1 /*
2  * cn_proc.h - process events connector
3  *
4  * Copyright (C) Matt Helsley, IBM Corp. 2005
5  * Based on cn_fork.h by Nguyen Anh Quynh and Guillaume Thouvenin
6  * Copyright (C) 2005 Nguyen Anh Quynh <aquynh@gmail.com>
7  * Copyright (C) 2005 Guillaume Thouvenin <guillaume.thouvenin@bull.net>
8  *
9  * This program is free software; you can redistribute it and/or modify it
10  * under the terms of version 2.1 of the GNU Lesser General Public License
11  * as published by the Free Software Foundation.
12  *
13  * This program is distributed in the hope that it would be useful, but
14  * WITHOUT ANY WARRANTY; without even the implied warranty of
15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
16  */
17 
18 #ifndef CN_PROC_H
19 #define CN_PROC_H
20 
21 #include <linux/types.h>
22 
23 /*
24  * Userspace sends this enum to register with the kernel that it is listening
25  * for events on the connector.
26  */
27 enum proc_cn_mcast_op {
28 	PROC_CN_MCAST_LISTEN = 1,
29 	PROC_CN_MCAST_IGNORE = 2
30 };
31 
32 /*
33  * From the user's point of view, the process
34  * ID is the thread group ID and thread ID is the internal
35  * kernel "pid". So, fields are assigned as follow:
36  *
37  *  In user space     -  In  kernel space
38  *
39  * parent process ID  =  parent->tgid
40  * parent thread  ID  =  parent->pid
41  * child  process ID  =  child->tgid
42  * child  thread  ID  =  child->pid
43  */
44 
45 struct proc_event {
46 	enum what {
47 		/* Use successive bits so the enums can be used to record
48 		 * sets of events as well
49 		 */
50 		PROC_EVENT_NONE = 0x00000000,
51 		PROC_EVENT_FORK = 0x00000001,
52 		PROC_EVENT_EXEC = 0x00000002,
53 		PROC_EVENT_UID  = 0x00000004,
54 		PROC_EVENT_GID  = 0x00000040,
55 		PROC_EVENT_SID  = 0x00000080,
56 		PROC_EVENT_PTRACE = 0x00000100,
57 		PROC_EVENT_COMM = 0x00000200,
58 		/* "next" should be 0x00000400 */
59 		/* "last" is the last process event: exit */
60 		PROC_EVENT_EXIT = 0x80000000
61 	} what;
62 	__u32 cpu;
63 	__u64 __attribute__((aligned(8))) timestamp_ns;
64 		/* Number of nano seconds since system boot */
65 	union { /* must be last field of proc_event struct */
66 		struct {
67 			__u32 err;
68 		} ack;
69 
70 		struct fork_proc_event {
71 			__kernel_pid_t parent_pid;
72 			__kernel_pid_t parent_tgid;
73 			__kernel_pid_t child_pid;
74 			__kernel_pid_t child_tgid;
75 		} fork;
76 
77 		struct exec_proc_event {
78 			__kernel_pid_t process_pid;
79 			__kernel_pid_t process_tgid;
80 		} exec;
81 
82 		struct id_proc_event {
83 			__kernel_pid_t process_pid;
84 			__kernel_pid_t process_tgid;
85 			union {
86 				__u32 ruid; /* task uid */
87 				__u32 rgid; /* task gid */
88 			} r;
89 			union {
90 				__u32 euid;
91 				__u32 egid;
92 			} e;
93 		} id;
94 
95 		struct sid_proc_event {
96 			__kernel_pid_t process_pid;
97 			__kernel_pid_t process_tgid;
98 		} sid;
99 
100 		struct ptrace_proc_event {
101 			__kernel_pid_t process_pid;
102 			__kernel_pid_t process_tgid;
103 			__kernel_pid_t tracer_pid;
104 			__kernel_pid_t tracer_tgid;
105 		} ptrace;
106 
107 		struct comm_proc_event {
108 			__kernel_pid_t process_pid;
109 			__kernel_pid_t process_tgid;
110 			char           comm[16];
111 		} comm;
112 
113 		struct exit_proc_event {
114 			__kernel_pid_t process_pid;
115 			__kernel_pid_t process_tgid;
116 			__u32 exit_code, exit_signal;
117 		} exit;
118 	} event_data;
119 };
120 
121 #ifdef __KERNEL__
122 #ifdef CONFIG_PROC_EVENTS
123 void proc_fork_connector(struct task_struct *task);
124 void proc_exec_connector(struct task_struct *task);
125 void proc_id_connector(struct task_struct *task, int which_id);
126 void proc_sid_connector(struct task_struct *task);
127 void proc_ptrace_connector(struct task_struct *task, int which_id);
128 void proc_comm_connector(struct task_struct *task);
129 void proc_exit_connector(struct task_struct *task);
130 #else
proc_fork_connector(struct task_struct * task)131 static inline void proc_fork_connector(struct task_struct *task)
132 {}
133 
proc_exec_connector(struct task_struct * task)134 static inline void proc_exec_connector(struct task_struct *task)
135 {}
136 
proc_id_connector(struct task_struct * task,int which_id)137 static inline void proc_id_connector(struct task_struct *task,
138 				     int which_id)
139 {}
140 
proc_sid_connector(struct task_struct * task)141 static inline void proc_sid_connector(struct task_struct *task)
142 {}
143 
proc_comm_connector(struct task_struct * task)144 static inline void proc_comm_connector(struct task_struct *task)
145 {}
146 
proc_ptrace_connector(struct task_struct * task,int ptrace_id)147 static inline void proc_ptrace_connector(struct task_struct *task,
148 					 int ptrace_id)
149 {}
150 
proc_exit_connector(struct task_struct * task)151 static inline void proc_exit_connector(struct task_struct *task)
152 {}
153 #endif	/* CONFIG_PROC_EVENTS */
154 #endif	/* __KERNEL__ */
155 #endif	/* CN_PROC_H */
156