1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * trace_events_inject - trace event injection 4 * 5 * Copyright (C) 2019 Cong Wang <cwang@twitter.com> 6 */ 7 8 #include <linux/module.h> 9 #include <linux/ctype.h> 10 #include <linux/mutex.h> 11 #include <linux/slab.h> 12 #include <linux/rculist.h> 13 14 #include "trace.h" 15 16 static int 17 trace_inject_entry(struct trace_event_file *file, void *rec, int len) 18 { 19 struct trace_event_buffer fbuffer; 20 int written = 0; 21 void *entry; 22 23 rcu_read_lock_sched(); 24 entry = trace_event_buffer_reserve(&fbuffer, file, len); 25 if (entry) { 26 memcpy(entry, rec, len); 27 written = len; 28 trace_event_buffer_commit(&fbuffer); 29 } 30 rcu_read_unlock_sched(); 31 32 return written; 33 } 34 35 static int 36 parse_field(char *str, struct trace_event_call *call, 37 struct ftrace_event_field **pf, u64 *pv) 38 { 39 struct ftrace_event_field *field; 40 char *field_name; 41 int s, i = 0; 42 int len; 43 u64 val; 44 45 if (!str[i]) 46 return 0; 47 /* First find the field to associate to */ 48 while (isspace(str[i])) 49 i++; 50 s = i; 51 while (isalnum(str[i]) || str[i] == '_') 52 i++; 53 len = i - s; 54 if (!len) 55 return -EINVAL; 56 57 field_name = kmemdup_nul(str + s, len, GFP_KERNEL); 58 if (!field_name) 59 return -ENOMEM; 60 field = trace_find_event_field(call, field_name); 61 kfree(field_name); 62 if (!field) 63 return -ENOENT; 64 65 *pf = field; 66 while (isspace(str[i])) 67 i++; 68 if (str[i] != '=') 69 return -EINVAL; 70 i++; 71 while (isspace(str[i])) 72 i++; 73 s = i; 74 if (isdigit(str[i]) || str[i] == '-') { 75 char *num, c; 76 int ret; 77 78 /* Make sure the field is not a string */ 79 if (is_string_field(field)) 80 return -EINVAL; 81 82 if (str[i] == '-') 83 i++; 84 85 /* We allow 0xDEADBEEF */ 86 while (isalnum(str[i])) 87 i++; 88 num = str + s; 89 c = str[i]; 90 if (c != '\0' && !isspace(c)) 91 return -EINVAL; 92 str[i] = '\0'; 93 /* Make sure it is a value */ 94 if (field->is_signed) 95 ret = kstrtoll(num, 0, &val); 96 else 97 ret = kstrtoull(num, 0, &val); 98 str[i] = c; 99 if (ret) 100 return ret; 101 102 *pv = val; 103 return i; 104 } else if (str[i] == '\'' || str[i] == '"') { 105 char q = str[i]; 106 107 /* Make sure the field is OK for strings */ 108 if (!is_string_field(field)) 109 return -EINVAL; 110 111 for (i++; str[i]; i++) { 112 if (str[i] == '\\' && str[i + 1]) { 113 i++; 114 continue; 115 } 116 if (str[i] == q) 117 break; 118 } 119 if (!str[i]) 120 return -EINVAL; 121 122 /* Skip quotes */ 123 s++; 124 len = i - s; 125 if (len >= MAX_FILTER_STR_VAL) 126 return -EINVAL; 127 128 *pv = (unsigned long)(str + s); 129 str[i] = 0; 130 /* go past the last quote */ 131 i++; 132 return i; 133 } 134 135 return -EINVAL; 136 } 137 138 static int trace_get_entry_size(struct trace_event_call *call) 139 { 140 struct ftrace_event_field *field; 141 struct list_head *head; 142 int size = 0; 143 144 head = trace_get_fields(call); 145 list_for_each_entry(field, head, link) { 146 if (field->size + field->offset > size) 147 size = field->size + field->offset; 148 } 149 150 return size; 151 } 152 153 static void *trace_alloc_entry(struct trace_event_call *call, int *size) 154 { 155 int entry_size = trace_get_entry_size(call); 156 struct ftrace_event_field *field; 157 struct list_head *head; 158 void *entry = NULL; 159 160 /* We need an extra '\0' at the end. */ 161 entry = kzalloc(entry_size + 1, GFP_KERNEL); 162 if (!entry) 163 return NULL; 164 165 head = trace_get_fields(call); 166 list_for_each_entry(field, head, link) { 167 if (!is_string_field(field)) 168 continue; 169 if (field->filter_type == FILTER_STATIC_STRING) 170 continue; 171 if (field->filter_type == FILTER_DYN_STRING || 172 field->filter_type == FILTER_RDYN_STRING) { 173 u32 *str_item; 174 int str_loc = entry_size & 0xffff; 175 176 if (field->filter_type == FILTER_RDYN_STRING) 177 str_loc -= field->offset + field->size; 178 179 str_item = (u32 *)(entry + field->offset); 180 *str_item = str_loc; /* string length is 0. */ 181 } else { 182 char **paddr; 183 184 paddr = (char **)(entry + field->offset); 185 *paddr = ""; 186 } 187 } 188 189 *size = entry_size + 1; 190 return entry; 191 } 192 193 #define INJECT_STRING "STATIC STRING CAN NOT BE INJECTED" 194 195 /* Caller is responsible to free the *pentry. */ 196 static int parse_entry(char *str, struct trace_event_call *call, void **pentry) 197 { 198 struct ftrace_event_field *field; 199 void *entry = NULL; 200 int entry_size; 201 u64 val = 0; 202 int len; 203 204 entry = trace_alloc_entry(call, &entry_size); 205 *pentry = entry; 206 if (!entry) 207 return -ENOMEM; 208 209 tracing_generic_entry_update(entry, call->event.type, 210 tracing_gen_ctx()); 211 212 while ((len = parse_field(str, call, &field, &val)) > 0) { 213 if (is_function_field(field)) 214 return -EINVAL; 215 216 if (is_string_field(field)) { 217 char *addr = (char *)(unsigned long) val; 218 219 if (field->filter_type == FILTER_STATIC_STRING) { 220 strscpy(entry + field->offset, addr, field->size); 221 } else if (field->filter_type == FILTER_DYN_STRING || 222 field->filter_type == FILTER_RDYN_STRING) { 223 int str_len = strlen(addr) + 1; 224 int str_loc = entry_size & 0xffff; 225 u32 *str_item; 226 227 entry_size += str_len; 228 *pentry = krealloc(entry, entry_size, GFP_KERNEL); 229 if (!*pentry) { 230 kfree(entry); 231 return -ENOMEM; 232 } 233 entry = *pentry; 234 235 strscpy(entry + (entry_size - str_len), addr, str_len); 236 str_item = (u32 *)(entry + field->offset); 237 if (field->filter_type == FILTER_RDYN_STRING) 238 str_loc -= field->offset + field->size; 239 *str_item = (str_len << 16) | str_loc; 240 } else { 241 char **paddr; 242 243 paddr = (char **)(entry + field->offset); 244 *paddr = INJECT_STRING; 245 } 246 } else { 247 switch (field->size) { 248 case 1: { 249 u8 tmp = (u8) val; 250 251 memcpy(entry + field->offset, &tmp, 1); 252 break; 253 } 254 case 2: { 255 u16 tmp = (u16) val; 256 257 memcpy(entry + field->offset, &tmp, 2); 258 break; 259 } 260 case 4: { 261 u32 tmp = (u32) val; 262 263 memcpy(entry + field->offset, &tmp, 4); 264 break; 265 } 266 case 8: 267 memcpy(entry + field->offset, &val, 8); 268 break; 269 default: 270 return -EINVAL; 271 } 272 } 273 274 str += len; 275 } 276 277 if (len < 0) 278 return len; 279 280 return entry_size; 281 } 282 283 static ssize_t 284 event_inject_write(struct file *filp, const char __user *ubuf, size_t cnt, 285 loff_t *ppos) 286 { 287 struct trace_event_call *call; 288 struct trace_event_file *file; 289 int err = -ENODEV, size; 290 void *entry = NULL; 291 char *buf; 292 293 if (cnt >= PAGE_SIZE) 294 return -EINVAL; 295 296 buf = memdup_user_nul(ubuf, cnt); 297 if (IS_ERR(buf)) 298 return PTR_ERR(buf); 299 strim(buf); 300 301 mutex_lock(&event_mutex); 302 file = event_file_file(filp); 303 if (file) { 304 call = file->event_call; 305 size = parse_entry(buf, call, &entry); 306 if (size < 0) 307 err = size; 308 else 309 err = trace_inject_entry(file, entry, size); 310 } 311 mutex_unlock(&event_mutex); 312 313 kfree(entry); 314 kfree(buf); 315 316 if (err < 0) 317 return err; 318 319 *ppos += err; 320 return cnt; 321 } 322 323 static ssize_t 324 event_inject_read(struct file *file, char __user *buf, size_t size, 325 loff_t *ppos) 326 { 327 return -EPERM; 328 } 329 330 const struct file_operations event_inject_fops = { 331 .open = tracing_open_file_tr, 332 .read = event_inject_read, 333 .write = event_inject_write, 334 .release = tracing_release_file_tr, 335 }; 336