D47127.diff
View Options

	diff --git a/sys/kern/kern_exec.c b/sys/kern/kern_exec.c
	--- a/sys/kern/kern_exec.c
	+++ b/sys/kern/kern_exec.c
	@@ -354,7 +354,16 @@
	exec_args_get_begin_envv(args) - args->begin_argv);
	AUDIT_ARG_ENVV(exec_args_get_begin_envv(args), args->envc,
	args->endp - exec_args_get_begin_envv(args));
	-
	+#ifdef KTRACE
	+ if (KTRPOINT(td, KTR_EXECVE_ARGS)) {
	+ ktrdata(KTR_EXECVE_ARGS, args->begin_argv,
	+ exec_args_get_begin_envv(args) - args->begin_argv);
	+ }
	+ if (KTRPOINT(td, KTR_EXECVE_ENVS)) {
	+ ktrdata(KTR_EXECVE_ENVS, exec_args_get_begin_envv(args),
	+ args->endp - exec_args_get_begin_envv(args));
	+ }
	+#endif
	/* Must have at least one argument. */
	if (args->argc == 0) {
	exec_free_args(args);
	diff --git a/sys/kern/kern_ktrace.c b/sys/kern/kern_ktrace.c
	--- a/sys/kern/kern_ktrace.c
	+++ b/sys/kern/kern_ktrace.c
	@@ -124,6 +124,8 @@
	[KTR_FAULT] = sizeof(struct ktr_fault),
	[KTR_FAULTEND] = sizeof(struct ktr_faultend),
	[KTR_STRUCT_ARRAY] = sizeof(struct ktr_struct_array),
	+ [KTR_EXECVE_ARGS] = 0,
	+ [KTR_EXECVE_ENVS] = 0,
	};

	static STAILQ_HEAD(, ktr_request) ktr_free;
	@@ -559,6 +561,21 @@
	ktr_submitrequest(curthread, req);
	}

	+void
	+ktrdata(int type, const void *data, size_t len)
	+{
	+ struct ktr_request *req;
	+ void *buf;
	+
	+ if ((req = ktr_getrequest(type)) == NULL)
	+ return;
	+ buf = malloc(len, M_KTRACE, M_WAITOK);
	+ bcopy(data, buf, len);
	+ req->ktr_header.ktr_len = len;
	+ req->ktr_buffer = buf;
	+ ktr_submitrequest(curthread, req);
	+}
	+
	void
	ktrsysret(int code, int error, register_t retval)
	{
	diff --git a/sys/sys/ktrace.h b/sys/sys/ktrace.h
	--- a/sys/sys/ktrace.h
	+++ b/sys/sys/ktrace.h
	@@ -263,6 +263,16 @@
	*/
	};

	+/*
	+ * KTR_EXECVE_ARGS - arguments of execve()
	+ */
	+#define KTR_EXECVE_ARGS 16
	+
	+/*
	+ * KTR_EXECVE_ENVS - environment variables of execve()
	+ */
	+#define KTR_EXECVE_ENVS 17
	+
	/*
	* KTR_DROP - If this bit is set in ktr_type, then at least one event
	* between the previous record and this record was dropped.
	@@ -295,6 +305,8 @@
	#define KTRFAC_FAULT (1<<KTR_FAULT)
	#define KTRFAC_FAULTEND (1<<KTR_FAULTEND)
	#define KTRFAC_STRUCT_ARRAY (1<<KTR_STRUCT_ARRAY)
	+#define KTRFAC_EXECVE_ARGS (1<<KTR_EXECVE_ARGS)
	+#define KTRFAC_EXECVE_ENVS (1<<KTR_EXECVE_ENVS)

	/*
	* trace flags (also in p_traceflags)
	@@ -335,6 +347,7 @@
	void ktrstruct_error(const char , const void , size_t, int);
	void ktrstructarray(const char , enum uio_seg, const void , int, size_t);
	void ktrcapfail(enum ktr_cap_violation, const void *);
	+void ktrdata(int, const void *, size_t);
	#define ktrcaprights(s) \
	ktrstruct("caprights", (s), sizeof(cap_rights_t))
	#define ktritimerval(s) \
	diff --git a/usr.bin/kdump/kdump.c b/usr.bin/kdump/kdump.c
	--- a/usr.bin/kdump/kdump.c
	+++ b/usr.bin/kdump/kdump.c
	@@ -117,6 +117,7 @@
	void ktrbitset(char , struct bitset , size_t);
	void ktrsyscall_freebsd(struct ktr_syscall ktr, register_t *resip,
	int resnarg, char resc, u_int sv_flags);
	+void ktrexecve(char *, int);
	void usage(void);

	#define TIMESTAMP_NONE 0x0
	@@ -515,6 +516,9 @@
	case KTR_STRUCT_ARRAY:
	ktrstructarray((struct ktr_struct_array *)m, ktrlen);
	break;
	+ case KTR_EXECVE_ARGS:
	+ case KTR_EXECVE_ENVS:
	+ ktrexecve(m, ktrlen);
	default:
	printf("\n");
	break;
	@@ -699,6 +703,12 @@
	case KTR_FAULTEND:
	type = "PRET";
	break;
	+ case KTR_EXECVE_ARGS:
	+ type = "ARGS";
	+ break;
	+ case KTR_EXECVE_ENVS:
	+ type = "ENVS";
	+ break;
	default:
	sprintf(unknown, "UNKNOWN(%d)", kth->ktr_type);
	type = unknown;
	@@ -1646,6 +1656,21 @@
	printf("\"%.*s\"\n", len, cp);
	}

	+void
	+ktrexecve(char *m, int len)
	+{
	+ int i = 0;
	+
	+ while (i < len) {
	+ printf("\"%s\"", m + i);
	+ i += strlen(m + i) + 1;
	+ if (i != len) {
	+ printf(", ");
	+ }
	+ }
	+ printf("\n");
	+}
	+
	void
	hexdump(char *p, int len, int screenwidth)
	{
	diff --git a/usr.bin/ktrace/ktrace.h b/usr.bin/ktrace/ktrace.h
	--- a/usr.bin/ktrace/ktrace.h
	+++ b/usr.bin/ktrace/ktrace.h
	@@ -31,7 +31,8 @@

	#define DEF_POINTS (KTRFAC_SYSCALL \| KTRFAC_SYSRET \| KTRFAC_NAMEI \| \
	KTRFAC_GENIO \| KTRFAC_PSIG \| KTRFAC_USER \| \
	- KTRFAC_STRUCT \| KTRFAC_SYSCTL \| KTRFAC_STRUCT_ARRAY)
	+ KTRFAC_STRUCT \| KTRFAC_SYSCTL \| KTRFAC_STRUCT_ARRAY \| \
	+ KTRFAC_EXECVE_ARGS \| KTRFAC_EXECVE_ENVS)

	#define PROC_ABI_POINTS (KTRFAC_PROCCTOR \| KTRFAC_PROCDTOR)

	diff --git a/usr.bin/ktrace/ktrace.1 b/usr.bin/ktrace/ktrace.1
	--- a/usr.bin/ktrace/ktrace.1
	+++ b/usr.bin/ktrace/ktrace.1
	@@ -25,7 +25,7 @@
	.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
	.\" SUCH DAMAGE.
	.\"
	-.Dd June 10, 2024
	+.Dd November 1, 2024
	.Dt KTRACE 1
	.Os
	.Sh NAME
	@@ -142,6 +142,14 @@
	trace
	.Xr sysctl 3
	requests
	+.It Cm a
	+trace
	+.Xr execve 2
	+arguments
	+.It Cm e
	+trace
	+.Xr execve 2
	+environment variables
	.It Cm +
	trace the default set of trace points -
	.Cm c , i , n , s , t , u , y
	diff --git a/usr.bin/ktrace/subr.c b/usr.bin/ktrace/subr.c
	--- a/usr.bin/ktrace/subr.c
	+++ b/usr.bin/ktrace/subr.c
	@@ -81,6 +81,12 @@
	case 'y':
	facs \|= KTRFAC_SYSCTL;
	break;
	+ case 'a':
	+ facs \|= KTRFAC_EXECVE_ARGS;
	+ break;
	+ case 'e':
	+ facs \|= KTRFAC_EXECVE_ENVS;
	+ break;
	case '+':
	facs \|= DEF_POINTS;
	break;

File Metadata

Mime Type: text/plain
Expires: Thu, Nov 7, 12:27 PM (21 h, 48 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 14510795
Default Alt Text: D47127.diff (5 KB)

D47127.diff
No OneTemporary
Actions

D47127.diff
View Options

File Metadata

Event Timeline

D47127.diffNo OneTemporaryActions

D47127.diffView Options

File Metadata

Event Timeline

D47127.diff
No OneTemporary
Actions

D47127.diff
View Options