2 * Copyright (c) 1991, 1992 Paul Kranenburg <pk@cs.few.eur.nl>
3 * Copyright (c) 1993 Branko Lankester <branko@hacktic.nl>
4 * Copyright (c) 1993, 1994, 1995, 1996 Rick Sladkey <jrs@world.std.com>
5 * Copyright (c) 1996-1999 Wichert Akkerman <wichert@cistron.nl>
6 * Copyright (c) 1999 IBM Deutschland Entwicklung GmbH, IBM Corporation
7 * Linux for s390 port by D.J. Barrow
8 * <barrow_dj@mail.yahoo.com,djbarrow@de.ibm.com>
11 * Redistribution and use in source and binary forms, with or without
12 * modification, are permitted provided that the following conditions
14 * 1. Redistributions of source code must retain the above copyright
15 * notice, this list of conditions and the following disclaimer.
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in the
18 * documentation and/or other materials provided with the distribution.
19 * 3. The name of the author may not be used to endorse or promote products
20 * derived from this software without specific prior written permission.
22 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
23 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
24 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
25 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
26 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
27 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
28 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
29 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
30 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
31 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36 #include <sys/param.h>
40 # ifndef PTRACE_PEEKUSR
41 # define PTRACE_PEEKUSR PTRACE_PEEKUSER
43 #elif defined(HAVE_LINUX_PTRACE_H)
44 # undef PTRACE_SYSCALL
45 # ifdef HAVE_STRUCT_IA64_FPREG
46 # define ia64_fpreg XXX_ia64_fpreg
48 # ifdef HAVE_STRUCT_PT_ALL_USER_REGS
49 # define pt_all_user_regs XXX_pt_all_user_regs
51 # include <linux/ptrace.h>
53 # undef pt_all_user_regs
57 # undef PTRACE_GETREGS
58 # define PTRACE_GETREGS PTRACE_GETREGS64
59 # undef PTRACE_SETREGS
60 # define PTRACE_SETREGS PTRACE_SETREGS64
64 # include <asm/ptrace_offsets.h>
68 #if defined(X86_64) || defined(X32)
69 # include <linux/ptrace.h>
70 # include <asm/ptrace.h>
76 # include <asm/ptrace.h>
87 # define ERESTARTSYS 512
89 #ifndef ERESTARTNOINTR
90 # define ERESTARTNOINTR 513
92 #ifndef ERESTARTNOHAND
93 # define ERESTARTNOHAND 514 /* restart if no handler */
95 #ifndef ERESTART_RESTARTBLOCK
96 # define ERESTART_RESTARTBLOCK 516 /* restart by calling sys_restart_syscall */
100 # warning: NSIG is not defined, using 32
104 /* Ugh. Is this really correct? ARM has no RT signals?! */
111 /* Define these shorthand notations to simplify the syscallent files. */
112 #define TD TRACE_DESC
113 #define TF TRACE_FILE
115 #define TN TRACE_NETWORK
116 #define TP TRACE_PROCESS
117 #define TS TRACE_SIGNAL
118 #define TM TRACE_MEMORY
119 #define NF SYSCALL_NEVER_FAILS
122 static const struct sysent sysent0[] = {
123 #include "syscallent.h"
126 #if SUPPORTED_PERSONALITIES >= 2
127 static const struct sysent sysent1[] = {
128 # include "syscallent1.h"
132 #if SUPPORTED_PERSONALITIES >= 3
133 static const struct sysent sysent2[] = {
134 # include "syscallent2.h"
138 /* Now undef them since short defines cause wicked namespace pollution. */
150 * `ioctlent.h' may be generated from `ioctlent.raw' by the auxiliary
151 * program `ioctlsort', such that the list is sorted by the `code' field.
152 * This has the side-effect of resolving the _IO.. macros into
153 * plain integers, eliminating the need to include here everything
157 static const char *const errnoent0[] = {
158 #include "errnoent.h"
160 static const char *const signalent0[] = {
161 #include "signalent.h"
163 static const struct ioctlent ioctlent0[] = {
164 #include "ioctlent.h"
166 enum { nsyscalls0 = ARRAY_SIZE(sysent0) };
167 enum { nerrnos0 = ARRAY_SIZE(errnoent0) };
168 enum { nsignals0 = ARRAY_SIZE(signalent0) };
169 enum { nioctlents0 = ARRAY_SIZE(ioctlent0) };
170 int qual_flags0[MAX_QUALS];
172 #if SUPPORTED_PERSONALITIES >= 2
173 static const char *const errnoent1[] = {
174 # include "errnoent1.h"
176 static const char *const signalent1[] = {
177 # include "signalent1.h"
179 static const struct ioctlent ioctlent1[] = {
180 # include "ioctlent1.h"
182 enum { nsyscalls1 = ARRAY_SIZE(sysent1) };
183 enum { nerrnos1 = ARRAY_SIZE(errnoent1) };
184 enum { nsignals1 = ARRAY_SIZE(signalent1) };
185 enum { nioctlents1 = ARRAY_SIZE(ioctlent1) };
186 int qual_flags1[MAX_QUALS];
189 #if SUPPORTED_PERSONALITIES >= 3
190 static const char *const errnoent2[] = {
191 # include "errnoent2.h"
193 static const char *const signalent2[] = {
194 # include "signalent2.h"
196 static const struct ioctlent ioctlent2[] = {
197 # include "ioctlent2.h"
199 enum { nsyscalls2 = ARRAY_SIZE(sysent2) };
200 enum { nerrnos2 = ARRAY_SIZE(errnoent2) };
201 enum { nsignals2 = ARRAY_SIZE(signalent2) };
202 enum { nioctlents2 = ARRAY_SIZE(ioctlent2) };
203 int qual_flags2[MAX_QUALS];
206 const struct sysent *sysent = sysent0;
207 const char *const *errnoent = errnoent0;
208 const char *const *signalent = signalent0;
209 const struct ioctlent *ioctlent = ioctlent0;
210 unsigned nsyscalls = nsyscalls0;
211 unsigned nerrnos = nerrnos0;
212 unsigned nsignals = nsignals0;
213 unsigned nioctlents = nioctlents0;
214 int *qual_flags = qual_flags0;
216 #if SUPPORTED_PERSONALITIES > 1
217 int current_personality;
219 const int personality_wordsize[SUPPORTED_PERSONALITIES] = {
220 PERSONALITY0_WORDSIZE,
221 PERSONALITY1_WORDSIZE,
222 # if SUPPORTED_PERSONALITIES > 2
223 PERSONALITY2_WORDSIZE,
228 set_personality(int personality)
230 switch (personality) {
232 errnoent = errnoent0;
235 nsyscalls = nsyscalls0;
236 ioctlent = ioctlent0;
237 nioctlents = nioctlents0;
238 signalent = signalent0;
239 nsignals = nsignals0;
240 qual_flags = qual_flags0;
244 errnoent = errnoent1;
247 nsyscalls = nsyscalls1;
248 ioctlent = ioctlent1;
249 nioctlents = nioctlents1;
250 signalent = signalent1;
251 nsignals = nsignals1;
252 qual_flags = qual_flags1;
255 # if SUPPORTED_PERSONALITIES >= 3
257 errnoent = errnoent2;
260 nsyscalls = nsyscalls2;
261 ioctlent = ioctlent2;
262 nioctlents = nioctlents2;
263 signalent = signalent2;
264 nsignals = nsignals2;
265 qual_flags = qual_flags2;
270 current_personality = personality;
274 update_personality(struct tcb *tcp, int personality)
276 if (personality == current_personality)
278 set_personality(personality);
280 if (personality == tcp->currpers)
282 tcp->currpers = personality;
284 # if defined(POWERPC64)
286 static const char *const names[] = {"64 bit", "32 bit"};
287 fprintf(stderr, "[ Process PID=%d runs in %s mode. ]\n",
288 tcp->pid, names[personality]);
290 # elif defined(X86_64)
292 static const char *const names[] = {"64 bit", "32 bit", "x32"};
293 fprintf(stderr, "[ Process PID=%d runs in %s mode. ]\n",
294 tcp->pid, names[personality]);
298 static const char *const names[] = {"x32", "32 bit"};
299 fprintf(stderr, "[ Process PID=%d runs in %s mode. ]\n",
300 tcp->pid, names[personality]);
302 # elif defined(AARCH64)
304 static const char *const names[] = {"32-bit", "AArch64"};
305 fprintf(stderr, "[ Process PID=%d runs in %s mode. ]\n",
306 tcp->pid, names[personality]);
310 static const char *const names[] = {"64-bit", "32-bit"};
311 fprintf(stderr, "[ Process PID=%d runs in %s mode. ]\n",
312 tcp->pid, names[personality]);
318 static int qual_syscall(), qual_signal(), qual_fault(), qual_desc();
320 static const struct qual_options {
322 const char *option_name;
323 int (*qualify)(const char *, int, int);
324 const char *argument_name;
326 { QUAL_TRACE, "trace", qual_syscall, "system call" },
327 { QUAL_TRACE, "t", qual_syscall, "system call" },
328 { QUAL_ABBREV, "abbrev", qual_syscall, "system call" },
329 { QUAL_ABBREV, "a", qual_syscall, "system call" },
330 { QUAL_VERBOSE, "verbose", qual_syscall, "system call" },
331 { QUAL_VERBOSE, "v", qual_syscall, "system call" },
332 { QUAL_RAW, "raw", qual_syscall, "system call" },
333 { QUAL_RAW, "x", qual_syscall, "system call" },
334 { QUAL_SIGNAL, "signal", qual_signal, "signal" },
335 { QUAL_SIGNAL, "signals", qual_signal, "signal" },
336 { QUAL_SIGNAL, "s", qual_signal, "signal" },
337 { QUAL_FAULT, "fault", qual_fault, "fault" },
338 { QUAL_FAULT, "faults", qual_fault, "fault" },
339 { QUAL_FAULT, "m", qual_fault, "fault" },
340 { QUAL_READ, "read", qual_desc, "descriptor" },
341 { QUAL_READ, "reads", qual_desc, "descriptor" },
342 { QUAL_READ, "r", qual_desc, "descriptor" },
343 { QUAL_WRITE, "write", qual_desc, "descriptor" },
344 { QUAL_WRITE, "writes", qual_desc, "descriptor" },
345 { QUAL_WRITE, "w", qual_desc, "descriptor" },
346 { 0, NULL, NULL, NULL },
350 qualify_one(int n, int bitflag, int not, int pers)
352 if (pers == 0 || pers < 0) {
354 qual_flags0[n] &= ~bitflag;
356 qual_flags0[n] |= bitflag;
359 #if SUPPORTED_PERSONALITIES >= 2
360 if (pers == 1 || pers < 0) {
362 qual_flags1[n] &= ~bitflag;
364 qual_flags1[n] |= bitflag;
368 #if SUPPORTED_PERSONALITIES >= 3
369 if (pers == 2 || pers < 0) {
371 qual_flags2[n] &= ~bitflag;
373 qual_flags2[n] |= bitflag;
379 qual_syscall(const char *s, int bitflag, int not)
384 if (*s >= '0' && *s <= '9') {
385 int i = string_to_uint(s);
386 if (i < 0 || i >= MAX_QUALS)
388 qualify_one(i, bitflag, not, -1);
391 for (i = 0; i < nsyscalls0; i++)
392 if (sysent0[i].sys_name &&
393 strcmp(s, sysent0[i].sys_name) == 0) {
394 qualify_one(i, bitflag, not, 0);
398 #if SUPPORTED_PERSONALITIES >= 2
399 for (i = 0; i < nsyscalls1; i++)
400 if (sysent1[i].sys_name &&
401 strcmp(s, sysent1[i].sys_name) == 0) {
402 qualify_one(i, bitflag, not, 1);
407 #if SUPPORTED_PERSONALITIES >= 3
408 for (i = 0; i < nsyscalls2; i++)
409 if (sysent2[i].sys_name &&
410 strcmp(s, sysent2[i].sys_name) == 0) {
411 qualify_one(i, bitflag, not, 2);
420 qual_signal(const char *s, int bitflag, int not)
424 if (*s >= '0' && *s <= '9') {
425 int signo = string_to_uint(s);
426 if (signo < 0 || signo >= MAX_QUALS)
428 qualify_one(signo, bitflag, not, -1);
431 if (strncasecmp(s, "SIG", 3) == 0)
433 for (i = 0; i <= NSIG; i++) {
434 if (strcasecmp(s, signame(i) + 3) == 0) {
435 qualify_one(i, bitflag, not, -1);
443 qual_fault(const char *s, int bitflag, int not)
449 qual_desc(const char *s, int bitflag, int not)
451 if (*s >= '0' && *s <= '9') {
452 int desc = string_to_uint(s);
453 if (desc < 0 || desc >= MAX_QUALS)
455 qualify_one(desc, bitflag, not, -1);
462 lookup_class(const char *s)
464 if (strcmp(s, "file") == 0)
466 if (strcmp(s, "ipc") == 0)
468 if (strcmp(s, "network") == 0)
469 return TRACE_NETWORK;
470 if (strcmp(s, "process") == 0)
471 return TRACE_PROCESS;
472 if (strcmp(s, "signal") == 0)
474 if (strcmp(s, "desc") == 0)
476 if (strcmp(s, "memory") == 0)
482 qualify(const char *s)
484 const struct qual_options *opt;
490 opt = &qual_options[0];
491 for (i = 0; (p = qual_options[i].option_name); i++) {
493 if (strncmp(s, p, n) == 0 && s[n] == '=') {
494 opt = &qual_options[i];
504 if (strcmp(s, "none") == 0) {
508 if (strcmp(s, "all") == 0) {
509 for (i = 0; i < MAX_QUALS; i++) {
510 qualify_one(i, opt->bitflag, not, -1);
514 for (i = 0; i < MAX_QUALS; i++) {
515 qualify_one(i, opt->bitflag, !not, -1);
520 for (p = strtok(copy, ","); p; p = strtok(NULL, ",")) {
521 if (opt->bitflag == QUAL_TRACE && (n = lookup_class(p)) > 0) {
522 for (i = 0; i < nsyscalls0; i++)
523 if (sysent0[i].sys_flags & n)
524 qualify_one(i, opt->bitflag, not, 0);
526 #if SUPPORTED_PERSONALITIES >= 2
527 for (i = 0; i < nsyscalls1; i++)
528 if (sysent1[i].sys_flags & n)
529 qualify_one(i, opt->bitflag, not, 1);
532 #if SUPPORTED_PERSONALITIES >= 3
533 for (i = 0; i < nsyscalls2; i++)
534 if (sysent2[i].sys_flags & n)
535 qualify_one(i, opt->bitflag, not, 2);
540 if (opt->qualify(p, opt->bitflag, not)) {
541 error_msg_and_die("invalid %s '%s'",
542 opt->argument_name, p);
549 #ifdef SYS_socket_subcall
551 decode_socket_subcall(struct tcb *tcp)
554 unsigned int i, size;
556 if (tcp->u_arg[0] < 0 || tcp->u_arg[0] >= SYS_socket_nsubcalls)
559 tcp->scno = SYS_socket_subcall + tcp->u_arg[0];
560 addr = tcp->u_arg[1];
561 tcp->u_nargs = sysent[tcp->scno].nargs;
562 size = current_wordsize;
563 for (i = 0; i < tcp->u_nargs; ++i) {
564 if (size == sizeof(int)) {
566 if (umove(tcp, addr, &arg) < 0)
572 if (umove(tcp, addr, &arg) < 0)
581 #ifdef SYS_ipc_subcall
583 decode_ipc_subcall(struct tcb *tcp)
587 if (tcp->u_arg[0] < 0 || tcp->u_arg[0] >= SYS_ipc_nsubcalls)
590 tcp->scno = SYS_ipc_subcall + tcp->u_arg[0];
591 tcp->u_nargs = sysent[tcp->scno].nargs;
592 for (i = 0; i < tcp->u_nargs; i++)
593 tcp->u_arg[i] = tcp->u_arg[i + 1];
598 printargs(struct tcb *tcp)
603 for (i = 0; i < tcp->u_nargs; i++)
604 tprintf("%s%#lx", i ? ", " : "", tcp->u_arg[i]);
610 printargs_lu(struct tcb *tcp)
615 for (i = 0; i < tcp->u_nargs; i++)
616 tprintf("%s%lu", i ? ", " : "", tcp->u_arg[i]);
622 printargs_ld(struct tcb *tcp)
627 for (i = 0; i < tcp->u_nargs; i++)
628 tprintf("%s%ld", i ? ", " : "", tcp->u_arg[i]);
633 #if defined(SPARC) || defined(SPARC64) || defined(IA64) || defined(SH)
635 getrval2(struct tcb *tcp)
639 # if defined(SPARC) || defined(SPARC64)
640 val = regs.u_regs[U_REG_O1];
642 if (upeek(tcp, 4*(REG_REG0+1), &val) < 0)
645 if (upeek(tcp, PT_R9, &val) < 0)
654 is_restart_error(struct tcb *tcp)
656 switch (tcp->u_error) {
660 case ERESTART_RESTARTBLOCK:
669 struct pt_regs i386_regs;
670 #elif defined(X86_64) || defined(X32)
672 * On i386, pt_regs and user_regs_struct are the same,
673 * but on 64 bit x86, user_regs_struct has six more fields:
674 * fs_base, gs_base, ds, es, fs, gs.
675 * PTRACE_GETREGS fills them too, so struct pt_regs would overflow.
677 struct i386_user_regs_struct {
697 struct user_regs_struct x86_64_r;
698 struct i386_user_regs_struct i386_r;
700 # define x86_64_regs x86_regs_union.x86_64_r
701 # define i386_regs x86_regs_union.i386_r
702 static struct iovec x86_io = {
703 .iov_base = &x86_regs_union
706 long ia32 = 0; /* not static */
707 static long ia64_r8, ia64_r10;
708 #elif defined(POWERPC)
709 static long ppc_result;
715 struct pt_regs arm_regs; /* not static */
716 #elif defined(AARCH64)
718 struct user_pt_regs aarch64_r;
719 struct arm_pt_regs arm_r;
721 # define aarch64_regs arm_regs_union.aarch64_r
722 # define arm_regs arm_regs_union.arm_r
723 static struct iovec aarch64_io = {
724 .iov_base = &arm_regs_union
727 static long alpha_r0;
728 static long alpha_a3;
730 static struct pt_regs regs;
731 #elif defined(SPARC) || defined(SPARC64)
732 struct pt_regs regs; /* not static */
733 #elif defined(LINUX_MIPSN32)
734 static long long mips_a3;
735 static long long mips_r2;
739 #elif defined(S390) || defined(S390X)
741 static long syscall_mode;
743 static long hppa_r28;
748 #elif defined(CRISV10) || defined(CRISV32)
749 static long cris_r10;
751 struct pt_regs tile_regs;
752 #elif defined(MICROBLAZE)
753 static long microblaze_r3;
755 static struct user_regs_struct or1k_regs;
756 static struct iovec or1k_io = {
757 .iov_base = &or1k_regs
762 printcall(struct tcb *tcp)
764 #define PRINTBADPC tprintf(sizeof(long) == 4 ? "[????????] " : \
765 sizeof(long) == 8 ? "[????????????????] " : \
767 if (get_regs_error) {
772 tprintf("[%08lx] ", i386_regs.eip);
773 #elif defined(S390) || defined(S390X)
775 if (upeek(tcp, PT_PSWADDR, &psw) < 0) {
780 tprintf("[%08lx] ", psw);
782 tprintf("[%016lx] ", psw);
784 #elif defined(X86_64) || defined(X32)
785 if (x86_io.iov_len == sizeof(i386_regs)) {
786 tprintf("[%08x] ", (unsigned) i386_regs.eip);
789 tprintf("[%016lx] ", (unsigned long) x86_64_regs.rip);
791 /* Note: this truncates 64-bit rip to 32 bits */
792 tprintf("[%08lx] ", (unsigned long) x86_64_regs.rip);
798 if (upeek(tcp, PT_B0, &ip) < 0) {
802 tprintf("[%08lx] ", ip);
803 #elif defined(POWERPC)
806 if (upeek(tcp, sizeof(unsigned long)*PT_NIP, &pc) < 0) {
811 tprintf("[%016lx] ", pc);
813 tprintf("[%08lx] ", pc);
818 if (upeek(tcp, 4*PT_PC, &pc) < 0) {
819 tprints("[????????] ");
822 tprintf("[%08lx] ", pc);
826 if (upeek(tcp, REG_PC, &pc) < 0) {
827 tprints("[????????????????] ");
830 tprintf("[%08lx] ", pc);
832 tprintf("[%08lx] ", regs.pc);
833 #elif defined(SPARC64)
834 tprintf("[%08lx] ", regs.tpc);
838 if (upeek(tcp, PT_IAOQ0, &pc) < 0) {
839 tprints("[????????] ");
842 tprintf("[%08lx] ", pc);
846 if (upeek(tcp, REG_EPC, &pc) < 0) {
847 tprints("[????????] ");
850 tprintf("[%08lx] ", pc);
854 if (upeek(tcp, 4*REG_PC, &pc) < 0) {
855 tprints("[????????] ");
858 tprintf("[%08lx] ", pc);
862 if (upeek(tcp, REG_PC, &pc) < 0) {
863 tprints("[????????????????] ");
866 tprintf("[%08lx] ", pc);
868 tprintf("[%08lx] ", arm_regs.ARM_pc);
869 #elif defined(AARCH64)
870 /* tprintf("[%016lx] ", aarch64_regs.regs[???]); */
872 tprintf("[%08lx] ", regs.pc);
876 if (upeek(tcp, PT_PC, &pc) < 0) {
880 tprintf("[%08lx] ", pc);
881 #elif defined(CRISV10)
884 if (upeek(tcp, 4*PT_IRP, &pc) < 0) {
888 tprintf("[%08lx] ", pc);
889 #elif defined(CRISV32)
892 if (upeek(tcp, 4*PT_ERP, &pc) < 0) {
896 tprintf("[%08lx] ", pc);
899 tprintf("[%016lx] ", (unsigned long) tile_regs.pc);
901 tprintf("[%08lx] ", (unsigned long) tile_regs.pc);
904 tprintf("[%08lx] ", or1k_regs.pc);
905 #endif /* architecture */
910 void get_regs(pid_t pid)
913 get_regs_error = ptrace(PTRACE_GETREGS, pid, NULL, ®s);
915 get_regs_error = ptrace(PTRACE_GETREGS, pid, NULL, (long) &i386_regs);
916 # elif defined(X86_64) || defined(X32)
918 * PTRACE_GETREGSET was introduced in 2.6.33.
919 * Let's be paranoid and require a bit later kernel.
921 if (os_release >= KERNEL_VERSION(2,6,35)) {
922 /*x86_io.iov_base = &x86_regs_union; - already is */
923 x86_io.iov_len = sizeof(x86_regs_union);
924 get_regs_error = ptrace(PTRACE_GETREGSET, pid, NT_PRSTATUS, (long) &x86_io);
926 /* Use old method, with heuristical detection of 32-bitness */
927 x86_io.iov_len = sizeof(x86_64_regs);
928 get_regs_error = ptrace(PTRACE_GETREGS, pid, NULL, (long) &x86_64_regs);
929 if (!get_regs_error && x86_64_regs.cs == 0x23) {
930 x86_io.iov_len = sizeof(i386_regs);
932 * The order is important: i386_regs and x86_64_regs
933 * are overlaid in memory!
935 i386_regs.ebx = x86_64_regs.rbx;
936 i386_regs.ecx = x86_64_regs.rcx;
937 i386_regs.edx = x86_64_regs.rdx;
938 i386_regs.esi = x86_64_regs.rsi;
939 i386_regs.edi = x86_64_regs.rdi;
940 i386_regs.ebp = x86_64_regs.rbp;
941 i386_regs.eax = x86_64_regs.rax;
942 /*i386_regs.xds = x86_64_regs.ds; unused by strace */
943 /*i386_regs.xes = x86_64_regs.es; ditto... */
944 /*i386_regs.xfs = x86_64_regs.fs;*/
945 /*i386_regs.xgs = x86_64_regs.gs;*/
946 i386_regs.orig_eax = x86_64_regs.orig_rax;
947 i386_regs.eip = x86_64_regs.rip;
948 /*i386_regs.xcs = x86_64_regs.cs;*/
949 /*i386_regs.eflags = x86_64_regs.eflags;*/
950 i386_regs.esp = x86_64_regs.rsp;
951 /*i386_regs.xss = x86_64_regs.ss;*/
955 get_regs_error = ptrace(PTRACE_GETREGS, pid, NULL, (void *)&arm_regs);
956 # elif defined(AARCH64)
957 /*aarch64_io.iov_base = &arm_regs_union; - already is */
958 aarch64_io.iov_len = sizeof(arm_regs_union);
959 get_regs_error = ptrace(PTRACE_GETREGSET, pid, NT_PRSTATUS, (void *)&aarch64_io);
961 /* Paranoia checks */
964 switch (aarch64_io.iov_len) {
965 case sizeof(aarch64_regs):
966 /* We are in 64-bit mode */
968 case sizeof(arm_regs):
969 /* We are in 32-bit mode */
976 # elif defined(SPARC) || defined(SPARC64)
977 get_regs_error = ptrace(PTRACE_GETREGS, pid, (char *)®s, 0);
979 get_regs_error = ptrace(PTRACE_GETREGS, pid, NULL, (long) &tile_regs);
981 or1k_io.iov_len = sizeof(or1k_regs);
982 get_regs_error = ptrace(PTRACE_GETREGSET, pid, NT_PRSTATUS, &or1k_io);
988 * 0: "ignore this ptrace stop", bail out of trace_syscall_entering() silently.
989 * 1: ok, continue in trace_syscall_entering().
990 * other: error, trace_syscall_entering() should print error indicator
991 * ("????" etc) and bail out.
994 get_scno(struct tcb *tcp)
998 #if defined(S390) || defined(S390X)
999 if (upeek(tcp, PT_GPR2, &syscall_mode) < 0)
1002 if (syscall_mode != -ENOSYS) {
1004 * Since kernel version 2.5.44 the scno gets passed in gpr2.
1006 scno = syscall_mode;
1009 * Old style of "passing" the scno via the SVC instruction.
1012 long opcode, offset_reg, tmp;
1014 static const int gpr_offset[16] = {
1015 PT_GPR0, PT_GPR1, PT_ORIGGPR2, PT_GPR3,
1016 PT_GPR4, PT_GPR5, PT_GPR6, PT_GPR7,
1017 PT_GPR8, PT_GPR9, PT_GPR10, PT_GPR11,
1018 PT_GPR12, PT_GPR13, PT_GPR14, PT_GPR15
1021 if (upeek(tcp, PT_PSWADDR, &psw) < 0)
1024 opcode = ptrace(PTRACE_PEEKTEXT, tcp->pid, (char *)(psw - sizeof(long)), 0);
1026 perror_msg("%s", "peektext(psw-oneword)");
1031 * We have to check if the SVC got executed directly or via an
1032 * EXECUTE instruction. In case of EXECUTE it is necessary to do
1033 * instruction decoding to derive the system call number.
1034 * Unfortunately the opcode sizes of EXECUTE and SVC are differently,
1035 * so that this doesn't work if a SVC opcode is part of an EXECUTE
1036 * opcode. Since there is no way to find out the opcode size this
1037 * is the best we can do...
1039 if ((opcode & 0xff00) == 0x0a00) {
1041 scno = opcode & 0xff;
1044 /* SVC got executed by EXECUTE instruction */
1047 * Do instruction decoding of EXECUTE. If you really want to
1048 * understand this, read the Principles of Operations.
1050 svc_addr = (void *) (opcode & 0xfff);
1053 offset_reg = (opcode & 0x000f0000) >> 16;
1054 if (offset_reg && (upeek(tcp, gpr_offset[offset_reg], &tmp) < 0))
1059 offset_reg = (opcode & 0x0000f000) >> 12;
1060 if (offset_reg && (upeek(tcp, gpr_offset[offset_reg], &tmp) < 0))
1064 scno = ptrace(PTRACE_PEEKTEXT, tcp->pid, svc_addr, 0);
1073 offset_reg = (opcode & 0x00f00000) >> 20;
1074 if (offset_reg && (upeek(tcp, gpr_offset[offset_reg], &tmp) < 0))
1077 scno = (scno | tmp) & 0xff;
1080 #elif defined(POWERPC)
1081 if (upeek(tcp, sizeof(unsigned long)*PT_R0, &scno) < 0)
1084 /* TODO: speed up strace by not doing this at every syscall.
1085 * We only need to do it after execve.
1090 /* Check for 64/32 bit mode. */
1091 if (upeek(tcp, sizeof(unsigned long)*PT_MSR, &val) < 0)
1093 /* SF is bit 0 of MSR */
1098 update_personality(tcp, currpers);
1100 #elif defined(AVR32)
1103 if (upeek(tcp, PT_ORIG_P0, &scno))
1106 scno = i386_regs.orig_eax;
1107 #elif defined(X86_64) || defined(X32)
1108 # ifndef __X32_SYSCALL_BIT
1109 # define __X32_SYSCALL_BIT 0x40000000
1113 /* GETREGSET of NT_PRSTATUS tells us regset size,
1114 * which unambiguously detects i386.
1116 * Linux kernel distinguishes x86-64 and x32 processes
1117 * solely by looking at __X32_SYSCALL_BIT:
1118 * arch/x86/include/asm/compat.h::is_x32_task():
1119 * if (task_pt_regs(current)->orig_ax & __X32_SYSCALL_BIT)
1122 if (x86_io.iov_len == sizeof(i386_regs)) {
1123 scno = i386_regs.orig_eax;
1126 scno = x86_64_regs.orig_rax;
1128 if (scno & __X32_SYSCALL_BIT) {
1129 scno -= __X32_SYSCALL_BIT;
1134 /* cs = 0x33 for long mode (native 64 bit and x32)
1135 * cs = 0x23 for compatibility mode (32 bit)
1136 * ds = 0x2b for x32 mode (x86-64 in 32 bit)
1138 scno = x86_64_regs.orig_rax;
1139 switch (x86_64_regs.cs) {
1140 case 0x23: currpers = 1; break;
1142 if (x86_64_regs.ds == 0x2b) {
1144 scno &= ~__X32_SYSCALL_BIT;
1149 fprintf(stderr, "Unknown value CS=0x%08X while "
1150 "detecting personality of process "
1151 "PID=%d\n", (int)x86_64_regs.cs, tcp->pid);
1152 currpers = current_personality;
1156 /* This version analyzes the opcode of a syscall instruction.
1157 * (int 0x80 on i386 vs. syscall on x86-64)
1158 * It works, but is too complicated, and strictly speaking, unreliable.
1160 unsigned long call, rip = x86_64_regs.rip;
1161 /* sizeof(syscall) == sizeof(int 0x80) == 2 */
1164 call = ptrace(PTRACE_PEEKTEXT, tcp->pid, (char *)rip, (char *)0);
1166 fprintf(stderr, "ptrace_peektext failed: %s\n",
1168 switch (call & 0xffff) {
1169 /* x86-64: syscall = 0x0f 0x05 */
1170 case 0x050f: currpers = 0; break;
1171 /* i386: int 0x80 = 0xcd 0x80 */
1172 case 0x80cd: currpers = 1; break;
1174 currpers = current_personality;
1176 "Unknown syscall opcode (0x%04X) while "
1177 "detecting personality of process "
1178 "PID=%d\n", (int)call, tcp->pid);
1184 /* If we are built for a x32 system, then personality 0 is x32
1185 * (not x86_64), and stracing of x86_64 apps is not supported.
1186 * Stracing of i386 apps is still supported.
1188 if (currpers == 0) {
1189 fprintf(stderr, "syscall_%lu(...) in unsupported "
1190 "64-bit mode of process PID=%d\n",
1194 currpers &= ~2; /* map 2,1 to 0,1 */
1196 update_personality(tcp, currpers);
1198 # define IA64_PSR_IS ((long)1 << 34)
1200 if (upeek(tcp, PT_CR_IPSR, &psr) >= 0)
1201 ia32 = (psr & IA64_PSR_IS) != 0;
1203 if (upeek(tcp, PT_R1, &scno) < 0)
1206 if (upeek(tcp, PT_R15, &scno) < 0)
1209 #elif defined(AARCH64)
1210 switch (aarch64_io.iov_len) {
1211 case sizeof(aarch64_regs):
1212 /* We are in 64-bit mode */
1213 scno = aarch64_regs.regs[8];
1214 update_personality(tcp, 1);
1216 case sizeof(arm_regs):
1217 /* We are in 32-bit mode */
1218 scno = arm_regs.ARM_r7;
1219 update_personality(tcp, 0);
1224 * We only need to grab the syscall number on syscall entry.
1226 if (arm_regs.ARM_ip == 0) {
1228 * Note: we only deal with 32-bit CPUs here
1230 if (arm_regs.ARM_cpsr & 0x20) {
1232 * Get the Thumb-mode system call number
1234 scno = arm_regs.ARM_r7;
1237 * Get the ARM-mode system call number
1240 scno = ptrace(PTRACE_PEEKTEXT, tcp->pid, (void *)(arm_regs.ARM_pc - 4), NULL);
1244 /* Handle the EABI syscall convention. We do not
1245 bother converting structures between the two
1246 ABIs, but basic functionality should work even
1247 if strace and the traced program have different
1249 if (scno == 0xef000000) {
1250 scno = arm_regs.ARM_r7;
1252 if ((scno & 0x0ff00000) != 0x0f900000) {
1253 fprintf(stderr, "syscall: unknown syscall trap 0x%08lx\n",
1259 * Fixup the syscall number
1264 if (scno & 0x0f0000) {
1266 * Handle ARM specific syscall
1268 update_personality(tcp, 1);
1271 update_personality(tcp, 0);
1274 fprintf(stderr, "pid %d stray syscall entry\n", tcp->pid);
1275 tcp->flags |= TCB_INSYSCALL;
1278 if (upeek(tcp, 4*PT_ORIG_D0, &scno) < 0)
1280 #elif defined(LINUX_MIPSN32)
1281 unsigned long long regs[38];
1283 if (ptrace(PTRACE_GETREGS, tcp->pid, NULL, (long) ®s) < 0)
1285 mips_a3 = regs[REG_A3];
1286 mips_r2 = regs[REG_V0];
1289 if (!SCNO_IN_RANGE(scno)) {
1290 if (mips_a3 == 0 || mips_a3 == -1) {
1292 fprintf(stderr, "stray syscall exit: v0 = %ld\n", scno);
1297 if (upeek(tcp, REG_A3, &mips_a3) < 0)
1299 if (upeek(tcp, REG_V0, &scno) < 0)
1302 if (!SCNO_IN_RANGE(scno)) {
1303 if (mips_a3 == 0 || mips_a3 == -1) {
1305 fprintf(stderr, "stray syscall exit: v0 = %ld\n", scno);
1309 #elif defined(ALPHA)
1310 if (upeek(tcp, REG_A3, &alpha_a3) < 0)
1312 if (upeek(tcp, REG_R0, &scno) < 0)
1316 * Do some sanity checks to figure out if it's
1317 * really a syscall entry
1319 if (!SCNO_IN_RANGE(scno)) {
1320 if (alpha_a3 == 0 || alpha_a3 == -1) {
1322 fprintf(stderr, "stray syscall exit: r0 = %ld\n", scno);
1326 #elif defined(SPARC) || defined(SPARC64)
1327 /* Disassemble the syscall trap. */
1328 /* Retrieve the syscall trap instruction. */
1331 # if defined(SPARC64)
1332 trap = ptrace(PTRACE_PEEKTEXT, tcp->pid, (char *)regs.tpc, 0);
1335 trap = ptrace(PTRACE_PEEKTEXT, tcp->pid, (char *)regs.pc, 0);
1340 /* Disassemble the trap to see what personality to use. */
1343 /* Linux/SPARC syscall trap. */
1344 update_personality(tcp, 0);
1347 /* Linux/SPARC64 syscall trap. */
1348 update_personality(tcp, 2);
1351 /* SunOS syscall trap. (pers 1) */
1352 fprintf(stderr, "syscall: SunOS no support\n");
1355 /* Solaris 2.x syscall trap. (per 2) */
1356 update_personality(tcp, 1);
1359 /* NetBSD/FreeBSD syscall trap. */
1360 fprintf(stderr, "syscall: NetBSD/FreeBSD not supported\n");
1363 /* Solaris 2.x gettimeofday */
1364 update_personality(tcp, 1);
1367 # if defined(SPARC64)
1368 fprintf(stderr, "syscall: unknown syscall trap %08lx %016lx\n", trap, regs.tpc);
1370 fprintf(stderr, "syscall: unknown syscall trap %08lx %08lx\n", trap, regs.pc);
1375 /* Extract the system call number from the registers. */
1376 if (trap == 0x91d02027)
1379 scno = regs.u_regs[U_REG_G1];
1381 scno = regs.u_regs[U_REG_O0];
1382 memmove(®s.u_regs[U_REG_O0], ®s.u_regs[U_REG_O1], 7*sizeof(regs.u_regs[0]));
1385 if (upeek(tcp, PT_GR20, &scno) < 0)
1389 * In the new syscall ABI, the system call number is in R3.
1391 if (upeek(tcp, 4*(REG_REG0+3), &scno) < 0)
1395 /* Odd as it may seem, a glibc bug has been known to cause
1396 glibc to issue bogus negative syscall numbers. So for
1397 our purposes, make strace print what it *should* have been */
1398 long correct_scno = (scno & 0xff);
1401 "Detected glibc bug: bogus system call"
1402 " number = %ld, correcting to %ld\n",
1405 scno = correct_scno;
1408 if (upeek(tcp, REG_SYSCALL, &scno) < 0)
1411 #elif defined(CRISV10) || defined(CRISV32)
1412 if (upeek(tcp, 4*PT_R9, &scno) < 0)
1416 scno = tile_regs.regs[10];
1420 # ifndef PT_FLAGS_COMPAT
1421 # define PT_FLAGS_COMPAT 0x10000 /* from Linux 3.8 on */
1423 if (tile_regs.flags & PT_FLAGS_COMPAT)
1428 update_personality(tcp, currpers);
1430 if (!(tcp->flags & TCB_INSYSCALL)) {
1431 /* Check if we return from execve. */
1432 if (tcp->flags & TCB_WAITEXECVE) {
1433 tcp->flags &= ~TCB_WAITEXECVE;
1437 #elif defined(MICROBLAZE)
1438 if (upeek(tcp, 0, &scno) < 0)
1441 scno = or1k_regs.gpr[11];
1448 /* Called at each syscall entry.
1450 * 0: "ignore this ptrace stop", bail out of trace_syscall_entering() silently.
1451 * 1: ok, continue in trace_syscall_entering().
1452 * other: error, trace_syscall_entering() should print error indicator
1453 * ("????" etc) and bail out.
1456 syscall_fixup_on_sysenter(struct tcb *tcp)
1458 /* A common case of "not a syscall entry" is post-execve SIGTRAP */
1460 if (i386_regs.eax != -ENOSYS) {
1462 fprintf(stderr, "not a syscall entry (eax = %ld)\n", i386_regs.eax);
1465 #elif defined(X86_64) || defined(X32)
1468 if (x86_io.iov_len == sizeof(i386_regs)) {
1469 /* Sign extend from 32 bits */
1470 rax = (int32_t)i386_regs.eax;
1472 /* Note: in X32 build, this truncates 64 to 32 bits */
1473 rax = x86_64_regs.rax;
1475 if (rax != -ENOSYS) {
1477 fprintf(stderr, "not a syscall entry (rax = %ld)\n", rax);
1481 #elif defined(S390) || defined(S390X)
1482 /* TODO: we already fetched PT_GPR2 in get_scno
1483 * and stored it in syscall_mode, reuse it here
1484 * instead of re-fetching?
1486 if (upeek(tcp, PT_GPR2, &gpr2) < 0)
1488 if (syscall_mode != -ENOSYS)
1489 syscall_mode = tcp->scno;
1490 if (gpr2 != syscall_mode) {
1492 fprintf(stderr, "not a syscall entry (gpr2 = %ld)\n", gpr2);
1496 /* TODO? Eliminate upeek's in arches below like we did in x86 */
1497 if (upeek(tcp, 4*PT_D0, &m68k_d0) < 0)
1499 if (m68k_d0 != -ENOSYS) {
1501 fprintf(stderr, "not a syscall entry (d0 = %ld)\n", m68k_d0);
1505 if (upeek(tcp, PT_R10, &ia64_r10) < 0)
1507 if (upeek(tcp, PT_R8, &ia64_r8) < 0)
1509 if (ia32 && ia64_r8 != -ENOSYS) {
1511 fprintf(stderr, "not a syscall entry (r8 = %ld)\n", ia64_r8);
1514 #elif defined(CRISV10) || defined(CRISV32)
1515 if (upeek(tcp, 4*PT_R10, &cris_r10) < 0)
1517 if (cris_r10 != -ENOSYS) {
1519 fprintf(stderr, "not a syscall entry (r10 = %ld)\n", cris_r10);
1522 #elif defined(MICROBLAZE)
1523 if (upeek(tcp, 3 * 4, µblaze_r3) < 0)
1525 if (microblaze_r3 != -ENOSYS) {
1527 fprintf(stderr, "not a syscall entry (r3 = %ld)\n", microblaze_r3);
1535 internal_fork(struct tcb *tcp)
1537 #if defined S390 || defined S390X || defined CRISV10 || defined CRISV32
1538 # define ARG_FLAGS 1
1540 # define ARG_FLAGS 0
1542 #ifndef CLONE_UNTRACED
1543 # define CLONE_UNTRACED 0x00800000
1545 if ((ptrace_setoptions
1546 & (PTRACE_O_TRACECLONE | PTRACE_O_TRACEFORK | PTRACE_O_TRACEVFORK))
1547 == (PTRACE_O_TRACECLONE | PTRACE_O_TRACEFORK | PTRACE_O_TRACEVFORK))
1553 if (entering(tcp)) {
1555 * We won't see the new child if clone is called with
1556 * CLONE_UNTRACED, so we keep the same logic with that option
1557 * and don't trace it.
1559 if ((sysent[tcp->scno].sys_func == sys_clone) &&
1560 (tcp->u_arg[ARG_FLAGS] & CLONE_UNTRACED))
1564 if (tcp->flags & TCB_BPTSET)
1569 #if defined(TCB_WAITEXECVE)
1571 internal_exec(struct tcb *tcp)
1573 /* Maybe we have post-execve SIGTRAP suppressed? */
1574 if (ptrace_setoptions & PTRACE_O_TRACEEXEC)
1575 return; /* yes, no need to do anything */
1577 if (exiting(tcp) && syserror(tcp))
1578 /* Error in execve, no post-execve SIGTRAP expected */
1579 tcp->flags &= ~TCB_WAITEXECVE;
1581 tcp->flags |= TCB_WAITEXECVE;
1586 syscall_fixup_for_fork_exec(struct tcb *tcp)
1589 * We must always trace a few critical system calls in order to
1590 * correctly support following forks in the presence of tracing
1595 if (!SCNO_IN_RANGE(tcp->scno))
1598 func = sysent[tcp->scno].sys_func;
1600 if ( sys_fork == func
1601 || sys_vfork == func
1602 || sys_clone == func
1608 #if defined(TCB_WAITEXECVE)
1609 if ( sys_execve == func
1610 # if defined(SPARC) || defined(SPARC64)
1611 || sys_execv == func
1620 /* Return -1 on error or 1 on success (never 0!) */
1622 get_syscall_args(struct tcb *tcp)
1626 if (SCNO_IN_RANGE(tcp->scno))
1627 nargs = tcp->u_nargs = sysent[tcp->scno].nargs;
1629 nargs = tcp->u_nargs = MAX_ARGS;
1631 #if defined(S390) || defined(S390X)
1632 for (i = 0; i < nargs; ++i)
1633 if (upeek(tcp, i==0 ? PT_ORIGGPR2 : PT_GPR2 + i*sizeof(long), &tcp->u_arg[i]) < 0)
1635 #elif defined(ALPHA)
1636 for (i = 0; i < nargs; ++i)
1637 if (upeek(tcp, REG_A0+i, &tcp->u_arg[i]) < 0)
1641 unsigned long *out0, cfm, sof, sol;
1643 /* be backwards compatible with kernel < 2.4.4... */
1645 # define PT_RBS_END PT_AR_BSP
1648 if (upeek(tcp, PT_RBS_END, &rbs_end) < 0)
1650 if (upeek(tcp, PT_CFM, (long *) &cfm) < 0)
1653 sof = (cfm >> 0) & 0x7f;
1654 sol = (cfm >> 7) & 0x7f;
1655 out0 = ia64_rse_skip_regs((unsigned long *) rbs_end, -sof + sol);
1657 for (i = 0; i < nargs; ++i) {
1658 if (umoven(tcp, (unsigned long) ia64_rse_skip_regs(out0, i),
1659 sizeof(long), (char *) &tcp->u_arg[i]) < 0)
1663 static const int argreg[MAX_ARGS] = { PT_R11 /* EBX = out0 */,
1664 PT_R9 /* ECX = out1 */,
1665 PT_R10 /* EDX = out2 */,
1666 PT_R14 /* ESI = out3 */,
1667 PT_R15 /* EDI = out4 */,
1668 PT_R13 /* EBP = out5 */};
1670 for (i = 0; i < nargs; ++i) {
1671 if (upeek(tcp, argreg[i], &tcp->u_arg[i]) < 0)
1673 /* truncate away IVE sign-extension */
1674 tcp->u_arg[i] &= 0xffffffff;
1677 #elif defined(LINUX_MIPSN32) || defined(LINUX_MIPSN64)
1678 /* N32 and N64 both use up to six registers. */
1679 unsigned long long regs[38];
1681 if (ptrace(PTRACE_GETREGS, tcp->pid, NULL, (long) ®s) < 0)
1684 for (i = 0; i < nargs; ++i) {
1685 tcp->u_arg[i] = regs[REG_A0 + i];
1686 # if defined(LINUX_MIPSN32)
1687 tcp->ext_arg[i] = regs[REG_A0 + i];
1694 if (upeek(tcp, REG_SP, &sp) < 0)
1696 for (i = 0; i < 4; ++i)
1697 if (upeek(tcp, REG_A0 + i, &tcp->u_arg[i]) < 0)
1699 umoven(tcp, sp + 16, (nargs - 4) * sizeof(tcp->u_arg[0]),
1700 (char *)(tcp->u_arg + 4));
1702 for (i = 0; i < nargs; ++i)
1703 if (upeek(tcp, REG_A0 + i, &tcp->u_arg[i]) < 0)
1706 #elif defined(POWERPC)
1708 # define PT_ORIG_R3 34
1710 for (i = 0; i < nargs; ++i) {
1711 if (upeek(tcp, (i==0) ?
1712 (sizeof(unsigned long) * PT_ORIG_R3) :
1713 ((i+PT_R3) * sizeof(unsigned long)),
1714 &tcp->u_arg[i]) < 0)
1717 #elif defined(SPARC) || defined(SPARC64)
1718 for (i = 0; i < nargs; ++i)
1719 tcp->u_arg[i] = regs.u_regs[U_REG_O0 + i];
1721 for (i = 0; i < nargs; ++i)
1722 if (upeek(tcp, PT_GR26-4*i, &tcp->u_arg[i]) < 0)
1724 #elif defined(ARM) || defined(AARCH64)
1725 # if defined(AARCH64)
1726 if (tcp->currpers == 1)
1727 for (i = 0; i < nargs; ++i)
1728 tcp->u_arg[i] = aarch64_regs.regs[i];
1731 for (i = 0; i < nargs; ++i)
1732 tcp->u_arg[i] = arm_regs.uregs[i];
1733 #elif defined(AVR32)
1736 tcp->u_arg[0] = regs.r12;
1737 tcp->u_arg[1] = regs.r11;
1738 tcp->u_arg[2] = regs.r10;
1739 tcp->u_arg[3] = regs.r9;
1740 tcp->u_arg[4] = regs.r5;
1741 tcp->u_arg[5] = regs.r3;
1743 static const int argreg[MAX_ARGS] = { PT_R0, PT_R1, PT_R2, PT_R3, PT_R4, PT_R5 };
1745 for (i = 0; i < nargs; ++i)
1746 if (upeek(tcp, argreg[i], &tcp->u_arg[i]) < 0)
1749 static const int syscall_regs[MAX_ARGS] = {
1750 4 * (REG_REG0+4), 4 * (REG_REG0+5), 4 * (REG_REG0+6),
1751 4 * (REG_REG0+7), 4 * (REG_REG0 ), 4 * (REG_REG0+1)
1754 for (i = 0; i < nargs; ++i)
1755 if (upeek(tcp, syscall_regs[i], &tcp->u_arg[i]) < 0)
1759 /* Registers used by SH5 Linux system calls for parameters */
1760 static const int syscall_regs[MAX_ARGS] = { 2, 3, 4, 5, 6, 7 };
1762 for (i = 0; i < nargs; ++i)
1763 if (upeek(tcp, REG_GENERAL(syscall_regs[i]), &tcp->u_arg[i]) < 0)
1765 #elif defined(X86_64) || defined(X32)
1768 if (x86_io.iov_len != sizeof(i386_regs)) {
1769 /* x86-64 or x32 ABI */
1770 tcp->u_arg[0] = x86_64_regs.rdi;
1771 tcp->u_arg[1] = x86_64_regs.rsi;
1772 tcp->u_arg[2] = x86_64_regs.rdx;
1773 tcp->u_arg[3] = x86_64_regs.r10;
1774 tcp->u_arg[4] = x86_64_regs.r8;
1775 tcp->u_arg[5] = x86_64_regs.r9;
1777 tcp->ext_arg[0] = x86_64_regs.rdi;
1778 tcp->ext_arg[1] = x86_64_regs.rsi;
1779 tcp->ext_arg[2] = x86_64_regs.rdx;
1780 tcp->ext_arg[3] = x86_64_regs.r10;
1781 tcp->ext_arg[4] = x86_64_regs.r8;
1782 tcp->ext_arg[5] = x86_64_regs.r9;
1786 /* Sign-extend from 32 bits */
1787 tcp->u_arg[0] = (long)(int32_t)i386_regs.ebx;
1788 tcp->u_arg[1] = (long)(int32_t)i386_regs.ecx;
1789 tcp->u_arg[2] = (long)(int32_t)i386_regs.edx;
1790 tcp->u_arg[3] = (long)(int32_t)i386_regs.esi;
1791 tcp->u_arg[4] = (long)(int32_t)i386_regs.edi;
1792 tcp->u_arg[5] = (long)(int32_t)i386_regs.ebp;
1794 #elif defined(MICROBLAZE)
1795 for (i = 0; i < nargs; ++i)
1796 if (upeek(tcp, (5 + i) * 4, &tcp->u_arg[i]) < 0)
1798 #elif defined(CRISV10) || defined(CRISV32)
1799 static const int crisregs[MAX_ARGS] = {
1800 4*PT_ORIG_R10, 4*PT_R11, 4*PT_R12,
1801 4*PT_R13 , 4*PT_MOF, 4*PT_SRP
1804 for (i = 0; i < nargs; ++i)
1805 if (upeek(tcp, crisregs[i], &tcp->u_arg[i]) < 0)
1808 for (i = 0; i < nargs; ++i)
1809 tcp->u_arg[i] = tile_regs.regs[i];
1811 for (i = 0; i < nargs; ++i)
1812 if (upeek(tcp, (i < 5 ? i : i + 2)*4, &tcp->u_arg[i]) < 0)
1817 tcp->u_arg[0] = i386_regs.ebx;
1818 tcp->u_arg[1] = i386_regs.ecx;
1819 tcp->u_arg[2] = i386_regs.edx;
1820 tcp->u_arg[3] = i386_regs.esi;
1821 tcp->u_arg[4] = i386_regs.edi;
1822 tcp->u_arg[5] = i386_regs.ebp;
1825 for (i = 0; i < 6; ++i)
1826 tcp->u_arg[i] = or1k_regs.gpr[3 + i];
1827 #else /* Other architecture (32bits specific) */
1828 for (i = 0; i < nargs; ++i)
1829 if (upeek(tcp, i*4, &tcp->u_arg[i]) < 0)
1836 trace_syscall_entering(struct tcb *tcp)
1840 #if defined TCB_WAITEXECVE
1841 if (tcp->flags & TCB_WAITEXECVE) {
1842 /* This is the post-execve SIGTRAP. */
1843 tcp->flags &= ~TCB_WAITEXECVE;
1848 scno_good = res = (get_regs_error ? -1 : get_scno(tcp));
1852 res = syscall_fixup_on_sysenter(tcp);
1856 res = get_syscall_args(tcp);
1862 tprints("????" /* anti-trigraph gap */ "(");
1863 else if (!SCNO_IN_RANGE(tcp->scno))
1864 tprintf("syscall_%lu(", tcp->scno);
1866 tprintf("%s(", sysent[tcp->scno].sys_name);
1868 * " <unavailable>" will be added later by the code which
1869 * detects ptrace errors.
1874 #if defined(SYS_socket_subcall) || defined(SYS_ipc_subcall)
1875 while (SCNO_IN_RANGE(tcp->scno)) {
1876 # ifdef SYS_socket_subcall
1877 if (sysent[tcp->scno].sys_func == sys_socketcall) {
1878 decode_socket_subcall(tcp);
1882 # ifdef SYS_ipc_subcall
1883 if (sysent[tcp->scno].sys_func == sys_ipc) {
1884 decode_ipc_subcall(tcp);
1890 #endif /* SYS_socket_subcall || SYS_ipc_subcall */
1892 if (need_fork_exec_workarounds)
1893 syscall_fixup_for_fork_exec(tcp);
1895 if ((SCNO_IN_RANGE(tcp->scno) &&
1896 !(qual_flags[tcp->scno] & QUAL_TRACE)) ||
1897 (tracing_paths && !pathtrace_match(tcp))) {
1898 tcp->flags |= TCB_INSYSCALL | TCB_FILTERED;
1902 tcp->flags &= ~TCB_FILTERED;
1904 if (cflag == CFLAG_ONLY_STATS) {
1910 if (!SCNO_IN_RANGE(tcp->scno))
1911 tprintf("syscall_%lu(", tcp->scno);
1913 tprintf("%s(", sysent[tcp->scno].sys_name);
1914 if (!SCNO_IN_RANGE(tcp->scno) ||
1915 ((qual_flags[tcp->scno] & QUAL_RAW) &&
1916 sysent[tcp->scno].sys_func != sys_exit))
1917 res = printargs(tcp);
1919 res = (*sysent[tcp->scno].sys_func)(tcp);
1923 tcp->flags |= TCB_INSYSCALL;
1924 /* Measure the entrance time as late as possible to avoid errors. */
1926 gettimeofday(&tcp->etime, NULL);
1931 * 1: ok, continue in trace_syscall_exiting().
1932 * -1: error, trace_syscall_exiting() should print error indicator
1933 * ("????" etc) and bail out.
1936 get_syscall_result(struct tcb *tcp)
1938 #if defined(S390) || defined(S390X)
1939 if (upeek(tcp, PT_GPR2, &gpr2) < 0)
1941 #elif defined(POWERPC)
1942 # define SO_MASK 0x10000000
1945 if (upeek(tcp, sizeof(unsigned long)*PT_CCR, &flags) < 0)
1947 if (upeek(tcp, sizeof(unsigned long)*PT_R3, &ppc_result) < 0)
1949 if (flags & SO_MASK)
1950 ppc_result = -ppc_result;
1952 #elif defined(AVR32)
1953 /* already done by get_regs */
1955 if (upeek(tcp, PT_R0, &bfin_r0) < 0)
1958 /* already done by get_regs */
1959 #elif defined(X86_64) || defined(X32)
1960 /* already done by get_regs */
1962 # define IA64_PSR_IS ((long)1 << 34)
1964 if (upeek(tcp, PT_CR_IPSR, &psr) >= 0)
1965 ia32 = (psr & IA64_PSR_IS) != 0;
1966 if (upeek(tcp, PT_R8, &ia64_r8) < 0)
1968 if (upeek(tcp, PT_R10, &ia64_r10) < 0)
1971 /* already done by get_regs */
1972 #elif defined(AARCH64)
1973 /* register reading already done by get_regs */
1975 /* Used to do this, but we did it on syscall entry already: */
1976 /* We are in 64-bit mode (personality 1) if register struct is aarch64_regs,
1977 * else it's personality 0.
1979 /*update_personality(tcp, aarch64_io.iov_len == sizeof(aarch64_regs));*/
1981 if (upeek(tcp, 4*PT_D0, &m68k_d0) < 0)
1983 #elif defined(LINUX_MIPSN32)
1984 unsigned long long regs[38];
1986 if (ptrace(PTRACE_GETREGS, tcp->pid, NULL, (long) ®s) < 0)
1988 mips_a3 = regs[REG_A3];
1989 mips_r2 = regs[REG_V0];
1991 if (upeek(tcp, REG_A3, &mips_a3) < 0)
1993 if (upeek(tcp, REG_V0, &mips_r2) < 0)
1995 #elif defined(ALPHA)
1996 if (upeek(tcp, REG_A3, &alpha_a3) < 0)
1998 if (upeek(tcp, REG_R0, &alpha_r0) < 0)
2000 #elif defined(SPARC) || defined(SPARC64)
2001 /* already done by get_regs */
2003 if (upeek(tcp, PT_GR28, &hppa_r28) < 0)
2006 /* new syscall ABI returns result in R0 */
2007 if (upeek(tcp, 4*REG_REG0, (long *)&sh_r0) < 0)
2010 /* ABI defines result returned in r9 */
2011 if (upeek(tcp, REG_GENERAL(9), (long *)&sh64_r9) < 0)
2013 #elif defined(CRISV10) || defined(CRISV32)
2014 if (upeek(tcp, 4*PT_R10, &cris_r10) < 0)
2017 /* already done by get_regs */
2018 #elif defined(MICROBLAZE)
2019 if (upeek(tcp, 3 * 4, µblaze_r3) < 0)
2022 /* already done by get_regs */
2027 /* Called at each syscall exit */
2029 syscall_fixup_on_sysexit(struct tcb *tcp)
2031 #if defined(S390) || defined(S390X)
2032 if (syscall_mode != -ENOSYS)
2033 syscall_mode = tcp->scno;
2034 if ((tcp->flags & TCB_WAITEXECVE)
2035 && (gpr2 == -ENOSYS || gpr2 == tcp->scno)) {
2037 * Return from execve.
2038 * Fake a return value of zero. We leave the TCB_WAITEXECVE
2039 * flag set for the post-execve SIGTRAP to see and reset.
2047 * Check the syscall return value register value for whether it is
2048 * a negated errno code indicating an error, or a success return value.
2051 is_negated_errno(unsigned long int val)
2053 unsigned long int max = -(long int) nerrnos;
2054 #if SUPPORTED_PERSONALITIES > 1
2055 if (current_wordsize < sizeof(val)) {
2056 val = (unsigned int) val;
2057 max = (unsigned int) max;
2065 is_negated_errno_x32(unsigned long long val)
2067 unsigned long long max = -(long long) nerrnos;
2069 * current_wordsize is 4 even in personality 0 (native X32)
2070 * but truncation _must not_ be done in it.
2071 * can't check current_wordsize here!
2073 if (current_personality != 0) {
2074 val = (uint32_t) val;
2075 max = (uint32_t) max;
2082 * 1: ok, continue in trace_syscall_exiting().
2083 * -1: error, trace_syscall_exiting() should print error indicator
2084 * ("????" etc) and bail out.
2087 get_error(struct tcb *tcp)
2090 int check_errno = 1;
2091 if (SCNO_IN_RANGE(tcp->scno) &&
2092 sysent[tcp->scno].sys_flags & SYSCALL_NEVER_FAILS) {
2095 #if defined(S390) || defined(S390X)
2096 if (check_errno && is_negated_errno(gpr2)) {
2104 if (check_errno && is_negated_errno(i386_regs.eax)) {
2106 u_error = -i386_regs.eax;
2109 tcp->u_rval = i386_regs.eax;
2111 #elif defined(X86_64)
2113 if (x86_io.iov_len == sizeof(i386_regs)) {
2114 /* Sign extend from 32 bits */
2115 rax = (int32_t)i386_regs.eax;
2117 rax = x86_64_regs.rax;
2119 if (check_errno && is_negated_errno(rax)) {
2127 /* In X32, return value is 64-bit (llseek uses one).
2128 * Using merely "long rax" would not work.
2131 if (x86_io.iov_len == sizeof(i386_regs)) {
2132 /* Sign extend from 32 bits */
2133 rax = (int32_t)i386_regs.eax;
2135 rax = x86_64_regs.rax;
2137 /* Careful: is_negated_errno() works only on longs */
2138 if (check_errno && is_negated_errno_x32(rax)) {
2143 tcp->u_rval = rax; /* truncating */
2151 if (check_errno && is_negated_errno(err)) {
2159 if (check_errno && ia64_r10) {
2163 tcp->u_rval = ia64_r8;
2167 if (check_errno && mips_a3) {
2171 tcp->u_rval = mips_r2;
2172 # if defined(LINUX_MIPSN32)
2173 tcp->u_lrval = mips_r2;
2176 #elif defined(POWERPC)
2177 if (check_errno && is_negated_errno(ppc_result)) {
2179 u_error = -ppc_result;
2182 tcp->u_rval = ppc_result;
2185 if (check_errno && is_negated_errno(m68k_d0)) {
2190 tcp->u_rval = m68k_d0;
2192 #elif defined(ARM) || defined(AARCH64)
2193 # if defined(AARCH64)
2194 if (tcp->currpers == 1) {
2195 if (check_errno && is_negated_errno(aarch64_regs.regs[0])) {
2197 u_error = -aarch64_regs.regs[0];
2200 tcp->u_rval = aarch64_regs.regs[0];
2206 if (check_errno && is_negated_errno(arm_regs.ARM_r0)) {
2208 u_error = -arm_regs.ARM_r0;
2211 tcp->u_rval = arm_regs.ARM_r0;
2214 #elif defined(AVR32)
2215 if (check_errno && regs.r12 && (unsigned) -regs.r12 < nerrnos) {
2217 u_error = -regs.r12;
2220 tcp->u_rval = regs.r12;
2223 if (check_errno && is_negated_errno(bfin_r0)) {
2227 tcp->u_rval = bfin_r0;
2229 #elif defined(ALPHA)
2230 if (check_errno && alpha_a3) {
2235 tcp->u_rval = alpha_r0;
2237 #elif defined(SPARC)
2238 if (check_errno && regs.psr & PSR_C) {
2240 u_error = regs.u_regs[U_REG_O0];
2243 tcp->u_rval = regs.u_regs[U_REG_O0];
2245 #elif defined(SPARC64)
2246 if (check_errno && regs.tstate & 0x1100000000UL) {
2248 u_error = regs.u_regs[U_REG_O0];
2251 tcp->u_rval = regs.u_regs[U_REG_O0];
2254 if (check_errno && is_negated_errno(hppa_r28)) {
2256 u_error = -hppa_r28;
2259 tcp->u_rval = hppa_r28;
2262 if (check_errno && is_negated_errno(sh_r0)) {
2267 tcp->u_rval = sh_r0;
2270 if (check_errno && is_negated_errno(sh64_r9)) {
2275 tcp->u_rval = sh64_r9;
2277 #elif defined(CRISV10) || defined(CRISV32)
2278 if (check_errno && cris_r10 && (unsigned) -cris_r10 < nerrnos) {
2280 u_error = -cris_r10;
2283 tcp->u_rval = cris_r10;
2287 * The standard tile calling convention returns the value (or negative
2288 * errno) in r0, and zero (or positive errno) in r1.
2289 * Until at least kernel 3.8, however, the r1 value is not reflected
2290 * in ptregs at this point, so we use r0 here.
2292 if (check_errno && is_negated_errno(tile_regs.regs[0])) {
2294 u_error = -tile_regs.regs[0];
2296 tcp->u_rval = tile_regs.regs[0];
2298 #elif defined(MICROBLAZE)
2299 if (check_errno && is_negated_errno(microblaze_r3)) {
2301 u_error = -microblaze_r3;
2304 tcp->u_rval = microblaze_r3;
2307 if (check_errno && is_negated_errno(or1k_regs.gpr[11])) {
2309 u_error = -or1k_regs.gpr[11];
2312 tcp->u_rval = or1k_regs.gpr[11];
2315 tcp->u_error = u_error;
2320 dumpio(struct tcb *tcp)
2324 if (tcp->u_arg[0] < 0 || tcp->u_arg[0] >= MAX_QUALS)
2326 if (!SCNO_IN_RANGE(tcp->scno))
2328 if (sysent[tcp->scno].sys_func == printargs)
2330 if (qual_flags[tcp->u_arg[0]] & QUAL_READ) {
2331 if (sysent[tcp->scno].sys_func == sys_read ||
2332 sysent[tcp->scno].sys_func == sys_pread ||
2333 sysent[tcp->scno].sys_func == sys_recv ||
2334 sysent[tcp->scno].sys_func == sys_recvfrom)
2335 dumpstr(tcp, tcp->u_arg[1], tcp->u_rval);
2336 else if (sysent[tcp->scno].sys_func == sys_readv)
2337 dumpiov(tcp, tcp->u_arg[2], tcp->u_arg[1]);
2340 if (qual_flags[tcp->u_arg[0]] & QUAL_WRITE) {
2341 if (sysent[tcp->scno].sys_func == sys_write ||
2342 sysent[tcp->scno].sys_func == sys_pwrite ||
2343 sysent[tcp->scno].sys_func == sys_send ||
2344 sysent[tcp->scno].sys_func == sys_sendto)
2345 dumpstr(tcp, tcp->u_arg[1], tcp->u_arg[2]);
2346 else if (sysent[tcp->scno].sys_func == sys_writev)
2347 dumpiov(tcp, tcp->u_arg[2], tcp->u_arg[1]);
2353 trace_syscall_exiting(struct tcb *tcp)
2360 /* Measure the exit time as early as possible to avoid errors. */
2362 gettimeofday(&tv, NULL);
2364 #if SUPPORTED_PERSONALITIES > 1
2365 update_personality(tcp, tcp->currpers);
2367 res = (get_regs_error ? -1 : get_syscall_result(tcp));
2369 syscall_fixup_on_sysexit(tcp); /* never fails */
2370 res = get_error(tcp); /* returns 1 or -1 */
2372 if (need_fork_exec_workarounds)
2373 syscall_fixup_for_fork_exec(tcp);
2374 if (filtered(tcp)) {
2381 struct timeval t = tv;
2382 count_syscall(tcp, &t);
2383 if (cflag == CFLAG_ONLY_STATS) {
2388 /* If not in -ff mode, and printing_tcp != tcp,
2389 * then the log currently does not end with output
2390 * of _our syscall entry_, but with something else.
2391 * We need to say which syscall's return is this.
2393 * Forced reprinting via TCB_REPRINT is used only by
2394 * "strace -ff -oLOG test/threaded_execve" corner case.
2395 * It's the only case when -ff mode needs reprinting.
2397 if ((followfork < 2 && printing_tcp != tcp) || (tcp->flags & TCB_REPRINT)) {
2398 tcp->flags &= ~TCB_REPRINT;
2400 if (!SCNO_IN_RANGE(tcp->scno))
2401 tprintf("<... syscall_%lu resumed> ", tcp->scno);
2403 tprintf("<... %s resumed> ", sysent[tcp->scno].sys_name);
2408 /* There was error in one of prior ptrace ops */
2411 tprints("= ? <unavailable>\n");
2413 tcp->flags &= ~TCB_INSYSCALL;
2418 if (!SCNO_IN_RANGE(tcp->scno)
2419 || (qual_flags[tcp->scno] & QUAL_RAW)) {
2420 /* sys_res = printargs(tcp); - but it's nop on sysexit */
2422 /* FIXME: not_failing_only (IOW, option -z) is broken:
2423 * failure of syscall is known only after syscall return.
2424 * Thus we end up with something like this on, say, ENOENT:
2425 * open("doesnt_exist", O_RDONLY <unfinished ...>
2426 * {next syscall decode}
2427 * whereas the intended result is that open(...) line
2428 * is not shown at all.
2430 if (not_failing_only && tcp->u_error)
2431 goto ret; /* ignore failed syscalls */
2432 sys_res = (*sysent[tcp->scno].sys_func)(tcp);
2437 u_error = tcp->u_error;
2438 if (!SCNO_IN_RANGE(tcp->scno) ||
2439 qual_flags[tcp->scno] & QUAL_RAW) {
2441 tprintf("= -1 (errno %ld)", u_error);
2443 tprintf("= %#lx", tcp->u_rval);
2445 else if (!(sys_res & RVAL_NONE) && u_error) {
2447 /* Blocked signals do not interrupt any syscalls.
2448 * In this case syscalls don't return ERESTARTfoo codes.
2450 * Deadly signals set to SIG_DFL interrupt syscalls
2451 * and kill the process regardless of which of the codes below
2452 * is returned by the interrupted syscall.
2453 * In some cases, kernel forces a kernel-generated deadly
2454 * signal to be unblocked and set to SIG_DFL (and thus cause
2455 * death) if it is blocked or SIG_IGNed: for example, SIGSEGV
2456 * or SIGILL. (The alternative is to leave process spinning
2457 * forever on the faulty instruction - not useful).
2459 * SIG_IGNed signals and non-deadly signals set to SIG_DFL
2460 * (for example, SIGCHLD, SIGWINCH) interrupt syscalls,
2461 * but kernel will always restart them.
2464 /* Most common type of signal-interrupted syscall exit code.
2465 * The system call will be restarted with the same arguments
2466 * if SA_RESTART is set; otherwise, it will fail with EINTR.
2468 tprints("= ? ERESTARTSYS (To be restarted if SA_RESTART is set)");
2470 case ERESTARTNOINTR:
2471 /* Rare. For example, fork() returns this if interrupted.
2472 * SA_RESTART is ignored (assumed set): the restart is unconditional.
2474 tprints("= ? ERESTARTNOINTR (To be restarted)");
2476 case ERESTARTNOHAND:
2477 /* pause(), rt_sigsuspend() etc use this code.
2478 * SA_RESTART is ignored (assumed not set):
2479 * syscall won't restart (will return EINTR instead)
2480 * even after signal with SA_RESTART set.
2481 * However, after SIG_IGN or SIG_DFL signal it will.
2483 tprints("= ? ERESTARTNOHAND (Interrupted by signal)");
2485 case ERESTART_RESTARTBLOCK:
2486 /* Syscalls like nanosleep(), poll() which can't be
2487 * restarted with their original arguments use this
2488 * code. Kernel will execute restart_syscall() instead,
2489 * which changes arguments before restarting syscall.
2490 * SA_RESTART is ignored (assumed not set) similarly
2491 * to ERESTARTNOHAND. (Kernel can't honor SA_RESTART
2492 * since restart data is saved in "restart block"
2493 * in task struct, and if signal handler uses a syscall
2494 * which in turn saves another such restart block,
2495 * old data is lost and restart becomes impossible)
2497 tprints("= ? ERESTART_RESTARTBLOCK (Interrupted by signal)");
2501 tprintf("= -1 E??? (errno %ld)", u_error);
2502 else if (u_error < nerrnos)
2503 tprintf("= -1 %s (%s)", errnoent[u_error],
2506 tprintf("= -1 ERRNO_%ld (%s)", u_error,
2510 if ((sys_res & RVAL_STR) && tcp->auxstr)
2511 tprintf(" (%s)", tcp->auxstr);
2514 if (sys_res & RVAL_NONE)
2517 switch (sys_res & RVAL_MASK) {
2519 tprintf("= %#lx", tcp->u_rval);
2522 tprintf("= %#lo", tcp->u_rval);
2525 tprintf("= %lu", tcp->u_rval);
2528 tprintf("= %ld", tcp->u_rval);
2530 #if defined(LINUX_MIPSN32) || defined(X32)
2533 tprintf("= %#llx", tcp->u_lrval);
2536 tprintf("= %#llo", tcp->u_lrval);
2539 case RVAL_LUDECIMAL:
2540 tprintf("= %llu", tcp->u_lrval);
2544 tprintf("= %lld", tcp->u_lrval);
2550 "invalid rval format\n");
2554 if ((sys_res & RVAL_STR) && tcp->auxstr)
2555 tprintf(" (%s)", tcp->auxstr);
2558 tv_sub(&tv, &tv, &tcp->etime);
2559 tprintf(" <%ld.%06ld>",
2560 (long) tv.tv_sec, (long) tv.tv_usec);
2567 tcp->flags &= ~TCB_INSYSCALL;
2572 trace_syscall(struct tcb *tcp)
2574 return exiting(tcp) ?
2575 trace_syscall_exiting(tcp) : trace_syscall_entering(tcp);