtrace_anon.dta_enabling != NULL) {
15106 15699 ASSERT(dtrace_retained == dtrace_anon.dta_enabling);
15107 15700
15108 15701 dtrace_enabling_provide(NULL);
15109 15702 state = dtrace_anon.dta_state;
15110 15703
15111 15704 /*
15112 15705 * We couldn't hold cpu_lock across the above call to
15113 15706 * dtrace_enabling_provide(), but we must hold it to actually
15114 15707 * enable the probes. We have to drop all of our locks, pick
15115 15708 * up cpu_lock, and regain our locks before matching the
15116 15709 * retained anonymous enabling.
15117 15710 */
15118 15711 mutex_exit(&dtrace_lock);
15119 15712 mutex_exit(&dtrace_provider_lock);
15120 15713
15121 15714 mutex_enter(&cpu_lock);
15122 15715 mutex_enter(&dtrace_provider_lock);
15123 15716 mutex_enter(&dtrace_lock);
15124 15717
15125 15718 if ((enab = dtrace_anon.dta_enabling) != NULL)
15126 15719 (void) dtrace_enabling_match(enab, NULL);
15127 15720
15128 15721 mutex_exit(&cpu_lock);
15129 15722 }
15130 15723
15131 15724 mutex_exit(&dtrace_lock);
15132 15725 mutex_exit(&dtrace_provider_lock);
15133 15726
15134 15727 if (state != NULL) {
15135 15728 /*
15136 15729 * If we created any anonymous state, set it going now.
15137 15730 */
15138 15731 (void) dtrace_state_go(state, &dtrace_anon.dta_beganon);
15139 15732 }
15140 15733
15141 15734 return (DDI_SUCCESS);
15142 15735 }
15143 15736
15144 15737 /*ARGSUSED*/
15145 15738 static int
15146 15739 dtrace_open(dev_t *devp, int flag, int otyp, cred_t *cred_p)
15147 15740 {
15148 15741 dtrace_state_t *state;
15149 15742 uint32_t priv;
15150 15743 uid_t uid;
15151 15744 zoneid_t zoneid;
15152 15745
15153 15746 if (getminor(*devp) == DTRACEMNRN_HELPER)
15154 15747 return (0);
15155 15748
15156 15749 /*
15157 15750 * If this wasn't an open with the "helper" minor, then it must be
15158 15751 * the "dtrace" minor.
15159 15752 */
15160 15753 if (getminor(*devp) != DTRACEMNRN_DTRACE)
15161 15754 return (ENXIO);
15162 15755
15163 15756 /*
15164 15757 * If no DTRACE_PRIV_* bits are set in the credential, then the
15165 15758 * caller lacks sufficient permission to do anything with DTrace.
15166 15759 */
15167 15760 dtrace_cred2priv(cred_p, &priv, &uid, &zoneid);
15168 15761 if (priv == DTRACE_PRIV_NONE)
15169 15762 return (EACCES);
15170 15763
15171 15764 /*
15172 15765 * Ask all providers to provide all their probes.
15173 15766 */
15174 15767 mutex_enter(&dtrace_provider_lock);
15175 15768 dtrace_probe_provide(NULL, NULL);
15176 15769 mutex_exit(&dtrace_provider_lock);
15177 15770
15178 15771 mutex_enter(&cpu_lock);
15179 15772 mutex_enter(&dtrace_lock);
15180 15773 dtrace_opens++;
15181 15774 dtrace_membar_producer();
15182 15775
15183 15776 /*
15184 15777 * If the kernel debugger is active (that is, if the kernel debugger
15185 15778 * modified text in some way), we won't allow the open.
15186 15779 */
15187 15780 if (kdi_dtrace_set(KDI_DTSET_DTRACE_ACTIVATE) != 0) {
15188 15781 dtrace_opens--;
15189 15782 mutex_exit(&cpu_lock);
15190 15783 mutex_exit(&dtrace_lock);
15191 15784 return (EBUSY);
15192 15785 }
15193 15786
15194 15787 if (dtrace_helptrace_enable && dtrace_helptrace_buffer == NULL) {
15195 15788 /*
15196 15789 * If DTrace helper tracing is enabled, we need to allocate the
15197 15790 * trace buffer and initialize the values.
15198 15791 */
15199 15792 dtrace_helptrace_buffer =
15200 15793 kmem_zalloc(dtrace_helptrace_bufsize, KM_SLEEP);
15201 15794 dtrace_helptrace_next = 0;
15202 15795 dtrace_helptrace_wrapped = 0;
15203 15796 dtrace_helptrace_enable = 0;
15204 15797 }
15205 15798
15206 15799 state = dtrace_state_create(devp, cred_p);
15207 15800 mutex_exit(&cpu_lock);
15208 15801
15209 15802 if (state == NULL) {
15210 15803 if (--dtrace_opens == 0 && dtrace_anon.dta_enabling == NULL)
15211 15804 (void) kdi_dtrace_set(KDI_DTSET_DTRACE_DEACTIVATE);
15212 15805 mutex_exit(&dtrace_lock);
15213 15806 return (EAGAIN);
15214 15807 }
15215 15808
15216 15809 mutex_exit(&dtrace_lock);
15217 15810
15218 15811 return (0);
15219 15812 }
15220 15813
15221 15814 /*ARGSUSED*/
15222 15815 static int
15223 15816 dtrace_close(dev_t dev, int flag, int otyp, cred_t *cred_p)
15224 15817 {
15225 15818 minor_t minor = getminor(dev);
15226 15819 dtrace_state_t *state;
15227 15820 dtrace_helptrace_t *buf = NULL;
15228 15821
15229 15822 if (minor == DTRACEMNRN_HELPER)
15230 15823 return (0);
15231 15824
15232 15825 state = ddi_get_soft_state(dtrace_softstate, minor);
15233 15826
15234 15827 mutex_enter(&cpu_lock);
15235 15828 mutex_enter(&dtrace_lock);
15236 15829
15237 15830 if (state->dts_anon) {
15238 15831 /*
15239 15832 * There is anonymous state. Destroy that first.
15240 15833 */
15241 15834 ASSERT(dtrace_anon.dta_state == NULL);
15242 15835 dtrace_state_destroy(state->dts_anon);
15243 15836 }
15244 15837
15245 15838 if (dtrace_helptrace_disable) {
15246 15839 /*
15247 15840 * If we have been told to disable helper tracing, set the
15248 15841 * buffer to NULL before calling into dtrace_state_destroy();
15249 15842 * we take advantage of its dtrace_sync() to know that no
15250 15843 * CPU is in probe context with enabled helper tracing
15251 15844 * after it returns.
15252 15845 */
15253 15846 buf = dtrace_helptrace_buffer;
15254 15847 dtrace_helptrace_buffer = NULL;
15255 15848 }
15256 15849
15257 15850 dtrace_state_destroy(state);
15258 15851 ASSERT(dtrace_opens > 0);
15259 15852
15260 15853 /*
15261 15854 * Only relinquish control of the kernel debugger interface when there
15262 15855 * are no consumers and no anonymous enablings.
15263 15856 */
15264 15857 if (--dtrace_opens == 0 && dtrace_anon.dta_enabling == NULL)
15265 15858 (void) kdi_dtrace_set(KDI_DTSET_DTRACE_DEACTIVATE);
15266 15859
15267 15860 if (buf != NULL) {
15268 15861 kmem_free(buf, dtrace_helptrace_bufsize);
15269 15862 dtrace_helptrace_disable = 0;
15270 15863 }
15271 15864
15272 15865 mutex_exit(&dtrace_lock);
15273 15866 mutex_exit(&cpu_lock);
15274 15867
15275 15868 return (0);
15276 15869 }
15277 15870
15278 15871 /*ARGSUSED*/
15279 15872 static int
15280 15873 dtrace_ioctl_helper(int cmd, intptr_t arg, int *rv)
15281 15874 {
15282 15875 int rval;
15283 15876 dof_helper_t help, *dhp = NULL;
15284 15877
15285 15878 switch (cmd) {
15286 15879 case DTRACEHIOC_ADDDOF:
15287 15880 if (copyin((void *)arg, &help, sizeof (help)) != 0) {
15288 15881 dtrace_dof_error(NULL, "failed to copyin DOF helper");
15289 15882 return (EFAULT);
15290 15883 }
15291 15884
15292 15885 dhp = &help;
15293 15886 arg = (intptr_t)help.dofhp_dof;
15294 15887 /*FALLTHROUGH*/
15295 15888
15296 15889 case DTRACEHIOC_ADD: {
15297 15890 dof_hdr_t *dof = dtrace_dof_copyin(arg, &rval);
15298 15891
15299 15892 if (dof == NULL)
15300 15893 return (rval);
15301 15894
15302 15895 mutex_enter(&dtrace_lock);
15303 15896
15304 15897 /*
15305 15898 * dtrace_helper_slurp() takes responsibility for the dof --
15306 15899 * it may free it now or it may save it and free it later.
15307 15900 */
15308 15901 if ((rval = dtrace_helper_slurp(dof, dhp)) != -1) {
15309 15902 *rv = rval;
15310 15903 rval = 0;
15311 15904 } else {
15312 15905 rval = EINVAL;
15313 15906 }
15314 15907
15315 15908 mutex_exit(&dtrace_lock);
15316 15909 return (rval);
15317 15910 }
15318 15911
15319 15912 case DTRACEHIOC_REMOVE: {
15320 15913 mutex_enter(&dtrace_lock);
15321 15914 rval = dtrace_helper_destroygen(arg);
15322 15915 mutex_exit(&dtrace_lock);
15323 15916
15324 15917 return (rval);
15325 15918 }
15326 15919
15327 15920 default:
15328 15921 break;
15329 15922 }
15330 15923
15331 15924 return (ENOTTY);
15332 15925 }
15333 15926
15334 15927 /*ARGSUSED*/
15335 15928 static int
15336 15929 dtrace_ioctl(dev_t dev, int cmd, intptr_t arg, int md, cred_t *cr, int *rv)
15337 15930 {
15338 15931 minor_t minor = getminor(dev);
15339 15932 dtrace_state_t *state;
15340 15933 int rval;
15341 15934
15342 15935 if (minor == DTRACEMNRN_HELPER)
15343 15936 return (dtrace_ioctl_helper(cmd, arg, rv));
15344 15937
15345 15938 state = ddi_get_soft_state(dtrace_softstate, minor);
15346 15939
15347 15940 if (state->dts_anon) {
15348 15941 ASSERT(dtrace_anon.dta_state == NULL);
15349 15942 state = state->dts_anon;
15350 15943 }
15351 15944
15352 15945 switch (cmd) {
15353 15946 case DTRACEIOC_PROVIDER: {
15354 15947 dtrace_providerdesc_t pvd;
15355 15948 dtrace_provider_t *pvp;
15356 15949
15357 15950 if (copyin((void *)arg, &pvd, sizeof (pvd)) != 0)
15358 15951 return (EFAULT);
15359 15952
15360 15953 pvd.dtvd_name[DTRACE_PROVNAMELEN - 1] = '\0';
15361 15954 mutex_enter(&dtrace_provider_lock);
15362 15955
15363 15956 for (pvp = dtrace_provider; pvp != NULL; pvp = pvp->dtpv_next) {
15364 15957 if (strcmp(pvp->dtpv_name, pvd.dtvd_name) == 0)
15365 15958 break;
15366 15959 }
15367 15960
15368 15961 mutex_exit(&dtrace_provider_lock);
15369 15962
15370 15963 if (pvp == NULL)
15371 15964 return (ESRCH);
15372 15965
15373 15966 bcopy(&pvp->dtpv_priv, &pvd.dtvd_priv, sizeof (dtrace_ppriv_t));
15374 15967 bcopy(&pvp->dtpv_attr, &pvd.dtvd_attr, sizeof (dtrace_pattr_t));
15375 15968 if (copyout(&pvd, (void *)arg, sizeof (pvd)) != 0)
15376 15969 return (EFAULT);
15377 15970
15378 15971 return (0);
15379 15972 }
15380 15973
15381 15974 case DTRACEIOC_EPROBE: {
15382 15975 dtrace_eprobedesc_t epdesc;
15383 15976 dtrace_ecb_t *ecb;
15384 15977 dtrace_action_t *act;
15385 15978 void *buf;
15386 15979 size_t size;
15387 15980 uintptr_t dest;
15388 15981 int nrecs;
15389 15982
15390 15983 if (copyin((void *)arg, &epdesc, sizeof (epdesc)) != 0)
15391 15984 return (EFAULT);
15392 15985
15393 15986 mutex_enter(&dtrace_lock);
15394 15987
15395 15988 if ((ecb = dtrace_epid2ecb(state, epdesc.dtepd_epid)) == NULL) {
15396 15989 mutex_exit(&dtrace_lock);
15397 15990 return (EINVAL);
15398 15991 }
15399 15992
15400 15993 if (ecb->dte_probe == NULL) {
15401 15994 mutex_exit(&dtrace_lock);
15402 15995 return (EINVAL);
15403 15996 }
15404 15997
15405 15998 epdesc.dtepd_probeid = ecb->dte_probe->dtpr_id;
15406 15999 epdesc.dtepd_uarg = ecb->dte_uarg;
15407 16000 epdesc.dtepd_size = ecb->dte_size;
15408 16001
15409 16002 nrecs = epdesc.dtepd_nrecs;
15410 16003 epdesc.dtepd_nrecs = 0;
15411 16004 for (act = ecb->dte_action; act != NULL; act = act->dta_next) {
15412 16005 if (DTRACEACT_ISAGG(act->dta_kind) || act->dta_intuple)
15413 16006 continue;
15414 16007
15415 16008 epdesc.dtepd_nrecs++;
15416 16009 }
15417 16010
15418 16011 /*
15419 16012 * Now that we have the size, we need to allocate a temporary
15420 16013 * buffer in which to store the complete description. We need
15421 16014 * the temporary buffer to be able to drop dtrace_lock()
15422 16015 * across the copyout(), below.
15423 16016 */
15424 16017 size = sizeof (dtrace_eprobedesc_t) +
15425 16018 (epdesc.dtepd_nrecs * sizeof (dtrace_recdesc_t));
15426 16019
15427 16020 buf = kmem_alloc(size, KM_SLEEP);
15428 16021 dest = (uintptr_t)buf;
15429 16022
15430 16023 bcopy(&epdesc, (void *)dest, sizeof (epdesc));
15431 16024 dest += offsetof(dtrace_eprobedesc_t, dtepd_rec[0]);
15432 16025
15433 16026 for (act = ecb->dte_action; act != NULL; act = act->dta_next) {
15434 16027 if (DTRACEACT_ISAGG(act->dta_kind) || act->dta_intuple)
15435 16028 continue;
15436 16029
15437 16030 if (nrecs-- == 0)
15438 16031 break;
15439 16032
15440 16033 bcopy(&act->dta_rec, (void *)dest,
15441 16034 sizeof (dtrace_recdesc_t));
15442 16035 dest += sizeof (dtrace_recdesc_t);
15443 16036 }
15444 16037
15445 16038 mutex_exit(&dtrace_lock);
15446 16039
15447 16040 if (copyout(buf, (void *)arg, dest - (uintptr_t)buf) != 0) {
15448 16041 kmem_free(buf, size);
15449 16042 return (EFAULT);
15450 16043 }
15451 16044
15452 16045 kmem_free(buf, size);
15453 16046 return (0);
15454 16047 }
15455 16048
15456 16049 case DTRACEIOC_AGGDESC: {
15457 16050 dtrace_aggdesc_t aggdesc;
15458 16051 dtrace_action_t *act;
15459 16052 dtrace_aggregation_t *agg;
15460 16053 int nrecs;
15461 16054 uint32_t offs;
15462 16055 dtrace_recdesc_t *lrec;
15463 16056 void *buf;
15464 16057 size_t size;
15465 16058 uintptr_t dest;
15466 16059
15467 16060 if (copyin((void *)arg, &aggdesc, sizeof (aggdesc)) != 0)
15468 16061 return (EFAULT);
15469 16062
15470 16063 mutex_enter(&dtrace_lock);
15471 16064
15472 16065 if ((agg = dtrace_aggid2agg(state, aggdesc.dtagd_id)) == NULL) {
15473 16066 mutex_exit(&dtrace_lock);
15474 16067 return (EINVAL);
15475 16068 }
15476 16069
15477 16070 aggdesc.dtagd_epid = agg->dtag_ecb->dte_epid;
15478 16071
15479 16072 nrecs = aggdesc.dtagd_nrecs;
15480 16073 aggdesc.dtagd_nrecs = 0;
15481 16074
15482 16075 offs = agg->dtag_base;
15483 16076 lrec = &agg->dtag_action.dta_rec;
15484 16077 aggdesc.dtagd_size = lrec->dtrd_offset + lrec->dtrd_size - offs;
15485 16078
15486 16079 for (act = agg->dtag_first; ; act = act->dta_next) {
15487 16080 ASSERT(act->dta_intuple ||
15488 16081 DTRACEACT_ISAGG(act->dta_kind));
15489 16082
15490 16083 /*
15491 16084 * If this action has a record size of zero, it
15492 16085 * denotes an argument to the aggregating action.
15493 16086 * Because the presence of this record doesn't (or
15494 16087 * shouldn't) affect the way the data is interpreted,
15495 16088 * we don't copy it out to save user-level the
15496 16089 * confusion of dealing with a zero-length record.
15497 16090 */
15498 16091 if (act->dta_rec.dtrd_size == 0) {
15499 16092 ASSERT(agg->dtag_hasarg);
15500 16093 continue;
15501 16094 }
15502 16095
15503 16096 aggdesc.dtagd_nrecs++;
15504 16097
15505 16098 if (act == &agg->dtag_action)
15506 16099 break;
15507 16100 }
15508 16101
15509 16102 /*
15510 16103 * Now that we have the size, we need to allocate a temporary
15511 16104 * buffer in which to store the complete description. We need
15512 16105 * the temporary buffer to be able to drop dtrace_lock()
15513 16106 * across the copyout(), below.
15514 16107 */
15515 16108 size = sizeof (dtrace_aggdesc_t) +
15516 16109 (aggdesc.dtagd_nrecs * sizeof (dtrace_recdesc_t));
15517 16110
15518 16111 buf = kmem_alloc(size, KM_SLEEP);
15519 16112 dest = (uintptr_t)buf;
15520 16113
15521 16114 bcopy(&aggdesc, (void *)dest, sizeof (aggdesc));
15522 16115 dest += offsetof(dtrace_aggdesc_t, dtagd_rec[0]);
15523 16116
15524 16117 for (act = agg->dtag_first; ; act = act->dta_next) {
15525 16118 dtrace_recdesc_t rec = act->dta_rec;
15526 16119
15527 16120 /*
15528 16121 * See the comment in the above loop for why we pass
15529 16122 * over zero-length records.
15530 16123 */
15531 16124 if (rec.dtrd_size == 0) {
15532 16125 ASSERT(agg->dtag_hasarg);
15533 16126 continue;
15534 16127 }
15535 16128
15536 16129 if (nrecs-- == 0)
15537 16130 break;
15538 16131
15539 16132 rec.dtrd_offset -= offs;
15540 16133 bcopy(&rec, (void *)dest, sizeof (rec));
15541 16134 dest += sizeof (dtrace_recdesc_t);
15542 16135
15543 16136 if (act == &agg->dtag_action)
15544 16137 break;
15545 16138 }
15546 16139
15547 16140 mutex_exit(&dtrace_lock);
15548 16141
15549 16142 if (copyout(buf, (void *)arg, dest - (uintptr_t)buf) != 0) {
15550 16143 kmem_free(buf, size);
15551 16144 return (EFAULT);
15552 16145 }
15553 16146
15554 16147 kmem_free(buf, size);
15555 16148 return (0);
15556 16149 }
15557 16150
15558 16151 case DTRACEIOC_ENABLE: {
15559 16152 dof_hdr_t *dof;
15560 16153 dtrace_enabling_t *enab = NULL;
15561 16154 dtrace_vstate_t *vstate;
15562 16155 int err = 0;
15563 16156
15564 16157 *rv = 0;
15565 16158
15566 16159 /*
15567 16160 * If a NULL argument has been passed, we take this as our
15568 16161 * cue to reevaluate our enablings.
15569 16162 */
15570 16163 if (arg == NULL) {
15571 16164 dtrace_enabling_matchall();
15572 16165
15573 16166 return (0);
15574 16167 }
15575 16168
15576 16169 if ((dof = dtrace_dof_copyin(arg, &rval)) == NULL)
15577 16170 return (rval);
15578 16171
15579 16172 mutex_enter(&cpu_lock);
15580 16173 mutex_enter(&dtrace_lock);
15581 16174 vstate = &state->dts_vstate;
15582 16175
15583 16176 if (state->dts_activity != DTRACE_ACTIVITY_INACTIVE) {
15584 16177 mutex_exit(&dtrace_lock);
15585 16178 mutex_exit(&cpu_lock);
15586 16179 dtrace_dof_destroy(dof);
15587 16180 return (EBUSY);
15588 16181 }
15589 16182
15590 16183 if (dtrace_dof_slurp(dof, vstate, cr, &enab, 0, B_TRUE) != 0) {
15591 16184 mutex_exit(&dtrace_lock);
15592 16185 mutex_exit(&cpu_lock);
15593 16186 dtrace_dof_destroy(dof);
15594 16187 return (EINVAL);
15595 16188 }
15596 16189
15597 16190 if ((rval = dtrace_dof_options(dof, state)) != 0) {
15598 16191 dtrace_enabling_destroy(enab);
15599 16192 mutex_exit(&dtrace_lock);
15600 16193 mutex_exit(&cpu_lock);
15601 16194 dtrace_dof_destroy(dof);
15602 16195 return (rval);
15603 16196 }
15604 16197
15605 16198 if ((err = dtrace_enabling_match(enab, rv)) == 0) {
15606 16199 err = dtrace_enabling_retain(enab);
15607 16200 } else {
15608 16201 dtrace_enabling_destroy(enab);
15609 16202 }
15610 16203
15611 16204 mutex_exit(&cpu_lock);
15612 16205 mutex_exit(&dtrace_lock);
15613 16206 dtrace_dof_destroy(dof);
15614 16207
15615 16208 return (err);
15616 16209 }
15617 16210
15618 16211 case DTRACEIOC_REPLICATE: {
15619 16212 dtrace_repldesc_t desc;
15620 16213 dtrace_probedesc_t *match = &desc.dtrpd_match;
15621 16214 dtrace_probedesc_t *create = &desc.dtrpd_create;
15622 16215 int err;
15623 16216
15624 16217 if (copyin((void *)arg, &desc, sizeof (desc)) != 0)
15625 16218 return (EFAULT);
15626 16219
15627 16220 match->dtpd_provider[DTRACE_PROVNAMELEN - 1] = '\0';
15628 16221 match->dtpd_mod[DTRACE_MODNAMELEN - 1] = '\0';
15629 16222 match->dtpd_func[DTRACE_FUNCNAMELEN - 1] = '\0';
15630 16223 match->dtpd_name[DTRACE_NAMELEN - 1] = '\0';
15631 16224
15632 16225 create->dtpd_provider[DTRACE_PROVNAMELEN - 1] = '\0';
15633 16226 create->dtpd_mod[DTRACE_MODNAMELEN - 1] = '\0';
15634 16227 create->dtpd_func[DTRACE_FUNCNAMELEN - 1] = '\0';
15635 16228 create->dtpd_name[DTRACE_NAMELEN - 1] = '\0';
15636 16229
15637 16230 mutex_enter(&dtrace_lock);
15638 16231 err = dtrace_enabling_replicate(state, match, create);
15639 16232 mutex_exit(&dtrace_lock);
15640 16233
15641 16234 return (err);
15642 16235 }
15643 16236
15644 16237 case DTRACEIOC_PROBEMATCH:
15645 16238 case DTRACEIOC_PROBES: {
15646 16239 dtrace_probe_t *probe = NULL;
15647 16240 dtrace_probedesc_t desc;
15648 16241 dtrace_probekey_t pkey;
15649 16242 dtrace_id_t i;
15650 16243 int m = 0;
15651 16244 uint32_t priv;
15652 16245 uid_t uid;
15653 16246 zoneid_t zoneid;
15654 16247
15655 16248 if (copyin((void *)arg, &desc, sizeof (desc)) != 0)
15656 16249 return (EFAULT);
15657 16250
15658 16251 desc.dtpd_provider[DTRACE_PROVNAMELEN - 1] = '\0';
15659 16252 desc.dtpd_mod[DTRACE_MODNAMELEN - 1] = '\0';
15660 16253 desc.dtpd_func[DTRACE_FUNCNAMELEN - 1] = '\0';
15661 16254 desc.dtpd_name[DTRACE_NAMELEN - 1] = '\0';
15662 16255
15663 16256 /*
15664 16257 * Before we attempt to match this probe, we want to give
15665 16258 * all providers the opportunity to provide it.
15666 16259 */
15667 16260 if (desc.dtpd_id == DTRACE_IDNONE) {
15668 16261 mutex_enter(&dtrace_provider_lock);
15669 16262 dtrace_probe_provide(&desc, NULL);
15670 16263 mutex_exit(&dtrace_provider_lock);
15671 16264 desc.dtpd_id++;
15672 16265 }
15673 16266
15674 16267 if (cmd == DTRACEIOC_PROBEMATCH) {
15675 16268 dtrace_probekey(&desc, &pkey);
15676 16269 pkey.dtpk_id = DTRACE_IDNONE;
15677 16270 }
15678 16271
15679 16272 dtrace_cred2priv(cr, &priv, &uid, &zoneid);
15680 16273
15681 16274 mutex_enter(&dtrace_lock);
15682 16275
15683 16276 if (cmd == DTRACEIOC_PROBEMATCH) {
15684 16277 for (i = desc.dtpd_id; i <= dtrace_nprobes; i++) {
15685 16278 if ((probe = dtrace_probes[i - 1]) != NULL &&
15686 16279 (m = dtrace_match_probe(probe, &pkey,
15687 16280 priv, uid, zoneid)) != 0)
15688 16281 break;
15689 16282 }
15690 16283
15691 16284 if (m < 0) {
15692 16285 mutex_exit(&dtrace_lock);
15693 16286 return (EINVAL);
15694 16287 }
15695 16288
15696 16289 } else {
15697 16290 for (i = desc.dtpd_id; i <= dtrace_nprobes; i++) {
15698 16291 if ((probe = dtrace_probes[i - 1]) != NULL &&
15699 16292 dtrace_match_priv(probe, priv, uid, zoneid))
15700 16293 break;
15701 16294 }
15702 16295 }
15703 16296
15704 16297 if (probe == NULL) {
15705 16298 mutex_exit(&dtrace_lock);
15706 16299 return (ESRCH);
15707 16300 }
15708 16301
15709 16302 dtrace_probe_description(probe, &desc);
15710 16303 mutex_exit(&dtrace_lock);
15711 16304
15712 16305 if (copyout(&desc, (void *)arg, sizeof (desc)) != 0)
15713 16306 return (EFAULT);
15714 16307
15715 16308 return (0);
15716 16309 }
15717 16310
15718 16311 case DTRACEIOC_PROBEARG: {
15719 16312 dtrace_argdesc_t desc;
15720 16313 dtrace_probe_t *probe;
15721 16314 dtrace_provider_t *prov;
15722 16315
15723 16316 if (copyin((void *)arg, &desc, sizeof (desc)) != 0)
15724 16317 return (EFAULT);
15725 16318
15726 16319 if (desc.dtargd_id == DTRACE_IDNONE)
15727 16320 return (EINVAL);
15728 16321
15729 16322 if (desc.dtargd_ndx == DTRACE_ARGNONE)
15730 16323 return (EINVAL);
15731 16324
15732 16325 mutex_enter(&dtrace_provider_lock);
15733 16326 mutex_enter(&mod_lock);
15734 16327 mutex_enter(&dtrace_lock);
15735 16328
15736 16329 if (desc.dtargd_id > dtrace_nprobes) {
15737 16330 mutex_exit(&dtrace_lock);
15738 16331 mutex_exit(&mod_lock);
15739 16332 mutex_exit(&dtrace_provider_lock);
15740 16333 return (EINVAL);
15741 16334 }
15742 16335
15743 16336 if ((probe = dtrace_probes[desc.dtargd_id - 1]) == NULL) {
15744 16337 mutex_exit(&dtrace_lock);
15745 16338 mutex_exit(&mod_lock);
15746 16339 mutex_exit(&dtrace_provider_lock);
15747 16340 return (EINVAL);
15748 16341 }
15749 16342
15750 16343 mutex_exit(&dtrace_lock);
15751 16344
15752 16345 prov = probe->dtpr_provider;
15753 16346
15754 16347 if (prov->dtpv_pops.dtps_getargdesc == NULL) {
15755 16348 /*
15756 16349 * There isn't any typed information for this probe.
15757 16350 * Set the argument number to DTRACE_ARGNONE.
15758 16351 */
15759 16352 desc.dtargd_ndx = DTRACE_ARGNONE;
15760 16353 } else {
15761 16354 desc.dtargd_native[0] = '\0';
15762 16355 desc.dtargd_xlate[0] = '\0';
15763 16356 desc.dtargd_mapping = desc.dtargd_ndx;
15764 16357
15765 16358 prov->dtpv_pops.dtps_getargdesc(prov->dtpv_arg,
15766 16359 probe->dtpr_id, probe->dtpr_arg, &desc);
15767 16360 }
15768 16361
15769 16362 mutex_exit(&mod_lock);
15770 16363 mutex_exit(&dtrace_provider_lock);
15771 16364
15772 16365 if (copyout(&desc, (void *)arg, sizeof (desc)) != 0)
15773 16366 return (EFAULT);
15774 16367
15775 16368 return (0);
15776 16369 }
15777 16370
15778 16371 case DTRACEIOC_GO: {
15779 16372 processorid_t cpuid;
15780 16373 rval = dtrace_state_go(state, &cpuid);
15781 16374
15782 16375 if (rval != 0)
15783 16376 return (rval);
15784 16377
15785 16378 if (copyout(&cpuid, (void *)arg, sizeof (cpuid)) != 0)
15786 16379 return (EFAULT);
15787 16380
15788 16381 return (0);
15789 16382 }
15790 16383
15791 16384 case DTRACEIOC_STOP: {
15792 16385 processorid_t cpuid;
15793 16386
15794 16387 mutex_enter(&dtrace_lock);
15795 16388 rval = dtrace_state_stop(state, &cpuid);
15796 16389 mutex_exit(&dtrace_lock);
15797 16390
15798 16391 if (rval != 0)
15799 16392 return (rval);
15800 16393
15801 16394 if (copyout(&cpuid, (void *)arg, sizeof (cpuid)) != 0)
15802 16395 return (EFAULT);
15803 16396
15804 16397 return (0);
15805 16398 }
15806 16399
15807 16400 case DTRACEIOC_DOFGET: {
15808 16401 dof_hdr_t hdr, *dof;
15809 16402 uint64_t len;
15810 16403
15811 16404 if (copyin((void *)arg, &hdr, sizeof (hdr)) != 0)
15812 16405 return (EFAULT);
15813 16406
15814 16407 mutex_enter(&dtrace_lock);
15815 16408 dof = dtrace_dof_create(state);
15816 16409 mutex_exit(&dtrace_lock);
15817 16410
15818 16411 len = MIN(hdr.dofh_loadsz, dof->dofh_loadsz);
15819 16412 rval = copyout(dof, (void *)arg, len);
15820 16413 dtrace_dof_destroy(dof);
15821 16414
15822 16415 return (rval == 0 ? 0 : EFAULT);
15823 16416 }
15824 16417
15825 16418 case DTRACEIOC_AGGSNAP:
15826 16419 case DTRACEIOC_BUFSNAP: {
15827 16420 dtrace_bufdesc_t desc;
15828 16421 caddr_t cached;
15829 16422 dtrace_buffer_t *buf;
15830 16423
15831 16424 if (copyin((void *)arg, &desc, sizeof (desc)) != 0)
15832 16425 return (EFAULT);
15833 16426
15834 16427 if (desc.dtbd_cpu < 0 || desc.dtbd_cpu >= NCPU)
15835 16428 return (EINVAL);
15836 16429
15837 16430 mutex_enter(&dtrace_lock);
15838 16431
15839 16432 if (cmd == DTRACEIOC_BUFSNAP) {
15840 16433 buf = &state->dts_buffer[desc.dtbd_cpu];
15841 16434 } else {
15842 16435 buf = &state->dts_aggbuffer[desc.dtbd_cpu];
15843 16436 }
15844 16437
15845 16438 if (buf->dtb_flags & (DTRACEBUF_RING | DTRACEBUF_FILL)) {
15846 16439 size_t sz = buf->dtb_offset;
15847 16440
15848 16441 if (state->dts_activity != DTRACE_ACTIVITY_STOPPED) {
15849 16442 mutex_exit(&dtrace_lock);
15850 16443 return (EBUSY);
15851 16444 }
15852 16445
15853 16446 /*
15854 16447 * If this buffer has already been consumed, we're
15855 16448 * going to indicate that there's nothing left here
15856 16449 * to consume.
15857 16450 */
15858 16451 if (buf->dtb_flags & DTRACEBUF_CONSUMED) {
15859 16452 mutex_exit(&dtrace_lock);
15860 16453
15861 16454 desc.dtbd_size = 0;
15862 16455 desc.dtbd_drops = 0;
15863 16456 desc.dtbd_errors = 0;
15864 16457 desc.dtbd_oldest = 0;
15865 16458 sz = sizeof (desc);
15866 16459
15867 16460 if (copyout(&desc, (void *)arg, sz) != 0)
15868 16461 return (EFAULT);
15869 16462
15870 16463 return (0);
15871 16464 }
15872 16465
15873 16466 /*
15874 16467 * If this is a ring buffer that has wrapped, we want
15875 16468 * to copy the whole thing out.
15876 16469 */
15877 16470 if (buf->dtb_flags & DTRACEBUF_WRAPPED) {
15878 16471 dtrace_buffer_polish(buf);
15879 16472 sz = buf->dtb_size;
15880 16473 }
15881 16474
15882 16475 if (copyout(buf->dtb_tomax, desc.dtbd_data, sz) != 0) {
15883 16476 mutex_exit(&dtrace_lock);
15884 16477 return (EFAULT);
15885 16478 }
15886 16479
15887 16480 desc.dtbd_size = sz;
15888 16481 desc.dtbd_drops = buf->dtb_drops;
15889 16482 desc.dtbd_errors = buf->dtb_errors;
15890 16483 desc.dtbd_oldest = buf->dtb_xamot_offset;
15891 16484 desc.dtbd_timestamp = dtrace_gethrtime();
15892 16485
15893 16486 mutex_exit(&dtrace_lock);
15894 16487
15895 16488 if (copyout(&desc, (void *)arg, sizeof (desc)) != 0)
15896 16489 return (EFAULT);
15897 16490
15898 16491 buf->dtb_flags |= DTRACEBUF_CONSUMED;
15899 16492
15900 16493 return (0);
15901 16494 }
15902 16495
15903 16496 if (buf->dtb_tomax == NULL) {
15904 16497 ASSERT(buf->dtb_xamot == NULL);
15905 16498 mutex_exit(&dtrace_lock);
15906 16499 return (ENOENT);
15907 16500 }
15908 16501
15909 16502 cached = buf->dtb_tomax;
15910 16503 ASSERT(!(buf->dtb_flags & DTRACEBUF_NOSWITCH));
15911 16504
15912 16505 dtrace_xcall(desc.dtbd_cpu,
15913 16506 (dtrace_xcall_t)dtrace_buffer_switch, buf);
15914 16507
15915 16508 state->dts_errors += buf->dtb_xamot_errors;
15916 16509
15917 16510 /*
15918 16511 * If the buffers did not actually switch, then the cross call
15919 16512 * did not take place -- presumably because the given CPU is
15920 16513 * not in the ready set. If this is the case, we'll return
15921 16514 * ENOENT.
15922 16515 */
15923 16516 if (buf->dtb_tomax == cached) {
15924 16517 ASSERT(buf->dtb_xamot != cached);
15925 16518 mutex_exit(&dtrace_lock);
15926 16519 return (ENOENT);
15927 16520 }
15928 16521
15929 16522 ASSERT(cached == buf->dtb_xamot);
15930 16523
15931 16524 /*
15932 16525 * We have our snapshot; now copy it out.
15933 16526 */
15934 16527 if (copyout(buf->dtb_xamot, desc.dtbd_data,
15935 16528 buf->dtb_xamot_offset) != 0) {
15936 16529 mutex_exit(&dtrace_lock);
15937 16530 return (EFAULT);
15938 16531 }
15939 16532
15940 16533 desc.dtbd_size = buf->dtb_xamot_offset;
15941 16534 desc.dtbd_drops = buf->dtb_xamot_drops;
15942 16535 desc.dtbd_errors = buf->dtb_xamot_errors;
15943 16536 desc.dtbd_oldest = 0;
15944 16537 desc.dtbd_timestamp = buf->dtb_switched;
15945 16538
15946 16539 mutex_exit(&dtrace_lock);
15947 16540
15948 16541 /*
15949 16542 * Finally, copy out the buffer description.
15950 16543 */
15951 16544 if (copyout(&desc, (void *)arg, sizeof (desc)) != 0)
15952 16545 return (EFAULT);
15953 16546
15954 16547 return (0);
15955 16548 }
15956 16549
15957 16550 case DTRACEIOC_CONF: {
15958 16551 dtrace_conf_t conf;
15959 16552
15960 16553 bzero(&conf, sizeof (conf));
15961 16554 conf.dtc_difversion = DIF_VERSION;
15962 16555 conf.dtc_difintregs = DIF_DIR_NREGS;
15963 16556 conf.dtc_diftupregs = DIF_DTR_NREGS;
15964 16557 conf.dtc_ctfmodel = CTF_MODEL_NATIVE;
15965 16558
15966 16559 if (copyout(&conf, (void *)arg, sizeof (conf)) != 0)
15967 16560 return (EFAULT);
15968 16561
15969 16562 return (0);
15970 16563 }
15971 16564
15972 16565 case DTRACEIOC_STATUS: {
15973 16566 dtrace_status_t stat;
15974 16567 dtrace_dstate_t *dstate;
15975 16568 int i, j;
15976 16569 uint64_t nerrs;
15977 16570
15978 16571 /*
15979 16572 * See the comment in dtrace_state_deadman() for the reason
15980 16573 * for setting dts_laststatus to INT64_MAX before setting
15981 16574 * it to the correct value.
15982 16575 */
15983 16576 state->dts_laststatus = INT64_MAX;
15984 16577 dtrace_membar_producer();
15985 16578 state->dts_laststatus = dtrace_gethrtime();
15986 16579
15987 16580 bzero(&stat, sizeof (stat));
15988 16581
15989 16582 mutex_enter(&dtrace_lock);
15990 16583
15991 16584 if (state->dts_activity == DTRACE_ACTIVITY_INACTIVE) {
15992 16585 mutex_exit(&dtrace_lock);
15993 16586 return (ENOENT);
15994 16587 }
15995 16588
15996 16589 if (state->dts_activity == DTRACE_ACTIVITY_DRAINING)
15997 16590 stat.dtst_exiting = 1;
15998 16591
15999 16592 nerrs = state->dts_errors;
16000 16593 dstate = &state->dts_vstate.dtvs_dynvars;
16001 16594
16002 16595 for (i = 0; i < NCPU; i++) {
16003 16596 dtrace_dstate_percpu_t *dcpu = &dstate->dtds_percpu[i];
16004 16597
16005 16598 stat.dtst_dyndrops += dcpu->dtdsc_drops;
16006 16599 stat.dtst_dyndrops_dirty += dcpu->dtdsc_dirty_drops;
16007 16600 stat.dtst_dyndrops_rinsing += dcpu->dtdsc_rinsing_drops;
16008 16601
16009 16602 if (state->dts_buffer[i].dtb_flags & DTRACEBUF_FULL)
16010 16603 stat.dtst_filled++;
16011 16604
16012 16605 nerrs += state->dts_buffer[i].dtb_errors;
16013 16606
16014 16607 for (j = 0; j < state->dts_nspeculations; j++) {
16015 16608 dtrace_speculation_t *spec;
16016 16609 dtrace_buffer_t *buf;
16017 16610
16018 16611 spec = &state->dts_speculations[j];
16019 16612 buf = &spec->dtsp_buffer[i];
16020 16613 stat.dtst_specdrops += buf->dtb_xamot_drops;
16021 16614 }
16022 16615 }
16023 16616
16024 16617 stat.dtst_specdrops_busy = state->dts_speculations_busy;
16025 16618 stat.dtst_specdrops_unavail = state->dts_speculations_unavail;
16026 16619 stat.dtst_stkstroverflows = state->dts_stkstroverflows;
16027 16620 stat.dtst_dblerrors = state->dts_dblerrors;
16028 16621 stat.dtst_killed =
16029 16622 (state->dts_activity == DTRACE_ACTIVITY_KILLED);
16030 16623 stat.dtst_errors = nerrs;
16031 16624
16032 16625 mutex_exit(&dtrace_lock);
16033 16626
16034 16627 if (copyout(&stat, (void *)arg, sizeof (stat)) != 0)
16035 16628 return (EFAULT);
16036 16629
16037 16630 return (0);
16038 16631 }
16039 16632
16040 16633 case DTRACEIOC_FORMAT: {
16041 16634 dtrace_fmtdesc_t fmt;
16042 16635 char *str;
16043 16636 int len;
16044 16637
16045 16638 if (copyin((void *)arg, &fmt, sizeof (fmt)) != 0)
16046 16639 return (EFAULT);
16047 16640
16048 16641 mutex_enter(&dtrace_lock);
16049 16642
16050 16643 if (fmt.dtfd_format == 0 ||
16051 16644 fmt.dtfd_format > state->dts_nformats) {
16052 16645 mutex_exit(&dtrace_lock);
16053 16646 return (EINVAL);
16054 16647 }
16055 16648
16056 16649 /*
16057 16650 * Format strings are allocated contiguously and they are
16058 16651 * never freed; if a format index is less than the number
16059 16652 * of formats, we can assert that the format map is non-NULL
16060 16653 * and that the format for the specified index is non-NULL.
16061 16654 */
16062 16655 ASSERT(state->dts_formats != NULL);
16063 16656 str = state->dts_formats[fmt.dtfd_format - 1];
16064 16657 ASSERT(str != NULL);
16065 16658
16066 16659 len = strlen(str) + 1;
16067 16660
16068 16661 if (len > fmt.dtfd_length) {
16069 16662 fmt.dtfd_length = len;
16070 16663
16071 16664 if (copyout(&fmt, (void *)arg, sizeof (fmt)) != 0) {
16072 16665 mutex_exit(&dtrace_lock);
16073 16666 return (EINVAL);
16074 16667 }
16075 16668 } else {
16076 16669 if (copyout(str, fmt.dtfd_string, len) != 0) {
16077 16670 mutex_exit(&dtrace_lock);
16078 16671 return (EINVAL);
16079 16672 }
16080 16673 }
16081 16674
16082 16675 mutex_exit(&dtrace_lock);
16083 16676 return (0);
16084 16677 }
16085 16678
16086 16679 default:
16087 16680 break;
16088 16681 }
16089 16682
16090 16683 return (ENOTTY);
16091 16684 }
16092 16685
16093 16686 /*ARGSUSED*/
16094 16687 static int
16095 16688 dtrace_detach(dev_info_t *dip, ddi_detach_cmd_t cmd)
16096 16689 {
16097 16690 dtrace_state_t *state;
16098 16691
16099 16692 switch (cmd) {
16100 16693 case DDI_DETACH:
16101 16694 break;
16102 16695
16103 16696 case DDI_SUSPEND:
16104 16697 return (DDI_SUCCESS);
16105 16698
16106 16699 default:
16107 16700 return (DDI_FAILURE);
16108 16701 }
16109 16702
16110 16703 mutex_enter(&cpu_lock);
16111 16704 mutex_enter(&dtrace_provider_lock);
16112 16705 mutex_enter(&dtrace_lock);
16113 16706
16114 16707 ASSERT(dtrace_opens == 0);
16115 16708
16116 16709 if (dtrace_helpers > 0) {
16117 16710 mutex_exit(&dtrace_provider_lock);
16118 16711 mutex_exit(&dtrace_lock);
16119 16712 mutex_exit(&cpu_lock);
16120 16713 return (DDI_FAILURE);
16121 16714 }
16122 16715
16123 16716 if (dtrace_unregister((dtrace_provider_id_t)dtrace_provider) != 0) {
16124 16717 mutex_exit(&dtrace_provider_lock);
16125 16718 mutex_exit(&dtrace_lock);
16126 16719 mutex_exit(&cpu_lock);
16127 16720 return (DDI_FAILURE);
16128 16721 }
16129 16722
16130 16723 dtrace_provider = NULL;
16131 16724
16132 16725 if ((state = dtrace_anon_grab()) != NULL) {
16133 16726 /*
16134 16727 * If there were ECBs on this state, the provider should
16135 16728 * have not been allowed to detach; assert that there is
16136 16729 * none.
16137 16730 */
16138 16731 ASSERT(state->dts_necbs == 0);
16139 16732 dtrace_state_destroy(state);
16140 16733
16141 16734 /*
16142 16735 * If we're being detached with anonymous state, we need to
16143 16736 * indicate to the kernel debugger that DTrace is now inactive.
16144 16737 */
16145 16738 (void) kdi_dtrace_set(KDI_DTSET_DTRACE_DEACTIVATE);
16146 16739 }
16147 16740
16148 16741 bzero(&dtrace_anon, sizeof (dtrace_anon_t));
16149 16742 unregister_cpu_setup_func((cpu_setup_func_t *)dtrace_cpu_setup, NULL);
16150 16743 dtrace_cpu_init = NULL;
16151 16744 dtrace_helpers_cleanup = NULL;
16152 16745 dtrace_helpers_fork = NULL;
16153 16746 dtrace_cpustart_init = NULL;
16154 16747 dtrace_cpustart_fini = NULL;
16155 16748 dtrace_debugger_init = NULL;
16156 16749 dtrace_debugger_fini = NULL;
16157 16750 dtrace_modload = NULL;
16158 16751 dtrace_modunload = NULL;
16159 16752
16160 16753 ASSERT(dtrace_getf == 0);
16161 16754 ASSERT(dtrace_closef == NULL);
16162 16755
16163 16756 mutex_exit(&cpu_lock);
16164 16757
16165 16758 kmem_free(dtrace_probes, dtrace_nprobes * sizeof (dtrace_probe_t *));
16166 16759 dtrace_probes = NULL;
16167 16760 dtrace_nprobes = 0;
16168 16761
16169 16762 dtrace_hash_destroy(dtrace_bymod);
16170 16763 dtrace_hash_destroy(dtrace_byfunc);
16171 16764 dtrace_hash_destroy(dtrace_byname);
16172 16765 dtrace_bymod = NULL;
16173 16766 dtrace_byfunc = NULL;
16174 16767 dtrace_byname = NULL;
16175 16768
16176 16769 kmem_cache_destroy(dtrace_state_cache);
16177 16770 vmem_destroy(dtrace_minor);
16178 16771 vmem_destroy(dtrace_arena);
16179 16772
16180 16773 if (dtrace_toxrange != NULL) {
16181 16774 kmem_free(dtrace_toxrange,
16182 16775 dtrace_toxranges_max * sizeof (dtrace_toxrange_t));
16183 16776 dtrace_toxrange = NULL;
16184 16777 dtrace_toxranges = 0;
16185 16778 dtrace_toxranges_max = 0;
16186 16779 }
16187 16780
16188 16781 ddi_remove_minor_node(dtrace_devi, NULL);
16189 16782 dtrace_devi = NULL;
16190 16783
16191 16784 ddi_soft_state_fini(&dtrace_softstate);
16192 16785
16193 16786 ASSERT(dtrace_vtime_references == 0);
16194 16787 ASSERT(dtrace_opens == 0);
16195 16788 ASSERT(dtrace_retained == NULL);
16196 16789
16197 16790 mutex_exit(&dtrace_lock);
16198 16791 mutex_exit(&dtrace_provider_lock);
16199 16792
16200 16793 /*
16201 16794 * We don't destroy the task queue until after we have dropped our
16202 16795 * locks (taskq_destroy() may block on running tasks). To prevent
16203 16796 * attempting to do work after we have effectively detached but before
16204 16797 * the task queue has been destroyed, all tasks dispatched via the
16205 16798 * task queue must check that DTrace is still attached before
16206 16799 * performing any operation.
16207 16800 */
16208 16801 taskq_destroy(dtrace_taskq);
16209 16802 dtrace_taskq = NULL;
16210 16803
16211 16804 return (DDI_SUCCESS);
16212 16805 }
16213 16806
16214 16807 /*ARGSUSED*/
16215 16808 static int
16216 16809 dtrace_info(dev_info_t *dip, ddi_info_cmd_t infocmd, void *arg, void **result)
16217 16810 {
16218 16811 int error;
16219 16812
16220 16813 switch (infocmd) {
16221 16814 case DDI_INFO_DEVT2DEVINFO:
16222 16815 *result = (void *)dtrace_devi;
16223 16816 error = DDI_SUCCESS;
16224 16817 break;
16225 16818 case DDI_INFO_DEVT2INSTANCE:
16226 16819 *result = (void *)0;
16227 16820 error = DDI_SUCCESS;
16228 16821 break;
16229 16822 default:
16230 16823 error = DDI_FAILURE;
16231 16824 }
16232 16825 return (error);
16233 16826 }
16234 16827
16235 16828 static struct cb_ops dtrace_cb_ops = {
16236 16829 dtrace_open, /* open */
16237 16830 dtrace_close, /* close */
16238 16831 nulldev, /* strategy */
16239 16832 nulldev, /* print */
16240 16833 nodev, /* dump */
16241 16834 nodev, /* read */
16242 16835 nodev, /* write */
16243 16836 dtrace_ioctl, /* ioctl */
16244 16837 nodev, /* devmap */
16245 16838 nodev, /* mmap */
16246 16839 nodev, /* segmap */
16247 16840 nochpoll, /* poll */
16248 16841 ddi_prop_op, /* cb_prop_op */
16249 16842 0, /* streamtab */
16250 16843 D_NEW | D_MP /* Driver compatibility flag */
16251 16844 };
16252 16845
16253 16846 static struct dev_ops dtrace_ops = {
16254 16847 DEVO_REV, /* devo_rev */
16255 16848 0, /* refcnt */
16256 16849 dtrace_info, /* get_dev_info */
16257 16850 nulldev, /* identify */
16258 16851 nulldev, /* probe */
16259 16852 dtrace_attach, /* attach */
16260 16853 dtrace_detach, /* detach */
16261 16854 nodev, /* reset */
16262 16855 &dtrace_cb_ops, /* driver operations */
16263 16856 NULL, /* bus operations */
16264 16857 nodev, /* dev power */
16265 16858 ddi_quiesce_not_needed, /* quiesce */
16266 16859 };
16267 16860
16268 16861 static struct modldrv modldrv = {
16269 16862 &mod_driverops, /* module type (this is a pseudo driver) */
16270 16863 "Dynamic Tracing", /* name of module */
16271 16864 &dtrace_ops, /* driver ops */
16272 16865 };
16273 16866
16274 16867 static struct modlinkage modlinkage = {
16275 16868 MODREV_1,
16276 16869 (void *)&modldrv,
16277 16870 NULL
16278 16871 };
16279 16872
16280 16873 int
16281 16874 _init(void)
16282 16875 {
16283 16876 return (mod_install(&modlinkage));
16284 16877 }
16285 16878
16286 16879 int
16287 16880 _info(struct modinfo *modinfop)
16288 16881 {
16289 16882 return (mod_info(&modlinkage, modinfop));
16290 16883 }
16291 16884
16292 16885 int
16293 16886 _fini(void)
16294 16887 {
16295 16888 return (mod_remove(&modlinkage));
16296 16889 }
|
↓ open down ↓ |
7394 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX