1 /* 2 * Copyright (c) 1991, 1992 Paul Kranenburg <pk (at) cs.few.eur.nl> 3 * Copyright (c) 1993 Branko Lankester <branko (at) hacktic.nl> 4 * Copyright (c) 1993, 1994, 1995, 1996 Rick Sladkey <jrs (at) world.std.com> 5 * Copyright (c) 1996-1999 Wichert Akkerman <wichert (at) cistron.nl> 6 * Copyright (c) 1999 IBM Deutschland Entwicklung GmbH, IBM Corporation 7 * Linux for s390 port by D.J. Barrow 8 * <barrow_dj (at) mail.yahoo.com,djbarrow (at) de.ibm.com> 9 * Copyright (c) 1999-2018 The strace developers. 10 * All rights reserved. 11 * 12 * Redistribution and use in source and binary forms, with or without 13 * modification, are permitted provided that the following conditions 14 * are met: 15 * 1. Redistributions of source code must retain the above copyright 16 * notice, this list of conditions and the following disclaimer. 17 * 2. Redistributions in binary form must reproduce the above copyright 18 * notice, this list of conditions and the following disclaimer in the 19 * documentation and/or other materials provided with the distribution. 20 * 3. The name of the author may not be used to endorse or promote products 21 * derived from this software without specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 24 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 25 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 26 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 27 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 28 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 29 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 30 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 31 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 32 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 33 */ 34 35 #include "defs.h" 36 #include "mmap_notify.h" 37 #include "native_defs.h" 38 #include "ptrace.h" 39 #include "nsig.h" 40 #include "number_set.h" 41 #include "delay.h" 42 #include "retval.h" 43 #include <limits.h> 44 45 /* for struct iovec */ 46 #include <sys/uio.h> 47 48 /* for __X32_SYSCALL_BIT */ 49 #include <asm/unistd.h> 50 51 #include "regs.h" 52 53 #if defined(SPARC64) 54 # undef PTRACE_GETREGS 55 # define PTRACE_GETREGS PTRACE_GETREGS64 56 # undef PTRACE_SETREGS 57 # define PTRACE_SETREGS PTRACE_SETREGS64 58 #endif 59 60 #include "syscall.h" 61 #include "xstring.h" 62 63 /* Define these shorthand notations to simplify the syscallent files. */ 64 #include "sysent_shorthand_defs.h" 65 66 #define SEN(syscall_name) SEN_ ## syscall_name, SYS_FUNC_NAME(sys_ ## syscall_name) 67 68 const struct_sysent sysent0[] = { 69 #include "syscallent.h" 70 }; 71 72 #if SUPPORTED_PERSONALITIES > 1 73 # include PERSONALITY1_INCLUDE_FUNCS 74 static const struct_sysent sysent1[] = { 75 # include "syscallent1.h" 76 }; 77 #endif 78 79 #if SUPPORTED_PERSONALITIES > 2 80 # include PERSONALITY2_INCLUDE_FUNCS 81 static const struct_sysent sysent2[] = { 82 # include "syscallent2.h" 83 }; 84 #endif 85 86 /* Now undef them since short defines cause wicked namespace pollution. */ 87 #include "sysent_shorthand_undefs.h" 88 89 const char *const errnoent[] = { 90 #include "errnoent.h" 91 }; 92 const char *const signalent[] = { 93 #include "signalent.h" 94 95 }; 96 /* 97 * `ioctlent[012].h' files are automatically generated by the auxiliary 98 * program `ioctlsort', such that the list is sorted by the `code' field. 99 * This has the side-effect of resolving the _IO.. macros into 100 * plain integers, eliminating the need to include here everything 101 * in "/usr/include". 102 */ 103 104 const struct_ioctlent ioctlent0[] = { 105 #include "ioctlent0.h" 106 }; 107 108 #if SUPPORTED_PERSONALITIES > 1 109 static const struct_ioctlent ioctlent1[] = { 110 # include "ioctlent1.h" 111 }; 112 # include PERSONALITY0_INCLUDE_PRINTERS_DECLS 113 static const struct_printers printers0 = { 114 # include PERSONALITY0_INCLUDE_PRINTERS_DEFS 115 }; 116 # include PERSONALITY1_INCLUDE_PRINTERS_DECLS 117 static const struct_printers printers1 = { 118 # include PERSONALITY1_INCLUDE_PRINTERS_DEFS 119 }; 120 #endif 121 122 #if SUPPORTED_PERSONALITIES > 2 123 static const struct_ioctlent ioctlent2[] = { 124 # include "ioctlent2.h" 125 }; 126 # include PERSONALITY2_INCLUDE_PRINTERS_DECLS 127 static const struct_printers printers2 = { 128 # include PERSONALITY2_INCLUDE_PRINTERS_DEFS 129 }; 130 #endif 131 132 enum { 133 nsyscalls0 = ARRAY_SIZE(sysent0) 134 #if SUPPORTED_PERSONALITIES > 1 135 , nsyscalls1 = ARRAY_SIZE(sysent1) 136 # if SUPPORTED_PERSONALITIES > 2 137 , nsyscalls2 = ARRAY_SIZE(sysent2) 138 # endif 139 #endif 140 }; 141 142 enum { 143 nioctlents0 = ARRAY_SIZE(ioctlent0) 144 #if SUPPORTED_PERSONALITIES > 1 145 , nioctlents1 = ARRAY_SIZE(ioctlent1) 146 # if SUPPORTED_PERSONALITIES > 2 147 , nioctlents2 = ARRAY_SIZE(ioctlent2) 148 # endif 149 #endif 150 }; 151 152 #if SUPPORTED_PERSONALITIES > 1 153 const struct_sysent *sysent = sysent0; 154 const struct_ioctlent *ioctlent = ioctlent0; 155 const struct_printers *printers = &printers0; 156 #endif 157 158 const unsigned int nerrnos = ARRAY_SIZE(errnoent); 159 const unsigned int nsignals = ARRAY_SIZE(signalent); 160 unsigned nsyscalls = nsyscalls0; 161 unsigned nioctlents = nioctlents0; 162 163 const unsigned int nsyscall_vec[SUPPORTED_PERSONALITIES] = { 164 nsyscalls0, 165 #if SUPPORTED_PERSONALITIES > 1 166 nsyscalls1, 167 #endif 168 #if SUPPORTED_PERSONALITIES > 2 169 nsyscalls2, 170 #endif 171 }; 172 const struct_sysent *const sysent_vec[SUPPORTED_PERSONALITIES] = { 173 sysent0, 174 #if SUPPORTED_PERSONALITIES > 1 175 sysent1, 176 #endif 177 #if SUPPORTED_PERSONALITIES > 2 178 sysent2, 179 #endif 180 }; 181 182 const char *const personality_names[] = 183 # if defined X86_64 184 {"64 bit", "32 bit", "x32"} 185 # elif defined X32 186 {"x32", "32 bit"} 187 # elif SUPPORTED_PERSONALITIES == 2 188 {"64 bit", "32 bit"} 189 # else 190 {STRINGIFY_VAL(__WORDSIZE) " bit"} 191 # endif 192 ; 193 194 const char *const personality_designators[] = 195 # if defined X86_64 196 { "64", "32", "x32" } 197 # elif defined X32 198 { "x32", "32" } 199 # elif SUPPORTED_PERSONALITIES == 2 200 { "64", "32" } 201 # else 202 { STRINGIFY_VAL(__WORDSIZE) } 203 # endif 204 ; 205 206 #if SUPPORTED_PERSONALITIES > 1 207 208 unsigned current_personality; 209 210 # ifndef current_wordsize 211 unsigned current_wordsize = PERSONALITY0_WORDSIZE; 212 static const int personality_wordsize[SUPPORTED_PERSONALITIES] = { 213 PERSONALITY0_WORDSIZE, 214 PERSONALITY1_WORDSIZE, 215 # if SUPPORTED_PERSONALITIES > 2 216 PERSONALITY2_WORDSIZE, 217 # endif 218 }; 219 # endif 220 221 # ifndef current_klongsize 222 unsigned current_klongsize = PERSONALITY0_KLONGSIZE; 223 static const int personality_klongsize[SUPPORTED_PERSONALITIES] = { 224 PERSONALITY0_KLONGSIZE, 225 PERSONALITY1_KLONGSIZE, 226 # if SUPPORTED_PERSONALITIES > 2 227 PERSONALITY2_KLONGSIZE, 228 # endif 229 }; 230 # endif 231 232 void 233 set_personality(unsigned int personality) 234 { 235 if (personality == current_personality) 236 return; 237 238 if (personality >= SUPPORTED_PERSONALITIES) 239 error_msg_and_die("Requested switch to unsupported personality " 240 "%u", personality); 241 242 nsyscalls = nsyscall_vec[personality]; 243 sysent = sysent_vec[personality]; 244 245 switch (personality) { 246 case 0: 247 ioctlent = ioctlent0; 248 nioctlents = nioctlents0; 249 printers = &printers0; 250 break; 251 252 case 1: 253 ioctlent = ioctlent1; 254 nioctlents = nioctlents1; 255 printers = &printers1; 256 break; 257 258 # if SUPPORTED_PERSONALITIES > 2 259 case 2: 260 ioctlent = ioctlent2; 261 nioctlents = nioctlents2; 262 printers = &printers2; 263 break; 264 # endif 265 } 266 267 current_personality = personality; 268 # ifndef current_wordsize 269 current_wordsize = personality_wordsize[personality]; 270 # endif 271 # ifndef current_klongsize 272 current_klongsize = personality_klongsize[personality]; 273 # endif 274 } 275 276 static void 277 update_personality(struct tcb *tcp, unsigned int personality) 278 { 279 static bool need_mpers_warning[] = 280 { false, !HAVE_PERSONALITY_1_MPERS, !HAVE_PERSONALITY_2_MPERS }; 281 282 set_personality(personality); 283 284 if (personality == tcp->currpers) 285 return; 286 tcp->currpers = personality; 287 288 if (!qflag) { 289 error_msg("[ Process PID=%d runs in %s mode. ]", 290 tcp->pid, personality_names[personality]); 291 } 292 293 if (need_mpers_warning[personality]) { 294 error_msg("WARNING: Proper structure decoding for this " 295 "personality is not supported, please consider " 296 "building strace with mpers support enabled."); 297 need_mpers_warning[personality] = false; 298 } 299 } 300 #endif 301 302 #ifdef SYS_socket_subcall 303 static void 304 decode_socket_subcall(struct tcb *tcp) 305 { 306 const int call = tcp->u_arg[0]; 307 308 if (call < 1 || call >= SYS_socket_nsubcalls) 309 return; 310 311 const kernel_ulong_t scno = SYS_socket_subcall + call; 312 const unsigned int nargs = sysent[scno].nargs; 313 uint64_t buf[nargs]; 314 315 if (umoven(tcp, tcp->u_arg[1], nargs * current_wordsize, buf) < 0) 316 return; 317 318 tcp->scno = scno; 319 tcp->qual_flg = qual_flags(scno); 320 tcp->s_ent = &sysent[scno]; 321 322 unsigned int i; 323 for (i = 0; i < nargs; ++i) 324 tcp->u_arg[i] = (sizeof(uint32_t) == current_wordsize) 325 ? ((uint32_t *) (void *) buf)[i] : buf[i]; 326 } 327 #endif /* SYS_socket_subcall */ 328 329 #ifdef SYS_ipc_subcall 330 static void 331 decode_ipc_subcall(struct tcb *tcp) 332 { 333 unsigned int call = tcp->u_arg[0]; 334 const unsigned int version = call >> 16; 335 336 if (version) { 337 # if defined S390 || defined S390X 338 return; 339 # else 340 # ifdef SPARC64 341 if (current_wordsize == 8) 342 return; 343 # endif 344 set_tcb_priv_ulong(tcp, version); 345 call &= 0xffff; 346 # endif 347 } 348 349 switch (call) { 350 case 1: case 2: case 3: case 4: 351 case 11: case 12: case 13: case 14: 352 case 21: case 22: case 23: case 24: 353 break; 354 default: 355 return; 356 } 357 358 tcp->scno = SYS_ipc_subcall + call; 359 tcp->qual_flg = qual_flags(tcp->scno); 360 tcp->s_ent = &sysent[tcp->scno]; 361 362 const unsigned int n = tcp->s_ent->nargs; 363 unsigned int i; 364 for (i = 0; i < n; i++) 365 tcp->u_arg[i] = tcp->u_arg[i + 1]; 366 } 367 #endif /* SYS_ipc_subcall */ 368 369 #ifdef SYS_syscall_subcall 370 static void 371 decode_syscall_subcall(struct tcb *tcp) 372 { 373 if (!scno_is_valid(tcp->u_arg[0])) 374 return; 375 tcp->scno = tcp->u_arg[0]; 376 tcp->qual_flg = qual_flags(tcp->scno); 377 tcp->s_ent = &sysent[tcp->scno]; 378 memmove(&tcp->u_arg[0], &tcp->u_arg[1], 379 sizeof(tcp->u_arg) - sizeof(tcp->u_arg[0])); 380 # ifdef LINUX_MIPSO32 381 /* 382 * Fetching the last arg of 7-arg syscalls (fadvise64_64 383 * and sync_file_range) requires additional code, 384 * see linux/mips/get_syscall_args.c 385 */ 386 if (tcp->s_ent->nargs == MAX_ARGS) { 387 if (umoven(tcp, 388 mips_REG_SP + MAX_ARGS * sizeof(tcp->u_arg[0]), 389 sizeof(tcp->u_arg[0]), 390 &tcp->u_arg[MAX_ARGS - 1]) < 0) 391 tcp->u_arg[MAX_ARGS - 1] = 0; 392 } 393 # endif /* LINUX_MIPSO32 */ 394 } 395 #endif /* SYS_syscall_subcall */ 396 397 static void 398 dumpio(struct tcb *tcp) 399 { 400 int fd = tcp->u_arg[0]; 401 if (fd < 0) 402 return; 403 404 if (is_number_in_set(fd, write_set)) { 405 switch (tcp->s_ent->sen) { 406 case SEN_write: 407 case SEN_pwrite: 408 case SEN_send: 409 case SEN_sendto: 410 case SEN_mq_timedsend: 411 dumpstr(tcp, tcp->u_arg[1], tcp->u_arg[2]); 412 break; 413 case SEN_writev: 414 case SEN_pwritev: 415 case SEN_pwritev2: 416 case SEN_vmsplice: 417 dumpiov_upto(tcp, tcp->u_arg[2], tcp->u_arg[1], -1); 418 break; 419 case SEN_sendmsg: 420 dumpiov_in_msghdr(tcp, tcp->u_arg[1], -1); 421 break; 422 case SEN_sendmmsg: 423 dumpiov_in_mmsghdr(tcp, tcp->u_arg[1]); 424 break; 425 } 426 } 427 428 if (syserror(tcp)) 429 return; 430 431 if (is_number_in_set(fd, read_set)) { 432 switch (tcp->s_ent->sen) { 433 case SEN_read: 434 case SEN_pread: 435 case SEN_recv: 436 case SEN_recvfrom: 437 case SEN_mq_timedreceive: 438 dumpstr(tcp, tcp->u_arg[1], tcp->u_rval); 439 return; 440 case SEN_readv: 441 case SEN_preadv: 442 case SEN_preadv2: 443 dumpiov_upto(tcp, tcp->u_arg[2], tcp->u_arg[1], 444 tcp->u_rval); 445 return; 446 case SEN_recvmsg: 447 dumpiov_in_msghdr(tcp, tcp->u_arg[1], tcp->u_rval); 448 return; 449 case SEN_recvmmsg: 450 dumpiov_in_mmsghdr(tcp, tcp->u_arg[1]); 451 return; 452 } 453 } 454 } 455 456 const char * 457 err_name(unsigned long err) 458 { 459 if ((err < nerrnos) && errnoent[err]) 460 return errnoent[err]; 461 462 return NULL; 463 } 464 465 static void 466 print_err_ret(kernel_ulong_t ret, unsigned long u_error) 467 { 468 const char *u_error_str = err_name(u_error); 469 470 if (u_error_str) 471 tprintf("= %" PRI_kld " %s (%s)", 472 ret, u_error_str, strerror(u_error)); 473 else 474 tprintf("= %" PRI_kld " (errno %lu)", ret, u_error); 475 } 476 477 static long get_regs(struct tcb *); 478 static int get_syscall_args(struct tcb *); 479 static int get_syscall_result(struct tcb *); 480 static int arch_get_scno(struct tcb *tcp); 481 static int arch_set_scno(struct tcb *, kernel_ulong_t); 482 static void get_error(struct tcb *, const bool); 483 static int arch_set_error(struct tcb *); 484 static int arch_set_success(struct tcb *); 485 486 struct inject_opts *inject_vec[SUPPORTED_PERSONALITIES]; 487 488 static struct inject_opts * 489 tcb_inject_opts(struct tcb *tcp) 490 { 491 return (scno_in_range(tcp->scno) && tcp->inject_vec[current_personality]) 492 ? &tcp->inject_vec[current_personality][tcp->scno] : NULL; 493 } 494 495 496 static long 497 tamper_with_syscall_entering(struct tcb *tcp, unsigned int *signo) 498 { 499 if (!tcp->inject_vec[current_personality]) { 500 tcp->inject_vec[current_personality] = 501 xcalloc(nsyscalls, sizeof(**inject_vec)); 502 memcpy(tcp->inject_vec[current_personality], 503 inject_vec[current_personality], 504 nsyscalls * sizeof(**inject_vec)); 505 } 506 507 struct inject_opts *opts = tcb_inject_opts(tcp); 508 509 if (!opts || opts->first == 0) 510 return 0; 511 512 --opts->first; 513 514 if (opts->first != 0) 515 return 0; 516 517 opts->first = opts->step; 518 519 if (!recovering(tcp)) { 520 if (opts->data.flags & INJECT_F_SIGNAL) 521 *signo = opts->data.signo; 522 if (opts->data.flags & (INJECT_F_ERROR | INJECT_F_RETVAL)) { 523 kernel_long_t scno = 524 (opts->data.flags & INJECT_F_SYSCALL) 525 ? (kernel_long_t) shuffle_scno(opts->data.scno) 526 : -1; 527 528 if (!arch_set_scno(tcp, scno)) { 529 tcp->flags |= TCB_TAMPERED; 530 if (scno != -1) 531 tcp->flags |= TCB_TAMPERED_NO_FAIL; 532 } 533 } 534 if (opts->data.flags & INJECT_F_DELAY_ENTER) 535 delay_tcb(tcp, opts->data.delay_idx, true); 536 if (opts->data.flags & INJECT_F_DELAY_EXIT) 537 tcp->flags |= TCB_INJECT_DELAY_EXIT; 538 } 539 540 return 0; 541 } 542 543 static long 544 tamper_with_syscall_exiting(struct tcb *tcp) 545 { 546 struct inject_opts *opts = tcb_inject_opts(tcp); 547 if (!opts) 548 return 0; 549 550 if (inject_delay_exit(tcp)) 551 delay_tcb(tcp, opts->data.delay_idx, false); 552 553 if (!syscall_tampered(tcp)) 554 return 0; 555 556 if (!syserror(tcp) ^ !!syscall_tampered_nofail(tcp)) { 557 error_msg("Failed to tamper with process %d: unexpectedly got" 558 " %serror (return value %#" PRI_klx ", error %lu)", 559 tcp->pid, syscall_tampered_nofail(tcp) ? "" : "no ", 560 tcp->u_rval, tcp->u_error); 561 562 return 1; 563 } 564 565 bool update_tcb = false; 566 567 if (opts->data.flags & INJECT_F_RETVAL) { 568 kernel_long_t inject_rval = 569 retval_get(opts->data.rval_idx); 570 kernel_long_t u_rval = tcp->u_rval; 571 572 tcp->u_rval = inject_rval; 573 if (arch_set_success(tcp)) { 574 tcp->u_rval = u_rval; 575 } else { 576 update_tcb = true; 577 tcp->u_error = 0; 578 } 579 } else { 580 unsigned long new_error = retval_get(opts->data.rval_idx); 581 582 if (new_error != tcp->u_error && new_error <= MAX_ERRNO_VALUE) { 583 unsigned long u_error = tcp->u_error; 584 585 tcp->u_error = new_error; 586 if (arch_set_error(tcp)) { 587 tcp->u_error = u_error; 588 } else { 589 update_tcb = true; 590 } 591 } 592 } 593 594 if (update_tcb) { 595 tcp->u_error = 0; 596 get_error(tcp, !(tcp->s_ent->sys_flags & SYSCALL_NEVER_FAILS)); 597 } 598 599 return 0; 600 } 601 602 /* 603 * Returns: 604 * 0: "ignore this ptrace stop", bail out silently. 605 * 1: ok, decoded; call 606 * syscall_entering_finish(tcp, syscall_entering_trace(tcp, ...)). 607 * other: error; call syscall_entering_finish(tcp, res), where res is the value 608 * returned. 609 */ 610 int 611 syscall_entering_decode(struct tcb *tcp) 612 { 613 int res = get_scno(tcp); 614 if (res == 0) 615 return res; 616 int scno_good = res; 617 if (res != 1 || (res = get_syscall_args(tcp)) != 1) { 618 printleader(tcp); 619 tprintf("%s(", scno_good == 1 ? tcp->s_ent->sys_name : "????"); 620 /* 621 * " <unavailable>" will be added later by the code which 622 * detects ptrace errors. 623 */ 624 return res; 625 } 626 627 #if defined SYS_ipc_subcall \ 628 || defined SYS_socket_subcall \ 629 || defined SYS_syscall_subcall 630 for (;;) { 631 switch (tcp->s_ent->sen) { 632 # ifdef SYS_ipc_subcall 633 case SEN_ipc: 634 decode_ipc_subcall(tcp); 635 break; 636 # endif 637 # ifdef SYS_socket_subcall 638 case SEN_socketcall: 639 decode_socket_subcall(tcp); 640 break; 641 # endif 642 # ifdef SYS_syscall_subcall 643 case SEN_syscall: 644 decode_syscall_subcall(tcp); 645 if (tcp->s_ent->sen != SEN_syscall) 646 continue; 647 break; 648 # endif 649 } 650 break; 651 } 652 #endif 653 654 return 1; 655 } 656 657 int 658 syscall_entering_trace(struct tcb *tcp, unsigned int *sig) 659 { 660 /* Restrain from fault injection while the trace executes strace code. */ 661 if (hide_log(tcp)) { 662 tcp->qual_flg &= ~QUAL_INJECT; 663 } 664 665 switch (tcp->s_ent->sen) { 666 case SEN_execve: 667 case SEN_execveat: 668 #if defined SPARC || defined SPARC64 669 case SEN_execv: 670 #endif 671 tcp->flags &= ~TCB_HIDE_LOG; 672 break; 673 } 674 675 if (!traced(tcp) || (tracing_paths && !pathtrace_match(tcp))) { 676 tcp->flags |= TCB_FILTERED; 677 return 0; 678 } 679 680 tcp->flags &= ~TCB_FILTERED; 681 682 if (hide_log(tcp)) { 683 return 0; 684 } 685 686 if (inject(tcp)) 687 tamper_with_syscall_entering(tcp, sig); 688 689 if (cflag == CFLAG_ONLY_STATS) { 690 return 0; 691 } 692 693 #ifdef ENABLE_STACKTRACE 694 if (stack_trace_enabled) { 695 if (tcp->s_ent->sys_flags & STACKTRACE_CAPTURE_ON_ENTER) 696 unwind_tcb_capture(tcp); 697 } 698 #endif 699 700 printleader(tcp); 701 tprintf("%s(", tcp->s_ent->sys_name); 702 int res = raw(tcp) ? printargs(tcp) : tcp->s_ent->sys_func(tcp); 703 fflush(tcp->outf); 704 return res; 705 } 706 707 void 708 syscall_entering_finish(struct tcb *tcp, int res) 709 { 710 tcp->flags |= TCB_INSYSCALL; 711 tcp->sys_func_rval = res; 712 /* Measure the entrance time as late as possible to avoid errors. */ 713 if ((Tflag || cflag) && !filtered(tcp)) 714 clock_gettime(CLOCK_MONOTONIC, &tcp->etime); 715 } 716 717 /* Returns: 718 * 0: "bail out". 719 * 1: ok. 720 * -1: error in one of ptrace ops. 721 * 722 * If not 0, call syscall_exiting_trace(tcp, res), where res is the return 723 * value. Anyway, call syscall_exiting_finish(tcp) then. 724 */ 725 int 726 syscall_exiting_decode(struct tcb *tcp, struct timespec *pts) 727 { 728 /* Measure the exit time as early as possible to avoid errors. */ 729 if ((Tflag || cflag) && !(filtered(tcp) || hide_log(tcp))) 730 clock_gettime(CLOCK_MONOTONIC, pts); 731 732 if (tcp->s_ent->sys_flags & MEMORY_MAPPING_CHANGE) 733 mmap_notify_report(tcp); 734 735 if (filtered(tcp) || hide_log(tcp)) 736 return 0; 737 738 #if SUPPORTED_PERSONALITIES > 1 739 update_personality(tcp, tcp->currpers); 740 #endif 741 742 return get_syscall_result(tcp); 743 } 744 745 int 746 syscall_exiting_trace(struct tcb *tcp, struct timespec *ts, int res) 747 { 748 if (syscall_tampered(tcp) || inject_delay_exit(tcp)) 749 tamper_with_syscall_exiting(tcp); 750 751 if (cflag) { 752 count_syscall(tcp, ts); 753 if (cflag == CFLAG_ONLY_STATS) { 754 return 0; 755 } 756 } 757 758 /* If not in -ff mode, and printing_tcp != tcp, 759 * then the log currently does not end with output 760 * of _our syscall entry_, but with something else. 761 * We need to say which syscall's return is this. 762 * 763 * Forced reprinting via TCB_REPRINT is used only by 764 * "strace -ff -oLOG test/threaded_execve" corner case. 765 * It's the only case when -ff mode needs reprinting. 766 */ 767 if ((followfork < 2 && printing_tcp != tcp) || (tcp->flags & TCB_REPRINT)) { 768 tcp->flags &= ~TCB_REPRINT; 769 printleader(tcp); 770 tprintf("<... %s resumed> ", tcp->s_ent->sys_name); 771 } 772 printing_tcp = tcp; 773 774 tcp->s_prev_ent = NULL; 775 if (res != 1) { 776 /* There was error in one of prior ptrace ops */ 777 tprints(") "); 778 tabto(); 779 tprints("= ? <unavailable>\n"); 780 line_ended(); 781 return res; 782 } 783 tcp->s_prev_ent = tcp->s_ent; 784 785 int sys_res = 0; 786 if (raw(tcp)) { 787 /* sys_res = printargs(tcp); - but it's nop on sysexit */ 788 } else { 789 /* FIXME: not_failing_only (IOW, option -z) is broken: 790 * failure of syscall is known only after syscall return. 791 * Thus we end up with something like this on, say, ENOENT: 792 * open("does_not_exist", O_RDONLY <unfinished ...> 793 * {next syscall decode} 794 * whereas the intended result is that open(...) line 795 * is not shown at all. 796 */ 797 if (not_failing_only && tcp->u_error) 798 return 0; /* ignore failed syscalls */ 799 if (tcp->sys_func_rval & RVAL_DECODED) 800 sys_res = tcp->sys_func_rval; 801 else 802 sys_res = tcp->s_ent->sys_func(tcp); 803 } 804 805 tprints(") "); 806 tabto(); 807 808 if (raw(tcp)) { 809 if (tcp->u_error) 810 print_err_ret(tcp->u_rval, tcp->u_error); 811 else 812 tprintf("= %#" PRI_klx, tcp->u_rval); 813 814 if (syscall_tampered(tcp)) 815 tprints(" (INJECTED)"); 816 } else if (!(sys_res & RVAL_NONE) && tcp->u_error) { 817 switch (tcp->u_error) { 818 /* Blocked signals do not interrupt any syscalls. 819 * In this case syscalls don't return ERESTARTfoo codes. 820 * 821 * Deadly signals set to SIG_DFL interrupt syscalls 822 * and kill the process regardless of which of the codes below 823 * is returned by the interrupted syscall. 824 * In some cases, kernel forces a kernel-generated deadly 825 * signal to be unblocked and set to SIG_DFL (and thus cause 826 * death) if it is blocked or SIG_IGNed: for example, SIGSEGV 827 * or SIGILL. (The alternative is to leave process spinning 828 * forever on the faulty instruction - not useful). 829 * 830 * SIG_IGNed signals and non-deadly signals set to SIG_DFL 831 * (for example, SIGCHLD, SIGWINCH) interrupt syscalls, 832 * but kernel will always restart them. 833 */ 834 case ERESTARTSYS: 835 /* Most common type of signal-interrupted syscall exit code. 836 * The system call will be restarted with the same arguments 837 * if SA_RESTART is set; otherwise, it will fail with EINTR. 838 */ 839 tprints("= ? ERESTARTSYS (To be restarted if SA_RESTART is set)"); 840 break; 841 case ERESTARTNOINTR: 842 /* Rare. For example, fork() returns this if interrupted. 843 * SA_RESTART is ignored (assumed set): the restart is unconditional. 844 */ 845 tprints("= ? ERESTARTNOINTR (To be restarted)"); 846 break; 847 case ERESTARTNOHAND: 848 /* pause(), rt_sigsuspend() etc use this code. 849 * SA_RESTART is ignored (assumed not set): 850 * syscall won't restart (will return EINTR instead) 851 * even after signal with SA_RESTART set. However, 852 * after SIG_IGN or SIG_DFL signal it will restart 853 * (thus the name "restart only if has no handler"). 854 */ 855 tprints("= ? ERESTARTNOHAND (To be restarted if no handler)"); 856 break; 857 case ERESTART_RESTARTBLOCK: 858 /* Syscalls like nanosleep(), poll() which can't be 859 * restarted with their original arguments use this 860 * code. Kernel will execute restart_syscall() instead, 861 * which changes arguments before restarting syscall. 862 * SA_RESTART is ignored (assumed not set) similarly 863 * to ERESTARTNOHAND. (Kernel can't honor SA_RESTART 864 * since restart data is saved in "restart block" 865 * in task struct, and if signal handler uses a syscall 866 * which in turn saves another such restart block, 867 * old data is lost and restart becomes impossible) 868 */ 869 tprints("= ? ERESTART_RESTARTBLOCK (Interrupted by signal)"); 870 break; 871 default: 872 print_err_ret(tcp->u_rval, tcp->u_error); 873 break; 874 } 875 if (syscall_tampered(tcp)) 876 tprints(" (INJECTED)"); 877 if ((sys_res & RVAL_STR) && tcp->auxstr) 878 tprintf(" (%s)", tcp->auxstr); 879 } else { 880 if (sys_res & RVAL_NONE) 881 tprints("= ?"); 882 else { 883 switch (sys_res & RVAL_MASK) { 884 case RVAL_HEX: 885 #if ANY_WORDSIZE_LESS_THAN_KERNEL_LONG 886 if (current_klongsize < sizeof(tcp->u_rval)) { 887 tprintf("= %#x", 888 (unsigned int) tcp->u_rval); 889 } else 890 #endif 891 { 892 tprintf("= %#" PRI_klx, tcp->u_rval); 893 } 894 break; 895 case RVAL_OCTAL: 896 tprints("= "); 897 print_numeric_long_umask(tcp->u_rval); 898 break; 899 case RVAL_UDECIMAL: 900 #if ANY_WORDSIZE_LESS_THAN_KERNEL_LONG 901 if (current_klongsize < sizeof(tcp->u_rval)) { 902 tprintf("= %u", 903 (unsigned int) tcp->u_rval); 904 } else 905 #endif 906 { 907 tprintf("= %" PRI_klu, tcp->u_rval); 908 } 909 break; 910 case RVAL_FD: 911 if (show_fd_path) { 912 tprints("= "); 913 printfd(tcp, tcp->u_rval); 914 } else 915 tprintf("= %" PRI_kld, tcp->u_rval); 916 break; 917 default: 918 error_msg("invalid rval format"); 919 break; 920 } 921 } 922 if ((sys_res & RVAL_STR) && tcp->auxstr) 923 tprintf(" (%s)", tcp->auxstr); 924 if (syscall_tampered(tcp)) 925 tprints(" (INJECTED)"); 926 } 927 if (Tflag) { 928 ts_sub(ts, ts, &tcp->etime); 929 tprintf(" <%ld.%06ld>", 930 (long) ts->tv_sec, (long) ts->tv_nsec / 1000); 931 } 932 tprints("\n"); 933 dumpio(tcp); 934 line_ended(); 935 936 #ifdef ENABLE_STACKTRACE 937 if (stack_trace_enabled) 938 unwind_tcb_print(tcp); 939 #endif 940 return 0; 941 } 942 943 void 944 syscall_exiting_finish(struct tcb *tcp) 945 { 946 tcp->flags &= ~(TCB_INSYSCALL | TCB_TAMPERED | TCB_INJECT_DELAY_EXIT); 947 tcp->sys_func_rval = 0; 948 free_tcb_priv_data(tcp); 949 } 950 951 bool 952 is_erestart(struct tcb *tcp) 953 { 954 switch (tcp->u_error) { 955 case ERESTARTSYS: 956 case ERESTARTNOINTR: 957 case ERESTARTNOHAND: 958 case ERESTART_RESTARTBLOCK: 959 return true; 960 default: 961 return false; 962 } 963 } 964 965 static unsigned long saved_u_error; 966 967 void 968 temporarily_clear_syserror(struct tcb *tcp) 969 { 970 saved_u_error = tcp->u_error; 971 tcp->u_error = 0; 972 } 973 974 void 975 restore_cleared_syserror(struct tcb *tcp) 976 { 977 tcp->u_error = saved_u_error; 978 } 979 980 #define XLAT_MACROS_ONLY 981 # include "xlat/nt_descriptor_types.h" 982 #undef XLAT_MACROS_ONLY 983 984 #include "arch_regs.c" 985 986 #if HAVE_ARCH_GETRVAL2 987 # include "arch_getrval2.c" 988 #endif 989 990 void 991 print_pc(struct tcb *tcp) 992 { 993 #if defined ARCH_PC_REG 994 # define ARCH_GET_PC 0 995 #elif defined ARCH_PC_PEEK_ADDR 996 kernel_ulong_t pc; 997 # define ARCH_PC_REG pc 998 # define ARCH_GET_PC upeek(tcp, ARCH_PC_PEEK_ADDR, &pc) 999 #else 1000 # error Neither ARCH_PC_REG nor ARCH_PC_PEEK_ADDR is defined 1001 #endif 1002 if (get_regs(tcp) < 0 || ARCH_GET_PC) 1003 tprints(current_wordsize == 4 ? "[????????] " 1004 : "[????????????????] "); 1005 else 1006 tprintf(current_wordsize == 4 1007 ? "[%08" PRI_klx "] " : "[%016" PRI_klx "] ", 1008 (kernel_ulong_t) ARCH_PC_REG); 1009 } 1010 1011 #include "getregs_old.h" 1012 1013 #undef ptrace_getregset_or_getregs 1014 #undef ptrace_setregset_or_setregs 1015 #ifdef ARCH_REGS_FOR_GETREGSET 1016 1017 # define ptrace_getregset_or_getregs ptrace_getregset 1018 static long 1019 ptrace_getregset(pid_t pid) 1020 { 1021 # ifdef ARCH_IOVEC_FOR_GETREGSET 1022 /* variable iovec */ 1023 ARCH_IOVEC_FOR_GETREGSET.iov_len = sizeof(ARCH_REGS_FOR_GETREGSET); 1024 return ptrace(PTRACE_GETREGSET, pid, NT_PRSTATUS, 1025 &ARCH_IOVEC_FOR_GETREGSET); 1026 # else 1027 /* constant iovec */ 1028 static struct iovec io = { 1029 .iov_base = &ARCH_REGS_FOR_GETREGSET, 1030 .iov_len = sizeof(ARCH_REGS_FOR_GETREGSET) 1031 }; 1032 return ptrace(PTRACE_GETREGSET, pid, NT_PRSTATUS, &io); 1033 1034 # endif 1035 } 1036 1037 # ifndef HAVE_GETREGS_OLD 1038 # define ptrace_setregset_or_setregs ptrace_setregset 1039 static int 1040 ptrace_setregset(pid_t pid) 1041 { 1042 # ifdef ARCH_IOVEC_FOR_GETREGSET 1043 /* variable iovec */ 1044 return ptrace(PTRACE_SETREGSET, pid, NT_PRSTATUS, 1045 &ARCH_IOVEC_FOR_GETREGSET); 1046 # else 1047 /* constant iovec */ 1048 static struct iovec io = { 1049 .iov_base = &ARCH_REGS_FOR_GETREGSET, 1050 .iov_len = sizeof(ARCH_REGS_FOR_GETREGSET) 1051 }; 1052 return ptrace(PTRACE_SETREGSET, pid, NT_PRSTATUS, &io); 1053 # endif 1054 } 1055 # endif /* !HAVE_GETREGS_OLD */ 1056 1057 #elif defined ARCH_REGS_FOR_GETREGS 1058 1059 # define ptrace_getregset_or_getregs ptrace_getregs 1060 static long 1061 ptrace_getregs(pid_t pid) 1062 { 1063 # if defined SPARC || defined SPARC64 1064 /* SPARC systems have the meaning of data and addr reversed */ 1065 return ptrace(PTRACE_GETREGS, pid, (void *) &ARCH_REGS_FOR_GETREGS, 0); 1066 # else 1067 return ptrace(PTRACE_GETREGS, pid, NULL, &ARCH_REGS_FOR_GETREGS); 1068 # endif 1069 } 1070 1071 # ifndef HAVE_GETREGS_OLD 1072 # define ptrace_setregset_or_setregs ptrace_setregs 1073 static int 1074 ptrace_setregs(pid_t pid) 1075 { 1076 # if defined SPARC || defined SPARC64 1077 /* SPARC systems have the meaning of data and addr reversed */ 1078 return ptrace(PTRACE_SETREGS, pid, (void *) &ARCH_REGS_FOR_GETREGS, 0); 1079 # else 1080 return ptrace(PTRACE_SETREGS, pid, NULL, &ARCH_REGS_FOR_GETREGS); 1081 # endif 1082 } 1083 # endif /* !HAVE_GETREGS_OLD */ 1084 1085 #endif /* ARCH_REGS_FOR_GETREGSET || ARCH_REGS_FOR_GETREGS */ 1086 1087 #ifdef ptrace_getregset_or_getregs 1088 static long get_regs_error; 1089 #endif 1090 1091 void 1092 clear_regs(struct tcb *tcp) 1093 { 1094 #ifdef ptrace_getregset_or_getregs 1095 get_regs_error = -1; 1096 #endif 1097 } 1098 1099 static long 1100 get_regs(struct tcb *const tcp) 1101 { 1102 #ifdef ptrace_getregset_or_getregs 1103 1104 if (get_regs_error != -1) 1105 return get_regs_error; 1106 1107 # ifdef HAVE_GETREGS_OLD 1108 /* 1109 * Try PTRACE_GETREGSET/PTRACE_GETREGS first, 1110 * fallback to getregs_old. 1111 */ 1112 static int use_getregs_old; 1113 if (use_getregs_old < 0) { 1114 return get_regs_error = ptrace_getregset_or_getregs(tcp->pid); 1115 } else if (use_getregs_old == 0) { 1116 get_regs_error = ptrace_getregset_or_getregs(tcp->pid); 1117 if (get_regs_error >= 0) { 1118 use_getregs_old = -1; 1119 return get_regs_error; 1120 } 1121 if (errno == EPERM || errno == ESRCH) 1122 return get_regs_error; 1123 use_getregs_old = 1; 1124 } 1125 return get_regs_error = getregs_old(tcp); 1126 # else /* !HAVE_GETREGS_OLD */ 1127 /* Assume that PTRACE_GETREGSET/PTRACE_GETREGS works. */ 1128 get_regs_error = ptrace_getregset_or_getregs(tcp->pid); 1129 1130 # if defined ARCH_PERSONALITY_0_IOV_SIZE 1131 if (get_regs_error) 1132 return get_regs_error; 1133 1134 switch (ARCH_IOVEC_FOR_GETREGSET.iov_len) { 1135 case ARCH_PERSONALITY_0_IOV_SIZE: 1136 update_personality(tcp, 0); 1137 break; 1138 case ARCH_PERSONALITY_1_IOV_SIZE: 1139 update_personality(tcp, 1); 1140 break; 1141 default: { 1142 static bool printed = false; 1143 1144 if (!printed) { 1145 error_msg("Unsupported regset size returned by " 1146 "PTRACE_GETREGSET: %zu", 1147 ARCH_IOVEC_FOR_GETREGSET.iov_len); 1148 1149 printed = true; 1150 } 1151 1152 update_personality(tcp, 0); 1153 } 1154 } 1155 # endif /* ARCH_PERSONALITY_0_IOV_SIZE */ 1156 1157 return get_regs_error; 1158 1159 # endif /* !HAVE_GETREGS_OLD */ 1160 1161 #else /* !ptrace_getregset_or_getregs */ 1162 1163 # warning get_regs is not implemented for this architecture yet 1164 return 0; 1165 1166 #endif /* !ptrace_getregset_or_getregs */ 1167 } 1168 1169 #ifdef ptrace_setregset_or_setregs 1170 static int 1171 set_regs(pid_t pid) 1172 { 1173 return ptrace_setregset_or_setregs(pid); 1174 } 1175 #endif /* ptrace_setregset_or_setregs */ 1176 1177 struct sysent_buf { 1178 struct tcb *tcp; 1179 struct_sysent ent; 1180 char buf[sizeof("syscall_0x") + sizeof(kernel_ulong_t) * 2]; 1181 }; 1182 1183 static void 1184 free_sysent_buf(void *ptr) 1185 { 1186 struct sysent_buf *s = ptr; 1187 s->tcp->s_prev_ent = s->tcp->s_ent = NULL; 1188 free(ptr); 1189 } 1190 1191 /* 1192 * Returns: 1193 * 0: "ignore this ptrace stop", syscall_entering_decode() should return a "bail 1194 * out silently" code. 1195 * 1: ok, continue in syscall_entering_decode(). 1196 * other: error, syscall_entering_decode() should print error indicator 1197 * ("????" etc) and return an appropriate code. 1198 */ 1199 int 1200 get_scno(struct tcb *tcp) 1201 { 1202 if (get_regs(tcp) < 0) 1203 return -1; 1204 1205 int rc = arch_get_scno(tcp); 1206 if (rc != 1) 1207 return rc; 1208 1209 tcp->scno = shuffle_scno(tcp->scno); 1210 1211 if (scno_is_valid(tcp->scno)) { 1212 tcp->s_ent = &sysent[tcp->scno]; 1213 tcp->qual_flg = qual_flags(tcp->scno); 1214 } else { 1215 struct sysent_buf *s = xcalloc(1, sizeof(*s)); 1216 1217 s->tcp = tcp; 1218 s->ent.nargs = MAX_ARGS; 1219 s->ent.sen = SEN_printargs; 1220 s->ent.sys_func = printargs; 1221 s->ent.sys_name = s->buf; 1222 xsprintf(s->buf, "syscall_%#" PRI_klx, shuffle_scno(tcp->scno)); 1223 1224 tcp->s_ent = &s->ent; 1225 tcp->qual_flg = QUAL_RAW | DEFAULT_QUAL_FLAGS; 1226 1227 set_tcb_priv_data(tcp, s, free_sysent_buf); 1228 1229 debug_msg("pid %d invalid syscall %#" PRI_klx, 1230 tcp->pid, shuffle_scno(tcp->scno)); 1231 } 1232 1233 /* 1234 * We refrain from argument decoding during recovering 1235 * as tracee memory mappings has changed and the registers 1236 * are very likely pointing to garbage already. 1237 */ 1238 if (recovering(tcp)) 1239 tcp->qual_flg |= QUAL_RAW; 1240 1241 return 1; 1242 } 1243 1244 #ifdef ptrace_getregset_or_getregs 1245 # define get_syscall_result_regs get_regs 1246 #else 1247 static int get_syscall_result_regs(struct tcb *); 1248 #endif 1249 1250 /* Returns: 1251 * 1: ok, continue in syscall_exiting_trace(). 1252 * -1: error, syscall_exiting_trace() should print error indicator 1253 * ("????" etc) and bail out. 1254 */ 1255 static int 1256 get_syscall_result(struct tcb *tcp) 1257 { 1258 if (get_syscall_result_regs(tcp) < 0) 1259 return -1; 1260 tcp->u_error = 0; 1261 get_error(tcp, 1262 (!(tcp->s_ent->sys_flags & SYSCALL_NEVER_FAILS) 1263 || syscall_tampered(tcp)) 1264 && !syscall_tampered_nofail(tcp)); 1265 1266 return 1; 1267 } 1268 1269 #include "get_scno.c" 1270 #include "set_scno.c" 1271 #include "get_syscall_args.c" 1272 #ifndef ptrace_getregset_or_getregs 1273 # include "get_syscall_result.c" 1274 #endif 1275 #include "get_error.c" 1276 #include "set_error.c" 1277 #ifdef HAVE_GETREGS_OLD 1278 # include "getregs_old.c" 1279 #endif 1280 #include "shuffle_scno.c" 1281 1282 const char * 1283 syscall_name(kernel_ulong_t scno) 1284 { 1285 return scno_is_valid(scno) ? sysent[scno].sys_name : NULL; 1286 } 1287