Print this page
4477 DTrace should speak JSON
Reviewed by: Bryan Cantrill <bmc@joyent.com>
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/uts/common/dtrace/dtrace.c
+++ new/usr/src/uts/common/dtrace/dtrace.c
1 1 /*
2 2 * CDDL HEADER START
3 3 *
4 4 * The contents of this file are subject to the terms of the
5 5 * Common Development and Distribution License (the "License").
6 6 * You may not use this file except in compliance with the License.
7 7 *
8 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 9 * or http://www.opensolaris.org/os/licensing.
10 10 * See the License for the specific language governing permissions
11 11 * and limitations under the License.
12 12 *
13 13 * When distributing Covered Code, include this CDDL HEADER in each
14 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 15 * If applicable, add the following below this CDDL HEADER, with the
16 16 * fields enclosed by brackets "[]" replaced with your own identifying
17 17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 18 *
19 19 * CDDL HEADER END
20 20 */
21 21
22 22 /*
23 23 * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
24 24 * Copyright (c) 2013, Joyent, Inc. All rights reserved.
25 25 * Copyright (c) 2012 by Delphix. All rights reserved.
26 26 */
27 27
28 28 /*
29 29 * DTrace - Dynamic Tracing for Solaris
30 30 *
31 31 * This is the implementation of the Solaris Dynamic Tracing framework
32 32 * (DTrace). The user-visible interface to DTrace is described at length in
33 33 * the "Solaris Dynamic Tracing Guide". The interfaces between the libdtrace
34 34 * library, the in-kernel DTrace framework, and the DTrace providers are
35 35 * described in the block comments in the <sys/dtrace.h> header file. The
36 36 * internal architecture of DTrace is described in the block comments in the
37 37 * <sys/dtrace_impl.h> header file. The comments contained within the DTrace
38 38 * implementation very much assume mastery of all of these sources; if one has
39 39 * an unanswered question about the implementation, one should consult them
40 40 * first.
41 41 *
42 42 * The functions here are ordered roughly as follows:
43 43 *
44 44 * - Probe context functions
45 45 * - Probe hashing functions
46 46 * - Non-probe context utility functions
47 47 * - Matching functions
48 48 * - Provider-to-Framework API functions
49 49 * - Probe management functions
50 50 * - DIF object functions
51 51 * - Format functions
52 52 * - Predicate functions
53 53 * - ECB functions
54 54 * - Buffer functions
55 55 * - Enabling functions
56 56 * - DOF functions
57 57 * - Anonymous enabling functions
58 58 * - Consumer state functions
59 59 * - Helper functions
60 60 * - Hook functions
61 61 * - Driver cookbook functions
62 62 *
63 63 * Each group of functions begins with a block comment labelled the "DTrace
64 64 * [Group] Functions", allowing one to find each block by searching forward
65 65 * on capital-f functions.
66 66 */
67 67 #include <sys/errno.h>
68 68 #include <sys/stat.h>
69 69 #include <sys/modctl.h>
70 70 #include <sys/conf.h>
71 71 #include <sys/systm.h>
72 72 #include <sys/ddi.h>
73 73 #include <sys/sunddi.h>
74 74 #include <sys/cpuvar.h>
75 75 #include <sys/kmem.h>
76 76 #include <sys/strsubr.h>
77 77 #include <sys/sysmacros.h>
78 78 #include <sys/dtrace_impl.h>
79 79 #include <sys/atomic.h>
80 80 #include <sys/cmn_err.h>
81 81 #include <sys/mutex_impl.h>
82 82 #include <sys/rwlock_impl.h>
83 83 #include <sys/ctf_api.h>
84 84 #include <sys/panic.h>
|
↓ open down ↓ |
84 lines elided |
↑ open up ↑ |
85 85 #include <sys/priv_impl.h>
86 86 #include <sys/policy.h>
87 87 #include <sys/cred_impl.h>
88 88 #include <sys/procfs_isa.h>
89 89 #include <sys/taskq.h>
90 90 #include <sys/mkdev.h>
91 91 #include <sys/kdi.h>
92 92 #include <sys/zone.h>
93 93 #include <sys/socket.h>
94 94 #include <netinet/in.h>
95 +#include "strtolctype.h"
95 96
96 97 /*
97 98 * DTrace Tunable Variables
98 99 *
99 100 * The following variables may be tuned by adding a line to /etc/system that
100 101 * includes both the name of the DTrace module ("dtrace") and the name of the
101 102 * variable. For example:
102 103 *
103 104 * set dtrace:dtrace_destructive_disallow = 1
104 105 *
105 106 * In general, the only variables that one should be tuning this way are those
106 107 * that affect system-wide DTrace behavior, and for which the default behavior
107 108 * is undesirable. Most of these variables are tunable on a per-consumer
108 109 * basis using DTrace options, and need not be tuned on a system-wide basis.
109 110 * When tuning these variables, avoid pathological values; while some attempt
110 111 * is made to verify the integrity of these variables, they are not considered
111 112 * part of the supported interface to DTrace, and they are therefore not
112 113 * checked comprehensively. Further, these variables should not be tuned
113 114 * dynamically via "mdb -kw" or other means; they should only be tuned via
114 115 * /etc/system.
115 116 */
116 117 int dtrace_destructive_disallow = 0;
117 118 dtrace_optval_t dtrace_nonroot_maxsize = (16 * 1024 * 1024);
118 119 size_t dtrace_difo_maxsize = (256 * 1024);
119 120 dtrace_optval_t dtrace_dof_maxsize = (256 * 1024);
120 121 size_t dtrace_global_maxsize = (16 * 1024);
121 122 size_t dtrace_actions_max = (16 * 1024);
122 123 size_t dtrace_retain_max = 1024;
123 124 dtrace_optval_t dtrace_helper_actions_max = 1024;
124 125 dtrace_optval_t dtrace_helper_providers_max = 32;
125 126 dtrace_optval_t dtrace_dstate_defsize = (1 * 1024 * 1024);
126 127 size_t dtrace_strsize_default = 256;
127 128 dtrace_optval_t dtrace_cleanrate_default = 9900990; /* 101 hz */
128 129 dtrace_optval_t dtrace_cleanrate_min = 200000; /* 5000 hz */
129 130 dtrace_optval_t dtrace_cleanrate_max = (uint64_t)60 * NANOSEC; /* 1/minute */
130 131 dtrace_optval_t dtrace_aggrate_default = NANOSEC; /* 1 hz */
131 132 dtrace_optval_t dtrace_statusrate_default = NANOSEC; /* 1 hz */
132 133 dtrace_optval_t dtrace_statusrate_max = (hrtime_t)10 * NANOSEC; /* 6/minute */
133 134 dtrace_optval_t dtrace_switchrate_default = NANOSEC; /* 1 hz */
134 135 dtrace_optval_t dtrace_nspec_default = 1;
135 136 dtrace_optval_t dtrace_specsize_default = 32 * 1024;
136 137 dtrace_optval_t dtrace_stackframes_default = 20;
137 138 dtrace_optval_t dtrace_ustackframes_default = 20;
138 139 dtrace_optval_t dtrace_jstackframes_default = 50;
139 140 dtrace_optval_t dtrace_jstackstrsize_default = 512;
140 141 int dtrace_msgdsize_max = 128;
141 142 hrtime_t dtrace_chill_max = 500 * (NANOSEC / MILLISEC); /* 500 ms */
142 143 hrtime_t dtrace_chill_interval = NANOSEC; /* 1000 ms */
143 144 int dtrace_devdepth_max = 32;
144 145 int dtrace_err_verbose;
145 146 hrtime_t dtrace_deadman_interval = NANOSEC;
146 147 hrtime_t dtrace_deadman_timeout = (hrtime_t)10 * NANOSEC;
147 148 hrtime_t dtrace_deadman_user = (hrtime_t)30 * NANOSEC;
148 149 hrtime_t dtrace_unregister_defunct_reap = (hrtime_t)60 * NANOSEC;
149 150
150 151 /*
151 152 * DTrace External Variables
152 153 *
153 154 * As dtrace(7D) is a kernel module, any DTrace variables are obviously
154 155 * available to DTrace consumers via the backtick (`) syntax. One of these,
155 156 * dtrace_zero, is made deliberately so: it is provided as a source of
156 157 * well-known, zero-filled memory. While this variable is not documented,
157 158 * it is used by some translators as an implementation detail.
158 159 */
159 160 const char dtrace_zero[256] = { 0 }; /* zero-filled memory */
160 161
161 162 /*
162 163 * DTrace Internal Variables
163 164 */
164 165 static dev_info_t *dtrace_devi; /* device info */
165 166 static vmem_t *dtrace_arena; /* probe ID arena */
166 167 static vmem_t *dtrace_minor; /* minor number arena */
167 168 static taskq_t *dtrace_taskq; /* task queue */
168 169 static dtrace_probe_t **dtrace_probes; /* array of all probes */
169 170 static int dtrace_nprobes; /* number of probes */
170 171 static dtrace_provider_t *dtrace_provider; /* provider list */
171 172 static dtrace_meta_t *dtrace_meta_pid; /* user-land meta provider */
172 173 static int dtrace_opens; /* number of opens */
173 174 static int dtrace_helpers; /* number of helpers */
174 175 static int dtrace_getf; /* number of unpriv getf()s */
175 176 static void *dtrace_softstate; /* softstate pointer */
176 177 static dtrace_hash_t *dtrace_bymod; /* probes hashed by module */
177 178 static dtrace_hash_t *dtrace_byfunc; /* probes hashed by function */
178 179 static dtrace_hash_t *dtrace_byname; /* probes hashed by name */
179 180 static dtrace_toxrange_t *dtrace_toxrange; /* toxic range array */
180 181 static int dtrace_toxranges; /* number of toxic ranges */
181 182 static int dtrace_toxranges_max; /* size of toxic range array */
182 183 static dtrace_anon_t dtrace_anon; /* anonymous enabling */
183 184 static kmem_cache_t *dtrace_state_cache; /* cache for dynamic state */
184 185 static uint64_t dtrace_vtime_references; /* number of vtimestamp refs */
185 186 static kthread_t *dtrace_panicked; /* panicking thread */
186 187 static dtrace_ecb_t *dtrace_ecb_create_cache; /* cached created ECB */
187 188 static dtrace_genid_t dtrace_probegen; /* current probe generation */
188 189 static dtrace_helpers_t *dtrace_deferred_pid; /* deferred helper list */
189 190 static dtrace_enabling_t *dtrace_retained; /* list of retained enablings */
190 191 static dtrace_genid_t dtrace_retained_gen; /* current retained enab gen */
191 192 static dtrace_dynvar_t dtrace_dynhash_sink; /* end of dynamic hash chains */
192 193 static int dtrace_dynvar_failclean; /* dynvars failed to clean */
193 194
194 195 /*
195 196 * DTrace Locking
196 197 * DTrace is protected by three (relatively coarse-grained) locks:
197 198 *
198 199 * (1) dtrace_lock is required to manipulate essentially any DTrace state,
199 200 * including enabling state, probes, ECBs, consumer state, helper state,
200 201 * etc. Importantly, dtrace_lock is _not_ required when in probe context;
201 202 * probe context is lock-free -- synchronization is handled via the
202 203 * dtrace_sync() cross call mechanism.
203 204 *
204 205 * (2) dtrace_provider_lock is required when manipulating provider state, or
205 206 * when provider state must be held constant.
206 207 *
207 208 * (3) dtrace_meta_lock is required when manipulating meta provider state, or
208 209 * when meta provider state must be held constant.
209 210 *
210 211 * The lock ordering between these three locks is dtrace_meta_lock before
211 212 * dtrace_provider_lock before dtrace_lock. (In particular, there are
212 213 * several places where dtrace_provider_lock is held by the framework as it
213 214 * calls into the providers -- which then call back into the framework,
214 215 * grabbing dtrace_lock.)
215 216 *
216 217 * There are two other locks in the mix: mod_lock and cpu_lock. With respect
217 218 * to dtrace_provider_lock and dtrace_lock, cpu_lock continues its historical
218 219 * role as a coarse-grained lock; it is acquired before both of these locks.
219 220 * With respect to dtrace_meta_lock, its behavior is stranger: cpu_lock must
220 221 * be acquired _between_ dtrace_meta_lock and any other DTrace locks.
221 222 * mod_lock is similar with respect to dtrace_provider_lock in that it must be
222 223 * acquired _between_ dtrace_provider_lock and dtrace_lock.
223 224 */
224 225 static kmutex_t dtrace_lock; /* probe state lock */
225 226 static kmutex_t dtrace_provider_lock; /* provider state lock */
226 227 static kmutex_t dtrace_meta_lock; /* meta-provider state lock */
227 228
228 229 /*
229 230 * DTrace Provider Variables
230 231 *
231 232 * These are the variables relating to DTrace as a provider (that is, the
232 233 * provider of the BEGIN, END, and ERROR probes).
233 234 */
234 235 static dtrace_pattr_t dtrace_provider_attr = {
235 236 { DTRACE_STABILITY_STABLE, DTRACE_STABILITY_STABLE, DTRACE_CLASS_COMMON },
236 237 { DTRACE_STABILITY_PRIVATE, DTRACE_STABILITY_PRIVATE, DTRACE_CLASS_UNKNOWN },
237 238 { DTRACE_STABILITY_PRIVATE, DTRACE_STABILITY_PRIVATE, DTRACE_CLASS_UNKNOWN },
238 239 { DTRACE_STABILITY_STABLE, DTRACE_STABILITY_STABLE, DTRACE_CLASS_COMMON },
239 240 { DTRACE_STABILITY_STABLE, DTRACE_STABILITY_STABLE, DTRACE_CLASS_COMMON },
240 241 };
241 242
242 243 static void
243 244 dtrace_nullop(void)
244 245 {}
245 246
246 247 static int
247 248 dtrace_enable_nullop(void)
248 249 {
249 250 return (0);
250 251 }
251 252
252 253 static dtrace_pops_t dtrace_provider_ops = {
253 254 (void (*)(void *, const dtrace_probedesc_t *))dtrace_nullop,
254 255 (void (*)(void *, struct modctl *))dtrace_nullop,
255 256 (int (*)(void *, dtrace_id_t, void *))dtrace_enable_nullop,
256 257 (void (*)(void *, dtrace_id_t, void *))dtrace_nullop,
257 258 (void (*)(void *, dtrace_id_t, void *))dtrace_nullop,
258 259 (void (*)(void *, dtrace_id_t, void *))dtrace_nullop,
259 260 NULL,
260 261 NULL,
261 262 NULL,
262 263 (void (*)(void *, dtrace_id_t, void *))dtrace_nullop
263 264 };
264 265
265 266 static dtrace_id_t dtrace_probeid_begin; /* special BEGIN probe */
266 267 static dtrace_id_t dtrace_probeid_end; /* special END probe */
267 268 dtrace_id_t dtrace_probeid_error; /* special ERROR probe */
268 269
269 270 /*
270 271 * DTrace Helper Tracing Variables
271 272 */
272 273 uint32_t dtrace_helptrace_next = 0;
273 274 uint32_t dtrace_helptrace_nlocals;
274 275 char *dtrace_helptrace_buffer;
275 276 int dtrace_helptrace_bufsize = 512 * 1024;
276 277
277 278 #ifdef DEBUG
278 279 int dtrace_helptrace_enabled = 1;
279 280 #else
280 281 int dtrace_helptrace_enabled = 0;
281 282 #endif
282 283
283 284 /*
284 285 * DTrace Error Hashing
285 286 *
286 287 * On DEBUG kernels, DTrace will track the errors that has seen in a hash
287 288 * table. This is very useful for checking coverage of tests that are
288 289 * expected to induce DIF or DOF processing errors, and may be useful for
289 290 * debugging problems in the DIF code generator or in DOF generation . The
290 291 * error hash may be examined with the ::dtrace_errhash MDB dcmd.
291 292 */
292 293 #ifdef DEBUG
293 294 static dtrace_errhash_t dtrace_errhash[DTRACE_ERRHASHSZ];
294 295 static const char *dtrace_errlast;
295 296 static kthread_t *dtrace_errthread;
296 297 static kmutex_t dtrace_errlock;
297 298 #endif
298 299
299 300 /*
300 301 * DTrace Macros and Constants
301 302 *
302 303 * These are various macros that are useful in various spots in the
303 304 * implementation, along with a few random constants that have no meaning
304 305 * outside of the implementation. There is no real structure to this cpp
305 306 * mishmash -- but is there ever?
306 307 */
307 308 #define DTRACE_HASHSTR(hash, probe) \
308 309 dtrace_hash_str(*((char **)((uintptr_t)(probe) + (hash)->dth_stroffs)))
309 310
310 311 #define DTRACE_HASHNEXT(hash, probe) \
311 312 (dtrace_probe_t **)((uintptr_t)(probe) + (hash)->dth_nextoffs)
312 313
313 314 #define DTRACE_HASHPREV(hash, probe) \
314 315 (dtrace_probe_t **)((uintptr_t)(probe) + (hash)->dth_prevoffs)
315 316
316 317 #define DTRACE_HASHEQ(hash, lhs, rhs) \
317 318 (strcmp(*((char **)((uintptr_t)(lhs) + (hash)->dth_stroffs)), \
318 319 *((char **)((uintptr_t)(rhs) + (hash)->dth_stroffs))) == 0)
319 320
320 321 #define DTRACE_AGGHASHSIZE_SLEW 17
321 322
322 323 #define DTRACE_V4MAPPED_OFFSET (sizeof (uint32_t) * 3)
323 324
324 325 /*
325 326 * The key for a thread-local variable consists of the lower 61 bits of the
326 327 * t_did, plus the 3 bits of the highest active interrupt above LOCK_LEVEL.
327 328 * We add DIF_VARIABLE_MAX to t_did to assure that the thread key is never
328 329 * equal to a variable identifier. This is necessary (but not sufficient) to
329 330 * assure that global associative arrays never collide with thread-local
330 331 * variables. To guarantee that they cannot collide, we must also define the
331 332 * order for keying dynamic variables. That order is:
332 333 *
333 334 * [ key0 ] ... [ keyn ] [ variable-key ] [ tls-key ]
334 335 *
335 336 * Because the variable-key and the tls-key are in orthogonal spaces, there is
336 337 * no way for a global variable key signature to match a thread-local key
337 338 * signature.
338 339 */
339 340 #define DTRACE_TLS_THRKEY(where) { \
340 341 uint_t intr = 0; \
341 342 uint_t actv = CPU->cpu_intr_actv >> (LOCK_LEVEL + 1); \
342 343 for (; actv; actv >>= 1) \
343 344 intr++; \
344 345 ASSERT(intr < (1 << 3)); \
345 346 (where) = ((curthread->t_did + DIF_VARIABLE_MAX) & \
346 347 (((uint64_t)1 << 61) - 1)) | ((uint64_t)intr << 61); \
347 348 }
348 349
349 350 #define DT_BSWAP_8(x) ((x) & 0xff)
350 351 #define DT_BSWAP_16(x) ((DT_BSWAP_8(x) << 8) | DT_BSWAP_8((x) >> 8))
351 352 #define DT_BSWAP_32(x) ((DT_BSWAP_16(x) << 16) | DT_BSWAP_16((x) >> 16))
352 353 #define DT_BSWAP_64(x) ((DT_BSWAP_32(x) << 32) | DT_BSWAP_32((x) >> 32))
353 354
354 355 #define DT_MASK_LO 0x00000000FFFFFFFFULL
355 356
356 357 #define DTRACE_STORE(type, tomax, offset, what) \
357 358 *((type *)((uintptr_t)(tomax) + (uintptr_t)offset)) = (type)(what);
358 359
359 360 #ifndef __x86
360 361 #define DTRACE_ALIGNCHECK(addr, size, flags) \
361 362 if (addr & (size - 1)) { \
362 363 *flags |= CPU_DTRACE_BADALIGN; \
363 364 cpu_core[CPU->cpu_id].cpuc_dtrace_illval = addr; \
364 365 return (0); \
365 366 }
366 367 #else
367 368 #define DTRACE_ALIGNCHECK(addr, size, flags)
368 369 #endif
369 370
370 371 /*
371 372 * Test whether a range of memory starting at testaddr of size testsz falls
372 373 * within the range of memory described by addr, sz. We take care to avoid
373 374 * problems with overflow and underflow of the unsigned quantities, and
374 375 * disallow all negative sizes. Ranges of size 0 are allowed.
375 376 */
376 377 #define DTRACE_INRANGE(testaddr, testsz, baseaddr, basesz) \
377 378 ((testaddr) - (uintptr_t)(baseaddr) < (basesz) && \
378 379 (testaddr) + (testsz) - (uintptr_t)(baseaddr) <= (basesz) && \
379 380 (testaddr) + (testsz) >= (testaddr))
380 381
381 382 /*
382 383 * Test whether alloc_sz bytes will fit in the scratch region. We isolate
383 384 * alloc_sz on the righthand side of the comparison in order to avoid overflow
384 385 * or underflow in the comparison with it. This is simpler than the INRANGE
385 386 * check above, because we know that the dtms_scratch_ptr is valid in the
386 387 * range. Allocations of size zero are allowed.
387 388 */
388 389 #define DTRACE_INSCRATCH(mstate, alloc_sz) \
389 390 ((mstate)->dtms_scratch_base + (mstate)->dtms_scratch_size - \
390 391 (mstate)->dtms_scratch_ptr >= (alloc_sz))
391 392
392 393 #define DTRACE_LOADFUNC(bits) \
393 394 /*CSTYLED*/ \
394 395 uint##bits##_t \
395 396 dtrace_load##bits(uintptr_t addr) \
396 397 { \
397 398 size_t size = bits / NBBY; \
398 399 /*CSTYLED*/ \
399 400 uint##bits##_t rval; \
400 401 int i; \
401 402 volatile uint16_t *flags = (volatile uint16_t *) \
402 403 &cpu_core[CPU->cpu_id].cpuc_dtrace_flags; \
403 404 \
404 405 DTRACE_ALIGNCHECK(addr, size, flags); \
405 406 \
406 407 for (i = 0; i < dtrace_toxranges; i++) { \
407 408 if (addr >= dtrace_toxrange[i].dtt_limit) \
408 409 continue; \
409 410 \
410 411 if (addr + size <= dtrace_toxrange[i].dtt_base) \
411 412 continue; \
412 413 \
413 414 /* \
414 415 * This address falls within a toxic region; return 0. \
415 416 */ \
416 417 *flags |= CPU_DTRACE_BADADDR; \
417 418 cpu_core[CPU->cpu_id].cpuc_dtrace_illval = addr; \
418 419 return (0); \
419 420 } \
420 421 \
421 422 *flags |= CPU_DTRACE_NOFAULT; \
422 423 /*CSTYLED*/ \
423 424 rval = *((volatile uint##bits##_t *)addr); \
424 425 *flags &= ~CPU_DTRACE_NOFAULT; \
425 426 \
426 427 return (!(*flags & CPU_DTRACE_FAULT) ? rval : 0); \
427 428 }
428 429
429 430 #ifdef _LP64
430 431 #define dtrace_loadptr dtrace_load64
431 432 #else
432 433 #define dtrace_loadptr dtrace_load32
433 434 #endif
434 435
435 436 #define DTRACE_DYNHASH_FREE 0
436 437 #define DTRACE_DYNHASH_SINK 1
437 438 #define DTRACE_DYNHASH_VALID 2
438 439
439 440 #define DTRACE_MATCH_FAIL -1
440 441 #define DTRACE_MATCH_NEXT 0
441 442 #define DTRACE_MATCH_DONE 1
442 443 #define DTRACE_ANCHORED(probe) ((probe)->dtpr_func[0] != '\0')
443 444 #define DTRACE_STATE_ALIGN 64
444 445
445 446 #define DTRACE_FLAGS2FLT(flags) \
446 447 (((flags) & CPU_DTRACE_BADADDR) ? DTRACEFLT_BADADDR : \
447 448 ((flags) & CPU_DTRACE_ILLOP) ? DTRACEFLT_ILLOP : \
448 449 ((flags) & CPU_DTRACE_DIVZERO) ? DTRACEFLT_DIVZERO : \
449 450 ((flags) & CPU_DTRACE_KPRIV) ? DTRACEFLT_KPRIV : \
450 451 ((flags) & CPU_DTRACE_UPRIV) ? DTRACEFLT_UPRIV : \
451 452 ((flags) & CPU_DTRACE_TUPOFLOW) ? DTRACEFLT_TUPOFLOW : \
452 453 ((flags) & CPU_DTRACE_BADALIGN) ? DTRACEFLT_BADALIGN : \
453 454 ((flags) & CPU_DTRACE_NOSCRATCH) ? DTRACEFLT_NOSCRATCH : \
454 455 ((flags) & CPU_DTRACE_BADSTACK) ? DTRACEFLT_BADSTACK : \
455 456 DTRACEFLT_UNKNOWN)
456 457
457 458 #define DTRACEACT_ISSTRING(act) \
458 459 ((act)->dta_kind == DTRACEACT_DIFEXPR && \
459 460 (act)->dta_difo->dtdo_rtype.dtdt_kind == DIF_TYPE_STRING)
460 461
461 462 static size_t dtrace_strlen(const char *, size_t);
462 463 static dtrace_probe_t *dtrace_probe_lookup_id(dtrace_id_t id);
463 464 static void dtrace_enabling_provide(dtrace_provider_t *);
464 465 static int dtrace_enabling_match(dtrace_enabling_t *, int *);
465 466 static void dtrace_enabling_matchall(void);
466 467 static void dtrace_enabling_reap(void);
467 468 static dtrace_state_t *dtrace_anon_grab(void);
468 469 static uint64_t dtrace_helper(int, dtrace_mstate_t *,
469 470 dtrace_state_t *, uint64_t, uint64_t);
470 471 static dtrace_helpers_t *dtrace_helpers_create(proc_t *);
471 472 static void dtrace_buffer_drop(dtrace_buffer_t *);
472 473 static int dtrace_buffer_consumed(dtrace_buffer_t *, hrtime_t when);
473 474 static intptr_t dtrace_buffer_reserve(dtrace_buffer_t *, size_t, size_t,
474 475 dtrace_state_t *, dtrace_mstate_t *);
475 476 static int dtrace_state_option(dtrace_state_t *, dtrace_optid_t,
476 477 dtrace_optval_t);
477 478 static int dtrace_ecb_create_enable(dtrace_probe_t *, void *);
478 479 static void dtrace_helper_provider_destroy(dtrace_helper_provider_t *);
479 480 static int dtrace_priv_proc(dtrace_state_t *, dtrace_mstate_t *);
480 481 static void dtrace_getf_barrier(void);
481 482
482 483 /*
483 484 * DTrace Probe Context Functions
484 485 *
485 486 * These functions are called from probe context. Because probe context is
486 487 * any context in which C may be called, arbitrarily locks may be held,
487 488 * interrupts may be disabled, we may be in arbitrary dispatched state, etc.
488 489 * As a result, functions called from probe context may only call other DTrace
489 490 * support functions -- they may not interact at all with the system at large.
490 491 * (Note that the ASSERT macro is made probe-context safe by redefining it in
491 492 * terms of dtrace_assfail(), a probe-context safe function.) If arbitrary
492 493 * loads are to be performed from probe context, they _must_ be in terms of
493 494 * the safe dtrace_load*() variants.
494 495 *
495 496 * Some functions in this block are not actually called from probe context;
496 497 * for these functions, there will be a comment above the function reading
497 498 * "Note: not called from probe context."
498 499 */
499 500 void
500 501 dtrace_panic(const char *format, ...)
501 502 {
502 503 va_list alist;
503 504
504 505 va_start(alist, format);
505 506 dtrace_vpanic(format, alist);
506 507 va_end(alist);
507 508 }
508 509
509 510 int
510 511 dtrace_assfail(const char *a, const char *f, int l)
511 512 {
512 513 dtrace_panic("assertion failed: %s, file: %s, line: %d", a, f, l);
513 514
514 515 /*
515 516 * We just need something here that even the most clever compiler
516 517 * cannot optimize away.
517 518 */
518 519 return (a[(uintptr_t)f]);
519 520 }
520 521
521 522 /*
522 523 * Atomically increment a specified error counter from probe context.
523 524 */
524 525 static void
525 526 dtrace_error(uint32_t *counter)
526 527 {
527 528 /*
528 529 * Most counters stored to in probe context are per-CPU counters.
529 530 * However, there are some error conditions that are sufficiently
530 531 * arcane that they don't merit per-CPU storage. If these counters
531 532 * are incremented concurrently on different CPUs, scalability will be
532 533 * adversely affected -- but we don't expect them to be white-hot in a
533 534 * correctly constructed enabling...
534 535 */
535 536 uint32_t oval, nval;
536 537
537 538 do {
538 539 oval = *counter;
539 540
540 541 if ((nval = oval + 1) == 0) {
541 542 /*
542 543 * If the counter would wrap, set it to 1 -- assuring
543 544 * that the counter is never zero when we have seen
544 545 * errors. (The counter must be 32-bits because we
545 546 * aren't guaranteed a 64-bit compare&swap operation.)
546 547 * To save this code both the infamy of being fingered
547 548 * by a priggish news story and the indignity of being
548 549 * the target of a neo-puritan witch trial, we're
549 550 * carefully avoiding any colorful description of the
550 551 * likelihood of this condition -- but suffice it to
551 552 * say that it is only slightly more likely than the
552 553 * overflow of predicate cache IDs, as discussed in
553 554 * dtrace_predicate_create().
554 555 */
555 556 nval = 1;
556 557 }
557 558 } while (dtrace_cas32(counter, oval, nval) != oval);
558 559 }
559 560
560 561 /*
561 562 * Use the DTRACE_LOADFUNC macro to define functions for each of loading a
562 563 * uint8_t, a uint16_t, a uint32_t and a uint64_t.
563 564 */
564 565 DTRACE_LOADFUNC(8)
565 566 DTRACE_LOADFUNC(16)
566 567 DTRACE_LOADFUNC(32)
567 568 DTRACE_LOADFUNC(64)
568 569
569 570 static int
570 571 dtrace_inscratch(uintptr_t dest, size_t size, dtrace_mstate_t *mstate)
571 572 {
572 573 if (dest < mstate->dtms_scratch_base)
573 574 return (0);
574 575
575 576 if (dest + size < dest)
576 577 return (0);
577 578
578 579 if (dest + size > mstate->dtms_scratch_ptr)
579 580 return (0);
580 581
581 582 return (1);
582 583 }
583 584
584 585 static int
585 586 dtrace_canstore_statvar(uint64_t addr, size_t sz,
586 587 dtrace_statvar_t **svars, int nsvars)
587 588 {
588 589 int i;
589 590
590 591 for (i = 0; i < nsvars; i++) {
591 592 dtrace_statvar_t *svar = svars[i];
592 593
593 594 if (svar == NULL || svar->dtsv_size == 0)
594 595 continue;
595 596
596 597 if (DTRACE_INRANGE(addr, sz, svar->dtsv_data, svar->dtsv_size))
597 598 return (1);
598 599 }
599 600
600 601 return (0);
601 602 }
602 603
603 604 /*
604 605 * Check to see if the address is within a memory region to which a store may
605 606 * be issued. This includes the DTrace scratch areas, and any DTrace variable
606 607 * region. The caller of dtrace_canstore() is responsible for performing any
607 608 * alignment checks that are needed before stores are actually executed.
608 609 */
609 610 static int
610 611 dtrace_canstore(uint64_t addr, size_t sz, dtrace_mstate_t *mstate,
611 612 dtrace_vstate_t *vstate)
612 613 {
613 614 /*
614 615 * First, check to see if the address is in scratch space...
615 616 */
616 617 if (DTRACE_INRANGE(addr, sz, mstate->dtms_scratch_base,
617 618 mstate->dtms_scratch_size))
618 619 return (1);
619 620
620 621 /*
621 622 * Now check to see if it's a dynamic variable. This check will pick
622 623 * up both thread-local variables and any global dynamically-allocated
623 624 * variables.
624 625 */
625 626 if (DTRACE_INRANGE(addr, sz, vstate->dtvs_dynvars.dtds_base,
626 627 vstate->dtvs_dynvars.dtds_size)) {
627 628 dtrace_dstate_t *dstate = &vstate->dtvs_dynvars;
628 629 uintptr_t base = (uintptr_t)dstate->dtds_base +
629 630 (dstate->dtds_hashsize * sizeof (dtrace_dynhash_t));
630 631 uintptr_t chunkoffs;
631 632
632 633 /*
633 634 * Before we assume that we can store here, we need to make
634 635 * sure that it isn't in our metadata -- storing to our
635 636 * dynamic variable metadata would corrupt our state. For
636 637 * the range to not include any dynamic variable metadata,
637 638 * it must:
638 639 *
639 640 * (1) Start above the hash table that is at the base of
640 641 * the dynamic variable space
641 642 *
642 643 * (2) Have a starting chunk offset that is beyond the
643 644 * dtrace_dynvar_t that is at the base of every chunk
644 645 *
645 646 * (3) Not span a chunk boundary
646 647 *
647 648 */
648 649 if (addr < base)
649 650 return (0);
650 651
651 652 chunkoffs = (addr - base) % dstate->dtds_chunksize;
652 653
653 654 if (chunkoffs < sizeof (dtrace_dynvar_t))
654 655 return (0);
655 656
656 657 if (chunkoffs + sz > dstate->dtds_chunksize)
657 658 return (0);
658 659
659 660 return (1);
660 661 }
661 662
662 663 /*
663 664 * Finally, check the static local and global variables. These checks
664 665 * take the longest, so we perform them last.
665 666 */
666 667 if (dtrace_canstore_statvar(addr, sz,
667 668 vstate->dtvs_locals, vstate->dtvs_nlocals))
668 669 return (1);
669 670
670 671 if (dtrace_canstore_statvar(addr, sz,
671 672 vstate->dtvs_globals, vstate->dtvs_nglobals))
672 673 return (1);
673 674
674 675 return (0);
675 676 }
676 677
677 678
678 679 /*
679 680 * Convenience routine to check to see if the address is within a memory
680 681 * region in which a load may be issued given the user's privilege level;
681 682 * if not, it sets the appropriate error flags and loads 'addr' into the
682 683 * illegal value slot.
683 684 *
684 685 * DTrace subroutines (DIF_SUBR_*) should use this helper to implement
685 686 * appropriate memory access protection.
686 687 */
687 688 static int
688 689 dtrace_canload(uint64_t addr, size_t sz, dtrace_mstate_t *mstate,
689 690 dtrace_vstate_t *vstate)
690 691 {
691 692 volatile uintptr_t *illval = &cpu_core[CPU->cpu_id].cpuc_dtrace_illval;
692 693 file_t *fp;
693 694
694 695 /*
695 696 * If we hold the privilege to read from kernel memory, then
696 697 * everything is readable.
697 698 */
698 699 if ((mstate->dtms_access & DTRACE_ACCESS_KERNEL) != 0)
699 700 return (1);
700 701
701 702 /*
702 703 * You can obviously read that which you can store.
703 704 */
704 705 if (dtrace_canstore(addr, sz, mstate, vstate))
705 706 return (1);
706 707
707 708 /*
708 709 * We're allowed to read from our own string table.
709 710 */
710 711 if (DTRACE_INRANGE(addr, sz, mstate->dtms_difo->dtdo_strtab,
711 712 mstate->dtms_difo->dtdo_strlen))
712 713 return (1);
713 714
714 715 if (vstate->dtvs_state != NULL &&
715 716 dtrace_priv_proc(vstate->dtvs_state, mstate)) {
716 717 proc_t *p;
717 718
718 719 /*
719 720 * When we have privileges to the current process, there are
720 721 * several context-related kernel structures that are safe to
721 722 * read, even absent the privilege to read from kernel memory.
722 723 * These reads are safe because these structures contain only
723 724 * state that (1) we're permitted to read, (2) is harmless or
724 725 * (3) contains pointers to additional kernel state that we're
725 726 * not permitted to read (and as such, do not present an
726 727 * opportunity for privilege escalation). Finally (and
727 728 * critically), because of the nature of their relation with
728 729 * the current thread context, the memory associated with these
729 730 * structures cannot change over the duration of probe context,
730 731 * and it is therefore impossible for this memory to be
731 732 * deallocated and reallocated as something else while it's
732 733 * being operated upon.
733 734 */
734 735 if (DTRACE_INRANGE(addr, sz, curthread, sizeof (kthread_t)))
735 736 return (1);
736 737
737 738 if ((p = curthread->t_procp) != NULL && DTRACE_INRANGE(addr,
738 739 sz, curthread->t_procp, sizeof (proc_t))) {
739 740 return (1);
740 741 }
741 742
742 743 if (curthread->t_cred != NULL && DTRACE_INRANGE(addr, sz,
743 744 curthread->t_cred, sizeof (cred_t))) {
744 745 return (1);
745 746 }
746 747
747 748 if (p != NULL && p->p_pidp != NULL && DTRACE_INRANGE(addr, sz,
748 749 &(p->p_pidp->pid_id), sizeof (pid_t))) {
749 750 return (1);
750 751 }
751 752
752 753 if (curthread->t_cpu != NULL && DTRACE_INRANGE(addr, sz,
753 754 curthread->t_cpu, offsetof(cpu_t, cpu_pause_thread))) {
754 755 return (1);
755 756 }
756 757 }
757 758
758 759 if ((fp = mstate->dtms_getf) != NULL) {
759 760 uintptr_t psz = sizeof (void *);
760 761 vnode_t *vp;
761 762 vnodeops_t *op;
762 763
763 764 /*
764 765 * When getf() returns a file_t, the enabling is implicitly
765 766 * granted the (transient) right to read the returned file_t
766 767 * as well as the v_path and v_op->vnop_name of the underlying
767 768 * vnode. These accesses are allowed after a successful
768 769 * getf() because the members that they refer to cannot change
769 770 * once set -- and the barrier logic in the kernel's closef()
770 771 * path assures that the file_t and its referenced vode_t
771 772 * cannot themselves be stale (that is, it impossible for
772 773 * either dtms_getf itself or its f_vnode member to reference
773 774 * freed memory).
774 775 */
775 776 if (DTRACE_INRANGE(addr, sz, fp, sizeof (file_t)))
776 777 return (1);
777 778
778 779 if ((vp = fp->f_vnode) != NULL) {
779 780 if (DTRACE_INRANGE(addr, sz, &vp->v_path, psz))
780 781 return (1);
781 782
782 783 if (vp->v_path != NULL && DTRACE_INRANGE(addr, sz,
783 784 vp->v_path, strlen(vp->v_path) + 1)) {
784 785 return (1);
785 786 }
786 787
787 788 if (DTRACE_INRANGE(addr, sz, &vp->v_op, psz))
788 789 return (1);
789 790
790 791 if ((op = vp->v_op) != NULL &&
791 792 DTRACE_INRANGE(addr, sz, &op->vnop_name, psz)) {
792 793 return (1);
793 794 }
794 795
795 796 if (op != NULL && op->vnop_name != NULL &&
796 797 DTRACE_INRANGE(addr, sz, op->vnop_name,
797 798 strlen(op->vnop_name) + 1)) {
798 799 return (1);
799 800 }
800 801 }
801 802 }
802 803
803 804 DTRACE_CPUFLAG_SET(CPU_DTRACE_KPRIV);
804 805 *illval = addr;
805 806 return (0);
806 807 }
807 808
808 809 /*
809 810 * Convenience routine to check to see if a given string is within a memory
810 811 * region in which a load may be issued given the user's privilege level;
811 812 * this exists so that we don't need to issue unnecessary dtrace_strlen()
812 813 * calls in the event that the user has all privileges.
813 814 */
814 815 static int
815 816 dtrace_strcanload(uint64_t addr, size_t sz, dtrace_mstate_t *mstate,
816 817 dtrace_vstate_t *vstate)
817 818 {
818 819 size_t strsz;
819 820
820 821 /*
821 822 * If we hold the privilege to read from kernel memory, then
822 823 * everything is readable.
823 824 */
824 825 if ((mstate->dtms_access & DTRACE_ACCESS_KERNEL) != 0)
825 826 return (1);
826 827
827 828 strsz = 1 + dtrace_strlen((char *)(uintptr_t)addr, sz);
828 829 if (dtrace_canload(addr, strsz, mstate, vstate))
829 830 return (1);
830 831
831 832 return (0);
832 833 }
833 834
834 835 /*
835 836 * Convenience routine to check to see if a given variable is within a memory
836 837 * region in which a load may be issued given the user's privilege level.
837 838 */
838 839 static int
839 840 dtrace_vcanload(void *src, dtrace_diftype_t *type, dtrace_mstate_t *mstate,
840 841 dtrace_vstate_t *vstate)
841 842 {
842 843 size_t sz;
843 844 ASSERT(type->dtdt_flags & DIF_TF_BYREF);
844 845
845 846 /*
846 847 * If we hold the privilege to read from kernel memory, then
847 848 * everything is readable.
848 849 */
849 850 if ((mstate->dtms_access & DTRACE_ACCESS_KERNEL) != 0)
850 851 return (1);
851 852
|
↓ open down ↓ |
747 lines elided |
↑ open up ↑ |
852 853 if (type->dtdt_kind == DIF_TYPE_STRING)
853 854 sz = dtrace_strlen(src,
854 855 vstate->dtvs_state->dts_options[DTRACEOPT_STRSIZE]) + 1;
855 856 else
856 857 sz = type->dtdt_size;
857 858
858 859 return (dtrace_canload((uintptr_t)src, sz, mstate, vstate));
859 860 }
860 861
861 862 /*
863 + * Convert a string to a signed integer using safe loads.
864 + *
865 + * NOTE: This function uses various macros from strtolctype.h to manipulate
866 + * digit values, etc -- these have all been checked to ensure they make
867 + * no additional function calls.
868 + */
869 +static int64_t
870 +dtrace_strtoll(char *input, int base, size_t limit)
871 +{
872 + uintptr_t pos = (uintptr_t)input;
873 + int64_t val = 0;
874 + int x;
875 + boolean_t neg = B_FALSE;
876 + char c, cc, ccc;
877 + uintptr_t end = pos + limit;
878 +
879 + /*
880 + * Consume any whitespace preceding digits.
881 + */
882 + while ((c = dtrace_load8(pos)) == ' ' || c == '\t')
883 + pos++;
884 +
885 + /*
886 + * Handle an explicit sign if one is present.
887 + */
888 + if (c == '-' || c == '+') {
889 + if (c == '-')
890 + neg = B_TRUE;
891 + c = dtrace_load8(++pos);
892 + }
893 +
894 + /*
895 + * Check for an explicit hexadecimal prefix ("0x" or "0X") and skip it
896 + * if present.
897 + */
898 + if (base == 16 && c == '0' && ((cc = dtrace_load8(pos + 1)) == 'x' ||
899 + cc == 'X') && isxdigit(ccc = dtrace_load8(pos + 2))) {
900 + pos += 2;
901 + c = ccc;
902 + }
903 +
904 + /*
905 + * Read in contiguous digits until the first non-digit character.
906 + */
907 + for (; pos < end && c != '\0' && lisalnum(c) && (x = DIGIT(c)) < base;
908 + c = dtrace_load8(++pos))
909 + val = val * base + x;
910 +
911 + return (neg ? -val : val);
912 +}
913 +
914 +/*
862 915 * Compare two strings using safe loads.
863 916 */
864 917 static int
865 918 dtrace_strncmp(char *s1, char *s2, size_t limit)
866 919 {
867 920 uint8_t c1, c2;
868 921 volatile uint16_t *flags;
869 922
870 923 if (s1 == s2 || limit == 0)
871 924 return (0);
872 925
873 926 flags = (volatile uint16_t *)&cpu_core[CPU->cpu_id].cpuc_dtrace_flags;
874 927
875 928 do {
876 929 if (s1 == NULL) {
877 930 c1 = '\0';
878 931 } else {
879 932 c1 = dtrace_load8((uintptr_t)s1++);
880 933 }
881 934
882 935 if (s2 == NULL) {
883 936 c2 = '\0';
884 937 } else {
885 938 c2 = dtrace_load8((uintptr_t)s2++);
886 939 }
887 940
888 941 if (c1 != c2)
889 942 return (c1 - c2);
890 943 } while (--limit && c1 != '\0' && !(*flags & CPU_DTRACE_FAULT));
891 944
892 945 return (0);
893 946 }
894 947
895 948 /*
896 949 * Compute strlen(s) for a string using safe memory accesses. The additional
897 950 * len parameter is used to specify a maximum length to ensure completion.
898 951 */
899 952 static size_t
900 953 dtrace_strlen(const char *s, size_t lim)
901 954 {
902 955 uint_t len;
903 956
904 957 for (len = 0; len != lim; len++) {
905 958 if (dtrace_load8((uintptr_t)s++) == '\0')
906 959 break;
907 960 }
908 961
909 962 return (len);
910 963 }
911 964
912 965 /*
913 966 * Check if an address falls within a toxic region.
914 967 */
915 968 static int
916 969 dtrace_istoxic(uintptr_t kaddr, size_t size)
917 970 {
918 971 uintptr_t taddr, tsize;
919 972 int i;
920 973
921 974 for (i = 0; i < dtrace_toxranges; i++) {
922 975 taddr = dtrace_toxrange[i].dtt_base;
923 976 tsize = dtrace_toxrange[i].dtt_limit - taddr;
924 977
925 978 if (kaddr - taddr < tsize) {
926 979 DTRACE_CPUFLAG_SET(CPU_DTRACE_BADADDR);
927 980 cpu_core[CPU->cpu_id].cpuc_dtrace_illval = kaddr;
928 981 return (1);
929 982 }
930 983
931 984 if (taddr - kaddr < size) {
932 985 DTRACE_CPUFLAG_SET(CPU_DTRACE_BADADDR);
933 986 cpu_core[CPU->cpu_id].cpuc_dtrace_illval = taddr;
934 987 return (1);
935 988 }
936 989 }
937 990
938 991 return (0);
939 992 }
940 993
941 994 /*
942 995 * Copy src to dst using safe memory accesses. The src is assumed to be unsafe
943 996 * memory specified by the DIF program. The dst is assumed to be safe memory
944 997 * that we can store to directly because it is managed by DTrace. As with
945 998 * standard bcopy, overlapping copies are handled properly.
946 999 */
947 1000 static void
948 1001 dtrace_bcopy(const void *src, void *dst, size_t len)
949 1002 {
950 1003 if (len != 0) {
951 1004 uint8_t *s1 = dst;
952 1005 const uint8_t *s2 = src;
953 1006
954 1007 if (s1 <= s2) {
955 1008 do {
956 1009 *s1++ = dtrace_load8((uintptr_t)s2++);
957 1010 } while (--len != 0);
958 1011 } else {
959 1012 s2 += len;
960 1013 s1 += len;
961 1014
962 1015 do {
963 1016 *--s1 = dtrace_load8((uintptr_t)--s2);
964 1017 } while (--len != 0);
965 1018 }
966 1019 }
967 1020 }
968 1021
969 1022 /*
970 1023 * Copy src to dst using safe memory accesses, up to either the specified
971 1024 * length, or the point that a nul byte is encountered. The src is assumed to
972 1025 * be unsafe memory specified by the DIF program. The dst is assumed to be
973 1026 * safe memory that we can store to directly because it is managed by DTrace.
974 1027 * Unlike dtrace_bcopy(), overlapping regions are not handled.
975 1028 */
976 1029 static void
977 1030 dtrace_strcpy(const void *src, void *dst, size_t len)
978 1031 {
979 1032 if (len != 0) {
980 1033 uint8_t *s1 = dst, c;
981 1034 const uint8_t *s2 = src;
982 1035
983 1036 do {
984 1037 *s1++ = c = dtrace_load8((uintptr_t)s2++);
985 1038 } while (--len != 0 && c != '\0');
986 1039 }
987 1040 }
988 1041
989 1042 /*
990 1043 * Copy src to dst, deriving the size and type from the specified (BYREF)
991 1044 * variable type. The src is assumed to be unsafe memory specified by the DIF
992 1045 * program. The dst is assumed to be DTrace variable memory that is of the
993 1046 * specified type; we assume that we can store to directly.
994 1047 */
995 1048 static void
996 1049 dtrace_vcopy(void *src, void *dst, dtrace_diftype_t *type)
997 1050 {
998 1051 ASSERT(type->dtdt_flags & DIF_TF_BYREF);
999 1052
1000 1053 if (type->dtdt_kind == DIF_TYPE_STRING) {
1001 1054 dtrace_strcpy(src, dst, type->dtdt_size);
1002 1055 } else {
1003 1056 dtrace_bcopy(src, dst, type->dtdt_size);
1004 1057 }
1005 1058 }
1006 1059
1007 1060 /*
1008 1061 * Compare s1 to s2 using safe memory accesses. The s1 data is assumed to be
1009 1062 * unsafe memory specified by the DIF program. The s2 data is assumed to be
1010 1063 * safe memory that we can access directly because it is managed by DTrace.
1011 1064 */
1012 1065 static int
1013 1066 dtrace_bcmp(const void *s1, const void *s2, size_t len)
1014 1067 {
1015 1068 volatile uint16_t *flags;
1016 1069
1017 1070 flags = (volatile uint16_t *)&cpu_core[CPU->cpu_id].cpuc_dtrace_flags;
1018 1071
1019 1072 if (s1 == s2)
1020 1073 return (0);
1021 1074
1022 1075 if (s1 == NULL || s2 == NULL)
1023 1076 return (1);
1024 1077
1025 1078 if (s1 != s2 && len != 0) {
1026 1079 const uint8_t *ps1 = s1;
1027 1080 const uint8_t *ps2 = s2;
1028 1081
1029 1082 do {
1030 1083 if (dtrace_load8((uintptr_t)ps1++) != *ps2++)
1031 1084 return (1);
1032 1085 } while (--len != 0 && !(*flags & CPU_DTRACE_FAULT));
1033 1086 }
1034 1087 return (0);
1035 1088 }
1036 1089
1037 1090 /*
1038 1091 * Zero the specified region using a simple byte-by-byte loop. Note that this
1039 1092 * is for safe DTrace-managed memory only.
1040 1093 */
1041 1094 static void
1042 1095 dtrace_bzero(void *dst, size_t len)
1043 1096 {
1044 1097 uchar_t *cp;
1045 1098
1046 1099 for (cp = dst; len != 0; len--)
1047 1100 *cp++ = 0;
1048 1101 }
1049 1102
1050 1103 static void
1051 1104 dtrace_add_128(uint64_t *addend1, uint64_t *addend2, uint64_t *sum)
1052 1105 {
1053 1106 uint64_t result[2];
1054 1107
1055 1108 result[0] = addend1[0] + addend2[0];
1056 1109 result[1] = addend1[1] + addend2[1] +
1057 1110 (result[0] < addend1[0] || result[0] < addend2[0] ? 1 : 0);
1058 1111
1059 1112 sum[0] = result[0];
1060 1113 sum[1] = result[1];
1061 1114 }
1062 1115
1063 1116 /*
1064 1117 * Shift the 128-bit value in a by b. If b is positive, shift left.
1065 1118 * If b is negative, shift right.
1066 1119 */
1067 1120 static void
1068 1121 dtrace_shift_128(uint64_t *a, int b)
1069 1122 {
1070 1123 uint64_t mask;
1071 1124
1072 1125 if (b == 0)
1073 1126 return;
1074 1127
1075 1128 if (b < 0) {
1076 1129 b = -b;
1077 1130 if (b >= 64) {
1078 1131 a[0] = a[1] >> (b - 64);
1079 1132 a[1] = 0;
1080 1133 } else {
1081 1134 a[0] >>= b;
1082 1135 mask = 1LL << (64 - b);
1083 1136 mask -= 1;
1084 1137 a[0] |= ((a[1] & mask) << (64 - b));
1085 1138 a[1] >>= b;
1086 1139 }
1087 1140 } else {
1088 1141 if (b >= 64) {
1089 1142 a[1] = a[0] << (b - 64);
1090 1143 a[0] = 0;
1091 1144 } else {
1092 1145 a[1] <<= b;
1093 1146 mask = a[0] >> (64 - b);
1094 1147 a[1] |= mask;
1095 1148 a[0] <<= b;
1096 1149 }
1097 1150 }
1098 1151 }
1099 1152
1100 1153 /*
1101 1154 * The basic idea is to break the 2 64-bit values into 4 32-bit values,
1102 1155 * use native multiplication on those, and then re-combine into the
1103 1156 * resulting 128-bit value.
1104 1157 *
1105 1158 * (hi1 << 32 + lo1) * (hi2 << 32 + lo2) =
1106 1159 * hi1 * hi2 << 64 +
1107 1160 * hi1 * lo2 << 32 +
1108 1161 * hi2 * lo1 << 32 +
1109 1162 * lo1 * lo2
1110 1163 */
1111 1164 static void
1112 1165 dtrace_multiply_128(uint64_t factor1, uint64_t factor2, uint64_t *product)
1113 1166 {
1114 1167 uint64_t hi1, hi2, lo1, lo2;
1115 1168 uint64_t tmp[2];
1116 1169
1117 1170 hi1 = factor1 >> 32;
1118 1171 hi2 = factor2 >> 32;
1119 1172
1120 1173 lo1 = factor1 & DT_MASK_LO;
1121 1174 lo2 = factor2 & DT_MASK_LO;
1122 1175
1123 1176 product[0] = lo1 * lo2;
1124 1177 product[1] = hi1 * hi2;
1125 1178
1126 1179 tmp[0] = hi1 * lo2;
1127 1180 tmp[1] = 0;
1128 1181 dtrace_shift_128(tmp, 32);
1129 1182 dtrace_add_128(product, tmp, product);
1130 1183
1131 1184 tmp[0] = hi2 * lo1;
1132 1185 tmp[1] = 0;
1133 1186 dtrace_shift_128(tmp, 32);
1134 1187 dtrace_add_128(product, tmp, product);
1135 1188 }
1136 1189
1137 1190 /*
1138 1191 * This privilege check should be used by actions and subroutines to
1139 1192 * verify that the user credentials of the process that enabled the
1140 1193 * invoking ECB match the target credentials
1141 1194 */
1142 1195 static int
1143 1196 dtrace_priv_proc_common_user(dtrace_state_t *state)
1144 1197 {
1145 1198 cred_t *cr, *s_cr = state->dts_cred.dcr_cred;
1146 1199
1147 1200 /*
1148 1201 * We should always have a non-NULL state cred here, since if cred
1149 1202 * is null (anonymous tracing), we fast-path bypass this routine.
1150 1203 */
1151 1204 ASSERT(s_cr != NULL);
1152 1205
1153 1206 if ((cr = CRED()) != NULL &&
1154 1207 s_cr->cr_uid == cr->cr_uid &&
1155 1208 s_cr->cr_uid == cr->cr_ruid &&
1156 1209 s_cr->cr_uid == cr->cr_suid &&
1157 1210 s_cr->cr_gid == cr->cr_gid &&
1158 1211 s_cr->cr_gid == cr->cr_rgid &&
1159 1212 s_cr->cr_gid == cr->cr_sgid)
1160 1213 return (1);
1161 1214
1162 1215 return (0);
1163 1216 }
1164 1217
1165 1218 /*
1166 1219 * This privilege check should be used by actions and subroutines to
1167 1220 * verify that the zone of the process that enabled the invoking ECB
1168 1221 * matches the target credentials
1169 1222 */
1170 1223 static int
1171 1224 dtrace_priv_proc_common_zone(dtrace_state_t *state)
1172 1225 {
1173 1226 cred_t *cr, *s_cr = state->dts_cred.dcr_cred;
1174 1227
1175 1228 /*
1176 1229 * We should always have a non-NULL state cred here, since if cred
1177 1230 * is null (anonymous tracing), we fast-path bypass this routine.
1178 1231 */
1179 1232 ASSERT(s_cr != NULL);
1180 1233
1181 1234 if ((cr = CRED()) != NULL && s_cr->cr_zone == cr->cr_zone)
1182 1235 return (1);
1183 1236
1184 1237 return (0);
1185 1238 }
1186 1239
1187 1240 /*
1188 1241 * This privilege check should be used by actions and subroutines to
1189 1242 * verify that the process has not setuid or changed credentials.
1190 1243 */
1191 1244 static int
1192 1245 dtrace_priv_proc_common_nocd()
1193 1246 {
1194 1247 proc_t *proc;
1195 1248
1196 1249 if ((proc = ttoproc(curthread)) != NULL &&
1197 1250 !(proc->p_flag & SNOCD))
1198 1251 return (1);
1199 1252
1200 1253 return (0);
1201 1254 }
1202 1255
1203 1256 static int
1204 1257 dtrace_priv_proc_destructive(dtrace_state_t *state, dtrace_mstate_t *mstate)
1205 1258 {
1206 1259 int action = state->dts_cred.dcr_action;
1207 1260
1208 1261 if (!(mstate->dtms_access & DTRACE_ACCESS_PROC))
1209 1262 goto bad;
1210 1263
1211 1264 if (((action & DTRACE_CRA_PROC_DESTRUCTIVE_ALLZONE) == 0) &&
1212 1265 dtrace_priv_proc_common_zone(state) == 0)
1213 1266 goto bad;
1214 1267
1215 1268 if (((action & DTRACE_CRA_PROC_DESTRUCTIVE_ALLUSER) == 0) &&
1216 1269 dtrace_priv_proc_common_user(state) == 0)
1217 1270 goto bad;
1218 1271
1219 1272 if (((action & DTRACE_CRA_PROC_DESTRUCTIVE_CREDCHG) == 0) &&
1220 1273 dtrace_priv_proc_common_nocd() == 0)
1221 1274 goto bad;
1222 1275
1223 1276 return (1);
1224 1277
1225 1278 bad:
1226 1279 cpu_core[CPU->cpu_id].cpuc_dtrace_flags |= CPU_DTRACE_UPRIV;
1227 1280
1228 1281 return (0);
1229 1282 }
1230 1283
1231 1284 static int
1232 1285 dtrace_priv_proc_control(dtrace_state_t *state, dtrace_mstate_t *mstate)
1233 1286 {
1234 1287 if (mstate->dtms_access & DTRACE_ACCESS_PROC) {
1235 1288 if (state->dts_cred.dcr_action & DTRACE_CRA_PROC_CONTROL)
1236 1289 return (1);
1237 1290
1238 1291 if (dtrace_priv_proc_common_zone(state) &&
1239 1292 dtrace_priv_proc_common_user(state) &&
1240 1293 dtrace_priv_proc_common_nocd())
1241 1294 return (1);
1242 1295 }
1243 1296
1244 1297 cpu_core[CPU->cpu_id].cpuc_dtrace_flags |= CPU_DTRACE_UPRIV;
1245 1298
1246 1299 return (0);
1247 1300 }
1248 1301
1249 1302 static int
1250 1303 dtrace_priv_proc(dtrace_state_t *state, dtrace_mstate_t *mstate)
1251 1304 {
1252 1305 if ((mstate->dtms_access & DTRACE_ACCESS_PROC) &&
1253 1306 (state->dts_cred.dcr_action & DTRACE_CRA_PROC))
1254 1307 return (1);
1255 1308
1256 1309 cpu_core[CPU->cpu_id].cpuc_dtrace_flags |= CPU_DTRACE_UPRIV;
1257 1310
1258 1311 return (0);
1259 1312 }
1260 1313
1261 1314 static int
1262 1315 dtrace_priv_kernel(dtrace_state_t *state)
1263 1316 {
1264 1317 if (state->dts_cred.dcr_action & DTRACE_CRA_KERNEL)
1265 1318 return (1);
1266 1319
1267 1320 cpu_core[CPU->cpu_id].cpuc_dtrace_flags |= CPU_DTRACE_KPRIV;
1268 1321
1269 1322 return (0);
1270 1323 }
1271 1324
1272 1325 static int
1273 1326 dtrace_priv_kernel_destructive(dtrace_state_t *state)
1274 1327 {
1275 1328 if (state->dts_cred.dcr_action & DTRACE_CRA_KERNEL_DESTRUCTIVE)
1276 1329 return (1);
1277 1330
1278 1331 cpu_core[CPU->cpu_id].cpuc_dtrace_flags |= CPU_DTRACE_KPRIV;
1279 1332
1280 1333 return (0);
1281 1334 }
1282 1335
1283 1336 /*
1284 1337 * Determine if the dte_cond of the specified ECB allows for processing of
1285 1338 * the current probe to continue. Note that this routine may allow continued
1286 1339 * processing, but with access(es) stripped from the mstate's dtms_access
1287 1340 * field.
1288 1341 */
1289 1342 static int
1290 1343 dtrace_priv_probe(dtrace_state_t *state, dtrace_mstate_t *mstate,
1291 1344 dtrace_ecb_t *ecb)
1292 1345 {
1293 1346 dtrace_probe_t *probe = ecb->dte_probe;
1294 1347 dtrace_provider_t *prov = probe->dtpr_provider;
1295 1348 dtrace_pops_t *pops = &prov->dtpv_pops;
1296 1349 int mode = DTRACE_MODE_NOPRIV_DROP;
1297 1350
1298 1351 ASSERT(ecb->dte_cond);
1299 1352
1300 1353 if (pops->dtps_mode != NULL) {
1301 1354 mode = pops->dtps_mode(prov->dtpv_arg,
1302 1355 probe->dtpr_id, probe->dtpr_arg);
1303 1356
1304 1357 ASSERT(mode & (DTRACE_MODE_USER | DTRACE_MODE_KERNEL));
1305 1358 ASSERT(mode & (DTRACE_MODE_NOPRIV_RESTRICT |
1306 1359 DTRACE_MODE_NOPRIV_DROP));
1307 1360 }
1308 1361
1309 1362 /*
1310 1363 * If the dte_cond bits indicate that this consumer is only allowed to
1311 1364 * see user-mode firings of this probe, check that the probe was fired
1312 1365 * while in a user context. If that's not the case, use the policy
1313 1366 * specified by the provider to determine if we drop the probe or
1314 1367 * merely restrict operation.
1315 1368 */
1316 1369 if (ecb->dte_cond & DTRACE_COND_USERMODE) {
1317 1370 ASSERT(mode != DTRACE_MODE_NOPRIV_DROP);
1318 1371
1319 1372 if (!(mode & DTRACE_MODE_USER)) {
1320 1373 if (mode & DTRACE_MODE_NOPRIV_DROP)
1321 1374 return (0);
1322 1375
1323 1376 mstate->dtms_access &= ~DTRACE_ACCESS_ARGS;
1324 1377 }
1325 1378 }
1326 1379
1327 1380 /*
1328 1381 * This is more subtle than it looks. We have to be absolutely certain
1329 1382 * that CRED() isn't going to change out from under us so it's only
1330 1383 * legit to examine that structure if we're in constrained situations.
1331 1384 * Currently, the only times we'll this check is if a non-super-user
1332 1385 * has enabled the profile or syscall providers -- providers that
1333 1386 * allow visibility of all processes. For the profile case, the check
1334 1387 * above will ensure that we're examining a user context.
1335 1388 */
1336 1389 if (ecb->dte_cond & DTRACE_COND_OWNER) {
1337 1390 cred_t *cr;
1338 1391 cred_t *s_cr = state->dts_cred.dcr_cred;
1339 1392 proc_t *proc;
1340 1393
1341 1394 ASSERT(s_cr != NULL);
1342 1395
1343 1396 if ((cr = CRED()) == NULL ||
1344 1397 s_cr->cr_uid != cr->cr_uid ||
1345 1398 s_cr->cr_uid != cr->cr_ruid ||
1346 1399 s_cr->cr_uid != cr->cr_suid ||
1347 1400 s_cr->cr_gid != cr->cr_gid ||
1348 1401 s_cr->cr_gid != cr->cr_rgid ||
1349 1402 s_cr->cr_gid != cr->cr_sgid ||
1350 1403 (proc = ttoproc(curthread)) == NULL ||
1351 1404 (proc->p_flag & SNOCD)) {
1352 1405 if (mode & DTRACE_MODE_NOPRIV_DROP)
1353 1406 return (0);
1354 1407
1355 1408 mstate->dtms_access &= ~DTRACE_ACCESS_PROC;
1356 1409 }
1357 1410 }
1358 1411
1359 1412 /*
1360 1413 * If our dte_cond is set to DTRACE_COND_ZONEOWNER and we are not
1361 1414 * in our zone, check to see if our mode policy is to restrict rather
1362 1415 * than to drop; if to restrict, strip away both DTRACE_ACCESS_PROC
1363 1416 * and DTRACE_ACCESS_ARGS
1364 1417 */
1365 1418 if (ecb->dte_cond & DTRACE_COND_ZONEOWNER) {
1366 1419 cred_t *cr;
1367 1420 cred_t *s_cr = state->dts_cred.dcr_cred;
1368 1421
1369 1422 ASSERT(s_cr != NULL);
1370 1423
1371 1424 if ((cr = CRED()) == NULL ||
1372 1425 s_cr->cr_zone->zone_id != cr->cr_zone->zone_id) {
1373 1426 if (mode & DTRACE_MODE_NOPRIV_DROP)
1374 1427 return (0);
1375 1428
1376 1429 mstate->dtms_access &=
1377 1430 ~(DTRACE_ACCESS_PROC | DTRACE_ACCESS_ARGS);
1378 1431 }
1379 1432 }
1380 1433
1381 1434 /*
1382 1435 * By merits of being in this code path at all, we have limited
1383 1436 * privileges. If the provider has indicated that limited privileges
1384 1437 * are to denote restricted operation, strip off the ability to access
1385 1438 * arguments.
1386 1439 */
1387 1440 if (mode & DTRACE_MODE_LIMITEDPRIV_RESTRICT)
1388 1441 mstate->dtms_access &= ~DTRACE_ACCESS_ARGS;
1389 1442
1390 1443 return (1);
1391 1444 }
1392 1445
1393 1446 /*
1394 1447 * Note: not called from probe context. This function is called
1395 1448 * asynchronously (and at a regular interval) from outside of probe context to
1396 1449 * clean the dirty dynamic variable lists on all CPUs. Dynamic variable
1397 1450 * cleaning is explained in detail in <sys/dtrace_impl.h>.
1398 1451 */
1399 1452 void
1400 1453 dtrace_dynvar_clean(dtrace_dstate_t *dstate)
1401 1454 {
1402 1455 dtrace_dynvar_t *dirty;
1403 1456 dtrace_dstate_percpu_t *dcpu;
1404 1457 dtrace_dynvar_t **rinsep;
1405 1458 int i, j, work = 0;
1406 1459
1407 1460 for (i = 0; i < NCPU; i++) {
1408 1461 dcpu = &dstate->dtds_percpu[i];
1409 1462 rinsep = &dcpu->dtdsc_rinsing;
1410 1463
1411 1464 /*
1412 1465 * If the dirty list is NULL, there is no dirty work to do.
1413 1466 */
1414 1467 if (dcpu->dtdsc_dirty == NULL)
1415 1468 continue;
1416 1469
1417 1470 if (dcpu->dtdsc_rinsing != NULL) {
1418 1471 /*
1419 1472 * If the rinsing list is non-NULL, then it is because
1420 1473 * this CPU was selected to accept another CPU's
1421 1474 * dirty list -- and since that time, dirty buffers
1422 1475 * have accumulated. This is a highly unlikely
1423 1476 * condition, but we choose to ignore the dirty
1424 1477 * buffers -- they'll be picked up a future cleanse.
1425 1478 */
1426 1479 continue;
1427 1480 }
1428 1481
1429 1482 if (dcpu->dtdsc_clean != NULL) {
1430 1483 /*
1431 1484 * If the clean list is non-NULL, then we're in a
1432 1485 * situation where a CPU has done deallocations (we
1433 1486 * have a non-NULL dirty list) but no allocations (we
1434 1487 * also have a non-NULL clean list). We can't simply
1435 1488 * move the dirty list into the clean list on this
1436 1489 * CPU, yet we also don't want to allow this condition
1437 1490 * to persist, lest a short clean list prevent a
1438 1491 * massive dirty list from being cleaned (which in
1439 1492 * turn could lead to otherwise avoidable dynamic
1440 1493 * drops). To deal with this, we look for some CPU
1441 1494 * with a NULL clean list, NULL dirty list, and NULL
1442 1495 * rinsing list -- and then we borrow this CPU to
1443 1496 * rinse our dirty list.
1444 1497 */
1445 1498 for (j = 0; j < NCPU; j++) {
1446 1499 dtrace_dstate_percpu_t *rinser;
1447 1500
1448 1501 rinser = &dstate->dtds_percpu[j];
1449 1502
1450 1503 if (rinser->dtdsc_rinsing != NULL)
1451 1504 continue;
1452 1505
1453 1506 if (rinser->dtdsc_dirty != NULL)
1454 1507 continue;
1455 1508
1456 1509 if (rinser->dtdsc_clean != NULL)
1457 1510 continue;
1458 1511
1459 1512 rinsep = &rinser->dtdsc_rinsing;
1460 1513 break;
1461 1514 }
1462 1515
1463 1516 if (j == NCPU) {
1464 1517 /*
1465 1518 * We were unable to find another CPU that
1466 1519 * could accept this dirty list -- we are
1467 1520 * therefore unable to clean it now.
1468 1521 */
1469 1522 dtrace_dynvar_failclean++;
1470 1523 continue;
1471 1524 }
1472 1525 }
1473 1526
1474 1527 work = 1;
1475 1528
1476 1529 /*
1477 1530 * Atomically move the dirty list aside.
1478 1531 */
1479 1532 do {
1480 1533 dirty = dcpu->dtdsc_dirty;
1481 1534
1482 1535 /*
1483 1536 * Before we zap the dirty list, set the rinsing list.
1484 1537 * (This allows for a potential assertion in
1485 1538 * dtrace_dynvar(): if a free dynamic variable appears
1486 1539 * on a hash chain, either the dirty list or the
1487 1540 * rinsing list for some CPU must be non-NULL.)
1488 1541 */
1489 1542 *rinsep = dirty;
1490 1543 dtrace_membar_producer();
1491 1544 } while (dtrace_casptr(&dcpu->dtdsc_dirty,
1492 1545 dirty, NULL) != dirty);
1493 1546 }
1494 1547
1495 1548 if (!work) {
1496 1549 /*
1497 1550 * We have no work to do; we can simply return.
1498 1551 */
1499 1552 return;
1500 1553 }
1501 1554
1502 1555 dtrace_sync();
1503 1556
1504 1557 for (i = 0; i < NCPU; i++) {
1505 1558 dcpu = &dstate->dtds_percpu[i];
1506 1559
1507 1560 if (dcpu->dtdsc_rinsing == NULL)
1508 1561 continue;
1509 1562
1510 1563 /*
1511 1564 * We are now guaranteed that no hash chain contains a pointer
1512 1565 * into this dirty list; we can make it clean.
1513 1566 */
1514 1567 ASSERT(dcpu->dtdsc_clean == NULL);
1515 1568 dcpu->dtdsc_clean = dcpu->dtdsc_rinsing;
1516 1569 dcpu->dtdsc_rinsing = NULL;
1517 1570 }
1518 1571
1519 1572 /*
1520 1573 * Before we actually set the state to be DTRACE_DSTATE_CLEAN, make
1521 1574 * sure that all CPUs have seen all of the dtdsc_clean pointers.
1522 1575 * This prevents a race whereby a CPU incorrectly decides that
1523 1576 * the state should be something other than DTRACE_DSTATE_CLEAN
1524 1577 * after dtrace_dynvar_clean() has completed.
1525 1578 */
1526 1579 dtrace_sync();
1527 1580
1528 1581 dstate->dtds_state = DTRACE_DSTATE_CLEAN;
1529 1582 }
1530 1583
1531 1584 /*
1532 1585 * Depending on the value of the op parameter, this function looks-up,
1533 1586 * allocates or deallocates an arbitrarily-keyed dynamic variable. If an
1534 1587 * allocation is requested, this function will return a pointer to a
1535 1588 * dtrace_dynvar_t corresponding to the allocated variable -- or NULL if no
1536 1589 * variable can be allocated. If NULL is returned, the appropriate counter
1537 1590 * will be incremented.
1538 1591 */
1539 1592 dtrace_dynvar_t *
1540 1593 dtrace_dynvar(dtrace_dstate_t *dstate, uint_t nkeys,
1541 1594 dtrace_key_t *key, size_t dsize, dtrace_dynvar_op_t op,
1542 1595 dtrace_mstate_t *mstate, dtrace_vstate_t *vstate)
1543 1596 {
1544 1597 uint64_t hashval = DTRACE_DYNHASH_VALID;
1545 1598 dtrace_dynhash_t *hash = dstate->dtds_hash;
1546 1599 dtrace_dynvar_t *free, *new_free, *next, *dvar, *start, *prev = NULL;
1547 1600 processorid_t me = CPU->cpu_id, cpu = me;
1548 1601 dtrace_dstate_percpu_t *dcpu = &dstate->dtds_percpu[me];
1549 1602 size_t bucket, ksize;
1550 1603 size_t chunksize = dstate->dtds_chunksize;
1551 1604 uintptr_t kdata, lock, nstate;
1552 1605 uint_t i;
1553 1606
1554 1607 ASSERT(nkeys != 0);
1555 1608
1556 1609 /*
1557 1610 * Hash the key. As with aggregations, we use Jenkins' "One-at-a-time"
1558 1611 * algorithm. For the by-value portions, we perform the algorithm in
1559 1612 * 16-bit chunks (as opposed to 8-bit chunks). This speeds things up a
1560 1613 * bit, and seems to have only a minute effect on distribution. For
1561 1614 * the by-reference data, we perform "One-at-a-time" iterating (safely)
1562 1615 * over each referenced byte. It's painful to do this, but it's much
1563 1616 * better than pathological hash distribution. The efficacy of the
1564 1617 * hashing algorithm (and a comparison with other algorithms) may be
1565 1618 * found by running the ::dtrace_dynstat MDB dcmd.
1566 1619 */
1567 1620 for (i = 0; i < nkeys; i++) {
1568 1621 if (key[i].dttk_size == 0) {
1569 1622 uint64_t val = key[i].dttk_value;
1570 1623
1571 1624 hashval += (val >> 48) & 0xffff;
1572 1625 hashval += (hashval << 10);
1573 1626 hashval ^= (hashval >> 6);
1574 1627
1575 1628 hashval += (val >> 32) & 0xffff;
1576 1629 hashval += (hashval << 10);
1577 1630 hashval ^= (hashval >> 6);
1578 1631
1579 1632 hashval += (val >> 16) & 0xffff;
1580 1633 hashval += (hashval << 10);
1581 1634 hashval ^= (hashval >> 6);
1582 1635
1583 1636 hashval += val & 0xffff;
1584 1637 hashval += (hashval << 10);
1585 1638 hashval ^= (hashval >> 6);
1586 1639 } else {
1587 1640 /*
1588 1641 * This is incredibly painful, but it beats the hell
1589 1642 * out of the alternative.
1590 1643 */
1591 1644 uint64_t j, size = key[i].dttk_size;
1592 1645 uintptr_t base = (uintptr_t)key[i].dttk_value;
1593 1646
1594 1647 if (!dtrace_canload(base, size, mstate, vstate))
1595 1648 break;
1596 1649
1597 1650 for (j = 0; j < size; j++) {
1598 1651 hashval += dtrace_load8(base + j);
1599 1652 hashval += (hashval << 10);
1600 1653 hashval ^= (hashval >> 6);
1601 1654 }
1602 1655 }
1603 1656 }
1604 1657
1605 1658 if (DTRACE_CPUFLAG_ISSET(CPU_DTRACE_FAULT))
1606 1659 return (NULL);
1607 1660
1608 1661 hashval += (hashval << 3);
1609 1662 hashval ^= (hashval >> 11);
1610 1663 hashval += (hashval << 15);
1611 1664
1612 1665 /*
1613 1666 * There is a remote chance (ideally, 1 in 2^31) that our hashval
1614 1667 * comes out to be one of our two sentinel hash values. If this
1615 1668 * actually happens, we set the hashval to be a value known to be a
1616 1669 * non-sentinel value.
1617 1670 */
1618 1671 if (hashval == DTRACE_DYNHASH_FREE || hashval == DTRACE_DYNHASH_SINK)
1619 1672 hashval = DTRACE_DYNHASH_VALID;
1620 1673
1621 1674 /*
1622 1675 * Yes, it's painful to do a divide here. If the cycle count becomes
1623 1676 * important here, tricks can be pulled to reduce it. (However, it's
1624 1677 * critical that hash collisions be kept to an absolute minimum;
1625 1678 * they're much more painful than a divide.) It's better to have a
1626 1679 * solution that generates few collisions and still keeps things
1627 1680 * relatively simple.
1628 1681 */
1629 1682 bucket = hashval % dstate->dtds_hashsize;
1630 1683
1631 1684 if (op == DTRACE_DYNVAR_DEALLOC) {
1632 1685 volatile uintptr_t *lockp = &hash[bucket].dtdh_lock;
1633 1686
1634 1687 for (;;) {
1635 1688 while ((lock = *lockp) & 1)
1636 1689 continue;
1637 1690
1638 1691 if (dtrace_casptr((void *)lockp,
1639 1692 (void *)lock, (void *)(lock + 1)) == (void *)lock)
1640 1693 break;
1641 1694 }
1642 1695
1643 1696 dtrace_membar_producer();
1644 1697 }
1645 1698
1646 1699 top:
1647 1700 prev = NULL;
1648 1701 lock = hash[bucket].dtdh_lock;
1649 1702
1650 1703 dtrace_membar_consumer();
1651 1704
1652 1705 start = hash[bucket].dtdh_chain;
1653 1706 ASSERT(start != NULL && (start->dtdv_hashval == DTRACE_DYNHASH_SINK ||
1654 1707 start->dtdv_hashval != DTRACE_DYNHASH_FREE ||
1655 1708 op != DTRACE_DYNVAR_DEALLOC));
1656 1709
1657 1710 for (dvar = start; dvar != NULL; dvar = dvar->dtdv_next) {
1658 1711 dtrace_tuple_t *dtuple = &dvar->dtdv_tuple;
1659 1712 dtrace_key_t *dkey = &dtuple->dtt_key[0];
1660 1713
1661 1714 if (dvar->dtdv_hashval != hashval) {
1662 1715 if (dvar->dtdv_hashval == DTRACE_DYNHASH_SINK) {
1663 1716 /*
1664 1717 * We've reached the sink, and therefore the
1665 1718 * end of the hash chain; we can kick out of
1666 1719 * the loop knowing that we have seen a valid
1667 1720 * snapshot of state.
1668 1721 */
1669 1722 ASSERT(dvar->dtdv_next == NULL);
1670 1723 ASSERT(dvar == &dtrace_dynhash_sink);
1671 1724 break;
1672 1725 }
1673 1726
1674 1727 if (dvar->dtdv_hashval == DTRACE_DYNHASH_FREE) {
1675 1728 /*
1676 1729 * We've gone off the rails: somewhere along
1677 1730 * the line, one of the members of this hash
1678 1731 * chain was deleted. Note that we could also
1679 1732 * detect this by simply letting this loop run
1680 1733 * to completion, as we would eventually hit
1681 1734 * the end of the dirty list. However, we
1682 1735 * want to avoid running the length of the
1683 1736 * dirty list unnecessarily (it might be quite
1684 1737 * long), so we catch this as early as
1685 1738 * possible by detecting the hash marker. In
1686 1739 * this case, we simply set dvar to NULL and
1687 1740 * break; the conditional after the loop will
1688 1741 * send us back to top.
1689 1742 */
1690 1743 dvar = NULL;
1691 1744 break;
1692 1745 }
1693 1746
1694 1747 goto next;
1695 1748 }
1696 1749
1697 1750 if (dtuple->dtt_nkeys != nkeys)
1698 1751 goto next;
1699 1752
1700 1753 for (i = 0; i < nkeys; i++, dkey++) {
1701 1754 if (dkey->dttk_size != key[i].dttk_size)
1702 1755 goto next; /* size or type mismatch */
1703 1756
1704 1757 if (dkey->dttk_size != 0) {
1705 1758 if (dtrace_bcmp(
1706 1759 (void *)(uintptr_t)key[i].dttk_value,
1707 1760 (void *)(uintptr_t)dkey->dttk_value,
1708 1761 dkey->dttk_size))
1709 1762 goto next;
1710 1763 } else {
1711 1764 if (dkey->dttk_value != key[i].dttk_value)
1712 1765 goto next;
1713 1766 }
1714 1767 }
1715 1768
1716 1769 if (op != DTRACE_DYNVAR_DEALLOC)
1717 1770 return (dvar);
1718 1771
1719 1772 ASSERT(dvar->dtdv_next == NULL ||
1720 1773 dvar->dtdv_next->dtdv_hashval != DTRACE_DYNHASH_FREE);
1721 1774
1722 1775 if (prev != NULL) {
1723 1776 ASSERT(hash[bucket].dtdh_chain != dvar);
1724 1777 ASSERT(start != dvar);
1725 1778 ASSERT(prev->dtdv_next == dvar);
1726 1779 prev->dtdv_next = dvar->dtdv_next;
1727 1780 } else {
1728 1781 if (dtrace_casptr(&hash[bucket].dtdh_chain,
1729 1782 start, dvar->dtdv_next) != start) {
1730 1783 /*
1731 1784 * We have failed to atomically swing the
1732 1785 * hash table head pointer, presumably because
1733 1786 * of a conflicting allocation on another CPU.
1734 1787 * We need to reread the hash chain and try
1735 1788 * again.
1736 1789 */
1737 1790 goto top;
1738 1791 }
1739 1792 }
1740 1793
1741 1794 dtrace_membar_producer();
1742 1795
1743 1796 /*
1744 1797 * Now set the hash value to indicate that it's free.
1745 1798 */
1746 1799 ASSERT(hash[bucket].dtdh_chain != dvar);
1747 1800 dvar->dtdv_hashval = DTRACE_DYNHASH_FREE;
1748 1801
1749 1802 dtrace_membar_producer();
1750 1803
1751 1804 /*
1752 1805 * Set the next pointer to point at the dirty list, and
1753 1806 * atomically swing the dirty pointer to the newly freed dvar.
1754 1807 */
1755 1808 do {
1756 1809 next = dcpu->dtdsc_dirty;
1757 1810 dvar->dtdv_next = next;
1758 1811 } while (dtrace_casptr(&dcpu->dtdsc_dirty, next, dvar) != next);
1759 1812
1760 1813 /*
1761 1814 * Finally, unlock this hash bucket.
1762 1815 */
1763 1816 ASSERT(hash[bucket].dtdh_lock == lock);
1764 1817 ASSERT(lock & 1);
1765 1818 hash[bucket].dtdh_lock++;
1766 1819
1767 1820 return (NULL);
1768 1821 next:
1769 1822 prev = dvar;
1770 1823 continue;
1771 1824 }
1772 1825
1773 1826 if (dvar == NULL) {
1774 1827 /*
1775 1828 * If dvar is NULL, it is because we went off the rails:
1776 1829 * one of the elements that we traversed in the hash chain
1777 1830 * was deleted while we were traversing it. In this case,
1778 1831 * we assert that we aren't doing a dealloc (deallocs lock
1779 1832 * the hash bucket to prevent themselves from racing with
1780 1833 * one another), and retry the hash chain traversal.
1781 1834 */
1782 1835 ASSERT(op != DTRACE_DYNVAR_DEALLOC);
1783 1836 goto top;
1784 1837 }
1785 1838
1786 1839 if (op != DTRACE_DYNVAR_ALLOC) {
1787 1840 /*
1788 1841 * If we are not to allocate a new variable, we want to
1789 1842 * return NULL now. Before we return, check that the value
1790 1843 * of the lock word hasn't changed. If it has, we may have
1791 1844 * seen an inconsistent snapshot.
1792 1845 */
1793 1846 if (op == DTRACE_DYNVAR_NOALLOC) {
1794 1847 if (hash[bucket].dtdh_lock != lock)
1795 1848 goto top;
1796 1849 } else {
1797 1850 ASSERT(op == DTRACE_DYNVAR_DEALLOC);
1798 1851 ASSERT(hash[bucket].dtdh_lock == lock);
1799 1852 ASSERT(lock & 1);
1800 1853 hash[bucket].dtdh_lock++;
1801 1854 }
1802 1855
1803 1856 return (NULL);
1804 1857 }
1805 1858
1806 1859 /*
1807 1860 * We need to allocate a new dynamic variable. The size we need is the
1808 1861 * size of dtrace_dynvar plus the size of nkeys dtrace_key_t's plus the
1809 1862 * size of any auxiliary key data (rounded up to 8-byte alignment) plus
1810 1863 * the size of any referred-to data (dsize). We then round the final
1811 1864 * size up to the chunksize for allocation.
1812 1865 */
1813 1866 for (ksize = 0, i = 0; i < nkeys; i++)
1814 1867 ksize += P2ROUNDUP(key[i].dttk_size, sizeof (uint64_t));
1815 1868
1816 1869 /*
1817 1870 * This should be pretty much impossible, but could happen if, say,
1818 1871 * strange DIF specified the tuple. Ideally, this should be an
1819 1872 * assertion and not an error condition -- but that requires that the
1820 1873 * chunksize calculation in dtrace_difo_chunksize() be absolutely
1821 1874 * bullet-proof. (That is, it must not be able to be fooled by
1822 1875 * malicious DIF.) Given the lack of backwards branches in DIF,
1823 1876 * solving this would presumably not amount to solving the Halting
1824 1877 * Problem -- but it still seems awfully hard.
1825 1878 */
1826 1879 if (sizeof (dtrace_dynvar_t) + sizeof (dtrace_key_t) * (nkeys - 1) +
1827 1880 ksize + dsize > chunksize) {
1828 1881 dcpu->dtdsc_drops++;
1829 1882 return (NULL);
1830 1883 }
1831 1884
1832 1885 nstate = DTRACE_DSTATE_EMPTY;
1833 1886
1834 1887 do {
1835 1888 retry:
1836 1889 free = dcpu->dtdsc_free;
1837 1890
1838 1891 if (free == NULL) {
1839 1892 dtrace_dynvar_t *clean = dcpu->dtdsc_clean;
1840 1893 void *rval;
1841 1894
1842 1895 if (clean == NULL) {
1843 1896 /*
1844 1897 * We're out of dynamic variable space on
1845 1898 * this CPU. Unless we have tried all CPUs,
1846 1899 * we'll try to allocate from a different
1847 1900 * CPU.
1848 1901 */
1849 1902 switch (dstate->dtds_state) {
1850 1903 case DTRACE_DSTATE_CLEAN: {
1851 1904 void *sp = &dstate->dtds_state;
1852 1905
1853 1906 if (++cpu >= NCPU)
1854 1907 cpu = 0;
1855 1908
1856 1909 if (dcpu->dtdsc_dirty != NULL &&
1857 1910 nstate == DTRACE_DSTATE_EMPTY)
1858 1911 nstate = DTRACE_DSTATE_DIRTY;
1859 1912
1860 1913 if (dcpu->dtdsc_rinsing != NULL)
1861 1914 nstate = DTRACE_DSTATE_RINSING;
1862 1915
1863 1916 dcpu = &dstate->dtds_percpu[cpu];
1864 1917
1865 1918 if (cpu != me)
1866 1919 goto retry;
1867 1920
1868 1921 (void) dtrace_cas32(sp,
1869 1922 DTRACE_DSTATE_CLEAN, nstate);
1870 1923
1871 1924 /*
1872 1925 * To increment the correct bean
1873 1926 * counter, take another lap.
1874 1927 */
1875 1928 goto retry;
1876 1929 }
1877 1930
1878 1931 case DTRACE_DSTATE_DIRTY:
1879 1932 dcpu->dtdsc_dirty_drops++;
1880 1933 break;
1881 1934
1882 1935 case DTRACE_DSTATE_RINSING:
1883 1936 dcpu->dtdsc_rinsing_drops++;
1884 1937 break;
1885 1938
1886 1939 case DTRACE_DSTATE_EMPTY:
1887 1940 dcpu->dtdsc_drops++;
1888 1941 break;
1889 1942 }
1890 1943
1891 1944 DTRACE_CPUFLAG_SET(CPU_DTRACE_DROP);
1892 1945 return (NULL);
1893 1946 }
1894 1947
1895 1948 /*
1896 1949 * The clean list appears to be non-empty. We want to
1897 1950 * move the clean list to the free list; we start by
1898 1951 * moving the clean pointer aside.
1899 1952 */
1900 1953 if (dtrace_casptr(&dcpu->dtdsc_clean,
1901 1954 clean, NULL) != clean) {
1902 1955 /*
1903 1956 * We are in one of two situations:
1904 1957 *
1905 1958 * (a) The clean list was switched to the
1906 1959 * free list by another CPU.
1907 1960 *
1908 1961 * (b) The clean list was added to by the
1909 1962 * cleansing cyclic.
1910 1963 *
1911 1964 * In either of these situations, we can
1912 1965 * just reattempt the free list allocation.
1913 1966 */
1914 1967 goto retry;
1915 1968 }
1916 1969
1917 1970 ASSERT(clean->dtdv_hashval == DTRACE_DYNHASH_FREE);
1918 1971
1919 1972 /*
1920 1973 * Now we'll move the clean list to our free list.
1921 1974 * It's impossible for this to fail: the only way
1922 1975 * the free list can be updated is through this
1923 1976 * code path, and only one CPU can own the clean list.
1924 1977 * Thus, it would only be possible for this to fail if
1925 1978 * this code were racing with dtrace_dynvar_clean().
1926 1979 * (That is, if dtrace_dynvar_clean() updated the clean
1927 1980 * list, and we ended up racing to update the free
1928 1981 * list.) This race is prevented by the dtrace_sync()
1929 1982 * in dtrace_dynvar_clean() -- which flushes the
1930 1983 * owners of the clean lists out before resetting
1931 1984 * the clean lists.
1932 1985 */
1933 1986 dcpu = &dstate->dtds_percpu[me];
1934 1987 rval = dtrace_casptr(&dcpu->dtdsc_free, NULL, clean);
1935 1988 ASSERT(rval == NULL);
1936 1989 goto retry;
1937 1990 }
1938 1991
1939 1992 dvar = free;
1940 1993 new_free = dvar->dtdv_next;
1941 1994 } while (dtrace_casptr(&dcpu->dtdsc_free, free, new_free) != free);
1942 1995
1943 1996 /*
1944 1997 * We have now allocated a new chunk. We copy the tuple keys into the
1945 1998 * tuple array and copy any referenced key data into the data space
1946 1999 * following the tuple array. As we do this, we relocate dttk_value
1947 2000 * in the final tuple to point to the key data address in the chunk.
1948 2001 */
1949 2002 kdata = (uintptr_t)&dvar->dtdv_tuple.dtt_key[nkeys];
1950 2003 dvar->dtdv_data = (void *)(kdata + ksize);
1951 2004 dvar->dtdv_tuple.dtt_nkeys = nkeys;
1952 2005
1953 2006 for (i = 0; i < nkeys; i++) {
1954 2007 dtrace_key_t *dkey = &dvar->dtdv_tuple.dtt_key[i];
1955 2008 size_t kesize = key[i].dttk_size;
1956 2009
1957 2010 if (kesize != 0) {
1958 2011 dtrace_bcopy(
1959 2012 (const void *)(uintptr_t)key[i].dttk_value,
1960 2013 (void *)kdata, kesize);
1961 2014 dkey->dttk_value = kdata;
1962 2015 kdata += P2ROUNDUP(kesize, sizeof (uint64_t));
1963 2016 } else {
1964 2017 dkey->dttk_value = key[i].dttk_value;
1965 2018 }
1966 2019
1967 2020 dkey->dttk_size = kesize;
1968 2021 }
1969 2022
1970 2023 ASSERT(dvar->dtdv_hashval == DTRACE_DYNHASH_FREE);
1971 2024 dvar->dtdv_hashval = hashval;
1972 2025 dvar->dtdv_next = start;
1973 2026
1974 2027 if (dtrace_casptr(&hash[bucket].dtdh_chain, start, dvar) == start)
1975 2028 return (dvar);
1976 2029
1977 2030 /*
1978 2031 * The cas has failed. Either another CPU is adding an element to
1979 2032 * this hash chain, or another CPU is deleting an element from this
1980 2033 * hash chain. The simplest way to deal with both of these cases
1981 2034 * (though not necessarily the most efficient) is to free our
1982 2035 * allocated block and tail-call ourselves. Note that the free is
1983 2036 * to the dirty list and _not_ to the free list. This is to prevent
1984 2037 * races with allocators, above.
1985 2038 */
1986 2039 dvar->dtdv_hashval = DTRACE_DYNHASH_FREE;
1987 2040
1988 2041 dtrace_membar_producer();
1989 2042
1990 2043 do {
1991 2044 free = dcpu->dtdsc_dirty;
1992 2045 dvar->dtdv_next = free;
1993 2046 } while (dtrace_casptr(&dcpu->dtdsc_dirty, free, dvar) != free);
1994 2047
1995 2048 return (dtrace_dynvar(dstate, nkeys, key, dsize, op, mstate, vstate));
1996 2049 }
1997 2050
1998 2051 /*ARGSUSED*/
1999 2052 static void
2000 2053 dtrace_aggregate_min(uint64_t *oval, uint64_t nval, uint64_t arg)
2001 2054 {
2002 2055 if ((int64_t)nval < (int64_t)*oval)
2003 2056 *oval = nval;
2004 2057 }
2005 2058
2006 2059 /*ARGSUSED*/
2007 2060 static void
2008 2061 dtrace_aggregate_max(uint64_t *oval, uint64_t nval, uint64_t arg)
2009 2062 {
2010 2063 if ((int64_t)nval > (int64_t)*oval)
2011 2064 *oval = nval;
2012 2065 }
2013 2066
2014 2067 static void
2015 2068 dtrace_aggregate_quantize(uint64_t *quanta, uint64_t nval, uint64_t incr)
2016 2069 {
2017 2070 int i, zero = DTRACE_QUANTIZE_ZEROBUCKET;
2018 2071 int64_t val = (int64_t)nval;
2019 2072
2020 2073 if (val < 0) {
2021 2074 for (i = 0; i < zero; i++) {
2022 2075 if (val <= DTRACE_QUANTIZE_BUCKETVAL(i)) {
2023 2076 quanta[i] += incr;
2024 2077 return;
2025 2078 }
2026 2079 }
2027 2080 } else {
2028 2081 for (i = zero + 1; i < DTRACE_QUANTIZE_NBUCKETS; i++) {
2029 2082 if (val < DTRACE_QUANTIZE_BUCKETVAL(i)) {
2030 2083 quanta[i - 1] += incr;
2031 2084 return;
2032 2085 }
2033 2086 }
2034 2087
2035 2088 quanta[DTRACE_QUANTIZE_NBUCKETS - 1] += incr;
2036 2089 return;
2037 2090 }
2038 2091
2039 2092 ASSERT(0);
2040 2093 }
2041 2094
2042 2095 static void
2043 2096 dtrace_aggregate_lquantize(uint64_t *lquanta, uint64_t nval, uint64_t incr)
2044 2097 {
2045 2098 uint64_t arg = *lquanta++;
2046 2099 int32_t base = DTRACE_LQUANTIZE_BASE(arg);
2047 2100 uint16_t step = DTRACE_LQUANTIZE_STEP(arg);
2048 2101 uint16_t levels = DTRACE_LQUANTIZE_LEVELS(arg);
2049 2102 int32_t val = (int32_t)nval, level;
2050 2103
2051 2104 ASSERT(step != 0);
2052 2105 ASSERT(levels != 0);
2053 2106
2054 2107 if (val < base) {
2055 2108 /*
2056 2109 * This is an underflow.
2057 2110 */
2058 2111 lquanta[0] += incr;
2059 2112 return;
2060 2113 }
2061 2114
2062 2115 level = (val - base) / step;
2063 2116
2064 2117 if (level < levels) {
2065 2118 lquanta[level + 1] += incr;
2066 2119 return;
2067 2120 }
2068 2121
2069 2122 /*
2070 2123 * This is an overflow.
2071 2124 */
2072 2125 lquanta[levels + 1] += incr;
2073 2126 }
2074 2127
2075 2128 static int
2076 2129 dtrace_aggregate_llquantize_bucket(uint16_t factor, uint16_t low,
2077 2130 uint16_t high, uint16_t nsteps, int64_t value)
2078 2131 {
2079 2132 int64_t this = 1, last, next;
2080 2133 int base = 1, order;
2081 2134
2082 2135 ASSERT(factor <= nsteps);
2083 2136 ASSERT(nsteps % factor == 0);
2084 2137
2085 2138 for (order = 0; order < low; order++)
2086 2139 this *= factor;
2087 2140
2088 2141 /*
2089 2142 * If our value is less than our factor taken to the power of the
2090 2143 * low order of magnitude, it goes into the zeroth bucket.
2091 2144 */
2092 2145 if (value < (last = this))
2093 2146 return (0);
2094 2147
2095 2148 for (this *= factor; order <= high; order++) {
2096 2149 int nbuckets = this > nsteps ? nsteps : this;
2097 2150
2098 2151 if ((next = this * factor) < this) {
2099 2152 /*
2100 2153 * We should not generally get log/linear quantizations
2101 2154 * with a high magnitude that allows 64-bits to
2102 2155 * overflow, but we nonetheless protect against this
2103 2156 * by explicitly checking for overflow, and clamping
2104 2157 * our value accordingly.
2105 2158 */
2106 2159 value = this - 1;
2107 2160 }
2108 2161
2109 2162 if (value < this) {
2110 2163 /*
2111 2164 * If our value lies within this order of magnitude,
2112 2165 * determine its position by taking the offset within
2113 2166 * the order of magnitude, dividing by the bucket
2114 2167 * width, and adding to our (accumulated) base.
2115 2168 */
2116 2169 return (base + (value - last) / (this / nbuckets));
2117 2170 }
2118 2171
2119 2172 base += nbuckets - (nbuckets / factor);
2120 2173 last = this;
2121 2174 this = next;
2122 2175 }
2123 2176
2124 2177 /*
2125 2178 * Our value is greater than or equal to our factor taken to the
2126 2179 * power of one plus the high magnitude -- return the top bucket.
2127 2180 */
2128 2181 return (base);
2129 2182 }
2130 2183
2131 2184 static void
2132 2185 dtrace_aggregate_llquantize(uint64_t *llquanta, uint64_t nval, uint64_t incr)
2133 2186 {
2134 2187 uint64_t arg = *llquanta++;
2135 2188 uint16_t factor = DTRACE_LLQUANTIZE_FACTOR(arg);
2136 2189 uint16_t low = DTRACE_LLQUANTIZE_LOW(arg);
2137 2190 uint16_t high = DTRACE_LLQUANTIZE_HIGH(arg);
2138 2191 uint16_t nsteps = DTRACE_LLQUANTIZE_NSTEP(arg);
2139 2192
2140 2193 llquanta[dtrace_aggregate_llquantize_bucket(factor,
2141 2194 low, high, nsteps, nval)] += incr;
2142 2195 }
2143 2196
2144 2197 /*ARGSUSED*/
2145 2198 static void
2146 2199 dtrace_aggregate_avg(uint64_t *data, uint64_t nval, uint64_t arg)
2147 2200 {
2148 2201 data[0]++;
2149 2202 data[1] += nval;
2150 2203 }
2151 2204
2152 2205 /*ARGSUSED*/
2153 2206 static void
2154 2207 dtrace_aggregate_stddev(uint64_t *data, uint64_t nval, uint64_t arg)
2155 2208 {
2156 2209 int64_t snval = (int64_t)nval;
2157 2210 uint64_t tmp[2];
2158 2211
2159 2212 data[0]++;
2160 2213 data[1] += nval;
2161 2214
2162 2215 /*
2163 2216 * What we want to say here is:
2164 2217 *
2165 2218 * data[2] += nval * nval;
2166 2219 *
2167 2220 * But given that nval is 64-bit, we could easily overflow, so
2168 2221 * we do this as 128-bit arithmetic.
2169 2222 */
2170 2223 if (snval < 0)
2171 2224 snval = -snval;
2172 2225
2173 2226 dtrace_multiply_128((uint64_t)snval, (uint64_t)snval, tmp);
2174 2227 dtrace_add_128(data + 2, tmp, data + 2);
2175 2228 }
2176 2229
2177 2230 /*ARGSUSED*/
2178 2231 static void
2179 2232 dtrace_aggregate_count(uint64_t *oval, uint64_t nval, uint64_t arg)
2180 2233 {
2181 2234 *oval = *oval + 1;
2182 2235 }
2183 2236
2184 2237 /*ARGSUSED*/
2185 2238 static void
2186 2239 dtrace_aggregate_sum(uint64_t *oval, uint64_t nval, uint64_t arg)
2187 2240 {
2188 2241 *oval += nval;
2189 2242 }
2190 2243
2191 2244 /*
2192 2245 * Aggregate given the tuple in the principal data buffer, and the aggregating
2193 2246 * action denoted by the specified dtrace_aggregation_t. The aggregation
2194 2247 * buffer is specified as the buf parameter. This routine does not return
2195 2248 * failure; if there is no space in the aggregation buffer, the data will be
2196 2249 * dropped, and a corresponding counter incremented.
2197 2250 */
2198 2251 static void
2199 2252 dtrace_aggregate(dtrace_aggregation_t *agg, dtrace_buffer_t *dbuf,
2200 2253 intptr_t offset, dtrace_buffer_t *buf, uint64_t expr, uint64_t arg)
2201 2254 {
2202 2255 dtrace_recdesc_t *rec = &agg->dtag_action.dta_rec;
2203 2256 uint32_t i, ndx, size, fsize;
2204 2257 uint32_t align = sizeof (uint64_t) - 1;
2205 2258 dtrace_aggbuffer_t *agb;
2206 2259 dtrace_aggkey_t *key;
2207 2260 uint32_t hashval = 0, limit, isstr;
2208 2261 caddr_t tomax, data, kdata;
2209 2262 dtrace_actkind_t action;
2210 2263 dtrace_action_t *act;
2211 2264 uintptr_t offs;
2212 2265
2213 2266 if (buf == NULL)
2214 2267 return;
2215 2268
2216 2269 if (!agg->dtag_hasarg) {
2217 2270 /*
2218 2271 * Currently, only quantize() and lquantize() take additional
2219 2272 * arguments, and they have the same semantics: an increment
2220 2273 * value that defaults to 1 when not present. If additional
2221 2274 * aggregating actions take arguments, the setting of the
2222 2275 * default argument value will presumably have to become more
2223 2276 * sophisticated...
2224 2277 */
2225 2278 arg = 1;
2226 2279 }
2227 2280
2228 2281 action = agg->dtag_action.dta_kind - DTRACEACT_AGGREGATION;
2229 2282 size = rec->dtrd_offset - agg->dtag_base;
2230 2283 fsize = size + rec->dtrd_size;
2231 2284
2232 2285 ASSERT(dbuf->dtb_tomax != NULL);
2233 2286 data = dbuf->dtb_tomax + offset + agg->dtag_base;
2234 2287
2235 2288 if ((tomax = buf->dtb_tomax) == NULL) {
2236 2289 dtrace_buffer_drop(buf);
2237 2290 return;
2238 2291 }
2239 2292
2240 2293 /*
2241 2294 * The metastructure is always at the bottom of the buffer.
2242 2295 */
2243 2296 agb = (dtrace_aggbuffer_t *)(tomax + buf->dtb_size -
2244 2297 sizeof (dtrace_aggbuffer_t));
2245 2298
2246 2299 if (buf->dtb_offset == 0) {
2247 2300 /*
2248 2301 * We just kludge up approximately 1/8th of the size to be
2249 2302 * buckets. If this guess ends up being routinely
2250 2303 * off-the-mark, we may need to dynamically readjust this
2251 2304 * based on past performance.
2252 2305 */
2253 2306 uintptr_t hashsize = (buf->dtb_size >> 3) / sizeof (uintptr_t);
2254 2307
2255 2308 if ((uintptr_t)agb - hashsize * sizeof (dtrace_aggkey_t *) <
2256 2309 (uintptr_t)tomax || hashsize == 0) {
2257 2310 /*
2258 2311 * We've been given a ludicrously small buffer;
2259 2312 * increment our drop count and leave.
2260 2313 */
2261 2314 dtrace_buffer_drop(buf);
2262 2315 return;
2263 2316 }
2264 2317
2265 2318 /*
2266 2319 * And now, a pathetic attempt to try to get a an odd (or
2267 2320 * perchance, a prime) hash size for better hash distribution.
2268 2321 */
2269 2322 if (hashsize > (DTRACE_AGGHASHSIZE_SLEW << 3))
2270 2323 hashsize -= DTRACE_AGGHASHSIZE_SLEW;
2271 2324
2272 2325 agb->dtagb_hashsize = hashsize;
2273 2326 agb->dtagb_hash = (dtrace_aggkey_t **)((uintptr_t)agb -
2274 2327 agb->dtagb_hashsize * sizeof (dtrace_aggkey_t *));
2275 2328 agb->dtagb_free = (uintptr_t)agb->dtagb_hash;
2276 2329
2277 2330 for (i = 0; i < agb->dtagb_hashsize; i++)
2278 2331 agb->dtagb_hash[i] = NULL;
2279 2332 }
2280 2333
2281 2334 ASSERT(agg->dtag_first != NULL);
2282 2335 ASSERT(agg->dtag_first->dta_intuple);
2283 2336
2284 2337 /*
2285 2338 * Calculate the hash value based on the key. Note that we _don't_
2286 2339 * include the aggid in the hashing (but we will store it as part of
2287 2340 * the key). The hashing algorithm is Bob Jenkins' "One-at-a-time"
2288 2341 * algorithm: a simple, quick algorithm that has no known funnels, and
2289 2342 * gets good distribution in practice. The efficacy of the hashing
2290 2343 * algorithm (and a comparison with other algorithms) may be found by
2291 2344 * running the ::dtrace_aggstat MDB dcmd.
2292 2345 */
2293 2346 for (act = agg->dtag_first; act->dta_intuple; act = act->dta_next) {
2294 2347 i = act->dta_rec.dtrd_offset - agg->dtag_base;
2295 2348 limit = i + act->dta_rec.dtrd_size;
2296 2349 ASSERT(limit <= size);
2297 2350 isstr = DTRACEACT_ISSTRING(act);
2298 2351
2299 2352 for (; i < limit; i++) {
2300 2353 hashval += data[i];
2301 2354 hashval += (hashval << 10);
2302 2355 hashval ^= (hashval >> 6);
2303 2356
2304 2357 if (isstr && data[i] == '\0')
2305 2358 break;
2306 2359 }
2307 2360 }
2308 2361
2309 2362 hashval += (hashval << 3);
2310 2363 hashval ^= (hashval >> 11);
2311 2364 hashval += (hashval << 15);
2312 2365
2313 2366 /*
2314 2367 * Yes, the divide here is expensive -- but it's generally the least
2315 2368 * of the performance issues given the amount of data that we iterate
2316 2369 * over to compute hash values, compare data, etc.
2317 2370 */
2318 2371 ndx = hashval % agb->dtagb_hashsize;
2319 2372
2320 2373 for (key = agb->dtagb_hash[ndx]; key != NULL; key = key->dtak_next) {
2321 2374 ASSERT((caddr_t)key >= tomax);
2322 2375 ASSERT((caddr_t)key < tomax + buf->dtb_size);
2323 2376
2324 2377 if (hashval != key->dtak_hashval || key->dtak_size != size)
2325 2378 continue;
2326 2379
2327 2380 kdata = key->dtak_data;
2328 2381 ASSERT(kdata >= tomax && kdata < tomax + buf->dtb_size);
2329 2382
2330 2383 for (act = agg->dtag_first; act->dta_intuple;
2331 2384 act = act->dta_next) {
2332 2385 i = act->dta_rec.dtrd_offset - agg->dtag_base;
2333 2386 limit = i + act->dta_rec.dtrd_size;
2334 2387 ASSERT(limit <= size);
2335 2388 isstr = DTRACEACT_ISSTRING(act);
2336 2389
2337 2390 for (; i < limit; i++) {
2338 2391 if (kdata[i] != data[i])
2339 2392 goto next;
2340 2393
2341 2394 if (isstr && data[i] == '\0')
2342 2395 break;
2343 2396 }
2344 2397 }
2345 2398
2346 2399 if (action != key->dtak_action) {
2347 2400 /*
2348 2401 * We are aggregating on the same value in the same
2349 2402 * aggregation with two different aggregating actions.
2350 2403 * (This should have been picked up in the compiler,
2351 2404 * so we may be dealing with errant or devious DIF.)
2352 2405 * This is an error condition; we indicate as much,
2353 2406 * and return.
2354 2407 */
2355 2408 DTRACE_CPUFLAG_SET(CPU_DTRACE_ILLOP);
2356 2409 return;
2357 2410 }
2358 2411
2359 2412 /*
2360 2413 * This is a hit: we need to apply the aggregator to
2361 2414 * the value at this key.
2362 2415 */
2363 2416 agg->dtag_aggregate((uint64_t *)(kdata + size), expr, arg);
2364 2417 return;
2365 2418 next:
2366 2419 continue;
2367 2420 }
2368 2421
2369 2422 /*
2370 2423 * We didn't find it. We need to allocate some zero-filled space,
2371 2424 * link it into the hash table appropriately, and apply the aggregator
2372 2425 * to the (zero-filled) value.
2373 2426 */
2374 2427 offs = buf->dtb_offset;
2375 2428 while (offs & (align - 1))
2376 2429 offs += sizeof (uint32_t);
2377 2430
2378 2431 /*
2379 2432 * If we don't have enough room to both allocate a new key _and_
2380 2433 * its associated data, increment the drop count and return.
2381 2434 */
2382 2435 if ((uintptr_t)tomax + offs + fsize >
2383 2436 agb->dtagb_free - sizeof (dtrace_aggkey_t)) {
2384 2437 dtrace_buffer_drop(buf);
2385 2438 return;
2386 2439 }
2387 2440
2388 2441 /*CONSTCOND*/
2389 2442 ASSERT(!(sizeof (dtrace_aggkey_t) & (sizeof (uintptr_t) - 1)));
2390 2443 key = (dtrace_aggkey_t *)(agb->dtagb_free - sizeof (dtrace_aggkey_t));
2391 2444 agb->dtagb_free -= sizeof (dtrace_aggkey_t);
2392 2445
2393 2446 key->dtak_data = kdata = tomax + offs;
2394 2447 buf->dtb_offset = offs + fsize;
2395 2448
2396 2449 /*
2397 2450 * Now copy the data across.
2398 2451 */
2399 2452 *((dtrace_aggid_t *)kdata) = agg->dtag_id;
2400 2453
2401 2454 for (i = sizeof (dtrace_aggid_t); i < size; i++)
2402 2455 kdata[i] = data[i];
2403 2456
2404 2457 /*
2405 2458 * Because strings are not zeroed out by default, we need to iterate
2406 2459 * looking for actions that store strings, and we need to explicitly
2407 2460 * pad these strings out with zeroes.
2408 2461 */
2409 2462 for (act = agg->dtag_first; act->dta_intuple; act = act->dta_next) {
2410 2463 int nul;
2411 2464
2412 2465 if (!DTRACEACT_ISSTRING(act))
2413 2466 continue;
2414 2467
2415 2468 i = act->dta_rec.dtrd_offset - agg->dtag_base;
2416 2469 limit = i + act->dta_rec.dtrd_size;
2417 2470 ASSERT(limit <= size);
2418 2471
2419 2472 for (nul = 0; i < limit; i++) {
2420 2473 if (nul) {
2421 2474 kdata[i] = '\0';
2422 2475 continue;
2423 2476 }
2424 2477
2425 2478 if (data[i] != '\0')
2426 2479 continue;
2427 2480
2428 2481 nul = 1;
2429 2482 }
2430 2483 }
2431 2484
2432 2485 for (i = size; i < fsize; i++)
2433 2486 kdata[i] = 0;
2434 2487
2435 2488 key->dtak_hashval = hashval;
2436 2489 key->dtak_size = size;
2437 2490 key->dtak_action = action;
2438 2491 key->dtak_next = agb->dtagb_hash[ndx];
2439 2492 agb->dtagb_hash[ndx] = key;
2440 2493
2441 2494 /*
2442 2495 * Finally, apply the aggregator.
2443 2496 */
2444 2497 *((uint64_t *)(key->dtak_data + size)) = agg->dtag_initial;
2445 2498 agg->dtag_aggregate((uint64_t *)(key->dtak_data + size), expr, arg);
2446 2499 }
2447 2500
2448 2501 /*
2449 2502 * Given consumer state, this routine finds a speculation in the INACTIVE
2450 2503 * state and transitions it into the ACTIVE state. If there is no speculation
2451 2504 * in the INACTIVE state, 0 is returned. In this case, no error counter is
2452 2505 * incremented -- it is up to the caller to take appropriate action.
2453 2506 */
2454 2507 static int
2455 2508 dtrace_speculation(dtrace_state_t *state)
2456 2509 {
2457 2510 int i = 0;
2458 2511 dtrace_speculation_state_t current;
2459 2512 uint32_t *stat = &state->dts_speculations_unavail, count;
2460 2513
2461 2514 while (i < state->dts_nspeculations) {
2462 2515 dtrace_speculation_t *spec = &state->dts_speculations[i];
2463 2516
2464 2517 current = spec->dtsp_state;
2465 2518
2466 2519 if (current != DTRACESPEC_INACTIVE) {
2467 2520 if (current == DTRACESPEC_COMMITTINGMANY ||
2468 2521 current == DTRACESPEC_COMMITTING ||
2469 2522 current == DTRACESPEC_DISCARDING)
2470 2523 stat = &state->dts_speculations_busy;
2471 2524 i++;
2472 2525 continue;
2473 2526 }
2474 2527
2475 2528 if (dtrace_cas32((uint32_t *)&spec->dtsp_state,
2476 2529 current, DTRACESPEC_ACTIVE) == current)
2477 2530 return (i + 1);
2478 2531 }
2479 2532
2480 2533 /*
2481 2534 * We couldn't find a speculation. If we found as much as a single
2482 2535 * busy speculation buffer, we'll attribute this failure as "busy"
2483 2536 * instead of "unavail".
2484 2537 */
2485 2538 do {
2486 2539 count = *stat;
2487 2540 } while (dtrace_cas32(stat, count, count + 1) != count);
2488 2541
2489 2542 return (0);
2490 2543 }
2491 2544
2492 2545 /*
2493 2546 * This routine commits an active speculation. If the specified speculation
2494 2547 * is not in a valid state to perform a commit(), this routine will silently do
2495 2548 * nothing. The state of the specified speculation is transitioned according
2496 2549 * to the state transition diagram outlined in <sys/dtrace_impl.h>
2497 2550 */
2498 2551 static void
2499 2552 dtrace_speculation_commit(dtrace_state_t *state, processorid_t cpu,
2500 2553 dtrace_specid_t which)
2501 2554 {
2502 2555 dtrace_speculation_t *spec;
2503 2556 dtrace_buffer_t *src, *dest;
2504 2557 uintptr_t daddr, saddr, dlimit, slimit;
2505 2558 dtrace_speculation_state_t current, new;
2506 2559 intptr_t offs;
2507 2560 uint64_t timestamp;
2508 2561
2509 2562 if (which == 0)
2510 2563 return;
2511 2564
2512 2565 if (which > state->dts_nspeculations) {
2513 2566 cpu_core[cpu].cpuc_dtrace_flags |= CPU_DTRACE_ILLOP;
2514 2567 return;
2515 2568 }
2516 2569
2517 2570 spec = &state->dts_speculations[which - 1];
2518 2571 src = &spec->dtsp_buffer[cpu];
2519 2572 dest = &state->dts_buffer[cpu];
2520 2573
2521 2574 do {
2522 2575 current = spec->dtsp_state;
2523 2576
2524 2577 if (current == DTRACESPEC_COMMITTINGMANY)
2525 2578 break;
2526 2579
2527 2580 switch (current) {
2528 2581 case DTRACESPEC_INACTIVE:
2529 2582 case DTRACESPEC_DISCARDING:
2530 2583 return;
2531 2584
2532 2585 case DTRACESPEC_COMMITTING:
2533 2586 /*
2534 2587 * This is only possible if we are (a) commit()'ing
2535 2588 * without having done a prior speculate() on this CPU
2536 2589 * and (b) racing with another commit() on a different
2537 2590 * CPU. There's nothing to do -- we just assert that
2538 2591 * our offset is 0.
2539 2592 */
2540 2593 ASSERT(src->dtb_offset == 0);
2541 2594 return;
2542 2595
2543 2596 case DTRACESPEC_ACTIVE:
2544 2597 new = DTRACESPEC_COMMITTING;
2545 2598 break;
2546 2599
2547 2600 case DTRACESPEC_ACTIVEONE:
2548 2601 /*
2549 2602 * This speculation is active on one CPU. If our
2550 2603 * buffer offset is non-zero, we know that the one CPU
2551 2604 * must be us. Otherwise, we are committing on a
2552 2605 * different CPU from the speculate(), and we must
2553 2606 * rely on being asynchronously cleaned.
2554 2607 */
2555 2608 if (src->dtb_offset != 0) {
2556 2609 new = DTRACESPEC_COMMITTING;
2557 2610 break;
2558 2611 }
2559 2612 /*FALLTHROUGH*/
2560 2613
2561 2614 case DTRACESPEC_ACTIVEMANY:
2562 2615 new = DTRACESPEC_COMMITTINGMANY;
2563 2616 break;
2564 2617
2565 2618 default:
2566 2619 ASSERT(0);
2567 2620 }
2568 2621 } while (dtrace_cas32((uint32_t *)&spec->dtsp_state,
2569 2622 current, new) != current);
2570 2623
2571 2624 /*
2572 2625 * We have set the state to indicate that we are committing this
2573 2626 * speculation. Now reserve the necessary space in the destination
2574 2627 * buffer.
2575 2628 */
2576 2629 if ((offs = dtrace_buffer_reserve(dest, src->dtb_offset,
2577 2630 sizeof (uint64_t), state, NULL)) < 0) {
2578 2631 dtrace_buffer_drop(dest);
2579 2632 goto out;
2580 2633 }
2581 2634
2582 2635 /*
2583 2636 * We have sufficient space to copy the speculative buffer into the
2584 2637 * primary buffer. First, modify the speculative buffer, filling
2585 2638 * in the timestamp of all entries with the current time. The data
2586 2639 * must have the commit() time rather than the time it was traced,
2587 2640 * so that all entries in the primary buffer are in timestamp order.
2588 2641 */
2589 2642 timestamp = dtrace_gethrtime();
2590 2643 saddr = (uintptr_t)src->dtb_tomax;
2591 2644 slimit = saddr + src->dtb_offset;
2592 2645 while (saddr < slimit) {
2593 2646 size_t size;
2594 2647 dtrace_rechdr_t *dtrh = (dtrace_rechdr_t *)saddr;
2595 2648
2596 2649 if (dtrh->dtrh_epid == DTRACE_EPIDNONE) {
2597 2650 saddr += sizeof (dtrace_epid_t);
2598 2651 continue;
2599 2652 }
2600 2653 ASSERT3U(dtrh->dtrh_epid, <=, state->dts_necbs);
2601 2654 size = state->dts_ecbs[dtrh->dtrh_epid - 1]->dte_size;
2602 2655
2603 2656 ASSERT3U(saddr + size, <=, slimit);
2604 2657 ASSERT3U(size, >=, sizeof (dtrace_rechdr_t));
2605 2658 ASSERT3U(DTRACE_RECORD_LOAD_TIMESTAMP(dtrh), ==, UINT64_MAX);
2606 2659
2607 2660 DTRACE_RECORD_STORE_TIMESTAMP(dtrh, timestamp);
2608 2661
2609 2662 saddr += size;
2610 2663 }
2611 2664
2612 2665 /*
2613 2666 * Copy the buffer across. (Note that this is a
2614 2667 * highly subobtimal bcopy(); in the unlikely event that this becomes
2615 2668 * a serious performance issue, a high-performance DTrace-specific
2616 2669 * bcopy() should obviously be invented.)
2617 2670 */
2618 2671 daddr = (uintptr_t)dest->dtb_tomax + offs;
2619 2672 dlimit = daddr + src->dtb_offset;
2620 2673 saddr = (uintptr_t)src->dtb_tomax;
2621 2674
2622 2675 /*
2623 2676 * First, the aligned portion.
2624 2677 */
2625 2678 while (dlimit - daddr >= sizeof (uint64_t)) {
2626 2679 *((uint64_t *)daddr) = *((uint64_t *)saddr);
2627 2680
2628 2681 daddr += sizeof (uint64_t);
2629 2682 saddr += sizeof (uint64_t);
2630 2683 }
2631 2684
2632 2685 /*
2633 2686 * Now any left-over bit...
2634 2687 */
2635 2688 while (dlimit - daddr)
2636 2689 *((uint8_t *)daddr++) = *((uint8_t *)saddr++);
2637 2690
2638 2691 /*
2639 2692 * Finally, commit the reserved space in the destination buffer.
2640 2693 */
2641 2694 dest->dtb_offset = offs + src->dtb_offset;
2642 2695
2643 2696 out:
2644 2697 /*
2645 2698 * If we're lucky enough to be the only active CPU on this speculation
2646 2699 * buffer, we can just set the state back to DTRACESPEC_INACTIVE.
2647 2700 */
2648 2701 if (current == DTRACESPEC_ACTIVE ||
2649 2702 (current == DTRACESPEC_ACTIVEONE && new == DTRACESPEC_COMMITTING)) {
2650 2703 uint32_t rval = dtrace_cas32((uint32_t *)&spec->dtsp_state,
2651 2704 DTRACESPEC_COMMITTING, DTRACESPEC_INACTIVE);
2652 2705
2653 2706 ASSERT(rval == DTRACESPEC_COMMITTING);
2654 2707 }
2655 2708
2656 2709 src->dtb_offset = 0;
2657 2710 src->dtb_xamot_drops += src->dtb_drops;
2658 2711 src->dtb_drops = 0;
2659 2712 }
2660 2713
2661 2714 /*
2662 2715 * This routine discards an active speculation. If the specified speculation
2663 2716 * is not in a valid state to perform a discard(), this routine will silently
2664 2717 * do nothing. The state of the specified speculation is transitioned
2665 2718 * according to the state transition diagram outlined in <sys/dtrace_impl.h>
2666 2719 */
2667 2720 static void
2668 2721 dtrace_speculation_discard(dtrace_state_t *state, processorid_t cpu,
2669 2722 dtrace_specid_t which)
2670 2723 {
2671 2724 dtrace_speculation_t *spec;
2672 2725 dtrace_speculation_state_t current, new;
2673 2726 dtrace_buffer_t *buf;
2674 2727
2675 2728 if (which == 0)
2676 2729 return;
2677 2730
2678 2731 if (which > state->dts_nspeculations) {
2679 2732 cpu_core[cpu].cpuc_dtrace_flags |= CPU_DTRACE_ILLOP;
2680 2733 return;
2681 2734 }
2682 2735
2683 2736 spec = &state->dts_speculations[which - 1];
2684 2737 buf = &spec->dtsp_buffer[cpu];
2685 2738
2686 2739 do {
2687 2740 current = spec->dtsp_state;
2688 2741
2689 2742 switch (current) {
2690 2743 case DTRACESPEC_INACTIVE:
2691 2744 case DTRACESPEC_COMMITTINGMANY:
2692 2745 case DTRACESPEC_COMMITTING:
2693 2746 case DTRACESPEC_DISCARDING:
2694 2747 return;
2695 2748
2696 2749 case DTRACESPEC_ACTIVE:
2697 2750 case DTRACESPEC_ACTIVEMANY:
2698 2751 new = DTRACESPEC_DISCARDING;
2699 2752 break;
2700 2753
2701 2754 case DTRACESPEC_ACTIVEONE:
2702 2755 if (buf->dtb_offset != 0) {
2703 2756 new = DTRACESPEC_INACTIVE;
2704 2757 } else {
2705 2758 new = DTRACESPEC_DISCARDING;
2706 2759 }
2707 2760 break;
2708 2761
2709 2762 default:
2710 2763 ASSERT(0);
2711 2764 }
2712 2765 } while (dtrace_cas32((uint32_t *)&spec->dtsp_state,
2713 2766 current, new) != current);
2714 2767
2715 2768 buf->dtb_offset = 0;
2716 2769 buf->dtb_drops = 0;
2717 2770 }
2718 2771
2719 2772 /*
2720 2773 * Note: not called from probe context. This function is called
2721 2774 * asynchronously from cross call context to clean any speculations that are
2722 2775 * in the COMMITTINGMANY or DISCARDING states. These speculations may not be
2723 2776 * transitioned back to the INACTIVE state until all CPUs have cleaned the
2724 2777 * speculation.
2725 2778 */
2726 2779 static void
2727 2780 dtrace_speculation_clean_here(dtrace_state_t *state)
2728 2781 {
2729 2782 dtrace_icookie_t cookie;
2730 2783 processorid_t cpu = CPU->cpu_id;
2731 2784 dtrace_buffer_t *dest = &state->dts_buffer[cpu];
2732 2785 dtrace_specid_t i;
2733 2786
2734 2787 cookie = dtrace_interrupt_disable();
2735 2788
2736 2789 if (dest->dtb_tomax == NULL) {
2737 2790 dtrace_interrupt_enable(cookie);
2738 2791 return;
2739 2792 }
2740 2793
2741 2794 for (i = 0; i < state->dts_nspeculations; i++) {
2742 2795 dtrace_speculation_t *spec = &state->dts_speculations[i];
2743 2796 dtrace_buffer_t *src = &spec->dtsp_buffer[cpu];
2744 2797
2745 2798 if (src->dtb_tomax == NULL)
2746 2799 continue;
2747 2800
2748 2801 if (spec->dtsp_state == DTRACESPEC_DISCARDING) {
2749 2802 src->dtb_offset = 0;
2750 2803 continue;
2751 2804 }
2752 2805
2753 2806 if (spec->dtsp_state != DTRACESPEC_COMMITTINGMANY)
2754 2807 continue;
2755 2808
2756 2809 if (src->dtb_offset == 0)
2757 2810 continue;
2758 2811
2759 2812 dtrace_speculation_commit(state, cpu, i + 1);
2760 2813 }
2761 2814
2762 2815 dtrace_interrupt_enable(cookie);
2763 2816 }
2764 2817
2765 2818 /*
2766 2819 * Note: not called from probe context. This function is called
2767 2820 * asynchronously (and at a regular interval) to clean any speculations that
2768 2821 * are in the COMMITTINGMANY or DISCARDING states. If it discovers that there
2769 2822 * is work to be done, it cross calls all CPUs to perform that work;
2770 2823 * COMMITMANY and DISCARDING speculations may not be transitioned back to the
2771 2824 * INACTIVE state until they have been cleaned by all CPUs.
2772 2825 */
2773 2826 static void
2774 2827 dtrace_speculation_clean(dtrace_state_t *state)
2775 2828 {
2776 2829 int work = 0, rv;
2777 2830 dtrace_specid_t i;
2778 2831
2779 2832 for (i = 0; i < state->dts_nspeculations; i++) {
2780 2833 dtrace_speculation_t *spec = &state->dts_speculations[i];
2781 2834
2782 2835 ASSERT(!spec->dtsp_cleaning);
2783 2836
2784 2837 if (spec->dtsp_state != DTRACESPEC_DISCARDING &&
2785 2838 spec->dtsp_state != DTRACESPEC_COMMITTINGMANY)
2786 2839 continue;
2787 2840
2788 2841 work++;
2789 2842 spec->dtsp_cleaning = 1;
2790 2843 }
2791 2844
2792 2845 if (!work)
2793 2846 return;
2794 2847
2795 2848 dtrace_xcall(DTRACE_CPUALL,
2796 2849 (dtrace_xcall_t)dtrace_speculation_clean_here, state);
2797 2850
2798 2851 /*
2799 2852 * We now know that all CPUs have committed or discarded their
2800 2853 * speculation buffers, as appropriate. We can now set the state
2801 2854 * to inactive.
2802 2855 */
2803 2856 for (i = 0; i < state->dts_nspeculations; i++) {
2804 2857 dtrace_speculation_t *spec = &state->dts_speculations[i];
2805 2858 dtrace_speculation_state_t current, new;
2806 2859
2807 2860 if (!spec->dtsp_cleaning)
2808 2861 continue;
2809 2862
2810 2863 current = spec->dtsp_state;
2811 2864 ASSERT(current == DTRACESPEC_DISCARDING ||
2812 2865 current == DTRACESPEC_COMMITTINGMANY);
2813 2866
2814 2867 new = DTRACESPEC_INACTIVE;
2815 2868
2816 2869 rv = dtrace_cas32((uint32_t *)&spec->dtsp_state, current, new);
2817 2870 ASSERT(rv == current);
2818 2871 spec->dtsp_cleaning = 0;
2819 2872 }
2820 2873 }
2821 2874
2822 2875 /*
2823 2876 * Called as part of a speculate() to get the speculative buffer associated
2824 2877 * with a given speculation. Returns NULL if the specified speculation is not
2825 2878 * in an ACTIVE state. If the speculation is in the ACTIVEONE state -- and
2826 2879 * the active CPU is not the specified CPU -- the speculation will be
2827 2880 * atomically transitioned into the ACTIVEMANY state.
2828 2881 */
2829 2882 static dtrace_buffer_t *
2830 2883 dtrace_speculation_buffer(dtrace_state_t *state, processorid_t cpuid,
2831 2884 dtrace_specid_t which)
2832 2885 {
2833 2886 dtrace_speculation_t *spec;
2834 2887 dtrace_speculation_state_t current, new;
2835 2888 dtrace_buffer_t *buf;
2836 2889
2837 2890 if (which == 0)
2838 2891 return (NULL);
2839 2892
2840 2893 if (which > state->dts_nspeculations) {
2841 2894 cpu_core[cpuid].cpuc_dtrace_flags |= CPU_DTRACE_ILLOP;
2842 2895 return (NULL);
2843 2896 }
2844 2897
2845 2898 spec = &state->dts_speculations[which - 1];
2846 2899 buf = &spec->dtsp_buffer[cpuid];
2847 2900
2848 2901 do {
2849 2902 current = spec->dtsp_state;
2850 2903
2851 2904 switch (current) {
2852 2905 case DTRACESPEC_INACTIVE:
2853 2906 case DTRACESPEC_COMMITTINGMANY:
2854 2907 case DTRACESPEC_DISCARDING:
2855 2908 return (NULL);
2856 2909
2857 2910 case DTRACESPEC_COMMITTING:
2858 2911 ASSERT(buf->dtb_offset == 0);
2859 2912 return (NULL);
2860 2913
2861 2914 case DTRACESPEC_ACTIVEONE:
2862 2915 /*
2863 2916 * This speculation is currently active on one CPU.
2864 2917 * Check the offset in the buffer; if it's non-zero,
2865 2918 * that CPU must be us (and we leave the state alone).
2866 2919 * If it's zero, assume that we're starting on a new
2867 2920 * CPU -- and change the state to indicate that the
2868 2921 * speculation is active on more than one CPU.
2869 2922 */
2870 2923 if (buf->dtb_offset != 0)
2871 2924 return (buf);
2872 2925
2873 2926 new = DTRACESPEC_ACTIVEMANY;
2874 2927 break;
2875 2928
2876 2929 case DTRACESPEC_ACTIVEMANY:
2877 2930 return (buf);
2878 2931
2879 2932 case DTRACESPEC_ACTIVE:
2880 2933 new = DTRACESPEC_ACTIVEONE;
2881 2934 break;
2882 2935
2883 2936 default:
2884 2937 ASSERT(0);
2885 2938 }
2886 2939 } while (dtrace_cas32((uint32_t *)&spec->dtsp_state,
2887 2940 current, new) != current);
2888 2941
2889 2942 ASSERT(new == DTRACESPEC_ACTIVEONE || new == DTRACESPEC_ACTIVEMANY);
2890 2943 return (buf);
2891 2944 }
2892 2945
2893 2946 /*
2894 2947 * Return a string. In the event that the user lacks the privilege to access
2895 2948 * arbitrary kernel memory, we copy the string out to scratch memory so that we
2896 2949 * don't fail access checking.
2897 2950 *
2898 2951 * dtrace_dif_variable() uses this routine as a helper for various
2899 2952 * builtin values such as 'execname' and 'probefunc.'
2900 2953 */
2901 2954 uintptr_t
2902 2955 dtrace_dif_varstr(uintptr_t addr, dtrace_state_t *state,
2903 2956 dtrace_mstate_t *mstate)
2904 2957 {
2905 2958 uint64_t size = state->dts_options[DTRACEOPT_STRSIZE];
2906 2959 uintptr_t ret;
2907 2960 size_t strsz;
2908 2961
2909 2962 /*
2910 2963 * The easy case: this probe is allowed to read all of memory, so
2911 2964 * we can just return this as a vanilla pointer.
2912 2965 */
2913 2966 if ((mstate->dtms_access & DTRACE_ACCESS_KERNEL) != 0)
2914 2967 return (addr);
2915 2968
2916 2969 /*
2917 2970 * This is the tougher case: we copy the string in question from
2918 2971 * kernel memory into scratch memory and return it that way: this
2919 2972 * ensures that we won't trip up when access checking tests the
2920 2973 * BYREF return value.
2921 2974 */
2922 2975 strsz = dtrace_strlen((char *)addr, size) + 1;
2923 2976
2924 2977 if (mstate->dtms_scratch_ptr + strsz >
2925 2978 mstate->dtms_scratch_base + mstate->dtms_scratch_size) {
2926 2979 DTRACE_CPUFLAG_SET(CPU_DTRACE_NOSCRATCH);
2927 2980 return (NULL);
2928 2981 }
2929 2982
2930 2983 dtrace_strcpy((const void *)addr, (void *)mstate->dtms_scratch_ptr,
2931 2984 strsz);
2932 2985 ret = mstate->dtms_scratch_ptr;
2933 2986 mstate->dtms_scratch_ptr += strsz;
2934 2987 return (ret);
2935 2988 }
2936 2989
2937 2990 /*
2938 2991 * This function implements the DIF emulator's variable lookups. The emulator
2939 2992 * passes a reserved variable identifier and optional built-in array index.
2940 2993 */
2941 2994 static uint64_t
2942 2995 dtrace_dif_variable(dtrace_mstate_t *mstate, dtrace_state_t *state, uint64_t v,
2943 2996 uint64_t ndx)
2944 2997 {
2945 2998 /*
2946 2999 * If we're accessing one of the uncached arguments, we'll turn this
2947 3000 * into a reference in the args array.
2948 3001 */
2949 3002 if (v >= DIF_VAR_ARG0 && v <= DIF_VAR_ARG9) {
2950 3003 ndx = v - DIF_VAR_ARG0;
2951 3004 v = DIF_VAR_ARGS;
2952 3005 }
2953 3006
2954 3007 switch (v) {
2955 3008 case DIF_VAR_ARGS:
2956 3009 if (!(mstate->dtms_access & DTRACE_ACCESS_ARGS)) {
2957 3010 cpu_core[CPU->cpu_id].cpuc_dtrace_flags |=
2958 3011 CPU_DTRACE_KPRIV;
2959 3012 return (0);
2960 3013 }
2961 3014
2962 3015 ASSERT(mstate->dtms_present & DTRACE_MSTATE_ARGS);
2963 3016 if (ndx >= sizeof (mstate->dtms_arg) /
2964 3017 sizeof (mstate->dtms_arg[0])) {
2965 3018 int aframes = mstate->dtms_probe->dtpr_aframes + 2;
2966 3019 dtrace_provider_t *pv;
2967 3020 uint64_t val;
2968 3021
2969 3022 pv = mstate->dtms_probe->dtpr_provider;
2970 3023 if (pv->dtpv_pops.dtps_getargval != NULL)
2971 3024 val = pv->dtpv_pops.dtps_getargval(pv->dtpv_arg,
2972 3025 mstate->dtms_probe->dtpr_id,
2973 3026 mstate->dtms_probe->dtpr_arg, ndx, aframes);
2974 3027 else
2975 3028 val = dtrace_getarg(ndx, aframes);
2976 3029
2977 3030 /*
2978 3031 * This is regrettably required to keep the compiler
2979 3032 * from tail-optimizing the call to dtrace_getarg().
2980 3033 * The condition always evaluates to true, but the
2981 3034 * compiler has no way of figuring that out a priori.
2982 3035 * (None of this would be necessary if the compiler
2983 3036 * could be relied upon to _always_ tail-optimize
2984 3037 * the call to dtrace_getarg() -- but it can't.)
2985 3038 */
2986 3039 if (mstate->dtms_probe != NULL)
2987 3040 return (val);
2988 3041
2989 3042 ASSERT(0);
2990 3043 }
2991 3044
2992 3045 return (mstate->dtms_arg[ndx]);
2993 3046
2994 3047 case DIF_VAR_UREGS: {
2995 3048 klwp_t *lwp;
2996 3049
2997 3050 if (!dtrace_priv_proc(state, mstate))
2998 3051 return (0);
2999 3052
3000 3053 if ((lwp = curthread->t_lwp) == NULL) {
3001 3054 DTRACE_CPUFLAG_SET(CPU_DTRACE_BADADDR);
3002 3055 cpu_core[CPU->cpu_id].cpuc_dtrace_illval = NULL;
3003 3056 return (0);
3004 3057 }
3005 3058
3006 3059 return (dtrace_getreg(lwp->lwp_regs, ndx));
3007 3060 }
3008 3061
3009 3062 case DIF_VAR_VMREGS: {
3010 3063 uint64_t rval;
3011 3064
3012 3065 if (!dtrace_priv_kernel(state))
3013 3066 return (0);
3014 3067
3015 3068 DTRACE_CPUFLAG_SET(CPU_DTRACE_NOFAULT);
3016 3069
3017 3070 rval = dtrace_getvmreg(ndx,
3018 3071 &cpu_core[CPU->cpu_id].cpuc_dtrace_flags);
3019 3072
3020 3073 DTRACE_CPUFLAG_CLEAR(CPU_DTRACE_NOFAULT);
3021 3074
3022 3075 return (rval);
3023 3076 }
3024 3077
3025 3078 case DIF_VAR_CURTHREAD:
3026 3079 if (!dtrace_priv_proc(state, mstate))
3027 3080 return (0);
3028 3081 return ((uint64_t)(uintptr_t)curthread);
3029 3082
3030 3083 case DIF_VAR_TIMESTAMP:
3031 3084 if (!(mstate->dtms_present & DTRACE_MSTATE_TIMESTAMP)) {
3032 3085 mstate->dtms_timestamp = dtrace_gethrtime();
3033 3086 mstate->dtms_present |= DTRACE_MSTATE_TIMESTAMP;
3034 3087 }
3035 3088 return (mstate->dtms_timestamp);
3036 3089
3037 3090 case DIF_VAR_VTIMESTAMP:
3038 3091 ASSERT(dtrace_vtime_references != 0);
3039 3092 return (curthread->t_dtrace_vtime);
3040 3093
3041 3094 case DIF_VAR_WALLTIMESTAMP:
3042 3095 if (!(mstate->dtms_present & DTRACE_MSTATE_WALLTIMESTAMP)) {
3043 3096 mstate->dtms_walltimestamp = dtrace_gethrestime();
3044 3097 mstate->dtms_present |= DTRACE_MSTATE_WALLTIMESTAMP;
3045 3098 }
3046 3099 return (mstate->dtms_walltimestamp);
3047 3100
3048 3101 case DIF_VAR_IPL:
3049 3102 if (!dtrace_priv_kernel(state))
3050 3103 return (0);
3051 3104 if (!(mstate->dtms_present & DTRACE_MSTATE_IPL)) {
3052 3105 mstate->dtms_ipl = dtrace_getipl();
3053 3106 mstate->dtms_present |= DTRACE_MSTATE_IPL;
3054 3107 }
3055 3108 return (mstate->dtms_ipl);
3056 3109
3057 3110 case DIF_VAR_EPID:
3058 3111 ASSERT(mstate->dtms_present & DTRACE_MSTATE_EPID);
3059 3112 return (mstate->dtms_epid);
3060 3113
3061 3114 case DIF_VAR_ID:
3062 3115 ASSERT(mstate->dtms_present & DTRACE_MSTATE_PROBE);
3063 3116 return (mstate->dtms_probe->dtpr_id);
3064 3117
3065 3118 case DIF_VAR_STACKDEPTH:
3066 3119 if (!dtrace_priv_kernel(state))
3067 3120 return (0);
3068 3121 if (!(mstate->dtms_present & DTRACE_MSTATE_STACKDEPTH)) {
3069 3122 int aframes = mstate->dtms_probe->dtpr_aframes + 2;
3070 3123
3071 3124 mstate->dtms_stackdepth = dtrace_getstackdepth(aframes);
3072 3125 mstate->dtms_present |= DTRACE_MSTATE_STACKDEPTH;
3073 3126 }
3074 3127 return (mstate->dtms_stackdepth);
3075 3128
3076 3129 case DIF_VAR_USTACKDEPTH:
3077 3130 if (!dtrace_priv_proc(state, mstate))
3078 3131 return (0);
3079 3132 if (!(mstate->dtms_present & DTRACE_MSTATE_USTACKDEPTH)) {
3080 3133 /*
3081 3134 * See comment in DIF_VAR_PID.
3082 3135 */
3083 3136 if (DTRACE_ANCHORED(mstate->dtms_probe) &&
3084 3137 CPU_ON_INTR(CPU)) {
3085 3138 mstate->dtms_ustackdepth = 0;
3086 3139 } else {
3087 3140 DTRACE_CPUFLAG_SET(CPU_DTRACE_NOFAULT);
3088 3141 mstate->dtms_ustackdepth =
3089 3142 dtrace_getustackdepth();
3090 3143 DTRACE_CPUFLAG_CLEAR(CPU_DTRACE_NOFAULT);
3091 3144 }
3092 3145 mstate->dtms_present |= DTRACE_MSTATE_USTACKDEPTH;
3093 3146 }
3094 3147 return (mstate->dtms_ustackdepth);
3095 3148
3096 3149 case DIF_VAR_CALLER:
3097 3150 if (!dtrace_priv_kernel(state))
3098 3151 return (0);
3099 3152 if (!(mstate->dtms_present & DTRACE_MSTATE_CALLER)) {
3100 3153 int aframes = mstate->dtms_probe->dtpr_aframes + 2;
3101 3154
3102 3155 if (!DTRACE_ANCHORED(mstate->dtms_probe)) {
3103 3156 /*
3104 3157 * If this is an unanchored probe, we are
3105 3158 * required to go through the slow path:
3106 3159 * dtrace_caller() only guarantees correct
3107 3160 * results for anchored probes.
3108 3161 */
3109 3162 pc_t caller[2];
3110 3163
3111 3164 dtrace_getpcstack(caller, 2, aframes,
3112 3165 (uint32_t *)(uintptr_t)mstate->dtms_arg[0]);
3113 3166 mstate->dtms_caller = caller[1];
3114 3167 } else if ((mstate->dtms_caller =
3115 3168 dtrace_caller(aframes)) == -1) {
3116 3169 /*
3117 3170 * We have failed to do this the quick way;
3118 3171 * we must resort to the slower approach of
3119 3172 * calling dtrace_getpcstack().
3120 3173 */
3121 3174 pc_t caller;
3122 3175
3123 3176 dtrace_getpcstack(&caller, 1, aframes, NULL);
3124 3177 mstate->dtms_caller = caller;
3125 3178 }
3126 3179
3127 3180 mstate->dtms_present |= DTRACE_MSTATE_CALLER;
3128 3181 }
3129 3182 return (mstate->dtms_caller);
3130 3183
3131 3184 case DIF_VAR_UCALLER:
3132 3185 if (!dtrace_priv_proc(state, mstate))
3133 3186 return (0);
3134 3187
3135 3188 if (!(mstate->dtms_present & DTRACE_MSTATE_UCALLER)) {
3136 3189 uint64_t ustack[3];
3137 3190
3138 3191 /*
3139 3192 * dtrace_getupcstack() fills in the first uint64_t
3140 3193 * with the current PID. The second uint64_t will
3141 3194 * be the program counter at user-level. The third
3142 3195 * uint64_t will contain the caller, which is what
3143 3196 * we're after.
3144 3197 */
3145 3198 ustack[2] = NULL;
3146 3199 DTRACE_CPUFLAG_SET(CPU_DTRACE_NOFAULT);
3147 3200 dtrace_getupcstack(ustack, 3);
3148 3201 DTRACE_CPUFLAG_CLEAR(CPU_DTRACE_NOFAULT);
3149 3202 mstate->dtms_ucaller = ustack[2];
3150 3203 mstate->dtms_present |= DTRACE_MSTATE_UCALLER;
3151 3204 }
3152 3205
3153 3206 return (mstate->dtms_ucaller);
3154 3207
3155 3208 case DIF_VAR_PROBEPROV:
3156 3209 ASSERT(mstate->dtms_present & DTRACE_MSTATE_PROBE);
3157 3210 return (dtrace_dif_varstr(
3158 3211 (uintptr_t)mstate->dtms_probe->dtpr_provider->dtpv_name,
3159 3212 state, mstate));
3160 3213
3161 3214 case DIF_VAR_PROBEMOD:
3162 3215 ASSERT(mstate->dtms_present & DTRACE_MSTATE_PROBE);
3163 3216 return (dtrace_dif_varstr(
3164 3217 (uintptr_t)mstate->dtms_probe->dtpr_mod,
3165 3218 state, mstate));
3166 3219
3167 3220 case DIF_VAR_PROBEFUNC:
3168 3221 ASSERT(mstate->dtms_present & DTRACE_MSTATE_PROBE);
3169 3222 return (dtrace_dif_varstr(
3170 3223 (uintptr_t)mstate->dtms_probe->dtpr_func,
3171 3224 state, mstate));
3172 3225
3173 3226 case DIF_VAR_PROBENAME:
3174 3227 ASSERT(mstate->dtms_present & DTRACE_MSTATE_PROBE);
3175 3228 return (dtrace_dif_varstr(
3176 3229 (uintptr_t)mstate->dtms_probe->dtpr_name,
3177 3230 state, mstate));
3178 3231
3179 3232 case DIF_VAR_PID:
3180 3233 if (!dtrace_priv_proc(state, mstate))
3181 3234 return (0);
3182 3235
3183 3236 /*
3184 3237 * Note that we are assuming that an unanchored probe is
3185 3238 * always due to a high-level interrupt. (And we're assuming
3186 3239 * that there is only a single high level interrupt.)
3187 3240 */
3188 3241 if (DTRACE_ANCHORED(mstate->dtms_probe) && CPU_ON_INTR(CPU))
3189 3242 return (pid0.pid_id);
3190 3243
3191 3244 /*
3192 3245 * It is always safe to dereference one's own t_procp pointer:
3193 3246 * it always points to a valid, allocated proc structure.
3194 3247 * Further, it is always safe to dereference the p_pidp member
3195 3248 * of one's own proc structure. (These are truisms becuase
3196 3249 * threads and processes don't clean up their own state --
3197 3250 * they leave that task to whomever reaps them.)
3198 3251 */
3199 3252 return ((uint64_t)curthread->t_procp->p_pidp->pid_id);
3200 3253
3201 3254 case DIF_VAR_PPID:
3202 3255 if (!dtrace_priv_proc(state, mstate))
3203 3256 return (0);
3204 3257
3205 3258 /*
3206 3259 * See comment in DIF_VAR_PID.
3207 3260 */
3208 3261 if (DTRACE_ANCHORED(mstate->dtms_probe) && CPU_ON_INTR(CPU))
3209 3262 return (pid0.pid_id);
3210 3263
3211 3264 /*
3212 3265 * It is always safe to dereference one's own t_procp pointer:
3213 3266 * it always points to a valid, allocated proc structure.
3214 3267 * (This is true because threads don't clean up their own
3215 3268 * state -- they leave that task to whomever reaps them.)
3216 3269 */
3217 3270 return ((uint64_t)curthread->t_procp->p_ppid);
3218 3271
3219 3272 case DIF_VAR_TID:
3220 3273 /*
3221 3274 * See comment in DIF_VAR_PID.
3222 3275 */
3223 3276 if (DTRACE_ANCHORED(mstate->dtms_probe) && CPU_ON_INTR(CPU))
3224 3277 return (0);
3225 3278
3226 3279 return ((uint64_t)curthread->t_tid);
3227 3280
3228 3281 case DIF_VAR_EXECNAME:
3229 3282 if (!dtrace_priv_proc(state, mstate))
3230 3283 return (0);
3231 3284
3232 3285 /*
3233 3286 * See comment in DIF_VAR_PID.
3234 3287 */
3235 3288 if (DTRACE_ANCHORED(mstate->dtms_probe) && CPU_ON_INTR(CPU))
3236 3289 return ((uint64_t)(uintptr_t)p0.p_user.u_comm);
3237 3290
3238 3291 /*
3239 3292 * It is always safe to dereference one's own t_procp pointer:
3240 3293 * it always points to a valid, allocated proc structure.
3241 3294 * (This is true because threads don't clean up their own
3242 3295 * state -- they leave that task to whomever reaps them.)
3243 3296 */
3244 3297 return (dtrace_dif_varstr(
3245 3298 (uintptr_t)curthread->t_procp->p_user.u_comm,
3246 3299 state, mstate));
3247 3300
3248 3301 case DIF_VAR_ZONENAME:
3249 3302 if (!dtrace_priv_proc(state, mstate))
3250 3303 return (0);
3251 3304
3252 3305 /*
3253 3306 * See comment in DIF_VAR_PID.
3254 3307 */
3255 3308 if (DTRACE_ANCHORED(mstate->dtms_probe) && CPU_ON_INTR(CPU))
3256 3309 return ((uint64_t)(uintptr_t)p0.p_zone->zone_name);
3257 3310
3258 3311 /*
3259 3312 * It is always safe to dereference one's own t_procp pointer:
3260 3313 * it always points to a valid, allocated proc structure.
3261 3314 * (This is true because threads don't clean up their own
3262 3315 * state -- they leave that task to whomever reaps them.)
3263 3316 */
3264 3317 return (dtrace_dif_varstr(
3265 3318 (uintptr_t)curthread->t_procp->p_zone->zone_name,
3266 3319 state, mstate));
3267 3320
3268 3321 case DIF_VAR_UID:
3269 3322 if (!dtrace_priv_proc(state, mstate))
3270 3323 return (0);
3271 3324
3272 3325 /*
3273 3326 * See comment in DIF_VAR_PID.
3274 3327 */
3275 3328 if (DTRACE_ANCHORED(mstate->dtms_probe) && CPU_ON_INTR(CPU))
3276 3329 return ((uint64_t)p0.p_cred->cr_uid);
3277 3330
3278 3331 /*
3279 3332 * It is always safe to dereference one's own t_procp pointer:
3280 3333 * it always points to a valid, allocated proc structure.
3281 3334 * (This is true because threads don't clean up their own
3282 3335 * state -- they leave that task to whomever reaps them.)
3283 3336 *
3284 3337 * Additionally, it is safe to dereference one's own process
3285 3338 * credential, since this is never NULL after process birth.
3286 3339 */
3287 3340 return ((uint64_t)curthread->t_procp->p_cred->cr_uid);
3288 3341
3289 3342 case DIF_VAR_GID:
3290 3343 if (!dtrace_priv_proc(state, mstate))
3291 3344 return (0);
3292 3345
3293 3346 /*
3294 3347 * See comment in DIF_VAR_PID.
3295 3348 */
3296 3349 if (DTRACE_ANCHORED(mstate->dtms_probe) && CPU_ON_INTR(CPU))
3297 3350 return ((uint64_t)p0.p_cred->cr_gid);
3298 3351
3299 3352 /*
3300 3353 * It is always safe to dereference one's own t_procp pointer:
3301 3354 * it always points to a valid, allocated proc structure.
3302 3355 * (This is true because threads don't clean up their own
3303 3356 * state -- they leave that task to whomever reaps them.)
3304 3357 *
3305 3358 * Additionally, it is safe to dereference one's own process
3306 3359 * credential, since this is never NULL after process birth.
3307 3360 */
3308 3361 return ((uint64_t)curthread->t_procp->p_cred->cr_gid);
3309 3362
3310 3363 case DIF_VAR_ERRNO: {
3311 3364 klwp_t *lwp;
3312 3365 if (!dtrace_priv_proc(state, mstate))
3313 3366 return (0);
3314 3367
3315 3368 /*
3316 3369 * See comment in DIF_VAR_PID.
3317 3370 */
3318 3371 if (DTRACE_ANCHORED(mstate->dtms_probe) && CPU_ON_INTR(CPU))
3319 3372 return (0);
3320 3373
3321 3374 /*
3322 3375 * It is always safe to dereference one's own t_lwp pointer in
3323 3376 * the event that this pointer is non-NULL. (This is true
3324 3377 * because threads and lwps don't clean up their own state --
3325 3378 * they leave that task to whomever reaps them.)
3326 3379 */
3327 3380 if ((lwp = curthread->t_lwp) == NULL)
|
↓ open down ↓ |
2456 lines elided |
↑ open up ↑ |
3328 3381 return (0);
3329 3382
3330 3383 return ((uint64_t)lwp->lwp_errno);
3331 3384 }
3332 3385 default:
3333 3386 DTRACE_CPUFLAG_SET(CPU_DTRACE_ILLOP);
3334 3387 return (0);
3335 3388 }
3336 3389 }
3337 3390
3391 +
3392 +typedef enum dtrace_json_state {
3393 + DTRACE_JSON_REST = 1,
3394 + DTRACE_JSON_OBJECT,
3395 + DTRACE_JSON_STRING,
3396 + DTRACE_JSON_STRING_ESCAPE,
3397 + DTRACE_JSON_STRING_ESCAPE_UNICODE,
3398 + DTRACE_JSON_COLON,
3399 + DTRACE_JSON_COMMA,
3400 + DTRACE_JSON_VALUE,
3401 + DTRACE_JSON_IDENTIFIER,
3402 + DTRACE_JSON_NUMBER,
3403 + DTRACE_JSON_NUMBER_FRAC,
3404 + DTRACE_JSON_NUMBER_EXP,
3405 + DTRACE_JSON_COLLECT_OBJECT
3406 +} dtrace_json_state_t;
3407 +
3408 +/*
3409 + * This function possesses just enough knowledge about JSON to extract a single
3410 + * value from a JSON string and store it in the scratch buffer. It is able
3411 + * to extract nested object values, and members of arrays by index.
3412 + *
3413 + * elemlist is a list of JSON keys, stored as packed NUL-terminated strings, to
3414 + * be looked up as we descend into the object tree. e.g.
3415 + *
3416 + * foo[0].bar.baz[32] --> "foo" NUL "0" NUL "bar" NUL "baz" NUL "32" NUL
3417 + * with nelems = 5.
3418 + *
3419 + * The run time of this function must be bounded above by strsize to limit the
3420 + * amount of work done in probe context. As such, it is implemented as a
3421 + * simple state machine, reading one character at a time using safe loads
3422 + * until we find the requested element, hit a parsing error or run off the
3423 + * end of the object or string.
3424 + *
3425 + * As there is no way for a subroutine to return an error without interrupting
3426 + * clause execution, we simply return NULL in the event of a missing key or any
3427 + * other error condition. Each NULL return in this function is commented with
3428 + * the error condition it represents -- parsing or otherwise.
3429 + *
3430 + * The set of states for the state machine closely matches the JSON
3431 + * specification (http://json.org/). Briefly:
3432 + *
3433 + * DTRACE_JSON_REST:
3434 + * Skip whitespace until we find either a top-level Object, moving
3435 + * to DTRACE_JSON_OBJECT; or an Array, moving to DTRACE_JSON_VALUE.
3436 + *
3437 + * DTRACE_JSON_OBJECT:
3438 + * Locate the next key String in an Object. Sets a flag to denote
3439 + * the next String as a key string and moves to DTRACE_JSON_STRING.
3440 + *
3441 + * DTRACE_JSON_COLON:
3442 + * Skip whitespace until we find the colon that separates key Strings
3443 + * from their values. Once found, move to DTRACE_JSON_VALUE.
3444 + *
3445 + * DTRACE_JSON_VALUE:
3446 + * Detects the type of the next value (String, Number, Identifier, Object
3447 + * or Array) and routes to the states that process that type. Here we also
3448 + * deal with the element selector list if we are requested to traverse down
3449 + * into the object tree.
3450 + *
3451 + * DTRACE_JSON_COMMA:
3452 + * Skip whitespace until we find the comma that separates key-value pairs
3453 + * in Objects (returning to DTRACE_JSON_OBJECT) or values in Arrays
3454 + * (similarly DTRACE_JSON_VALUE). All following literal value processing
3455 + * states return to this state at the end of their value, unless otherwise
3456 + * noted.
3457 + *
3458 + * DTRACE_JSON_NUMBER, DTRACE_JSON_NUMBER_FRAC, DTRACE_JSON_NUMBER_EXP:
3459 + * Processes a Number literal from the JSON, including any exponent
3460 + * component that may be present. Numbers are returned as strings, which
3461 + * may be passed to strtoll() if an integer is required.
3462 + *
3463 + * DTRACE_JSON_IDENTIFIER:
3464 + * Processes a "true", "false" or "null" literal in the JSON.
3465 + *
3466 + * DTRACE_JSON_STRING, DTRACE_JSON_STRING_ESCAPE,
3467 + * DTRACE_JSON_STRING_ESCAPE_UNICODE:
3468 + * Processes a String literal from the JSON, whether the String denotes
3469 + * a key, a value or part of a larger Object. Handles all escape sequences
3470 + * present in the specification, including four-digit unicode characters,
3471 + * but merely includes the escape sequence without converting it to the
3472 + * actual escaped character. If the String is flagged as a key, we
3473 + * move to DTRACE_JSON_COLON rather than DTRACE_JSON_COMMA.
3474 + *
3475 + * DTRACE_JSON_COLLECT_OBJECT:
3476 + * This state collects an entire Object (or Array), correctly handling
3477 + * embedded strings. If the full element selector list matches this nested
3478 + * object, we return the Object in full as a string. If not, we use this
3479 + * state to skip to the next value at this level and continue processing.
3480 + *
3481 + * NOTE: This function uses various macros from strtolctype.h to manipulate
3482 + * digit values, etc -- these have all been checked to ensure they make
3483 + * no additional function calls.
3484 + */
3485 +static char *
3486 +dtrace_json(uint64_t size, uintptr_t json, char *elemlist, int nelems,
3487 + char *dest)
3488 +{
3489 + dtrace_json_state_t state = DTRACE_JSON_REST;
3490 + int64_t array_elem = INT64_MIN;
3491 + int64_t array_pos = 0;
3492 + uint8_t escape_unicount = 0;
3493 + boolean_t string_is_key = B_FALSE;
3494 + boolean_t collect_object = B_FALSE;
3495 + boolean_t found_key = B_FALSE;
3496 + boolean_t in_array = B_FALSE;
3497 + uint32_t braces = 0, brackets = 0;
3498 + char *elem = elemlist;
3499 + char *dd = dest;
3500 + uintptr_t cur;
3501 +
3502 + for (cur = json; cur < json + size; cur++) {
3503 + char cc = dtrace_load8(cur);
3504 + if (cc == '\0')
3505 + return (NULL);
3506 +
3507 + switch (state) {
3508 + case DTRACE_JSON_REST:
3509 + if (isspace(cc))
3510 + break;
3511 +
3512 + if (cc == '{') {
3513 + state = DTRACE_JSON_OBJECT;
3514 + break;
3515 + }
3516 +
3517 + if (cc == '[') {
3518 + in_array = B_TRUE;
3519 + array_pos = 0;
3520 + array_elem = dtrace_strtoll(elem, 10, size);
3521 + found_key = array_elem == 0 ? B_TRUE : B_FALSE;
3522 + state = DTRACE_JSON_VALUE;
3523 + break;
3524 + }
3525 +
3526 + /*
3527 + * ERROR: expected to find a top-level object or array.
3528 + */
3529 + return (NULL);
3530 + case DTRACE_JSON_OBJECT:
3531 + if (isspace(cc))
3532 + break;
3533 +
3534 + if (cc == '"') {
3535 + state = DTRACE_JSON_STRING;
3536 + string_is_key = B_TRUE;
3537 + break;
3538 + }
3539 +
3540 + /*
3541 + * ERROR: either the object did not start with a key
3542 + * string, or we've run off the end of the object
3543 + * without finding the requested key.
3544 + */
3545 + return (NULL);
3546 + case DTRACE_JSON_STRING:
3547 + if (cc == '\\') {
3548 + *dd++ = '\\';
3549 + state = DTRACE_JSON_STRING_ESCAPE;
3550 + break;
3551 + }
3552 +
3553 + if (cc == '"') {
3554 + if (collect_object) {
3555 + /*
3556 + * We don't reset the dest here, as
3557 + * the string is part of a larger
3558 + * object being collected.
3559 + */
3560 + *dd++ = cc;
3561 + collect_object = B_FALSE;
3562 + state = DTRACE_JSON_COLLECT_OBJECT;
3563 + break;
3564 + }
3565 + *dd = '\0';
3566 + dd = dest; /* reset string buffer */
3567 + if (string_is_key) {
3568 + if (dtrace_strncmp(dest, elem,
3569 + size) == 0)
3570 + found_key = B_TRUE;
3571 + } else if (found_key) {
3572 + if (nelems > 1) {
3573 + /*
3574 + * We expected an object, not
3575 + * this string.
3576 + */
3577 + return (NULL);
3578 + }
3579 + return (dest);
3580 + }
3581 + state = string_is_key ? DTRACE_JSON_COLON :
3582 + DTRACE_JSON_COMMA;
3583 + string_is_key = B_FALSE;
3584 + break;
3585 + }
3586 +
3587 + *dd++ = cc;
3588 + break;
3589 + case DTRACE_JSON_STRING_ESCAPE:
3590 + *dd++ = cc;
3591 + if (cc == 'u') {
3592 + escape_unicount = 0;
3593 + state = DTRACE_JSON_STRING_ESCAPE_UNICODE;
3594 + } else {
3595 + state = DTRACE_JSON_STRING;
3596 + }
3597 + break;
3598 + case DTRACE_JSON_STRING_ESCAPE_UNICODE:
3599 + if (!isxdigit(cc)) {
3600 + /*
3601 + * ERROR: invalid unicode escape, expected
3602 + * four valid hexidecimal digits.
3603 + */
3604 + return (NULL);
3605 + }
3606 +
3607 + *dd++ = cc;
3608 + if (++escape_unicount == 4)
3609 + state = DTRACE_JSON_STRING;
3610 + break;
3611 + case DTRACE_JSON_COLON:
3612 + if (isspace(cc))
3613 + break;
3614 +
3615 + if (cc == ':') {
3616 + state = DTRACE_JSON_VALUE;
3617 + break;
3618 + }
3619 +
3620 + /*
3621 + * ERROR: expected a colon.
3622 + */
3623 + return (NULL);
3624 + case DTRACE_JSON_COMMA:
3625 + if (isspace(cc))
3626 + break;
3627 +
3628 + if (cc == ',') {
3629 + if (in_array) {
3630 + state = DTRACE_JSON_VALUE;
3631 + if (++array_pos == array_elem)
3632 + found_key = B_TRUE;
3633 + } else {
3634 + state = DTRACE_JSON_OBJECT;
3635 + }
3636 + break;
3637 + }
3638 +
3639 + /*
3640 + * ERROR: either we hit an unexpected character, or
3641 + * we reached the end of the object or array without
3642 + * finding the requested key.
3643 + */
3644 + return (NULL);
3645 + case DTRACE_JSON_IDENTIFIER:
3646 + if (islower(cc)) {
3647 + *dd++ = cc;
3648 + break;
3649 + }
3650 +
3651 + *dd = '\0';
3652 + dd = dest; /* reset string buffer */
3653 +
3654 + if (dtrace_strncmp(dest, "true", 5) == 0 ||
3655 + dtrace_strncmp(dest, "false", 6) == 0 ||
3656 + dtrace_strncmp(dest, "null", 5) == 0) {
3657 + if (found_key) {
3658 + if (nelems > 1) {
3659 + /*
3660 + * ERROR: We expected an object,
3661 + * not this identifier.
3662 + */
3663 + return (NULL);
3664 + }
3665 + return (dest);
3666 + } else {
3667 + cur--;
3668 + state = DTRACE_JSON_COMMA;
3669 + break;
3670 + }
3671 + }
3672 +
3673 + /*
3674 + * ERROR: we did not recognise the identifier as one
3675 + * of those in the JSON specification.
3676 + */
3677 + return (NULL);
3678 + case DTRACE_JSON_NUMBER:
3679 + if (cc == '.') {
3680 + *dd++ = cc;
3681 + state = DTRACE_JSON_NUMBER_FRAC;
3682 + break;
3683 + }
3684 +
3685 + if (cc == 'x' || cc == 'X') {
3686 + /*
3687 + * ERROR: specification explicitly excludes
3688 + * hexidecimal or octal numbers.
3689 + */
3690 + return (NULL);
3691 + }
3692 +
3693 + /* FALLTHRU */
3694 + case DTRACE_JSON_NUMBER_FRAC:
3695 + if (cc == 'e' || cc == 'E') {
3696 + *dd++ = cc;
3697 + state = DTRACE_JSON_NUMBER_EXP;
3698 + break;
3699 + }
3700 +
3701 + if (cc == '+' || cc == '-') {
3702 + /*
3703 + * ERROR: expect sign as part of exponent only.
3704 + */
3705 + return (NULL);
3706 + }
3707 + /* FALLTHRU */
3708 + case DTRACE_JSON_NUMBER_EXP:
3709 + if (isdigit(cc) || cc == '+' || cc == '-') {
3710 + *dd++ = cc;
3711 + break;
3712 + }
3713 +
3714 + *dd = '\0';
3715 + dd = dest; /* reset string buffer */
3716 + if (found_key) {
3717 + if (nelems > 1) {
3718 + /*
3719 + * ERROR: We expected an object, not
3720 + * this number.
3721 + */
3722 + return (NULL);
3723 + }
3724 + return (dest);
3725 + }
3726 +
3727 + cur--;
3728 + state = DTRACE_JSON_COMMA;
3729 + break;
3730 + case DTRACE_JSON_VALUE:
3731 + if (isspace(cc))
3732 + break;
3733 +
3734 + if (cc == '{' || cc == '[') {
3735 + if (nelems > 1 && found_key) {
3736 + in_array = cc == '[' ? B_TRUE : B_FALSE;
3737 + /*
3738 + * If our element selector directs us
3739 + * to descend into this nested object,
3740 + * then move to the next selector
3741 + * element in the list and restart the
3742 + * state machine.
3743 + */
3744 + while (*elem != '\0')
3745 + elem++;
3746 + elem++; /* skip the inter-element NUL */
3747 + nelems--;
3748 + dd = dest;
3749 + if (in_array) {
3750 + state = DTRACE_JSON_VALUE;
3751 + array_pos = 0;
3752 + array_elem = dtrace_strtoll(
3753 + elem, 10, size);
3754 + found_key = array_elem == 0 ?
3755 + B_TRUE : B_FALSE;
3756 + } else {
3757 + found_key = B_FALSE;
3758 + state = DTRACE_JSON_OBJECT;
3759 + }
3760 + break;
3761 + }
3762 +
3763 + /*
3764 + * Otherwise, we wish to either skip this
3765 + * nested object or return it in full.
3766 + */
3767 + if (cc == '[')
3768 + brackets = 1;
3769 + else
3770 + braces = 1;
3771 + *dd++ = cc;
3772 + state = DTRACE_JSON_COLLECT_OBJECT;
3773 + break;
3774 + }
3775 +
3776 + if (cc == '"') {
3777 + state = DTRACE_JSON_STRING;
3778 + break;
3779 + }
3780 +
3781 + if (islower(cc)) {
3782 + /*
3783 + * Here we deal with true, false and null.
3784 + */
3785 + *dd++ = cc;
3786 + state = DTRACE_JSON_IDENTIFIER;
3787 + break;
3788 + }
3789 +
3790 + if (cc == '-' || isdigit(cc)) {
3791 + *dd++ = cc;
3792 + state = DTRACE_JSON_NUMBER;
3793 + break;
3794 + }
3795 +
3796 + /*
3797 + * ERROR: unexpected character at start of value.
3798 + */
3799 + return (NULL);
3800 + case DTRACE_JSON_COLLECT_OBJECT:
3801 + if (cc == '\0')
3802 + /*
3803 + * ERROR: unexpected end of input.
3804 + */
3805 + return (NULL);
3806 +
3807 + *dd++ = cc;
3808 + if (cc == '"') {
3809 + collect_object = B_TRUE;
3810 + state = DTRACE_JSON_STRING;
3811 + break;
3812 + }
3813 +
3814 + if (cc == ']') {
3815 + if (brackets-- == 0) {
3816 + /*
3817 + * ERROR: unbalanced brackets.
3818 + */
3819 + return (NULL);
3820 + }
3821 + } else if (cc == '}') {
3822 + if (braces-- == 0) {
3823 + /*
3824 + * ERROR: unbalanced braces.
3825 + */
3826 + return (NULL);
3827 + }
3828 + } else if (cc == '{') {
3829 + braces++;
3830 + } else if (cc == '[') {
3831 + brackets++;
3832 + }
3833 +
3834 + if (brackets == 0 && braces == 0) {
3835 + if (found_key) {
3836 + *dd = '\0';
3837 + return (dest);
3838 + }
3839 + dd = dest; /* reset string buffer */
3840 + state = DTRACE_JSON_COMMA;
3841 + }
3842 + break;
3843 + }
3844 + }
3845 + return (NULL);
3846 +}
3847 +
3338 3848 /*
3339 3849 * Emulate the execution of DTrace ID subroutines invoked by the call opcode.
3340 3850 * Notice that we don't bother validating the proper number of arguments or
3341 3851 * their types in the tuple stack. This isn't needed because all argument
3342 3852 * interpretation is safe because of our load safety -- the worst that can
3343 3853 * happen is that a bogus program can obtain bogus results.
3344 3854 */
3345 3855 static void
3346 3856 dtrace_dif_subr(uint_t subr, uint_t rd, uint64_t *regs,
3347 3857 dtrace_key_t *tupregs, int nargs,
3348 3858 dtrace_mstate_t *mstate, dtrace_state_t *state)
3349 3859 {
3350 3860 volatile uint16_t *flags = &cpu_core[CPU->cpu_id].cpuc_dtrace_flags;
3351 3861 volatile uintptr_t *illval = &cpu_core[CPU->cpu_id].cpuc_dtrace_illval;
3352 3862 dtrace_vstate_t *vstate = &state->dts_vstate;
3353 3863
3354 3864 union {
3355 3865 mutex_impl_t mi;
3356 3866 uint64_t mx;
3357 3867 } m;
3358 3868
3359 3869 union {
3360 3870 krwlock_t ri;
3361 3871 uintptr_t rw;
3362 3872 } r;
3363 3873
3364 3874 switch (subr) {
3365 3875 case DIF_SUBR_RAND:
3366 3876 regs[rd] = (dtrace_gethrtime() * 2416 + 374441) % 1771875;
3367 3877 break;
3368 3878
3369 3879 case DIF_SUBR_MUTEX_OWNED:
3370 3880 if (!dtrace_canload(tupregs[0].dttk_value, sizeof (kmutex_t),
3371 3881 mstate, vstate)) {
3372 3882 regs[rd] = NULL;
3373 3883 break;
3374 3884 }
3375 3885
3376 3886 m.mx = dtrace_load64(tupregs[0].dttk_value);
3377 3887 if (MUTEX_TYPE_ADAPTIVE(&m.mi))
3378 3888 regs[rd] = MUTEX_OWNER(&m.mi) != MUTEX_NO_OWNER;
3379 3889 else
3380 3890 regs[rd] = LOCK_HELD(&m.mi.m_spin.m_spinlock);
3381 3891 break;
3382 3892
3383 3893 case DIF_SUBR_MUTEX_OWNER:
3384 3894 if (!dtrace_canload(tupregs[0].dttk_value, sizeof (kmutex_t),
3385 3895 mstate, vstate)) {
3386 3896 regs[rd] = NULL;
3387 3897 break;
3388 3898 }
3389 3899
3390 3900 m.mx = dtrace_load64(tupregs[0].dttk_value);
3391 3901 if (MUTEX_TYPE_ADAPTIVE(&m.mi) &&
3392 3902 MUTEX_OWNER(&m.mi) != MUTEX_NO_OWNER)
3393 3903 regs[rd] = (uintptr_t)MUTEX_OWNER(&m.mi);
3394 3904 else
3395 3905 regs[rd] = 0;
3396 3906 break;
3397 3907
3398 3908 case DIF_SUBR_MUTEX_TYPE_ADAPTIVE:
3399 3909 if (!dtrace_canload(tupregs[0].dttk_value, sizeof (kmutex_t),
3400 3910 mstate, vstate)) {
3401 3911 regs[rd] = NULL;
3402 3912 break;
3403 3913 }
3404 3914
3405 3915 m.mx = dtrace_load64(tupregs[0].dttk_value);
3406 3916 regs[rd] = MUTEX_TYPE_ADAPTIVE(&m.mi);
3407 3917 break;
3408 3918
3409 3919 case DIF_SUBR_MUTEX_TYPE_SPIN:
3410 3920 if (!dtrace_canload(tupregs[0].dttk_value, sizeof (kmutex_t),
3411 3921 mstate, vstate)) {
3412 3922 regs[rd] = NULL;
3413 3923 break;
3414 3924 }
3415 3925
3416 3926 m.mx = dtrace_load64(tupregs[0].dttk_value);
3417 3927 regs[rd] = MUTEX_TYPE_SPIN(&m.mi);
3418 3928 break;
3419 3929
3420 3930 case DIF_SUBR_RW_READ_HELD: {
3421 3931 uintptr_t tmp;
3422 3932
3423 3933 if (!dtrace_canload(tupregs[0].dttk_value, sizeof (uintptr_t),
3424 3934 mstate, vstate)) {
3425 3935 regs[rd] = NULL;
3426 3936 break;
3427 3937 }
3428 3938
3429 3939 r.rw = dtrace_loadptr(tupregs[0].dttk_value);
3430 3940 regs[rd] = _RW_READ_HELD(&r.ri, tmp);
3431 3941 break;
3432 3942 }
3433 3943
3434 3944 case DIF_SUBR_RW_WRITE_HELD:
3435 3945 if (!dtrace_canload(tupregs[0].dttk_value, sizeof (krwlock_t),
3436 3946 mstate, vstate)) {
3437 3947 regs[rd] = NULL;
3438 3948 break;
3439 3949 }
3440 3950
3441 3951 r.rw = dtrace_loadptr(tupregs[0].dttk_value);
3442 3952 regs[rd] = _RW_WRITE_HELD(&r.ri);
3443 3953 break;
3444 3954
3445 3955 case DIF_SUBR_RW_ISWRITER:
3446 3956 if (!dtrace_canload(tupregs[0].dttk_value, sizeof (krwlock_t),
3447 3957 mstate, vstate)) {
3448 3958 regs[rd] = NULL;
3449 3959 break;
3450 3960 }
3451 3961
3452 3962 r.rw = dtrace_loadptr(tupregs[0].dttk_value);
3453 3963 regs[rd] = _RW_ISWRITER(&r.ri);
3454 3964 break;
3455 3965
3456 3966 case DIF_SUBR_BCOPY: {
3457 3967 /*
3458 3968 * We need to be sure that the destination is in the scratch
3459 3969 * region -- no other region is allowed.
3460 3970 */
3461 3971 uintptr_t src = tupregs[0].dttk_value;
3462 3972 uintptr_t dest = tupregs[1].dttk_value;
3463 3973 size_t size = tupregs[2].dttk_value;
3464 3974
3465 3975 if (!dtrace_inscratch(dest, size, mstate)) {
3466 3976 *flags |= CPU_DTRACE_BADADDR;
3467 3977 *illval = regs[rd];
3468 3978 break;
3469 3979 }
3470 3980
3471 3981 if (!dtrace_canload(src, size, mstate, vstate)) {
3472 3982 regs[rd] = NULL;
3473 3983 break;
3474 3984 }
3475 3985
3476 3986 dtrace_bcopy((void *)src, (void *)dest, size);
3477 3987 break;
3478 3988 }
3479 3989
3480 3990 case DIF_SUBR_ALLOCA:
3481 3991 case DIF_SUBR_COPYIN: {
3482 3992 uintptr_t dest = P2ROUNDUP(mstate->dtms_scratch_ptr, 8);
3483 3993 uint64_t size =
3484 3994 tupregs[subr == DIF_SUBR_ALLOCA ? 0 : 1].dttk_value;
3485 3995 size_t scratch_size = (dest - mstate->dtms_scratch_ptr) + size;
3486 3996
3487 3997 /*
3488 3998 * This action doesn't require any credential checks since
3489 3999 * probes will not activate in user contexts to which the
3490 4000 * enabling user does not have permissions.
3491 4001 */
3492 4002
3493 4003 /*
3494 4004 * Rounding up the user allocation size could have overflowed
3495 4005 * a large, bogus allocation (like -1ULL) to 0.
3496 4006 */
3497 4007 if (scratch_size < size ||
3498 4008 !DTRACE_INSCRATCH(mstate, scratch_size)) {
3499 4009 DTRACE_CPUFLAG_SET(CPU_DTRACE_NOSCRATCH);
3500 4010 regs[rd] = NULL;
3501 4011 break;
3502 4012 }
3503 4013
3504 4014 if (subr == DIF_SUBR_COPYIN) {
3505 4015 DTRACE_CPUFLAG_SET(CPU_DTRACE_NOFAULT);
3506 4016 dtrace_copyin(tupregs[0].dttk_value, dest, size, flags);
3507 4017 DTRACE_CPUFLAG_CLEAR(CPU_DTRACE_NOFAULT);
3508 4018 }
3509 4019
3510 4020 mstate->dtms_scratch_ptr += scratch_size;
3511 4021 regs[rd] = dest;
3512 4022 break;
3513 4023 }
3514 4024
3515 4025 case DIF_SUBR_COPYINTO: {
3516 4026 uint64_t size = tupregs[1].dttk_value;
3517 4027 uintptr_t dest = tupregs[2].dttk_value;
3518 4028
3519 4029 /*
3520 4030 * This action doesn't require any credential checks since
3521 4031 * probes will not activate in user contexts to which the
3522 4032 * enabling user does not have permissions.
3523 4033 */
3524 4034 if (!dtrace_inscratch(dest, size, mstate)) {
3525 4035 *flags |= CPU_DTRACE_BADADDR;
3526 4036 *illval = regs[rd];
3527 4037 break;
3528 4038 }
3529 4039
3530 4040 DTRACE_CPUFLAG_SET(CPU_DTRACE_NOFAULT);
3531 4041 dtrace_copyin(tupregs[0].dttk_value, dest, size, flags);
3532 4042 DTRACE_CPUFLAG_CLEAR(CPU_DTRACE_NOFAULT);
3533 4043 break;
3534 4044 }
3535 4045
3536 4046 case DIF_SUBR_COPYINSTR: {
3537 4047 uintptr_t dest = mstate->dtms_scratch_ptr;
3538 4048 uint64_t size = state->dts_options[DTRACEOPT_STRSIZE];
3539 4049
3540 4050 if (nargs > 1 && tupregs[1].dttk_value < size)
3541 4051 size = tupregs[1].dttk_value + 1;
3542 4052
3543 4053 /*
3544 4054 * This action doesn't require any credential checks since
3545 4055 * probes will not activate in user contexts to which the
3546 4056 * enabling user does not have permissions.
3547 4057 */
3548 4058 if (!DTRACE_INSCRATCH(mstate, size)) {
3549 4059 DTRACE_CPUFLAG_SET(CPU_DTRACE_NOSCRATCH);
3550 4060 regs[rd] = NULL;
3551 4061 break;
3552 4062 }
3553 4063
3554 4064 DTRACE_CPUFLAG_SET(CPU_DTRACE_NOFAULT);
3555 4065 dtrace_copyinstr(tupregs[0].dttk_value, dest, size, flags);
3556 4066 DTRACE_CPUFLAG_CLEAR(CPU_DTRACE_NOFAULT);
3557 4067
3558 4068 ((char *)dest)[size - 1] = '\0';
3559 4069 mstate->dtms_scratch_ptr += size;
3560 4070 regs[rd] = dest;
3561 4071 break;
3562 4072 }
3563 4073
3564 4074 case DIF_SUBR_MSGSIZE:
3565 4075 case DIF_SUBR_MSGDSIZE: {
3566 4076 uintptr_t baddr = tupregs[0].dttk_value, daddr;
3567 4077 uintptr_t wptr, rptr;
3568 4078 size_t count = 0;
3569 4079 int cont = 0;
3570 4080
3571 4081 while (baddr != NULL && !(*flags & CPU_DTRACE_FAULT)) {
3572 4082
3573 4083 if (!dtrace_canload(baddr, sizeof (mblk_t), mstate,
3574 4084 vstate)) {
3575 4085 regs[rd] = NULL;
3576 4086 break;
3577 4087 }
3578 4088
3579 4089 wptr = dtrace_loadptr(baddr +
3580 4090 offsetof(mblk_t, b_wptr));
3581 4091
3582 4092 rptr = dtrace_loadptr(baddr +
3583 4093 offsetof(mblk_t, b_rptr));
3584 4094
3585 4095 if (wptr < rptr) {
3586 4096 *flags |= CPU_DTRACE_BADADDR;
3587 4097 *illval = tupregs[0].dttk_value;
3588 4098 break;
3589 4099 }
3590 4100
3591 4101 daddr = dtrace_loadptr(baddr +
3592 4102 offsetof(mblk_t, b_datap));
3593 4103
3594 4104 baddr = dtrace_loadptr(baddr +
3595 4105 offsetof(mblk_t, b_cont));
3596 4106
3597 4107 /*
3598 4108 * We want to prevent against denial-of-service here,
3599 4109 * so we're only going to search the list for
3600 4110 * dtrace_msgdsize_max mblks.
3601 4111 */
3602 4112 if (cont++ > dtrace_msgdsize_max) {
3603 4113 *flags |= CPU_DTRACE_ILLOP;
3604 4114 break;
3605 4115 }
3606 4116
3607 4117 if (subr == DIF_SUBR_MSGDSIZE) {
3608 4118 if (dtrace_load8(daddr +
3609 4119 offsetof(dblk_t, db_type)) != M_DATA)
3610 4120 continue;
3611 4121 }
3612 4122
3613 4123 count += wptr - rptr;
3614 4124 }
3615 4125
3616 4126 if (!(*flags & CPU_DTRACE_FAULT))
3617 4127 regs[rd] = count;
3618 4128
3619 4129 break;
3620 4130 }
3621 4131
3622 4132 case DIF_SUBR_PROGENYOF: {
3623 4133 pid_t pid = tupregs[0].dttk_value;
3624 4134 proc_t *p;
3625 4135 int rval = 0;
3626 4136
3627 4137 DTRACE_CPUFLAG_SET(CPU_DTRACE_NOFAULT);
3628 4138
3629 4139 for (p = curthread->t_procp; p != NULL; p = p->p_parent) {
3630 4140 if (p->p_pidp->pid_id == pid) {
3631 4141 rval = 1;
3632 4142 break;
3633 4143 }
3634 4144 }
3635 4145
3636 4146 DTRACE_CPUFLAG_CLEAR(CPU_DTRACE_NOFAULT);
3637 4147
3638 4148 regs[rd] = rval;
3639 4149 break;
3640 4150 }
3641 4151
3642 4152 case DIF_SUBR_SPECULATION:
3643 4153 regs[rd] = dtrace_speculation(state);
3644 4154 break;
3645 4155
3646 4156 case DIF_SUBR_COPYOUT: {
3647 4157 uintptr_t kaddr = tupregs[0].dttk_value;
3648 4158 uintptr_t uaddr = tupregs[1].dttk_value;
3649 4159 uint64_t size = tupregs[2].dttk_value;
3650 4160
3651 4161 if (!dtrace_destructive_disallow &&
3652 4162 dtrace_priv_proc_control(state, mstate) &&
3653 4163 !dtrace_istoxic(kaddr, size)) {
3654 4164 DTRACE_CPUFLAG_SET(CPU_DTRACE_NOFAULT);
3655 4165 dtrace_copyout(kaddr, uaddr, size, flags);
3656 4166 DTRACE_CPUFLAG_CLEAR(CPU_DTRACE_NOFAULT);
3657 4167 }
3658 4168 break;
3659 4169 }
3660 4170
3661 4171 case DIF_SUBR_COPYOUTSTR: {
3662 4172 uintptr_t kaddr = tupregs[0].dttk_value;
3663 4173 uintptr_t uaddr = tupregs[1].dttk_value;
3664 4174 uint64_t size = tupregs[2].dttk_value;
3665 4175
3666 4176 if (!dtrace_destructive_disallow &&
3667 4177 dtrace_priv_proc_control(state, mstate) &&
3668 4178 !dtrace_istoxic(kaddr, size)) {
3669 4179 DTRACE_CPUFLAG_SET(CPU_DTRACE_NOFAULT);
3670 4180 dtrace_copyoutstr(kaddr, uaddr, size, flags);
3671 4181 DTRACE_CPUFLAG_CLEAR(CPU_DTRACE_NOFAULT);
3672 4182 }
3673 4183 break;
3674 4184 }
3675 4185
3676 4186 case DIF_SUBR_STRLEN: {
3677 4187 size_t sz;
3678 4188 uintptr_t addr = (uintptr_t)tupregs[0].dttk_value;
3679 4189 sz = dtrace_strlen((char *)addr,
3680 4190 state->dts_options[DTRACEOPT_STRSIZE]);
3681 4191
3682 4192 if (!dtrace_canload(addr, sz + 1, mstate, vstate)) {
3683 4193 regs[rd] = NULL;
3684 4194 break;
3685 4195 }
3686 4196
3687 4197 regs[rd] = sz;
3688 4198
3689 4199 break;
3690 4200 }
3691 4201
3692 4202 case DIF_SUBR_STRCHR:
3693 4203 case DIF_SUBR_STRRCHR: {
3694 4204 /*
3695 4205 * We're going to iterate over the string looking for the
3696 4206 * specified character. We will iterate until we have reached
3697 4207 * the string length or we have found the character. If this
3698 4208 * is DIF_SUBR_STRRCHR, we will look for the last occurrence
3699 4209 * of the specified character instead of the first.
3700 4210 */
3701 4211 uintptr_t saddr = tupregs[0].dttk_value;
3702 4212 uintptr_t addr = tupregs[0].dttk_value;
3703 4213 uintptr_t limit = addr + state->dts_options[DTRACEOPT_STRSIZE];
3704 4214 char c, target = (char)tupregs[1].dttk_value;
3705 4215
3706 4216 for (regs[rd] = NULL; addr < limit; addr++) {
3707 4217 if ((c = dtrace_load8(addr)) == target) {
3708 4218 regs[rd] = addr;
3709 4219
3710 4220 if (subr == DIF_SUBR_STRCHR)
3711 4221 break;
3712 4222 }
3713 4223
3714 4224 if (c == '\0')
3715 4225 break;
3716 4226 }
3717 4227
3718 4228 if (!dtrace_canload(saddr, addr - saddr, mstate, vstate)) {
3719 4229 regs[rd] = NULL;
3720 4230 break;
3721 4231 }
3722 4232
3723 4233 break;
3724 4234 }
3725 4235
3726 4236 case DIF_SUBR_STRSTR:
3727 4237 case DIF_SUBR_INDEX:
3728 4238 case DIF_SUBR_RINDEX: {
3729 4239 /*
3730 4240 * We're going to iterate over the string looking for the
3731 4241 * specified string. We will iterate until we have reached
3732 4242 * the string length or we have found the string. (Yes, this
3733 4243 * is done in the most naive way possible -- but considering
3734 4244 * that the string we're searching for is likely to be
3735 4245 * relatively short, the complexity of Rabin-Karp or similar
3736 4246 * hardly seems merited.)
3737 4247 */
3738 4248 char *addr = (char *)(uintptr_t)tupregs[0].dttk_value;
3739 4249 char *substr = (char *)(uintptr_t)tupregs[1].dttk_value;
3740 4250 uint64_t size = state->dts_options[DTRACEOPT_STRSIZE];
3741 4251 size_t len = dtrace_strlen(addr, size);
3742 4252 size_t sublen = dtrace_strlen(substr, size);
3743 4253 char *limit = addr + len, *orig = addr;
3744 4254 int notfound = subr == DIF_SUBR_STRSTR ? 0 : -1;
3745 4255 int inc = 1;
3746 4256
3747 4257 regs[rd] = notfound;
3748 4258
3749 4259 if (!dtrace_canload((uintptr_t)addr, len + 1, mstate, vstate)) {
3750 4260 regs[rd] = NULL;
3751 4261 break;
3752 4262 }
3753 4263
3754 4264 if (!dtrace_canload((uintptr_t)substr, sublen + 1, mstate,
3755 4265 vstate)) {
3756 4266 regs[rd] = NULL;
3757 4267 break;
3758 4268 }
3759 4269
3760 4270 /*
3761 4271 * strstr() and index()/rindex() have similar semantics if
3762 4272 * both strings are the empty string: strstr() returns a
3763 4273 * pointer to the (empty) string, and index() and rindex()
3764 4274 * both return index 0 (regardless of any position argument).
3765 4275 */
3766 4276 if (sublen == 0 && len == 0) {
3767 4277 if (subr == DIF_SUBR_STRSTR)
3768 4278 regs[rd] = (uintptr_t)addr;
3769 4279 else
3770 4280 regs[rd] = 0;
3771 4281 break;
3772 4282 }
3773 4283
3774 4284 if (subr != DIF_SUBR_STRSTR) {
3775 4285 if (subr == DIF_SUBR_RINDEX) {
3776 4286 limit = orig - 1;
3777 4287 addr += len;
3778 4288 inc = -1;
3779 4289 }
3780 4290
3781 4291 /*
3782 4292 * Both index() and rindex() take an optional position
3783 4293 * argument that denotes the starting position.
3784 4294 */
3785 4295 if (nargs == 3) {
3786 4296 int64_t pos = (int64_t)tupregs[2].dttk_value;
3787 4297
3788 4298 /*
3789 4299 * If the position argument to index() is
3790 4300 * negative, Perl implicitly clamps it at
3791 4301 * zero. This semantic is a little surprising
3792 4302 * given the special meaning of negative
3793 4303 * positions to similar Perl functions like
3794 4304 * substr(), but it appears to reflect a
3795 4305 * notion that index() can start from a
3796 4306 * negative index and increment its way up to
3797 4307 * the string. Given this notion, Perl's
3798 4308 * rindex() is at least self-consistent in
3799 4309 * that it implicitly clamps positions greater
3800 4310 * than the string length to be the string
3801 4311 * length. Where Perl completely loses
3802 4312 * coherence, however, is when the specified
3803 4313 * substring is the empty string (""). In
3804 4314 * this case, even if the position is
3805 4315 * negative, rindex() returns 0 -- and even if
3806 4316 * the position is greater than the length,
3807 4317 * index() returns the string length. These
3808 4318 * semantics violate the notion that index()
3809 4319 * should never return a value less than the
3810 4320 * specified position and that rindex() should
3811 4321 * never return a value greater than the
3812 4322 * specified position. (One assumes that
3813 4323 * these semantics are artifacts of Perl's
3814 4324 * implementation and not the results of
3815 4325 * deliberate design -- it beggars belief that
3816 4326 * even Larry Wall could desire such oddness.)
3817 4327 * While in the abstract one would wish for
3818 4328 * consistent position semantics across
3819 4329 * substr(), index() and rindex() -- or at the
3820 4330 * very least self-consistent position
3821 4331 * semantics for index() and rindex() -- we
3822 4332 * instead opt to keep with the extant Perl
3823 4333 * semantics, in all their broken glory. (Do
3824 4334 * we have more desire to maintain Perl's
3825 4335 * semantics than Perl does? Probably.)
3826 4336 */
3827 4337 if (subr == DIF_SUBR_RINDEX) {
3828 4338 if (pos < 0) {
3829 4339 if (sublen == 0)
3830 4340 regs[rd] = 0;
3831 4341 break;
3832 4342 }
3833 4343
3834 4344 if (pos > len)
3835 4345 pos = len;
3836 4346 } else {
3837 4347 if (pos < 0)
3838 4348 pos = 0;
3839 4349
3840 4350 if (pos >= len) {
3841 4351 if (sublen == 0)
3842 4352 regs[rd] = len;
3843 4353 break;
3844 4354 }
3845 4355 }
3846 4356
3847 4357 addr = orig + pos;
3848 4358 }
3849 4359 }
3850 4360
3851 4361 for (regs[rd] = notfound; addr != limit; addr += inc) {
3852 4362 if (dtrace_strncmp(addr, substr, sublen) == 0) {
3853 4363 if (subr != DIF_SUBR_STRSTR) {
3854 4364 /*
3855 4365 * As D index() and rindex() are
3856 4366 * modeled on Perl (and not on awk),
3857 4367 * we return a zero-based (and not a
3858 4368 * one-based) index. (For you Perl
3859 4369 * weenies: no, we're not going to add
3860 4370 * $[ -- and shouldn't you be at a con
3861 4371 * or something?)
3862 4372 */
3863 4373 regs[rd] = (uintptr_t)(addr - orig);
3864 4374 break;
3865 4375 }
3866 4376
3867 4377 ASSERT(subr == DIF_SUBR_STRSTR);
3868 4378 regs[rd] = (uintptr_t)addr;
3869 4379 break;
3870 4380 }
3871 4381 }
3872 4382
3873 4383 break;
3874 4384 }
3875 4385
3876 4386 case DIF_SUBR_STRTOK: {
3877 4387 uintptr_t addr = tupregs[0].dttk_value;
3878 4388 uintptr_t tokaddr = tupregs[1].dttk_value;
3879 4389 uint64_t size = state->dts_options[DTRACEOPT_STRSIZE];
3880 4390 uintptr_t limit, toklimit = tokaddr + size;
3881 4391 uint8_t c, tokmap[32]; /* 256 / 8 */
3882 4392 char *dest = (char *)mstate->dtms_scratch_ptr;
3883 4393 int i;
3884 4394
3885 4395 /*
3886 4396 * Check both the token buffer and (later) the input buffer,
3887 4397 * since both could be non-scratch addresses.
3888 4398 */
3889 4399 if (!dtrace_strcanload(tokaddr, size, mstate, vstate)) {
3890 4400 regs[rd] = NULL;
3891 4401 break;
3892 4402 }
3893 4403
3894 4404 if (!DTRACE_INSCRATCH(mstate, size)) {
3895 4405 DTRACE_CPUFLAG_SET(CPU_DTRACE_NOSCRATCH);
3896 4406 regs[rd] = NULL;
3897 4407 break;
3898 4408 }
3899 4409
3900 4410 if (addr == NULL) {
3901 4411 /*
3902 4412 * If the address specified is NULL, we use our saved
3903 4413 * strtok pointer from the mstate. Note that this
3904 4414 * means that the saved strtok pointer is _only_
3905 4415 * valid within multiple enablings of the same probe --
3906 4416 * it behaves like an implicit clause-local variable.
3907 4417 */
3908 4418 addr = mstate->dtms_strtok;
3909 4419 } else {
3910 4420 /*
3911 4421 * If the user-specified address is non-NULL we must
3912 4422 * access check it. This is the only time we have
3913 4423 * a chance to do so, since this address may reside
3914 4424 * in the string table of this clause-- future calls
3915 4425 * (when we fetch addr from mstate->dtms_strtok)
3916 4426 * would fail this access check.
3917 4427 */
3918 4428 if (!dtrace_strcanload(addr, size, mstate, vstate)) {
3919 4429 regs[rd] = NULL;
3920 4430 break;
3921 4431 }
3922 4432 }
3923 4433
3924 4434 /*
3925 4435 * First, zero the token map, and then process the token
3926 4436 * string -- setting a bit in the map for every character
3927 4437 * found in the token string.
3928 4438 */
3929 4439 for (i = 0; i < sizeof (tokmap); i++)
3930 4440 tokmap[i] = 0;
3931 4441
3932 4442 for (; tokaddr < toklimit; tokaddr++) {
3933 4443 if ((c = dtrace_load8(tokaddr)) == '\0')
3934 4444 break;
3935 4445
3936 4446 ASSERT((c >> 3) < sizeof (tokmap));
3937 4447 tokmap[c >> 3] |= (1 << (c & 0x7));
3938 4448 }
3939 4449
3940 4450 for (limit = addr + size; addr < limit; addr++) {
3941 4451 /*
3942 4452 * We're looking for a character that is _not_ contained
3943 4453 * in the token string.
3944 4454 */
3945 4455 if ((c = dtrace_load8(addr)) == '\0')
3946 4456 break;
3947 4457
3948 4458 if (!(tokmap[c >> 3] & (1 << (c & 0x7))))
3949 4459 break;
3950 4460 }
3951 4461
3952 4462 if (c == '\0') {
3953 4463 /*
3954 4464 * We reached the end of the string without finding
3955 4465 * any character that was not in the token string.
3956 4466 * We return NULL in this case, and we set the saved
3957 4467 * address to NULL as well.
3958 4468 */
3959 4469 regs[rd] = NULL;
3960 4470 mstate->dtms_strtok = NULL;
3961 4471 break;
3962 4472 }
3963 4473
3964 4474 /*
3965 4475 * From here on, we're copying into the destination string.
3966 4476 */
3967 4477 for (i = 0; addr < limit && i < size - 1; addr++) {
3968 4478 if ((c = dtrace_load8(addr)) == '\0')
3969 4479 break;
3970 4480
3971 4481 if (tokmap[c >> 3] & (1 << (c & 0x7)))
3972 4482 break;
3973 4483
3974 4484 ASSERT(i < size);
3975 4485 dest[i++] = c;
3976 4486 }
3977 4487
3978 4488 ASSERT(i < size);
3979 4489 dest[i] = '\0';
3980 4490 regs[rd] = (uintptr_t)dest;
3981 4491 mstate->dtms_scratch_ptr += size;
3982 4492 mstate->dtms_strtok = addr;
3983 4493 break;
3984 4494 }
3985 4495
3986 4496 case DIF_SUBR_SUBSTR: {
3987 4497 uintptr_t s = tupregs[0].dttk_value;
3988 4498 uint64_t size = state->dts_options[DTRACEOPT_STRSIZE];
3989 4499 char *d = (char *)mstate->dtms_scratch_ptr;
3990 4500 int64_t index = (int64_t)tupregs[1].dttk_value;
3991 4501 int64_t remaining = (int64_t)tupregs[2].dttk_value;
3992 4502 size_t len = dtrace_strlen((char *)s, size);
3993 4503 int64_t i;
3994 4504
3995 4505 if (!dtrace_canload(s, len + 1, mstate, vstate)) {
3996 4506 regs[rd] = NULL;
3997 4507 break;
3998 4508 }
3999 4509
4000 4510 if (!DTRACE_INSCRATCH(mstate, size)) {
4001 4511 DTRACE_CPUFLAG_SET(CPU_DTRACE_NOSCRATCH);
4002 4512 regs[rd] = NULL;
4003 4513 break;
4004 4514 }
4005 4515
4006 4516 if (nargs <= 2)
4007 4517 remaining = (int64_t)size;
4008 4518
4009 4519 if (index < 0) {
4010 4520 index += len;
4011 4521
4012 4522 if (index < 0 && index + remaining > 0) {
4013 4523 remaining += index;
4014 4524 index = 0;
4015 4525 }
4016 4526 }
4017 4527
4018 4528 if (index >= len || index < 0) {
4019 4529 remaining = 0;
4020 4530 } else if (remaining < 0) {
4021 4531 remaining += len - index;
4022 4532 } else if (index + remaining > size) {
4023 4533 remaining = size - index;
4024 4534 }
4025 4535
4026 4536 for (i = 0; i < remaining; i++) {
4027 4537 if ((d[i] = dtrace_load8(s + index + i)) == '\0')
|
↓ open down ↓ |
680 lines elided |
↑ open up ↑ |
4028 4538 break;
4029 4539 }
4030 4540
4031 4541 d[i] = '\0';
4032 4542
4033 4543 mstate->dtms_scratch_ptr += size;
4034 4544 regs[rd] = (uintptr_t)d;
4035 4545 break;
4036 4546 }
4037 4547
4548 + case DIF_SUBR_JSON: {
4549 + uint64_t size = state->dts_options[DTRACEOPT_STRSIZE];
4550 + uintptr_t json = tupregs[0].dttk_value;
4551 + size_t jsonlen = dtrace_strlen((char *)json, size);
4552 + uintptr_t elem = tupregs[1].dttk_value;
4553 + size_t elemlen = dtrace_strlen((char *)elem, size);
4554 +
4555 + char *dest = (char *)mstate->dtms_scratch_ptr;
4556 + char *elemlist = (char *)mstate->dtms_scratch_ptr + jsonlen + 1;
4557 + char *ee = elemlist;
4558 + int nelems = 1;
4559 + uintptr_t cur;
4560 +
4561 + if (!dtrace_canload(json, jsonlen + 1, mstate, vstate) ||
4562 + !dtrace_canload(elem, elemlen + 1, mstate, vstate)) {
4563 + regs[rd] = NULL;
4564 + break;
4565 + }
4566 +
4567 + if (!DTRACE_INSCRATCH(mstate, jsonlen + 1 + elemlen + 1)) {
4568 + DTRACE_CPUFLAG_SET(CPU_DTRACE_NOSCRATCH);
4569 + regs[rd] = NULL;
4570 + break;
4571 + }
4572 +
4573 + /*
4574 + * Read the element selector and split it up into a packed list
4575 + * of strings.
4576 + */
4577 + for (cur = elem; cur < elem + elemlen; cur++) {
4578 + char cc = dtrace_load8(cur);
4579 +
4580 + if (cur == elem && cc == '[') {
4581 + /*
4582 + * If the first element selector key is
4583 + * actually an array index then ignore the
4584 + * bracket.
4585 + */
4586 + continue;
4587 + }
4588 +
4589 + if (cc == ']')
4590 + continue;
4591 +
4592 + if (cc == '.' || cc == '[') {
4593 + nelems++;
4594 + cc = '\0';
4595 + }
4596 +
4597 + *ee++ = cc;
4598 + }
4599 + *ee++ = '\0';
4600 +
4601 + if ((regs[rd] = (uintptr_t)dtrace_json(size, json, elemlist,
4602 + nelems, dest)) != NULL)
4603 + mstate->dtms_scratch_ptr += jsonlen + 1;
4604 + break;
4605 + }
4606 +
4038 4607 case DIF_SUBR_TOUPPER:
4039 4608 case DIF_SUBR_TOLOWER: {
4040 4609 uintptr_t s = tupregs[0].dttk_value;
4041 4610 uint64_t size = state->dts_options[DTRACEOPT_STRSIZE];
4042 4611 char *dest = (char *)mstate->dtms_scratch_ptr, c;
4043 4612 size_t len = dtrace_strlen((char *)s, size);
4044 4613 char lower, upper, convert;
4045 4614 int64_t i;
4046 4615
4047 4616 if (subr == DIF_SUBR_TOUPPER) {
4048 4617 lower = 'a';
4049 4618 upper = 'z';
4050 4619 convert = 'A';
4051 4620 } else {
4052 4621 lower = 'A';
4053 4622 upper = 'Z';
4054 4623 convert = 'a';
4055 4624 }
4056 4625
4057 4626 if (!dtrace_canload(s, len + 1, mstate, vstate)) {
4058 4627 regs[rd] = NULL;
4059 4628 break;
4060 4629 }
4061 4630
4062 4631 if (!DTRACE_INSCRATCH(mstate, size)) {
4063 4632 DTRACE_CPUFLAG_SET(CPU_DTRACE_NOSCRATCH);
4064 4633 regs[rd] = NULL;
4065 4634 break;
4066 4635 }
4067 4636
4068 4637 for (i = 0; i < size - 1; i++) {
4069 4638 if ((c = dtrace_load8(s + i)) == '\0')
4070 4639 break;
4071 4640
4072 4641 if (c >= lower && c <= upper)
4073 4642 c = convert + (c - lower);
4074 4643
4075 4644 dest[i] = c;
4076 4645 }
4077 4646
4078 4647 ASSERT(i < size);
4079 4648 dest[i] = '\0';
4080 4649 regs[rd] = (uintptr_t)dest;
4081 4650 mstate->dtms_scratch_ptr += size;
4082 4651 break;
4083 4652 }
4084 4653
4085 4654 case DIF_SUBR_GETMAJOR:
4086 4655 #ifdef _LP64
4087 4656 regs[rd] = (tupregs[0].dttk_value >> NBITSMINOR64) & MAXMAJ64;
4088 4657 #else
4089 4658 regs[rd] = (tupregs[0].dttk_value >> NBITSMINOR) & MAXMAJ;
4090 4659 #endif
4091 4660 break;
4092 4661
4093 4662 case DIF_SUBR_GETMINOR:
4094 4663 #ifdef _LP64
4095 4664 regs[rd] = tupregs[0].dttk_value & MAXMIN64;
4096 4665 #else
4097 4666 regs[rd] = tupregs[0].dttk_value & MAXMIN;
4098 4667 #endif
4099 4668 break;
4100 4669
4101 4670 case DIF_SUBR_DDI_PATHNAME: {
4102 4671 /*
4103 4672 * This one is a galactic mess. We are going to roughly
4104 4673 * emulate ddi_pathname(), but it's made more complicated
4105 4674 * by the fact that we (a) want to include the minor name and
4106 4675 * (b) must proceed iteratively instead of recursively.
4107 4676 */
4108 4677 uintptr_t dest = mstate->dtms_scratch_ptr;
4109 4678 uint64_t size = state->dts_options[DTRACEOPT_STRSIZE];
4110 4679 char *start = (char *)dest, *end = start + size - 1;
4111 4680 uintptr_t daddr = tupregs[0].dttk_value;
4112 4681 int64_t minor = (int64_t)tupregs[1].dttk_value;
4113 4682 char *s;
4114 4683 int i, len, depth = 0;
4115 4684
4116 4685 /*
4117 4686 * Due to all the pointer jumping we do and context we must
4118 4687 * rely upon, we just mandate that the user must have kernel
4119 4688 * read privileges to use this routine.
4120 4689 */
4121 4690 if ((mstate->dtms_access & DTRACE_ACCESS_KERNEL) == 0) {
4122 4691 *flags |= CPU_DTRACE_KPRIV;
4123 4692 *illval = daddr;
4124 4693 regs[rd] = NULL;
4125 4694 }
4126 4695
4127 4696 if (!DTRACE_INSCRATCH(mstate, size)) {
4128 4697 DTRACE_CPUFLAG_SET(CPU_DTRACE_NOSCRATCH);
4129 4698 regs[rd] = NULL;
4130 4699 break;
4131 4700 }
4132 4701
4133 4702 *end = '\0';
4134 4703
4135 4704 /*
4136 4705 * We want to have a name for the minor. In order to do this,
4137 4706 * we need to walk the minor list from the devinfo. We want
4138 4707 * to be sure that we don't infinitely walk a circular list,
4139 4708 * so we check for circularity by sending a scout pointer
4140 4709 * ahead two elements for every element that we iterate over;
4141 4710 * if the list is circular, these will ultimately point to the
4142 4711 * same element. You may recognize this little trick as the
4143 4712 * answer to a stupid interview question -- one that always
4144 4713 * seems to be asked by those who had to have it laboriously
4145 4714 * explained to them, and who can't even concisely describe
4146 4715 * the conditions under which one would be forced to resort to
4147 4716 * this technique. Needless to say, those conditions are
4148 4717 * found here -- and probably only here. Is this the only use
4149 4718 * of this infamous trick in shipping, production code? If it
4150 4719 * isn't, it probably should be...
4151 4720 */
4152 4721 if (minor != -1) {
4153 4722 uintptr_t maddr = dtrace_loadptr(daddr +
4154 4723 offsetof(struct dev_info, devi_minor));
4155 4724
4156 4725 uintptr_t next = offsetof(struct ddi_minor_data, next);
4157 4726 uintptr_t name = offsetof(struct ddi_minor_data,
4158 4727 d_minor) + offsetof(struct ddi_minor, name);
4159 4728 uintptr_t dev = offsetof(struct ddi_minor_data,
4160 4729 d_minor) + offsetof(struct ddi_minor, dev);
4161 4730 uintptr_t scout;
4162 4731
4163 4732 if (maddr != NULL)
4164 4733 scout = dtrace_loadptr(maddr + next);
4165 4734
4166 4735 while (maddr != NULL && !(*flags & CPU_DTRACE_FAULT)) {
4167 4736 uint64_t m;
4168 4737 #ifdef _LP64
4169 4738 m = dtrace_load64(maddr + dev) & MAXMIN64;
4170 4739 #else
4171 4740 m = dtrace_load32(maddr + dev) & MAXMIN;
4172 4741 #endif
4173 4742 if (m != minor) {
4174 4743 maddr = dtrace_loadptr(maddr + next);
4175 4744
4176 4745 if (scout == NULL)
4177 4746 continue;
4178 4747
4179 4748 scout = dtrace_loadptr(scout + next);
4180 4749
4181 4750 if (scout == NULL)
4182 4751 continue;
4183 4752
4184 4753 scout = dtrace_loadptr(scout + next);
4185 4754
4186 4755 if (scout == NULL)
4187 4756 continue;
4188 4757
4189 4758 if (scout == maddr) {
4190 4759 *flags |= CPU_DTRACE_ILLOP;
4191 4760 break;
4192 4761 }
4193 4762
4194 4763 continue;
4195 4764 }
4196 4765
4197 4766 /*
4198 4767 * We have the minor data. Now we need to
4199 4768 * copy the minor's name into the end of the
4200 4769 * pathname.
4201 4770 */
4202 4771 s = (char *)dtrace_loadptr(maddr + name);
4203 4772 len = dtrace_strlen(s, size);
4204 4773
4205 4774 if (*flags & CPU_DTRACE_FAULT)
4206 4775 break;
4207 4776
4208 4777 if (len != 0) {
4209 4778 if ((end -= (len + 1)) < start)
4210 4779 break;
4211 4780
4212 4781 *end = ':';
4213 4782 }
4214 4783
4215 4784 for (i = 1; i <= len; i++)
4216 4785 end[i] = dtrace_load8((uintptr_t)s++);
4217 4786 break;
4218 4787 }
4219 4788 }
4220 4789
4221 4790 while (daddr != NULL && !(*flags & CPU_DTRACE_FAULT)) {
4222 4791 ddi_node_state_t devi_state;
4223 4792
4224 4793 devi_state = dtrace_load32(daddr +
4225 4794 offsetof(struct dev_info, devi_node_state));
4226 4795
4227 4796 if (*flags & CPU_DTRACE_FAULT)
4228 4797 break;
4229 4798
4230 4799 if (devi_state >= DS_INITIALIZED) {
4231 4800 s = (char *)dtrace_loadptr(daddr +
4232 4801 offsetof(struct dev_info, devi_addr));
4233 4802 len = dtrace_strlen(s, size);
4234 4803
4235 4804 if (*flags & CPU_DTRACE_FAULT)
4236 4805 break;
4237 4806
4238 4807 if (len != 0) {
4239 4808 if ((end -= (len + 1)) < start)
4240 4809 break;
4241 4810
4242 4811 *end = '@';
4243 4812 }
4244 4813
4245 4814 for (i = 1; i <= len; i++)
4246 4815 end[i] = dtrace_load8((uintptr_t)s++);
4247 4816 }
4248 4817
4249 4818 /*
4250 4819 * Now for the node name...
4251 4820 */
4252 4821 s = (char *)dtrace_loadptr(daddr +
4253 4822 offsetof(struct dev_info, devi_node_name));
4254 4823
4255 4824 daddr = dtrace_loadptr(daddr +
4256 4825 offsetof(struct dev_info, devi_parent));
4257 4826
4258 4827 /*
4259 4828 * If our parent is NULL (that is, if we're the root
4260 4829 * node), we're going to use the special path
4261 4830 * "devices".
4262 4831 */
4263 4832 if (daddr == NULL)
4264 4833 s = "devices";
4265 4834
4266 4835 len = dtrace_strlen(s, size);
4267 4836 if (*flags & CPU_DTRACE_FAULT)
4268 4837 break;
4269 4838
4270 4839 if ((end -= (len + 1)) < start)
4271 4840 break;
4272 4841
4273 4842 for (i = 1; i <= len; i++)
4274 4843 end[i] = dtrace_load8((uintptr_t)s++);
4275 4844 *end = '/';
4276 4845
4277 4846 if (depth++ > dtrace_devdepth_max) {
4278 4847 *flags |= CPU_DTRACE_ILLOP;
4279 4848 break;
4280 4849 }
4281 4850 }
4282 4851
4283 4852 if (end < start)
4284 4853 DTRACE_CPUFLAG_SET(CPU_DTRACE_NOSCRATCH);
4285 4854
4286 4855 if (daddr == NULL) {
4287 4856 regs[rd] = (uintptr_t)end;
4288 4857 mstate->dtms_scratch_ptr += size;
4289 4858 }
4290 4859
4291 4860 break;
4292 4861 }
4293 4862
4294 4863 case DIF_SUBR_STRJOIN: {
4295 4864 char *d = (char *)mstate->dtms_scratch_ptr;
4296 4865 uint64_t size = state->dts_options[DTRACEOPT_STRSIZE];
4297 4866 uintptr_t s1 = tupregs[0].dttk_value;
4298 4867 uintptr_t s2 = tupregs[1].dttk_value;
4299 4868 int i = 0;
4300 4869
4301 4870 if (!dtrace_strcanload(s1, size, mstate, vstate) ||
4302 4871 !dtrace_strcanload(s2, size, mstate, vstate)) {
4303 4872 regs[rd] = NULL;
4304 4873 break;
4305 4874 }
4306 4875
4307 4876 if (!DTRACE_INSCRATCH(mstate, size)) {
4308 4877 DTRACE_CPUFLAG_SET(CPU_DTRACE_NOSCRATCH);
4309 4878 regs[rd] = NULL;
4310 4879 break;
4311 4880 }
4312 4881
4313 4882 for (;;) {
4314 4883 if (i >= size) {
4315 4884 DTRACE_CPUFLAG_SET(CPU_DTRACE_NOSCRATCH);
4316 4885 regs[rd] = NULL;
4317 4886 break;
4318 4887 }
4319 4888
4320 4889 if ((d[i++] = dtrace_load8(s1++)) == '\0') {
4321 4890 i--;
4322 4891 break;
4323 4892 }
4324 4893 }
4325 4894
4326 4895 for (;;) {
4327 4896 if (i >= size) {
4328 4897 DTRACE_CPUFLAG_SET(CPU_DTRACE_NOSCRATCH);
4329 4898 regs[rd] = NULL;
4330 4899 break;
4331 4900 }
4332 4901
4333 4902 if ((d[i++] = dtrace_load8(s2++)) == '\0')
4334 4903 break;
|
↓ open down ↓ |
287 lines elided |
↑ open up ↑ |
4335 4904 }
4336 4905
4337 4906 if (i < size) {
4338 4907 mstate->dtms_scratch_ptr += i;
4339 4908 regs[rd] = (uintptr_t)d;
4340 4909 }
4341 4910
4342 4911 break;
4343 4912 }
4344 4913
4914 + case DIF_SUBR_STRTOLL: {
4915 + uintptr_t s = tupregs[0].dttk_value;
4916 + uint64_t size = state->dts_options[DTRACEOPT_STRSIZE];
4917 + int base = 10;
4918 +
4919 + if (nargs > 1) {
4920 + if ((base = tupregs[1].dttk_value) <= 1 ||
4921 + base > ('z' - 'a' + 1) + ('9' - '0' + 1)) {
4922 + *flags |= CPU_DTRACE_ILLOP;
4923 + break;
4924 + }
4925 + }
4926 +
4927 + if (!dtrace_strcanload(s, size, mstate, vstate)) {
4928 + regs[rd] = INT64_MIN;
4929 + break;
4930 + }
4931 +
4932 + regs[rd] = dtrace_strtoll((char *)s, base, size);
4933 + break;
4934 + }
4935 +
4345 4936 case DIF_SUBR_LLTOSTR: {
4346 4937 int64_t i = (int64_t)tupregs[0].dttk_value;
4347 4938 uint64_t val, digit;
4348 4939 uint64_t size = 65; /* enough room for 2^64 in binary */
4349 4940 char *end = (char *)mstate->dtms_scratch_ptr + size - 1;
4350 4941 int base = 10;
4351 4942
4352 4943 if (nargs > 1) {
4353 4944 if ((base = tupregs[1].dttk_value) <= 1 ||
4354 4945 base > ('z' - 'a' + 1) + ('9' - '0' + 1)) {
4355 4946 *flags |= CPU_DTRACE_ILLOP;
4356 4947 break;
4357 4948 }
4358 4949 }
4359 4950
4360 4951 val = (base == 10 && i < 0) ? i * -1 : i;
4361 4952
4362 4953 if (!DTRACE_INSCRATCH(mstate, size)) {
4363 4954 DTRACE_CPUFLAG_SET(CPU_DTRACE_NOSCRATCH);
4364 4955 regs[rd] = NULL;
4365 4956 break;
4366 4957 }
4367 4958
4368 4959 for (*end-- = '\0'; val; val /= base) {
4369 4960 if ((digit = val % base) <= '9' - '0') {
4370 4961 *end-- = '0' + digit;
4371 4962 } else {
4372 4963 *end-- = 'a' + (digit - ('9' - '0') - 1);
4373 4964 }
4374 4965 }
4375 4966
4376 4967 if (i == 0 && base == 16)
4377 4968 *end-- = '0';
4378 4969
4379 4970 if (base == 16)
4380 4971 *end-- = 'x';
4381 4972
4382 4973 if (i == 0 || base == 8 || base == 16)
4383 4974 *end-- = '0';
4384 4975
4385 4976 if (i < 0 && base == 10)
4386 4977 *end-- = '-';
4387 4978
4388 4979 regs[rd] = (uintptr_t)end + 1;
4389 4980 mstate->dtms_scratch_ptr += size;
4390 4981 break;
4391 4982 }
4392 4983
4393 4984 case DIF_SUBR_HTONS:
4394 4985 case DIF_SUBR_NTOHS:
4395 4986 #ifdef _BIG_ENDIAN
4396 4987 regs[rd] = (uint16_t)tupregs[0].dttk_value;
4397 4988 #else
4398 4989 regs[rd] = DT_BSWAP_16((uint16_t)tupregs[0].dttk_value);
4399 4990 #endif
4400 4991 break;
4401 4992
4402 4993
4403 4994 case DIF_SUBR_HTONL:
4404 4995 case DIF_SUBR_NTOHL:
4405 4996 #ifdef _BIG_ENDIAN
4406 4997 regs[rd] = (uint32_t)tupregs[0].dttk_value;
4407 4998 #else
4408 4999 regs[rd] = DT_BSWAP_32((uint32_t)tupregs[0].dttk_value);
4409 5000 #endif
4410 5001 break;
4411 5002
4412 5003
4413 5004 case DIF_SUBR_HTONLL:
4414 5005 case DIF_SUBR_NTOHLL:
4415 5006 #ifdef _BIG_ENDIAN
4416 5007 regs[rd] = (uint64_t)tupregs[0].dttk_value;
4417 5008 #else
4418 5009 regs[rd] = DT_BSWAP_64((uint64_t)tupregs[0].dttk_value);
4419 5010 #endif
4420 5011 break;
4421 5012
4422 5013
4423 5014 case DIF_SUBR_DIRNAME:
4424 5015 case DIF_SUBR_BASENAME: {
4425 5016 char *dest = (char *)mstate->dtms_scratch_ptr;
4426 5017 uint64_t size = state->dts_options[DTRACEOPT_STRSIZE];
4427 5018 uintptr_t src = tupregs[0].dttk_value;
4428 5019 int i, j, len = dtrace_strlen((char *)src, size);
4429 5020 int lastbase = -1, firstbase = -1, lastdir = -1;
4430 5021 int start, end;
4431 5022
4432 5023 if (!dtrace_canload(src, len + 1, mstate, vstate)) {
4433 5024 regs[rd] = NULL;
4434 5025 break;
4435 5026 }
4436 5027
4437 5028 if (!DTRACE_INSCRATCH(mstate, size)) {
4438 5029 DTRACE_CPUFLAG_SET(CPU_DTRACE_NOSCRATCH);
4439 5030 regs[rd] = NULL;
4440 5031 break;
4441 5032 }
4442 5033
4443 5034 /*
4444 5035 * The basename and dirname for a zero-length string is
4445 5036 * defined to be "."
4446 5037 */
4447 5038 if (len == 0) {
4448 5039 len = 1;
4449 5040 src = (uintptr_t)".";
4450 5041 }
4451 5042
4452 5043 /*
4453 5044 * Start from the back of the string, moving back toward the
4454 5045 * front until we see a character that isn't a slash. That
4455 5046 * character is the last character in the basename.
4456 5047 */
4457 5048 for (i = len - 1; i >= 0; i--) {
4458 5049 if (dtrace_load8(src + i) != '/')
4459 5050 break;
4460 5051 }
4461 5052
4462 5053 if (i >= 0)
4463 5054 lastbase = i;
4464 5055
4465 5056 /*
4466 5057 * Starting from the last character in the basename, move
4467 5058 * towards the front until we find a slash. The character
4468 5059 * that we processed immediately before that is the first
4469 5060 * character in the basename.
4470 5061 */
4471 5062 for (; i >= 0; i--) {
4472 5063 if (dtrace_load8(src + i) == '/')
4473 5064 break;
4474 5065 }
4475 5066
4476 5067 if (i >= 0)
4477 5068 firstbase = i + 1;
4478 5069
4479 5070 /*
4480 5071 * Now keep going until we find a non-slash character. That
4481 5072 * character is the last character in the dirname.
4482 5073 */
4483 5074 for (; i >= 0; i--) {
4484 5075 if (dtrace_load8(src + i) != '/')
4485 5076 break;
4486 5077 }
4487 5078
4488 5079 if (i >= 0)
4489 5080 lastdir = i;
4490 5081
4491 5082 ASSERT(!(lastbase == -1 && firstbase != -1));
4492 5083 ASSERT(!(firstbase == -1 && lastdir != -1));
4493 5084
4494 5085 if (lastbase == -1) {
4495 5086 /*
4496 5087 * We didn't find a non-slash character. We know that
4497 5088 * the length is non-zero, so the whole string must be
4498 5089 * slashes. In either the dirname or the basename
4499 5090 * case, we return '/'.
4500 5091 */
4501 5092 ASSERT(firstbase == -1);
4502 5093 firstbase = lastbase = lastdir = 0;
4503 5094 }
4504 5095
4505 5096 if (firstbase == -1) {
4506 5097 /*
4507 5098 * The entire string consists only of a basename
4508 5099 * component. If we're looking for dirname, we need
4509 5100 * to change our string to be just "."; if we're
4510 5101 * looking for a basename, we'll just set the first
4511 5102 * character of the basename to be 0.
4512 5103 */
4513 5104 if (subr == DIF_SUBR_DIRNAME) {
4514 5105 ASSERT(lastdir == -1);
4515 5106 src = (uintptr_t)".";
4516 5107 lastdir = 0;
4517 5108 } else {
4518 5109 firstbase = 0;
4519 5110 }
4520 5111 }
4521 5112
4522 5113 if (subr == DIF_SUBR_DIRNAME) {
4523 5114 if (lastdir == -1) {
4524 5115 /*
4525 5116 * We know that we have a slash in the name --
4526 5117 * or lastdir would be set to 0, above. And
4527 5118 * because lastdir is -1, we know that this
4528 5119 * slash must be the first character. (That
4529 5120 * is, the full string must be of the form
4530 5121 * "/basename".) In this case, the last
4531 5122 * character of the directory name is 0.
4532 5123 */
4533 5124 lastdir = 0;
4534 5125 }
4535 5126
4536 5127 start = 0;
4537 5128 end = lastdir;
4538 5129 } else {
4539 5130 ASSERT(subr == DIF_SUBR_BASENAME);
4540 5131 ASSERT(firstbase != -1 && lastbase != -1);
4541 5132 start = firstbase;
4542 5133 end = lastbase;
4543 5134 }
4544 5135
4545 5136 for (i = start, j = 0; i <= end && j < size - 1; i++, j++)
4546 5137 dest[j] = dtrace_load8(src + i);
4547 5138
4548 5139 dest[j] = '\0';
4549 5140 regs[rd] = (uintptr_t)dest;
4550 5141 mstate->dtms_scratch_ptr += size;
4551 5142 break;
4552 5143 }
4553 5144
4554 5145 case DIF_SUBR_GETF: {
4555 5146 uintptr_t fd = tupregs[0].dttk_value;
4556 5147 uf_info_t *finfo = &curthread->t_procp->p_user.u_finfo;
4557 5148 file_t *fp;
4558 5149
4559 5150 if (!dtrace_priv_proc(state, mstate)) {
4560 5151 regs[rd] = NULL;
4561 5152 break;
4562 5153 }
4563 5154
4564 5155 /*
4565 5156 * This is safe because fi_nfiles only increases, and the
4566 5157 * fi_list array is not freed when the array size doubles.
4567 5158 * (See the comment in flist_grow() for details on the
4568 5159 * management of the u_finfo structure.)
4569 5160 */
4570 5161 fp = fd < finfo->fi_nfiles ? finfo->fi_list[fd].uf_file : NULL;
4571 5162
4572 5163 mstate->dtms_getf = fp;
4573 5164 regs[rd] = (uintptr_t)fp;
4574 5165 break;
4575 5166 }
4576 5167
4577 5168 case DIF_SUBR_CLEANPATH: {
4578 5169 char *dest = (char *)mstate->dtms_scratch_ptr, c;
4579 5170 uint64_t size = state->dts_options[DTRACEOPT_STRSIZE];
4580 5171 uintptr_t src = tupregs[0].dttk_value;
4581 5172 int i = 0, j = 0;
4582 5173 zone_t *z;
4583 5174
4584 5175 if (!dtrace_strcanload(src, size, mstate, vstate)) {
4585 5176 regs[rd] = NULL;
4586 5177 break;
4587 5178 }
4588 5179
4589 5180 if (!DTRACE_INSCRATCH(mstate, size)) {
4590 5181 DTRACE_CPUFLAG_SET(CPU_DTRACE_NOSCRATCH);
4591 5182 regs[rd] = NULL;
4592 5183 break;
4593 5184 }
4594 5185
4595 5186 /*
4596 5187 * Move forward, loading each character.
4597 5188 */
4598 5189 do {
4599 5190 c = dtrace_load8(src + i++);
4600 5191 next:
4601 5192 if (j + 5 >= size) /* 5 = strlen("/..c\0") */
4602 5193 break;
4603 5194
4604 5195 if (c != '/') {
4605 5196 dest[j++] = c;
4606 5197 continue;
4607 5198 }
4608 5199
4609 5200 c = dtrace_load8(src + i++);
4610 5201
4611 5202 if (c == '/') {
4612 5203 /*
4613 5204 * We have two slashes -- we can just advance
4614 5205 * to the next character.
4615 5206 */
4616 5207 goto next;
4617 5208 }
4618 5209
4619 5210 if (c != '.') {
4620 5211 /*
4621 5212 * This is not "." and it's not ".." -- we can
4622 5213 * just store the "/" and this character and
4623 5214 * drive on.
4624 5215 */
4625 5216 dest[j++] = '/';
4626 5217 dest[j++] = c;
4627 5218 continue;
4628 5219 }
4629 5220
4630 5221 c = dtrace_load8(src + i++);
4631 5222
4632 5223 if (c == '/') {
4633 5224 /*
4634 5225 * This is a "/./" component. We're not going
4635 5226 * to store anything in the destination buffer;
4636 5227 * we're just going to go to the next component.
4637 5228 */
4638 5229 goto next;
4639 5230 }
4640 5231
4641 5232 if (c != '.') {
4642 5233 /*
4643 5234 * This is not ".." -- we can just store the
4644 5235 * "/." and this character and continue
4645 5236 * processing.
4646 5237 */
4647 5238 dest[j++] = '/';
4648 5239 dest[j++] = '.';
4649 5240 dest[j++] = c;
4650 5241 continue;
4651 5242 }
4652 5243
4653 5244 c = dtrace_load8(src + i++);
4654 5245
4655 5246 if (c != '/' && c != '\0') {
4656 5247 /*
4657 5248 * This is not ".." -- it's "..[mumble]".
4658 5249 * We'll store the "/.." and this character
4659 5250 * and continue processing.
4660 5251 */
4661 5252 dest[j++] = '/';
4662 5253 dest[j++] = '.';
4663 5254 dest[j++] = '.';
4664 5255 dest[j++] = c;
4665 5256 continue;
4666 5257 }
4667 5258
4668 5259 /*
4669 5260 * This is "/../" or "/..\0". We need to back up
4670 5261 * our destination pointer until we find a "/".
4671 5262 */
4672 5263 i--;
4673 5264 while (j != 0 && dest[--j] != '/')
4674 5265 continue;
4675 5266
4676 5267 if (c == '\0')
4677 5268 dest[++j] = '/';
4678 5269 } while (c != '\0');
4679 5270
4680 5271 dest[j] = '\0';
4681 5272
4682 5273 if (mstate->dtms_getf != NULL &&
4683 5274 !(mstate->dtms_access & DTRACE_ACCESS_KERNEL) &&
4684 5275 (z = state->dts_cred.dcr_cred->cr_zone) != kcred->cr_zone) {
4685 5276 /*
4686 5277 * If we've done a getf() as a part of this ECB and we
4687 5278 * don't have kernel access (and we're not in the global
4688 5279 * zone), check if the path we cleaned up begins with
4689 5280 * the zone's root path, and trim it off if so. Note
4690 5281 * that this is an output cleanliness issue, not a
4691 5282 * security issue: knowing one's zone root path does
4692 5283 * not enable privilege escalation.
4693 5284 */
4694 5285 if (strstr(dest, z->zone_rootpath) == dest)
4695 5286 dest += strlen(z->zone_rootpath) - 1;
4696 5287 }
4697 5288
4698 5289 regs[rd] = (uintptr_t)dest;
4699 5290 mstate->dtms_scratch_ptr += size;
4700 5291 break;
4701 5292 }
4702 5293
4703 5294 case DIF_SUBR_INET_NTOA:
4704 5295 case DIF_SUBR_INET_NTOA6:
4705 5296 case DIF_SUBR_INET_NTOP: {
4706 5297 size_t size;
4707 5298 int af, argi, i;
4708 5299 char *base, *end;
4709 5300
4710 5301 if (subr == DIF_SUBR_INET_NTOP) {
4711 5302 af = (int)tupregs[0].dttk_value;
4712 5303 argi = 1;
4713 5304 } else {
4714 5305 af = subr == DIF_SUBR_INET_NTOA ? AF_INET: AF_INET6;
4715 5306 argi = 0;
4716 5307 }
4717 5308
4718 5309 if (af == AF_INET) {
4719 5310 ipaddr_t ip4;
4720 5311 uint8_t *ptr8, val;
4721 5312
4722 5313 /*
4723 5314 * Safely load the IPv4 address.
4724 5315 */
4725 5316 ip4 = dtrace_load32(tupregs[argi].dttk_value);
4726 5317
4727 5318 /*
4728 5319 * Check an IPv4 string will fit in scratch.
4729 5320 */
4730 5321 size = INET_ADDRSTRLEN;
4731 5322 if (!DTRACE_INSCRATCH(mstate, size)) {
4732 5323 DTRACE_CPUFLAG_SET(CPU_DTRACE_NOSCRATCH);
4733 5324 regs[rd] = NULL;
4734 5325 break;
4735 5326 }
4736 5327 base = (char *)mstate->dtms_scratch_ptr;
4737 5328 end = (char *)mstate->dtms_scratch_ptr + size - 1;
4738 5329
4739 5330 /*
4740 5331 * Stringify as a dotted decimal quad.
4741 5332 */
4742 5333 *end-- = '\0';
4743 5334 ptr8 = (uint8_t *)&ip4;
4744 5335 for (i = 3; i >= 0; i--) {
4745 5336 val = ptr8[i];
4746 5337
4747 5338 if (val == 0) {
4748 5339 *end-- = '0';
4749 5340 } else {
4750 5341 for (; val; val /= 10) {
4751 5342 *end-- = '0' + (val % 10);
4752 5343 }
4753 5344 }
4754 5345
4755 5346 if (i > 0)
4756 5347 *end-- = '.';
4757 5348 }
4758 5349 ASSERT(end + 1 >= base);
4759 5350
4760 5351 } else if (af == AF_INET6) {
4761 5352 struct in6_addr ip6;
4762 5353 int firstzero, tryzero, numzero, v6end;
4763 5354 uint16_t val;
4764 5355 const char digits[] = "0123456789abcdef";
4765 5356
4766 5357 /*
4767 5358 * Stringify using RFC 1884 convention 2 - 16 bit
4768 5359 * hexadecimal values with a zero-run compression.
4769 5360 * Lower case hexadecimal digits are used.
4770 5361 * eg, fe80::214:4fff:fe0b:76c8.
4771 5362 * The IPv4 embedded form is returned for inet_ntop,
4772 5363 * just the IPv4 string is returned for inet_ntoa6.
4773 5364 */
4774 5365
4775 5366 /*
4776 5367 * Safely load the IPv6 address.
4777 5368 */
4778 5369 dtrace_bcopy(
4779 5370 (void *)(uintptr_t)tupregs[argi].dttk_value,
4780 5371 (void *)(uintptr_t)&ip6, sizeof (struct in6_addr));
4781 5372
4782 5373 /*
4783 5374 * Check an IPv6 string will fit in scratch.
4784 5375 */
4785 5376 size = INET6_ADDRSTRLEN;
4786 5377 if (!DTRACE_INSCRATCH(mstate, size)) {
4787 5378 DTRACE_CPUFLAG_SET(CPU_DTRACE_NOSCRATCH);
4788 5379 regs[rd] = NULL;
4789 5380 break;
4790 5381 }
4791 5382 base = (char *)mstate->dtms_scratch_ptr;
4792 5383 end = (char *)mstate->dtms_scratch_ptr + size - 1;
4793 5384 *end-- = '\0';
4794 5385
4795 5386 /*
4796 5387 * Find the longest run of 16 bit zero values
4797 5388 * for the single allowed zero compression - "::".
4798 5389 */
4799 5390 firstzero = -1;
4800 5391 tryzero = -1;
4801 5392 numzero = 1;
4802 5393 for (i = 0; i < sizeof (struct in6_addr); i++) {
4803 5394 if (ip6._S6_un._S6_u8[i] == 0 &&
4804 5395 tryzero == -1 && i % 2 == 0) {
4805 5396 tryzero = i;
4806 5397 continue;
4807 5398 }
4808 5399
4809 5400 if (tryzero != -1 &&
4810 5401 (ip6._S6_un._S6_u8[i] != 0 ||
4811 5402 i == sizeof (struct in6_addr) - 1)) {
4812 5403
4813 5404 if (i - tryzero <= numzero) {
4814 5405 tryzero = -1;
4815 5406 continue;
4816 5407 }
4817 5408
4818 5409 firstzero = tryzero;
4819 5410 numzero = i - i % 2 - tryzero;
4820 5411 tryzero = -1;
4821 5412
4822 5413 if (ip6._S6_un._S6_u8[i] == 0 &&
4823 5414 i == sizeof (struct in6_addr) - 1)
4824 5415 numzero += 2;
4825 5416 }
4826 5417 }
4827 5418 ASSERT(firstzero + numzero <= sizeof (struct in6_addr));
4828 5419
4829 5420 /*
4830 5421 * Check for an IPv4 embedded address.
4831 5422 */
4832 5423 v6end = sizeof (struct in6_addr) - 2;
4833 5424 if (IN6_IS_ADDR_V4MAPPED(&ip6) ||
4834 5425 IN6_IS_ADDR_V4COMPAT(&ip6)) {
4835 5426 for (i = sizeof (struct in6_addr) - 1;
4836 5427 i >= DTRACE_V4MAPPED_OFFSET; i--) {
4837 5428 ASSERT(end >= base);
4838 5429
4839 5430 val = ip6._S6_un._S6_u8[i];
4840 5431
4841 5432 if (val == 0) {
4842 5433 *end-- = '0';
4843 5434 } else {
4844 5435 for (; val; val /= 10) {
4845 5436 *end-- = '0' + val % 10;
4846 5437 }
4847 5438 }
4848 5439
4849 5440 if (i > DTRACE_V4MAPPED_OFFSET)
4850 5441 *end-- = '.';
4851 5442 }
4852 5443
4853 5444 if (subr == DIF_SUBR_INET_NTOA6)
4854 5445 goto inetout;
4855 5446
4856 5447 /*
4857 5448 * Set v6end to skip the IPv4 address that
4858 5449 * we have already stringified.
4859 5450 */
4860 5451 v6end = 10;
4861 5452 }
4862 5453
4863 5454 /*
4864 5455 * Build the IPv6 string by working through the
4865 5456 * address in reverse.
4866 5457 */
4867 5458 for (i = v6end; i >= 0; i -= 2) {
4868 5459 ASSERT(end >= base);
4869 5460
4870 5461 if (i == firstzero + numzero - 2) {
4871 5462 *end-- = ':';
4872 5463 *end-- = ':';
4873 5464 i -= numzero - 2;
4874 5465 continue;
4875 5466 }
4876 5467
4877 5468 if (i < 14 && i != firstzero - 2)
4878 5469 *end-- = ':';
4879 5470
4880 5471 val = (ip6._S6_un._S6_u8[i] << 8) +
4881 5472 ip6._S6_un._S6_u8[i + 1];
4882 5473
4883 5474 if (val == 0) {
4884 5475 *end-- = '0';
4885 5476 } else {
4886 5477 for (; val; val /= 16) {
4887 5478 *end-- = digits[val % 16];
4888 5479 }
4889 5480 }
4890 5481 }
4891 5482 ASSERT(end + 1 >= base);
4892 5483
4893 5484 } else {
4894 5485 /*
4895 5486 * The user didn't use AH_INET or AH_INET6.
4896 5487 */
4897 5488 DTRACE_CPUFLAG_SET(CPU_DTRACE_ILLOP);
4898 5489 regs[rd] = NULL;
4899 5490 break;
4900 5491 }
4901 5492
4902 5493 inetout: regs[rd] = (uintptr_t)end + 1;
4903 5494 mstate->dtms_scratch_ptr += size;
4904 5495 break;
4905 5496 }
4906 5497
4907 5498 }
4908 5499 }
4909 5500
4910 5501 /*
4911 5502 * Emulate the execution of DTrace IR instructions specified by the given
4912 5503 * DIF object. This function is deliberately void of assertions as all of
4913 5504 * the necessary checks are handled by a call to dtrace_difo_validate().
4914 5505 */
4915 5506 static uint64_t
4916 5507 dtrace_dif_emulate(dtrace_difo_t *difo, dtrace_mstate_t *mstate,
4917 5508 dtrace_vstate_t *vstate, dtrace_state_t *state)
4918 5509 {
4919 5510 const dif_instr_t *text = difo->dtdo_buf;
4920 5511 const uint_t textlen = difo->dtdo_len;
4921 5512 const char *strtab = difo->dtdo_strtab;
4922 5513 const uint64_t *inttab = difo->dtdo_inttab;
4923 5514
4924 5515 uint64_t rval = 0;
4925 5516 dtrace_statvar_t *svar;
4926 5517 dtrace_dstate_t *dstate = &vstate->dtvs_dynvars;
4927 5518 dtrace_difv_t *v;
4928 5519 volatile uint16_t *flags = &cpu_core[CPU->cpu_id].cpuc_dtrace_flags;
4929 5520 volatile uintptr_t *illval = &cpu_core[CPU->cpu_id].cpuc_dtrace_illval;
4930 5521
4931 5522 dtrace_key_t tupregs[DIF_DTR_NREGS + 2]; /* +2 for thread and id */
4932 5523 uint64_t regs[DIF_DIR_NREGS];
4933 5524 uint64_t *tmp;
4934 5525
4935 5526 uint8_t cc_n = 0, cc_z = 0, cc_v = 0, cc_c = 0;
4936 5527 int64_t cc_r;
4937 5528 uint_t pc = 0, id, opc;
4938 5529 uint8_t ttop = 0;
4939 5530 dif_instr_t instr;
4940 5531 uint_t r1, r2, rd;
4941 5532
4942 5533 /*
4943 5534 * We stash the current DIF object into the machine state: we need it
4944 5535 * for subsequent access checking.
4945 5536 */
4946 5537 mstate->dtms_difo = difo;
4947 5538
4948 5539 regs[DIF_REG_R0] = 0; /* %r0 is fixed at zero */
4949 5540
4950 5541 while (pc < textlen && !(*flags & CPU_DTRACE_FAULT)) {
4951 5542 opc = pc;
4952 5543
4953 5544 instr = text[pc++];
4954 5545 r1 = DIF_INSTR_R1(instr);
4955 5546 r2 = DIF_INSTR_R2(instr);
4956 5547 rd = DIF_INSTR_RD(instr);
4957 5548
4958 5549 switch (DIF_INSTR_OP(instr)) {
4959 5550 case DIF_OP_OR:
4960 5551 regs[rd] = regs[r1] | regs[r2];
4961 5552 break;
4962 5553 case DIF_OP_XOR:
4963 5554 regs[rd] = regs[r1] ^ regs[r2];
4964 5555 break;
4965 5556 case DIF_OP_AND:
4966 5557 regs[rd] = regs[r1] & regs[r2];
4967 5558 break;
4968 5559 case DIF_OP_SLL:
4969 5560 regs[rd] = regs[r1] << regs[r2];
4970 5561 break;
4971 5562 case DIF_OP_SRL:
4972 5563 regs[rd] = regs[r1] >> regs[r2];
4973 5564 break;
4974 5565 case DIF_OP_SUB:
4975 5566 regs[rd] = regs[r1] - regs[r2];
4976 5567 break;
4977 5568 case DIF_OP_ADD:
4978 5569 regs[rd] = regs[r1] + regs[r2];
4979 5570 break;
4980 5571 case DIF_OP_MUL:
4981 5572 regs[rd] = regs[r1] * regs[r2];
4982 5573 break;
4983 5574 case DIF_OP_SDIV:
4984 5575 if (regs[r2] == 0) {
4985 5576 regs[rd] = 0;
4986 5577 *flags |= CPU_DTRACE_DIVZERO;
4987 5578 } else {
4988 5579 regs[rd] = (int64_t)regs[r1] /
4989 5580 (int64_t)regs[r2];
4990 5581 }
4991 5582 break;
4992 5583
4993 5584 case DIF_OP_UDIV:
4994 5585 if (regs[r2] == 0) {
4995 5586 regs[rd] = 0;
4996 5587 *flags |= CPU_DTRACE_DIVZERO;
4997 5588 } else {
4998 5589 regs[rd] = regs[r1] / regs[r2];
4999 5590 }
5000 5591 break;
5001 5592
5002 5593 case DIF_OP_SREM:
5003 5594 if (regs[r2] == 0) {
5004 5595 regs[rd] = 0;
5005 5596 *flags |= CPU_DTRACE_DIVZERO;
5006 5597 } else {
5007 5598 regs[rd] = (int64_t)regs[r1] %
5008 5599 (int64_t)regs[r2];
5009 5600 }
5010 5601 break;
5011 5602
5012 5603 case DIF_OP_UREM:
5013 5604 if (regs[r2] == 0) {
5014 5605 regs[rd] = 0;
5015 5606 *flags |= CPU_DTRACE_DIVZERO;
5016 5607 } else {
5017 5608 regs[rd] = regs[r1] % regs[r2];
5018 5609 }
5019 5610 break;
5020 5611
5021 5612 case DIF_OP_NOT:
5022 5613 regs[rd] = ~regs[r1];
5023 5614 break;
5024 5615 case DIF_OP_MOV:
5025 5616 regs[rd] = regs[r1];
5026 5617 break;
5027 5618 case DIF_OP_CMP:
5028 5619 cc_r = regs[r1] - regs[r2];
5029 5620 cc_n = cc_r < 0;
5030 5621 cc_z = cc_r == 0;
5031 5622 cc_v = 0;
5032 5623 cc_c = regs[r1] < regs[r2];
5033 5624 break;
5034 5625 case DIF_OP_TST:
5035 5626 cc_n = cc_v = cc_c = 0;
5036 5627 cc_z = regs[r1] == 0;
5037 5628 break;
5038 5629 case DIF_OP_BA:
5039 5630 pc = DIF_INSTR_LABEL(instr);
5040 5631 break;
5041 5632 case DIF_OP_BE:
5042 5633 if (cc_z)
5043 5634 pc = DIF_INSTR_LABEL(instr);
5044 5635 break;
5045 5636 case DIF_OP_BNE:
5046 5637 if (cc_z == 0)
5047 5638 pc = DIF_INSTR_LABEL(instr);
5048 5639 break;
5049 5640 case DIF_OP_BG:
5050 5641 if ((cc_z | (cc_n ^ cc_v)) == 0)
5051 5642 pc = DIF_INSTR_LABEL(instr);
5052 5643 break;
5053 5644 case DIF_OP_BGU:
5054 5645 if ((cc_c | cc_z) == 0)
5055 5646 pc = DIF_INSTR_LABEL(instr);
5056 5647 break;
5057 5648 case DIF_OP_BGE:
5058 5649 if ((cc_n ^ cc_v) == 0)
5059 5650 pc = DIF_INSTR_LABEL(instr);
5060 5651 break;
5061 5652 case DIF_OP_BGEU:
5062 5653 if (cc_c == 0)
5063 5654 pc = DIF_INSTR_LABEL(instr);
5064 5655 break;
5065 5656 case DIF_OP_BL:
5066 5657 if (cc_n ^ cc_v)
5067 5658 pc = DIF_INSTR_LABEL(instr);
5068 5659 break;
5069 5660 case DIF_OP_BLU:
5070 5661 if (cc_c)
5071 5662 pc = DIF_INSTR_LABEL(instr);
5072 5663 break;
5073 5664 case DIF_OP_BLE:
5074 5665 if (cc_z | (cc_n ^ cc_v))
5075 5666 pc = DIF_INSTR_LABEL(instr);
5076 5667 break;
5077 5668 case DIF_OP_BLEU:
5078 5669 if (cc_c | cc_z)
5079 5670 pc = DIF_INSTR_LABEL(instr);
5080 5671 break;
5081 5672 case DIF_OP_RLDSB:
5082 5673 if (!dtrace_canload(regs[r1], 1, mstate, vstate))
5083 5674 break;
5084 5675 /*FALLTHROUGH*/
5085 5676 case DIF_OP_LDSB:
5086 5677 regs[rd] = (int8_t)dtrace_load8(regs[r1]);
5087 5678 break;
5088 5679 case DIF_OP_RLDSH:
5089 5680 if (!dtrace_canload(regs[r1], 2, mstate, vstate))
5090 5681 break;
5091 5682 /*FALLTHROUGH*/
5092 5683 case DIF_OP_LDSH:
5093 5684 regs[rd] = (int16_t)dtrace_load16(regs[r1]);
5094 5685 break;
5095 5686 case DIF_OP_RLDSW:
5096 5687 if (!dtrace_canload(regs[r1], 4, mstate, vstate))
5097 5688 break;
5098 5689 /*FALLTHROUGH*/
5099 5690 case DIF_OP_LDSW:
5100 5691 regs[rd] = (int32_t)dtrace_load32(regs[r1]);
5101 5692 break;
5102 5693 case DIF_OP_RLDUB:
5103 5694 if (!dtrace_canload(regs[r1], 1, mstate, vstate))
5104 5695 break;
5105 5696 /*FALLTHROUGH*/
5106 5697 case DIF_OP_LDUB:
5107 5698 regs[rd] = dtrace_load8(regs[r1]);
5108 5699 break;
5109 5700 case DIF_OP_RLDUH:
5110 5701 if (!dtrace_canload(regs[r1], 2, mstate, vstate))
5111 5702 break;
5112 5703 /*FALLTHROUGH*/
5113 5704 case DIF_OP_LDUH:
5114 5705 regs[rd] = dtrace_load16(regs[r1]);
5115 5706 break;
5116 5707 case DIF_OP_RLDUW:
5117 5708 if (!dtrace_canload(regs[r1], 4, mstate, vstate))
5118 5709 break;
5119 5710 /*FALLTHROUGH*/
5120 5711 case DIF_OP_LDUW:
5121 5712 regs[rd] = dtrace_load32(regs[r1]);
5122 5713 break;
5123 5714 case DIF_OP_RLDX:
5124 5715 if (!dtrace_canload(regs[r1], 8, mstate, vstate))
5125 5716 break;
5126 5717 /*FALLTHROUGH*/
5127 5718 case DIF_OP_LDX:
5128 5719 regs[rd] = dtrace_load64(regs[r1]);
5129 5720 break;
5130 5721 case DIF_OP_ULDSB:
5131 5722 regs[rd] = (int8_t)
5132 5723 dtrace_fuword8((void *)(uintptr_t)regs[r1]);
5133 5724 break;
5134 5725 case DIF_OP_ULDSH:
5135 5726 regs[rd] = (int16_t)
5136 5727 dtrace_fuword16((void *)(uintptr_t)regs[r1]);
5137 5728 break;
5138 5729 case DIF_OP_ULDSW:
5139 5730 regs[rd] = (int32_t)
5140 5731 dtrace_fuword32((void *)(uintptr_t)regs[r1]);
5141 5732 break;
5142 5733 case DIF_OP_ULDUB:
5143 5734 regs[rd] =
5144 5735 dtrace_fuword8((void *)(uintptr_t)regs[r1]);
5145 5736 break;
5146 5737 case DIF_OP_ULDUH:
5147 5738 regs[rd] =
5148 5739 dtrace_fuword16((void *)(uintptr_t)regs[r1]);
5149 5740 break;
5150 5741 case DIF_OP_ULDUW:
5151 5742 regs[rd] =
5152 5743 dtrace_fuword32((void *)(uintptr_t)regs[r1]);
5153 5744 break;
5154 5745 case DIF_OP_ULDX:
5155 5746 regs[rd] =
5156 5747 dtrace_fuword64((void *)(uintptr_t)regs[r1]);
5157 5748 break;
5158 5749 case DIF_OP_RET:
5159 5750 rval = regs[rd];
5160 5751 pc = textlen;
5161 5752 break;
5162 5753 case DIF_OP_NOP:
5163 5754 break;
5164 5755 case DIF_OP_SETX:
5165 5756 regs[rd] = inttab[DIF_INSTR_INTEGER(instr)];
5166 5757 break;
5167 5758 case DIF_OP_SETS:
5168 5759 regs[rd] = (uint64_t)(uintptr_t)
5169 5760 (strtab + DIF_INSTR_STRING(instr));
5170 5761 break;
5171 5762 case DIF_OP_SCMP: {
5172 5763 size_t sz = state->dts_options[DTRACEOPT_STRSIZE];
5173 5764 uintptr_t s1 = regs[r1];
5174 5765 uintptr_t s2 = regs[r2];
5175 5766
5176 5767 if (s1 != NULL &&
5177 5768 !dtrace_strcanload(s1, sz, mstate, vstate))
5178 5769 break;
5179 5770 if (s2 != NULL &&
5180 5771 !dtrace_strcanload(s2, sz, mstate, vstate))
5181 5772 break;
5182 5773
5183 5774 cc_r = dtrace_strncmp((char *)s1, (char *)s2, sz);
5184 5775
5185 5776 cc_n = cc_r < 0;
5186 5777 cc_z = cc_r == 0;
5187 5778 cc_v = cc_c = 0;
5188 5779 break;
5189 5780 }
5190 5781 case DIF_OP_LDGA:
5191 5782 regs[rd] = dtrace_dif_variable(mstate, state,
5192 5783 r1, regs[r2]);
5193 5784 break;
5194 5785 case DIF_OP_LDGS:
5195 5786 id = DIF_INSTR_VAR(instr);
5196 5787
5197 5788 if (id >= DIF_VAR_OTHER_UBASE) {
5198 5789 uintptr_t a;
5199 5790
5200 5791 id -= DIF_VAR_OTHER_UBASE;
5201 5792 svar = vstate->dtvs_globals[id];
5202 5793 ASSERT(svar != NULL);
5203 5794 v = &svar->dtsv_var;
5204 5795
5205 5796 if (!(v->dtdv_type.dtdt_flags & DIF_TF_BYREF)) {
5206 5797 regs[rd] = svar->dtsv_data;
5207 5798 break;
5208 5799 }
5209 5800
5210 5801 a = (uintptr_t)svar->dtsv_data;
5211 5802
5212 5803 if (*(uint8_t *)a == UINT8_MAX) {
5213 5804 /*
5214 5805 * If the 0th byte is set to UINT8_MAX
5215 5806 * then this is to be treated as a
5216 5807 * reference to a NULL variable.
5217 5808 */
5218 5809 regs[rd] = NULL;
5219 5810 } else {
5220 5811 regs[rd] = a + sizeof (uint64_t);
5221 5812 }
5222 5813
5223 5814 break;
5224 5815 }
5225 5816
5226 5817 regs[rd] = dtrace_dif_variable(mstate, state, id, 0);
5227 5818 break;
5228 5819
5229 5820 case DIF_OP_STGS:
5230 5821 id = DIF_INSTR_VAR(instr);
5231 5822
5232 5823 ASSERT(id >= DIF_VAR_OTHER_UBASE);
5233 5824 id -= DIF_VAR_OTHER_UBASE;
5234 5825
5235 5826 svar = vstate->dtvs_globals[id];
5236 5827 ASSERT(svar != NULL);
5237 5828 v = &svar->dtsv_var;
5238 5829
5239 5830 if (v->dtdv_type.dtdt_flags & DIF_TF_BYREF) {
5240 5831 uintptr_t a = (uintptr_t)svar->dtsv_data;
5241 5832
5242 5833 ASSERT(a != NULL);
5243 5834 ASSERT(svar->dtsv_size != 0);
5244 5835
5245 5836 if (regs[rd] == NULL) {
5246 5837 *(uint8_t *)a = UINT8_MAX;
5247 5838 break;
5248 5839 } else {
5249 5840 *(uint8_t *)a = 0;
5250 5841 a += sizeof (uint64_t);
5251 5842 }
5252 5843 if (!dtrace_vcanload(
5253 5844 (void *)(uintptr_t)regs[rd], &v->dtdv_type,
5254 5845 mstate, vstate))
5255 5846 break;
5256 5847
5257 5848 dtrace_vcopy((void *)(uintptr_t)regs[rd],
5258 5849 (void *)a, &v->dtdv_type);
5259 5850 break;
5260 5851 }
5261 5852
5262 5853 svar->dtsv_data = regs[rd];
5263 5854 break;
5264 5855
5265 5856 case DIF_OP_LDTA:
5266 5857 /*
5267 5858 * There are no DTrace built-in thread-local arrays at
5268 5859 * present. This opcode is saved for future work.
5269 5860 */
5270 5861 *flags |= CPU_DTRACE_ILLOP;
5271 5862 regs[rd] = 0;
5272 5863 break;
5273 5864
5274 5865 case DIF_OP_LDLS:
5275 5866 id = DIF_INSTR_VAR(instr);
5276 5867
5277 5868 if (id < DIF_VAR_OTHER_UBASE) {
5278 5869 /*
5279 5870 * For now, this has no meaning.
5280 5871 */
5281 5872 regs[rd] = 0;
5282 5873 break;
5283 5874 }
5284 5875
5285 5876 id -= DIF_VAR_OTHER_UBASE;
5286 5877
5287 5878 ASSERT(id < vstate->dtvs_nlocals);
5288 5879 ASSERT(vstate->dtvs_locals != NULL);
5289 5880
5290 5881 svar = vstate->dtvs_locals[id];
5291 5882 ASSERT(svar != NULL);
5292 5883 v = &svar->dtsv_var;
5293 5884
5294 5885 if (v->dtdv_type.dtdt_flags & DIF_TF_BYREF) {
5295 5886 uintptr_t a = (uintptr_t)svar->dtsv_data;
5296 5887 size_t sz = v->dtdv_type.dtdt_size;
5297 5888
5298 5889 sz += sizeof (uint64_t);
5299 5890 ASSERT(svar->dtsv_size == NCPU * sz);
5300 5891 a += CPU->cpu_id * sz;
5301 5892
5302 5893 if (*(uint8_t *)a == UINT8_MAX) {
5303 5894 /*
5304 5895 * If the 0th byte is set to UINT8_MAX
5305 5896 * then this is to be treated as a
5306 5897 * reference to a NULL variable.
5307 5898 */
5308 5899 regs[rd] = NULL;
5309 5900 } else {
5310 5901 regs[rd] = a + sizeof (uint64_t);
5311 5902 }
5312 5903
5313 5904 break;
5314 5905 }
5315 5906
5316 5907 ASSERT(svar->dtsv_size == NCPU * sizeof (uint64_t));
5317 5908 tmp = (uint64_t *)(uintptr_t)svar->dtsv_data;
5318 5909 regs[rd] = tmp[CPU->cpu_id];
5319 5910 break;
5320 5911
5321 5912 case DIF_OP_STLS:
5322 5913 id = DIF_INSTR_VAR(instr);
5323 5914
5324 5915 ASSERT(id >= DIF_VAR_OTHER_UBASE);
5325 5916 id -= DIF_VAR_OTHER_UBASE;
5326 5917 ASSERT(id < vstate->dtvs_nlocals);
5327 5918
5328 5919 ASSERT(vstate->dtvs_locals != NULL);
5329 5920 svar = vstate->dtvs_locals[id];
5330 5921 ASSERT(svar != NULL);
5331 5922 v = &svar->dtsv_var;
5332 5923
5333 5924 if (v->dtdv_type.dtdt_flags & DIF_TF_BYREF) {
5334 5925 uintptr_t a = (uintptr_t)svar->dtsv_data;
5335 5926 size_t sz = v->dtdv_type.dtdt_size;
5336 5927
5337 5928 sz += sizeof (uint64_t);
5338 5929 ASSERT(svar->dtsv_size == NCPU * sz);
5339 5930 a += CPU->cpu_id * sz;
5340 5931
5341 5932 if (regs[rd] == NULL) {
5342 5933 *(uint8_t *)a = UINT8_MAX;
5343 5934 break;
5344 5935 } else {
5345 5936 *(uint8_t *)a = 0;
5346 5937 a += sizeof (uint64_t);
5347 5938 }
5348 5939
5349 5940 if (!dtrace_vcanload(
5350 5941 (void *)(uintptr_t)regs[rd], &v->dtdv_type,
5351 5942 mstate, vstate))
5352 5943 break;
5353 5944
5354 5945 dtrace_vcopy((void *)(uintptr_t)regs[rd],
5355 5946 (void *)a, &v->dtdv_type);
5356 5947 break;
5357 5948 }
5358 5949
5359 5950 ASSERT(svar->dtsv_size == NCPU * sizeof (uint64_t));
5360 5951 tmp = (uint64_t *)(uintptr_t)svar->dtsv_data;
5361 5952 tmp[CPU->cpu_id] = regs[rd];
5362 5953 break;
5363 5954
5364 5955 case DIF_OP_LDTS: {
5365 5956 dtrace_dynvar_t *dvar;
5366 5957 dtrace_key_t *key;
5367 5958
5368 5959 id = DIF_INSTR_VAR(instr);
5369 5960 ASSERT(id >= DIF_VAR_OTHER_UBASE);
5370 5961 id -= DIF_VAR_OTHER_UBASE;
5371 5962 v = &vstate->dtvs_tlocals[id];
5372 5963
5373 5964 key = &tupregs[DIF_DTR_NREGS];
5374 5965 key[0].dttk_value = (uint64_t)id;
5375 5966 key[0].dttk_size = 0;
5376 5967 DTRACE_TLS_THRKEY(key[1].dttk_value);
5377 5968 key[1].dttk_size = 0;
5378 5969
5379 5970 dvar = dtrace_dynvar(dstate, 2, key,
5380 5971 sizeof (uint64_t), DTRACE_DYNVAR_NOALLOC,
5381 5972 mstate, vstate);
5382 5973
5383 5974 if (dvar == NULL) {
5384 5975 regs[rd] = 0;
5385 5976 break;
5386 5977 }
5387 5978
5388 5979 if (v->dtdv_type.dtdt_flags & DIF_TF_BYREF) {
5389 5980 regs[rd] = (uint64_t)(uintptr_t)dvar->dtdv_data;
5390 5981 } else {
5391 5982 regs[rd] = *((uint64_t *)dvar->dtdv_data);
5392 5983 }
5393 5984
5394 5985 break;
5395 5986 }
5396 5987
5397 5988 case DIF_OP_STTS: {
5398 5989 dtrace_dynvar_t *dvar;
5399 5990 dtrace_key_t *key;
5400 5991
5401 5992 id = DIF_INSTR_VAR(instr);
5402 5993 ASSERT(id >= DIF_VAR_OTHER_UBASE);
5403 5994 id -= DIF_VAR_OTHER_UBASE;
5404 5995
5405 5996 key = &tupregs[DIF_DTR_NREGS];
5406 5997 key[0].dttk_value = (uint64_t)id;
5407 5998 key[0].dttk_size = 0;
5408 5999 DTRACE_TLS_THRKEY(key[1].dttk_value);
5409 6000 key[1].dttk_size = 0;
5410 6001 v = &vstate->dtvs_tlocals[id];
5411 6002
5412 6003 dvar = dtrace_dynvar(dstate, 2, key,
5413 6004 v->dtdv_type.dtdt_size > sizeof (uint64_t) ?
5414 6005 v->dtdv_type.dtdt_size : sizeof (uint64_t),
5415 6006 regs[rd] ? DTRACE_DYNVAR_ALLOC :
5416 6007 DTRACE_DYNVAR_DEALLOC, mstate, vstate);
5417 6008
5418 6009 /*
5419 6010 * Given that we're storing to thread-local data,
5420 6011 * we need to flush our predicate cache.
5421 6012 */
5422 6013 curthread->t_predcache = NULL;
5423 6014
5424 6015 if (dvar == NULL)
5425 6016 break;
5426 6017
5427 6018 if (v->dtdv_type.dtdt_flags & DIF_TF_BYREF) {
5428 6019 if (!dtrace_vcanload(
5429 6020 (void *)(uintptr_t)regs[rd],
5430 6021 &v->dtdv_type, mstate, vstate))
5431 6022 break;
5432 6023
5433 6024 dtrace_vcopy((void *)(uintptr_t)regs[rd],
5434 6025 dvar->dtdv_data, &v->dtdv_type);
5435 6026 } else {
5436 6027 *((uint64_t *)dvar->dtdv_data) = regs[rd];
5437 6028 }
5438 6029
5439 6030 break;
5440 6031 }
5441 6032
5442 6033 case DIF_OP_SRA:
5443 6034 regs[rd] = (int64_t)regs[r1] >> regs[r2];
5444 6035 break;
5445 6036
5446 6037 case DIF_OP_CALL:
5447 6038 dtrace_dif_subr(DIF_INSTR_SUBR(instr), rd,
5448 6039 regs, tupregs, ttop, mstate, state);
5449 6040 break;
5450 6041
5451 6042 case DIF_OP_PUSHTR:
5452 6043 if (ttop == DIF_DTR_NREGS) {
5453 6044 *flags |= CPU_DTRACE_TUPOFLOW;
5454 6045 break;
5455 6046 }
5456 6047
5457 6048 if (r1 == DIF_TYPE_STRING) {
5458 6049 /*
5459 6050 * If this is a string type and the size is 0,
5460 6051 * we'll use the system-wide default string
5461 6052 * size. Note that we are _not_ looking at
5462 6053 * the value of the DTRACEOPT_STRSIZE option;
5463 6054 * had this been set, we would expect to have
5464 6055 * a non-zero size value in the "pushtr".
5465 6056 */
5466 6057 tupregs[ttop].dttk_size =
5467 6058 dtrace_strlen((char *)(uintptr_t)regs[rd],
5468 6059 regs[r2] ? regs[r2] :
5469 6060 dtrace_strsize_default) + 1;
5470 6061 } else {
5471 6062 tupregs[ttop].dttk_size = regs[r2];
5472 6063 }
5473 6064
5474 6065 tupregs[ttop++].dttk_value = regs[rd];
5475 6066 break;
5476 6067
5477 6068 case DIF_OP_PUSHTV:
5478 6069 if (ttop == DIF_DTR_NREGS) {
5479 6070 *flags |= CPU_DTRACE_TUPOFLOW;
5480 6071 break;
5481 6072 }
5482 6073
5483 6074 tupregs[ttop].dttk_value = regs[rd];
5484 6075 tupregs[ttop++].dttk_size = 0;
5485 6076 break;
5486 6077
5487 6078 case DIF_OP_POPTS:
5488 6079 if (ttop != 0)
5489 6080 ttop--;
5490 6081 break;
5491 6082
5492 6083 case DIF_OP_FLUSHTS:
5493 6084 ttop = 0;
5494 6085 break;
5495 6086
5496 6087 case DIF_OP_LDGAA:
5497 6088 case DIF_OP_LDTAA: {
5498 6089 dtrace_dynvar_t *dvar;
5499 6090 dtrace_key_t *key = tupregs;
5500 6091 uint_t nkeys = ttop;
5501 6092
5502 6093 id = DIF_INSTR_VAR(instr);
5503 6094 ASSERT(id >= DIF_VAR_OTHER_UBASE);
5504 6095 id -= DIF_VAR_OTHER_UBASE;
5505 6096
5506 6097 key[nkeys].dttk_value = (uint64_t)id;
5507 6098 key[nkeys++].dttk_size = 0;
5508 6099
5509 6100 if (DIF_INSTR_OP(instr) == DIF_OP_LDTAA) {
5510 6101 DTRACE_TLS_THRKEY(key[nkeys].dttk_value);
5511 6102 key[nkeys++].dttk_size = 0;
5512 6103 v = &vstate->dtvs_tlocals[id];
5513 6104 } else {
5514 6105 v = &vstate->dtvs_globals[id]->dtsv_var;
5515 6106 }
5516 6107
5517 6108 dvar = dtrace_dynvar(dstate, nkeys, key,
5518 6109 v->dtdv_type.dtdt_size > sizeof (uint64_t) ?
5519 6110 v->dtdv_type.dtdt_size : sizeof (uint64_t),
5520 6111 DTRACE_DYNVAR_NOALLOC, mstate, vstate);
5521 6112
5522 6113 if (dvar == NULL) {
5523 6114 regs[rd] = 0;
5524 6115 break;
5525 6116 }
5526 6117
5527 6118 if (v->dtdv_type.dtdt_flags & DIF_TF_BYREF) {
5528 6119 regs[rd] = (uint64_t)(uintptr_t)dvar->dtdv_data;
5529 6120 } else {
5530 6121 regs[rd] = *((uint64_t *)dvar->dtdv_data);
5531 6122 }
5532 6123
5533 6124 break;
5534 6125 }
5535 6126
5536 6127 case DIF_OP_STGAA:
5537 6128 case DIF_OP_STTAA: {
5538 6129 dtrace_dynvar_t *dvar;
5539 6130 dtrace_key_t *key = tupregs;
5540 6131 uint_t nkeys = ttop;
5541 6132
5542 6133 id = DIF_INSTR_VAR(instr);
5543 6134 ASSERT(id >= DIF_VAR_OTHER_UBASE);
5544 6135 id -= DIF_VAR_OTHER_UBASE;
5545 6136
5546 6137 key[nkeys].dttk_value = (uint64_t)id;
5547 6138 key[nkeys++].dttk_size = 0;
5548 6139
5549 6140 if (DIF_INSTR_OP(instr) == DIF_OP_STTAA) {
5550 6141 DTRACE_TLS_THRKEY(key[nkeys].dttk_value);
5551 6142 key[nkeys++].dttk_size = 0;
5552 6143 v = &vstate->dtvs_tlocals[id];
5553 6144 } else {
5554 6145 v = &vstate->dtvs_globals[id]->dtsv_var;
5555 6146 }
5556 6147
5557 6148 dvar = dtrace_dynvar(dstate, nkeys, key,
5558 6149 v->dtdv_type.dtdt_size > sizeof (uint64_t) ?
5559 6150 v->dtdv_type.dtdt_size : sizeof (uint64_t),
5560 6151 regs[rd] ? DTRACE_DYNVAR_ALLOC :
5561 6152 DTRACE_DYNVAR_DEALLOC, mstate, vstate);
5562 6153
5563 6154 if (dvar == NULL)
5564 6155 break;
5565 6156
5566 6157 if (v->dtdv_type.dtdt_flags & DIF_TF_BYREF) {
5567 6158 if (!dtrace_vcanload(
5568 6159 (void *)(uintptr_t)regs[rd], &v->dtdv_type,
5569 6160 mstate, vstate))
5570 6161 break;
5571 6162
5572 6163 dtrace_vcopy((void *)(uintptr_t)regs[rd],
5573 6164 dvar->dtdv_data, &v->dtdv_type);
5574 6165 } else {
5575 6166 *((uint64_t *)dvar->dtdv_data) = regs[rd];
5576 6167 }
5577 6168
5578 6169 break;
5579 6170 }
5580 6171
5581 6172 case DIF_OP_ALLOCS: {
5582 6173 uintptr_t ptr = P2ROUNDUP(mstate->dtms_scratch_ptr, 8);
5583 6174 size_t size = ptr - mstate->dtms_scratch_ptr + regs[r1];
5584 6175
5585 6176 /*
5586 6177 * Rounding up the user allocation size could have
5587 6178 * overflowed large, bogus allocations (like -1ULL) to
5588 6179 * 0.
5589 6180 */
5590 6181 if (size < regs[r1] ||
5591 6182 !DTRACE_INSCRATCH(mstate, size)) {
5592 6183 DTRACE_CPUFLAG_SET(CPU_DTRACE_NOSCRATCH);
5593 6184 regs[rd] = NULL;
5594 6185 break;
5595 6186 }
5596 6187
5597 6188 dtrace_bzero((void *) mstate->dtms_scratch_ptr, size);
5598 6189 mstate->dtms_scratch_ptr += size;
5599 6190 regs[rd] = ptr;
5600 6191 break;
5601 6192 }
5602 6193
5603 6194 case DIF_OP_COPYS:
5604 6195 if (!dtrace_canstore(regs[rd], regs[r2],
5605 6196 mstate, vstate)) {
5606 6197 *flags |= CPU_DTRACE_BADADDR;
5607 6198 *illval = regs[rd];
5608 6199 break;
5609 6200 }
5610 6201
5611 6202 if (!dtrace_canload(regs[r1], regs[r2], mstate, vstate))
5612 6203 break;
5613 6204
5614 6205 dtrace_bcopy((void *)(uintptr_t)regs[r1],
5615 6206 (void *)(uintptr_t)regs[rd], (size_t)regs[r2]);
5616 6207 break;
5617 6208
5618 6209 case DIF_OP_STB:
5619 6210 if (!dtrace_canstore(regs[rd], 1, mstate, vstate)) {
5620 6211 *flags |= CPU_DTRACE_BADADDR;
5621 6212 *illval = regs[rd];
5622 6213 break;
5623 6214 }
5624 6215 *((uint8_t *)(uintptr_t)regs[rd]) = (uint8_t)regs[r1];
5625 6216 break;
5626 6217
5627 6218 case DIF_OP_STH:
5628 6219 if (!dtrace_canstore(regs[rd], 2, mstate, vstate)) {
5629 6220 *flags |= CPU_DTRACE_BADADDR;
5630 6221 *illval = regs[rd];
5631 6222 break;
5632 6223 }
5633 6224 if (regs[rd] & 1) {
5634 6225 *flags |= CPU_DTRACE_BADALIGN;
5635 6226 *illval = regs[rd];
5636 6227 break;
5637 6228 }
5638 6229 *((uint16_t *)(uintptr_t)regs[rd]) = (uint16_t)regs[r1];
5639 6230 break;
5640 6231
5641 6232 case DIF_OP_STW:
5642 6233 if (!dtrace_canstore(regs[rd], 4, mstate, vstate)) {
5643 6234 *flags |= CPU_DTRACE_BADADDR;
5644 6235 *illval = regs[rd];
5645 6236 break;
5646 6237 }
5647 6238 if (regs[rd] & 3) {
5648 6239 *flags |= CPU_DTRACE_BADALIGN;
5649 6240 *illval = regs[rd];
5650 6241 break;
5651 6242 }
5652 6243 *((uint32_t *)(uintptr_t)regs[rd]) = (uint32_t)regs[r1];
5653 6244 break;
5654 6245
5655 6246 case DIF_OP_STX:
5656 6247 if (!dtrace_canstore(regs[rd], 8, mstate, vstate)) {
5657 6248 *flags |= CPU_DTRACE_BADADDR;
5658 6249 *illval = regs[rd];
5659 6250 break;
5660 6251 }
5661 6252 if (regs[rd] & 7) {
5662 6253 *flags |= CPU_DTRACE_BADALIGN;
5663 6254 *illval = regs[rd];
5664 6255 break;
5665 6256 }
5666 6257 *((uint64_t *)(uintptr_t)regs[rd]) = regs[r1];
5667 6258 break;
5668 6259 }
5669 6260 }
5670 6261
5671 6262 if (!(*flags & CPU_DTRACE_FAULT))
5672 6263 return (rval);
5673 6264
5674 6265 mstate->dtms_fltoffs = opc * sizeof (dif_instr_t);
5675 6266 mstate->dtms_present |= DTRACE_MSTATE_FLTOFFS;
5676 6267
5677 6268 return (0);
5678 6269 }
5679 6270
5680 6271 static void
5681 6272 dtrace_action_breakpoint(dtrace_ecb_t *ecb)
5682 6273 {
5683 6274 dtrace_probe_t *probe = ecb->dte_probe;
5684 6275 dtrace_provider_t *prov = probe->dtpr_provider;
5685 6276 char c[DTRACE_FULLNAMELEN + 80], *str;
5686 6277 char *msg = "dtrace: breakpoint action at probe ";
5687 6278 char *ecbmsg = " (ecb ";
5688 6279 uintptr_t mask = (0xf << (sizeof (uintptr_t) * NBBY / 4));
5689 6280 uintptr_t val = (uintptr_t)ecb;
5690 6281 int shift = (sizeof (uintptr_t) * NBBY) - 4, i = 0;
5691 6282
5692 6283 if (dtrace_destructive_disallow)
5693 6284 return;
5694 6285
5695 6286 /*
5696 6287 * It's impossible to be taking action on the NULL probe.
5697 6288 */
5698 6289 ASSERT(probe != NULL);
5699 6290
5700 6291 /*
5701 6292 * This is a poor man's (destitute man's?) sprintf(): we want to
5702 6293 * print the provider name, module name, function name and name of
5703 6294 * the probe, along with the hex address of the ECB with the breakpoint
5704 6295 * action -- all of which we must place in the character buffer by
5705 6296 * hand.
5706 6297 */
5707 6298 while (*msg != '\0')
5708 6299 c[i++] = *msg++;
5709 6300
5710 6301 for (str = prov->dtpv_name; *str != '\0'; str++)
5711 6302 c[i++] = *str;
5712 6303 c[i++] = ':';
5713 6304
5714 6305 for (str = probe->dtpr_mod; *str != '\0'; str++)
5715 6306 c[i++] = *str;
5716 6307 c[i++] = ':';
5717 6308
5718 6309 for (str = probe->dtpr_func; *str != '\0'; str++)
5719 6310 c[i++] = *str;
5720 6311 c[i++] = ':';
5721 6312
5722 6313 for (str = probe->dtpr_name; *str != '\0'; str++)
5723 6314 c[i++] = *str;
5724 6315
5725 6316 while (*ecbmsg != '\0')
5726 6317 c[i++] = *ecbmsg++;
5727 6318
5728 6319 while (shift >= 0) {
5729 6320 mask = (uintptr_t)0xf << shift;
5730 6321
5731 6322 if (val >= ((uintptr_t)1 << shift))
5732 6323 c[i++] = "0123456789abcdef"[(val & mask) >> shift];
5733 6324 shift -= 4;
5734 6325 }
5735 6326
5736 6327 c[i++] = ')';
5737 6328 c[i] = '\0';
5738 6329
5739 6330 debug_enter(c);
5740 6331 }
5741 6332
5742 6333 static void
5743 6334 dtrace_action_panic(dtrace_ecb_t *ecb)
5744 6335 {
5745 6336 dtrace_probe_t *probe = ecb->dte_probe;
5746 6337
5747 6338 /*
5748 6339 * It's impossible to be taking action on the NULL probe.
5749 6340 */
5750 6341 ASSERT(probe != NULL);
5751 6342
5752 6343 if (dtrace_destructive_disallow)
5753 6344 return;
5754 6345
5755 6346 if (dtrace_panicked != NULL)
5756 6347 return;
5757 6348
5758 6349 if (dtrace_casptr(&dtrace_panicked, NULL, curthread) != NULL)
5759 6350 return;
5760 6351
5761 6352 /*
5762 6353 * We won the right to panic. (We want to be sure that only one
5763 6354 * thread calls panic() from dtrace_probe(), and that panic() is
5764 6355 * called exactly once.)
5765 6356 */
5766 6357 dtrace_panic("dtrace: panic action at probe %s:%s:%s:%s (ecb %p)",
5767 6358 probe->dtpr_provider->dtpv_name, probe->dtpr_mod,
5768 6359 probe->dtpr_func, probe->dtpr_name, (void *)ecb);
5769 6360 }
5770 6361
5771 6362 static void
5772 6363 dtrace_action_raise(uint64_t sig)
5773 6364 {
5774 6365 if (dtrace_destructive_disallow)
5775 6366 return;
5776 6367
5777 6368 if (sig >= NSIG) {
5778 6369 DTRACE_CPUFLAG_SET(CPU_DTRACE_ILLOP);
5779 6370 return;
5780 6371 }
5781 6372
5782 6373 /*
5783 6374 * raise() has a queue depth of 1 -- we ignore all subsequent
5784 6375 * invocations of the raise() action.
5785 6376 */
5786 6377 if (curthread->t_dtrace_sig == 0)
5787 6378 curthread->t_dtrace_sig = (uint8_t)sig;
5788 6379
5789 6380 curthread->t_sig_check = 1;
5790 6381 aston(curthread);
5791 6382 }
5792 6383
5793 6384 static void
5794 6385 dtrace_action_stop(void)
5795 6386 {
5796 6387 if (dtrace_destructive_disallow)
5797 6388 return;
5798 6389
5799 6390 if (!curthread->t_dtrace_stop) {
5800 6391 curthread->t_dtrace_stop = 1;
5801 6392 curthread->t_sig_check = 1;
5802 6393 aston(curthread);
5803 6394 }
5804 6395 }
5805 6396
5806 6397 static void
5807 6398 dtrace_action_chill(dtrace_mstate_t *mstate, hrtime_t val)
5808 6399 {
5809 6400 hrtime_t now;
5810 6401 volatile uint16_t *flags;
5811 6402 cpu_t *cpu = CPU;
5812 6403
5813 6404 if (dtrace_destructive_disallow)
5814 6405 return;
5815 6406
5816 6407 flags = (volatile uint16_t *)&cpu_core[cpu->cpu_id].cpuc_dtrace_flags;
5817 6408
5818 6409 now = dtrace_gethrtime();
5819 6410
5820 6411 if (now - cpu->cpu_dtrace_chillmark > dtrace_chill_interval) {
5821 6412 /*
5822 6413 * We need to advance the mark to the current time.
5823 6414 */
5824 6415 cpu->cpu_dtrace_chillmark = now;
5825 6416 cpu->cpu_dtrace_chilled = 0;
5826 6417 }
5827 6418
5828 6419 /*
5829 6420 * Now check to see if the requested chill time would take us over
5830 6421 * the maximum amount of time allowed in the chill interval. (Or
5831 6422 * worse, if the calculation itself induces overflow.)
5832 6423 */
5833 6424 if (cpu->cpu_dtrace_chilled + val > dtrace_chill_max ||
5834 6425 cpu->cpu_dtrace_chilled + val < cpu->cpu_dtrace_chilled) {
5835 6426 *flags |= CPU_DTRACE_ILLOP;
5836 6427 return;
5837 6428 }
5838 6429
5839 6430 while (dtrace_gethrtime() - now < val)
5840 6431 continue;
5841 6432
5842 6433 /*
5843 6434 * Normally, we assure that the value of the variable "timestamp" does
5844 6435 * not change within an ECB. The presence of chill() represents an
5845 6436 * exception to this rule, however.
5846 6437 */
5847 6438 mstate->dtms_present &= ~DTRACE_MSTATE_TIMESTAMP;
5848 6439 cpu->cpu_dtrace_chilled += val;
5849 6440 }
5850 6441
5851 6442 static void
5852 6443 dtrace_action_ustack(dtrace_mstate_t *mstate, dtrace_state_t *state,
5853 6444 uint64_t *buf, uint64_t arg)
5854 6445 {
5855 6446 int nframes = DTRACE_USTACK_NFRAMES(arg);
5856 6447 int strsize = DTRACE_USTACK_STRSIZE(arg);
5857 6448 uint64_t *pcs = &buf[1], *fps;
5858 6449 char *str = (char *)&pcs[nframes];
5859 6450 int size, offs = 0, i, j;
5860 6451 uintptr_t old = mstate->dtms_scratch_ptr, saved;
5861 6452 uint16_t *flags = &cpu_core[CPU->cpu_id].cpuc_dtrace_flags;
5862 6453 char *sym;
5863 6454
5864 6455 /*
5865 6456 * Should be taking a faster path if string space has not been
5866 6457 * allocated.
5867 6458 */
5868 6459 ASSERT(strsize != 0);
5869 6460
5870 6461 /*
5871 6462 * We will first allocate some temporary space for the frame pointers.
5872 6463 */
5873 6464 fps = (uint64_t *)P2ROUNDUP(mstate->dtms_scratch_ptr, 8);
5874 6465 size = (uintptr_t)fps - mstate->dtms_scratch_ptr +
5875 6466 (nframes * sizeof (uint64_t));
5876 6467
5877 6468 if (!DTRACE_INSCRATCH(mstate, size)) {
5878 6469 /*
5879 6470 * Not enough room for our frame pointers -- need to indicate
5880 6471 * that we ran out of scratch space.
5881 6472 */
5882 6473 DTRACE_CPUFLAG_SET(CPU_DTRACE_NOSCRATCH);
5883 6474 return;
5884 6475 }
5885 6476
5886 6477 mstate->dtms_scratch_ptr += size;
5887 6478 saved = mstate->dtms_scratch_ptr;
5888 6479
5889 6480 /*
5890 6481 * Now get a stack with both program counters and frame pointers.
5891 6482 */
5892 6483 DTRACE_CPUFLAG_SET(CPU_DTRACE_NOFAULT);
5893 6484 dtrace_getufpstack(buf, fps, nframes + 1);
5894 6485 DTRACE_CPUFLAG_CLEAR(CPU_DTRACE_NOFAULT);
5895 6486
5896 6487 /*
5897 6488 * If that faulted, we're cooked.
5898 6489 */
5899 6490 if (*flags & CPU_DTRACE_FAULT)
5900 6491 goto out;
5901 6492
5902 6493 /*
5903 6494 * Now we want to walk up the stack, calling the USTACK helper. For
5904 6495 * each iteration, we restore the scratch pointer.
5905 6496 */
5906 6497 for (i = 0; i < nframes; i++) {
5907 6498 mstate->dtms_scratch_ptr = saved;
5908 6499
5909 6500 if (offs >= strsize)
5910 6501 break;
5911 6502
5912 6503 sym = (char *)(uintptr_t)dtrace_helper(
5913 6504 DTRACE_HELPER_ACTION_USTACK,
5914 6505 mstate, state, pcs[i], fps[i]);
5915 6506
5916 6507 /*
5917 6508 * If we faulted while running the helper, we're going to
5918 6509 * clear the fault and null out the corresponding string.
5919 6510 */
5920 6511 if (*flags & CPU_DTRACE_FAULT) {
5921 6512 *flags &= ~CPU_DTRACE_FAULT;
5922 6513 str[offs++] = '\0';
5923 6514 continue;
5924 6515 }
5925 6516
5926 6517 if (sym == NULL) {
5927 6518 str[offs++] = '\0';
5928 6519 continue;
5929 6520 }
5930 6521
5931 6522 DTRACE_CPUFLAG_SET(CPU_DTRACE_NOFAULT);
5932 6523
5933 6524 /*
5934 6525 * Now copy in the string that the helper returned to us.
5935 6526 */
5936 6527 for (j = 0; offs + j < strsize; j++) {
5937 6528 if ((str[offs + j] = sym[j]) == '\0')
5938 6529 break;
5939 6530 }
5940 6531
5941 6532 DTRACE_CPUFLAG_CLEAR(CPU_DTRACE_NOFAULT);
5942 6533
5943 6534 offs += j + 1;
5944 6535 }
5945 6536
5946 6537 if (offs >= strsize) {
5947 6538 /*
5948 6539 * If we didn't have room for all of the strings, we don't
5949 6540 * abort processing -- this needn't be a fatal error -- but we
5950 6541 * still want to increment a counter (dts_stkstroverflows) to
5951 6542 * allow this condition to be warned about. (If this is from
5952 6543 * a jstack() action, it is easily tuned via jstackstrsize.)
5953 6544 */
5954 6545 dtrace_error(&state->dts_stkstroverflows);
5955 6546 }
5956 6547
5957 6548 while (offs < strsize)
5958 6549 str[offs++] = '\0';
5959 6550
5960 6551 out:
5961 6552 mstate->dtms_scratch_ptr = old;
5962 6553 }
5963 6554
5964 6555 /*
5965 6556 * If you're looking for the epicenter of DTrace, you just found it. This
5966 6557 * is the function called by the provider to fire a probe -- from which all
5967 6558 * subsequent probe-context DTrace activity emanates.
5968 6559 */
5969 6560 void
5970 6561 dtrace_probe(dtrace_id_t id, uintptr_t arg0, uintptr_t arg1,
5971 6562 uintptr_t arg2, uintptr_t arg3, uintptr_t arg4)
5972 6563 {
5973 6564 processorid_t cpuid;
5974 6565 dtrace_icookie_t cookie;
5975 6566 dtrace_probe_t *probe;
5976 6567 dtrace_mstate_t mstate;
5977 6568 dtrace_ecb_t *ecb;
5978 6569 dtrace_action_t *act;
5979 6570 intptr_t offs;
5980 6571 size_t size;
5981 6572 int vtime, onintr;
5982 6573 volatile uint16_t *flags;
5983 6574 hrtime_t now, end;
5984 6575
5985 6576 /*
5986 6577 * Kick out immediately if this CPU is still being born (in which case
5987 6578 * curthread will be set to -1) or the current thread can't allow
5988 6579 * probes in its current context.
5989 6580 */
5990 6581 if (((uintptr_t)curthread & 1) || (curthread->t_flag & T_DONTDTRACE))
5991 6582 return;
5992 6583
5993 6584 cookie = dtrace_interrupt_disable();
5994 6585 probe = dtrace_probes[id - 1];
5995 6586 cpuid = CPU->cpu_id;
5996 6587 onintr = CPU_ON_INTR(CPU);
5997 6588
5998 6589 CPU->cpu_dtrace_probes++;
5999 6590
6000 6591 if (!onintr && probe->dtpr_predcache != DTRACE_CACHEIDNONE &&
6001 6592 probe->dtpr_predcache == curthread->t_predcache) {
6002 6593 /*
6003 6594 * We have hit in the predicate cache; we know that
6004 6595 * this predicate would evaluate to be false.
6005 6596 */
6006 6597 dtrace_interrupt_enable(cookie);
6007 6598 return;
6008 6599 }
6009 6600
6010 6601 if (panic_quiesce) {
6011 6602 /*
6012 6603 * We don't trace anything if we're panicking.
6013 6604 */
6014 6605 dtrace_interrupt_enable(cookie);
6015 6606 return;
6016 6607 }
6017 6608
6018 6609 now = dtrace_gethrtime();
6019 6610 vtime = dtrace_vtime_references != 0;
6020 6611
6021 6612 if (vtime && curthread->t_dtrace_start)
6022 6613 curthread->t_dtrace_vtime += now - curthread->t_dtrace_start;
6023 6614
6024 6615 mstate.dtms_difo = NULL;
6025 6616 mstate.dtms_probe = probe;
6026 6617 mstate.dtms_strtok = NULL;
6027 6618 mstate.dtms_arg[0] = arg0;
6028 6619 mstate.dtms_arg[1] = arg1;
6029 6620 mstate.dtms_arg[2] = arg2;
6030 6621 mstate.dtms_arg[3] = arg3;
6031 6622 mstate.dtms_arg[4] = arg4;
6032 6623
6033 6624 flags = (volatile uint16_t *)&cpu_core[cpuid].cpuc_dtrace_flags;
6034 6625
6035 6626 for (ecb = probe->dtpr_ecb; ecb != NULL; ecb = ecb->dte_next) {
6036 6627 dtrace_predicate_t *pred = ecb->dte_predicate;
6037 6628 dtrace_state_t *state = ecb->dte_state;
6038 6629 dtrace_buffer_t *buf = &state->dts_buffer[cpuid];
6039 6630 dtrace_buffer_t *aggbuf = &state->dts_aggbuffer[cpuid];
6040 6631 dtrace_vstate_t *vstate = &state->dts_vstate;
6041 6632 dtrace_provider_t *prov = probe->dtpr_provider;
6042 6633 uint64_t tracememsize = 0;
6043 6634 int committed = 0;
6044 6635 caddr_t tomax;
6045 6636
6046 6637 /*
6047 6638 * A little subtlety with the following (seemingly innocuous)
6048 6639 * declaration of the automatic 'val': by looking at the
6049 6640 * code, you might think that it could be declared in the
6050 6641 * action processing loop, below. (That is, it's only used in
6051 6642 * the action processing loop.) However, it must be declared
6052 6643 * out of that scope because in the case of DIF expression
6053 6644 * arguments to aggregating actions, one iteration of the
6054 6645 * action loop will use the last iteration's value.
6055 6646 */
6056 6647 #ifdef lint
6057 6648 uint64_t val = 0;
6058 6649 #else
6059 6650 uint64_t val;
6060 6651 #endif
6061 6652
6062 6653 mstate.dtms_present = DTRACE_MSTATE_ARGS | DTRACE_MSTATE_PROBE;
6063 6654 mstate.dtms_access = DTRACE_ACCESS_ARGS | DTRACE_ACCESS_PROC;
6064 6655 mstate.dtms_getf = NULL;
6065 6656
6066 6657 *flags &= ~CPU_DTRACE_ERROR;
6067 6658
6068 6659 if (prov == dtrace_provider) {
6069 6660 /*
6070 6661 * If dtrace itself is the provider of this probe,
6071 6662 * we're only going to continue processing the ECB if
6072 6663 * arg0 (the dtrace_state_t) is equal to the ECB's
6073 6664 * creating state. (This prevents disjoint consumers
6074 6665 * from seeing one another's metaprobes.)
6075 6666 */
6076 6667 if (arg0 != (uint64_t)(uintptr_t)state)
6077 6668 continue;
6078 6669 }
6079 6670
6080 6671 if (state->dts_activity != DTRACE_ACTIVITY_ACTIVE) {
6081 6672 /*
6082 6673 * We're not currently active. If our provider isn't
6083 6674 * the dtrace pseudo provider, we're not interested.
6084 6675 */
6085 6676 if (prov != dtrace_provider)
6086 6677 continue;
6087 6678
6088 6679 /*
6089 6680 * Now we must further check if we are in the BEGIN
6090 6681 * probe. If we are, we will only continue processing
6091 6682 * if we're still in WARMUP -- if one BEGIN enabling
6092 6683 * has invoked the exit() action, we don't want to
6093 6684 * evaluate subsequent BEGIN enablings.
6094 6685 */
6095 6686 if (probe->dtpr_id == dtrace_probeid_begin &&
6096 6687 state->dts_activity != DTRACE_ACTIVITY_WARMUP) {
6097 6688 ASSERT(state->dts_activity ==
6098 6689 DTRACE_ACTIVITY_DRAINING);
6099 6690 continue;
6100 6691 }
6101 6692 }
6102 6693
6103 6694 if (ecb->dte_cond && !dtrace_priv_probe(state, &mstate, ecb))
6104 6695 continue;
6105 6696
6106 6697 if (now - state->dts_alive > dtrace_deadman_timeout) {
6107 6698 /*
6108 6699 * We seem to be dead. Unless we (a) have kernel
6109 6700 * destructive permissions (b) have explicitly enabled
6110 6701 * destructive actions and (c) destructive actions have
6111 6702 * not been disabled, we're going to transition into
6112 6703 * the KILLED state, from which no further processing
6113 6704 * on this state will be performed.
6114 6705 */
6115 6706 if (!dtrace_priv_kernel_destructive(state) ||
6116 6707 !state->dts_cred.dcr_destructive ||
6117 6708 dtrace_destructive_disallow) {
6118 6709 void *activity = &state->dts_activity;
6119 6710 dtrace_activity_t current;
6120 6711
6121 6712 do {
6122 6713 current = state->dts_activity;
6123 6714 } while (dtrace_cas32(activity, current,
6124 6715 DTRACE_ACTIVITY_KILLED) != current);
6125 6716
6126 6717 continue;
6127 6718 }
6128 6719 }
6129 6720
6130 6721 if ((offs = dtrace_buffer_reserve(buf, ecb->dte_needed,
6131 6722 ecb->dte_alignment, state, &mstate)) < 0)
6132 6723 continue;
6133 6724
6134 6725 tomax = buf->dtb_tomax;
6135 6726 ASSERT(tomax != NULL);
6136 6727
6137 6728 if (ecb->dte_size != 0) {
6138 6729 dtrace_rechdr_t dtrh;
6139 6730 if (!(mstate.dtms_present & DTRACE_MSTATE_TIMESTAMP)) {
6140 6731 mstate.dtms_timestamp = dtrace_gethrtime();
6141 6732 mstate.dtms_present |= DTRACE_MSTATE_TIMESTAMP;
6142 6733 }
6143 6734 ASSERT3U(ecb->dte_size, >=, sizeof (dtrace_rechdr_t));
6144 6735 dtrh.dtrh_epid = ecb->dte_epid;
6145 6736 DTRACE_RECORD_STORE_TIMESTAMP(&dtrh,
6146 6737 mstate.dtms_timestamp);
6147 6738 *((dtrace_rechdr_t *)(tomax + offs)) = dtrh;
6148 6739 }
6149 6740
6150 6741 mstate.dtms_epid = ecb->dte_epid;
6151 6742 mstate.dtms_present |= DTRACE_MSTATE_EPID;
6152 6743
6153 6744 if (state->dts_cred.dcr_visible & DTRACE_CRV_KERNEL)
6154 6745 mstate.dtms_access |= DTRACE_ACCESS_KERNEL;
6155 6746
6156 6747 if (pred != NULL) {
6157 6748 dtrace_difo_t *dp = pred->dtp_difo;
6158 6749 int rval;
6159 6750
6160 6751 rval = dtrace_dif_emulate(dp, &mstate, vstate, state);
6161 6752
6162 6753 if (!(*flags & CPU_DTRACE_ERROR) && !rval) {
6163 6754 dtrace_cacheid_t cid = probe->dtpr_predcache;
6164 6755
6165 6756 if (cid != DTRACE_CACHEIDNONE && !onintr) {
6166 6757 /*
6167 6758 * Update the predicate cache...
6168 6759 */
6169 6760 ASSERT(cid == pred->dtp_cacheid);
6170 6761 curthread->t_predcache = cid;
6171 6762 }
6172 6763
6173 6764 continue;
6174 6765 }
6175 6766 }
6176 6767
6177 6768 for (act = ecb->dte_action; !(*flags & CPU_DTRACE_ERROR) &&
6178 6769 act != NULL; act = act->dta_next) {
6179 6770 size_t valoffs;
6180 6771 dtrace_difo_t *dp;
6181 6772 dtrace_recdesc_t *rec = &act->dta_rec;
6182 6773
6183 6774 size = rec->dtrd_size;
6184 6775 valoffs = offs + rec->dtrd_offset;
6185 6776
6186 6777 if (DTRACEACT_ISAGG(act->dta_kind)) {
6187 6778 uint64_t v = 0xbad;
6188 6779 dtrace_aggregation_t *agg;
6189 6780
6190 6781 agg = (dtrace_aggregation_t *)act;
6191 6782
6192 6783 if ((dp = act->dta_difo) != NULL)
6193 6784 v = dtrace_dif_emulate(dp,
6194 6785 &mstate, vstate, state);
6195 6786
6196 6787 if (*flags & CPU_DTRACE_ERROR)
6197 6788 continue;
6198 6789
6199 6790 /*
6200 6791 * Note that we always pass the expression
6201 6792 * value from the previous iteration of the
6202 6793 * action loop. This value will only be used
6203 6794 * if there is an expression argument to the
6204 6795 * aggregating action, denoted by the
6205 6796 * dtag_hasarg field.
6206 6797 */
6207 6798 dtrace_aggregate(agg, buf,
6208 6799 offs, aggbuf, v, val);
6209 6800 continue;
6210 6801 }
6211 6802
6212 6803 switch (act->dta_kind) {
6213 6804 case DTRACEACT_STOP:
6214 6805 if (dtrace_priv_proc_destructive(state,
6215 6806 &mstate))
6216 6807 dtrace_action_stop();
6217 6808 continue;
6218 6809
6219 6810 case DTRACEACT_BREAKPOINT:
6220 6811 if (dtrace_priv_kernel_destructive(state))
6221 6812 dtrace_action_breakpoint(ecb);
6222 6813 continue;
6223 6814
6224 6815 case DTRACEACT_PANIC:
6225 6816 if (dtrace_priv_kernel_destructive(state))
6226 6817 dtrace_action_panic(ecb);
6227 6818 continue;
6228 6819
6229 6820 case DTRACEACT_STACK:
6230 6821 if (!dtrace_priv_kernel(state))
6231 6822 continue;
6232 6823
6233 6824 dtrace_getpcstack((pc_t *)(tomax + valoffs),
6234 6825 size / sizeof (pc_t), probe->dtpr_aframes,
6235 6826 DTRACE_ANCHORED(probe) ? NULL :
6236 6827 (uint32_t *)arg0);
6237 6828
6238 6829 continue;
6239 6830
6240 6831 case DTRACEACT_JSTACK:
6241 6832 case DTRACEACT_USTACK:
6242 6833 if (!dtrace_priv_proc(state, &mstate))
6243 6834 continue;
6244 6835
6245 6836 /*
6246 6837 * See comment in DIF_VAR_PID.
6247 6838 */
6248 6839 if (DTRACE_ANCHORED(mstate.dtms_probe) &&
6249 6840 CPU_ON_INTR(CPU)) {
6250 6841 int depth = DTRACE_USTACK_NFRAMES(
6251 6842 rec->dtrd_arg) + 1;
6252 6843
6253 6844 dtrace_bzero((void *)(tomax + valoffs),
6254 6845 DTRACE_USTACK_STRSIZE(rec->dtrd_arg)
6255 6846 + depth * sizeof (uint64_t));
6256 6847
6257 6848 continue;
6258 6849 }
6259 6850
6260 6851 if (DTRACE_USTACK_STRSIZE(rec->dtrd_arg) != 0 &&
6261 6852 curproc->p_dtrace_helpers != NULL) {
6262 6853 /*
6263 6854 * This is the slow path -- we have
6264 6855 * allocated string space, and we're
6265 6856 * getting the stack of a process that
6266 6857 * has helpers. Call into a separate
6267 6858 * routine to perform this processing.
6268 6859 */
6269 6860 dtrace_action_ustack(&mstate, state,
6270 6861 (uint64_t *)(tomax + valoffs),
6271 6862 rec->dtrd_arg);
6272 6863 continue;
6273 6864 }
6274 6865
6275 6866 /*
6276 6867 * Clear the string space, since there's no
6277 6868 * helper to do it for us.
6278 6869 */
6279 6870 if (DTRACE_USTACK_STRSIZE(rec->dtrd_arg) != 0) {
6280 6871 int depth = DTRACE_USTACK_NFRAMES(
6281 6872 rec->dtrd_arg);
6282 6873 size_t strsize = DTRACE_USTACK_STRSIZE(
6283 6874 rec->dtrd_arg);
6284 6875 uint64_t *buf = (uint64_t *)(tomax +
6285 6876 valoffs);
6286 6877 void *strspace = &buf[depth + 1];
6287 6878
6288 6879 dtrace_bzero(strspace,
6289 6880 MIN(depth, strsize));
6290 6881 }
6291 6882
6292 6883 DTRACE_CPUFLAG_SET(CPU_DTRACE_NOFAULT);
6293 6884 dtrace_getupcstack((uint64_t *)
6294 6885 (tomax + valoffs),
6295 6886 DTRACE_USTACK_NFRAMES(rec->dtrd_arg) + 1);
6296 6887 DTRACE_CPUFLAG_CLEAR(CPU_DTRACE_NOFAULT);
6297 6888 continue;
6298 6889
6299 6890 default:
6300 6891 break;
6301 6892 }
6302 6893
6303 6894 dp = act->dta_difo;
6304 6895 ASSERT(dp != NULL);
6305 6896
6306 6897 val = dtrace_dif_emulate(dp, &mstate, vstate, state);
6307 6898
6308 6899 if (*flags & CPU_DTRACE_ERROR)
6309 6900 continue;
6310 6901
6311 6902 switch (act->dta_kind) {
6312 6903 case DTRACEACT_SPECULATE: {
6313 6904 dtrace_rechdr_t *dtrh;
6314 6905
6315 6906 ASSERT(buf == &state->dts_buffer[cpuid]);
6316 6907 buf = dtrace_speculation_buffer(state,
6317 6908 cpuid, val);
6318 6909
6319 6910 if (buf == NULL) {
6320 6911 *flags |= CPU_DTRACE_DROP;
6321 6912 continue;
6322 6913 }
6323 6914
6324 6915 offs = dtrace_buffer_reserve(buf,
6325 6916 ecb->dte_needed, ecb->dte_alignment,
6326 6917 state, NULL);
6327 6918
6328 6919 if (offs < 0) {
6329 6920 *flags |= CPU_DTRACE_DROP;
6330 6921 continue;
6331 6922 }
6332 6923
6333 6924 tomax = buf->dtb_tomax;
6334 6925 ASSERT(tomax != NULL);
6335 6926
6336 6927 if (ecb->dte_size == 0)
6337 6928 continue;
6338 6929
6339 6930 ASSERT3U(ecb->dte_size, >=,
6340 6931 sizeof (dtrace_rechdr_t));
6341 6932 dtrh = ((void *)(tomax + offs));
6342 6933 dtrh->dtrh_epid = ecb->dte_epid;
6343 6934 /*
6344 6935 * When the speculation is committed, all of
6345 6936 * the records in the speculative buffer will
6346 6937 * have their timestamps set to the commit
6347 6938 * time. Until then, it is set to a sentinel
6348 6939 * value, for debugability.
6349 6940 */
6350 6941 DTRACE_RECORD_STORE_TIMESTAMP(dtrh, UINT64_MAX);
6351 6942 continue;
6352 6943 }
6353 6944
6354 6945 case DTRACEACT_CHILL:
6355 6946 if (dtrace_priv_kernel_destructive(state))
6356 6947 dtrace_action_chill(&mstate, val);
6357 6948 continue;
6358 6949
6359 6950 case DTRACEACT_RAISE:
6360 6951 if (dtrace_priv_proc_destructive(state,
6361 6952 &mstate))
6362 6953 dtrace_action_raise(val);
6363 6954 continue;
6364 6955
6365 6956 case DTRACEACT_COMMIT:
6366 6957 ASSERT(!committed);
6367 6958
6368 6959 /*
6369 6960 * We need to commit our buffer state.
6370 6961 */
6371 6962 if (ecb->dte_size)
6372 6963 buf->dtb_offset = offs + ecb->dte_size;
6373 6964 buf = &state->dts_buffer[cpuid];
6374 6965 dtrace_speculation_commit(state, cpuid, val);
6375 6966 committed = 1;
6376 6967 continue;
6377 6968
6378 6969 case DTRACEACT_DISCARD:
6379 6970 dtrace_speculation_discard(state, cpuid, val);
6380 6971 continue;
6381 6972
6382 6973 case DTRACEACT_DIFEXPR:
6383 6974 case DTRACEACT_LIBACT:
6384 6975 case DTRACEACT_PRINTF:
6385 6976 case DTRACEACT_PRINTA:
6386 6977 case DTRACEACT_SYSTEM:
6387 6978 case DTRACEACT_FREOPEN:
6388 6979 case DTRACEACT_TRACEMEM:
6389 6980 break;
6390 6981
6391 6982 case DTRACEACT_TRACEMEM_DYNSIZE:
6392 6983 tracememsize = val;
6393 6984 break;
6394 6985
6395 6986 case DTRACEACT_SYM:
6396 6987 case DTRACEACT_MOD:
6397 6988 if (!dtrace_priv_kernel(state))
6398 6989 continue;
6399 6990 break;
6400 6991
6401 6992 case DTRACEACT_USYM:
6402 6993 case DTRACEACT_UMOD:
6403 6994 case DTRACEACT_UADDR: {
6404 6995 struct pid *pid = curthread->t_procp->p_pidp;
6405 6996
6406 6997 if (!dtrace_priv_proc(state, &mstate))
6407 6998 continue;
6408 6999
6409 7000 DTRACE_STORE(uint64_t, tomax,
6410 7001 valoffs, (uint64_t)pid->pid_id);
6411 7002 DTRACE_STORE(uint64_t, tomax,
6412 7003 valoffs + sizeof (uint64_t), val);
6413 7004
6414 7005 continue;
6415 7006 }
6416 7007
6417 7008 case DTRACEACT_EXIT: {
6418 7009 /*
6419 7010 * For the exit action, we are going to attempt
6420 7011 * to atomically set our activity to be
6421 7012 * draining. If this fails (either because
6422 7013 * another CPU has beat us to the exit action,
6423 7014 * or because our current activity is something
6424 7015 * other than ACTIVE or WARMUP), we will
6425 7016 * continue. This assures that the exit action
6426 7017 * can be successfully recorded at most once
6427 7018 * when we're in the ACTIVE state. If we're
6428 7019 * encountering the exit() action while in
6429 7020 * COOLDOWN, however, we want to honor the new
6430 7021 * status code. (We know that we're the only
6431 7022 * thread in COOLDOWN, so there is no race.)
6432 7023 */
6433 7024 void *activity = &state->dts_activity;
6434 7025 dtrace_activity_t current = state->dts_activity;
6435 7026
6436 7027 if (current == DTRACE_ACTIVITY_COOLDOWN)
6437 7028 break;
6438 7029
6439 7030 if (current != DTRACE_ACTIVITY_WARMUP)
6440 7031 current = DTRACE_ACTIVITY_ACTIVE;
6441 7032
6442 7033 if (dtrace_cas32(activity, current,
6443 7034 DTRACE_ACTIVITY_DRAINING) != current) {
6444 7035 *flags |= CPU_DTRACE_DROP;
6445 7036 continue;
6446 7037 }
6447 7038
6448 7039 break;
6449 7040 }
6450 7041
6451 7042 default:
6452 7043 ASSERT(0);
6453 7044 }
6454 7045
6455 7046 if (dp->dtdo_rtype.dtdt_flags & DIF_TF_BYREF) {
6456 7047 uintptr_t end = valoffs + size;
6457 7048
6458 7049 if (tracememsize != 0 &&
6459 7050 valoffs + tracememsize < end) {
6460 7051 end = valoffs + tracememsize;
6461 7052 tracememsize = 0;
6462 7053 }
6463 7054
6464 7055 if (!dtrace_vcanload((void *)(uintptr_t)val,
6465 7056 &dp->dtdo_rtype, &mstate, vstate))
6466 7057 continue;
6467 7058
6468 7059 /*
6469 7060 * If this is a string, we're going to only
6470 7061 * load until we find the zero byte -- after
6471 7062 * which we'll store zero bytes.
6472 7063 */
6473 7064 if (dp->dtdo_rtype.dtdt_kind ==
6474 7065 DIF_TYPE_STRING) {
6475 7066 char c = '\0' + 1;
6476 7067 int intuple = act->dta_intuple;
6477 7068 size_t s;
6478 7069
6479 7070 for (s = 0; s < size; s++) {
6480 7071 if (c != '\0')
6481 7072 c = dtrace_load8(val++);
6482 7073
6483 7074 DTRACE_STORE(uint8_t, tomax,
6484 7075 valoffs++, c);
6485 7076
6486 7077 if (c == '\0' && intuple)
6487 7078 break;
6488 7079 }
6489 7080
6490 7081 continue;
6491 7082 }
6492 7083
6493 7084 while (valoffs < end) {
6494 7085 DTRACE_STORE(uint8_t, tomax, valoffs++,
6495 7086 dtrace_load8(val++));
6496 7087 }
6497 7088
6498 7089 continue;
6499 7090 }
6500 7091
6501 7092 switch (size) {
6502 7093 case 0:
6503 7094 break;
6504 7095
6505 7096 case sizeof (uint8_t):
6506 7097 DTRACE_STORE(uint8_t, tomax, valoffs, val);
6507 7098 break;
6508 7099 case sizeof (uint16_t):
6509 7100 DTRACE_STORE(uint16_t, tomax, valoffs, val);
6510 7101 break;
6511 7102 case sizeof (uint32_t):
6512 7103 DTRACE_STORE(uint32_t, tomax, valoffs, val);
6513 7104 break;
6514 7105 case sizeof (uint64_t):
6515 7106 DTRACE_STORE(uint64_t, tomax, valoffs, val);
6516 7107 break;
6517 7108 default:
6518 7109 /*
6519 7110 * Any other size should have been returned by
6520 7111 * reference, not by value.
6521 7112 */
6522 7113 ASSERT(0);
6523 7114 break;
6524 7115 }
6525 7116 }
6526 7117
6527 7118 if (*flags & CPU_DTRACE_DROP)
6528 7119 continue;
6529 7120
6530 7121 if (*flags & CPU_DTRACE_FAULT) {
6531 7122 int ndx;
6532 7123 dtrace_action_t *err;
6533 7124
6534 7125 buf->dtb_errors++;
6535 7126
6536 7127 if (probe->dtpr_id == dtrace_probeid_error) {
6537 7128 /*
6538 7129 * There's nothing we can do -- we had an
6539 7130 * error on the error probe. We bump an
6540 7131 * error counter to at least indicate that
6541 7132 * this condition happened.
6542 7133 */
6543 7134 dtrace_error(&state->dts_dblerrors);
6544 7135 continue;
6545 7136 }
6546 7137
6547 7138 if (vtime) {
6548 7139 /*
6549 7140 * Before recursing on dtrace_probe(), we
6550 7141 * need to explicitly clear out our start
6551 7142 * time to prevent it from being accumulated
6552 7143 * into t_dtrace_vtime.
6553 7144 */
6554 7145 curthread->t_dtrace_start = 0;
6555 7146 }
6556 7147
6557 7148 /*
6558 7149 * Iterate over the actions to figure out which action
6559 7150 * we were processing when we experienced the error.
6560 7151 * Note that act points _past_ the faulting action; if
6561 7152 * act is ecb->dte_action, the fault was in the
6562 7153 * predicate, if it's ecb->dte_action->dta_next it's
6563 7154 * in action #1, and so on.
6564 7155 */
6565 7156 for (err = ecb->dte_action, ndx = 0;
6566 7157 err != act; err = err->dta_next, ndx++)
6567 7158 continue;
6568 7159
6569 7160 dtrace_probe_error(state, ecb->dte_epid, ndx,
6570 7161 (mstate.dtms_present & DTRACE_MSTATE_FLTOFFS) ?
6571 7162 mstate.dtms_fltoffs : -1, DTRACE_FLAGS2FLT(*flags),
6572 7163 cpu_core[cpuid].cpuc_dtrace_illval);
6573 7164
6574 7165 continue;
6575 7166 }
6576 7167
6577 7168 if (!committed)
6578 7169 buf->dtb_offset = offs + ecb->dte_size;
6579 7170 }
6580 7171
6581 7172 end = dtrace_gethrtime();
6582 7173 if (vtime)
6583 7174 curthread->t_dtrace_start = end;
6584 7175
6585 7176 CPU->cpu_dtrace_nsec += end - now;
6586 7177
6587 7178 dtrace_interrupt_enable(cookie);
6588 7179 }
6589 7180
6590 7181 /*
6591 7182 * DTrace Probe Hashing Functions
6592 7183 *
6593 7184 * The functions in this section (and indeed, the functions in remaining
6594 7185 * sections) are not _called_ from probe context. (Any exceptions to this are
6595 7186 * marked with a "Note:".) Rather, they are called from elsewhere in the
6596 7187 * DTrace framework to look-up probes in, add probes to and remove probes from
6597 7188 * the DTrace probe hashes. (Each probe is hashed by each element of the
6598 7189 * probe tuple -- allowing for fast lookups, regardless of what was
6599 7190 * specified.)
6600 7191 */
6601 7192 static uint_t
6602 7193 dtrace_hash_str(char *p)
6603 7194 {
6604 7195 unsigned int g;
6605 7196 uint_t hval = 0;
6606 7197
6607 7198 while (*p) {
6608 7199 hval = (hval << 4) + *p++;
6609 7200 if ((g = (hval & 0xf0000000)) != 0)
6610 7201 hval ^= g >> 24;
6611 7202 hval &= ~g;
6612 7203 }
6613 7204 return (hval);
6614 7205 }
6615 7206
6616 7207 static dtrace_hash_t *
6617 7208 dtrace_hash_create(uintptr_t stroffs, uintptr_t nextoffs, uintptr_t prevoffs)
6618 7209 {
6619 7210 dtrace_hash_t *hash = kmem_zalloc(sizeof (dtrace_hash_t), KM_SLEEP);
6620 7211
6621 7212 hash->dth_stroffs = stroffs;
6622 7213 hash->dth_nextoffs = nextoffs;
6623 7214 hash->dth_prevoffs = prevoffs;
6624 7215
6625 7216 hash->dth_size = 1;
6626 7217 hash->dth_mask = hash->dth_size - 1;
6627 7218
6628 7219 hash->dth_tab = kmem_zalloc(hash->dth_size *
6629 7220 sizeof (dtrace_hashbucket_t *), KM_SLEEP);
6630 7221
6631 7222 return (hash);
6632 7223 }
6633 7224
6634 7225 static void
6635 7226 dtrace_hash_destroy(dtrace_hash_t *hash)
6636 7227 {
6637 7228 #ifdef DEBUG
6638 7229 int i;
6639 7230
6640 7231 for (i = 0; i < hash->dth_size; i++)
6641 7232 ASSERT(hash->dth_tab[i] == NULL);
6642 7233 #endif
6643 7234
6644 7235 kmem_free(hash->dth_tab,
6645 7236 hash->dth_size * sizeof (dtrace_hashbucket_t *));
6646 7237 kmem_free(hash, sizeof (dtrace_hash_t));
6647 7238 }
6648 7239
6649 7240 static void
6650 7241 dtrace_hash_resize(dtrace_hash_t *hash)
6651 7242 {
6652 7243 int size = hash->dth_size, i, ndx;
6653 7244 int new_size = hash->dth_size << 1;
6654 7245 int new_mask = new_size - 1;
6655 7246 dtrace_hashbucket_t **new_tab, *bucket, *next;
6656 7247
6657 7248 ASSERT((new_size & new_mask) == 0);
6658 7249
6659 7250 new_tab = kmem_zalloc(new_size * sizeof (void *), KM_SLEEP);
6660 7251
6661 7252 for (i = 0; i < size; i++) {
6662 7253 for (bucket = hash->dth_tab[i]; bucket != NULL; bucket = next) {
6663 7254 dtrace_probe_t *probe = bucket->dthb_chain;
6664 7255
6665 7256 ASSERT(probe != NULL);
6666 7257 ndx = DTRACE_HASHSTR(hash, probe) & new_mask;
6667 7258
6668 7259 next = bucket->dthb_next;
6669 7260 bucket->dthb_next = new_tab[ndx];
6670 7261 new_tab[ndx] = bucket;
6671 7262 }
6672 7263 }
6673 7264
6674 7265 kmem_free(hash->dth_tab, hash->dth_size * sizeof (void *));
6675 7266 hash->dth_tab = new_tab;
6676 7267 hash->dth_size = new_size;
6677 7268 hash->dth_mask = new_mask;
6678 7269 }
6679 7270
6680 7271 static void
6681 7272 dtrace_hash_add(dtrace_hash_t *hash, dtrace_probe_t *new)
6682 7273 {
6683 7274 int hashval = DTRACE_HASHSTR(hash, new);
6684 7275 int ndx = hashval & hash->dth_mask;
6685 7276 dtrace_hashbucket_t *bucket = hash->dth_tab[ndx];
6686 7277 dtrace_probe_t **nextp, **prevp;
6687 7278
6688 7279 for (; bucket != NULL; bucket = bucket->dthb_next) {
6689 7280 if (DTRACE_HASHEQ(hash, bucket->dthb_chain, new))
6690 7281 goto add;
6691 7282 }
6692 7283
6693 7284 if ((hash->dth_nbuckets >> 1) > hash->dth_size) {
6694 7285 dtrace_hash_resize(hash);
6695 7286 dtrace_hash_add(hash, new);
6696 7287 return;
6697 7288 }
6698 7289
6699 7290 bucket = kmem_zalloc(sizeof (dtrace_hashbucket_t), KM_SLEEP);
6700 7291 bucket->dthb_next = hash->dth_tab[ndx];
6701 7292 hash->dth_tab[ndx] = bucket;
6702 7293 hash->dth_nbuckets++;
6703 7294
6704 7295 add:
6705 7296 nextp = DTRACE_HASHNEXT(hash, new);
6706 7297 ASSERT(*nextp == NULL && *(DTRACE_HASHPREV(hash, new)) == NULL);
6707 7298 *nextp = bucket->dthb_chain;
6708 7299
6709 7300 if (bucket->dthb_chain != NULL) {
6710 7301 prevp = DTRACE_HASHPREV(hash, bucket->dthb_chain);
6711 7302 ASSERT(*prevp == NULL);
6712 7303 *prevp = new;
6713 7304 }
6714 7305
6715 7306 bucket->dthb_chain = new;
6716 7307 bucket->dthb_len++;
6717 7308 }
6718 7309
6719 7310 static dtrace_probe_t *
6720 7311 dtrace_hash_lookup(dtrace_hash_t *hash, dtrace_probe_t *template)
6721 7312 {
6722 7313 int hashval = DTRACE_HASHSTR(hash, template);
6723 7314 int ndx = hashval & hash->dth_mask;
6724 7315 dtrace_hashbucket_t *bucket = hash->dth_tab[ndx];
6725 7316
6726 7317 for (; bucket != NULL; bucket = bucket->dthb_next) {
6727 7318 if (DTRACE_HASHEQ(hash, bucket->dthb_chain, template))
6728 7319 return (bucket->dthb_chain);
6729 7320 }
6730 7321
6731 7322 return (NULL);
6732 7323 }
6733 7324
6734 7325 static int
6735 7326 dtrace_hash_collisions(dtrace_hash_t *hash, dtrace_probe_t *template)
6736 7327 {
6737 7328 int hashval = DTRACE_HASHSTR(hash, template);
6738 7329 int ndx = hashval & hash->dth_mask;
6739 7330 dtrace_hashbucket_t *bucket = hash->dth_tab[ndx];
6740 7331
6741 7332 for (; bucket != NULL; bucket = bucket->dthb_next) {
6742 7333 if (DTRACE_HASHEQ(hash, bucket->dthb_chain, template))
6743 7334 return (bucket->dthb_len);
6744 7335 }
6745 7336
6746 7337 return (NULL);
6747 7338 }
6748 7339
6749 7340 static void
6750 7341 dtrace_hash_remove(dtrace_hash_t *hash, dtrace_probe_t *probe)
6751 7342 {
6752 7343 int ndx = DTRACE_HASHSTR(hash, probe) & hash->dth_mask;
6753 7344 dtrace_hashbucket_t *bucket = hash->dth_tab[ndx];
6754 7345
6755 7346 dtrace_probe_t **prevp = DTRACE_HASHPREV(hash, probe);
6756 7347 dtrace_probe_t **nextp = DTRACE_HASHNEXT(hash, probe);
6757 7348
6758 7349 /*
6759 7350 * Find the bucket that we're removing this probe from.
6760 7351 */
6761 7352 for (; bucket != NULL; bucket = bucket->dthb_next) {
6762 7353 if (DTRACE_HASHEQ(hash, bucket->dthb_chain, probe))
6763 7354 break;
6764 7355 }
6765 7356
6766 7357 ASSERT(bucket != NULL);
6767 7358
6768 7359 if (*prevp == NULL) {
6769 7360 if (*nextp == NULL) {
6770 7361 /*
6771 7362 * The removed probe was the only probe on this
6772 7363 * bucket; we need to remove the bucket.
6773 7364 */
6774 7365 dtrace_hashbucket_t *b = hash->dth_tab[ndx];
6775 7366
6776 7367 ASSERT(bucket->dthb_chain == probe);
6777 7368 ASSERT(b != NULL);
6778 7369
6779 7370 if (b == bucket) {
6780 7371 hash->dth_tab[ndx] = bucket->dthb_next;
6781 7372 } else {
6782 7373 while (b->dthb_next != bucket)
6783 7374 b = b->dthb_next;
6784 7375 b->dthb_next = bucket->dthb_next;
6785 7376 }
6786 7377
6787 7378 ASSERT(hash->dth_nbuckets > 0);
6788 7379 hash->dth_nbuckets--;
6789 7380 kmem_free(bucket, sizeof (dtrace_hashbucket_t));
6790 7381 return;
6791 7382 }
6792 7383
6793 7384 bucket->dthb_chain = *nextp;
6794 7385 } else {
6795 7386 *(DTRACE_HASHNEXT(hash, *prevp)) = *nextp;
6796 7387 }
6797 7388
6798 7389 if (*nextp != NULL)
6799 7390 *(DTRACE_HASHPREV(hash, *nextp)) = *prevp;
6800 7391 }
6801 7392
6802 7393 /*
6803 7394 * DTrace Utility Functions
6804 7395 *
6805 7396 * These are random utility functions that are _not_ called from probe context.
6806 7397 */
6807 7398 static int
6808 7399 dtrace_badattr(const dtrace_attribute_t *a)
6809 7400 {
6810 7401 return (a->dtat_name > DTRACE_STABILITY_MAX ||
6811 7402 a->dtat_data > DTRACE_STABILITY_MAX ||
6812 7403 a->dtat_class > DTRACE_CLASS_MAX);
6813 7404 }
6814 7405
6815 7406 /*
6816 7407 * Return a duplicate copy of a string. If the specified string is NULL,
6817 7408 * this function returns a zero-length string.
6818 7409 */
6819 7410 static char *
6820 7411 dtrace_strdup(const char *str)
6821 7412 {
6822 7413 char *new = kmem_zalloc((str != NULL ? strlen(str) : 0) + 1, KM_SLEEP);
6823 7414
6824 7415 if (str != NULL)
6825 7416 (void) strcpy(new, str);
6826 7417
6827 7418 return (new);
6828 7419 }
6829 7420
6830 7421 #define DTRACE_ISALPHA(c) \
6831 7422 (((c) >= 'a' && (c) <= 'z') || ((c) >= 'A' && (c) <= 'Z'))
6832 7423
6833 7424 static int
6834 7425 dtrace_badname(const char *s)
6835 7426 {
6836 7427 char c;
6837 7428
6838 7429 if (s == NULL || (c = *s++) == '\0')
6839 7430 return (0);
6840 7431
6841 7432 if (!DTRACE_ISALPHA(c) && c != '-' && c != '_' && c != '.')
6842 7433 return (1);
6843 7434
6844 7435 while ((c = *s++) != '\0') {
6845 7436 if (!DTRACE_ISALPHA(c) && (c < '0' || c > '9') &&
6846 7437 c != '-' && c != '_' && c != '.' && c != '`')
6847 7438 return (1);
6848 7439 }
6849 7440
6850 7441 return (0);
6851 7442 }
6852 7443
6853 7444 static void
6854 7445 dtrace_cred2priv(cred_t *cr, uint32_t *privp, uid_t *uidp, zoneid_t *zoneidp)
6855 7446 {
6856 7447 uint32_t priv;
6857 7448
6858 7449 if (cr == NULL || PRIV_POLICY_ONLY(cr, PRIV_ALL, B_FALSE)) {
6859 7450 /*
6860 7451 * For DTRACE_PRIV_ALL, the uid and zoneid don't matter.
6861 7452 */
6862 7453 priv = DTRACE_PRIV_ALL;
6863 7454 } else {
6864 7455 *uidp = crgetuid(cr);
6865 7456 *zoneidp = crgetzoneid(cr);
6866 7457
6867 7458 priv = 0;
6868 7459 if (PRIV_POLICY_ONLY(cr, PRIV_DTRACE_KERNEL, B_FALSE))
6869 7460 priv |= DTRACE_PRIV_KERNEL | DTRACE_PRIV_USER;
6870 7461 else if (PRIV_POLICY_ONLY(cr, PRIV_DTRACE_USER, B_FALSE))
6871 7462 priv |= DTRACE_PRIV_USER;
6872 7463 if (PRIV_POLICY_ONLY(cr, PRIV_DTRACE_PROC, B_FALSE))
6873 7464 priv |= DTRACE_PRIV_PROC;
6874 7465 if (PRIV_POLICY_ONLY(cr, PRIV_PROC_OWNER, B_FALSE))
6875 7466 priv |= DTRACE_PRIV_OWNER;
6876 7467 if (PRIV_POLICY_ONLY(cr, PRIV_PROC_ZONE, B_FALSE))
6877 7468 priv |= DTRACE_PRIV_ZONEOWNER;
6878 7469 }
6879 7470
6880 7471 *privp = priv;
6881 7472 }
6882 7473
6883 7474 #ifdef DTRACE_ERRDEBUG
6884 7475 static void
6885 7476 dtrace_errdebug(const char *str)
6886 7477 {
6887 7478 int hval = dtrace_hash_str((char *)str) % DTRACE_ERRHASHSZ;
6888 7479 int occupied = 0;
6889 7480
6890 7481 mutex_enter(&dtrace_errlock);
6891 7482 dtrace_errlast = str;
6892 7483 dtrace_errthread = curthread;
6893 7484
6894 7485 while (occupied++ < DTRACE_ERRHASHSZ) {
6895 7486 if (dtrace_errhash[hval].dter_msg == str) {
6896 7487 dtrace_errhash[hval].dter_count++;
6897 7488 goto out;
6898 7489 }
6899 7490
6900 7491 if (dtrace_errhash[hval].dter_msg != NULL) {
6901 7492 hval = (hval + 1) % DTRACE_ERRHASHSZ;
6902 7493 continue;
6903 7494 }
6904 7495
6905 7496 dtrace_errhash[hval].dter_msg = str;
6906 7497 dtrace_errhash[hval].dter_count = 1;
6907 7498 goto out;
6908 7499 }
6909 7500
6910 7501 panic("dtrace: undersized error hash");
6911 7502 out:
6912 7503 mutex_exit(&dtrace_errlock);
6913 7504 }
6914 7505 #endif
6915 7506
6916 7507 /*
6917 7508 * DTrace Matching Functions
6918 7509 *
6919 7510 * These functions are used to match groups of probes, given some elements of
6920 7511 * a probe tuple, or some globbed expressions for elements of a probe tuple.
6921 7512 */
6922 7513 static int
6923 7514 dtrace_match_priv(const dtrace_probe_t *prp, uint32_t priv, uid_t uid,
6924 7515 zoneid_t zoneid)
6925 7516 {
6926 7517 if (priv != DTRACE_PRIV_ALL) {
6927 7518 uint32_t ppriv = prp->dtpr_provider->dtpv_priv.dtpp_flags;
6928 7519 uint32_t match = priv & ppriv;
6929 7520
6930 7521 /*
6931 7522 * No PRIV_DTRACE_* privileges...
6932 7523 */
6933 7524 if ((priv & (DTRACE_PRIV_PROC | DTRACE_PRIV_USER |
6934 7525 DTRACE_PRIV_KERNEL)) == 0)
6935 7526 return (0);
6936 7527
6937 7528 /*
6938 7529 * No matching bits, but there were bits to match...
6939 7530 */
6940 7531 if (match == 0 && ppriv != 0)
6941 7532 return (0);
6942 7533
6943 7534 /*
6944 7535 * Need to have permissions to the process, but don't...
6945 7536 */
6946 7537 if (((ppriv & ~match) & DTRACE_PRIV_OWNER) != 0 &&
6947 7538 uid != prp->dtpr_provider->dtpv_priv.dtpp_uid) {
6948 7539 return (0);
6949 7540 }
6950 7541
6951 7542 /*
6952 7543 * Need to be in the same zone unless we possess the
6953 7544 * privilege to examine all zones.
6954 7545 */
6955 7546 if (((ppriv & ~match) & DTRACE_PRIV_ZONEOWNER) != 0 &&
6956 7547 zoneid != prp->dtpr_provider->dtpv_priv.dtpp_zoneid) {
6957 7548 return (0);
6958 7549 }
6959 7550 }
6960 7551
6961 7552 return (1);
6962 7553 }
6963 7554
6964 7555 /*
6965 7556 * dtrace_match_probe compares a dtrace_probe_t to a pre-compiled key, which
6966 7557 * consists of input pattern strings and an ops-vector to evaluate them.
6967 7558 * This function returns >0 for match, 0 for no match, and <0 for error.
6968 7559 */
6969 7560 static int
6970 7561 dtrace_match_probe(const dtrace_probe_t *prp, const dtrace_probekey_t *pkp,
6971 7562 uint32_t priv, uid_t uid, zoneid_t zoneid)
6972 7563 {
6973 7564 dtrace_provider_t *pvp = prp->dtpr_provider;
6974 7565 int rv;
6975 7566
6976 7567 if (pvp->dtpv_defunct)
6977 7568 return (0);
6978 7569
6979 7570 if ((rv = pkp->dtpk_pmatch(pvp->dtpv_name, pkp->dtpk_prov, 0)) <= 0)
6980 7571 return (rv);
6981 7572
6982 7573 if ((rv = pkp->dtpk_mmatch(prp->dtpr_mod, pkp->dtpk_mod, 0)) <= 0)
6983 7574 return (rv);
6984 7575
6985 7576 if ((rv = pkp->dtpk_fmatch(prp->dtpr_func, pkp->dtpk_func, 0)) <= 0)
6986 7577 return (rv);
6987 7578
6988 7579 if ((rv = pkp->dtpk_nmatch(prp->dtpr_name, pkp->dtpk_name, 0)) <= 0)
6989 7580 return (rv);
6990 7581
6991 7582 if (dtrace_match_priv(prp, priv, uid, zoneid) == 0)
6992 7583 return (0);
6993 7584
6994 7585 return (rv);
6995 7586 }
6996 7587
6997 7588 /*
6998 7589 * dtrace_match_glob() is a safe kernel implementation of the gmatch(3GEN)
6999 7590 * interface for matching a glob pattern 'p' to an input string 's'. Unlike
7000 7591 * libc's version, the kernel version only applies to 8-bit ASCII strings.
7001 7592 * In addition, all of the recursion cases except for '*' matching have been
7002 7593 * unwound. For '*', we still implement recursive evaluation, but a depth
7003 7594 * counter is maintained and matching is aborted if we recurse too deep.
7004 7595 * The function returns 0 if no match, >0 if match, and <0 if recursion error.
7005 7596 */
7006 7597 static int
7007 7598 dtrace_match_glob(const char *s, const char *p, int depth)
7008 7599 {
7009 7600 const char *olds;
7010 7601 char s1, c;
7011 7602 int gs;
7012 7603
7013 7604 if (depth > DTRACE_PROBEKEY_MAXDEPTH)
7014 7605 return (-1);
7015 7606
7016 7607 if (s == NULL)
7017 7608 s = ""; /* treat NULL as empty string */
7018 7609
7019 7610 top:
7020 7611 olds = s;
7021 7612 s1 = *s++;
7022 7613
7023 7614 if (p == NULL)
7024 7615 return (0);
7025 7616
7026 7617 if ((c = *p++) == '\0')
7027 7618 return (s1 == '\0');
7028 7619
7029 7620 switch (c) {
7030 7621 case '[': {
7031 7622 int ok = 0, notflag = 0;
7032 7623 char lc = '\0';
7033 7624
7034 7625 if (s1 == '\0')
7035 7626 return (0);
7036 7627
7037 7628 if (*p == '!') {
7038 7629 notflag = 1;
7039 7630 p++;
7040 7631 }
7041 7632
7042 7633 if ((c = *p++) == '\0')
7043 7634 return (0);
7044 7635
7045 7636 do {
7046 7637 if (c == '-' && lc != '\0' && *p != ']') {
7047 7638 if ((c = *p++) == '\0')
7048 7639 return (0);
7049 7640 if (c == '\\' && (c = *p++) == '\0')
7050 7641 return (0);
7051 7642
7052 7643 if (notflag) {
7053 7644 if (s1 < lc || s1 > c)
7054 7645 ok++;
7055 7646 else
7056 7647 return (0);
7057 7648 } else if (lc <= s1 && s1 <= c)
7058 7649 ok++;
7059 7650
7060 7651 } else if (c == '\\' && (c = *p++) == '\0')
7061 7652 return (0);
7062 7653
7063 7654 lc = c; /* save left-hand 'c' for next iteration */
7064 7655
7065 7656 if (notflag) {
7066 7657 if (s1 != c)
7067 7658 ok++;
7068 7659 else
7069 7660 return (0);
7070 7661 } else if (s1 == c)
7071 7662 ok++;
7072 7663
7073 7664 if ((c = *p++) == '\0')
7074 7665 return (0);
7075 7666
7076 7667 } while (c != ']');
7077 7668
7078 7669 if (ok)
7079 7670 goto top;
7080 7671
7081 7672 return (0);
7082 7673 }
7083 7674
7084 7675 case '\\':
7085 7676 if ((c = *p++) == '\0')
7086 7677 return (0);
7087 7678 /*FALLTHRU*/
7088 7679
7089 7680 default:
7090 7681 if (c != s1)
7091 7682 return (0);
7092 7683 /*FALLTHRU*/
7093 7684
7094 7685 case '?':
7095 7686 if (s1 != '\0')
7096 7687 goto top;
7097 7688 return (0);
7098 7689
7099 7690 case '*':
7100 7691 while (*p == '*')
7101 7692 p++; /* consecutive *'s are identical to a single one */
7102 7693
7103 7694 if (*p == '\0')
7104 7695 return (1);
7105 7696
7106 7697 for (s = olds; *s != '\0'; s++) {
7107 7698 if ((gs = dtrace_match_glob(s, p, depth + 1)) != 0)
7108 7699 return (gs);
7109 7700 }
7110 7701
7111 7702 return (0);
7112 7703 }
7113 7704 }
7114 7705
7115 7706 /*ARGSUSED*/
7116 7707 static int
7117 7708 dtrace_match_string(const char *s, const char *p, int depth)
7118 7709 {
7119 7710 return (s != NULL && strcmp(s, p) == 0);
7120 7711 }
7121 7712
7122 7713 /*ARGSUSED*/
7123 7714 static int
7124 7715 dtrace_match_nul(const char *s, const char *p, int depth)
7125 7716 {
7126 7717 return (1); /* always match the empty pattern */
7127 7718 }
7128 7719
7129 7720 /*ARGSUSED*/
7130 7721 static int
7131 7722 dtrace_match_nonzero(const char *s, const char *p, int depth)
7132 7723 {
7133 7724 return (s != NULL && s[0] != '\0');
7134 7725 }
7135 7726
7136 7727 static int
7137 7728 dtrace_match(const dtrace_probekey_t *pkp, uint32_t priv, uid_t uid,
7138 7729 zoneid_t zoneid, int (*matched)(dtrace_probe_t *, void *), void *arg)
7139 7730 {
7140 7731 dtrace_probe_t template, *probe;
7141 7732 dtrace_hash_t *hash = NULL;
7142 7733 int len, rc, best = INT_MAX, nmatched = 0;
7143 7734 dtrace_id_t i;
7144 7735
7145 7736 ASSERT(MUTEX_HELD(&dtrace_lock));
7146 7737
7147 7738 /*
7148 7739 * If the probe ID is specified in the key, just lookup by ID and
7149 7740 * invoke the match callback once if a matching probe is found.
7150 7741 */
7151 7742 if (pkp->dtpk_id != DTRACE_IDNONE) {
7152 7743 if ((probe = dtrace_probe_lookup_id(pkp->dtpk_id)) != NULL &&
7153 7744 dtrace_match_probe(probe, pkp, priv, uid, zoneid) > 0) {
7154 7745 if ((*matched)(probe, arg) == DTRACE_MATCH_FAIL)
7155 7746 return (DTRACE_MATCH_FAIL);
7156 7747 nmatched++;
7157 7748 }
7158 7749 return (nmatched);
7159 7750 }
7160 7751
7161 7752 template.dtpr_mod = (char *)pkp->dtpk_mod;
7162 7753 template.dtpr_func = (char *)pkp->dtpk_func;
7163 7754 template.dtpr_name = (char *)pkp->dtpk_name;
7164 7755
7165 7756 /*
7166 7757 * We want to find the most distinct of the module name, function
7167 7758 * name, and name. So for each one that is not a glob pattern or
7168 7759 * empty string, we perform a lookup in the corresponding hash and
7169 7760 * use the hash table with the fewest collisions to do our search.
7170 7761 */
7171 7762 if (pkp->dtpk_mmatch == &dtrace_match_string &&
7172 7763 (len = dtrace_hash_collisions(dtrace_bymod, &template)) < best) {
7173 7764 best = len;
7174 7765 hash = dtrace_bymod;
7175 7766 }
7176 7767
7177 7768 if (pkp->dtpk_fmatch == &dtrace_match_string &&
7178 7769 (len = dtrace_hash_collisions(dtrace_byfunc, &template)) < best) {
7179 7770 best = len;
7180 7771 hash = dtrace_byfunc;
7181 7772 }
7182 7773
7183 7774 if (pkp->dtpk_nmatch == &dtrace_match_string &&
7184 7775 (len = dtrace_hash_collisions(dtrace_byname, &template)) < best) {
7185 7776 best = len;
7186 7777 hash = dtrace_byname;
7187 7778 }
7188 7779
7189 7780 /*
7190 7781 * If we did not select a hash table, iterate over every probe and
7191 7782 * invoke our callback for each one that matches our input probe key.
7192 7783 */
7193 7784 if (hash == NULL) {
7194 7785 for (i = 0; i < dtrace_nprobes; i++) {
7195 7786 if ((probe = dtrace_probes[i]) == NULL ||
7196 7787 dtrace_match_probe(probe, pkp, priv, uid,
7197 7788 zoneid) <= 0)
7198 7789 continue;
7199 7790
7200 7791 nmatched++;
7201 7792
7202 7793 if ((rc = (*matched)(probe, arg)) !=
7203 7794 DTRACE_MATCH_NEXT) {
7204 7795 if (rc == DTRACE_MATCH_FAIL)
7205 7796 return (DTRACE_MATCH_FAIL);
7206 7797 break;
7207 7798 }
7208 7799 }
7209 7800
7210 7801 return (nmatched);
7211 7802 }
7212 7803
7213 7804 /*
7214 7805 * If we selected a hash table, iterate over each probe of the same key
7215 7806 * name and invoke the callback for every probe that matches the other
7216 7807 * attributes of our input probe key.
7217 7808 */
7218 7809 for (probe = dtrace_hash_lookup(hash, &template); probe != NULL;
7219 7810 probe = *(DTRACE_HASHNEXT(hash, probe))) {
7220 7811
7221 7812 if (dtrace_match_probe(probe, pkp, priv, uid, zoneid) <= 0)
7222 7813 continue;
7223 7814
7224 7815 nmatched++;
7225 7816
7226 7817 if ((rc = (*matched)(probe, arg)) != DTRACE_MATCH_NEXT) {
7227 7818 if (rc == DTRACE_MATCH_FAIL)
7228 7819 return (DTRACE_MATCH_FAIL);
7229 7820 break;
7230 7821 }
7231 7822 }
7232 7823
7233 7824 return (nmatched);
7234 7825 }
7235 7826
7236 7827 /*
7237 7828 * Return the function pointer dtrace_probecmp() should use to compare the
7238 7829 * specified pattern with a string. For NULL or empty patterns, we select
7239 7830 * dtrace_match_nul(). For glob pattern strings, we use dtrace_match_glob().
7240 7831 * For non-empty non-glob strings, we use dtrace_match_string().
7241 7832 */
7242 7833 static dtrace_probekey_f *
7243 7834 dtrace_probekey_func(const char *p)
7244 7835 {
7245 7836 char c;
7246 7837
7247 7838 if (p == NULL || *p == '\0')
7248 7839 return (&dtrace_match_nul);
7249 7840
7250 7841 while ((c = *p++) != '\0') {
7251 7842 if (c == '[' || c == '?' || c == '*' || c == '\\')
7252 7843 return (&dtrace_match_glob);
7253 7844 }
7254 7845
7255 7846 return (&dtrace_match_string);
7256 7847 }
7257 7848
7258 7849 /*
7259 7850 * Build a probe comparison key for use with dtrace_match_probe() from the
7260 7851 * given probe description. By convention, a null key only matches anchored
7261 7852 * probes: if each field is the empty string, reset dtpk_fmatch to
7262 7853 * dtrace_match_nonzero().
7263 7854 */
7264 7855 static void
7265 7856 dtrace_probekey(const dtrace_probedesc_t *pdp, dtrace_probekey_t *pkp)
7266 7857 {
7267 7858 pkp->dtpk_prov = pdp->dtpd_provider;
7268 7859 pkp->dtpk_pmatch = dtrace_probekey_func(pdp->dtpd_provider);
7269 7860
7270 7861 pkp->dtpk_mod = pdp->dtpd_mod;
7271 7862 pkp->dtpk_mmatch = dtrace_probekey_func(pdp->dtpd_mod);
7272 7863
7273 7864 pkp->dtpk_func = pdp->dtpd_func;
7274 7865 pkp->dtpk_fmatch = dtrace_probekey_func(pdp->dtpd_func);
7275 7866
7276 7867 pkp->dtpk_name = pdp->dtpd_name;
7277 7868 pkp->dtpk_nmatch = dtrace_probekey_func(pdp->dtpd_name);
7278 7869
7279 7870 pkp->dtpk_id = pdp->dtpd_id;
7280 7871
7281 7872 if (pkp->dtpk_id == DTRACE_IDNONE &&
7282 7873 pkp->dtpk_pmatch == &dtrace_match_nul &&
7283 7874 pkp->dtpk_mmatch == &dtrace_match_nul &&
7284 7875 pkp->dtpk_fmatch == &dtrace_match_nul &&
7285 7876 pkp->dtpk_nmatch == &dtrace_match_nul)
7286 7877 pkp->dtpk_fmatch = &dtrace_match_nonzero;
7287 7878 }
7288 7879
7289 7880 /*
7290 7881 * DTrace Provider-to-Framework API Functions
7291 7882 *
7292 7883 * These functions implement much of the Provider-to-Framework API, as
7293 7884 * described in <sys/dtrace.h>. The parts of the API not in this section are
7294 7885 * the functions in the API for probe management (found below), and
7295 7886 * dtrace_probe() itself (found above).
7296 7887 */
7297 7888
7298 7889 /*
7299 7890 * Register the calling provider with the DTrace framework. This should
7300 7891 * generally be called by DTrace providers in their attach(9E) entry point.
7301 7892 */
7302 7893 int
7303 7894 dtrace_register(const char *name, const dtrace_pattr_t *pap, uint32_t priv,
7304 7895 cred_t *cr, const dtrace_pops_t *pops, void *arg, dtrace_provider_id_t *idp)
7305 7896 {
7306 7897 dtrace_provider_t *provider;
7307 7898
7308 7899 if (name == NULL || pap == NULL || pops == NULL || idp == NULL) {
7309 7900 cmn_err(CE_WARN, "failed to register provider '%s': invalid "
7310 7901 "arguments", name ? name : "<NULL>");
7311 7902 return (EINVAL);
7312 7903 }
7313 7904
7314 7905 if (name[0] == '\0' || dtrace_badname(name)) {
7315 7906 cmn_err(CE_WARN, "failed to register provider '%s': invalid "
7316 7907 "provider name", name);
7317 7908 return (EINVAL);
7318 7909 }
7319 7910
7320 7911 if ((pops->dtps_provide == NULL && pops->dtps_provide_module == NULL) ||
7321 7912 pops->dtps_enable == NULL || pops->dtps_disable == NULL ||
7322 7913 pops->dtps_destroy == NULL ||
7323 7914 ((pops->dtps_resume == NULL) != (pops->dtps_suspend == NULL))) {
7324 7915 cmn_err(CE_WARN, "failed to register provider '%s': invalid "
7325 7916 "provider ops", name);
7326 7917 return (EINVAL);
7327 7918 }
7328 7919
7329 7920 if (dtrace_badattr(&pap->dtpa_provider) ||
7330 7921 dtrace_badattr(&pap->dtpa_mod) ||
7331 7922 dtrace_badattr(&pap->dtpa_func) ||
7332 7923 dtrace_badattr(&pap->dtpa_name) ||
7333 7924 dtrace_badattr(&pap->dtpa_args)) {
7334 7925 cmn_err(CE_WARN, "failed to register provider '%s': invalid "
7335 7926 "provider attributes", name);
7336 7927 return (EINVAL);
7337 7928 }
7338 7929
7339 7930 if (priv & ~DTRACE_PRIV_ALL) {
7340 7931 cmn_err(CE_WARN, "failed to register provider '%s': invalid "
7341 7932 "privilege attributes", name);
7342 7933 return (EINVAL);
7343 7934 }
7344 7935
7345 7936 if ((priv & DTRACE_PRIV_KERNEL) &&
7346 7937 (priv & (DTRACE_PRIV_USER | DTRACE_PRIV_OWNER)) &&
7347 7938 pops->dtps_mode == NULL) {
7348 7939 cmn_err(CE_WARN, "failed to register provider '%s': need "
7349 7940 "dtps_mode() op for given privilege attributes", name);
7350 7941 return (EINVAL);
7351 7942 }
7352 7943
7353 7944 provider = kmem_zalloc(sizeof (dtrace_provider_t), KM_SLEEP);
7354 7945 provider->dtpv_name = kmem_alloc(strlen(name) + 1, KM_SLEEP);
7355 7946 (void) strcpy(provider->dtpv_name, name);
7356 7947
7357 7948 provider->dtpv_attr = *pap;
7358 7949 provider->dtpv_priv.dtpp_flags = priv;
7359 7950 if (cr != NULL) {
7360 7951 provider->dtpv_priv.dtpp_uid = crgetuid(cr);
7361 7952 provider->dtpv_priv.dtpp_zoneid = crgetzoneid(cr);
7362 7953 }
7363 7954 provider->dtpv_pops = *pops;
7364 7955
7365 7956 if (pops->dtps_provide == NULL) {
7366 7957 ASSERT(pops->dtps_provide_module != NULL);
7367 7958 provider->dtpv_pops.dtps_provide =
7368 7959 (void (*)(void *, const dtrace_probedesc_t *))dtrace_nullop;
7369 7960 }
7370 7961
7371 7962 if (pops->dtps_provide_module == NULL) {
7372 7963 ASSERT(pops->dtps_provide != NULL);
7373 7964 provider->dtpv_pops.dtps_provide_module =
7374 7965 (void (*)(void *, struct modctl *))dtrace_nullop;
7375 7966 }
7376 7967
7377 7968 if (pops->dtps_suspend == NULL) {
7378 7969 ASSERT(pops->dtps_resume == NULL);
7379 7970 provider->dtpv_pops.dtps_suspend =
7380 7971 (void (*)(void *, dtrace_id_t, void *))dtrace_nullop;
7381 7972 provider->dtpv_pops.dtps_resume =
7382 7973 (void (*)(void *, dtrace_id_t, void *))dtrace_nullop;
7383 7974 }
7384 7975
7385 7976 provider->dtpv_arg = arg;
7386 7977 *idp = (dtrace_provider_id_t)provider;
7387 7978
7388 7979 if (pops == &dtrace_provider_ops) {
7389 7980 ASSERT(MUTEX_HELD(&dtrace_provider_lock));
7390 7981 ASSERT(MUTEX_HELD(&dtrace_lock));
7391 7982 ASSERT(dtrace_anon.dta_enabling == NULL);
7392 7983
7393 7984 /*
7394 7985 * We make sure that the DTrace provider is at the head of
7395 7986 * the provider chain.
7396 7987 */
7397 7988 provider->dtpv_next = dtrace_provider;
7398 7989 dtrace_provider = provider;
7399 7990 return (0);
7400 7991 }
7401 7992
7402 7993 mutex_enter(&dtrace_provider_lock);
7403 7994 mutex_enter(&dtrace_lock);
7404 7995
7405 7996 /*
7406 7997 * If there is at least one provider registered, we'll add this
7407 7998 * provider after the first provider.
7408 7999 */
7409 8000 if (dtrace_provider != NULL) {
7410 8001 provider->dtpv_next = dtrace_provider->dtpv_next;
7411 8002 dtrace_provider->dtpv_next = provider;
7412 8003 } else {
7413 8004 dtrace_provider = provider;
7414 8005 }
7415 8006
7416 8007 if (dtrace_retained != NULL) {
7417 8008 dtrace_enabling_provide(provider);
7418 8009
7419 8010 /*
7420 8011 * Now we need to call dtrace_enabling_matchall() -- which
7421 8012 * will acquire cpu_lock and dtrace_lock. We therefore need
7422 8013 * to drop all of our locks before calling into it...
7423 8014 */
7424 8015 mutex_exit(&dtrace_lock);
7425 8016 mutex_exit(&dtrace_provider_lock);
7426 8017 dtrace_enabling_matchall();
7427 8018
7428 8019 return (0);
7429 8020 }
7430 8021
7431 8022 mutex_exit(&dtrace_lock);
7432 8023 mutex_exit(&dtrace_provider_lock);
7433 8024
7434 8025 return (0);
7435 8026 }
7436 8027
7437 8028 /*
7438 8029 * Unregister the specified provider from the DTrace framework. This should
7439 8030 * generally be called by DTrace providers in their detach(9E) entry point.
7440 8031 */
7441 8032 int
7442 8033 dtrace_unregister(dtrace_provider_id_t id)
7443 8034 {
7444 8035 dtrace_provider_t *old = (dtrace_provider_t *)id;
7445 8036 dtrace_provider_t *prev = NULL;
7446 8037 int i, self = 0, noreap = 0;
7447 8038 dtrace_probe_t *probe, *first = NULL;
7448 8039
7449 8040 if (old->dtpv_pops.dtps_enable ==
7450 8041 (int (*)(void *, dtrace_id_t, void *))dtrace_enable_nullop) {
7451 8042 /*
7452 8043 * If DTrace itself is the provider, we're called with locks
7453 8044 * already held.
7454 8045 */
7455 8046 ASSERT(old == dtrace_provider);
7456 8047 ASSERT(dtrace_devi != NULL);
7457 8048 ASSERT(MUTEX_HELD(&dtrace_provider_lock));
7458 8049 ASSERT(MUTEX_HELD(&dtrace_lock));
7459 8050 self = 1;
7460 8051
7461 8052 if (dtrace_provider->dtpv_next != NULL) {
7462 8053 /*
7463 8054 * There's another provider here; return failure.
7464 8055 */
7465 8056 return (EBUSY);
7466 8057 }
7467 8058 } else {
7468 8059 mutex_enter(&dtrace_provider_lock);
7469 8060 mutex_enter(&mod_lock);
7470 8061 mutex_enter(&dtrace_lock);
7471 8062 }
7472 8063
7473 8064 /*
7474 8065 * If anyone has /dev/dtrace open, or if there are anonymous enabled
7475 8066 * probes, we refuse to let providers slither away, unless this
7476 8067 * provider has already been explicitly invalidated.
7477 8068 */
7478 8069 if (!old->dtpv_defunct &&
7479 8070 (dtrace_opens || (dtrace_anon.dta_state != NULL &&
7480 8071 dtrace_anon.dta_state->dts_necbs > 0))) {
7481 8072 if (!self) {
7482 8073 mutex_exit(&dtrace_lock);
7483 8074 mutex_exit(&mod_lock);
7484 8075 mutex_exit(&dtrace_provider_lock);
7485 8076 }
7486 8077 return (EBUSY);
7487 8078 }
7488 8079
7489 8080 /*
7490 8081 * Attempt to destroy the probes associated with this provider.
7491 8082 */
7492 8083 for (i = 0; i < dtrace_nprobes; i++) {
7493 8084 if ((probe = dtrace_probes[i]) == NULL)
7494 8085 continue;
7495 8086
7496 8087 if (probe->dtpr_provider != old)
7497 8088 continue;
7498 8089
7499 8090 if (probe->dtpr_ecb == NULL)
7500 8091 continue;
7501 8092
7502 8093 /*
7503 8094 * If we are trying to unregister a defunct provider, and the
7504 8095 * provider was made defunct within the interval dictated by
7505 8096 * dtrace_unregister_defunct_reap, we'll (asynchronously)
7506 8097 * attempt to reap our enablings. To denote that the provider
7507 8098 * should reattempt to unregister itself at some point in the
7508 8099 * future, we will return a differentiable error code (EAGAIN
7509 8100 * instead of EBUSY) in this case.
7510 8101 */
7511 8102 if (dtrace_gethrtime() - old->dtpv_defunct >
7512 8103 dtrace_unregister_defunct_reap)
7513 8104 noreap = 1;
7514 8105
7515 8106 if (!self) {
7516 8107 mutex_exit(&dtrace_lock);
7517 8108 mutex_exit(&mod_lock);
7518 8109 mutex_exit(&dtrace_provider_lock);
7519 8110 }
7520 8111
7521 8112 if (noreap)
7522 8113 return (EBUSY);
7523 8114
7524 8115 (void) taskq_dispatch(dtrace_taskq,
7525 8116 (task_func_t *)dtrace_enabling_reap, NULL, TQ_SLEEP);
7526 8117
7527 8118 return (EAGAIN);
7528 8119 }
7529 8120
7530 8121 /*
7531 8122 * All of the probes for this provider are disabled; we can safely
7532 8123 * remove all of them from their hash chains and from the probe array.
7533 8124 */
7534 8125 for (i = 0; i < dtrace_nprobes; i++) {
7535 8126 if ((probe = dtrace_probes[i]) == NULL)
7536 8127 continue;
7537 8128
7538 8129 if (probe->dtpr_provider != old)
7539 8130 continue;
7540 8131
7541 8132 dtrace_probes[i] = NULL;
7542 8133
7543 8134 dtrace_hash_remove(dtrace_bymod, probe);
7544 8135 dtrace_hash_remove(dtrace_byfunc, probe);
7545 8136 dtrace_hash_remove(dtrace_byname, probe);
7546 8137
7547 8138 if (first == NULL) {
7548 8139 first = probe;
7549 8140 probe->dtpr_nextmod = NULL;
7550 8141 } else {
7551 8142 probe->dtpr_nextmod = first;
7552 8143 first = probe;
7553 8144 }
7554 8145 }
7555 8146
7556 8147 /*
7557 8148 * The provider's probes have been removed from the hash chains and
7558 8149 * from the probe array. Now issue a dtrace_sync() to be sure that
7559 8150 * everyone has cleared out from any probe array processing.
7560 8151 */
7561 8152 dtrace_sync();
7562 8153
7563 8154 for (probe = first; probe != NULL; probe = first) {
7564 8155 first = probe->dtpr_nextmod;
7565 8156
7566 8157 old->dtpv_pops.dtps_destroy(old->dtpv_arg, probe->dtpr_id,
7567 8158 probe->dtpr_arg);
7568 8159 kmem_free(probe->dtpr_mod, strlen(probe->dtpr_mod) + 1);
7569 8160 kmem_free(probe->dtpr_func, strlen(probe->dtpr_func) + 1);
7570 8161 kmem_free(probe->dtpr_name, strlen(probe->dtpr_name) + 1);
7571 8162 vmem_free(dtrace_arena, (void *)(uintptr_t)(probe->dtpr_id), 1);
7572 8163 kmem_free(probe, sizeof (dtrace_probe_t));
7573 8164 }
7574 8165
7575 8166 if ((prev = dtrace_provider) == old) {
7576 8167 ASSERT(self || dtrace_devi == NULL);
7577 8168 ASSERT(old->dtpv_next == NULL || dtrace_devi == NULL);
7578 8169 dtrace_provider = old->dtpv_next;
7579 8170 } else {
7580 8171 while (prev != NULL && prev->dtpv_next != old)
7581 8172 prev = prev->dtpv_next;
7582 8173
7583 8174 if (prev == NULL) {
7584 8175 panic("attempt to unregister non-existent "
7585 8176 "dtrace provider %p\n", (void *)id);
7586 8177 }
7587 8178
7588 8179 prev->dtpv_next = old->dtpv_next;
7589 8180 }
7590 8181
7591 8182 if (!self) {
7592 8183 mutex_exit(&dtrace_lock);
7593 8184 mutex_exit(&mod_lock);
7594 8185 mutex_exit(&dtrace_provider_lock);
7595 8186 }
7596 8187
7597 8188 kmem_free(old->dtpv_name, strlen(old->dtpv_name) + 1);
7598 8189 kmem_free(old, sizeof (dtrace_provider_t));
7599 8190
7600 8191 return (0);
7601 8192 }
7602 8193
7603 8194 /*
7604 8195 * Invalidate the specified provider. All subsequent probe lookups for the
7605 8196 * specified provider will fail, but its probes will not be removed.
7606 8197 */
7607 8198 void
7608 8199 dtrace_invalidate(dtrace_provider_id_t id)
7609 8200 {
7610 8201 dtrace_provider_t *pvp = (dtrace_provider_t *)id;
7611 8202
7612 8203 ASSERT(pvp->dtpv_pops.dtps_enable !=
7613 8204 (int (*)(void *, dtrace_id_t, void *))dtrace_enable_nullop);
7614 8205
7615 8206 mutex_enter(&dtrace_provider_lock);
7616 8207 mutex_enter(&dtrace_lock);
7617 8208
7618 8209 pvp->dtpv_defunct = dtrace_gethrtime();
7619 8210
7620 8211 mutex_exit(&dtrace_lock);
7621 8212 mutex_exit(&dtrace_provider_lock);
7622 8213 }
7623 8214
7624 8215 /*
7625 8216 * Indicate whether or not DTrace has attached.
7626 8217 */
7627 8218 int
7628 8219 dtrace_attached(void)
7629 8220 {
7630 8221 /*
7631 8222 * dtrace_provider will be non-NULL iff the DTrace driver has
7632 8223 * attached. (It's non-NULL because DTrace is always itself a
7633 8224 * provider.)
7634 8225 */
7635 8226 return (dtrace_provider != NULL);
7636 8227 }
7637 8228
7638 8229 /*
7639 8230 * Remove all the unenabled probes for the given provider. This function is
7640 8231 * not unlike dtrace_unregister(), except that it doesn't remove the provider
7641 8232 * -- just as many of its associated probes as it can.
7642 8233 */
7643 8234 int
7644 8235 dtrace_condense(dtrace_provider_id_t id)
7645 8236 {
7646 8237 dtrace_provider_t *prov = (dtrace_provider_t *)id;
7647 8238 int i;
7648 8239 dtrace_probe_t *probe;
7649 8240
7650 8241 /*
7651 8242 * Make sure this isn't the dtrace provider itself.
7652 8243 */
7653 8244 ASSERT(prov->dtpv_pops.dtps_enable !=
7654 8245 (int (*)(void *, dtrace_id_t, void *))dtrace_enable_nullop);
7655 8246
7656 8247 mutex_enter(&dtrace_provider_lock);
7657 8248 mutex_enter(&dtrace_lock);
7658 8249
7659 8250 /*
7660 8251 * Attempt to destroy the probes associated with this provider.
7661 8252 */
7662 8253 for (i = 0; i < dtrace_nprobes; i++) {
7663 8254 if ((probe = dtrace_probes[i]) == NULL)
7664 8255 continue;
7665 8256
7666 8257 if (probe->dtpr_provider != prov)
7667 8258 continue;
7668 8259
7669 8260 if (probe->dtpr_ecb != NULL)
7670 8261 continue;
7671 8262
7672 8263 dtrace_probes[i] = NULL;
7673 8264
7674 8265 dtrace_hash_remove(dtrace_bymod, probe);
7675 8266 dtrace_hash_remove(dtrace_byfunc, probe);
7676 8267 dtrace_hash_remove(dtrace_byname, probe);
7677 8268
7678 8269 prov->dtpv_pops.dtps_destroy(prov->dtpv_arg, i + 1,
7679 8270 probe->dtpr_arg);
7680 8271 kmem_free(probe->dtpr_mod, strlen(probe->dtpr_mod) + 1);
7681 8272 kmem_free(probe->dtpr_func, strlen(probe->dtpr_func) + 1);
7682 8273 kmem_free(probe->dtpr_name, strlen(probe->dtpr_name) + 1);
7683 8274 kmem_free(probe, sizeof (dtrace_probe_t));
7684 8275 vmem_free(dtrace_arena, (void *)((uintptr_t)i + 1), 1);
7685 8276 }
7686 8277
7687 8278 mutex_exit(&dtrace_lock);
7688 8279 mutex_exit(&dtrace_provider_lock);
7689 8280
7690 8281 return (0);
7691 8282 }
7692 8283
7693 8284 /*
7694 8285 * DTrace Probe Management Functions
7695 8286 *
7696 8287 * The functions in this section perform the DTrace probe management,
7697 8288 * including functions to create probes, look-up probes, and call into the
7698 8289 * providers to request that probes be provided. Some of these functions are
7699 8290 * in the Provider-to-Framework API; these functions can be identified by the
7700 8291 * fact that they are not declared "static".
7701 8292 */
7702 8293
7703 8294 /*
7704 8295 * Create a probe with the specified module name, function name, and name.
7705 8296 */
7706 8297 dtrace_id_t
7707 8298 dtrace_probe_create(dtrace_provider_id_t prov, const char *mod,
7708 8299 const char *func, const char *name, int aframes, void *arg)
7709 8300 {
7710 8301 dtrace_probe_t *probe, **probes;
7711 8302 dtrace_provider_t *provider = (dtrace_provider_t *)prov;
7712 8303 dtrace_id_t id;
7713 8304
7714 8305 if (provider == dtrace_provider) {
7715 8306 ASSERT(MUTEX_HELD(&dtrace_lock));
7716 8307 } else {
7717 8308 mutex_enter(&dtrace_lock);
7718 8309 }
7719 8310
7720 8311 id = (dtrace_id_t)(uintptr_t)vmem_alloc(dtrace_arena, 1,
7721 8312 VM_BESTFIT | VM_SLEEP);
7722 8313 probe = kmem_zalloc(sizeof (dtrace_probe_t), KM_SLEEP);
7723 8314
7724 8315 probe->dtpr_id = id;
7725 8316 probe->dtpr_gen = dtrace_probegen++;
7726 8317 probe->dtpr_mod = dtrace_strdup(mod);
7727 8318 probe->dtpr_func = dtrace_strdup(func);
7728 8319 probe->dtpr_name = dtrace_strdup(name);
7729 8320 probe->dtpr_arg = arg;
7730 8321 probe->dtpr_aframes = aframes;
7731 8322 probe->dtpr_provider = provider;
7732 8323
7733 8324 dtrace_hash_add(dtrace_bymod, probe);
7734 8325 dtrace_hash_add(dtrace_byfunc, probe);
7735 8326 dtrace_hash_add(dtrace_byname, probe);
7736 8327
7737 8328 if (id - 1 >= dtrace_nprobes) {
7738 8329 size_t osize = dtrace_nprobes * sizeof (dtrace_probe_t *);
7739 8330 size_t nsize = osize << 1;
7740 8331
7741 8332 if (nsize == 0) {
7742 8333 ASSERT(osize == 0);
7743 8334 ASSERT(dtrace_probes == NULL);
7744 8335 nsize = sizeof (dtrace_probe_t *);
7745 8336 }
7746 8337
7747 8338 probes = kmem_zalloc(nsize, KM_SLEEP);
7748 8339
7749 8340 if (dtrace_probes == NULL) {
7750 8341 ASSERT(osize == 0);
7751 8342 dtrace_probes = probes;
7752 8343 dtrace_nprobes = 1;
7753 8344 } else {
7754 8345 dtrace_probe_t **oprobes = dtrace_probes;
7755 8346
7756 8347 bcopy(oprobes, probes, osize);
7757 8348 dtrace_membar_producer();
7758 8349 dtrace_probes = probes;
7759 8350
7760 8351 dtrace_sync();
7761 8352
7762 8353 /*
7763 8354 * All CPUs are now seeing the new probes array; we can
7764 8355 * safely free the old array.
7765 8356 */
7766 8357 kmem_free(oprobes, osize);
7767 8358 dtrace_nprobes <<= 1;
7768 8359 }
7769 8360
7770 8361 ASSERT(id - 1 < dtrace_nprobes);
7771 8362 }
7772 8363
7773 8364 ASSERT(dtrace_probes[id - 1] == NULL);
7774 8365 dtrace_probes[id - 1] = probe;
7775 8366
7776 8367 if (provider != dtrace_provider)
7777 8368 mutex_exit(&dtrace_lock);
7778 8369
7779 8370 return (id);
7780 8371 }
7781 8372
7782 8373 static dtrace_probe_t *
7783 8374 dtrace_probe_lookup_id(dtrace_id_t id)
7784 8375 {
7785 8376 ASSERT(MUTEX_HELD(&dtrace_lock));
7786 8377
7787 8378 if (id == 0 || id > dtrace_nprobes)
7788 8379 return (NULL);
7789 8380
7790 8381 return (dtrace_probes[id - 1]);
7791 8382 }
7792 8383
7793 8384 static int
7794 8385 dtrace_probe_lookup_match(dtrace_probe_t *probe, void *arg)
7795 8386 {
7796 8387 *((dtrace_id_t *)arg) = probe->dtpr_id;
7797 8388
7798 8389 return (DTRACE_MATCH_DONE);
7799 8390 }
7800 8391
7801 8392 /*
7802 8393 * Look up a probe based on provider and one or more of module name, function
7803 8394 * name and probe name.
7804 8395 */
7805 8396 dtrace_id_t
7806 8397 dtrace_probe_lookup(dtrace_provider_id_t prid, const char *mod,
7807 8398 const char *func, const char *name)
7808 8399 {
7809 8400 dtrace_probekey_t pkey;
7810 8401 dtrace_id_t id;
7811 8402 int match;
7812 8403
7813 8404 pkey.dtpk_prov = ((dtrace_provider_t *)prid)->dtpv_name;
7814 8405 pkey.dtpk_pmatch = &dtrace_match_string;
7815 8406 pkey.dtpk_mod = mod;
7816 8407 pkey.dtpk_mmatch = mod ? &dtrace_match_string : &dtrace_match_nul;
7817 8408 pkey.dtpk_func = func;
7818 8409 pkey.dtpk_fmatch = func ? &dtrace_match_string : &dtrace_match_nul;
7819 8410 pkey.dtpk_name = name;
7820 8411 pkey.dtpk_nmatch = name ? &dtrace_match_string : &dtrace_match_nul;
7821 8412 pkey.dtpk_id = DTRACE_IDNONE;
7822 8413
7823 8414 mutex_enter(&dtrace_lock);
7824 8415 match = dtrace_match(&pkey, DTRACE_PRIV_ALL, 0, 0,
7825 8416 dtrace_probe_lookup_match, &id);
7826 8417 mutex_exit(&dtrace_lock);
7827 8418
7828 8419 ASSERT(match == 1 || match == 0);
7829 8420 return (match ? id : 0);
7830 8421 }
7831 8422
7832 8423 /*
7833 8424 * Returns the probe argument associated with the specified probe.
7834 8425 */
7835 8426 void *
7836 8427 dtrace_probe_arg(dtrace_provider_id_t id, dtrace_id_t pid)
7837 8428 {
7838 8429 dtrace_probe_t *probe;
7839 8430 void *rval = NULL;
7840 8431
7841 8432 mutex_enter(&dtrace_lock);
7842 8433
7843 8434 if ((probe = dtrace_probe_lookup_id(pid)) != NULL &&
7844 8435 probe->dtpr_provider == (dtrace_provider_t *)id)
7845 8436 rval = probe->dtpr_arg;
7846 8437
7847 8438 mutex_exit(&dtrace_lock);
7848 8439
7849 8440 return (rval);
7850 8441 }
7851 8442
7852 8443 /*
7853 8444 * Copy a probe into a probe description.
7854 8445 */
7855 8446 static void
7856 8447 dtrace_probe_description(const dtrace_probe_t *prp, dtrace_probedesc_t *pdp)
7857 8448 {
7858 8449 bzero(pdp, sizeof (dtrace_probedesc_t));
7859 8450 pdp->dtpd_id = prp->dtpr_id;
7860 8451
7861 8452 (void) strncpy(pdp->dtpd_provider,
7862 8453 prp->dtpr_provider->dtpv_name, DTRACE_PROVNAMELEN - 1);
7863 8454
7864 8455 (void) strncpy(pdp->dtpd_mod, prp->dtpr_mod, DTRACE_MODNAMELEN - 1);
7865 8456 (void) strncpy(pdp->dtpd_func, prp->dtpr_func, DTRACE_FUNCNAMELEN - 1);
7866 8457 (void) strncpy(pdp->dtpd_name, prp->dtpr_name, DTRACE_NAMELEN - 1);
7867 8458 }
7868 8459
7869 8460 /*
7870 8461 * Called to indicate that a probe -- or probes -- should be provided by a
7871 8462 * specfied provider. If the specified description is NULL, the provider will
7872 8463 * be told to provide all of its probes. (This is done whenever a new
7873 8464 * consumer comes along, or whenever a retained enabling is to be matched.) If
7874 8465 * the specified description is non-NULL, the provider is given the
7875 8466 * opportunity to dynamically provide the specified probe, allowing providers
7876 8467 * to support the creation of probes on-the-fly. (So-called _autocreated_
7877 8468 * probes.) If the provider is NULL, the operations will be applied to all
7878 8469 * providers; if the provider is non-NULL the operations will only be applied
7879 8470 * to the specified provider. The dtrace_provider_lock must be held, and the
7880 8471 * dtrace_lock must _not_ be held -- the provider's dtps_provide() operation
7881 8472 * will need to grab the dtrace_lock when it reenters the framework through
7882 8473 * dtrace_probe_lookup(), dtrace_probe_create(), etc.
7883 8474 */
7884 8475 static void
7885 8476 dtrace_probe_provide(dtrace_probedesc_t *desc, dtrace_provider_t *prv)
7886 8477 {
7887 8478 struct modctl *ctl;
7888 8479 int all = 0;
7889 8480
7890 8481 ASSERT(MUTEX_HELD(&dtrace_provider_lock));
7891 8482
7892 8483 if (prv == NULL) {
7893 8484 all = 1;
7894 8485 prv = dtrace_provider;
7895 8486 }
7896 8487
7897 8488 do {
7898 8489 /*
7899 8490 * First, call the blanket provide operation.
7900 8491 */
7901 8492 prv->dtpv_pops.dtps_provide(prv->dtpv_arg, desc);
7902 8493
7903 8494 /*
7904 8495 * Now call the per-module provide operation. We will grab
7905 8496 * mod_lock to prevent the list from being modified. Note
7906 8497 * that this also prevents the mod_busy bits from changing.
7907 8498 * (mod_busy can only be changed with mod_lock held.)
7908 8499 */
7909 8500 mutex_enter(&mod_lock);
7910 8501
7911 8502 ctl = &modules;
7912 8503 do {
7913 8504 if (ctl->mod_busy || ctl->mod_mp == NULL)
7914 8505 continue;
7915 8506
7916 8507 prv->dtpv_pops.dtps_provide_module(prv->dtpv_arg, ctl);
7917 8508
7918 8509 } while ((ctl = ctl->mod_next) != &modules);
7919 8510
7920 8511 mutex_exit(&mod_lock);
7921 8512 } while (all && (prv = prv->dtpv_next) != NULL);
7922 8513 }
7923 8514
7924 8515 /*
7925 8516 * Iterate over each probe, and call the Framework-to-Provider API function
7926 8517 * denoted by offs.
7927 8518 */
7928 8519 static void
7929 8520 dtrace_probe_foreach(uintptr_t offs)
7930 8521 {
7931 8522 dtrace_provider_t *prov;
7932 8523 void (*func)(void *, dtrace_id_t, void *);
7933 8524 dtrace_probe_t *probe;
7934 8525 dtrace_icookie_t cookie;
7935 8526 int i;
7936 8527
7937 8528 /*
7938 8529 * We disable interrupts to walk through the probe array. This is
7939 8530 * safe -- the dtrace_sync() in dtrace_unregister() assures that we
7940 8531 * won't see stale data.
7941 8532 */
7942 8533 cookie = dtrace_interrupt_disable();
7943 8534
7944 8535 for (i = 0; i < dtrace_nprobes; i++) {
7945 8536 if ((probe = dtrace_probes[i]) == NULL)
7946 8537 continue;
7947 8538
7948 8539 if (probe->dtpr_ecb == NULL) {
7949 8540 /*
7950 8541 * This probe isn't enabled -- don't call the function.
7951 8542 */
7952 8543 continue;
7953 8544 }
7954 8545
7955 8546 prov = probe->dtpr_provider;
7956 8547 func = *((void(**)(void *, dtrace_id_t, void *))
7957 8548 ((uintptr_t)&prov->dtpv_pops + offs));
7958 8549
7959 8550 func(prov->dtpv_arg, i + 1, probe->dtpr_arg);
7960 8551 }
7961 8552
7962 8553 dtrace_interrupt_enable(cookie);
7963 8554 }
7964 8555
7965 8556 static int
7966 8557 dtrace_probe_enable(const dtrace_probedesc_t *desc, dtrace_enabling_t *enab)
7967 8558 {
7968 8559 dtrace_probekey_t pkey;
7969 8560 uint32_t priv;
7970 8561 uid_t uid;
7971 8562 zoneid_t zoneid;
7972 8563
7973 8564 ASSERT(MUTEX_HELD(&dtrace_lock));
7974 8565 dtrace_ecb_create_cache = NULL;
7975 8566
7976 8567 if (desc == NULL) {
7977 8568 /*
7978 8569 * If we're passed a NULL description, we're being asked to
7979 8570 * create an ECB with a NULL probe.
7980 8571 */
7981 8572 (void) dtrace_ecb_create_enable(NULL, enab);
7982 8573 return (0);
7983 8574 }
7984 8575
7985 8576 dtrace_probekey(desc, &pkey);
7986 8577 dtrace_cred2priv(enab->dten_vstate->dtvs_state->dts_cred.dcr_cred,
7987 8578 &priv, &uid, &zoneid);
7988 8579
7989 8580 return (dtrace_match(&pkey, priv, uid, zoneid, dtrace_ecb_create_enable,
7990 8581 enab));
7991 8582 }
7992 8583
7993 8584 /*
7994 8585 * DTrace Helper Provider Functions
7995 8586 */
7996 8587 static void
7997 8588 dtrace_dofattr2attr(dtrace_attribute_t *attr, const dof_attr_t dofattr)
7998 8589 {
7999 8590 attr->dtat_name = DOF_ATTR_NAME(dofattr);
8000 8591 attr->dtat_data = DOF_ATTR_DATA(dofattr);
8001 8592 attr->dtat_class = DOF_ATTR_CLASS(dofattr);
8002 8593 }
8003 8594
8004 8595 static void
8005 8596 dtrace_dofprov2hprov(dtrace_helper_provdesc_t *hprov,
8006 8597 const dof_provider_t *dofprov, char *strtab)
8007 8598 {
8008 8599 hprov->dthpv_provname = strtab + dofprov->dofpv_name;
8009 8600 dtrace_dofattr2attr(&hprov->dthpv_pattr.dtpa_provider,
8010 8601 dofprov->dofpv_provattr);
8011 8602 dtrace_dofattr2attr(&hprov->dthpv_pattr.dtpa_mod,
8012 8603 dofprov->dofpv_modattr);
8013 8604 dtrace_dofattr2attr(&hprov->dthpv_pattr.dtpa_func,
8014 8605 dofprov->dofpv_funcattr);
8015 8606 dtrace_dofattr2attr(&hprov->dthpv_pattr.dtpa_name,
8016 8607 dofprov->dofpv_nameattr);
8017 8608 dtrace_dofattr2attr(&hprov->dthpv_pattr.dtpa_args,
8018 8609 dofprov->dofpv_argsattr);
8019 8610 }
8020 8611
8021 8612 static void
8022 8613 dtrace_helper_provide_one(dof_helper_t *dhp, dof_sec_t *sec, pid_t pid)
8023 8614 {
8024 8615 uintptr_t daddr = (uintptr_t)dhp->dofhp_dof;
8025 8616 dof_hdr_t *dof = (dof_hdr_t *)daddr;
8026 8617 dof_sec_t *str_sec, *prb_sec, *arg_sec, *off_sec, *enoff_sec;
8027 8618 dof_provider_t *provider;
8028 8619 dof_probe_t *probe;
8029 8620 uint32_t *off, *enoff;
8030 8621 uint8_t *arg;
8031 8622 char *strtab;
8032 8623 uint_t i, nprobes;
8033 8624 dtrace_helper_provdesc_t dhpv;
8034 8625 dtrace_helper_probedesc_t dhpb;
8035 8626 dtrace_meta_t *meta = dtrace_meta_pid;
8036 8627 dtrace_mops_t *mops = &meta->dtm_mops;
8037 8628 void *parg;
8038 8629
8039 8630 provider = (dof_provider_t *)(uintptr_t)(daddr + sec->dofs_offset);
8040 8631 str_sec = (dof_sec_t *)(uintptr_t)(daddr + dof->dofh_secoff +
8041 8632 provider->dofpv_strtab * dof->dofh_secsize);
8042 8633 prb_sec = (dof_sec_t *)(uintptr_t)(daddr + dof->dofh_secoff +
8043 8634 provider->dofpv_probes * dof->dofh_secsize);
8044 8635 arg_sec = (dof_sec_t *)(uintptr_t)(daddr + dof->dofh_secoff +
8045 8636 provider->dofpv_prargs * dof->dofh_secsize);
8046 8637 off_sec = (dof_sec_t *)(uintptr_t)(daddr + dof->dofh_secoff +
8047 8638 provider->dofpv_proffs * dof->dofh_secsize);
8048 8639
8049 8640 strtab = (char *)(uintptr_t)(daddr + str_sec->dofs_offset);
8050 8641 off = (uint32_t *)(uintptr_t)(daddr + off_sec->dofs_offset);
8051 8642 arg = (uint8_t *)(uintptr_t)(daddr + arg_sec->dofs_offset);
8052 8643 enoff = NULL;
8053 8644
8054 8645 /*
8055 8646 * See dtrace_helper_provider_validate().
8056 8647 */
8057 8648 if (dof->dofh_ident[DOF_ID_VERSION] != DOF_VERSION_1 &&
8058 8649 provider->dofpv_prenoffs != DOF_SECT_NONE) {
8059 8650 enoff_sec = (dof_sec_t *)(uintptr_t)(daddr + dof->dofh_secoff +
8060 8651 provider->dofpv_prenoffs * dof->dofh_secsize);
8061 8652 enoff = (uint32_t *)(uintptr_t)(daddr + enoff_sec->dofs_offset);
8062 8653 }
8063 8654
8064 8655 nprobes = prb_sec->dofs_size / prb_sec->dofs_entsize;
8065 8656
8066 8657 /*
8067 8658 * Create the provider.
8068 8659 */
8069 8660 dtrace_dofprov2hprov(&dhpv, provider, strtab);
8070 8661
8071 8662 if ((parg = mops->dtms_provide_pid(meta->dtm_arg, &dhpv, pid)) == NULL)
8072 8663 return;
8073 8664
8074 8665 meta->dtm_count++;
8075 8666
8076 8667 /*
8077 8668 * Create the probes.
8078 8669 */
8079 8670 for (i = 0; i < nprobes; i++) {
8080 8671 probe = (dof_probe_t *)(uintptr_t)(daddr +
8081 8672 prb_sec->dofs_offset + i * prb_sec->dofs_entsize);
8082 8673
8083 8674 dhpb.dthpb_mod = dhp->dofhp_mod;
8084 8675 dhpb.dthpb_func = strtab + probe->dofpr_func;
8085 8676 dhpb.dthpb_name = strtab + probe->dofpr_name;
8086 8677 dhpb.dthpb_base = probe->dofpr_addr;
8087 8678 dhpb.dthpb_offs = off + probe->dofpr_offidx;
8088 8679 dhpb.dthpb_noffs = probe->dofpr_noffs;
8089 8680 if (enoff != NULL) {
8090 8681 dhpb.dthpb_enoffs = enoff + probe->dofpr_enoffidx;
8091 8682 dhpb.dthpb_nenoffs = probe->dofpr_nenoffs;
8092 8683 } else {
8093 8684 dhpb.dthpb_enoffs = NULL;
8094 8685 dhpb.dthpb_nenoffs = 0;
8095 8686 }
8096 8687 dhpb.dthpb_args = arg + probe->dofpr_argidx;
8097 8688 dhpb.dthpb_nargc = probe->dofpr_nargc;
8098 8689 dhpb.dthpb_xargc = probe->dofpr_xargc;
8099 8690 dhpb.dthpb_ntypes = strtab + probe->dofpr_nargv;
8100 8691 dhpb.dthpb_xtypes = strtab + probe->dofpr_xargv;
8101 8692
8102 8693 mops->dtms_create_probe(meta->dtm_arg, parg, &dhpb);
8103 8694 }
8104 8695 }
8105 8696
8106 8697 static void
8107 8698 dtrace_helper_provide(dof_helper_t *dhp, pid_t pid)
8108 8699 {
8109 8700 uintptr_t daddr = (uintptr_t)dhp->dofhp_dof;
8110 8701 dof_hdr_t *dof = (dof_hdr_t *)daddr;
8111 8702 int i;
8112 8703
8113 8704 ASSERT(MUTEX_HELD(&dtrace_meta_lock));
8114 8705
8115 8706 for (i = 0; i < dof->dofh_secnum; i++) {
8116 8707 dof_sec_t *sec = (dof_sec_t *)(uintptr_t)(daddr +
8117 8708 dof->dofh_secoff + i * dof->dofh_secsize);
8118 8709
8119 8710 if (sec->dofs_type != DOF_SECT_PROVIDER)
8120 8711 continue;
8121 8712
8122 8713 dtrace_helper_provide_one(dhp, sec, pid);
8123 8714 }
8124 8715
8125 8716 /*
8126 8717 * We may have just created probes, so we must now rematch against
8127 8718 * any retained enablings. Note that this call will acquire both
8128 8719 * cpu_lock and dtrace_lock; the fact that we are holding
8129 8720 * dtrace_meta_lock now is what defines the ordering with respect to
8130 8721 * these three locks.
8131 8722 */
8132 8723 dtrace_enabling_matchall();
8133 8724 }
8134 8725
8135 8726 static void
8136 8727 dtrace_helper_provider_remove_one(dof_helper_t *dhp, dof_sec_t *sec, pid_t pid)
8137 8728 {
8138 8729 uintptr_t daddr = (uintptr_t)dhp->dofhp_dof;
8139 8730 dof_hdr_t *dof = (dof_hdr_t *)daddr;
8140 8731 dof_sec_t *str_sec;
8141 8732 dof_provider_t *provider;
8142 8733 char *strtab;
8143 8734 dtrace_helper_provdesc_t dhpv;
8144 8735 dtrace_meta_t *meta = dtrace_meta_pid;
8145 8736 dtrace_mops_t *mops = &meta->dtm_mops;
8146 8737
8147 8738 provider = (dof_provider_t *)(uintptr_t)(daddr + sec->dofs_offset);
8148 8739 str_sec = (dof_sec_t *)(uintptr_t)(daddr + dof->dofh_secoff +
8149 8740 provider->dofpv_strtab * dof->dofh_secsize);
8150 8741
8151 8742 strtab = (char *)(uintptr_t)(daddr + str_sec->dofs_offset);
8152 8743
8153 8744 /*
8154 8745 * Create the provider.
8155 8746 */
8156 8747 dtrace_dofprov2hprov(&dhpv, provider, strtab);
8157 8748
8158 8749 mops->dtms_remove_pid(meta->dtm_arg, &dhpv, pid);
8159 8750
8160 8751 meta->dtm_count--;
8161 8752 }
8162 8753
8163 8754 static void
8164 8755 dtrace_helper_provider_remove(dof_helper_t *dhp, pid_t pid)
8165 8756 {
8166 8757 uintptr_t daddr = (uintptr_t)dhp->dofhp_dof;
8167 8758 dof_hdr_t *dof = (dof_hdr_t *)daddr;
8168 8759 int i;
8169 8760
8170 8761 ASSERT(MUTEX_HELD(&dtrace_meta_lock));
8171 8762
8172 8763 for (i = 0; i < dof->dofh_secnum; i++) {
8173 8764 dof_sec_t *sec = (dof_sec_t *)(uintptr_t)(daddr +
8174 8765 dof->dofh_secoff + i * dof->dofh_secsize);
8175 8766
8176 8767 if (sec->dofs_type != DOF_SECT_PROVIDER)
8177 8768 continue;
8178 8769
8179 8770 dtrace_helper_provider_remove_one(dhp, sec, pid);
8180 8771 }
8181 8772 }
8182 8773
8183 8774 /*
8184 8775 * DTrace Meta Provider-to-Framework API Functions
8185 8776 *
8186 8777 * These functions implement the Meta Provider-to-Framework API, as described
8187 8778 * in <sys/dtrace.h>.
8188 8779 */
8189 8780 int
8190 8781 dtrace_meta_register(const char *name, const dtrace_mops_t *mops, void *arg,
8191 8782 dtrace_meta_provider_id_t *idp)
8192 8783 {
8193 8784 dtrace_meta_t *meta;
8194 8785 dtrace_helpers_t *help, *next;
8195 8786 int i;
8196 8787
8197 8788 *idp = DTRACE_METAPROVNONE;
8198 8789
8199 8790 /*
8200 8791 * We strictly don't need the name, but we hold onto it for
8201 8792 * debuggability. All hail error queues!
8202 8793 */
8203 8794 if (name == NULL) {
8204 8795 cmn_err(CE_WARN, "failed to register meta-provider: "
8205 8796 "invalid name");
8206 8797 return (EINVAL);
8207 8798 }
8208 8799
8209 8800 if (mops == NULL ||
8210 8801 mops->dtms_create_probe == NULL ||
8211 8802 mops->dtms_provide_pid == NULL ||
8212 8803 mops->dtms_remove_pid == NULL) {
8213 8804 cmn_err(CE_WARN, "failed to register meta-register %s: "
8214 8805 "invalid ops", name);
8215 8806 return (EINVAL);
8216 8807 }
8217 8808
8218 8809 meta = kmem_zalloc(sizeof (dtrace_meta_t), KM_SLEEP);
8219 8810 meta->dtm_mops = *mops;
8220 8811 meta->dtm_name = kmem_alloc(strlen(name) + 1, KM_SLEEP);
8221 8812 (void) strcpy(meta->dtm_name, name);
8222 8813 meta->dtm_arg = arg;
8223 8814
8224 8815 mutex_enter(&dtrace_meta_lock);
8225 8816 mutex_enter(&dtrace_lock);
8226 8817
8227 8818 if (dtrace_meta_pid != NULL) {
8228 8819 mutex_exit(&dtrace_lock);
8229 8820 mutex_exit(&dtrace_meta_lock);
8230 8821 cmn_err(CE_WARN, "failed to register meta-register %s: "
8231 8822 "user-land meta-provider exists", name);
8232 8823 kmem_free(meta->dtm_name, strlen(meta->dtm_name) + 1);
8233 8824 kmem_free(meta, sizeof (dtrace_meta_t));
8234 8825 return (EINVAL);
8235 8826 }
8236 8827
8237 8828 dtrace_meta_pid = meta;
8238 8829 *idp = (dtrace_meta_provider_id_t)meta;
8239 8830
8240 8831 /*
8241 8832 * If there are providers and probes ready to go, pass them
8242 8833 * off to the new meta provider now.
8243 8834 */
8244 8835
8245 8836 help = dtrace_deferred_pid;
8246 8837 dtrace_deferred_pid = NULL;
8247 8838
8248 8839 mutex_exit(&dtrace_lock);
8249 8840
8250 8841 while (help != NULL) {
8251 8842 for (i = 0; i < help->dthps_nprovs; i++) {
8252 8843 dtrace_helper_provide(&help->dthps_provs[i]->dthp_prov,
8253 8844 help->dthps_pid);
8254 8845 }
8255 8846
8256 8847 next = help->dthps_next;
8257 8848 help->dthps_next = NULL;
8258 8849 help->dthps_prev = NULL;
8259 8850 help->dthps_deferred = 0;
8260 8851 help = next;
8261 8852 }
8262 8853
8263 8854 mutex_exit(&dtrace_meta_lock);
8264 8855
8265 8856 return (0);
8266 8857 }
8267 8858
8268 8859 int
8269 8860 dtrace_meta_unregister(dtrace_meta_provider_id_t id)
8270 8861 {
8271 8862 dtrace_meta_t **pp, *old = (dtrace_meta_t *)id;
8272 8863
8273 8864 mutex_enter(&dtrace_meta_lock);
8274 8865 mutex_enter(&dtrace_lock);
8275 8866
8276 8867 if (old == dtrace_meta_pid) {
8277 8868 pp = &dtrace_meta_pid;
8278 8869 } else {
8279 8870 panic("attempt to unregister non-existent "
8280 8871 "dtrace meta-provider %p\n", (void *)old);
8281 8872 }
8282 8873
8283 8874 if (old->dtm_count != 0) {
8284 8875 mutex_exit(&dtrace_lock);
8285 8876 mutex_exit(&dtrace_meta_lock);
8286 8877 return (EBUSY);
8287 8878 }
8288 8879
8289 8880 *pp = NULL;
8290 8881
8291 8882 mutex_exit(&dtrace_lock);
8292 8883 mutex_exit(&dtrace_meta_lock);
8293 8884
8294 8885 kmem_free(old->dtm_name, strlen(old->dtm_name) + 1);
8295 8886 kmem_free(old, sizeof (dtrace_meta_t));
8296 8887
8297 8888 return (0);
8298 8889 }
8299 8890
8300 8891
8301 8892 /*
8302 8893 * DTrace DIF Object Functions
8303 8894 */
8304 8895 static int
8305 8896 dtrace_difo_err(uint_t pc, const char *format, ...)
8306 8897 {
8307 8898 if (dtrace_err_verbose) {
8308 8899 va_list alist;
8309 8900
8310 8901 (void) uprintf("dtrace DIF object error: [%u]: ", pc);
8311 8902 va_start(alist, format);
8312 8903 (void) vuprintf(format, alist);
8313 8904 va_end(alist);
8314 8905 }
8315 8906
8316 8907 #ifdef DTRACE_ERRDEBUG
8317 8908 dtrace_errdebug(format);
8318 8909 #endif
8319 8910 return (1);
8320 8911 }
8321 8912
8322 8913 /*
8323 8914 * Validate a DTrace DIF object by checking the IR instructions. The following
8324 8915 * rules are currently enforced by dtrace_difo_validate():
8325 8916 *
8326 8917 * 1. Each instruction must have a valid opcode
8327 8918 * 2. Each register, string, variable, or subroutine reference must be valid
8328 8919 * 3. No instruction can modify register %r0 (must be zero)
8329 8920 * 4. All instruction reserved bits must be set to zero
8330 8921 * 5. The last instruction must be a "ret" instruction
8331 8922 * 6. All branch targets must reference a valid instruction _after_ the branch
8332 8923 */
8333 8924 static int
8334 8925 dtrace_difo_validate(dtrace_difo_t *dp, dtrace_vstate_t *vstate, uint_t nregs,
8335 8926 cred_t *cr)
8336 8927 {
8337 8928 int err = 0, i;
8338 8929 int (*efunc)(uint_t pc, const char *, ...) = dtrace_difo_err;
8339 8930 int kcheckload;
8340 8931 uint_t pc;
8341 8932
8342 8933 kcheckload = cr == NULL ||
8343 8934 (vstate->dtvs_state->dts_cred.dcr_visible & DTRACE_CRV_KERNEL) == 0;
8344 8935
8345 8936 dp->dtdo_destructive = 0;
8346 8937
8347 8938 for (pc = 0; pc < dp->dtdo_len && err == 0; pc++) {
8348 8939 dif_instr_t instr = dp->dtdo_buf[pc];
8349 8940
8350 8941 uint_t r1 = DIF_INSTR_R1(instr);
8351 8942 uint_t r2 = DIF_INSTR_R2(instr);
8352 8943 uint_t rd = DIF_INSTR_RD(instr);
8353 8944 uint_t rs = DIF_INSTR_RS(instr);
8354 8945 uint_t label = DIF_INSTR_LABEL(instr);
8355 8946 uint_t v = DIF_INSTR_VAR(instr);
8356 8947 uint_t subr = DIF_INSTR_SUBR(instr);
8357 8948 uint_t type = DIF_INSTR_TYPE(instr);
8358 8949 uint_t op = DIF_INSTR_OP(instr);
8359 8950
8360 8951 switch (op) {
8361 8952 case DIF_OP_OR:
8362 8953 case DIF_OP_XOR:
8363 8954 case DIF_OP_AND:
8364 8955 case DIF_OP_SLL:
8365 8956 case DIF_OP_SRL:
8366 8957 case DIF_OP_SRA:
8367 8958 case DIF_OP_SUB:
8368 8959 case DIF_OP_ADD:
8369 8960 case DIF_OP_MUL:
8370 8961 case DIF_OP_SDIV:
8371 8962 case DIF_OP_UDIV:
8372 8963 case DIF_OP_SREM:
8373 8964 case DIF_OP_UREM:
8374 8965 case DIF_OP_COPYS:
8375 8966 if (r1 >= nregs)
8376 8967 err += efunc(pc, "invalid register %u\n", r1);
8377 8968 if (r2 >= nregs)
8378 8969 err += efunc(pc, "invalid register %u\n", r2);
8379 8970 if (rd >= nregs)
8380 8971 err += efunc(pc, "invalid register %u\n", rd);
8381 8972 if (rd == 0)
8382 8973 err += efunc(pc, "cannot write to %r0\n");
8383 8974 break;
8384 8975 case DIF_OP_NOT:
8385 8976 case DIF_OP_MOV:
8386 8977 case DIF_OP_ALLOCS:
8387 8978 if (r1 >= nregs)
8388 8979 err += efunc(pc, "invalid register %u\n", r1);
8389 8980 if (r2 != 0)
8390 8981 err += efunc(pc, "non-zero reserved bits\n");
8391 8982 if (rd >= nregs)
8392 8983 err += efunc(pc, "invalid register %u\n", rd);
8393 8984 if (rd == 0)
8394 8985 err += efunc(pc, "cannot write to %r0\n");
8395 8986 break;
8396 8987 case DIF_OP_LDSB:
8397 8988 case DIF_OP_LDSH:
8398 8989 case DIF_OP_LDSW:
8399 8990 case DIF_OP_LDUB:
8400 8991 case DIF_OP_LDUH:
8401 8992 case DIF_OP_LDUW:
8402 8993 case DIF_OP_LDX:
8403 8994 if (r1 >= nregs)
8404 8995 err += efunc(pc, "invalid register %u\n", r1);
8405 8996 if (r2 != 0)
8406 8997 err += efunc(pc, "non-zero reserved bits\n");
8407 8998 if (rd >= nregs)
8408 8999 err += efunc(pc, "invalid register %u\n", rd);
8409 9000 if (rd == 0)
8410 9001 err += efunc(pc, "cannot write to %r0\n");
8411 9002 if (kcheckload)
8412 9003 dp->dtdo_buf[pc] = DIF_INSTR_LOAD(op +
8413 9004 DIF_OP_RLDSB - DIF_OP_LDSB, r1, rd);
8414 9005 break;
8415 9006 case DIF_OP_RLDSB:
8416 9007 case DIF_OP_RLDSH:
8417 9008 case DIF_OP_RLDSW:
8418 9009 case DIF_OP_RLDUB:
8419 9010 case DIF_OP_RLDUH:
8420 9011 case DIF_OP_RLDUW:
8421 9012 case DIF_OP_RLDX:
8422 9013 if (r1 >= nregs)
8423 9014 err += efunc(pc, "invalid register %u\n", r1);
8424 9015 if (r2 != 0)
8425 9016 err += efunc(pc, "non-zero reserved bits\n");
8426 9017 if (rd >= nregs)
8427 9018 err += efunc(pc, "invalid register %u\n", rd);
8428 9019 if (rd == 0)
8429 9020 err += efunc(pc, "cannot write to %r0\n");
8430 9021 break;
8431 9022 case DIF_OP_ULDSB:
8432 9023 case DIF_OP_ULDSH:
8433 9024 case DIF_OP_ULDSW:
8434 9025 case DIF_OP_ULDUB:
8435 9026 case DIF_OP_ULDUH:
8436 9027 case DIF_OP_ULDUW:
8437 9028 case DIF_OP_ULDX:
8438 9029 if (r1 >= nregs)
8439 9030 err += efunc(pc, "invalid register %u\n", r1);
8440 9031 if (r2 != 0)
8441 9032 err += efunc(pc, "non-zero reserved bits\n");
8442 9033 if (rd >= nregs)
8443 9034 err += efunc(pc, "invalid register %u\n", rd);
8444 9035 if (rd == 0)
8445 9036 err += efunc(pc, "cannot write to %r0\n");
8446 9037 break;
8447 9038 case DIF_OP_STB:
8448 9039 case DIF_OP_STH:
8449 9040 case DIF_OP_STW:
8450 9041 case DIF_OP_STX:
8451 9042 if (r1 >= nregs)
8452 9043 err += efunc(pc, "invalid register %u\n", r1);
8453 9044 if (r2 != 0)
8454 9045 err += efunc(pc, "non-zero reserved bits\n");
8455 9046 if (rd >= nregs)
8456 9047 err += efunc(pc, "invalid register %u\n", rd);
8457 9048 if (rd == 0)
8458 9049 err += efunc(pc, "cannot write to 0 address\n");
8459 9050 break;
8460 9051 case DIF_OP_CMP:
8461 9052 case DIF_OP_SCMP:
8462 9053 if (r1 >= nregs)
8463 9054 err += efunc(pc, "invalid register %u\n", r1);
8464 9055 if (r2 >= nregs)
8465 9056 err += efunc(pc, "invalid register %u\n", r2);
8466 9057 if (rd != 0)
8467 9058 err += efunc(pc, "non-zero reserved bits\n");
8468 9059 break;
8469 9060 case DIF_OP_TST:
8470 9061 if (r1 >= nregs)
8471 9062 err += efunc(pc, "invalid register %u\n", r1);
8472 9063 if (r2 != 0 || rd != 0)
8473 9064 err += efunc(pc, "non-zero reserved bits\n");
8474 9065 break;
8475 9066 case DIF_OP_BA:
8476 9067 case DIF_OP_BE:
8477 9068 case DIF_OP_BNE:
8478 9069 case DIF_OP_BG:
8479 9070 case DIF_OP_BGU:
8480 9071 case DIF_OP_BGE:
8481 9072 case DIF_OP_BGEU:
8482 9073 case DIF_OP_BL:
8483 9074 case DIF_OP_BLU:
8484 9075 case DIF_OP_BLE:
8485 9076 case DIF_OP_BLEU:
8486 9077 if (label >= dp->dtdo_len) {
8487 9078 err += efunc(pc, "invalid branch target %u\n",
8488 9079 label);
8489 9080 }
8490 9081 if (label <= pc) {
8491 9082 err += efunc(pc, "backward branch to %u\n",
8492 9083 label);
8493 9084 }
8494 9085 break;
8495 9086 case DIF_OP_RET:
8496 9087 if (r1 != 0 || r2 != 0)
8497 9088 err += efunc(pc, "non-zero reserved bits\n");
8498 9089 if (rd >= nregs)
8499 9090 err += efunc(pc, "invalid register %u\n", rd);
8500 9091 break;
8501 9092 case DIF_OP_NOP:
8502 9093 case DIF_OP_POPTS:
8503 9094 case DIF_OP_FLUSHTS:
8504 9095 if (r1 != 0 || r2 != 0 || rd != 0)
8505 9096 err += efunc(pc, "non-zero reserved bits\n");
8506 9097 break;
8507 9098 case DIF_OP_SETX:
8508 9099 if (DIF_INSTR_INTEGER(instr) >= dp->dtdo_intlen) {
8509 9100 err += efunc(pc, "invalid integer ref %u\n",
8510 9101 DIF_INSTR_INTEGER(instr));
8511 9102 }
8512 9103 if (rd >= nregs)
8513 9104 err += efunc(pc, "invalid register %u\n", rd);
8514 9105 if (rd == 0)
8515 9106 err += efunc(pc, "cannot write to %r0\n");
8516 9107 break;
8517 9108 case DIF_OP_SETS:
8518 9109 if (DIF_INSTR_STRING(instr) >= dp->dtdo_strlen) {
8519 9110 err += efunc(pc, "invalid string ref %u\n",
8520 9111 DIF_INSTR_STRING(instr));
8521 9112 }
8522 9113 if (rd >= nregs)
8523 9114 err += efunc(pc, "invalid register %u\n", rd);
8524 9115 if (rd == 0)
8525 9116 err += efunc(pc, "cannot write to %r0\n");
8526 9117 break;
8527 9118 case DIF_OP_LDGA:
8528 9119 case DIF_OP_LDTA:
8529 9120 if (r1 > DIF_VAR_ARRAY_MAX)
8530 9121 err += efunc(pc, "invalid array %u\n", r1);
8531 9122 if (r2 >= nregs)
8532 9123 err += efunc(pc, "invalid register %u\n", r2);
8533 9124 if (rd >= nregs)
8534 9125 err += efunc(pc, "invalid register %u\n", rd);
8535 9126 if (rd == 0)
8536 9127 err += efunc(pc, "cannot write to %r0\n");
8537 9128 break;
8538 9129 case DIF_OP_LDGS:
8539 9130 case DIF_OP_LDTS:
8540 9131 case DIF_OP_LDLS:
8541 9132 case DIF_OP_LDGAA:
8542 9133 case DIF_OP_LDTAA:
8543 9134 if (v < DIF_VAR_OTHER_MIN || v > DIF_VAR_OTHER_MAX)
8544 9135 err += efunc(pc, "invalid variable %u\n", v);
8545 9136 if (rd >= nregs)
8546 9137 err += efunc(pc, "invalid register %u\n", rd);
8547 9138 if (rd == 0)
8548 9139 err += efunc(pc, "cannot write to %r0\n");
8549 9140 break;
8550 9141 case DIF_OP_STGS:
8551 9142 case DIF_OP_STTS:
8552 9143 case DIF_OP_STLS:
8553 9144 case DIF_OP_STGAA:
8554 9145 case DIF_OP_STTAA:
8555 9146 if (v < DIF_VAR_OTHER_UBASE || v > DIF_VAR_OTHER_MAX)
8556 9147 err += efunc(pc, "invalid variable %u\n", v);
8557 9148 if (rs >= nregs)
8558 9149 err += efunc(pc, "invalid register %u\n", rd);
8559 9150 break;
8560 9151 case DIF_OP_CALL:
8561 9152 if (subr > DIF_SUBR_MAX)
8562 9153 err += efunc(pc, "invalid subr %u\n", subr);
8563 9154 if (rd >= nregs)
8564 9155 err += efunc(pc, "invalid register %u\n", rd);
8565 9156 if (rd == 0)
8566 9157 err += efunc(pc, "cannot write to %r0\n");
8567 9158
8568 9159 if (subr == DIF_SUBR_COPYOUT ||
8569 9160 subr == DIF_SUBR_COPYOUTSTR) {
8570 9161 dp->dtdo_destructive = 1;
8571 9162 }
8572 9163
8573 9164 if (subr == DIF_SUBR_GETF) {
8574 9165 /*
8575 9166 * If we have a getf() we need to record that
8576 9167 * in our state. Note that our state can be
8577 9168 * NULL if this is a helper -- but in that
8578 9169 * case, the call to getf() is itself illegal,
8579 9170 * and will be caught (slightly later) when
8580 9171 * the helper is validated.
8581 9172 */
8582 9173 if (vstate->dtvs_state != NULL)
8583 9174 vstate->dtvs_state->dts_getf++;
8584 9175 }
8585 9176
8586 9177 break;
8587 9178 case DIF_OP_PUSHTR:
8588 9179 if (type != DIF_TYPE_STRING && type != DIF_TYPE_CTF)
8589 9180 err += efunc(pc, "invalid ref type %u\n", type);
8590 9181 if (r2 >= nregs)
8591 9182 err += efunc(pc, "invalid register %u\n", r2);
8592 9183 if (rs >= nregs)
8593 9184 err += efunc(pc, "invalid register %u\n", rs);
8594 9185 break;
8595 9186 case DIF_OP_PUSHTV:
8596 9187 if (type != DIF_TYPE_CTF)
8597 9188 err += efunc(pc, "invalid val type %u\n", type);
8598 9189 if (r2 >= nregs)
8599 9190 err += efunc(pc, "invalid register %u\n", r2);
8600 9191 if (rs >= nregs)
8601 9192 err += efunc(pc, "invalid register %u\n", rs);
8602 9193 break;
8603 9194 default:
8604 9195 err += efunc(pc, "invalid opcode %u\n",
8605 9196 DIF_INSTR_OP(instr));
8606 9197 }
8607 9198 }
8608 9199
8609 9200 if (dp->dtdo_len != 0 &&
8610 9201 DIF_INSTR_OP(dp->dtdo_buf[dp->dtdo_len - 1]) != DIF_OP_RET) {
8611 9202 err += efunc(dp->dtdo_len - 1,
8612 9203 "expected 'ret' as last DIF instruction\n");
8613 9204 }
8614 9205
8615 9206 if (!(dp->dtdo_rtype.dtdt_flags & DIF_TF_BYREF)) {
8616 9207 /*
8617 9208 * If we're not returning by reference, the size must be either
8618 9209 * 0 or the size of one of the base types.
8619 9210 */
8620 9211 switch (dp->dtdo_rtype.dtdt_size) {
8621 9212 case 0:
8622 9213 case sizeof (uint8_t):
8623 9214 case sizeof (uint16_t):
8624 9215 case sizeof (uint32_t):
8625 9216 case sizeof (uint64_t):
8626 9217 break;
8627 9218
8628 9219 default:
8629 9220 err += efunc(dp->dtdo_len - 1, "bad return size\n");
8630 9221 }
8631 9222 }
8632 9223
8633 9224 for (i = 0; i < dp->dtdo_varlen && err == 0; i++) {
8634 9225 dtrace_difv_t *v = &dp->dtdo_vartab[i], *existing = NULL;
8635 9226 dtrace_diftype_t *vt, *et;
8636 9227 uint_t id, ndx;
8637 9228
8638 9229 if (v->dtdv_scope != DIFV_SCOPE_GLOBAL &&
8639 9230 v->dtdv_scope != DIFV_SCOPE_THREAD &&
8640 9231 v->dtdv_scope != DIFV_SCOPE_LOCAL) {
8641 9232 err += efunc(i, "unrecognized variable scope %d\n",
8642 9233 v->dtdv_scope);
8643 9234 break;
8644 9235 }
8645 9236
8646 9237 if (v->dtdv_kind != DIFV_KIND_ARRAY &&
8647 9238 v->dtdv_kind != DIFV_KIND_SCALAR) {
8648 9239 err += efunc(i, "unrecognized variable type %d\n",
8649 9240 v->dtdv_kind);
8650 9241 break;
8651 9242 }
8652 9243
8653 9244 if ((id = v->dtdv_id) > DIF_VARIABLE_MAX) {
8654 9245 err += efunc(i, "%d exceeds variable id limit\n", id);
8655 9246 break;
8656 9247 }
8657 9248
8658 9249 if (id < DIF_VAR_OTHER_UBASE)
8659 9250 continue;
8660 9251
8661 9252 /*
8662 9253 * For user-defined variables, we need to check that this
8663 9254 * definition is identical to any previous definition that we
8664 9255 * encountered.
8665 9256 */
8666 9257 ndx = id - DIF_VAR_OTHER_UBASE;
8667 9258
8668 9259 switch (v->dtdv_scope) {
8669 9260 case DIFV_SCOPE_GLOBAL:
8670 9261 if (ndx < vstate->dtvs_nglobals) {
8671 9262 dtrace_statvar_t *svar;
8672 9263
8673 9264 if ((svar = vstate->dtvs_globals[ndx]) != NULL)
8674 9265 existing = &svar->dtsv_var;
8675 9266 }
8676 9267
8677 9268 break;
8678 9269
8679 9270 case DIFV_SCOPE_THREAD:
8680 9271 if (ndx < vstate->dtvs_ntlocals)
8681 9272 existing = &vstate->dtvs_tlocals[ndx];
8682 9273 break;
8683 9274
8684 9275 case DIFV_SCOPE_LOCAL:
8685 9276 if (ndx < vstate->dtvs_nlocals) {
8686 9277 dtrace_statvar_t *svar;
8687 9278
8688 9279 if ((svar = vstate->dtvs_locals[ndx]) != NULL)
8689 9280 existing = &svar->dtsv_var;
8690 9281 }
8691 9282
8692 9283 break;
8693 9284 }
8694 9285
8695 9286 vt = &v->dtdv_type;
8696 9287
8697 9288 if (vt->dtdt_flags & DIF_TF_BYREF) {
8698 9289 if (vt->dtdt_size == 0) {
8699 9290 err += efunc(i, "zero-sized variable\n");
8700 9291 break;
8701 9292 }
8702 9293
8703 9294 if (v->dtdv_scope == DIFV_SCOPE_GLOBAL &&
8704 9295 vt->dtdt_size > dtrace_global_maxsize) {
8705 9296 err += efunc(i, "oversized by-ref global\n");
8706 9297 break;
8707 9298 }
8708 9299 }
8709 9300
8710 9301 if (existing == NULL || existing->dtdv_id == 0)
8711 9302 continue;
8712 9303
8713 9304 ASSERT(existing->dtdv_id == v->dtdv_id);
8714 9305 ASSERT(existing->dtdv_scope == v->dtdv_scope);
8715 9306
8716 9307 if (existing->dtdv_kind != v->dtdv_kind)
8717 9308 err += efunc(i, "%d changed variable kind\n", id);
8718 9309
8719 9310 et = &existing->dtdv_type;
8720 9311
8721 9312 if (vt->dtdt_flags != et->dtdt_flags) {
8722 9313 err += efunc(i, "%d changed variable type flags\n", id);
8723 9314 break;
8724 9315 }
8725 9316
8726 9317 if (vt->dtdt_size != 0 && vt->dtdt_size != et->dtdt_size) {
8727 9318 err += efunc(i, "%d changed variable type size\n", id);
8728 9319 break;
8729 9320 }
8730 9321 }
8731 9322
8732 9323 return (err);
8733 9324 }
8734 9325
8735 9326 /*
8736 9327 * Validate a DTrace DIF object that it is to be used as a helper. Helpers
8737 9328 * are much more constrained than normal DIFOs. Specifically, they may
8738 9329 * not:
8739 9330 *
8740 9331 * 1. Make calls to subroutines other than copyin(), copyinstr() or
8741 9332 * miscellaneous string routines
8742 9333 * 2. Access DTrace variables other than the args[] array, and the
8743 9334 * curthread, pid, ppid, tid, execname, zonename, uid and gid variables.
8744 9335 * 3. Have thread-local variables.
8745 9336 * 4. Have dynamic variables.
8746 9337 */
8747 9338 static int
8748 9339 dtrace_difo_validate_helper(dtrace_difo_t *dp)
8749 9340 {
8750 9341 int (*efunc)(uint_t pc, const char *, ...) = dtrace_difo_err;
8751 9342 int err = 0;
8752 9343 uint_t pc;
8753 9344
8754 9345 for (pc = 0; pc < dp->dtdo_len; pc++) {
8755 9346 dif_instr_t instr = dp->dtdo_buf[pc];
8756 9347
8757 9348 uint_t v = DIF_INSTR_VAR(instr);
8758 9349 uint_t subr = DIF_INSTR_SUBR(instr);
8759 9350 uint_t op = DIF_INSTR_OP(instr);
8760 9351
8761 9352 switch (op) {
8762 9353 case DIF_OP_OR:
8763 9354 case DIF_OP_XOR:
8764 9355 case DIF_OP_AND:
8765 9356 case DIF_OP_SLL:
8766 9357 case DIF_OP_SRL:
8767 9358 case DIF_OP_SRA:
8768 9359 case DIF_OP_SUB:
8769 9360 case DIF_OP_ADD:
8770 9361 case DIF_OP_MUL:
8771 9362 case DIF_OP_SDIV:
8772 9363 case DIF_OP_UDIV:
8773 9364 case DIF_OP_SREM:
8774 9365 case DIF_OP_UREM:
8775 9366 case DIF_OP_COPYS:
8776 9367 case DIF_OP_NOT:
8777 9368 case DIF_OP_MOV:
8778 9369 case DIF_OP_RLDSB:
8779 9370 case DIF_OP_RLDSH:
8780 9371 case DIF_OP_RLDSW:
8781 9372 case DIF_OP_RLDUB:
8782 9373 case DIF_OP_RLDUH:
8783 9374 case DIF_OP_RLDUW:
8784 9375 case DIF_OP_RLDX:
8785 9376 case DIF_OP_ULDSB:
8786 9377 case DIF_OP_ULDSH:
8787 9378 case DIF_OP_ULDSW:
8788 9379 case DIF_OP_ULDUB:
8789 9380 case DIF_OP_ULDUH:
8790 9381 case DIF_OP_ULDUW:
8791 9382 case DIF_OP_ULDX:
8792 9383 case DIF_OP_STB:
8793 9384 case DIF_OP_STH:
8794 9385 case DIF_OP_STW:
8795 9386 case DIF_OP_STX:
8796 9387 case DIF_OP_ALLOCS:
8797 9388 case DIF_OP_CMP:
8798 9389 case DIF_OP_SCMP:
8799 9390 case DIF_OP_TST:
8800 9391 case DIF_OP_BA:
8801 9392 case DIF_OP_BE:
8802 9393 case DIF_OP_BNE:
8803 9394 case DIF_OP_BG:
8804 9395 case DIF_OP_BGU:
8805 9396 case DIF_OP_BGE:
8806 9397 case DIF_OP_BGEU:
8807 9398 case DIF_OP_BL:
8808 9399 case DIF_OP_BLU:
8809 9400 case DIF_OP_BLE:
8810 9401 case DIF_OP_BLEU:
8811 9402 case DIF_OP_RET:
8812 9403 case DIF_OP_NOP:
8813 9404 case DIF_OP_POPTS:
8814 9405 case DIF_OP_FLUSHTS:
8815 9406 case DIF_OP_SETX:
8816 9407 case DIF_OP_SETS:
8817 9408 case DIF_OP_LDGA:
8818 9409 case DIF_OP_LDLS:
8819 9410 case DIF_OP_STGS:
8820 9411 case DIF_OP_STLS:
8821 9412 case DIF_OP_PUSHTR:
8822 9413 case DIF_OP_PUSHTV:
8823 9414 break;
8824 9415
8825 9416 case DIF_OP_LDGS:
8826 9417 if (v >= DIF_VAR_OTHER_UBASE)
8827 9418 break;
8828 9419
8829 9420 if (v >= DIF_VAR_ARG0 && v <= DIF_VAR_ARG9)
8830 9421 break;
8831 9422
8832 9423 if (v == DIF_VAR_CURTHREAD || v == DIF_VAR_PID ||
8833 9424 v == DIF_VAR_PPID || v == DIF_VAR_TID ||
8834 9425 v == DIF_VAR_EXECNAME || v == DIF_VAR_ZONENAME ||
8835 9426 v == DIF_VAR_UID || v == DIF_VAR_GID)
8836 9427 break;
8837 9428
8838 9429 err += efunc(pc, "illegal variable %u\n", v);
8839 9430 break;
8840 9431
8841 9432 case DIF_OP_LDTA:
8842 9433 case DIF_OP_LDTS:
8843 9434 case DIF_OP_LDGAA:
8844 9435 case DIF_OP_LDTAA:
8845 9436 err += efunc(pc, "illegal dynamic variable load\n");
8846 9437 break;
8847 9438
8848 9439 case DIF_OP_STTS:
8849 9440 case DIF_OP_STGAA:
8850 9441 case DIF_OP_STTAA:
8851 9442 err += efunc(pc, "illegal dynamic variable store\n");
8852 9443 break;
8853 9444
|
↓ open down ↓ |
4499 lines elided |
↑ open up ↑ |
8854 9445 case DIF_OP_CALL:
8855 9446 if (subr == DIF_SUBR_ALLOCA ||
8856 9447 subr == DIF_SUBR_BCOPY ||
8857 9448 subr == DIF_SUBR_COPYIN ||
8858 9449 subr == DIF_SUBR_COPYINTO ||
8859 9450 subr == DIF_SUBR_COPYINSTR ||
8860 9451 subr == DIF_SUBR_INDEX ||
8861 9452 subr == DIF_SUBR_INET_NTOA ||
8862 9453 subr == DIF_SUBR_INET_NTOA6 ||
8863 9454 subr == DIF_SUBR_INET_NTOP ||
9455 + subr == DIF_SUBR_JSON ||
8864 9456 subr == DIF_SUBR_LLTOSTR ||
9457 + subr == DIF_SUBR_STRTOLL ||
8865 9458 subr == DIF_SUBR_RINDEX ||
8866 9459 subr == DIF_SUBR_STRCHR ||
8867 9460 subr == DIF_SUBR_STRJOIN ||
8868 9461 subr == DIF_SUBR_STRRCHR ||
8869 9462 subr == DIF_SUBR_STRSTR ||
8870 9463 subr == DIF_SUBR_HTONS ||
8871 9464 subr == DIF_SUBR_HTONL ||
8872 9465 subr == DIF_SUBR_HTONLL ||
8873 9466 subr == DIF_SUBR_NTOHS ||
8874 9467 subr == DIF_SUBR_NTOHL ||
8875 9468 subr == DIF_SUBR_NTOHLL)
8876 9469 break;
8877 9470
8878 9471 err += efunc(pc, "invalid subr %u\n", subr);
8879 9472 break;
8880 9473
8881 9474 default:
8882 9475 err += efunc(pc, "invalid opcode %u\n",
8883 9476 DIF_INSTR_OP(instr));
8884 9477 }
8885 9478 }
8886 9479
8887 9480 return (err);
8888 9481 }
8889 9482
8890 9483 /*
8891 9484 * Returns 1 if the expression in the DIF object can be cached on a per-thread
8892 9485 * basis; 0 if not.
8893 9486 */
8894 9487 static int
8895 9488 dtrace_difo_cacheable(dtrace_difo_t *dp)
8896 9489 {
8897 9490 int i;
8898 9491
8899 9492 if (dp == NULL)
8900 9493 return (0);
8901 9494
8902 9495 for (i = 0; i < dp->dtdo_varlen; i++) {
8903 9496 dtrace_difv_t *v = &dp->dtdo_vartab[i];
8904 9497
8905 9498 if (v->dtdv_scope != DIFV_SCOPE_GLOBAL)
8906 9499 continue;
8907 9500
8908 9501 switch (v->dtdv_id) {
8909 9502 case DIF_VAR_CURTHREAD:
8910 9503 case DIF_VAR_PID:
8911 9504 case DIF_VAR_TID:
8912 9505 case DIF_VAR_EXECNAME:
8913 9506 case DIF_VAR_ZONENAME:
8914 9507 break;
8915 9508
8916 9509 default:
8917 9510 return (0);
8918 9511 }
8919 9512 }
8920 9513
8921 9514 /*
8922 9515 * This DIF object may be cacheable. Now we need to look for any
8923 9516 * array loading instructions, any memory loading instructions, or
8924 9517 * any stores to thread-local variables.
8925 9518 */
8926 9519 for (i = 0; i < dp->dtdo_len; i++) {
8927 9520 uint_t op = DIF_INSTR_OP(dp->dtdo_buf[i]);
8928 9521
8929 9522 if ((op >= DIF_OP_LDSB && op <= DIF_OP_LDX) ||
8930 9523 (op >= DIF_OP_ULDSB && op <= DIF_OP_ULDX) ||
8931 9524 (op >= DIF_OP_RLDSB && op <= DIF_OP_RLDX) ||
8932 9525 op == DIF_OP_LDGA || op == DIF_OP_STTS)
8933 9526 return (0);
8934 9527 }
8935 9528
8936 9529 return (1);
8937 9530 }
8938 9531
8939 9532 static void
8940 9533 dtrace_difo_hold(dtrace_difo_t *dp)
8941 9534 {
8942 9535 int i;
8943 9536
8944 9537 ASSERT(MUTEX_HELD(&dtrace_lock));
8945 9538
8946 9539 dp->dtdo_refcnt++;
8947 9540 ASSERT(dp->dtdo_refcnt != 0);
8948 9541
8949 9542 /*
8950 9543 * We need to check this DIF object for references to the variable
8951 9544 * DIF_VAR_VTIMESTAMP.
8952 9545 */
8953 9546 for (i = 0; i < dp->dtdo_varlen; i++) {
8954 9547 dtrace_difv_t *v = &dp->dtdo_vartab[i];
8955 9548
8956 9549 if (v->dtdv_id != DIF_VAR_VTIMESTAMP)
8957 9550 continue;
8958 9551
8959 9552 if (dtrace_vtime_references++ == 0)
8960 9553 dtrace_vtime_enable();
8961 9554 }
8962 9555 }
8963 9556
8964 9557 /*
8965 9558 * This routine calculates the dynamic variable chunksize for a given DIF
8966 9559 * object. The calculation is not fool-proof, and can probably be tricked by
8967 9560 * malicious DIF -- but it works for all compiler-generated DIF. Because this
8968 9561 * calculation is likely imperfect, dtrace_dynvar() is able to gracefully fail
8969 9562 * if a dynamic variable size exceeds the chunksize.
8970 9563 */
8971 9564 static void
8972 9565 dtrace_difo_chunksize(dtrace_difo_t *dp, dtrace_vstate_t *vstate)
8973 9566 {
8974 9567 uint64_t sval;
8975 9568 dtrace_key_t tupregs[DIF_DTR_NREGS + 2]; /* +2 for thread and id */
8976 9569 const dif_instr_t *text = dp->dtdo_buf;
8977 9570 uint_t pc, srd = 0;
8978 9571 uint_t ttop = 0;
8979 9572 size_t size, ksize;
8980 9573 uint_t id, i;
8981 9574
8982 9575 for (pc = 0; pc < dp->dtdo_len; pc++) {
8983 9576 dif_instr_t instr = text[pc];
8984 9577 uint_t op = DIF_INSTR_OP(instr);
8985 9578 uint_t rd = DIF_INSTR_RD(instr);
8986 9579 uint_t r1 = DIF_INSTR_R1(instr);
8987 9580 uint_t nkeys = 0;
8988 9581 uchar_t scope;
8989 9582
8990 9583 dtrace_key_t *key = tupregs;
8991 9584
8992 9585 switch (op) {
8993 9586 case DIF_OP_SETX:
8994 9587 sval = dp->dtdo_inttab[DIF_INSTR_INTEGER(instr)];
8995 9588 srd = rd;
8996 9589 continue;
8997 9590
8998 9591 case DIF_OP_STTS:
8999 9592 key = &tupregs[DIF_DTR_NREGS];
9000 9593 key[0].dttk_size = 0;
9001 9594 key[1].dttk_size = 0;
9002 9595 nkeys = 2;
9003 9596 scope = DIFV_SCOPE_THREAD;
9004 9597 break;
9005 9598
9006 9599 case DIF_OP_STGAA:
9007 9600 case DIF_OP_STTAA:
9008 9601 nkeys = ttop;
9009 9602
9010 9603 if (DIF_INSTR_OP(instr) == DIF_OP_STTAA)
9011 9604 key[nkeys++].dttk_size = 0;
9012 9605
9013 9606 key[nkeys++].dttk_size = 0;
9014 9607
9015 9608 if (op == DIF_OP_STTAA) {
9016 9609 scope = DIFV_SCOPE_THREAD;
9017 9610 } else {
9018 9611 scope = DIFV_SCOPE_GLOBAL;
9019 9612 }
9020 9613
9021 9614 break;
9022 9615
9023 9616 case DIF_OP_PUSHTR:
9024 9617 if (ttop == DIF_DTR_NREGS)
9025 9618 return;
9026 9619
9027 9620 if ((srd == 0 || sval == 0) && r1 == DIF_TYPE_STRING) {
9028 9621 /*
9029 9622 * If the register for the size of the "pushtr"
9030 9623 * is %r0 (or the value is 0) and the type is
9031 9624 * a string, we'll use the system-wide default
9032 9625 * string size.
9033 9626 */
9034 9627 tupregs[ttop++].dttk_size =
9035 9628 dtrace_strsize_default;
9036 9629 } else {
9037 9630 if (srd == 0)
9038 9631 return;
9039 9632
9040 9633 tupregs[ttop++].dttk_size = sval;
9041 9634 }
9042 9635
9043 9636 break;
9044 9637
9045 9638 case DIF_OP_PUSHTV:
9046 9639 if (ttop == DIF_DTR_NREGS)
9047 9640 return;
9048 9641
9049 9642 tupregs[ttop++].dttk_size = 0;
9050 9643 break;
9051 9644
9052 9645 case DIF_OP_FLUSHTS:
9053 9646 ttop = 0;
9054 9647 break;
9055 9648
9056 9649 case DIF_OP_POPTS:
9057 9650 if (ttop != 0)
9058 9651 ttop--;
9059 9652 break;
9060 9653 }
9061 9654
9062 9655 sval = 0;
9063 9656 srd = 0;
9064 9657
9065 9658 if (nkeys == 0)
9066 9659 continue;
9067 9660
9068 9661 /*
9069 9662 * We have a dynamic variable allocation; calculate its size.
9070 9663 */
9071 9664 for (ksize = 0, i = 0; i < nkeys; i++)
9072 9665 ksize += P2ROUNDUP(key[i].dttk_size, sizeof (uint64_t));
9073 9666
9074 9667 size = sizeof (dtrace_dynvar_t);
9075 9668 size += sizeof (dtrace_key_t) * (nkeys - 1);
9076 9669 size += ksize;
9077 9670
9078 9671 /*
9079 9672 * Now we need to determine the size of the stored data.
9080 9673 */
9081 9674 id = DIF_INSTR_VAR(instr);
9082 9675
9083 9676 for (i = 0; i < dp->dtdo_varlen; i++) {
9084 9677 dtrace_difv_t *v = &dp->dtdo_vartab[i];
9085 9678
9086 9679 if (v->dtdv_id == id && v->dtdv_scope == scope) {
9087 9680 size += v->dtdv_type.dtdt_size;
9088 9681 break;
9089 9682 }
9090 9683 }
9091 9684
9092 9685 if (i == dp->dtdo_varlen)
9093 9686 return;
9094 9687
9095 9688 /*
9096 9689 * We have the size. If this is larger than the chunk size
9097 9690 * for our dynamic variable state, reset the chunk size.
9098 9691 */
9099 9692 size = P2ROUNDUP(size, sizeof (uint64_t));
9100 9693
9101 9694 if (size > vstate->dtvs_dynvars.dtds_chunksize)
9102 9695 vstate->dtvs_dynvars.dtds_chunksize = size;
9103 9696 }
9104 9697 }
9105 9698
9106 9699 static void
9107 9700 dtrace_difo_init(dtrace_difo_t *dp, dtrace_vstate_t *vstate)
9108 9701 {
9109 9702 int i, oldsvars, osz, nsz, otlocals, ntlocals;
9110 9703 uint_t id;
9111 9704
9112 9705 ASSERT(MUTEX_HELD(&dtrace_lock));
9113 9706 ASSERT(dp->dtdo_buf != NULL && dp->dtdo_len != 0);
9114 9707
9115 9708 for (i = 0; i < dp->dtdo_varlen; i++) {
9116 9709 dtrace_difv_t *v = &dp->dtdo_vartab[i];
9117 9710 dtrace_statvar_t *svar, ***svarp;
9118 9711 size_t dsize = 0;
9119 9712 uint8_t scope = v->dtdv_scope;
9120 9713 int *np;
9121 9714
9122 9715 if ((id = v->dtdv_id) < DIF_VAR_OTHER_UBASE)
9123 9716 continue;
9124 9717
9125 9718 id -= DIF_VAR_OTHER_UBASE;
9126 9719
9127 9720 switch (scope) {
9128 9721 case DIFV_SCOPE_THREAD:
9129 9722 while (id >= (otlocals = vstate->dtvs_ntlocals)) {
9130 9723 dtrace_difv_t *tlocals;
9131 9724
9132 9725 if ((ntlocals = (otlocals << 1)) == 0)
9133 9726 ntlocals = 1;
9134 9727
9135 9728 osz = otlocals * sizeof (dtrace_difv_t);
9136 9729 nsz = ntlocals * sizeof (dtrace_difv_t);
9137 9730
9138 9731 tlocals = kmem_zalloc(nsz, KM_SLEEP);
9139 9732
9140 9733 if (osz != 0) {
9141 9734 bcopy(vstate->dtvs_tlocals,
9142 9735 tlocals, osz);
9143 9736 kmem_free(vstate->dtvs_tlocals, osz);
9144 9737 }
9145 9738
9146 9739 vstate->dtvs_tlocals = tlocals;
9147 9740 vstate->dtvs_ntlocals = ntlocals;
9148 9741 }
9149 9742
9150 9743 vstate->dtvs_tlocals[id] = *v;
9151 9744 continue;
9152 9745
9153 9746 case DIFV_SCOPE_LOCAL:
9154 9747 np = &vstate->dtvs_nlocals;
9155 9748 svarp = &vstate->dtvs_locals;
9156 9749
9157 9750 if (v->dtdv_type.dtdt_flags & DIF_TF_BYREF)
9158 9751 dsize = NCPU * (v->dtdv_type.dtdt_size +
9159 9752 sizeof (uint64_t));
9160 9753 else
9161 9754 dsize = NCPU * sizeof (uint64_t);
9162 9755
9163 9756 break;
9164 9757
9165 9758 case DIFV_SCOPE_GLOBAL:
9166 9759 np = &vstate->dtvs_nglobals;
9167 9760 svarp = &vstate->dtvs_globals;
9168 9761
9169 9762 if (v->dtdv_type.dtdt_flags & DIF_TF_BYREF)
9170 9763 dsize = v->dtdv_type.dtdt_size +
9171 9764 sizeof (uint64_t);
9172 9765
9173 9766 break;
9174 9767
9175 9768 default:
9176 9769 ASSERT(0);
9177 9770 }
9178 9771
9179 9772 while (id >= (oldsvars = *np)) {
9180 9773 dtrace_statvar_t **statics;
9181 9774 int newsvars, oldsize, newsize;
9182 9775
9183 9776 if ((newsvars = (oldsvars << 1)) == 0)
9184 9777 newsvars = 1;
9185 9778
9186 9779 oldsize = oldsvars * sizeof (dtrace_statvar_t *);
9187 9780 newsize = newsvars * sizeof (dtrace_statvar_t *);
9188 9781
9189 9782 statics = kmem_zalloc(newsize, KM_SLEEP);
9190 9783
9191 9784 if (oldsize != 0) {
9192 9785 bcopy(*svarp, statics, oldsize);
9193 9786 kmem_free(*svarp, oldsize);
9194 9787 }
9195 9788
9196 9789 *svarp = statics;
9197 9790 *np = newsvars;
9198 9791 }
9199 9792
9200 9793 if ((svar = (*svarp)[id]) == NULL) {
9201 9794 svar = kmem_zalloc(sizeof (dtrace_statvar_t), KM_SLEEP);
9202 9795 svar->dtsv_var = *v;
9203 9796
9204 9797 if ((svar->dtsv_size = dsize) != 0) {
9205 9798 svar->dtsv_data = (uint64_t)(uintptr_t)
9206 9799 kmem_zalloc(dsize, KM_SLEEP);
9207 9800 }
9208 9801
9209 9802 (*svarp)[id] = svar;
9210 9803 }
9211 9804
9212 9805 svar->dtsv_refcnt++;
9213 9806 }
9214 9807
9215 9808 dtrace_difo_chunksize(dp, vstate);
9216 9809 dtrace_difo_hold(dp);
9217 9810 }
9218 9811
9219 9812 static dtrace_difo_t *
9220 9813 dtrace_difo_duplicate(dtrace_difo_t *dp, dtrace_vstate_t *vstate)
9221 9814 {
9222 9815 dtrace_difo_t *new;
9223 9816 size_t sz;
9224 9817
9225 9818 ASSERT(dp->dtdo_buf != NULL);
9226 9819 ASSERT(dp->dtdo_refcnt != 0);
9227 9820
9228 9821 new = kmem_zalloc(sizeof (dtrace_difo_t), KM_SLEEP);
9229 9822
9230 9823 ASSERT(dp->dtdo_buf != NULL);
9231 9824 sz = dp->dtdo_len * sizeof (dif_instr_t);
9232 9825 new->dtdo_buf = kmem_alloc(sz, KM_SLEEP);
9233 9826 bcopy(dp->dtdo_buf, new->dtdo_buf, sz);
9234 9827 new->dtdo_len = dp->dtdo_len;
9235 9828
9236 9829 if (dp->dtdo_strtab != NULL) {
9237 9830 ASSERT(dp->dtdo_strlen != 0);
9238 9831 new->dtdo_strtab = kmem_alloc(dp->dtdo_strlen, KM_SLEEP);
9239 9832 bcopy(dp->dtdo_strtab, new->dtdo_strtab, dp->dtdo_strlen);
9240 9833 new->dtdo_strlen = dp->dtdo_strlen;
9241 9834 }
9242 9835
9243 9836 if (dp->dtdo_inttab != NULL) {
9244 9837 ASSERT(dp->dtdo_intlen != 0);
9245 9838 sz = dp->dtdo_intlen * sizeof (uint64_t);
9246 9839 new->dtdo_inttab = kmem_alloc(sz, KM_SLEEP);
9247 9840 bcopy(dp->dtdo_inttab, new->dtdo_inttab, sz);
9248 9841 new->dtdo_intlen = dp->dtdo_intlen;
9249 9842 }
9250 9843
9251 9844 if (dp->dtdo_vartab != NULL) {
9252 9845 ASSERT(dp->dtdo_varlen != 0);
9253 9846 sz = dp->dtdo_varlen * sizeof (dtrace_difv_t);
9254 9847 new->dtdo_vartab = kmem_alloc(sz, KM_SLEEP);
9255 9848 bcopy(dp->dtdo_vartab, new->dtdo_vartab, sz);
9256 9849 new->dtdo_varlen = dp->dtdo_varlen;
9257 9850 }
9258 9851
9259 9852 dtrace_difo_init(new, vstate);
9260 9853 return (new);
9261 9854 }
9262 9855
9263 9856 static void
9264 9857 dtrace_difo_destroy(dtrace_difo_t *dp, dtrace_vstate_t *vstate)
9265 9858 {
9266 9859 int i;
9267 9860
9268 9861 ASSERT(dp->dtdo_refcnt == 0);
9269 9862
9270 9863 for (i = 0; i < dp->dtdo_varlen; i++) {
9271 9864 dtrace_difv_t *v = &dp->dtdo_vartab[i];
9272 9865 dtrace_statvar_t *svar, **svarp;
9273 9866 uint_t id;
9274 9867 uint8_t scope = v->dtdv_scope;
9275 9868 int *np;
9276 9869
9277 9870 switch (scope) {
9278 9871 case DIFV_SCOPE_THREAD:
9279 9872 continue;
9280 9873
9281 9874 case DIFV_SCOPE_LOCAL:
9282 9875 np = &vstate->dtvs_nlocals;
9283 9876 svarp = vstate->dtvs_locals;
9284 9877 break;
9285 9878
9286 9879 case DIFV_SCOPE_GLOBAL:
9287 9880 np = &vstate->dtvs_nglobals;
9288 9881 svarp = vstate->dtvs_globals;
9289 9882 break;
9290 9883
9291 9884 default:
9292 9885 ASSERT(0);
9293 9886 }
9294 9887
9295 9888 if ((id = v->dtdv_id) < DIF_VAR_OTHER_UBASE)
9296 9889 continue;
9297 9890
9298 9891 id -= DIF_VAR_OTHER_UBASE;
9299 9892 ASSERT(id < *np);
9300 9893
9301 9894 svar = svarp[id];
9302 9895 ASSERT(svar != NULL);
9303 9896 ASSERT(svar->dtsv_refcnt > 0);
9304 9897
9305 9898 if (--svar->dtsv_refcnt > 0)
9306 9899 continue;
9307 9900
9308 9901 if (svar->dtsv_size != 0) {
9309 9902 ASSERT(svar->dtsv_data != NULL);
9310 9903 kmem_free((void *)(uintptr_t)svar->dtsv_data,
9311 9904 svar->dtsv_size);
9312 9905 }
9313 9906
9314 9907 kmem_free(svar, sizeof (dtrace_statvar_t));
9315 9908 svarp[id] = NULL;
9316 9909 }
9317 9910
9318 9911 kmem_free(dp->dtdo_buf, dp->dtdo_len * sizeof (dif_instr_t));
9319 9912 kmem_free(dp->dtdo_inttab, dp->dtdo_intlen * sizeof (uint64_t));
9320 9913 kmem_free(dp->dtdo_strtab, dp->dtdo_strlen);
9321 9914 kmem_free(dp->dtdo_vartab, dp->dtdo_varlen * sizeof (dtrace_difv_t));
9322 9915
9323 9916 kmem_free(dp, sizeof (dtrace_difo_t));
9324 9917 }
9325 9918
9326 9919 static void
9327 9920 dtrace_difo_release(dtrace_difo_t *dp, dtrace_vstate_t *vstate)
9328 9921 {
9329 9922 int i;
9330 9923
9331 9924 ASSERT(MUTEX_HELD(&dtrace_lock));
9332 9925 ASSERT(dp->dtdo_refcnt != 0);
9333 9926
9334 9927 for (i = 0; i < dp->dtdo_varlen; i++) {
9335 9928 dtrace_difv_t *v = &dp->dtdo_vartab[i];
9336 9929
9337 9930 if (v->dtdv_id != DIF_VAR_VTIMESTAMP)
9338 9931 continue;
9339 9932
9340 9933 ASSERT(dtrace_vtime_references > 0);
9341 9934 if (--dtrace_vtime_references == 0)
9342 9935 dtrace_vtime_disable();
9343 9936 }
9344 9937
9345 9938 if (--dp->dtdo_refcnt == 0)
9346 9939 dtrace_difo_destroy(dp, vstate);
9347 9940 }
9348 9941
9349 9942 /*
9350 9943 * DTrace Format Functions
9351 9944 */
9352 9945 static uint16_t
9353 9946 dtrace_format_add(dtrace_state_t *state, char *str)
9354 9947 {
9355 9948 char *fmt, **new;
9356 9949 uint16_t ndx, len = strlen(str) + 1;
9357 9950
9358 9951 fmt = kmem_zalloc(len, KM_SLEEP);
9359 9952 bcopy(str, fmt, len);
9360 9953
9361 9954 for (ndx = 0; ndx < state->dts_nformats; ndx++) {
9362 9955 if (state->dts_formats[ndx] == NULL) {
9363 9956 state->dts_formats[ndx] = fmt;
9364 9957 return (ndx + 1);
9365 9958 }
9366 9959 }
9367 9960
9368 9961 if (state->dts_nformats == USHRT_MAX) {
9369 9962 /*
9370 9963 * This is only likely if a denial-of-service attack is being
9371 9964 * attempted. As such, it's okay to fail silently here.
9372 9965 */
9373 9966 kmem_free(fmt, len);
9374 9967 return (0);
9375 9968 }
9376 9969
9377 9970 /*
9378 9971 * For simplicity, we always resize the formats array to be exactly the
9379 9972 * number of formats.
9380 9973 */
9381 9974 ndx = state->dts_nformats++;
9382 9975 new = kmem_alloc((ndx + 1) * sizeof (char *), KM_SLEEP);
9383 9976
9384 9977 if (state->dts_formats != NULL) {
9385 9978 ASSERT(ndx != 0);
9386 9979 bcopy(state->dts_formats, new, ndx * sizeof (char *));
9387 9980 kmem_free(state->dts_formats, ndx * sizeof (char *));
9388 9981 }
9389 9982
9390 9983 state->dts_formats = new;
9391 9984 state->dts_formats[ndx] = fmt;
9392 9985
9393 9986 return (ndx + 1);
9394 9987 }
9395 9988
9396 9989 static void
9397 9990 dtrace_format_remove(dtrace_state_t *state, uint16_t format)
9398 9991 {
9399 9992 char *fmt;
9400 9993
9401 9994 ASSERT(state->dts_formats != NULL);
9402 9995 ASSERT(format <= state->dts_nformats);
9403 9996 ASSERT(state->dts_formats[format - 1] != NULL);
9404 9997
9405 9998 fmt = state->dts_formats[format - 1];
9406 9999 kmem_free(fmt, strlen(fmt) + 1);
9407 10000 state->dts_formats[format - 1] = NULL;
9408 10001 }
9409 10002
9410 10003 static void
9411 10004 dtrace_format_destroy(dtrace_state_t *state)
9412 10005 {
9413 10006 int i;
9414 10007
9415 10008 if (state->dts_nformats == 0) {
9416 10009 ASSERT(state->dts_formats == NULL);
9417 10010 return;
9418 10011 }
9419 10012
9420 10013 ASSERT(state->dts_formats != NULL);
9421 10014
9422 10015 for (i = 0; i < state->dts_nformats; i++) {
9423 10016 char *fmt = state->dts_formats[i];
9424 10017
9425 10018 if (fmt == NULL)
9426 10019 continue;
9427 10020
9428 10021 kmem_free(fmt, strlen(fmt) + 1);
9429 10022 }
9430 10023
9431 10024 kmem_free(state->dts_formats, state->dts_nformats * sizeof (char *));
9432 10025 state->dts_nformats = 0;
9433 10026 state->dts_formats = NULL;
9434 10027 }
9435 10028
9436 10029 /*
9437 10030 * DTrace Predicate Functions
9438 10031 */
9439 10032 static dtrace_predicate_t *
9440 10033 dtrace_predicate_create(dtrace_difo_t *dp)
9441 10034 {
9442 10035 dtrace_predicate_t *pred;
9443 10036
9444 10037 ASSERT(MUTEX_HELD(&dtrace_lock));
9445 10038 ASSERT(dp->dtdo_refcnt != 0);
9446 10039
9447 10040 pred = kmem_zalloc(sizeof (dtrace_predicate_t), KM_SLEEP);
9448 10041 pred->dtp_difo = dp;
9449 10042 pred->dtp_refcnt = 1;
9450 10043
9451 10044 if (!dtrace_difo_cacheable(dp))
9452 10045 return (pred);
9453 10046
9454 10047 if (dtrace_predcache_id == DTRACE_CACHEIDNONE) {
9455 10048 /*
9456 10049 * This is only theoretically possible -- we have had 2^32
9457 10050 * cacheable predicates on this machine. We cannot allow any
9458 10051 * more predicates to become cacheable: as unlikely as it is,
9459 10052 * there may be a thread caching a (now stale) predicate cache
9460 10053 * ID. (N.B.: the temptation is being successfully resisted to
9461 10054 * have this cmn_err() "Holy shit -- we executed this code!")
9462 10055 */
9463 10056 return (pred);
9464 10057 }
9465 10058
9466 10059 pred->dtp_cacheid = dtrace_predcache_id++;
9467 10060
9468 10061 return (pred);
9469 10062 }
9470 10063
9471 10064 static void
9472 10065 dtrace_predicate_hold(dtrace_predicate_t *pred)
9473 10066 {
9474 10067 ASSERT(MUTEX_HELD(&dtrace_lock));
9475 10068 ASSERT(pred->dtp_difo != NULL && pred->dtp_difo->dtdo_refcnt != 0);
9476 10069 ASSERT(pred->dtp_refcnt > 0);
9477 10070
9478 10071 pred->dtp_refcnt++;
9479 10072 }
9480 10073
9481 10074 static void
9482 10075 dtrace_predicate_release(dtrace_predicate_t *pred, dtrace_vstate_t *vstate)
9483 10076 {
9484 10077 dtrace_difo_t *dp = pred->dtp_difo;
9485 10078
9486 10079 ASSERT(MUTEX_HELD(&dtrace_lock));
9487 10080 ASSERT(dp != NULL && dp->dtdo_refcnt != 0);
9488 10081 ASSERT(pred->dtp_refcnt > 0);
9489 10082
9490 10083 if (--pred->dtp_refcnt == 0) {
9491 10084 dtrace_difo_release(pred->dtp_difo, vstate);
9492 10085 kmem_free(pred, sizeof (dtrace_predicate_t));
9493 10086 }
9494 10087 }
9495 10088
9496 10089 /*
9497 10090 * DTrace Action Description Functions
9498 10091 */
9499 10092 static dtrace_actdesc_t *
9500 10093 dtrace_actdesc_create(dtrace_actkind_t kind, uint32_t ntuple,
9501 10094 uint64_t uarg, uint64_t arg)
9502 10095 {
9503 10096 dtrace_actdesc_t *act;
9504 10097
9505 10098 ASSERT(!DTRACEACT_ISPRINTFLIKE(kind) || (arg != NULL &&
9506 10099 arg >= KERNELBASE) || (arg == NULL && kind == DTRACEACT_PRINTA));
9507 10100
9508 10101 act = kmem_zalloc(sizeof (dtrace_actdesc_t), KM_SLEEP);
9509 10102 act->dtad_kind = kind;
9510 10103 act->dtad_ntuple = ntuple;
9511 10104 act->dtad_uarg = uarg;
9512 10105 act->dtad_arg = arg;
9513 10106 act->dtad_refcnt = 1;
9514 10107
9515 10108 return (act);
9516 10109 }
9517 10110
9518 10111 static void
9519 10112 dtrace_actdesc_hold(dtrace_actdesc_t *act)
9520 10113 {
9521 10114 ASSERT(act->dtad_refcnt >= 1);
9522 10115 act->dtad_refcnt++;
9523 10116 }
9524 10117
9525 10118 static void
9526 10119 dtrace_actdesc_release(dtrace_actdesc_t *act, dtrace_vstate_t *vstate)
9527 10120 {
9528 10121 dtrace_actkind_t kind = act->dtad_kind;
9529 10122 dtrace_difo_t *dp;
9530 10123
9531 10124 ASSERT(act->dtad_refcnt >= 1);
9532 10125
9533 10126 if (--act->dtad_refcnt != 0)
9534 10127 return;
9535 10128
9536 10129 if ((dp = act->dtad_difo) != NULL)
9537 10130 dtrace_difo_release(dp, vstate);
9538 10131
9539 10132 if (DTRACEACT_ISPRINTFLIKE(kind)) {
9540 10133 char *str = (char *)(uintptr_t)act->dtad_arg;
9541 10134
9542 10135 ASSERT((str != NULL && (uintptr_t)str >= KERNELBASE) ||
9543 10136 (str == NULL && act->dtad_kind == DTRACEACT_PRINTA));
9544 10137
9545 10138 if (str != NULL)
9546 10139 kmem_free(str, strlen(str) + 1);
9547 10140 }
9548 10141
9549 10142 kmem_free(act, sizeof (dtrace_actdesc_t));
9550 10143 }
9551 10144
9552 10145 /*
9553 10146 * DTrace ECB Functions
9554 10147 */
9555 10148 static dtrace_ecb_t *
9556 10149 dtrace_ecb_add(dtrace_state_t *state, dtrace_probe_t *probe)
9557 10150 {
9558 10151 dtrace_ecb_t *ecb;
9559 10152 dtrace_epid_t epid;
9560 10153
9561 10154 ASSERT(MUTEX_HELD(&dtrace_lock));
9562 10155
9563 10156 ecb = kmem_zalloc(sizeof (dtrace_ecb_t), KM_SLEEP);
9564 10157 ecb->dte_predicate = NULL;
9565 10158 ecb->dte_probe = probe;
9566 10159
9567 10160 /*
9568 10161 * The default size is the size of the default action: recording
9569 10162 * the header.
9570 10163 */
9571 10164 ecb->dte_size = ecb->dte_needed = sizeof (dtrace_rechdr_t);
9572 10165 ecb->dte_alignment = sizeof (dtrace_epid_t);
9573 10166
9574 10167 epid = state->dts_epid++;
9575 10168
9576 10169 if (epid - 1 >= state->dts_necbs) {
9577 10170 dtrace_ecb_t **oecbs = state->dts_ecbs, **ecbs;
9578 10171 int necbs = state->dts_necbs << 1;
9579 10172
9580 10173 ASSERT(epid == state->dts_necbs + 1);
9581 10174
9582 10175 if (necbs == 0) {
9583 10176 ASSERT(oecbs == NULL);
9584 10177 necbs = 1;
9585 10178 }
9586 10179
9587 10180 ecbs = kmem_zalloc(necbs * sizeof (*ecbs), KM_SLEEP);
9588 10181
9589 10182 if (oecbs != NULL)
9590 10183 bcopy(oecbs, ecbs, state->dts_necbs * sizeof (*ecbs));
9591 10184
9592 10185 dtrace_membar_producer();
9593 10186 state->dts_ecbs = ecbs;
9594 10187
9595 10188 if (oecbs != NULL) {
9596 10189 /*
9597 10190 * If this state is active, we must dtrace_sync()
9598 10191 * before we can free the old dts_ecbs array: we're
9599 10192 * coming in hot, and there may be active ring
9600 10193 * buffer processing (which indexes into the dts_ecbs
9601 10194 * array) on another CPU.
9602 10195 */
9603 10196 if (state->dts_activity != DTRACE_ACTIVITY_INACTIVE)
9604 10197 dtrace_sync();
9605 10198
9606 10199 kmem_free(oecbs, state->dts_necbs * sizeof (*ecbs));
9607 10200 }
9608 10201
9609 10202 dtrace_membar_producer();
9610 10203 state->dts_necbs = necbs;
9611 10204 }
9612 10205
9613 10206 ecb->dte_state = state;
9614 10207
9615 10208 ASSERT(state->dts_ecbs[epid - 1] == NULL);
9616 10209 dtrace_membar_producer();
9617 10210 state->dts_ecbs[(ecb->dte_epid = epid) - 1] = ecb;
9618 10211
9619 10212 return (ecb);
9620 10213 }
9621 10214
9622 10215 static int
9623 10216 dtrace_ecb_enable(dtrace_ecb_t *ecb)
9624 10217 {
9625 10218 dtrace_probe_t *probe = ecb->dte_probe;
9626 10219
9627 10220 ASSERT(MUTEX_HELD(&cpu_lock));
9628 10221 ASSERT(MUTEX_HELD(&dtrace_lock));
9629 10222 ASSERT(ecb->dte_next == NULL);
9630 10223
9631 10224 if (probe == NULL) {
9632 10225 /*
9633 10226 * This is the NULL probe -- there's nothing to do.
9634 10227 */
9635 10228 return (0);
9636 10229 }
9637 10230
9638 10231 if (probe->dtpr_ecb == NULL) {
9639 10232 dtrace_provider_t *prov = probe->dtpr_provider;
9640 10233
9641 10234 /*
9642 10235 * We're the first ECB on this probe.
9643 10236 */
9644 10237 probe->dtpr_ecb = probe->dtpr_ecb_last = ecb;
9645 10238
9646 10239 if (ecb->dte_predicate != NULL)
9647 10240 probe->dtpr_predcache = ecb->dte_predicate->dtp_cacheid;
9648 10241
9649 10242 return (prov->dtpv_pops.dtps_enable(prov->dtpv_arg,
9650 10243 probe->dtpr_id, probe->dtpr_arg));
9651 10244 } else {
9652 10245 /*
9653 10246 * This probe is already active. Swing the last pointer to
9654 10247 * point to the new ECB, and issue a dtrace_sync() to assure
9655 10248 * that all CPUs have seen the change.
9656 10249 */
9657 10250 ASSERT(probe->dtpr_ecb_last != NULL);
9658 10251 probe->dtpr_ecb_last->dte_next = ecb;
9659 10252 probe->dtpr_ecb_last = ecb;
9660 10253 probe->dtpr_predcache = 0;
9661 10254
9662 10255 dtrace_sync();
9663 10256 return (0);
9664 10257 }
9665 10258 }
9666 10259
9667 10260 static void
9668 10261 dtrace_ecb_resize(dtrace_ecb_t *ecb)
9669 10262 {
9670 10263 dtrace_action_t *act;
9671 10264 uint32_t curneeded = UINT32_MAX;
9672 10265 uint32_t aggbase = UINT32_MAX;
9673 10266
9674 10267 /*
9675 10268 * If we record anything, we always record the dtrace_rechdr_t. (And
9676 10269 * we always record it first.)
9677 10270 */
9678 10271 ecb->dte_size = sizeof (dtrace_rechdr_t);
9679 10272 ecb->dte_alignment = sizeof (dtrace_epid_t);
9680 10273
9681 10274 for (act = ecb->dte_action; act != NULL; act = act->dta_next) {
9682 10275 dtrace_recdesc_t *rec = &act->dta_rec;
9683 10276 ASSERT(rec->dtrd_size > 0 || rec->dtrd_alignment == 1);
9684 10277
9685 10278 ecb->dte_alignment = MAX(ecb->dte_alignment,
9686 10279 rec->dtrd_alignment);
9687 10280
9688 10281 if (DTRACEACT_ISAGG(act->dta_kind)) {
9689 10282 dtrace_aggregation_t *agg = (dtrace_aggregation_t *)act;
9690 10283
9691 10284 ASSERT(rec->dtrd_size != 0);
9692 10285 ASSERT(agg->dtag_first != NULL);
9693 10286 ASSERT(act->dta_prev->dta_intuple);
9694 10287 ASSERT(aggbase != UINT32_MAX);
9695 10288 ASSERT(curneeded != UINT32_MAX);
9696 10289
9697 10290 agg->dtag_base = aggbase;
9698 10291
9699 10292 curneeded = P2ROUNDUP(curneeded, rec->dtrd_alignment);
9700 10293 rec->dtrd_offset = curneeded;
9701 10294 curneeded += rec->dtrd_size;
9702 10295 ecb->dte_needed = MAX(ecb->dte_needed, curneeded);
9703 10296
9704 10297 aggbase = UINT32_MAX;
9705 10298 curneeded = UINT32_MAX;
9706 10299 } else if (act->dta_intuple) {
9707 10300 if (curneeded == UINT32_MAX) {
9708 10301 /*
9709 10302 * This is the first record in a tuple. Align
9710 10303 * curneeded to be at offset 4 in an 8-byte
9711 10304 * aligned block.
9712 10305 */
9713 10306 ASSERT(act->dta_prev == NULL ||
9714 10307 !act->dta_prev->dta_intuple);
9715 10308 ASSERT3U(aggbase, ==, UINT32_MAX);
9716 10309 curneeded = P2PHASEUP(ecb->dte_size,
9717 10310 sizeof (uint64_t), sizeof (dtrace_aggid_t));
9718 10311
9719 10312 aggbase = curneeded - sizeof (dtrace_aggid_t);
9720 10313 ASSERT(IS_P2ALIGNED(aggbase,
9721 10314 sizeof (uint64_t)));
9722 10315 }
9723 10316 curneeded = P2ROUNDUP(curneeded, rec->dtrd_alignment);
9724 10317 rec->dtrd_offset = curneeded;
9725 10318 curneeded += rec->dtrd_size;
9726 10319 } else {
9727 10320 /* tuples must be followed by an aggregation */
9728 10321 ASSERT(act->dta_prev == NULL ||
9729 10322 !act->dta_prev->dta_intuple);
9730 10323
9731 10324 ecb->dte_size = P2ROUNDUP(ecb->dte_size,
9732 10325 rec->dtrd_alignment);
9733 10326 rec->dtrd_offset = ecb->dte_size;
9734 10327 ecb->dte_size += rec->dtrd_size;
9735 10328 ecb->dte_needed = MAX(ecb->dte_needed, ecb->dte_size);
9736 10329 }
9737 10330 }
9738 10331
9739 10332 if ((act = ecb->dte_action) != NULL &&
9740 10333 !(act->dta_kind == DTRACEACT_SPECULATE && act->dta_next == NULL) &&
9741 10334 ecb->dte_size == sizeof (dtrace_rechdr_t)) {
9742 10335 /*
9743 10336 * If the size is still sizeof (dtrace_rechdr_t), then all
9744 10337 * actions store no data; set the size to 0.
9745 10338 */
9746 10339 ecb->dte_size = 0;
9747 10340 }
9748 10341
9749 10342 ecb->dte_size = P2ROUNDUP(ecb->dte_size, sizeof (dtrace_epid_t));
9750 10343 ecb->dte_needed = P2ROUNDUP(ecb->dte_needed, (sizeof (dtrace_epid_t)));
9751 10344 ecb->dte_state->dts_needed = MAX(ecb->dte_state->dts_needed,
9752 10345 ecb->dte_needed);
9753 10346 }
9754 10347
9755 10348 static dtrace_action_t *
9756 10349 dtrace_ecb_aggregation_create(dtrace_ecb_t *ecb, dtrace_actdesc_t *desc)
9757 10350 {
9758 10351 dtrace_aggregation_t *agg;
9759 10352 size_t size = sizeof (uint64_t);
9760 10353 int ntuple = desc->dtad_ntuple;
9761 10354 dtrace_action_t *act;
9762 10355 dtrace_recdesc_t *frec;
9763 10356 dtrace_aggid_t aggid;
9764 10357 dtrace_state_t *state = ecb->dte_state;
9765 10358
9766 10359 agg = kmem_zalloc(sizeof (dtrace_aggregation_t), KM_SLEEP);
9767 10360 agg->dtag_ecb = ecb;
9768 10361
9769 10362 ASSERT(DTRACEACT_ISAGG(desc->dtad_kind));
9770 10363
9771 10364 switch (desc->dtad_kind) {
9772 10365 case DTRACEAGG_MIN:
9773 10366 agg->dtag_initial = INT64_MAX;
9774 10367 agg->dtag_aggregate = dtrace_aggregate_min;
9775 10368 break;
9776 10369
9777 10370 case DTRACEAGG_MAX:
9778 10371 agg->dtag_initial = INT64_MIN;
9779 10372 agg->dtag_aggregate = dtrace_aggregate_max;
9780 10373 break;
9781 10374
9782 10375 case DTRACEAGG_COUNT:
9783 10376 agg->dtag_aggregate = dtrace_aggregate_count;
9784 10377 break;
9785 10378
9786 10379 case DTRACEAGG_QUANTIZE:
9787 10380 agg->dtag_aggregate = dtrace_aggregate_quantize;
9788 10381 size = (((sizeof (uint64_t) * NBBY) - 1) * 2 + 1) *
9789 10382 sizeof (uint64_t);
9790 10383 break;
9791 10384
9792 10385 case DTRACEAGG_LQUANTIZE: {
9793 10386 uint16_t step = DTRACE_LQUANTIZE_STEP(desc->dtad_arg);
9794 10387 uint16_t levels = DTRACE_LQUANTIZE_LEVELS(desc->dtad_arg);
9795 10388
9796 10389 agg->dtag_initial = desc->dtad_arg;
9797 10390 agg->dtag_aggregate = dtrace_aggregate_lquantize;
9798 10391
9799 10392 if (step == 0 || levels == 0)
9800 10393 goto err;
9801 10394
9802 10395 size = levels * sizeof (uint64_t) + 3 * sizeof (uint64_t);
9803 10396 break;
9804 10397 }
9805 10398
9806 10399 case DTRACEAGG_LLQUANTIZE: {
9807 10400 uint16_t factor = DTRACE_LLQUANTIZE_FACTOR(desc->dtad_arg);
9808 10401 uint16_t low = DTRACE_LLQUANTIZE_LOW(desc->dtad_arg);
9809 10402 uint16_t high = DTRACE_LLQUANTIZE_HIGH(desc->dtad_arg);
9810 10403 uint16_t nsteps = DTRACE_LLQUANTIZE_NSTEP(desc->dtad_arg);
9811 10404 int64_t v;
9812 10405
9813 10406 agg->dtag_initial = desc->dtad_arg;
9814 10407 agg->dtag_aggregate = dtrace_aggregate_llquantize;
9815 10408
9816 10409 if (factor < 2 || low >= high || nsteps < factor)
9817 10410 goto err;
9818 10411
9819 10412 /*
9820 10413 * Now check that the number of steps evenly divides a power
9821 10414 * of the factor. (This assures both integer bucket size and
9822 10415 * linearity within each magnitude.)
9823 10416 */
9824 10417 for (v = factor; v < nsteps; v *= factor)
9825 10418 continue;
9826 10419
9827 10420 if ((v % nsteps) || (nsteps % factor))
9828 10421 goto err;
9829 10422
9830 10423 size = (dtrace_aggregate_llquantize_bucket(factor,
9831 10424 low, high, nsteps, INT64_MAX) + 2) * sizeof (uint64_t);
9832 10425 break;
9833 10426 }
9834 10427
9835 10428 case DTRACEAGG_AVG:
9836 10429 agg->dtag_aggregate = dtrace_aggregate_avg;
9837 10430 size = sizeof (uint64_t) * 2;
9838 10431 break;
9839 10432
9840 10433 case DTRACEAGG_STDDEV:
9841 10434 agg->dtag_aggregate = dtrace_aggregate_stddev;
9842 10435 size = sizeof (uint64_t) * 4;
9843 10436 break;
9844 10437
9845 10438 case DTRACEAGG_SUM:
9846 10439 agg->dtag_aggregate = dtrace_aggregate_sum;
9847 10440 break;
9848 10441
9849 10442 default:
9850 10443 goto err;
9851 10444 }
9852 10445
9853 10446 agg->dtag_action.dta_rec.dtrd_size = size;
9854 10447
9855 10448 if (ntuple == 0)
9856 10449 goto err;
9857 10450
9858 10451 /*
9859 10452 * We must make sure that we have enough actions for the n-tuple.
9860 10453 */
9861 10454 for (act = ecb->dte_action_last; act != NULL; act = act->dta_prev) {
9862 10455 if (DTRACEACT_ISAGG(act->dta_kind))
9863 10456 break;
9864 10457
9865 10458 if (--ntuple == 0) {
9866 10459 /*
9867 10460 * This is the action with which our n-tuple begins.
9868 10461 */
9869 10462 agg->dtag_first = act;
9870 10463 goto success;
9871 10464 }
9872 10465 }
9873 10466
9874 10467 /*
9875 10468 * This n-tuple is short by ntuple elements. Return failure.
9876 10469 */
9877 10470 ASSERT(ntuple != 0);
9878 10471 err:
9879 10472 kmem_free(agg, sizeof (dtrace_aggregation_t));
9880 10473 return (NULL);
9881 10474
9882 10475 success:
9883 10476 /*
9884 10477 * If the last action in the tuple has a size of zero, it's actually
9885 10478 * an expression argument for the aggregating action.
9886 10479 */
9887 10480 ASSERT(ecb->dte_action_last != NULL);
9888 10481 act = ecb->dte_action_last;
9889 10482
9890 10483 if (act->dta_kind == DTRACEACT_DIFEXPR) {
9891 10484 ASSERT(act->dta_difo != NULL);
9892 10485
9893 10486 if (act->dta_difo->dtdo_rtype.dtdt_size == 0)
9894 10487 agg->dtag_hasarg = 1;
9895 10488 }
9896 10489
9897 10490 /*
9898 10491 * We need to allocate an id for this aggregation.
9899 10492 */
9900 10493 aggid = (dtrace_aggid_t)(uintptr_t)vmem_alloc(state->dts_aggid_arena, 1,
9901 10494 VM_BESTFIT | VM_SLEEP);
9902 10495
9903 10496 if (aggid - 1 >= state->dts_naggregations) {
9904 10497 dtrace_aggregation_t **oaggs = state->dts_aggregations;
9905 10498 dtrace_aggregation_t **aggs;
9906 10499 int naggs = state->dts_naggregations << 1;
9907 10500 int onaggs = state->dts_naggregations;
9908 10501
9909 10502 ASSERT(aggid == state->dts_naggregations + 1);
9910 10503
9911 10504 if (naggs == 0) {
9912 10505 ASSERT(oaggs == NULL);
9913 10506 naggs = 1;
9914 10507 }
9915 10508
9916 10509 aggs = kmem_zalloc(naggs * sizeof (*aggs), KM_SLEEP);
9917 10510
9918 10511 if (oaggs != NULL) {
9919 10512 bcopy(oaggs, aggs, onaggs * sizeof (*aggs));
9920 10513 kmem_free(oaggs, onaggs * sizeof (*aggs));
9921 10514 }
9922 10515
9923 10516 state->dts_aggregations = aggs;
9924 10517 state->dts_naggregations = naggs;
9925 10518 }
9926 10519
9927 10520 ASSERT(state->dts_aggregations[aggid - 1] == NULL);
9928 10521 state->dts_aggregations[(agg->dtag_id = aggid) - 1] = agg;
9929 10522
9930 10523 frec = &agg->dtag_first->dta_rec;
9931 10524 if (frec->dtrd_alignment < sizeof (dtrace_aggid_t))
9932 10525 frec->dtrd_alignment = sizeof (dtrace_aggid_t);
9933 10526
9934 10527 for (act = agg->dtag_first; act != NULL; act = act->dta_next) {
9935 10528 ASSERT(!act->dta_intuple);
9936 10529 act->dta_intuple = 1;
9937 10530 }
9938 10531
9939 10532 return (&agg->dtag_action);
9940 10533 }
9941 10534
9942 10535 static void
9943 10536 dtrace_ecb_aggregation_destroy(dtrace_ecb_t *ecb, dtrace_action_t *act)
9944 10537 {
9945 10538 dtrace_aggregation_t *agg = (dtrace_aggregation_t *)act;
9946 10539 dtrace_state_t *state = ecb->dte_state;
9947 10540 dtrace_aggid_t aggid = agg->dtag_id;
9948 10541
9949 10542 ASSERT(DTRACEACT_ISAGG(act->dta_kind));
9950 10543 vmem_free(state->dts_aggid_arena, (void *)(uintptr_t)aggid, 1);
9951 10544
9952 10545 ASSERT(state->dts_aggregations[aggid - 1] == agg);
9953 10546 state->dts_aggregations[aggid - 1] = NULL;
9954 10547
9955 10548 kmem_free(agg, sizeof (dtrace_aggregation_t));
9956 10549 }
9957 10550
9958 10551 static int
9959 10552 dtrace_ecb_action_add(dtrace_ecb_t *ecb, dtrace_actdesc_t *desc)
9960 10553 {
9961 10554 dtrace_action_t *action, *last;
9962 10555 dtrace_difo_t *dp = desc->dtad_difo;
9963 10556 uint32_t size = 0, align = sizeof (uint8_t), mask;
9964 10557 uint16_t format = 0;
9965 10558 dtrace_recdesc_t *rec;
9966 10559 dtrace_state_t *state = ecb->dte_state;
9967 10560 dtrace_optval_t *opt = state->dts_options, nframes, strsize;
9968 10561 uint64_t arg = desc->dtad_arg;
9969 10562
9970 10563 ASSERT(MUTEX_HELD(&dtrace_lock));
9971 10564 ASSERT(ecb->dte_action == NULL || ecb->dte_action->dta_refcnt == 1);
9972 10565
9973 10566 if (DTRACEACT_ISAGG(desc->dtad_kind)) {
9974 10567 /*
9975 10568 * If this is an aggregating action, there must be neither
9976 10569 * a speculate nor a commit on the action chain.
9977 10570 */
9978 10571 dtrace_action_t *act;
9979 10572
9980 10573 for (act = ecb->dte_action; act != NULL; act = act->dta_next) {
9981 10574 if (act->dta_kind == DTRACEACT_COMMIT)
9982 10575 return (EINVAL);
9983 10576
9984 10577 if (act->dta_kind == DTRACEACT_SPECULATE)
9985 10578 return (EINVAL);
9986 10579 }
9987 10580
9988 10581 action = dtrace_ecb_aggregation_create(ecb, desc);
9989 10582
9990 10583 if (action == NULL)
9991 10584 return (EINVAL);
9992 10585 } else {
9993 10586 if (DTRACEACT_ISDESTRUCTIVE(desc->dtad_kind) ||
9994 10587 (desc->dtad_kind == DTRACEACT_DIFEXPR &&
9995 10588 dp != NULL && dp->dtdo_destructive)) {
9996 10589 state->dts_destructive = 1;
9997 10590 }
9998 10591
9999 10592 switch (desc->dtad_kind) {
10000 10593 case DTRACEACT_PRINTF:
10001 10594 case DTRACEACT_PRINTA:
10002 10595 case DTRACEACT_SYSTEM:
10003 10596 case DTRACEACT_FREOPEN:
10004 10597 case DTRACEACT_DIFEXPR:
10005 10598 /*
10006 10599 * We know that our arg is a string -- turn it into a
10007 10600 * format.
10008 10601 */
10009 10602 if (arg == NULL) {
10010 10603 ASSERT(desc->dtad_kind == DTRACEACT_PRINTA ||
10011 10604 desc->dtad_kind == DTRACEACT_DIFEXPR);
10012 10605 format = 0;
10013 10606 } else {
10014 10607 ASSERT(arg != NULL);
10015 10608 ASSERT(arg > KERNELBASE);
10016 10609 format = dtrace_format_add(state,
10017 10610 (char *)(uintptr_t)arg);
10018 10611 }
10019 10612
10020 10613 /*FALLTHROUGH*/
10021 10614 case DTRACEACT_LIBACT:
10022 10615 case DTRACEACT_TRACEMEM:
10023 10616 case DTRACEACT_TRACEMEM_DYNSIZE:
10024 10617 if (dp == NULL)
10025 10618 return (EINVAL);
10026 10619
10027 10620 if ((size = dp->dtdo_rtype.dtdt_size) != 0)
10028 10621 break;
10029 10622
10030 10623 if (dp->dtdo_rtype.dtdt_kind == DIF_TYPE_STRING) {
10031 10624 if (!(dp->dtdo_rtype.dtdt_flags & DIF_TF_BYREF))
10032 10625 return (EINVAL);
10033 10626
10034 10627 size = opt[DTRACEOPT_STRSIZE];
10035 10628 }
10036 10629
10037 10630 break;
10038 10631
10039 10632 case DTRACEACT_STACK:
10040 10633 if ((nframes = arg) == 0) {
10041 10634 nframes = opt[DTRACEOPT_STACKFRAMES];
10042 10635 ASSERT(nframes > 0);
10043 10636 arg = nframes;
10044 10637 }
10045 10638
10046 10639 size = nframes * sizeof (pc_t);
10047 10640 break;
10048 10641
10049 10642 case DTRACEACT_JSTACK:
10050 10643 if ((strsize = DTRACE_USTACK_STRSIZE(arg)) == 0)
10051 10644 strsize = opt[DTRACEOPT_JSTACKSTRSIZE];
10052 10645
10053 10646 if ((nframes = DTRACE_USTACK_NFRAMES(arg)) == 0)
10054 10647 nframes = opt[DTRACEOPT_JSTACKFRAMES];
10055 10648
10056 10649 arg = DTRACE_USTACK_ARG(nframes, strsize);
10057 10650
10058 10651 /*FALLTHROUGH*/
10059 10652 case DTRACEACT_USTACK:
10060 10653 if (desc->dtad_kind != DTRACEACT_JSTACK &&
10061 10654 (nframes = DTRACE_USTACK_NFRAMES(arg)) == 0) {
10062 10655 strsize = DTRACE_USTACK_STRSIZE(arg);
10063 10656 nframes = opt[DTRACEOPT_USTACKFRAMES];
10064 10657 ASSERT(nframes > 0);
10065 10658 arg = DTRACE_USTACK_ARG(nframes, strsize);
10066 10659 }
10067 10660
10068 10661 /*
10069 10662 * Save a slot for the pid.
10070 10663 */
10071 10664 size = (nframes + 1) * sizeof (uint64_t);
10072 10665 size += DTRACE_USTACK_STRSIZE(arg);
10073 10666 size = P2ROUNDUP(size, (uint32_t)(sizeof (uintptr_t)));
10074 10667
10075 10668 break;
10076 10669
10077 10670 case DTRACEACT_SYM:
10078 10671 case DTRACEACT_MOD:
10079 10672 if (dp == NULL || ((size = dp->dtdo_rtype.dtdt_size) !=
10080 10673 sizeof (uint64_t)) ||
10081 10674 (dp->dtdo_rtype.dtdt_flags & DIF_TF_BYREF))
10082 10675 return (EINVAL);
10083 10676 break;
10084 10677
10085 10678 case DTRACEACT_USYM:
10086 10679 case DTRACEACT_UMOD:
10087 10680 case DTRACEACT_UADDR:
10088 10681 if (dp == NULL ||
10089 10682 (dp->dtdo_rtype.dtdt_size != sizeof (uint64_t)) ||
10090 10683 (dp->dtdo_rtype.dtdt_flags & DIF_TF_BYREF))
10091 10684 return (EINVAL);
10092 10685
10093 10686 /*
10094 10687 * We have a slot for the pid, plus a slot for the
10095 10688 * argument. To keep things simple (aligned with
10096 10689 * bitness-neutral sizing), we store each as a 64-bit
10097 10690 * quantity.
10098 10691 */
10099 10692 size = 2 * sizeof (uint64_t);
10100 10693 break;
10101 10694
10102 10695 case DTRACEACT_STOP:
10103 10696 case DTRACEACT_BREAKPOINT:
10104 10697 case DTRACEACT_PANIC:
10105 10698 break;
10106 10699
10107 10700 case DTRACEACT_CHILL:
10108 10701 case DTRACEACT_DISCARD:
10109 10702 case DTRACEACT_RAISE:
10110 10703 if (dp == NULL)
10111 10704 return (EINVAL);
10112 10705 break;
10113 10706
10114 10707 case DTRACEACT_EXIT:
10115 10708 if (dp == NULL ||
10116 10709 (size = dp->dtdo_rtype.dtdt_size) != sizeof (int) ||
10117 10710 (dp->dtdo_rtype.dtdt_flags & DIF_TF_BYREF))
10118 10711 return (EINVAL);
10119 10712 break;
10120 10713
10121 10714 case DTRACEACT_SPECULATE:
10122 10715 if (ecb->dte_size > sizeof (dtrace_rechdr_t))
10123 10716 return (EINVAL);
10124 10717
10125 10718 if (dp == NULL)
10126 10719 return (EINVAL);
10127 10720
10128 10721 state->dts_speculates = 1;
10129 10722 break;
10130 10723
10131 10724 case DTRACEACT_COMMIT: {
10132 10725 dtrace_action_t *act = ecb->dte_action;
10133 10726
10134 10727 for (; act != NULL; act = act->dta_next) {
10135 10728 if (act->dta_kind == DTRACEACT_COMMIT)
10136 10729 return (EINVAL);
10137 10730 }
10138 10731
10139 10732 if (dp == NULL)
10140 10733 return (EINVAL);
10141 10734 break;
10142 10735 }
10143 10736
10144 10737 default:
10145 10738 return (EINVAL);
10146 10739 }
10147 10740
10148 10741 if (size != 0 || desc->dtad_kind == DTRACEACT_SPECULATE) {
10149 10742 /*
10150 10743 * If this is a data-storing action or a speculate,
10151 10744 * we must be sure that there isn't a commit on the
10152 10745 * action chain.
10153 10746 */
10154 10747 dtrace_action_t *act = ecb->dte_action;
10155 10748
10156 10749 for (; act != NULL; act = act->dta_next) {
10157 10750 if (act->dta_kind == DTRACEACT_COMMIT)
10158 10751 return (EINVAL);
10159 10752 }
10160 10753 }
10161 10754
10162 10755 action = kmem_zalloc(sizeof (dtrace_action_t), KM_SLEEP);
10163 10756 action->dta_rec.dtrd_size = size;
10164 10757 }
10165 10758
10166 10759 action->dta_refcnt = 1;
10167 10760 rec = &action->dta_rec;
10168 10761 size = rec->dtrd_size;
10169 10762
10170 10763 for (mask = sizeof (uint64_t) - 1; size != 0 && mask > 0; mask >>= 1) {
10171 10764 if (!(size & mask)) {
10172 10765 align = mask + 1;
10173 10766 break;
10174 10767 }
10175 10768 }
10176 10769
10177 10770 action->dta_kind = desc->dtad_kind;
10178 10771
10179 10772 if ((action->dta_difo = dp) != NULL)
10180 10773 dtrace_difo_hold(dp);
10181 10774
10182 10775 rec->dtrd_action = action->dta_kind;
10183 10776 rec->dtrd_arg = arg;
10184 10777 rec->dtrd_uarg = desc->dtad_uarg;
10185 10778 rec->dtrd_alignment = (uint16_t)align;
10186 10779 rec->dtrd_format = format;
10187 10780
10188 10781 if ((last = ecb->dte_action_last) != NULL) {
10189 10782 ASSERT(ecb->dte_action != NULL);
10190 10783 action->dta_prev = last;
10191 10784 last->dta_next = action;
10192 10785 } else {
10193 10786 ASSERT(ecb->dte_action == NULL);
10194 10787 ecb->dte_action = action;
10195 10788 }
10196 10789
10197 10790 ecb->dte_action_last = action;
10198 10791
10199 10792 return (0);
10200 10793 }
10201 10794
10202 10795 static void
10203 10796 dtrace_ecb_action_remove(dtrace_ecb_t *ecb)
10204 10797 {
10205 10798 dtrace_action_t *act = ecb->dte_action, *next;
10206 10799 dtrace_vstate_t *vstate = &ecb->dte_state->dts_vstate;
10207 10800 dtrace_difo_t *dp;
10208 10801 uint16_t format;
10209 10802
10210 10803 if (act != NULL && act->dta_refcnt > 1) {
10211 10804 ASSERT(act->dta_next == NULL || act->dta_next->dta_refcnt == 1);
10212 10805 act->dta_refcnt--;
10213 10806 } else {
10214 10807 for (; act != NULL; act = next) {
10215 10808 next = act->dta_next;
10216 10809 ASSERT(next != NULL || act == ecb->dte_action_last);
10217 10810 ASSERT(act->dta_refcnt == 1);
10218 10811
10219 10812 if ((format = act->dta_rec.dtrd_format) != 0)
10220 10813 dtrace_format_remove(ecb->dte_state, format);
10221 10814
10222 10815 if ((dp = act->dta_difo) != NULL)
10223 10816 dtrace_difo_release(dp, vstate);
10224 10817
10225 10818 if (DTRACEACT_ISAGG(act->dta_kind)) {
10226 10819 dtrace_ecb_aggregation_destroy(ecb, act);
10227 10820 } else {
10228 10821 kmem_free(act, sizeof (dtrace_action_t));
10229 10822 }
10230 10823 }
10231 10824 }
10232 10825
10233 10826 ecb->dte_action = NULL;
10234 10827 ecb->dte_action_last = NULL;
10235 10828 ecb->dte_size = 0;
10236 10829 }
10237 10830
10238 10831 static void
10239 10832 dtrace_ecb_disable(dtrace_ecb_t *ecb)
10240 10833 {
10241 10834 /*
10242 10835 * We disable the ECB by removing it from its probe.
10243 10836 */
10244 10837 dtrace_ecb_t *pecb, *prev = NULL;
10245 10838 dtrace_probe_t *probe = ecb->dte_probe;
10246 10839
10247 10840 ASSERT(MUTEX_HELD(&dtrace_lock));
10248 10841
10249 10842 if (probe == NULL) {
10250 10843 /*
10251 10844 * This is the NULL probe; there is nothing to disable.
10252 10845 */
10253 10846 return;
10254 10847 }
10255 10848
10256 10849 for (pecb = probe->dtpr_ecb; pecb != NULL; pecb = pecb->dte_next) {
10257 10850 if (pecb == ecb)
10258 10851 break;
10259 10852 prev = pecb;
10260 10853 }
10261 10854
10262 10855 ASSERT(pecb != NULL);
10263 10856
10264 10857 if (prev == NULL) {
10265 10858 probe->dtpr_ecb = ecb->dte_next;
10266 10859 } else {
10267 10860 prev->dte_next = ecb->dte_next;
10268 10861 }
10269 10862
10270 10863 if (ecb == probe->dtpr_ecb_last) {
10271 10864 ASSERT(ecb->dte_next == NULL);
10272 10865 probe->dtpr_ecb_last = prev;
10273 10866 }
10274 10867
10275 10868 /*
10276 10869 * The ECB has been disconnected from the probe; now sync to assure
10277 10870 * that all CPUs have seen the change before returning.
10278 10871 */
10279 10872 dtrace_sync();
10280 10873
10281 10874 if (probe->dtpr_ecb == NULL) {
10282 10875 /*
10283 10876 * That was the last ECB on the probe; clear the predicate
10284 10877 * cache ID for the probe, disable it and sync one more time
10285 10878 * to assure that we'll never hit it again.
10286 10879 */
10287 10880 dtrace_provider_t *prov = probe->dtpr_provider;
10288 10881
10289 10882 ASSERT(ecb->dte_next == NULL);
10290 10883 ASSERT(probe->dtpr_ecb_last == NULL);
10291 10884 probe->dtpr_predcache = DTRACE_CACHEIDNONE;
10292 10885 prov->dtpv_pops.dtps_disable(prov->dtpv_arg,
10293 10886 probe->dtpr_id, probe->dtpr_arg);
10294 10887 dtrace_sync();
10295 10888 } else {
10296 10889 /*
10297 10890 * There is at least one ECB remaining on the probe. If there
10298 10891 * is _exactly_ one, set the probe's predicate cache ID to be
10299 10892 * the predicate cache ID of the remaining ECB.
10300 10893 */
10301 10894 ASSERT(probe->dtpr_ecb_last != NULL);
10302 10895 ASSERT(probe->dtpr_predcache == DTRACE_CACHEIDNONE);
10303 10896
10304 10897 if (probe->dtpr_ecb == probe->dtpr_ecb_last) {
10305 10898 dtrace_predicate_t *p = probe->dtpr_ecb->dte_predicate;
10306 10899
10307 10900 ASSERT(probe->dtpr_ecb->dte_next == NULL);
10308 10901
10309 10902 if (p != NULL)
10310 10903 probe->dtpr_predcache = p->dtp_cacheid;
10311 10904 }
10312 10905
10313 10906 ecb->dte_next = NULL;
10314 10907 }
10315 10908 }
10316 10909
10317 10910 static void
10318 10911 dtrace_ecb_destroy(dtrace_ecb_t *ecb)
10319 10912 {
10320 10913 dtrace_state_t *state = ecb->dte_state;
10321 10914 dtrace_vstate_t *vstate = &state->dts_vstate;
10322 10915 dtrace_predicate_t *pred;
10323 10916 dtrace_epid_t epid = ecb->dte_epid;
10324 10917
10325 10918 ASSERT(MUTEX_HELD(&dtrace_lock));
10326 10919 ASSERT(ecb->dte_next == NULL);
10327 10920 ASSERT(ecb->dte_probe == NULL || ecb->dte_probe->dtpr_ecb != ecb);
10328 10921
10329 10922 if ((pred = ecb->dte_predicate) != NULL)
10330 10923 dtrace_predicate_release(pred, vstate);
10331 10924
10332 10925 dtrace_ecb_action_remove(ecb);
10333 10926
10334 10927 ASSERT(state->dts_ecbs[epid - 1] == ecb);
10335 10928 state->dts_ecbs[epid - 1] = NULL;
10336 10929
10337 10930 kmem_free(ecb, sizeof (dtrace_ecb_t));
10338 10931 }
10339 10932
10340 10933 static dtrace_ecb_t *
10341 10934 dtrace_ecb_create(dtrace_state_t *state, dtrace_probe_t *probe,
10342 10935 dtrace_enabling_t *enab)
10343 10936 {
10344 10937 dtrace_ecb_t *ecb;
10345 10938 dtrace_predicate_t *pred;
10346 10939 dtrace_actdesc_t *act;
10347 10940 dtrace_provider_t *prov;
10348 10941 dtrace_ecbdesc_t *desc = enab->dten_current;
10349 10942
10350 10943 ASSERT(MUTEX_HELD(&dtrace_lock));
10351 10944 ASSERT(state != NULL);
10352 10945
10353 10946 ecb = dtrace_ecb_add(state, probe);
10354 10947 ecb->dte_uarg = desc->dted_uarg;
10355 10948
10356 10949 if ((pred = desc->dted_pred.dtpdd_predicate) != NULL) {
10357 10950 dtrace_predicate_hold(pred);
10358 10951 ecb->dte_predicate = pred;
10359 10952 }
10360 10953
10361 10954 if (probe != NULL) {
10362 10955 /*
10363 10956 * If the provider shows more leg than the consumer is old
10364 10957 * enough to see, we need to enable the appropriate implicit
10365 10958 * predicate bits to prevent the ecb from activating at
10366 10959 * revealing times.
10367 10960 *
10368 10961 * Providers specifying DTRACE_PRIV_USER at register time
10369 10962 * are stating that they need the /proc-style privilege
10370 10963 * model to be enforced, and this is what DTRACE_COND_OWNER
10371 10964 * and DTRACE_COND_ZONEOWNER will then do at probe time.
10372 10965 */
10373 10966 prov = probe->dtpr_provider;
10374 10967 if (!(state->dts_cred.dcr_visible & DTRACE_CRV_ALLPROC) &&
10375 10968 (prov->dtpv_priv.dtpp_flags & DTRACE_PRIV_USER))
10376 10969 ecb->dte_cond |= DTRACE_COND_OWNER;
10377 10970
10378 10971 if (!(state->dts_cred.dcr_visible & DTRACE_CRV_ALLZONE) &&
10379 10972 (prov->dtpv_priv.dtpp_flags & DTRACE_PRIV_USER))
10380 10973 ecb->dte_cond |= DTRACE_COND_ZONEOWNER;
10381 10974
10382 10975 /*
10383 10976 * If the provider shows us kernel innards and the user
10384 10977 * is lacking sufficient privilege, enable the
10385 10978 * DTRACE_COND_USERMODE implicit predicate.
10386 10979 */
10387 10980 if (!(state->dts_cred.dcr_visible & DTRACE_CRV_KERNEL) &&
10388 10981 (prov->dtpv_priv.dtpp_flags & DTRACE_PRIV_KERNEL))
10389 10982 ecb->dte_cond |= DTRACE_COND_USERMODE;
10390 10983 }
10391 10984
10392 10985 if (dtrace_ecb_create_cache != NULL) {
10393 10986 /*
10394 10987 * If we have a cached ecb, we'll use its action list instead
10395 10988 * of creating our own (saving both time and space).
10396 10989 */
10397 10990 dtrace_ecb_t *cached = dtrace_ecb_create_cache;
10398 10991 dtrace_action_t *act = cached->dte_action;
10399 10992
10400 10993 if (act != NULL) {
10401 10994 ASSERT(act->dta_refcnt > 0);
10402 10995 act->dta_refcnt++;
10403 10996 ecb->dte_action = act;
10404 10997 ecb->dte_action_last = cached->dte_action_last;
10405 10998 ecb->dte_needed = cached->dte_needed;
10406 10999 ecb->dte_size = cached->dte_size;
10407 11000 ecb->dte_alignment = cached->dte_alignment;
10408 11001 }
10409 11002
10410 11003 return (ecb);
10411 11004 }
10412 11005
10413 11006 for (act = desc->dted_action; act != NULL; act = act->dtad_next) {
10414 11007 if ((enab->dten_error = dtrace_ecb_action_add(ecb, act)) != 0) {
10415 11008 dtrace_ecb_destroy(ecb);
10416 11009 return (NULL);
10417 11010 }
10418 11011 }
10419 11012
10420 11013 dtrace_ecb_resize(ecb);
10421 11014
10422 11015 return (dtrace_ecb_create_cache = ecb);
10423 11016 }
10424 11017
10425 11018 static int
10426 11019 dtrace_ecb_create_enable(dtrace_probe_t *probe, void *arg)
10427 11020 {
10428 11021 dtrace_ecb_t *ecb;
10429 11022 dtrace_enabling_t *enab = arg;
10430 11023 dtrace_state_t *state = enab->dten_vstate->dtvs_state;
10431 11024
10432 11025 ASSERT(state != NULL);
10433 11026
10434 11027 if (probe != NULL && probe->dtpr_gen < enab->dten_probegen) {
10435 11028 /*
10436 11029 * This probe was created in a generation for which this
10437 11030 * enabling has previously created ECBs; we don't want to
10438 11031 * enable it again, so just kick out.
10439 11032 */
10440 11033 return (DTRACE_MATCH_NEXT);
10441 11034 }
10442 11035
10443 11036 if ((ecb = dtrace_ecb_create(state, probe, enab)) == NULL)
10444 11037 return (DTRACE_MATCH_DONE);
10445 11038
10446 11039 if (dtrace_ecb_enable(ecb) < 0)
10447 11040 return (DTRACE_MATCH_FAIL);
10448 11041
10449 11042 return (DTRACE_MATCH_NEXT);
10450 11043 }
10451 11044
10452 11045 static dtrace_ecb_t *
10453 11046 dtrace_epid2ecb(dtrace_state_t *state, dtrace_epid_t id)
10454 11047 {
10455 11048 dtrace_ecb_t *ecb;
10456 11049
10457 11050 ASSERT(MUTEX_HELD(&dtrace_lock));
10458 11051
10459 11052 if (id == 0 || id > state->dts_necbs)
10460 11053 return (NULL);
10461 11054
10462 11055 ASSERT(state->dts_necbs > 0 && state->dts_ecbs != NULL);
10463 11056 ASSERT((ecb = state->dts_ecbs[id - 1]) == NULL || ecb->dte_epid == id);
10464 11057
10465 11058 return (state->dts_ecbs[id - 1]);
10466 11059 }
10467 11060
10468 11061 static dtrace_aggregation_t *
10469 11062 dtrace_aggid2agg(dtrace_state_t *state, dtrace_aggid_t id)
10470 11063 {
10471 11064 dtrace_aggregation_t *agg;
10472 11065
10473 11066 ASSERT(MUTEX_HELD(&dtrace_lock));
10474 11067
10475 11068 if (id == 0 || id > state->dts_naggregations)
10476 11069 return (NULL);
10477 11070
10478 11071 ASSERT(state->dts_naggregations > 0 && state->dts_aggregations != NULL);
10479 11072 ASSERT((agg = state->dts_aggregations[id - 1]) == NULL ||
10480 11073 agg->dtag_id == id);
10481 11074
10482 11075 return (state->dts_aggregations[id - 1]);
10483 11076 }
10484 11077
10485 11078 /*
10486 11079 * DTrace Buffer Functions
10487 11080 *
10488 11081 * The following functions manipulate DTrace buffers. Most of these functions
10489 11082 * are called in the context of establishing or processing consumer state;
10490 11083 * exceptions are explicitly noted.
10491 11084 */
10492 11085
10493 11086 /*
10494 11087 * Note: called from cross call context. This function switches the two
10495 11088 * buffers on a given CPU. The atomicity of this operation is assured by
10496 11089 * disabling interrupts while the actual switch takes place; the disabling of
10497 11090 * interrupts serializes the execution with any execution of dtrace_probe() on
10498 11091 * the same CPU.
10499 11092 */
10500 11093 static void
10501 11094 dtrace_buffer_switch(dtrace_buffer_t *buf)
10502 11095 {
10503 11096 caddr_t tomax = buf->dtb_tomax;
10504 11097 caddr_t xamot = buf->dtb_xamot;
10505 11098 dtrace_icookie_t cookie;
10506 11099 hrtime_t now;
10507 11100
10508 11101 ASSERT(!(buf->dtb_flags & DTRACEBUF_NOSWITCH));
10509 11102 ASSERT(!(buf->dtb_flags & DTRACEBUF_RING));
10510 11103
10511 11104 cookie = dtrace_interrupt_disable();
10512 11105 now = dtrace_gethrtime();
10513 11106 buf->dtb_tomax = xamot;
10514 11107 buf->dtb_xamot = tomax;
10515 11108 buf->dtb_xamot_drops = buf->dtb_drops;
10516 11109 buf->dtb_xamot_offset = buf->dtb_offset;
10517 11110 buf->dtb_xamot_errors = buf->dtb_errors;
10518 11111 buf->dtb_xamot_flags = buf->dtb_flags;
10519 11112 buf->dtb_offset = 0;
10520 11113 buf->dtb_drops = 0;
10521 11114 buf->dtb_errors = 0;
10522 11115 buf->dtb_flags &= ~(DTRACEBUF_ERROR | DTRACEBUF_DROPPED);
10523 11116 buf->dtb_interval = now - buf->dtb_switched;
10524 11117 buf->dtb_switched = now;
10525 11118 dtrace_interrupt_enable(cookie);
10526 11119 }
10527 11120
10528 11121 /*
10529 11122 * Note: called from cross call context. This function activates a buffer
10530 11123 * on a CPU. As with dtrace_buffer_switch(), the atomicity of the operation
10531 11124 * is guaranteed by the disabling of interrupts.
10532 11125 */
10533 11126 static void
10534 11127 dtrace_buffer_activate(dtrace_state_t *state)
10535 11128 {
10536 11129 dtrace_buffer_t *buf;
10537 11130 dtrace_icookie_t cookie = dtrace_interrupt_disable();
10538 11131
10539 11132 buf = &state->dts_buffer[CPU->cpu_id];
10540 11133
10541 11134 if (buf->dtb_tomax != NULL) {
10542 11135 /*
10543 11136 * We might like to assert that the buffer is marked inactive,
10544 11137 * but this isn't necessarily true: the buffer for the CPU
10545 11138 * that processes the BEGIN probe has its buffer activated
10546 11139 * manually. In this case, we take the (harmless) action
10547 11140 * re-clearing the bit INACTIVE bit.
10548 11141 */
10549 11142 buf->dtb_flags &= ~DTRACEBUF_INACTIVE;
10550 11143 }
10551 11144
10552 11145 dtrace_interrupt_enable(cookie);
10553 11146 }
10554 11147
10555 11148 static int
10556 11149 dtrace_buffer_alloc(dtrace_buffer_t *bufs, size_t size, int flags,
10557 11150 processorid_t cpu, int *factor)
10558 11151 {
10559 11152 cpu_t *cp;
10560 11153 dtrace_buffer_t *buf;
10561 11154 int allocated = 0, desired = 0;
10562 11155
10563 11156 ASSERT(MUTEX_HELD(&cpu_lock));
10564 11157 ASSERT(MUTEX_HELD(&dtrace_lock));
10565 11158
10566 11159 *factor = 1;
10567 11160
10568 11161 if (size > dtrace_nonroot_maxsize &&
10569 11162 !PRIV_POLICY_CHOICE(CRED(), PRIV_ALL, B_FALSE))
10570 11163 return (EFBIG);
10571 11164
10572 11165 cp = cpu_list;
10573 11166
10574 11167 do {
10575 11168 if (cpu != DTRACE_CPUALL && cpu != cp->cpu_id)
10576 11169 continue;
10577 11170
10578 11171 buf = &bufs[cp->cpu_id];
10579 11172
10580 11173 /*
10581 11174 * If there is already a buffer allocated for this CPU, it
10582 11175 * is only possible that this is a DR event. In this case,
10583 11176 * the buffer size must match our specified size.
10584 11177 */
10585 11178 if (buf->dtb_tomax != NULL) {
10586 11179 ASSERT(buf->dtb_size == size);
10587 11180 continue;
10588 11181 }
10589 11182
10590 11183 ASSERT(buf->dtb_xamot == NULL);
10591 11184
10592 11185 if ((buf->dtb_tomax = kmem_zalloc(size,
10593 11186 KM_NOSLEEP | KM_NORMALPRI)) == NULL)
10594 11187 goto err;
10595 11188
10596 11189 buf->dtb_size = size;
10597 11190 buf->dtb_flags = flags;
10598 11191 buf->dtb_offset = 0;
10599 11192 buf->dtb_drops = 0;
10600 11193
10601 11194 if (flags & DTRACEBUF_NOSWITCH)
10602 11195 continue;
10603 11196
10604 11197 if ((buf->dtb_xamot = kmem_zalloc(size,
10605 11198 KM_NOSLEEP | KM_NORMALPRI)) == NULL)
10606 11199 goto err;
10607 11200 } while ((cp = cp->cpu_next) != cpu_list);
10608 11201
10609 11202 return (0);
10610 11203
10611 11204 err:
10612 11205 cp = cpu_list;
10613 11206
10614 11207 do {
10615 11208 if (cpu != DTRACE_CPUALL && cpu != cp->cpu_id)
10616 11209 continue;
10617 11210
10618 11211 buf = &bufs[cp->cpu_id];
10619 11212 desired += 2;
10620 11213
10621 11214 if (buf->dtb_xamot != NULL) {
10622 11215 ASSERT(buf->dtb_tomax != NULL);
10623 11216 ASSERT(buf->dtb_size == size);
10624 11217 kmem_free(buf->dtb_xamot, size);
10625 11218 allocated++;
10626 11219 }
10627 11220
10628 11221 if (buf->dtb_tomax != NULL) {
10629 11222 ASSERT(buf->dtb_size == size);
10630 11223 kmem_free(buf->dtb_tomax, size);
10631 11224 allocated++;
10632 11225 }
10633 11226
10634 11227 buf->dtb_tomax = NULL;
10635 11228 buf->dtb_xamot = NULL;
10636 11229 buf->dtb_size = 0;
10637 11230 } while ((cp = cp->cpu_next) != cpu_list);
10638 11231
10639 11232 *factor = desired / (allocated > 0 ? allocated : 1);
10640 11233
10641 11234 return (ENOMEM);
10642 11235 }
10643 11236
10644 11237 /*
10645 11238 * Note: called from probe context. This function just increments the drop
10646 11239 * count on a buffer. It has been made a function to allow for the
10647 11240 * possibility of understanding the source of mysterious drop counts. (A
10648 11241 * problem for which one may be particularly disappointed that DTrace cannot
10649 11242 * be used to understand DTrace.)
10650 11243 */
10651 11244 static void
10652 11245 dtrace_buffer_drop(dtrace_buffer_t *buf)
10653 11246 {
10654 11247 buf->dtb_drops++;
10655 11248 }
10656 11249
10657 11250 /*
10658 11251 * Note: called from probe context. This function is called to reserve space
10659 11252 * in a buffer. If mstate is non-NULL, sets the scratch base and size in the
10660 11253 * mstate. Returns the new offset in the buffer, or a negative value if an
10661 11254 * error has occurred.
10662 11255 */
10663 11256 static intptr_t
10664 11257 dtrace_buffer_reserve(dtrace_buffer_t *buf, size_t needed, size_t align,
10665 11258 dtrace_state_t *state, dtrace_mstate_t *mstate)
10666 11259 {
10667 11260 intptr_t offs = buf->dtb_offset, soffs;
10668 11261 intptr_t woffs;
10669 11262 caddr_t tomax;
10670 11263 size_t total;
10671 11264
10672 11265 if (buf->dtb_flags & DTRACEBUF_INACTIVE)
10673 11266 return (-1);
10674 11267
10675 11268 if ((tomax = buf->dtb_tomax) == NULL) {
10676 11269 dtrace_buffer_drop(buf);
10677 11270 return (-1);
10678 11271 }
10679 11272
10680 11273 if (!(buf->dtb_flags & (DTRACEBUF_RING | DTRACEBUF_FILL))) {
10681 11274 while (offs & (align - 1)) {
10682 11275 /*
10683 11276 * Assert that our alignment is off by a number which
10684 11277 * is itself sizeof (uint32_t) aligned.
10685 11278 */
10686 11279 ASSERT(!((align - (offs & (align - 1))) &
10687 11280 (sizeof (uint32_t) - 1)));
10688 11281 DTRACE_STORE(uint32_t, tomax, offs, DTRACE_EPIDNONE);
10689 11282 offs += sizeof (uint32_t);
10690 11283 }
10691 11284
10692 11285 if ((soffs = offs + needed) > buf->dtb_size) {
10693 11286 dtrace_buffer_drop(buf);
10694 11287 return (-1);
10695 11288 }
10696 11289
10697 11290 if (mstate == NULL)
10698 11291 return (offs);
10699 11292
10700 11293 mstate->dtms_scratch_base = (uintptr_t)tomax + soffs;
10701 11294 mstate->dtms_scratch_size = buf->dtb_size - soffs;
10702 11295 mstate->dtms_scratch_ptr = mstate->dtms_scratch_base;
10703 11296
10704 11297 return (offs);
10705 11298 }
10706 11299
10707 11300 if (buf->dtb_flags & DTRACEBUF_FILL) {
10708 11301 if (state->dts_activity != DTRACE_ACTIVITY_COOLDOWN &&
10709 11302 (buf->dtb_flags & DTRACEBUF_FULL))
10710 11303 return (-1);
10711 11304 goto out;
10712 11305 }
10713 11306
10714 11307 total = needed + (offs & (align - 1));
10715 11308
10716 11309 /*
10717 11310 * For a ring buffer, life is quite a bit more complicated. Before
10718 11311 * we can store any padding, we need to adjust our wrapping offset.
10719 11312 * (If we've never before wrapped or we're not about to, no adjustment
10720 11313 * is required.)
10721 11314 */
10722 11315 if ((buf->dtb_flags & DTRACEBUF_WRAPPED) ||
10723 11316 offs + total > buf->dtb_size) {
10724 11317 woffs = buf->dtb_xamot_offset;
10725 11318
10726 11319 if (offs + total > buf->dtb_size) {
10727 11320 /*
10728 11321 * We can't fit in the end of the buffer. First, a
10729 11322 * sanity check that we can fit in the buffer at all.
10730 11323 */
10731 11324 if (total > buf->dtb_size) {
10732 11325 dtrace_buffer_drop(buf);
10733 11326 return (-1);
10734 11327 }
10735 11328
10736 11329 /*
10737 11330 * We're going to be storing at the top of the buffer,
10738 11331 * so now we need to deal with the wrapped offset. We
10739 11332 * only reset our wrapped offset to 0 if it is
10740 11333 * currently greater than the current offset. If it
10741 11334 * is less than the current offset, it is because a
10742 11335 * previous allocation induced a wrap -- but the
10743 11336 * allocation didn't subsequently take the space due
10744 11337 * to an error or false predicate evaluation. In this
10745 11338 * case, we'll just leave the wrapped offset alone: if
10746 11339 * the wrapped offset hasn't been advanced far enough
10747 11340 * for this allocation, it will be adjusted in the
10748 11341 * lower loop.
10749 11342 */
10750 11343 if (buf->dtb_flags & DTRACEBUF_WRAPPED) {
10751 11344 if (woffs >= offs)
10752 11345 woffs = 0;
10753 11346 } else {
10754 11347 woffs = 0;
10755 11348 }
10756 11349
10757 11350 /*
10758 11351 * Now we know that we're going to be storing to the
10759 11352 * top of the buffer and that there is room for us
10760 11353 * there. We need to clear the buffer from the current
10761 11354 * offset to the end (there may be old gunk there).
10762 11355 */
10763 11356 while (offs < buf->dtb_size)
10764 11357 tomax[offs++] = 0;
10765 11358
10766 11359 /*
10767 11360 * We need to set our offset to zero. And because we
10768 11361 * are wrapping, we need to set the bit indicating as
10769 11362 * much. We can also adjust our needed space back
10770 11363 * down to the space required by the ECB -- we know
10771 11364 * that the top of the buffer is aligned.
10772 11365 */
10773 11366 offs = 0;
10774 11367 total = needed;
10775 11368 buf->dtb_flags |= DTRACEBUF_WRAPPED;
10776 11369 } else {
10777 11370 /*
10778 11371 * There is room for us in the buffer, so we simply
10779 11372 * need to check the wrapped offset.
10780 11373 */
10781 11374 if (woffs < offs) {
10782 11375 /*
10783 11376 * The wrapped offset is less than the offset.
10784 11377 * This can happen if we allocated buffer space
10785 11378 * that induced a wrap, but then we didn't
10786 11379 * subsequently take the space due to an error
10787 11380 * or false predicate evaluation. This is
10788 11381 * okay; we know that _this_ allocation isn't
10789 11382 * going to induce a wrap. We still can't
10790 11383 * reset the wrapped offset to be zero,
10791 11384 * however: the space may have been trashed in
10792 11385 * the previous failed probe attempt. But at
10793 11386 * least the wrapped offset doesn't need to
10794 11387 * be adjusted at all...
10795 11388 */
10796 11389 goto out;
10797 11390 }
10798 11391 }
10799 11392
10800 11393 while (offs + total > woffs) {
10801 11394 dtrace_epid_t epid = *(uint32_t *)(tomax + woffs);
10802 11395 size_t size;
10803 11396
10804 11397 if (epid == DTRACE_EPIDNONE) {
10805 11398 size = sizeof (uint32_t);
10806 11399 } else {
10807 11400 ASSERT3U(epid, <=, state->dts_necbs);
10808 11401 ASSERT(state->dts_ecbs[epid - 1] != NULL);
10809 11402
10810 11403 size = state->dts_ecbs[epid - 1]->dte_size;
10811 11404 }
10812 11405
10813 11406 ASSERT(woffs + size <= buf->dtb_size);
10814 11407 ASSERT(size != 0);
10815 11408
10816 11409 if (woffs + size == buf->dtb_size) {
10817 11410 /*
10818 11411 * We've reached the end of the buffer; we want
10819 11412 * to set the wrapped offset to 0 and break
10820 11413 * out. However, if the offs is 0, then we're
10821 11414 * in a strange edge-condition: the amount of
10822 11415 * space that we want to reserve plus the size
10823 11416 * of the record that we're overwriting is
10824 11417 * greater than the size of the buffer. This
10825 11418 * is problematic because if we reserve the
10826 11419 * space but subsequently don't consume it (due
10827 11420 * to a failed predicate or error) the wrapped
10828 11421 * offset will be 0 -- yet the EPID at offset 0
10829 11422 * will not be committed. This situation is
10830 11423 * relatively easy to deal with: if we're in
10831 11424 * this case, the buffer is indistinguishable
10832 11425 * from one that hasn't wrapped; we need only
10833 11426 * finish the job by clearing the wrapped bit,
10834 11427 * explicitly setting the offset to be 0, and
10835 11428 * zero'ing out the old data in the buffer.
10836 11429 */
10837 11430 if (offs == 0) {
10838 11431 buf->dtb_flags &= ~DTRACEBUF_WRAPPED;
10839 11432 buf->dtb_offset = 0;
10840 11433 woffs = total;
10841 11434
10842 11435 while (woffs < buf->dtb_size)
10843 11436 tomax[woffs++] = 0;
10844 11437 }
10845 11438
10846 11439 woffs = 0;
10847 11440 break;
10848 11441 }
10849 11442
10850 11443 woffs += size;
10851 11444 }
10852 11445
10853 11446 /*
10854 11447 * We have a wrapped offset. It may be that the wrapped offset
10855 11448 * has become zero -- that's okay.
10856 11449 */
10857 11450 buf->dtb_xamot_offset = woffs;
10858 11451 }
10859 11452
10860 11453 out:
10861 11454 /*
10862 11455 * Now we can plow the buffer with any necessary padding.
10863 11456 */
10864 11457 while (offs & (align - 1)) {
10865 11458 /*
10866 11459 * Assert that our alignment is off by a number which
10867 11460 * is itself sizeof (uint32_t) aligned.
10868 11461 */
10869 11462 ASSERT(!((align - (offs & (align - 1))) &
10870 11463 (sizeof (uint32_t) - 1)));
10871 11464 DTRACE_STORE(uint32_t, tomax, offs, DTRACE_EPIDNONE);
10872 11465 offs += sizeof (uint32_t);
10873 11466 }
10874 11467
10875 11468 if (buf->dtb_flags & DTRACEBUF_FILL) {
10876 11469 if (offs + needed > buf->dtb_size - state->dts_reserve) {
10877 11470 buf->dtb_flags |= DTRACEBUF_FULL;
10878 11471 return (-1);
10879 11472 }
10880 11473 }
10881 11474
10882 11475 if (mstate == NULL)
10883 11476 return (offs);
10884 11477
10885 11478 /*
10886 11479 * For ring buffers and fill buffers, the scratch space is always
10887 11480 * the inactive buffer.
10888 11481 */
10889 11482 mstate->dtms_scratch_base = (uintptr_t)buf->dtb_xamot;
10890 11483 mstate->dtms_scratch_size = buf->dtb_size;
10891 11484 mstate->dtms_scratch_ptr = mstate->dtms_scratch_base;
10892 11485
10893 11486 return (offs);
10894 11487 }
10895 11488
10896 11489 static void
10897 11490 dtrace_buffer_polish(dtrace_buffer_t *buf)
10898 11491 {
10899 11492 ASSERT(buf->dtb_flags & DTRACEBUF_RING);
10900 11493 ASSERT(MUTEX_HELD(&dtrace_lock));
10901 11494
10902 11495 if (!(buf->dtb_flags & DTRACEBUF_WRAPPED))
10903 11496 return;
10904 11497
10905 11498 /*
10906 11499 * We need to polish the ring buffer. There are three cases:
10907 11500 *
10908 11501 * - The first (and presumably most common) is that there is no gap
10909 11502 * between the buffer offset and the wrapped offset. In this case,
10910 11503 * there is nothing in the buffer that isn't valid data; we can
10911 11504 * mark the buffer as polished and return.
10912 11505 *
10913 11506 * - The second (less common than the first but still more common
10914 11507 * than the third) is that there is a gap between the buffer offset
10915 11508 * and the wrapped offset, and the wrapped offset is larger than the
10916 11509 * buffer offset. This can happen because of an alignment issue, or
10917 11510 * can happen because of a call to dtrace_buffer_reserve() that
10918 11511 * didn't subsequently consume the buffer space. In this case,
10919 11512 * we need to zero the data from the buffer offset to the wrapped
10920 11513 * offset.
10921 11514 *
10922 11515 * - The third (and least common) is that there is a gap between the
10923 11516 * buffer offset and the wrapped offset, but the wrapped offset is
10924 11517 * _less_ than the buffer offset. This can only happen because a
10925 11518 * call to dtrace_buffer_reserve() induced a wrap, but the space
10926 11519 * was not subsequently consumed. In this case, we need to zero the
10927 11520 * space from the offset to the end of the buffer _and_ from the
10928 11521 * top of the buffer to the wrapped offset.
10929 11522 */
10930 11523 if (buf->dtb_offset < buf->dtb_xamot_offset) {
10931 11524 bzero(buf->dtb_tomax + buf->dtb_offset,
10932 11525 buf->dtb_xamot_offset - buf->dtb_offset);
10933 11526 }
10934 11527
10935 11528 if (buf->dtb_offset > buf->dtb_xamot_offset) {
10936 11529 bzero(buf->dtb_tomax + buf->dtb_offset,
10937 11530 buf->dtb_size - buf->dtb_offset);
10938 11531 bzero(buf->dtb_tomax, buf->dtb_xamot_offset);
10939 11532 }
10940 11533 }
10941 11534
10942 11535 /*
10943 11536 * This routine determines if data generated at the specified time has likely
10944 11537 * been entirely consumed at user-level. This routine is called to determine
10945 11538 * if an ECB on a defunct probe (but for an active enabling) can be safely
10946 11539 * disabled and destroyed.
10947 11540 */
10948 11541 static int
10949 11542 dtrace_buffer_consumed(dtrace_buffer_t *bufs, hrtime_t when)
10950 11543 {
10951 11544 int i;
10952 11545
10953 11546 for (i = 0; i < NCPU; i++) {
10954 11547 dtrace_buffer_t *buf = &bufs[i];
10955 11548
10956 11549 if (buf->dtb_size == 0)
10957 11550 continue;
10958 11551
10959 11552 if (buf->dtb_flags & DTRACEBUF_RING)
10960 11553 return (0);
10961 11554
10962 11555 if (!buf->dtb_switched && buf->dtb_offset != 0)
10963 11556 return (0);
10964 11557
10965 11558 if (buf->dtb_switched - buf->dtb_interval < when)
10966 11559 return (0);
10967 11560 }
10968 11561
10969 11562 return (1);
10970 11563 }
10971 11564
10972 11565 static void
10973 11566 dtrace_buffer_free(dtrace_buffer_t *bufs)
10974 11567 {
10975 11568 int i;
10976 11569
10977 11570 for (i = 0; i < NCPU; i++) {
10978 11571 dtrace_buffer_t *buf = &bufs[i];
10979 11572
10980 11573 if (buf->dtb_tomax == NULL) {
10981 11574 ASSERT(buf->dtb_xamot == NULL);
10982 11575 ASSERT(buf->dtb_size == 0);
10983 11576 continue;
10984 11577 }
10985 11578
10986 11579 if (buf->dtb_xamot != NULL) {
10987 11580 ASSERT(!(buf->dtb_flags & DTRACEBUF_NOSWITCH));
10988 11581 kmem_free(buf->dtb_xamot, buf->dtb_size);
10989 11582 }
10990 11583
10991 11584 kmem_free(buf->dtb_tomax, buf->dtb_size);
10992 11585 buf->dtb_size = 0;
10993 11586 buf->dtb_tomax = NULL;
10994 11587 buf->dtb_xamot = NULL;
10995 11588 }
10996 11589 }
10997 11590
10998 11591 /*
10999 11592 * DTrace Enabling Functions
11000 11593 */
11001 11594 static dtrace_enabling_t *
11002 11595 dtrace_enabling_create(dtrace_vstate_t *vstate)
11003 11596 {
11004 11597 dtrace_enabling_t *enab;
11005 11598
11006 11599 enab = kmem_zalloc(sizeof (dtrace_enabling_t), KM_SLEEP);
11007 11600 enab->dten_vstate = vstate;
11008 11601
11009 11602 return (enab);
11010 11603 }
11011 11604
11012 11605 static void
11013 11606 dtrace_enabling_add(dtrace_enabling_t *enab, dtrace_ecbdesc_t *ecb)
11014 11607 {
11015 11608 dtrace_ecbdesc_t **ndesc;
11016 11609 size_t osize, nsize;
11017 11610
11018 11611 /*
11019 11612 * We can't add to enablings after we've enabled them, or after we've
11020 11613 * retained them.
11021 11614 */
11022 11615 ASSERT(enab->dten_probegen == 0);
11023 11616 ASSERT(enab->dten_next == NULL && enab->dten_prev == NULL);
11024 11617
11025 11618 if (enab->dten_ndesc < enab->dten_maxdesc) {
11026 11619 enab->dten_desc[enab->dten_ndesc++] = ecb;
11027 11620 return;
11028 11621 }
11029 11622
11030 11623 osize = enab->dten_maxdesc * sizeof (dtrace_enabling_t *);
11031 11624
11032 11625 if (enab->dten_maxdesc == 0) {
11033 11626 enab->dten_maxdesc = 1;
11034 11627 } else {
11035 11628 enab->dten_maxdesc <<= 1;
11036 11629 }
11037 11630
11038 11631 ASSERT(enab->dten_ndesc < enab->dten_maxdesc);
11039 11632
11040 11633 nsize = enab->dten_maxdesc * sizeof (dtrace_enabling_t *);
11041 11634 ndesc = kmem_zalloc(nsize, KM_SLEEP);
11042 11635 bcopy(enab->dten_desc, ndesc, osize);
11043 11636 kmem_free(enab->dten_desc, osize);
11044 11637
11045 11638 enab->dten_desc = ndesc;
11046 11639 enab->dten_desc[enab->dten_ndesc++] = ecb;
11047 11640 }
11048 11641
11049 11642 static void
11050 11643 dtrace_enabling_addlike(dtrace_enabling_t *enab, dtrace_ecbdesc_t *ecb,
11051 11644 dtrace_probedesc_t *pd)
11052 11645 {
11053 11646 dtrace_ecbdesc_t *new;
11054 11647 dtrace_predicate_t *pred;
11055 11648 dtrace_actdesc_t *act;
11056 11649
11057 11650 /*
11058 11651 * We're going to create a new ECB description that matches the
11059 11652 * specified ECB in every way, but has the specified probe description.
11060 11653 */
11061 11654 new = kmem_zalloc(sizeof (dtrace_ecbdesc_t), KM_SLEEP);
11062 11655
11063 11656 if ((pred = ecb->dted_pred.dtpdd_predicate) != NULL)
11064 11657 dtrace_predicate_hold(pred);
11065 11658
11066 11659 for (act = ecb->dted_action; act != NULL; act = act->dtad_next)
11067 11660 dtrace_actdesc_hold(act);
11068 11661
11069 11662 new->dted_action = ecb->dted_action;
11070 11663 new->dted_pred = ecb->dted_pred;
11071 11664 new->dted_probe = *pd;
11072 11665 new->dted_uarg = ecb->dted_uarg;
11073 11666
11074 11667 dtrace_enabling_add(enab, new);
11075 11668 }
11076 11669
11077 11670 static void
11078 11671 dtrace_enabling_dump(dtrace_enabling_t *enab)
11079 11672 {
11080 11673 int i;
11081 11674
11082 11675 for (i = 0; i < enab->dten_ndesc; i++) {
11083 11676 dtrace_probedesc_t *desc = &enab->dten_desc[i]->dted_probe;
11084 11677
11085 11678 cmn_err(CE_NOTE, "enabling probe %d (%s:%s:%s:%s)", i,
11086 11679 desc->dtpd_provider, desc->dtpd_mod,
11087 11680 desc->dtpd_func, desc->dtpd_name);
11088 11681 }
11089 11682 }
11090 11683
11091 11684 static void
11092 11685 dtrace_enabling_destroy(dtrace_enabling_t *enab)
11093 11686 {
11094 11687 int i;
11095 11688 dtrace_ecbdesc_t *ep;
11096 11689 dtrace_vstate_t *vstate = enab->dten_vstate;
11097 11690
11098 11691 ASSERT(MUTEX_HELD(&dtrace_lock));
11099 11692
11100 11693 for (i = 0; i < enab->dten_ndesc; i++) {
11101 11694 dtrace_actdesc_t *act, *next;
11102 11695 dtrace_predicate_t *pred;
11103 11696
11104 11697 ep = enab->dten_desc[i];
11105 11698
11106 11699 if ((pred = ep->dted_pred.dtpdd_predicate) != NULL)
11107 11700 dtrace_predicate_release(pred, vstate);
11108 11701
11109 11702 for (act = ep->dted_action; act != NULL; act = next) {
11110 11703 next = act->dtad_next;
11111 11704 dtrace_actdesc_release(act, vstate);
11112 11705 }
11113 11706
11114 11707 kmem_free(ep, sizeof (dtrace_ecbdesc_t));
11115 11708 }
11116 11709
11117 11710 kmem_free(enab->dten_desc,
11118 11711 enab->dten_maxdesc * sizeof (dtrace_enabling_t *));
11119 11712
11120 11713 /*
11121 11714 * If this was a retained enabling, decrement the dts_nretained count
11122 11715 * and take it off of the dtrace_retained list.
11123 11716 */
11124 11717 if (enab->dten_prev != NULL || enab->dten_next != NULL ||
11125 11718 dtrace_retained == enab) {
11126 11719 ASSERT(enab->dten_vstate->dtvs_state != NULL);
11127 11720 ASSERT(enab->dten_vstate->dtvs_state->dts_nretained > 0);
11128 11721 enab->dten_vstate->dtvs_state->dts_nretained--;
11129 11722 dtrace_retained_gen++;
11130 11723 }
11131 11724
11132 11725 if (enab->dten_prev == NULL) {
11133 11726 if (dtrace_retained == enab) {
11134 11727 dtrace_retained = enab->dten_next;
11135 11728
11136 11729 if (dtrace_retained != NULL)
11137 11730 dtrace_retained->dten_prev = NULL;
11138 11731 }
11139 11732 } else {
11140 11733 ASSERT(enab != dtrace_retained);
11141 11734 ASSERT(dtrace_retained != NULL);
11142 11735 enab->dten_prev->dten_next = enab->dten_next;
11143 11736 }
11144 11737
11145 11738 if (enab->dten_next != NULL) {
11146 11739 ASSERT(dtrace_retained != NULL);
11147 11740 enab->dten_next->dten_prev = enab->dten_prev;
11148 11741 }
11149 11742
11150 11743 kmem_free(enab, sizeof (dtrace_enabling_t));
11151 11744 }
11152 11745
11153 11746 static int
11154 11747 dtrace_enabling_retain(dtrace_enabling_t *enab)
11155 11748 {
11156 11749 dtrace_state_t *state;
11157 11750
11158 11751 ASSERT(MUTEX_HELD(&dtrace_lock));
11159 11752 ASSERT(enab->dten_next == NULL && enab->dten_prev == NULL);
11160 11753 ASSERT(enab->dten_vstate != NULL);
11161 11754
11162 11755 state = enab->dten_vstate->dtvs_state;
11163 11756 ASSERT(state != NULL);
11164 11757
11165 11758 /*
11166 11759 * We only allow each state to retain dtrace_retain_max enablings.
11167 11760 */
11168 11761 if (state->dts_nretained >= dtrace_retain_max)
11169 11762 return (ENOSPC);
11170 11763
11171 11764 state->dts_nretained++;
11172 11765 dtrace_retained_gen++;
11173 11766
11174 11767 if (dtrace_retained == NULL) {
11175 11768 dtrace_retained = enab;
11176 11769 return (0);
11177 11770 }
11178 11771
11179 11772 enab->dten_next = dtrace_retained;
11180 11773 dtrace_retained->dten_prev = enab;
11181 11774 dtrace_retained = enab;
11182 11775
11183 11776 return (0);
11184 11777 }
11185 11778
11186 11779 static int
11187 11780 dtrace_enabling_replicate(dtrace_state_t *state, dtrace_probedesc_t *match,
11188 11781 dtrace_probedesc_t *create)
11189 11782 {
11190 11783 dtrace_enabling_t *new, *enab;
11191 11784 int found = 0, err = ENOENT;
11192 11785
11193 11786 ASSERT(MUTEX_HELD(&dtrace_lock));
11194 11787 ASSERT(strlen(match->dtpd_provider) < DTRACE_PROVNAMELEN);
11195 11788 ASSERT(strlen(match->dtpd_mod) < DTRACE_MODNAMELEN);
11196 11789 ASSERT(strlen(match->dtpd_func) < DTRACE_FUNCNAMELEN);
11197 11790 ASSERT(strlen(match->dtpd_name) < DTRACE_NAMELEN);
11198 11791
11199 11792 new = dtrace_enabling_create(&state->dts_vstate);
11200 11793
11201 11794 /*
11202 11795 * Iterate over all retained enablings, looking for enablings that
11203 11796 * match the specified state.
11204 11797 */
11205 11798 for (enab = dtrace_retained; enab != NULL; enab = enab->dten_next) {
11206 11799 int i;
11207 11800
11208 11801 /*
11209 11802 * dtvs_state can only be NULL for helper enablings -- and
11210 11803 * helper enablings can't be retained.
11211 11804 */
11212 11805 ASSERT(enab->dten_vstate->dtvs_state != NULL);
11213 11806
11214 11807 if (enab->dten_vstate->dtvs_state != state)
11215 11808 continue;
11216 11809
11217 11810 /*
11218 11811 * Now iterate over each probe description; we're looking for
11219 11812 * an exact match to the specified probe description.
11220 11813 */
11221 11814 for (i = 0; i < enab->dten_ndesc; i++) {
11222 11815 dtrace_ecbdesc_t *ep = enab->dten_desc[i];
11223 11816 dtrace_probedesc_t *pd = &ep->dted_probe;
11224 11817
11225 11818 if (strcmp(pd->dtpd_provider, match->dtpd_provider))
11226 11819 continue;
11227 11820
11228 11821 if (strcmp(pd->dtpd_mod, match->dtpd_mod))
11229 11822 continue;
11230 11823
11231 11824 if (strcmp(pd->dtpd_func, match->dtpd_func))
11232 11825 continue;
11233 11826
11234 11827 if (strcmp(pd->dtpd_name, match->dtpd_name))
11235 11828 continue;
11236 11829
11237 11830 /*
11238 11831 * We have a winning probe! Add it to our growing
11239 11832 * enabling.
11240 11833 */
11241 11834 found = 1;
11242 11835 dtrace_enabling_addlike(new, ep, create);
11243 11836 }
11244 11837 }
11245 11838
11246 11839 if (!found || (err = dtrace_enabling_retain(new)) != 0) {
11247 11840 dtrace_enabling_destroy(new);
11248 11841 return (err);
11249 11842 }
11250 11843
11251 11844 return (0);
11252 11845 }
11253 11846
11254 11847 static void
11255 11848 dtrace_enabling_retract(dtrace_state_t *state)
11256 11849 {
11257 11850 dtrace_enabling_t *enab, *next;
11258 11851
11259 11852 ASSERT(MUTEX_HELD(&dtrace_lock));
11260 11853
11261 11854 /*
11262 11855 * Iterate over all retained enablings, destroy the enablings retained
11263 11856 * for the specified state.
11264 11857 */
11265 11858 for (enab = dtrace_retained; enab != NULL; enab = next) {
11266 11859 next = enab->dten_next;
11267 11860
11268 11861 /*
11269 11862 * dtvs_state can only be NULL for helper enablings -- and
11270 11863 * helper enablings can't be retained.
11271 11864 */
11272 11865 ASSERT(enab->dten_vstate->dtvs_state != NULL);
11273 11866
11274 11867 if (enab->dten_vstate->dtvs_state == state) {
11275 11868 ASSERT(state->dts_nretained > 0);
11276 11869 dtrace_enabling_destroy(enab);
11277 11870 }
11278 11871 }
11279 11872
11280 11873 ASSERT(state->dts_nretained == 0);
11281 11874 }
11282 11875
11283 11876 static int
11284 11877 dtrace_enabling_match(dtrace_enabling_t *enab, int *nmatched)
11285 11878 {
11286 11879 int i = 0;
11287 11880 int total_matched = 0, matched = 0;
11288 11881
11289 11882 ASSERT(MUTEX_HELD(&cpu_lock));
11290 11883 ASSERT(MUTEX_HELD(&dtrace_lock));
11291 11884
11292 11885 for (i = 0; i < enab->dten_ndesc; i++) {
11293 11886 dtrace_ecbdesc_t *ep = enab->dten_desc[i];
11294 11887
11295 11888 enab->dten_current = ep;
11296 11889 enab->dten_error = 0;
11297 11890
11298 11891 /*
11299 11892 * If a provider failed to enable a probe then get out and
11300 11893 * let the consumer know we failed.
11301 11894 */
11302 11895 if ((matched = dtrace_probe_enable(&ep->dted_probe, enab)) < 0)
11303 11896 return (EBUSY);
11304 11897
11305 11898 total_matched += matched;
11306 11899
11307 11900 if (enab->dten_error != 0) {
11308 11901 /*
11309 11902 * If we get an error half-way through enabling the
11310 11903 * probes, we kick out -- perhaps with some number of
11311 11904 * them enabled. Leaving enabled probes enabled may
11312 11905 * be slightly confusing for user-level, but we expect
11313 11906 * that no one will attempt to actually drive on in
11314 11907 * the face of such errors. If this is an anonymous
11315 11908 * enabling (indicated with a NULL nmatched pointer),
11316 11909 * we cmn_err() a message. We aren't expecting to
11317 11910 * get such an error -- such as it can exist at all,
11318 11911 * it would be a result of corrupted DOF in the driver
11319 11912 * properties.
11320 11913 */
11321 11914 if (nmatched == NULL) {
11322 11915 cmn_err(CE_WARN, "dtrace_enabling_match() "
11323 11916 "error on %p: %d", (void *)ep,
11324 11917 enab->dten_error);
11325 11918 }
11326 11919
11327 11920 return (enab->dten_error);
11328 11921 }
11329 11922 }
11330 11923
11331 11924 enab->dten_probegen = dtrace_probegen;
11332 11925 if (nmatched != NULL)
11333 11926 *nmatched = total_matched;
11334 11927
11335 11928 return (0);
11336 11929 }
11337 11930
11338 11931 static void
11339 11932 dtrace_enabling_matchall(void)
11340 11933 {
11341 11934 dtrace_enabling_t *enab;
11342 11935
11343 11936 mutex_enter(&cpu_lock);
11344 11937 mutex_enter(&dtrace_lock);
11345 11938
11346 11939 /*
11347 11940 * Iterate over all retained enablings to see if any probes match
11348 11941 * against them. We only perform this operation on enablings for which
11349 11942 * we have sufficient permissions by virtue of being in the global zone
11350 11943 * or in the same zone as the DTrace client. Because we can be called
11351 11944 * after dtrace_detach() has been called, we cannot assert that there
11352 11945 * are retained enablings. We can safely load from dtrace_retained,
11353 11946 * however: the taskq_destroy() at the end of dtrace_detach() will
11354 11947 * block pending our completion.
11355 11948 */
11356 11949 for (enab = dtrace_retained; enab != NULL; enab = enab->dten_next) {
11357 11950 dtrace_cred_t *dcr = &enab->dten_vstate->dtvs_state->dts_cred;
11358 11951 cred_t *cr = dcr->dcr_cred;
11359 11952 zoneid_t zone = cr != NULL ? crgetzoneid(cr) : 0;
11360 11953
11361 11954 if ((dcr->dcr_visible & DTRACE_CRV_ALLZONE) || (cr != NULL &&
11362 11955 (zone == GLOBAL_ZONEID || getzoneid() == zone)))
11363 11956 (void) dtrace_enabling_match(enab, NULL);
11364 11957 }
11365 11958
11366 11959 mutex_exit(&dtrace_lock);
11367 11960 mutex_exit(&cpu_lock);
11368 11961 }
11369 11962
11370 11963 /*
11371 11964 * If an enabling is to be enabled without having matched probes (that is, if
11372 11965 * dtrace_state_go() is to be called on the underlying dtrace_state_t), the
11373 11966 * enabling must be _primed_ by creating an ECB for every ECB description.
11374 11967 * This must be done to assure that we know the number of speculations, the
11375 11968 * number of aggregations, the minimum buffer size needed, etc. before we
11376 11969 * transition out of DTRACE_ACTIVITY_INACTIVE. To do this without actually
11377 11970 * enabling any probes, we create ECBs for every ECB decription, but with a
11378 11971 * NULL probe -- which is exactly what this function does.
11379 11972 */
11380 11973 static void
11381 11974 dtrace_enabling_prime(dtrace_state_t *state)
11382 11975 {
11383 11976 dtrace_enabling_t *enab;
11384 11977 int i;
11385 11978
11386 11979 for (enab = dtrace_retained; enab != NULL; enab = enab->dten_next) {
11387 11980 ASSERT(enab->dten_vstate->dtvs_state != NULL);
11388 11981
11389 11982 if (enab->dten_vstate->dtvs_state != state)
11390 11983 continue;
11391 11984
11392 11985 /*
11393 11986 * We don't want to prime an enabling more than once, lest
11394 11987 * we allow a malicious user to induce resource exhaustion.
11395 11988 * (The ECBs that result from priming an enabling aren't
11396 11989 * leaked -- but they also aren't deallocated until the
11397 11990 * consumer state is destroyed.)
11398 11991 */
11399 11992 if (enab->dten_primed)
11400 11993 continue;
11401 11994
11402 11995 for (i = 0; i < enab->dten_ndesc; i++) {
11403 11996 enab->dten_current = enab->dten_desc[i];
11404 11997 (void) dtrace_probe_enable(NULL, enab);
11405 11998 }
11406 11999
11407 12000 enab->dten_primed = 1;
11408 12001 }
11409 12002 }
11410 12003
11411 12004 /*
11412 12005 * Called to indicate that probes should be provided due to retained
11413 12006 * enablings. This is implemented in terms of dtrace_probe_provide(), but it
11414 12007 * must take an initial lap through the enabling calling the dtps_provide()
11415 12008 * entry point explicitly to allow for autocreated probes.
11416 12009 */
11417 12010 static void
11418 12011 dtrace_enabling_provide(dtrace_provider_t *prv)
11419 12012 {
11420 12013 int i, all = 0;
11421 12014 dtrace_probedesc_t desc;
11422 12015 dtrace_genid_t gen;
11423 12016
11424 12017 ASSERT(MUTEX_HELD(&dtrace_lock));
11425 12018 ASSERT(MUTEX_HELD(&dtrace_provider_lock));
11426 12019
11427 12020 if (prv == NULL) {
11428 12021 all = 1;
11429 12022 prv = dtrace_provider;
11430 12023 }
11431 12024
11432 12025 do {
11433 12026 dtrace_enabling_t *enab;
11434 12027 void *parg = prv->dtpv_arg;
11435 12028
11436 12029 retry:
11437 12030 gen = dtrace_retained_gen;
11438 12031 for (enab = dtrace_retained; enab != NULL;
11439 12032 enab = enab->dten_next) {
11440 12033 for (i = 0; i < enab->dten_ndesc; i++) {
11441 12034 desc = enab->dten_desc[i]->dted_probe;
11442 12035 mutex_exit(&dtrace_lock);
11443 12036 prv->dtpv_pops.dtps_provide(parg, &desc);
11444 12037 mutex_enter(&dtrace_lock);
11445 12038 /*
11446 12039 * Process the retained enablings again if
11447 12040 * they have changed while we weren't holding
11448 12041 * dtrace_lock.
11449 12042 */
11450 12043 if (gen != dtrace_retained_gen)
11451 12044 goto retry;
11452 12045 }
11453 12046 }
11454 12047 } while (all && (prv = prv->dtpv_next) != NULL);
11455 12048
11456 12049 mutex_exit(&dtrace_lock);
11457 12050 dtrace_probe_provide(NULL, all ? NULL : prv);
11458 12051 mutex_enter(&dtrace_lock);
11459 12052 }
11460 12053
11461 12054 /*
11462 12055 * Called to reap ECBs that are attached to probes from defunct providers.
11463 12056 */
11464 12057 static void
11465 12058 dtrace_enabling_reap(void)
11466 12059 {
11467 12060 dtrace_provider_t *prov;
11468 12061 dtrace_probe_t *probe;
11469 12062 dtrace_ecb_t *ecb;
11470 12063 hrtime_t when;
11471 12064 int i;
11472 12065
11473 12066 mutex_enter(&cpu_lock);
11474 12067 mutex_enter(&dtrace_lock);
11475 12068
11476 12069 for (i = 0; i < dtrace_nprobes; i++) {
11477 12070 if ((probe = dtrace_probes[i]) == NULL)
11478 12071 continue;
11479 12072
11480 12073 if (probe->dtpr_ecb == NULL)
11481 12074 continue;
11482 12075
11483 12076 prov = probe->dtpr_provider;
11484 12077
11485 12078 if ((when = prov->dtpv_defunct) == 0)
11486 12079 continue;
11487 12080
11488 12081 /*
11489 12082 * We have ECBs on a defunct provider: we want to reap these
11490 12083 * ECBs to allow the provider to unregister. The destruction
11491 12084 * of these ECBs must be done carefully: if we destroy the ECB
11492 12085 * and the consumer later wishes to consume an EPID that
11493 12086 * corresponds to the destroyed ECB (and if the EPID metadata
11494 12087 * has not been previously consumed), the consumer will abort
11495 12088 * processing on the unknown EPID. To reduce (but not, sadly,
11496 12089 * eliminate) the possibility of this, we will only destroy an
11497 12090 * ECB for a defunct provider if, for the state that
11498 12091 * corresponds to the ECB:
11499 12092 *
11500 12093 * (a) There is no speculative tracing (which can effectively
11501 12094 * cache an EPID for an arbitrary amount of time).
11502 12095 *
11503 12096 * (b) The principal buffers have been switched twice since the
11504 12097 * provider became defunct.
11505 12098 *
11506 12099 * (c) The aggregation buffers are of zero size or have been
11507 12100 * switched twice since the provider became defunct.
11508 12101 *
11509 12102 * We use dts_speculates to determine (a) and call a function
11510 12103 * (dtrace_buffer_consumed()) to determine (b) and (c). Note
11511 12104 * that as soon as we've been unable to destroy one of the ECBs
11512 12105 * associated with the probe, we quit trying -- reaping is only
11513 12106 * fruitful in as much as we can destroy all ECBs associated
11514 12107 * with the defunct provider's probes.
11515 12108 */
11516 12109 while ((ecb = probe->dtpr_ecb) != NULL) {
11517 12110 dtrace_state_t *state = ecb->dte_state;
11518 12111 dtrace_buffer_t *buf = state->dts_buffer;
11519 12112 dtrace_buffer_t *aggbuf = state->dts_aggbuffer;
11520 12113
11521 12114 if (state->dts_speculates)
11522 12115 break;
11523 12116
11524 12117 if (!dtrace_buffer_consumed(buf, when))
11525 12118 break;
11526 12119
11527 12120 if (!dtrace_buffer_consumed(aggbuf, when))
11528 12121 break;
11529 12122
11530 12123 dtrace_ecb_disable(ecb);
11531 12124 ASSERT(probe->dtpr_ecb != ecb);
11532 12125 dtrace_ecb_destroy(ecb);
11533 12126 }
11534 12127 }
11535 12128
11536 12129 mutex_exit(&dtrace_lock);
11537 12130 mutex_exit(&cpu_lock);
11538 12131 }
11539 12132
11540 12133 /*
11541 12134 * DTrace DOF Functions
11542 12135 */
11543 12136 /*ARGSUSED*/
11544 12137 static void
11545 12138 dtrace_dof_error(dof_hdr_t *dof, const char *str)
11546 12139 {
11547 12140 if (dtrace_err_verbose)
11548 12141 cmn_err(CE_WARN, "failed to process DOF: %s", str);
11549 12142
11550 12143 #ifdef DTRACE_ERRDEBUG
11551 12144 dtrace_errdebug(str);
11552 12145 #endif
11553 12146 }
11554 12147
11555 12148 /*
11556 12149 * Create DOF out of a currently enabled state. Right now, we only create
11557 12150 * DOF containing the run-time options -- but this could be expanded to create
11558 12151 * complete DOF representing the enabled state.
11559 12152 */
11560 12153 static dof_hdr_t *
11561 12154 dtrace_dof_create(dtrace_state_t *state)
11562 12155 {
11563 12156 dof_hdr_t *dof;
11564 12157 dof_sec_t *sec;
11565 12158 dof_optdesc_t *opt;
11566 12159 int i, len = sizeof (dof_hdr_t) +
11567 12160 roundup(sizeof (dof_sec_t), sizeof (uint64_t)) +
11568 12161 sizeof (dof_optdesc_t) * DTRACEOPT_MAX;
11569 12162
11570 12163 ASSERT(MUTEX_HELD(&dtrace_lock));
11571 12164
11572 12165 dof = kmem_zalloc(len, KM_SLEEP);
11573 12166 dof->dofh_ident[DOF_ID_MAG0] = DOF_MAG_MAG0;
11574 12167 dof->dofh_ident[DOF_ID_MAG1] = DOF_MAG_MAG1;
11575 12168 dof->dofh_ident[DOF_ID_MAG2] = DOF_MAG_MAG2;
11576 12169 dof->dofh_ident[DOF_ID_MAG3] = DOF_MAG_MAG3;
11577 12170
11578 12171 dof->dofh_ident[DOF_ID_MODEL] = DOF_MODEL_NATIVE;
11579 12172 dof->dofh_ident[DOF_ID_ENCODING] = DOF_ENCODE_NATIVE;
11580 12173 dof->dofh_ident[DOF_ID_VERSION] = DOF_VERSION;
11581 12174 dof->dofh_ident[DOF_ID_DIFVERS] = DIF_VERSION;
11582 12175 dof->dofh_ident[DOF_ID_DIFIREG] = DIF_DIR_NREGS;
11583 12176 dof->dofh_ident[DOF_ID_DIFTREG] = DIF_DTR_NREGS;
11584 12177
11585 12178 dof->dofh_flags = 0;
11586 12179 dof->dofh_hdrsize = sizeof (dof_hdr_t);
11587 12180 dof->dofh_secsize = sizeof (dof_sec_t);
11588 12181 dof->dofh_secnum = 1; /* only DOF_SECT_OPTDESC */
11589 12182 dof->dofh_secoff = sizeof (dof_hdr_t);
11590 12183 dof->dofh_loadsz = len;
11591 12184 dof->dofh_filesz = len;
11592 12185 dof->dofh_pad = 0;
11593 12186
11594 12187 /*
11595 12188 * Fill in the option section header...
11596 12189 */
11597 12190 sec = (dof_sec_t *)((uintptr_t)dof + sizeof (dof_hdr_t));
11598 12191 sec->dofs_type = DOF_SECT_OPTDESC;
11599 12192 sec->dofs_align = sizeof (uint64_t);
11600 12193 sec->dofs_flags = DOF_SECF_LOAD;
11601 12194 sec->dofs_entsize = sizeof (dof_optdesc_t);
11602 12195
11603 12196 opt = (dof_optdesc_t *)((uintptr_t)sec +
11604 12197 roundup(sizeof (dof_sec_t), sizeof (uint64_t)));
11605 12198
11606 12199 sec->dofs_offset = (uintptr_t)opt - (uintptr_t)dof;
11607 12200 sec->dofs_size = sizeof (dof_optdesc_t) * DTRACEOPT_MAX;
11608 12201
11609 12202 for (i = 0; i < DTRACEOPT_MAX; i++) {
11610 12203 opt[i].dofo_option = i;
11611 12204 opt[i].dofo_strtab = DOF_SECIDX_NONE;
11612 12205 opt[i].dofo_value = state->dts_options[i];
11613 12206 }
11614 12207
11615 12208 return (dof);
11616 12209 }
11617 12210
11618 12211 static dof_hdr_t *
11619 12212 dtrace_dof_copyin(uintptr_t uarg, int *errp)
11620 12213 {
11621 12214 dof_hdr_t hdr, *dof;
11622 12215
11623 12216 ASSERT(!MUTEX_HELD(&dtrace_lock));
11624 12217
11625 12218 /*
11626 12219 * First, we're going to copyin() the sizeof (dof_hdr_t).
11627 12220 */
11628 12221 if (copyin((void *)uarg, &hdr, sizeof (hdr)) != 0) {
11629 12222 dtrace_dof_error(NULL, "failed to copyin DOF header");
11630 12223 *errp = EFAULT;
11631 12224 return (NULL);
11632 12225 }
11633 12226
11634 12227 /*
11635 12228 * Now we'll allocate the entire DOF and copy it in -- provided
11636 12229 * that the length isn't outrageous.
11637 12230 */
11638 12231 if (hdr.dofh_loadsz >= dtrace_dof_maxsize) {
11639 12232 dtrace_dof_error(&hdr, "load size exceeds maximum");
11640 12233 *errp = E2BIG;
11641 12234 return (NULL);
11642 12235 }
11643 12236
11644 12237 if (hdr.dofh_loadsz < sizeof (hdr)) {
11645 12238 dtrace_dof_error(&hdr, "invalid load size");
11646 12239 *errp = EINVAL;
11647 12240 return (NULL);
11648 12241 }
11649 12242
11650 12243 dof = kmem_alloc(hdr.dofh_loadsz, KM_SLEEP);
11651 12244
11652 12245 if (copyin((void *)uarg, dof, hdr.dofh_loadsz) != 0 ||
11653 12246 dof->dofh_loadsz != hdr.dofh_loadsz) {
11654 12247 kmem_free(dof, hdr.dofh_loadsz);
11655 12248 *errp = EFAULT;
11656 12249 return (NULL);
11657 12250 }
11658 12251
11659 12252 return (dof);
11660 12253 }
11661 12254
11662 12255 static dof_hdr_t *
11663 12256 dtrace_dof_property(const char *name)
11664 12257 {
11665 12258 uchar_t *buf;
11666 12259 uint64_t loadsz;
11667 12260 unsigned int len, i;
11668 12261 dof_hdr_t *dof;
11669 12262
11670 12263 /*
11671 12264 * Unfortunately, array of values in .conf files are always (and
11672 12265 * only) interpreted to be integer arrays. We must read our DOF
11673 12266 * as an integer array, and then squeeze it into a byte array.
11674 12267 */
11675 12268 if (ddi_prop_lookup_int_array(DDI_DEV_T_ANY, dtrace_devi, 0,
11676 12269 (char *)name, (int **)&buf, &len) != DDI_PROP_SUCCESS)
11677 12270 return (NULL);
11678 12271
11679 12272 for (i = 0; i < len; i++)
11680 12273 buf[i] = (uchar_t)(((int *)buf)[i]);
11681 12274
11682 12275 if (len < sizeof (dof_hdr_t)) {
11683 12276 ddi_prop_free(buf);
11684 12277 dtrace_dof_error(NULL, "truncated header");
11685 12278 return (NULL);
11686 12279 }
11687 12280
11688 12281 if (len < (loadsz = ((dof_hdr_t *)buf)->dofh_loadsz)) {
11689 12282 ddi_prop_free(buf);
11690 12283 dtrace_dof_error(NULL, "truncated DOF");
11691 12284 return (NULL);
11692 12285 }
11693 12286
11694 12287 if (loadsz >= dtrace_dof_maxsize) {
11695 12288 ddi_prop_free(buf);
11696 12289 dtrace_dof_error(NULL, "oversized DOF");
11697 12290 return (NULL);
11698 12291 }
11699 12292
11700 12293 dof = kmem_alloc(loadsz, KM_SLEEP);
11701 12294 bcopy(buf, dof, loadsz);
11702 12295 ddi_prop_free(buf);
11703 12296
11704 12297 return (dof);
11705 12298 }
11706 12299
11707 12300 static void
11708 12301 dtrace_dof_destroy(dof_hdr_t *dof)
11709 12302 {
11710 12303 kmem_free(dof, dof->dofh_loadsz);
11711 12304 }
11712 12305
11713 12306 /*
11714 12307 * Return the dof_sec_t pointer corresponding to a given section index. If the
11715 12308 * index is not valid, dtrace_dof_error() is called and NULL is returned. If
11716 12309 * a type other than DOF_SECT_NONE is specified, the header is checked against
11717 12310 * this type and NULL is returned if the types do not match.
11718 12311 */
11719 12312 static dof_sec_t *
11720 12313 dtrace_dof_sect(dof_hdr_t *dof, uint32_t type, dof_secidx_t i)
11721 12314 {
11722 12315 dof_sec_t *sec = (dof_sec_t *)(uintptr_t)
11723 12316 ((uintptr_t)dof + dof->dofh_secoff + i * dof->dofh_secsize);
11724 12317
11725 12318 if (i >= dof->dofh_secnum) {
11726 12319 dtrace_dof_error(dof, "referenced section index is invalid");
11727 12320 return (NULL);
11728 12321 }
11729 12322
11730 12323 if (!(sec->dofs_flags & DOF_SECF_LOAD)) {
11731 12324 dtrace_dof_error(dof, "referenced section is not loadable");
11732 12325 return (NULL);
11733 12326 }
11734 12327
11735 12328 if (type != DOF_SECT_NONE && type != sec->dofs_type) {
11736 12329 dtrace_dof_error(dof, "referenced section is the wrong type");
11737 12330 return (NULL);
11738 12331 }
11739 12332
11740 12333 return (sec);
11741 12334 }
11742 12335
11743 12336 static dtrace_probedesc_t *
11744 12337 dtrace_dof_probedesc(dof_hdr_t *dof, dof_sec_t *sec, dtrace_probedesc_t *desc)
11745 12338 {
11746 12339 dof_probedesc_t *probe;
11747 12340 dof_sec_t *strtab;
11748 12341 uintptr_t daddr = (uintptr_t)dof;
11749 12342 uintptr_t str;
11750 12343 size_t size;
11751 12344
11752 12345 if (sec->dofs_type != DOF_SECT_PROBEDESC) {
11753 12346 dtrace_dof_error(dof, "invalid probe section");
11754 12347 return (NULL);
11755 12348 }
11756 12349
11757 12350 if (sec->dofs_align != sizeof (dof_secidx_t)) {
11758 12351 dtrace_dof_error(dof, "bad alignment in probe description");
11759 12352 return (NULL);
11760 12353 }
11761 12354
11762 12355 if (sec->dofs_offset + sizeof (dof_probedesc_t) > dof->dofh_loadsz) {
11763 12356 dtrace_dof_error(dof, "truncated probe description");
11764 12357 return (NULL);
11765 12358 }
11766 12359
11767 12360 probe = (dof_probedesc_t *)(uintptr_t)(daddr + sec->dofs_offset);
11768 12361 strtab = dtrace_dof_sect(dof, DOF_SECT_STRTAB, probe->dofp_strtab);
11769 12362
11770 12363 if (strtab == NULL)
11771 12364 return (NULL);
11772 12365
11773 12366 str = daddr + strtab->dofs_offset;
11774 12367 size = strtab->dofs_size;
11775 12368
11776 12369 if (probe->dofp_provider >= strtab->dofs_size) {
11777 12370 dtrace_dof_error(dof, "corrupt probe provider");
11778 12371 return (NULL);
11779 12372 }
11780 12373
11781 12374 (void) strncpy(desc->dtpd_provider,
11782 12375 (char *)(str + probe->dofp_provider),
11783 12376 MIN(DTRACE_PROVNAMELEN - 1, size - probe->dofp_provider));
11784 12377
11785 12378 if (probe->dofp_mod >= strtab->dofs_size) {
11786 12379 dtrace_dof_error(dof, "corrupt probe module");
11787 12380 return (NULL);
11788 12381 }
11789 12382
11790 12383 (void) strncpy(desc->dtpd_mod, (char *)(str + probe->dofp_mod),
11791 12384 MIN(DTRACE_MODNAMELEN - 1, size - probe->dofp_mod));
11792 12385
11793 12386 if (probe->dofp_func >= strtab->dofs_size) {
11794 12387 dtrace_dof_error(dof, "corrupt probe function");
11795 12388 return (NULL);
11796 12389 }
11797 12390
11798 12391 (void) strncpy(desc->dtpd_func, (char *)(str + probe->dofp_func),
11799 12392 MIN(DTRACE_FUNCNAMELEN - 1, size - probe->dofp_func));
11800 12393
11801 12394 if (probe->dofp_name >= strtab->dofs_size) {
11802 12395 dtrace_dof_error(dof, "corrupt probe name");
11803 12396 return (NULL);
11804 12397 }
11805 12398
11806 12399 (void) strncpy(desc->dtpd_name, (char *)(str + probe->dofp_name),
11807 12400 MIN(DTRACE_NAMELEN - 1, size - probe->dofp_name));
11808 12401
11809 12402 return (desc);
11810 12403 }
11811 12404
11812 12405 static dtrace_difo_t *
11813 12406 dtrace_dof_difo(dof_hdr_t *dof, dof_sec_t *sec, dtrace_vstate_t *vstate,
11814 12407 cred_t *cr)
11815 12408 {
11816 12409 dtrace_difo_t *dp;
11817 12410 size_t ttl = 0;
11818 12411 dof_difohdr_t *dofd;
11819 12412 uintptr_t daddr = (uintptr_t)dof;
11820 12413 size_t max = dtrace_difo_maxsize;
11821 12414 int i, l, n;
11822 12415
11823 12416 static const struct {
11824 12417 int section;
11825 12418 int bufoffs;
11826 12419 int lenoffs;
11827 12420 int entsize;
11828 12421 int align;
11829 12422 const char *msg;
11830 12423 } difo[] = {
11831 12424 { DOF_SECT_DIF, offsetof(dtrace_difo_t, dtdo_buf),
11832 12425 offsetof(dtrace_difo_t, dtdo_len), sizeof (dif_instr_t),
11833 12426 sizeof (dif_instr_t), "multiple DIF sections" },
11834 12427
11835 12428 { DOF_SECT_INTTAB, offsetof(dtrace_difo_t, dtdo_inttab),
11836 12429 offsetof(dtrace_difo_t, dtdo_intlen), sizeof (uint64_t),
11837 12430 sizeof (uint64_t), "multiple integer tables" },
11838 12431
11839 12432 { DOF_SECT_STRTAB, offsetof(dtrace_difo_t, dtdo_strtab),
11840 12433 offsetof(dtrace_difo_t, dtdo_strlen), 0,
11841 12434 sizeof (char), "multiple string tables" },
11842 12435
11843 12436 { DOF_SECT_VARTAB, offsetof(dtrace_difo_t, dtdo_vartab),
11844 12437 offsetof(dtrace_difo_t, dtdo_varlen), sizeof (dtrace_difv_t),
11845 12438 sizeof (uint_t), "multiple variable tables" },
11846 12439
11847 12440 { DOF_SECT_NONE, 0, 0, 0, NULL }
11848 12441 };
11849 12442
11850 12443 if (sec->dofs_type != DOF_SECT_DIFOHDR) {
11851 12444 dtrace_dof_error(dof, "invalid DIFO header section");
11852 12445 return (NULL);
11853 12446 }
11854 12447
11855 12448 if (sec->dofs_align != sizeof (dof_secidx_t)) {
11856 12449 dtrace_dof_error(dof, "bad alignment in DIFO header");
11857 12450 return (NULL);
11858 12451 }
11859 12452
11860 12453 if (sec->dofs_size < sizeof (dof_difohdr_t) ||
11861 12454 sec->dofs_size % sizeof (dof_secidx_t)) {
11862 12455 dtrace_dof_error(dof, "bad size in DIFO header");
11863 12456 return (NULL);
11864 12457 }
11865 12458
11866 12459 dofd = (dof_difohdr_t *)(uintptr_t)(daddr + sec->dofs_offset);
11867 12460 n = (sec->dofs_size - sizeof (*dofd)) / sizeof (dof_secidx_t) + 1;
11868 12461
11869 12462 dp = kmem_zalloc(sizeof (dtrace_difo_t), KM_SLEEP);
11870 12463 dp->dtdo_rtype = dofd->dofd_rtype;
11871 12464
11872 12465 for (l = 0; l < n; l++) {
11873 12466 dof_sec_t *subsec;
11874 12467 void **bufp;
11875 12468 uint32_t *lenp;
11876 12469
11877 12470 if ((subsec = dtrace_dof_sect(dof, DOF_SECT_NONE,
11878 12471 dofd->dofd_links[l])) == NULL)
11879 12472 goto err; /* invalid section link */
11880 12473
11881 12474 if (ttl + subsec->dofs_size > max) {
11882 12475 dtrace_dof_error(dof, "exceeds maximum size");
11883 12476 goto err;
11884 12477 }
11885 12478
11886 12479 ttl += subsec->dofs_size;
11887 12480
11888 12481 for (i = 0; difo[i].section != DOF_SECT_NONE; i++) {
11889 12482 if (subsec->dofs_type != difo[i].section)
11890 12483 continue;
11891 12484
11892 12485 if (!(subsec->dofs_flags & DOF_SECF_LOAD)) {
11893 12486 dtrace_dof_error(dof, "section not loaded");
11894 12487 goto err;
11895 12488 }
11896 12489
11897 12490 if (subsec->dofs_align != difo[i].align) {
11898 12491 dtrace_dof_error(dof, "bad alignment");
11899 12492 goto err;
11900 12493 }
11901 12494
11902 12495 bufp = (void **)((uintptr_t)dp + difo[i].bufoffs);
11903 12496 lenp = (uint32_t *)((uintptr_t)dp + difo[i].lenoffs);
11904 12497
11905 12498 if (*bufp != NULL) {
11906 12499 dtrace_dof_error(dof, difo[i].msg);
11907 12500 goto err;
11908 12501 }
11909 12502
11910 12503 if (difo[i].entsize != subsec->dofs_entsize) {
11911 12504 dtrace_dof_error(dof, "entry size mismatch");
11912 12505 goto err;
11913 12506 }
11914 12507
11915 12508 if (subsec->dofs_entsize != 0 &&
11916 12509 (subsec->dofs_size % subsec->dofs_entsize) != 0) {
11917 12510 dtrace_dof_error(dof, "corrupt entry size");
11918 12511 goto err;
11919 12512 }
11920 12513
11921 12514 *lenp = subsec->dofs_size;
11922 12515 *bufp = kmem_alloc(subsec->dofs_size, KM_SLEEP);
11923 12516 bcopy((char *)(uintptr_t)(daddr + subsec->dofs_offset),
11924 12517 *bufp, subsec->dofs_size);
11925 12518
11926 12519 if (subsec->dofs_entsize != 0)
11927 12520 *lenp /= subsec->dofs_entsize;
11928 12521
11929 12522 break;
11930 12523 }
11931 12524
11932 12525 /*
11933 12526 * If we encounter a loadable DIFO sub-section that is not
11934 12527 * known to us, assume this is a broken program and fail.
11935 12528 */
11936 12529 if (difo[i].section == DOF_SECT_NONE &&
11937 12530 (subsec->dofs_flags & DOF_SECF_LOAD)) {
11938 12531 dtrace_dof_error(dof, "unrecognized DIFO subsection");
11939 12532 goto err;
11940 12533 }
11941 12534 }
11942 12535
11943 12536 if (dp->dtdo_buf == NULL) {
11944 12537 /*
11945 12538 * We can't have a DIF object without DIF text.
11946 12539 */
11947 12540 dtrace_dof_error(dof, "missing DIF text");
11948 12541 goto err;
11949 12542 }
11950 12543
11951 12544 /*
11952 12545 * Before we validate the DIF object, run through the variable table
11953 12546 * looking for the strings -- if any of their size are under, we'll set
11954 12547 * their size to be the system-wide default string size. Note that
11955 12548 * this should _not_ happen if the "strsize" option has been set --
11956 12549 * in this case, the compiler should have set the size to reflect the
11957 12550 * setting of the option.
11958 12551 */
11959 12552 for (i = 0; i < dp->dtdo_varlen; i++) {
11960 12553 dtrace_difv_t *v = &dp->dtdo_vartab[i];
11961 12554 dtrace_diftype_t *t = &v->dtdv_type;
11962 12555
11963 12556 if (v->dtdv_id < DIF_VAR_OTHER_UBASE)
11964 12557 continue;
11965 12558
11966 12559 if (t->dtdt_kind == DIF_TYPE_STRING && t->dtdt_size == 0)
11967 12560 t->dtdt_size = dtrace_strsize_default;
11968 12561 }
11969 12562
11970 12563 if (dtrace_difo_validate(dp, vstate, DIF_DIR_NREGS, cr) != 0)
11971 12564 goto err;
11972 12565
11973 12566 dtrace_difo_init(dp, vstate);
11974 12567 return (dp);
11975 12568
11976 12569 err:
11977 12570 kmem_free(dp->dtdo_buf, dp->dtdo_len * sizeof (dif_instr_t));
11978 12571 kmem_free(dp->dtdo_inttab, dp->dtdo_intlen * sizeof (uint64_t));
11979 12572 kmem_free(dp->dtdo_strtab, dp->dtdo_strlen);
11980 12573 kmem_free(dp->dtdo_vartab, dp->dtdo_varlen * sizeof (dtrace_difv_t));
11981 12574
11982 12575 kmem_free(dp, sizeof (dtrace_difo_t));
11983 12576 return (NULL);
11984 12577 }
11985 12578
11986 12579 static dtrace_predicate_t *
11987 12580 dtrace_dof_predicate(dof_hdr_t *dof, dof_sec_t *sec, dtrace_vstate_t *vstate,
11988 12581 cred_t *cr)
11989 12582 {
11990 12583 dtrace_difo_t *dp;
11991 12584
11992 12585 if ((dp = dtrace_dof_difo(dof, sec, vstate, cr)) == NULL)
11993 12586 return (NULL);
11994 12587
11995 12588 return (dtrace_predicate_create(dp));
11996 12589 }
11997 12590
11998 12591 static dtrace_actdesc_t *
11999 12592 dtrace_dof_actdesc(dof_hdr_t *dof, dof_sec_t *sec, dtrace_vstate_t *vstate,
12000 12593 cred_t *cr)
12001 12594 {
12002 12595 dtrace_actdesc_t *act, *first = NULL, *last = NULL, *next;
12003 12596 dof_actdesc_t *desc;
12004 12597 dof_sec_t *difosec;
12005 12598 size_t offs;
12006 12599 uintptr_t daddr = (uintptr_t)dof;
12007 12600 uint64_t arg;
12008 12601 dtrace_actkind_t kind;
12009 12602
12010 12603 if (sec->dofs_type != DOF_SECT_ACTDESC) {
12011 12604 dtrace_dof_error(dof, "invalid action section");
12012 12605 return (NULL);
12013 12606 }
12014 12607
12015 12608 if (sec->dofs_offset + sizeof (dof_actdesc_t) > dof->dofh_loadsz) {
12016 12609 dtrace_dof_error(dof, "truncated action description");
12017 12610 return (NULL);
12018 12611 }
12019 12612
12020 12613 if (sec->dofs_align != sizeof (uint64_t)) {
12021 12614 dtrace_dof_error(dof, "bad alignment in action description");
12022 12615 return (NULL);
12023 12616 }
12024 12617
12025 12618 if (sec->dofs_size < sec->dofs_entsize) {
12026 12619 dtrace_dof_error(dof, "section entry size exceeds total size");
12027 12620 return (NULL);
12028 12621 }
12029 12622
12030 12623 if (sec->dofs_entsize != sizeof (dof_actdesc_t)) {
12031 12624 dtrace_dof_error(dof, "bad entry size in action description");
12032 12625 return (NULL);
12033 12626 }
12034 12627
12035 12628 if (sec->dofs_size / sec->dofs_entsize > dtrace_actions_max) {
12036 12629 dtrace_dof_error(dof, "actions exceed dtrace_actions_max");
12037 12630 return (NULL);
12038 12631 }
12039 12632
12040 12633 for (offs = 0; offs < sec->dofs_size; offs += sec->dofs_entsize) {
12041 12634 desc = (dof_actdesc_t *)(daddr +
12042 12635 (uintptr_t)sec->dofs_offset + offs);
12043 12636 kind = (dtrace_actkind_t)desc->dofa_kind;
12044 12637
12045 12638 if ((DTRACEACT_ISPRINTFLIKE(kind) &&
12046 12639 (kind != DTRACEACT_PRINTA ||
12047 12640 desc->dofa_strtab != DOF_SECIDX_NONE)) ||
12048 12641 (kind == DTRACEACT_DIFEXPR &&
12049 12642 desc->dofa_strtab != DOF_SECIDX_NONE)) {
12050 12643 dof_sec_t *strtab;
12051 12644 char *str, *fmt;
12052 12645 uint64_t i;
12053 12646
12054 12647 /*
12055 12648 * The argument to these actions is an index into the
12056 12649 * DOF string table. For printf()-like actions, this
12057 12650 * is the format string. For print(), this is the
12058 12651 * CTF type of the expression result.
12059 12652 */
12060 12653 if ((strtab = dtrace_dof_sect(dof,
12061 12654 DOF_SECT_STRTAB, desc->dofa_strtab)) == NULL)
12062 12655 goto err;
12063 12656
12064 12657 str = (char *)((uintptr_t)dof +
12065 12658 (uintptr_t)strtab->dofs_offset);
12066 12659
12067 12660 for (i = desc->dofa_arg; i < strtab->dofs_size; i++) {
12068 12661 if (str[i] == '\0')
12069 12662 break;
12070 12663 }
12071 12664
12072 12665 if (i >= strtab->dofs_size) {
12073 12666 dtrace_dof_error(dof, "bogus format string");
12074 12667 goto err;
12075 12668 }
12076 12669
12077 12670 if (i == desc->dofa_arg) {
12078 12671 dtrace_dof_error(dof, "empty format string");
12079 12672 goto err;
12080 12673 }
12081 12674
12082 12675 i -= desc->dofa_arg;
12083 12676 fmt = kmem_alloc(i + 1, KM_SLEEP);
12084 12677 bcopy(&str[desc->dofa_arg], fmt, i + 1);
12085 12678 arg = (uint64_t)(uintptr_t)fmt;
12086 12679 } else {
12087 12680 if (kind == DTRACEACT_PRINTA) {
12088 12681 ASSERT(desc->dofa_strtab == DOF_SECIDX_NONE);
12089 12682 arg = 0;
12090 12683 } else {
12091 12684 arg = desc->dofa_arg;
12092 12685 }
12093 12686 }
12094 12687
12095 12688 act = dtrace_actdesc_create(kind, desc->dofa_ntuple,
12096 12689 desc->dofa_uarg, arg);
12097 12690
12098 12691 if (last != NULL) {
12099 12692 last->dtad_next = act;
12100 12693 } else {
12101 12694 first = act;
12102 12695 }
12103 12696
12104 12697 last = act;
12105 12698
12106 12699 if (desc->dofa_difo == DOF_SECIDX_NONE)
12107 12700 continue;
12108 12701
12109 12702 if ((difosec = dtrace_dof_sect(dof,
12110 12703 DOF_SECT_DIFOHDR, desc->dofa_difo)) == NULL)
12111 12704 goto err;
12112 12705
12113 12706 act->dtad_difo = dtrace_dof_difo(dof, difosec, vstate, cr);
12114 12707
12115 12708 if (act->dtad_difo == NULL)
12116 12709 goto err;
12117 12710 }
12118 12711
12119 12712 ASSERT(first != NULL);
12120 12713 return (first);
12121 12714
12122 12715 err:
12123 12716 for (act = first; act != NULL; act = next) {
12124 12717 next = act->dtad_next;
12125 12718 dtrace_actdesc_release(act, vstate);
12126 12719 }
12127 12720
12128 12721 return (NULL);
12129 12722 }
12130 12723
12131 12724 static dtrace_ecbdesc_t *
12132 12725 dtrace_dof_ecbdesc(dof_hdr_t *dof, dof_sec_t *sec, dtrace_vstate_t *vstate,
12133 12726 cred_t *cr)
12134 12727 {
12135 12728 dtrace_ecbdesc_t *ep;
12136 12729 dof_ecbdesc_t *ecb;
12137 12730 dtrace_probedesc_t *desc;
12138 12731 dtrace_predicate_t *pred = NULL;
12139 12732
12140 12733 if (sec->dofs_size < sizeof (dof_ecbdesc_t)) {
12141 12734 dtrace_dof_error(dof, "truncated ECB description");
12142 12735 return (NULL);
12143 12736 }
12144 12737
12145 12738 if (sec->dofs_align != sizeof (uint64_t)) {
12146 12739 dtrace_dof_error(dof, "bad alignment in ECB description");
12147 12740 return (NULL);
12148 12741 }
12149 12742
12150 12743 ecb = (dof_ecbdesc_t *)((uintptr_t)dof + (uintptr_t)sec->dofs_offset);
12151 12744 sec = dtrace_dof_sect(dof, DOF_SECT_PROBEDESC, ecb->dofe_probes);
12152 12745
12153 12746 if (sec == NULL)
12154 12747 return (NULL);
12155 12748
12156 12749 ep = kmem_zalloc(sizeof (dtrace_ecbdesc_t), KM_SLEEP);
12157 12750 ep->dted_uarg = ecb->dofe_uarg;
12158 12751 desc = &ep->dted_probe;
12159 12752
12160 12753 if (dtrace_dof_probedesc(dof, sec, desc) == NULL)
12161 12754 goto err;
12162 12755
12163 12756 if (ecb->dofe_pred != DOF_SECIDX_NONE) {
12164 12757 if ((sec = dtrace_dof_sect(dof,
12165 12758 DOF_SECT_DIFOHDR, ecb->dofe_pred)) == NULL)
12166 12759 goto err;
12167 12760
12168 12761 if ((pred = dtrace_dof_predicate(dof, sec, vstate, cr)) == NULL)
12169 12762 goto err;
12170 12763
12171 12764 ep->dted_pred.dtpdd_predicate = pred;
12172 12765 }
12173 12766
12174 12767 if (ecb->dofe_actions != DOF_SECIDX_NONE) {
12175 12768 if ((sec = dtrace_dof_sect(dof,
12176 12769 DOF_SECT_ACTDESC, ecb->dofe_actions)) == NULL)
12177 12770 goto err;
12178 12771
12179 12772 ep->dted_action = dtrace_dof_actdesc(dof, sec, vstate, cr);
12180 12773
12181 12774 if (ep->dted_action == NULL)
12182 12775 goto err;
12183 12776 }
12184 12777
12185 12778 return (ep);
12186 12779
12187 12780 err:
12188 12781 if (pred != NULL)
12189 12782 dtrace_predicate_release(pred, vstate);
12190 12783 kmem_free(ep, sizeof (dtrace_ecbdesc_t));
12191 12784 return (NULL);
12192 12785 }
12193 12786
12194 12787 /*
12195 12788 * Apply the relocations from the specified 'sec' (a DOF_SECT_URELHDR) to the
12196 12789 * specified DOF. At present, this amounts to simply adding 'ubase' to the
12197 12790 * site of any user SETX relocations to account for load object base address.
12198 12791 * In the future, if we need other relocations, this function can be extended.
12199 12792 */
12200 12793 static int
12201 12794 dtrace_dof_relocate(dof_hdr_t *dof, dof_sec_t *sec, uint64_t ubase)
12202 12795 {
12203 12796 uintptr_t daddr = (uintptr_t)dof;
12204 12797 dof_relohdr_t *dofr =
12205 12798 (dof_relohdr_t *)(uintptr_t)(daddr + sec->dofs_offset);
12206 12799 dof_sec_t *ss, *rs, *ts;
12207 12800 dof_relodesc_t *r;
12208 12801 uint_t i, n;
12209 12802
12210 12803 if (sec->dofs_size < sizeof (dof_relohdr_t) ||
12211 12804 sec->dofs_align != sizeof (dof_secidx_t)) {
12212 12805 dtrace_dof_error(dof, "invalid relocation header");
12213 12806 return (-1);
12214 12807 }
12215 12808
12216 12809 ss = dtrace_dof_sect(dof, DOF_SECT_STRTAB, dofr->dofr_strtab);
12217 12810 rs = dtrace_dof_sect(dof, DOF_SECT_RELTAB, dofr->dofr_relsec);
12218 12811 ts = dtrace_dof_sect(dof, DOF_SECT_NONE, dofr->dofr_tgtsec);
12219 12812
12220 12813 if (ss == NULL || rs == NULL || ts == NULL)
12221 12814 return (-1); /* dtrace_dof_error() has been called already */
12222 12815
12223 12816 if (rs->dofs_entsize < sizeof (dof_relodesc_t) ||
12224 12817 rs->dofs_align != sizeof (uint64_t)) {
12225 12818 dtrace_dof_error(dof, "invalid relocation section");
12226 12819 return (-1);
12227 12820 }
12228 12821
12229 12822 r = (dof_relodesc_t *)(uintptr_t)(daddr + rs->dofs_offset);
12230 12823 n = rs->dofs_size / rs->dofs_entsize;
12231 12824
12232 12825 for (i = 0; i < n; i++) {
12233 12826 uintptr_t taddr = daddr + ts->dofs_offset + r->dofr_offset;
12234 12827
12235 12828 switch (r->dofr_type) {
12236 12829 case DOF_RELO_NONE:
12237 12830 break;
12238 12831 case DOF_RELO_SETX:
12239 12832 if (r->dofr_offset >= ts->dofs_size || r->dofr_offset +
12240 12833 sizeof (uint64_t) > ts->dofs_size) {
12241 12834 dtrace_dof_error(dof, "bad relocation offset");
12242 12835 return (-1);
12243 12836 }
12244 12837
12245 12838 if (!IS_P2ALIGNED(taddr, sizeof (uint64_t))) {
12246 12839 dtrace_dof_error(dof, "misaligned setx relo");
12247 12840 return (-1);
12248 12841 }
12249 12842
12250 12843 *(uint64_t *)taddr += ubase;
12251 12844 break;
12252 12845 default:
12253 12846 dtrace_dof_error(dof, "invalid relocation type");
12254 12847 return (-1);
12255 12848 }
12256 12849
12257 12850 r = (dof_relodesc_t *)((uintptr_t)r + rs->dofs_entsize);
12258 12851 }
12259 12852
12260 12853 return (0);
12261 12854 }
12262 12855
12263 12856 /*
12264 12857 * The dof_hdr_t passed to dtrace_dof_slurp() should be a partially validated
12265 12858 * header: it should be at the front of a memory region that is at least
12266 12859 * sizeof (dof_hdr_t) in size -- and then at least dof_hdr.dofh_loadsz in
12267 12860 * size. It need not be validated in any other way.
12268 12861 */
12269 12862 static int
12270 12863 dtrace_dof_slurp(dof_hdr_t *dof, dtrace_vstate_t *vstate, cred_t *cr,
12271 12864 dtrace_enabling_t **enabp, uint64_t ubase, int noprobes)
12272 12865 {
12273 12866 uint64_t len = dof->dofh_loadsz, seclen;
12274 12867 uintptr_t daddr = (uintptr_t)dof;
12275 12868 dtrace_ecbdesc_t *ep;
12276 12869 dtrace_enabling_t *enab;
12277 12870 uint_t i;
12278 12871
12279 12872 ASSERT(MUTEX_HELD(&dtrace_lock));
12280 12873 ASSERT(dof->dofh_loadsz >= sizeof (dof_hdr_t));
12281 12874
12282 12875 /*
12283 12876 * Check the DOF header identification bytes. In addition to checking
12284 12877 * valid settings, we also verify that unused bits/bytes are zeroed so
12285 12878 * we can use them later without fear of regressing existing binaries.
12286 12879 */
12287 12880 if (bcmp(&dof->dofh_ident[DOF_ID_MAG0],
12288 12881 DOF_MAG_STRING, DOF_MAG_STRLEN) != 0) {
12289 12882 dtrace_dof_error(dof, "DOF magic string mismatch");
12290 12883 return (-1);
12291 12884 }
12292 12885
12293 12886 if (dof->dofh_ident[DOF_ID_MODEL] != DOF_MODEL_ILP32 &&
12294 12887 dof->dofh_ident[DOF_ID_MODEL] != DOF_MODEL_LP64) {
12295 12888 dtrace_dof_error(dof, "DOF has invalid data model");
12296 12889 return (-1);
12297 12890 }
12298 12891
12299 12892 if (dof->dofh_ident[DOF_ID_ENCODING] != DOF_ENCODE_NATIVE) {
12300 12893 dtrace_dof_error(dof, "DOF encoding mismatch");
12301 12894 return (-1);
12302 12895 }
12303 12896
12304 12897 if (dof->dofh_ident[DOF_ID_VERSION] != DOF_VERSION_1 &&
12305 12898 dof->dofh_ident[DOF_ID_VERSION] != DOF_VERSION_2) {
12306 12899 dtrace_dof_error(dof, "DOF version mismatch");
12307 12900 return (-1);
12308 12901 }
12309 12902
12310 12903 if (dof->dofh_ident[DOF_ID_DIFVERS] != DIF_VERSION_2) {
12311 12904 dtrace_dof_error(dof, "DOF uses unsupported instruction set");
12312 12905 return (-1);
12313 12906 }
12314 12907
12315 12908 if (dof->dofh_ident[DOF_ID_DIFIREG] > DIF_DIR_NREGS) {
12316 12909 dtrace_dof_error(dof, "DOF uses too many integer registers");
12317 12910 return (-1);
12318 12911 }
12319 12912
12320 12913 if (dof->dofh_ident[DOF_ID_DIFTREG] > DIF_DTR_NREGS) {
12321 12914 dtrace_dof_error(dof, "DOF uses too many tuple registers");
12322 12915 return (-1);
12323 12916 }
12324 12917
12325 12918 for (i = DOF_ID_PAD; i < DOF_ID_SIZE; i++) {
12326 12919 if (dof->dofh_ident[i] != 0) {
12327 12920 dtrace_dof_error(dof, "DOF has invalid ident byte set");
12328 12921 return (-1);
12329 12922 }
12330 12923 }
12331 12924
12332 12925 if (dof->dofh_flags & ~DOF_FL_VALID) {
12333 12926 dtrace_dof_error(dof, "DOF has invalid flag bits set");
12334 12927 return (-1);
12335 12928 }
12336 12929
12337 12930 if (dof->dofh_secsize == 0) {
12338 12931 dtrace_dof_error(dof, "zero section header size");
12339 12932 return (-1);
12340 12933 }
12341 12934
12342 12935 /*
12343 12936 * Check that the section headers don't exceed the amount of DOF
12344 12937 * data. Note that we cast the section size and number of sections
12345 12938 * to uint64_t's to prevent possible overflow in the multiplication.
12346 12939 */
12347 12940 seclen = (uint64_t)dof->dofh_secnum * (uint64_t)dof->dofh_secsize;
12348 12941
12349 12942 if (dof->dofh_secoff > len || seclen > len ||
12350 12943 dof->dofh_secoff + seclen > len) {
12351 12944 dtrace_dof_error(dof, "truncated section headers");
12352 12945 return (-1);
12353 12946 }
12354 12947
12355 12948 if (!IS_P2ALIGNED(dof->dofh_secoff, sizeof (uint64_t))) {
12356 12949 dtrace_dof_error(dof, "misaligned section headers");
12357 12950 return (-1);
12358 12951 }
12359 12952
12360 12953 if (!IS_P2ALIGNED(dof->dofh_secsize, sizeof (uint64_t))) {
12361 12954 dtrace_dof_error(dof, "misaligned section size");
12362 12955 return (-1);
12363 12956 }
12364 12957
12365 12958 /*
12366 12959 * Take an initial pass through the section headers to be sure that
12367 12960 * the headers don't have stray offsets. If the 'noprobes' flag is
12368 12961 * set, do not permit sections relating to providers, probes, or args.
12369 12962 */
12370 12963 for (i = 0; i < dof->dofh_secnum; i++) {
12371 12964 dof_sec_t *sec = (dof_sec_t *)(daddr +
12372 12965 (uintptr_t)dof->dofh_secoff + i * dof->dofh_secsize);
12373 12966
12374 12967 if (noprobes) {
12375 12968 switch (sec->dofs_type) {
12376 12969 case DOF_SECT_PROVIDER:
12377 12970 case DOF_SECT_PROBES:
12378 12971 case DOF_SECT_PRARGS:
12379 12972 case DOF_SECT_PROFFS:
12380 12973 dtrace_dof_error(dof, "illegal sections "
12381 12974 "for enabling");
12382 12975 return (-1);
12383 12976 }
12384 12977 }
12385 12978
12386 12979 if (DOF_SEC_ISLOADABLE(sec->dofs_type) &&
12387 12980 !(sec->dofs_flags & DOF_SECF_LOAD)) {
12388 12981 dtrace_dof_error(dof, "loadable section with load "
12389 12982 "flag unset");
12390 12983 return (-1);
12391 12984 }
12392 12985
12393 12986 if (!(sec->dofs_flags & DOF_SECF_LOAD))
12394 12987 continue; /* just ignore non-loadable sections */
12395 12988
12396 12989 if (sec->dofs_align & (sec->dofs_align - 1)) {
12397 12990 dtrace_dof_error(dof, "bad section alignment");
12398 12991 return (-1);
12399 12992 }
12400 12993
12401 12994 if (sec->dofs_offset & (sec->dofs_align - 1)) {
12402 12995 dtrace_dof_error(dof, "misaligned section");
12403 12996 return (-1);
12404 12997 }
12405 12998
12406 12999 if (sec->dofs_offset > len || sec->dofs_size > len ||
12407 13000 sec->dofs_offset + sec->dofs_size > len) {
12408 13001 dtrace_dof_error(dof, "corrupt section header");
12409 13002 return (-1);
12410 13003 }
12411 13004
12412 13005 if (sec->dofs_type == DOF_SECT_STRTAB && *((char *)daddr +
12413 13006 sec->dofs_offset + sec->dofs_size - 1) != '\0') {
12414 13007 dtrace_dof_error(dof, "non-terminating string table");
12415 13008 return (-1);
12416 13009 }
12417 13010 }
12418 13011
12419 13012 /*
12420 13013 * Take a second pass through the sections and locate and perform any
12421 13014 * relocations that are present. We do this after the first pass to
12422 13015 * be sure that all sections have had their headers validated.
12423 13016 */
12424 13017 for (i = 0; i < dof->dofh_secnum; i++) {
12425 13018 dof_sec_t *sec = (dof_sec_t *)(daddr +
12426 13019 (uintptr_t)dof->dofh_secoff + i * dof->dofh_secsize);
12427 13020
12428 13021 if (!(sec->dofs_flags & DOF_SECF_LOAD))
12429 13022 continue; /* skip sections that are not loadable */
12430 13023
12431 13024 switch (sec->dofs_type) {
12432 13025 case DOF_SECT_URELHDR:
12433 13026 if (dtrace_dof_relocate(dof, sec, ubase) != 0)
12434 13027 return (-1);
12435 13028 break;
12436 13029 }
12437 13030 }
12438 13031
12439 13032 if ((enab = *enabp) == NULL)
12440 13033 enab = *enabp = dtrace_enabling_create(vstate);
12441 13034
12442 13035 for (i = 0; i < dof->dofh_secnum; i++) {
12443 13036 dof_sec_t *sec = (dof_sec_t *)(daddr +
12444 13037 (uintptr_t)dof->dofh_secoff + i * dof->dofh_secsize);
12445 13038
12446 13039 if (sec->dofs_type != DOF_SECT_ECBDESC)
12447 13040 continue;
12448 13041
12449 13042 if ((ep = dtrace_dof_ecbdesc(dof, sec, vstate, cr)) == NULL) {
12450 13043 dtrace_enabling_destroy(enab);
12451 13044 *enabp = NULL;
12452 13045 return (-1);
12453 13046 }
12454 13047
12455 13048 dtrace_enabling_add(enab, ep);
12456 13049 }
12457 13050
12458 13051 return (0);
12459 13052 }
12460 13053
12461 13054 /*
12462 13055 * Process DOF for any options. This routine assumes that the DOF has been
12463 13056 * at least processed by dtrace_dof_slurp().
12464 13057 */
12465 13058 static int
12466 13059 dtrace_dof_options(dof_hdr_t *dof, dtrace_state_t *state)
12467 13060 {
12468 13061 int i, rval;
12469 13062 uint32_t entsize;
12470 13063 size_t offs;
12471 13064 dof_optdesc_t *desc;
12472 13065
12473 13066 for (i = 0; i < dof->dofh_secnum; i++) {
12474 13067 dof_sec_t *sec = (dof_sec_t *)((uintptr_t)dof +
12475 13068 (uintptr_t)dof->dofh_secoff + i * dof->dofh_secsize);
12476 13069
12477 13070 if (sec->dofs_type != DOF_SECT_OPTDESC)
12478 13071 continue;
12479 13072
12480 13073 if (sec->dofs_align != sizeof (uint64_t)) {
12481 13074 dtrace_dof_error(dof, "bad alignment in "
12482 13075 "option description");
12483 13076 return (EINVAL);
12484 13077 }
12485 13078
12486 13079 if ((entsize = sec->dofs_entsize) == 0) {
12487 13080 dtrace_dof_error(dof, "zeroed option entry size");
12488 13081 return (EINVAL);
12489 13082 }
12490 13083
12491 13084 if (entsize < sizeof (dof_optdesc_t)) {
12492 13085 dtrace_dof_error(dof, "bad option entry size");
12493 13086 return (EINVAL);
12494 13087 }
12495 13088
12496 13089 for (offs = 0; offs < sec->dofs_size; offs += entsize) {
12497 13090 desc = (dof_optdesc_t *)((uintptr_t)dof +
12498 13091 (uintptr_t)sec->dofs_offset + offs);
12499 13092
12500 13093 if (desc->dofo_strtab != DOF_SECIDX_NONE) {
12501 13094 dtrace_dof_error(dof, "non-zero option string");
12502 13095 return (EINVAL);
12503 13096 }
12504 13097
12505 13098 if (desc->dofo_value == DTRACEOPT_UNSET) {
12506 13099 dtrace_dof_error(dof, "unset option");
12507 13100 return (EINVAL);
12508 13101 }
12509 13102
12510 13103 if ((rval = dtrace_state_option(state,
12511 13104 desc->dofo_option, desc->dofo_value)) != 0) {
12512 13105 dtrace_dof_error(dof, "rejected option");
12513 13106 return (rval);
12514 13107 }
12515 13108 }
12516 13109 }
12517 13110
12518 13111 return (0);
12519 13112 }
12520 13113
12521 13114 /*
12522 13115 * DTrace Consumer State Functions
12523 13116 */
12524 13117 int
12525 13118 dtrace_dstate_init(dtrace_dstate_t *dstate, size_t size)
12526 13119 {
12527 13120 size_t hashsize, maxper, min, chunksize = dstate->dtds_chunksize;
12528 13121 void *base;
12529 13122 uintptr_t limit;
12530 13123 dtrace_dynvar_t *dvar, *next, *start;
12531 13124 int i;
12532 13125
12533 13126 ASSERT(MUTEX_HELD(&dtrace_lock));
12534 13127 ASSERT(dstate->dtds_base == NULL && dstate->dtds_percpu == NULL);
12535 13128
12536 13129 bzero(dstate, sizeof (dtrace_dstate_t));
12537 13130
12538 13131 if ((dstate->dtds_chunksize = chunksize) == 0)
12539 13132 dstate->dtds_chunksize = DTRACE_DYNVAR_CHUNKSIZE;
12540 13133
12541 13134 if (size < (min = dstate->dtds_chunksize + sizeof (dtrace_dynhash_t)))
12542 13135 size = min;
12543 13136
12544 13137 if ((base = kmem_zalloc(size, KM_NOSLEEP | KM_NORMALPRI)) == NULL)
12545 13138 return (ENOMEM);
12546 13139
12547 13140 dstate->dtds_size = size;
12548 13141 dstate->dtds_base = base;
12549 13142 dstate->dtds_percpu = kmem_cache_alloc(dtrace_state_cache, KM_SLEEP);
12550 13143 bzero(dstate->dtds_percpu, NCPU * sizeof (dtrace_dstate_percpu_t));
12551 13144
12552 13145 hashsize = size / (dstate->dtds_chunksize + sizeof (dtrace_dynhash_t));
12553 13146
12554 13147 if (hashsize != 1 && (hashsize & 1))
12555 13148 hashsize--;
12556 13149
12557 13150 dstate->dtds_hashsize = hashsize;
12558 13151 dstate->dtds_hash = dstate->dtds_base;
12559 13152
12560 13153 /*
12561 13154 * Set all of our hash buckets to point to the single sink, and (if
12562 13155 * it hasn't already been set), set the sink's hash value to be the
12563 13156 * sink sentinel value. The sink is needed for dynamic variable
12564 13157 * lookups to know that they have iterated over an entire, valid hash
12565 13158 * chain.
12566 13159 */
12567 13160 for (i = 0; i < hashsize; i++)
12568 13161 dstate->dtds_hash[i].dtdh_chain = &dtrace_dynhash_sink;
12569 13162
12570 13163 if (dtrace_dynhash_sink.dtdv_hashval != DTRACE_DYNHASH_SINK)
12571 13164 dtrace_dynhash_sink.dtdv_hashval = DTRACE_DYNHASH_SINK;
12572 13165
12573 13166 /*
12574 13167 * Determine number of active CPUs. Divide free list evenly among
12575 13168 * active CPUs.
12576 13169 */
12577 13170 start = (dtrace_dynvar_t *)
12578 13171 ((uintptr_t)base + hashsize * sizeof (dtrace_dynhash_t));
12579 13172 limit = (uintptr_t)base + size;
12580 13173
12581 13174 maxper = (limit - (uintptr_t)start) / NCPU;
12582 13175 maxper = (maxper / dstate->dtds_chunksize) * dstate->dtds_chunksize;
12583 13176
12584 13177 for (i = 0; i < NCPU; i++) {
12585 13178 dstate->dtds_percpu[i].dtdsc_free = dvar = start;
12586 13179
12587 13180 /*
12588 13181 * If we don't even have enough chunks to make it once through
12589 13182 * NCPUs, we're just going to allocate everything to the first
12590 13183 * CPU. And if we're on the last CPU, we're going to allocate
12591 13184 * whatever is left over. In either case, we set the limit to
12592 13185 * be the limit of the dynamic variable space.
12593 13186 */
12594 13187 if (maxper == 0 || i == NCPU - 1) {
12595 13188 limit = (uintptr_t)base + size;
12596 13189 start = NULL;
12597 13190 } else {
12598 13191 limit = (uintptr_t)start + maxper;
12599 13192 start = (dtrace_dynvar_t *)limit;
12600 13193 }
12601 13194
12602 13195 ASSERT(limit <= (uintptr_t)base + size);
12603 13196
12604 13197 for (;;) {
12605 13198 next = (dtrace_dynvar_t *)((uintptr_t)dvar +
12606 13199 dstate->dtds_chunksize);
12607 13200
12608 13201 if ((uintptr_t)next + dstate->dtds_chunksize >= limit)
12609 13202 break;
12610 13203
12611 13204 dvar->dtdv_next = next;
12612 13205 dvar = next;
12613 13206 }
12614 13207
12615 13208 if (maxper == 0)
12616 13209 break;
12617 13210 }
12618 13211
12619 13212 return (0);
12620 13213 }
12621 13214
12622 13215 void
12623 13216 dtrace_dstate_fini(dtrace_dstate_t *dstate)
12624 13217 {
12625 13218 ASSERT(MUTEX_HELD(&cpu_lock));
12626 13219
12627 13220 if (dstate->dtds_base == NULL)
12628 13221 return;
12629 13222
12630 13223 kmem_free(dstate->dtds_base, dstate->dtds_size);
12631 13224 kmem_cache_free(dtrace_state_cache, dstate->dtds_percpu);
12632 13225 }
12633 13226
12634 13227 static void
12635 13228 dtrace_vstate_fini(dtrace_vstate_t *vstate)
12636 13229 {
12637 13230 /*
12638 13231 * Logical XOR, where are you?
12639 13232 */
12640 13233 ASSERT((vstate->dtvs_nglobals == 0) ^ (vstate->dtvs_globals != NULL));
12641 13234
12642 13235 if (vstate->dtvs_nglobals > 0) {
12643 13236 kmem_free(vstate->dtvs_globals, vstate->dtvs_nglobals *
12644 13237 sizeof (dtrace_statvar_t *));
12645 13238 }
12646 13239
12647 13240 if (vstate->dtvs_ntlocals > 0) {
12648 13241 kmem_free(vstate->dtvs_tlocals, vstate->dtvs_ntlocals *
12649 13242 sizeof (dtrace_difv_t));
12650 13243 }
12651 13244
12652 13245 ASSERT((vstate->dtvs_nlocals == 0) ^ (vstate->dtvs_locals != NULL));
12653 13246
12654 13247 if (vstate->dtvs_nlocals > 0) {
12655 13248 kmem_free(vstate->dtvs_locals, vstate->dtvs_nlocals *
12656 13249 sizeof (dtrace_statvar_t *));
12657 13250 }
12658 13251 }
12659 13252
12660 13253 static void
12661 13254 dtrace_state_clean(dtrace_state_t *state)
12662 13255 {
12663 13256 if (state->dts_activity == DTRACE_ACTIVITY_INACTIVE)
12664 13257 return;
12665 13258
12666 13259 dtrace_dynvar_clean(&state->dts_vstate.dtvs_dynvars);
12667 13260 dtrace_speculation_clean(state);
12668 13261 }
12669 13262
12670 13263 static void
12671 13264 dtrace_state_deadman(dtrace_state_t *state)
12672 13265 {
12673 13266 hrtime_t now;
12674 13267
12675 13268 dtrace_sync();
12676 13269
12677 13270 now = dtrace_gethrtime();
12678 13271
12679 13272 if (state != dtrace_anon.dta_state &&
12680 13273 now - state->dts_laststatus >= dtrace_deadman_user)
12681 13274 return;
12682 13275
12683 13276 /*
12684 13277 * We must be sure that dts_alive never appears to be less than the
12685 13278 * value upon entry to dtrace_state_deadman(), and because we lack a
12686 13279 * dtrace_cas64(), we cannot store to it atomically. We thus instead
12687 13280 * store INT64_MAX to it, followed by a memory barrier, followed by
12688 13281 * the new value. This assures that dts_alive never appears to be
12689 13282 * less than its true value, regardless of the order in which the
12690 13283 * stores to the underlying storage are issued.
12691 13284 */
12692 13285 state->dts_alive = INT64_MAX;
12693 13286 dtrace_membar_producer();
12694 13287 state->dts_alive = now;
12695 13288 }
12696 13289
12697 13290 dtrace_state_t *
12698 13291 dtrace_state_create(dev_t *devp, cred_t *cr)
12699 13292 {
12700 13293 minor_t minor;
12701 13294 major_t major;
12702 13295 char c[30];
12703 13296 dtrace_state_t *state;
12704 13297 dtrace_optval_t *opt;
12705 13298 int bufsize = NCPU * sizeof (dtrace_buffer_t), i;
12706 13299
12707 13300 ASSERT(MUTEX_HELD(&dtrace_lock));
12708 13301 ASSERT(MUTEX_HELD(&cpu_lock));
12709 13302
12710 13303 minor = (minor_t)(uintptr_t)vmem_alloc(dtrace_minor, 1,
12711 13304 VM_BESTFIT | VM_SLEEP);
12712 13305
12713 13306 if (ddi_soft_state_zalloc(dtrace_softstate, minor) != DDI_SUCCESS) {
12714 13307 vmem_free(dtrace_minor, (void *)(uintptr_t)minor, 1);
12715 13308 return (NULL);
12716 13309 }
12717 13310
12718 13311 state = ddi_get_soft_state(dtrace_softstate, minor);
12719 13312 state->dts_epid = DTRACE_EPIDNONE + 1;
12720 13313
12721 13314 (void) snprintf(c, sizeof (c), "dtrace_aggid_%d", minor);
12722 13315 state->dts_aggid_arena = vmem_create(c, (void *)1, UINT32_MAX, 1,
12723 13316 NULL, NULL, NULL, 0, VM_SLEEP | VMC_IDENTIFIER);
12724 13317
12725 13318 if (devp != NULL) {
12726 13319 major = getemajor(*devp);
12727 13320 } else {
12728 13321 major = ddi_driver_major(dtrace_devi);
12729 13322 }
12730 13323
12731 13324 state->dts_dev = makedevice(major, minor);
12732 13325
12733 13326 if (devp != NULL)
12734 13327 *devp = state->dts_dev;
12735 13328
12736 13329 /*
12737 13330 * We allocate NCPU buffers. On the one hand, this can be quite
12738 13331 * a bit of memory per instance (nearly 36K on a Starcat). On the
12739 13332 * other hand, it saves an additional memory reference in the probe
12740 13333 * path.
12741 13334 */
12742 13335 state->dts_buffer = kmem_zalloc(bufsize, KM_SLEEP);
12743 13336 state->dts_aggbuffer = kmem_zalloc(bufsize, KM_SLEEP);
12744 13337 state->dts_cleaner = CYCLIC_NONE;
12745 13338 state->dts_deadman = CYCLIC_NONE;
12746 13339 state->dts_vstate.dtvs_state = state;
12747 13340
12748 13341 for (i = 0; i < DTRACEOPT_MAX; i++)
12749 13342 state->dts_options[i] = DTRACEOPT_UNSET;
12750 13343
12751 13344 /*
12752 13345 * Set the default options.
12753 13346 */
12754 13347 opt = state->dts_options;
12755 13348 opt[DTRACEOPT_BUFPOLICY] = DTRACEOPT_BUFPOLICY_SWITCH;
12756 13349 opt[DTRACEOPT_BUFRESIZE] = DTRACEOPT_BUFRESIZE_AUTO;
12757 13350 opt[DTRACEOPT_NSPEC] = dtrace_nspec_default;
12758 13351 opt[DTRACEOPT_SPECSIZE] = dtrace_specsize_default;
12759 13352 opt[DTRACEOPT_CPU] = (dtrace_optval_t)DTRACE_CPUALL;
12760 13353 opt[DTRACEOPT_STRSIZE] = dtrace_strsize_default;
12761 13354 opt[DTRACEOPT_STACKFRAMES] = dtrace_stackframes_default;
12762 13355 opt[DTRACEOPT_USTACKFRAMES] = dtrace_ustackframes_default;
12763 13356 opt[DTRACEOPT_CLEANRATE] = dtrace_cleanrate_default;
12764 13357 opt[DTRACEOPT_AGGRATE] = dtrace_aggrate_default;
12765 13358 opt[DTRACEOPT_SWITCHRATE] = dtrace_switchrate_default;
12766 13359 opt[DTRACEOPT_STATUSRATE] = dtrace_statusrate_default;
12767 13360 opt[DTRACEOPT_JSTACKFRAMES] = dtrace_jstackframes_default;
12768 13361 opt[DTRACEOPT_JSTACKSTRSIZE] = dtrace_jstackstrsize_default;
12769 13362
12770 13363 state->dts_activity = DTRACE_ACTIVITY_INACTIVE;
12771 13364
12772 13365 /*
12773 13366 * Depending on the user credentials, we set flag bits which alter probe
12774 13367 * visibility or the amount of destructiveness allowed. In the case of
12775 13368 * actual anonymous tracing, or the possession of all privileges, all of
12776 13369 * the normal checks are bypassed.
12777 13370 */
12778 13371 if (cr == NULL || PRIV_POLICY_ONLY(cr, PRIV_ALL, B_FALSE)) {
12779 13372 state->dts_cred.dcr_visible = DTRACE_CRV_ALL;
12780 13373 state->dts_cred.dcr_action = DTRACE_CRA_ALL;
12781 13374 } else {
12782 13375 /*
12783 13376 * Set up the credentials for this instantiation. We take a
12784 13377 * hold on the credential to prevent it from disappearing on
12785 13378 * us; this in turn prevents the zone_t referenced by this
12786 13379 * credential from disappearing. This means that we can
12787 13380 * examine the credential and the zone from probe context.
12788 13381 */
12789 13382 crhold(cr);
12790 13383 state->dts_cred.dcr_cred = cr;
12791 13384
12792 13385 /*
12793 13386 * CRA_PROC means "we have *some* privilege for dtrace" and
12794 13387 * unlocks the use of variables like pid, zonename, etc.
12795 13388 */
12796 13389 if (PRIV_POLICY_ONLY(cr, PRIV_DTRACE_USER, B_FALSE) ||
12797 13390 PRIV_POLICY_ONLY(cr, PRIV_DTRACE_PROC, B_FALSE)) {
12798 13391 state->dts_cred.dcr_action |= DTRACE_CRA_PROC;
12799 13392 }
12800 13393
12801 13394 /*
12802 13395 * dtrace_user allows use of syscall and profile providers.
12803 13396 * If the user also has proc_owner and/or proc_zone, we
12804 13397 * extend the scope to include additional visibility and
12805 13398 * destructive power.
12806 13399 */
12807 13400 if (PRIV_POLICY_ONLY(cr, PRIV_DTRACE_USER, B_FALSE)) {
12808 13401 if (PRIV_POLICY_ONLY(cr, PRIV_PROC_OWNER, B_FALSE)) {
12809 13402 state->dts_cred.dcr_visible |=
12810 13403 DTRACE_CRV_ALLPROC;
12811 13404
12812 13405 state->dts_cred.dcr_action |=
12813 13406 DTRACE_CRA_PROC_DESTRUCTIVE_ALLUSER;
12814 13407 }
12815 13408
12816 13409 if (PRIV_POLICY_ONLY(cr, PRIV_PROC_ZONE, B_FALSE)) {
12817 13410 state->dts_cred.dcr_visible |=
12818 13411 DTRACE_CRV_ALLZONE;
12819 13412
12820 13413 state->dts_cred.dcr_action |=
12821 13414 DTRACE_CRA_PROC_DESTRUCTIVE_ALLZONE;
12822 13415 }
12823 13416
12824 13417 /*
12825 13418 * If we have all privs in whatever zone this is,
12826 13419 * we can do destructive things to processes which
12827 13420 * have altered credentials.
12828 13421 */
12829 13422 if (priv_isequalset(priv_getset(cr, PRIV_EFFECTIVE),
12830 13423 cr->cr_zone->zone_privset)) {
12831 13424 state->dts_cred.dcr_action |=
12832 13425 DTRACE_CRA_PROC_DESTRUCTIVE_CREDCHG;
12833 13426 }
12834 13427 }
12835 13428
12836 13429 /*
12837 13430 * Holding the dtrace_kernel privilege also implies that
12838 13431 * the user has the dtrace_user privilege from a visibility
12839 13432 * perspective. But without further privileges, some
12840 13433 * destructive actions are not available.
12841 13434 */
12842 13435 if (PRIV_POLICY_ONLY(cr, PRIV_DTRACE_KERNEL, B_FALSE)) {
12843 13436 /*
12844 13437 * Make all probes in all zones visible. However,
12845 13438 * this doesn't mean that all actions become available
12846 13439 * to all zones.
12847 13440 */
12848 13441 state->dts_cred.dcr_visible |= DTRACE_CRV_KERNEL |
12849 13442 DTRACE_CRV_ALLPROC | DTRACE_CRV_ALLZONE;
12850 13443
12851 13444 state->dts_cred.dcr_action |= DTRACE_CRA_KERNEL |
12852 13445 DTRACE_CRA_PROC;
12853 13446 /*
12854 13447 * Holding proc_owner means that destructive actions
12855 13448 * for *this* zone are allowed.
12856 13449 */
12857 13450 if (PRIV_POLICY_ONLY(cr, PRIV_PROC_OWNER, B_FALSE))
12858 13451 state->dts_cred.dcr_action |=
12859 13452 DTRACE_CRA_PROC_DESTRUCTIVE_ALLUSER;
12860 13453
12861 13454 /*
12862 13455 * Holding proc_zone means that destructive actions
12863 13456 * for this user/group ID in all zones is allowed.
12864 13457 */
12865 13458 if (PRIV_POLICY_ONLY(cr, PRIV_PROC_ZONE, B_FALSE))
12866 13459 state->dts_cred.dcr_action |=
12867 13460 DTRACE_CRA_PROC_DESTRUCTIVE_ALLZONE;
12868 13461
12869 13462 /*
12870 13463 * If we have all privs in whatever zone this is,
12871 13464 * we can do destructive things to processes which
12872 13465 * have altered credentials.
12873 13466 */
12874 13467 if (priv_isequalset(priv_getset(cr, PRIV_EFFECTIVE),
12875 13468 cr->cr_zone->zone_privset)) {
12876 13469 state->dts_cred.dcr_action |=
12877 13470 DTRACE_CRA_PROC_DESTRUCTIVE_CREDCHG;
12878 13471 }
12879 13472 }
12880 13473
12881 13474 /*
12882 13475 * Holding the dtrace_proc privilege gives control over fasttrap
12883 13476 * and pid providers. We need to grant wider destructive
12884 13477 * privileges in the event that the user has proc_owner and/or
12885 13478 * proc_zone.
12886 13479 */
12887 13480 if (PRIV_POLICY_ONLY(cr, PRIV_DTRACE_PROC, B_FALSE)) {
12888 13481 if (PRIV_POLICY_ONLY(cr, PRIV_PROC_OWNER, B_FALSE))
12889 13482 state->dts_cred.dcr_action |=
12890 13483 DTRACE_CRA_PROC_DESTRUCTIVE_ALLUSER;
12891 13484
12892 13485 if (PRIV_POLICY_ONLY(cr, PRIV_PROC_ZONE, B_FALSE))
12893 13486 state->dts_cred.dcr_action |=
12894 13487 DTRACE_CRA_PROC_DESTRUCTIVE_ALLZONE;
12895 13488 }
12896 13489 }
12897 13490
12898 13491 return (state);
12899 13492 }
12900 13493
12901 13494 static int
12902 13495 dtrace_state_buffer(dtrace_state_t *state, dtrace_buffer_t *buf, int which)
12903 13496 {
12904 13497 dtrace_optval_t *opt = state->dts_options, size;
12905 13498 processorid_t cpu;
12906 13499 int flags = 0, rval, factor, divisor = 1;
12907 13500
12908 13501 ASSERT(MUTEX_HELD(&dtrace_lock));
12909 13502 ASSERT(MUTEX_HELD(&cpu_lock));
12910 13503 ASSERT(which < DTRACEOPT_MAX);
12911 13504 ASSERT(state->dts_activity == DTRACE_ACTIVITY_INACTIVE ||
12912 13505 (state == dtrace_anon.dta_state &&
12913 13506 state->dts_activity == DTRACE_ACTIVITY_ACTIVE));
12914 13507
12915 13508 if (opt[which] == DTRACEOPT_UNSET || opt[which] == 0)
12916 13509 return (0);
12917 13510
12918 13511 if (opt[DTRACEOPT_CPU] != DTRACEOPT_UNSET)
12919 13512 cpu = opt[DTRACEOPT_CPU];
12920 13513
12921 13514 if (which == DTRACEOPT_SPECSIZE)
12922 13515 flags |= DTRACEBUF_NOSWITCH;
12923 13516
12924 13517 if (which == DTRACEOPT_BUFSIZE) {
12925 13518 if (opt[DTRACEOPT_BUFPOLICY] == DTRACEOPT_BUFPOLICY_RING)
12926 13519 flags |= DTRACEBUF_RING;
12927 13520
12928 13521 if (opt[DTRACEOPT_BUFPOLICY] == DTRACEOPT_BUFPOLICY_FILL)
12929 13522 flags |= DTRACEBUF_FILL;
12930 13523
12931 13524 if (state != dtrace_anon.dta_state ||
12932 13525 state->dts_activity != DTRACE_ACTIVITY_ACTIVE)
12933 13526 flags |= DTRACEBUF_INACTIVE;
12934 13527 }
12935 13528
12936 13529 for (size = opt[which]; size >= sizeof (uint64_t); size /= divisor) {
12937 13530 /*
12938 13531 * The size must be 8-byte aligned. If the size is not 8-byte
12939 13532 * aligned, drop it down by the difference.
12940 13533 */
12941 13534 if (size & (sizeof (uint64_t) - 1))
12942 13535 size -= size & (sizeof (uint64_t) - 1);
12943 13536
12944 13537 if (size < state->dts_reserve) {
12945 13538 /*
12946 13539 * Buffers always must be large enough to accommodate
12947 13540 * their prereserved space. We return E2BIG instead
12948 13541 * of ENOMEM in this case to allow for user-level
12949 13542 * software to differentiate the cases.
12950 13543 */
12951 13544 return (E2BIG);
12952 13545 }
12953 13546
12954 13547 rval = dtrace_buffer_alloc(buf, size, flags, cpu, &factor);
12955 13548
12956 13549 if (rval != ENOMEM) {
12957 13550 opt[which] = size;
12958 13551 return (rval);
12959 13552 }
12960 13553
12961 13554 if (opt[DTRACEOPT_BUFRESIZE] == DTRACEOPT_BUFRESIZE_MANUAL)
12962 13555 return (rval);
12963 13556
12964 13557 for (divisor = 2; divisor < factor; divisor <<= 1)
12965 13558 continue;
12966 13559 }
12967 13560
12968 13561 return (ENOMEM);
12969 13562 }
12970 13563
12971 13564 static int
12972 13565 dtrace_state_buffers(dtrace_state_t *state)
12973 13566 {
12974 13567 dtrace_speculation_t *spec = state->dts_speculations;
12975 13568 int rval, i;
12976 13569
12977 13570 if ((rval = dtrace_state_buffer(state, state->dts_buffer,
12978 13571 DTRACEOPT_BUFSIZE)) != 0)
12979 13572 return (rval);
12980 13573
12981 13574 if ((rval = dtrace_state_buffer(state, state->dts_aggbuffer,
12982 13575 DTRACEOPT_AGGSIZE)) != 0)
12983 13576 return (rval);
12984 13577
12985 13578 for (i = 0; i < state->dts_nspeculations; i++) {
12986 13579 if ((rval = dtrace_state_buffer(state,
12987 13580 spec[i].dtsp_buffer, DTRACEOPT_SPECSIZE)) != 0)
12988 13581 return (rval);
12989 13582 }
12990 13583
12991 13584 return (0);
12992 13585 }
12993 13586
12994 13587 static void
12995 13588 dtrace_state_prereserve(dtrace_state_t *state)
12996 13589 {
12997 13590 dtrace_ecb_t *ecb;
12998 13591 dtrace_probe_t *probe;
12999 13592
13000 13593 state->dts_reserve = 0;
13001 13594
13002 13595 if (state->dts_options[DTRACEOPT_BUFPOLICY] != DTRACEOPT_BUFPOLICY_FILL)
13003 13596 return;
13004 13597
13005 13598 /*
13006 13599 * If our buffer policy is a "fill" buffer policy, we need to set the
13007 13600 * prereserved space to be the space required by the END probes.
13008 13601 */
13009 13602 probe = dtrace_probes[dtrace_probeid_end - 1];
13010 13603 ASSERT(probe != NULL);
13011 13604
13012 13605 for (ecb = probe->dtpr_ecb; ecb != NULL; ecb = ecb->dte_next) {
13013 13606 if (ecb->dte_state != state)
13014 13607 continue;
13015 13608
13016 13609 state->dts_reserve += ecb->dte_needed + ecb->dte_alignment;
13017 13610 }
13018 13611 }
13019 13612
13020 13613 static int
13021 13614 dtrace_state_go(dtrace_state_t *state, processorid_t *cpu)
13022 13615 {
13023 13616 dtrace_optval_t *opt = state->dts_options, sz, nspec;
13024 13617 dtrace_speculation_t *spec;
13025 13618 dtrace_buffer_t *buf;
13026 13619 cyc_handler_t hdlr;
13027 13620 cyc_time_t when;
13028 13621 int rval = 0, i, bufsize = NCPU * sizeof (dtrace_buffer_t);
13029 13622 dtrace_icookie_t cookie;
13030 13623
13031 13624 mutex_enter(&cpu_lock);
13032 13625 mutex_enter(&dtrace_lock);
13033 13626
13034 13627 if (state->dts_activity != DTRACE_ACTIVITY_INACTIVE) {
13035 13628 rval = EBUSY;
13036 13629 goto out;
13037 13630 }
13038 13631
13039 13632 /*
13040 13633 * Before we can perform any checks, we must prime all of the
13041 13634 * retained enablings that correspond to this state.
13042 13635 */
13043 13636 dtrace_enabling_prime(state);
13044 13637
13045 13638 if (state->dts_destructive && !state->dts_cred.dcr_destructive) {
13046 13639 rval = EACCES;
13047 13640 goto out;
13048 13641 }
13049 13642
13050 13643 dtrace_state_prereserve(state);
13051 13644
13052 13645 /*
13053 13646 * Now we want to do is try to allocate our speculations.
13054 13647 * We do not automatically resize the number of speculations; if
13055 13648 * this fails, we will fail the operation.
13056 13649 */
13057 13650 nspec = opt[DTRACEOPT_NSPEC];
13058 13651 ASSERT(nspec != DTRACEOPT_UNSET);
13059 13652
13060 13653 if (nspec > INT_MAX) {
13061 13654 rval = ENOMEM;
13062 13655 goto out;
13063 13656 }
13064 13657
13065 13658 spec = kmem_zalloc(nspec * sizeof (dtrace_speculation_t),
13066 13659 KM_NOSLEEP | KM_NORMALPRI);
13067 13660
13068 13661 if (spec == NULL) {
13069 13662 rval = ENOMEM;
13070 13663 goto out;
13071 13664 }
13072 13665
13073 13666 state->dts_speculations = spec;
13074 13667 state->dts_nspeculations = (int)nspec;
13075 13668
13076 13669 for (i = 0; i < nspec; i++) {
13077 13670 if ((buf = kmem_zalloc(bufsize,
13078 13671 KM_NOSLEEP | KM_NORMALPRI)) == NULL) {
13079 13672 rval = ENOMEM;
13080 13673 goto err;
13081 13674 }
13082 13675
13083 13676 spec[i].dtsp_buffer = buf;
13084 13677 }
13085 13678
13086 13679 if (opt[DTRACEOPT_GRABANON] != DTRACEOPT_UNSET) {
13087 13680 if (dtrace_anon.dta_state == NULL) {
13088 13681 rval = ENOENT;
13089 13682 goto out;
13090 13683 }
13091 13684
13092 13685 if (state->dts_necbs != 0) {
13093 13686 rval = EALREADY;
13094 13687 goto out;
13095 13688 }
13096 13689
13097 13690 state->dts_anon = dtrace_anon_grab();
13098 13691 ASSERT(state->dts_anon != NULL);
13099 13692 state = state->dts_anon;
13100 13693
13101 13694 /*
13102 13695 * We want "grabanon" to be set in the grabbed state, so we'll
13103 13696 * copy that option value from the grabbing state into the
13104 13697 * grabbed state.
13105 13698 */
13106 13699 state->dts_options[DTRACEOPT_GRABANON] =
13107 13700 opt[DTRACEOPT_GRABANON];
13108 13701
13109 13702 *cpu = dtrace_anon.dta_beganon;
13110 13703
13111 13704 /*
13112 13705 * If the anonymous state is active (as it almost certainly
13113 13706 * is if the anonymous enabling ultimately matched anything),
13114 13707 * we don't allow any further option processing -- but we
13115 13708 * don't return failure.
13116 13709 */
13117 13710 if (state->dts_activity != DTRACE_ACTIVITY_INACTIVE)
13118 13711 goto out;
13119 13712 }
13120 13713
13121 13714 if (opt[DTRACEOPT_AGGSIZE] != DTRACEOPT_UNSET &&
13122 13715 opt[DTRACEOPT_AGGSIZE] != 0) {
13123 13716 if (state->dts_aggregations == NULL) {
13124 13717 /*
13125 13718 * We're not going to create an aggregation buffer
13126 13719 * because we don't have any ECBs that contain
13127 13720 * aggregations -- set this option to 0.
13128 13721 */
13129 13722 opt[DTRACEOPT_AGGSIZE] = 0;
13130 13723 } else {
13131 13724 /*
13132 13725 * If we have an aggregation buffer, we must also have
13133 13726 * a buffer to use as scratch.
13134 13727 */
13135 13728 if (opt[DTRACEOPT_BUFSIZE] == DTRACEOPT_UNSET ||
13136 13729 opt[DTRACEOPT_BUFSIZE] < state->dts_needed) {
13137 13730 opt[DTRACEOPT_BUFSIZE] = state->dts_needed;
13138 13731 }
13139 13732 }
13140 13733 }
13141 13734
13142 13735 if (opt[DTRACEOPT_SPECSIZE] != DTRACEOPT_UNSET &&
13143 13736 opt[DTRACEOPT_SPECSIZE] != 0) {
13144 13737 if (!state->dts_speculates) {
13145 13738 /*
13146 13739 * We're not going to create speculation buffers
13147 13740 * because we don't have any ECBs that actually
13148 13741 * speculate -- set the speculation size to 0.
13149 13742 */
13150 13743 opt[DTRACEOPT_SPECSIZE] = 0;
13151 13744 }
13152 13745 }
13153 13746
13154 13747 /*
13155 13748 * The bare minimum size for any buffer that we're actually going to
13156 13749 * do anything to is sizeof (uint64_t).
13157 13750 */
13158 13751 sz = sizeof (uint64_t);
13159 13752
13160 13753 if ((state->dts_needed != 0 && opt[DTRACEOPT_BUFSIZE] < sz) ||
13161 13754 (state->dts_speculates && opt[DTRACEOPT_SPECSIZE] < sz) ||
13162 13755 (state->dts_aggregations != NULL && opt[DTRACEOPT_AGGSIZE] < sz)) {
13163 13756 /*
13164 13757 * A buffer size has been explicitly set to 0 (or to a size
13165 13758 * that will be adjusted to 0) and we need the space -- we
13166 13759 * need to return failure. We return ENOSPC to differentiate
13167 13760 * it from failing to allocate a buffer due to failure to meet
13168 13761 * the reserve (for which we return E2BIG).
13169 13762 */
13170 13763 rval = ENOSPC;
13171 13764 goto out;
13172 13765 }
13173 13766
13174 13767 if ((rval = dtrace_state_buffers(state)) != 0)
13175 13768 goto err;
13176 13769
13177 13770 if ((sz = opt[DTRACEOPT_DYNVARSIZE]) == DTRACEOPT_UNSET)
13178 13771 sz = dtrace_dstate_defsize;
13179 13772
13180 13773 do {
13181 13774 rval = dtrace_dstate_init(&state->dts_vstate.dtvs_dynvars, sz);
13182 13775
13183 13776 if (rval == 0)
13184 13777 break;
13185 13778
13186 13779 if (opt[DTRACEOPT_BUFRESIZE] == DTRACEOPT_BUFRESIZE_MANUAL)
13187 13780 goto err;
13188 13781 } while (sz >>= 1);
13189 13782
13190 13783 opt[DTRACEOPT_DYNVARSIZE] = sz;
13191 13784
13192 13785 if (rval != 0)
13193 13786 goto err;
13194 13787
13195 13788 if (opt[DTRACEOPT_STATUSRATE] > dtrace_statusrate_max)
13196 13789 opt[DTRACEOPT_STATUSRATE] = dtrace_statusrate_max;
13197 13790
13198 13791 if (opt[DTRACEOPT_CLEANRATE] == 0)
13199 13792 opt[DTRACEOPT_CLEANRATE] = dtrace_cleanrate_max;
13200 13793
13201 13794 if (opt[DTRACEOPT_CLEANRATE] < dtrace_cleanrate_min)
13202 13795 opt[DTRACEOPT_CLEANRATE] = dtrace_cleanrate_min;
13203 13796
13204 13797 if (opt[DTRACEOPT_CLEANRATE] > dtrace_cleanrate_max)
13205 13798 opt[DTRACEOPT_CLEANRATE] = dtrace_cleanrate_max;
13206 13799
13207 13800 hdlr.cyh_func = (cyc_func_t)dtrace_state_clean;
13208 13801 hdlr.cyh_arg = state;
13209 13802 hdlr.cyh_level = CY_LOW_LEVEL;
13210 13803
13211 13804 when.cyt_when = 0;
13212 13805 when.cyt_interval = opt[DTRACEOPT_CLEANRATE];
13213 13806
13214 13807 state->dts_cleaner = cyclic_add(&hdlr, &when);
13215 13808
13216 13809 hdlr.cyh_func = (cyc_func_t)dtrace_state_deadman;
13217 13810 hdlr.cyh_arg = state;
13218 13811 hdlr.cyh_level = CY_LOW_LEVEL;
13219 13812
13220 13813 when.cyt_when = 0;
13221 13814 when.cyt_interval = dtrace_deadman_interval;
13222 13815
13223 13816 state->dts_alive = state->dts_laststatus = dtrace_gethrtime();
13224 13817 state->dts_deadman = cyclic_add(&hdlr, &when);
13225 13818
13226 13819 state->dts_activity = DTRACE_ACTIVITY_WARMUP;
13227 13820
13228 13821 if (state->dts_getf != 0 &&
13229 13822 !(state->dts_cred.dcr_visible & DTRACE_CRV_KERNEL)) {
13230 13823 /*
13231 13824 * We don't have kernel privs but we have at least one call
13232 13825 * to getf(); we need to bump our zone's count, and (if
13233 13826 * this is the first enabling to have an unprivileged call
13234 13827 * to getf()) we need to hook into closef().
13235 13828 */
13236 13829 state->dts_cred.dcr_cred->cr_zone->zone_dtrace_getf++;
13237 13830
13238 13831 if (dtrace_getf++ == 0) {
13239 13832 ASSERT(dtrace_closef == NULL);
13240 13833 dtrace_closef = dtrace_getf_barrier;
13241 13834 }
13242 13835 }
13243 13836
13244 13837 /*
13245 13838 * Now it's time to actually fire the BEGIN probe. We need to disable
13246 13839 * interrupts here both to record the CPU on which we fired the BEGIN
13247 13840 * probe (the data from this CPU will be processed first at user
13248 13841 * level) and to manually activate the buffer for this CPU.
13249 13842 */
13250 13843 cookie = dtrace_interrupt_disable();
13251 13844 *cpu = CPU->cpu_id;
13252 13845 ASSERT(state->dts_buffer[*cpu].dtb_flags & DTRACEBUF_INACTIVE);
13253 13846 state->dts_buffer[*cpu].dtb_flags &= ~DTRACEBUF_INACTIVE;
13254 13847
13255 13848 dtrace_probe(dtrace_probeid_begin,
13256 13849 (uint64_t)(uintptr_t)state, 0, 0, 0, 0);
13257 13850 dtrace_interrupt_enable(cookie);
13258 13851 /*
13259 13852 * We may have had an exit action from a BEGIN probe; only change our
13260 13853 * state to ACTIVE if we're still in WARMUP.
13261 13854 */
13262 13855 ASSERT(state->dts_activity == DTRACE_ACTIVITY_WARMUP ||
13263 13856 state->dts_activity == DTRACE_ACTIVITY_DRAINING);
13264 13857
13265 13858 if (state->dts_activity == DTRACE_ACTIVITY_WARMUP)
13266 13859 state->dts_activity = DTRACE_ACTIVITY_ACTIVE;
13267 13860
13268 13861 /*
13269 13862 * Regardless of whether or not now we're in ACTIVE or DRAINING, we
13270 13863 * want each CPU to transition its principal buffer out of the
13271 13864 * INACTIVE state. Doing this assures that no CPU will suddenly begin
13272 13865 * processing an ECB halfway down a probe's ECB chain; all CPUs will
13273 13866 * atomically transition from processing none of a state's ECBs to
13274 13867 * processing all of them.
13275 13868 */
13276 13869 dtrace_xcall(DTRACE_CPUALL,
13277 13870 (dtrace_xcall_t)dtrace_buffer_activate, state);
13278 13871 goto out;
13279 13872
13280 13873 err:
13281 13874 dtrace_buffer_free(state->dts_buffer);
13282 13875 dtrace_buffer_free(state->dts_aggbuffer);
13283 13876
13284 13877 if ((nspec = state->dts_nspeculations) == 0) {
13285 13878 ASSERT(state->dts_speculations == NULL);
13286 13879 goto out;
13287 13880 }
13288 13881
13289 13882 spec = state->dts_speculations;
13290 13883 ASSERT(spec != NULL);
13291 13884
13292 13885 for (i = 0; i < state->dts_nspeculations; i++) {
13293 13886 if ((buf = spec[i].dtsp_buffer) == NULL)
13294 13887 break;
13295 13888
13296 13889 dtrace_buffer_free(buf);
13297 13890 kmem_free(buf, bufsize);
13298 13891 }
13299 13892
13300 13893 kmem_free(spec, nspec * sizeof (dtrace_speculation_t));
13301 13894 state->dts_nspeculations = 0;
13302 13895 state->dts_speculations = NULL;
13303 13896
13304 13897 out:
13305 13898 mutex_exit(&dtrace_lock);
13306 13899 mutex_exit(&cpu_lock);
13307 13900
13308 13901 return (rval);
13309 13902 }
13310 13903
13311 13904 static int
13312 13905 dtrace_state_stop(dtrace_state_t *state, processorid_t *cpu)
13313 13906 {
13314 13907 dtrace_icookie_t cookie;
13315 13908
13316 13909 ASSERT(MUTEX_HELD(&dtrace_lock));
13317 13910
13318 13911 if (state->dts_activity != DTRACE_ACTIVITY_ACTIVE &&
13319 13912 state->dts_activity != DTRACE_ACTIVITY_DRAINING)
13320 13913 return (EINVAL);
13321 13914
13322 13915 /*
13323 13916 * We'll set the activity to DTRACE_ACTIVITY_DRAINING, and issue a sync
13324 13917 * to be sure that every CPU has seen it. See below for the details
13325 13918 * on why this is done.
13326 13919 */
13327 13920 state->dts_activity = DTRACE_ACTIVITY_DRAINING;
13328 13921 dtrace_sync();
13329 13922
13330 13923 /*
13331 13924 * By this point, it is impossible for any CPU to be still processing
13332 13925 * with DTRACE_ACTIVITY_ACTIVE. We can thus set our activity to
13333 13926 * DTRACE_ACTIVITY_COOLDOWN and know that we're not racing with any
13334 13927 * other CPU in dtrace_buffer_reserve(). This allows dtrace_probe()
13335 13928 * and callees to know that the activity is DTRACE_ACTIVITY_COOLDOWN
13336 13929 * iff we're in the END probe.
13337 13930 */
13338 13931 state->dts_activity = DTRACE_ACTIVITY_COOLDOWN;
13339 13932 dtrace_sync();
13340 13933 ASSERT(state->dts_activity == DTRACE_ACTIVITY_COOLDOWN);
13341 13934
13342 13935 /*
13343 13936 * Finally, we can release the reserve and call the END probe. We
13344 13937 * disable interrupts across calling the END probe to allow us to
13345 13938 * return the CPU on which we actually called the END probe. This
13346 13939 * allows user-land to be sure that this CPU's principal buffer is
13347 13940 * processed last.
13348 13941 */
13349 13942 state->dts_reserve = 0;
13350 13943
13351 13944 cookie = dtrace_interrupt_disable();
13352 13945 *cpu = CPU->cpu_id;
13353 13946 dtrace_probe(dtrace_probeid_end,
13354 13947 (uint64_t)(uintptr_t)state, 0, 0, 0, 0);
13355 13948 dtrace_interrupt_enable(cookie);
13356 13949
13357 13950 state->dts_activity = DTRACE_ACTIVITY_STOPPED;
13358 13951 dtrace_sync();
13359 13952
13360 13953 if (state->dts_getf != 0 &&
13361 13954 !(state->dts_cred.dcr_visible & DTRACE_CRV_KERNEL)) {
13362 13955 /*
13363 13956 * We don't have kernel privs but we have at least one call
13364 13957 * to getf(); we need to lower our zone's count, and (if
13365 13958 * this is the last enabling to have an unprivileged call
13366 13959 * to getf()) we need to clear the closef() hook.
13367 13960 */
13368 13961 ASSERT(state->dts_cred.dcr_cred->cr_zone->zone_dtrace_getf > 0);
13369 13962 ASSERT(dtrace_closef == dtrace_getf_barrier);
13370 13963 ASSERT(dtrace_getf > 0);
13371 13964
13372 13965 state->dts_cred.dcr_cred->cr_zone->zone_dtrace_getf--;
13373 13966
13374 13967 if (--dtrace_getf == 0)
13375 13968 dtrace_closef = NULL;
13376 13969 }
13377 13970
13378 13971 return (0);
13379 13972 }
13380 13973
13381 13974 static int
13382 13975 dtrace_state_option(dtrace_state_t *state, dtrace_optid_t option,
13383 13976 dtrace_optval_t val)
13384 13977 {
13385 13978 ASSERT(MUTEX_HELD(&dtrace_lock));
13386 13979
13387 13980 if (state->dts_activity != DTRACE_ACTIVITY_INACTIVE)
13388 13981 return (EBUSY);
13389 13982
13390 13983 if (option >= DTRACEOPT_MAX)
13391 13984 return (EINVAL);
13392 13985
13393 13986 if (option != DTRACEOPT_CPU && val < 0)
13394 13987 return (EINVAL);
13395 13988
13396 13989 switch (option) {
13397 13990 case DTRACEOPT_DESTRUCTIVE:
13398 13991 if (dtrace_destructive_disallow)
13399 13992 return (EACCES);
13400 13993
13401 13994 state->dts_cred.dcr_destructive = 1;
13402 13995 break;
13403 13996
13404 13997 case DTRACEOPT_BUFSIZE:
13405 13998 case DTRACEOPT_DYNVARSIZE:
13406 13999 case DTRACEOPT_AGGSIZE:
13407 14000 case DTRACEOPT_SPECSIZE:
13408 14001 case DTRACEOPT_STRSIZE:
13409 14002 if (val < 0)
13410 14003 return (EINVAL);
13411 14004
13412 14005 if (val >= LONG_MAX) {
13413 14006 /*
13414 14007 * If this is an otherwise negative value, set it to
13415 14008 * the highest multiple of 128m less than LONG_MAX.
13416 14009 * Technically, we're adjusting the size without
13417 14010 * regard to the buffer resizing policy, but in fact,
13418 14011 * this has no effect -- if we set the buffer size to
13419 14012 * ~LONG_MAX and the buffer policy is ultimately set to
13420 14013 * be "manual", the buffer allocation is guaranteed to
13421 14014 * fail, if only because the allocation requires two
13422 14015 * buffers. (We set the the size to the highest
13423 14016 * multiple of 128m because it ensures that the size
13424 14017 * will remain a multiple of a megabyte when
13425 14018 * repeatedly halved -- all the way down to 15m.)
13426 14019 */
13427 14020 val = LONG_MAX - (1 << 27) + 1;
13428 14021 }
13429 14022 }
13430 14023
13431 14024 state->dts_options[option] = val;
13432 14025
13433 14026 return (0);
13434 14027 }
13435 14028
13436 14029 static void
13437 14030 dtrace_state_destroy(dtrace_state_t *state)
13438 14031 {
13439 14032 dtrace_ecb_t *ecb;
13440 14033 dtrace_vstate_t *vstate = &state->dts_vstate;
13441 14034 minor_t minor = getminor(state->dts_dev);
13442 14035 int i, bufsize = NCPU * sizeof (dtrace_buffer_t);
13443 14036 dtrace_speculation_t *spec = state->dts_speculations;
13444 14037 int nspec = state->dts_nspeculations;
13445 14038 uint32_t match;
13446 14039
13447 14040 ASSERT(MUTEX_HELD(&dtrace_lock));
13448 14041 ASSERT(MUTEX_HELD(&cpu_lock));
13449 14042
13450 14043 /*
13451 14044 * First, retract any retained enablings for this state.
13452 14045 */
13453 14046 dtrace_enabling_retract(state);
13454 14047 ASSERT(state->dts_nretained == 0);
13455 14048
13456 14049 if (state->dts_activity == DTRACE_ACTIVITY_ACTIVE ||
13457 14050 state->dts_activity == DTRACE_ACTIVITY_DRAINING) {
13458 14051 /*
13459 14052 * We have managed to come into dtrace_state_destroy() on a
13460 14053 * hot enabling -- almost certainly because of a disorderly
13461 14054 * shutdown of a consumer. (That is, a consumer that is
13462 14055 * exiting without having called dtrace_stop().) In this case,
13463 14056 * we're going to set our activity to be KILLED, and then
13464 14057 * issue a sync to be sure that everyone is out of probe
13465 14058 * context before we start blowing away ECBs.
13466 14059 */
13467 14060 state->dts_activity = DTRACE_ACTIVITY_KILLED;
13468 14061 dtrace_sync();
13469 14062 }
13470 14063
13471 14064 /*
13472 14065 * Release the credential hold we took in dtrace_state_create().
13473 14066 */
13474 14067 if (state->dts_cred.dcr_cred != NULL)
13475 14068 crfree(state->dts_cred.dcr_cred);
13476 14069
13477 14070 /*
13478 14071 * Now we can safely disable and destroy any enabled probes. Because
13479 14072 * any DTRACE_PRIV_KERNEL probes may actually be slowing our progress
13480 14073 * (especially if they're all enabled), we take two passes through the
13481 14074 * ECBs: in the first, we disable just DTRACE_PRIV_KERNEL probes, and
13482 14075 * in the second we disable whatever is left over.
13483 14076 */
13484 14077 for (match = DTRACE_PRIV_KERNEL; ; match = 0) {
13485 14078 for (i = 0; i < state->dts_necbs; i++) {
13486 14079 if ((ecb = state->dts_ecbs[i]) == NULL)
13487 14080 continue;
13488 14081
13489 14082 if (match && ecb->dte_probe != NULL) {
13490 14083 dtrace_probe_t *probe = ecb->dte_probe;
13491 14084 dtrace_provider_t *prov = probe->dtpr_provider;
13492 14085
13493 14086 if (!(prov->dtpv_priv.dtpp_flags & match))
13494 14087 continue;
13495 14088 }
13496 14089
13497 14090 dtrace_ecb_disable(ecb);
13498 14091 dtrace_ecb_destroy(ecb);
13499 14092 }
13500 14093
13501 14094 if (!match)
13502 14095 break;
13503 14096 }
13504 14097
13505 14098 /*
13506 14099 * Before we free the buffers, perform one more sync to assure that
13507 14100 * every CPU is out of probe context.
13508 14101 */
13509 14102 dtrace_sync();
13510 14103
13511 14104 dtrace_buffer_free(state->dts_buffer);
13512 14105 dtrace_buffer_free(state->dts_aggbuffer);
13513 14106
13514 14107 for (i = 0; i < nspec; i++)
13515 14108 dtrace_buffer_free(spec[i].dtsp_buffer);
13516 14109
13517 14110 if (state->dts_cleaner != CYCLIC_NONE)
13518 14111 cyclic_remove(state->dts_cleaner);
13519 14112
13520 14113 if (state->dts_deadman != CYCLIC_NONE)
13521 14114 cyclic_remove(state->dts_deadman);
13522 14115
13523 14116 dtrace_dstate_fini(&vstate->dtvs_dynvars);
13524 14117 dtrace_vstate_fini(vstate);
13525 14118 kmem_free(state->dts_ecbs, state->dts_necbs * sizeof (dtrace_ecb_t *));
13526 14119
13527 14120 if (state->dts_aggregations != NULL) {
13528 14121 #ifdef DEBUG
13529 14122 for (i = 0; i < state->dts_naggregations; i++)
13530 14123 ASSERT(state->dts_aggregations[i] == NULL);
13531 14124 #endif
13532 14125 ASSERT(state->dts_naggregations > 0);
13533 14126 kmem_free(state->dts_aggregations,
13534 14127 state->dts_naggregations * sizeof (dtrace_aggregation_t *));
13535 14128 }
13536 14129
13537 14130 kmem_free(state->dts_buffer, bufsize);
13538 14131 kmem_free(state->dts_aggbuffer, bufsize);
13539 14132
13540 14133 for (i = 0; i < nspec; i++)
13541 14134 kmem_free(spec[i].dtsp_buffer, bufsize);
13542 14135
13543 14136 kmem_free(spec, nspec * sizeof (dtrace_speculation_t));
13544 14137
13545 14138 dtrace_format_destroy(state);
13546 14139
13547 14140 vmem_destroy(state->dts_aggid_arena);
13548 14141 ddi_soft_state_free(dtrace_softstate, minor);
13549 14142 vmem_free(dtrace_minor, (void *)(uintptr_t)minor, 1);
13550 14143 }
13551 14144
13552 14145 /*
13553 14146 * DTrace Anonymous Enabling Functions
13554 14147 */
13555 14148 static dtrace_state_t *
13556 14149 dtrace_anon_grab(void)
13557 14150 {
13558 14151 dtrace_state_t *state;
13559 14152
13560 14153 ASSERT(MUTEX_HELD(&dtrace_lock));
13561 14154
13562 14155 if ((state = dtrace_anon.dta_state) == NULL) {
13563 14156 ASSERT(dtrace_anon.dta_enabling == NULL);
13564 14157 return (NULL);
13565 14158 }
13566 14159
13567 14160 ASSERT(dtrace_anon.dta_enabling != NULL);
13568 14161 ASSERT(dtrace_retained != NULL);
13569 14162
13570 14163 dtrace_enabling_destroy(dtrace_anon.dta_enabling);
13571 14164 dtrace_anon.dta_enabling = NULL;
13572 14165 dtrace_anon.dta_state = NULL;
13573 14166
13574 14167 return (state);
13575 14168 }
13576 14169
13577 14170 static void
13578 14171 dtrace_anon_property(void)
13579 14172 {
13580 14173 int i, rv;
13581 14174 dtrace_state_t *state;
13582 14175 dof_hdr_t *dof;
13583 14176 char c[32]; /* enough for "dof-data-" + digits */
13584 14177
13585 14178 ASSERT(MUTEX_HELD(&dtrace_lock));
13586 14179 ASSERT(MUTEX_HELD(&cpu_lock));
13587 14180
13588 14181 for (i = 0; ; i++) {
13589 14182 (void) snprintf(c, sizeof (c), "dof-data-%d", i);
13590 14183
13591 14184 dtrace_err_verbose = 1;
13592 14185
13593 14186 if ((dof = dtrace_dof_property(c)) == NULL) {
13594 14187 dtrace_err_verbose = 0;
13595 14188 break;
13596 14189 }
13597 14190
13598 14191 /*
13599 14192 * We want to create anonymous state, so we need to transition
13600 14193 * the kernel debugger to indicate that DTrace is active. If
13601 14194 * this fails (e.g. because the debugger has modified text in
13602 14195 * some way), we won't continue with the processing.
13603 14196 */
13604 14197 if (kdi_dtrace_set(KDI_DTSET_DTRACE_ACTIVATE) != 0) {
13605 14198 cmn_err(CE_NOTE, "kernel debugger active; anonymous "
13606 14199 "enabling ignored.");
13607 14200 dtrace_dof_destroy(dof);
13608 14201 break;
13609 14202 }
13610 14203
13611 14204 /*
13612 14205 * If we haven't allocated an anonymous state, we'll do so now.
13613 14206 */
13614 14207 if ((state = dtrace_anon.dta_state) == NULL) {
13615 14208 state = dtrace_state_create(NULL, NULL);
13616 14209 dtrace_anon.dta_state = state;
13617 14210
13618 14211 if (state == NULL) {
13619 14212 /*
13620 14213 * This basically shouldn't happen: the only
13621 14214 * failure mode from dtrace_state_create() is a
13622 14215 * failure of ddi_soft_state_zalloc() that
13623 14216 * itself should never happen. Still, the
13624 14217 * interface allows for a failure mode, and
13625 14218 * we want to fail as gracefully as possible:
13626 14219 * we'll emit an error message and cease
13627 14220 * processing anonymous state in this case.
13628 14221 */
13629 14222 cmn_err(CE_WARN, "failed to create "
13630 14223 "anonymous state");
13631 14224 dtrace_dof_destroy(dof);
13632 14225 break;
13633 14226 }
13634 14227 }
13635 14228
13636 14229 rv = dtrace_dof_slurp(dof, &state->dts_vstate, CRED(),
13637 14230 &dtrace_anon.dta_enabling, 0, B_TRUE);
13638 14231
13639 14232 if (rv == 0)
13640 14233 rv = dtrace_dof_options(dof, state);
13641 14234
13642 14235 dtrace_err_verbose = 0;
13643 14236 dtrace_dof_destroy(dof);
13644 14237
13645 14238 if (rv != 0) {
13646 14239 /*
13647 14240 * This is malformed DOF; chuck any anonymous state
13648 14241 * that we created.
13649 14242 */
13650 14243 ASSERT(dtrace_anon.dta_enabling == NULL);
13651 14244 dtrace_state_destroy(state);
13652 14245 dtrace_anon.dta_state = NULL;
13653 14246 break;
13654 14247 }
13655 14248
13656 14249 ASSERT(dtrace_anon.dta_enabling != NULL);
13657 14250 }
13658 14251
13659 14252 if (dtrace_anon.dta_enabling != NULL) {
13660 14253 int rval;
13661 14254
13662 14255 /*
13663 14256 * dtrace_enabling_retain() can only fail because we are
13664 14257 * trying to retain more enablings than are allowed -- but
13665 14258 * we only have one anonymous enabling, and we are guaranteed
13666 14259 * to be allowed at least one retained enabling; we assert
13667 14260 * that dtrace_enabling_retain() returns success.
13668 14261 */
13669 14262 rval = dtrace_enabling_retain(dtrace_anon.dta_enabling);
13670 14263 ASSERT(rval == 0);
13671 14264
13672 14265 dtrace_enabling_dump(dtrace_anon.dta_enabling);
13673 14266 }
13674 14267 }
13675 14268
13676 14269 /*
13677 14270 * DTrace Helper Functions
13678 14271 */
13679 14272 static void
13680 14273 dtrace_helper_trace(dtrace_helper_action_t *helper,
13681 14274 dtrace_mstate_t *mstate, dtrace_vstate_t *vstate, int where)
13682 14275 {
13683 14276 uint32_t size, next, nnext, i;
13684 14277 dtrace_helptrace_t *ent;
13685 14278 uint16_t flags = cpu_core[CPU->cpu_id].cpuc_dtrace_flags;
13686 14279
13687 14280 if (!dtrace_helptrace_enabled)
13688 14281 return;
13689 14282
13690 14283 ASSERT(vstate->dtvs_nlocals <= dtrace_helptrace_nlocals);
13691 14284
13692 14285 /*
13693 14286 * What would a tracing framework be without its own tracing
13694 14287 * framework? (Well, a hell of a lot simpler, for starters...)
13695 14288 */
13696 14289 size = sizeof (dtrace_helptrace_t) + dtrace_helptrace_nlocals *
13697 14290 sizeof (uint64_t) - sizeof (uint64_t);
13698 14291
13699 14292 /*
13700 14293 * Iterate until we can allocate a slot in the trace buffer.
13701 14294 */
13702 14295 do {
13703 14296 next = dtrace_helptrace_next;
13704 14297
13705 14298 if (next + size < dtrace_helptrace_bufsize) {
13706 14299 nnext = next + size;
13707 14300 } else {
13708 14301 nnext = size;
13709 14302 }
13710 14303 } while (dtrace_cas32(&dtrace_helptrace_next, next, nnext) != next);
13711 14304
13712 14305 /*
13713 14306 * We have our slot; fill it in.
13714 14307 */
13715 14308 if (nnext == size)
13716 14309 next = 0;
13717 14310
13718 14311 ent = (dtrace_helptrace_t *)&dtrace_helptrace_buffer[next];
13719 14312 ent->dtht_helper = helper;
13720 14313 ent->dtht_where = where;
13721 14314 ent->dtht_nlocals = vstate->dtvs_nlocals;
13722 14315
13723 14316 ent->dtht_fltoffs = (mstate->dtms_present & DTRACE_MSTATE_FLTOFFS) ?
13724 14317 mstate->dtms_fltoffs : -1;
13725 14318 ent->dtht_fault = DTRACE_FLAGS2FLT(flags);
13726 14319 ent->dtht_illval = cpu_core[CPU->cpu_id].cpuc_dtrace_illval;
13727 14320
13728 14321 for (i = 0; i < vstate->dtvs_nlocals; i++) {
13729 14322 dtrace_statvar_t *svar;
13730 14323
13731 14324 if ((svar = vstate->dtvs_locals[i]) == NULL)
13732 14325 continue;
13733 14326
13734 14327 ASSERT(svar->dtsv_size >= NCPU * sizeof (uint64_t));
13735 14328 ent->dtht_locals[i] =
13736 14329 ((uint64_t *)(uintptr_t)svar->dtsv_data)[CPU->cpu_id];
13737 14330 }
13738 14331 }
13739 14332
13740 14333 static uint64_t
13741 14334 dtrace_helper(int which, dtrace_mstate_t *mstate,
13742 14335 dtrace_state_t *state, uint64_t arg0, uint64_t arg1)
13743 14336 {
13744 14337 uint16_t *flags = &cpu_core[CPU->cpu_id].cpuc_dtrace_flags;
13745 14338 uint64_t sarg0 = mstate->dtms_arg[0];
13746 14339 uint64_t sarg1 = mstate->dtms_arg[1];
13747 14340 uint64_t rval;
13748 14341 dtrace_helpers_t *helpers = curproc->p_dtrace_helpers;
13749 14342 dtrace_helper_action_t *helper;
13750 14343 dtrace_vstate_t *vstate;
13751 14344 dtrace_difo_t *pred;
13752 14345 int i, trace = dtrace_helptrace_enabled;
13753 14346
13754 14347 ASSERT(which >= 0 && which < DTRACE_NHELPER_ACTIONS);
13755 14348
13756 14349 if (helpers == NULL)
13757 14350 return (0);
13758 14351
13759 14352 if ((helper = helpers->dthps_actions[which]) == NULL)
13760 14353 return (0);
13761 14354
13762 14355 vstate = &helpers->dthps_vstate;
13763 14356 mstate->dtms_arg[0] = arg0;
13764 14357 mstate->dtms_arg[1] = arg1;
13765 14358
13766 14359 /*
13767 14360 * Now iterate over each helper. If its predicate evaluates to 'true',
13768 14361 * we'll call the corresponding actions. Note that the below calls
13769 14362 * to dtrace_dif_emulate() may set faults in machine state. This is
13770 14363 * okay: our caller (the outer dtrace_dif_emulate()) will simply plow
13771 14364 * the stored DIF offset with its own (which is the desired behavior).
13772 14365 * Also, note the calls to dtrace_dif_emulate() may allocate scratch
13773 14366 * from machine state; this is okay, too.
13774 14367 */
13775 14368 for (; helper != NULL; helper = helper->dtha_next) {
13776 14369 if ((pred = helper->dtha_predicate) != NULL) {
13777 14370 if (trace)
13778 14371 dtrace_helper_trace(helper, mstate, vstate, 0);
13779 14372
13780 14373 if (!dtrace_dif_emulate(pred, mstate, vstate, state))
13781 14374 goto next;
13782 14375
13783 14376 if (*flags & CPU_DTRACE_FAULT)
13784 14377 goto err;
13785 14378 }
13786 14379
13787 14380 for (i = 0; i < helper->dtha_nactions; i++) {
13788 14381 if (trace)
13789 14382 dtrace_helper_trace(helper,
13790 14383 mstate, vstate, i + 1);
13791 14384
13792 14385 rval = dtrace_dif_emulate(helper->dtha_actions[i],
13793 14386 mstate, vstate, state);
13794 14387
13795 14388 if (*flags & CPU_DTRACE_FAULT)
13796 14389 goto err;
13797 14390 }
13798 14391
13799 14392 next:
13800 14393 if (trace)
13801 14394 dtrace_helper_trace(helper, mstate, vstate,
13802 14395 DTRACE_HELPTRACE_NEXT);
13803 14396 }
13804 14397
13805 14398 if (trace)
13806 14399 dtrace_helper_trace(helper, mstate, vstate,
13807 14400 DTRACE_HELPTRACE_DONE);
13808 14401
13809 14402 /*
13810 14403 * Restore the arg0 that we saved upon entry.
13811 14404 */
13812 14405 mstate->dtms_arg[0] = sarg0;
13813 14406 mstate->dtms_arg[1] = sarg1;
13814 14407
13815 14408 return (rval);
13816 14409
13817 14410 err:
13818 14411 if (trace)
13819 14412 dtrace_helper_trace(helper, mstate, vstate,
13820 14413 DTRACE_HELPTRACE_ERR);
13821 14414
13822 14415 /*
13823 14416 * Restore the arg0 that we saved upon entry.
13824 14417 */
13825 14418 mstate->dtms_arg[0] = sarg0;
13826 14419 mstate->dtms_arg[1] = sarg1;
13827 14420
13828 14421 return (NULL);
13829 14422 }
13830 14423
13831 14424 static void
13832 14425 dtrace_helper_action_destroy(dtrace_helper_action_t *helper,
13833 14426 dtrace_vstate_t *vstate)
13834 14427 {
13835 14428 int i;
13836 14429
13837 14430 if (helper->dtha_predicate != NULL)
13838 14431 dtrace_difo_release(helper->dtha_predicate, vstate);
13839 14432
13840 14433 for (i = 0; i < helper->dtha_nactions; i++) {
13841 14434 ASSERT(helper->dtha_actions[i] != NULL);
13842 14435 dtrace_difo_release(helper->dtha_actions[i], vstate);
13843 14436 }
13844 14437
13845 14438 kmem_free(helper->dtha_actions,
13846 14439 helper->dtha_nactions * sizeof (dtrace_difo_t *));
13847 14440 kmem_free(helper, sizeof (dtrace_helper_action_t));
13848 14441 }
13849 14442
13850 14443 static int
13851 14444 dtrace_helper_destroygen(int gen)
13852 14445 {
13853 14446 proc_t *p = curproc;
13854 14447 dtrace_helpers_t *help = p->p_dtrace_helpers;
13855 14448 dtrace_vstate_t *vstate;
13856 14449 int i;
13857 14450
13858 14451 ASSERT(MUTEX_HELD(&dtrace_lock));
13859 14452
13860 14453 if (help == NULL || gen > help->dthps_generation)
13861 14454 return (EINVAL);
13862 14455
13863 14456 vstate = &help->dthps_vstate;
13864 14457
13865 14458 for (i = 0; i < DTRACE_NHELPER_ACTIONS; i++) {
13866 14459 dtrace_helper_action_t *last = NULL, *h, *next;
13867 14460
13868 14461 for (h = help->dthps_actions[i]; h != NULL; h = next) {
13869 14462 next = h->dtha_next;
13870 14463
13871 14464 if (h->dtha_generation == gen) {
13872 14465 if (last != NULL) {
13873 14466 last->dtha_next = next;
13874 14467 } else {
13875 14468 help->dthps_actions[i] = next;
13876 14469 }
13877 14470
13878 14471 dtrace_helper_action_destroy(h, vstate);
13879 14472 } else {
13880 14473 last = h;
13881 14474 }
13882 14475 }
13883 14476 }
13884 14477
13885 14478 /*
13886 14479 * Interate until we've cleared out all helper providers with the
13887 14480 * given generation number.
13888 14481 */
13889 14482 for (;;) {
13890 14483 dtrace_helper_provider_t *prov;
13891 14484
13892 14485 /*
13893 14486 * Look for a helper provider with the right generation. We
13894 14487 * have to start back at the beginning of the list each time
13895 14488 * because we drop dtrace_lock. It's unlikely that we'll make
13896 14489 * more than two passes.
13897 14490 */
13898 14491 for (i = 0; i < help->dthps_nprovs; i++) {
13899 14492 prov = help->dthps_provs[i];
13900 14493
13901 14494 if (prov->dthp_generation == gen)
13902 14495 break;
13903 14496 }
13904 14497
13905 14498 /*
13906 14499 * If there were no matches, we're done.
13907 14500 */
13908 14501 if (i == help->dthps_nprovs)
13909 14502 break;
13910 14503
13911 14504 /*
13912 14505 * Move the last helper provider into this slot.
13913 14506 */
13914 14507 help->dthps_nprovs--;
13915 14508 help->dthps_provs[i] = help->dthps_provs[help->dthps_nprovs];
13916 14509 help->dthps_provs[help->dthps_nprovs] = NULL;
13917 14510
13918 14511 mutex_exit(&dtrace_lock);
13919 14512
13920 14513 /*
13921 14514 * If we have a meta provider, remove this helper provider.
13922 14515 */
13923 14516 mutex_enter(&dtrace_meta_lock);
13924 14517 if (dtrace_meta_pid != NULL) {
13925 14518 ASSERT(dtrace_deferred_pid == NULL);
13926 14519 dtrace_helper_provider_remove(&prov->dthp_prov,
13927 14520 p->p_pid);
13928 14521 }
13929 14522 mutex_exit(&dtrace_meta_lock);
13930 14523
13931 14524 dtrace_helper_provider_destroy(prov);
13932 14525
13933 14526 mutex_enter(&dtrace_lock);
13934 14527 }
13935 14528
13936 14529 return (0);
13937 14530 }
13938 14531
13939 14532 static int
13940 14533 dtrace_helper_validate(dtrace_helper_action_t *helper)
13941 14534 {
13942 14535 int err = 0, i;
13943 14536 dtrace_difo_t *dp;
13944 14537
13945 14538 if ((dp = helper->dtha_predicate) != NULL)
13946 14539 err += dtrace_difo_validate_helper(dp);
13947 14540
13948 14541 for (i = 0; i < helper->dtha_nactions; i++)
13949 14542 err += dtrace_difo_validate_helper(helper->dtha_actions[i]);
13950 14543
13951 14544 return (err == 0);
13952 14545 }
13953 14546
13954 14547 static int
13955 14548 dtrace_helper_action_add(int which, dtrace_ecbdesc_t *ep)
13956 14549 {
13957 14550 dtrace_helpers_t *help;
13958 14551 dtrace_helper_action_t *helper, *last;
13959 14552 dtrace_actdesc_t *act;
13960 14553 dtrace_vstate_t *vstate;
13961 14554 dtrace_predicate_t *pred;
13962 14555 int count = 0, nactions = 0, i;
13963 14556
13964 14557 if (which < 0 || which >= DTRACE_NHELPER_ACTIONS)
13965 14558 return (EINVAL);
13966 14559
13967 14560 help = curproc->p_dtrace_helpers;
13968 14561 last = help->dthps_actions[which];
13969 14562 vstate = &help->dthps_vstate;
13970 14563
13971 14564 for (count = 0; last != NULL; last = last->dtha_next) {
13972 14565 count++;
13973 14566 if (last->dtha_next == NULL)
13974 14567 break;
13975 14568 }
13976 14569
13977 14570 /*
13978 14571 * If we already have dtrace_helper_actions_max helper actions for this
13979 14572 * helper action type, we'll refuse to add a new one.
13980 14573 */
13981 14574 if (count >= dtrace_helper_actions_max)
13982 14575 return (ENOSPC);
13983 14576
13984 14577 helper = kmem_zalloc(sizeof (dtrace_helper_action_t), KM_SLEEP);
13985 14578 helper->dtha_generation = help->dthps_generation;
13986 14579
13987 14580 if ((pred = ep->dted_pred.dtpdd_predicate) != NULL) {
13988 14581 ASSERT(pred->dtp_difo != NULL);
13989 14582 dtrace_difo_hold(pred->dtp_difo);
13990 14583 helper->dtha_predicate = pred->dtp_difo;
13991 14584 }
13992 14585
13993 14586 for (act = ep->dted_action; act != NULL; act = act->dtad_next) {
13994 14587 if (act->dtad_kind != DTRACEACT_DIFEXPR)
13995 14588 goto err;
13996 14589
13997 14590 if (act->dtad_difo == NULL)
13998 14591 goto err;
13999 14592
14000 14593 nactions++;
14001 14594 }
14002 14595
14003 14596 helper->dtha_actions = kmem_zalloc(sizeof (dtrace_difo_t *) *
14004 14597 (helper->dtha_nactions = nactions), KM_SLEEP);
14005 14598
14006 14599 for (act = ep->dted_action, i = 0; act != NULL; act = act->dtad_next) {
14007 14600 dtrace_difo_hold(act->dtad_difo);
14008 14601 helper->dtha_actions[i++] = act->dtad_difo;
14009 14602 }
14010 14603
14011 14604 if (!dtrace_helper_validate(helper))
14012 14605 goto err;
14013 14606
14014 14607 if (last == NULL) {
14015 14608 help->dthps_actions[which] = helper;
14016 14609 } else {
14017 14610 last->dtha_next = helper;
14018 14611 }
14019 14612
14020 14613 if (vstate->dtvs_nlocals > dtrace_helptrace_nlocals) {
14021 14614 dtrace_helptrace_nlocals = vstate->dtvs_nlocals;
14022 14615 dtrace_helptrace_next = 0;
14023 14616 }
14024 14617
14025 14618 return (0);
14026 14619 err:
14027 14620 dtrace_helper_action_destroy(helper, vstate);
14028 14621 return (EINVAL);
14029 14622 }
14030 14623
14031 14624 static void
14032 14625 dtrace_helper_provider_register(proc_t *p, dtrace_helpers_t *help,
14033 14626 dof_helper_t *dofhp)
14034 14627 {
14035 14628 ASSERT(MUTEX_NOT_HELD(&dtrace_lock));
14036 14629
14037 14630 mutex_enter(&dtrace_meta_lock);
14038 14631 mutex_enter(&dtrace_lock);
14039 14632
14040 14633 if (!dtrace_attached() || dtrace_meta_pid == NULL) {
14041 14634 /*
14042 14635 * If the dtrace module is loaded but not attached, or if
14043 14636 * there aren't isn't a meta provider registered to deal with
14044 14637 * these provider descriptions, we need to postpone creating
14045 14638 * the actual providers until later.
14046 14639 */
14047 14640
14048 14641 if (help->dthps_next == NULL && help->dthps_prev == NULL &&
14049 14642 dtrace_deferred_pid != help) {
14050 14643 help->dthps_deferred = 1;
14051 14644 help->dthps_pid = p->p_pid;
14052 14645 help->dthps_next = dtrace_deferred_pid;
14053 14646 help->dthps_prev = NULL;
14054 14647 if (dtrace_deferred_pid != NULL)
14055 14648 dtrace_deferred_pid->dthps_prev = help;
14056 14649 dtrace_deferred_pid = help;
14057 14650 }
14058 14651
14059 14652 mutex_exit(&dtrace_lock);
14060 14653
14061 14654 } else if (dofhp != NULL) {
14062 14655 /*
14063 14656 * If the dtrace module is loaded and we have a particular
14064 14657 * helper provider description, pass that off to the
14065 14658 * meta provider.
14066 14659 */
14067 14660
14068 14661 mutex_exit(&dtrace_lock);
14069 14662
14070 14663 dtrace_helper_provide(dofhp, p->p_pid);
14071 14664
14072 14665 } else {
14073 14666 /*
14074 14667 * Otherwise, just pass all the helper provider descriptions
14075 14668 * off to the meta provider.
14076 14669 */
14077 14670
14078 14671 int i;
14079 14672 mutex_exit(&dtrace_lock);
14080 14673
14081 14674 for (i = 0; i < help->dthps_nprovs; i++) {
14082 14675 dtrace_helper_provide(&help->dthps_provs[i]->dthp_prov,
14083 14676 p->p_pid);
14084 14677 }
14085 14678 }
14086 14679
14087 14680 mutex_exit(&dtrace_meta_lock);
14088 14681 }
14089 14682
14090 14683 static int
14091 14684 dtrace_helper_provider_add(dof_helper_t *dofhp, int gen)
14092 14685 {
14093 14686 dtrace_helpers_t *help;
14094 14687 dtrace_helper_provider_t *hprov, **tmp_provs;
14095 14688 uint_t tmp_maxprovs, i;
14096 14689
14097 14690 ASSERT(MUTEX_HELD(&dtrace_lock));
14098 14691
14099 14692 help = curproc->p_dtrace_helpers;
14100 14693 ASSERT(help != NULL);
14101 14694
14102 14695 /*
14103 14696 * If we already have dtrace_helper_providers_max helper providers,
14104 14697 * we're refuse to add a new one.
14105 14698 */
14106 14699 if (help->dthps_nprovs >= dtrace_helper_providers_max)
14107 14700 return (ENOSPC);
14108 14701
14109 14702 /*
14110 14703 * Check to make sure this isn't a duplicate.
14111 14704 */
14112 14705 for (i = 0; i < help->dthps_nprovs; i++) {
14113 14706 if (dofhp->dofhp_dof ==
14114 14707 help->dthps_provs[i]->dthp_prov.dofhp_dof)
14115 14708 return (EALREADY);
14116 14709 }
14117 14710
14118 14711 hprov = kmem_zalloc(sizeof (dtrace_helper_provider_t), KM_SLEEP);
14119 14712 hprov->dthp_prov = *dofhp;
14120 14713 hprov->dthp_ref = 1;
14121 14714 hprov->dthp_generation = gen;
14122 14715
14123 14716 /*
14124 14717 * Allocate a bigger table for helper providers if it's already full.
14125 14718 */
14126 14719 if (help->dthps_maxprovs == help->dthps_nprovs) {
14127 14720 tmp_maxprovs = help->dthps_maxprovs;
14128 14721 tmp_provs = help->dthps_provs;
14129 14722
14130 14723 if (help->dthps_maxprovs == 0)
14131 14724 help->dthps_maxprovs = 2;
14132 14725 else
14133 14726 help->dthps_maxprovs *= 2;
14134 14727 if (help->dthps_maxprovs > dtrace_helper_providers_max)
14135 14728 help->dthps_maxprovs = dtrace_helper_providers_max;
14136 14729
14137 14730 ASSERT(tmp_maxprovs < help->dthps_maxprovs);
14138 14731
14139 14732 help->dthps_provs = kmem_zalloc(help->dthps_maxprovs *
14140 14733 sizeof (dtrace_helper_provider_t *), KM_SLEEP);
14141 14734
14142 14735 if (tmp_provs != NULL) {
14143 14736 bcopy(tmp_provs, help->dthps_provs, tmp_maxprovs *
14144 14737 sizeof (dtrace_helper_provider_t *));
14145 14738 kmem_free(tmp_provs, tmp_maxprovs *
14146 14739 sizeof (dtrace_helper_provider_t *));
14147 14740 }
14148 14741 }
14149 14742
14150 14743 help->dthps_provs[help->dthps_nprovs] = hprov;
14151 14744 help->dthps_nprovs++;
14152 14745
14153 14746 return (0);
14154 14747 }
14155 14748
14156 14749 static void
14157 14750 dtrace_helper_provider_destroy(dtrace_helper_provider_t *hprov)
14158 14751 {
14159 14752 mutex_enter(&dtrace_lock);
14160 14753
14161 14754 if (--hprov->dthp_ref == 0) {
14162 14755 dof_hdr_t *dof;
14163 14756 mutex_exit(&dtrace_lock);
14164 14757 dof = (dof_hdr_t *)(uintptr_t)hprov->dthp_prov.dofhp_dof;
14165 14758 dtrace_dof_destroy(dof);
14166 14759 kmem_free(hprov, sizeof (dtrace_helper_provider_t));
14167 14760 } else {
14168 14761 mutex_exit(&dtrace_lock);
14169 14762 }
14170 14763 }
14171 14764
14172 14765 static int
14173 14766 dtrace_helper_provider_validate(dof_hdr_t *dof, dof_sec_t *sec)
14174 14767 {
14175 14768 uintptr_t daddr = (uintptr_t)dof;
14176 14769 dof_sec_t *str_sec, *prb_sec, *arg_sec, *off_sec, *enoff_sec;
14177 14770 dof_provider_t *provider;
14178 14771 dof_probe_t *probe;
14179 14772 uint8_t *arg;
14180 14773 char *strtab, *typestr;
14181 14774 dof_stridx_t typeidx;
14182 14775 size_t typesz;
14183 14776 uint_t nprobes, j, k;
14184 14777
14185 14778 ASSERT(sec->dofs_type == DOF_SECT_PROVIDER);
14186 14779
14187 14780 if (sec->dofs_offset & (sizeof (uint_t) - 1)) {
14188 14781 dtrace_dof_error(dof, "misaligned section offset");
14189 14782 return (-1);
14190 14783 }
14191 14784
14192 14785 /*
14193 14786 * The section needs to be large enough to contain the DOF provider
14194 14787 * structure appropriate for the given version.
14195 14788 */
14196 14789 if (sec->dofs_size <
14197 14790 ((dof->dofh_ident[DOF_ID_VERSION] == DOF_VERSION_1) ?
14198 14791 offsetof(dof_provider_t, dofpv_prenoffs) :
14199 14792 sizeof (dof_provider_t))) {
14200 14793 dtrace_dof_error(dof, "provider section too small");
14201 14794 return (-1);
14202 14795 }
14203 14796
14204 14797 provider = (dof_provider_t *)(uintptr_t)(daddr + sec->dofs_offset);
14205 14798 str_sec = dtrace_dof_sect(dof, DOF_SECT_STRTAB, provider->dofpv_strtab);
14206 14799 prb_sec = dtrace_dof_sect(dof, DOF_SECT_PROBES, provider->dofpv_probes);
14207 14800 arg_sec = dtrace_dof_sect(dof, DOF_SECT_PRARGS, provider->dofpv_prargs);
14208 14801 off_sec = dtrace_dof_sect(dof, DOF_SECT_PROFFS, provider->dofpv_proffs);
14209 14802
14210 14803 if (str_sec == NULL || prb_sec == NULL ||
14211 14804 arg_sec == NULL || off_sec == NULL)
14212 14805 return (-1);
14213 14806
14214 14807 enoff_sec = NULL;
14215 14808
14216 14809 if (dof->dofh_ident[DOF_ID_VERSION] != DOF_VERSION_1 &&
14217 14810 provider->dofpv_prenoffs != DOF_SECT_NONE &&
14218 14811 (enoff_sec = dtrace_dof_sect(dof, DOF_SECT_PRENOFFS,
14219 14812 provider->dofpv_prenoffs)) == NULL)
14220 14813 return (-1);
14221 14814
14222 14815 strtab = (char *)(uintptr_t)(daddr + str_sec->dofs_offset);
14223 14816
14224 14817 if (provider->dofpv_name >= str_sec->dofs_size ||
14225 14818 strlen(strtab + provider->dofpv_name) >= DTRACE_PROVNAMELEN) {
14226 14819 dtrace_dof_error(dof, "invalid provider name");
14227 14820 return (-1);
14228 14821 }
14229 14822
14230 14823 if (prb_sec->dofs_entsize == 0 ||
14231 14824 prb_sec->dofs_entsize > prb_sec->dofs_size) {
14232 14825 dtrace_dof_error(dof, "invalid entry size");
14233 14826 return (-1);
14234 14827 }
14235 14828
14236 14829 if (prb_sec->dofs_entsize & (sizeof (uintptr_t) - 1)) {
14237 14830 dtrace_dof_error(dof, "misaligned entry size");
14238 14831 return (-1);
14239 14832 }
14240 14833
14241 14834 if (off_sec->dofs_entsize != sizeof (uint32_t)) {
14242 14835 dtrace_dof_error(dof, "invalid entry size");
14243 14836 return (-1);
14244 14837 }
14245 14838
14246 14839 if (off_sec->dofs_offset & (sizeof (uint32_t) - 1)) {
14247 14840 dtrace_dof_error(dof, "misaligned section offset");
14248 14841 return (-1);
14249 14842 }
14250 14843
14251 14844 if (arg_sec->dofs_entsize != sizeof (uint8_t)) {
14252 14845 dtrace_dof_error(dof, "invalid entry size");
14253 14846 return (-1);
14254 14847 }
14255 14848
14256 14849 arg = (uint8_t *)(uintptr_t)(daddr + arg_sec->dofs_offset);
14257 14850
14258 14851 nprobes = prb_sec->dofs_size / prb_sec->dofs_entsize;
14259 14852
14260 14853 /*
14261 14854 * Take a pass through the probes to check for errors.
14262 14855 */
14263 14856 for (j = 0; j < nprobes; j++) {
14264 14857 probe = (dof_probe_t *)(uintptr_t)(daddr +
14265 14858 prb_sec->dofs_offset + j * prb_sec->dofs_entsize);
14266 14859
14267 14860 if (probe->dofpr_func >= str_sec->dofs_size) {
14268 14861 dtrace_dof_error(dof, "invalid function name");
14269 14862 return (-1);
14270 14863 }
14271 14864
14272 14865 if (strlen(strtab + probe->dofpr_func) >= DTRACE_FUNCNAMELEN) {
14273 14866 dtrace_dof_error(dof, "function name too long");
14274 14867 return (-1);
14275 14868 }
14276 14869
14277 14870 if (probe->dofpr_name >= str_sec->dofs_size ||
14278 14871 strlen(strtab + probe->dofpr_name) >= DTRACE_NAMELEN) {
14279 14872 dtrace_dof_error(dof, "invalid probe name");
14280 14873 return (-1);
14281 14874 }
14282 14875
14283 14876 /*
14284 14877 * The offset count must not wrap the index, and the offsets
14285 14878 * must also not overflow the section's data.
14286 14879 */
14287 14880 if (probe->dofpr_offidx + probe->dofpr_noffs <
14288 14881 probe->dofpr_offidx ||
14289 14882 (probe->dofpr_offidx + probe->dofpr_noffs) *
14290 14883 off_sec->dofs_entsize > off_sec->dofs_size) {
14291 14884 dtrace_dof_error(dof, "invalid probe offset");
14292 14885 return (-1);
14293 14886 }
14294 14887
14295 14888 if (dof->dofh_ident[DOF_ID_VERSION] != DOF_VERSION_1) {
14296 14889 /*
14297 14890 * If there's no is-enabled offset section, make sure
14298 14891 * there aren't any is-enabled offsets. Otherwise
14299 14892 * perform the same checks as for probe offsets
14300 14893 * (immediately above).
14301 14894 */
14302 14895 if (enoff_sec == NULL) {
14303 14896 if (probe->dofpr_enoffidx != 0 ||
14304 14897 probe->dofpr_nenoffs != 0) {
14305 14898 dtrace_dof_error(dof, "is-enabled "
14306 14899 "offsets with null section");
14307 14900 return (-1);
14308 14901 }
14309 14902 } else if (probe->dofpr_enoffidx +
14310 14903 probe->dofpr_nenoffs < probe->dofpr_enoffidx ||
14311 14904 (probe->dofpr_enoffidx + probe->dofpr_nenoffs) *
14312 14905 enoff_sec->dofs_entsize > enoff_sec->dofs_size) {
14313 14906 dtrace_dof_error(dof, "invalid is-enabled "
14314 14907 "offset");
14315 14908 return (-1);
14316 14909 }
14317 14910
14318 14911 if (probe->dofpr_noffs + probe->dofpr_nenoffs == 0) {
14319 14912 dtrace_dof_error(dof, "zero probe and "
14320 14913 "is-enabled offsets");
14321 14914 return (-1);
14322 14915 }
14323 14916 } else if (probe->dofpr_noffs == 0) {
14324 14917 dtrace_dof_error(dof, "zero probe offsets");
14325 14918 return (-1);
14326 14919 }
14327 14920
14328 14921 if (probe->dofpr_argidx + probe->dofpr_xargc <
14329 14922 probe->dofpr_argidx ||
14330 14923 (probe->dofpr_argidx + probe->dofpr_xargc) *
14331 14924 arg_sec->dofs_entsize > arg_sec->dofs_size) {
14332 14925 dtrace_dof_error(dof, "invalid args");
14333 14926 return (-1);
14334 14927 }
14335 14928
14336 14929 typeidx = probe->dofpr_nargv;
14337 14930 typestr = strtab + probe->dofpr_nargv;
14338 14931 for (k = 0; k < probe->dofpr_nargc; k++) {
14339 14932 if (typeidx >= str_sec->dofs_size) {
14340 14933 dtrace_dof_error(dof, "bad "
14341 14934 "native argument type");
14342 14935 return (-1);
14343 14936 }
14344 14937
14345 14938 typesz = strlen(typestr) + 1;
14346 14939 if (typesz > DTRACE_ARGTYPELEN) {
14347 14940 dtrace_dof_error(dof, "native "
14348 14941 "argument type too long");
14349 14942 return (-1);
14350 14943 }
14351 14944 typeidx += typesz;
14352 14945 typestr += typesz;
14353 14946 }
14354 14947
14355 14948 typeidx = probe->dofpr_xargv;
14356 14949 typestr = strtab + probe->dofpr_xargv;
14357 14950 for (k = 0; k < probe->dofpr_xargc; k++) {
14358 14951 if (arg[probe->dofpr_argidx + k] > probe->dofpr_nargc) {
14359 14952 dtrace_dof_error(dof, "bad "
14360 14953 "native argument index");
14361 14954 return (-1);
14362 14955 }
14363 14956
14364 14957 if (typeidx >= str_sec->dofs_size) {
14365 14958 dtrace_dof_error(dof, "bad "
14366 14959 "translated argument type");
14367 14960 return (-1);
14368 14961 }
14369 14962
14370 14963 typesz = strlen(typestr) + 1;
14371 14964 if (typesz > DTRACE_ARGTYPELEN) {
14372 14965 dtrace_dof_error(dof, "translated argument "
14373 14966 "type too long");
14374 14967 return (-1);
14375 14968 }
14376 14969
14377 14970 typeidx += typesz;
14378 14971 typestr += typesz;
14379 14972 }
14380 14973 }
14381 14974
14382 14975 return (0);
14383 14976 }
14384 14977
14385 14978 static int
14386 14979 dtrace_helper_slurp(dof_hdr_t *dof, dof_helper_t *dhp)
14387 14980 {
14388 14981 dtrace_helpers_t *help;
14389 14982 dtrace_vstate_t *vstate;
14390 14983 dtrace_enabling_t *enab = NULL;
14391 14984 int i, gen, rv, nhelpers = 0, nprovs = 0, destroy = 1;
14392 14985 uintptr_t daddr = (uintptr_t)dof;
14393 14986
14394 14987 ASSERT(MUTEX_HELD(&dtrace_lock));
14395 14988
14396 14989 if ((help = curproc->p_dtrace_helpers) == NULL)
14397 14990 help = dtrace_helpers_create(curproc);
14398 14991
14399 14992 vstate = &help->dthps_vstate;
14400 14993
14401 14994 if ((rv = dtrace_dof_slurp(dof, vstate, NULL, &enab,
14402 14995 dhp != NULL ? dhp->dofhp_addr : 0, B_FALSE)) != 0) {
14403 14996 dtrace_dof_destroy(dof);
14404 14997 return (rv);
14405 14998 }
14406 14999
14407 15000 /*
14408 15001 * Look for helper providers and validate their descriptions.
14409 15002 */
14410 15003 if (dhp != NULL) {
14411 15004 for (i = 0; i < dof->dofh_secnum; i++) {
14412 15005 dof_sec_t *sec = (dof_sec_t *)(uintptr_t)(daddr +
14413 15006 dof->dofh_secoff + i * dof->dofh_secsize);
14414 15007
14415 15008 if (sec->dofs_type != DOF_SECT_PROVIDER)
14416 15009 continue;
14417 15010
14418 15011 if (dtrace_helper_provider_validate(dof, sec) != 0) {
14419 15012 dtrace_enabling_destroy(enab);
14420 15013 dtrace_dof_destroy(dof);
14421 15014 return (-1);
14422 15015 }
14423 15016
14424 15017 nprovs++;
14425 15018 }
14426 15019 }
14427 15020
14428 15021 /*
14429 15022 * Now we need to walk through the ECB descriptions in the enabling.
14430 15023 */
14431 15024 for (i = 0; i < enab->dten_ndesc; i++) {
14432 15025 dtrace_ecbdesc_t *ep = enab->dten_desc[i];
14433 15026 dtrace_probedesc_t *desc = &ep->dted_probe;
14434 15027
14435 15028 if (strcmp(desc->dtpd_provider, "dtrace") != 0)
14436 15029 continue;
14437 15030
14438 15031 if (strcmp(desc->dtpd_mod, "helper") != 0)
14439 15032 continue;
14440 15033
14441 15034 if (strcmp(desc->dtpd_func, "ustack") != 0)
14442 15035 continue;
14443 15036
14444 15037 if ((rv = dtrace_helper_action_add(DTRACE_HELPER_ACTION_USTACK,
14445 15038 ep)) != 0) {
14446 15039 /*
14447 15040 * Adding this helper action failed -- we are now going
14448 15041 * to rip out the entire generation and return failure.
14449 15042 */
14450 15043 (void) dtrace_helper_destroygen(help->dthps_generation);
14451 15044 dtrace_enabling_destroy(enab);
14452 15045 dtrace_dof_destroy(dof);
14453 15046 return (-1);
14454 15047 }
14455 15048
14456 15049 nhelpers++;
14457 15050 }
14458 15051
14459 15052 if (nhelpers < enab->dten_ndesc)
14460 15053 dtrace_dof_error(dof, "unmatched helpers");
14461 15054
14462 15055 gen = help->dthps_generation++;
14463 15056 dtrace_enabling_destroy(enab);
14464 15057
14465 15058 if (dhp != NULL && nprovs > 0) {
14466 15059 dhp->dofhp_dof = (uint64_t)(uintptr_t)dof;
14467 15060 if (dtrace_helper_provider_add(dhp, gen) == 0) {
14468 15061 mutex_exit(&dtrace_lock);
14469 15062 dtrace_helper_provider_register(curproc, help, dhp);
14470 15063 mutex_enter(&dtrace_lock);
14471 15064
14472 15065 destroy = 0;
14473 15066 }
14474 15067 }
14475 15068
14476 15069 if (destroy)
14477 15070 dtrace_dof_destroy(dof);
14478 15071
14479 15072 return (gen);
14480 15073 }
14481 15074
14482 15075 static dtrace_helpers_t *
14483 15076 dtrace_helpers_create(proc_t *p)
14484 15077 {
14485 15078 dtrace_helpers_t *help;
14486 15079
14487 15080 ASSERT(MUTEX_HELD(&dtrace_lock));
14488 15081 ASSERT(p->p_dtrace_helpers == NULL);
14489 15082
14490 15083 help = kmem_zalloc(sizeof (dtrace_helpers_t), KM_SLEEP);
14491 15084 help->dthps_actions = kmem_zalloc(sizeof (dtrace_helper_action_t *) *
14492 15085 DTRACE_NHELPER_ACTIONS, KM_SLEEP);
14493 15086
14494 15087 p->p_dtrace_helpers = help;
14495 15088 dtrace_helpers++;
14496 15089
14497 15090 return (help);
14498 15091 }
14499 15092
14500 15093 static void
14501 15094 dtrace_helpers_destroy(void)
14502 15095 {
14503 15096 dtrace_helpers_t *help;
14504 15097 dtrace_vstate_t *vstate;
14505 15098 proc_t *p = curproc;
14506 15099 int i;
14507 15100
14508 15101 mutex_enter(&dtrace_lock);
14509 15102
14510 15103 ASSERT(p->p_dtrace_helpers != NULL);
14511 15104 ASSERT(dtrace_helpers > 0);
14512 15105
14513 15106 help = p->p_dtrace_helpers;
14514 15107 vstate = &help->dthps_vstate;
14515 15108
14516 15109 /*
14517 15110 * We're now going to lose the help from this process.
14518 15111 */
14519 15112 p->p_dtrace_helpers = NULL;
14520 15113 dtrace_sync();
14521 15114
14522 15115 /*
14523 15116 * Destory the helper actions.
14524 15117 */
14525 15118 for (i = 0; i < DTRACE_NHELPER_ACTIONS; i++) {
14526 15119 dtrace_helper_action_t *h, *next;
14527 15120
14528 15121 for (h = help->dthps_actions[i]; h != NULL; h = next) {
14529 15122 next = h->dtha_next;
14530 15123 dtrace_helper_action_destroy(h, vstate);
14531 15124 h = next;
14532 15125 }
14533 15126 }
14534 15127
14535 15128 mutex_exit(&dtrace_lock);
14536 15129
14537 15130 /*
14538 15131 * Destroy the helper providers.
14539 15132 */
14540 15133 if (help->dthps_maxprovs > 0) {
14541 15134 mutex_enter(&dtrace_meta_lock);
14542 15135 if (dtrace_meta_pid != NULL) {
14543 15136 ASSERT(dtrace_deferred_pid == NULL);
14544 15137
14545 15138 for (i = 0; i < help->dthps_nprovs; i++) {
14546 15139 dtrace_helper_provider_remove(
14547 15140 &help->dthps_provs[i]->dthp_prov, p->p_pid);
14548 15141 }
14549 15142 } else {
14550 15143 mutex_enter(&dtrace_lock);
14551 15144 ASSERT(help->dthps_deferred == 0 ||
14552 15145 help->dthps_next != NULL ||
14553 15146 help->dthps_prev != NULL ||
14554 15147 help == dtrace_deferred_pid);
14555 15148
14556 15149 /*
14557 15150 * Remove the helper from the deferred list.
14558 15151 */
14559 15152 if (help->dthps_next != NULL)
14560 15153 help->dthps_next->dthps_prev = help->dthps_prev;
14561 15154 if (help->dthps_prev != NULL)
14562 15155 help->dthps_prev->dthps_next = help->dthps_next;
14563 15156 if (dtrace_deferred_pid == help) {
14564 15157 dtrace_deferred_pid = help->dthps_next;
14565 15158 ASSERT(help->dthps_prev == NULL);
14566 15159 }
14567 15160
14568 15161 mutex_exit(&dtrace_lock);
14569 15162 }
14570 15163
14571 15164 mutex_exit(&dtrace_meta_lock);
14572 15165
14573 15166 for (i = 0; i < help->dthps_nprovs; i++) {
14574 15167 dtrace_helper_provider_destroy(help->dthps_provs[i]);
14575 15168 }
14576 15169
14577 15170 kmem_free(help->dthps_provs, help->dthps_maxprovs *
14578 15171 sizeof (dtrace_helper_provider_t *));
14579 15172 }
14580 15173
14581 15174 mutex_enter(&dtrace_lock);
14582 15175
14583 15176 dtrace_vstate_fini(&help->dthps_vstate);
14584 15177 kmem_free(help->dthps_actions,
14585 15178 sizeof (dtrace_helper_action_t *) * DTRACE_NHELPER_ACTIONS);
14586 15179 kmem_free(help, sizeof (dtrace_helpers_t));
14587 15180
14588 15181 --dtrace_helpers;
14589 15182 mutex_exit(&dtrace_lock);
14590 15183 }
14591 15184
14592 15185 static void
14593 15186 dtrace_helpers_duplicate(proc_t *from, proc_t *to)
14594 15187 {
14595 15188 dtrace_helpers_t *help, *newhelp;
14596 15189 dtrace_helper_action_t *helper, *new, *last;
14597 15190 dtrace_difo_t *dp;
14598 15191 dtrace_vstate_t *vstate;
14599 15192 int i, j, sz, hasprovs = 0;
14600 15193
14601 15194 mutex_enter(&dtrace_lock);
14602 15195 ASSERT(from->p_dtrace_helpers != NULL);
14603 15196 ASSERT(dtrace_helpers > 0);
14604 15197
14605 15198 help = from->p_dtrace_helpers;
14606 15199 newhelp = dtrace_helpers_create(to);
14607 15200 ASSERT(to->p_dtrace_helpers != NULL);
14608 15201
14609 15202 newhelp->dthps_generation = help->dthps_generation;
14610 15203 vstate = &newhelp->dthps_vstate;
14611 15204
14612 15205 /*
14613 15206 * Duplicate the helper actions.
14614 15207 */
14615 15208 for (i = 0; i < DTRACE_NHELPER_ACTIONS; i++) {
14616 15209 if ((helper = help->dthps_actions[i]) == NULL)
14617 15210 continue;
14618 15211
14619 15212 for (last = NULL; helper != NULL; helper = helper->dtha_next) {
14620 15213 new = kmem_zalloc(sizeof (dtrace_helper_action_t),
14621 15214 KM_SLEEP);
14622 15215 new->dtha_generation = helper->dtha_generation;
14623 15216
14624 15217 if ((dp = helper->dtha_predicate) != NULL) {
14625 15218 dp = dtrace_difo_duplicate(dp, vstate);
14626 15219 new->dtha_predicate = dp;
14627 15220 }
14628 15221
14629 15222 new->dtha_nactions = helper->dtha_nactions;
14630 15223 sz = sizeof (dtrace_difo_t *) * new->dtha_nactions;
14631 15224 new->dtha_actions = kmem_alloc(sz, KM_SLEEP);
14632 15225
14633 15226 for (j = 0; j < new->dtha_nactions; j++) {
14634 15227 dtrace_difo_t *dp = helper->dtha_actions[j];
14635 15228
14636 15229 ASSERT(dp != NULL);
14637 15230 dp = dtrace_difo_duplicate(dp, vstate);
14638 15231 new->dtha_actions[j] = dp;
14639 15232 }
14640 15233
14641 15234 if (last != NULL) {
14642 15235 last->dtha_next = new;
14643 15236 } else {
14644 15237 newhelp->dthps_actions[i] = new;
14645 15238 }
14646 15239
14647 15240 last = new;
14648 15241 }
14649 15242 }
14650 15243
14651 15244 /*
14652 15245 * Duplicate the helper providers and register them with the
14653 15246 * DTrace framework.
14654 15247 */
14655 15248 if (help->dthps_nprovs > 0) {
14656 15249 newhelp->dthps_nprovs = help->dthps_nprovs;
14657 15250 newhelp->dthps_maxprovs = help->dthps_nprovs;
14658 15251 newhelp->dthps_provs = kmem_alloc(newhelp->dthps_nprovs *
14659 15252 sizeof (dtrace_helper_provider_t *), KM_SLEEP);
14660 15253 for (i = 0; i < newhelp->dthps_nprovs; i++) {
14661 15254 newhelp->dthps_provs[i] = help->dthps_provs[i];
14662 15255 newhelp->dthps_provs[i]->dthp_ref++;
14663 15256 }
14664 15257
14665 15258 hasprovs = 1;
14666 15259 }
14667 15260
14668 15261 mutex_exit(&dtrace_lock);
14669 15262
14670 15263 if (hasprovs)
14671 15264 dtrace_helper_provider_register(to, newhelp, NULL);
14672 15265 }
14673 15266
14674 15267 /*
14675 15268 * DTrace Hook Functions
14676 15269 */
14677 15270 static void
14678 15271 dtrace_module_loaded(struct modctl *ctl)
14679 15272 {
14680 15273 dtrace_provider_t *prv;
14681 15274
14682 15275 mutex_enter(&dtrace_provider_lock);
14683 15276 mutex_enter(&mod_lock);
14684 15277
14685 15278 ASSERT(ctl->mod_busy);
14686 15279
14687 15280 /*
14688 15281 * We're going to call each providers per-module provide operation
14689 15282 * specifying only this module.
14690 15283 */
14691 15284 for (prv = dtrace_provider; prv != NULL; prv = prv->dtpv_next)
14692 15285 prv->dtpv_pops.dtps_provide_module(prv->dtpv_arg, ctl);
14693 15286
14694 15287 mutex_exit(&mod_lock);
14695 15288 mutex_exit(&dtrace_provider_lock);
14696 15289
14697 15290 /*
14698 15291 * If we have any retained enablings, we need to match against them.
14699 15292 * Enabling probes requires that cpu_lock be held, and we cannot hold
14700 15293 * cpu_lock here -- it is legal for cpu_lock to be held when loading a
14701 15294 * module. (In particular, this happens when loading scheduling
14702 15295 * classes.) So if we have any retained enablings, we need to dispatch
14703 15296 * our task queue to do the match for us.
14704 15297 */
14705 15298 mutex_enter(&dtrace_lock);
14706 15299
14707 15300 if (dtrace_retained == NULL) {
14708 15301 mutex_exit(&dtrace_lock);
14709 15302 return;
14710 15303 }
14711 15304
14712 15305 (void) taskq_dispatch(dtrace_taskq,
14713 15306 (task_func_t *)dtrace_enabling_matchall, NULL, TQ_SLEEP);
14714 15307
14715 15308 mutex_exit(&dtrace_lock);
14716 15309
14717 15310 /*
14718 15311 * And now, for a little heuristic sleaze: in general, we want to
14719 15312 * match modules as soon as they load. However, we cannot guarantee
14720 15313 * this, because it would lead us to the lock ordering violation
14721 15314 * outlined above. The common case, of course, is that cpu_lock is
14722 15315 * _not_ held -- so we delay here for a clock tick, hoping that that's
14723 15316 * long enough for the task queue to do its work. If it's not, it's
14724 15317 * not a serious problem -- it just means that the module that we
14725 15318 * just loaded may not be immediately instrumentable.
14726 15319 */
14727 15320 delay(1);
14728 15321 }
14729 15322
14730 15323 static void
14731 15324 dtrace_module_unloaded(struct modctl *ctl)
14732 15325 {
14733 15326 dtrace_probe_t template, *probe, *first, *next;
14734 15327 dtrace_provider_t *prov;
14735 15328
14736 15329 template.dtpr_mod = ctl->mod_modname;
14737 15330
14738 15331 mutex_enter(&dtrace_provider_lock);
14739 15332 mutex_enter(&mod_lock);
14740 15333 mutex_enter(&dtrace_lock);
14741 15334
14742 15335 if (dtrace_bymod == NULL) {
14743 15336 /*
14744 15337 * The DTrace module is loaded (obviously) but not attached;
14745 15338 * we don't have any work to do.
14746 15339 */
14747 15340 mutex_exit(&dtrace_provider_lock);
14748 15341 mutex_exit(&mod_lock);
14749 15342 mutex_exit(&dtrace_lock);
14750 15343 return;
14751 15344 }
14752 15345
14753 15346 for (probe = first = dtrace_hash_lookup(dtrace_bymod, &template);
14754 15347 probe != NULL; probe = probe->dtpr_nextmod) {
14755 15348 if (probe->dtpr_ecb != NULL) {
14756 15349 mutex_exit(&dtrace_provider_lock);
14757 15350 mutex_exit(&mod_lock);
14758 15351 mutex_exit(&dtrace_lock);
14759 15352
14760 15353 /*
14761 15354 * This shouldn't _actually_ be possible -- we're
14762 15355 * unloading a module that has an enabled probe in it.
14763 15356 * (It's normally up to the provider to make sure that
14764 15357 * this can't happen.) However, because dtps_enable()
14765 15358 * doesn't have a failure mode, there can be an
14766 15359 * enable/unload race. Upshot: we don't want to
14767 15360 * assert, but we're not going to disable the
14768 15361 * probe, either.
14769 15362 */
14770 15363 if (dtrace_err_verbose) {
14771 15364 cmn_err(CE_WARN, "unloaded module '%s' had "
14772 15365 "enabled probes", ctl->mod_modname);
14773 15366 }
14774 15367
14775 15368 return;
14776 15369 }
14777 15370 }
14778 15371
14779 15372 probe = first;
14780 15373
14781 15374 for (first = NULL; probe != NULL; probe = next) {
14782 15375 ASSERT(dtrace_probes[probe->dtpr_id - 1] == probe);
14783 15376
14784 15377 dtrace_probes[probe->dtpr_id - 1] = NULL;
14785 15378
14786 15379 next = probe->dtpr_nextmod;
14787 15380 dtrace_hash_remove(dtrace_bymod, probe);
14788 15381 dtrace_hash_remove(dtrace_byfunc, probe);
14789 15382 dtrace_hash_remove(dtrace_byname, probe);
14790 15383
14791 15384 if (first == NULL) {
14792 15385 first = probe;
14793 15386 probe->dtpr_nextmod = NULL;
14794 15387 } else {
14795 15388 probe->dtpr_nextmod = first;
14796 15389 first = probe;
14797 15390 }
14798 15391 }
14799 15392
14800 15393 /*
14801 15394 * We've removed all of the module's probes from the hash chains and
14802 15395 * from the probe array. Now issue a dtrace_sync() to be sure that
14803 15396 * everyone has cleared out from any probe array processing.
14804 15397 */
14805 15398 dtrace_sync();
14806 15399
14807 15400 for (probe = first; probe != NULL; probe = first) {
14808 15401 first = probe->dtpr_nextmod;
14809 15402 prov = probe->dtpr_provider;
14810 15403 prov->dtpv_pops.dtps_destroy(prov->dtpv_arg, probe->dtpr_id,
14811 15404 probe->dtpr_arg);
14812 15405 kmem_free(probe->dtpr_mod, strlen(probe->dtpr_mod) + 1);
14813 15406 kmem_free(probe->dtpr_func, strlen(probe->dtpr_func) + 1);
14814 15407 kmem_free(probe->dtpr_name, strlen(probe->dtpr_name) + 1);
14815 15408 vmem_free(dtrace_arena, (void *)(uintptr_t)probe->dtpr_id, 1);
14816 15409 kmem_free(probe, sizeof (dtrace_probe_t));
14817 15410 }
14818 15411
14819 15412 mutex_exit(&dtrace_lock);
14820 15413 mutex_exit(&mod_lock);
14821 15414 mutex_exit(&dtrace_provider_lock);
14822 15415 }
14823 15416
14824 15417 void
14825 15418 dtrace_suspend(void)
14826 15419 {
14827 15420 dtrace_probe_foreach(offsetof(dtrace_pops_t, dtps_suspend));
14828 15421 }
14829 15422
14830 15423 void
14831 15424 dtrace_resume(void)
14832 15425 {
14833 15426 dtrace_probe_foreach(offsetof(dtrace_pops_t, dtps_resume));
14834 15427 }
14835 15428
14836 15429 static int
14837 15430 dtrace_cpu_setup(cpu_setup_t what, processorid_t cpu)
14838 15431 {
14839 15432 ASSERT(MUTEX_HELD(&cpu_lock));
14840 15433 mutex_enter(&dtrace_lock);
14841 15434
14842 15435 switch (what) {
14843 15436 case CPU_CONFIG: {
14844 15437 dtrace_state_t *state;
14845 15438 dtrace_optval_t *opt, rs, c;
14846 15439
14847 15440 /*
14848 15441 * For now, we only allocate a new buffer for anonymous state.
14849 15442 */
14850 15443 if ((state = dtrace_anon.dta_state) == NULL)
14851 15444 break;
14852 15445
14853 15446 if (state->dts_activity != DTRACE_ACTIVITY_ACTIVE)
14854 15447 break;
14855 15448
14856 15449 opt = state->dts_options;
14857 15450 c = opt[DTRACEOPT_CPU];
14858 15451
14859 15452 if (c != DTRACE_CPUALL && c != DTRACEOPT_UNSET && c != cpu)
14860 15453 break;
14861 15454
14862 15455 /*
14863 15456 * Regardless of what the actual policy is, we're going to
14864 15457 * temporarily set our resize policy to be manual. We're
14865 15458 * also going to temporarily set our CPU option to denote
14866 15459 * the newly configured CPU.
14867 15460 */
14868 15461 rs = opt[DTRACEOPT_BUFRESIZE];
14869 15462 opt[DTRACEOPT_BUFRESIZE] = DTRACEOPT_BUFRESIZE_MANUAL;
14870 15463 opt[DTRACEOPT_CPU] = (dtrace_optval_t)cpu;
14871 15464
14872 15465 (void) dtrace_state_buffers(state);
14873 15466
14874 15467 opt[DTRACEOPT_BUFRESIZE] = rs;
14875 15468 opt[DTRACEOPT_CPU] = c;
14876 15469
14877 15470 break;
14878 15471 }
14879 15472
14880 15473 case CPU_UNCONFIG:
14881 15474 /*
14882 15475 * We don't free the buffer in the CPU_UNCONFIG case. (The
14883 15476 * buffer will be freed when the consumer exits.)
14884 15477 */
14885 15478 break;
14886 15479
14887 15480 default:
14888 15481 break;
14889 15482 }
14890 15483
14891 15484 mutex_exit(&dtrace_lock);
14892 15485 return (0);
14893 15486 }
14894 15487
14895 15488 static void
14896 15489 dtrace_cpu_setup_initial(processorid_t cpu)
14897 15490 {
14898 15491 (void) dtrace_cpu_setup(CPU_CONFIG, cpu);
14899 15492 }
14900 15493
14901 15494 static void
14902 15495 dtrace_toxrange_add(uintptr_t base, uintptr_t limit)
14903 15496 {
14904 15497 if (dtrace_toxranges >= dtrace_toxranges_max) {
14905 15498 int osize, nsize;
14906 15499 dtrace_toxrange_t *range;
14907 15500
14908 15501 osize = dtrace_toxranges_max * sizeof (dtrace_toxrange_t);
14909 15502
14910 15503 if (osize == 0) {
14911 15504 ASSERT(dtrace_toxrange == NULL);
14912 15505 ASSERT(dtrace_toxranges_max == 0);
14913 15506 dtrace_toxranges_max = 1;
14914 15507 } else {
14915 15508 dtrace_toxranges_max <<= 1;
14916 15509 }
14917 15510
14918 15511 nsize = dtrace_toxranges_max * sizeof (dtrace_toxrange_t);
14919 15512 range = kmem_zalloc(nsize, KM_SLEEP);
14920 15513
14921 15514 if (dtrace_toxrange != NULL) {
14922 15515 ASSERT(osize != 0);
14923 15516 bcopy(dtrace_toxrange, range, osize);
14924 15517 kmem_free(dtrace_toxrange, osize);
14925 15518 }
14926 15519
14927 15520 dtrace_toxrange = range;
14928 15521 }
14929 15522
14930 15523 ASSERT(dtrace_toxrange[dtrace_toxranges].dtt_base == NULL);
14931 15524 ASSERT(dtrace_toxrange[dtrace_toxranges].dtt_limit == NULL);
14932 15525
14933 15526 dtrace_toxrange[dtrace_toxranges].dtt_base = base;
14934 15527 dtrace_toxrange[dtrace_toxranges].dtt_limit = limit;
14935 15528 dtrace_toxranges++;
14936 15529 }
14937 15530
14938 15531 static void
14939 15532 dtrace_getf_barrier()
14940 15533 {
14941 15534 /*
14942 15535 * When we have unprivileged (that is, non-DTRACE_CRV_KERNEL) enablings
14943 15536 * that contain calls to getf(), this routine will be called on every
14944 15537 * closef() before either the underlying vnode is released or the
14945 15538 * file_t itself is freed. By the time we are here, it is essential
14946 15539 * that the file_t can no longer be accessed from a call to getf()
14947 15540 * in probe context -- that assures that a dtrace_sync() can be used
14948 15541 * to clear out any enablings referring to the old structures.
14949 15542 */
14950 15543 if (curthread->t_procp->p_zone->zone_dtrace_getf != 0 ||
14951 15544 kcred->cr_zone->zone_dtrace_getf != 0)
14952 15545 dtrace_sync();
14953 15546 }
14954 15547
14955 15548 /*
14956 15549 * DTrace Driver Cookbook Functions
14957 15550 */
14958 15551 /*ARGSUSED*/
14959 15552 static int
14960 15553 dtrace_attach(dev_info_t *devi, ddi_attach_cmd_t cmd)
14961 15554 {
14962 15555 dtrace_provider_id_t id;
14963 15556 dtrace_state_t *state = NULL;
14964 15557 dtrace_enabling_t *enab;
14965 15558
14966 15559 mutex_enter(&cpu_lock);
14967 15560 mutex_enter(&dtrace_provider_lock);
14968 15561 mutex_enter(&dtrace_lock);
14969 15562
14970 15563 if (ddi_soft_state_init(&dtrace_softstate,
14971 15564 sizeof (dtrace_state_t), 0) != 0) {
14972 15565 cmn_err(CE_NOTE, "/dev/dtrace failed to initialize soft state");
14973 15566 mutex_exit(&cpu_lock);
14974 15567 mutex_exit(&dtrace_provider_lock);
14975 15568 mutex_exit(&dtrace_lock);
14976 15569 return (DDI_FAILURE);
14977 15570 }
14978 15571
14979 15572 if (ddi_create_minor_node(devi, DTRACEMNR_DTRACE, S_IFCHR,
14980 15573 DTRACEMNRN_DTRACE, DDI_PSEUDO, NULL) == DDI_FAILURE ||
14981 15574 ddi_create_minor_node(devi, DTRACEMNR_HELPER, S_IFCHR,
14982 15575 DTRACEMNRN_HELPER, DDI_PSEUDO, NULL) == DDI_FAILURE) {
14983 15576 cmn_err(CE_NOTE, "/dev/dtrace couldn't create minor nodes");
14984 15577 ddi_remove_minor_node(devi, NULL);
14985 15578 ddi_soft_state_fini(&dtrace_softstate);
14986 15579 mutex_exit(&cpu_lock);
14987 15580 mutex_exit(&dtrace_provider_lock);
14988 15581 mutex_exit(&dtrace_lock);
14989 15582 return (DDI_FAILURE);
14990 15583 }
14991 15584
14992 15585 ddi_report_dev(devi);
14993 15586 dtrace_devi = devi;
14994 15587
14995 15588 dtrace_modload = dtrace_module_loaded;
14996 15589 dtrace_modunload = dtrace_module_unloaded;
14997 15590 dtrace_cpu_init = dtrace_cpu_setup_initial;
14998 15591 dtrace_helpers_cleanup = dtrace_helpers_destroy;
14999 15592 dtrace_helpers_fork = dtrace_helpers_duplicate;
15000 15593 dtrace_cpustart_init = dtrace_suspend;
15001 15594 dtrace_cpustart_fini = dtrace_resume;
15002 15595 dtrace_debugger_init = dtrace_suspend;
15003 15596 dtrace_debugger_fini = dtrace_resume;
15004 15597
15005 15598 register_cpu_setup_func((cpu_setup_func_t *)dtrace_cpu_setup, NULL);
15006 15599
15007 15600 ASSERT(MUTEX_HELD(&cpu_lock));
15008 15601
15009 15602 dtrace_arena = vmem_create("dtrace", (void *)1, UINT32_MAX, 1,
15010 15603 NULL, NULL, NULL, 0, VM_SLEEP | VMC_IDENTIFIER);
15011 15604 dtrace_minor = vmem_create("dtrace_minor", (void *)DTRACEMNRN_CLONE,
15012 15605 UINT32_MAX - DTRACEMNRN_CLONE, 1, NULL, NULL, NULL, 0,
15013 15606 VM_SLEEP | VMC_IDENTIFIER);
15014 15607 dtrace_taskq = taskq_create("dtrace_taskq", 1, maxclsyspri,
15015 15608 1, INT_MAX, 0);
15016 15609
15017 15610 dtrace_state_cache = kmem_cache_create("dtrace_state_cache",
15018 15611 sizeof (dtrace_dstate_percpu_t) * NCPU, DTRACE_STATE_ALIGN,
15019 15612 NULL, NULL, NULL, NULL, NULL, 0);
15020 15613
15021 15614 ASSERT(MUTEX_HELD(&cpu_lock));
15022 15615 dtrace_bymod = dtrace_hash_create(offsetof(dtrace_probe_t, dtpr_mod),
15023 15616 offsetof(dtrace_probe_t, dtpr_nextmod),
15024 15617 offsetof(dtrace_probe_t, dtpr_prevmod));
15025 15618
15026 15619 dtrace_byfunc = dtrace_hash_create(offsetof(dtrace_probe_t, dtpr_func),
15027 15620 offsetof(dtrace_probe_t, dtpr_nextfunc),
15028 15621 offsetof(dtrace_probe_t, dtpr_prevfunc));
15029 15622
15030 15623 dtrace_byname = dtrace_hash_create(offsetof(dtrace_probe_t, dtpr_name),
15031 15624 offsetof(dtrace_probe_t, dtpr_nextname),
15032 15625 offsetof(dtrace_probe_t, dtpr_prevname));
15033 15626
15034 15627 if (dtrace_retain_max < 1) {
15035 15628 cmn_err(CE_WARN, "illegal value (%lu) for dtrace_retain_max; "
15036 15629 "setting to 1", dtrace_retain_max);
15037 15630 dtrace_retain_max = 1;
15038 15631 }
15039 15632
15040 15633 /*
15041 15634 * Now discover our toxic ranges.
15042 15635 */
15043 15636 dtrace_toxic_ranges(dtrace_toxrange_add);
15044 15637
15045 15638 /*
15046 15639 * Before we register ourselves as a provider to our own framework,
15047 15640 * we would like to assert that dtrace_provider is NULL -- but that's
15048 15641 * not true if we were loaded as a dependency of a DTrace provider.
15049 15642 * Once we've registered, we can assert that dtrace_provider is our
15050 15643 * pseudo provider.
15051 15644 */
15052 15645 (void) dtrace_register("dtrace", &dtrace_provider_attr,
15053 15646 DTRACE_PRIV_NONE, 0, &dtrace_provider_ops, NULL, &id);
15054 15647
15055 15648 ASSERT(dtrace_provider != NULL);
15056 15649 ASSERT((dtrace_provider_id_t)dtrace_provider == id);
15057 15650
15058 15651 dtrace_probeid_begin = dtrace_probe_create((dtrace_provider_id_t)
15059 15652 dtrace_provider, NULL, NULL, "BEGIN", 0, NULL);
15060 15653 dtrace_probeid_end = dtrace_probe_create((dtrace_provider_id_t)
15061 15654 dtrace_provider, NULL, NULL, "END", 0, NULL);
15062 15655 dtrace_probeid_error = dtrace_probe_create((dtrace_provider_id_t)
15063 15656 dtrace_provider, NULL, NULL, "ERROR", 1, NULL);
15064 15657
15065 15658 dtrace_anon_property();
15066 15659 mutex_exit(&cpu_lock);
15067 15660
15068 15661 /*
15069 15662 * If DTrace helper tracing is enabled, we need to allocate the
15070 15663 * trace buffer and initialize the values.
15071 15664 */
15072 15665 if (dtrace_helptrace_enabled) {
15073 15666 ASSERT(dtrace_helptrace_buffer == NULL);
15074 15667 dtrace_helptrace_buffer =
15075 15668 kmem_zalloc(dtrace_helptrace_bufsize, KM_SLEEP);
15076 15669 dtrace_helptrace_next = 0;
15077 15670 }
15078 15671
15079 15672 /*
15080 15673 * If there are already providers, we must ask them to provide their
15081 15674 * probes, and then match any anonymous enabling against them. Note
15082 15675 * that there should be no other retained enablings at this time:
15083 15676 * the only retained enablings at this time should be the anonymous
15084 15677 * enabling.
15085 15678 */
15086 15679 if (dtrace_anon.dta_enabling != NULL) {
15087 15680 ASSERT(dtrace_retained == dtrace_anon.dta_enabling);
15088 15681
15089 15682 dtrace_enabling_provide(NULL);
15090 15683 state = dtrace_anon.dta_state;
15091 15684
15092 15685 /*
15093 15686 * We couldn't hold cpu_lock across the above call to
15094 15687 * dtrace_enabling_provide(), but we must hold it to actually
15095 15688 * enable the probes. We have to drop all of our locks, pick
15096 15689 * up cpu_lock, and regain our locks before matching the
15097 15690 * retained anonymous enabling.
15098 15691 */
15099 15692 mutex_exit(&dtrace_lock);
15100 15693 mutex_exit(&dtrace_provider_lock);
15101 15694
15102 15695 mutex_enter(&cpu_lock);
15103 15696 mutex_enter(&dtrace_provider_lock);
15104 15697 mutex_enter(&dtrace_lock);
15105 15698
15106 15699 if ((enab = dtrace_anon.dta_enabling) != NULL)
15107 15700 (void) dtrace_enabling_match(enab, NULL);
15108 15701
15109 15702 mutex_exit(&cpu_lock);
15110 15703 }
15111 15704
15112 15705 mutex_exit(&dtrace_lock);
15113 15706 mutex_exit(&dtrace_provider_lock);
15114 15707
15115 15708 if (state != NULL) {
15116 15709 /*
15117 15710 * If we created any anonymous state, set it going now.
15118 15711 */
15119 15712 (void) dtrace_state_go(state, &dtrace_anon.dta_beganon);
15120 15713 }
15121 15714
15122 15715 return (DDI_SUCCESS);
15123 15716 }
15124 15717
15125 15718 /*ARGSUSED*/
15126 15719 static int
15127 15720 dtrace_open(dev_t *devp, int flag, int otyp, cred_t *cred_p)
15128 15721 {
15129 15722 dtrace_state_t *state;
15130 15723 uint32_t priv;
15131 15724 uid_t uid;
15132 15725 zoneid_t zoneid;
15133 15726
15134 15727 if (getminor(*devp) == DTRACEMNRN_HELPER)
15135 15728 return (0);
15136 15729
15137 15730 /*
15138 15731 * If this wasn't an open with the "helper" minor, then it must be
15139 15732 * the "dtrace" minor.
15140 15733 */
15141 15734 if (getminor(*devp) != DTRACEMNRN_DTRACE)
15142 15735 return (ENXIO);
15143 15736
15144 15737 /*
15145 15738 * If no DTRACE_PRIV_* bits are set in the credential, then the
15146 15739 * caller lacks sufficient permission to do anything with DTrace.
15147 15740 */
15148 15741 dtrace_cred2priv(cred_p, &priv, &uid, &zoneid);
15149 15742 if (priv == DTRACE_PRIV_NONE)
15150 15743 return (EACCES);
15151 15744
15152 15745 /*
15153 15746 * Ask all providers to provide all their probes.
15154 15747 */
15155 15748 mutex_enter(&dtrace_provider_lock);
15156 15749 dtrace_probe_provide(NULL, NULL);
15157 15750 mutex_exit(&dtrace_provider_lock);
15158 15751
15159 15752 mutex_enter(&cpu_lock);
15160 15753 mutex_enter(&dtrace_lock);
15161 15754 dtrace_opens++;
15162 15755 dtrace_membar_producer();
15163 15756
15164 15757 /*
15165 15758 * If the kernel debugger is active (that is, if the kernel debugger
15166 15759 * modified text in some way), we won't allow the open.
15167 15760 */
15168 15761 if (kdi_dtrace_set(KDI_DTSET_DTRACE_ACTIVATE) != 0) {
15169 15762 dtrace_opens--;
15170 15763 mutex_exit(&cpu_lock);
15171 15764 mutex_exit(&dtrace_lock);
15172 15765 return (EBUSY);
15173 15766 }
15174 15767
15175 15768 state = dtrace_state_create(devp, cred_p);
15176 15769 mutex_exit(&cpu_lock);
15177 15770
15178 15771 if (state == NULL) {
15179 15772 if (--dtrace_opens == 0 && dtrace_anon.dta_enabling == NULL)
15180 15773 (void) kdi_dtrace_set(KDI_DTSET_DTRACE_DEACTIVATE);
15181 15774 mutex_exit(&dtrace_lock);
15182 15775 return (EAGAIN);
15183 15776 }
15184 15777
15185 15778 mutex_exit(&dtrace_lock);
15186 15779
15187 15780 return (0);
15188 15781 }
15189 15782
15190 15783 /*ARGSUSED*/
15191 15784 static int
15192 15785 dtrace_close(dev_t dev, int flag, int otyp, cred_t *cred_p)
15193 15786 {
15194 15787 minor_t minor = getminor(dev);
15195 15788 dtrace_state_t *state;
15196 15789
15197 15790 if (minor == DTRACEMNRN_HELPER)
15198 15791 return (0);
15199 15792
15200 15793 state = ddi_get_soft_state(dtrace_softstate, minor);
15201 15794
15202 15795 mutex_enter(&cpu_lock);
15203 15796 mutex_enter(&dtrace_lock);
15204 15797
15205 15798 if (state->dts_anon) {
15206 15799 /*
15207 15800 * There is anonymous state. Destroy that first.
15208 15801 */
15209 15802 ASSERT(dtrace_anon.dta_state == NULL);
15210 15803 dtrace_state_destroy(state->dts_anon);
15211 15804 }
15212 15805
15213 15806 dtrace_state_destroy(state);
15214 15807 ASSERT(dtrace_opens > 0);
15215 15808
15216 15809 /*
15217 15810 * Only relinquish control of the kernel debugger interface when there
15218 15811 * are no consumers and no anonymous enablings.
15219 15812 */
15220 15813 if (--dtrace_opens == 0 && dtrace_anon.dta_enabling == NULL)
15221 15814 (void) kdi_dtrace_set(KDI_DTSET_DTRACE_DEACTIVATE);
15222 15815
15223 15816 mutex_exit(&dtrace_lock);
15224 15817 mutex_exit(&cpu_lock);
15225 15818
15226 15819 return (0);
15227 15820 }
15228 15821
15229 15822 /*ARGSUSED*/
15230 15823 static int
15231 15824 dtrace_ioctl_helper(int cmd, intptr_t arg, int *rv)
15232 15825 {
15233 15826 int rval;
15234 15827 dof_helper_t help, *dhp = NULL;
15235 15828
15236 15829 switch (cmd) {
15237 15830 case DTRACEHIOC_ADDDOF:
15238 15831 if (copyin((void *)arg, &help, sizeof (help)) != 0) {
15239 15832 dtrace_dof_error(NULL, "failed to copyin DOF helper");
15240 15833 return (EFAULT);
15241 15834 }
15242 15835
15243 15836 dhp = &help;
15244 15837 arg = (intptr_t)help.dofhp_dof;
15245 15838 /*FALLTHROUGH*/
15246 15839
15247 15840 case DTRACEHIOC_ADD: {
15248 15841 dof_hdr_t *dof = dtrace_dof_copyin(arg, &rval);
15249 15842
15250 15843 if (dof == NULL)
15251 15844 return (rval);
15252 15845
15253 15846 mutex_enter(&dtrace_lock);
15254 15847
15255 15848 /*
15256 15849 * dtrace_helper_slurp() takes responsibility for the dof --
15257 15850 * it may free it now or it may save it and free it later.
15258 15851 */
15259 15852 if ((rval = dtrace_helper_slurp(dof, dhp)) != -1) {
15260 15853 *rv = rval;
15261 15854 rval = 0;
15262 15855 } else {
15263 15856 rval = EINVAL;
15264 15857 }
15265 15858
15266 15859 mutex_exit(&dtrace_lock);
15267 15860 return (rval);
15268 15861 }
15269 15862
15270 15863 case DTRACEHIOC_REMOVE: {
15271 15864 mutex_enter(&dtrace_lock);
15272 15865 rval = dtrace_helper_destroygen(arg);
15273 15866 mutex_exit(&dtrace_lock);
15274 15867
15275 15868 return (rval);
15276 15869 }
15277 15870
15278 15871 default:
15279 15872 break;
15280 15873 }
15281 15874
15282 15875 return (ENOTTY);
15283 15876 }
15284 15877
15285 15878 /*ARGSUSED*/
15286 15879 static int
15287 15880 dtrace_ioctl(dev_t dev, int cmd, intptr_t arg, int md, cred_t *cr, int *rv)
15288 15881 {
15289 15882 minor_t minor = getminor(dev);
15290 15883 dtrace_state_t *state;
15291 15884 int rval;
15292 15885
15293 15886 if (minor == DTRACEMNRN_HELPER)
15294 15887 return (dtrace_ioctl_helper(cmd, arg, rv));
15295 15888
15296 15889 state = ddi_get_soft_state(dtrace_softstate, minor);
15297 15890
15298 15891 if (state->dts_anon) {
15299 15892 ASSERT(dtrace_anon.dta_state == NULL);
15300 15893 state = state->dts_anon;
15301 15894 }
15302 15895
15303 15896 switch (cmd) {
15304 15897 case DTRACEIOC_PROVIDER: {
15305 15898 dtrace_providerdesc_t pvd;
15306 15899 dtrace_provider_t *pvp;
15307 15900
15308 15901 if (copyin((void *)arg, &pvd, sizeof (pvd)) != 0)
15309 15902 return (EFAULT);
15310 15903
15311 15904 pvd.dtvd_name[DTRACE_PROVNAMELEN - 1] = '\0';
15312 15905 mutex_enter(&dtrace_provider_lock);
15313 15906
15314 15907 for (pvp = dtrace_provider; pvp != NULL; pvp = pvp->dtpv_next) {
15315 15908 if (strcmp(pvp->dtpv_name, pvd.dtvd_name) == 0)
15316 15909 break;
15317 15910 }
15318 15911
15319 15912 mutex_exit(&dtrace_provider_lock);
15320 15913
15321 15914 if (pvp == NULL)
15322 15915 return (ESRCH);
15323 15916
15324 15917 bcopy(&pvp->dtpv_priv, &pvd.dtvd_priv, sizeof (dtrace_ppriv_t));
15325 15918 bcopy(&pvp->dtpv_attr, &pvd.dtvd_attr, sizeof (dtrace_pattr_t));
15326 15919 if (copyout(&pvd, (void *)arg, sizeof (pvd)) != 0)
15327 15920 return (EFAULT);
15328 15921
15329 15922 return (0);
15330 15923 }
15331 15924
15332 15925 case DTRACEIOC_EPROBE: {
15333 15926 dtrace_eprobedesc_t epdesc;
15334 15927 dtrace_ecb_t *ecb;
15335 15928 dtrace_action_t *act;
15336 15929 void *buf;
15337 15930 size_t size;
15338 15931 uintptr_t dest;
15339 15932 int nrecs;
15340 15933
15341 15934 if (copyin((void *)arg, &epdesc, sizeof (epdesc)) != 0)
15342 15935 return (EFAULT);
15343 15936
15344 15937 mutex_enter(&dtrace_lock);
15345 15938
15346 15939 if ((ecb = dtrace_epid2ecb(state, epdesc.dtepd_epid)) == NULL) {
15347 15940 mutex_exit(&dtrace_lock);
15348 15941 return (EINVAL);
15349 15942 }
15350 15943
15351 15944 if (ecb->dte_probe == NULL) {
15352 15945 mutex_exit(&dtrace_lock);
15353 15946 return (EINVAL);
15354 15947 }
15355 15948
15356 15949 epdesc.dtepd_probeid = ecb->dte_probe->dtpr_id;
15357 15950 epdesc.dtepd_uarg = ecb->dte_uarg;
15358 15951 epdesc.dtepd_size = ecb->dte_size;
15359 15952
15360 15953 nrecs = epdesc.dtepd_nrecs;
15361 15954 epdesc.dtepd_nrecs = 0;
15362 15955 for (act = ecb->dte_action; act != NULL; act = act->dta_next) {
15363 15956 if (DTRACEACT_ISAGG(act->dta_kind) || act->dta_intuple)
15364 15957 continue;
15365 15958
15366 15959 epdesc.dtepd_nrecs++;
15367 15960 }
15368 15961
15369 15962 /*
15370 15963 * Now that we have the size, we need to allocate a temporary
15371 15964 * buffer in which to store the complete description. We need
15372 15965 * the temporary buffer to be able to drop dtrace_lock()
15373 15966 * across the copyout(), below.
15374 15967 */
15375 15968 size = sizeof (dtrace_eprobedesc_t) +
15376 15969 (epdesc.dtepd_nrecs * sizeof (dtrace_recdesc_t));
15377 15970
15378 15971 buf = kmem_alloc(size, KM_SLEEP);
15379 15972 dest = (uintptr_t)buf;
15380 15973
15381 15974 bcopy(&epdesc, (void *)dest, sizeof (epdesc));
15382 15975 dest += offsetof(dtrace_eprobedesc_t, dtepd_rec[0]);
15383 15976
15384 15977 for (act = ecb->dte_action; act != NULL; act = act->dta_next) {
15385 15978 if (DTRACEACT_ISAGG(act->dta_kind) || act->dta_intuple)
15386 15979 continue;
15387 15980
15388 15981 if (nrecs-- == 0)
15389 15982 break;
15390 15983
15391 15984 bcopy(&act->dta_rec, (void *)dest,
15392 15985 sizeof (dtrace_recdesc_t));
15393 15986 dest += sizeof (dtrace_recdesc_t);
15394 15987 }
15395 15988
15396 15989 mutex_exit(&dtrace_lock);
15397 15990
15398 15991 if (copyout(buf, (void *)arg, dest - (uintptr_t)buf) != 0) {
15399 15992 kmem_free(buf, size);
15400 15993 return (EFAULT);
15401 15994 }
15402 15995
15403 15996 kmem_free(buf, size);
15404 15997 return (0);
15405 15998 }
15406 15999
15407 16000 case DTRACEIOC_AGGDESC: {
15408 16001 dtrace_aggdesc_t aggdesc;
15409 16002 dtrace_action_t *act;
15410 16003 dtrace_aggregation_t *agg;
15411 16004 int nrecs;
15412 16005 uint32_t offs;
15413 16006 dtrace_recdesc_t *lrec;
15414 16007 void *buf;
15415 16008 size_t size;
15416 16009 uintptr_t dest;
15417 16010
15418 16011 if (copyin((void *)arg, &aggdesc, sizeof (aggdesc)) != 0)
15419 16012 return (EFAULT);
15420 16013
15421 16014 mutex_enter(&dtrace_lock);
15422 16015
15423 16016 if ((agg = dtrace_aggid2agg(state, aggdesc.dtagd_id)) == NULL) {
15424 16017 mutex_exit(&dtrace_lock);
15425 16018 return (EINVAL);
15426 16019 }
15427 16020
15428 16021 aggdesc.dtagd_epid = agg->dtag_ecb->dte_epid;
15429 16022
15430 16023 nrecs = aggdesc.dtagd_nrecs;
15431 16024 aggdesc.dtagd_nrecs = 0;
15432 16025
15433 16026 offs = agg->dtag_base;
15434 16027 lrec = &agg->dtag_action.dta_rec;
15435 16028 aggdesc.dtagd_size = lrec->dtrd_offset + lrec->dtrd_size - offs;
15436 16029
15437 16030 for (act = agg->dtag_first; ; act = act->dta_next) {
15438 16031 ASSERT(act->dta_intuple ||
15439 16032 DTRACEACT_ISAGG(act->dta_kind));
15440 16033
15441 16034 /*
15442 16035 * If this action has a record size of zero, it
15443 16036 * denotes an argument to the aggregating action.
15444 16037 * Because the presence of this record doesn't (or
15445 16038 * shouldn't) affect the way the data is interpreted,
15446 16039 * we don't copy it out to save user-level the
15447 16040 * confusion of dealing with a zero-length record.
15448 16041 */
15449 16042 if (act->dta_rec.dtrd_size == 0) {
15450 16043 ASSERT(agg->dtag_hasarg);
15451 16044 continue;
15452 16045 }
15453 16046
15454 16047 aggdesc.dtagd_nrecs++;
15455 16048
15456 16049 if (act == &agg->dtag_action)
15457 16050 break;
15458 16051 }
15459 16052
15460 16053 /*
15461 16054 * Now that we have the size, we need to allocate a temporary
15462 16055 * buffer in which to store the complete description. We need
15463 16056 * the temporary buffer to be able to drop dtrace_lock()
15464 16057 * across the copyout(), below.
15465 16058 */
15466 16059 size = sizeof (dtrace_aggdesc_t) +
15467 16060 (aggdesc.dtagd_nrecs * sizeof (dtrace_recdesc_t));
15468 16061
15469 16062 buf = kmem_alloc(size, KM_SLEEP);
15470 16063 dest = (uintptr_t)buf;
15471 16064
15472 16065 bcopy(&aggdesc, (void *)dest, sizeof (aggdesc));
15473 16066 dest += offsetof(dtrace_aggdesc_t, dtagd_rec[0]);
15474 16067
15475 16068 for (act = agg->dtag_first; ; act = act->dta_next) {
15476 16069 dtrace_recdesc_t rec = act->dta_rec;
15477 16070
15478 16071 /*
15479 16072 * See the comment in the above loop for why we pass
15480 16073 * over zero-length records.
15481 16074 */
15482 16075 if (rec.dtrd_size == 0) {
15483 16076 ASSERT(agg->dtag_hasarg);
15484 16077 continue;
15485 16078 }
15486 16079
15487 16080 if (nrecs-- == 0)
15488 16081 break;
15489 16082
15490 16083 rec.dtrd_offset -= offs;
15491 16084 bcopy(&rec, (void *)dest, sizeof (rec));
15492 16085 dest += sizeof (dtrace_recdesc_t);
15493 16086
15494 16087 if (act == &agg->dtag_action)
15495 16088 break;
15496 16089 }
15497 16090
15498 16091 mutex_exit(&dtrace_lock);
15499 16092
15500 16093 if (copyout(buf, (void *)arg, dest - (uintptr_t)buf) != 0) {
15501 16094 kmem_free(buf, size);
15502 16095 return (EFAULT);
15503 16096 }
15504 16097
15505 16098 kmem_free(buf, size);
15506 16099 return (0);
15507 16100 }
15508 16101
15509 16102 case DTRACEIOC_ENABLE: {
15510 16103 dof_hdr_t *dof;
15511 16104 dtrace_enabling_t *enab = NULL;
15512 16105 dtrace_vstate_t *vstate;
15513 16106 int err = 0;
15514 16107
15515 16108 *rv = 0;
15516 16109
15517 16110 /*
15518 16111 * If a NULL argument has been passed, we take this as our
15519 16112 * cue to reevaluate our enablings.
15520 16113 */
15521 16114 if (arg == NULL) {
15522 16115 dtrace_enabling_matchall();
15523 16116
15524 16117 return (0);
15525 16118 }
15526 16119
15527 16120 if ((dof = dtrace_dof_copyin(arg, &rval)) == NULL)
15528 16121 return (rval);
15529 16122
15530 16123 mutex_enter(&cpu_lock);
15531 16124 mutex_enter(&dtrace_lock);
15532 16125 vstate = &state->dts_vstate;
15533 16126
15534 16127 if (state->dts_activity != DTRACE_ACTIVITY_INACTIVE) {
15535 16128 mutex_exit(&dtrace_lock);
15536 16129 mutex_exit(&cpu_lock);
15537 16130 dtrace_dof_destroy(dof);
15538 16131 return (EBUSY);
15539 16132 }
15540 16133
15541 16134 if (dtrace_dof_slurp(dof, vstate, cr, &enab, 0, B_TRUE) != 0) {
15542 16135 mutex_exit(&dtrace_lock);
15543 16136 mutex_exit(&cpu_lock);
15544 16137 dtrace_dof_destroy(dof);
15545 16138 return (EINVAL);
15546 16139 }
15547 16140
15548 16141 if ((rval = dtrace_dof_options(dof, state)) != 0) {
15549 16142 dtrace_enabling_destroy(enab);
15550 16143 mutex_exit(&dtrace_lock);
15551 16144 mutex_exit(&cpu_lock);
15552 16145 dtrace_dof_destroy(dof);
15553 16146 return (rval);
15554 16147 }
15555 16148
15556 16149 if ((err = dtrace_enabling_match(enab, rv)) == 0) {
15557 16150 err = dtrace_enabling_retain(enab);
15558 16151 } else {
15559 16152 dtrace_enabling_destroy(enab);
15560 16153 }
15561 16154
15562 16155 mutex_exit(&cpu_lock);
15563 16156 mutex_exit(&dtrace_lock);
15564 16157 dtrace_dof_destroy(dof);
15565 16158
15566 16159 return (err);
15567 16160 }
15568 16161
15569 16162 case DTRACEIOC_REPLICATE: {
15570 16163 dtrace_repldesc_t desc;
15571 16164 dtrace_probedesc_t *match = &desc.dtrpd_match;
15572 16165 dtrace_probedesc_t *create = &desc.dtrpd_create;
15573 16166 int err;
15574 16167
15575 16168 if (copyin((void *)arg, &desc, sizeof (desc)) != 0)
15576 16169 return (EFAULT);
15577 16170
15578 16171 match->dtpd_provider[DTRACE_PROVNAMELEN - 1] = '\0';
15579 16172 match->dtpd_mod[DTRACE_MODNAMELEN - 1] = '\0';
15580 16173 match->dtpd_func[DTRACE_FUNCNAMELEN - 1] = '\0';
15581 16174 match->dtpd_name[DTRACE_NAMELEN - 1] = '\0';
15582 16175
15583 16176 create->dtpd_provider[DTRACE_PROVNAMELEN - 1] = '\0';
15584 16177 create->dtpd_mod[DTRACE_MODNAMELEN - 1] = '\0';
15585 16178 create->dtpd_func[DTRACE_FUNCNAMELEN - 1] = '\0';
15586 16179 create->dtpd_name[DTRACE_NAMELEN - 1] = '\0';
15587 16180
15588 16181 mutex_enter(&dtrace_lock);
15589 16182 err = dtrace_enabling_replicate(state, match, create);
15590 16183 mutex_exit(&dtrace_lock);
15591 16184
15592 16185 return (err);
15593 16186 }
15594 16187
15595 16188 case DTRACEIOC_PROBEMATCH:
15596 16189 case DTRACEIOC_PROBES: {
15597 16190 dtrace_probe_t *probe = NULL;
15598 16191 dtrace_probedesc_t desc;
15599 16192 dtrace_probekey_t pkey;
15600 16193 dtrace_id_t i;
15601 16194 int m = 0;
15602 16195 uint32_t priv;
15603 16196 uid_t uid;
15604 16197 zoneid_t zoneid;
15605 16198
15606 16199 if (copyin((void *)arg, &desc, sizeof (desc)) != 0)
15607 16200 return (EFAULT);
15608 16201
15609 16202 desc.dtpd_provider[DTRACE_PROVNAMELEN - 1] = '\0';
15610 16203 desc.dtpd_mod[DTRACE_MODNAMELEN - 1] = '\0';
15611 16204 desc.dtpd_func[DTRACE_FUNCNAMELEN - 1] = '\0';
15612 16205 desc.dtpd_name[DTRACE_NAMELEN - 1] = '\0';
15613 16206
15614 16207 /*
15615 16208 * Before we attempt to match this probe, we want to give
15616 16209 * all providers the opportunity to provide it.
15617 16210 */
15618 16211 if (desc.dtpd_id == DTRACE_IDNONE) {
15619 16212 mutex_enter(&dtrace_provider_lock);
15620 16213 dtrace_probe_provide(&desc, NULL);
15621 16214 mutex_exit(&dtrace_provider_lock);
15622 16215 desc.dtpd_id++;
15623 16216 }
15624 16217
15625 16218 if (cmd == DTRACEIOC_PROBEMATCH) {
15626 16219 dtrace_probekey(&desc, &pkey);
15627 16220 pkey.dtpk_id = DTRACE_IDNONE;
15628 16221 }
15629 16222
15630 16223 dtrace_cred2priv(cr, &priv, &uid, &zoneid);
15631 16224
15632 16225 mutex_enter(&dtrace_lock);
15633 16226
15634 16227 if (cmd == DTRACEIOC_PROBEMATCH) {
15635 16228 for (i = desc.dtpd_id; i <= dtrace_nprobes; i++) {
15636 16229 if ((probe = dtrace_probes[i - 1]) != NULL &&
15637 16230 (m = dtrace_match_probe(probe, &pkey,
15638 16231 priv, uid, zoneid)) != 0)
15639 16232 break;
15640 16233 }
15641 16234
15642 16235 if (m < 0) {
15643 16236 mutex_exit(&dtrace_lock);
15644 16237 return (EINVAL);
15645 16238 }
15646 16239
15647 16240 } else {
15648 16241 for (i = desc.dtpd_id; i <= dtrace_nprobes; i++) {
15649 16242 if ((probe = dtrace_probes[i - 1]) != NULL &&
15650 16243 dtrace_match_priv(probe, priv, uid, zoneid))
15651 16244 break;
15652 16245 }
15653 16246 }
15654 16247
15655 16248 if (probe == NULL) {
15656 16249 mutex_exit(&dtrace_lock);
15657 16250 return (ESRCH);
15658 16251 }
15659 16252
15660 16253 dtrace_probe_description(probe, &desc);
15661 16254 mutex_exit(&dtrace_lock);
15662 16255
15663 16256 if (copyout(&desc, (void *)arg, sizeof (desc)) != 0)
15664 16257 return (EFAULT);
15665 16258
15666 16259 return (0);
15667 16260 }
15668 16261
15669 16262 case DTRACEIOC_PROBEARG: {
15670 16263 dtrace_argdesc_t desc;
15671 16264 dtrace_probe_t *probe;
15672 16265 dtrace_provider_t *prov;
15673 16266
15674 16267 if (copyin((void *)arg, &desc, sizeof (desc)) != 0)
15675 16268 return (EFAULT);
15676 16269
15677 16270 if (desc.dtargd_id == DTRACE_IDNONE)
15678 16271 return (EINVAL);
15679 16272
15680 16273 if (desc.dtargd_ndx == DTRACE_ARGNONE)
15681 16274 return (EINVAL);
15682 16275
15683 16276 mutex_enter(&dtrace_provider_lock);
15684 16277 mutex_enter(&mod_lock);
15685 16278 mutex_enter(&dtrace_lock);
15686 16279
15687 16280 if (desc.dtargd_id > dtrace_nprobes) {
15688 16281 mutex_exit(&dtrace_lock);
15689 16282 mutex_exit(&mod_lock);
15690 16283 mutex_exit(&dtrace_provider_lock);
15691 16284 return (EINVAL);
15692 16285 }
15693 16286
15694 16287 if ((probe = dtrace_probes[desc.dtargd_id - 1]) == NULL) {
15695 16288 mutex_exit(&dtrace_lock);
15696 16289 mutex_exit(&mod_lock);
15697 16290 mutex_exit(&dtrace_provider_lock);
15698 16291 return (EINVAL);
15699 16292 }
15700 16293
15701 16294 mutex_exit(&dtrace_lock);
15702 16295
15703 16296 prov = probe->dtpr_provider;
15704 16297
15705 16298 if (prov->dtpv_pops.dtps_getargdesc == NULL) {
15706 16299 /*
15707 16300 * There isn't any typed information for this probe.
15708 16301 * Set the argument number to DTRACE_ARGNONE.
15709 16302 */
15710 16303 desc.dtargd_ndx = DTRACE_ARGNONE;
15711 16304 } else {
15712 16305 desc.dtargd_native[0] = '\0';
15713 16306 desc.dtargd_xlate[0] = '\0';
15714 16307 desc.dtargd_mapping = desc.dtargd_ndx;
15715 16308
15716 16309 prov->dtpv_pops.dtps_getargdesc(prov->dtpv_arg,
15717 16310 probe->dtpr_id, probe->dtpr_arg, &desc);
15718 16311 }
15719 16312
15720 16313 mutex_exit(&mod_lock);
15721 16314 mutex_exit(&dtrace_provider_lock);
15722 16315
15723 16316 if (copyout(&desc, (void *)arg, sizeof (desc)) != 0)
15724 16317 return (EFAULT);
15725 16318
15726 16319 return (0);
15727 16320 }
15728 16321
15729 16322 case DTRACEIOC_GO: {
15730 16323 processorid_t cpuid;
15731 16324 rval = dtrace_state_go(state, &cpuid);
15732 16325
15733 16326 if (rval != 0)
15734 16327 return (rval);
15735 16328
15736 16329 if (copyout(&cpuid, (void *)arg, sizeof (cpuid)) != 0)
15737 16330 return (EFAULT);
15738 16331
15739 16332 return (0);
15740 16333 }
15741 16334
15742 16335 case DTRACEIOC_STOP: {
15743 16336 processorid_t cpuid;
15744 16337
15745 16338 mutex_enter(&dtrace_lock);
15746 16339 rval = dtrace_state_stop(state, &cpuid);
15747 16340 mutex_exit(&dtrace_lock);
15748 16341
15749 16342 if (rval != 0)
15750 16343 return (rval);
15751 16344
15752 16345 if (copyout(&cpuid, (void *)arg, sizeof (cpuid)) != 0)
15753 16346 return (EFAULT);
15754 16347
15755 16348 return (0);
15756 16349 }
15757 16350
15758 16351 case DTRACEIOC_DOFGET: {
15759 16352 dof_hdr_t hdr, *dof;
15760 16353 uint64_t len;
15761 16354
15762 16355 if (copyin((void *)arg, &hdr, sizeof (hdr)) != 0)
15763 16356 return (EFAULT);
15764 16357
15765 16358 mutex_enter(&dtrace_lock);
15766 16359 dof = dtrace_dof_create(state);
15767 16360 mutex_exit(&dtrace_lock);
15768 16361
15769 16362 len = MIN(hdr.dofh_loadsz, dof->dofh_loadsz);
15770 16363 rval = copyout(dof, (void *)arg, len);
15771 16364 dtrace_dof_destroy(dof);
15772 16365
15773 16366 return (rval == 0 ? 0 : EFAULT);
15774 16367 }
15775 16368
15776 16369 case DTRACEIOC_AGGSNAP:
15777 16370 case DTRACEIOC_BUFSNAP: {
15778 16371 dtrace_bufdesc_t desc;
15779 16372 caddr_t cached;
15780 16373 dtrace_buffer_t *buf;
15781 16374
15782 16375 if (copyin((void *)arg, &desc, sizeof (desc)) != 0)
15783 16376 return (EFAULT);
15784 16377
15785 16378 if (desc.dtbd_cpu < 0 || desc.dtbd_cpu >= NCPU)
15786 16379 return (EINVAL);
15787 16380
15788 16381 mutex_enter(&dtrace_lock);
15789 16382
15790 16383 if (cmd == DTRACEIOC_BUFSNAP) {
15791 16384 buf = &state->dts_buffer[desc.dtbd_cpu];
15792 16385 } else {
15793 16386 buf = &state->dts_aggbuffer[desc.dtbd_cpu];
15794 16387 }
15795 16388
15796 16389 if (buf->dtb_flags & (DTRACEBUF_RING | DTRACEBUF_FILL)) {
15797 16390 size_t sz = buf->dtb_offset;
15798 16391
15799 16392 if (state->dts_activity != DTRACE_ACTIVITY_STOPPED) {
15800 16393 mutex_exit(&dtrace_lock);
15801 16394 return (EBUSY);
15802 16395 }
15803 16396
15804 16397 /*
15805 16398 * If this buffer has already been consumed, we're
15806 16399 * going to indicate that there's nothing left here
15807 16400 * to consume.
15808 16401 */
15809 16402 if (buf->dtb_flags & DTRACEBUF_CONSUMED) {
15810 16403 mutex_exit(&dtrace_lock);
15811 16404
15812 16405 desc.dtbd_size = 0;
15813 16406 desc.dtbd_drops = 0;
15814 16407 desc.dtbd_errors = 0;
15815 16408 desc.dtbd_oldest = 0;
15816 16409 sz = sizeof (desc);
15817 16410
15818 16411 if (copyout(&desc, (void *)arg, sz) != 0)
15819 16412 return (EFAULT);
15820 16413
15821 16414 return (0);
15822 16415 }
15823 16416
15824 16417 /*
15825 16418 * If this is a ring buffer that has wrapped, we want
15826 16419 * to copy the whole thing out.
15827 16420 */
15828 16421 if (buf->dtb_flags & DTRACEBUF_WRAPPED) {
15829 16422 dtrace_buffer_polish(buf);
15830 16423 sz = buf->dtb_size;
15831 16424 }
15832 16425
15833 16426 if (copyout(buf->dtb_tomax, desc.dtbd_data, sz) != 0) {
15834 16427 mutex_exit(&dtrace_lock);
15835 16428 return (EFAULT);
15836 16429 }
15837 16430
15838 16431 desc.dtbd_size = sz;
15839 16432 desc.dtbd_drops = buf->dtb_drops;
15840 16433 desc.dtbd_errors = buf->dtb_errors;
15841 16434 desc.dtbd_oldest = buf->dtb_xamot_offset;
15842 16435 desc.dtbd_timestamp = dtrace_gethrtime();
15843 16436
15844 16437 mutex_exit(&dtrace_lock);
15845 16438
15846 16439 if (copyout(&desc, (void *)arg, sizeof (desc)) != 0)
15847 16440 return (EFAULT);
15848 16441
15849 16442 buf->dtb_flags |= DTRACEBUF_CONSUMED;
15850 16443
15851 16444 return (0);
15852 16445 }
15853 16446
15854 16447 if (buf->dtb_tomax == NULL) {
15855 16448 ASSERT(buf->dtb_xamot == NULL);
15856 16449 mutex_exit(&dtrace_lock);
15857 16450 return (ENOENT);
15858 16451 }
15859 16452
15860 16453 cached = buf->dtb_tomax;
15861 16454 ASSERT(!(buf->dtb_flags & DTRACEBUF_NOSWITCH));
15862 16455
15863 16456 dtrace_xcall(desc.dtbd_cpu,
15864 16457 (dtrace_xcall_t)dtrace_buffer_switch, buf);
15865 16458
15866 16459 state->dts_errors += buf->dtb_xamot_errors;
15867 16460
15868 16461 /*
15869 16462 * If the buffers did not actually switch, then the cross call
15870 16463 * did not take place -- presumably because the given CPU is
15871 16464 * not in the ready set. If this is the case, we'll return
15872 16465 * ENOENT.
15873 16466 */
15874 16467 if (buf->dtb_tomax == cached) {
15875 16468 ASSERT(buf->dtb_xamot != cached);
15876 16469 mutex_exit(&dtrace_lock);
15877 16470 return (ENOENT);
15878 16471 }
15879 16472
15880 16473 ASSERT(cached == buf->dtb_xamot);
15881 16474
15882 16475 /*
15883 16476 * We have our snapshot; now copy it out.
15884 16477 */
15885 16478 if (copyout(buf->dtb_xamot, desc.dtbd_data,
15886 16479 buf->dtb_xamot_offset) != 0) {
15887 16480 mutex_exit(&dtrace_lock);
15888 16481 return (EFAULT);
15889 16482 }
15890 16483
15891 16484 desc.dtbd_size = buf->dtb_xamot_offset;
15892 16485 desc.dtbd_drops = buf->dtb_xamot_drops;
15893 16486 desc.dtbd_errors = buf->dtb_xamot_errors;
15894 16487 desc.dtbd_oldest = 0;
15895 16488 desc.dtbd_timestamp = buf->dtb_switched;
15896 16489
15897 16490 mutex_exit(&dtrace_lock);
15898 16491
15899 16492 /*
15900 16493 * Finally, copy out the buffer description.
15901 16494 */
15902 16495 if (copyout(&desc, (void *)arg, sizeof (desc)) != 0)
15903 16496 return (EFAULT);
15904 16497
15905 16498 return (0);
15906 16499 }
15907 16500
15908 16501 case DTRACEIOC_CONF: {
15909 16502 dtrace_conf_t conf;
15910 16503
15911 16504 bzero(&conf, sizeof (conf));
15912 16505 conf.dtc_difversion = DIF_VERSION;
15913 16506 conf.dtc_difintregs = DIF_DIR_NREGS;
15914 16507 conf.dtc_diftupregs = DIF_DTR_NREGS;
15915 16508 conf.dtc_ctfmodel = CTF_MODEL_NATIVE;
15916 16509
15917 16510 if (copyout(&conf, (void *)arg, sizeof (conf)) != 0)
15918 16511 return (EFAULT);
15919 16512
15920 16513 return (0);
15921 16514 }
15922 16515
15923 16516 case DTRACEIOC_STATUS: {
15924 16517 dtrace_status_t stat;
15925 16518 dtrace_dstate_t *dstate;
15926 16519 int i, j;
15927 16520 uint64_t nerrs;
15928 16521
15929 16522 /*
15930 16523 * See the comment in dtrace_state_deadman() for the reason
15931 16524 * for setting dts_laststatus to INT64_MAX before setting
15932 16525 * it to the correct value.
15933 16526 */
15934 16527 state->dts_laststatus = INT64_MAX;
15935 16528 dtrace_membar_producer();
15936 16529 state->dts_laststatus = dtrace_gethrtime();
15937 16530
15938 16531 bzero(&stat, sizeof (stat));
15939 16532
15940 16533 mutex_enter(&dtrace_lock);
15941 16534
15942 16535 if (state->dts_activity == DTRACE_ACTIVITY_INACTIVE) {
15943 16536 mutex_exit(&dtrace_lock);
15944 16537 return (ENOENT);
15945 16538 }
15946 16539
15947 16540 if (state->dts_activity == DTRACE_ACTIVITY_DRAINING)
15948 16541 stat.dtst_exiting = 1;
15949 16542
15950 16543 nerrs = state->dts_errors;
15951 16544 dstate = &state->dts_vstate.dtvs_dynvars;
15952 16545
15953 16546 for (i = 0; i < NCPU; i++) {
15954 16547 dtrace_dstate_percpu_t *dcpu = &dstate->dtds_percpu[i];
15955 16548
15956 16549 stat.dtst_dyndrops += dcpu->dtdsc_drops;
15957 16550 stat.dtst_dyndrops_dirty += dcpu->dtdsc_dirty_drops;
15958 16551 stat.dtst_dyndrops_rinsing += dcpu->dtdsc_rinsing_drops;
15959 16552
15960 16553 if (state->dts_buffer[i].dtb_flags & DTRACEBUF_FULL)
15961 16554 stat.dtst_filled++;
15962 16555
15963 16556 nerrs += state->dts_buffer[i].dtb_errors;
15964 16557
15965 16558 for (j = 0; j < state->dts_nspeculations; j++) {
15966 16559 dtrace_speculation_t *spec;
15967 16560 dtrace_buffer_t *buf;
15968 16561
15969 16562 spec = &state->dts_speculations[j];
15970 16563 buf = &spec->dtsp_buffer[i];
15971 16564 stat.dtst_specdrops += buf->dtb_xamot_drops;
15972 16565 }
15973 16566 }
15974 16567
15975 16568 stat.dtst_specdrops_busy = state->dts_speculations_busy;
15976 16569 stat.dtst_specdrops_unavail = state->dts_speculations_unavail;
15977 16570 stat.dtst_stkstroverflows = state->dts_stkstroverflows;
15978 16571 stat.dtst_dblerrors = state->dts_dblerrors;
15979 16572 stat.dtst_killed =
15980 16573 (state->dts_activity == DTRACE_ACTIVITY_KILLED);
15981 16574 stat.dtst_errors = nerrs;
15982 16575
15983 16576 mutex_exit(&dtrace_lock);
15984 16577
15985 16578 if (copyout(&stat, (void *)arg, sizeof (stat)) != 0)
15986 16579 return (EFAULT);
15987 16580
15988 16581 return (0);
15989 16582 }
15990 16583
15991 16584 case DTRACEIOC_FORMAT: {
15992 16585 dtrace_fmtdesc_t fmt;
15993 16586 char *str;
15994 16587 int len;
15995 16588
15996 16589 if (copyin((void *)arg, &fmt, sizeof (fmt)) != 0)
15997 16590 return (EFAULT);
15998 16591
15999 16592 mutex_enter(&dtrace_lock);
16000 16593
16001 16594 if (fmt.dtfd_format == 0 ||
16002 16595 fmt.dtfd_format > state->dts_nformats) {
16003 16596 mutex_exit(&dtrace_lock);
16004 16597 return (EINVAL);
16005 16598 }
16006 16599
16007 16600 /*
16008 16601 * Format strings are allocated contiguously and they are
16009 16602 * never freed; if a format index is less than the number
16010 16603 * of formats, we can assert that the format map is non-NULL
16011 16604 * and that the format for the specified index is non-NULL.
16012 16605 */
16013 16606 ASSERT(state->dts_formats != NULL);
16014 16607 str = state->dts_formats[fmt.dtfd_format - 1];
16015 16608 ASSERT(str != NULL);
16016 16609
16017 16610 len = strlen(str) + 1;
16018 16611
16019 16612 if (len > fmt.dtfd_length) {
16020 16613 fmt.dtfd_length = len;
16021 16614
16022 16615 if (copyout(&fmt, (void *)arg, sizeof (fmt)) != 0) {
16023 16616 mutex_exit(&dtrace_lock);
16024 16617 return (EINVAL);
16025 16618 }
16026 16619 } else {
16027 16620 if (copyout(str, fmt.dtfd_string, len) != 0) {
16028 16621 mutex_exit(&dtrace_lock);
16029 16622 return (EINVAL);
16030 16623 }
16031 16624 }
16032 16625
16033 16626 mutex_exit(&dtrace_lock);
16034 16627 return (0);
16035 16628 }
16036 16629
16037 16630 default:
16038 16631 break;
16039 16632 }
16040 16633
16041 16634 return (ENOTTY);
16042 16635 }
16043 16636
16044 16637 /*ARGSUSED*/
16045 16638 static int
16046 16639 dtrace_detach(dev_info_t *dip, ddi_detach_cmd_t cmd)
16047 16640 {
16048 16641 dtrace_state_t *state;
16049 16642
16050 16643 switch (cmd) {
16051 16644 case DDI_DETACH:
16052 16645 break;
16053 16646
16054 16647 case DDI_SUSPEND:
16055 16648 return (DDI_SUCCESS);
16056 16649
16057 16650 default:
16058 16651 return (DDI_FAILURE);
16059 16652 }
16060 16653
16061 16654 mutex_enter(&cpu_lock);
16062 16655 mutex_enter(&dtrace_provider_lock);
16063 16656 mutex_enter(&dtrace_lock);
16064 16657
16065 16658 ASSERT(dtrace_opens == 0);
16066 16659
16067 16660 if (dtrace_helpers > 0) {
16068 16661 mutex_exit(&dtrace_provider_lock);
16069 16662 mutex_exit(&dtrace_lock);
16070 16663 mutex_exit(&cpu_lock);
16071 16664 return (DDI_FAILURE);
16072 16665 }
16073 16666
16074 16667 if (dtrace_unregister((dtrace_provider_id_t)dtrace_provider) != 0) {
16075 16668 mutex_exit(&dtrace_provider_lock);
16076 16669 mutex_exit(&dtrace_lock);
16077 16670 mutex_exit(&cpu_lock);
16078 16671 return (DDI_FAILURE);
16079 16672 }
16080 16673
16081 16674 dtrace_provider = NULL;
16082 16675
16083 16676 if ((state = dtrace_anon_grab()) != NULL) {
16084 16677 /*
16085 16678 * If there were ECBs on this state, the provider should
16086 16679 * have not been allowed to detach; assert that there is
16087 16680 * none.
16088 16681 */
16089 16682 ASSERT(state->dts_necbs == 0);
16090 16683 dtrace_state_destroy(state);
16091 16684
16092 16685 /*
16093 16686 * If we're being detached with anonymous state, we need to
16094 16687 * indicate to the kernel debugger that DTrace is now inactive.
16095 16688 */
16096 16689 (void) kdi_dtrace_set(KDI_DTSET_DTRACE_DEACTIVATE);
16097 16690 }
16098 16691
16099 16692 bzero(&dtrace_anon, sizeof (dtrace_anon_t));
16100 16693 unregister_cpu_setup_func((cpu_setup_func_t *)dtrace_cpu_setup, NULL);
16101 16694 dtrace_cpu_init = NULL;
16102 16695 dtrace_helpers_cleanup = NULL;
16103 16696 dtrace_helpers_fork = NULL;
16104 16697 dtrace_cpustart_init = NULL;
16105 16698 dtrace_cpustart_fini = NULL;
16106 16699 dtrace_debugger_init = NULL;
16107 16700 dtrace_debugger_fini = NULL;
16108 16701 dtrace_modload = NULL;
16109 16702 dtrace_modunload = NULL;
16110 16703
16111 16704 ASSERT(dtrace_getf == 0);
16112 16705 ASSERT(dtrace_closef == NULL);
16113 16706
16114 16707 mutex_exit(&cpu_lock);
16115 16708
16116 16709 if (dtrace_helptrace_enabled) {
16117 16710 kmem_free(dtrace_helptrace_buffer, dtrace_helptrace_bufsize);
16118 16711 dtrace_helptrace_buffer = NULL;
16119 16712 }
16120 16713
16121 16714 kmem_free(dtrace_probes, dtrace_nprobes * sizeof (dtrace_probe_t *));
16122 16715 dtrace_probes = NULL;
16123 16716 dtrace_nprobes = 0;
16124 16717
16125 16718 dtrace_hash_destroy(dtrace_bymod);
16126 16719 dtrace_hash_destroy(dtrace_byfunc);
16127 16720 dtrace_hash_destroy(dtrace_byname);
16128 16721 dtrace_bymod = NULL;
16129 16722 dtrace_byfunc = NULL;
16130 16723 dtrace_byname = NULL;
16131 16724
16132 16725 kmem_cache_destroy(dtrace_state_cache);
16133 16726 vmem_destroy(dtrace_minor);
16134 16727 vmem_destroy(dtrace_arena);
16135 16728
16136 16729 if (dtrace_toxrange != NULL) {
16137 16730 kmem_free(dtrace_toxrange,
16138 16731 dtrace_toxranges_max * sizeof (dtrace_toxrange_t));
16139 16732 dtrace_toxrange = NULL;
16140 16733 dtrace_toxranges = 0;
16141 16734 dtrace_toxranges_max = 0;
16142 16735 }
16143 16736
16144 16737 ddi_remove_minor_node(dtrace_devi, NULL);
16145 16738 dtrace_devi = NULL;
16146 16739
16147 16740 ddi_soft_state_fini(&dtrace_softstate);
16148 16741
16149 16742 ASSERT(dtrace_vtime_references == 0);
16150 16743 ASSERT(dtrace_opens == 0);
16151 16744 ASSERT(dtrace_retained == NULL);
16152 16745
16153 16746 mutex_exit(&dtrace_lock);
16154 16747 mutex_exit(&dtrace_provider_lock);
16155 16748
16156 16749 /*
16157 16750 * We don't destroy the task queue until after we have dropped our
16158 16751 * locks (taskq_destroy() may block on running tasks). To prevent
16159 16752 * attempting to do work after we have effectively detached but before
16160 16753 * the task queue has been destroyed, all tasks dispatched via the
16161 16754 * task queue must check that DTrace is still attached before
16162 16755 * performing any operation.
16163 16756 */
16164 16757 taskq_destroy(dtrace_taskq);
16165 16758 dtrace_taskq = NULL;
16166 16759
16167 16760 return (DDI_SUCCESS);
16168 16761 }
16169 16762
16170 16763 /*ARGSUSED*/
16171 16764 static int
16172 16765 dtrace_info(dev_info_t *dip, ddi_info_cmd_t infocmd, void *arg, void **result)
16173 16766 {
16174 16767 int error;
16175 16768
16176 16769 switch (infocmd) {
16177 16770 case DDI_INFO_DEVT2DEVINFO:
16178 16771 *result = (void *)dtrace_devi;
16179 16772 error = DDI_SUCCESS;
16180 16773 break;
16181 16774 case DDI_INFO_DEVT2INSTANCE:
16182 16775 *result = (void *)0;
16183 16776 error = DDI_SUCCESS;
16184 16777 break;
16185 16778 default:
16186 16779 error = DDI_FAILURE;
16187 16780 }
16188 16781 return (error);
16189 16782 }
16190 16783
16191 16784 static struct cb_ops dtrace_cb_ops = {
16192 16785 dtrace_open, /* open */
16193 16786 dtrace_close, /* close */
16194 16787 nulldev, /* strategy */
16195 16788 nulldev, /* print */
16196 16789 nodev, /* dump */
16197 16790 nodev, /* read */
16198 16791 nodev, /* write */
16199 16792 dtrace_ioctl, /* ioctl */
16200 16793 nodev, /* devmap */
16201 16794 nodev, /* mmap */
16202 16795 nodev, /* segmap */
16203 16796 nochpoll, /* poll */
16204 16797 ddi_prop_op, /* cb_prop_op */
16205 16798 0, /* streamtab */
16206 16799 D_NEW | D_MP /* Driver compatibility flag */
16207 16800 };
16208 16801
16209 16802 static struct dev_ops dtrace_ops = {
16210 16803 DEVO_REV, /* devo_rev */
16211 16804 0, /* refcnt */
16212 16805 dtrace_info, /* get_dev_info */
16213 16806 nulldev, /* identify */
16214 16807 nulldev, /* probe */
16215 16808 dtrace_attach, /* attach */
16216 16809 dtrace_detach, /* detach */
16217 16810 nodev, /* reset */
16218 16811 &dtrace_cb_ops, /* driver operations */
16219 16812 NULL, /* bus operations */
16220 16813 nodev, /* dev power */
16221 16814 ddi_quiesce_not_needed, /* quiesce */
16222 16815 };
16223 16816
16224 16817 static struct modldrv modldrv = {
16225 16818 &mod_driverops, /* module type (this is a pseudo driver) */
16226 16819 "Dynamic Tracing", /* name of module */
16227 16820 &dtrace_ops, /* driver ops */
16228 16821 };
16229 16822
16230 16823 static struct modlinkage modlinkage = {
16231 16824 MODREV_1,
16232 16825 (void *)&modldrv,
16233 16826 NULL
16234 16827 };
16235 16828
16236 16829 int
16237 16830 _init(void)
16238 16831 {
16239 16832 return (mod_install(&modlinkage));
16240 16833 }
16241 16834
16242 16835 int
16243 16836 _info(struct modinfo *modinfop)
16244 16837 {
16245 16838 return (mod_info(&modlinkage, modinfop));
16246 16839 }
16247 16840
16248 16841 int
16249 16842 _fini(void)
16250 16843 {
16251 16844 return (mod_remove(&modlinkage));
16252 16845 }
|
↓ open down ↓ |
7378 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX