1 /*- 2 * SPDX-License-Identifier: BSD-4-Clause 3 * 4 * Copyright 1997 Sean Eric Fagan 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. 14 * 3. All advertising materials mentioning features or use of this software 15 * must display the following acknowledgement: 16 * This product includes software developed by Sean Eric Fagan 17 * 4. Neither the name of the author may be used to endorse or promote 18 * products derived from this software without specific prior written 19 * permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 */ 33 34 /* 35 * System call arguments come in several flavours: 36 * Hex -- values that should be printed in hex (addresses) 37 * Octal -- Same as above, but octal 38 * Int -- normal integer values (file descriptors, for example) 39 * LongHex -- long value that should be printed in hex 40 * Name -- pointer to a NULL-terminated string. 41 * BinString -- pointer to an array of chars, printed via strvisx(). 42 * Ptr -- pointer to some unspecified structure. Just print as hex for now. 43 * Stat -- a pointer to a stat buffer. Prints a couple fields. 44 * Stat11 -- a pointer to a freebsd 11 stat buffer. Prints a couple fields. 45 * StatFs -- a pointer to a statfs buffer. Prints a few fields. 46 * Ioctl -- an ioctl command. Woefully limited. 47 * Quad -- a double-word value. e.g., lseek(int, offset_t, int) 48 * Signal -- a signal number. Prints the signal name (SIGxxx) 49 * Sockaddr -- a pointer to a struct sockaddr. Prints symbolic AF, and IP:Port 50 * StringArray -- a pointer to an array of string pointers. 51 * Timespec -- a pointer to a struct timespec. Prints both elements. 52 * Timeval -- a pointer to a struct timeval. Prints both elements. 53 * Timeval2 -- a pointer to two struct timevals. Prints both elements of both. 54 * Itimerval -- a pointer to a struct itimerval. Prints all elements. 55 * Pollfd -- a pointer to an array of struct pollfd. Prints .fd and .events. 56 * Fd_set -- a pointer to an array of fd_set. Prints the fds that are set. 57 * Sigaction -- a pointer to a struct sigaction. Prints all elements. 58 * Sigset -- a pointer to a sigset_t. Prints the signals that are set. 59 * Sigprocmask -- the first argument to sigprocmask(). Prints the name. 60 * Kevent -- a pointer to an array of struct kevents. Prints all elements. 61 * Pathconf -- the 2nd argument of pathconf(). 62 * Utrace -- utrace(2) buffer. 63 * CapRights -- a pointer to a cap_rights_t. Prints all set capabilities. 64 * 65 * In addition, the pointer types (String, Ptr) may have OUT masked in -- 66 * this means that the data is set on *return* from the system call -- or 67 * IN (meaning that the data is passed *into* the system call). 68 */ 69 70 enum Argtype { 71 None = 1, 72 73 /* Scalar integers. */ 74 Socklent, 75 Octal, 76 Int, 77 UInt, 78 Hex, 79 Long, 80 LongHex, 81 Sizet, 82 Quad, 83 QuadHex, 84 85 /* Encoded scalar values. */ 86 Accessmode, 87 Acltype, 88 AiofsyncOp, 89 Atfd, 90 Atflags, 91 CapFcntlRights, 92 Closerangeflags, 93 Extattrnamespace, 94 Fadvice, 95 Fcntl, 96 Fcntlflag, 97 FileFlags, 98 Flockop, 99 Getfsstatmode, 100 Idtype, 101 Ioctl, 102 Itimerwhich, 103 Kldsymcmd, 104 Kldunloadflags, 105 LioMode, 106 Madvice, 107 Minherit, 108 Msgflags, 109 Mlockall, 110 Mmapflags, 111 Mountflags, 112 Mprot, 113 Msync, 114 Open, 115 Pathconf, 116 Pipe2, 117 Procctl, 118 Priowhich, 119 Ptraceop, 120 Sendfileflags, 121 Sendfilehdtr, 122 Quotactlcmd, 123 Reboothowto, 124 Resource, 125 Rforkflags, 126 Rtpriofunc, 127 RusageWho, 128 Schedpolicy, 129 ShmFlags, 130 Shutdown, 131 Signal, 132 Sigprocmask, 133 Sockdomain, 134 Sockoptlevel, 135 Sockoptname, 136 Sockprotocol, 137 Socktype, 138 Sysarch, 139 Sysctl, 140 Umtxop, 141 Waitoptions, 142 Whence, 143 144 /* Pointers to non-structures. */ 145 Ptr, 146 AiocbArray, 147 AiocbPointer, 148 BinString, 149 CapRights, 150 ExecArgs, 151 ExecEnv, 152 ExitStatus, 153 Fd_set, 154 IntArray, 155 Iovec, 156 Name, 157 PipeFds, 158 PSig, 159 PQuadHex, 160 PUInt, 161 Readlinkres, 162 ShmName, 163 StringArray, 164 165 /* Pointers to structures. */ 166 Aiocb, 167 Itimerval, 168 Kevent, 169 Kevent11, 170 LinuxSockArgs, 171 Msghdr, 172 Pollfd, 173 Rlimit, 174 Rusage, 175 Schedparam, 176 Sctpsndrcvinfo, 177 Sigaction, 178 Sigevent, 179 Siginfo, 180 Sigset, 181 Sockaddr, 182 Stat, 183 Stat11, 184 StatFs, 185 Timespec, 186 Timespec2, 187 Timeval, 188 Timeval2, 189 Utrace, 190 191 MAX_ARG_TYPE, 192 }; 193 194 #define ARG_MASK 0xff 195 #define OUT 0x100 196 #define IN /*0x20*/0 197 198 _Static_assert(ARG_MASK > MAX_ARG_TYPE, 199 "ARG_MASK overlaps with Argtype values"); 200 201 struct syscall_arg { 202 enum Argtype type; 203 int offset; 204 }; 205 206 struct syscall_decode { 207 const char *name; /* Name for calling convention lookup. */ 208 /* 209 * Syscall return type: 210 * 0: no return value (e.g. exit) 211 * 1: normal return value (a single int/long/pointer) 212 * 2: off_t return value (two values for 32-bit ABIs) 213 */ 214 u_int ret_type; 215 u_int nargs; /* number of meaningful arguments */ 216 struct syscall_arg args[10]; /* Hopefully no syscalls with > 10 args */ 217 }; 218 219 struct syscall { 220 STAILQ_ENTRY(syscall) entries; 221 const char *name; /* Name to be displayed, might be malloc()'d */ 222 struct syscall_decode decode; 223 struct timespec time; /* Time spent for this call */ 224 int ncalls; /* Number of calls */ 225 int nerror; /* Number of calls that returned with error */ 226 bool unknown; /* Unknown system call */ 227 }; 228 229 struct syscall *get_syscall(struct threadinfo *, u_int, u_int); 230 char *print_arg(struct syscall_arg *, syscallarg_t *, syscallarg_t *, 231 struct trussinfo *); 232 233 /* 234 * Linux Socket defines 235 */ 236 #define LINUX_SOCKET 1 237 #define LINUX_BIND 2 238 #define LINUX_CONNECT 3 239 #define LINUX_LISTEN 4 240 #define LINUX_ACCEPT 5 241 #define LINUX_GETSOCKNAME 6 242 #define LINUX_GETPEERNAME 7 243 #define LINUX_SOCKETPAIR 8 244 #define LINUX_SEND 9 245 #define LINUX_RECV 10 246 #define LINUX_SENDTO 11 247 #define LINUX_RECVFROM 12 248 #define LINUX_SHUTDOWN 13 249 #define LINUX_SETSOCKOPT 14 250 #define LINUX_GETSOCKOPT 15 251 #define LINUX_SENDMSG 16 252 #define LINUX_RECVMSG 17 253 254 #define PAD_(t) (sizeof(syscallarg_t) <= sizeof(t) ? \ 255 0 : sizeof(syscallarg_t) - sizeof(t)) 256 257 #if BYTE_ORDER == LITTLE_ENDIAN 258 #define PADL_(t) 0 259 #define PADR_(t) PAD_(t) 260 #else 261 #define PADL_(t) PAD_(t) 262 #define PADR_(t) 0 263 #endif 264 265 typedef int l_int; 266 typedef uint32_t l_ulong; 267 268 struct linux_socketcall_args { 269 char what_l_[PADL_(l_int)]; l_int what; char what_r_[PADR_(l_int)]; 270 char args_l_[PADL_(l_ulong)]; l_ulong args; char args_r_[PADR_(l_ulong)]; 271 }; 272 273 void print_syscall(struct trussinfo *); 274 void print_syscall_ret(struct trussinfo *, int, syscallarg_t *); 275 void print_summary(struct trussinfo *trussinfo); 276