/**
* Allocate @size bytes in the @tracee's memory space. This function
* returns the address of the allocated memory in the @tracee's memory
* space, otherwise 0 if an error occured.
*/
word_t alloc_mem(Tracee *tracee, ssize_t size)
{
word_t stack_pointer;
/* This function should be called in sysenter only since the
* stack pointer is systematically restored at the end of
* sysexit (except for execve, but in this case the stack
* pointer should be handled with care since it is used by the
* process to retrieve argc, argv, envp, and auxv). */
assert(IS_IN_SYSENTER(tracee));
/* Get the current value of the stack pointer from the tracee's
* USER area. */
stack_pointer = peek_reg(tracee, CURRENT, STACK_POINTER);
/* Some ABIs specify an amount of bytes after the stack
* pointer that shall not be used by anything but the compiler
* (for optimization purpose). */
if (stack_pointer == peek_reg(tracee, ORIGINAL, STACK_POINTER))
size += RED_ZONE_SIZE;
/* Sanity check. */
if ( (size > 0 && stack_pointer <= (word_t) size)
|| (size < 0 && stack_pointer >= ULONG_MAX + size)) {
note(tracee, WARNING, INTERNAL, "integer under/overflow detected in %s",
__FUNCTION__);
return 0;
}
/* Remember the stack grows downward. */
stack_pointer -= size;
/* Set the new value of the stack pointer in the tracee's USER
* area. */
poke_reg(tracee, STACK_POINTER, stack_pointer);
return stack_pointer;
}
void translate_syscall(Tracee *tracee)
{
const bool is_enter_stage = IS_IN_SYSENTER(tracee);
int status;
assert(tracee->exe != NULL);
status = fetch_regs(tracee);
if (status < 0)
return;
if (is_enter_stage) {
/* Never restore original register values at the end
* of this stage. */
tracee->restore_original_regs = false;
print_current_regs(tracee, 3, "sysenter start");
/* Translate the syscall only if it was actually
* requested by the tracee, it is not a syscall
* chained by PRoot. */
if (tracee->chain.syscalls == NULL) {
save_current_regs(tracee, ORIGINAL);
status = translate_syscall_enter(tracee);
save_current_regs(tracee, MODIFIED);
}
else {
status = notify_extensions(tracee, SYSCALL_CHAINED_ENTER, 0, 0);
tracee->restart_how = PTRACE_SYSCALL;
}
/* Remember the tracee status for the "exit" stage and
* avoid the actual syscall if an error was reported
* by the translation/extension. */
if (status < 0) {
set_sysnum(tracee, PR_void);
poke_reg(tracee, SYSARG_RESULT, (word_t) status);
tracee->status = status;
}
else
tracee->status = 1;
/* Restore tracee's stack pointer now if it won't hit
* the sysexit stage (i.e. when seccomp is enabled and
* there's nothing else to do). */
if (tracee->restart_how == PTRACE_CONT) {
tracee->status = 0;
poke_reg(tracee, STACK_POINTER, peek_reg(tracee, ORIGINAL, STACK_POINTER));
}
}
else {
/* By default, restore original register values at the
* end of this stage. */
tracee->restore_original_regs = true;
print_current_regs(tracee, 5, "sysexit start");
/* Translate the syscall only if it was actually
* requested by the tracee, it is not a syscall
* chained by PRoot. */
if (tracee->chain.syscalls == NULL)
translate_syscall_exit(tracee);
else
(void) notify_extensions(tracee, SYSCALL_CHAINED_EXIT, 0, 0);
/* Reset the tracee's status. */
tracee->status = 0;
/* Insert the next chained syscall, if any. */
if (tracee->chain.syscalls != NULL)
chain_next_syscall(tracee);
}
(void) push_regs(tracee);
if (is_enter_stage)
print_current_regs(tracee, 5, "sysenter end" );
else
print_current_regs(tracee, 4, "sysexit end");
}
