1 /* SPDX-License-Identifier: LGPL-2.1 WITH Linux-syscall-note */
2 /*
3 * cn_proc.h - process events connector
4 *
5 * Copyright (C) Matt Helsley, IBM Corp. 2005
6 * Based on cn_fork.h by Nguyen Anh Quynh and Guillaume Thouvenin
7 * Copyright (C) 2005 Nguyen Anh Quynh <aquynh@gmail.com>
8 * Copyright (C) 2005 Guillaume Thouvenin <guillaume.thouvenin@bull.net>
9 *
10 * This program is free software; you can redistribute it and/or modify it
11 * under the terms of version 2.1 of the GNU Lesser General Public License
12 * as published by the Free Software Foundation.
13 *
14 * This program is distributed in the hope that it would be useful, but
15 * WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
17 */
18
19 #ifndef _UAPICN_PROC_H
20 #define _UAPICN_PROC_H
21
22 #include <linux/types.h>
23
24 /*
25 * Userspace sends this enum to register with the kernel that it is listening
26 * for events on the connector.
27 */
28 enum proc_cn_mcast_op {
29 PROC_CN_MCAST_LISTEN = 1,
30 PROC_CN_MCAST_IGNORE = 2
31 };
32
33 /*
34 * From the user's point of view, the process
35 * ID is the thread group ID and thread ID is the internal
36 * kernel "pid". So, fields are assigned as follow:
37 *
38 * In user space - In kernel space
39 *
40 * parent process ID = parent->tgid
41 * parent thread ID = parent->pid
42 * child process ID = child->tgid
43 * child thread ID = child->pid
44 */
45
46 struct proc_event {
47 enum what {
48 /* Use successive bits so the enums can be used to record
49 * sets of events as well
50 */
51 PROC_EVENT_NONE = 0x00000000,
52 PROC_EVENT_FORK = 0x00000001,
53 PROC_EVENT_EXEC = 0x00000002,
54 PROC_EVENT_UID = 0x00000004,
55 PROC_EVENT_GID = 0x00000040,
56 PROC_EVENT_SID = 0x00000080,
57 PROC_EVENT_PTRACE = 0x00000100,
58 PROC_EVENT_COMM = 0x00000200,
59 /* "next" should be 0x00000400 */
60 /* "last" is the last process event: exit,
61 * while "next to last" is coredumping event */
62 PROC_EVENT_COREDUMP = 0x40000000,
63 PROC_EVENT_EXIT = 0x80000000
64 } what;
65 __u32 cpu;
66 __u64 __attribute__((aligned(8))) timestamp_ns;
67 /* Number of nano seconds since system boot */
68 union { /* must be last field of proc_event struct */
69 struct {
70 __u32 err;
71 } ack;
72
73 struct fork_proc_event {
74 __kernel_pid_t parent_pid;
75 __kernel_pid_t parent_tgid;
76 __kernel_pid_t child_pid;
77 __kernel_pid_t child_tgid;
78 } fork;
79
80 struct exec_proc_event {
81 __kernel_pid_t process_pid;
82 __kernel_pid_t process_tgid;
83 } exec;
84
85 struct id_proc_event {
86 __kernel_pid_t process_pid;
87 __kernel_pid_t process_tgid;
88 union {
89 __u32 ruid; /* task uid */
90 __u32 rgid; /* task gid */
91 } r;
92 union {
93 __u32 euid;
94 __u32 egid;
95 } e;
96 } id;
97
98 struct sid_proc_event {
99 __kernel_pid_t process_pid;
100 __kernel_pid_t process_tgid;
101 } sid;
102
103 struct ptrace_proc_event {
104 __kernel_pid_t process_pid;
105 __kernel_pid_t process_tgid;
106 __kernel_pid_t tracer_pid;
107 __kernel_pid_t tracer_tgid;
108 } ptrace;
109
110 struct comm_proc_event {
111 __kernel_pid_t process_pid;
112 __kernel_pid_t process_tgid;
113 char comm[16];
114 } comm;
115
116 struct coredump_proc_event {
117 __kernel_pid_t process_pid;
118 __kernel_pid_t process_tgid;
119 __kernel_pid_t parent_pid;
120 __kernel_pid_t parent_tgid;
121 } coredump;
122
123 struct exit_proc_event {
124 __kernel_pid_t process_pid;
125 __kernel_pid_t process_tgid;
126 __u32 exit_code, exit_signal;
127 __kernel_pid_t parent_pid;
128 __kernel_pid_t parent_tgid;
129 } exit;
130
131 } event_data;
132 };
133
134 #endif /* _UAPICN_PROC_H */