uapi/linux/cn_proc.h

0001 /* SPDX-License-Identifier: LGPL-2.1 WITH Linux-syscall-note */
0002 /*
0003  * cn_proc.h - process events connector
0004  *
0005  * Copyright (C) Matt Helsley, IBM Corp. 2005
0006  * Based on cn_fork.h by Nguyen Anh Quynh and Guillaume Thouvenin
0007  * Copyright (C) 2005 Nguyen Anh Quynh <aquynh@gmail.com>
0008  * Copyright (C) 2005 Guillaume Thouvenin <guillaume.thouvenin@bull.net>
0009  *
0010  * This program is free software; you can redistribute it and/or modify it
0011  * under the terms of version 2.1 of the GNU Lesser General Public License
0012  * as published by the Free Software Foundation.
0013  *
0014  * This program is distributed in the hope that it would be useful, but
0015  * WITHOUT ANY WARRANTY; without even the implied warranty of
0016  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
0017  */
0018
0019 #ifndef _UAPICN_PROC_H
0020 #define _UAPICN_PROC_H
0021
0022 #include <linux/types.h>
0023
0024 /*
0025  * Userspace sends this enum to register with the kernel that it is listening
0026  * for events on the connector.
0027  */
0028 enum proc_cn_mcast_op {
0029     PROC_CN_MCAST_LISTEN = 1,
0030     PROC_CN_MCAST_IGNORE = 2
0031 };
0032
0033 /*
0034  * From the user's point of view, the process
0035  * ID is the thread group ID and thread ID is the internal
0036  * kernel "pid". So, fields are assigned as follow:
0037  *
0038  *  In user space     -  In  kernel space
0039  *
0040  * parent process ID  =  parent->tgid
0041  * parent thread  ID  =  parent->pid
0042  * child  process ID  =  child->tgid
0043  * child  thread  ID  =  child->pid
0044  */
0045
0046 struct proc_event {
0047     enum what {
0048         /* Use successive bits so the enums can be used to record
0049          * sets of events as well
0050          */
0051         PROC_EVENT_NONE = 0x00000000,
0052         PROC_EVENT_FORK = 0x00000001,
0053         PROC_EVENT_EXEC = 0x00000002,
0054         PROC_EVENT_UID  = 0x00000004,
0055         PROC_EVENT_GID  = 0x00000040,
0056         PROC_EVENT_SID  = 0x00000080,
0057         PROC_EVENT_PTRACE = 0x00000100,
0058         PROC_EVENT_COMM = 0x00000200,
0059         /* "next" should be 0x00000400 */
0060         /* "last" is the last process event: exit,
0061          * while "next to last" is coredumping event */
0062         PROC_EVENT_COREDUMP = 0x40000000,
0063         PROC_EVENT_EXIT = 0x80000000
0064     } what;
0065     __u32 cpu;
0066     __u64 __attribute__((aligned(8))) timestamp_ns;
0067         /* Number of nano seconds since system boot */
0068     union { /* must be last field of proc_event struct */
0069         struct {
0070             __u32 err;
0071         } ack;
0072
0073         struct fork_proc_event {
0074             __kernel_pid_t parent_pid;
0075             __kernel_pid_t parent_tgid;
0076             __kernel_pid_t child_pid;
0077             __kernel_pid_t child_tgid;
0078         } fork;
0079
0080         struct exec_proc_event {
0081             __kernel_pid_t process_pid;
0082             __kernel_pid_t process_tgid;
0083         } exec;
0084
0085         struct id_proc_event {
0086             __kernel_pid_t process_pid;
0087             __kernel_pid_t process_tgid;
0088             union {
0089                 __u32 ruid; /* task uid */
0090                 __u32 rgid; /* task gid */
0091             } r;
0092             union {
0093                 __u32 euid;
0094                 __u32 egid;
0095             } e;
0096         } id;
0097
0098         struct sid_proc_event {
0099             __kernel_pid_t process_pid;
0100             __kernel_pid_t process_tgid;
0101         } sid;
0102
0103         struct ptrace_proc_event {
0104             __kernel_pid_t process_pid;
0105             __kernel_pid_t process_tgid;
0106             __kernel_pid_t tracer_pid;
0107             __kernel_pid_t tracer_tgid;
0108         } ptrace;
0109
0110         struct comm_proc_event {
0111             __kernel_pid_t process_pid;
0112             __kernel_pid_t process_tgid;
0113             char           comm[16];
0114         } comm;
0115
0116         struct coredump_proc_event {
0117             __kernel_pid_t process_pid;
0118             __kernel_pid_t process_tgid;
0119             __kernel_pid_t parent_pid;
0120             __kernel_pid_t parent_tgid;
0121         } coredump;
0122
0123         struct exit_proc_event {
0124             __kernel_pid_t process_pid;
0125             __kernel_pid_t process_tgid;
0126             __u32 exit_code, exit_signal;
0127             __kernel_pid_t parent_pid;
0128             __kernel_pid_t parent_tgid;
0129         } exit;
0130
0131     } event_data;
0132 };
0133
0134 #endif /* _UAPICN_PROC_H */