lttng: syscall instrumentation

x86-32 and x86-64 system call instrumentation, along with the
lttng-syscalls-generate-headers.sh script that generates the headers
from the system call list. See README for details.

Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

drivers/staging/lttng/instrumentation/syscalls/README

@@ -0,0 +1,18 @@
+LTTng system call tracing
+
+1) lttng-syscall-extractor
+
+You need to build a kernel with CONFIG_FTRACE_SYSCALLS=y and
+CONFIG_KALLSYMS_ALL=y for extraction. Apply the linker patch to get your
+kernel to keep the system call metadata after boot.  Then build and load
+the LTTng syscall extractor module. The module will fail to load (this
+is expected). See the dmesg output for system call metadata.
+
+2) Generate system call TRACE_EVENT().
+
+Take the dmesg metadata and feed it to lttng-syscalls-generate-headers.sh, e.g.,
+from the instrumentation/syscalls directory. See the script header for
+usage example.
+
+After these are created, we just need to follow the new system call additions,
+no need to regenerate the whole thing, since system calls are only appended to.

drivers/staging/lttng/instrumentation/syscalls/headers/compat_syscalls_integers.h

@@ -0,0 +1,3 @@
+#ifdef CONFIG_X86_64
+#include "x86-32-syscalls-3.1.0-rc6_integers.h"
+#endif

drivers/staging/lttng/instrumentation/syscalls/headers/compat_syscalls_pointers.h

@@ -0,0 +1,3 @@
+#ifdef CONFIG_X86_64
+#include "x86-32-syscalls-3.1.0-rc6_pointers.h"
+#endif

drivers/staging/lttng/instrumentation/syscalls/headers/syscalls_integers.h

@@ -0,0 +1,7 @@
+#ifdef CONFIG_X86_64
+#include "x86-64-syscalls-3.0.4_integers.h"
+#endif
+
+#ifdef CONFIG_X86_32
+#include "x86-32-syscalls-3.1.0-rc6_integers.h"
+#endif

drivers/staging/lttng/instrumentation/syscalls/headers/syscalls_integers_override.h

@@ -0,0 +1,14 @@
+#define OVERRIDE_32_sys_mmap
+#define OVERRIDE_64_sys_mmap
+
+#ifndef CREATE_SYSCALL_TABLE
+
+SC_TRACE_EVENT(sys_mmap,
+	TP_PROTO(unsigned long addr, unsigned long len, unsigned long prot, unsigned long flags, unsigned long fd, unsigned long off),
+	TP_ARGS(addr, len, prot, flags, fd, off),
+	TP_STRUCT__entry(__field_hex(unsigned long, addr) __field(size_t, len) __field(int, prot) __field(int, flags) __field(int, fd) __field(off_t, offset)),
+	TP_fast_assign(tp_assign(addr, addr) tp_assign(len, len) tp_assign(prot, prot) tp_assign(flags, flags) tp_assign(fd, fd) tp_assign(offset, off)),
+	TP_printk()
+)
+
+#endif /* CREATE_SYSCALL_TABLE */

drivers/staging/lttng/instrumentation/syscalls/headers/syscalls_pointers.h

@@ -0,0 +1,7 @@
+#ifdef CONFIG_X86_64
+#include "x86-64-syscalls-3.0.4_pointers.h"
+#endif
+
+#ifdef CONFIG_X86_32
+#include "x86-32-syscalls-3.1.0-rc6_pointers.h"
+#endif

drivers/staging/lttng/instrumentation/syscalls/headers/syscalls_pointers_override.h

@@ -0,0 +1,4 @@
+/*
+ * This is a place-holder for override defines for system calls with
+ * pointers (all architectures).
+ */

drivers/staging/lttng/instrumentation/syscalls/headers/syscalls_unknown.h

@@ -0,0 +1,55 @@
+#if !defined(_TRACE_SYSCALLS_UNKNOWN_H) || defined(TRACE_HEADER_MULTI_READ)
+#define _TRACE_SYSCALLS_UNKNOWN_H
+
+#include <linux/tracepoint.h>
+#include <linux/syscalls.h>
+
+#define UNKNOWN_SYSCALL_NRARGS	6
+
+TRACE_EVENT(sys_unknown,
+	TP_PROTO(unsigned int id, unsigned long *args),
+	TP_ARGS(id, args),
+	TP_STRUCT__entry(
+		__field(unsigned int, id)
+		__array(unsigned long, args, UNKNOWN_SYSCALL_NRARGS)
+	),
+	TP_fast_assign(
+		tp_assign(id, id)
+		tp_memcpy(args, args, UNKNOWN_SYSCALL_NRARGS * sizeof(*args))
+	),
+	TP_printk()
+)
+TRACE_EVENT(compat_sys_unknown,
+	TP_PROTO(unsigned int id, unsigned long *args),
+	TP_ARGS(id, args),
+	TP_STRUCT__entry(
+		__field(unsigned int, id)
+		__array(unsigned long, args, UNKNOWN_SYSCALL_NRARGS)
+	),
+	TP_fast_assign(
+		tp_assign(id, id)
+		tp_memcpy(args, args, UNKNOWN_SYSCALL_NRARGS * sizeof(*args))
+	),
+	TP_printk()
+)
+/* 
+ * This is going to hook on sys_exit in the kernel.
+ * We change the name so we don't clash with the sys_exit syscall entry
+ * event.
+ */
+TRACE_EVENT(exit_syscall,
+	TP_PROTO(struct pt_regs *regs, long ret),
+	TP_ARGS(regs, ret),
+	TP_STRUCT__entry(
+		__field(long, ret)
+	),
+	TP_fast_assign(
+		tp_assign(ret, ret)
+	),
+	TP_printk()
+)
+
+#endif /*  _TRACE_SYSCALLS_UNKNOWN_H */
+
+/* This part must be outside protection */
+#include "../../../probes/define_trace.h"