Masatake YAMATO [Sat, 22 Nov 2014 10:03:33 +0000 (19:03 +0900)]
Print protocol name of socket descriptors with -yy option
For those socket descriptors that have no associated ip:port pairs
(or when this information is not available), -yy option prints
the same <socket:[INODE]> information as -y option, e.g.
$ strace -e sendto -yy ip l > /dev/null
sendto(3<socket:[23456789]>, ...
This change makes -yy output more informative: instead of just
printing "socket", the name of protocol behind the socket descriptor
will be printed, e.g.
* configure.ac (AC_CHECK_HEADERS): Add sys/xattr.h.
* tests/net-yy-accept.awk: Update to support protocol names.
* tests/net-yy-connect.awk: Likewise.
* util.c [HAVE_SYS_XATTR_H]: Include <sys/xattr.h>.
(getfdproto): New function.
(printfd): Use it.
Signed-off-by: Masatake YAMATO <yamato@redhat.com> Signed-off-by: Dmitry V. Levin <ldv@altlinux.org>
Dmitry V. Levin [Fri, 21 Nov 2014 20:46:16 +0000 (20:46 +0000)]
Include <sys/uio.h> unconditionally
Since <sys/uio.h> is standardized by POSIX and is present in all
available versions of glibc, it's safe to assume that any usable
libc implementation provides this header file.
Helge Deller [Sat, 8 Nov 2014 21:52:44 +0000 (22:52 +0100)]
hppa: update error codes and signal numbers
There are two important changes in here:
1. EWOULDBLOCK has been up to kernel 3.14 errorcode #246. Since hppa
folks had problems with EWOULDBLOCK != EAGAIN, this was changed in
kernel 3.14.
2. Starting with kernel 3.18, hppa folks changed some signal numbers in
such a way that we end up with SIGRTMIN == 32, which brings hppa in sync
with other linux ports.
Both were incompatible changes which basically broke hppa ABI, but since
they have been merged into the kernel, we have to follow.
Masatake YAMATO [Thu, 6 Nov 2014 16:23:26 +0000 (01:23 +0900)]
Add functions for dumping iovecs in mmsghdr used in sendmmsg and recvmmsg
This patch is similar to what I did in commit 02f9f6b386741a52f58e1b31ad4e7fff60781ef8.
That commit was for sendmsg and recvmsg system calls.
This one is for sendmmsg and recvmmsg system calls.
* defs.h (dumpiov_in_mmsghdr): New declaration.
* net.c (extractmmsghdr): New function derived from printmmsghdr.
(printmmsghdr): Use it.
(dumpiov_in_mmsghdr): New function.
* syscall.c (dumpio) [HAVE_SENDMSG]: Call dumpiov_in_mmsghdr
for recvmmsg and sendmmsg syscalls.
Signed-off-by: Masatake YAMATO <yamato@redhat.com> Signed-off-by: Dmitry V. Levin <ldv@altlinux.org>
Masatake YAMATO [Thu, 6 Nov 2014 16:23:25 +0000 (01:23 +0900)]
Use the definition of struct mmsghdr if it is defined in build environment
mmsghrd structure type is defined locally in printmmsghdr function.
However, more functions will refer the definition in modifications for
supporting "-e write=set" and "-e read=set" option for sendmmsg and
recvmmsg system calls.
After this change, the system definition of struct mmsghdr will be used
if configure reports it is available, falling back to the old local
definition.
* configure.ac (AC_CHECK_TYPES): Add struct mmsghdr.
* net.c [!HAVE_STRUCT_MMSGHDR] (struct mmsghdr): Define.
(printmmsghdr): Use previously defined struct mmsghdr.
Masatake YAMATO [Thu, 6 Nov 2014 16:23:24 +0000 (01:23 +0900)]
Introduce a separate function to copy from msghdr32 to msghdr
This patch is an initial step for supporting "-e write=set" and
"-e read=set" option for sendmmsg and recvmmsg system calls.
Coverting a data of msghdr32 to msghdr is needed both for
{send,recv}msg and {send,recv}mmsg to decode parameters.
To share the copying code in both decoders, a separate
function named copy_from_msghdr32 is introduced.
* net.c [SUPPORTED_PERSONALITIES > 1 && SIZEOF_LONG > 4]
(copy_from_msghdr32): New function.
(extractmsghdr) [SUPPORTED_PERSONALITIES > 1 && SIZEOF_LONG > 4]: Use it.
Lubomir Rintel [Thu, 16 Oct 2014 10:05:43 +0000 (12:05 +0200)]
Makefile.am: look for ioctl definitions in the kernel build tree by default
While most of ioctl-related kernel headers are now exported by kernel's
headers_install, some are still modules_install only. The kernel's
headers installed into /usr/include/ are usually headers_install'ed and
therefore don't contain some internal headers we need. The solution is
to look for modules_install'ed headers for the running kernel, and fall
back to old behavior if they aren't found.
Signed-off-by: Lubomir Rintel <lkundrak@v3.sk> Signed-off-by: Dmitry V. Levin <ldv@altlinux.org>
Introduce v4l2.c, a decoder for the arguments of the video-input subset
of the v4l2 ioctl's. This is a combination of
- previous work by Peter Zotov <whitequark@whitequark.org>, found at
https://gist.githubusercontent.com/whitequark/1263207/raw/strace-4.6-v4l2-ioctls.patch
- previous work by William Manley <will@williammanley.net>, found at
http://marc.info/?l=strace&m=139395588520675
- forward port, additions and fixes by Philippe De Muyter <phdm@macqel.be>
As v4l2 is a moving target, I have made v4l2.c compilable with ancient
linux kernels by testing the availability of some macros. It has been
succesfully compiled on linux 3.10, 3.1, 2.6.31 and 2.6.22, and
succesfully used on linux 3.10 with a camera device.
* configure.ac: Check for availabilty of V4L2_* enum constants.
* Makefile.am (strace_SOURCES): Add v4l2.c.
* defs.h (v4l2_ioctl): New prototype.
* ioctl.c (ioctl_decode): Use v4l2_ioctl.
* v4l2.c: New file.
* xlat/v4l2_*.in: New files.
Signed-off-by: Philippe De Muyter <phdm@macqel.be> Cc: Peter Zotov <whitequark@whitequark.org> Cc: William Manley <will@williammanley.net>
Dmitry V. Levin [Mon, 3 Nov 2014 20:14:31 +0000 (20:14 +0000)]
Filter out redundant ioctl entries early
For two ioctl entries with the same code, if one's name is a prefix
to another's name, keep the entry with a shorter name. Filter out
redundant ioctl entries at ioctlsort stage so that distributed
ioctlent.h.in files will be already filtered.
* linux/ioctlsort.c (is_not_prefix): New function.
(main): Use it.
* linux/ioctlent-filter.awk: Remove.
* Makefile.am (EXTRA_DIST): Remove linux/ioctlent-filter.awk.
($(ioctlent_h)): Don't use linux/ioctlent-filter.awk.
* defs.h (dumpiov_in_msghdr): New prototype.
* net.c (extractmsghdr): New function derived from printmsghdr.
(printmsghdr): Use extractmsghdr.
(dumpiov_in_msghdr): New function.
* syscall.c (dumpio) [HAVE_SENDMSG]: Call dumpiov_in_msghdr for recvmsg
and sendmsg syscalls.
Signed-off-by: Masatake YAMATO <yamato@redhat.com> Signed-off-by: Dmitry V. Levin <ldv@altlinux.org>
Mike Frysinger [Tue, 21 Oct 2014 12:34:08 +0000 (08:34 -0400)]
sock: fix decoding of struct ifreq.ifr_name
The ifr name fields of the ifreq structure might not be NUL terminated.
If the user makes an ioctl call where they aren't, then strace ends up
reading random content from its own stack. Limit the printf lengths.
* sock.c (sock_ioctl): Add explicit length limits to ifr_name printfs.
On Android, 32-bit arm and x86 use __kernel_mode_t (an unsigned short)
as their mode_t. The open(2) flags are actually an int, so high ones
like O_CLOEXEC get truncated if you coerce them to mode_t.
* defs.h (tprint_open_modes, sprint_open_modes): Change argument type
from mode_t to int.
* file.c (tprint_open_modes, sprint_open_modes): Likewise.
Signed-off-by: Elliott Hughes <enh@google.com> Signed-off-by: Dmitry V. Levin <ldv@altlinux.org>
fsmagic: sort array by value and use bsearch for faster lookup
* defs.h (xlat_search): New prototype.
* util.c (xlat_bsearch_compare, xlat_search): New functions.
* file.c (sprintfstype): Use xlat_search for fsmagic lookup.
* xlat/fsmagic.in: Sort by value and mark as not NULL-terminated.
* tests/statfs.c: New file.
* tests/statfs.test: New test.
* tests/Makefile.am (check_PROGRAMS): Add statfs.
(statfs_CFLAGS): Define.
(TESTS): Add statfs.test.
* tests/.gitignore: Add statfs.
Dmitry V. Levin [Thu, 21 Aug 2014 03:17:48 +0000 (03:17 +0000)]
Add -yy option: print ip and port associated with socket descriptors
When two ore more -y options are given, print local and remote ip:port
pairs associated with socket descriptors. This implementation uses
NETLINK_INET_DIAG for sockaddr lookup; it's based on the patch
prepared by Zubin Mithra as a part of his GSoC 2014 strace project.
* Makefile.am (strace_SOURCES): Add socketutils.c
(EXTRA_DIST): Add linux/inet_diag.h and linux/sock_diag.h.
* defs.h (print_sockaddr_by_inode): New prototype.
* linux/inet_diag.h: New file.
* linux/sock_diag.h: Likewise.
* socketutils.c: Likewise.
* strace.1: Document -yy option.
* strace.c (usage): Likewise.
* util.c (printfd): Use print_sockaddr_by_inode.
sigaction: wrap sa_restorer in #ifdef SA_RESTORER consistently
Wrap sa_restorer member definitions in #ifdef SA_RESTORER to be
consistent with their use.
If an architecture does not provide sa_restorer members but still
defines SA_RESTORER macro, the latter has to be explicitly undefined.
This change fixes compilation failures like this one:
signal.c: In function 'decode_old_sigaction':
signal.c:631:21: error: 'struct old_sigaction' has no member named 'sa_restorer'
signal.c: In function 'decode_new_sigaction':
signal.c:1224:21: error: 'struct new_sigaction' has no member named 'sa_restorer'
* signal.c (struct old_sigaction, struct old_sigaction32,
struct new_sigaction, struct new_sigaction32):
Wrap sa_restorer member in #ifdef SA_RESTORER.
(decode_old_sigaction, decode_new_sigaction):
Wrap use of sa32.sa_restorer in #ifdef SA_RESTORER.
Fix compilation warnings reported by gcc -Wsign-compare
* configure.ac (gl_WARN_ADD): Add -Wsign-compare.
* defs.h (struct tcb): Change 'currpers' type to unsigned.
(struct xlat): Change 'val' type to unsigned
(signame): Add 'const' qualifier to its argument.
(xlookup, printxval): Add 'const' qualifier to the 2nd argument and
change its type to unsigned.
(printpathn): Change the 3rd argument type to unsigned.
(ioctl_lookup): Change 1st argument type to unsigned.
* count.c (call_summary_pers, call_summary): Change 'i' type to unsigned.
* file.c (print_xattr_list): Fix comparisons between signed and unsigned
long values.
* ioctl.c (compare): Fix cast.
(ioctl_lookup): Change 1st argument type to to unsigned.
(ioctl_next_match): Change 'code' type to unsigned.
* mem.c (sys_move_pages): Change 'i' type to unsigned.
* mtd.c (mtd_ioctl): Change 'i' and 'j' types to unsigned.
Print 'i' using %u format string.
* process.c (sys_prctl): Change 'i' type to unsigned.
(printargv): Change 'n' type to unsigned.
(sys_ptrace): Change 'addr' type to unsigned.
* scsi.c (print_sg_io_buffer): Add 'const' qualifier to 'len' argument
and change its type to unsigned. Change 'i' and 'allocated' types
to unsigned.
* signal.c (signame): Add 'const' qualifier to its argument.
Fix comparisons between signed and unsigned values.
(sprintsigmask_n, printsiginfo): Fix comparisons between signed and
unsigned values.
* sock.c (sock_ioctl): Change 'i' and 'nifra' types to unsigned.
* strace.c (expand_tcbtab, alloctcb): Change 'i' type to unsigned.
(detach): Change 'sig' type to unsigned.
(startup_attach): Change 'tcbi' type to unsigned.
(startup_child): Change 'm', 'n', and 'len' types to unsigned.
(init): Use new variable to iterate 'tcbtab'.
(pid2tcb): Change 'i' type to unsigned.
(cleanup): Change 'i' and 'sig' types to unsigned.
* syscall.c (update_personality): Change 'personality' argument type
to unsigned.
(struct qual_options): Change 'bitflag' type to unsigned.
(reallocate_qual): Add 'const' qualifier to its argument and change its
type to unsigned.
(qualify_one): Change 'n' and 'bitflag' arguments types to unsigned.
Add 'const' qualifier to 'n', 'not', and 'pers' arguments.
Change 'p' type to signed int.
(qual_syscall): Change 'bitflag' argument type to unsigned.
Add 'const' qualifier to 'bitflag' and 'not' arguments.
Change 'p' type to signed int.
(qual_signal): Change 'bitflag' argument type to unsigned.
Add 'const' qualifier to 'bitflag' and 'not' arguments.
Change 'i' type to unsigned.
(qual_desc): Change 'bitflag' argument type to unsigned.
Add 'const' qualifier to 'bitflag' and 'not' arguments.
(qualify): Change 'i' type to unsigned.
(get_scno): Change 'currpers' type to unsigned.
Fix a comparison between signed and unsigned values.
* system.c (sys_sysctl): Change 'cnt' and 'max_cnt' types to unsigned.
Fix comparisons between signed and unsigned values.
* util.c (xlookup, printxval): Add 'const' qualifier to 'val' argument
and change its type to unsigned.
(printuid): Fix a comparison between signed and unsigned values.
(printpathn): Change 'n' argument type to unsigned.
(printstr): Change 'size' type to unsigned.
Fix a comparison between signed and unsigned values.
(setbpt): Change 'i' type to unsigned.
* net.c (printsock): Silence a compilation warning.
* reboot.c (sys_reboot): Likewise.
Stop using an outdated partial copy of libaio.h, switch back to external
libaio.h from libaio.
This partially reverts commit 2df03c494eb3c36c4178eba35c374831031d1a58.
* aio.c: Drop a partial copy of libaio.h, include <libaio.h> instead.
(print_common_flags): Check for HAVE_STRUCT_IOCB_U_C_FLAGS.
(sys_io_submit): Check for HAVE_DECL_IO_CMD_PWRITE and
HAVE_DECL_IO_CMD_PWRITEV.
* configure.ac: Check for libaio.h and declaration it provides.
Mike Frysinger [Thu, 14 Aug 2014 08:05:37 +0000 (04:05 -0400)]
CREDITS: fix generation in out of tree builds
The {...} code changes the working dir with `cd`, but the commands outside
of that block expects to be in the original dir. Change to a subshell so
the path outside of this block remains unchanged.
* Makefile.am ($(srcdir)/CREDITS): Change {...} to (...).
Mike Frysinger [Thu, 14 Aug 2014 05:02:16 +0000 (01:02 -0400)]
ia64: add missing syscalls
When the preadv/pwritev syscalls were added, the ones before it in the
ia64 list were missed, so all the syscalls there and later were not in
the right location (causing things to be decoded incorrectly).
Add the missing syscalls before preadv which also re-aligns all the
syscalls after that point. This fixes the uio.test.
* linux/ia64/syscallent.h: Add syscalls 1310 through 1318.
Mike Frysinger [Mon, 11 Aug 2014 06:52:08 +0000 (02:52 -0400)]
tests: fix uio building w/out preadv/pwritev
The preadv/pwritev symbols weren't added to glibc until the 2.10 release,
so trying to build the uio test leads to link failures. Add configure
tests and update uio.test to handle this.
* configure.ac (AC_CHECK_FUNCS): Add preadv/pwritev.
* tests/uio.c: Include config.h.
(main): Check for HAVE_PREADV and HAVE_PWRITEV.
* tests/uio.test: Check exit status of uio helper.
Mike Frysinger [Mon, 11 Aug 2014 05:31:23 +0000 (01:31 -0400)]
tests: fix shell errors in detach tests
The current detach test code does:
set -e
...
cleanup() {
set +e
kill ...
wait ...
}
...
cleanup
exit 0
The problem is that while `set -e` is disabled for the body of the
cleanup function, it isn't necessarily disabled in the caller scope.
So if the return value of the cleanup function (`wait` in this case)
is non-zero, the script ends up failing overall.
Add an explicit return 0 to the cleanup function so that we don't kill
the overall test pipeline.
Mike Frysinger [Sat, 9 Aug 2014 13:32:20 +0000 (09:32 -0400)]
sigaction test: support arches w/out SA_RESTORER and swapped args
Running Linux 3.15 (sparc64) and glibc 2.17 (sparc32) triggers a
rt_sigaction call that does not use SA_RESTORER and has an order
where it inserts a restorer and a size. The current tests don't
support that ordering, so add another regex.
* tests/sigaction.awk: Support no SA_RESTORER and swapped args.
Dmitry V. Levin [Thu, 12 Jun 2014 14:01:45 +0000 (18:01 +0400)]
unwind: cleanup build_mmap_cache
* unwind.c (build_mmap_cache): Move local variables to the code branch
where they are used. Check return code of sscanf and strdup. Do not
treat unusual memory mappings as fatal errors. Do not skip memory
mappings with path names starting with "[".
Dmitry V. Levin [Thu, 5 Jun 2014 15:12:42 +0000 (15:12 +0000)]
unwind: use fopen64 instead of fopen
* unwind.c (fopen_for_input): Define to fopen64 iff
[_LARGEFILE64_SOURCE && HAVE_FOPEN64], otherwise define it to fopen.
(build_mmap_cache): Use fopen_for_input instead of fopen.
Dmitry V. Levin [Thu, 5 Jun 2014 14:37:04 +0000 (14:37 +0000)]
unwind: fix build on 32-bit architectures
Fix compilation warnings in unwind.c on 32-bit architectures.
On some architectures getuid is actually getuid32, so change the test
to use getpid instead of getuid.
* unwind.c (STACK_ENTRY_SYMBOL_FMT): Explicitly cast function_off_set
to unsigned long.
(queue_put_error): Change the 3rd argument's type to unsigned long.
* tests/stack-fcall.c (f1): Use getpid instead of getuid.
* tests/strace-k.test: Likewise.
Dmitry V. Levin [Tue, 3 Jun 2014 12:56:42 +0000 (12:56 +0000)]
debian: enable security hardening features
* debian/rules: Follow the advice in https://wiki.debian.org/Hardening
and enable maximum hardening as for programs that handle untrusted data.
Patch by Markus <waldeck@gmx.de>.
Dmitry V. Levin [Tue, 3 Jun 2014 12:16:53 +0000 (12:16 +0000)]
debian: update control file
* debian/control (strace64): Fix a typo in package description.
Patch by Pascal De Vuyst <pascal.devuyst@gmail.com>.
(strace, strace-udeb): Add x32 to architecture list.
Patch by Guillaume Morin <guillaume@morinfr.org>.
(strace, strace-udeb): Add or1k to architecture list.
Patch by Christian Svensson <debian@cmd.nu>.
(strace, strace-udeb): Add arm64 to architecture list,
and remove defunct arm.
Patch by Wookey <wookey@debian.org>.
This fixes Debian bugs: #697625, #727018, #742235, #749956.
Dmitry V. Levin [Tue, 3 Jun 2014 12:03:41 +0000 (12:03 +0000)]
manpage: minor corrections
$ groff -ww -mandoc -z strace.1
strace.1:65: warning: macro `IX' not defined
* strace.1: define IX macro as empty for groff.
Change remaining '-' as minus to '\-'.
Have two word spaces after a full stop as an end of sentence.
Use extra space ('\,' or '\/') between roman and italic characters.
Based on patch by Bjarni Ingi Gislason <bjarniig@rhi.hi.is>.
This fixes Debian bug #725987.
unwind: move stacktrace capturing and mmap cache invalidating to trace_syscall_entering
Instead of handling stacktrace capturing and mmap cache invalidating in
sys_* functions, handle them uniformly in trace_syscall_entering using
new flags introduced by previous two commits.
The patch is simpler than its older version(v3). The value of
hide_log_until_execve is just ignored. I found the value is nothing
to do with this patch. unwind_cache_invalidate is mentioned only
once in trace_syscall_exiting.
Both are suggested by Dmitry Levin.
Dmitry V. Levin [Mon, 12 May 2014 14:37:50 +0000 (14:37 +0000)]
unwind: add SE and SI flags to syscall entries for all architectures
Add SE flag to execve, exit, and exit_group syscall entries.
Add SI flag to brk, execve, mmap, mprotect, mremap, munmap,
remap_file_pages, shmat, and shmdt syscall entries.
unwind: introduce markers specifying the needs of special care in unwinding
Some system calls require capturing the stack trace before they are
processed in kernel. Typical one is execve. Some system calls require
invalidating mmap cache after they are processed in kernel.
In current implementation these requirements are handled directly by
appropriate syscall handlers. However, it is difficult to keep the
source code maintainable using this approach to cover all system calls
which have such requirements.
A more generic way to implement this is to flag all syscalls that
require special processing, and handle these flags right in
trace_syscall_entering instead of changing syscall handlers.
This patch just defines new flags: STACKTRACE_INVALIDATE_CACHE and
STACKTRACE_CAPTURE_ON_ENTER.
The names of macros are suggested by Dmitry Levin.
When a file mmap'ed to the target process is unlink'ed, backtracing the
stack would fail. Current implementation reports it as
"backtracing_error". To avoid confusion, the message is changed to
"expected_backtracing_error".
p-deleted is deleted therefore backtracing_error is reported. This
patch records the deleted marker when making mmap cache and refers the
recorded information in the case "backtracing_error" to switch the
message.
This solution is not perfect: if a file is unlink'ed after making the
mmap cache and before unwinding, strace cannot have a chance to record
the deleted marker.
In this version of patch, hardcoded magic number used in comparing "(delete)"
string is replaced with strlen as suggested by Dmitry Levin.
In old version of patch, the deleted entry was thrown away from mmap
cache to avoid to report "backtracing_error". In this patch I keep it,
and just switch the error message.
Inspired by the review comment from Dmitry Levin.
unwind: call unwind_tcb_fin before printing detached message
captured stacktrace is printed in unwind_tcb_fin if tcp->queue is not
empty. This should happen before printing detached message, so
unwind_tcb_fin is moved to the top of droptcb.
This is implicitly suggested by Dmitry Levin in patch review process.
A mmap cache belonging to a tcb was updated when a system call which
changed the memory mapping was called. This implementation was assumed
the mapping was changed only by the tcb. However, this assumption is
incorrect if the target application is multi-threaded; more than two
tcbs can shared the same memory mapping and a tcb can modify it without
being noticed by the others.
This change introduces a global integer variable mmap_cache_generation,
and mmap_cache_generation field to struct tcb. The variable
is incremented each time a process enters a syscall that can modify its
memory mapping. Each tcb records the value of this variable at the
moment if building its mmap cache. Every mmap cache associated with
the given tcb can be validated by comparing its mmap_cache_generation
field with the variable mmap_cache_generation.
This implementation is inefficient. If strace attaches two processes
which don't share the memory mapping, rebuilding mmap cache of a tcb
triggered by another tcb's mmap system call is not necessary.
unwind: introduce queue_t for capturing stacktrace
This is the second step for splitting capturing from printing.
New `queue' field is added to tcb. Captured stacktrace is stored here.
The field is initialized/finalized at unwind_tcb_init/unwind_tcb_fin.
New API function unwind_capture_stacktrace is added. This function
captures the currest stack using stracktrace_walker and records it in
tcb. It's printing is delayed to the next call of
unwind_print_stacktrace.
unwind_print_stacktrace is extended. Now it checks queue field of
the given tcb at the start of function. If the function finds a
captured stack trace, the latter is printed using stracktrace_walker.
Currently unwind_capture_stacktrace invocations are added directly to
handlers of mmap, munmap, mprotect, and execve.
Here is the difference of output with/without patch:
In older version output lines of captured elements were built when
printing. In this version they are built when capturing the stack.
As result, unneeded dynamic memory allocations are avoided.
Suggested by Luca Clementi.
In older version the combination of snprintf and realloc were used.
In this version they are replaced with asprintf.
Suggested by Dmitry Levin.
projects / strace / log