1 /* 2 * Copyright (c) 1991, 1992 Paul Kranenburg <pk (at) cs.few.eur.nl> 3 * Copyright (c) 1993 Branko Lankester <branko (at) hacktic.nl> 4 * Copyright (c) 1993, 1994, 1995, 1996 Rick Sladkey <jrs (at) world.std.com> 5 * Copyright (c) 1996-1999 Wichert Akkerman <wichert (at) cistron.nl> 6 * Copyright (c) 1999 IBM Deutschland Entwicklung GmbH, IBM Corporation 7 * Linux for s390 port by D.J. Barrow 8 * <barrow_dj (at) mail.yahoo.com,djbarrow (at) de.ibm.com> 9 * Copyright (c) 1999-2017 The strace developers. 10 * All rights reserved. 11 * 12 * Redistribution and use in source and binary forms, with or without 13 * modification, are permitted provided that the following conditions 14 * are met: 15 * 1. Redistributions of source code must retain the above copyright 16 * notice, this list of conditions and the following disclaimer. 17 * 2. Redistributions in binary form must reproduce the above copyright 18 * notice, this list of conditions and the following disclaimer in the 19 * documentation and/or other materials provided with the distribution. 20 * 3. The name of the author may not be used to endorse or promote products 21 * derived from this software without specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 24 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 25 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 26 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 27 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 28 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 29 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 30 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 31 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 32 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 33 */ 34 35 #include "defs.h" 36 #include "native_defs.h" 37 #include "nsig.h" 38 #include <sys/param.h> 39 40 /* for struct iovec */ 41 #include <sys/uio.h> 42 43 /* for __X32_SYSCALL_BIT */ 44 #include <asm/unistd.h> 45 46 #include "regs.h" 47 #include "ptrace.h" 48 49 #if defined(SPARC64) 50 # undef PTRACE_GETREGS 51 # define PTRACE_GETREGS PTRACE_GETREGS64 52 # undef PTRACE_SETREGS 53 # define PTRACE_SETREGS PTRACE_SETREGS64 54 #endif 55 56 #if defined SPARC64 57 # include <asm/psrcompat.h> 58 #elif defined SPARC 59 # include <asm/psr.h> 60 #endif 61 62 #ifdef IA64 63 # include <asm/rse.h> 64 #endif 65 66 #ifndef NT_PRSTATUS 67 # define NT_PRSTATUS 1 68 #endif 69 70 #include "syscall.h" 71 72 /* Define these shorthand notations to simplify the syscallent files. */ 73 #define TD TRACE_DESC 74 #define TF TRACE_FILE 75 #define TI TRACE_IPC 76 #define TN TRACE_NETWORK 77 #define TP TRACE_PROCESS 78 #define TS TRACE_SIGNAL 79 #define TM TRACE_MEMORY 80 #define TST TRACE_STAT 81 #define TLST TRACE_LSTAT 82 #define TFST TRACE_FSTAT 83 #define TSTA TRACE_STAT_LIKE 84 #define TSF TRACE_STATFS 85 #define TFSF TRACE_FSTATFS 86 #define TSFA TRACE_STATFS_LIKE 87 #define NF SYSCALL_NEVER_FAILS 88 #define MA MAX_ARGS 89 #define SI STACKTRACE_INVALIDATE_CACHE 90 #define SE STACKTRACE_CAPTURE_ON_ENTER 91 #define CST COMPAT_SYSCALL_TYPES 92 93 #define SEN(syscall_name) SEN_ ## syscall_name, SYS_FUNC_NAME(sys_ ## syscall_name) 94 95 const struct_sysent sysent0[] = { 96 #include "syscallent.h" 97 }; 98 99 #if SUPPORTED_PERSONALITIES > 1 100 # include PERSONALITY1_INCLUDE_FUNCS 101 static const struct_sysent sysent1[] = { 102 # include "syscallent1.h" 103 }; 104 #endif 105 106 #if SUPPORTED_PERSONALITIES > 2 107 # include PERSONALITY2_INCLUDE_FUNCS 108 static const struct_sysent sysent2[] = { 109 # include "syscallent2.h" 110 }; 111 #endif 112 113 /* Now undef them since short defines cause wicked namespace pollution. */ 114 #undef SEN 115 #undef TD 116 #undef TF 117 #undef TI 118 #undef TN 119 #undef TP 120 #undef TS 121 #undef TM 122 #undef TST 123 #undef TLST 124 #undef TFST 125 #undef TSTA 126 #undef TSF 127 #undef TFSF 128 #undef TSFA 129 #undef NF 130 #undef MA 131 #undef SI 132 #undef SE 133 #undef CST 134 135 /* 136 * `ioctlent[012].h' files are automatically generated by the auxiliary 137 * program `ioctlsort', such that the list is sorted by the `code' field. 138 * This has the side-effect of resolving the _IO.. macros into 139 * plain integers, eliminating the need to include here everything 140 * in "/usr/include". 141 */ 142 143 const char *const errnoent0[] = { 144 #include "errnoent.h" 145 }; 146 const char *const signalent0[] = { 147 #include "signalent.h" 148 }; 149 const struct_ioctlent ioctlent0[] = { 150 #include "ioctlent0.h" 151 }; 152 153 #if SUPPORTED_PERSONALITIES > 1 154 static const char *const errnoent1[] = { 155 # include "errnoent1.h" 156 }; 157 static const char *const signalent1[] = { 158 # include "signalent1.h" 159 }; 160 static const struct_ioctlent ioctlent1[] = { 161 # include "ioctlent1.h" 162 }; 163 # include PERSONALITY0_INCLUDE_PRINTERS_DECLS 164 static const struct_printers printers0 = { 165 # include PERSONALITY0_INCLUDE_PRINTERS_DEFS 166 }; 167 # include PERSONALITY1_INCLUDE_PRINTERS_DECLS 168 static const struct_printers printers1 = { 169 # include PERSONALITY1_INCLUDE_PRINTERS_DEFS 170 }; 171 #endif 172 173 #if SUPPORTED_PERSONALITIES > 2 174 static const char *const errnoent2[] = { 175 # include "errnoent2.h" 176 }; 177 static const char *const signalent2[] = { 178 # include "signalent2.h" 179 }; 180 static const struct_ioctlent ioctlent2[] = { 181 # include "ioctlent2.h" 182 }; 183 # include PERSONALITY2_INCLUDE_PRINTERS_DECLS 184 static const struct_printers printers2 = { 185 # include PERSONALITY2_INCLUDE_PRINTERS_DEFS 186 }; 187 #endif 188 189 enum { 190 nsyscalls0 = ARRAY_SIZE(sysent0) 191 #if SUPPORTED_PERSONALITIES > 1 192 , nsyscalls1 = ARRAY_SIZE(sysent1) 193 # if SUPPORTED_PERSONALITIES > 2 194 , nsyscalls2 = ARRAY_SIZE(sysent2) 195 # endif 196 #endif 197 }; 198 199 enum { 200 nerrnos0 = ARRAY_SIZE(errnoent0) 201 #if SUPPORTED_PERSONALITIES > 1 202 , nerrnos1 = ARRAY_SIZE(errnoent1) 203 # if SUPPORTED_PERSONALITIES > 2 204 , nerrnos2 = ARRAY_SIZE(errnoent2) 205 # endif 206 #endif 207 }; 208 209 enum { 210 nsignals0 = ARRAY_SIZE(signalent0) 211 #if SUPPORTED_PERSONALITIES > 1 212 , nsignals1 = ARRAY_SIZE(signalent1) 213 # if SUPPORTED_PERSONALITIES > 2 214 , nsignals2 = ARRAY_SIZE(signalent2) 215 # endif 216 #endif 217 }; 218 219 enum { 220 nioctlents0 = ARRAY_SIZE(ioctlent0) 221 #if SUPPORTED_PERSONALITIES > 1 222 , nioctlents1 = ARRAY_SIZE(ioctlent1) 223 # if SUPPORTED_PERSONALITIES > 2 224 , nioctlents2 = ARRAY_SIZE(ioctlent2) 225 # endif 226 #endif 227 }; 228 229 #if SUPPORTED_PERSONALITIES > 1 230 const struct_sysent *sysent = sysent0; 231 const char *const *errnoent = errnoent0; 232 const char *const *signalent = signalent0; 233 const struct_ioctlent *ioctlent = ioctlent0; 234 const struct_printers *printers = &printers0; 235 #endif 236 237 unsigned nsyscalls = nsyscalls0; 238 unsigned nerrnos = nerrnos0; 239 unsigned nsignals = nsignals0; 240 unsigned nioctlents = nioctlents0; 241 242 const unsigned int nsyscall_vec[SUPPORTED_PERSONALITIES] = { 243 nsyscalls0, 244 #if SUPPORTED_PERSONALITIES > 1 245 nsyscalls1, 246 #endif 247 #if SUPPORTED_PERSONALITIES > 2 248 nsyscalls2, 249 #endif 250 }; 251 const struct_sysent *const sysent_vec[SUPPORTED_PERSONALITIES] = { 252 sysent0, 253 #if SUPPORTED_PERSONALITIES > 1 254 sysent1, 255 #endif 256 #if SUPPORTED_PERSONALITIES > 2 257 sysent2, 258 #endif 259 }; 260 261 #if SUPPORTED_PERSONALITIES > 1 262 unsigned current_personality; 263 264 # ifndef current_wordsize 265 unsigned current_wordsize; 266 static const int personality_wordsize[SUPPORTED_PERSONALITIES] = { 267 PERSONALITY0_WORDSIZE, 268 PERSONALITY1_WORDSIZE, 269 # if SUPPORTED_PERSONALITIES > 2 270 PERSONALITY2_WORDSIZE, 271 # endif 272 }; 273 # endif 274 275 # ifndef current_klongsize 276 unsigned current_klongsize; 277 static const int personality_klongsize[SUPPORTED_PERSONALITIES] = { 278 PERSONALITY0_KLONGSIZE, 279 PERSONALITY1_KLONGSIZE, 280 # if SUPPORTED_PERSONALITIES > 2 281 PERSONALITY2_KLONGSIZE, 282 # endif 283 }; 284 # endif 285 286 void 287 set_personality(int personality) 288 { 289 nsyscalls = nsyscall_vec[personality]; 290 sysent = sysent_vec[personality]; 291 292 switch (personality) { 293 case 0: 294 errnoent = errnoent0; 295 nerrnos = nerrnos0; 296 ioctlent = ioctlent0; 297 nioctlents = nioctlents0; 298 signalent = signalent0; 299 nsignals = nsignals0; 300 printers = &printers0; 301 break; 302 303 case 1: 304 errnoent = errnoent1; 305 nerrnos = nerrnos1; 306 ioctlent = ioctlent1; 307 nioctlents = nioctlents1; 308 signalent = signalent1; 309 nsignals = nsignals1; 310 printers = &printers1; 311 break; 312 313 # if SUPPORTED_PERSONALITIES > 2 314 case 2: 315 errnoent = errnoent2; 316 nerrnos = nerrnos2; 317 ioctlent = ioctlent2; 318 nioctlents = nioctlents2; 319 signalent = signalent2; 320 nsignals = nsignals2; 321 printers = &printers2; 322 break; 323 # endif 324 } 325 326 current_personality = personality; 327 # ifndef current_wordsize 328 current_wordsize = personality_wordsize[personality]; 329 # endif 330 # ifndef current_klongsize 331 current_klongsize = personality_klongsize[personality]; 332 # endif 333 } 334 335 static void 336 update_personality(struct tcb *tcp, unsigned int personality) 337 { 338 if (personality == current_personality) 339 return; 340 set_personality(personality); 341 342 if (personality == tcp->currpers) 343 return; 344 tcp->currpers = personality; 345 346 # undef PERSONALITY_NAMES 347 # if defined POWERPC64 348 # define PERSONALITY_NAMES {"64 bit", "32 bit"} 349 # elif defined X86_64 350 # define PERSONALITY_NAMES {"64 bit", "32 bit", "x32"} 351 # elif defined X32 352 # define PERSONALITY_NAMES {"x32", "32 bit"} 353 # elif defined AARCH64 354 # define PERSONALITY_NAMES {"64 bit", "32 bit"} 355 # elif defined TILE 356 # define PERSONALITY_NAMES {"64-bit", "32-bit"} 357 # endif 358 # ifdef PERSONALITY_NAMES 359 if (!qflag) { 360 static const char *const names[] = PERSONALITY_NAMES; 361 error_msg("[ Process PID=%d runs in %s mode. ]", 362 tcp->pid, names[personality]); 363 } 364 # endif 365 } 366 #endif 367 368 #ifdef SYS_socket_subcall 369 static void 370 decode_socket_subcall(struct tcb *tcp) 371 { 372 const int call = tcp->u_arg[0]; 373 374 if (call < 1 || call >= SYS_socket_nsubcalls) 375 return; 376 377 const kernel_ulong_t scno = SYS_socket_subcall + call; 378 const unsigned int nargs = sysent[scno].nargs; 379 uint64_t buf[nargs]; 380 381 if (umoven(tcp, tcp->u_arg[1], nargs * current_wordsize, buf) < 0) 382 return; 383 384 tcp->scno = scno; 385 tcp->qual_flg = qual_flags(scno); 386 tcp->s_ent = &sysent[scno]; 387 388 unsigned int i; 389 for (i = 0; i < nargs; ++i) 390 tcp->u_arg[i] = (sizeof(uint32_t) == current_wordsize) 391 ? ((uint32_t *) (void *) buf)[i] : buf[i]; 392 } 393 #endif 394 395 #ifdef SYS_ipc_subcall 396 static void 397 decode_ipc_subcall(struct tcb *tcp) 398 { 399 unsigned int call = tcp->u_arg[0]; 400 const unsigned int version = call >> 16; 401 402 if (version) { 403 # if defined S390 || defined S390X 404 return; 405 # else 406 # ifdef SPARC64 407 if (current_wordsize == 8) 408 return; 409 # endif 410 set_tcb_priv_ulong(tcp, version); 411 call &= 0xffff; 412 # endif 413 } 414 415 switch (call) { 416 case 1: case 2: case 3: case 4: 417 case 11: case 12: case 13: case 14: 418 case 21: case 22: case 23: case 24: 419 break; 420 default: 421 return; 422 } 423 424 tcp->scno = SYS_ipc_subcall + call; 425 tcp->qual_flg = qual_flags(tcp->scno); 426 tcp->s_ent = &sysent[tcp->scno]; 427 428 const unsigned int n = tcp->s_ent->nargs; 429 unsigned int i; 430 for (i = 0; i < n; i++) 431 tcp->u_arg[i] = tcp->u_arg[i + 1]; 432 } 433 #endif 434 435 #ifdef LINUX_MIPSO32 436 static void 437 decode_mips_subcall(struct tcb *tcp) 438 { 439 if (!scno_is_valid(tcp->u_arg[0])) 440 return; 441 tcp->scno = tcp->u_arg[0]; 442 tcp->qual_flg = qual_flags(tcp->scno); 443 tcp->s_ent = &sysent[tcp->scno]; 444 memmove(&tcp->u_arg[0], &tcp->u_arg[1], 445 sizeof(tcp->u_arg) - sizeof(tcp->u_arg[0])); 446 /* 447 * Fetching the last arg of 7-arg syscalls (fadvise64_64 448 * and sync_file_range) requires additional code, 449 * see linux/mips/get_syscall_args.c 450 */ 451 if (tcp->s_ent->nargs == MAX_ARGS) { 452 if (umoven(tcp, 453 mips_REG_SP + MAX_ARGS * sizeof(tcp->u_arg[0]), 454 sizeof(tcp->u_arg[0]), 455 &tcp->u_arg[MAX_ARGS - 1]) < 0) 456 tcp->u_arg[MAX_ARGS - 1] = 0; 457 } 458 } 459 #endif /* LINUX_MIPSO32 */ 460 461 static void 462 dumpio(struct tcb *tcp) 463 { 464 if (syserror(tcp)) 465 return; 466 467 int fd = tcp->u_arg[0]; 468 if (fd < 0) 469 return; 470 471 if (is_number_in_set(fd, &read_set)) { 472 switch (tcp->s_ent->sen) { 473 case SEN_read: 474 case SEN_pread: 475 case SEN_recv: 476 case SEN_recvfrom: 477 case SEN_mq_timedreceive: 478 dumpstr(tcp, tcp->u_arg[1], tcp->u_rval); 479 return; 480 case SEN_readv: 481 case SEN_preadv: 482 case SEN_preadv2: 483 dumpiov_upto(tcp, tcp->u_arg[2], tcp->u_arg[1], 484 tcp->u_rval); 485 return; 486 case SEN_recvmsg: 487 dumpiov_in_msghdr(tcp, tcp->u_arg[1], tcp->u_rval); 488 return; 489 case SEN_recvmmsg: 490 dumpiov_in_mmsghdr(tcp, tcp->u_arg[1]); 491 return; 492 } 493 } 494 if (is_number_in_set(fd, &write_set)) { 495 switch (tcp->s_ent->sen) { 496 case SEN_write: 497 case SEN_pwrite: 498 case SEN_send: 499 case SEN_sendto: 500 case SEN_mq_timedsend: 501 dumpstr(tcp, tcp->u_arg[1], tcp->u_arg[2]); 502 break; 503 case SEN_writev: 504 case SEN_pwritev: 505 case SEN_pwritev2: 506 case SEN_vmsplice: 507 dumpiov_upto(tcp, tcp->u_arg[2], tcp->u_arg[1], -1); 508 break; 509 case SEN_sendmsg: 510 dumpiov_in_msghdr(tcp, tcp->u_arg[1], -1); 511 break; 512 case SEN_sendmmsg: 513 dumpiov_in_mmsghdr(tcp, tcp->u_arg[1]); 514 break; 515 } 516 } 517 } 518 519 /* 520 * Shuffle syscall numbers so that we don't have huge gaps in syscall table. 521 * The shuffling should be an involution: shuffle_scno(shuffle_scno(n)) == n. 522 */ 523 static kernel_ulong_t 524 shuffle_scno(kernel_ulong_t scno) 525 { 526 #if defined(ARM) || defined(AARCH64) /* So far only 32-bit ARM needs this */ 527 if (scno < ARM_FIRST_SHUFFLED_SYSCALL) 528 return scno; 529 530 /* __ARM_NR_cmpxchg? Swap with LAST_ORDINARY+1 */ 531 if (scno == ARM_FIRST_SHUFFLED_SYSCALL) 532 return 0x000ffff0; 533 if (scno == 0x000ffff0) 534 return ARM_FIRST_SHUFFLED_SYSCALL; 535 536 # define ARM_SECOND_SHUFFLED_SYSCALL (ARM_FIRST_SHUFFLED_SYSCALL + 1) 537 /* 538 * Is it ARM specific syscall? 539 * Swap [0x000f0000, 0x000f0000 + LAST_SPECIAL] range 540 * with [SECOND_SHUFFLED, SECOND_SHUFFLED + LAST_SPECIAL] range. 541 */ 542 if (scno >= 0x000f0000 && 543 scno <= 0x000f0000 + ARM_LAST_SPECIAL_SYSCALL) { 544 return scno - 0x000f0000 + ARM_SECOND_SHUFFLED_SYSCALL; 545 } 546 if (scno <= ARM_SECOND_SHUFFLED_SYSCALL + ARM_LAST_SPECIAL_SYSCALL) { 547 return scno + 0x000f0000 - ARM_SECOND_SHUFFLED_SYSCALL; 548 } 549 #endif /* ARM || AARCH64 */ 550 551 return scno; 552 } 553 554 const char * 555 err_name(unsigned long err) 556 { 557 if ((err < nerrnos) && errnoent[err]) 558 return errnoent[err]; 559 560 return NULL; 561 } 562 563 static long get_regs_error; 564 565 void 566 clear_regs(void) 567 { 568 get_regs_error = -1; 569 } 570 571 static void get_regs(pid_t pid); 572 static int get_syscall_args(struct tcb *); 573 static int get_syscall_result(struct tcb *); 574 static int arch_get_scno(struct tcb *tcp); 575 static int arch_set_scno(struct tcb *, kernel_ulong_t); 576 static void get_error(struct tcb *, const bool); 577 static int arch_set_error(struct tcb *); 578 static int arch_set_success(struct tcb *); 579 580 struct inject_opts *inject_vec[SUPPORTED_PERSONALITIES]; 581 582 static struct inject_opts * 583 tcb_inject_opts(struct tcb *tcp) 584 { 585 return (scno_in_range(tcp->scno) && tcp->inject_vec[current_personality]) 586 ? &tcp->inject_vec[current_personality][tcp->scno] : NULL; 587 } 588 589 590 static long 591 tamper_with_syscall_entering(struct tcb *tcp, unsigned int *signo) 592 { 593 if (!tcp->inject_vec[current_personality]) { 594 tcp->inject_vec[current_personality] = 595 xcalloc(nsyscalls, sizeof(**inject_vec)); 596 memcpy(tcp->inject_vec[current_personality], 597 inject_vec[current_personality], 598 nsyscalls * sizeof(**inject_vec)); 599 } 600 601 struct inject_opts *opts = tcb_inject_opts(tcp); 602 603 if (!opts || opts->first == 0) 604 return 0; 605 606 --opts->first; 607 608 if (opts->first != 0) 609 return 0; 610 611 opts->first = opts->step; 612 613 if (opts->signo > 0) 614 *signo = opts->signo; 615 if (opts->rval != INJECT_OPTS_RVAL_DEFAULT && !arch_set_scno(tcp, -1)) 616 tcp->flags |= TCB_TAMPERED; 617 618 return 0; 619 } 620 621 static long 622 tamper_with_syscall_exiting(struct tcb *tcp) 623 { 624 struct inject_opts *opts = tcb_inject_opts(tcp); 625 626 if (!opts) 627 return 0; 628 629 if (opts->rval >= 0) { 630 kernel_long_t u_rval = tcp->u_rval; 631 632 tcp->u_rval = opts->rval; 633 if (arch_set_success(tcp)) { 634 tcp->u_rval = u_rval; 635 } else { 636 tcp->u_error = 0; 637 } 638 } else { 639 unsigned long new_error = -opts->rval; 640 641 if (new_error != tcp->u_error && new_error <= MAX_ERRNO_VALUE) { 642 unsigned long u_error = tcp->u_error; 643 644 tcp->u_error = new_error; 645 if (arch_set_error(tcp)) { 646 tcp->u_error = u_error; 647 } 648 } 649 } 650 651 return 0; 652 } 653 654 /* 655 * Returns: 656 * 0: "ignore this ptrace stop", bail out silently. 657 * 1: ok, decoded; call 658 * syscall_entering_finish(tcp, syscall_entering_trace(tcp, ...)). 659 * other: error; call syscall_entering_finish(tcp, res), where res is the value 660 * returned. 661 */ 662 int 663 syscall_entering_decode(struct tcb *tcp) 664 { 665 int res = get_scno(tcp); 666 if (res == 0) 667 return res; 668 int scno_good = res; 669 if (res != 1 || (res = get_syscall_args(tcp)) != 1) { 670 printleader(tcp); 671 tprintf("%s(", scno_good == 1 ? tcp->s_ent->sys_name : "????"); 672 /* 673 * " <unavailable>" will be added later by the code which 674 * detects ptrace errors. 675 */ 676 return res; 677 } 678 679 #ifdef LINUX_MIPSO32 680 if (SEN_syscall == tcp->s_ent->sen) 681 decode_mips_subcall(tcp); 682 #endif 683 684 #if defined(SYS_socket_subcall) || defined(SYS_ipc_subcall) 685 switch (tcp->s_ent->sen) { 686 # ifdef SYS_socket_subcall 687 case SEN_socketcall: 688 decode_socket_subcall(tcp); 689 break; 690 # endif 691 # ifdef SYS_ipc_subcall 692 case SEN_ipc: 693 decode_ipc_subcall(tcp); 694 break; 695 # endif 696 } 697 #endif 698 699 return 1; 700 } 701 702 int 703 syscall_entering_trace(struct tcb *tcp, unsigned int *sig) 704 { 705 /* Restrain from fault injection while the trace executes strace code. */ 706 if (hide_log(tcp)) { 707 tcp->qual_flg &= ~QUAL_INJECT; 708 } 709 710 switch (tcp->s_ent->sen) { 711 case SEN_execve: 712 case SEN_execveat: 713 #if defined SPARC || defined SPARC64 714 case SEN_execv: 715 #endif 716 tcp->flags &= ~TCB_HIDE_LOG; 717 break; 718 } 719 720 if (!(tcp->qual_flg & QUAL_TRACE) 721 || (tracing_paths && !pathtrace_match(tcp)) 722 ) { 723 tcp->flags |= TCB_FILTERED; 724 return 0; 725 } 726 727 tcp->flags &= ~TCB_FILTERED; 728 729 if (hide_log(tcp)) { 730 return 0; 731 } 732 733 if (tcp->qual_flg & QUAL_INJECT) 734 tamper_with_syscall_entering(tcp, sig); 735 736 if (cflag == CFLAG_ONLY_STATS) { 737 return 0; 738 } 739 740 #ifdef USE_LIBUNWIND 741 if (stack_trace_enabled) { 742 if (tcp->s_ent->sys_flags & STACKTRACE_CAPTURE_ON_ENTER) 743 unwind_capture_stacktrace(tcp); 744 } 745 #endif 746 747 printleader(tcp); 748 tprintf("%s(", tcp->s_ent->sys_name); 749 int res = (tcp->qual_flg & QUAL_RAW) 750 ? printargs(tcp) : tcp->s_ent->sys_func(tcp); 751 fflush(tcp->outf); 752 return res; 753 } 754 755 void 756 syscall_entering_finish(struct tcb *tcp, int res) 757 { 758 tcp->flags |= TCB_INSYSCALL; 759 tcp->sys_func_rval = res; 760 /* Measure the entrance time as late as possible to avoid errors. */ 761 if ((Tflag || cflag) && !filtered(tcp)) 762 gettimeofday(&tcp->etime, NULL); 763 } 764 765 static bool 766 syscall_tampered(struct tcb *tcp) 767 { 768 return tcp->flags & TCB_TAMPERED; 769 } 770 771 /* Returns: 772 * 0: "bail out". 773 * 1: ok. 774 * -1: error in one of ptrace ops. 775 * 776 * If not 0, call syscall_exiting_trace(tcp, res), where res is the return 777 * value. Anyway, call syscall_exiting_finish(tcp) then. 778 */ 779 int 780 syscall_exiting_decode(struct tcb *tcp, struct timeval *ptv) 781 { 782 /* Measure the exit time as early as possible to avoid errors. */ 783 if ((Tflag || cflag) && !(filtered(tcp) || hide_log(tcp))) 784 gettimeofday(ptv, NULL); 785 786 #ifdef USE_LIBUNWIND 787 if (stack_trace_enabled) { 788 if (tcp->s_ent->sys_flags & STACKTRACE_INVALIDATE_CACHE) 789 unwind_cache_invalidate(tcp); 790 } 791 #endif 792 793 if (filtered(tcp) || hide_log(tcp)) 794 return 0; 795 796 get_regs(tcp->pid); 797 #if SUPPORTED_PERSONALITIES > 1 798 update_personality(tcp, tcp->currpers); 799 #endif 800 return get_regs_error ? -1 : get_syscall_result(tcp); 801 } 802 803 int 804 syscall_exiting_trace(struct tcb *tcp, struct timeval tv, int res) 805 { 806 if (syserror(tcp) && syscall_tampered(tcp)) 807 tamper_with_syscall_exiting(tcp); 808 809 if (cflag) { 810 count_syscall(tcp, &tv); 811 if (cflag == CFLAG_ONLY_STATS) { 812 return 0; 813 } 814 } 815 816 /* If not in -ff mode, and printing_tcp != tcp, 817 * then the log currently does not end with output 818 * of _our syscall entry_, but with something else. 819 * We need to say which syscall's return is this. 820 * 821 * Forced reprinting via TCB_REPRINT is used only by 822 * "strace -ff -oLOG test/threaded_execve" corner case. 823 * It's the only case when -ff mode needs reprinting. 824 */ 825 if ((followfork < 2 && printing_tcp != tcp) || (tcp->flags & TCB_REPRINT)) { 826 tcp->flags &= ~TCB_REPRINT; 827 printleader(tcp); 828 tprintf("<... %s resumed> ", tcp->s_ent->sys_name); 829 } 830 printing_tcp = tcp; 831 832 tcp->s_prev_ent = NULL; 833 if (res != 1) { 834 /* There was error in one of prior ptrace ops */ 835 tprints(") "); 836 tabto(); 837 tprints("= ? <unavailable>\n"); 838 line_ended(); 839 return res; 840 } 841 tcp->s_prev_ent = tcp->s_ent; 842 843 int sys_res = 0; 844 if (tcp->qual_flg & QUAL_RAW) { 845 /* sys_res = printargs(tcp); - but it's nop on sysexit */ 846 } else { 847 /* FIXME: not_failing_only (IOW, option -z) is broken: 848 * failure of syscall is known only after syscall return. 849 * Thus we end up with something like this on, say, ENOENT: 850 * open("does_not_exist", O_RDONLY <unfinished ...> 851 * {next syscall decode} 852 * whereas the intended result is that open(...) line 853 * is not shown at all. 854 */ 855 if (not_failing_only && tcp->u_error) 856 return 0; /* ignore failed syscalls */ 857 if (tcp->sys_func_rval & RVAL_DECODED) 858 sys_res = tcp->sys_func_rval; 859 else 860 sys_res = tcp->s_ent->sys_func(tcp); 861 } 862 863 tprints(") "); 864 tabto(); 865 unsigned long u_error = tcp->u_error; 866 867 if (tcp->qual_flg & QUAL_RAW) { 868 if (u_error) { 869 tprintf("= -1 (errno %lu)", u_error); 870 } else { 871 tprintf("= %#" PRI_klx, tcp->u_rval); 872 } 873 if (syscall_tampered(tcp)) 874 tprints(" (INJECTED)"); 875 } else if (!(sys_res & RVAL_NONE) && u_error) { 876 const char *u_error_str; 877 878 switch (u_error) { 879 /* Blocked signals do not interrupt any syscalls. 880 * In this case syscalls don't return ERESTARTfoo codes. 881 * 882 * Deadly signals set to SIG_DFL interrupt syscalls 883 * and kill the process regardless of which of the codes below 884 * is returned by the interrupted syscall. 885 * In some cases, kernel forces a kernel-generated deadly 886 * signal to be unblocked and set to SIG_DFL (and thus cause 887 * death) if it is blocked or SIG_IGNed: for example, SIGSEGV 888 * or SIGILL. (The alternative is to leave process spinning 889 * forever on the faulty instruction - not useful). 890 * 891 * SIG_IGNed signals and non-deadly signals set to SIG_DFL 892 * (for example, SIGCHLD, SIGWINCH) interrupt syscalls, 893 * but kernel will always restart them. 894 */ 895 case ERESTARTSYS: 896 /* Most common type of signal-interrupted syscall exit code. 897 * The system call will be restarted with the same arguments 898 * if SA_RESTART is set; otherwise, it will fail with EINTR. 899 */ 900 tprints("= ? ERESTARTSYS (To be restarted if SA_RESTART is set)"); 901 break; 902 case ERESTARTNOINTR: 903 /* Rare. For example, fork() returns this if interrupted. 904 * SA_RESTART is ignored (assumed set): the restart is unconditional. 905 */ 906 tprints("= ? ERESTARTNOINTR (To be restarted)"); 907 break; 908 case ERESTARTNOHAND: 909 /* pause(), rt_sigsuspend() etc use this code. 910 * SA_RESTART is ignored (assumed not set): 911 * syscall won't restart (will return EINTR instead) 912 * even after signal with SA_RESTART set. However, 913 * after SIG_IGN or SIG_DFL signal it will restart 914 * (thus the name "restart only if has no handler"). 915 */ 916 tprints("= ? ERESTARTNOHAND (To be restarted if no handler)"); 917 break; 918 case ERESTART_RESTARTBLOCK: 919 /* Syscalls like nanosleep(), poll() which can't be 920 * restarted with their original arguments use this 921 * code. Kernel will execute restart_syscall() instead, 922 * which changes arguments before restarting syscall. 923 * SA_RESTART is ignored (assumed not set) similarly 924 * to ERESTARTNOHAND. (Kernel can't honor SA_RESTART 925 * since restart data is saved in "restart block" 926 * in task struct, and if signal handler uses a syscall 927 * which in turn saves another such restart block, 928 * old data is lost and restart becomes impossible) 929 */ 930 tprints("= ? ERESTART_RESTARTBLOCK (Interrupted by signal)"); 931 break; 932 default: 933 u_error_str = err_name(u_error); 934 if (u_error_str) 935 tprintf("= -1 %s (%s)", 936 u_error_str, strerror(u_error)); 937 else 938 tprintf("= -1 %lu (%s)", 939 u_error, strerror(u_error)); 940 break; 941 } 942 if (syscall_tampered(tcp)) 943 tprints(" (INJECTED)"); 944 if ((sys_res & RVAL_STR) && tcp->auxstr) 945 tprintf(" (%s)", tcp->auxstr); 946 } else { 947 if (sys_res & RVAL_NONE) 948 tprints("= ?"); 949 else { 950 switch (sys_res & RVAL_MASK) { 951 case RVAL_HEX: 952 #if ANY_WORDSIZE_LESS_THAN_KERNEL_LONG 953 if (current_wordsize < sizeof(tcp->u_rval)) { 954 tprintf("= %#x", 955 (unsigned int) tcp->u_rval); 956 } else 957 #endif 958 { 959 tprintf("= %#" PRI_klx, tcp->u_rval); 960 } 961 break; 962 case RVAL_OCTAL: 963 tprints("= "); 964 print_numeric_long_umask(tcp->u_rval); 965 break; 966 case RVAL_UDECIMAL: 967 #if ANY_WORDSIZE_LESS_THAN_KERNEL_LONG 968 if (current_wordsize < sizeof(tcp->u_rval)) { 969 tprintf("= %u", 970 (unsigned int) tcp->u_rval); 971 } else 972 #endif 973 { 974 tprintf("= %" PRI_klu, tcp->u_rval); 975 } 976 break; 977 case RVAL_DECIMAL: 978 tprintf("= %" PRI_kld, tcp->u_rval); 979 break; 980 case RVAL_FD: 981 if (show_fd_path) { 982 tprints("= "); 983 printfd(tcp, tcp->u_rval); 984 } else 985 tprintf("= %" PRI_kld, tcp->u_rval); 986 break; 987 default: 988 error_msg("invalid rval format"); 989 break; 990 } 991 } 992 if ((sys_res & RVAL_STR) && tcp->auxstr) 993 tprintf(" (%s)", tcp->auxstr); 994 if (syscall_tampered(tcp)) 995 tprints(" (INJECTED)"); 996 } 997 if (Tflag) { 998 tv_sub(&tv, &tv, &tcp->etime); 999 tprintf(" <%ld.%06ld>", 1000 (long) tv.tv_sec, (long) tv.tv_usec); 1001 } 1002 tprints("\n"); 1003 dumpio(tcp); 1004 line_ended(); 1005 1006 #ifdef USE_LIBUNWIND 1007 if (stack_trace_enabled) 1008 unwind_print_stacktrace(tcp); 1009 #endif 1010 return 0; 1011 } 1012 1013 void 1014 syscall_exiting_finish(struct tcb *tcp) 1015 { 1016 tcp->flags &= ~(TCB_INSYSCALL | TCB_TAMPERED); 1017 tcp->sys_func_rval = 0; 1018 free_tcb_priv_data(tcp); 1019 } 1020 1021 bool 1022 is_erestart(struct tcb *tcp) 1023 { 1024 switch (tcp->u_error) { 1025 case ERESTARTSYS: 1026 case ERESTARTNOINTR: 1027 case ERESTARTNOHAND: 1028 case ERESTART_RESTARTBLOCK: 1029 return true; 1030 default: 1031 return false; 1032 } 1033 } 1034 1035 static unsigned long saved_u_error; 1036 1037 void 1038 temporarily_clear_syserror(struct tcb *tcp) 1039 { 1040 saved_u_error = tcp->u_error; 1041 tcp->u_error = 0; 1042 } 1043 1044 void 1045 restore_cleared_syserror(struct tcb *tcp) 1046 { 1047 tcp->u_error = saved_u_error; 1048 } 1049 1050 /* 1051 * Check the syscall return value register value for whether it is 1052 * a negated errno code indicating an error, or a success return value. 1053 */ 1054 static inline bool 1055 is_negated_errno(kernel_ulong_t val) 1056 { 1057 /* Linux kernel defines MAX_ERRNO to 4095. */ 1058 kernel_ulong_t max = -(kernel_long_t) 4095; 1059 1060 #ifndef current_klongsize 1061 if (current_klongsize < sizeof(val)) { 1062 val = (uint32_t) val; 1063 max = (uint32_t) max; 1064 } 1065 #endif /* !current_klongsize */ 1066 1067 return val >= max; 1068 } 1069 1070 #include "arch_regs.c" 1071 1072 #ifdef HAVE_GETRVAL2 1073 # include "arch_getrval2.c" 1074 #endif 1075 1076 void 1077 print_pc(struct tcb *tcp) 1078 { 1079 #if defined ARCH_PC_REG 1080 # define ARCH_GET_PC 0 1081 #elif defined ARCH_PC_PEEK_ADDR 1082 kernel_ulong_t pc; 1083 # define ARCH_PC_REG pc 1084 # define ARCH_GET_PC upeek(tcp->pid, ARCH_PC_PEEK_ADDR, &pc) 1085 #else 1086 # error Neither ARCH_PC_REG nor ARCH_PC_PEEK_ADDR is defined 1087 #endif 1088 get_regs(tcp->pid); 1089 if (get_regs_error || ARCH_GET_PC) 1090 tprints(current_wordsize == 4 ? "[????????] " 1091 : "[????????????????] "); 1092 else 1093 tprintf(current_wordsize == 4 1094 ? "[%08" PRI_klx "] " : "[%016" PRI_klx "] ", 1095 (kernel_ulong_t) ARCH_PC_REG); 1096 } 1097 1098 #include "getregs_old.h" 1099 1100 #undef ptrace_getregset_or_getregs 1101 #undef ptrace_setregset_or_setregs 1102 #ifdef ARCH_REGS_FOR_GETREGSET 1103 1104 # define ptrace_getregset_or_getregs ptrace_getregset 1105 static long 1106 ptrace_getregset(pid_t pid) 1107 { 1108 # ifdef ARCH_IOVEC_FOR_GETREGSET 1109 /* variable iovec */ 1110 ARCH_IOVEC_FOR_GETREGSET.iov_len = sizeof(ARCH_REGS_FOR_GETREGSET); 1111 return ptrace(PTRACE_GETREGSET, pid, NT_PRSTATUS, 1112 &ARCH_IOVEC_FOR_GETREGSET); 1113 # else 1114 /* constant iovec */ 1115 static struct iovec io = { 1116 .iov_base = &ARCH_REGS_FOR_GETREGSET, 1117 .iov_len = sizeof(ARCH_REGS_FOR_GETREGSET) 1118 }; 1119 return ptrace(PTRACE_GETREGSET, pid, NT_PRSTATUS, &io); 1120 1121 # endif 1122 } 1123 1124 # ifndef HAVE_GETREGS_OLD 1125 # define ptrace_setregset_or_setregs ptrace_setregset 1126 static int 1127 ptrace_setregset(pid_t pid) 1128 { 1129 # ifdef ARCH_IOVEC_FOR_GETREGSET 1130 /* variable iovec */ 1131 return ptrace(PTRACE_SETREGSET, pid, NT_PRSTATUS, 1132 &ARCH_IOVEC_FOR_GETREGSET); 1133 # else 1134 /* constant iovec */ 1135 static struct iovec io = { 1136 .iov_base = &ARCH_REGS_FOR_GETREGSET, 1137 .iov_len = sizeof(ARCH_REGS_FOR_GETREGSET) 1138 }; 1139 return ptrace(PTRACE_SETREGSET, pid, NT_PRSTATUS, &io); 1140 # endif 1141 } 1142 # endif /* !HAVE_GETREGS_OLD */ 1143 1144 #elif defined ARCH_REGS_FOR_GETREGS 1145 1146 # define ptrace_getregset_or_getregs ptrace_getregs 1147 static long 1148 ptrace_getregs(pid_t pid) 1149 { 1150 # if defined SPARC || defined SPARC64 1151 /* SPARC systems have the meaning of data and addr reversed */ 1152 return ptrace(PTRACE_GETREGS, pid, (void *) &ARCH_REGS_FOR_GETREGS, 0); 1153 # else 1154 return ptrace(PTRACE_GETREGS, pid, NULL, &ARCH_REGS_FOR_GETREGS); 1155 # endif 1156 } 1157 1158 # ifndef HAVE_GETREGS_OLD 1159 # define ptrace_setregset_or_setregs ptrace_setregs 1160 static int 1161 ptrace_setregs(pid_t pid) 1162 { 1163 # if defined SPARC || defined SPARC64 1164 /* SPARC systems have the meaning of data and addr reversed */ 1165 return ptrace(PTRACE_SETREGS, pid, (void *) &ARCH_REGS_FOR_GETREGS, 0); 1166 # else 1167 return ptrace(PTRACE_SETREGS, pid, NULL, &ARCH_REGS_FOR_GETREGS); 1168 # endif 1169 } 1170 # endif /* !HAVE_GETREGS_OLD */ 1171 1172 #endif /* ARCH_REGS_FOR_GETREGSET || ARCH_REGS_FOR_GETREGS */ 1173 1174 static void 1175 get_regs(pid_t pid) 1176 { 1177 #undef USE_GET_SYSCALL_RESULT_REGS 1178 #ifdef ptrace_getregset_or_getregs 1179 1180 if (get_regs_error != -1) 1181 return; 1182 1183 # ifdef HAVE_GETREGS_OLD 1184 /* 1185 * Try PTRACE_GETREGSET/PTRACE_GETREGS first, 1186 * fallback to getregs_old. 1187 */ 1188 static int use_getregs_old; 1189 if (use_getregs_old < 0) { 1190 get_regs_error = ptrace_getregset_or_getregs(pid); 1191 return; 1192 } else if (use_getregs_old == 0) { 1193 get_regs_error = ptrace_getregset_or_getregs(pid); 1194 if (get_regs_error >= 0) { 1195 use_getregs_old = -1; 1196 return; 1197 } 1198 if (errno == EPERM || errno == ESRCH) 1199 return; 1200 use_getregs_old = 1; 1201 } 1202 get_regs_error = getregs_old(pid); 1203 # else /* !HAVE_GETREGS_OLD */ 1204 /* Assume that PTRACE_GETREGSET/PTRACE_GETREGS works. */ 1205 get_regs_error = ptrace_getregset_or_getregs(pid); 1206 # endif /* !HAVE_GETREGS_OLD */ 1207 1208 #else /* !ptrace_getregset_or_getregs */ 1209 1210 # define USE_GET_SYSCALL_RESULT_REGS 1 1211 # warning get_regs is not implemented for this architecture yet 1212 get_regs_error = 0; 1213 1214 #endif /* !ptrace_getregset_or_getregs */ 1215 } 1216 1217 #ifdef ptrace_setregset_or_setregs 1218 static int 1219 set_regs(pid_t pid) 1220 { 1221 return ptrace_setregset_or_setregs(pid); 1222 } 1223 #endif /* ptrace_setregset_or_setregs */ 1224 1225 struct sysent_buf { 1226 struct tcb *tcp; 1227 struct_sysent ent; 1228 char buf[sizeof("syscall_%lu") + sizeof(kernel_ulong_t) * 3]; 1229 }; 1230 1231 static void 1232 free_sysent_buf(void *ptr) 1233 { 1234 struct sysent_buf *s = ptr; 1235 s->tcp->s_prev_ent = s->tcp->s_ent = NULL; 1236 free(ptr); 1237 } 1238 1239 /* 1240 * Returns: 1241 * 0: "ignore this ptrace stop", syscall_entering_decode() should return a "bail 1242 * out silently" code. 1243 * 1: ok, continue in syscall_entering_decode(). 1244 * other: error, syscall_entering_decode() should print error indicator 1245 * ("????" etc) and return an appropriate code. 1246 */ 1247 int 1248 get_scno(struct tcb *tcp) 1249 { 1250 get_regs(tcp->pid); 1251 1252 if (get_regs_error) 1253 return -1; 1254 1255 int rc = arch_get_scno(tcp); 1256 if (rc != 1) 1257 return rc; 1258 1259 if (scno_is_valid(tcp->scno)) { 1260 tcp->s_ent = &sysent[tcp->scno]; 1261 tcp->qual_flg = qual_flags(tcp->scno); 1262 } else { 1263 struct sysent_buf *s = xcalloc(1, sizeof(*s)); 1264 1265 s->tcp = tcp; 1266 s->ent.nargs = MAX_ARGS; 1267 s->ent.sen = SEN_printargs; 1268 s->ent.sys_func = printargs; 1269 s->ent.sys_name = s->buf; 1270 sprintf(s->buf, "syscall_%" PRI_klu, shuffle_scno(tcp->scno)); 1271 1272 tcp->s_ent = &s->ent; 1273 tcp->qual_flg = QUAL_RAW | DEFAULT_QUAL_FLAGS; 1274 1275 set_tcb_priv_data(tcp, s, free_sysent_buf); 1276 1277 if (debug_flag) 1278 error_msg("pid %d invalid syscall %" PRI_kld, 1279 tcp->pid, tcp->scno); 1280 } 1281 return 1; 1282 } 1283 1284 #ifdef USE_GET_SYSCALL_RESULT_REGS 1285 static int get_syscall_result_regs(struct tcb *); 1286 #endif 1287 1288 /* Returns: 1289 * 1: ok, continue in syscall_exiting_trace(). 1290 * -1: error, syscall_exiting_trace() should print error indicator 1291 * ("????" etc) and bail out. 1292 */ 1293 static int 1294 get_syscall_result(struct tcb *tcp) 1295 { 1296 #ifdef USE_GET_SYSCALL_RESULT_REGS 1297 if (get_syscall_result_regs(tcp)) 1298 return -1; 1299 #endif 1300 tcp->u_error = 0; 1301 get_error(tcp, !(tcp->s_ent->sys_flags & SYSCALL_NEVER_FAILS)); 1302 1303 return 1; 1304 } 1305 1306 #include "get_scno.c" 1307 #include "set_scno.c" 1308 #include "get_syscall_args.c" 1309 #ifdef USE_GET_SYSCALL_RESULT_REGS 1310 # include "get_syscall_result.c" 1311 #endif 1312 #include "get_error.c" 1313 #include "set_error.c" 1314 #ifdef HAVE_GETREGS_OLD 1315 # include "getregs_old.c" 1316 #endif 1317 1318 const char * 1319 syscall_name(kernel_ulong_t scno) 1320 { 1321 #if defined X32_PERSONALITY_NUMBER && defined __X32_SYSCALL_BIT 1322 if (current_personality == X32_PERSONALITY_NUMBER) 1323 scno &= ~__X32_SYSCALL_BIT; 1324 #endif 1325 return scno_is_valid(scno) ? sysent[scno].sys_name : NULL; 1326 } 1327
