From 491583109e528fb6144c7288598d650ec58a90df Mon Sep 17 00:00:00 2001 From: hunt Date: Tue, 7 Feb 2006 18:23:11 +0000 Subject: [PATCH] 2006-02-07 Martin Hunt * syscalls.stp: Latest. * syscalls2.stp: Commented out pciconfig calls. Those need to go in arch-specific directories. * aux_syscalls.stp (_access_mode_str): Fix. (_mmap_flags): New Function. (_mprotect_prot_str): Fix. (__string): New. (__get_argv): New. (__fork_flags): New. --- tapset/ChangeLog | 13 ++++ tapset/aux_syscalls.stp | 140 +++++++++++++++++++++++++++++++++++++--- tapset/conversions.stp | 8 +-- tapset/syscalls.stp | 110 ++++++++++++++++++++----------- tapset/syscalls2.stp | 72 ++++++++++----------- 5 files changed, 254 insertions(+), 89 deletions(-) diff --git a/tapset/ChangeLog b/tapset/ChangeLog index 6f0c62e2c..2f9a5572d 100644 --- a/tapset/ChangeLog +++ b/tapset/ChangeLog @@ -1,3 +1,16 @@ +2006-02-07 Martin Hunt + + * syscalls.stp: Latest. + * syscalls2.stp: Commented out pciconfig calls. Those + need to go in arch-specific directories. + + * aux_syscalls.stp (_access_mode_str): Fix. + (_mmap_flags): New Function. + (_mprotect_prot_str): Fix. + (__string): New. + (__get_argv): New. + (__fork_flags): New. + 2006-02-01 Martin Hunt * syscalls.stp: New syscall file. diff --git a/tapset/aux_syscalls.stp b/tapset/aux_syscalls.stp index d23f6b19f..2d352c058 100644 --- a/tapset/aux_syscalls.stp +++ b/tapset/aux_syscalls.stp @@ -1,3 +1,106 @@ +function __fork_flags:string(flags:long) +%{ + long flags = THIS->flags; + char *str = THIS->__retvalue; + if (flags & CLONE_FS) + strlcat(str,"CLONE_FS|", MAXSTRINGLEN); + if (flags & CLONE_FILES) + strlcat(str, "CLONE_FILES|", MAXSTRINGLEN); + if (flags & CLONE_SIGHAND) + strlcat(str, "CLONE_SIGHAND|", MAXSTRINGLEN); + if (flags & CLONE_PTRACE) + strlcat(str, "CLONE_PTRACE|", MAXSTRINGLEN); + if (flags & CLONE_VFORK) + strlcat(str, "CLONE_VFORK|", MAXSTRINGLEN); + if (flags & CLONE_PARENT) + strlcat(str, "CLONE_PARENT|", MAXSTRINGLEN); + if (flags & CLONE_THREAD) + strlcat(str, "CLONE_THREAD|", MAXSTRINGLEN); + if (flags & CLONE_SYSVSEM) + strlcat(str, "CLONE_SYSVSEM|", MAXSTRINGLEN); + if (flags & CLONE_SETTLS) + strlcat(str, "CLONE_SETTLS|", MAXSTRINGLEN); + if (flags & CLONE_PARENT_SETTID) + strlcat(str, "CLONE_PARENT_SETTID|", MAXSTRINGLEN); + if (flags & CLONE_CHILD_CLEARTID) + strlcat(str, "CLONE_CHILD_CLEARTID|", MAXSTRINGLEN); + if (flags & CLONE_UNTRACED) + strlcat(str, "CLONE_UNTRACED|", MAXSTRINGLEN); + if (flags & CLONE_CHILD_SETTID) + strlcat(str, "CLONE_CHILD_SETTID|", MAXSTRINGLEN); + if (flags & CLONE_STOPPED) + strlcat(str, "CLONE_STOPPED", MAXSTRINGLEN); +%} + +/* This function copies an argv from userspace. */ +function __get_argv:string(a:long) +%{ + char __user *__user *argv = (char __user *__user *)(long)THIS->a; + char __user *vstr; + int space, rc, len = MAXSTRINGLEN; + char *str = THIS->__retvalue; + char buf[80]; + char *ptr = buf; + + if (argv) + argv++; + + while (argv != NULL) { + if (get_user (vstr, argv)) + break; + + if (vstr == NULL) + break; + + rc = _stp_strncpy_from_user(buf, vstr, 80); + if (rc <= 0) + break; + + /* check for whitespace in string */ + buf[rc] = 0; + ptr = buf; + space = 0; + while (*ptr && rc--) { + if (isspace(*ptr++)) { + space = 1; + break; + } + } + + if (len != MAXSTRINGLEN && len) { + *str++=' '; + len--; + } + + if (space && len) { + *str++='\"'; + len--; + } + + rc = strlcpy (str, buf, len); + str += rc; + len -= rc; + + if (space && len) { + *str++='\"'; + len--; + } + + argv++; + } + *str = 0; +%} + +/* +* This function is used when a long is really a pointer and we need +* the string it points to. Should be rarely necessary. +*/ +function __string:string (a:long) +%{ + char *str =(char *)(long)THIS->a; + strlcpy(THIS->__retvalue, str, MAXSTRINGLEN); +%} + /* * Return the 64 bit long value of the * scalar user space pointer parameter @@ -316,11 +419,11 @@ function _sys_open_flag_str(f) { /* `man 2 open` for more information */ function _access_mode_str(m) { - if(m & 4) bs="R_OK|".bs - if(m & 2) bs="W_OK|".bs - if(m & 1) bs="X_OK|".bs - if((m & 3) == 0) bs="F_OK|".bs - return substr(bs,0,strlen(bs)-1) + if((m & 7) == 0) return "F_OK" + if(m & 4) bs="R_OK |".bs + if(m & 2) bs="W_OK |".bs + if(m & 1) bs="X_OK |".bs + return substr(bs,0,strlen(bs)-2) } /* `man 2 open` for more information */ @@ -549,12 +652,29 @@ function _statfs_f_type_str(f) { return "" } +function _mmap_flags(flags) { + if (flags & 1) msg="MAP_SHARED|" + if (flags & 2) msg="MAP_PRIVATE|".msg + if (flags & 0x10) msg="MAP_FIXED|".msg + if (flags & 0x20) msg="MAP_ANONYMOUS|".msg + if (flags & 0x100) msg="MAP_GROWSDOWN|".msg + if (flags & 0x800) msg="MAP_DENYWRITE|".msg + if (flags & 0x1000) msg="MAP_EXECUTABLE|".msg + if (flags & 0x2000) msg="MAP_LOCKED|".msg + if (flags & 0x4000) msg="MAP_NORESERVE|".msg + if (flags & 0x8000) msg="MAP_POPULATE|".msg + if (flags & 0x10000) msg="MAP_NONBLOCK|".msg + return substr(msg,0,strlen(msg)-1) +} + function _mprotect_prot_str(prot) { - if(prot==0x00000000) return "PROT_NONE" - if(prot==0x00000001) return "PROT_READ" - if(prot==0x00000002) return "PROT_WRITE" - if(prot==0x00000004) return "PROT_EXEC" - return "" + if (prot) { + if(prot & 1) ps="PROT_READ|" + if(prot & 2) ps="PROT_WRITE|".ps + if(prot & 4) ps="PROT_EXEC|".ps + return substr(ps,0,strlen(ps)-1) + } + return "PROT_NONE" } function _madvice_advice_str(behavior) { diff --git a/tapset/conversions.stp b/tapset/conversions.stp index dbfc91f75..c0e42cc5b 100644 --- a/tapset/conversions.stp +++ b/tapset/conversions.stp @@ -35,9 +35,9 @@ function user_string:string (addr:long) %{ MAXSTRINGLEN); if (rc < 0) { - static char errmsg[40]; - snprintf (errmsg, 40, "user string copy fault at 0x%p", - (void *) (uintptr_t) THIS->addr); - CONTEXT->last_error = errmsg; +// static char errmsg[40]; +// snprintf (errmsg, 40, "user string copy fault at 0x%p", +// (void *) (uintptr_t) THIS->addr); +// CONTEXT->last_error = errmsg; } %} diff --git a/tapset/syscalls.stp b/tapset/syscalls.stp index b865099e7..c36356a02 100644 --- a/tapset/syscalls.stp +++ b/tapset/syscalls.stp @@ -421,19 +421,16 @@ probe kernel.syscall.clone.return = name = "clone.return" } # close ______________________________________________________ -/* - * asmlinkage long - * sys_close(unsigned int fd) - */ -probe kernel.syscall.close = - kernel.function("sys_close") { - name = "close" - fd = $fd +# long sys_close(unsigned int fd) +probe syscall.close = kernel.function("sys_close") { + name = "close" + fd = $fd + argstr = string(fd) +} +probe syscall.close.return = kernel.function("sys_close").return { + name = "close" + returnp = 1 } -probe kernel.syscall.close.return = - kernel.function("sys_close").return { - name = "close.return" - } # connect ____________________________________________________ /* * asmlinkage long @@ -574,15 +571,19 @@ probe kernel.syscall.epoll_wait.return = # execve _____________________________________________________ # int sys_execve(struct pt_regs regs) -probe syscall.execve = kernel.function("sys_execve") { +# which breaks out the args and immediately calls +# int do_execve(char * filename, +# char __user *__user *argv, +# char __user *__user *envp, +# struct pt_regs * regs) +probe syscall.execve = kernel.function("do_execve") { name = "execve" - /* - * unsupported type identifier '$regs' - * regs = $regs - */ + filename = __string($filename) + args = __get_argv($argv) + argstr = sprintf("%s %s", filename, args) } -# v2.6.15-rc2 or earlier has problems -probe syscall.execve.return = kernel.function("sys_execve").return { +# v2.6.15-rc2 or earlier has problems with sys_execve +probe syscall.execve.return = kernel.function("do_execve").return { name = "execve" returnp = 1 } @@ -807,6 +808,8 @@ probe kernel.syscall.flock.return = kernel.function("sys_flock").return { name = "flock.return" } + + # fork _______________________________________________________ # long do_fork(unsigned long clone_flags, # unsigned long stack_start, @@ -815,16 +818,24 @@ probe kernel.syscall.flock.return = # int __user *parent_tidptr, # int __user *child_tidptr) probe syscall.fork = kernel.function("do_fork") { - name = "fork" clone_flags = $clone_flags - /* - * unable to find local 'start_stack' (maybe i386 specific) - * start_stack = $start_stack - */ - regs_uaddr = $regs + stack_start = $stack_start + regs = $regs stack_size = $stack_size parent_tid_uaddr = $parent_tidptr child_tid_uaddr = $child_tidptr + + if (stack_start == 0) { + name = "fork_kernel_thread" + argstr = __fork_flags(clone_flags) + } else if (clone_flags == 17) + name = "fork" + else if (clone_flags & 0x4000) + name = "vfork" + else { + name = "clone" + argstr = __fork_flags(clone_flags) + } } probe syscall.fork.return = kernel.function("do_fork").return { name = "fork" @@ -868,18 +879,20 @@ probe kernel.syscall.fsetxattr.return = kernel.function("sys_fsetxattr").return { name = "fsetxattr.return" } + # fstat ______________________________________________________ # long sys_fstat(unsigned int fd,struct __old_kernel_stat __user * statbuf) probe syscall.fstat = kernel.function("sys_fstat") { name = "fstat" fd = $fd buf_uaddr = $statbuf - argstr = string($fd) + argstr = sprintf("%d, [0x%x]", fd, buf_uaddr) } probe syscall.fstat.return = kernel.function("sys_fstat").return { name = "fstat" returnp = 1 } + # fstatfs ____________________________________________________ /* * asmlinkage long @@ -915,19 +928,16 @@ probe kernel.syscall.fstatfs64.return = name = "fstatfs64.return" } # fsync ______________________________________________________ -/* - * asmlinkage long - * sys_fsync(unsigned int fd) - */ -probe kernel.syscall.fsync = - kernel.function("sys_fsync") { - name = "fsync" - fd = $fd - } -probe kernel.syscall.fsync.return = - kernel.function("sys_fsync").return { - name = "fsync.return" - } +# long sys_fsync(unsigned int fd) +probe syscall.fsync = kernel.function("sys_fsync") { + name = "fsync" + fd = $fd + argstr = string(fd) +} +probe syscall.fsync.return = kernel.function("sys_fsync").return { + name = "fsync.return" + returnp = 1 +} # ftruncate __________________________________________________ /* * static inline long @@ -2080,6 +2090,28 @@ probe kernel.syscall.mlockall.return = kernel.function("sys_mlockall").return { name = "mlockall.return" } + +# mmap2 +# long sys_mmap2(unsigned long addr, unsigned long len, +# unsigned long prot, unsigned long flags, +# unsigned long fd, unsigned long pgoff) +probe syscall.mmap2 = kernel.function("sys_mmap2") { + name = "mmap2" + start = $addr + length = $len + prot = $prot + flags = $flags + fd = $fd + pgoffset = $pgoff + argstr = sprintf("0x%x, %d, %s, %s, %d, 0x%x", start, + length, _mprotect_prot_str(prot), _mmap_flags(flags), + fd, pgoffset) +} +probe syscall.mmap2.return = kernel.function("sys_mmap2").return { + name = "mmap2" + returnp = 1 +} + # modify_ldt _________________________________________________ /* * asmlinkage int diff --git a/tapset/syscalls2.stp b/tapset/syscalls2.stp index de79060c0..b38016aa8 100644 --- a/tapset/syscalls2.stp +++ b/tapset/syscalls2.stp @@ -233,16 +233,16 @@ probe syscall.pause.return = kernel.function("sys_pause").return { # unsigned long dfn) # # -probe syscall.pciconfig_iobase = kernel.function("sys_pciconfig_iobase") { - name = "pciconfig_iobase" - which = $which - bus = $bus - dfn = $dfn -} -probe syscall.pciconfig_iobase.return = kernel.function("sys_pciconfig_iobase").return { - name = "pciconfig_iobase" - returnp = 1 -} +#probe syscall.pciconfig_iobase = kernel.function("sys_pciconfig_iobase") { +# name = "pciconfig_iobase" +# which = $which +# bus = $bus +# dfn = $dfn +#} +#probe syscall.pciconfig_iobase.return = kernel.function("sys_pciconfig_iobase").return { +# name = "pciconfig_iobase" +# returnp = 1 +#} # pciconfig_read _____________________________________________ # # asmlinkage int @@ -254,19 +254,19 @@ probe syscall.pciconfig_iobase.return = kernel.function("sys_pciconfig_iobase"). # { return 0; } # # -probe syscall.pciconfig_read = kernel.function("sys_pciconfig_read") { - name = "pciconfig_read" - bus = $bus - dfn = $dfn - off = $off - len = $len - buf_uaddr = $buf -} -probe syscall.pciconfig_read.return = - kernel.function("sys_pciconfig_read").return { - name = "pciconfig_read" - returnp = 1 -} +#probe syscall.pciconfig_read = kernel.function("sys_pciconfig_read") { +# name = "pciconfig_read" +# bus = $bus +# dfn = $dfn +# off = $off +# len = $len +# buf_uaddr = $buf +#} +#probe syscall.pciconfig_read.return = +# kernel.function("sys_pciconfig_read").return { +# name = "pciconfig_read" +# returnp = 1 +#} # pciconfig_write ____________________________________________ # # asmlinkage int @@ -277,19 +277,19 @@ probe syscall.pciconfig_read.return = # unsigned char *buf) # # -probe syscall.pciconfig_write = kernel.function("sys_pciconfig_write") { - name = "pciconfig_write" - bus = $bus - dfn = $dfn - off = $off - len = $len - buf_uaddr = $buf -} -probe syscall.pciconfig_write.return = - kernel.function("sys_pciconfig_write").return { - name = "pciconfig_write" - returnp = 1 -} +#probe syscall.pciconfig_write = kernel.function("sys_pciconfig_write") { +# name = "pciconfig_write" +# bus = $bus +# dfn = $dfn +# off = $off +# len = $len +# buf_uaddr = $buf +#} +#probe syscall.pciconfig_write.return = +# kernel.function("sys_pciconfig_write").return { +# name = "pciconfig_write" +# returnp = 1 +#} # personality ________________________________________________ # # asmlinkage long -- 2.43.5