1 /* SPDX-License-Identifier: LGPL-2.1 WITH Linux-syscall-note */
2 /*
3  * cn_proc.h - process events connector
4  *
5  * Copyright (C) Matt Helsley, IBM Corp. 2005
6  * Based on cn_fork.h by Nguyen Anh Quynh and Guillaume Thouvenin
7  * Copyright (C) 2005 Nguyen Anh Quynh <aquynh@gmail.com>
8  * Copyright (C) 2005 Guillaume Thouvenin <guillaume.thouvenin@bull.net>
9  *
10  * This program is free software; you can redistribute it and/or modify it
11  * under the terms of version 2.1 of the GNU Lesser General Public License
12  * as published by the Free Software Foundation.
13  *
14  * This program is distributed in the hope that it would be useful, but
15  * WITHOUT ANY WARRANTY; without even the implied warranty of
16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
17  */
18 
19 #ifndef _UAPICN_PROC_H
20 #define _UAPICN_PROC_H
21 
22 #include <linux/types.h>
23 
24 /*
25  * Userspace sends this enum to register with the kernel that it is listening
26  * for events on the connector.
27  */
28 enum proc_cn_mcast_op {
29 	PROC_CN_MCAST_LISTEN = 1,
30 	PROC_CN_MCAST_IGNORE = 2
31 };
32 
33 /*
34  * From the user's point of view, the process
35  * ID is the thread group ID and thread ID is the internal
36  * kernel "pid". So, fields are assigned as follow:
37  *
38  *  In user space     -  In  kernel space
39  *
40  * parent process ID  =  parent->tgid
41  * parent thread  ID  =  parent->pid
42  * child  process ID  =  child->tgid
43  * child  thread  ID  =  child->pid
44  */
45 
46 struct proc_event {
47 	enum what {
48 		/* Use successive bits so the enums can be used to record
49 		 * sets of events as well
50 		 */
51 		PROC_EVENT_NONE = 0x00000000,
52 		PROC_EVENT_FORK = 0x00000001,
53 		PROC_EVENT_EXEC = 0x00000002,
54 		PROC_EVENT_UID  = 0x00000004,
55 		PROC_EVENT_GID  = 0x00000040,
56 		PROC_EVENT_SID  = 0x00000080,
57 		PROC_EVENT_PTRACE = 0x00000100,
58 		PROC_EVENT_COMM = 0x00000200,
59 		/* "next" should be 0x00000400 */
60 		/* "last" is the last process event: exit,
61 		 * while "next to last" is coredumping event */
62 		PROC_EVENT_COREDUMP = 0x40000000,
63 		PROC_EVENT_EXIT = 0x80000000
64 	} what;
65 	__u32 cpu;
66 	__u64 __attribute__((aligned(8))) timestamp_ns;
67 		/* Number of nano seconds since system boot */
68 	union { /* must be last field of proc_event struct */
69 		struct {
70 			__u32 err;
71 		} ack;
72 
73 		struct fork_proc_event {
74 			__kernel_pid_t parent_pid;
75 			__kernel_pid_t parent_tgid;
76 			__kernel_pid_t child_pid;
77 			__kernel_pid_t child_tgid;
78 		} fork;
79 
80 		struct exec_proc_event {
81 			__kernel_pid_t process_pid;
82 			__kernel_pid_t process_tgid;
83 		} exec;
84 
85 		struct id_proc_event {
86 			__kernel_pid_t process_pid;
87 			__kernel_pid_t process_tgid;
88 			union {
89 				__u32 ruid; /* task uid */
90 				__u32 rgid; /* task gid */
91 			} r;
92 			union {
93 				__u32 euid;
94 				__u32 egid;
95 			} e;
96 		} id;
97 
98 		struct sid_proc_event {
99 			__kernel_pid_t process_pid;
100 			__kernel_pid_t process_tgid;
101 		} sid;
102 
103 		struct ptrace_proc_event {
104 			__kernel_pid_t process_pid;
105 			__kernel_pid_t process_tgid;
106 			__kernel_pid_t tracer_pid;
107 			__kernel_pid_t tracer_tgid;
108 		} ptrace;
109 
110 		struct comm_proc_event {
111 			__kernel_pid_t process_pid;
112 			__kernel_pid_t process_tgid;
113 			char           comm[16];
114 		} comm;
115 
116 		struct coredump_proc_event {
117 			__kernel_pid_t process_pid;
118 			__kernel_pid_t process_tgid;
119 		} coredump;
120 
121 		struct exit_proc_event {
122 			__kernel_pid_t process_pid;
123 			__kernel_pid_t process_tgid;
124 			__u32 exit_code, exit_signal;
125 		} exit;
126 
127 	} event_data;
128 };
129 
130 #endif /* _UAPICN_PROC_H */
131