-
Notifications
You must be signed in to change notification settings - Fork 0
/
defs.h
1657 lines (1432 loc) · 54.3 KB
/
defs.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
/*
* Copyright (c) 1991, 1992 Paul Kranenburg <[email protected]>
* Copyright (c) 1993 Branko Lankester <[email protected]>
* Copyright (c) 1993, 1994, 1995, 1996 Rick Sladkey <[email protected]>
* Copyright (c) 2001-2019 The strace developers.
* All rights reserved.
*
* SPDX-License-Identifier: LGPL-2.1-or-later
*/
#ifndef STRACE_DEFS_H
# define STRACE_DEFS_H
# ifdef HAVE_CONFIG_H
# include "config.h"
# endif
# ifdef ENABLE_DATASERIES
# include <strace2ds.h>
# include <utime.h>
# include <limits.h>
# endif /* ENABLE_DATASERIES */
# include <features.h>
# include <stdbool.h>
# include <stdint.h>
# include <inttypes.h>
# include <sys/types.h>
# include <stddef.h>
# include <unistd.h>
# include <stdlib.h>
# include <stdio.h>
/* Open-coding isprint(ch) et al proved more efficient than calling
* generalized libc interface. We don't *want* to do non-ASCII anyway.
*/
/* #include <ctype.h> */
# include <string.h>
# include <errno.h>
# include <time.h>
# include <sys/time.h>
# include "arch_defs.h"
# include "error_prints.h"
# include "gcc_compat.h"
# include "kernel_types.h"
# include "list.h"
# include "macros.h"
# include "mpers_type.h"
# include "string_to_uint.h"
# include "sysent.h"
# include "xmalloc.h"
# ifndef HAVE_STRERROR
const char *strerror(int);
# endif
# ifndef HAVE_STPCPY
/* Some libc have stpcpy, some don't. Sigh...
* Roll our private implementation...
*/
# undef stpcpy
# define stpcpy strace_stpcpy
extern char *stpcpy(char *dst, const char *src);
# endif
/* Glibc has an efficient macro for sigemptyset
* (it just does one or two assignments of 0 to internal vector of longs).
*/
# if defined(__GLIBC__) && defined(__sigemptyset) && !defined(sigemptyset)
# define sigemptyset __sigemptyset
# endif
/* Configuration section */
# ifndef DEFAULT_STRLEN
/* default maximum # of bytes printed in `printstr', change with -s switch */
# define DEFAULT_STRLEN 32
# endif
# ifndef DEFAULT_ACOLUMN
# define DEFAULT_ACOLUMN 40 /* default alignment column for results */
# endif
/*
* Maximum number of args to a syscall.
*
* Make sure that all entries in all syscallent.h files have nargs <= MAX_ARGS!
* linux/<ARCH>/syscallent*.h:
* all have nargs <= 6 except mips o32 which has nargs <= 7.
*/
# ifndef MAX_ARGS
# ifdef LINUX_MIPSO32
# define MAX_ARGS 7
# else
# define MAX_ARGS 6
# endif
# endif
/* default sorting method for call profiling */
# ifndef DEFAULT_SORTBY
# define DEFAULT_SORTBY "time"
# endif
/* To force NOMMU build, set to 1 */
# define NOMMU_SYSTEM 0
# ifndef ERESTARTSYS
# define ERESTARTSYS 512
# endif
# ifndef ERESTARTNOINTR
# define ERESTARTNOINTR 513
# endif
# ifndef ERESTARTNOHAND
# define ERESTARTNOHAND 514
# endif
# ifndef ERESTART_RESTARTBLOCK
# define ERESTART_RESTARTBLOCK 516
# endif
# define PERSONALITY0_WORDSIZE SIZEOF_LONG
# define PERSONALITY0_KLONGSIZE SIZEOF_KERNEL_LONG_T
# define PERSONALITY0_INCLUDE_PRINTERS_DECLS "native_printer_decls.h"
# define PERSONALITY0_INCLUDE_PRINTERS_DEFS "native_printer_defs.h"
# if SUPPORTED_PERSONALITIES > 1
# define PERSONALITY1_WORDSIZE 4
# define PERSONALITY1_KLONGSIZE PERSONALITY1_WORDSIZE
# endif
# if SUPPORTED_PERSONALITIES > 2
# define PERSONALITY2_WORDSIZE 4
# define PERSONALITY2_KLONGSIZE PERSONALITY0_KLONGSIZE
# endif
# if SUPPORTED_PERSONALITIES > 1 && defined HAVE_M32_MPERS
# define PERSONALITY1_INCLUDE_PRINTERS_DECLS "m32_printer_decls.h"
# define PERSONALITY1_INCLUDE_PRINTERS_DEFS "m32_printer_defs.h"
# define PERSONALITY1_INCLUDE_FUNCS "m32_funcs.h"
# define MPERS_m32_IOCTL_MACROS "ioctl_redefs1.h"
# define HAVE_PERSONALITY_1_MPERS 1
# else
# define PERSONALITY1_INCLUDE_PRINTERS_DECLS "native_printer_decls.h"
# define PERSONALITY1_INCLUDE_PRINTERS_DEFS "native_printer_defs.h"
# define PERSONALITY1_INCLUDE_FUNCS "empty.h"
# define HAVE_PERSONALITY_1_MPERS 0
# endif
# if SUPPORTED_PERSONALITIES > 2 && defined HAVE_MX32_MPERS
# define PERSONALITY2_INCLUDE_FUNCS "mx32_funcs.h"
# define PERSONALITY2_INCLUDE_PRINTERS_DECLS "mx32_printer_decls.h"
# define PERSONALITY2_INCLUDE_PRINTERS_DEFS "mx32_printer_defs.h"
# define MPERS_mx32_IOCTL_MACROS "ioctl_redefs2.h"
# define HAVE_PERSONALITY_2_MPERS 1
# else
# define PERSONALITY2_INCLUDE_PRINTERS_DECLS "native_printer_decls.h"
# define PERSONALITY2_INCLUDE_PRINTERS_DEFS "native_printer_defs.h"
# define PERSONALITY2_INCLUDE_FUNCS "empty.h"
# define HAVE_PERSONALITY_2_MPERS 0
# endif
# ifdef WORDS_BIGENDIAN
# define is_bigendian true
# else
# define is_bigendian false
# endif
# if SUPPORTED_PERSONALITIES > 1
extern void set_personality(unsigned int personality);
extern unsigned current_personality;
# else
# define set_personality(personality) ((void)0)
# define current_personality 0
# endif
# if SUPPORTED_PERSONALITIES == 1
# define current_wordsize PERSONALITY0_WORDSIZE
# define current_klongsize PERSONALITY0_KLONGSIZE
# else
# if SUPPORTED_PERSONALITIES == 2 && PERSONALITY0_WORDSIZE == PERSONALITY1_WORDSIZE
# define current_wordsize PERSONALITY0_WORDSIZE
# else
extern unsigned current_wordsize;
# endif
# if SUPPORTED_PERSONALITIES == 2 && PERSONALITY0_KLONGSIZE == PERSONALITY1_KLONGSIZE
# define current_klongsize PERSONALITY0_KLONGSIZE
# else
extern unsigned current_klongsize;
# endif
# endif
# define max_addr() (~0ULL >> ((8 - current_wordsize) * 8))
# define max_kaddr() (~0ULL >> ((8 - current_klongsize) * 8))
/* Shorthands for defining word/klong-based dispatcher function bodies */
# ifndef current_wordsize
# define opt_wordsize(opt_64_, opt_32_) \
((current_wordsize > sizeof(uint32_t)) ? (opt_64_) : (opt_32_))
# define dispatch_wordsize(call_64_, call_32_, ...) \
((current_wordsize > sizeof(uint32_t)) \
? (call_64_)(__VA_ARGS__) : (call_32_)(__VA_ARGS__))
# elif current_wordsize > 4
# define opt_wordsize(opt_64_, opt_32_) (opt_64_)
# define dispatch_wordsize(call_64_, call_32_, ...) ((call_64_)(__VA_ARGS__))
# else /* current_wordsize == 4 */
# define opt_wordsize(opt_64_, opt_32_) (opt_32_)
# define dispatch_wordsize(call_64_, call_32_, ...) ((call_32_)(__VA_ARGS__))
# endif
# ifndef current_klongsize
# define opt_klongsize(opt_64_, opt_32_) \
((current_klongsize > sizeof(uint32_t)) ? (opt_64_) : (opt_32_))
# define dispatch_klongsize(call_64_, call_32_, ...) \
((current_klongsize > sizeof(uint32_t)) \
? (call_64_)(__VA_ARGS__) : (call_32_)(__VA_ARGS__))
# elif current_klongsize > 4
# define opt_klongsize(opt_64_, opt_32_) (opt_64_)
# define dispatch_klongsize(call_64_, call_32_, ...) ((call_64_)(__VA_ARGS__))
# else /* current_klongsize == 4 */
# define opt_klongsize(opt_64_, opt_32_) (opt_32_)
# define dispatch_klongsize(call_64_, call_32_, ...) ((call_32_)(__VA_ARGS__))
# endif
typedef struct ioctlent {
const char *symbol;
unsigned int code;
} struct_ioctlent;
# define INJECT_F_SIGNAL 0x01
# define INJECT_F_ERROR 0x02
# define INJECT_F_RETVAL 0x04
# define INJECT_F_DELAY_ENTER 0x08
# define INJECT_F_DELAY_EXIT 0x10
# define INJECT_F_SYSCALL 0x20
# define INJECT_ACTION_FLAGS \
(INJECT_F_SIGNAL \
|INJECT_F_ERROR \
|INJECT_F_RETVAL \
|INJECT_F_DELAY_ENTER \
|INJECT_F_DELAY_EXIT \
)
struct inject_data {
uint8_t flags; /* 6 of 8 flags are used so far */
uint8_t signo; /* NSIG <= 128 */
uint16_t rval_idx; /* index in retval_vec */
uint16_t delay_idx; /* index in delay_data_vec */
uint16_t scno; /* syscall to be injected instead of -1 */
};
struct inject_opts {
uint16_t first;
uint16_t step;
struct inject_data data;
};
# define MAX_ERRNO_VALUE 4095
#ifdef ENABLE_DATASERIES
/*
* Process info Block
* Reference structure of info available in /proc/<PID>/stat (Linux)
* See: /fs/proc/array.c
*/
typedef struct statstruct_proc {
pid_t pid; /* 1: Process id */
char pname[PATH_MAX]; /* 2: Filename of the process' executable */
char state; /* 3: R is running, S is sleeping,
* D is sleeping in an uninterruptible wait,
* Z is zombie, T is traced or stopped */
pid_t ppid; /* 4: Pid of the parent. */
pid_t pgid; /* 5: Group id of the process. */
pid_t sid; /* 6: Session id of the process. */
int tty_nr; /* 7: Tty the process uses */
int tty_pgrp; /* 8: Group id of tty */
unsigned int flags; /* 9: Flags of the process. */
unsigned long min_flt; /* 10: Number of minor faults */
unsigned long cmin_flt; /* 11: Number of minor faults with childs */
unsigned long maj_flt; /* 12: Number of major faults */
unsigned long cmaj_flt; /* 13: Number of major faults with childs */
clock_t utime; /* 14: User mode jiffies */
clock_t stime; /* 15: Kernel mode jiffies */
clock_t cutime; /* 16: User mode jiffies with childs */
clock_t cstime; /* 17: Kernel mode jiffies with childs */
int priority; /* 18: Priority level */
int nice; /* 19: Nice level timeslice */
int num_threads; /* 20: Number of threads */
long long zero1; /* 21: Obsolete, always 0 */
unsigned long long start_time; /* 22: Time the process started after system boot */
unsigned long vsize; /* 23: Virtual memory size */
unsigned long rss; /* 24: Resident set memory size */
unsigned long rsslim; /* 25: Current limit in bytes on the rss */
unsigned long start_code; /* 26: Address above which program text can run */
unsigned long end_code; /* 27: Address below which program text can run */
unsigned long start_stack; /* 28: Address of the start of the main process stack */
unsigned long esp; /* 29: Current value of ESP */
unsigned long eip; /* 30: Current value of EIP */
unsigned long signal; /* 31: Bitmap of pending signals */
unsigned long blocked; /* 32: Bitmap of blocked signals */
unsigned long sigignore; /* 33: Bitmap of ignored signals */
unsigned long sigcatch; /* 34: Bitmap of caught signals */
long long zero2; /* 35: Place holder, used to be wchan */
long long zero3; /* 36: Place holder */
long long zero4; /* 37: Place holder */
int exit_signal; /* 38: Signal to send to parent thread on exit */
unsigned int task_cpu; /* 39: Which CPU the task is scheduled on */
unsigned int rt_priority; /* 40: Realtime priority */
unsigned int policy; /* 41: Scheduling policy */
unsigned long long blkio_ticks; /* 42: Time spent waiting for block IO */
long gtime; /* 43: Guest time of the task in jiffies */
long cgtime; /* 44: Guest time of the task children in jiffies */
unsigned long start_data; /* 45: Address above which program data+bss is placed */
unsigned long end_data; /* 46: Address below which program data+bss is placed */
unsigned long start_brk; /* 47: Address above which program head can be expanded with brk() */
unsigned long arg_start; /* 48: Address above which program command line is placed */
unsigned long arg_end; /* 49: Address below which program command line is placed */
unsigned long env_start; /* 50: Address above which program environment is placed */
unsigned long env_end; /* 51: Address below which program environment is placed */
int exit_code; /* 52: Thread's exit code in the form reported by waitpid */
/* End of info from /proc/<PID>/stat */
/* Additionally from stat(/proc/<PID>/stat) */
int euid; /* 53: Effective user id */
} procinfo;
/*
* The max total length of above block:
* PATH_MAX (for pname)
* + 2 (for parenthesis enclosing the path name)
* + 52 * 19 (for characters representing individual integers)
* + 53 (for spaces and new line character)
* = PATH_MAX + 1043
*/
# define PROC_MAX (PATH_MAX + 1043)
#endif /* ENABLE_DATASERIES */
/* Trace Control Block */
struct tcb {
int flags; /* See below for TCB_ values */
int pid; /* If 0, this tcb is free */
#ifdef ENABLE_DATASERIES
int ppid; /* Process' parent id */
int euid; /* Effective user id */
int sid; /* Session id */
int pgid; /* Process group id */
uint64_t clone_dsid; /* data series id is going to be used in clone */
#endif /* ENABLE_DATASERIES */
int qual_flg; /* qual_flags[scno] or DEFAULT_QUAL_FLAGS + RAW */
# if SUPPORTED_PERSONALITIES > 1
unsigned int currpers; /* Personality at the time of scno update */
# endif
unsigned long u_error; /* Error code */
kernel_ulong_t scno; /* System call number */
kernel_ulong_t u_arg[MAX_ARGS]; /* System call arguments */
kernel_long_t u_rval; /* Return value */
int sys_func_rval; /* Syscall entry parser's return value */
int curcol; /* Output column for this process */
FILE *outf; /* Output file for this process */
struct staged_output_data *staged_output_data;
const char *auxstr; /* Auxiliary info from syscall (see RVAL_STR) */
void *_priv_data; /* Private data for syscall decoding functions */
void (*_free_priv_data)(void *); /* Callback for freeing priv_data */
const struct_sysent *s_ent; /* sysent[scno] or a stub struct for bad
* scno. Use tcp_sysent() macro for access.
*/
const struct_sysent *s_prev_ent; /* for "resuming interrupted SYSCALL" msg */
struct inject_opts *inject_vec[SUPPORTED_PERSONALITIES];
struct timespec stime; /* System time usage as of last process wait */
struct timespec ltime; /* System time usage as of last syscall entry */
struct timespec atime; /* System time right after attach */
struct timespec etime; /* Syscall entry time (CLOCK_MONOTONIC) */
struct timespec delay_expiration_time; /* When does the delay end */
#ifdef ENABLE_DATASERIES
/* DataSeries-specific Real Time timespec structs */
int64_t entry_real_ns; /* Syscall entry time (CLOCK_REALTIME in nanoseconds) */
int64_t exit_real_ns; /* Syscall exit time (CLOCK_REALTIME in nanoseconds) */
#endif /* ENABLE_DATASERIES */
struct mmap_cache_t *mmap_cache;
/*
* Data that is stored during process wait traversal.
* We use indices as the actual data is stored in an array
* that is realloc'ed at runtime.
*/
size_t wait_data_idx;
/** Wait data storage for a delayed process. */
struct tcb_wait_data *delayed_wait_data;
struct list_item wait_list;
# ifdef HAVE_LINUX_KVM_H
struct vcpu_info *vcpu_info_list;
# endif
# ifdef ENABLE_STACKTRACE
void *unwind_ctx;
struct unwind_queue_t *unwind_queue;
# endif
};
/* TCB flags */
/* We have attached to this process, but did not see it stopping yet */
# define TCB_STARTUP 0x01
# define TCB_IGNORE_ONE_SIGSTOP 0x02 /* Next SIGSTOP is to be ignored */
/*
* Are we in system call entry or in syscall exit?
*
* This bit is set in syscall_entering_finish() and cleared in
* syscall_exiting_finish().
* Other stops which are possible directly after syscall entry (death, ptrace
* event stop) are handled without calling syscall_{entering,exiting}_*().
*
* Use entering(tcp) / exiting(tcp) to check this bit to make code more
* readable.
*/
# define TCB_INSYSCALL 0x04
# define TCB_ATTACHED 0x08 /* We attached to it already */
# define TCB_REPRINT 0x10 /* We should reprint this syscall on exit */
# define TCB_FILTERED 0x20 /* This system call has been filtered out */
# define TCB_TAMPERED 0x40 /* A syscall has been tampered with */
# define TCB_HIDE_LOG 0x80 /* We should hide everything (until execve) */
# define TCB_CHECK_EXEC_SYSCALL 0x100 /* Check whether this execve syscall succeeded */
# define TCB_SKIP_DETACH_ON_FIRST_EXEC 0x200 /* -b execve should skip detach on first execve */
# define TCB_GRABBED 0x400 /* We grab the process and can catch it
* in the middle of a syscall */
# define TCB_RECOVERING 0x800 /* We try to recover after detecting incorrect
* syscall entering/exiting state */
# define TCB_INJECT_DELAY_EXIT 0x1000 /* Current syscall needs to be delayed
on exit */
# define TCB_DELAYED 0x2000 /* Current syscall has been delayed */
# define TCB_TAMPERED_NO_FAIL 0x4000 /* We tamper tcb with syscall
that should not fail. */
# define TCB_SECCOMP_FILTER 0x8000 /* This process has a seccomp filter
* attached.
*/
/* qualifier flags */
# define QUAL_TRACE 0x001 /* this system call should be traced */
# define QUAL_ABBREV 0x002 /* abbreviate the structures of this syscall */
# define QUAL_VERBOSE 0x004 /* decode the structures of this syscall */
# define QUAL_RAW 0x008 /* print all args in hex for this syscall */
# define QUAL_INJECT 0x010 /* tamper with this system call on purpose */
# define DEFAULT_QUAL_FLAGS (QUAL_TRACE | QUAL_ABBREV | QUAL_VERBOSE)
# define entering(tcp) (!((tcp)->flags & TCB_INSYSCALL))
# define exiting(tcp) ((tcp)->flags & TCB_INSYSCALL)
# define syserror(tcp) ((tcp)->u_error != 0)
# define traced(tcp) ((tcp)->qual_flg & QUAL_TRACE)
# define verbose(tcp) ((tcp)->qual_flg & QUAL_VERBOSE)
# define abbrev(tcp) ((tcp)->qual_flg & QUAL_ABBREV)
# define raw(tcp) ((tcp)->qual_flg & QUAL_RAW)
# define inject(tcp) ((tcp)->qual_flg & QUAL_INJECT)
# define filtered(tcp) ((tcp)->flags & TCB_FILTERED)
# define hide_log(tcp) ((tcp)->flags & TCB_HIDE_LOG)
# define check_exec_syscall(tcp) ((tcp)->flags & TCB_CHECK_EXEC_SYSCALL)
# define syscall_tampered(tcp) ((tcp)->flags & TCB_TAMPERED)
# define recovering(tcp) ((tcp)->flags & TCB_RECOVERING)
# define inject_delay_exit(tcp) ((tcp)->flags & TCB_INJECT_DELAY_EXIT)
# define syscall_delayed(tcp) ((tcp)->flags & TCB_DELAYED)
# define syscall_tampered_nofail(tcp) ((tcp)->flags & TCB_TAMPERED_NO_FAIL)
# define has_seccomp_filter(tcp) ((tcp)->flags & TCB_SECCOMP_FILTER)
extern const struct_sysent stub_sysent;
# define tcp_sysent(tcp) (tcp->s_ent ?: &stub_sysent)
# define n_args(tcp) (tcp_sysent(tcp)->nargs)
# include "xlat.h"
extern const struct xlat addrfams[];
extern const struct xlat arp_hardware_types[];
extern const struct xlat at_flags[];
extern const struct xlat clocknames[];
extern const struct xlat dirent_types[];
extern const struct xlat ethernet_protocols[];
extern const struct xlat inet_protocols[];
extern const struct xlat evdev_abs[];
extern const struct xlat audit_arch[];
extern const struct xlat evdev_ev[];
extern const struct xlat iffflags[];
extern const struct xlat ip_type_of_services[];
extern const struct xlat ipc_private[];
extern const struct xlat msg_flags[];
extern const struct xlat netlink_protocols[];
extern const struct xlat nl_netfilter_msg_types[];
extern const struct xlat nl_route_types[];
extern const struct xlat open_access_modes[];
extern const struct xlat open_mode_flags[];
extern const struct xlat pollflags[];
extern const struct xlat ptrace_cmds[];
extern const struct xlat resource_flags[];
extern const struct xlat routing_scopes[];
extern const struct xlat routing_table_ids[];
extern const struct xlat routing_types[];
extern const struct xlat rwf_flags[];
extern const struct xlat seccomp_filter_flags[];
extern const struct xlat seccomp_ret_action[];
extern const struct xlat setns_types[];
extern const struct xlat sg_io_info[];
extern const struct xlat socketlayers[];
extern const struct xlat socktypes[];
extern const struct xlat tcp_state_flags[];
extern const struct xlat tcp_states[];
extern const struct xlat whence_codes[];
/* Format of syscall return values */
# define RVAL_UDECIMAL 000 /* unsigned decimal format */
# define RVAL_HEX 001 /* hex format */
# define RVAL_OCTAL 002 /* octal format */
# define RVAL_FD 010 /* file descriptor */
# define RVAL_MASK 013 /* mask for these values */
# define RVAL_STR 020 /* Print `auxstr' field after return val */
# define RVAL_NONE 040 /* Print nothing */
# define RVAL_DECODED 0100 /* syscall decoding finished */
# define RVAL_IOCTL_DECODED 0200 /* ioctl sub-parser successfully decoded
the argument */
# define IOCTL_NUMBER_UNKNOWN 0
# define IOCTL_NUMBER_HANDLED 1
# define IOCTL_NUMBER_STOP_LOOKUP 010
# define indirect_ipccall(tcp) (tcp_sysent(tcp)->sys_flags & TRACE_INDIRECT_SUBCALL)
enum sock_proto {
SOCK_PROTO_UNKNOWN,
SOCK_PROTO_UNIX,
SOCK_PROTO_TCP,
SOCK_PROTO_UDP,
SOCK_PROTO_UDPLITE,
SOCK_PROTO_DCCP,
SOCK_PROTO_SCTP,
SOCK_PROTO_L2TP_IP,
SOCK_PROTO_PING,
SOCK_PROTO_RAW,
SOCK_PROTO_TCPv6,
SOCK_PROTO_UDPv6,
SOCK_PROTO_UDPLITEv6,
SOCK_PROTO_DCCPv6,
SOCK_PROTO_L2TP_IPv6,
SOCK_PROTO_SCTPv6,
SOCK_PROTO_PINGv6,
SOCK_PROTO_RAWv6,
SOCK_PROTO_NETLINK,
};
extern enum sock_proto get_proto_by_name(const char *);
extern int get_family_by_proto(enum sock_proto proto);
enum iov_decode {
IOV_DECODE_ADDR,
IOV_DECODE_STR,
IOV_DECODE_NETLINK
};
typedef enum {
CFLAG_NONE = 0,
CFLAG_ONLY_STATS,
CFLAG_BOTH
} cflag_t;
extern cflag_t cflag;
extern bool Tflag;
extern bool iflag;
extern bool count_wallclock;
extern unsigned int qflag;
extern unsigned int show_fd_path;
/* are we filtering traces based on paths? */
extern struct path_set {
const char **paths_selected;
size_t num_selected;
size_t size;
} global_path_set;
# define tracing_paths (global_path_set.num_selected != 0)
extern unsigned xflag;
extern unsigned followfork;
# ifdef ENABLE_STACKTRACE
/* if this is true do the stack trace for every system call */
extern bool stack_trace_enabled;
# else
# define stack_trace_enabled 0
# endif
extern unsigned ptrace_setoptions;
extern unsigned max_strlen;
extern unsigned os_release;
# undef KERNEL_VERSION
# define KERNEL_VERSION(a, b, c) (((a) << 16) + ((b) << 8) + (c))
#ifdef ENABLE_DATASERIES
extern DataSeriesOutputModule *ds_module;
extern int get_proc_info(struct tcb *tcp);
#endif /* ENABLE_DATASERIES */
extern int read_int_from_file(struct tcb *, const char *, int *);
extern void set_sortby(const char *);
extern int set_overhead(const char *);
extern bool get_instruction_pointer(struct tcb *, kernel_ulong_t *);
extern bool get_stack_pointer(struct tcb *, kernel_ulong_t *);
extern void print_instruction_pointer(struct tcb *);
extern void print_syscall_resume(struct tcb *tcp);
extern int syscall_entering_decode(struct tcb *);
extern int syscall_entering_trace(struct tcb *, unsigned int *);
extern void syscall_entering_finish(struct tcb *, int);
extern int syscall_exiting_decode(struct tcb *, struct timespec *);
extern int syscall_exiting_trace(struct tcb *, struct timespec *, int);
extern void syscall_exiting_finish(struct tcb *);
extern void count_syscall(struct tcb *, const struct timespec *);
extern void call_summary(FILE *);
extern void clear_regs(struct tcb *tcp);
extern int get_scno(struct tcb *);
extern kernel_ulong_t get_rt_sigframe_addr(struct tcb *);
/**
* Convert a (shuffled) syscall number to the corresponding syscall name.
*
* @param scno Syscall number.
* @return String literal corresponding to the syscall number in case latter
* is valid; NULL otherwise.
*/
extern const char *syscall_name(kernel_ulong_t scno);
/**
* Convert a syscall name to the corresponding (shuffled) syscall number.
*
* @param s Syscall name.
* @param p Personality.
* @param start From which position in syscall entry table resume the search.
* @return Shuffled syscall number (ready to use against sysent_vec)
* if syscall name is found; -1 otherwise.
*/
extern kernel_long_t scno_by_name(const char *s, unsigned p,
kernel_long_t start);
/**
* Shuffle syscall numbers so that we don't have huge gaps in syscall table.
* The shuffling should be an involution: shuffle_scno(shuffle_scno(n)) == n.
*
* @param scno Raw or shuffled syscall number.
* @return Shuffled or raw syscall number, respectively.
*/
extern kernel_ulong_t shuffle_scno(kernel_ulong_t scno);
/**
* Print error name in accordance with current xlat style setting.
*
* @param err Error value.
* @param negated If set to true, negative values of the err parameter indicate
* error condition, otherwise positive.
*/
extern void print_err(int64_t err, bool negated);
extern bool is_erestart(struct tcb *);
extern void temporarily_clear_syserror(struct tcb *);
extern void restore_cleared_syserror(struct tcb *);
extern void *get_tcb_priv_data(const struct tcb *);
extern int set_tcb_priv_data(struct tcb *, void *priv_data,
void (*free_priv_data)(void *));
extern void free_tcb_priv_data(struct tcb *);
static inline unsigned long get_tcb_priv_ulong(const struct tcb *tcp)
{
return (unsigned long) get_tcb_priv_data(tcp);
}
static inline int set_tcb_priv_ulong(struct tcb *tcp, unsigned long val)
{
return set_tcb_priv_data(tcp, (void *) val, 0);
}
/**
* @return 0 on success, -1 on error.
*/
extern int
umoven(struct tcb *, kernel_ulong_t addr, unsigned int len, void *laddr);
# define umove(pid, addr, objp) \
umoven((pid), (addr), sizeof(*(objp)), (void *) (objp))
/**
* @return true on success, false on error.
*/
extern bool
tfetch_mem64(struct tcb *, uint64_t addr, unsigned int len, void *laddr);
static inline bool
tfetch_mem(struct tcb *tcp, const kernel_ulong_t addr,
unsigned int len, void *laddr)
{
return tfetch_mem64(tcp, addr, len, laddr);
}
# define tfetch_obj(pid, addr, objp) \
tfetch_mem((pid), (addr), sizeof(*(objp)), (void *) (objp))
/**
* @return true on success, false on error.
*/
extern bool
tfetch_mem64_ignore_syserror(struct tcb *, uint64_t addr,
unsigned int len, void *laddr);
static inline bool
tfetch_mem_ignore_syserror(struct tcb *tcp, const kernel_ulong_t addr,
unsigned int len, void *laddr)
{
return tfetch_mem64_ignore_syserror(tcp, addr, len, laddr);
}
/**
* @return 0 on success, -1 on error (and print addr).
*/
extern int
umoven_or_printaddr64(struct tcb *, uint64_t addr,
unsigned int len, void *laddr);
# define umove_or_printaddr64(pid, addr, objp) \
umoven_or_printaddr64((pid), (addr), sizeof(*(objp)), (void *) (objp))
static inline int
umoven_or_printaddr(struct tcb *tcp, const kernel_ulong_t addr,
unsigned int len, void *laddr)
{
return umoven_or_printaddr64(tcp, addr, len, laddr);
}
# define umove_or_printaddr(pid, addr, objp) \
umoven_or_printaddr((pid), (addr), sizeof(*(objp)), (void *) (objp))
/**
* @return 0 on success, -1 on error (and print addr).
*/
extern int
umoven_or_printaddr64_ignore_syserror(struct tcb *, uint64_t addr,
unsigned int len, void *laddr);
# define umove_or_printaddr64_ignore_syserror(pid, addr, objp) \
umoven_or_printaddr64_ignore_syserror((pid), (addr), sizeof(*(objp)), \
(void *) (objp))
static inline int
umoven_or_printaddr_ignore_syserror(struct tcb *tcp, const kernel_ulong_t addr,
unsigned int len, void *laddr)
{
return umoven_or_printaddr64_ignore_syserror(tcp, addr, len, laddr);
}
# define umove_or_printaddr_ignore_syserror(pid, addr, objp) \
umoven_or_printaddr_ignore_syserror((pid), (addr), sizeof(*(objp)), \
(void *) (objp))
/**
* @return strlen + 1 on success, 0 on success and no NUL seen, -1 on error.
*/
extern int
umovestr(struct tcb *, kernel_ulong_t addr, unsigned int len, char *laddr);
/* Invalidate the cache used by umove* functions. */
extern void invalidate_umove_cache(void);
extern int upeek(struct tcb *tcp, unsigned long, kernel_ulong_t *);
extern int upoke(struct tcb *tcp, unsigned long, kernel_ulong_t);
# if HAVE_ARCH_GETRVAL2
extern long getrval2(struct tcb *);
# endif
extern const char *signame(const int);
extern const char *sprintsigname(const int);
extern void pathtrace_select_set(const char *, struct path_set *);
extern bool pathtrace_match_set(struct tcb *, struct path_set *);
static inline void
pathtrace_select(const char *path)
{
return pathtrace_select_set(path, &global_path_set);
}
static inline bool
pathtrace_match(struct tcb *tcp)
{
return pathtrace_match_set(tcp, &global_path_set);
}
extern int getfdpath(struct tcb *, int, char *, unsigned);
extern unsigned long getfdinode(struct tcb *, int);
extern enum sock_proto getfdproto(struct tcb *, int);
extern const char *xlookup(const struct xlat *, const uint64_t);
extern const char *xlookup_le(const struct xlat *, uint64_t *);
struct dyxlat;
struct dyxlat *dyxlat_alloc(size_t nmemb);
void dyxlat_free(struct dyxlat *);
const struct xlat *dyxlat_get(const struct dyxlat *);
void dyxlat_add_pair(struct dyxlat *, uint64_t val, const char *str, size_t len);
const struct xlat *genl_families_xlat(struct tcb *tcp);
extern unsigned long get_pagesize(void);
extern int next_set_bit(const void *bit_array, unsigned cur_bit, unsigned size_bits);
/*
* Returns STR if it does not start with PREFIX,
* or a pointer to the first char in STR after PREFIX.
* The length of PREFIX is specified by PREFIX_LEN.
*/
static inline const char *
str_strip_prefix_len(const char *str, const char *prefix, size_t prefix_len)
{
return strncmp(str, prefix, prefix_len) ? str : str + prefix_len;
}
# define STR_STRIP_PREFIX(str, prefix) \
str_strip_prefix_len((str), (prefix), sizeof(prefix) - 1)
# define QUOTE_0_TERMINATED 0x01
# define QUOTE_OMIT_LEADING_TRAILING_QUOTES 0x02
# define QUOTE_OMIT_TRAILING_0 0x08
# define QUOTE_FORCE_HEX 0x10
# define QUOTE_EMIT_COMMENT 0x20
extern int string_quote(const char *, char *, unsigned int, unsigned int,
const char *escape_chars);
extern int print_quoted_string_ex(const char *, unsigned int, unsigned int,
const char *escape_chars);
extern int print_quoted_string(const char *, unsigned int, unsigned int);
extern int print_quoted_cstring(const char *, unsigned int);
/* a refers to the lower numbered u_arg,
* b refers to the higher numbered u_arg
*/
# ifdef WORDS_BIGENDIAN
# define ULONG_LONG(a, b) \
((unsigned long long)(unsigned)(b) | ((unsigned long long)(a)<<32))
# else
# define ULONG_LONG(a, b) \
((unsigned long long)(unsigned)(a) | ((unsigned long long)(b)<<32))
# endif
extern int getllval(struct tcb *, unsigned long long *, int);
extern int printllval(struct tcb *, const char *, int)
ATTRIBUTE_FORMAT((printf, 2, 0));
extern void printaddr64(uint64_t addr);
static inline void
printaddr(const kernel_ulong_t addr)
{
printaddr64(addr);
}
# define xlat_verbose(style_) ((style_) & XLAT_STYLE_VERBOSITY_MASK)
# define xlat_format(style_) ((style_) & XLAT_STYLE_FORMAT_MASK)
extern enum xlat_style xlat_verbosity;
extern int printxvals_ex(uint64_t val, const char *dflt,
enum xlat_style, const struct xlat *, ...)
ATTRIBUTE_SENTINEL;
# define printxvals(val_, dflt_, ...) \
printxvals_ex((val_), (dflt_), XLAT_STYLE_DEFAULT, __VA_ARGS__)
# define printxval_ex(xlat_, val_, dflt_, style_) \
printxvals_ex((val_), (dflt_), (style_), (xlat_), NULL)
extern int sprintxval_ex(char *buf, size_t size, const struct xlat *,
unsigned int val, const char *dflt, enum xlat_style);
static inline int
sprintxval(char *buf, size_t size, const struct xlat *xlat, unsigned int val,
const char *dflt)
{
return sprintxval_ex(buf, size, xlat, val, dflt, XLAT_STYLE_DEFAULT);
}
enum xlat_style_private_flag_bits {
/* print_array */
PAF_PRINT_INDICES_BIT = XLAT_STYLE_SPEC_BITS + 1,
PAF_ARRAY_TRUNCATED_BIT,
/* print_xlat */
PXF_DEFAULT_STR_BIT,
};
enum xlat_style_private_flags {
/* print_array */
FLAG(PAF_PRINT_INDICES),
FLAG(PAF_ARRAY_TRUNCATED),
/* print_xlat */
FLAG(PXF_DEFAULT_STR),
};
/** Print a value in accordance with xlat formatting settings. */
extern void print_xlat_ex(uint64_t val, const char *str, enum xlat_style style);
# define print_xlat(val_) \
print_xlat_ex((val_), #val_, XLAT_STYLE_DEFAULT)
# define print_xlat32(val_) \
print_xlat_ex((uint32_t) (val_), #val_, XLAT_STYLE_DEFAULT)
# define print_xlat_u(val_) \
print_xlat_ex((val_), #val_, XLAT_STYLE_FMT_U)
# define print_xlat_d(val_) \
print_xlat_ex((val_), #val_, XLAT_STYLE_FMT_D)
extern int printargs(struct tcb *);
extern int printargs_u(struct tcb *);
extern int printargs_d(struct tcb *);
extern int printflags_ex(uint64_t flags, const char *dflt,
enum xlat_style, const struct xlat *, ...)
ATTRIBUTE_SENTINEL;
extern const char *sprintflags_ex(const char *prefix, const struct xlat *,
uint64_t flags, char sep, enum xlat_style);
static inline const char *
sprintflags(const char *prefix, const struct xlat *xlat, uint64_t flags)
{
return sprintflags_ex(prefix, xlat, flags, '\0', XLAT_STYLE_DEFAULT);
}
extern const char *sprinttime(long long sec);
extern const char *sprinttime_nsec(long long sec, unsigned long long nsec);
extern const char *sprinttime_usec(long long sec, unsigned long long usec);
# ifndef MAX_ADDR_LEN
# define MAX_ADDR_LEN 32
# endif
extern const char *sprint_mac_addr(const uint8_t addr[], size_t size);
extern void print_mac_addr(const char *prefix,
const uint8_t addr[], size_t size);
extern const char *sprint_hwaddr(const uint8_t addr[], size_t size,
uint32_t devtype);
extern void print_hwaddr(const char *prefix,
const uint8_t addr[], size_t size, uint32_t devtype);
extern void print_uuid(const unsigned char *uuid);
extern void print_symbolic_mode_t(unsigned int);
extern void print_numeric_umode_t(unsigned short);
extern void print_numeric_long_umask(unsigned long);
extern void print_dev_t(unsigned long long dev);
extern void print_kernel_version(unsigned long version);
extern void print_abnormal_hi(kernel_ulong_t);
extern void print_ioprio(unsigned int ioprio);
extern bool print_int32_array_member(struct tcb *, void *elem_buf,
size_t elem_size, void *data);
extern bool print_uint32_array_member(struct tcb *, void *elem_buf,
size_t elem_size, void *data);
extern bool print_uint64_array_member(struct tcb *, void *elem_buf,
size_t elem_size, void *data);
extern bool print_xint32_array_member(struct tcb *, void *elem_buf,
size_t elem_size, void *data);
extern bool print_xint64_array_member(struct tcb *, void *elem_buf,
size_t elem_size, void *data);
static inline bool
print_xlong_array_member(struct tcb *tcp, void *elem_buf, size_t elem_size,
void *data)
{
return dispatch_wordsize(print_xint64_array_member,
print_xint32_array_member,
tcp, elem_buf, elem_size, data);
}
typedef bool (*tfetch_mem_fn)(struct tcb *, kernel_ulong_t addr,
unsigned int size, void *dest);
typedef bool (*print_fn)(struct tcb *, void *elem_buf,
size_t elem_size, void *opaque_data);
typedef int (*print_obj_by_addr_fn)(struct tcb *, kernel_ulong_t);
typedef const char * (*sprint_obj_by_addr_fn)(struct tcb *, kernel_ulong_t);
/**
* Array printing function with over-engineered interface.
*
* @param start_addr If tfetch_mem_fn is non-NULL: address in tracee's
* memory where the start of the array is located.
* If tfetch_mem_fn is NULL: ignored.
* @param nmemb Number of elements in array.
* @param elem_buf If tfetch_mem_fn is non-NULL: a buffer where each
* element fetched by tfetch_mem_fn is stored.
* If tfetch_mem_fn is NULL: address of the start of
* the array in local memory.
* @param elem_size Size (in bytes) of each element in the array.
* @param tfetch_mem_fn Fetching function. If NULL, then elem_buf is treated
* as local array of nmemb members elem_size each;
* start_addr is ignored.
* @param print_func Element printing callback.
* @param opaque_data A value that is unconditionally passed to print_func
* in opaque_data argument.
* @param flags Combination of xlat style settings and additional
* flags from enum print_array_flags.
* @param index_xlat Xlat array that is used for printing indices.
* @param index_xlat_size The size of xlat array.
* @param index_dflt Default string for the values not found
* in index_xlat.
*/
extern bool
print_array_ex(struct tcb *,
kernel_ulong_t start_addr,
size_t nmemb,