IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
When receiving SIGSYS, the si_syscall & si_arch fields are set to known
values, so make sure we decode their values into the symbol settings.
This makes stracing seccomp failures much easier.
* defs.h (syscall_name): New prototype.
* printsiginfo.c: Include linux/audit.h and xlat/audit_arch.h.
(print_si_info): Decode si_syscall & si_arch for SIGSYS.
* syscall.c (undefined_scno_name): Delete.
(syscall_name): New function.
(trace_syscall_entering): Change undefined_scno_name to syscall_name.
(trace_syscall_exiting): Likewise.
* xlat/audit_arch.in: New file.
* pathtrace.c (pathtrace_match): Change all comparisons with function
pointers to a single SEN based switch.
* syscall.c (dumpio, trace_syscall_entering): Change all comparisons
with function pointers to comparisons with SENs.
* ipc.c (sys_ipc): Remove.
* sock.c (sys_socketcall): Likewise.
* linux/dummy.h (sys_ipc, sys_socketcall): New aliases.
* Makefile.am (BUILT_SOURCES, CLEANFILES): Add sen.h.
(syscallent_names, syscallent_patterns, syscallent_files): New variables.
(sen.h): New rule.
* defs.h (struct sysent): Add sen field.
* generate_sen.sh: New file.
* linux/syscall.h: Include "sen.h".
* syscall.c (SEN_NAME): New temporary macro.
(SEN): Use it to prepend syscall entry number.
* syscall.c (SEN): New temporary macro.
* linux/dummy.h (sys_printargs): New macro.
* linux/subcall.h: Wrap all sys_func entries using SEN.
* linux/*/syscallent*.h: Likewise.
Implement a method for "on entering" parsers to return
"done with decoding" information to their callers.
If a syscall parser called from trace_syscall_entering returns a value
with RVAL_DECODED bit set, record this value in tcp->sys_func_rval
and use it in trace_syscall_exiting instead of calling the parser on
exiting syscall.
If an ioctl parser returned RVAL_DECODED, this would tell
SYS_FUNC(ioctl) that the decoding is finished but fallback printing of
the ioctl command argument is needed, while e.g. RVAL_DONE+1 would mean
that the decoding is finished and no fallback decoding is needed.
* defs.h (struct tcb): Add sys_func_rval.
(RVAL_DECODED): New macro.
* syscall.c (trace_syscall_entering): Initialize tcp->sys_func_rval
along with setting TCB_INSYSCALL flag.
(trace_syscall_exiting): Use tcp->sys_func_rval instead of calling
tcp->s_ent->sys_func when the former has RVAL_DECODED flag set.
Reset tcp->sys_func_rval along with clearing TCB_INSYSCALL flag.
* ioctl.c (sys_ioctl): Set RVAL_DECODED flag on exiting.
Print ioctl argument iff RVAL_DECODED is set and fallback decoding
is requested.
* aio.c (print_common_flags): Use #ifdef in the check for
HAVE_STRUCT_IOCB_U_C_FLAGS.
* defs.h: Use #ifdef in the check for HAVE_LITTLE_ENDIAN_LONG_LONG.
* net.c: Use #ifdef in the check for HAVE_SENDMSG.
* syscall.c (dumpio): Likewise.
* printstat.h (DO_PRINTSTAT): Use #ifdef in checks for
HAVE_STRUCT_STAT_ST_* macros.
* util.c: Use #ifdef in checks for HAVE_SYS_XATTR_H.
Introduce wrappers to the following functions that do memory allocation:
malloc, calloc, realloc, strdup.
This commit is a follow-up to the related discussions in strace-devel ML:
http://sourceforge.net/p/strace/mailman/message/33618180/http://sourceforge.net/p/strace/mailman/message/33733470/
* defs.h (xmalloc, xcalloc, xreallocarray, xstrdup): New prototypes.
* xmalloc.c: New file.
* Makefile.am (strace_SOURCES): Add it.
* count.c (count_syscall, call_summary_pers): Use xcalloc.
* desc.c (decode_select): Use xmalloc.
* dirent.c (sys_getdents, sys_getdents64): Likewise.
* net.c (sys_recvmmsg): Use xstrdup.
* pathtrace.c (storepath): Use xreallocarray.
(pathtrace_match): Use xmalloc.
* strace.c (die_out_of_memory): Move to xmalloc.c.
(expand_tcbtab): Use xcalloc and xreallocarray.
(startup_child): Use xstrdup.
(init): Use xmalloc, xcalloc, and xstrdup.
* syscall.c (reallocate_qual): Use xreallocarray.
(qualify): Use xstrdup.
* unwind.c (unwind_tcb_init): Use xmalloc.
(build_mmap_cache): Use xcalloc, xreallocarray, and xstrdup.
(get_symbol_name): Use xreallocarray.
(stacktrace_walk, queue_put): Use xmalloc.
* util.c (printstr): Use xmalloc.
* vsprintf.c (strace_vfprintf): Likewise.
Split code that use arch-specific registers to separate arch files.
* syscall.c: Move definitions of variables containing fetched registers
to linux/*/arch_regs.c files.
[HAVE_GETRVAL2] (getrval2): Move arch-specific code
to linux/*/arch_getrval2.c, include "arch_getrval2.c".
(print_pc): Move arch-specific code to linux/*/print_pc.c files,
include "print_pc.c".
[X86_64] (x86_64_getregs_old): Rename to getregs_old, move to
linux/x86_64/getregs_old.c, include "getregs_old.c".
[POWERPC] (powerpc_getregs_old): Rename to getregs_old, move to
linux/powerpc/getregs_old.c, include "getregs_old.c".
(get_regs) [X86_64, POWERPC]: Update callers.
(get_scno): Move arch-specific code to linux/*/get_scno.c,
include "get_scno.c".
(get_syscall_args): Move arch-specific code
to linux/*/get_syscall_args.c, include "get_syscall_args.c".
(get_error): Move arch-specific code to linux/*/get_error.c,
include "get_error.c".
(get_syscall_result): Move arch-specific code
to linux/*/get_syscall_result.c, include "get_syscall_result.c".
* Makefile.am (EXTRA_DIST): Add new linux/*/*.c files.
Starting with commit v4.10-25-g8497b62, get_scno() can be called outside
trace_syscall_entering(), so move the get_regs_error check from
trace_syscall_entering() to get_scno().
* syscall.c (trace_syscall_entering): Move get_regs_error check ...
(get_scno): ... here.
When signal is received, or if we have attached to a process,
current syscall (if process is in one) gets restarted.
Some syscalls are restarted via "restart_syscall()" mechanism.
On such sycalls, we don't show _which_ syscall gets restarted.
IOW: users want to see "resuming interrupted nanosleep"
instead of "resuming interrupted call" when they attach to "sleep 999".
Kernel does expose this information. The only thing we need is
to fetch syscall# on attach, and save it.
This patch does this. It adds tcp->s_prev_ent, which is
a pointer to struct_sysent of the previous syscall of this tracee.
It can be NULL.
sys_restart_syscall() is made to use it when the message is generated.
To similarly handle restart_syscall() *after signals*, not just
on attach, on each syscall exit patch saves exited syscall's data
in the same member (tcp->s_prev_ent).
Example:
$ sleep 3 & strace -p $!
Process 8728 attached
restart_syscall(<... resuming interrupted nanosleep ...>) = 0
_exit(0) = ?
+++ exited with 0 +++
Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
Fix compilation warnings introduced by commit
5b9b7e1d34:
signal.c:702:45: warning: signed and unsigned type in conditional expression [-Wsign-compare]
syscall.c:746:34: warning: initialization from incompatible pointer type [enabled by default]
* syscall.c [AARCH64] (aarch64_sp_ptr): Add explicit cast.
[AARCH64] (arm_sp_ptr): Change pointer type to unsigned.
* linux/aarch64/arch_regs.h (arm_sp_ptr): Update.
Reported-by: Mike Frysinger <vapier@gentoo.org>
* linux/64/syscallent.h (139): Use sys_sigreturn for rt_sigreturn
decoding.
* syscall.c [ARM] (arm_regs): Make static.
[ARM] (arm_sp_ptr): New variable.
[AARCH64] (aarch64_sp_ptr, arm_sp_ptr): New variables.
* linux/aarch64/arch_regs.h: New file.
* linux/arm/arch_regs.h (arm_regs): Remove.
(arm_sp_ptr): New declaration.
* signal.c (sys_sigreturn) [ARM]: Use arm_sp_ptr.
[AARCH64]: Print signal mask.
Restore the order of including <sys/reg.h> and <linux/ptrace.h>
headers that was inadvertently changed by commit v4.9-280-g5503dd2.
This should fix build on platforms like m68k where some constants
are defined simultaneously as enums by <sys/reg.h> and as macros
by <asm/ptrace.h>.
* process.c: Include "ptrace.h" after "regs.h".
* signal.c: Likewise.
* syscall.c: Likewise.
* util.c: Likewise.
Assume that the kernel is v2.5.46 or newer, i.e. PTRACE_SETOPTIONS
and PTRACE_O_TRACESYSGOOD|PTRACE_O_TRACEEXEC|PTRACE_O_TRACECLONE
are universally available.
This change removes all code that implemented post-execve SIGTRAP
handling and fork/vfork/clone->CLONE_PTRACE substitution.
* defs.h (TCB_BPTSET, TCB_WAITEXECVE): Remove macros.
(need_fork_exec_workarounds, setbpt, clearbpt): Remove declarations.
* strace.c (need_fork_exec_workarounds,
test_ptrace_setoptions_followfork, test_ptrace_setoptions_for_all):
Remove.
(syscall_trap_sig): Set to (SIGTRAP | 0x80).
(ptrace_setoptions): Set to (PTRACE_O_TRACESYSGOOD | PTRACE_O_TRACEEXEC).
(detach): Do not test for TCB_BPTSET.
(init): Do not call test_ptrace_setoptions_followfork and
test_ptrace_setoptions_for_all. Do not test for TCB_BPTSET.
* syscall.c (syscall_fixup_on_sysenter, internal_fork, internal_exec,
syscall_fixup_for_fork_exec, syscall_fixup_on_sysexit): Remove.
(trace_syscall_entering): Do not test for TCB_WAITEXECVE. Do not call
syscall_fixup_on_sysenter and syscall_fixup_for_fork_exec.
(trace_syscall_exiting): Do not call syscall_fixup_on_sysexit and
syscall_fixup_for_fork_exec.
[IA64] (ia64_ia32mode): Make static.
* linux/ia64/arch_regs.h (ia64_ia32mode): Remove declaration.
* util.c: Do not include "syscall.h".
(arg_setup, get_arg0, get_arg1, set_arg0, set_arg1, restore_arg0,
restore_arg1, arg_finish_change, change_syscall, setbpt, clearbpt):
Remove.
* tests/ptrace_setoptions.test: Remove.
* tests/Makefile.am (TESTS): Remove it.
Linux kernel used to guarantee that the largest errno value will not
exceed 4095, but SECCOMP_RET_ERRNO support introduced by kernel commit
v3.4-rc2-13-gacf3b2c71ed20c53dc69826683417703c2a88059 inadvertently
broke it. The guarantee is back with kernel commit
v3.19-8275-g580c57f1076872ebc2427f898b927944ce170f2d.
* syscall.c (is_negated_errno): Set maximum errno value to 4095.
* syscall.c (print_pc): Choose instruction pointer format depending
on current_wordsize, not the size of long integer type.
* tests/pc.c: New file.
* tests/pc.test: New test.
* tests/Makefile.am (check_PROGRAMS): Add pc.
(TESTS): Add pc.test.
* tests/.gitignore: Add pc.
* linux/mips/arch_regs.h (struct mips_regs): New structure.
(mips_REG_*): New macros.
* signal.c (sys_sigreturn) [MIPS]: Use mips_REG_SP.
* syscall.c [MIPS] (struct mips_regs): New variable.
[MIPS] (ARCH_REGS_FOR_GETREGS): New macro.
(mips_a3, mips_r2): Remove.
(print_pc) [MIPS]: Use mips_REG_EPC.
(get_scno) [MIPS]: Use mips_REG_V0 and mips_REG_A3.
(get_syscall_args) [MIPS]: Use mips_REG_A[0-5].
(get_syscall_result) [MIPS]: Remove.
(get_error) [MIPS]: Use mips_REG_A3 and mips_REG_V0.
Some gcc versions complain about assigning long* to uint32_t* on i386.
* syscall.c [I386] (i386_esp_ptr): Change type from uint32_t* to long*.
* linux/i386/arch_regs.h (i386_esp_ptr): Likewise.
* linux/x86_64/arch_regs.h: Do not include "i386/arch_regs.h".
(i386_esp_ptr): New prototype.
As get_regs() is now guaranteed to fetch registers when either
ARCH_REGS_FOR_GETREGSET or ARCH_REGS_FOR_GETREGS is defined, we can
safely replace all checks for architectures where these macros are defined
with a single check for these macros.
* syscall.c (get_syscall_result): Check for [ARCH_REGS_FOR_GETREGSET ||
ARCH_REGS_FOR_GETREGS]. Remove all checks for architectures where
nothing has to be done after get_regs().
* syscall.c [AARCH64, X86_64, X32] (ARCH_REGS_FOR_GETREGSET,
ARCH_IOVEC_FOR_GETREGSET): New macros.
(get_regset): Define iff ARCH_REGS_FOR_GETREGSET is defined; change
return type to long, return ptrace() return code instead of assigning it
to get_regs_error; do not list individual architectures, implement
constant and variable iovec cases depending on ARCH_IOVEC_FOR_GETREGSET.
(get_regs): Assign get_regset() return code to get_regs_error.
PTRACE_GETREGSET and PTRACE_GETREGS methods are equally good on arm and
i386 architectures, but PTRACE_GETREGSET with fallback to PTRACE_GETREGS
is a bit more costly, so choose the method that costs less.
This partially reverts commit v4.7-149-gfaa177e.
* syscall.c [ARM, I386] (ARCH_REGS_FOR_GETREGSET): Remove.
(get_regset) [ARM || I386]: Remove.
(get_regs) [ARM || I386]: Use PTRACE_GETREGS unconditionally.
* regs.h: New file.
* Makefile.am (strace_SOURCES): Add it.
* linux/arch_regs.h: New file.
* linux/alpha/arch_regs.h: Likewise.
* linux/arm/arch_regs.h: Likewise.
* linux/hppa/arch_regs.h: Likewise.
* linux/i386/arch_regs.h: Likewise.
* linux/ia64/arch_regs.h: Likewise.
* linux/mips/arch_regs.h: Likewise.
* linux/powerpc/arch_regs.h: Likewise.
* linux/sh64/arch_regs.h: Likewise.
* linux/sparc/arch_regs.h: Likewise.
* linux/sparc64/arch_regs.h: Likewise.
* linux/tile/arch_regs.h: Likewise.
* linux/x86_64/arch_regs.h: Likewise.
* Makefile.am (EXTRA_DIST): Add them.
* defs.h: Remove definitions of PTRACE_*, REG_*, PT_*, U_REG_*,
and ARM_* macros.
Remove declarations of struct pt_regs variables.
[SPARC]: Do not include <asm/psr.h>.
[SPARC64]: Do not include <asm/psrcompat.h>.
* bjm.c: Do not include <sys/user.h>.
* process.c: Include "regs.h".
Do not include <sys/user.h> and <sys/reg.h>.
[IA64]: Do not include <asm/ptrace_offsets.h> and <asm/rse.h>.
* util.c: Likewise.
* syscall.c: Likewise.
[AARCH64]: Define struct arm_pt_regs and ARM_* macros.
[SPARC]: Include <asm/psr.h>.
[SPARC64]: Include <asm/psrcompat.h>.
* signal.c: Include "regs.h".
Do not include <sys/user.h> and <sys/reg.h>.
[IA64]: Do not include <asm/ptrace_offsets.h>.
* strace.c [IA64]: Do not include <asm/ptrace_offsets.h>.
If PTRACE_O_TRACEEXEC option is enabled, then post-execve SIGTRAPs are
suppressed and we can safely skip -ENOSYS heuristics. This partially
reverts commits v4.9-258-g8e398b6 and v4.9-261-gd70c41d.
* syscall.c (syscall_fixup_on_sysenter): Skip if PTRACE_O_TRACEEXEC
flag is set in ptrace_setoptions. Remove all SECCOMP_RET_ERRNO
workarounds as they are not needed when PTRACE_O_TRACEEXEC is not
supported by the kernel.
Thanks to SECCOMP_RET_DATA == 0xffff, abnormally large errno
values could be easily seen when a seccomp filter is used, e.g.
BPF_STMT(BPF_RET, SECCOMP_RET_ERRNO | SECCOMP_RET_DATA)
* syscall.c (is_negated_errno): Allow errno values as large as 0xffff.
This is required to process SECCOMP_RET_ERRNO filtered syscalls on
systems where linux kernel does not change the syscall number to -1.
* syscall.c (is_negated_errno): Move before syscall_fixup_on_sysenter.
(syscall_fixup_on_sysenter) [I386 || X32 || X86_64] : Use it to check
AX register.
Use the same function name on all architectures.
* syscall.c [X32] (is_negated_errno_x32): Rename to is_negated_errno.
(get_error) [X32]: Update callers.
Syscall number -1 might be a side effect of SECCOMP_RET_ERRNO filtering.
* syscall.c (syscall_fixup_on_sysenter) [I386 || X32 || X86_64]:
Do not skip syscalls that have number -1.
