From dd905f501ddcba55d40b47c70408f70cd9e37690 Mon Sep 17 00:00:00 2001
From: deraadt <deraadt@openbsd.org>
Date: Fri, 15 Dec 2023 15:12:08 +0000
Subject: [PATCH] provide the pieces for ktrace/kdump to observe pinsyscall
 violations. (not used yet, because the pinsyscall changes are still being
 worked on) ok kettenis

---
 sys/kern/kern_ktrace.c  | 20 +++++++++++++++++++-
 sys/sys/ktrace.h        | 14 +++++++++++++-
 usr.bin/kdump/kdump.1   |  7 +++++--
 usr.bin/kdump/kdump.c   | 30 +++++++++++++++++++++++++++++-
 usr.bin/ktrace/ktrace.1 |  7 +++++--
 usr.bin/ktrace/subr.c   |  5 ++++-
 6 files changed, 75 insertions(+), 8 deletions(-)

diff --git a/sys/kern/kern_ktrace.c b/sys/kern/kern_ktrace.c
index 9d88075f44a..620e68365f4 100644
--- a/sys/kern/kern_ktrace.c
+++ b/sys/kern/kern_ktrace.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: kern_ktrace.c,v 1.113 2023/12/12 15:30:55 deraadt Exp $	*/
+/*	$OpenBSD: kern_ktrace.c,v 1.114 2023/12/15 15:12:08 deraadt Exp $	*/
 /*	$NetBSD: kern_ktrace.c,v 1.23 1996/02/09 18:59:36 christos Exp $	*/
 
 /*
@@ -401,6 +401,24 @@ ktrpledge(struct proc *p, int error, uint64_t code, int syscall)
 	atomic_clearbits_int(&p->p_flag, P_INKTR);
 }
 
+void
+ktrpinsyscall(struct proc *p, int error, int syscall, vaddr_t addr)
+{
+	struct ktr_header kth;
+	struct ktr_pinsyscall kp;
+
+	atomic_setbits_int(&p->p_flag, P_INKTR);
+	ktrinitheader(&kth, p, KTR_PINSYSCALL);
+	kp.error = error;
+	kp.syscall = syscall;
+	kp.addr = addr;
+
+	KERNEL_LOCK();
+	ktrwrite(p, &kth, &kp, sizeof(kp));
+	KERNEL_UNLOCK();
+	atomic_clearbits_int(&p->p_flag, P_INKTR);
+}
+
 /* Interface and common routines */
 
 int
diff --git a/sys/sys/ktrace.h b/sys/sys/ktrace.h
index 19eb541edd7..be284143108 100644
--- a/sys/sys/ktrace.h
+++ b/sys/sys/ktrace.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ktrace.h,v 1.47 2023/12/12 15:30:55 deraadt Exp $	*/
+/*	$OpenBSD: ktrace.h,v 1.48 2023/12/15 15:12:08 deraadt Exp $	*/
 /*	$NetBSD: ktrace.h,v 1.12 1996/02/04 02:12:29 christos Exp $	*/
 
 /*
@@ -166,6 +166,16 @@ struct ktr_pledge {
 	uint64_t	code;
 };
 
+/*
+ * KTR_PINSYSCALL - details of pinsyscall violation
+ */
+#define	KTR_PINSYSCALL	13
+struct ktr_pinsyscall {
+	int		error;
+	int		syscall;
+	vaddr_t		addr;
+};
+
 /*
  * kernel trace points (in ps_traceflag)
  */
@@ -180,6 +190,7 @@ struct ktr_pledge {
 #define KTRFAC_EXECARGS	(1<<KTR_EXECARGS)
 #define KTRFAC_EXECENV	(1<<KTR_EXECENV)
 #define	KTRFAC_PLEDGE	(1<<KTR_PLEDGE)
+#define	KTRFAC_PINSYSCALL	(1<<KTR_PINSYSCALL)
 
 /*
  * trace flags (also in ps_traceflag)
@@ -212,6 +223,7 @@ void ktrsysret(struct proc *, register_t, int, const register_t [2]);
 int ktruser(struct proc *, const char *, const void *, size_t);
 void ktrexec(struct proc *, int, const char *, ssize_t);
 void ktrpledge(struct proc *, int, uint64_t, int);
+void ktrpinsyscall(struct proc *, int, int, vaddr_t);
 
 void ktrcleartrace(struct process *);
 void ktrsettrace(struct process *, int, struct vnode *, struct ucred *);
diff --git a/usr.bin/kdump/kdump.1 b/usr.bin/kdump/kdump.1
index 8b45710d15f..01c828cacae 100644
--- a/usr.bin/kdump/kdump.1
+++ b/usr.bin/kdump/kdump.1
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: kdump.1,v 1.39 2023/11/09 15:43:28 kn Exp $
+.\"	$OpenBSD: kdump.1,v 1.40 2023/12/15 15:12:08 deraadt Exp $
 .\"
 .\" Copyright (c) 1990, 1993
 .\"	The Regents of the University of California.  All rights reserved.
@@ -29,7 +29,7 @@
 .\"
 .\"	from: @(#)kdump.1	8.1 (Berkeley) 6/6/93
 .\"
-.Dd $Mdocdate: November 9 2023 $
+.Dd $Mdocdate: December 15 2023 $
 .Dt KDUMP 1
 .Os
 .Sh NAME
@@ -124,6 +124,9 @@ trace violation of
 restrictions
 .It Cm s
 trace signal processing
+.It Cm S
+trace violation of
+.Xr pinsyscalls 2
 .It Cm t
 trace various structures
 .It Cm u
diff --git a/usr.bin/kdump/kdump.c b/usr.bin/kdump/kdump.c
index 9632afdceeb..dc02fbe87ff 100644
--- a/usr.bin/kdump/kdump.c
+++ b/usr.bin/kdump/kdump.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: kdump.c,v 1.160 2023/12/12 15:30:55 deraadt Exp $	*/
+/*	$OpenBSD: kdump.c,v 1.161 2023/12/15 15:12:08 deraadt Exp $	*/
 
 /*-
  * Copyright (c) 1988, 1993
@@ -133,6 +133,7 @@ static void ktrsysret(struct ktr_sysret *, size_t);
 static void ktruser(struct ktr_user *, size_t);
 static void ktrexec(const char*, size_t);
 static void ktrpledge(struct ktr_pledge *, size_t);
+static void ktrpinsyscall(struct ktr_pinsyscall *, size_t);
 static void usage(void);
 static void ioctldecode(int);
 static void ptracedecode(int);
@@ -309,6 +310,9 @@ main(int argc, char *argv[])
 		case KTR_PLEDGE:
 			ktrpledge(m, ktrlen);
 			break;
+		case KTR_PINSYSCALL:
+			ktrpinsyscall(m, ktrlen);
+			break;
 		default:
 			printf("\n");
 			break;
@@ -369,6 +373,9 @@ dumpheader(struct ktr_header *kth)
 	case KTR_PLEDGE:
 		type = "PLDG";
 		break;
+	case KTR_PINSYSCALL:
+		type = "PINS";
+		break;
 	default:
 		/* htobe32() not guaranteed to work as case label */
 		if (kth->ktr_type == htobe32(KTR_START)) {
@@ -1489,6 +1496,27 @@ ktrpledge(struct ktr_pledge *pledge, size_t len)
 	printf("\n");
 }
 
+static void
+ktrpinsyscall(struct ktr_pinsyscall *pinsyscall, size_t len)
+{
+	const char *name = "";
+	int i;
+
+	if (len < sizeof(struct ktr_pinsyscall))
+		errx(1, "invalid ktr pinsyscall length %zu", len);
+
+	if (pinsyscall->syscall >= SYS_MAXSYSCALL || pinsyscall->syscall < 0)
+		(void)printf("[%d]", pinsyscall->syscall);
+	else
+		(void)printf("%s", syscallnames[pinsyscall->syscall]);
+	(void)printf(", addr %lx, errno %d", pinsyscall->addr,
+	    pinsyscall->error);
+	(void)printf(", errno %d", pinsyscall->error);
+	if (fancy)
+		(void)printf(" %s", strerror(pinsyscall->error));
+	printf("\n");
+}
+
 static void
 usage(void)
 {
diff --git a/usr.bin/ktrace/ktrace.1 b/usr.bin/ktrace/ktrace.1
index 1bae9cd5e54..038a8d7ed37 100644
--- a/usr.bin/ktrace/ktrace.1
+++ b/usr.bin/ktrace/ktrace.1
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: ktrace.1,v 1.33 2023/09/30 13:03:40 naddy Exp $
+.\"	$OpenBSD: ktrace.1,v 1.34 2023/12/15 15:12:08 deraadt Exp $
 .\"
 .\" Copyright (c) 1990, 1993
 .\"	The Regents of the University of California.  All rights reserved.
@@ -29,7 +29,7 @@
 .\"
 .\"	from: @(#)ktrace.1	8.1 (Berkeley) 6/6/93
 .\"
-.Dd $Mdocdate: September 30 2023 $
+.Dd $Mdocdate: December 15 2023 $
 .Dt KTRACE 1
 .Os
 .Sh NAME
@@ -132,6 +132,9 @@ trace violation of
 restrictions
 .It Cm s
 trace signal processing
+.It Cm S
+trace violation of
+.Xr pinsyscalls 2
 .It Cm t
 trace various structures
 .It Cm u
diff --git a/usr.bin/ktrace/subr.c b/usr.bin/ktrace/subr.c
index 0c5159781ca..ab8c35d7e73 100644
--- a/usr.bin/ktrace/subr.c
+++ b/usr.bin/ktrace/subr.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: subr.c,v 1.16 2022/02/22 17:35:01 deraadt Exp $	*/
+/*	$OpenBSD: subr.c,v 1.17 2023/12/15 15:12:08 deraadt Exp $	*/
 /*	$NetBSD: subr.c,v 1.6 1995/08/31 23:01:45 jtc Exp $	*/
 
 /*-
@@ -65,6 +65,9 @@ getpoints(const char *s, int defpoints)
 		case 's':
 			facs |= KTRFAC_PSIG;
 			break;
+		case 'S':
+			facs |= KTRFAC_PINSYSCALL;
+			break;
 		case 't':
 			facs |= KTRFAC_STRUCT;
 			break;
-- 
2.20.1