1/* SPDX-License-Identifier: GPL-2.0 */
2#undef TRACE_SYSTEM
3#define TRACE_SYSTEM capability
4
5#if !defined(_TRACE_CAPABILITY_H) || defined(TRACE_HEADER_MULTI_READ)
6#define _TRACE_CAPABILITY_H
7
8#include <linux/cred.h>
9#include <linux/tracepoint.h>
10#include <linux/user_namespace.h>
11
12/**
13 * cap_capable - called after it's determined if a task has a particular
14 * effective capability
15 *
16 * @cred: The credentials used
17 * @target_ns: The user namespace of the resource being accessed
18 * @capable_ns: The user namespace in which the credential provides the
19 * capability to access the targeted resource.
20 * This will be NULL if ret is not 0.
21 * @cap: The capability to check for
22 * @ret: The return value of the check: 0 if it does, -ve if it does not
23 *
24 * Allows to trace calls to cap_capable in commoncap.c
25 */
26TRACE_EVENT(cap_capable,
27
28 TP_PROTO(const struct cred *cred, struct user_namespace *target_ns,
29 const struct user_namespace *capable_ns, int cap, int ret),
30
31 TP_ARGS(cred, target_ns, capable_ns, cap, ret),
32
33 TP_STRUCT__entry(
34 __field(const struct cred *, cred)
35 __field(struct user_namespace *, target_ns)
36 __field(const struct user_namespace *, capable_ns)
37 __field(int, cap)
38 __field(int, ret)
39 ),
40
41 TP_fast_assign(
42 __entry->cred = cred;
43 __entry->target_ns = target_ns;
44 __entry->capable_ns = ret == 0 ? capable_ns : NULL;
45 __entry->cap = cap;
46 __entry->ret = ret;
47 ),
48
49 TP_printk("cred %p, target_ns %p, capable_ns %p, cap %d, ret %d",
50 __entry->cred, __entry->target_ns, __entry->capable_ns, __entry->cap,
51 __entry->ret)
52);
53
54#endif /* _TRACE_CAPABILITY_H */
55
56/* This part must be outside protection */
57#include <trace/define_trace.h>
58