/*
* Return true if syscall accesses a selected path
* (or if no paths have been specified for tracing).
*/
int
pathtrace_match(struct tcb *tcp)
{
const struct_sysent *s;
s = tcp->s_ent;
if (!(s->sys_flags & (TRACE_FILE | TRACE_DESC | TRACE_NETWORK)))
return 0;
/*
* Check for special cases where we need to do something
* other than test arg[0].
*/
if (s->sys_func == sys_dup2 ||
s->sys_func == sys_dup3 ||
s->sys_func == sys_sendfile ||
s->sys_func == sys_sendfile64 ||
s->sys_func == sys_tee)
{
/* fd, fd */
return fdmatch(tcp, tcp->u_arg[0]) ||
fdmatch(tcp, tcp->u_arg[1]);
}
if (s->sys_func == sys_inotify_add_watch ||
s->sys_func == sys_faccessat ||
s->sys_func == sys_fchmodat ||
s->sys_func == sys_futimesat ||
s->sys_func == sys_unlinkat ||
s->sys_func == sys_newfstatat ||
s->sys_func == sys_mknodat ||
s->sys_func == sys_openat ||
s->sys_func == sys_readlinkat ||
s->sys_func == sys_utimensat ||
s->sys_func == sys_fchownat ||
s->sys_func == sys_pipe2)
{
/* fd, path */
return fdmatch(tcp, tcp->u_arg[0]) ||
upathmatch(tcp, tcp->u_arg[1]);
}
if (s->sys_func == sys_link ||
s->sys_func == sys_mount)
{
/* path, path */
return upathmatch(tcp, tcp->u_arg[0]) ||
upathmatch(tcp, tcp->u_arg[1]);
}
if (s->sys_func == sys_quotactl)
{
/* x, path */
return upathmatch(tcp, tcp->u_arg[1]);
}
if (s->sys_func == sys_renameat ||
s->sys_func == sys_renameat2 ||
s->sys_func == sys_linkat)
{
/* fd, path, fd, path */
return fdmatch(tcp, tcp->u_arg[0]) ||
fdmatch(tcp, tcp->u_arg[2]) ||
upathmatch(tcp, tcp->u_arg[1]) ||
upathmatch(tcp, tcp->u_arg[3]);
}
if (
s->sys_func == sys_old_mmap ||
#if defined(S390)
s->sys_func == sys_old_mmap_pgoff ||
#endif
s->sys_func == sys_mmap ||
s->sys_func == sys_mmap_pgoff ||
s->sys_func == sys_mmap_4koff
) {
/* x, x, x, x, fd */
return fdmatch(tcp, tcp->u_arg[4]);
}
if (s->sys_func == sys_symlinkat) {
/* path, fd, path */
return fdmatch(tcp, tcp->u_arg[1]) ||
upathmatch(tcp, tcp->u_arg[0]) ||
upathmatch(tcp, tcp->u_arg[2]);
}
if (s->sys_func == sys_splice) {
/* fd, x, fd, x, x */
return fdmatch(tcp, tcp->u_arg[0]) ||
fdmatch(tcp, tcp->u_arg[2]);
}
if (s->sys_func == sys_epoll_ctl) {
/* x, x, fd, x */
return fdmatch(tcp, tcp->u_arg[2]);
}
if (s->sys_func == sys_fanotify_mark) {
/* x, x, x, fd, path */
return fdmatch(tcp, tcp->u_arg[3]) ||
upathmatch(tcp, tcp->u_arg[4]);
}
if (s->sys_func == sys_select ||
s->sys_func == sys_oldselect ||
s->sys_func == sys_pselect6)
{
int i, j;
int nfds;
long *args, oldargs[5];
unsigned fdsize;
fd_set *fds;
args = tcp->u_arg;
if (s->sys_func == sys_oldselect) {
if (umoven(tcp, tcp->u_arg[0], sizeof oldargs,
oldargs) < 0)
{
fprintf(stderr, "umoven() failed\n");
return 0;
}
args = oldargs;
}
/* Kernel truncates arg[0] to int, we do the same. */
nfds = (int) args[0];
/* Kernel rejects negative nfds, so we don't parse it either. */
if (nfds <= 0)
return 0;
/* Beware of select(2^31-1, NULL, NULL, NULL) and similar... */
if (nfds > 1024*1024)
nfds = 1024*1024;
fdsize = (((nfds + 7) / 8) + current_wordsize-1) & -current_wordsize;
fds = malloc(fdsize);
if (!fds)
die_out_of_memory();
for (i = 1; i <= 3; ++i) {
if (args[i] == 0)
continue;
if (umoven(tcp, args[i], fdsize, fds) < 0) {
fprintf(stderr, "umoven() failed\n");
continue;
}
for (j = 0;; j++) {
j = next_set_bit(fds, j, nfds);
if (j < 0)
break;
if (fdmatch(tcp, j)) {
free(fds);
return 1;
}
}
}
free(fds);
return 0;
}
if (s->sys_func == sys_poll ||
s->sys_func == sys_ppoll)
{
struct pollfd fds;
unsigned nfds;
unsigned long start, cur, end;
start = tcp->u_arg[0];
nfds = tcp->u_arg[1];
end = start + sizeof(fds) * nfds;
if (nfds == 0 || end < start)
return 0;
for (cur = start; cur < end; cur += sizeof(fds))
if ((umoven(tcp, cur, sizeof fds, &fds) == 0)
&& fdmatch(tcp, fds.fd))
return 1;
return 0;
}
if (s->sys_func == printargs ||
s->sys_func == sys_pipe ||
s->sys_func == sys_pipe2 ||
s->sys_func == sys_eventfd2 ||
s->sys_func == sys_eventfd ||
s->sys_func == sys_inotify_init1 ||
s->sys_func == sys_timerfd_create ||
s->sys_func == sys_timerfd_settime ||
s->sys_func == sys_timerfd_gettime ||
s->sys_func == sys_epoll_create ||
s->sys_func == sys_socket ||
s->sys_func == sys_socketpair ||
s->sys_func == sys_fanotify_init)
{
/*
* These have TRACE_FILE or TRACE_DESCRIPTOR or TRACE_NETWORK set,
* but they don't have any file descriptor or path args to test.
*/
return 0;
}
/*
* Our fallback position for calls that haven't already
* been handled is to just check arg[0].
*/
if (s->sys_flags & TRACE_FILE)
return upathmatch(tcp, tcp->u_arg[0]);
if (s->sys_flags & (TRACE_DESC | TRACE_NETWORK))
return fdmatch(tcp, tcp->u_arg[0]);
return 0;
}
/*
* Return true if syscall accesses a selected path
* (or if no paths have been specified for tracing).
*/
int
pathtrace_match(struct tcb *tcp)
{
const struct_sysent *s;
if (selected[0] == NULL)
return 1;
s = tcp->s_ent;
if (!(s->sys_flags & (TRACE_FILE | TRACE_DESC)))
return 0;
/*
* Check for special cases where we need to do something
* other than test arg[0].
*/
if (s->sys_func == sys_dup2 ||
s->sys_func == sys_dup3 ||
s->sys_func == sys_sendfile ||
s->sys_func == sys_sendfile64 ||
s->sys_func == sys_tee)
{
/* fd, fd */
return fdmatch(tcp, tcp->u_arg[0]) ||
fdmatch(tcp, tcp->u_arg[1]);
}
if (s->sys_func == sys_inotify_add_watch ||
s->sys_func == sys_faccessat ||
s->sys_func == sys_fchmodat ||
s->sys_func == sys_futimesat ||
s->sys_func == sys_mkdirat ||
s->sys_func == sys_unlinkat ||
s->sys_func == sys_newfstatat ||
s->sys_func == sys_mknodat ||
s->sys_func == sys_openat ||
s->sys_func == sys_readlinkat ||
s->sys_func == sys_utimensat ||
s->sys_func == sys_fchownat ||
s->sys_func == sys_pipe2)
{
/* fd, path */
return fdmatch(tcp, tcp->u_arg[0]) ||
upathmatch(tcp, tcp->u_arg[1]);
}
if (s->sys_func == sys_link ||
s->sys_func == sys_mount)
{
/* path, path */
return upathmatch(tcp, tcp->u_arg[0]) ||
upathmatch(tcp, tcp->u_arg[1]);
}
if (s->sys_func == sys_quotactl)
{
/* x, path */
return upathmatch(tcp, tcp->u_arg[1]);
}
if (s->sys_func == sys_renameat ||
s->sys_func == sys_linkat)
{
/* fd, path, fd, path */
return fdmatch(tcp, tcp->u_arg[0]) ||
fdmatch(tcp, tcp->u_arg[2]) ||
upathmatch(tcp, tcp->u_arg[1]) ||
upathmatch(tcp, tcp->u_arg[3]);
}
if (
s->sys_func == sys_old_mmap ||
#if defined(S390)
s->sys_func == sys_old_mmap_pgoff ||
#endif
s->sys_func == sys_mmap ||
s->sys_func == sys_mmap_pgoff ||
s->sys_func == sys_mmap_4koff
) {
/* x, x, x, x, fd */
return fdmatch(tcp, tcp->u_arg[4]);
}
if (s->sys_func == sys_symlinkat) {
/* path, fd, path */
return fdmatch(tcp, tcp->u_arg[1]) ||
upathmatch(tcp, tcp->u_arg[0]) ||
upathmatch(tcp, tcp->u_arg[2]);
}
if (s->sys_func == sys_splice) {
/* fd, x, fd, x, x */
return fdmatch(tcp, tcp->u_arg[0]) ||
fdmatch(tcp, tcp->u_arg[2]);
}
if (s->sys_func == sys_epoll_ctl) {
/* x, x, fd, x */
return fdmatch(tcp, tcp->u_arg[2]);
}
if (s->sys_func == sys_select ||
s->sys_func == sys_oldselect ||
s->sys_func == sys_pselect6)
{
int i, j;
unsigned nfds;
long *args, oldargs[5];
unsigned fdsize;
fd_set *fds;
if (s->sys_func == sys_oldselect) {
if (umoven(tcp, tcp->u_arg[0], sizeof oldargs,
(char*) oldargs) < 0)
{
fprintf(stderr, "umoven() failed\n");
return 0;
}
args = oldargs;
} else
args = tcp->u_arg;
nfds = args[0];
/* Beware of select(2^31-1, NULL, NULL, NULL) and similar... */
if (args[0] > 1024*1024)
nfds = 1024*1024;
if (args[0] < 0)
nfds = 0;
fdsize = ((((nfds + 7) / 8) + sizeof(long) - 1)
& -sizeof(long));
fds = malloc(fdsize);
if (!fds)
die_out_of_memory();
for (i = 1; i <= 3; ++i) {
if (args[i] == 0)
continue;
if (umoven(tcp, args[i], fdsize, (char *) fds) < 0) {
fprintf(stderr, "umoven() failed\n");
continue;
}
for (j = 0; j < nfds; ++j)
if (FD_ISSET(j, fds) && fdmatch(tcp, j)) {
free(fds);
return 1;
}
}
free(fds);
return 0;
}
if (s->sys_func == sys_poll ||
s->sys_func == sys_ppoll)
{
struct pollfd fds;
unsigned nfds;
unsigned long start, cur, end;
start = tcp->u_arg[0];
nfds = tcp->u_arg[1];
end = start + sizeof(fds) * nfds;
if (nfds == 0 || end < start)
return 0;
for (cur = start; cur < end; cur += sizeof(fds))
if ((umoven(tcp, cur, sizeof fds, (char *) &fds) == 0)
&& fdmatch(tcp, fds.fd))
return 1;
return 0;
}
if (s->sys_func == printargs ||
s->sys_func == sys_pipe ||
s->sys_func == sys_pipe2 ||
s->sys_func == sys_eventfd2 ||
s->sys_func == sys_eventfd ||
s->sys_func == sys_inotify_init1 ||
s->sys_func == sys_timerfd_create ||
s->sys_func == sys_timerfd_settime ||
s->sys_func == sys_timerfd_gettime ||
s->sys_func == sys_epoll_create ||
strcmp(s->sys_name, "fanotify_init") == 0)
{
/*
* These have TRACE_FILE or TRACE_DESCRIPTOR set, but they
* don't have any file descriptor or path args to test.
*/
return 0;
}
/*
* Our fallback position for calls that haven't already
* been handled is to just check arg[0].
*/
if (s->sys_flags & TRACE_FILE)
return upathmatch(tcp, tcp->u_arg[0]);
if (s->sys_flags & TRACE_DESC)
return fdmatch(tcp, tcp->u_arg[0]);
return 0;
}