2 * Copyright (c) 1991, 1992 Paul Kranenburg <pk@cs.few.eur.nl>
3 * Copyright (c) 1993 Branko Lankester <branko@hacktic.nl>
4 * Copyright (c) 1993, 1994, 1995, 1996 Rick Sladkey <jrs@world.std.com>
5 * Copyright (c) 1996-1999 Wichert Akkerman <wichert@cistron.nl>
6 * Copyright (c) 1999 IBM Deutschland Entwicklung GmbH, IBM Corporation
7 * Linux for s390 port by D.J. Barrow
8 * <barrow_dj@mail.yahoo.com,djbarrow@de.ibm.com>
11 * Redistribution and use in source and binary forms, with or without
12 * modification, are permitted provided that the following conditions
14 * 1. Redistributions of source code must retain the above copyright
15 * notice, this list of conditions and the following disclaimer.
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in the
18 * documentation and/or other materials provided with the distribution.
19 * 3. The name of the author may not be used to endorse or promote products
20 * derived from this software without specific prior written permission.
22 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
23 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
24 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
25 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
26 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
27 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
28 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
29 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
30 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
31 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36 #include <sys/param.h>
40 # ifndef PTRACE_PEEKUSR
41 # define PTRACE_PEEKUSR PTRACE_PEEKUSER
43 #elif defined(HAVE_LINUX_PTRACE_H)
44 # undef PTRACE_SYSCALL
45 # ifdef HAVE_STRUCT_IA64_FPREG
46 # define ia64_fpreg XXX_ia64_fpreg
48 # ifdef HAVE_STRUCT_PT_ALL_USER_REGS
49 # define pt_all_user_regs XXX_pt_all_user_regs
51 # include <linux/ptrace.h>
53 # undef pt_all_user_regs
57 # undef PTRACE_GETREGS
58 # define PTRACE_GETREGS PTRACE_GETREGS64
59 # undef PTRACE_SETREGS
60 # define PTRACE_SETREGS PTRACE_SETREGS64
64 # include <asm/ptrace_offsets.h>
68 #if defined(X86_64) || defined(X32)
69 # include <linux/ptrace.h>
75 # include <asm/ptrace.h>
86 # define ERESTARTSYS 512
88 #ifndef ERESTARTNOINTR
89 # define ERESTARTNOINTR 513
91 #ifndef ERESTARTNOHAND
92 # define ERESTARTNOHAND 514 /* restart if no handler */
94 #ifndef ERESTART_RESTARTBLOCK
95 # define ERESTART_RESTARTBLOCK 516 /* restart by calling sys_restart_syscall */
99 # warning: NSIG is not defined, using 32
103 /* Ugh. Is this really correct? ARM has no RT signals?! */
110 /* Define these shorthand notations to simplify the syscallent files. */
111 #define TD TRACE_DESC
112 #define TF TRACE_FILE
114 #define TN TRACE_NETWORK
115 #define TP TRACE_PROCESS
116 #define TS TRACE_SIGNAL
117 #define TM TRACE_MEMORY
118 #define NF SYSCALL_NEVER_FAILS
121 static const struct sysent sysent0[] = {
122 #include "syscallent.h"
125 #if SUPPORTED_PERSONALITIES >= 2
126 static const struct sysent sysent1[] = {
127 # include "syscallent1.h"
131 #if SUPPORTED_PERSONALITIES >= 3
132 static const struct sysent sysent2[] = {
133 # include "syscallent2.h"
137 /* Now undef them since short defines cause wicked namespace pollution. */
149 * `ioctlent.h' may be generated from `ioctlent.raw' by the auxiliary
150 * program `ioctlsort', such that the list is sorted by the `code' field.
151 * This has the side-effect of resolving the _IO.. macros into
152 * plain integers, eliminating the need to include here everything
156 static const char *const errnoent0[] = {
157 #include "errnoent.h"
159 static const char *const signalent0[] = {
160 #include "signalent.h"
162 static const struct ioctlent ioctlent0[] = {
163 #include "ioctlent.h"
165 enum { nsyscalls0 = ARRAY_SIZE(sysent0) };
166 enum { nerrnos0 = ARRAY_SIZE(errnoent0) };
167 enum { nsignals0 = ARRAY_SIZE(signalent0) };
168 enum { nioctlents0 = ARRAY_SIZE(ioctlent0) };
169 int qual_flags0[MAX_QUALS];
171 #if SUPPORTED_PERSONALITIES >= 2
172 static const char *const errnoent1[] = {
173 # include "errnoent1.h"
175 static const char *const signalent1[] = {
176 # include "signalent1.h"
178 static const struct ioctlent ioctlent1[] = {
179 # include "ioctlent1.h"
181 enum { nsyscalls1 = ARRAY_SIZE(sysent1) };
182 enum { nerrnos1 = ARRAY_SIZE(errnoent1) };
183 enum { nsignals1 = ARRAY_SIZE(signalent1) };
184 enum { nioctlents1 = ARRAY_SIZE(ioctlent1) };
185 int qual_flags1[MAX_QUALS];
188 #if SUPPORTED_PERSONALITIES >= 3
189 static const char *const errnoent2[] = {
190 # include "errnoent2.h"
192 static const char *const signalent2[] = {
193 # include "signalent2.h"
195 static const struct ioctlent ioctlent2[] = {
196 # include "ioctlent2.h"
198 enum { nsyscalls2 = ARRAY_SIZE(sysent2) };
199 enum { nerrnos2 = ARRAY_SIZE(errnoent2) };
200 enum { nsignals2 = ARRAY_SIZE(signalent2) };
201 enum { nioctlents2 = ARRAY_SIZE(ioctlent2) };
202 int qual_flags2[MAX_QUALS];
205 const struct sysent *sysent = sysent0;
206 const char *const *errnoent = errnoent0;
207 const char *const *signalent = signalent0;
208 const struct ioctlent *ioctlent = ioctlent0;
209 unsigned nsyscalls = nsyscalls0;
210 unsigned nerrnos = nerrnos0;
211 unsigned nsignals = nsignals0;
212 unsigned nioctlents = nioctlents0;
213 int *qual_flags = qual_flags0;
215 #if SUPPORTED_PERSONALITIES > 1
216 unsigned current_personality;
218 # ifndef current_wordsize
219 unsigned current_wordsize;
220 static const int personality_wordsize[SUPPORTED_PERSONALITIES] = {
221 PERSONALITY0_WORDSIZE,
222 PERSONALITY1_WORDSIZE,
223 # if SUPPORTED_PERSONALITIES > 2
224 PERSONALITY2_WORDSIZE,
230 set_personality(int personality)
232 switch (personality) {
234 errnoent = errnoent0;
237 nsyscalls = nsyscalls0;
238 ioctlent = ioctlent0;
239 nioctlents = nioctlents0;
240 signalent = signalent0;
241 nsignals = nsignals0;
242 qual_flags = qual_flags0;
246 errnoent = errnoent1;
249 nsyscalls = nsyscalls1;
250 ioctlent = ioctlent1;
251 nioctlents = nioctlents1;
252 signalent = signalent1;
253 nsignals = nsignals1;
254 qual_flags = qual_flags1;
257 # if SUPPORTED_PERSONALITIES >= 3
259 errnoent = errnoent2;
262 nsyscalls = nsyscalls2;
263 ioctlent = ioctlent2;
264 nioctlents = nioctlents2;
265 signalent = signalent2;
266 nsignals = nsignals2;
267 qual_flags = qual_flags2;
272 current_personality = personality;
273 # ifndef current_wordsize
274 current_wordsize = personality_wordsize[personality];
279 update_personality(struct tcb *tcp, int personality)
281 if (personality == current_personality)
283 set_personality(personality);
285 if (personality == tcp->currpers)
287 tcp->currpers = personality;
289 # if defined(POWERPC64)
291 static const char *const names[] = {"64 bit", "32 bit"};
292 fprintf(stderr, "[ Process PID=%d runs in %s mode. ]\n",
293 tcp->pid, names[personality]);
295 # elif defined(X86_64)
297 static const char *const names[] = {"64 bit", "32 bit", "x32"};
298 fprintf(stderr, "[ Process PID=%d runs in %s mode. ]\n",
299 tcp->pid, names[personality]);
303 static const char *const names[] = {"x32", "32 bit"};
304 fprintf(stderr, "[ Process PID=%d runs in %s mode. ]\n",
305 tcp->pid, names[personality]);
307 # elif defined(AARCH64)
309 static const char *const names[] = {"32-bit", "AArch64"};
310 fprintf(stderr, "[ Process PID=%d runs in %s mode. ]\n",
311 tcp->pid, names[personality]);
315 static const char *const names[] = {"64-bit", "32-bit"};
316 fprintf(stderr, "[ Process PID=%d runs in %s mode. ]\n",
317 tcp->pid, names[personality]);
323 static int qual_syscall(), qual_signal(), qual_fault(), qual_desc();
325 static const struct qual_options {
327 const char *option_name;
328 int (*qualify)(const char *, int, int);
329 const char *argument_name;
331 { QUAL_TRACE, "trace", qual_syscall, "system call" },
332 { QUAL_TRACE, "t", qual_syscall, "system call" },
333 { QUAL_ABBREV, "abbrev", qual_syscall, "system call" },
334 { QUAL_ABBREV, "a", qual_syscall, "system call" },
335 { QUAL_VERBOSE, "verbose", qual_syscall, "system call" },
336 { QUAL_VERBOSE, "v", qual_syscall, "system call" },
337 { QUAL_RAW, "raw", qual_syscall, "system call" },
338 { QUAL_RAW, "x", qual_syscall, "system call" },
339 { QUAL_SIGNAL, "signal", qual_signal, "signal" },
340 { QUAL_SIGNAL, "signals", qual_signal, "signal" },
341 { QUAL_SIGNAL, "s", qual_signal, "signal" },
342 { QUAL_FAULT, "fault", qual_fault, "fault" },
343 { QUAL_FAULT, "faults", qual_fault, "fault" },
344 { QUAL_FAULT, "m", qual_fault, "fault" },
345 { QUAL_READ, "read", qual_desc, "descriptor" },
346 { QUAL_READ, "reads", qual_desc, "descriptor" },
347 { QUAL_READ, "r", qual_desc, "descriptor" },
348 { QUAL_WRITE, "write", qual_desc, "descriptor" },
349 { QUAL_WRITE, "writes", qual_desc, "descriptor" },
350 { QUAL_WRITE, "w", qual_desc, "descriptor" },
351 { 0, NULL, NULL, NULL },
355 qualify_one(int n, int bitflag, int not, int pers)
357 if (pers == 0 || pers < 0) {
359 qual_flags0[n] &= ~bitflag;
361 qual_flags0[n] |= bitflag;
364 #if SUPPORTED_PERSONALITIES >= 2
365 if (pers == 1 || pers < 0) {
367 qual_flags1[n] &= ~bitflag;
369 qual_flags1[n] |= bitflag;
373 #if SUPPORTED_PERSONALITIES >= 3
374 if (pers == 2 || pers < 0) {
376 qual_flags2[n] &= ~bitflag;
378 qual_flags2[n] |= bitflag;
384 qual_syscall(const char *s, int bitflag, int not)
389 if (*s >= '0' && *s <= '9') {
390 int i = string_to_uint(s);
391 if (i < 0 || i >= MAX_QUALS)
393 qualify_one(i, bitflag, not, -1);
396 for (i = 0; i < nsyscalls0; i++)
397 if (sysent0[i].sys_name &&
398 strcmp(s, sysent0[i].sys_name) == 0) {
399 qualify_one(i, bitflag, not, 0);
403 #if SUPPORTED_PERSONALITIES >= 2
404 for (i = 0; i < nsyscalls1; i++)
405 if (sysent1[i].sys_name &&
406 strcmp(s, sysent1[i].sys_name) == 0) {
407 qualify_one(i, bitflag, not, 1);
412 #if SUPPORTED_PERSONALITIES >= 3
413 for (i = 0; i < nsyscalls2; i++)
414 if (sysent2[i].sys_name &&
415 strcmp(s, sysent2[i].sys_name) == 0) {
416 qualify_one(i, bitflag, not, 2);
425 qual_signal(const char *s, int bitflag, int not)
429 if (*s >= '0' && *s <= '9') {
430 int signo = string_to_uint(s);
431 if (signo < 0 || signo >= MAX_QUALS)
433 qualify_one(signo, bitflag, not, -1);
436 if (strncasecmp(s, "SIG", 3) == 0)
438 for (i = 0; i <= NSIG; i++) {
439 if (strcasecmp(s, signame(i) + 3) == 0) {
440 qualify_one(i, bitflag, not, -1);
448 qual_fault(const char *s, int bitflag, int not)
454 qual_desc(const char *s, int bitflag, int not)
456 if (*s >= '0' && *s <= '9') {
457 int desc = string_to_uint(s);
458 if (desc < 0 || desc >= MAX_QUALS)
460 qualify_one(desc, bitflag, not, -1);
467 lookup_class(const char *s)
469 if (strcmp(s, "file") == 0)
471 if (strcmp(s, "ipc") == 0)
473 if (strcmp(s, "network") == 0)
474 return TRACE_NETWORK;
475 if (strcmp(s, "process") == 0)
476 return TRACE_PROCESS;
477 if (strcmp(s, "signal") == 0)
479 if (strcmp(s, "desc") == 0)
481 if (strcmp(s, "memory") == 0)
487 qualify(const char *s)
489 const struct qual_options *opt;
495 opt = &qual_options[0];
496 for (i = 0; (p = qual_options[i].option_name); i++) {
498 if (strncmp(s, p, n) == 0 && s[n] == '=') {
499 opt = &qual_options[i];
509 if (strcmp(s, "none") == 0) {
513 if (strcmp(s, "all") == 0) {
514 for (i = 0; i < MAX_QUALS; i++) {
515 qualify_one(i, opt->bitflag, not, -1);
519 for (i = 0; i < MAX_QUALS; i++) {
520 qualify_one(i, opt->bitflag, !not, -1);
525 for (p = strtok(copy, ","); p; p = strtok(NULL, ",")) {
526 if (opt->bitflag == QUAL_TRACE && (n = lookup_class(p)) > 0) {
527 for (i = 0; i < nsyscalls0; i++)
528 if (sysent0[i].sys_flags & n)
529 qualify_one(i, opt->bitflag, not, 0);
531 #if SUPPORTED_PERSONALITIES >= 2
532 for (i = 0; i < nsyscalls1; i++)
533 if (sysent1[i].sys_flags & n)
534 qualify_one(i, opt->bitflag, not, 1);
537 #if SUPPORTED_PERSONALITIES >= 3
538 for (i = 0; i < nsyscalls2; i++)
539 if (sysent2[i].sys_flags & n)
540 qualify_one(i, opt->bitflag, not, 2);
545 if (opt->qualify(p, opt->bitflag, not)) {
546 error_msg_and_die("invalid %s '%s'",
547 opt->argument_name, p);
554 #ifdef SYS_socket_subcall
556 decode_socket_subcall(struct tcb *tcp)
559 unsigned int i, size;
561 if (tcp->u_arg[0] < 0 || tcp->u_arg[0] >= SYS_socket_nsubcalls)
564 tcp->scno = SYS_socket_subcall + tcp->u_arg[0];
565 addr = tcp->u_arg[1];
566 tcp->u_nargs = sysent[tcp->scno].nargs;
567 size = current_wordsize;
568 for (i = 0; i < tcp->u_nargs; ++i) {
569 if (size == sizeof(int)) {
571 if (umove(tcp, addr, &arg) < 0)
577 if (umove(tcp, addr, &arg) < 0)
586 #ifdef SYS_ipc_subcall
588 decode_ipc_subcall(struct tcb *tcp)
592 if (tcp->u_arg[0] < 0 || tcp->u_arg[0] >= SYS_ipc_nsubcalls)
595 tcp->scno = SYS_ipc_subcall + tcp->u_arg[0];
596 tcp->u_nargs = sysent[tcp->scno].nargs;
597 for (i = 0; i < tcp->u_nargs; i++)
598 tcp->u_arg[i] = tcp->u_arg[i + 1];
603 printargs(struct tcb *tcp)
608 for (i = 0; i < tcp->u_nargs; i++)
609 tprintf("%s%#lx", i ? ", " : "", tcp->u_arg[i]);
615 printargs_lu(struct tcb *tcp)
620 for (i = 0; i < tcp->u_nargs; i++)
621 tprintf("%s%lu", i ? ", " : "", tcp->u_arg[i]);
627 printargs_ld(struct tcb *tcp)
632 for (i = 0; i < tcp->u_nargs; i++)
633 tprintf("%s%ld", i ? ", " : "", tcp->u_arg[i]);
638 #if defined(SPARC) || defined(SPARC64) || defined(IA64) || defined(SH)
640 getrval2(struct tcb *tcp)
644 # if defined(SPARC) || defined(SPARC64)
645 val = regs.u_regs[U_REG_O1];
647 if (upeek(tcp, 4*(REG_REG0+1), &val) < 0)
650 if (upeek(tcp, PT_R9, &val) < 0)
659 is_restart_error(struct tcb *tcp)
661 switch (tcp->u_error) {
665 case ERESTART_RESTARTBLOCK:
674 struct user_regs_struct i386_regs;
675 #elif defined(X86_64) || defined(X32)
677 * On i386, pt_regs and user_regs_struct are the same,
678 * but on 64 bit x86, user_regs_struct has six more fields:
679 * fs_base, gs_base, ds, es, fs, gs.
680 * PTRACE_GETREGS fills them too, so struct pt_regs would overflow.
682 struct i386_user_regs_struct {
702 struct user_regs_struct x86_64_r;
703 struct i386_user_regs_struct i386_r;
705 # define x86_64_regs x86_regs_union.x86_64_r
706 # define i386_regs x86_regs_union.i386_r
707 static struct iovec x86_io = {
708 .iov_base = &x86_regs_union
711 long ia32 = 0; /* not static */
712 static long ia64_r8, ia64_r10;
713 #elif defined(POWERPC)
714 static long ppc_result;
720 struct pt_regs arm_regs; /* not static */
721 #elif defined(AARCH64)
723 struct user_pt_regs aarch64_r;
724 struct arm_pt_regs arm_r;
726 # define aarch64_regs arm_regs_union.aarch64_r
727 # define arm_regs arm_regs_union.arm_r
728 static struct iovec aarch64_io = {
729 .iov_base = &arm_regs_union
732 static long alpha_r0;
733 static long alpha_a3;
735 static struct pt_regs regs;
736 #elif defined(SPARC) || defined(SPARC64)
737 struct pt_regs regs; /* not static */
738 #elif defined(LINUX_MIPSN32)
739 static long long mips_a3;
740 static long long mips_r2;
744 #elif defined(S390) || defined(S390X)
746 static long syscall_mode;
748 static long hppa_r28;
753 #elif defined(CRISV10) || defined(CRISV32)
754 static long cris_r10;
756 struct pt_regs tile_regs;
757 #elif defined(MICROBLAZE)
758 static long microblaze_r3;
760 static struct user_regs_struct or1k_regs;
761 static struct iovec or1k_io = {
762 .iov_base = &or1k_regs
767 printcall(struct tcb *tcp)
769 #define PRINTBADPC tprintf(sizeof(long) == 4 ? "[????????] " : \
770 sizeof(long) == 8 ? "[????????????????] " : \
772 if (get_regs_error) {
777 tprintf("[%08lx] ", i386_regs.eip);
778 #elif defined(S390) || defined(S390X)
780 if (upeek(tcp, PT_PSWADDR, &psw) < 0) {
785 tprintf("[%08lx] ", psw);
787 tprintf("[%016lx] ", psw);
789 #elif defined(X86_64) || defined(X32)
790 if (x86_io.iov_len == sizeof(i386_regs)) {
791 tprintf("[%08x] ", (unsigned) i386_regs.eip);
794 tprintf("[%016lx] ", (unsigned long) x86_64_regs.rip);
796 /* Note: this truncates 64-bit rip to 32 bits */
797 tprintf("[%08lx] ", (unsigned long) x86_64_regs.rip);
803 if (upeek(tcp, PT_B0, &ip) < 0) {
807 tprintf("[%08lx] ", ip);
808 #elif defined(POWERPC)
811 if (upeek(tcp, sizeof(unsigned long)*PT_NIP, &pc) < 0) {
816 tprintf("[%016lx] ", pc);
818 tprintf("[%08lx] ", pc);
823 if (upeek(tcp, 4*PT_PC, &pc) < 0) {
824 tprints("[????????] ");
827 tprintf("[%08lx] ", pc);
831 if (upeek(tcp, REG_PC, &pc) < 0) {
832 tprints("[????????????????] ");
835 tprintf("[%08lx] ", pc);
837 tprintf("[%08lx] ", regs.pc);
838 #elif defined(SPARC64)
839 tprintf("[%08lx] ", regs.tpc);
843 if (upeek(tcp, PT_IAOQ0, &pc) < 0) {
844 tprints("[????????] ");
847 tprintf("[%08lx] ", pc);
851 if (upeek(tcp, REG_EPC, &pc) < 0) {
852 tprints("[????????] ");
855 tprintf("[%08lx] ", pc);
859 if (upeek(tcp, 4*REG_PC, &pc) < 0) {
860 tprints("[????????] ");
863 tprintf("[%08lx] ", pc);
867 if (upeek(tcp, REG_PC, &pc) < 0) {
868 tprints("[????????????????] ");
871 tprintf("[%08lx] ", pc);
873 tprintf("[%08lx] ", arm_regs.ARM_pc);
874 #elif defined(AARCH64)
875 /* tprintf("[%016lx] ", aarch64_regs.regs[???]); */
877 tprintf("[%08lx] ", regs.pc);
881 if (upeek(tcp, PT_PC, &pc) < 0) {
885 tprintf("[%08lx] ", pc);
886 #elif defined(CRISV10)
889 if (upeek(tcp, 4*PT_IRP, &pc) < 0) {
893 tprintf("[%08lx] ", pc);
894 #elif defined(CRISV32)
897 if (upeek(tcp, 4*PT_ERP, &pc) < 0) {
901 tprintf("[%08lx] ", pc);
904 tprintf("[%016lx] ", (unsigned long) tile_regs.pc);
906 tprintf("[%08lx] ", (unsigned long) tile_regs.pc);
909 tprintf("[%08lx] ", or1k_regs.pc);
910 #endif /* architecture */
915 void get_regs(pid_t pid)
918 get_regs_error = ptrace(PTRACE_GETREGS, pid, NULL, ®s);
920 get_regs_error = ptrace(PTRACE_GETREGS, pid, NULL, (long) &i386_regs);
921 # elif defined(X86_64) || defined(X32)
923 * PTRACE_GETREGSET was introduced in 2.6.33.
924 * Let's be paranoid and require a bit later kernel.
926 if (os_release >= KERNEL_VERSION(2,6,35)) {
927 /*x86_io.iov_base = &x86_regs_union; - already is */
928 x86_io.iov_len = sizeof(x86_regs_union);
929 get_regs_error = ptrace(PTRACE_GETREGSET, pid, NT_PRSTATUS, (long) &x86_io);
931 /* Use old method, with heuristical detection of 32-bitness */
932 x86_io.iov_len = sizeof(x86_64_regs);
933 get_regs_error = ptrace(PTRACE_GETREGS, pid, NULL, (long) &x86_64_regs);
934 if (!get_regs_error && x86_64_regs.cs == 0x23) {
935 x86_io.iov_len = sizeof(i386_regs);
937 * The order is important: i386_regs and x86_64_regs
938 * are overlaid in memory!
940 i386_regs.ebx = x86_64_regs.rbx;
941 i386_regs.ecx = x86_64_regs.rcx;
942 i386_regs.edx = x86_64_regs.rdx;
943 i386_regs.esi = x86_64_regs.rsi;
944 i386_regs.edi = x86_64_regs.rdi;
945 i386_regs.ebp = x86_64_regs.rbp;
946 i386_regs.eax = x86_64_regs.rax;
947 /*i386_regs.xds = x86_64_regs.ds; unused by strace */
948 /*i386_regs.xes = x86_64_regs.es; ditto... */
949 /*i386_regs.xfs = x86_64_regs.fs;*/
950 /*i386_regs.xgs = x86_64_regs.gs;*/
951 i386_regs.orig_eax = x86_64_regs.orig_rax;
952 i386_regs.eip = x86_64_regs.rip;
953 /*i386_regs.xcs = x86_64_regs.cs;*/
954 /*i386_regs.eflags = x86_64_regs.eflags;*/
955 i386_regs.esp = x86_64_regs.rsp;
956 /*i386_regs.xss = x86_64_regs.ss;*/
960 get_regs_error = ptrace(PTRACE_GETREGS, pid, NULL, (void *)&arm_regs);
961 # elif defined(AARCH64)
962 /*aarch64_io.iov_base = &arm_regs_union; - already is */
963 aarch64_io.iov_len = sizeof(arm_regs_union);
964 get_regs_error = ptrace(PTRACE_GETREGSET, pid, NT_PRSTATUS, (void *)&aarch64_io);
966 /* Paranoia checks */
969 switch (aarch64_io.iov_len) {
970 case sizeof(aarch64_regs):
971 /* We are in 64-bit mode */
973 case sizeof(arm_regs):
974 /* We are in 32-bit mode */
981 # elif defined(SPARC) || defined(SPARC64)
982 get_regs_error = ptrace(PTRACE_GETREGS, pid, (char *)®s, 0);
984 get_regs_error = ptrace(PTRACE_GETREGS, pid, NULL, (long) &tile_regs);
986 or1k_io.iov_len = sizeof(or1k_regs);
987 get_regs_error = ptrace(PTRACE_GETREGSET, pid, NT_PRSTATUS, &or1k_io);
993 * 0: "ignore this ptrace stop", bail out of trace_syscall_entering() silently.
994 * 1: ok, continue in trace_syscall_entering().
995 * other: error, trace_syscall_entering() should print error indicator
996 * ("????" etc) and bail out.
999 get_scno(struct tcb *tcp)
1003 #if defined(S390) || defined(S390X)
1004 if (upeek(tcp, PT_GPR2, &syscall_mode) < 0)
1007 if (syscall_mode != -ENOSYS) {
1009 * Since kernel version 2.5.44 the scno gets passed in gpr2.
1011 scno = syscall_mode;
1014 * Old style of "passing" the scno via the SVC instruction.
1017 long opcode, offset_reg, tmp;
1019 static const int gpr_offset[16] = {
1020 PT_GPR0, PT_GPR1, PT_ORIGGPR2, PT_GPR3,
1021 PT_GPR4, PT_GPR5, PT_GPR6, PT_GPR7,
1022 PT_GPR8, PT_GPR9, PT_GPR10, PT_GPR11,
1023 PT_GPR12, PT_GPR13, PT_GPR14, PT_GPR15
1026 if (upeek(tcp, PT_PSWADDR, &psw) < 0)
1029 opcode = ptrace(PTRACE_PEEKTEXT, tcp->pid, (char *)(psw - sizeof(long)), 0);
1031 perror_msg("%s", "peektext(psw-oneword)");
1036 * We have to check if the SVC got executed directly or via an
1037 * EXECUTE instruction. In case of EXECUTE it is necessary to do
1038 * instruction decoding to derive the system call number.
1039 * Unfortunately the opcode sizes of EXECUTE and SVC are differently,
1040 * so that this doesn't work if a SVC opcode is part of an EXECUTE
1041 * opcode. Since there is no way to find out the opcode size this
1042 * is the best we can do...
1044 if ((opcode & 0xff00) == 0x0a00) {
1046 scno = opcode & 0xff;
1049 /* SVC got executed by EXECUTE instruction */
1052 * Do instruction decoding of EXECUTE. If you really want to
1053 * understand this, read the Principles of Operations.
1055 svc_addr = (void *) (opcode & 0xfff);
1058 offset_reg = (opcode & 0x000f0000) >> 16;
1059 if (offset_reg && (upeek(tcp, gpr_offset[offset_reg], &tmp) < 0))
1064 offset_reg = (opcode & 0x0000f000) >> 12;
1065 if (offset_reg && (upeek(tcp, gpr_offset[offset_reg], &tmp) < 0))
1069 scno = ptrace(PTRACE_PEEKTEXT, tcp->pid, svc_addr, 0);
1078 offset_reg = (opcode & 0x00f00000) >> 20;
1079 if (offset_reg && (upeek(tcp, gpr_offset[offset_reg], &tmp) < 0))
1082 scno = (scno | tmp) & 0xff;
1085 #elif defined(POWERPC)
1086 if (upeek(tcp, sizeof(unsigned long)*PT_R0, &scno) < 0)
1089 /* TODO: speed up strace by not doing this at every syscall.
1090 * We only need to do it after execve.
1095 /* Check for 64/32 bit mode. */
1096 if (upeek(tcp, sizeof(unsigned long)*PT_MSR, &val) < 0)
1098 /* SF is bit 0 of MSR */
1103 update_personality(tcp, currpers);
1105 #elif defined(AVR32)
1108 if (upeek(tcp, PT_ORIG_P0, &scno))
1111 scno = i386_regs.orig_eax;
1112 #elif defined(X86_64) || defined(X32)
1113 # ifndef __X32_SYSCALL_BIT
1114 # define __X32_SYSCALL_BIT 0x40000000
1118 /* GETREGSET of NT_PRSTATUS tells us regset size,
1119 * which unambiguously detects i386.
1121 * Linux kernel distinguishes x86-64 and x32 processes
1122 * solely by looking at __X32_SYSCALL_BIT:
1123 * arch/x86/include/asm/compat.h::is_x32_task():
1124 * if (task_pt_regs(current)->orig_ax & __X32_SYSCALL_BIT)
1127 if (x86_io.iov_len == sizeof(i386_regs)) {
1128 scno = i386_regs.orig_eax;
1131 scno = x86_64_regs.orig_rax;
1133 if (scno & __X32_SYSCALL_BIT) {
1134 scno -= __X32_SYSCALL_BIT;
1139 /* cs = 0x33 for long mode (native 64 bit and x32)
1140 * cs = 0x23 for compatibility mode (32 bit)
1141 * ds = 0x2b for x32 mode (x86-64 in 32 bit)
1143 scno = x86_64_regs.orig_rax;
1144 switch (x86_64_regs.cs) {
1145 case 0x23: currpers = 1; break;
1147 if (x86_64_regs.ds == 0x2b) {
1149 scno &= ~__X32_SYSCALL_BIT;
1154 fprintf(stderr, "Unknown value CS=0x%08X while "
1155 "detecting personality of process "
1156 "PID=%d\n", (int)x86_64_regs.cs, tcp->pid);
1157 currpers = current_personality;
1161 /* This version analyzes the opcode of a syscall instruction.
1162 * (int 0x80 on i386 vs. syscall on x86-64)
1163 * It works, but is too complicated, and strictly speaking, unreliable.
1165 unsigned long call, rip = x86_64_regs.rip;
1166 /* sizeof(syscall) == sizeof(int 0x80) == 2 */
1169 call = ptrace(PTRACE_PEEKTEXT, tcp->pid, (char *)rip, (char *)0);
1171 fprintf(stderr, "ptrace_peektext failed: %s\n",
1173 switch (call & 0xffff) {
1174 /* x86-64: syscall = 0x0f 0x05 */
1175 case 0x050f: currpers = 0; break;
1176 /* i386: int 0x80 = 0xcd 0x80 */
1177 case 0x80cd: currpers = 1; break;
1179 currpers = current_personality;
1181 "Unknown syscall opcode (0x%04X) while "
1182 "detecting personality of process "
1183 "PID=%d\n", (int)call, tcp->pid);
1189 /* If we are built for a x32 system, then personality 0 is x32
1190 * (not x86_64), and stracing of x86_64 apps is not supported.
1191 * Stracing of i386 apps is still supported.
1193 if (currpers == 0) {
1194 fprintf(stderr, "syscall_%lu(...) in unsupported "
1195 "64-bit mode of process PID=%d\n",
1199 currpers &= ~2; /* map 2,1 to 0,1 */
1201 update_personality(tcp, currpers);
1203 # define IA64_PSR_IS ((long)1 << 34)
1205 if (upeek(tcp, PT_CR_IPSR, &psr) >= 0)
1206 ia32 = (psr & IA64_PSR_IS) != 0;
1208 if (upeek(tcp, PT_R1, &scno) < 0)
1211 if (upeek(tcp, PT_R15, &scno) < 0)
1214 #elif defined(AARCH64)
1215 switch (aarch64_io.iov_len) {
1216 case sizeof(aarch64_regs):
1217 /* We are in 64-bit mode */
1218 scno = aarch64_regs.regs[8];
1219 update_personality(tcp, 1);
1221 case sizeof(arm_regs):
1222 /* We are in 32-bit mode */
1223 scno = arm_regs.ARM_r7;
1224 update_personality(tcp, 0);
1229 * We only need to grab the syscall number on syscall entry.
1231 if (arm_regs.ARM_ip == 0) {
1233 * Note: we only deal with 32-bit CPUs here
1235 if (arm_regs.ARM_cpsr & 0x20) {
1237 * Get the Thumb-mode system call number
1239 scno = arm_regs.ARM_r7;
1242 * Get the ARM-mode system call number
1245 scno = ptrace(PTRACE_PEEKTEXT, tcp->pid, (void *)(arm_regs.ARM_pc - 4), NULL);
1249 /* Handle the EABI syscall convention. We do not
1250 bother converting structures between the two
1251 ABIs, but basic functionality should work even
1252 if strace and the traced program have different
1254 if (scno == 0xef000000) {
1255 scno = arm_regs.ARM_r7;
1257 if ((scno & 0x0ff00000) != 0x0f900000) {
1258 fprintf(stderr, "syscall: unknown syscall trap 0x%08lx\n",
1264 * Fixup the syscall number
1269 if (scno & 0x0f0000) {
1271 * Handle ARM specific syscall
1273 update_personality(tcp, 1);
1276 update_personality(tcp, 0);
1279 fprintf(stderr, "pid %d stray syscall entry\n", tcp->pid);
1280 tcp->flags |= TCB_INSYSCALL;
1283 if (upeek(tcp, 4*PT_ORIG_D0, &scno) < 0)
1285 #elif defined(LINUX_MIPSN32)
1286 unsigned long long regs[38];
1288 if (ptrace(PTRACE_GETREGS, tcp->pid, NULL, (long) ®s) < 0)
1290 mips_a3 = regs[REG_A3];
1291 mips_r2 = regs[REG_V0];
1294 if (!SCNO_IN_RANGE(scno)) {
1295 if (mips_a3 == 0 || mips_a3 == -1) {
1297 fprintf(stderr, "stray syscall exit: v0 = %ld\n", scno);
1302 if (upeek(tcp, REG_A3, &mips_a3) < 0)
1304 if (upeek(tcp, REG_V0, &scno) < 0)
1307 if (!SCNO_IN_RANGE(scno)) {
1308 if (mips_a3 == 0 || mips_a3 == -1) {
1310 fprintf(stderr, "stray syscall exit: v0 = %ld\n", scno);
1314 #elif defined(ALPHA)
1315 if (upeek(tcp, REG_A3, &alpha_a3) < 0)
1317 if (upeek(tcp, REG_R0, &scno) < 0)
1321 * Do some sanity checks to figure out if it's
1322 * really a syscall entry
1324 if (!SCNO_IN_RANGE(scno)) {
1325 if (alpha_a3 == 0 || alpha_a3 == -1) {
1327 fprintf(stderr, "stray syscall exit: r0 = %ld\n", scno);
1331 #elif defined(SPARC) || defined(SPARC64)
1332 /* Disassemble the syscall trap. */
1333 /* Retrieve the syscall trap instruction. */
1336 # if defined(SPARC64)
1337 trap = ptrace(PTRACE_PEEKTEXT, tcp->pid, (char *)regs.tpc, 0);
1340 trap = ptrace(PTRACE_PEEKTEXT, tcp->pid, (char *)regs.pc, 0);
1345 /* Disassemble the trap to see what personality to use. */
1348 /* Linux/SPARC syscall trap. */
1349 update_personality(tcp, 0);
1352 /* Linux/SPARC64 syscall trap. */
1353 update_personality(tcp, 2);
1356 /* SunOS syscall trap. (pers 1) */
1357 fprintf(stderr, "syscall: SunOS no support\n");
1360 /* Solaris 2.x syscall trap. (per 2) */
1361 update_personality(tcp, 1);
1364 /* NetBSD/FreeBSD syscall trap. */
1365 fprintf(stderr, "syscall: NetBSD/FreeBSD not supported\n");
1368 /* Solaris 2.x gettimeofday */
1369 update_personality(tcp, 1);
1372 # if defined(SPARC64)
1373 fprintf(stderr, "syscall: unknown syscall trap %08lx %016lx\n", trap, regs.tpc);
1375 fprintf(stderr, "syscall: unknown syscall trap %08lx %08lx\n", trap, regs.pc);
1380 /* Extract the system call number from the registers. */
1381 if (trap == 0x91d02027)
1384 scno = regs.u_regs[U_REG_G1];
1386 scno = regs.u_regs[U_REG_O0];
1387 memmove(®s.u_regs[U_REG_O0], ®s.u_regs[U_REG_O1], 7*sizeof(regs.u_regs[0]));
1390 if (upeek(tcp, PT_GR20, &scno) < 0)
1394 * In the new syscall ABI, the system call number is in R3.
1396 if (upeek(tcp, 4*(REG_REG0+3), &scno) < 0)
1400 /* Odd as it may seem, a glibc bug has been known to cause
1401 glibc to issue bogus negative syscall numbers. So for
1402 our purposes, make strace print what it *should* have been */
1403 long correct_scno = (scno & 0xff);
1406 "Detected glibc bug: bogus system call"
1407 " number = %ld, correcting to %ld\n",
1410 scno = correct_scno;
1413 if (upeek(tcp, REG_SYSCALL, &scno) < 0)
1416 #elif defined(CRISV10) || defined(CRISV32)
1417 if (upeek(tcp, 4*PT_R9, &scno) < 0)
1421 scno = tile_regs.regs[10];
1425 # ifndef PT_FLAGS_COMPAT
1426 # define PT_FLAGS_COMPAT 0x10000 /* from Linux 3.8 on */
1428 if (tile_regs.flags & PT_FLAGS_COMPAT)
1433 update_personality(tcp, currpers);
1434 #elif defined(MICROBLAZE)
1435 if (upeek(tcp, 0, &scno) < 0)
1438 scno = or1k_regs.gpr[11];
1445 /* Called at each syscall entry.
1447 * 0: "ignore this ptrace stop", bail out of trace_syscall_entering() silently.
1448 * 1: ok, continue in trace_syscall_entering().
1449 * other: error, trace_syscall_entering() should print error indicator
1450 * ("????" etc) and bail out.
1453 syscall_fixup_on_sysenter(struct tcb *tcp)
1455 /* A common case of "not a syscall entry" is post-execve SIGTRAP */
1457 if (i386_regs.eax != -ENOSYS) {
1459 fprintf(stderr, "not a syscall entry (eax = %ld)\n", i386_regs.eax);
1462 #elif defined(X86_64) || defined(X32)
1465 if (x86_io.iov_len == sizeof(i386_regs)) {
1466 /* Sign extend from 32 bits */
1467 rax = (int32_t)i386_regs.eax;
1469 /* Note: in X32 build, this truncates 64 to 32 bits */
1470 rax = x86_64_regs.rax;
1472 if (rax != -ENOSYS) {
1474 fprintf(stderr, "not a syscall entry (rax = %ld)\n", rax);
1478 #elif defined(S390) || defined(S390X)
1479 /* TODO: we already fetched PT_GPR2 in get_scno
1480 * and stored it in syscall_mode, reuse it here
1481 * instead of re-fetching?
1483 if (upeek(tcp, PT_GPR2, &gpr2) < 0)
1485 if (syscall_mode != -ENOSYS)
1486 syscall_mode = tcp->scno;
1487 if (gpr2 != syscall_mode) {
1489 fprintf(stderr, "not a syscall entry (gpr2 = %ld)\n", gpr2);
1493 /* TODO? Eliminate upeek's in arches below like we did in x86 */
1494 if (upeek(tcp, 4*PT_D0, &m68k_d0) < 0)
1496 if (m68k_d0 != -ENOSYS) {
1498 fprintf(stderr, "not a syscall entry (d0 = %ld)\n", m68k_d0);
1502 if (upeek(tcp, PT_R10, &ia64_r10) < 0)
1504 if (upeek(tcp, PT_R8, &ia64_r8) < 0)
1506 if (ia32 && ia64_r8 != -ENOSYS) {
1508 fprintf(stderr, "not a syscall entry (r8 = %ld)\n", ia64_r8);
1511 #elif defined(CRISV10) || defined(CRISV32)
1512 if (upeek(tcp, 4*PT_R10, &cris_r10) < 0)
1514 if (cris_r10 != -ENOSYS) {
1516 fprintf(stderr, "not a syscall entry (r10 = %ld)\n", cris_r10);
1519 #elif defined(MICROBLAZE)
1520 if (upeek(tcp, 3 * 4, µblaze_r3) < 0)
1522 if (microblaze_r3 != -ENOSYS) {
1524 fprintf(stderr, "not a syscall entry (r3 = %ld)\n", microblaze_r3);
1532 internal_fork(struct tcb *tcp)
1534 #if defined S390 || defined S390X || defined CRISV10 || defined CRISV32
1535 # define ARG_FLAGS 1
1537 # define ARG_FLAGS 0
1539 #ifndef CLONE_UNTRACED
1540 # define CLONE_UNTRACED 0x00800000
1542 if ((ptrace_setoptions
1543 & (PTRACE_O_TRACECLONE | PTRACE_O_TRACEFORK | PTRACE_O_TRACEVFORK))
1544 == (PTRACE_O_TRACECLONE | PTRACE_O_TRACEFORK | PTRACE_O_TRACEVFORK))
1550 if (entering(tcp)) {
1552 * We won't see the new child if clone is called with
1553 * CLONE_UNTRACED, so we keep the same logic with that option
1554 * and don't trace it.
1556 if ((sysent[tcp->scno].sys_func == sys_clone) &&
1557 (tcp->u_arg[ARG_FLAGS] & CLONE_UNTRACED))
1561 if (tcp->flags & TCB_BPTSET)
1566 #if defined(TCB_WAITEXECVE)
1568 internal_exec(struct tcb *tcp)
1570 /* Maybe we have post-execve SIGTRAP suppressed? */
1571 if (ptrace_setoptions & PTRACE_O_TRACEEXEC)
1572 return; /* yes, no need to do anything */
1574 if (exiting(tcp) && syserror(tcp))
1575 /* Error in execve, no post-execve SIGTRAP expected */
1576 tcp->flags &= ~TCB_WAITEXECVE;
1578 tcp->flags |= TCB_WAITEXECVE;
1583 syscall_fixup_for_fork_exec(struct tcb *tcp)
1586 * We must always trace a few critical system calls in order to
1587 * correctly support following forks in the presence of tracing
1592 if (!SCNO_IN_RANGE(tcp->scno))
1595 func = sysent[tcp->scno].sys_func;
1597 if ( sys_fork == func
1598 || sys_vfork == func
1599 || sys_clone == func
1605 #if defined(TCB_WAITEXECVE)
1606 if ( sys_execve == func
1607 # if defined(SPARC) || defined(SPARC64)
1608 || sys_execv == func
1617 /* Return -1 on error or 1 on success (never 0!) */
1619 get_syscall_args(struct tcb *tcp)
1623 if (SCNO_IN_RANGE(tcp->scno))
1624 nargs = tcp->u_nargs = sysent[tcp->scno].nargs;
1626 nargs = tcp->u_nargs = MAX_ARGS;
1628 #if defined(S390) || defined(S390X)
1629 for (i = 0; i < nargs; ++i)
1630 if (upeek(tcp, i==0 ? PT_ORIGGPR2 : PT_GPR2 + i*sizeof(long), &tcp->u_arg[i]) < 0)
1632 #elif defined(ALPHA)
1633 for (i = 0; i < nargs; ++i)
1634 if (upeek(tcp, REG_A0+i, &tcp->u_arg[i]) < 0)
1638 unsigned long *out0, cfm, sof, sol;
1640 /* be backwards compatible with kernel < 2.4.4... */
1642 # define PT_RBS_END PT_AR_BSP
1645 if (upeek(tcp, PT_RBS_END, &rbs_end) < 0)
1647 if (upeek(tcp, PT_CFM, (long *) &cfm) < 0)
1650 sof = (cfm >> 0) & 0x7f;
1651 sol = (cfm >> 7) & 0x7f;
1652 out0 = ia64_rse_skip_regs((unsigned long *) rbs_end, -sof + sol);
1654 for (i = 0; i < nargs; ++i) {
1655 if (umoven(tcp, (unsigned long) ia64_rse_skip_regs(out0, i),
1656 sizeof(long), (char *) &tcp->u_arg[i]) < 0)
1660 static const int argreg[MAX_ARGS] = { PT_R11 /* EBX = out0 */,
1661 PT_R9 /* ECX = out1 */,
1662 PT_R10 /* EDX = out2 */,
1663 PT_R14 /* ESI = out3 */,
1664 PT_R15 /* EDI = out4 */,
1665 PT_R13 /* EBP = out5 */};
1667 for (i = 0; i < nargs; ++i) {
1668 if (upeek(tcp, argreg[i], &tcp->u_arg[i]) < 0)
1670 /* truncate away IVE sign-extension */
1671 tcp->u_arg[i] &= 0xffffffff;
1674 #elif defined(LINUX_MIPSN32) || defined(LINUX_MIPSN64)
1675 /* N32 and N64 both use up to six registers. */
1676 unsigned long long regs[38];
1678 if (ptrace(PTRACE_GETREGS, tcp->pid, NULL, (long) ®s) < 0)
1681 for (i = 0; i < nargs; ++i) {
1682 tcp->u_arg[i] = regs[REG_A0 + i];
1683 # if defined(LINUX_MIPSN32)
1684 tcp->ext_arg[i] = regs[REG_A0 + i];
1691 if (upeek(tcp, REG_SP, &sp) < 0)
1693 for (i = 0; i < 4; ++i)
1694 if (upeek(tcp, REG_A0 + i, &tcp->u_arg[i]) < 0)
1696 umoven(tcp, sp + 16, (nargs - 4) * sizeof(tcp->u_arg[0]),
1697 (char *)(tcp->u_arg + 4));
1699 for (i = 0; i < nargs; ++i)
1700 if (upeek(tcp, REG_A0 + i, &tcp->u_arg[i]) < 0)
1703 #elif defined(POWERPC)
1705 # define PT_ORIG_R3 34
1707 for (i = 0; i < nargs; ++i) {
1708 if (upeek(tcp, (i==0) ?
1709 (sizeof(unsigned long) * PT_ORIG_R3) :
1710 ((i+PT_R3) * sizeof(unsigned long)),
1711 &tcp->u_arg[i]) < 0)
1714 #elif defined(SPARC) || defined(SPARC64)
1715 for (i = 0; i < nargs; ++i)
1716 tcp->u_arg[i] = regs.u_regs[U_REG_O0 + i];
1718 for (i = 0; i < nargs; ++i)
1719 if (upeek(tcp, PT_GR26-4*i, &tcp->u_arg[i]) < 0)
1721 #elif defined(ARM) || defined(AARCH64)
1722 # if defined(AARCH64)
1723 if (tcp->currpers == 1)
1724 for (i = 0; i < nargs; ++i)
1725 tcp->u_arg[i] = aarch64_regs.regs[i];
1728 for (i = 0; i < nargs; ++i)
1729 tcp->u_arg[i] = arm_regs.uregs[i];
1730 #elif defined(AVR32)
1733 tcp->u_arg[0] = regs.r12;
1734 tcp->u_arg[1] = regs.r11;
1735 tcp->u_arg[2] = regs.r10;
1736 tcp->u_arg[3] = regs.r9;
1737 tcp->u_arg[4] = regs.r5;
1738 tcp->u_arg[5] = regs.r3;
1740 static const int argreg[MAX_ARGS] = { PT_R0, PT_R1, PT_R2, PT_R3, PT_R4, PT_R5 };
1742 for (i = 0; i < nargs; ++i)
1743 if (upeek(tcp, argreg[i], &tcp->u_arg[i]) < 0)
1746 static const int syscall_regs[MAX_ARGS] = {
1747 4 * (REG_REG0+4), 4 * (REG_REG0+5), 4 * (REG_REG0+6),
1748 4 * (REG_REG0+7), 4 * (REG_REG0 ), 4 * (REG_REG0+1)
1751 for (i = 0; i < nargs; ++i)
1752 if (upeek(tcp, syscall_regs[i], &tcp->u_arg[i]) < 0)
1756 /* Registers used by SH5 Linux system calls for parameters */
1757 static const int syscall_regs[MAX_ARGS] = { 2, 3, 4, 5, 6, 7 };
1759 for (i = 0; i < nargs; ++i)
1760 if (upeek(tcp, REG_GENERAL(syscall_regs[i]), &tcp->u_arg[i]) < 0)
1765 tcp->u_arg[0] = i386_regs.ebx;
1766 tcp->u_arg[1] = i386_regs.ecx;
1767 tcp->u_arg[2] = i386_regs.edx;
1768 tcp->u_arg[3] = i386_regs.esi;
1769 tcp->u_arg[4] = i386_regs.edi;
1770 tcp->u_arg[5] = i386_regs.ebp;
1771 #elif defined(X86_64) || defined(X32)
1774 if (x86_io.iov_len != sizeof(i386_regs)) {
1775 /* x86-64 or x32 ABI */
1776 tcp->u_arg[0] = x86_64_regs.rdi;
1777 tcp->u_arg[1] = x86_64_regs.rsi;
1778 tcp->u_arg[2] = x86_64_regs.rdx;
1779 tcp->u_arg[3] = x86_64_regs.r10;
1780 tcp->u_arg[4] = x86_64_regs.r8;
1781 tcp->u_arg[5] = x86_64_regs.r9;
1783 tcp->ext_arg[0] = x86_64_regs.rdi;
1784 tcp->ext_arg[1] = x86_64_regs.rsi;
1785 tcp->ext_arg[2] = x86_64_regs.rdx;
1786 tcp->ext_arg[3] = x86_64_regs.r10;
1787 tcp->ext_arg[4] = x86_64_regs.r8;
1788 tcp->ext_arg[5] = x86_64_regs.r9;
1792 /* Zero-extend from 32 bits */
1793 /* Use widen_to_long(tcp->u_arg[N]) in syscall handlers
1794 * if you need to use *sign-extended* parameter.
1796 tcp->u_arg[0] = (long)(uint32_t)i386_regs.ebx;
1797 tcp->u_arg[1] = (long)(uint32_t)i386_regs.ecx;
1798 tcp->u_arg[2] = (long)(uint32_t)i386_regs.edx;
1799 tcp->u_arg[3] = (long)(uint32_t)i386_regs.esi;
1800 tcp->u_arg[4] = (long)(uint32_t)i386_regs.edi;
1801 tcp->u_arg[5] = (long)(uint32_t)i386_regs.ebp;
1803 #elif defined(MICROBLAZE)
1804 for (i = 0; i < nargs; ++i)
1805 if (upeek(tcp, (5 + i) * 4, &tcp->u_arg[i]) < 0)
1807 #elif defined(CRISV10) || defined(CRISV32)
1808 static const int crisregs[MAX_ARGS] = {
1809 4*PT_ORIG_R10, 4*PT_R11, 4*PT_R12,
1810 4*PT_R13 , 4*PT_MOF, 4*PT_SRP
1813 for (i = 0; i < nargs; ++i)
1814 if (upeek(tcp, crisregs[i], &tcp->u_arg[i]) < 0)
1817 for (i = 0; i < nargs; ++i)
1818 tcp->u_arg[i] = tile_regs.regs[i];
1820 for (i = 0; i < nargs; ++i)
1821 if (upeek(tcp, (i < 5 ? i : i + 2)*4, &tcp->u_arg[i]) < 0)
1825 for (i = 0; i < 6; ++i)
1826 tcp->u_arg[i] = or1k_regs.gpr[3 + i];
1827 #else /* Other architecture (32bits specific) */
1828 for (i = 0; i < nargs; ++i)
1829 if (upeek(tcp, i*4, &tcp->u_arg[i]) < 0)
1836 trace_syscall_entering(struct tcb *tcp)
1840 #if defined TCB_WAITEXECVE
1841 if (tcp->flags & TCB_WAITEXECVE) {
1842 /* This is the post-execve SIGTRAP. */
1843 tcp->flags &= ~TCB_WAITEXECVE;
1848 scno_good = res = (get_regs_error ? -1 : get_scno(tcp));
1852 res = syscall_fixup_on_sysenter(tcp);
1856 res = get_syscall_args(tcp);
1862 tprints("????" /* anti-trigraph gap */ "(");
1863 else if (!SCNO_IN_RANGE(tcp->scno))
1864 tprintf("syscall_%lu(", tcp->scno);
1866 tprintf("%s(", sysent[tcp->scno].sys_name);
1868 * " <unavailable>" will be added later by the code which
1869 * detects ptrace errors.
1874 #if defined(SYS_socket_subcall) || defined(SYS_ipc_subcall)
1875 while (SCNO_IN_RANGE(tcp->scno)) {
1876 # ifdef SYS_socket_subcall
1877 if (sysent[tcp->scno].sys_func == sys_socketcall) {
1878 decode_socket_subcall(tcp);
1882 # ifdef SYS_ipc_subcall
1883 if (sysent[tcp->scno].sys_func == sys_ipc) {
1884 decode_ipc_subcall(tcp);
1890 #endif /* SYS_socket_subcall || SYS_ipc_subcall */
1892 if (need_fork_exec_workarounds)
1893 syscall_fixup_for_fork_exec(tcp);
1895 if ((SCNO_IN_RANGE(tcp->scno) &&
1896 !(qual_flags[tcp->scno] & QUAL_TRACE)) ||
1897 (tracing_paths && !pathtrace_match(tcp))) {
1898 tcp->flags |= TCB_INSYSCALL | TCB_FILTERED;
1902 tcp->flags &= ~TCB_FILTERED;
1904 if (cflag == CFLAG_ONLY_STATS) {
1910 if (!SCNO_IN_RANGE(tcp->scno))
1911 tprintf("syscall_%lu(", tcp->scno);
1913 tprintf("%s(", sysent[tcp->scno].sys_name);
1914 if (!SCNO_IN_RANGE(tcp->scno) ||
1915 ((qual_flags[tcp->scno] & QUAL_RAW) &&
1916 sysent[tcp->scno].sys_func != sys_exit))
1917 res = printargs(tcp);
1919 res = (*sysent[tcp->scno].sys_func)(tcp);
1923 tcp->flags |= TCB_INSYSCALL;
1924 /* Measure the entrance time as late as possible to avoid errors. */
1926 gettimeofday(&tcp->etime, NULL);
1931 * 1: ok, continue in trace_syscall_exiting().
1932 * -1: error, trace_syscall_exiting() should print error indicator
1933 * ("????" etc) and bail out.
1936 get_syscall_result(struct tcb *tcp)
1938 #if defined(S390) || defined(S390X)
1939 if (upeek(tcp, PT_GPR2, &gpr2) < 0)
1941 #elif defined(POWERPC)
1942 # define SO_MASK 0x10000000
1945 if (upeek(tcp, sizeof(unsigned long)*PT_CCR, &flags) < 0)
1947 if (upeek(tcp, sizeof(unsigned long)*PT_R3, &ppc_result) < 0)
1949 if (flags & SO_MASK)
1950 ppc_result = -ppc_result;
1952 #elif defined(AVR32)
1953 /* already done by get_regs */
1955 if (upeek(tcp, PT_R0, &bfin_r0) < 0)
1958 /* already done by get_regs */
1959 #elif defined(X86_64) || defined(X32)
1960 /* already done by get_regs */
1962 # define IA64_PSR_IS ((long)1 << 34)
1964 if (upeek(tcp, PT_CR_IPSR, &psr) >= 0)
1965 ia32 = (psr & IA64_PSR_IS) != 0;
1966 if (upeek(tcp, PT_R8, &ia64_r8) < 0)
1968 if (upeek(tcp, PT_R10, &ia64_r10) < 0)
1971 /* already done by get_regs */
1972 #elif defined(AARCH64)
1973 /* register reading already done by get_regs */
1975 /* Used to do this, but we did it on syscall entry already: */
1976 /* We are in 64-bit mode (personality 1) if register struct is aarch64_regs,
1977 * else it's personality 0.
1979 /*update_personality(tcp, aarch64_io.iov_len == sizeof(aarch64_regs));*/
1981 if (upeek(tcp, 4*PT_D0, &m68k_d0) < 0)
1983 #elif defined(LINUX_MIPSN32)
1984 unsigned long long regs[38];
1986 if (ptrace(PTRACE_GETREGS, tcp->pid, NULL, (long) ®s) < 0)
1988 mips_a3 = regs[REG_A3];
1989 mips_r2 = regs[REG_V0];
1991 if (upeek(tcp, REG_A3, &mips_a3) < 0)
1993 if (upeek(tcp, REG_V0, &mips_r2) < 0)
1995 #elif defined(ALPHA)
1996 if (upeek(tcp, REG_A3, &alpha_a3) < 0)
1998 if (upeek(tcp, REG_R0, &alpha_r0) < 0)
2000 #elif defined(SPARC) || defined(SPARC64)
2001 /* already done by get_regs */
2003 if (upeek(tcp, PT_GR28, &hppa_r28) < 0)
2006 /* new syscall ABI returns result in R0 */
2007 if (upeek(tcp, 4*REG_REG0, (long *)&sh_r0) < 0)
2010 /* ABI defines result returned in r9 */
2011 if (upeek(tcp, REG_GENERAL(9), (long *)&sh64_r9) < 0)
2013 #elif defined(CRISV10) || defined(CRISV32)
2014 if (upeek(tcp, 4*PT_R10, &cris_r10) < 0)
2017 /* already done by get_regs */
2018 #elif defined(MICROBLAZE)
2019 if (upeek(tcp, 3 * 4, µblaze_r3) < 0)
2022 /* already done by get_regs */
2027 /* Called at each syscall exit */
2029 syscall_fixup_on_sysexit(struct tcb *tcp)
2031 #if defined(S390) || defined(S390X)
2032 if (syscall_mode != -ENOSYS)
2033 syscall_mode = tcp->scno;
2034 if ((tcp->flags & TCB_WAITEXECVE)
2035 && (gpr2 == -ENOSYS || gpr2 == tcp->scno)) {
2037 * Return from execve.
2038 * Fake a return value of zero. We leave the TCB_WAITEXECVE
2039 * flag set for the post-execve SIGTRAP to see and reset.
2047 * Check the syscall return value register value for whether it is
2048 * a negated errno code indicating an error, or a success return value.
2051 is_negated_errno(unsigned long int val)
2053 unsigned long int max = -(long int) nerrnos;
2054 #if SUPPORTED_PERSONALITIES > 1
2055 if (current_wordsize < sizeof(val)) {
2056 val = (unsigned int) val;
2057 max = (unsigned int) max;
2065 is_negated_errno_x32(unsigned long long val)
2067 unsigned long long max = -(long long) nerrnos;
2069 * current_wordsize is 4 even in personality 0 (native X32)
2070 * but truncation _must not_ be done in it.
2071 * can't check current_wordsize here!
2073 if (current_personality != 0) {
2074 val = (uint32_t) val;
2075 max = (uint32_t) max;
2082 * 1: ok, continue in trace_syscall_exiting().
2083 * -1: error, trace_syscall_exiting() should print error indicator
2084 * ("????" etc) and bail out.
2087 get_error(struct tcb *tcp)
2090 int check_errno = 1;
2091 if (SCNO_IN_RANGE(tcp->scno) &&
2092 sysent[tcp->scno].sys_flags & SYSCALL_NEVER_FAILS) {
2095 #if defined(S390) || defined(S390X)
2096 if (check_errno && is_negated_errno(gpr2)) {
2104 if (check_errno && is_negated_errno(i386_regs.eax)) {
2106 u_error = -i386_regs.eax;
2109 tcp->u_rval = i386_regs.eax;
2111 #elif defined(X86_64)
2113 if (x86_io.iov_len == sizeof(i386_regs)) {
2114 /* Sign extend from 32 bits */
2115 rax = (int32_t)i386_regs.eax;
2117 rax = x86_64_regs.rax;
2119 if (check_errno && is_negated_errno(rax)) {
2127 /* In X32, return value is 64-bit (llseek uses one).
2128 * Using merely "long rax" would not work.
2131 if (x86_io.iov_len == sizeof(i386_regs)) {
2132 /* Sign extend from 32 bits */
2133 rax = (int32_t)i386_regs.eax;
2135 rax = x86_64_regs.rax;
2137 /* Careful: is_negated_errno() works only on longs */
2138 if (check_errno && is_negated_errno_x32(rax)) {
2143 tcp->u_rval = rax; /* truncating */
2151 if (check_errno && is_negated_errno(err)) {
2159 if (check_errno && ia64_r10) {
2163 tcp->u_rval = ia64_r8;
2167 if (check_errno && mips_a3) {
2171 tcp->u_rval = mips_r2;
2172 # if defined(LINUX_MIPSN32)
2173 tcp->u_lrval = mips_r2;
2176 #elif defined(POWERPC)
2177 if (check_errno && is_negated_errno(ppc_result)) {
2179 u_error = -ppc_result;
2182 tcp->u_rval = ppc_result;
2185 if (check_errno && is_negated_errno(m68k_d0)) {
2190 tcp->u_rval = m68k_d0;
2192 #elif defined(ARM) || defined(AARCH64)
2193 # if defined(AARCH64)
2194 if (tcp->currpers == 1) {
2195 if (check_errno && is_negated_errno(aarch64_regs.regs[0])) {
2197 u_error = -aarch64_regs.regs[0];
2200 tcp->u_rval = aarch64_regs.regs[0];
2206 if (check_errno && is_negated_errno(arm_regs.ARM_r0)) {
2208 u_error = -arm_regs.ARM_r0;
2211 tcp->u_rval = arm_regs.ARM_r0;
2214 #elif defined(AVR32)
2215 if (check_errno && regs.r12 && (unsigned) -regs.r12 < nerrnos) {
2217 u_error = -regs.r12;
2220 tcp->u_rval = regs.r12;
2223 if (check_errno && is_negated_errno(bfin_r0)) {
2227 tcp->u_rval = bfin_r0;
2229 #elif defined(ALPHA)
2230 if (check_errno && alpha_a3) {
2235 tcp->u_rval = alpha_r0;
2237 #elif defined(SPARC)
2238 if (check_errno && regs.psr & PSR_C) {
2240 u_error = regs.u_regs[U_REG_O0];
2243 tcp->u_rval = regs.u_regs[U_REG_O0];
2245 #elif defined(SPARC64)
2246 if (check_errno && regs.tstate & 0x1100000000UL) {
2248 u_error = regs.u_regs[U_REG_O0];
2251 tcp->u_rval = regs.u_regs[U_REG_O0];
2254 if (check_errno && is_negated_errno(hppa_r28)) {
2256 u_error = -hppa_r28;
2259 tcp->u_rval = hppa_r28;
2262 if (check_errno && is_negated_errno(sh_r0)) {
2267 tcp->u_rval = sh_r0;
2270 if (check_errno && is_negated_errno(sh64_r9)) {
2275 tcp->u_rval = sh64_r9;
2277 #elif defined(CRISV10) || defined(CRISV32)
2278 if (check_errno && cris_r10 && (unsigned) -cris_r10 < nerrnos) {
2280 u_error = -cris_r10;
2283 tcp->u_rval = cris_r10;
2287 * The standard tile calling convention returns the value (or negative
2288 * errno) in r0, and zero (or positive errno) in r1.
2289 * Until at least kernel 3.8, however, the r1 value is not reflected
2290 * in ptregs at this point, so we use r0 here.
2292 if (check_errno && is_negated_errno(tile_regs.regs[0])) {
2294 u_error = -tile_regs.regs[0];
2296 tcp->u_rval = tile_regs.regs[0];
2298 #elif defined(MICROBLAZE)
2299 if (check_errno && is_negated_errno(microblaze_r3)) {
2301 u_error = -microblaze_r3;
2304 tcp->u_rval = microblaze_r3;
2307 if (check_errno && is_negated_errno(or1k_regs.gpr[11])) {
2309 u_error = -or1k_regs.gpr[11];
2312 tcp->u_rval = or1k_regs.gpr[11];
2315 tcp->u_error = u_error;
2320 dumpio(struct tcb *tcp)
2324 if (tcp->u_arg[0] < 0 || tcp->u_arg[0] >= MAX_QUALS)
2326 if (!SCNO_IN_RANGE(tcp->scno))
2328 if (sysent[tcp->scno].sys_func == printargs)
2330 if (qual_flags[tcp->u_arg[0]] & QUAL_READ) {
2331 if (sysent[tcp->scno].sys_func == sys_read ||
2332 sysent[tcp->scno].sys_func == sys_pread ||
2333 sysent[tcp->scno].sys_func == sys_recv ||
2334 sysent[tcp->scno].sys_func == sys_recvfrom)
2335 dumpstr(tcp, tcp->u_arg[1], tcp->u_rval);
2336 else if (sysent[tcp->scno].sys_func == sys_readv)
2337 dumpiov(tcp, tcp->u_arg[2], tcp->u_arg[1]);
2340 if (qual_flags[tcp->u_arg[0]] & QUAL_WRITE) {
2341 if (sysent[tcp->scno].sys_func == sys_write ||
2342 sysent[tcp->scno].sys_func == sys_pwrite ||
2343 sysent[tcp->scno].sys_func == sys_send ||
2344 sysent[tcp->scno].sys_func == sys_sendto)
2345 dumpstr(tcp, tcp->u_arg[1], tcp->u_arg[2]);
2346 else if (sysent[tcp->scno].sys_func == sys_writev)
2347 dumpiov(tcp, tcp->u_arg[2], tcp->u_arg[1]);
2353 trace_syscall_exiting(struct tcb *tcp)
2360 /* Measure the exit time as early as possible to avoid errors. */
2362 gettimeofday(&tv, NULL);
2364 #if SUPPORTED_PERSONALITIES > 1
2365 update_personality(tcp, tcp->currpers);
2367 res = (get_regs_error ? -1 : get_syscall_result(tcp));
2369 syscall_fixup_on_sysexit(tcp); /* never fails */
2370 res = get_error(tcp); /* returns 1 or -1 */
2372 if (need_fork_exec_workarounds)
2373 syscall_fixup_for_fork_exec(tcp);
2374 if (filtered(tcp)) {
2381 struct timeval t = tv;
2382 count_syscall(tcp, &t);
2383 if (cflag == CFLAG_ONLY_STATS) {
2388 /* If not in -ff mode, and printing_tcp != tcp,
2389 * then the log currently does not end with output
2390 * of _our syscall entry_, but with something else.
2391 * We need to say which syscall's return is this.
2393 * Forced reprinting via TCB_REPRINT is used only by
2394 * "strace -ff -oLOG test/threaded_execve" corner case.
2395 * It's the only case when -ff mode needs reprinting.
2397 if ((followfork < 2 && printing_tcp != tcp) || (tcp->flags & TCB_REPRINT)) {
2398 tcp->flags &= ~TCB_REPRINT;
2400 if (!SCNO_IN_RANGE(tcp->scno))
2401 tprintf("<... syscall_%lu resumed> ", tcp->scno);
2403 tprintf("<... %s resumed> ", sysent[tcp->scno].sys_name);
2408 /* There was error in one of prior ptrace ops */
2411 tprints("= ? <unavailable>\n");
2413 tcp->flags &= ~TCB_INSYSCALL;
2418 if (!SCNO_IN_RANGE(tcp->scno)
2419 || (qual_flags[tcp->scno] & QUAL_RAW)) {
2420 /* sys_res = printargs(tcp); - but it's nop on sysexit */
2422 /* FIXME: not_failing_only (IOW, option -z) is broken:
2423 * failure of syscall is known only after syscall return.
2424 * Thus we end up with something like this on, say, ENOENT:
2425 * open("doesnt_exist", O_RDONLY <unfinished ...>
2426 * {next syscall decode}
2427 * whereas the intended result is that open(...) line
2428 * is not shown at all.
2430 if (not_failing_only && tcp->u_error)
2431 goto ret; /* ignore failed syscalls */
2432 sys_res = (*sysent[tcp->scno].sys_func)(tcp);
2437 u_error = tcp->u_error;
2438 if (!SCNO_IN_RANGE(tcp->scno) ||
2439 qual_flags[tcp->scno] & QUAL_RAW) {
2441 tprintf("= -1 (errno %ld)", u_error);
2443 tprintf("= %#lx", tcp->u_rval);
2445 else if (!(sys_res & RVAL_NONE) && u_error) {
2447 /* Blocked signals do not interrupt any syscalls.
2448 * In this case syscalls don't return ERESTARTfoo codes.
2450 * Deadly signals set to SIG_DFL interrupt syscalls
2451 * and kill the process regardless of which of the codes below
2452 * is returned by the interrupted syscall.
2453 * In some cases, kernel forces a kernel-generated deadly
2454 * signal to be unblocked and set to SIG_DFL (and thus cause
2455 * death) if it is blocked or SIG_IGNed: for example, SIGSEGV
2456 * or SIGILL. (The alternative is to leave process spinning
2457 * forever on the faulty instruction - not useful).
2459 * SIG_IGNed signals and non-deadly signals set to SIG_DFL
2460 * (for example, SIGCHLD, SIGWINCH) interrupt syscalls,
2461 * but kernel will always restart them.
2464 /* Most common type of signal-interrupted syscall exit code.
2465 * The system call will be restarted with the same arguments
2466 * if SA_RESTART is set; otherwise, it will fail with EINTR.
2468 tprints("= ? ERESTARTSYS (To be restarted if SA_RESTART is set)");
2470 case ERESTARTNOINTR:
2471 /* Rare. For example, fork() returns this if interrupted.
2472 * SA_RESTART is ignored (assumed set): the restart is unconditional.
2474 tprints("= ? ERESTARTNOINTR (To be restarted)");
2476 case ERESTARTNOHAND:
2477 /* pause(), rt_sigsuspend() etc use this code.
2478 * SA_RESTART is ignored (assumed not set):
2479 * syscall won't restart (will return EINTR instead)
2480 * even after signal with SA_RESTART set.
2481 * However, after SIG_IGN or SIG_DFL signal it will.
2483 tprints("= ? ERESTARTNOHAND (Interrupted by signal)");
2485 case ERESTART_RESTARTBLOCK:
2486 /* Syscalls like nanosleep(), poll() which can't be
2487 * restarted with their original arguments use this
2488 * code. Kernel will execute restart_syscall() instead,
2489 * which changes arguments before restarting syscall.
2490 * SA_RESTART is ignored (assumed not set) similarly
2491 * to ERESTARTNOHAND. (Kernel can't honor SA_RESTART
2492 * since restart data is saved in "restart block"
2493 * in task struct, and if signal handler uses a syscall
2494 * which in turn saves another such restart block,
2495 * old data is lost and restart becomes impossible)
2497 tprints("= ? ERESTART_RESTARTBLOCK (Interrupted by signal)");
2501 tprintf("= -1 E??? (errno %ld)", u_error);
2502 else if (u_error < nerrnos)
2503 tprintf("= -1 %s (%s)", errnoent[u_error],
2506 tprintf("= -1 ERRNO_%ld (%s)", u_error,
2510 if ((sys_res & RVAL_STR) && tcp->auxstr)
2511 tprintf(" (%s)", tcp->auxstr);
2514 if (sys_res & RVAL_NONE)
2517 switch (sys_res & RVAL_MASK) {
2519 tprintf("= %#lx", tcp->u_rval);
2522 tprintf("= %#lo", tcp->u_rval);
2525 tprintf("= %lu", tcp->u_rval);
2528 tprintf("= %ld", tcp->u_rval);
2530 #if defined(LINUX_MIPSN32) || defined(X32)
2533 tprintf("= %#llx", tcp->u_lrval);
2536 tprintf("= %#llo", tcp->u_lrval);
2539 case RVAL_LUDECIMAL:
2540 tprintf("= %llu", tcp->u_lrval);
2544 tprintf("= %lld", tcp->u_lrval);
2550 "invalid rval format\n");
2554 if ((sys_res & RVAL_STR) && tcp->auxstr)
2555 tprintf(" (%s)", tcp->auxstr);
2558 tv_sub(&tv, &tv, &tcp->etime);
2559 tprintf(" <%ld.%06ld>",
2560 (long) tv.tv_sec, (long) tv.tv_usec);
2567 tcp->flags &= ~TCB_INSYSCALL;
2572 trace_syscall(struct tcb *tcp)
2574 return exiting(tcp) ?
2575 trace_syscall_exiting(tcp) : trace_syscall_entering(tcp);