1 /*
2 * Copyright (c) 1991, 1992 Paul Kranenburg <pk@cs.few.eur.nl>
3 * Copyright (c) 1993 Branko Lankester <branko@hacktic.nl>
4 * Copyright (c) 1993, 1994, 1995, 1996 Rick Sladkey <jrs@world.std.com>
5 * Copyright (c) 1996-1999 Wichert Akkerman <wichert@cistron.nl>
6 * Copyright (c) 1999 IBM Deutschland Entwicklung GmbH, IBM Corporation
7 * Linux for s390 port by D.J. Barrow
8 * <barrow_dj@mail.yahoo.com,djbarrow@de.ibm.com>
9 * All rights reserved.
10 *
11 * Redistribution and use in source and binary forms, with or without
12 * modification, are permitted provided that the following conditions
13 * are met:
14 * 1. Redistributions of source code must retain the above copyright
15 * notice, this list of conditions and the following disclaimer.
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in the
18 * documentation and/or other materials provided with the distribution.
19 * 3. The name of the author may not be used to endorse or promote products
20 * derived from this software without specific prior written permission.
21 *
22 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
23 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
24 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
25 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
26 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
27 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
28 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
29 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
30 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
31 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
32 */
33
34 #include "defs.h"
35 #include "native_defs.h"
36 #include "nsig.h"
37 #include <sys/param.h>
38
39 /* for struct iovec */
40 #include <sys/uio.h>
41
42 /* for __X32_SYSCALL_BIT */
43 #include <asm/unistd.h>
44
45 #include "regs.h"
46 #include "ptrace.h"
47
48 #if defined(SPARC64)
49 # undef PTRACE_GETREGS
50 # define PTRACE_GETREGS PTRACE_GETREGS64
51 # undef PTRACE_SETREGS
52 # define PTRACE_SETREGS PTRACE_SETREGS64
53 #endif
54
55 #if defined SPARC64
56 # include <asm/psrcompat.h>
57 #elif defined SPARC
58 # include <asm/psr.h>
59 #endif
60
61 #ifdef IA64
62 # include <asm/rse.h>
63 #endif
64
65 #ifndef NT_PRSTATUS
66 # define NT_PRSTATUS 1
67 #endif
68
69 #include "syscall.h"
70
71 /* Define these shorthand notations to simplify the syscallent files. */
72 #define TD TRACE_DESC
73 #define TF TRACE_FILE
74 #define TI TRACE_IPC
75 #define TN TRACE_NETWORK
76 #define TP TRACE_PROCESS
77 #define TS TRACE_SIGNAL
78 #define TM TRACE_MEMORY
79 #define NF SYSCALL_NEVER_FAILS
80 #define MA MAX_ARGS
81 #define SI STACKTRACE_INVALIDATE_CACHE
82 #define SE STACKTRACE_CAPTURE_ON_ENTER
83 #define CST COMPAT_SYSCALL_TYPES
84
85 #define SEN(syscall_name) SEN_ ## syscall_name, SYS_FUNC_NAME(sys_ ## syscall_name)
86
87 const struct_sysent sysent0[] = {
88 #include "syscallent.h"
89 };
90
91 #if SUPPORTED_PERSONALITIES > 1
92 # include PERSONALITY1_INCLUDE_FUNCS
93 static const struct_sysent sysent1[] = {
94 # include "syscallent1.h"
95 };
96 #endif
97
98 #if SUPPORTED_PERSONALITIES > 2
99 # include PERSONALITY2_INCLUDE_FUNCS
100 static const struct_sysent sysent2[] = {
101 # include "syscallent2.h"
102 };
103 #endif
104
105 /* Now undef them since short defines cause wicked namespace pollution. */
106 #undef SEN
107 #undef TD
108 #undef TF
109 #undef TI
110 #undef TN
111 #undef TP
112 #undef TS
113 #undef TM
114 #undef NF
115 #undef MA
116 #undef SI
117 #undef SE
118 #undef CST
119
120 /*
121 * `ioctlent[012].h' files are automatically generated by the auxiliary
122 * program `ioctlsort', such that the list is sorted by the `code' field.
123 * This has the side-effect of resolving the _IO.. macros into
124 * plain integers, eliminating the need to include here everything
125 * in "/usr/include".
126 */
127
128 const char *const errnoent0[] = {
129 #include "errnoent.h"
130 };
131 const char *const signalent0[] = {
132 #include "signalent.h"
133 };
134 const struct_ioctlent ioctlent0[] = {
135 #include "ioctlent0.h"
136 };
137
138 #if SUPPORTED_PERSONALITIES > 1
139 static const char *const errnoent1[] = {
140 # include "errnoent1.h"
141 };
142 static const char *const signalent1[] = {
143 # include "signalent1.h"
144 };
145 static const struct_ioctlent ioctlent1[] = {
146 # include "ioctlent1.h"
147 };
148 # include PERSONALITY0_INCLUDE_PRINTERS_DECLS
149 static const struct_printers printers0 = {
150 # include PERSONALITY0_INCLUDE_PRINTERS_DEFS
151 };
152 # include PERSONALITY1_INCLUDE_PRINTERS_DECLS
153 static const struct_printers printers1 = {
154 # include PERSONALITY1_INCLUDE_PRINTERS_DEFS
155 };
156 #endif
157
158 #if SUPPORTED_PERSONALITIES > 2
159 static const char *const errnoent2[] = {
160 # include "errnoent2.h"
161 };
162 static const char *const signalent2[] = {
163 # include "signalent2.h"
164 };
165 static const struct_ioctlent ioctlent2[] = {
166 # include "ioctlent2.h"
167 };
168 # include PERSONALITY2_INCLUDE_PRINTERS_DECLS
169 static const struct_printers printers2 = {
170 # include PERSONALITY2_INCLUDE_PRINTERS_DEFS
171 };
172 #endif
173
174 enum {
175 nsyscalls0 = ARRAY_SIZE(sysent0)
176 #if SUPPORTED_PERSONALITIES > 1
177 , nsyscalls1 = ARRAY_SIZE(sysent1)
178 # if SUPPORTED_PERSONALITIES > 2
179 , nsyscalls2 = ARRAY_SIZE(sysent2)
180 # endif
181 #endif
182 };
183
184 enum {
185 nerrnos0 = ARRAY_SIZE(errnoent0)
186 #if SUPPORTED_PERSONALITIES > 1
187 , nerrnos1 = ARRAY_SIZE(errnoent1)
188 # if SUPPORTED_PERSONALITIES > 2
189 , nerrnos2 = ARRAY_SIZE(errnoent2)
190 # endif
191 #endif
192 };
193
194 enum {
195 nsignals0 = ARRAY_SIZE(signalent0)
196 #if SUPPORTED_PERSONALITIES > 1
197 , nsignals1 = ARRAY_SIZE(signalent1)
198 # if SUPPORTED_PERSONALITIES > 2
199 , nsignals2 = ARRAY_SIZE(signalent2)
200 # endif
201 #endif
202 };
203
204 enum {
205 nioctlents0 = ARRAY_SIZE(ioctlent0)
206 #if SUPPORTED_PERSONALITIES > 1
207 , nioctlents1 = ARRAY_SIZE(ioctlent1)
208 # if SUPPORTED_PERSONALITIES > 2
209 , nioctlents2 = ARRAY_SIZE(ioctlent2)
210 # endif
211 #endif
212 };
213
214 #if SUPPORTED_PERSONALITIES > 1
215 const struct_sysent *sysent = sysent0;
216 const char *const *errnoent = errnoent0;
217 const char *const *signalent = signalent0;
218 const struct_ioctlent *ioctlent = ioctlent0;
219 const struct_printers *printers = &printers0;
220 #endif
221
222 unsigned nsyscalls = nsyscalls0;
223 unsigned nerrnos = nerrnos0;
224 unsigned nsignals = nsignals0;
225 unsigned nioctlents = nioctlents0;
226
227 const unsigned int nsyscall_vec[SUPPORTED_PERSONALITIES] = {
228 nsyscalls0,
229 #if SUPPORTED_PERSONALITIES > 1
230 nsyscalls1,
231 #endif
232 #if SUPPORTED_PERSONALITIES > 2
233 nsyscalls2,
234 #endif
235 };
236 const struct_sysent *const sysent_vec[SUPPORTED_PERSONALITIES] = {
237 sysent0,
238 #if SUPPORTED_PERSONALITIES > 1
239 sysent1,
240 #endif
241 #if SUPPORTED_PERSONALITIES > 2
242 sysent2,
243 #endif
244 };
245
246 #if SUPPORTED_PERSONALITIES > 1
247 unsigned current_personality;
248
249 # ifndef current_wordsize
250 unsigned current_wordsize;
251 static const int personality_wordsize[SUPPORTED_PERSONALITIES] = {
252 PERSONALITY0_WORDSIZE,
253 PERSONALITY1_WORDSIZE,
254 # if SUPPORTED_PERSONALITIES > 2
255 PERSONALITY2_WORDSIZE,
256 # endif
257 };
258 # endif
259
260 # ifndef current_klongsize
261 unsigned current_klongsize;
262 static const int personality_klongsize[SUPPORTED_PERSONALITIES] = {
263 PERSONALITY0_KLONGSIZE,
264 PERSONALITY1_KLONGSIZE,
265 # if SUPPORTED_PERSONALITIES > 2
266 PERSONALITY2_KLONGSIZE,
267 # endif
268 };
269 # endif
270
271 void
set_personality(int personality)272 set_personality(int personality)
273 {
274 nsyscalls = nsyscall_vec[personality];
275 sysent = sysent_vec[personality];
276
277 switch (personality) {
278 case 0:
279 errnoent = errnoent0;
280 nerrnos = nerrnos0;
281 ioctlent = ioctlent0;
282 nioctlents = nioctlents0;
283 signalent = signalent0;
284 nsignals = nsignals0;
285 printers = &printers0;
286 break;
287
288 case 1:
289 errnoent = errnoent1;
290 nerrnos = nerrnos1;
291 ioctlent = ioctlent1;
292 nioctlents = nioctlents1;
293 signalent = signalent1;
294 nsignals = nsignals1;
295 printers = &printers1;
296 break;
297
298 # if SUPPORTED_PERSONALITIES > 2
299 case 2:
300 errnoent = errnoent2;
301 nerrnos = nerrnos2;
302 ioctlent = ioctlent2;
303 nioctlents = nioctlents2;
304 signalent = signalent2;
305 nsignals = nsignals2;
306 printers = &printers2;
307 break;
308 # endif
309 }
310
311 current_personality = personality;
312 # ifndef current_wordsize
313 current_wordsize = personality_wordsize[personality];
314 # endif
315 # ifndef current_klongsize
316 current_klongsize = personality_klongsize[personality];
317 # endif
318 }
319
320 static void
update_personality(struct tcb * tcp,unsigned int personality)321 update_personality(struct tcb *tcp, unsigned int personality)
322 {
323 if (personality == current_personality)
324 return;
325 set_personality(personality);
326
327 if (personality == tcp->currpers)
328 return;
329 tcp->currpers = personality;
330
331 # undef PERSONALITY_NAMES
332 # if defined POWERPC64
333 # define PERSONALITY_NAMES {"64 bit", "32 bit"}
334 # elif defined X86_64
335 # define PERSONALITY_NAMES {"64 bit", "32 bit", "x32"}
336 # elif defined X32
337 # define PERSONALITY_NAMES {"x32", "32 bit"}
338 # elif defined AARCH64
339 # define PERSONALITY_NAMES {"64 bit", "32 bit"}
340 # elif defined TILE
341 # define PERSONALITY_NAMES {"64-bit", "32-bit"}
342 # endif
343 # ifdef PERSONALITY_NAMES
344 if (!qflag) {
345 static const char *const names[] = PERSONALITY_NAMES;
346 error_msg("[ Process PID=%d runs in %s mode. ]",
347 tcp->pid, names[personality]);
348 }
349 # endif
350 }
351 #endif
352
353 #ifdef SYS_socket_subcall
354 static void
decode_socket_subcall(struct tcb * tcp)355 decode_socket_subcall(struct tcb *tcp)
356 {
357 const int call = tcp->u_arg[0];
358
359 if (call < 1 || call >= SYS_socket_nsubcalls)
360 return;
361
362 const kernel_ulong_t scno = SYS_socket_subcall + call;
363 const unsigned int nargs = sysent[scno].nargs;
364 uint64_t buf[nargs];
365
366 if (umoven(tcp, tcp->u_arg[1], nargs * current_wordsize, buf) < 0)
367 return;
368
369 tcp->scno = scno;
370 tcp->qual_flg = qual_flags(scno);
371 tcp->s_ent = &sysent[scno];
372
373 unsigned int i;
374 for (i = 0; i < nargs; ++i)
375 tcp->u_arg[i] = (sizeof(uint32_t) == current_wordsize)
376 ? ((uint32_t *) (void *) buf)[i] : buf[i];
377 }
378 #endif
379
380 #ifdef SYS_ipc_subcall
381 static void
decode_ipc_subcall(struct tcb * tcp)382 decode_ipc_subcall(struct tcb *tcp)
383 {
384 unsigned int call = tcp->u_arg[0];
385 const unsigned int version = call >> 16;
386
387 if (version) {
388 # if defined S390 || defined S390X
389 return;
390 # else
391 # ifdef SPARC64
392 if (current_wordsize == 8)
393 return;
394 # endif
395 set_tcb_priv_ulong(tcp, version);
396 call &= 0xffff;
397 # endif
398 }
399
400 switch (call) {
401 case 1: case 2: case 3: case 4:
402 case 11: case 12: case 13: case 14:
403 case 21: case 22: case 23: case 24:
404 break;
405 default:
406 return;
407 }
408
409 tcp->scno = SYS_ipc_subcall + call;
410 tcp->qual_flg = qual_flags(tcp->scno);
411 tcp->s_ent = &sysent[tcp->scno];
412
413 const unsigned int n = tcp->s_ent->nargs;
414 unsigned int i;
415 for (i = 0; i < n; i++)
416 tcp->u_arg[i] = tcp->u_arg[i + 1];
417 }
418 #endif
419
420 #ifdef LINUX_MIPSO32
421 static void
decode_mips_subcall(struct tcb * tcp)422 decode_mips_subcall(struct tcb *tcp)
423 {
424 if (!scno_is_valid(tcp->u_arg[0]))
425 return;
426 tcp->scno = tcp->u_arg[0];
427 tcp->qual_flg = qual_flags(tcp->scno);
428 tcp->s_ent = &sysent[tcp->scno];
429 memmove(&tcp->u_arg[0], &tcp->u_arg[1],
430 sizeof(tcp->u_arg) - sizeof(tcp->u_arg[0]));
431 /*
432 * Fetching the last arg of 7-arg syscalls (fadvise64_64
433 * and sync_file_range) requires additional code,
434 * see linux/mips/get_syscall_args.c
435 */
436 if (tcp->s_ent->nargs == MAX_ARGS) {
437 if (umoven(tcp,
438 mips_REG_SP + MAX_ARGS * sizeof(tcp->u_arg[0]),
439 sizeof(tcp->u_arg[0]),
440 &tcp->u_arg[MAX_ARGS - 1]) < 0)
441 tcp->u_arg[MAX_ARGS - 1] = 0;
442 }
443 }
444 #endif /* LINUX_MIPSO32 */
445
446 static void
dumpio(struct tcb * tcp)447 dumpio(struct tcb *tcp)
448 {
449 if (syserror(tcp))
450 return;
451
452 int fd = tcp->u_arg[0];
453 if (fd < 0)
454 return;
455
456 if (is_number_in_set(fd, &read_set)) {
457 switch (tcp->s_ent->sen) {
458 case SEN_read:
459 case SEN_pread:
460 case SEN_recv:
461 case SEN_recvfrom:
462 case SEN_mq_timedreceive:
463 dumpstr(tcp, tcp->u_arg[1], tcp->u_rval);
464 return;
465 case SEN_readv:
466 case SEN_preadv:
467 case SEN_preadv2:
468 dumpiov_upto(tcp, tcp->u_arg[2], tcp->u_arg[1],
469 tcp->u_rval);
470 return;
471 case SEN_recvmsg:
472 dumpiov_in_msghdr(tcp, tcp->u_arg[1], tcp->u_rval);
473 return;
474 case SEN_recvmmsg:
475 dumpiov_in_mmsghdr(tcp, tcp->u_arg[1]);
476 return;
477 }
478 }
479 if (is_number_in_set(fd, &write_set)) {
480 switch (tcp->s_ent->sen) {
481 case SEN_write:
482 case SEN_pwrite:
483 case SEN_send:
484 case SEN_sendto:
485 case SEN_mq_timedsend:
486 dumpstr(tcp, tcp->u_arg[1], tcp->u_arg[2]);
487 break;
488 case SEN_writev:
489 case SEN_pwritev:
490 case SEN_pwritev2:
491 case SEN_vmsplice:
492 dumpiov_upto(tcp, tcp->u_arg[2], tcp->u_arg[1], -1);
493 break;
494 case SEN_sendmsg:
495 dumpiov_in_msghdr(tcp, tcp->u_arg[1], -1);
496 break;
497 case SEN_sendmmsg:
498 dumpiov_in_mmsghdr(tcp, tcp->u_arg[1]);
499 break;
500 }
501 }
502 }
503
504 /*
505 * Shuffle syscall numbers so that we don't have huge gaps in syscall table.
506 * The shuffling should be an involution: shuffle_scno(shuffle_scno(n)) == n.
507 */
508 static kernel_ulong_t
shuffle_scno(kernel_ulong_t scno)509 shuffle_scno(kernel_ulong_t scno)
510 {
511 #if defined(ARM) || defined(AARCH64) /* So far only 32-bit ARM needs this */
512 if (scno < ARM_FIRST_SHUFFLED_SYSCALL)
513 return scno;
514
515 /* __ARM_NR_cmpxchg? Swap with LAST_ORDINARY+1 */
516 if (scno == ARM_FIRST_SHUFFLED_SYSCALL)
517 return 0x000ffff0;
518 if (scno == 0x000ffff0)
519 return ARM_FIRST_SHUFFLED_SYSCALL;
520
521 # define ARM_SECOND_SHUFFLED_SYSCALL (ARM_FIRST_SHUFFLED_SYSCALL + 1)
522 /*
523 * Is it ARM specific syscall?
524 * Swap [0x000f0000, 0x000f0000 + LAST_SPECIAL] range
525 * with [SECOND_SHUFFLED, SECOND_SHUFFLED + LAST_SPECIAL] range.
526 */
527 if (scno >= 0x000f0000 &&
528 scno <= 0x000f0000 + ARM_LAST_SPECIAL_SYSCALL) {
529 return scno - 0x000f0000 + ARM_SECOND_SHUFFLED_SYSCALL;
530 }
531 if (scno <= ARM_SECOND_SHUFFLED_SYSCALL + ARM_LAST_SPECIAL_SYSCALL) {
532 return scno + 0x000f0000 - ARM_SECOND_SHUFFLED_SYSCALL;
533 }
534 #endif /* ARM || AARCH64 */
535
536 return scno;
537 }
538
539 const char *
err_name(unsigned long err)540 err_name(unsigned long err)
541 {
542 if ((err < nerrnos) && errnoent[err])
543 return errnoent[err];
544
545 return NULL;
546 }
547
548 static long get_regs_error;
549
550 void
clear_regs(void)551 clear_regs(void)
552 {
553 get_regs_error = -1;
554 }
555
556 static int get_syscall_args(struct tcb *);
557 static int get_syscall_result(struct tcb *);
558 static int arch_get_scno(struct tcb *tcp);
559 static int arch_set_scno(struct tcb *, kernel_ulong_t);
560 static void get_error(struct tcb *, const bool);
561 static int arch_set_error(struct tcb *);
562 static int arch_set_success(struct tcb *);
563
564 struct inject_opts *inject_vec[SUPPORTED_PERSONALITIES];
565
566 static struct inject_opts *
tcb_inject_opts(struct tcb * tcp)567 tcb_inject_opts(struct tcb *tcp)
568 {
569 return (scno_in_range(tcp->scno) && tcp->inject_vec[current_personality])
570 ? &tcp->inject_vec[current_personality][tcp->scno] : NULL;
571 }
572
573
574 static long
tamper_with_syscall_entering(struct tcb * tcp,unsigned int * signo)575 tamper_with_syscall_entering(struct tcb *tcp, unsigned int *signo)
576 {
577 if (!tcp->inject_vec[current_personality]) {
578 tcp->inject_vec[current_personality] =
579 xcalloc(nsyscalls, sizeof(**inject_vec));
580 memcpy(tcp->inject_vec[current_personality],
581 inject_vec[current_personality],
582 nsyscalls * sizeof(**inject_vec));
583 }
584
585 struct inject_opts *opts = tcb_inject_opts(tcp);
586
587 if (!opts || opts->first == 0)
588 return 0;
589
590 --opts->first;
591
592 if (opts->first != 0)
593 return 0;
594
595 opts->first = opts->step;
596
597 if (opts->signo > 0)
598 *signo = opts->signo;
599 if (opts->rval != INJECT_OPTS_RVAL_DEFAULT && !arch_set_scno(tcp, -1))
600 tcp->flags |= TCB_TAMPERED;
601
602 return 0;
603 }
604
605 static long
tamper_with_syscall_exiting(struct tcb * tcp)606 tamper_with_syscall_exiting(struct tcb *tcp)
607 {
608 struct inject_opts *opts = tcb_inject_opts(tcp);
609
610 if (!opts)
611 return 0;
612
613 if (opts->rval >= 0) {
614 kernel_long_t u_rval = tcp->u_rval;
615
616 tcp->u_rval = opts->rval;
617 if (arch_set_success(tcp)) {
618 tcp->u_rval = u_rval;
619 } else {
620 tcp->u_error = 0;
621 }
622 } else {
623 unsigned long new_error = -opts->rval;
624
625 if (new_error != tcp->u_error && new_error <= MAX_ERRNO_VALUE) {
626 unsigned long u_error = tcp->u_error;
627
628 tcp->u_error = new_error;
629 if (arch_set_error(tcp)) {
630 tcp->u_error = u_error;
631 }
632 }
633 }
634
635 return 0;
636 }
637
638 static int
trace_syscall_entering(struct tcb * tcp,unsigned int * sig)639 trace_syscall_entering(struct tcb *tcp, unsigned int *sig)
640 {
641 int res, scno_good;
642
643 scno_good = res = get_scno(tcp);
644 if (res == 0)
645 return res;
646 if (res == 1)
647 res = get_syscall_args(tcp);
648
649 if (res != 1) {
650 printleader(tcp);
651 tprintf("%s(", scno_good == 1 ? tcp->s_ent->sys_name : "????");
652 /*
653 * " <unavailable>" will be added later by the code which
654 * detects ptrace errors.
655 */
656 goto ret;
657 }
658
659 #ifdef LINUX_MIPSO32
660 if (SEN_syscall == tcp->s_ent->sen)
661 decode_mips_subcall(tcp);
662 #endif
663
664 #if defined(SYS_socket_subcall) || defined(SYS_ipc_subcall)
665 switch (tcp->s_ent->sen) {
666 # ifdef SYS_socket_subcall
667 case SEN_socketcall:
668 decode_socket_subcall(tcp);
669 break;
670 # endif
671 # ifdef SYS_ipc_subcall
672 case SEN_ipc:
673 decode_ipc_subcall(tcp);
674 break;
675 # endif
676 }
677 #endif
678
679 /* Restrain from fault injection while the trace executes strace code. */
680 if (hide_log(tcp)) {
681 tcp->qual_flg &= ~QUAL_INJECT;
682 }
683
684 switch (tcp->s_ent->sen) {
685 case SEN_execve:
686 case SEN_execveat:
687 #if defined SPARC || defined SPARC64
688 case SEN_execv:
689 #endif
690 tcp->flags &= ~TCB_HIDE_LOG;
691 break;
692 }
693
694 if (!(tcp->qual_flg & QUAL_TRACE)
695 || (tracing_paths && !pathtrace_match(tcp))
696 ) {
697 tcp->flags |= TCB_INSYSCALL | TCB_FILTERED;
698 tcp->sys_func_rval = 0;
699 return 0;
700 }
701
702 tcp->flags &= ~TCB_FILTERED;
703
704 if (hide_log(tcp)) {
705 res = 0;
706 goto ret;
707 }
708
709 if (tcp->qual_flg & QUAL_INJECT)
710 tamper_with_syscall_entering(tcp, sig);
711
712 if (cflag == CFLAG_ONLY_STATS) {
713 res = 0;
714 goto ret;
715 }
716
717 #ifdef USE_LIBUNWIND
718 if (stack_trace_enabled) {
719 if (tcp->s_ent->sys_flags & STACKTRACE_CAPTURE_ON_ENTER)
720 unwind_capture_stacktrace(tcp);
721 }
722 #endif
723
724 printleader(tcp);
725 tprintf("%s(", tcp->s_ent->sys_name);
726 if (tcp->qual_flg & QUAL_RAW)
727 res = printargs(tcp);
728 else
729 res = tcp->s_ent->sys_func(tcp);
730
731 fflush(tcp->outf);
732 ret:
733 tcp->flags |= TCB_INSYSCALL;
734 tcp->sys_func_rval = res;
735 /* Measure the entrance time as late as possible to avoid errors. */
736 if (Tflag || cflag)
737 gettimeofday(&tcp->etime, NULL);
738 return res;
739 }
740
741 static bool
syscall_tampered(struct tcb * tcp)742 syscall_tampered(struct tcb *tcp)
743 {
744 return tcp->flags & TCB_TAMPERED;
745 }
746
747 static int
trace_syscall_exiting(struct tcb * tcp)748 trace_syscall_exiting(struct tcb *tcp)
749 {
750 int sys_res;
751 struct timeval tv;
752 int res;
753 unsigned long u_error;
754 const char *u_error_str;
755
756 /* Measure the exit time as early as possible to avoid errors. */
757 if (Tflag || cflag)
758 gettimeofday(&tv, NULL);
759
760 #ifdef USE_LIBUNWIND
761 if (stack_trace_enabled) {
762 if (tcp->s_ent->sys_flags & STACKTRACE_INVALIDATE_CACHE)
763 unwind_cache_invalidate(tcp);
764 }
765 #endif
766
767 #if SUPPORTED_PERSONALITIES > 1
768 update_personality(tcp, tcp->currpers);
769 #endif
770 res = (get_regs_error ? -1 : get_syscall_result(tcp));
771 if (filtered(tcp) || hide_log(tcp))
772 goto ret;
773
774 if (syserror(tcp) && syscall_tampered(tcp))
775 tamper_with_syscall_exiting(tcp);
776
777 if (cflag) {
778 count_syscall(tcp, &tv);
779 if (cflag == CFLAG_ONLY_STATS) {
780 goto ret;
781 }
782 }
783
784 /* If not in -ff mode, and printing_tcp != tcp,
785 * then the log currently does not end with output
786 * of _our syscall entry_, but with something else.
787 * We need to say which syscall's return is this.
788 *
789 * Forced reprinting via TCB_REPRINT is used only by
790 * "strace -ff -oLOG test/threaded_execve" corner case.
791 * It's the only case when -ff mode needs reprinting.
792 */
793 if ((followfork < 2 && printing_tcp != tcp) || (tcp->flags & TCB_REPRINT)) {
794 tcp->flags &= ~TCB_REPRINT;
795 printleader(tcp);
796 tprintf("<... %s resumed> ", tcp->s_ent->sys_name);
797 }
798 printing_tcp = tcp;
799
800 tcp->s_prev_ent = NULL;
801 if (res != 1) {
802 /* There was error in one of prior ptrace ops */
803 tprints(") ");
804 tabto();
805 tprints("= ? <unavailable>\n");
806 line_ended();
807 tcp->flags &= ~(TCB_INSYSCALL | TCB_TAMPERED);
808 tcp->sys_func_rval = 0;
809 free_tcb_priv_data(tcp);
810 return res;
811 }
812 tcp->s_prev_ent = tcp->s_ent;
813
814 sys_res = 0;
815 if (tcp->qual_flg & QUAL_RAW) {
816 /* sys_res = printargs(tcp); - but it's nop on sysexit */
817 } else {
818 /* FIXME: not_failing_only (IOW, option -z) is broken:
819 * failure of syscall is known only after syscall return.
820 * Thus we end up with something like this on, say, ENOENT:
821 * open("doesnt_exist", O_RDONLY <unfinished ...>
822 * {next syscall decode}
823 * whereas the intended result is that open(...) line
824 * is not shown at all.
825 */
826 if (not_failing_only && tcp->u_error)
827 goto ret; /* ignore failed syscalls */
828 if (tcp->sys_func_rval & RVAL_DECODED)
829 sys_res = tcp->sys_func_rval;
830 else
831 sys_res = tcp->s_ent->sys_func(tcp);
832 }
833
834 tprints(") ");
835 tabto();
836 u_error = tcp->u_error;
837
838 if (tcp->qual_flg & QUAL_RAW) {
839 if (u_error) {
840 tprintf("= -1 (errno %lu)", u_error);
841 } else {
842 tprintf("= %#" PRI_klx, tcp->u_rval);
843 }
844 if (syscall_tampered(tcp))
845 tprints(" (INJECTED)");
846 }
847 else if (!(sys_res & RVAL_NONE) && u_error) {
848 switch (u_error) {
849 /* Blocked signals do not interrupt any syscalls.
850 * In this case syscalls don't return ERESTARTfoo codes.
851 *
852 * Deadly signals set to SIG_DFL interrupt syscalls
853 * and kill the process regardless of which of the codes below
854 * is returned by the interrupted syscall.
855 * In some cases, kernel forces a kernel-generated deadly
856 * signal to be unblocked and set to SIG_DFL (and thus cause
857 * death) if it is blocked or SIG_IGNed: for example, SIGSEGV
858 * or SIGILL. (The alternative is to leave process spinning
859 * forever on the faulty instruction - not useful).
860 *
861 * SIG_IGNed signals and non-deadly signals set to SIG_DFL
862 * (for example, SIGCHLD, SIGWINCH) interrupt syscalls,
863 * but kernel will always restart them.
864 */
865 case ERESTARTSYS:
866 /* Most common type of signal-interrupted syscall exit code.
867 * The system call will be restarted with the same arguments
868 * if SA_RESTART is set; otherwise, it will fail with EINTR.
869 */
870 tprints("= ? ERESTARTSYS (To be restarted if SA_RESTART is set)");
871 break;
872 case ERESTARTNOINTR:
873 /* Rare. For example, fork() returns this if interrupted.
874 * SA_RESTART is ignored (assumed set): the restart is unconditional.
875 */
876 tprints("= ? ERESTARTNOINTR (To be restarted)");
877 break;
878 case ERESTARTNOHAND:
879 /* pause(), rt_sigsuspend() etc use this code.
880 * SA_RESTART is ignored (assumed not set):
881 * syscall won't restart (will return EINTR instead)
882 * even after signal with SA_RESTART set. However,
883 * after SIG_IGN or SIG_DFL signal it will restart
884 * (thus the name "restart only if has no handler").
885 */
886 tprints("= ? ERESTARTNOHAND (To be restarted if no handler)");
887 break;
888 case ERESTART_RESTARTBLOCK:
889 /* Syscalls like nanosleep(), poll() which can't be
890 * restarted with their original arguments use this
891 * code. Kernel will execute restart_syscall() instead,
892 * which changes arguments before restarting syscall.
893 * SA_RESTART is ignored (assumed not set) similarly
894 * to ERESTARTNOHAND. (Kernel can't honor SA_RESTART
895 * since restart data is saved in "restart block"
896 * in task struct, and if signal handler uses a syscall
897 * which in turn saves another such restart block,
898 * old data is lost and restart becomes impossible)
899 */
900 tprints("= ? ERESTART_RESTARTBLOCK (Interrupted by signal)");
901 break;
902 default:
903 u_error_str = err_name(u_error);
904 if (u_error_str)
905 tprintf("= -1 %s (%s)",
906 u_error_str, strerror(u_error));
907 else
908 tprintf("= -1 %lu (%s)",
909 u_error, strerror(u_error));
910 break;
911 }
912 if (syscall_tampered(tcp))
913 tprintf(" (INJECTED)");
914 if ((sys_res & RVAL_STR) && tcp->auxstr)
915 tprintf(" (%s)", tcp->auxstr);
916 }
917 else {
918 if (sys_res & RVAL_NONE)
919 tprints("= ?");
920 else {
921 switch (sys_res & RVAL_MASK) {
922 case RVAL_HEX:
923 #if ANY_WORDSIZE_LESS_THAN_KERNEL_LONG
924 if (current_wordsize < sizeof(tcp->u_rval)) {
925 tprintf("= %#x",
926 (unsigned int) tcp->u_rval);
927 } else
928 #endif
929 {
930 tprintf("= %#" PRI_klx, tcp->u_rval);
931 }
932 break;
933 case RVAL_OCTAL:
934 tprints("= ");
935 print_numeric_long_umask(tcp->u_rval);
936 break;
937 case RVAL_UDECIMAL:
938 #if ANY_WORDSIZE_LESS_THAN_KERNEL_LONG
939 if (current_wordsize < sizeof(tcp->u_rval)) {
940 tprintf("= %u",
941 (unsigned int) tcp->u_rval);
942 } else
943 #endif
944 {
945 tprintf("= %" PRI_klu, tcp->u_rval);
946 }
947 break;
948 case RVAL_DECIMAL:
949 tprintf("= %" PRI_kld, tcp->u_rval);
950 break;
951 case RVAL_FD:
952 if (show_fd_path) {
953 tprints("= ");
954 printfd(tcp, tcp->u_rval);
955 }
956 else
957 tprintf("= %" PRI_kld, tcp->u_rval);
958 break;
959 default:
960 error_msg("invalid rval format");
961 break;
962 }
963 }
964 if ((sys_res & RVAL_STR) && tcp->auxstr)
965 tprintf(" (%s)", tcp->auxstr);
966 if (syscall_tampered(tcp))
967 tprints(" (INJECTED)");
968 }
969 if (Tflag) {
970 tv_sub(&tv, &tv, &tcp->etime);
971 tprintf(" <%ld.%06ld>",
972 (long) tv.tv_sec, (long) tv.tv_usec);
973 }
974 tprints("\n");
975 dumpio(tcp);
976 line_ended();
977
978 #ifdef USE_LIBUNWIND
979 if (stack_trace_enabled)
980 unwind_print_stacktrace(tcp);
981 #endif
982
983 ret:
984 tcp->flags &= ~(TCB_INSYSCALL | TCB_TAMPERED);
985 tcp->sys_func_rval = 0;
986 free_tcb_priv_data(tcp);
987 return 0;
988 }
989
990 int
trace_syscall(struct tcb * tcp,unsigned int * signo)991 trace_syscall(struct tcb *tcp, unsigned int *signo)
992 {
993 return exiting(tcp) ?
994 trace_syscall_exiting(tcp) : trace_syscall_entering(tcp, signo);
995 }
996
997 bool
is_erestart(struct tcb * tcp)998 is_erestart(struct tcb *tcp)
999 {
1000 switch (tcp->u_error) {
1001 case ERESTARTSYS:
1002 case ERESTARTNOINTR:
1003 case ERESTARTNOHAND:
1004 case ERESTART_RESTARTBLOCK:
1005 return true;
1006 default:
1007 return false;
1008 }
1009 }
1010
1011 static unsigned long saved_u_error;
1012
1013 void
temporarily_clear_syserror(struct tcb * tcp)1014 temporarily_clear_syserror(struct tcb *tcp)
1015 {
1016 saved_u_error = tcp->u_error;
1017 tcp->u_error = 0;
1018 }
1019
1020 void
restore_cleared_syserror(struct tcb * tcp)1021 restore_cleared_syserror(struct tcb *tcp)
1022 {
1023 tcp->u_error = saved_u_error;
1024 }
1025
1026 /*
1027 * Check the syscall return value register value for whether it is
1028 * a negated errno code indicating an error, or a success return value.
1029 */
1030 static inline bool
is_negated_errno(kernel_ulong_t val)1031 is_negated_errno(kernel_ulong_t val)
1032 {
1033 /* Linux kernel defines MAX_ERRNO to 4095. */
1034 kernel_ulong_t max = -(kernel_long_t) 4095;
1035
1036 #ifndef current_klongsize
1037 if (current_klongsize < sizeof(val)) {
1038 val = (uint32_t) val;
1039 max = (uint32_t) max;
1040 }
1041 #endif /* !current_klongsize */
1042
1043 return val >= max;
1044 }
1045
1046 #include "arch_regs.c"
1047
1048 #ifdef HAVE_GETRVAL2
1049 # include "arch_getrval2.c"
1050 #endif
1051
1052 void
print_pc(struct tcb * tcp)1053 print_pc(struct tcb *tcp)
1054 {
1055 #if defined ARCH_PC_REG
1056 # define ARCH_GET_PC 0
1057 #elif defined ARCH_PC_PEEK_ADDR
1058 kernel_ulong_t pc;
1059 # define ARCH_PC_REG pc
1060 # define ARCH_GET_PC upeek(tcp->pid, ARCH_PC_PEEK_ADDR, &pc)
1061 #else
1062 # error Neither ARCH_PC_REG nor ARCH_PC_PEEK_ADDR is defined
1063 #endif
1064 if (get_regs_error || ARCH_GET_PC)
1065 tprints(current_wordsize == 4 ? "[????????] "
1066 : "[????????????????] ");
1067 else
1068 tprintf(current_wordsize == 4
1069 ? "[%08" PRI_klx "] " : "[%016" PRI_klx "] ",
1070 (kernel_ulong_t) ARCH_PC_REG);
1071 }
1072
1073 #include "getregs_old.h"
1074
1075 #undef ptrace_getregset_or_getregs
1076 #undef ptrace_setregset_or_setregs
1077 #ifdef ARCH_REGS_FOR_GETREGSET
1078
1079 # define ptrace_getregset_or_getregs ptrace_getregset
1080 static long
ptrace_getregset(pid_t pid)1081 ptrace_getregset(pid_t pid)
1082 {
1083 # ifdef ARCH_IOVEC_FOR_GETREGSET
1084 /* variable iovec */
1085 ARCH_IOVEC_FOR_GETREGSET.iov_len = sizeof(ARCH_REGS_FOR_GETREGSET);
1086 return ptrace(PTRACE_GETREGSET, pid, NT_PRSTATUS,
1087 &ARCH_IOVEC_FOR_GETREGSET);
1088 # else
1089 /* constant iovec */
1090 static struct iovec io = {
1091 .iov_base = &ARCH_REGS_FOR_GETREGSET,
1092 .iov_len = sizeof(ARCH_REGS_FOR_GETREGSET)
1093 };
1094 return ptrace(PTRACE_GETREGSET, pid, NT_PRSTATUS, &io);
1095
1096 # endif
1097 }
1098
1099 # ifndef HAVE_GETREGS_OLD
1100 # define ptrace_setregset_or_setregs ptrace_setregset
1101 static int
ptrace_setregset(pid_t pid)1102 ptrace_setregset(pid_t pid)
1103 {
1104 # ifdef ARCH_IOVEC_FOR_GETREGSET
1105 /* variable iovec */
1106 return ptrace(PTRACE_SETREGSET, pid, NT_PRSTATUS,
1107 &ARCH_IOVEC_FOR_GETREGSET);
1108 # else
1109 /* constant iovec */
1110 static struct iovec io = {
1111 .iov_base = &ARCH_REGS_FOR_GETREGSET,
1112 .iov_len = sizeof(ARCH_REGS_FOR_GETREGSET)
1113 };
1114 return ptrace(PTRACE_SETREGSET, pid, NT_PRSTATUS, &io);
1115 # endif
1116 }
1117 # endif /* !HAVE_GETREGS_OLD */
1118
1119 #elif defined ARCH_REGS_FOR_GETREGS
1120
1121 # define ptrace_getregset_or_getregs ptrace_getregs
1122 static long
ptrace_getregs(pid_t pid)1123 ptrace_getregs(pid_t pid)
1124 {
1125 # if defined SPARC || defined SPARC64
1126 /* SPARC systems have the meaning of data and addr reversed */
1127 return ptrace(PTRACE_GETREGS, pid, (void *) &ARCH_REGS_FOR_GETREGS, 0);
1128 # else
1129 return ptrace(PTRACE_GETREGS, pid, NULL, &ARCH_REGS_FOR_GETREGS);
1130 # endif
1131 }
1132
1133 # ifndef HAVE_GETREGS_OLD
1134 # define ptrace_setregset_or_setregs ptrace_setregs
1135 static int
ptrace_setregs(pid_t pid)1136 ptrace_setregs(pid_t pid)
1137 {
1138 # if defined SPARC || defined SPARC64
1139 /* SPARC systems have the meaning of data and addr reversed */
1140 return ptrace(PTRACE_SETREGS, pid, (void *) &ARCH_REGS_FOR_GETREGS, 0);
1141 # else
1142 return ptrace(PTRACE_SETREGS, pid, NULL, &ARCH_REGS_FOR_GETREGS);
1143 # endif
1144 }
1145 # endif /* !HAVE_GETREGS_OLD */
1146
1147 #endif /* ARCH_REGS_FOR_GETREGSET || ARCH_REGS_FOR_GETREGS */
1148
1149 void
get_regs(pid_t pid)1150 get_regs(pid_t pid)
1151 {
1152 #undef USE_GET_SYSCALL_RESULT_REGS
1153 #ifdef ptrace_getregset_or_getregs
1154
1155 # ifdef HAVE_GETREGS_OLD
1156 /*
1157 * Try PTRACE_GETREGSET/PTRACE_GETREGS first,
1158 * fallback to getregs_old.
1159 */
1160 static int use_getregs_old;
1161 if (use_getregs_old < 0) {
1162 get_regs_error = ptrace_getregset_or_getregs(pid);
1163 return;
1164 } else if (use_getregs_old == 0) {
1165 get_regs_error = ptrace_getregset_or_getregs(pid);
1166 if (get_regs_error >= 0) {
1167 use_getregs_old = -1;
1168 return;
1169 }
1170 if (errno == EPERM || errno == ESRCH)
1171 return;
1172 use_getregs_old = 1;
1173 }
1174 get_regs_error = getregs_old(pid);
1175 # else /* !HAVE_GETREGS_OLD */
1176 /* Assume that PTRACE_GETREGSET/PTRACE_GETREGS works. */
1177 get_regs_error = ptrace_getregset_or_getregs(pid);
1178 # endif /* !HAVE_GETREGS_OLD */
1179
1180 #else /* !ptrace_getregset_or_getregs */
1181
1182 # define USE_GET_SYSCALL_RESULT_REGS 1
1183 # warning get_regs is not implemented for this architecture yet
1184 get_regs_error = 0;
1185
1186 #endif /* !ptrace_getregset_or_getregs */
1187 }
1188
1189 #ifdef ptrace_setregset_or_setregs
1190 static int
set_regs(pid_t pid)1191 set_regs(pid_t pid)
1192 {
1193 return ptrace_setregset_or_setregs(pid);
1194 }
1195 #endif /* ptrace_setregset_or_setregs */
1196
1197 struct sysent_buf {
1198 struct tcb *tcp;
1199 struct_sysent ent;
1200 char buf[sizeof("syscall_%lu") + sizeof(kernel_ulong_t) * 3];
1201 };
1202
1203 static void
free_sysent_buf(void * ptr)1204 free_sysent_buf(void *ptr)
1205 {
1206 struct sysent_buf *s = ptr;
1207 s->tcp->s_prev_ent = s->tcp->s_ent = NULL;
1208 free(ptr);
1209 }
1210
1211 /*
1212 * Returns:
1213 * 0: "ignore this ptrace stop", bail out of trace_syscall_entering() silently.
1214 * 1: ok, continue in trace_syscall_entering().
1215 * other: error, trace_syscall_entering() should print error indicator
1216 * ("????" etc) and bail out.
1217 */
1218 int
get_scno(struct tcb * tcp)1219 get_scno(struct tcb *tcp)
1220 {
1221 if (get_regs_error)
1222 return -1;
1223
1224 int rc = arch_get_scno(tcp);
1225 if (rc != 1)
1226 return rc;
1227
1228 if (scno_is_valid(tcp->scno)) {
1229 tcp->s_ent = &sysent[tcp->scno];
1230 tcp->qual_flg = qual_flags(tcp->scno);
1231 } else {
1232 struct sysent_buf *s = xcalloc(1, sizeof(*s));
1233
1234 s->tcp = tcp;
1235 s->ent.nargs = MAX_ARGS;
1236 s->ent.sen = SEN_printargs;
1237 s->ent.sys_func = printargs;
1238 s->ent.sys_name = s->buf;
1239 sprintf(s->buf, "syscall_%" PRI_klu, shuffle_scno(tcp->scno));
1240
1241 tcp->s_ent = &s->ent;
1242 tcp->qual_flg = QUAL_RAW | DEFAULT_QUAL_FLAGS;
1243
1244 set_tcb_priv_data(tcp, s, free_sysent_buf);
1245
1246 if (debug_flag)
1247 error_msg("pid %d invalid syscall %" PRI_kld,
1248 tcp->pid, tcp->scno);
1249 }
1250 return 1;
1251 }
1252
1253 #ifdef USE_GET_SYSCALL_RESULT_REGS
1254 static int get_syscall_result_regs(struct tcb *);
1255 #endif
1256
1257 /* Returns:
1258 * 1: ok, continue in trace_syscall_exiting().
1259 * -1: error, trace_syscall_exiting() should print error indicator
1260 * ("????" etc) and bail out.
1261 */
1262 static int
get_syscall_result(struct tcb * tcp)1263 get_syscall_result(struct tcb *tcp)
1264 {
1265 #ifdef USE_GET_SYSCALL_RESULT_REGS
1266 if (get_syscall_result_regs(tcp))
1267 return -1;
1268 #endif
1269 tcp->u_error = 0;
1270 get_error(tcp, !(tcp->s_ent->sys_flags & SYSCALL_NEVER_FAILS));
1271
1272 return 1;
1273 }
1274
1275 #include "get_scno.c"
1276 #include "set_scno.c"
1277 #include "get_syscall_args.c"
1278 #ifdef USE_GET_SYSCALL_RESULT_REGS
1279 # include "get_syscall_result.c"
1280 #endif
1281 #include "get_error.c"
1282 #include "set_error.c"
1283 #ifdef HAVE_GETREGS_OLD
1284 # include "getregs_old.c"
1285 #endif
1286
1287 const char *
syscall_name(kernel_ulong_t scno)1288 syscall_name(kernel_ulong_t scno)
1289 {
1290 #if defined X32_PERSONALITY_NUMBER && defined __X32_SYSCALL_BIT
1291 if (current_personality == X32_PERSONALITY_NUMBER)
1292 scno &= ~__X32_SYSCALL_BIT;
1293 #endif
1294 return scno_is_valid(scno) ? sysent[scno].sys_name: NULL;
1295 }
1296