void
powerpc64_syscall_entry(struct trussinfo *trussinfo, int nargs)
{
struct ptrace_io_desc iorequest;
struct reg regs;
struct freebsd_syscall *fsc;
struct syscall *sc;
void *args;
lwpid_t tid;
int i, regargs, syscall_num;
tid = trussinfo->curthread->tid;
if (ptrace(PT_GETREGS, tid, (caddr_t)®s, 0) < 0) {
fprintf(trussinfo->outfile, "-- CANNOT READ REGISTERS --\n");
return;
}
/*
* FreeBSD has two special kinds of system call redirctions --
* SYS_syscall, and SYS___syscall. The former is the old syscall()
* routine, basically; the latter is for quad-aligned arguments.
*/
regargs = NARGREG;
syscall_num = regs.fixreg[0];
args = ®s.fixreg[3];
if (syscall_num == SYS_syscall || syscall_num == SYS___syscall) {
args = ®s.fixreg[4];
regargs -= 1;
syscall_num = regs.fixreg[3];
}
fsc = alloc_fsc();
if (fsc == NULL)
return;
fsc->number = syscall_num;
fsc->name = (syscall_num < 0 || syscall_num >= nsyscalls) ?
NULL : syscallnames[syscall_num];
if (!fsc->name) {
fprintf(trussinfo->outfile, "-- UNKNOWN SYSCALL %d --\n",
syscall_num);
}
if (fsc->name && (trussinfo->flags & FOLLOWFORKS) &&
(strcmp(fsc->name, "fork") == 0 ||
strcmp(fsc->name, "rfork") == 0 ||
strcmp(fsc->name, "vfork") == 0))
trussinfo->curthread->in_fork = 1;
if (nargs == 0)
return;
fsc->args = malloc((1 + nargs) * sizeof(unsigned long));
if (nargs > regargs) {
memmove(&fsc->args[0], args, regargs * sizeof(fsc->args[0]));
iorequest.piod_op = PIOD_READ_D;
iorequest.piod_offs = (void *)(regs.fixreg[1] + 48);
iorequest.piod_addr = &fsc->args[regargs];
iorequest.piod_len = (nargs - regargs) * sizeof(fsc->args[0]);
ptrace(PT_IO, tid, (caddr_t)&iorequest, 0);
if (iorequest.piod_len == 0)
return;
} else
memmove(&fsc->args[0], args, nargs * sizeof(fsc->args[0]));
sc = get_syscall(fsc->name);
if (sc)
fsc->nargs = sc->nargs;
else {
#if DEBUG
fprintf(trussinfo->outfile, "unknown syscall %s -- setting "
"args to %d\n", fsc->name, nargs);
#endif
fsc->nargs = nargs;
}
fsc->s_args = calloc(1, (1 + fsc->nargs) * sizeof(char *));
fsc->sc = sc;
/*
* At this point, we set up the system call arguments.
* We ignore any OUT ones, however -- those are arguments that
* are set by the system call, and so are probably meaningless
* now. This doesn't currently support arguments that are
* passed in *and* out, however.
*/
if (fsc->name) {
#if DEBUG
fprintf(stderr, "syscall %s(", fsc->name);
#endif
for (i = 0; i < fsc->nargs; i++) {
#if DEBUG
fprintf(stderr, "0x%x%s", sc ?
fsc->args[sc->args[i].offset] : fsc->args[i],
i < (fsc->nargs - 1) ? "," : "");
#endif
if (sc && !(sc->args[i].type & OUT)) {
fsc->s_args[i] = print_arg(&sc->args[i],
fsc->args, 0, trussinfo);
}
}
#if DEBUG
fprintf(stderr, ")\n");
#endif
}
#if DEBUG
fprintf(trussinfo->outfile, "\n");
#endif
if (fsc->name && (strcmp(fsc->name, "execve") == 0 ||
strcmp(fsc->name, "exit") == 0)) {
/*
* XXX
* This could be done in a more general
* manner but it still wouldn't be very pretty.
*/
if (strcmp(fsc->name, "execve") == 0) {
if ((trussinfo->flags & EXECVEARGS) == 0) {
if (fsc->s_args[1]) {
free(fsc->s_args[1]);
fsc->s_args[1] = NULL;
}
}
if ((trussinfo->flags & EXECVEENVS) == 0) {
if (fsc->s_args[2]) {
free(fsc->s_args[2]);
fsc->s_args[2] = NULL;
}
}
}
}
trussinfo->curthread->fsc = fsc;
}
void
arm_syscall_entry(struct trussinfo *trussinfo, int nargs)
{
struct ptrace_io_desc iorequest;
struct reg regs;
struct freebsd_syscall *fsc;
struct syscall *sc;
lwpid_t tid;
int i, syscall_num;
register_t *ap;
tid = trussinfo->curthread->tid;
if (ptrace(PT_GETREGS, tid, (caddr_t)®s, 0) < 0) {
fprintf(trussinfo->outfile, "-- CANNOT READ REGISTERS --\n");
return;
}
ap = ®s.r[0];
/*
* FreeBSD has two special kinds of system call redirctions --
* SYS_syscall, and SYS___syscall. The former is the old syscall()
* routine, basically; the latter is for quad-aligned arguments.
*/
#ifdef __ARM_EABI__
syscall_num = regs.r[7];
#else
if ((syscall_num = ptrace(PT_READ_I, tid,
(caddr_t)(regs.r[_REG_PC] - INSN_SIZE), 0)) == -1) {
fprintf(trussinfo->outfile, "-- CANNOT READ PC --\n");
return;
}
syscall_num = syscall_num & 0x000fffff;
#endif
switch (syscall_num) {
case SYS_syscall:
syscall_num = *ap++;
nargs--;
break;
case SYS___syscall:
syscall_num = ap[_QUAD_LOWWORD];
ap += 2;
nargs -= 2;
break;
}
fsc = alloc_fsc();
if (fsc == NULL)
return;
fsc->number = syscall_num;
fsc->name = (syscall_num < 0 || syscall_num >= nsyscalls) ?
NULL : syscallnames[syscall_num];
if (!fsc->name) {
fprintf(trussinfo->outfile, "-- UNKNOWN SYSCALL %d --\n",
syscall_num);
}
if (fsc->name && (trussinfo->flags & FOLLOWFORKS) &&
(strcmp(fsc->name, "fork") == 0 ||
strcmp(fsc->name, "rfork") == 0 ||
strcmp(fsc->name, "vfork") == 0))
trussinfo->curthread->in_fork = 1;
if (nargs == 0)
return;
fsc->args = malloc((1 + nargs) * sizeof(unsigned long));
switch (nargs) {
default:
/*
* The OS doesn't seem to allow more than 10 words of
* parameters (yay!). So we shouldn't be here.
*/
warn("More than 10 words (%d) of arguments!\n", nargs);
break;
case 10:
case 9:
case 8:
case 7:
case 6:
case 5:
/*
* If there are 7-10 words of arguments, they are placed
* on the stack, as is normal for other processors.
* The fall-through for all of these is deliberate!!!
*/
// XXX BAD constant used here
iorequest.piod_op = PIOD_READ_D;
iorequest.piod_offs = (void *)(regs.r[_REG_SP] +
4 * sizeof(uint32_t));
iorequest.piod_addr = &fsc->args[4];
iorequest.piod_len = (nargs - 4) * sizeof(fsc->args[0]);
ptrace(PT_IO, tid, (caddr_t)&iorequest, 0);
if (iorequest.piod_len == 0)
return;
case 4: fsc->args[3] = ap[3];
case 3: fsc->args[2] = ap[2];
case 2: fsc->args[1] = ap[1];
case 1: fsc->args[0] = ap[0];
case 0: break;
}
sc = NULL;
if (fsc->name)
sc = get_syscall(fsc->name);
if (sc)
fsc->nargs = sc->nargs;
else {
#if DEBUG
fprintf(trussinfo->outfile, "unknown syscall %s -- setting "
"args to %d\n", fsc->name, nargs);
#endif
fsc->nargs = nargs;
}
fsc->s_args = calloc(1, (1 + fsc->nargs) * sizeof(char *));
fsc->sc = sc;
/*
* At this point, we set up the system call arguments.
* We ignore any OUT ones, however -- those are arguments that
* are set by the system call, and so are probably meaningless
* now. This doesn't currently support arguments that are
* passed in *and* out, however.
*/
if (fsc->name) {
#if DEBUG
fprintf(stderr, "syscall %s(", fsc->name);
#endif
for (i = 0; i < fsc->nargs; i++) {
#if DEBUG
fprintf(stderr, "0x%x%s", sc ?
fsc->args[sc->args[i].offset] : fsc->args[i],
i < (fsc->nargs - 1) ? "," : "");
#endif
if (sc && !(sc->args[i].type & OUT)) {
fsc->s_args[i] = print_arg(&sc->args[i],
fsc->args, 0, trussinfo);
}
}
#if DEBUG
fprintf(stderr, ")\n");
#endif
}
#if DEBUG
fprintf(trussinfo->outfile, "\n");
#endif
if (fsc->name != NULL && (strcmp(fsc->name, "execve") == 0 ||
strcmp(fsc->name, "exit") == 0)) {
/*
* XXX
* This could be done in a more general
* manner but it still wouldn't be very pretty.
*/
if (strcmp(fsc->name, "execve") == 0) {
if ((trussinfo->flags & EXECVEARGS) == 0) {
if (fsc->s_args[1]) {
free(fsc->s_args[1]);
fsc->s_args[1] = NULL;
}
}
if ((trussinfo->flags & EXECVEENVS) == 0) {
if (fsc->s_args[2]) {
free(fsc->s_args[2]);
fsc->s_args[2] = NULL;
}
}
}
}
trussinfo->curthread->fsc = fsc;
}
void
mips_syscall_entry(struct trussinfo *trussinfo, int nargs)
{
struct ptrace_io_desc iorequest;
struct reg regs;
struct freebsd_syscall *fsc;
struct syscall *sc;
lwpid_t tid;
int i, syscall_num;
int indir; /* indirect system call */
tid = trussinfo->curthread->tid;
if (ptrace(PT_GETREGS, tid, (caddr_t)®s, 0) < 0) {
fprintf(trussinfo->outfile, "-- CANNOT READ REGISTERS --\n");
return;
}
indir = 0;
syscall_num = regs.r_regs[V0];
if (syscall_num == SYS_syscall) {
indir = 1;
syscall_num = regs.r_regs[A0];
}
fsc = alloc_fsc();
if (fsc == NULL)
return;
fsc->number = syscall_num;
fsc->name = (syscall_num < 0 || syscall_num >= nsyscalls) ?
NULL : syscallnames[syscall_num];
if (!fsc->name) {
fprintf(trussinfo->outfile, "-- UNKNOWN SYSCALL %d --\n",
syscall_num);
}
if (fsc->name && (trussinfo->flags & FOLLOWFORKS) &&
(strcmp(fsc->name, "fork") == 0 ||
strcmp(fsc->name, "pdfork") == 0 ||
strcmp(fsc->name, "rfork") == 0 ||
strcmp(fsc->name, "vfork") == 0))
trussinfo->curthread->in_fork = 1;
if (nargs == 0)
return;
fsc->args = malloc((1 + nargs) * sizeof(unsigned long));
#if 0 // XXX
iorequest.piod_op = PIOD_READ_D;
iorequest.piod_offs = (void *)parm_offset;
iorequest.piod_addr = fsc->args;
iorequest.piod_len = (1 + nargs) * sizeof(unsigned long);
ptrace(PT_IO, tid, (caddr_t)&iorequest, 0);
if (iorequest.piod_len == 0)
return;
#else
iorequest.piod_op = PIOD_READ_D;
#endif
switch (nargs) {
default:
/*
* The OS doesn't seem to allow more than 10 words of
* parameters (yay!). So we shouldn't be here.
*/
warn("More than 10 words (%d) of arguments!\n", nargs);
break;
case 10:
case 9:
case 8:
case 7:
case 6:
case 5:
/*
* If there are 7-10 words of arguments, they are placed
* on the stack, as is normal for other processors.
* The fall-through for all of these is deliberate!!!
*/
// XXX BAD constant used here
iorequest.piod_op = PIOD_READ_D;
iorequest.piod_offs = (void *)(regs.r_regs[SP] +
4 * sizeof(uint32_t));
iorequest.piod_addr = &fsc->args[4];
iorequest.piod_len = (nargs - 4) * sizeof(fsc->args[0]);
ptrace(PT_IO, tid, (caddr_t)&iorequest, 0);
if (iorequest.piod_len == 0)
return;
case 4: fsc->args[3] = regs.r_regs[A3];
case 3: fsc->args[2] = regs.r_regs[A2];
case 2: fsc->args[1] = regs.r_regs[A1];
case 1: fsc->args[0] = regs.r_regs[A0];
case 0: break;
}
if (indir) {
memmove(&fsc->args[0], &fsc->args[1],
(nargs - 1) * sizeof(fsc->args[0]));
}
sc = get_syscall(fsc->name);
if (sc)
fsc->nargs = sc->nargs;
else {
#if DEBUG
fprintf(trussinfo->outfile, "unknown syscall %s -- setting "
"args to %d\n", fsc->name, nargs);
#endif
fsc->nargs = nargs;
}
fsc->s_args = calloc(1, (1 + fsc->nargs) * sizeof(char *));
fsc->sc = sc;
/*
* At this point, we set up the system call arguments.
* We ignore any OUT ones, however -- those are arguments that
* are set by the system call, and so are probably meaningless
* now. This doesn't currently support arguments that are
* passed in *and* out, however.
*/
if (fsc->name) {
#if DEBUG
fprintf(stderr, "syscall %s(", fsc->name);
#endif
for (i = 0; i < fsc->nargs; i++) {
#if DEBUG
fprintf(stderr, "0x%x%s", sc ?
fsc->args[sc->args[i].offset] : fsc->args[i],
i < (fsc->nargs - 1) ? "," : "");
#endif
if (sc && !(sc->args[i].type & OUT)) {
fsc->s_args[i] = print_arg(&sc->args[i],
fsc->args, 0, trussinfo);
}
}
#if DEBUG
fprintf(stderr, ")\n");
#endif
}
#if DEBUG
fprintf(trussinfo->outfile, "\n");
#endif
trussinfo->curthread->fsc = fsc;
}
void
amd64_linux32_syscall_entry(struct trussinfo *trussinfo, int nargs)
{
struct reg regs;
struct linux_syscall *fsc;
struct syscall *sc;
lwpid_t tid;
int i, syscall_num;
tid = trussinfo->curthread->tid;
if (ptrace(PT_GETREGS, tid, (caddr_t)®s, 0) < 0) {
fprintf(trussinfo->outfile, "-- CANNOT READ REGISTERS --\n");
return;
}
syscall_num = regs.r_rax;
fsc = alloc_fsc();
if (fsc == NULL)
return;
fsc->number = syscall_num;
fsc->name = (syscall_num < 0 || syscall_num >= nsyscalls) ?
NULL : linux32_syscallnames[syscall_num];
if (!fsc->name) {
fprintf(trussinfo->outfile, "-- UNKNOWN SYSCALL %d --\n",
syscall_num);
}
if (fsc->name && (trussinfo->flags & FOLLOWFORKS) &&
(strcmp(fsc->name, "linux_fork") == 0 ||
strcmp(fsc->name, "linux_vfork") == 0))
trussinfo->curthread->in_fork = 1;
if (nargs == 0)
return;
/*
* Linux passes syscall arguments in registers, not
* on the stack. Fortunately, we've got access to the
* register set. Note that we don't bother checking the
* number of arguments. And what does linux do for syscalls
* that have more than five arguments?
*/
fsc->args[0] = regs.r_rbx;
fsc->args[1] = regs.r_rcx;
fsc->args[2] = regs.r_rdx;
fsc->args[3] = regs.r_rsi;
fsc->args[4] = regs.r_rdi;
sc = get_syscall(fsc->name);
if (sc)
fsc->nargs = sc->nargs;
else {
#if DEBUG
fprintf(trussinfo->outfile, "unknown syscall %s -- setting "
"args to %d\n", fsc->name, nargs);
#endif
fsc->nargs = nargs;
}
fsc->s_args = calloc(1, (1 + fsc->nargs) * sizeof(char *));
fsc->sc = sc;
/*
* At this point, we set up the system call arguments.
* We ignore any OUT ones, however -- those are arguments that
* are set by the system call, and so are probably meaningless
* now. This doesn't currently support arguments that are
* passed in *and* out, however.
*/
if (fsc->name) {
#if DEBUG
fprintf(stderr, "syscall %s(", fsc->name);
#endif
for (i = 0; i < fsc->nargs; i++) {
#if DEBUG
fprintf(stderr, "0x%x%s", sc ?
fsc->args[sc->args[i].offset] : fsc->args[i],
i < (fsc->nargs - 1) ? "," : "");
#endif
if (sc && !(sc->args[i].type & OUT)) {
fsc->s_args[i] = print_arg(&sc->args[i],
fsc->args, 0, trussinfo);
}
}
#if DEBUG
fprintf(stderr, ")\n");
#endif
}
#if DEBUG
fprintf(trussinfo->outfile, "\n");
#endif
if (fsc->name != NULL && (strcmp(fsc->name, "linux_execve") == 0 ||
strcmp(fsc->name, "exit") == 0)) {
/*
* XXX
* This could be done in a more general
* manner but it still wouldn't be very pretty.
*/
if (strcmp(fsc->name, "linux_execve") == 0) {
if ((trussinfo->flags & EXECVEARGS) == 0) {
if (fsc->s_args[1]) {
free(fsc->s_args[1]);
fsc->s_args[1] = NULL;
}
}
if ((trussinfo->flags & EXECVEENVS) == 0) {
if (fsc->s_args[2]) {
free(fsc->s_args[2]);
fsc->s_args[2] = NULL;
}
}
}
}
trussinfo->curthread->fsc = fsc;
}