1 /* 2 * Copyright (c) 1991, 1992 Paul Kranenburg <pk (at) cs.few.eur.nl> 3 * Copyright (c) 1993 Branko Lankester <branko (at) hacktic.nl> 4 * Copyright (c) 1993, 1994, 1995, 1996 Rick Sladkey <jrs (at) world.std.com> 5 * Copyright (c) 1996-1999 Wichert Akkerman <wichert (at) cistron.nl> 6 * Copyright (c) 1999 IBM Deutschland Entwicklung GmbH, IBM Corporation 7 * Linux for s390 port by D.J. Barrow 8 * <barrow_dj (at) mail.yahoo.com,djbarrow (at) de.ibm.com> 9 * All rights reserved. 10 * 11 * Redistribution and use in source and binary forms, with or without 12 * modification, are permitted provided that the following conditions 13 * are met: 14 * 1. Redistributions of source code must retain the above copyright 15 * notice, this list of conditions and the following disclaimer. 16 * 2. Redistributions in binary form must reproduce the above copyright 17 * notice, this list of conditions and the following disclaimer in the 18 * documentation and/or other materials provided with the distribution. 19 * 3. The name of the author may not be used to endorse or promote products 20 * derived from this software without specific prior written permission. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 23 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 24 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 25 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 26 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 27 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 28 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 29 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 30 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 31 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 32 */ 33 34 #include "defs.h" 35 #include "native_defs.h" 36 #include "nsig.h" 37 #include <sys/param.h> 38 39 /* for struct iovec */ 40 #include <sys/uio.h> 41 42 /* for __X32_SYSCALL_BIT */ 43 #include <asm/unistd.h> 44 45 #include "regs.h" 46 #include "ptrace.h" 47 48 #if defined(SPARC64) 49 # undef PTRACE_GETREGS 50 # define PTRACE_GETREGS PTRACE_GETREGS64 51 # undef PTRACE_SETREGS 52 # define PTRACE_SETREGS PTRACE_SETREGS64 53 #endif 54 55 #if defined SPARC64 56 # include <asm/psrcompat.h> 57 #elif defined SPARC 58 # include <asm/psr.h> 59 #endif 60 61 #ifdef IA64 62 # include <asm/rse.h> 63 #endif 64 65 #ifndef NT_PRSTATUS 66 # define NT_PRSTATUS 1 67 #endif 68 69 #include "syscall.h" 70 71 /* Define these shorthand notations to simplify the syscallent files. */ 72 #define TD TRACE_DESC 73 #define TF TRACE_FILE 74 #define TI TRACE_IPC 75 #define TN TRACE_NETWORK 76 #define TP TRACE_PROCESS 77 #define TS TRACE_SIGNAL 78 #define TM TRACE_MEMORY 79 #define NF SYSCALL_NEVER_FAILS 80 #define MA MAX_ARGS 81 #define SI STACKTRACE_INVALIDATE_CACHE 82 #define SE STACKTRACE_CAPTURE_ON_ENTER 83 #define CST COMPAT_SYSCALL_TYPES 84 85 #define SEN(syscall_name) SEN_ ## syscall_name, SYS_FUNC_NAME(sys_ ## syscall_name) 86 87 const struct_sysent sysent0[] = { 88 #include "syscallent.h" 89 }; 90 91 #if SUPPORTED_PERSONALITIES > 1 92 # include PERSONALITY1_INCLUDE_FUNCS 93 static const struct_sysent sysent1[] = { 94 # include "syscallent1.h" 95 }; 96 #endif 97 98 #if SUPPORTED_PERSONALITIES > 2 99 # include PERSONALITY2_INCLUDE_FUNCS 100 static const struct_sysent sysent2[] = { 101 # include "syscallent2.h" 102 }; 103 #endif 104 105 /* Now undef them since short defines cause wicked namespace pollution. */ 106 #undef SEN 107 #undef TD 108 #undef TF 109 #undef TI 110 #undef TN 111 #undef TP 112 #undef TS 113 #undef TM 114 #undef NF 115 #undef MA 116 #undef SI 117 #undef SE 118 #undef CST 119 120 /* 121 * `ioctlent[012].h' files are automatically generated by the auxiliary 122 * program `ioctlsort', such that the list is sorted by the `code' field. 123 * This has the side-effect of resolving the _IO.. macros into 124 * plain integers, eliminating the need to include here everything 125 * in "/usr/include". 126 */ 127 128 const char *const errnoent0[] = { 129 #include "errnoent.h" 130 }; 131 const char *const signalent0[] = { 132 #include "signalent.h" 133 }; 134 const struct_ioctlent ioctlent0[] = { 135 #include "ioctlent0.h" 136 }; 137 138 #if SUPPORTED_PERSONALITIES > 1 139 static const char *const errnoent1[] = { 140 # include "errnoent1.h" 141 }; 142 static const char *const signalent1[] = { 143 # include "signalent1.h" 144 }; 145 static const struct_ioctlent ioctlent1[] = { 146 # include "ioctlent1.h" 147 }; 148 # include PERSONALITY0_INCLUDE_PRINTERS_DECLS 149 static const struct_printers printers0 = { 150 # include PERSONALITY0_INCLUDE_PRINTERS_DEFS 151 }; 152 # include PERSONALITY1_INCLUDE_PRINTERS_DECLS 153 static const struct_printers printers1 = { 154 # include PERSONALITY1_INCLUDE_PRINTERS_DEFS 155 }; 156 #endif 157 158 #if SUPPORTED_PERSONALITIES > 2 159 static const char *const errnoent2[] = { 160 # include "errnoent2.h" 161 }; 162 static const char *const signalent2[] = { 163 # include "signalent2.h" 164 }; 165 static const struct_ioctlent ioctlent2[] = { 166 # include "ioctlent2.h" 167 }; 168 # include PERSONALITY2_INCLUDE_PRINTERS_DECLS 169 static const struct_printers printers2 = { 170 # include PERSONALITY2_INCLUDE_PRINTERS_DEFS 171 }; 172 #endif 173 174 enum { 175 nsyscalls0 = ARRAY_SIZE(sysent0) 176 #if SUPPORTED_PERSONALITIES > 1 177 , nsyscalls1 = ARRAY_SIZE(sysent1) 178 # if SUPPORTED_PERSONALITIES > 2 179 , nsyscalls2 = ARRAY_SIZE(sysent2) 180 # endif 181 #endif 182 }; 183 184 enum { 185 nerrnos0 = ARRAY_SIZE(errnoent0) 186 #if SUPPORTED_PERSONALITIES > 1 187 , nerrnos1 = ARRAY_SIZE(errnoent1) 188 # if SUPPORTED_PERSONALITIES > 2 189 , nerrnos2 = ARRAY_SIZE(errnoent2) 190 # endif 191 #endif 192 }; 193 194 enum { 195 nsignals0 = ARRAY_SIZE(signalent0) 196 #if SUPPORTED_PERSONALITIES > 1 197 , nsignals1 = ARRAY_SIZE(signalent1) 198 # if SUPPORTED_PERSONALITIES > 2 199 , nsignals2 = ARRAY_SIZE(signalent2) 200 # endif 201 #endif 202 }; 203 204 enum { 205 nioctlents0 = ARRAY_SIZE(ioctlent0) 206 #if SUPPORTED_PERSONALITIES > 1 207 , nioctlents1 = ARRAY_SIZE(ioctlent1) 208 # if SUPPORTED_PERSONALITIES > 2 209 , nioctlents2 = ARRAY_SIZE(ioctlent2) 210 # endif 211 #endif 212 }; 213 214 #if SUPPORTED_PERSONALITIES > 1 215 const struct_sysent *sysent = sysent0; 216 const char *const *errnoent = errnoent0; 217 const char *const *signalent = signalent0; 218 const struct_ioctlent *ioctlent = ioctlent0; 219 const struct_printers *printers = &printers0; 220 #endif 221 222 unsigned nsyscalls = nsyscalls0; 223 unsigned nerrnos = nerrnos0; 224 unsigned nsignals = nsignals0; 225 unsigned nioctlents = nioctlents0; 226 227 const unsigned int nsyscall_vec[SUPPORTED_PERSONALITIES] = { 228 nsyscalls0, 229 #if SUPPORTED_PERSONALITIES > 1 230 nsyscalls1, 231 #endif 232 #if SUPPORTED_PERSONALITIES > 2 233 nsyscalls2, 234 #endif 235 }; 236 const struct_sysent *const sysent_vec[SUPPORTED_PERSONALITIES] = { 237 sysent0, 238 #if SUPPORTED_PERSONALITIES > 1 239 sysent1, 240 #endif 241 #if SUPPORTED_PERSONALITIES > 2 242 sysent2, 243 #endif 244 }; 245 246 #if SUPPORTED_PERSONALITIES > 1 247 unsigned current_personality; 248 249 # ifndef current_wordsize 250 unsigned current_wordsize; 251 static const int personality_wordsize[SUPPORTED_PERSONALITIES] = { 252 PERSONALITY0_WORDSIZE, 253 PERSONALITY1_WORDSIZE, 254 # if SUPPORTED_PERSONALITIES > 2 255 PERSONALITY2_WORDSIZE, 256 # endif 257 }; 258 # endif 259 260 # ifndef current_klongsize 261 unsigned current_klongsize; 262 static const int personality_klongsize[SUPPORTED_PERSONALITIES] = { 263 PERSONALITY0_KLONGSIZE, 264 PERSONALITY1_KLONGSIZE, 265 # if SUPPORTED_PERSONALITIES > 2 266 PERSONALITY2_KLONGSIZE, 267 # endif 268 }; 269 # endif 270 271 void 272 set_personality(int personality) 273 { 274 nsyscalls = nsyscall_vec[personality]; 275 sysent = sysent_vec[personality]; 276 277 switch (personality) { 278 case 0: 279 errnoent = errnoent0; 280 nerrnos = nerrnos0; 281 ioctlent = ioctlent0; 282 nioctlents = nioctlents0; 283 signalent = signalent0; 284 nsignals = nsignals0; 285 printers = &printers0; 286 break; 287 288 case 1: 289 errnoent = errnoent1; 290 nerrnos = nerrnos1; 291 ioctlent = ioctlent1; 292 nioctlents = nioctlents1; 293 signalent = signalent1; 294 nsignals = nsignals1; 295 printers = &printers1; 296 break; 297 298 # if SUPPORTED_PERSONALITIES > 2 299 case 2: 300 errnoent = errnoent2; 301 nerrnos = nerrnos2; 302 ioctlent = ioctlent2; 303 nioctlents = nioctlents2; 304 signalent = signalent2; 305 nsignals = nsignals2; 306 printers = &printers2; 307 break; 308 # endif 309 } 310 311 current_personality = personality; 312 # ifndef current_wordsize 313 current_wordsize = personality_wordsize[personality]; 314 # endif 315 # ifndef current_klongsize 316 current_klongsize = personality_klongsize[personality]; 317 # endif 318 } 319 320 static void 321 update_personality(struct tcb *tcp, unsigned int personality) 322 { 323 if (personality == current_personality) 324 return; 325 set_personality(personality); 326 327 if (personality == tcp->currpers) 328 return; 329 tcp->currpers = personality; 330 331 # undef PERSONALITY_NAMES 332 # if defined POWERPC64 333 # define PERSONALITY_NAMES {"64 bit", "32 bit"} 334 # elif defined X86_64 335 # define PERSONALITY_NAMES {"64 bit", "32 bit", "x32"} 336 # elif defined X32 337 # define PERSONALITY_NAMES {"x32", "32 bit"} 338 # elif defined AARCH64 339 # define PERSONALITY_NAMES {"64 bit", "32 bit"} 340 # elif defined TILE 341 # define PERSONALITY_NAMES {"64-bit", "32-bit"} 342 # endif 343 # ifdef PERSONALITY_NAMES 344 if (!qflag) { 345 static const char *const names[] = PERSONALITY_NAMES; 346 error_msg("[ Process PID=%d runs in %s mode. ]", 347 tcp->pid, names[personality]); 348 } 349 # endif 350 } 351 #endif 352 353 #ifdef SYS_socket_subcall 354 static void 355 decode_socket_subcall(struct tcb *tcp) 356 { 357 const int call = tcp->u_arg[0]; 358 359 if (call < 1 || call >= SYS_socket_nsubcalls) 360 return; 361 362 const kernel_ulong_t scno = SYS_socket_subcall + call; 363 const unsigned int nargs = sysent[scno].nargs; 364 uint64_t buf[nargs]; 365 366 if (umoven(tcp, tcp->u_arg[1], nargs * current_wordsize, buf) < 0) 367 return; 368 369 tcp->scno = scno; 370 tcp->qual_flg = qual_flags(scno); 371 tcp->s_ent = &sysent[scno]; 372 373 unsigned int i; 374 for (i = 0; i < nargs; ++i) 375 tcp->u_arg[i] = (sizeof(uint32_t) == current_wordsize) 376 ? ((uint32_t *) (void *) buf)[i] : buf[i]; 377 } 378 #endif 379 380 #ifdef SYS_ipc_subcall 381 static void 382 decode_ipc_subcall(struct tcb *tcp) 383 { 384 unsigned int call = tcp->u_arg[0]; 385 const unsigned int version = call >> 16; 386 387 if (version) { 388 # if defined S390 || defined S390X 389 return; 390 # else 391 # ifdef SPARC64 392 if (current_wordsize == 8) 393 return; 394 # endif 395 set_tcb_priv_ulong(tcp, version); 396 call &= 0xffff; 397 # endif 398 } 399 400 switch (call) { 401 case 1: case 2: case 3: case 4: 402 case 11: case 12: case 13: case 14: 403 case 21: case 22: case 23: case 24: 404 break; 405 default: 406 return; 407 } 408 409 tcp->scno = SYS_ipc_subcall + call; 410 tcp->qual_flg = qual_flags(tcp->scno); 411 tcp->s_ent = &sysent[tcp->scno]; 412 413 const unsigned int n = tcp->s_ent->nargs; 414 unsigned int i; 415 for (i = 0; i < n; i++) 416 tcp->u_arg[i] = tcp->u_arg[i + 1]; 417 } 418 #endif 419 420 #ifdef LINUX_MIPSO32 421 static void 422 decode_mips_subcall(struct tcb *tcp) 423 { 424 if (!scno_is_valid(tcp->u_arg[0])) 425 return; 426 tcp->scno = tcp->u_arg[0]; 427 tcp->qual_flg = qual_flags(tcp->scno); 428 tcp->s_ent = &sysent[tcp->scno]; 429 memmove(&tcp->u_arg[0], &tcp->u_arg[1], 430 sizeof(tcp->u_arg) - sizeof(tcp->u_arg[0])); 431 /* 432 * Fetching the last arg of 7-arg syscalls (fadvise64_64 433 * and sync_file_range) requires additional code, 434 * see linux/mips/get_syscall_args.c 435 */ 436 if (tcp->s_ent->nargs == MAX_ARGS) { 437 if (umoven(tcp, 438 mips_REG_SP + MAX_ARGS * sizeof(tcp->u_arg[0]), 439 sizeof(tcp->u_arg[0]), 440 &tcp->u_arg[MAX_ARGS - 1]) < 0) 441 tcp->u_arg[MAX_ARGS - 1] = 0; 442 } 443 } 444 #endif /* LINUX_MIPSO32 */ 445 446 static void 447 dumpio(struct tcb *tcp) 448 { 449 if (syserror(tcp)) 450 return; 451 452 int fd = tcp->u_arg[0]; 453 if (fd < 0) 454 return; 455 456 if (is_number_in_set(fd, &read_set)) { 457 switch (tcp->s_ent->sen) { 458 case SEN_read: 459 case SEN_pread: 460 case SEN_recv: 461 case SEN_recvfrom: 462 case SEN_mq_timedreceive: 463 dumpstr(tcp, tcp->u_arg[1], tcp->u_rval); 464 return; 465 case SEN_readv: 466 case SEN_preadv: 467 case SEN_preadv2: 468 dumpiov_upto(tcp, tcp->u_arg[2], tcp->u_arg[1], 469 tcp->u_rval); 470 return; 471 case SEN_recvmsg: 472 dumpiov_in_msghdr(tcp, tcp->u_arg[1], tcp->u_rval); 473 return; 474 case SEN_recvmmsg: 475 dumpiov_in_mmsghdr(tcp, tcp->u_arg[1]); 476 return; 477 } 478 } 479 if (is_number_in_set(fd, &write_set)) { 480 switch (tcp->s_ent->sen) { 481 case SEN_write: 482 case SEN_pwrite: 483 case SEN_send: 484 case SEN_sendto: 485 case SEN_mq_timedsend: 486 dumpstr(tcp, tcp->u_arg[1], tcp->u_arg[2]); 487 break; 488 case SEN_writev: 489 case SEN_pwritev: 490 case SEN_pwritev2: 491 case SEN_vmsplice: 492 dumpiov_upto(tcp, tcp->u_arg[2], tcp->u_arg[1], -1); 493 break; 494 case SEN_sendmsg: 495 dumpiov_in_msghdr(tcp, tcp->u_arg[1], -1); 496 break; 497 case SEN_sendmmsg: 498 dumpiov_in_mmsghdr(tcp, tcp->u_arg[1]); 499 break; 500 } 501 } 502 } 503 504 /* 505 * Shuffle syscall numbers so that we don't have huge gaps in syscall table. 506 * The shuffling should be an involution: shuffle_scno(shuffle_scno(n)) == n. 507 */ 508 static kernel_ulong_t 509 shuffle_scno(kernel_ulong_t scno) 510 { 511 #if defined(ARM) || defined(AARCH64) /* So far only 32-bit ARM needs this */ 512 if (scno < ARM_FIRST_SHUFFLED_SYSCALL) 513 return scno; 514 515 /* __ARM_NR_cmpxchg? Swap with LAST_ORDINARY+1 */ 516 if (scno == ARM_FIRST_SHUFFLED_SYSCALL) 517 return 0x000ffff0; 518 if (scno == 0x000ffff0) 519 return ARM_FIRST_SHUFFLED_SYSCALL; 520 521 # define ARM_SECOND_SHUFFLED_SYSCALL (ARM_FIRST_SHUFFLED_SYSCALL + 1) 522 /* 523 * Is it ARM specific syscall? 524 * Swap [0x000f0000, 0x000f0000 + LAST_SPECIAL] range 525 * with [SECOND_SHUFFLED, SECOND_SHUFFLED + LAST_SPECIAL] range. 526 */ 527 if (scno >= 0x000f0000 && 528 scno <= 0x000f0000 + ARM_LAST_SPECIAL_SYSCALL) { 529 return scno - 0x000f0000 + ARM_SECOND_SHUFFLED_SYSCALL; 530 } 531 if (scno <= ARM_SECOND_SHUFFLED_SYSCALL + ARM_LAST_SPECIAL_SYSCALL) { 532 return scno + 0x000f0000 - ARM_SECOND_SHUFFLED_SYSCALL; 533 } 534 #endif /* ARM || AARCH64 */ 535 536 return scno; 537 } 538 539 const char * 540 err_name(unsigned long err) 541 { 542 if ((err < nerrnos) && errnoent[err]) 543 return errnoent[err]; 544 545 return NULL; 546 } 547 548 static long get_regs_error; 549 550 void 551 clear_regs(void) 552 { 553 get_regs_error = -1; 554 } 555 556 static int get_syscall_args(struct tcb *); 557 static int get_syscall_result(struct tcb *); 558 static int arch_get_scno(struct tcb *tcp); 559 static int arch_set_scno(struct tcb *, kernel_ulong_t); 560 static void get_error(struct tcb *, const bool); 561 static int arch_set_error(struct tcb *); 562 static int arch_set_success(struct tcb *); 563 564 struct inject_opts *inject_vec[SUPPORTED_PERSONALITIES]; 565 566 static struct inject_opts * 567 tcb_inject_opts(struct tcb *tcp) 568 { 569 return (scno_in_range(tcp->scno) && tcp->inject_vec[current_personality]) 570 ? &tcp->inject_vec[current_personality][tcp->scno] : NULL; 571 } 572 573 574 static long 575 tamper_with_syscall_entering(struct tcb *tcp, unsigned int *signo) 576 { 577 if (!tcp->inject_vec[current_personality]) { 578 tcp->inject_vec[current_personality] = 579 xcalloc(nsyscalls, sizeof(**inject_vec)); 580 memcpy(tcp->inject_vec[current_personality], 581 inject_vec[current_personality], 582 nsyscalls * sizeof(**inject_vec)); 583 } 584 585 struct inject_opts *opts = tcb_inject_opts(tcp); 586 587 if (!opts || opts->first == 0) 588 return 0; 589 590 --opts->first; 591 592 if (opts->first != 0) 593 return 0; 594 595 opts->first = opts->step; 596 597 if (opts->signo > 0) 598 *signo = opts->signo; 599 if (opts->rval != INJECT_OPTS_RVAL_DEFAULT && !arch_set_scno(tcp, -1)) 600 tcp->flags |= TCB_TAMPERED; 601 602 return 0; 603 } 604 605 static long 606 tamper_with_syscall_exiting(struct tcb *tcp) 607 { 608 struct inject_opts *opts = tcb_inject_opts(tcp); 609 610 if (!opts) 611 return 0; 612 613 if (opts->rval >= 0) { 614 kernel_long_t u_rval = tcp->u_rval; 615 616 tcp->u_rval = opts->rval; 617 if (arch_set_success(tcp)) { 618 tcp->u_rval = u_rval; 619 } else { 620 tcp->u_error = 0; 621 } 622 } else { 623 unsigned long new_error = -opts->rval; 624 625 if (new_error != tcp->u_error && new_error <= MAX_ERRNO_VALUE) { 626 unsigned long u_error = tcp->u_error; 627 628 tcp->u_error = new_error; 629 if (arch_set_error(tcp)) { 630 tcp->u_error = u_error; 631 } 632 } 633 } 634 635 return 0; 636 } 637 638 static int 639 trace_syscall_entering(struct tcb *tcp, unsigned int *sig) 640 { 641 int res, scno_good; 642 643 scno_good = res = get_scno(tcp); 644 if (res == 0) 645 return res; 646 if (res == 1) 647 res = get_syscall_args(tcp); 648 649 if (res != 1) { 650 printleader(tcp); 651 tprintf("%s(", scno_good == 1 ? tcp->s_ent->sys_name : "????"); 652 /* 653 * " <unavailable>" will be added later by the code which 654 * detects ptrace errors. 655 */ 656 goto ret; 657 } 658 659 #ifdef LINUX_MIPSO32 660 if (SEN_syscall == tcp->s_ent->sen) 661 decode_mips_subcall(tcp); 662 #endif 663 664 #if defined(SYS_socket_subcall) || defined(SYS_ipc_subcall) 665 switch (tcp->s_ent->sen) { 666 # ifdef SYS_socket_subcall 667 case SEN_socketcall: 668 decode_socket_subcall(tcp); 669 break; 670 # endif 671 # ifdef SYS_ipc_subcall 672 case SEN_ipc: 673 decode_ipc_subcall(tcp); 674 break; 675 # endif 676 } 677 #endif 678 679 /* Restrain from fault injection while the trace executes strace code. */ 680 if (hide_log(tcp)) { 681 tcp->qual_flg &= ~QUAL_INJECT; 682 } 683 684 switch (tcp->s_ent->sen) { 685 case SEN_execve: 686 case SEN_execveat: 687 #if defined SPARC || defined SPARC64 688 case SEN_execv: 689 #endif 690 tcp->flags &= ~TCB_HIDE_LOG; 691 break; 692 } 693 694 if (!(tcp->qual_flg & QUAL_TRACE) 695 || (tracing_paths && !pathtrace_match(tcp)) 696 ) { 697 tcp->flags |= TCB_INSYSCALL | TCB_FILTERED; 698 tcp->sys_func_rval = 0; 699 return 0; 700 } 701 702 tcp->flags &= ~TCB_FILTERED; 703 704 if (hide_log(tcp)) { 705 res = 0; 706 goto ret; 707 } 708 709 if (tcp->qual_flg & QUAL_INJECT) 710 tamper_with_syscall_entering(tcp, sig); 711 712 if (cflag == CFLAG_ONLY_STATS) { 713 res = 0; 714 goto ret; 715 } 716 717 #ifdef USE_LIBUNWIND 718 if (stack_trace_enabled) { 719 if (tcp->s_ent->sys_flags & STACKTRACE_CAPTURE_ON_ENTER) 720 unwind_capture_stacktrace(tcp); 721 } 722 #endif 723 724 printleader(tcp); 725 tprintf("%s(", tcp->s_ent->sys_name); 726 if (tcp->qual_flg & QUAL_RAW) 727 res = printargs(tcp); 728 else 729 res = tcp->s_ent->sys_func(tcp); 730 731 fflush(tcp->outf); 732 ret: 733 tcp->flags |= TCB_INSYSCALL; 734 tcp->sys_func_rval = res; 735 /* Measure the entrance time as late as possible to avoid errors. */ 736 if (Tflag || cflag) 737 gettimeofday(&tcp->etime, NULL); 738 return res; 739 } 740 741 static bool 742 syscall_tampered(struct tcb *tcp) 743 { 744 return tcp->flags & TCB_TAMPERED; 745 } 746 747 static int 748 trace_syscall_exiting(struct tcb *tcp) 749 { 750 int sys_res; 751 struct timeval tv; 752 int res; 753 unsigned long u_error; 754 const char *u_error_str; 755 756 /* Measure the exit time as early as possible to avoid errors. */ 757 if (Tflag || cflag) 758 gettimeofday(&tv, NULL); 759 760 #ifdef USE_LIBUNWIND 761 if (stack_trace_enabled) { 762 if (tcp->s_ent->sys_flags & STACKTRACE_INVALIDATE_CACHE) 763 unwind_cache_invalidate(tcp); 764 } 765 #endif 766 767 #if SUPPORTED_PERSONALITIES > 1 768 update_personality(tcp, tcp->currpers); 769 #endif 770 res = (get_regs_error ? -1 : get_syscall_result(tcp)); 771 if (filtered(tcp) || hide_log(tcp)) 772 goto ret; 773 774 if (syserror(tcp) && syscall_tampered(tcp)) 775 tamper_with_syscall_exiting(tcp); 776 777 if (cflag) { 778 count_syscall(tcp, &tv); 779 if (cflag == CFLAG_ONLY_STATS) { 780 goto ret; 781 } 782 } 783 784 /* If not in -ff mode, and printing_tcp != tcp, 785 * then the log currently does not end with output 786 * of _our syscall entry_, but with something else. 787 * We need to say which syscall's return is this. 788 * 789 * Forced reprinting via TCB_REPRINT is used only by 790 * "strace -ff -oLOG test/threaded_execve" corner case. 791 * It's the only case when -ff mode needs reprinting. 792 */ 793 if ((followfork < 2 && printing_tcp != tcp) || (tcp->flags & TCB_REPRINT)) { 794 tcp->flags &= ~TCB_REPRINT; 795 printleader(tcp); 796 tprintf("<... %s resumed> ", tcp->s_ent->sys_name); 797 } 798 printing_tcp = tcp; 799 800 tcp->s_prev_ent = NULL; 801 if (res != 1) { 802 /* There was error in one of prior ptrace ops */ 803 tprints(") "); 804 tabto(); 805 tprints("= ? <unavailable>\n"); 806 line_ended(); 807 tcp->flags &= ~(TCB_INSYSCALL | TCB_TAMPERED); 808 tcp->sys_func_rval = 0; 809 free_tcb_priv_data(tcp); 810 return res; 811 } 812 tcp->s_prev_ent = tcp->s_ent; 813 814 sys_res = 0; 815 if (tcp->qual_flg & QUAL_RAW) { 816 /* sys_res = printargs(tcp); - but it's nop on sysexit */ 817 } else { 818 /* FIXME: not_failing_only (IOW, option -z) is broken: 819 * failure of syscall is known only after syscall return. 820 * Thus we end up with something like this on, say, ENOENT: 821 * open("doesnt_exist", O_RDONLY <unfinished ...> 822 * {next syscall decode} 823 * whereas the intended result is that open(...) line 824 * is not shown at all. 825 */ 826 if (not_failing_only && tcp->u_error) 827 goto ret; /* ignore failed syscalls */ 828 if (tcp->sys_func_rval & RVAL_DECODED) 829 sys_res = tcp->sys_func_rval; 830 else 831 sys_res = tcp->s_ent->sys_func(tcp); 832 } 833 834 tprints(") "); 835 tabto(); 836 u_error = tcp->u_error; 837 838 if (tcp->qual_flg & QUAL_RAW) { 839 if (u_error) { 840 tprintf("= -1 (errno %lu)", u_error); 841 } else { 842 tprintf("= %#" PRI_klx, tcp->u_rval); 843 } 844 if (syscall_tampered(tcp)) 845 tprints(" (INJECTED)"); 846 } 847 else if (!(sys_res & RVAL_NONE) && u_error) { 848 switch (u_error) { 849 /* Blocked signals do not interrupt any syscalls. 850 * In this case syscalls don't return ERESTARTfoo codes. 851 * 852 * Deadly signals set to SIG_DFL interrupt syscalls 853 * and kill the process regardless of which of the codes below 854 * is returned by the interrupted syscall. 855 * In some cases, kernel forces a kernel-generated deadly 856 * signal to be unblocked and set to SIG_DFL (and thus cause 857 * death) if it is blocked or SIG_IGNed: for example, SIGSEGV 858 * or SIGILL. (The alternative is to leave process spinning 859 * forever on the faulty instruction - not useful). 860 * 861 * SIG_IGNed signals and non-deadly signals set to SIG_DFL 862 * (for example, SIGCHLD, SIGWINCH) interrupt syscalls, 863 * but kernel will always restart them. 864 */ 865 case ERESTARTSYS: 866 /* Most common type of signal-interrupted syscall exit code. 867 * The system call will be restarted with the same arguments 868 * if SA_RESTART is set; otherwise, it will fail with EINTR. 869 */ 870 tprints("= ? ERESTARTSYS (To be restarted if SA_RESTART is set)"); 871 break; 872 case ERESTARTNOINTR: 873 /* Rare. For example, fork() returns this if interrupted. 874 * SA_RESTART is ignored (assumed set): the restart is unconditional. 875 */ 876 tprints("= ? ERESTARTNOINTR (To be restarted)"); 877 break; 878 case ERESTARTNOHAND: 879 /* pause(), rt_sigsuspend() etc use this code. 880 * SA_RESTART is ignored (assumed not set): 881 * syscall won't restart (will return EINTR instead) 882 * even after signal with SA_RESTART set. However, 883 * after SIG_IGN or SIG_DFL signal it will restart 884 * (thus the name "restart only if has no handler"). 885 */ 886 tprints("= ? ERESTARTNOHAND (To be restarted if no handler)"); 887 break; 888 case ERESTART_RESTARTBLOCK: 889 /* Syscalls like nanosleep(), poll() which can't be 890 * restarted with their original arguments use this 891 * code. Kernel will execute restart_syscall() instead, 892 * which changes arguments before restarting syscall. 893 * SA_RESTART is ignored (assumed not set) similarly 894 * to ERESTARTNOHAND. (Kernel can't honor SA_RESTART 895 * since restart data is saved in "restart block" 896 * in task struct, and if signal handler uses a syscall 897 * which in turn saves another such restart block, 898 * old data is lost and restart becomes impossible) 899 */ 900 tprints("= ? ERESTART_RESTARTBLOCK (Interrupted by signal)"); 901 break; 902 default: 903 u_error_str = err_name(u_error); 904 if (u_error_str) 905 tprintf("= -1 %s (%s)", 906 u_error_str, strerror(u_error)); 907 else 908 tprintf("= -1 %lu (%s)", 909 u_error, strerror(u_error)); 910 break; 911 } 912 if (syscall_tampered(tcp)) 913 tprintf(" (INJECTED)"); 914 if ((sys_res & RVAL_STR) && tcp->auxstr) 915 tprintf(" (%s)", tcp->auxstr); 916 } 917 else { 918 if (sys_res & RVAL_NONE) 919 tprints("= ?"); 920 else { 921 switch (sys_res & RVAL_MASK) { 922 case RVAL_HEX: 923 #if ANY_WORDSIZE_LESS_THAN_KERNEL_LONG 924 if (current_wordsize < sizeof(tcp->u_rval)) { 925 tprintf("= %#x", 926 (unsigned int) tcp->u_rval); 927 } else 928 #endif 929 { 930 tprintf("= %#" PRI_klx, tcp->u_rval); 931 } 932 break; 933 case RVAL_OCTAL: 934 tprints("= "); 935 print_numeric_long_umask(tcp->u_rval); 936 break; 937 case RVAL_UDECIMAL: 938 #if ANY_WORDSIZE_LESS_THAN_KERNEL_LONG 939 if (current_wordsize < sizeof(tcp->u_rval)) { 940 tprintf("= %u", 941 (unsigned int) tcp->u_rval); 942 } else 943 #endif 944 { 945 tprintf("= %" PRI_klu, tcp->u_rval); 946 } 947 break; 948 case RVAL_DECIMAL: 949 tprintf("= %" PRI_kld, tcp->u_rval); 950 break; 951 case RVAL_FD: 952 if (show_fd_path) { 953 tprints("= "); 954 printfd(tcp, tcp->u_rval); 955 } 956 else 957 tprintf("= %" PRI_kld, tcp->u_rval); 958 break; 959 default: 960 error_msg("invalid rval format"); 961 break; 962 } 963 } 964 if ((sys_res & RVAL_STR) && tcp->auxstr) 965 tprintf(" (%s)", tcp->auxstr); 966 if (syscall_tampered(tcp)) 967 tprints(" (INJECTED)"); 968 } 969 if (Tflag) { 970 tv_sub(&tv, &tv, &tcp->etime); 971 tprintf(" <%ld.%06ld>", 972 (long) tv.tv_sec, (long) tv.tv_usec); 973 } 974 tprints("\n"); 975 dumpio(tcp); 976 line_ended(); 977 978 #ifdef USE_LIBUNWIND 979 if (stack_trace_enabled) 980 unwind_print_stacktrace(tcp); 981 #endif 982 983 ret: 984 tcp->flags &= ~(TCB_INSYSCALL | TCB_TAMPERED); 985 tcp->sys_func_rval = 0; 986 free_tcb_priv_data(tcp); 987 return 0; 988 } 989 990 int 991 trace_syscall(struct tcb *tcp, unsigned int *signo) 992 { 993 return exiting(tcp) ? 994 trace_syscall_exiting(tcp) : trace_syscall_entering(tcp, signo); 995 } 996 997 bool 998 is_erestart(struct tcb *tcp) 999 { 1000 switch (tcp->u_error) { 1001 case ERESTARTSYS: 1002 case ERESTARTNOINTR: 1003 case ERESTARTNOHAND: 1004 case ERESTART_RESTARTBLOCK: 1005 return true; 1006 default: 1007 return false; 1008 } 1009 } 1010 1011 static unsigned long saved_u_error; 1012 1013 void 1014 temporarily_clear_syserror(struct tcb *tcp) 1015 { 1016 saved_u_error = tcp->u_error; 1017 tcp->u_error = 0; 1018 } 1019 1020 void 1021 restore_cleared_syserror(struct tcb *tcp) 1022 { 1023 tcp->u_error = saved_u_error; 1024 } 1025 1026 /* 1027 * Check the syscall return value register value for whether it is 1028 * a negated errno code indicating an error, or a success return value. 1029 */ 1030 static inline bool 1031 is_negated_errno(kernel_ulong_t val) 1032 { 1033 /* Linux kernel defines MAX_ERRNO to 4095. */ 1034 kernel_ulong_t max = -(kernel_long_t) 4095; 1035 1036 #ifndef current_klongsize 1037 if (current_klongsize < sizeof(val)) { 1038 val = (uint32_t) val; 1039 max = (uint32_t) max; 1040 } 1041 #endif /* !current_klongsize */ 1042 1043 return val >= max; 1044 } 1045 1046 #include "arch_regs.c" 1047 1048 #ifdef HAVE_GETRVAL2 1049 # include "arch_getrval2.c" 1050 #endif 1051 1052 void 1053 print_pc(struct tcb *tcp) 1054 { 1055 #if defined ARCH_PC_REG 1056 # define ARCH_GET_PC 0 1057 #elif defined ARCH_PC_PEEK_ADDR 1058 kernel_ulong_t pc; 1059 # define ARCH_PC_REG pc 1060 # define ARCH_GET_PC upeek(tcp->pid, ARCH_PC_PEEK_ADDR, &pc) 1061 #else 1062 # error Neither ARCH_PC_REG nor ARCH_PC_PEEK_ADDR is defined 1063 #endif 1064 if (get_regs_error || ARCH_GET_PC) 1065 tprints(current_wordsize == 4 ? "[????????] " 1066 : "[????????????????] "); 1067 else 1068 tprintf(current_wordsize == 4 1069 ? "[%08" PRI_klx "] " : "[%016" PRI_klx "] ", 1070 (kernel_ulong_t) ARCH_PC_REG); 1071 } 1072 1073 #include "getregs_old.h" 1074 1075 #undef ptrace_getregset_or_getregs 1076 #undef ptrace_setregset_or_setregs 1077 #ifdef ARCH_REGS_FOR_GETREGSET 1078 1079 # define ptrace_getregset_or_getregs ptrace_getregset 1080 static long 1081 ptrace_getregset(pid_t pid) 1082 { 1083 # ifdef ARCH_IOVEC_FOR_GETREGSET 1084 /* variable iovec */ 1085 ARCH_IOVEC_FOR_GETREGSET.iov_len = sizeof(ARCH_REGS_FOR_GETREGSET); 1086 return ptrace(PTRACE_GETREGSET, pid, NT_PRSTATUS, 1087 &ARCH_IOVEC_FOR_GETREGSET); 1088 # else 1089 /* constant iovec */ 1090 static struct iovec io = { 1091 .iov_base = &ARCH_REGS_FOR_GETREGSET, 1092 .iov_len = sizeof(ARCH_REGS_FOR_GETREGSET) 1093 }; 1094 return ptrace(PTRACE_GETREGSET, pid, NT_PRSTATUS, &io); 1095 1096 # endif 1097 } 1098 1099 # ifndef HAVE_GETREGS_OLD 1100 # define ptrace_setregset_or_setregs ptrace_setregset 1101 static int 1102 ptrace_setregset(pid_t pid) 1103 { 1104 # ifdef ARCH_IOVEC_FOR_GETREGSET 1105 /* variable iovec */ 1106 return ptrace(PTRACE_SETREGSET, pid, NT_PRSTATUS, 1107 &ARCH_IOVEC_FOR_GETREGSET); 1108 # else 1109 /* constant iovec */ 1110 static struct iovec io = { 1111 .iov_base = &ARCH_REGS_FOR_GETREGSET, 1112 .iov_len = sizeof(ARCH_REGS_FOR_GETREGSET) 1113 }; 1114 return ptrace(PTRACE_SETREGSET, pid, NT_PRSTATUS, &io); 1115 # endif 1116 } 1117 # endif /* !HAVE_GETREGS_OLD */ 1118 1119 #elif defined ARCH_REGS_FOR_GETREGS 1120 1121 # define ptrace_getregset_or_getregs ptrace_getregs 1122 static long 1123 ptrace_getregs(pid_t pid) 1124 { 1125 # if defined SPARC || defined SPARC64 1126 /* SPARC systems have the meaning of data and addr reversed */ 1127 return ptrace(PTRACE_GETREGS, pid, (void *) &ARCH_REGS_FOR_GETREGS, 0); 1128 # else 1129 return ptrace(PTRACE_GETREGS, pid, NULL, &ARCH_REGS_FOR_GETREGS); 1130 # endif 1131 } 1132 1133 # ifndef HAVE_GETREGS_OLD 1134 # define ptrace_setregset_or_setregs ptrace_setregs 1135 static int 1136 ptrace_setregs(pid_t pid) 1137 { 1138 # if defined SPARC || defined SPARC64 1139 /* SPARC systems have the meaning of data and addr reversed */ 1140 return ptrace(PTRACE_SETREGS, pid, (void *) &ARCH_REGS_FOR_GETREGS, 0); 1141 # else 1142 return ptrace(PTRACE_SETREGS, pid, NULL, &ARCH_REGS_FOR_GETREGS); 1143 # endif 1144 } 1145 # endif /* !HAVE_GETREGS_OLD */ 1146 1147 #endif /* ARCH_REGS_FOR_GETREGSET || ARCH_REGS_FOR_GETREGS */ 1148 1149 void 1150 get_regs(pid_t pid) 1151 { 1152 #undef USE_GET_SYSCALL_RESULT_REGS 1153 #ifdef ptrace_getregset_or_getregs 1154 1155 # ifdef HAVE_GETREGS_OLD 1156 /* 1157 * Try PTRACE_GETREGSET/PTRACE_GETREGS first, 1158 * fallback to getregs_old. 1159 */ 1160 static int use_getregs_old; 1161 if (use_getregs_old < 0) { 1162 get_regs_error = ptrace_getregset_or_getregs(pid); 1163 return; 1164 } else if (use_getregs_old == 0) { 1165 get_regs_error = ptrace_getregset_or_getregs(pid); 1166 if (get_regs_error >= 0) { 1167 use_getregs_old = -1; 1168 return; 1169 } 1170 if (errno == EPERM || errno == ESRCH) 1171 return; 1172 use_getregs_old = 1; 1173 } 1174 get_regs_error = getregs_old(pid); 1175 # else /* !HAVE_GETREGS_OLD */ 1176 /* Assume that PTRACE_GETREGSET/PTRACE_GETREGS works. */ 1177 get_regs_error = ptrace_getregset_or_getregs(pid); 1178 # endif /* !HAVE_GETREGS_OLD */ 1179 1180 #else /* !ptrace_getregset_or_getregs */ 1181 1182 # define USE_GET_SYSCALL_RESULT_REGS 1 1183 # warning get_regs is not implemented for this architecture yet 1184 get_regs_error = 0; 1185 1186 #endif /* !ptrace_getregset_or_getregs */ 1187 } 1188 1189 #ifdef ptrace_setregset_or_setregs 1190 static int 1191 set_regs(pid_t pid) 1192 { 1193 return ptrace_setregset_or_setregs(pid); 1194 } 1195 #endif /* ptrace_setregset_or_setregs */ 1196 1197 struct sysent_buf { 1198 struct tcb *tcp; 1199 struct_sysent ent; 1200 char buf[sizeof("syscall_%lu") + sizeof(kernel_ulong_t) * 3]; 1201 }; 1202 1203 static void 1204 free_sysent_buf(void *ptr) 1205 { 1206 struct sysent_buf *s = ptr; 1207 s->tcp->s_prev_ent = s->tcp->s_ent = NULL; 1208 free(ptr); 1209 } 1210 1211 /* 1212 * Returns: 1213 * 0: "ignore this ptrace stop", bail out of trace_syscall_entering() silently. 1214 * 1: ok, continue in trace_syscall_entering(). 1215 * other: error, trace_syscall_entering() should print error indicator 1216 * ("????" etc) and bail out. 1217 */ 1218 int 1219 get_scno(struct tcb *tcp) 1220 { 1221 if (get_regs_error) 1222 return -1; 1223 1224 int rc = arch_get_scno(tcp); 1225 if (rc != 1) 1226 return rc; 1227 1228 if (scno_is_valid(tcp->scno)) { 1229 tcp->s_ent = &sysent[tcp->scno]; 1230 tcp->qual_flg = qual_flags(tcp->scno); 1231 } else { 1232 struct sysent_buf *s = xcalloc(1, sizeof(*s)); 1233 1234 s->tcp = tcp; 1235 s->ent.nargs = MAX_ARGS; 1236 s->ent.sen = SEN_printargs; 1237 s->ent.sys_func = printargs; 1238 s->ent.sys_name = s->buf; 1239 sprintf(s->buf, "syscall_%" PRI_klu, shuffle_scno(tcp->scno)); 1240 1241 tcp->s_ent = &s->ent; 1242 tcp->qual_flg = QUAL_RAW | DEFAULT_QUAL_FLAGS; 1243 1244 set_tcb_priv_data(tcp, s, free_sysent_buf); 1245 1246 if (debug_flag) 1247 error_msg("pid %d invalid syscall %" PRI_kld, 1248 tcp->pid, tcp->scno); 1249 } 1250 return 1; 1251 } 1252 1253 #ifdef USE_GET_SYSCALL_RESULT_REGS 1254 static int get_syscall_result_regs(struct tcb *); 1255 #endif 1256 1257 /* Returns: 1258 * 1: ok, continue in trace_syscall_exiting(). 1259 * -1: error, trace_syscall_exiting() should print error indicator 1260 * ("????" etc) and bail out. 1261 */ 1262 static int 1263 get_syscall_result(struct tcb *tcp) 1264 { 1265 #ifdef USE_GET_SYSCALL_RESULT_REGS 1266 if (get_syscall_result_regs(tcp)) 1267 return -1; 1268 #endif 1269 tcp->u_error = 0; 1270 get_error(tcp, !(tcp->s_ent->sys_flags & SYSCALL_NEVER_FAILS)); 1271 1272 return 1; 1273 } 1274 1275 #include "get_scno.c" 1276 #include "set_scno.c" 1277 #include "get_syscall_args.c" 1278 #ifdef USE_GET_SYSCALL_RESULT_REGS 1279 # include "get_syscall_result.c" 1280 #endif 1281 #include "get_error.c" 1282 #include "set_error.c" 1283 #ifdef HAVE_GETREGS_OLD 1284 # include "getregs_old.c" 1285 #endif 1286 1287 const char * 1288 syscall_name(kernel_ulong_t scno) 1289 { 1290 #if defined X32_PERSONALITY_NUMBER && defined __X32_SYSCALL_BIT 1291 if (current_personality == X32_PERSONALITY_NUMBER) 1292 scno &= ~__X32_SYSCALL_BIT; 1293 #endif 1294 return scno_is_valid(scno) ? sysent[scno].sys_name: NULL; 1295 } 1296
