Implement fanotify_init and fanotify_mark decoding
* fanotify.c: New file.
* linux/fanotify.h: Likewise.
* Makefile.am (strace_SOURCES): Add fanotify.c.
(EXTRA_DIST): Add linux/fanotify.h.
* defs.h (print_dirfd): New prototype.
* file.c (print_dirfd): Export.
* linux/dummy.h (sys_fanotify_init, sys_fanotify_mark): Remove.
* linux/syscall.h (sys_fanotify_init, sys_fanotify_mark): New
prototypes.
* pathtrace.c (pathtrace_match): Handle sys_fanotify_init and
sys_fanotify_mark.
diff --git a/Makefile.am b/Makefile.am
index 2ba30f6..e9e4d21 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -20,6 +20,7 @@
block.c \
count.c \
desc.c \
+ fanotify.c \
file.c \
io.c \
ioctl.c \
@@ -94,6 +95,7 @@
linux/bfin/syscallent.h \
linux/dummy.h \
linux/errnoent.h \
+ linux/fanotify.h \
linux/hppa/errnoent.h \
linux/hppa/ioctlent.h.in \
linux/hppa/signalent.h \
diff --git a/defs.h b/defs.h
index b0a9144..f457d30 100644
--- a/defs.h
+++ b/defs.h
@@ -678,6 +678,7 @@
extern void printsiginfo_at(struct tcb *tcp, long addr);
#endif
extern void printfd(struct tcb *, int);
+extern void print_dirfd(struct tcb *, int);
extern void printsock(struct tcb *, long, int);
extern void print_sock_optmgmt(struct tcb *, long, int);
extern void printrusage(struct tcb *, long);
diff --git a/fanotify.c b/fanotify.c
new file mode 100644
index 0000000..c8a7e37
--- /dev/null
+++ b/fanotify.c
@@ -0,0 +1,86 @@
+#include "defs.h"
+#include <linux/fanotify.h>
+
+static const struct xlat fan_classes[] = {
+ XLAT(FAN_CLASS_NOTIF),
+ XLAT(FAN_CLASS_CONTENT),
+ XLAT(FAN_CLASS_PRE_CONTENT),
+ XLAT_END
+};
+
+static const struct xlat fan_init_flags[] = {
+ XLAT(FAN_CLOEXEC),
+ XLAT(FAN_NONBLOCK),
+ XLAT(FAN_UNLIMITED_QUEUE),
+ XLAT(FAN_UNLIMITED_MARKS),
+ XLAT_END
+};
+
+int
+sys_fanotify_init(struct tcb *tcp)
+{
+ unsigned flags;
+
+ if (exiting(tcp))
+ return 0;
+
+ flags = tcp->u_arg[0];
+ printxval(fan_classes, flags & FAN_ALL_CLASS_BITS, "FAN_CLASS_???");
+ flags &= ~FAN_ALL_CLASS_BITS;
+ if (flags) {
+ tprints("|");
+ printflags(fan_init_flags, flags, "FAN_???");
+ }
+ tprints(", ");
+ tprint_open_modes((unsigned) tcp->u_arg[1]);
+
+ return 0;
+}
+
+static const struct xlat fan_mark_flags[] = {
+ XLAT(FAN_MARK_ADD),
+ XLAT(FAN_MARK_REMOVE),
+ XLAT(FAN_MARK_DONT_FOLLOW),
+ XLAT(FAN_MARK_ONLYDIR),
+ XLAT(FAN_MARK_MOUNT),
+ XLAT(FAN_MARK_IGNORED_MASK),
+ XLAT(FAN_MARK_IGNORED_SURV_MODIFY),
+ XLAT(FAN_MARK_FLUSH),
+ XLAT_END
+};
+
+static const struct xlat fan_event_flags[] = {
+ XLAT(FAN_ACCESS),
+ XLAT(FAN_MODIFY),
+ XLAT(FAN_CLOSE),
+ XLAT(FAN_CLOSE_WRITE),
+ XLAT(FAN_CLOSE_NOWRITE),
+ XLAT(FAN_OPEN),
+ XLAT(FAN_Q_OVERFLOW),
+ XLAT(FAN_OPEN_PERM),
+ XLAT(FAN_ACCESS_PERM),
+ XLAT(FAN_ONDIR),
+ XLAT(FAN_EVENT_ON_CHILD),
+ XLAT_END
+};
+
+int
+sys_fanotify_mark(struct tcb *tcp)
+{
+ if (exiting(tcp))
+ return 0;
+
+ printfd(tcp, tcp->u_arg[0]);
+ tprints(", ");
+ printflags(fan_mark_flags, (unsigned) tcp->u_arg[1], "FAN_MARK_???");
+ tprints(", ");
+ printflags(fan_event_flags, tcp->u_arg[2], "FAN_???");
+ tprints(", ");
+ if ((int) tcp->u_arg[3] == FAN_NOFD)
+ tprints("FAN_NOFD, ");
+ else
+ print_dirfd(tcp, tcp->u_arg[3]);
+ printpath(tcp, tcp->u_arg[4]);
+
+ return 0;
+}
diff --git a/file.c b/file.c
index 4759495..cfaa1af 100644
--- a/file.c
+++ b/file.c
@@ -332,7 +332,7 @@
/* The fd is an "int", so when decoding x86 on x86_64, we need to force sign
* extension to get the right value. We do this by declaring fd as int here.
*/
-static void
+void
print_dirfd(struct tcb *tcp, int fd)
{
if (fd == AT_FDCWD)
diff --git a/linux/dummy.h b/linux/dummy.h
index 6af5ec7..979ed37 100644
--- a/linux/dummy.h
+++ b/linux/dummy.h
@@ -33,8 +33,6 @@
/* still unfinished */
#define sys_add_key printargs
-#define sys_fanotify_init printargs
-#define sys_fanotify_mark printargs
#define sys_finit_module printargs
#define sys_ioperm printargs
#define sys_iopl printargs
diff --git a/linux/fanotify.h b/linux/fanotify.h
new file mode 100644
index 0000000..030508d
--- /dev/null
+++ b/linux/fanotify.h
@@ -0,0 +1,116 @@
+#ifndef _UAPI_LINUX_FANOTIFY_H
+#define _UAPI_LINUX_FANOTIFY_H
+
+#include <linux/types.h>
+
+/* the following events that user-space can register for */
+#define FAN_ACCESS 0x00000001 /* File was accessed */
+#define FAN_MODIFY 0x00000002 /* File was modified */
+#define FAN_CLOSE_WRITE 0x00000008 /* Writtable file closed */
+#define FAN_CLOSE_NOWRITE 0x00000010 /* Unwrittable file closed */
+#define FAN_OPEN 0x00000020 /* File was opened */
+
+#define FAN_Q_OVERFLOW 0x00004000 /* Event queued overflowed */
+
+#define FAN_OPEN_PERM 0x00010000 /* File open in perm check */
+#define FAN_ACCESS_PERM 0x00020000 /* File accessed in perm check */
+
+#define FAN_ONDIR 0x40000000 /* event occurred against dir */
+
+#define FAN_EVENT_ON_CHILD 0x08000000 /* interested in child events */
+
+/* helper events */
+#define FAN_CLOSE (FAN_CLOSE_WRITE | FAN_CLOSE_NOWRITE) /* close */
+
+/* flags used for fanotify_init() */
+#define FAN_CLOEXEC 0x00000001
+#define FAN_NONBLOCK 0x00000002
+
+/* These are NOT bitwise flags. Both bits are used togther. */
+#define FAN_CLASS_NOTIF 0x00000000
+#define FAN_CLASS_CONTENT 0x00000004
+#define FAN_CLASS_PRE_CONTENT 0x00000008
+#define FAN_ALL_CLASS_BITS (FAN_CLASS_NOTIF | FAN_CLASS_CONTENT | \
+ FAN_CLASS_PRE_CONTENT)
+
+#define FAN_UNLIMITED_QUEUE 0x00000010
+#define FAN_UNLIMITED_MARKS 0x00000020
+
+#define FAN_ALL_INIT_FLAGS (FAN_CLOEXEC | FAN_NONBLOCK | \
+ FAN_ALL_CLASS_BITS | FAN_UNLIMITED_QUEUE |\
+ FAN_UNLIMITED_MARKS)
+
+/* flags used for fanotify_modify_mark() */
+#define FAN_MARK_ADD 0x00000001
+#define FAN_MARK_REMOVE 0x00000002
+#define FAN_MARK_DONT_FOLLOW 0x00000004
+#define FAN_MARK_ONLYDIR 0x00000008
+#define FAN_MARK_MOUNT 0x00000010
+#define FAN_MARK_IGNORED_MASK 0x00000020
+#define FAN_MARK_IGNORED_SURV_MODIFY 0x00000040
+#define FAN_MARK_FLUSH 0x00000080
+
+#define FAN_ALL_MARK_FLAGS (FAN_MARK_ADD |\
+ FAN_MARK_REMOVE |\
+ FAN_MARK_DONT_FOLLOW |\
+ FAN_MARK_ONLYDIR |\
+ FAN_MARK_MOUNT |\
+ FAN_MARK_IGNORED_MASK |\
+ FAN_MARK_IGNORED_SURV_MODIFY |\
+ FAN_MARK_FLUSH)
+
+/*
+ * All of the events - we build the list by hand so that we can add flags in
+ * the future and not break backward compatibility. Apps will get only the
+ * events that they originally wanted. Be sure to add new events here!
+ */
+#define FAN_ALL_EVENTS (FAN_ACCESS |\
+ FAN_MODIFY |\
+ FAN_CLOSE |\
+ FAN_OPEN)
+
+/*
+ * All events which require a permission response from userspace
+ */
+#define FAN_ALL_PERM_EVENTS (FAN_OPEN_PERM |\
+ FAN_ACCESS_PERM)
+
+#define FAN_ALL_OUTGOING_EVENTS (FAN_ALL_EVENTS |\
+ FAN_ALL_PERM_EVENTS |\
+ FAN_Q_OVERFLOW)
+
+#define FANOTIFY_METADATA_VERSION 3
+
+struct fanotify_event_metadata {
+ __u32 event_len;
+ __u8 vers;
+ __u8 reserved;
+ __u16 metadata_len;
+ __aligned_u64 mask;
+ __s32 fd;
+ __s32 pid;
+};
+
+struct fanotify_response {
+ __s32 fd;
+ __u32 response;
+};
+
+/* Legit userspace responses to a _PERM event */
+#define FAN_ALLOW 0x01
+#define FAN_DENY 0x02
+/* No fd set in event */
+#define FAN_NOFD -1
+
+/* Helper functions to deal with fanotify_event_metadata buffers */
+#define FAN_EVENT_METADATA_LEN (sizeof(struct fanotify_event_metadata))
+
+#define FAN_EVENT_NEXT(meta, len) ((len) -= (meta)->event_len, \
+ (struct fanotify_event_metadata*)(((char *)(meta)) + \
+ (meta)->event_len))
+
+#define FAN_EVENT_OK(meta, len) ((long)(len) >= (long)FAN_EVENT_METADATA_LEN && \
+ (long)(meta)->event_len >= (long)FAN_EVENT_METADATA_LEN && \
+ (long)(meta)->event_len <= (long)(len))
+
+#endif /* _UAPI_LINUX_FANOTIFY_H */
diff --git a/linux/syscall.h b/linux/syscall.h
index 502e8eb..d2ba126 100644
--- a/linux/syscall.h
+++ b/linux/syscall.h
@@ -66,6 +66,8 @@
int sys_fadvise64();
int sys_fadvise64_64();
int sys_fallocate();
+int sys_fanotify_init();
+int sys_fanotify_mark();
int sys_fchmod();
int sys_fchmodat();
int sys_fchown();
diff --git a/pathtrace.c b/pathtrace.c
index f6c3b80..9fb99c4 100644
--- a/pathtrace.c
+++ b/pathtrace.c
@@ -251,6 +251,12 @@
return fdmatch(tcp, tcp->u_arg[2]);
}
+ if (s->sys_func == sys_fanotify_mark) {
+ /* x, x, x, fd, path */
+ return fdmatch(tcp, tcp->u_arg[3]) ||
+ upathmatch(tcp, tcp->u_arg[4]);
+ }
+
if (s->sys_func == sys_select ||
s->sys_func == sys_oldselect ||
s->sys_func == sys_pselect6)
@@ -341,7 +347,7 @@
s->sys_func == sys_epoll_create ||
s->sys_func == sys_socket ||
s->sys_func == sys_socketpair ||
- strcmp(s->sys_name, "fanotify_init") == 0)
+ s->sys_func == sys_fanotify_init)
{
/*
* These have TRACE_FILE or TRACE_DESCRIPTOR or TRACE_NETWORK set,