usr.bin/truss/i386-fbsd.c

1558Srgrimes/*
44317Sjkh * FreeBSD/386-specific system call handling.  This is probably the most
1558Srgrimes * complex part of the entire truss program, although I've got lots of
12481Speter * it handled relatively cleanly now.  The system call names are generated
1558Srgrimes * automatically, thanks to /usr/src/sys/kern/syscalls.master.  The
41061Sbde * names used for the various structures are confusing, I sadly admit.
41061Sbde */
39271Sphk/*
39255Sgibbs * $Id$
38653Sgpalmer */
38653Sgpalmer
43859Sobrien#include <stdio.h>
38653Sgpalmer#include <stdlib.h>
38653Sgpalmer#include <string.h>
38653Sgpalmer#include <errno.h>
38653Sgpalmer#include <err.h>
38653Sgpalmer#include <signal.h>
38653Sgpalmer#include <fcntl.h>
38653Sgpalmer#include <unistd.h>
38653Sgpalmer#include <sys/ioctl.h>
38653Sgpalmer#include <sys/pioctl.h>
38653Sgpalmer#include <machine/reg.h>
38653Sgpalmer#include <machine/psl.h>
38653Sgpalmer#include <sys/syscall.h>
38653Sgpalmer
38653Sgpalmer#include "syscall.h"
38653Sgpalmer
38843Sjbstatic int fd = -1;
38653Sgpalmerstatic int cpid = -1;
38653Sgpalmerextern int Procfd;
38653Sgpalmer
38653Sgpalmerextern FILE *outfile;
38653Sgpalmer#include "syscalls.h"
38653Sgpalmer
38653Sgpalmerstatic int nsyscalls = sizeof(syscallnames) / sizeof(syscallnames[0]);
38653Sgpalmer
43557Ssemenu/*
38653Sgpalmer * This is what this particular file uses to keep track of a system call.
38653Sgpalmer * It is probably not quite sufficient -- I can probably use the same
38653Sgpalmer * structure for the various syscall personalities, and I also probably
38653Sgpalmer * need to nest system calls (for signal handlers).
38653Sgpalmer *
38653Sgpalmer * 'struct syscall' describes the system call; it may be NULL, however,
38653Sgpalmer * if we don't know about this particular system call yet.
38653Sgpalmer */
38653Sgpalmerstatic struct freebsd_syscall {
38653Sgpalmer	struct syscall *sc;
38653Sgpalmer	char *name;
38653Sgpalmer	int number;
38653Sgpalmer	unsigned long *args;
38653Sgpalmer	int nargs;	/* number of arguments -- *not* number of words! */
38653Sgpalmer	char **s_args;	/* the printable arguments */
38653Sgpalmer} fsc;
38653Sgpalmer
38653Sgpalmer/* Clear up and free parts of the fsc structure. */
38653Sgpalmerstatic inline void
38653Sgpalmerclear_fsc() {
38653Sgpalmer  if (fsc.args) {
41061Sbde    free(fsc.args);
38653Sgpalmer  }
38653Sgpalmer  if (fsc.s_args) {
38653Sgpalmer    int i;
42117Ssos    for (i = 0; i < fsc.nargs; i++)
42117Ssos      if (fsc.s_args[i])
10855Sjoerg	free(fsc.s_args[i]);
44317Sjkh    free(fsc.s_args);
44317Sjkh  }
44317Sjkh  memset(&fsc, 0, sizeof(fsc));
44317Sjkh}
38852Sjb
38852Sjb/*
38458Sjb * Called when a process has entered a system call.  nargs is the
38458Sjb * number of words, not number of arguments (a necessary distinction
1558Srgrimes * in some cases).  Note that if the STOPEVENT() code in i386/i386/trap.c
 * is ever changed these functions need to keep up.
 */

void
i386_syscall_entry(int pid, int nargs) {
  char buf[32];
  struct reg regs = { 0 };
  int syscall;
  int i;
  int memfd;
  unsigned int parm_offset;
  struct syscall *sc;

  if (fd == -1 || pid != cpid) {
    sprintf(buf, "/proc/%d/regs", pid);
    fd = open(buf, O_RDWR);
    if (fd == -1) {
      fprintf(outfile, "-- CANNOT READ REGISTERS --\n");
      return;
    }
    cpid = pid;
  }

  clear_fsc();
  lseek(fd, 0L, 0);
  i = read(fd, &regs, sizeof(regs));
  parm_offset = regs.r_esp + sizeof(int);

  /*
   * FreeBSD has two special kinds of system call redirctions --
   * SYS_syscall, and SYS___syscall.  The former is the old syscall()
   * routine, basicly; the latter is for quad-aligned arguments.
   */
  syscall = regs.r_eax;
  switch (syscall) {
  case SYS_syscall:
    lseek(Procfd, parm_offset, SEEK_SET);
    read(Procfd, &syscall, sizeof(int));
    parm_offset += sizeof(int);
    break;
  case SYS___syscall:
    lseek(Procfd, parm_offset, SEEK_SET);
    read(Procfd, &syscall, sizeof(int));
    parm_offset += sizeof(quad_t);
    break;
  }

  fsc.number = syscall;
  fsc.name =
    (syscall < 0 || syscall > nsyscalls) ? NULL : syscallnames[syscall];
  if (!fsc.name) {
    fprintf(outfile, "-- UNKNOWN SYSCALL %d --\n", syscall);
  }

  if (nargs == 0)
    return;

  fsc.args = malloc((1+nargs) * sizeof(unsigned long));
  lseek(Procfd, parm_offset, SEEK_SET);
  if (read(Procfd, fsc.args, nargs * sizeof(unsigned long)) == -1)
    return;

  sc = get_syscall(fsc.name);
  if (sc) {
    fsc.nargs = sc->nargs;
  } else {
#if DEBUG
    fprintf(outfile, "unknown syscall %s -- setting args to %d\n",
	   fsc.name, nargs);
#endif
    fsc.nargs = nargs;
  }

  fsc.s_args = malloc((1+fsc.nargs) * sizeof(char*));
  memset(fsc.s_args, 0, fsc.nargs * sizeof(char*));
  fsc.sc = sc;

  /*
   * At this point, we set up the system call arguments.
   * We ignore any OUT ones, however -- those are arguments that
   * are set by the system call, and so are probably meaningless
   * now.  This doesn't currently support arguments that are
   * passed in *and* out, however.
   */

  if (fsc.name) {
    char *tmp;

#if DEBUG
    fprintf(stderr, "syscall %s(", fsc.name);
#endif
    for (i = 0; i < fsc.nargs; i++) {
#if DEBUG
      fprintf(stderr, "0x%x%s",
	     sc
	     ? fsc.args[sc->args[i].offset]
	     : fsc.args[i],
	     i < (fsc.nargs -1) ? "," : "");
#endif
      if (sc && !(sc->args[i].type & OUT)) {
	fsc.s_args[i] = print_arg(Procfd, &sc->args[i], fsc.args);
      }
    }
#if DEBUG
    fprintf(stderr, ")\n");
#endif
  }

#if DEBUG
  fprintf(outfile, "\n");
#endif

  /*
   * Some system calls should be printed out before they are done --
   * execve() and exit(), for example, never return.  Possibly change
   * this to work for any system call that doesn't have an OUT
   * parameter?
   */

  if (!strcmp(fsc.name, "execve") || !strcmp(fsc.name, "exit")) {
    print_syscall(outfile, fsc.name, fsc.nargs, fsc.s_args);
  }

  return;
}

/*
 * And when the system call is done, we handle it here.
 * Currently, no attempt is made to ensure that the system calls
 * match -- this needs to be fixed (and is, in fact, why S_SCX includes
 * the sytem call number instead of, say, an error status).
 */

void
i386_syscall_exit(int pid, int syscall) {
  char buf[32];
  struct reg regs;
  int retval;
  int i;
  int errorp;
  struct syscall *sc;

  if (fd == -1 || pid != cpid) {
    sprintf(buf, "/proc/%d/regs", pid);
    fd = open(buf, O_RDONLY);
    if (fd == -1) {
      fprintf(outfile, "-- CANNOT READ REGISTERS --\n");
      return;
    }
    cpid = pid;
  }

  lseek(fd, 0L, 0);
  if (read(fd, &regs, sizeof(regs)) != sizeof(regs))
    return;
  retval = regs.r_eax;
  errorp = !!(regs.r_eflags & PSL_C);

  /*
   * This code, while simpler than the initial versions I used, could
   * stand some significant cleaning.
   */

  sc = fsc.sc;
  if (!sc) {
    for (i = 0; i < fsc.nargs; i++) {
      fsc.s_args[i] = malloc(12);
      sprintf(fsc.s_args[i], "0x%x", fsc.args[i]);
    }
  } else {
    /*
     * Here, we only look for arguments that have OUT masked in --
     * otherwise, they were handled in the syscall_entry function.
     */
    for (i = 0; i < sc->nargs; i++) {
      char *temp;
      if (sc->args[i].type & OUT) {
	/*
	 * If an error occurred, than don't bothe getting the data;
	 * it may not be valid.
	 */
	if (errorp) {
	  temp = malloc(12);
	  sprintf(temp, "0x%x", fsc.args[sc->args[i].offset]);
	} else {
	  temp = print_arg(Procfd, &sc->args[i], fsc.args);
	}
	fsc.s_args[i] = temp;
      }
    }
  }

  /*
   * It would probably be a good idea to merge the error handling,
   * but that complicates things considerably.
   */

  print_syscall(outfile, fsc.name, fsc.nargs, fsc.s_args);
  if (errorp) {
    fprintf(outfile, "errno %d '%s'\n", retval, strerror(retval));
  } else {
    fprintf(outfile, "returns %d (0x%x)\n", retval, retval);
  }
  clear_fsc();

  return;
}