Dmitry V. Levin [Thu, 5 Jun 2014 15:12:42 +0000 (15:12 +0000)]
unwind: use fopen64 instead of fopen
* unwind.c (fopen_for_input): Define to fopen64 iff
[_LARGEFILE64_SOURCE && HAVE_FOPEN64], otherwise define it to fopen.
(build_mmap_cache): Use fopen_for_input instead of fopen.
Dmitry V. Levin [Thu, 5 Jun 2014 14:37:04 +0000 (14:37 +0000)]
unwind: fix build on 32-bit architectures
Fix compilation warnings in unwind.c on 32-bit architectures.
On some architectures getuid is actually getuid32, so change the test
to use getpid instead of getuid.
* unwind.c (STACK_ENTRY_SYMBOL_FMT): Explicitly cast function_off_set
to unsigned long.
(queue_put_error): Change the 3rd argument's type to unsigned long.
* tests/stack-fcall.c (f1): Use getpid instead of getuid.
* tests/strace-k.test: Likewise.
Dmitry V. Levin [Tue, 3 Jun 2014 12:56:42 +0000 (12:56 +0000)]
debian: enable security hardening features
* debian/rules: Follow the advice in https://wiki.debian.org/Hardening
and enable maximum hardening as for programs that handle untrusted data.
Patch by Markus <waldeck@gmx.de>.
Dmitry V. Levin [Tue, 3 Jun 2014 12:16:53 +0000 (12:16 +0000)]
debian: update control file
* debian/control (strace64): Fix a typo in package description.
Patch by Pascal De Vuyst <pascal.devuyst@gmail.com>.
(strace, strace-udeb): Add x32 to architecture list.
Patch by Guillaume Morin <guillaume@morinfr.org>.
(strace, strace-udeb): Add or1k to architecture list.
Patch by Christian Svensson <debian@cmd.nu>.
(strace, strace-udeb): Add arm64 to architecture list,
and remove defunct arm.
Patch by Wookey <wookey@debian.org>.
This fixes Debian bugs: #697625, #727018, #742235, #749956.
Dmitry V. Levin [Tue, 3 Jun 2014 12:03:41 +0000 (12:03 +0000)]
manpage: minor corrections
$ groff -ww -mandoc -z strace.1
strace.1:65: warning: macro `IX' not defined
* strace.1: define IX macro as empty for groff.
Change remaining '-' as minus to '\-'.
Have two word spaces after a full stop as an end of sentence.
Use extra space ('\,' or '\/') between roman and italic characters.
Based on patch by Bjarni Ingi Gislason <bjarniig@rhi.hi.is>.
This fixes Debian bug #725987.
unwind: move stacktrace capturing and mmap cache invalidating to trace_syscall_entering
Instead of handling stacktrace capturing and mmap cache invalidating in
sys_* functions, handle them uniformly in trace_syscall_entering using
new flags introduced by previous two commits.
The patch is simpler than its older version(v3). The value of
hide_log_until_execve is just ignored. I found the value is nothing
to do with this patch. unwind_cache_invalidate is mentioned only
once in trace_syscall_exiting.
Both are suggested by Dmitry Levin.
Dmitry V. Levin [Mon, 12 May 2014 14:37:50 +0000 (14:37 +0000)]
unwind: add SE and SI flags to syscall entries for all architectures
Add SE flag to execve, exit, and exit_group syscall entries.
Add SI flag to brk, execve, mmap, mprotect, mremap, munmap,
remap_file_pages, shmat, and shmdt syscall entries.
unwind: introduce markers specifying the needs of special care in unwinding
Some system calls require capturing the stack trace before they are
processed in kernel. Typical one is execve. Some system calls require
invalidating mmap cache after they are processed in kernel.
In current implementation these requirements are handled directly by
appropriate syscall handlers. However, it is difficult to keep the
source code maintainable using this approach to cover all system calls
which have such requirements.
A more generic way to implement this is to flag all syscalls that
require special processing, and handle these flags right in
trace_syscall_entering instead of changing syscall handlers.
This patch just defines new flags: STACKTRACE_INVALIDATE_CACHE and
STACKTRACE_CAPTURE_ON_ENTER.
The names of macros are suggested by Dmitry Levin.
When a file mmap'ed to the target process is unlink'ed, backtracing the
stack would fail. Current implementation reports it as
"backtracing_error". To avoid confusion, the message is changed to
"expected_backtracing_error".
p-deleted is deleted therefore backtracing_error is reported. This
patch records the deleted marker when making mmap cache and refers the
recorded information in the case "backtracing_error" to switch the
message.
This solution is not perfect: if a file is unlink'ed after making the
mmap cache and before unwinding, strace cannot have a chance to record
the deleted marker.
In this version of patch, hardcoded magic number used in comparing "(delete)"
string is replaced with strlen as suggested by Dmitry Levin.
In old version of patch, the deleted entry was thrown away from mmap
cache to avoid to report "backtracing_error". In this patch I keep it,
and just switch the error message.
Inspired by the review comment from Dmitry Levin.
unwind: call unwind_tcb_fin before printing detached message
captured stacktrace is printed in unwind_tcb_fin if tcp->queue is not
empty. This should happen before printing detached message, so
unwind_tcb_fin is moved to the top of droptcb.
This is implicitly suggested by Dmitry Levin in patch review process.
A mmap cache belonging to a tcb was updated when a system call which
changed the memory mapping was called. This implementation was assumed
the mapping was changed only by the tcb. However, this assumption is
incorrect if the target application is multi-threaded; more than two
tcbs can shared the same memory mapping and a tcb can modify it without
being noticed by the others.
This change introduces a global integer variable mmap_cache_generation,
and mmap_cache_generation field to struct tcb. The variable
is incremented each time a process enters a syscall that can modify its
memory mapping. Each tcb records the value of this variable at the
moment if building its mmap cache. Every mmap cache associated with
the given tcb can be validated by comparing its mmap_cache_generation
field with the variable mmap_cache_generation.
This implementation is inefficient. If strace attaches two processes
which don't share the memory mapping, rebuilding mmap cache of a tcb
triggered by another tcb's mmap system call is not necessary.
unwind: introduce queue_t for capturing stacktrace
This is the second step for splitting capturing from printing.
New `queue' field is added to tcb. Captured stacktrace is stored here.
The field is initialized/finalized at unwind_tcb_init/unwind_tcb_fin.
New API function unwind_capture_stacktrace is added. This function
captures the currest stack using stracktrace_walker and records it in
tcb. It's printing is delayed to the next call of
unwind_print_stacktrace.
unwind_print_stacktrace is extended. Now it checks queue field of
the given tcb at the start of function. If the function finds a
captured stack trace, the latter is printed using stracktrace_walker.
Currently unwind_capture_stacktrace invocations are added directly to
handlers of mmap, munmap, mprotect, and execve.
Here is the difference of output with/without patch:
In older version output lines of captured elements were built when
printing. In this version they are built when capturing the stack.
As result, unneeded dynamic memory allocations are avoided.
Suggested by Luca Clementi.
In older version the combination of snprintf and realloc were used.
In this version they are replaced with asprintf.
Suggested by Dmitry Levin.
In current implementation, the stack trace is captured and printed at
the same time, in trace_syscall_exiting. This approach cannot
provide user expected information when a system call changes the
memory mapping. In such cases, the stack trace should be captured on
entering syscall and printed on exiting.
As the initial step for splitting capturing from printing, this change
introduces stacktrace_walker utility function. It can be used both for
capturing in trace_syscall_entering and printing in
trace_syscall_exiting.
Add -k option to print stack trace after each syscall
Print the stack trace of the traced process after each system call when
-k option is specified. It is implemented using libunwind to unwind the
stack and to obtain the function name pointed by the IP.
Based on the code that was originally taken from strace-plus
of Philip J. Guo.
* xlat/gen.sh: Define all xlat structs not declared in defs.h as static.
Some symbolic constants are not macros, extend #ifdef check to cover
symbolic constants checked by AC_CHECK_DECLS.
Handle complex symbolic constants in SYMBOL|... form.
Handle symbolic constants in 1<<SYMBOL form.
Handle numeric constants.
Implement #unconditional directive that turns off preprocessor checks.
Implement #unterminated directive that turns off adding XLAT_END.
Dmitry V. Levin [Thu, 29 May 2014 18:10:00 +0000 (18:10 +0000)]
Constify count_syscall function
* count.c (count_syscall): Add const qualifier to timeval argument and
rename it. Store the wall clock time spent while in syscall in separate
timeval variable.
* defs.h (count_syscall): Update prototype.
* syscall.c (trace_syscall_exiting): Update count_syscall invocation.
Dmitry V. Levin [Wed, 28 May 2014 16:38:44 +0000 (16:38 +0000)]
Use printstr for sethostname, setdomainname, and gethostname decoding
The argument passed to sethostname and setdomainname syscalls, as well
as the string returned by gethostname syscall, is not a pathname, so
printpathn is not the right method for its decoding.
* process.c (sys_sethostname, sys_setdomainname): Decode 1st argument
using printstr instead of printpathn.
[ALPHA] (sys_gethostname): Likewise.
James Hogan [Fri, 2 May 2014 13:15:41 +0000 (14:15 +0100)]
Fix {get,set}rlimit decoding with unreliable SIZEOF_RLIM_T
When strace is built with large file support definitions in CFLAGS (as
may be provided by buildroot) the C library headers may expose a 64-bit
rlim_t even though the struct rlimit fields used by the system call
interface are only 32-bit. The SIZEOF_RLIM_T will then be 8 which
results in bad decoding of the getrlimit and setrlimit syscalls.
This is fixed by replacing unreliable SIZEOF_RLIM_T based checks with
checks for current_wordsize.
Signed-off-by: James Hogan <james.hogan@imgtec.com> Signed-off-by: Dmitry V. Levin <ldv@altlinux.org>
I found that I use it quite often. Lets make it so that
after cut-n-pasting it into a file, there is no need
to edit the result (e.g. no need to remove C comment
chars from every line.
We need to handle this situation more like x86-64. 32-bit arm and i386
actually have a common struct stat64, except the arm one must not be
packed. Additionally, on aarch64 the 32-bit personality is personality 0.
Dmitry V. Levin [Tue, 18 Mar 2014 23:37:43 +0000 (23:37 +0000)]
ARM EABI: disable OABI support by default
OABI is rarely used in ARM EABI systems nowadays, so disable its support
by default. Add --enable-arm-oabi option to enable ARM OABI support.
* configure.ac: New option --enable-arm-oabi.
* syscall.c (get_scno) [ARM]: Check ENABLE_ARM_OABI macro defined by
configure instead of undocumented STRACE_KNOWS_ONLY_EABI macro.
Elliott Hughes [Wed, 12 Mar 2014 17:31:04 +0000 (10:31 -0700)]
Fix stat decoding for LP64 bionic
Patch fb642bb6d63f7ffe2228bf48a6008bc8f56f67ff fixed building with
HAVE_STAT64 for aarch64 with uapi kernel headers but not x86_64.
The workaround needed to be applied to all LP64 architectures, not
just aarch64. This patch fixes that and adds an explanatory comment.
Elliott Hughes [Mon, 10 Mar 2014 19:27:22 +0000 (19:27 +0000)]
Improve SI_TIMER decoding
Decode siginfo_t more clearly for si_code SI_TIMER.
The 'pid' is actually a POSIX timer id, and the 'uid' is actually the
overrun.
Also factor out the si_value dumping so it's the same for every si_code.
Dmitry V. Levin [Mon, 3 Mar 2014 23:09:47 +0000 (23:09 +0000)]
Fix fcntl decoding
Assume that F_SETLK64, F_SETLKW64, and F_GETLK64 are either defined or
not defined altogether.
Do not assume that sizeof(off_t) < sizeof(long long) when F_SETLK64 is
undefined.
This change fixes build with musl libc on x86.
* configure.ac: Define SIZEOF_OFF_T.
* desc.c (USE_PRINTFLOCK64): New macro.
(struct flock64, printflock64): Do not define on X32.
(printflock): Replace X32 specific workaround with SIZEOF_OFF_T check.
Fix printing off_t members of struct flock.
(sys_fcntl): Use USE_PRINTFLOCK64.
Dmitry V. Levin [Sat, 1 Mar 2014 21:17:17 +0000 (21:17 +0000)]
sys_fcntl: remove F_FREESP and F_FREESP64 support
F_FREESP and F_FREESP64 fcntl commands are not available in Linux
and therefore the code implementing their decoding is useless.
Besides that, F_FREESP64 decoding is too complicated to support.
* desc.c (fcntlcmds): Remove F_FREESP and F_FREESP64.
Remove F_FREESP64 from the check whether to define struct flock64.
(sys_fcntl): Remove F_FREESP and F_FREESP64 support.
Elliott Hughes [Fri, 28 Feb 2014 23:16:32 +0000 (23:16 +0000)]
Fix decoding of arm struct stat64 by aarch64 strace.
aarch64's uapi header files have a struct stat but no struct stat64.
To correctly decode a 32-bit process' s struct stat64 we need
HAVE_STAT64, but then the build fails because there is no struct stat64.
Luckily, the aarch64 struct stat is structurally equivalent to the arm
struct stat64, so we can just reuse that.
Dmitry V. Levin [Wed, 26 Feb 2014 16:51:28 +0000 (16:51 +0000)]
Rewrite signal mask decoding without sigset_t
The sigset_t provided by libc is not quite convenient.
In glibc, sigset_t is an array with space for 1024 bits, which is much
more than required: all architectures supported by Linux have only 64
signals except MIPS, which has 128.
In bionic libc, LP32 sigset_t is only 4 bytes long, which is less than
necessary.
With this change, signal mask is decoded without use of intermediate
sigset_t structure, which saves us some cpu cycles in case of glibc with
its inflated sigset_t, and enables build with libcs where sigset_t is
broken.
Old implementation used to check each signal number in the given signal
mask twice using sigismember().
New implementation is based on popcount and next_set_bit() so it's
noticeably faster.
* configure.ac: Check for __builtin_popcount.
* signal.c: Ensure that NSIG >= 32.
(sprintsigmask, sprintsigmask_long, printsigmask): Remove.
(popcount32, sprintsigmask_n): New functions.
(tprintsigmask_addr, sprintsigmask_val, tprintsigmask_val): New macros.
(print_sigset_addr_len, sys_sigsetmask, sys_sigreturn, sys_siggetmask,
sys_sigsuspend, sys_sigprocmask, decode_new_sigaction): Update to use
new signal mask decoding interface.
* tests/sigaction.c (main): Add a test with almost filled signal mask.
* tests/sigaction.awk: Update.
Dmitry V. Levin [Wed, 26 Feb 2014 00:01:00 +0000 (00:01 +0000)]
Fix build with Bionic libc
Add generic tests for fopen64 and fputs_unlocked functions to fix build
with Bionic libc that does not provide them.
* configure.ac (AC_CHECK_FUNCS): Add fopen64 and fputs_unlocked.
* strace.c [_LARGEFILE64_SOURCE]: Use fopen instead of fopen64
if !HAVE_FOPEN64.
Use fputs instead of fputs_unlocked if !HAVE_FPUTS_UNLOCKED.
* vsprintf.c: Use fputs instead of fputs_unlocked
if !HAVE_FPUTS_UNLOCKED.
Dmitry V. Levin [Tue, 25 Feb 2014 23:04:55 +0000 (23:04 +0000)]
Do not compile scsi ioctl decoding if <scsi/sg.h> is not available
Add a generic test for <scsi/sg.h> availability to fix build with
Bionic libc that does not provide <scsi/sg.h>.
* configure.ac (AC_CHECK_HEADERS): Add scsi/sg.h.
* ioctl.c (ioctl_decode): Do not call scsi_ioctl if !HAVE_SCSI_SG_H.
* scsi.c: Do not compile scsi ioctl decoding if !HAVE_SCSI_SG_H.
Dmitry V. Levin [Sat, 8 Feb 2014 00:26:06 +0000 (00:26 +0000)]
Fix sigaction reporting on non-x86 architectures
If SA_RESTORER is not defined by libc headers but defined by kernel
headers, use the definition provided by kernel headers for proper
sigaction decoding.
* signal.c [!SA_RESTORER]: Define to ASM_SA_RESTORER if the latter is
defined, regardless of architecure.
Dmitry V. Levin [Sat, 8 Feb 2014 00:15:52 +0000 (00:15 +0000)]
Check for SA_RESTORER definition in <asm/signal.h>
Kernel header <asm/signal.h> cannot be included from regular code
because it conflicts with libc headers, but SA_RESTORER is needed in
signal.c, so SA_RESTORER value is forwarded from <asm/signal.h> to
config.h using a configure check.
* configure.ac (ASM_SA_RESTORER): Define if SA_RESTORER is defined
in <asm/signal.h>.
Ezequiel Garcia [Thu, 6 Feb 2014 17:53:54 +0000 (14:53 -0300)]
Add support for Altera's Nios-II softcore architecture
This commit adds strace support for Altera's Nios-II official
kernel port as found in git://git.rocketboards.org/linux-socfpga.git
Notice that this an out-of-tree kernel architectural port, and uses the
legacy (non-generic) system call ABI. In particular, the port doesn't
support PTRACE_GETREGSET, so the implementation is based on PTRACE_GETREGS.
Given it's mandatory for new architectures to support the generic
syscall ABI and PTRACE_GETREGSET, if the nios2 architecure is ever
mainlined, the strace support will have to be re-factored accordingly.
* linux/nios2/ioctlent.h.in: New file.
* linux/nios2/syscallent.h: Likewise.
* Makefile.am (EXTRA_DIST): Add linux/nios2/ioctlent.h.in and
linux/nios2/syscallent.h.
* configure.ac: Add NIOS2 to the list of supported architectures.
* defs.h [NIOS2]: Use register reading system.
* process.c (struct_user_offsets): Add NIOS2 support.
* syscall.c (get_regs, get_scno, get_syscall_args,
get_syscall_result, get_error): Likewise.
* util.c (change_syscall): Likewise.
* mem.c (sys_getpagesize): Define on NIOS2.
* system.c [NIOS2] (sys_cacheflush, sys_nios2cmpxchg): New functions.
Signed-off-by: Ezequiel Garcia <ezequiel@vanguardiasur.com.ar> Acked-by: Mike Frysinger <vapier@gentoo.org>
Dmitry V. Levin [Wed, 5 Feb 2014 02:20:51 +0000 (02:20 +0000)]
Use XLAT_END macro
Automatically update all xlat structures using the following sed regexp:
s/^[[:space:]]*{[[:space:]]*0[[:space:]]*,[[:space:]]*NULL[[:space:]]*,\?[[:space:]]*}[[:space:]]*,\?[[:space:]]*/\tXLAT_END/
projects / strace / log