From nobody Tue Nov 12 00:52:50 2024
X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4XnSZB3WhJz5csTg;
	Tue, 12 Nov 2024 00:52:50 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4XnSZB33p5z514P;
	Tue, 12 Nov 2024 00:52:50 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1731372770;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=UaFTqSdppiaWt1T2wHWBo73mx9pUDIN/7yHH0V9iFyo=;
	b=Q2SVVzuR3Zrgj+AXa4l/9byjYU20PBCf66i6M3hq7wFAHizo21/pJY55BHGbVAunkYSQ/n
	ZAeN36coEI2CbEQSzeCKMpliKEJVgV4HOePgWW2ObOVoezKmWlKvLjhXa/2W5ZSLPIMdxd
	5mWrRIIhB89OrlnCOw8uyUjuHIJtMWTOcSZbLdDnMgUNuzw20YSg3sBSi65nE3J6dTrhxQ
	wGWMsOGuz2Y4GLryJbHudLYDe5sZ3lhnb7K7tDGNkQdri4qhuSlvvvlfLNFJas2mx9agIy
	ajDsR12+QIv1/2e/2AvZvK+fd6QYlnNqgnYo0sQYjH6f6bve2bYZoYRbP8q/TQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1731372770;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=UaFTqSdppiaWt1T2wHWBo73mx9pUDIN/7yHH0V9iFyo=;
	b=BOmb8aNOFPaTa7seBuhzu3VvCgQZKP2gp1AwQ2dHIxop8MvtoEnqSXamg0dOPuwAoWEope
	Y6/zjsqoSWVlEn/FKI63mI19AksZtg3X5xiJxoEK74dzPMOXQ3PEVz5/rP17f6zbPuiRJk
	qRNMZYFYe1FMR0/m/WP7Z59uaKBZIiYWtDjkY2n+SJ1dOK0I+efYIfL0lbiX+OEE3VnBlu
	gru/hUzsXrPUZMZ1Cu6Etku42LNJEXiU0038aaYwiFzq3qQTWDrv4XBle/K4Jk7BCZBopR
	x+WpGMWw0rvqktJ1+KCa1llVsaM60Jq7rxqLK0bkbyK65suTG9enFrxGsOx96w==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1731372770; a=rsa-sha256; cv=none;
	b=UTO57euVZ3ptgj2WqGALsMmKUxisO9o1z6PN1HY1Ldddlgn2gE1EbPyWE8ulNNolqFowd6
	dRLcVR4H8yiH1ieSGSolowGMhUqY/8uPPODkEmaydoRgqgMDgxDYrWsDPFnwji5M7y59Qq
	YssPxHk/omG0Q8NiSOOd/l14PeU9nBflYxWXWgrEJ212oOvWnzeURD4A2ZXeiouKyFd3Qb
	POZD+vJv1Vn7KCL2gUmhAHuAHCCpGq6S19kycTNWbKiHAeHAAO7Q2qqOHpgnNehat8Pg2h
	ZO6dIHX6DqtblWsQqBMFybRb22kXBpyyTwLWco1VChdKx4PYfxsR3K8cQh31Fg==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4XnSZB2LQhzpF9;
	Tue, 12 Nov 2024 00:52:50 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4AC0qotR096065;
	Tue, 12 Nov 2024 00:52:50 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4AC0qoQ3096062;
	Tue, 12 Nov 2024 00:52:50 GMT
	(envelope-from git)
Date: Tue, 12 Nov 2024 00:52:50 GMT
Message-Id: <202411120052.4AC0qoQ3096062@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-main@FreeBSD.org
From: Gleb Smirnoff <glebius@FreeBSD.org>
Subject: git: 65a4daeaf324 - main - ktrace: log execve(2) arguments
  and environment
List-Id: Commit messages for all branches of the src repository <dev-commits-src-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all
List-Help: <mailto:dev-commits-src-all+help@freebsd.org>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-all+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-all@freebsd.org
Sender: owner-dev-commits-src-all@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: glebius
X-Git-Repository: src
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: 65a4daeaf3247b7a2c16cf59cdea2ce05987a7cc
Auto-Submitted: auto-generated

The branch main has been updated by glebius:

URL: https://cgit.FreeBSD.org/src/commit/?id=65a4daeaf3247b7a2c16cf59cdea2ce05987a7cc

commit 65a4daeaf3247b7a2c16cf59cdea2ce05987a7cc
Author:     Artem Hevorhian <artemhevorhian@gmail.com>
AuthorDate: 2024-10-15 13:50:40 +0000
Commit:     Gleb Smirnoff <glebius@FreeBSD.org>
CommitDate: 2024-11-11 21:19:35 +0000

    ktrace: log execve(2) arguments and environment
    
    Two new events KTR_ARGS and KTR_ENV can be used to
    trace arguments of execve(2).
    
    Reviewed by:            glebius
    Differential Revision:  https://reviews.freebsd.org/D47127
---
 sys/kern/kern_exec.c    | 11 ++++++++++-
 sys/kern/kern_ktrace.c  | 17 +++++++++++++++++
 sys/sys/ktrace.h        | 13 +++++++++++++
 usr.bin/kdump/kdump.c   | 26 ++++++++++++++++++++++++++
 usr.bin/ktrace/ktrace.1 | 10 +++++++++-
 usr.bin/ktrace/ktrace.h |  3 ++-
 usr.bin/ktrace/subr.c   |  6 ++++++
 7 files changed, 83 insertions(+), 3 deletions(-)

diff --git a/sys/kern/kern_exec.c b/sys/kern/kern_exec.c
index 63f007624e36..4a11be5b42b8 100644
--- a/sys/kern/kern_exec.c
+++ b/sys/kern/kern_exec.c
@@ -354,7 +354,16 @@ kern_execve(struct thread *td, struct image_args *args, struct mac *mac_p,
 	    exec_args_get_begin_envv(args) - args->begin_argv);
 	AUDIT_ARG_ENVV(exec_args_get_begin_envv(args), args->envc,
 	    args->endp - exec_args_get_begin_envv(args));
-
+#ifdef KTRACE
+	if (KTRPOINT(td, KTR_ARGS)) {
+		ktrdata(KTR_ARGS, args->begin_argv,
+		    exec_args_get_begin_envv(args) - args->begin_argv);
+        }
+	if (KTRPOINT(td, KTR_ENVS)) {
+		ktrdata(KTR_ENVS, exec_args_get_begin_envv(args),
+		    args->endp - exec_args_get_begin_envv(args));
+        }
+#endif
 	/* Must have at least one argument. */
 	if (args->argc == 0) {
 		exec_free_args(args);
diff --git a/sys/kern/kern_ktrace.c b/sys/kern/kern_ktrace.c
index 868885898d0c..7a31fe234cb5 100644
--- a/sys/kern/kern_ktrace.c
+++ b/sys/kern/kern_ktrace.c
@@ -124,6 +124,8 @@ static const int data_lengths[] = {
 	[KTR_FAULT] = sizeof(struct ktr_fault),
 	[KTR_FAULTEND] = sizeof(struct ktr_faultend),
 	[KTR_STRUCT_ARRAY] = sizeof(struct ktr_struct_array),
+	[KTR_ARGS] = 0,
+	[KTR_ENVS] = 0,
 };
 
 static STAILQ_HEAD(, ktr_request) ktr_free;
@@ -559,6 +561,21 @@ ktrsyscall(int code, int narg, syscallarg_t args[])
 	ktr_submitrequest(curthread, req);
 }
 
+void
+ktrdata(int type, const void *data, size_t len)
+{
+        struct ktr_request *req;
+        void *buf;
+
+        if ((req = ktr_getrequest(type)) == NULL)
+                return;
+        buf = malloc(len, M_KTRACE, M_WAITOK);
+        bcopy(data, buf, len);
+        req->ktr_header.ktr_len = len;
+        req->ktr_buffer = buf;
+        ktr_submitrequest(curthread, req);
+}
+
 void
 ktrsysret(int code, int error, register_t retval)
 {
diff --git a/sys/sys/ktrace.h b/sys/sys/ktrace.h
index 966af1744058..9d06cd33d5d2 100644
--- a/sys/sys/ktrace.h
+++ b/sys/sys/ktrace.h
@@ -263,6 +263,16 @@ struct ktr_struct_array {
 	 */
 };
 
+/*
+ * KTR_ARGS - arguments of execve()
+ */
+#define KTR_ARGS 16
+
+/*
+ * KTR_ENVS - environment variables of execve()
+ */
+#define KTR_ENVS 17
+
 /*
  * KTR_DROP - If this bit is set in ktr_type, then at least one event
  * between the previous record and this record was dropped.
@@ -295,6 +305,8 @@ struct ktr_struct_array {
 #define KTRFAC_FAULT	(1<<KTR_FAULT)
 #define KTRFAC_FAULTEND	(1<<KTR_FAULTEND)
 #define	KTRFAC_STRUCT_ARRAY (1<<KTR_STRUCT_ARRAY)
+#define KTRFAC_ARGS     (1<<KTR_ARGS)
+#define KTRFAC_ENVS     (1<<KTR_ENVS)
 
 /*
  * trace flags (also in p_traceflags)
@@ -335,6 +347,7 @@ void	ktrstruct(const char *, const void *, size_t);
 void	ktrstruct_error(const char *, const void *, size_t, int);
 void	ktrstructarray(const char *, enum uio_seg, const void *, int, size_t);
 void	ktrcapfail(enum ktr_cap_violation, const void *);
+void	ktrdata(int, const void *, size_t);
 #define ktrcaprights(s) \
 	ktrstruct("caprights", (s), sizeof(cap_rights_t))
 #define	ktritimerval(s) \
diff --git a/usr.bin/kdump/kdump.c b/usr.bin/kdump/kdump.c
index 41d3eb594149..f104c20f3842 100644
--- a/usr.bin/kdump/kdump.c
+++ b/usr.bin/kdump/kdump.c
@@ -117,6 +117,7 @@ void ktrstructarray(struct ktr_struct_array *, size_t);
 void ktrbitset(char *, struct bitset *, size_t);
 void ktrsyscall_freebsd(struct ktr_syscall *ktr, register_t **resip,
     int *resnarg, char *resc, u_int sv_flags);
+void ktrexecve(char *, int);
 void usage(void);
 
 #define	TIMESTAMP_NONE		0x0
@@ -515,6 +516,10 @@ main(int argc, char *argv[])
 		case KTR_STRUCT_ARRAY:
 			ktrstructarray((struct ktr_struct_array *)m, ktrlen);
 			break;
+		case KTR_ARGS:
+		case KTR_ENVS:
+			ktrexecve(m, ktrlen);
+			break;
 		default:
 			printf("\n");
 			break;
@@ -699,6 +704,12 @@ dumpheader(struct ktr_header *kth, u_int sv_flags)
 	case KTR_FAULTEND:
 		type = "PRET";
 		break;
+	case KTR_ARGS:
+	        type = "ARGS";
+	        break;
+	case KTR_ENVS:
+	        type = "ENVS";
+	        break;
 	default:
 		sprintf(unknown, "UNKNOWN(%d)", kth->ktr_type);
 		type = unknown;
@@ -1646,6 +1657,21 @@ ktrnamei(char *cp, int len)
 	printf("\"%.*s\"\n", len, cp);
 }
 
+void
+ktrexecve(char *m, int len)
+{
+	int i = 0;
+
+	while (i < len) {
+		printf("\"%s\"", m + i);
+		i += strlen(m + i) + 1;
+		if (i != len) {
+			printf(", ");
+		}
+	}
+	printf("\n");
+}
+
 void
 hexdump(char *p, int len, int screenwidth)
 {
diff --git a/usr.bin/ktrace/ktrace.1 b/usr.bin/ktrace/ktrace.1
index 5cc6df52d69a..6d78cb1504b4 100644
--- a/usr.bin/ktrace/ktrace.1
+++ b/usr.bin/ktrace/ktrace.1
@@ -25,7 +25,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.Dd June 10, 2024
+.Dd November 1, 2024
 .Dt KTRACE 1
 .Os
 .Sh NAME
@@ -142,6 +142,14 @@ context switches
 trace
 .Xr sysctl 3
 requests
+.It Cm a
+trace
+.Xr execve 2
+arguments
+.It Cm e
+trace
+.Xr execve 2
+environment variables
 .It Cm +
 trace the default set of trace points -
 .Cm c , i , n , s , t , u , y
diff --git a/usr.bin/ktrace/ktrace.h b/usr.bin/ktrace/ktrace.h
index bf3f70539310..d6da094f33a2 100644
--- a/usr.bin/ktrace/ktrace.h
+++ b/usr.bin/ktrace/ktrace.h
@@ -31,7 +31,8 @@
 
 #define DEF_POINTS (KTRFAC_SYSCALL | KTRFAC_SYSRET | KTRFAC_NAMEI | \
 		    KTRFAC_GENIO | KTRFAC_PSIG | KTRFAC_USER | \
-		    KTRFAC_STRUCT | KTRFAC_SYSCTL | KTRFAC_STRUCT_ARRAY)
+		    KTRFAC_STRUCT | KTRFAC_SYSCTL | KTRFAC_STRUCT_ARRAY | \
+		    KTRFAC_ARGS | KTRFAC_ENVS)
 
 #define PROC_ABI_POINTS (KTRFAC_PROCCTOR | KTRFAC_PROCDTOR)
 
diff --git a/usr.bin/ktrace/subr.c b/usr.bin/ktrace/subr.c
index 520ee44a1575..6762fe9620cb 100644
--- a/usr.bin/ktrace/subr.c
+++ b/usr.bin/ktrace/subr.c
@@ -81,6 +81,12 @@ getpoints(char *s)
 		case 'y':
 			facs |= KTRFAC_SYSCTL;
 			break;
+		case 'a':
+		        facs |= KTRFAC_ARGS;
+			break;
+		case 'e':
+		        facs |= KTRFAC_ENVS;
+			break;
 		case '+':
 			facs |= DEF_POINTS;
 			break;