blob: d530ec25619aad07b2e4682576900855ea8818a1 [file] [log] [blame]
/*
* Copyright (c) 2011, Comtrol Corp.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote products
* derived from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#include "defs.h"
#include <sys/param.h>
#include <poll.h>
#include "syscall.h"
const char **paths_selected = NULL;
static unsigned num_selected = 0;
/*
* Return true if specified path matches one that we're tracing.
*/
static int
pathmatch(const char *path)
{
unsigned i;
for (i = 0; i < num_selected; ++i) {
if (strcmp(path, paths_selected[i]) == 0)
return 1;
}
return 0;
}
/*
* Return true if specified path (in user-space) matches.
*/
static int
upathmatch(struct tcb *tcp, unsigned long upath)
{
char path[PATH_MAX + 1];
return umovestr(tcp, upath, sizeof path, path) > 0 &&
pathmatch(path);
}
/*
* Return true if specified fd maps to a path we're tracing.
*/
static int
fdmatch(struct tcb *tcp, int fd)
{
char path[PATH_MAX + 1];
int n = getfdpath(tcp, fd, path, sizeof(path));
return n >= 0 && pathmatch(path);
}
/*
* Add a path to the set we're tracing.
* Specifying NULL will delete all paths.
*/
static void
storepath(const char *path)
{
unsigned i;
if (pathmatch(path))
return; /* already in table */
i = num_selected++;
paths_selected = xreallocarray(paths_selected, num_selected,
sizeof(paths_selected[0]));
paths_selected[i] = path;
}
/*
* Get path associated with fd.
*/
int
getfdpath(struct tcb *tcp, int fd, char *buf, unsigned bufsize)
{
char linkpath[sizeof("/proc/%u/fd/%u") + 2 * sizeof(int)*3];
ssize_t n;
if (fd < 0)
return -1;
sprintf(linkpath, "/proc/%u/fd/%u", tcp->pid, fd);
n = readlink(linkpath, buf, bufsize - 1);
/*
* NB: if buf is too small, readlink doesn't fail,
* it returns truncated result (IOW: n == bufsize - 1).
*/
if (n >= 0)
buf[n] = '\0';
return n;
}
/*
* Add a path to the set we're tracing. Also add the canonicalized
* version of the path. Secifying NULL will delete all paths.
*/
void
pathtrace_select(const char *path)
{
char *rpath;
storepath(path);
rpath = realpath(path, NULL);
if (rpath == NULL)
return;
/* if realpath and specified path are same, we're done */
if (strcmp(path, rpath) == 0) {
free(rpath);
return;
}
error_msg("Requested path '%s' resolved into '%s'", path, rpath);
storepath(rpath);
}
/*
* Return true if syscall accesses a selected path
* (or if no paths have been specified for tracing).
*/
int
pathtrace_match(struct tcb *tcp)
{
const struct_sysent *s;
s = tcp->s_ent;
if (!(s->sys_flags & (TRACE_FILE | TRACE_DESC | TRACE_NETWORK)))
return 0;
/*
* Check for special cases where we need to do something
* other than test arg[0].
*/
switch (s->sen) {
case SEN_dup2:
case SEN_dup3:
case SEN_kexec_file_load:
case SEN_sendfile:
case SEN_sendfile64:
case SEN_tee:
/* fd, fd */
return fdmatch(tcp, tcp->u_arg[0]) ||
fdmatch(tcp, tcp->u_arg[1]);
case SEN_faccessat:
case SEN_fchmodat:
case SEN_fchownat:
case SEN_futimesat:
case SEN_inotify_add_watch:
case SEN_mkdirat:
case SEN_mknodat:
case SEN_name_to_handle_at:
case SEN_newfstatat:
case SEN_openat:
case SEN_pipe2:
case SEN_readlinkat:
case SEN_unlinkat:
case SEN_utimensat:
/* fd, path */
return fdmatch(tcp, tcp->u_arg[0]) ||
upathmatch(tcp, tcp->u_arg[1]);
case SEN_link:
case SEN_mount:
case SEN_pivotroot:
/* path, path */
return upathmatch(tcp, tcp->u_arg[0]) ||
upathmatch(tcp, tcp->u_arg[1]);
case SEN_quotactl:
/* x, path */
return upathmatch(tcp, tcp->u_arg[1]);
case SEN_linkat:
case SEN_renameat2:
case SEN_renameat:
/* fd, path, fd, path */
return fdmatch(tcp, tcp->u_arg[0]) ||
fdmatch(tcp, tcp->u_arg[2]) ||
upathmatch(tcp, tcp->u_arg[1]) ||
upathmatch(tcp, tcp->u_arg[3]);
case SEN_old_mmap:
#if defined(S390)
case SEN_old_mmap_pgoff:
#endif
case SEN_mmap:
case SEN_mmap_4koff:
case SEN_mmap_pgoff:
/* x, x, x, x, fd */
return fdmatch(tcp, tcp->u_arg[4]);
case SEN_symlinkat:
/* path, fd, path */
return fdmatch(tcp, tcp->u_arg[1]) ||
upathmatch(tcp, tcp->u_arg[0]) ||
upathmatch(tcp, tcp->u_arg[2]);
case SEN_splice:
/* fd, x, fd, x, x */
return fdmatch(tcp, tcp->u_arg[0]) ||
fdmatch(tcp, tcp->u_arg[2]);
case SEN_epoll_ctl:
/* x, x, fd, x */
return fdmatch(tcp, tcp->u_arg[2]);
case SEN_fanotify_mark:
/* x, x, x, fd, path */
return fdmatch(tcp, tcp->u_arg[3]) ||
upathmatch(tcp, tcp->u_arg[4]);
case SEN_oldselect:
case SEN_pselect6:
case SEN_select:
{
int i, j;
int nfds;
long *args, oldargs[5];
unsigned fdsize;
fd_set *fds;
args = tcp->u_arg;
if (SEN_oldselect == s->sen) {
if (umoven(tcp, tcp->u_arg[0], sizeof oldargs,
oldargs) < 0)
{
error_msg("umoven() failed");
return 0;
}
args = oldargs;
}
/* Kernel truncates arg[0] to int, we do the same. */
nfds = (int) args[0];
/* Kernel rejects negative nfds, so we don't parse it either. */
if (nfds <= 0)
return 0;
/* Beware of select(2^31-1, NULL, NULL, NULL) and similar... */
if (nfds > 1024*1024)
nfds = 1024*1024;
fdsize = (((nfds + 7) / 8) + current_wordsize-1) & -current_wordsize;
fds = xmalloc(fdsize);
for (i = 1; i <= 3; ++i) {
if (args[i] == 0)
continue;
if (umoven(tcp, args[i], fdsize, fds) < 0) {
error_msg("umoven() failed");
continue;
}
for (j = 0;; j++) {
j = next_set_bit(fds, j, nfds);
if (j < 0)
break;
if (fdmatch(tcp, j)) {
free(fds);
return 1;
}
}
}
free(fds);
return 0;
}
case SEN_poll:
case SEN_ppoll:
{
struct pollfd fds;
unsigned nfds;
unsigned long start, cur, end;
start = tcp->u_arg[0];
nfds = tcp->u_arg[1];
end = start + sizeof(fds) * nfds;
if (nfds == 0 || end < start)
return 0;
for (cur = start; cur < end; cur += sizeof(fds))
if ((umoven(tcp, cur, sizeof fds, &fds) == 0)
&& fdmatch(tcp, fds.fd))
return 1;
return 0;
}
case SEN_bpf:
case SEN_epoll_create:
case SEN_epoll_create1:
case SEN_eventfd2:
case SEN_eventfd:
case SEN_fanotify_init:
case SEN_inotify_init1:
case SEN_memfd_create:
case SEN_perf_event_open:
case SEN_pipe:
case SEN_printargs:
case SEN_socket:
case SEN_socketpair:
case SEN_timerfd_create:
case SEN_timerfd_gettime:
case SEN_timerfd_settime:
case SEN_userfaultfd:
/*
* These have TRACE_FILE or TRACE_DESCRIPTOR or TRACE_NETWORK set,
* but they don't have any file descriptor or path args to test.
*/
return 0;
}
/*
* Our fallback position for calls that haven't already
* been handled is to just check arg[0].
*/
if (s->sys_flags & TRACE_FILE)
return upathmatch(tcp, tcp->u_arg[0]);
if (s->sys_flags & (TRACE_DESC | TRACE_NETWORK))
return fdmatch(tcp, tcp->u_arg[0]);
return 0;
}