1e2be04c7SGreg Kroah-Hartman /* SPDX-License-Identifier: LGPL-2.1 WITH Linux-syscall-note */
2607ca46eSDavid Howells /*
3607ca46eSDavid Howells * cn_proc.h - process events connector
4607ca46eSDavid Howells *
5607ca46eSDavid Howells * Copyright (C) Matt Helsley, IBM Corp. 2005
6607ca46eSDavid Howells * Based on cn_fork.h by Nguyen Anh Quynh and Guillaume Thouvenin
7607ca46eSDavid Howells * Copyright (C) 2005 Nguyen Anh Quynh <aquynh@gmail.com>
8607ca46eSDavid Howells * Copyright (C) 2005 Guillaume Thouvenin <guillaume.thouvenin@bull.net>
9607ca46eSDavid Howells *
10607ca46eSDavid Howells * This program is free software; you can redistribute it and/or modify it
11607ca46eSDavid Howells * under the terms of version 2.1 of the GNU Lesser General Public License
12607ca46eSDavid Howells * as published by the Free Software Foundation.
13607ca46eSDavid Howells *
14607ca46eSDavid Howells * This program is distributed in the hope that it would be useful, but
15607ca46eSDavid Howells * WITHOUT ANY WARRANTY; without even the implied warranty of
16607ca46eSDavid Howells * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
17607ca46eSDavid Howells */
18607ca46eSDavid Howells
19607ca46eSDavid Howells #ifndef _UAPICN_PROC_H
20607ca46eSDavid Howells #define _UAPICN_PROC_H
21607ca46eSDavid Howells
22607ca46eSDavid Howells #include <linux/types.h>
23607ca46eSDavid Howells
24607ca46eSDavid Howells /*
25607ca46eSDavid Howells * Userspace sends this enum to register with the kernel that it is listening
26607ca46eSDavid Howells * for events on the connector.
27607ca46eSDavid Howells */
28607ca46eSDavid Howells enum proc_cn_mcast_op {
29607ca46eSDavid Howells PROC_CN_MCAST_LISTEN = 1,
30607ca46eSDavid Howells PROC_CN_MCAST_IGNORE = 2
31607ca46eSDavid Howells };
32607ca46eSDavid Howells
33*743acf35SAnjali Kulkarni #define PROC_EVENT_ALL (PROC_EVENT_FORK | PROC_EVENT_EXEC | PROC_EVENT_UID | \
34*743acf35SAnjali Kulkarni PROC_EVENT_GID | PROC_EVENT_SID | PROC_EVENT_PTRACE | \
35*743acf35SAnjali Kulkarni PROC_EVENT_COMM | PROC_EVENT_NONZERO_EXIT | \
36*743acf35SAnjali Kulkarni PROC_EVENT_COREDUMP | PROC_EVENT_EXIT)
37*743acf35SAnjali Kulkarni
38*743acf35SAnjali Kulkarni /*
39*743acf35SAnjali Kulkarni * If you add an entry in proc_cn_event, make sure you add it in
40*743acf35SAnjali Kulkarni * PROC_EVENT_ALL above as well.
41*743acf35SAnjali Kulkarni */
422aa1f7a1SAnjali Kulkarni enum proc_cn_event {
432aa1f7a1SAnjali Kulkarni /* Use successive bits so the enums can be used to record
442aa1f7a1SAnjali Kulkarni * sets of events as well
452aa1f7a1SAnjali Kulkarni */
462aa1f7a1SAnjali Kulkarni PROC_EVENT_NONE = 0x00000000,
472aa1f7a1SAnjali Kulkarni PROC_EVENT_FORK = 0x00000001,
482aa1f7a1SAnjali Kulkarni PROC_EVENT_EXEC = 0x00000002,
492aa1f7a1SAnjali Kulkarni PROC_EVENT_UID = 0x00000004,
502aa1f7a1SAnjali Kulkarni PROC_EVENT_GID = 0x00000040,
512aa1f7a1SAnjali Kulkarni PROC_EVENT_SID = 0x00000080,
522aa1f7a1SAnjali Kulkarni PROC_EVENT_PTRACE = 0x00000100,
532aa1f7a1SAnjali Kulkarni PROC_EVENT_COMM = 0x00000200,
542aa1f7a1SAnjali Kulkarni /* "next" should be 0x00000400 */
552aa1f7a1SAnjali Kulkarni /* "last" is the last process event: exit,
562aa1f7a1SAnjali Kulkarni * while "next to last" is coredumping event
57*743acf35SAnjali Kulkarni * before that is report only if process dies
58*743acf35SAnjali Kulkarni * with non-zero exit status
592aa1f7a1SAnjali Kulkarni */
60*743acf35SAnjali Kulkarni PROC_EVENT_NONZERO_EXIT = 0x20000000,
612aa1f7a1SAnjali Kulkarni PROC_EVENT_COREDUMP = 0x40000000,
622aa1f7a1SAnjali Kulkarni PROC_EVENT_EXIT = 0x80000000
632aa1f7a1SAnjali Kulkarni };
642aa1f7a1SAnjali Kulkarni
652aa1f7a1SAnjali Kulkarni struct proc_input {
662aa1f7a1SAnjali Kulkarni enum proc_cn_mcast_op mcast_op;
67*743acf35SAnjali Kulkarni enum proc_cn_event event_type;
682aa1f7a1SAnjali Kulkarni };
692aa1f7a1SAnjali Kulkarni
valid_event(enum proc_cn_event ev_type)70*743acf35SAnjali Kulkarni static inline enum proc_cn_event valid_event(enum proc_cn_event ev_type)
71*743acf35SAnjali Kulkarni {
72*743acf35SAnjali Kulkarni ev_type &= PROC_EVENT_ALL;
73*743acf35SAnjali Kulkarni return ev_type;
74*743acf35SAnjali Kulkarni }
75*743acf35SAnjali Kulkarni
76607ca46eSDavid Howells /*
77607ca46eSDavid Howells * From the user's point of view, the process
78607ca46eSDavid Howells * ID is the thread group ID and thread ID is the internal
79607ca46eSDavid Howells * kernel "pid". So, fields are assigned as follow:
80607ca46eSDavid Howells *
81607ca46eSDavid Howells * In user space - In kernel space
82607ca46eSDavid Howells *
83607ca46eSDavid Howells * parent process ID = parent->tgid
84607ca46eSDavid Howells * parent thread ID = parent->pid
85607ca46eSDavid Howells * child process ID = child->tgid
86607ca46eSDavid Howells * child thread ID = child->pid
87607ca46eSDavid Howells */
88607ca46eSDavid Howells
89607ca46eSDavid Howells struct proc_event {
902aa1f7a1SAnjali Kulkarni enum proc_cn_event what;
91607ca46eSDavid Howells __u32 cpu;
92607ca46eSDavid Howells __u64 __attribute__((aligned(8))) timestamp_ns;
93607ca46eSDavid Howells /* Number of nano seconds since system boot */
94607ca46eSDavid Howells union { /* must be last field of proc_event struct */
95607ca46eSDavid Howells struct {
96607ca46eSDavid Howells __u32 err;
97607ca46eSDavid Howells } ack;
98607ca46eSDavid Howells
99607ca46eSDavid Howells struct fork_proc_event {
100607ca46eSDavid Howells __kernel_pid_t parent_pid;
101607ca46eSDavid Howells __kernel_pid_t parent_tgid;
102607ca46eSDavid Howells __kernel_pid_t child_pid;
103607ca46eSDavid Howells __kernel_pid_t child_tgid;
104607ca46eSDavid Howells } fork;
105607ca46eSDavid Howells
106607ca46eSDavid Howells struct exec_proc_event {
107607ca46eSDavid Howells __kernel_pid_t process_pid;
108607ca46eSDavid Howells __kernel_pid_t process_tgid;
109607ca46eSDavid Howells } exec;
110607ca46eSDavid Howells
111607ca46eSDavid Howells struct id_proc_event {
112607ca46eSDavid Howells __kernel_pid_t process_pid;
113607ca46eSDavid Howells __kernel_pid_t process_tgid;
114607ca46eSDavid Howells union {
115607ca46eSDavid Howells __u32 ruid; /* task uid */
116607ca46eSDavid Howells __u32 rgid; /* task gid */
117607ca46eSDavid Howells } r;
118607ca46eSDavid Howells union {
119607ca46eSDavid Howells __u32 euid;
120607ca46eSDavid Howells __u32 egid;
121607ca46eSDavid Howells } e;
122607ca46eSDavid Howells } id;
123607ca46eSDavid Howells
124607ca46eSDavid Howells struct sid_proc_event {
125607ca46eSDavid Howells __kernel_pid_t process_pid;
126607ca46eSDavid Howells __kernel_pid_t process_tgid;
127607ca46eSDavid Howells } sid;
128607ca46eSDavid Howells
129607ca46eSDavid Howells struct ptrace_proc_event {
130607ca46eSDavid Howells __kernel_pid_t process_pid;
131607ca46eSDavid Howells __kernel_pid_t process_tgid;
132607ca46eSDavid Howells __kernel_pid_t tracer_pid;
133607ca46eSDavid Howells __kernel_pid_t tracer_tgid;
134607ca46eSDavid Howells } ptrace;
135607ca46eSDavid Howells
136607ca46eSDavid Howells struct comm_proc_event {
137607ca46eSDavid Howells __kernel_pid_t process_pid;
138607ca46eSDavid Howells __kernel_pid_t process_tgid;
139607ca46eSDavid Howells char comm[16];
140607ca46eSDavid Howells } comm;
141607ca46eSDavid Howells
1422b5faa4cSJesper Derehag struct coredump_proc_event {
1432b5faa4cSJesper Derehag __kernel_pid_t process_pid;
1442b5faa4cSJesper Derehag __kernel_pid_t process_tgid;
145b086ff87SStefan Strogin __kernel_pid_t parent_pid;
146b086ff87SStefan Strogin __kernel_pid_t parent_tgid;
1472b5faa4cSJesper Derehag } coredump;
1482b5faa4cSJesper Derehag
149607ca46eSDavid Howells struct exit_proc_event {
150607ca46eSDavid Howells __kernel_pid_t process_pid;
151607ca46eSDavid Howells __kernel_pid_t process_tgid;
152607ca46eSDavid Howells __u32 exit_code, exit_signal;
153b086ff87SStefan Strogin __kernel_pid_t parent_pid;
154b086ff87SStefan Strogin __kernel_pid_t parent_tgid;
155607ca46eSDavid Howells } exit;
1562b5faa4cSJesper Derehag
157607ca46eSDavid Howells } event_data;
158607ca46eSDavid Howells };
159607ca46eSDavid Howells
160607ca46eSDavid Howells #endif /* _UAPICN_PROC_H */
161