1 /*- 2 * Copyright (c) 1988, 1993 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 4. Neither the name of the University nor the names of its contributors 14 * may be used to endorse or promote products derived from this software 15 * without specific prior written permission. 16 * 17 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27 * SUCH DAMAGE. 28 */ 29 30 #ifndef lint 31 static const char copyright[] = 32 "@(#) Copyright (c) 1988, 1993\n\ 33 The Regents of the University of California. All rights reserved.\n"; 34 #endif /* not lint */ 35 36 #ifndef lint 37 #if 0 38 static char sccsid[] = "@(#)kdump.c 8.1 (Berkeley) 6/6/93"; 39 #endif 40 #endif /* not lint */ 41 #include <sys/cdefs.h> 42 __FBSDID("$FreeBSD$"); 43 44 #define _KERNEL 45 extern int errno; 46 #include <sys/errno.h> 47 #undef _KERNEL 48 #include <sys/param.h> 49 #include <sys/capability.h> 50 #include <sys/errno.h> 51 #define _KERNEL 52 #include <sys/time.h> 53 #undef _KERNEL 54 #include <sys/uio.h> 55 #include <sys/ktrace.h> 56 #include <sys/ioctl.h> 57 #include <sys/socket.h> 58 #include <sys/stat.h> 59 #include <sys/sysent.h> 60 #include <sys/un.h> 61 #include <sys/queue.h> 62 #include <sys/wait.h> 63 #ifdef IPX 64 #include <sys/types.h> 65 #include <netipx/ipx.h> 66 #endif 67 #ifdef NETATALK 68 #include <netatalk/at.h> 69 #endif 70 #include <arpa/inet.h> 71 #include <netinet/in.h> 72 #include <ctype.h> 73 #include <dlfcn.h> 74 #include <err.h> 75 #include <grp.h> 76 #include <inttypes.h> 77 #ifdef HAVE_LIBCAPSICUM 78 #include <libcapsicum.h> 79 #include <libcapsicum_grp.h> 80 #include <libcapsicum_pwd.h> 81 #include <libcapsicum_service.h> 82 #endif 83 #include <locale.h> 84 #include <netdb.h> 85 #include <nl_types.h> 86 #ifdef HAVE_LIBCAPSICUM 87 #include <nv.h> 88 #endif 89 #include <pwd.h> 90 #include <stdio.h> 91 #include <stdlib.h> 92 #include <string.h> 93 #include <termios.h> 94 #include <time.h> 95 #include <unistd.h> 96 #include <vis.h> 97 #include "ktrace.h" 98 #include "kdump_subr.h" 99 100 u_int abidump(struct ktr_header *); 101 int fetchprocinfo(struct ktr_header *, u_int *); 102 int fread_tail(void *, int, int); 103 void dumpheader(struct ktr_header *); 104 void ktrsyscall(struct ktr_syscall *, u_int); 105 void ktrsysret(struct ktr_sysret *, u_int); 106 void ktrnamei(char *, int); 107 void hexdump(char *, int, int); 108 void visdump(char *, int, int); 109 void ktrgenio(struct ktr_genio *, int); 110 void ktrpsig(struct ktr_psig *); 111 void ktrcsw(struct ktr_csw *); 112 void ktrcsw_old(struct ktr_csw_old *); 113 void ktruser_malloc(unsigned char *); 114 void ktruser_rtld(int, unsigned char *); 115 void ktruser(int, unsigned char *); 116 void ktrcaprights(cap_rights_t *); 117 void ktrsockaddr(struct sockaddr *); 118 void ktrstat(struct stat *); 119 void ktrstruct(char *, size_t); 120 void ktrcapfail(struct ktr_cap_fail *); 121 void ktrfault(struct ktr_fault *); 122 void ktrfaultend(struct ktr_faultend *); 123 void limitfd(int fd); 124 void usage(void); 125 void ioctlname(unsigned long, int); 126 127 int timestamp, decimal, fancy = 1, suppressdata, tail, threads, maxdata, 128 resolv = 0, abiflag = 0; 129 const char *tracefile = DEF_TRACEFILE; 130 struct ktr_header ktr_header; 131 132 #define TIME_FORMAT "%b %e %T %Y" 133 #define eqs(s1, s2) (strcmp((s1), (s2)) == 0) 134 135 #define print_number(i,n,c) do { \ 136 if (decimal) \ 137 printf("%c%jd", c, (intmax_t)*i); \ 138 else \ 139 printf("%c%#jx", c, (uintmax_t)(u_register_t)*i); \ 140 i++; \ 141 n--; \ 142 c = ','; \ 143 } while (0) 144 145 #if defined(__amd64__) || defined(__i386__) 146 147 void linux_ktrsyscall(struct ktr_syscall *); 148 void linux_ktrsysret(struct ktr_sysret *); 149 extern char *linux_syscallnames[]; 150 extern int nlinux_syscalls; 151 152 /* 153 * from linux.h 154 * Linux syscalls return negative errno's, we do positive and map them 155 */ 156 static int bsd_to_linux_errno[ELAST + 1] = { 157 -0, -1, -2, -3, -4, -5, -6, -7, -8, -9, 158 -10, -35, -12, -13, -14, -15, -16, -17, -18, -19, 159 -20, -21, -22, -23, -24, -25, -26, -27, -28, -29, 160 -30, -31, -32, -33, -34, -11,-115,-114, -88, -89, 161 -90, -91, -92, -93, -94, -95, -96, -97, -98, -99, 162 -100,-101,-102,-103,-104,-105,-106,-107,-108,-109, 163 -110,-111, -40, -36,-112,-113, -39, -11, -87,-122, 164 -116, -66, -6, -6, -6, -6, -6, -37, -38, -9, 165 -6, -6, -43, -42, -75,-125, -84, -95, -16, -74, 166 -72, -67, -71 167 }; 168 #endif 169 170 struct proc_info 171 { 172 TAILQ_ENTRY(proc_info) info; 173 u_int sv_flags; 174 pid_t pid; 175 }; 176 177 TAILQ_HEAD(trace_procs, proc_info) trace_procs; 178 179 #ifdef HAVE_LIBCAPSICUM 180 static cap_channel_t *cappwd, *capgrp; 181 #endif 182 183 static void 184 strerror_init(void) 185 { 186 187 /* 188 * Cache NLS data before entering capability mode. 189 * XXXPJD: There should be strerror_init() and strsignal_init() in libc. 190 */ 191 (void)catopen("libc", NL_CAT_LOCALE); 192 } 193 194 static void 195 localtime_init(void) 196 { 197 time_t ltime; 198 199 /* 200 * Allow localtime(3) to cache /etc/localtime content before entering 201 * capability mode. 202 * XXXPJD: There should be localtime_init() in libc. 203 */ 204 (void)time(<ime); 205 (void)localtime(<ime); 206 } 207 208 #ifdef HAVE_LIBCAPSICUM 209 static int 210 cappwdgrp_setup(cap_channel_t **cappwdp, cap_channel_t **capgrpp) 211 { 212 cap_channel_t *capcas, *cappwdloc, *capgrploc; 213 const char *cmds[1], *fields[1]; 214 215 capcas = cap_init(); 216 if (capcas == NULL) { 217 warn("unable to contact casperd"); 218 return (-1); 219 } 220 cappwdloc = cap_service_open(capcas, "system.pwd"); 221 capgrploc = cap_service_open(capcas, "system.grp"); 222 /* Casper capability no longer needed. */ 223 cap_close(capcas); 224 if (cappwdloc == NULL || capgrploc == NULL) { 225 if (cappwdloc == NULL) 226 warn("unable to open system.pwd service"); 227 if (capgrploc == NULL) 228 warn("unable to open system.grp service"); 229 exit(1); 230 } 231 /* Limit system.pwd to only getpwuid() function and pw_name field. */ 232 cmds[0] = "getpwuid"; 233 if (cap_pwd_limit_cmds(cappwdloc, cmds, 1) < 0) 234 err(1, "unable to limit system.pwd service"); 235 fields[0] = "pw_name"; 236 if (cap_pwd_limit_fields(cappwdloc, fields, 1) < 0) 237 err(1, "unable to limit system.pwd service"); 238 /* Limit system.grp to only getgrgid() function and gr_name field. */ 239 cmds[0] = "getgrgid"; 240 if (cap_grp_limit_cmds(capgrploc, cmds, 1) < 0) 241 err(1, "unable to limit system.grp service"); 242 fields[0] = "gr_name"; 243 if (cap_grp_limit_fields(capgrploc, fields, 1) < 0) 244 err(1, "unable to limit system.grp service"); 245 246 *cappwdp = cappwdloc; 247 *capgrpp = capgrploc; 248 return (0); 249 } 250 #endif /* HAVE_LIBCAPSICUM */ 251 252 int 253 main(int argc, char *argv[]) 254 { 255 int ch, ktrlen, size; 256 void *m; 257 int trpoints = ALL_POINTS; 258 int drop_logged; 259 pid_t pid = 0; 260 u_int sv_flags; 261 262 setlocale(LC_CTYPE, ""); 263 264 while ((ch = getopt(argc,argv,"f:dElm:np:AHRrsTt:")) != -1) 265 switch (ch) { 266 case 'A': 267 abiflag = 1; 268 break; 269 case 'f': 270 tracefile = optarg; 271 break; 272 case 'd': 273 decimal = 1; 274 break; 275 case 'l': 276 tail = 1; 277 break; 278 case 'm': 279 maxdata = atoi(optarg); 280 break; 281 case 'n': 282 fancy = 0; 283 break; 284 case 'p': 285 pid = atoi(optarg); 286 break; 287 case 'r': 288 resolv = 1; 289 break; 290 case 's': 291 suppressdata = 1; 292 break; 293 case 'E': 294 timestamp = 3; /* elapsed timestamp */ 295 break; 296 case 'H': 297 threads = 1; 298 break; 299 case 'R': 300 timestamp = 2; /* relative timestamp */ 301 break; 302 case 'T': 303 timestamp = 1; 304 break; 305 case 't': 306 trpoints = getpoints(optarg); 307 if (trpoints < 0) 308 errx(1, "unknown trace point in %s", optarg); 309 break; 310 default: 311 usage(); 312 } 313 314 if (argc > optind) 315 usage(); 316 317 m = malloc(size = 1025); 318 if (m == NULL) 319 errx(1, "%s", strerror(ENOMEM)); 320 if (!freopen(tracefile, "r", stdin)) 321 err(1, "%s", tracefile); 322 323 strerror_init(); 324 localtime_init(); 325 #ifdef HAVE_LIBCAPSICUM 326 if (resolv != 0) { 327 if (cappwdgrp_setup(&cappwd, &capgrp) < 0) { 328 cappwd = NULL; 329 capgrp = NULL; 330 } 331 } 332 if (resolv == 0 || (cappwd != NULL && capgrp != NULL)) { 333 if (cap_enter() < 0 && errno != ENOSYS) 334 err(1, "unable to enter capability mode"); 335 } 336 #else 337 if (resolv == 0) { 338 if (cap_enter() < 0 && errno != ENOSYS) 339 err(1, "unable to enter capability mode"); 340 } 341 #endif 342 limitfd(STDIN_FILENO); 343 limitfd(STDOUT_FILENO); 344 limitfd(STDERR_FILENO); 345 if (cap_sandboxed()) 346 fprintf(stderr, "capability mode sandbox enabled\n"); 347 348 TAILQ_INIT(&trace_procs); 349 drop_logged = 0; 350 while (fread_tail(&ktr_header, sizeof(struct ktr_header), 1)) { 351 if (ktr_header.ktr_type & KTR_DROP) { 352 ktr_header.ktr_type &= ~KTR_DROP; 353 if (!drop_logged && threads) { 354 printf( 355 "%6jd %6jd %-8.*s Events dropped.\n", 356 (intmax_t)ktr_header.ktr_pid, 357 ktr_header.ktr_tid > 0 ? 358 (intmax_t)ktr_header.ktr_tid : 0, 359 MAXCOMLEN, ktr_header.ktr_comm); 360 drop_logged = 1; 361 } else if (!drop_logged) { 362 printf("%6jd %-8.*s Events dropped.\n", 363 (intmax_t)ktr_header.ktr_pid, MAXCOMLEN, 364 ktr_header.ktr_comm); 365 drop_logged = 1; 366 } 367 } 368 if (trpoints & (1<<ktr_header.ktr_type)) 369 if (pid == 0 || ktr_header.ktr_pid == pid || 370 ktr_header.ktr_tid == pid) 371 dumpheader(&ktr_header); 372 if ((ktrlen = ktr_header.ktr_len) < 0) 373 errx(1, "bogus length 0x%x", ktrlen); 374 if (ktrlen > size) { 375 m = realloc(m, ktrlen+1); 376 if (m == NULL) 377 errx(1, "%s", strerror(ENOMEM)); 378 size = ktrlen; 379 } 380 if (ktrlen && fread_tail(m, ktrlen, 1) == 0) 381 errx(1, "data too short"); 382 if (fetchprocinfo(&ktr_header, (u_int *)m) != 0) 383 continue; 384 sv_flags = abidump(&ktr_header); 385 if (pid && ktr_header.ktr_pid != pid && 386 ktr_header.ktr_tid != pid) 387 continue; 388 if ((trpoints & (1<<ktr_header.ktr_type)) == 0) 389 continue; 390 drop_logged = 0; 391 switch (ktr_header.ktr_type) { 392 case KTR_SYSCALL: 393 #if defined(__amd64__) || defined(__i386__) 394 if ((sv_flags & SV_ABI_MASK) == SV_ABI_LINUX) 395 linux_ktrsyscall((struct ktr_syscall *)m); 396 else 397 #endif 398 ktrsyscall((struct ktr_syscall *)m, sv_flags); 399 break; 400 case KTR_SYSRET: 401 #if defined(__amd64__) || defined(__i386__) 402 if ((sv_flags & SV_ABI_MASK) == SV_ABI_LINUX) 403 linux_ktrsysret((struct ktr_sysret *)m); 404 else 405 #endif 406 ktrsysret((struct ktr_sysret *)m, sv_flags); 407 break; 408 case KTR_NAMEI: 409 case KTR_SYSCTL: 410 ktrnamei(m, ktrlen); 411 break; 412 case KTR_GENIO: 413 ktrgenio((struct ktr_genio *)m, ktrlen); 414 break; 415 case KTR_PSIG: 416 ktrpsig((struct ktr_psig *)m); 417 break; 418 case KTR_CSW: 419 if (ktrlen == sizeof(struct ktr_csw_old)) 420 ktrcsw_old((struct ktr_csw_old *)m); 421 else 422 ktrcsw((struct ktr_csw *)m); 423 break; 424 case KTR_USER: 425 ktruser(ktrlen, m); 426 break; 427 case KTR_STRUCT: 428 ktrstruct(m, ktrlen); 429 break; 430 case KTR_CAPFAIL: 431 ktrcapfail((struct ktr_cap_fail *)m); 432 break; 433 case KTR_FAULT: 434 ktrfault((struct ktr_fault *)m); 435 break; 436 case KTR_FAULTEND: 437 ktrfaultend((struct ktr_faultend *)m); 438 break; 439 default: 440 printf("\n"); 441 break; 442 } 443 if (tail) 444 fflush(stdout); 445 } 446 return 0; 447 } 448 449 void 450 limitfd(int fd) 451 { 452 cap_rights_t rights; 453 unsigned long cmd; 454 455 cap_rights_init(&rights, CAP_FSTAT); 456 cmd = -1; 457 458 switch (fd) { 459 case STDIN_FILENO: 460 cap_rights_set(&rights, CAP_READ); 461 break; 462 case STDOUT_FILENO: 463 cap_rights_set(&rights, CAP_IOCTL, CAP_WRITE); 464 cmd = TIOCGETA; /* required by isatty(3) in printf(3) */ 465 break; 466 case STDERR_FILENO: 467 cap_rights_set(&rights, CAP_WRITE); 468 if (!suppressdata) { 469 cap_rights_set(&rights, CAP_IOCTL); 470 cmd = TIOCGWINSZ; 471 } 472 break; 473 default: 474 abort(); 475 } 476 477 if (cap_rights_limit(fd, &rights) < 0 && errno != ENOSYS) 478 err(1, "unable to limit rights for descriptor %d", fd); 479 if (cmd != -1 && cap_ioctls_limit(fd, &cmd, 1) < 0 && errno != ENOSYS) 480 err(1, "unable to limit ioctls for descriptor %d", fd); 481 } 482 483 int 484 fread_tail(void *buf, int size, int num) 485 { 486 int i; 487 488 while ((i = fread(buf, size, num, stdin)) == 0 && tail) { 489 sleep(1); 490 clearerr(stdin); 491 } 492 return (i); 493 } 494 495 int 496 fetchprocinfo(struct ktr_header *kth, u_int *flags) 497 { 498 struct proc_info *pi; 499 500 switch (kth->ktr_type) { 501 case KTR_PROCCTOR: 502 TAILQ_FOREACH(pi, &trace_procs, info) { 503 if (pi->pid == kth->ktr_pid) { 504 TAILQ_REMOVE(&trace_procs, pi, info); 505 break; 506 } 507 } 508 pi = malloc(sizeof(struct proc_info)); 509 if (pi == NULL) 510 errx(1, "%s", strerror(ENOMEM)); 511 pi->sv_flags = *flags; 512 pi->pid = kth->ktr_pid; 513 TAILQ_INSERT_TAIL(&trace_procs, pi, info); 514 return (1); 515 516 case KTR_PROCDTOR: 517 TAILQ_FOREACH(pi, &trace_procs, info) { 518 if (pi->pid == kth->ktr_pid) { 519 TAILQ_REMOVE(&trace_procs, pi, info); 520 free(pi); 521 break; 522 } 523 } 524 return (1); 525 } 526 527 return (0); 528 } 529 530 u_int 531 abidump(struct ktr_header *kth) 532 { 533 struct proc_info *pi; 534 const char *abi; 535 const char *arch; 536 u_int flags = 0; 537 538 TAILQ_FOREACH(pi, &trace_procs, info) { 539 if (pi->pid == kth->ktr_pid) { 540 flags = pi->sv_flags; 541 break; 542 } 543 } 544 545 if (abiflag == 0) 546 return (flags); 547 548 switch (flags & SV_ABI_MASK) { 549 case SV_ABI_LINUX: 550 abi = "L"; 551 break; 552 case SV_ABI_FREEBSD: 553 abi = "F"; 554 break; 555 default: 556 abi = "U"; 557 break; 558 } 559 560 if (flags != 0) { 561 if (flags & SV_LP64) 562 arch = "64"; 563 else 564 arch = "32"; 565 } else 566 arch = "00"; 567 568 printf("%s%s ", abi, arch); 569 570 return (flags); 571 } 572 573 void 574 dumpheader(struct ktr_header *kth) 575 { 576 static char unknown[64]; 577 static struct timeval prevtime, temp; 578 const char *type; 579 580 switch (kth->ktr_type) { 581 case KTR_SYSCALL: 582 type = "CALL"; 583 break; 584 case KTR_SYSRET: 585 type = "RET "; 586 break; 587 case KTR_NAMEI: 588 type = "NAMI"; 589 break; 590 case KTR_GENIO: 591 type = "GIO "; 592 break; 593 case KTR_PSIG: 594 type = "PSIG"; 595 break; 596 case KTR_CSW: 597 type = "CSW "; 598 break; 599 case KTR_USER: 600 type = "USER"; 601 break; 602 case KTR_STRUCT: 603 type = "STRU"; 604 break; 605 case KTR_SYSCTL: 606 type = "SCTL"; 607 break; 608 case KTR_PROCCTOR: 609 /* FALLTHROUGH */ 610 case KTR_PROCDTOR: 611 return; 612 case KTR_CAPFAIL: 613 type = "CAP "; 614 break; 615 case KTR_FAULT: 616 type = "PFLT"; 617 break; 618 case KTR_FAULTEND: 619 type = "PRET"; 620 break; 621 default: 622 sprintf(unknown, "UNKNOWN(%d)", kth->ktr_type); 623 type = unknown; 624 } 625 626 /* 627 * The ktr_tid field was previously the ktr_buffer field, which held 628 * the kernel pointer value for the buffer associated with data 629 * following the record header. It now holds a threadid, but only 630 * for trace files after the change. Older trace files still contain 631 * kernel pointers. Detect this and suppress the results by printing 632 * negative tid's as 0. 633 */ 634 if (threads) 635 printf("%6jd %6jd %-8.*s ", (intmax_t)kth->ktr_pid, 636 kth->ktr_tid > 0 ? (intmax_t)kth->ktr_tid : 0, 637 MAXCOMLEN, kth->ktr_comm); 638 else 639 printf("%6jd %-8.*s ", (intmax_t)kth->ktr_pid, MAXCOMLEN, 640 kth->ktr_comm); 641 if (timestamp) { 642 if (timestamp == 3) { 643 if (prevtime.tv_sec == 0) 644 prevtime = kth->ktr_time; 645 timevalsub(&kth->ktr_time, &prevtime); 646 } 647 if (timestamp == 2) { 648 temp = kth->ktr_time; 649 timevalsub(&kth->ktr_time, &prevtime); 650 prevtime = temp; 651 } 652 printf("%jd.%06ld ", (intmax_t)kth->ktr_time.tv_sec, 653 kth->ktr_time.tv_usec); 654 } 655 printf("%s ", type); 656 } 657 658 #include <sys/syscall.h> 659 #define KTRACE 660 #include <sys/kern/syscalls.c> 661 #undef KTRACE 662 int nsyscalls = sizeof (syscallnames) / sizeof (syscallnames[0]); 663 664 void 665 ktrsyscall(struct ktr_syscall *ktr, u_int flags) 666 { 667 int narg = ktr->ktr_narg; 668 register_t *ip; 669 intmax_t arg; 670 671 if ((flags != 0 && ((flags & SV_ABI_MASK) != SV_ABI_FREEBSD)) || 672 (ktr->ktr_code >= nsyscalls || ktr->ktr_code < 0)) 673 printf("[%d]", ktr->ktr_code); 674 else 675 printf("%s", syscallnames[ktr->ktr_code]); 676 ip = &ktr->ktr_args[0]; 677 if (narg) { 678 char c = '('; 679 if (fancy && 680 (flags == 0 || (flags & SV_ABI_MASK) == SV_ABI_FREEBSD)) { 681 switch (ktr->ktr_code) { 682 case SYS_bindat: 683 case SYS_connectat: 684 case SYS_faccessat: 685 case SYS_fchmodat: 686 case SYS_fchownat: 687 case SYS_fstatat: 688 case SYS_futimesat: 689 case SYS_linkat: 690 case SYS_mkdirat: 691 case SYS_mkfifoat: 692 case SYS_mknodat: 693 case SYS_openat: 694 case SYS_readlinkat: 695 case SYS_renameat: 696 case SYS_unlinkat: 697 putchar('('); 698 atfdname(*ip, decimal); 699 c = ','; 700 ip++; 701 narg--; 702 break; 703 } 704 switch (ktr->ktr_code) { 705 case SYS_ioctl: { 706 print_number(ip, narg, c); 707 putchar(c); 708 ioctlname(*ip, decimal); 709 c = ','; 710 ip++; 711 narg--; 712 break; 713 } 714 case SYS_ptrace: 715 putchar('('); 716 ptraceopname(*ip); 717 c = ','; 718 ip++; 719 narg--; 720 break; 721 case SYS_access: 722 case SYS_eaccess: 723 case SYS_faccessat: 724 print_number(ip, narg, c); 725 putchar(','); 726 accessmodename(*ip); 727 ip++; 728 narg--; 729 break; 730 case SYS_open: 731 case SYS_openat: 732 print_number(ip, narg, c); 733 putchar(','); 734 flagsandmodename(ip[0], ip[1], decimal); 735 ip += 2; 736 narg -= 2; 737 break; 738 case SYS_wait4: 739 print_number(ip, narg, c); 740 print_number(ip, narg, c); 741 /* 742 * A flags value of zero is valid for 743 * wait4() but not for wait6(), so 744 * handle zero special here. 745 */ 746 if (*ip == 0) { 747 print_number(ip, narg, c); 748 } else { 749 putchar(','); 750 wait6optname(*ip); 751 ip++; 752 narg--; 753 } 754 break; 755 case SYS_wait6: 756 putchar('('); 757 idtypename(*ip, decimal); 758 c = ','; 759 ip++; 760 narg--; 761 print_number(ip, narg, c); 762 print_number(ip, narg, c); 763 putchar(','); 764 wait6optname(*ip); 765 ip++; 766 narg--; 767 break; 768 case SYS_chmod: 769 case SYS_fchmod: 770 case SYS_lchmod: 771 print_number(ip, narg, c); 772 putchar(','); 773 modename(*ip); 774 ip++; 775 narg--; 776 break; 777 case SYS_mknod: 778 case SYS_mknodat: 779 print_number(ip, narg, c); 780 putchar(','); 781 modename(*ip); 782 ip++; 783 narg--; 784 break; 785 case SYS_getfsstat: 786 print_number(ip, narg, c); 787 print_number(ip, narg, c); 788 putchar(','); 789 getfsstatflagsname(*ip); 790 ip++; 791 narg--; 792 break; 793 case SYS_mount: 794 print_number(ip, narg, c); 795 print_number(ip, narg, c); 796 putchar(','); 797 mountflagsname(*ip); 798 ip++; 799 narg--; 800 break; 801 case SYS_unmount: 802 print_number(ip, narg, c); 803 putchar(','); 804 mountflagsname(*ip); 805 ip++; 806 narg--; 807 break; 808 case SYS_recvmsg: 809 case SYS_sendmsg: 810 print_number(ip, narg, c); 811 print_number(ip, narg, c); 812 putchar(','); 813 sendrecvflagsname(*ip); 814 ip++; 815 narg--; 816 break; 817 case SYS_recvfrom: 818 case SYS_sendto: 819 print_number(ip, narg, c); 820 print_number(ip, narg, c); 821 print_number(ip, narg, c); 822 putchar(','); 823 sendrecvflagsname(*ip); 824 ip++; 825 narg--; 826 break; 827 case SYS_chflags: 828 case SYS_fchflags: 829 case SYS_lchflags: 830 print_number(ip, narg, c); 831 putchar(','); 832 modename(*ip); 833 ip++; 834 narg--; 835 break; 836 case SYS_kill: 837 print_number(ip, narg, c); 838 putchar(','); 839 signame(*ip); 840 ip++; 841 narg--; 842 break; 843 case SYS_reboot: 844 putchar('('); 845 rebootoptname(*ip); 846 ip++; 847 narg--; 848 break; 849 case SYS_umask: 850 putchar('('); 851 modename(*ip); 852 ip++; 853 narg--; 854 break; 855 case SYS_msync: 856 print_number(ip, narg, c); 857 print_number(ip, narg, c); 858 putchar(','); 859 msyncflagsname(*ip); 860 ip++; 861 narg--; 862 break; 863 #ifdef SYS_freebsd6_mmap 864 case SYS_freebsd6_mmap: 865 print_number(ip, narg, c); 866 print_number(ip, narg, c); 867 putchar(','); 868 mmapprotname(*ip); 869 putchar(','); 870 ip++; 871 narg--; 872 mmapflagsname(*ip); 873 ip++; 874 narg--; 875 break; 876 #endif 877 case SYS_mmap: 878 print_number(ip, narg, c); 879 print_number(ip, narg, c); 880 putchar(','); 881 mmapprotname(*ip); 882 putchar(','); 883 ip++; 884 narg--; 885 mmapflagsname(*ip); 886 ip++; 887 narg--; 888 break; 889 case SYS_mprotect: 890 print_number(ip, narg, c); 891 print_number(ip, narg, c); 892 putchar(','); 893 mmapprotname(*ip); 894 ip++; 895 narg--; 896 break; 897 case SYS_madvise: 898 print_number(ip, narg, c); 899 print_number(ip, narg, c); 900 putchar(','); 901 madvisebehavname(*ip); 902 ip++; 903 narg--; 904 break; 905 case SYS_setpriority: 906 print_number(ip, narg, c); 907 print_number(ip, narg, c); 908 putchar(','); 909 prioname(*ip); 910 ip++; 911 narg--; 912 break; 913 case SYS_fcntl: 914 print_number(ip, narg, c); 915 putchar(','); 916 fcntlcmdname(ip[0], ip[1], decimal); 917 ip += 2; 918 narg -= 2; 919 break; 920 case SYS_socket: { 921 int sockdomain; 922 putchar('('); 923 sockdomain = *ip; 924 sockdomainname(sockdomain); 925 ip++; 926 narg--; 927 putchar(','); 928 socktypenamewithflags(*ip); 929 ip++; 930 narg--; 931 if (sockdomain == PF_INET || 932 sockdomain == PF_INET6) { 933 putchar(','); 934 sockipprotoname(*ip); 935 ip++; 936 narg--; 937 } 938 c = ','; 939 break; 940 } 941 case SYS_setsockopt: 942 case SYS_getsockopt: 943 print_number(ip, narg, c); 944 putchar(','); 945 sockoptlevelname(*ip, decimal); 946 if (*ip == SOL_SOCKET) { 947 ip++; 948 narg--; 949 putchar(','); 950 sockoptname(*ip); 951 } 952 ip++; 953 narg--; 954 break; 955 #ifdef SYS_freebsd6_lseek 956 case SYS_freebsd6_lseek: 957 print_number(ip, narg, c); 958 /* Hidden 'pad' argument, not in lseek(2) */ 959 print_number(ip, narg, c); 960 print_number(ip, narg, c); 961 putchar(','); 962 whencename(*ip); 963 ip++; 964 narg--; 965 break; 966 #endif 967 case SYS_lseek: 968 print_number(ip, narg, c); 969 /* Hidden 'pad' argument, not in lseek(2) */ 970 print_number(ip, narg, c); 971 putchar(','); 972 whencename(*ip); 973 ip++; 974 narg--; 975 break; 976 case SYS_flock: 977 print_number(ip, narg, c); 978 putchar(','); 979 flockname(*ip); 980 ip++; 981 narg--; 982 break; 983 case SYS_mkfifo: 984 case SYS_mkfifoat: 985 case SYS_mkdir: 986 case SYS_mkdirat: 987 print_number(ip, narg, c); 988 putchar(','); 989 modename(*ip); 990 ip++; 991 narg--; 992 break; 993 case SYS_shutdown: 994 print_number(ip, narg, c); 995 putchar(','); 996 shutdownhowname(*ip); 997 ip++; 998 narg--; 999 break; 1000 case SYS_socketpair: 1001 putchar('('); 1002 sockdomainname(*ip); 1003 ip++; 1004 narg--; 1005 putchar(','); 1006 socktypenamewithflags(*ip); 1007 ip++; 1008 narg--; 1009 c = ','; 1010 break; 1011 case SYS_getrlimit: 1012 case SYS_setrlimit: 1013 putchar('('); 1014 rlimitname(*ip); 1015 ip++; 1016 narg--; 1017 c = ','; 1018 break; 1019 case SYS_quotactl: 1020 print_number(ip, narg, c); 1021 putchar(','); 1022 quotactlname(*ip); 1023 ip++; 1024 narg--; 1025 c = ','; 1026 break; 1027 case SYS_nfssvc: 1028 putchar('('); 1029 nfssvcname(*ip); 1030 ip++; 1031 narg--; 1032 c = ','; 1033 break; 1034 case SYS_rtprio: 1035 putchar('('); 1036 rtprioname(*ip); 1037 ip++; 1038 narg--; 1039 c = ','; 1040 break; 1041 case SYS___semctl: 1042 print_number(ip, narg, c); 1043 print_number(ip, narg, c); 1044 putchar(','); 1045 semctlname(*ip); 1046 ip++; 1047 narg--; 1048 break; 1049 case SYS_semget: 1050 print_number(ip, narg, c); 1051 print_number(ip, narg, c); 1052 putchar(','); 1053 semgetname(*ip); 1054 ip++; 1055 narg--; 1056 break; 1057 case SYS_msgctl: 1058 print_number(ip, narg, c); 1059 putchar(','); 1060 shmctlname(*ip); 1061 ip++; 1062 narg--; 1063 break; 1064 case SYS_shmat: 1065 print_number(ip, narg, c); 1066 print_number(ip, narg, c); 1067 putchar(','); 1068 shmatname(*ip); 1069 ip++; 1070 narg--; 1071 break; 1072 case SYS_shmctl: 1073 print_number(ip, narg, c); 1074 putchar(','); 1075 shmctlname(*ip); 1076 ip++; 1077 narg--; 1078 break; 1079 case SYS_minherit: 1080 print_number(ip, narg, c); 1081 print_number(ip, narg, c); 1082 putchar(','); 1083 minheritname(*ip); 1084 ip++; 1085 narg--; 1086 break; 1087 case SYS_rfork: 1088 putchar('('); 1089 rforkname(*ip); 1090 ip++; 1091 narg--; 1092 c = ','; 1093 break; 1094 case SYS_lio_listio: 1095 putchar('('); 1096 lio_listioname(*ip); 1097 ip++; 1098 narg--; 1099 c = ','; 1100 break; 1101 case SYS_mlockall: 1102 putchar('('); 1103 mlockallname(*ip); 1104 ip++; 1105 narg--; 1106 break; 1107 case SYS_sched_setscheduler: 1108 print_number(ip, narg, c); 1109 putchar(','); 1110 schedpolicyname(*ip); 1111 ip++; 1112 narg--; 1113 break; 1114 case SYS_sched_get_priority_max: 1115 case SYS_sched_get_priority_min: 1116 putchar('('); 1117 schedpolicyname(*ip); 1118 ip++; 1119 narg--; 1120 break; 1121 case SYS_sendfile: 1122 print_number(ip, narg, c); 1123 print_number(ip, narg, c); 1124 print_number(ip, narg, c); 1125 print_number(ip, narg, c); 1126 print_number(ip, narg, c); 1127 print_number(ip, narg, c); 1128 putchar(','); 1129 sendfileflagsname(*ip); 1130 ip++; 1131 narg--; 1132 break; 1133 case SYS_kldsym: 1134 print_number(ip, narg, c); 1135 putchar(','); 1136 kldsymcmdname(*ip); 1137 ip++; 1138 narg--; 1139 break; 1140 case SYS_sigprocmask: 1141 putchar('('); 1142 sigprocmaskhowname(*ip); 1143 ip++; 1144 narg--; 1145 c = ','; 1146 break; 1147 case SYS___acl_get_file: 1148 case SYS___acl_set_file: 1149 case SYS___acl_get_fd: 1150 case SYS___acl_set_fd: 1151 case SYS___acl_delete_file: 1152 case SYS___acl_delete_fd: 1153 case SYS___acl_aclcheck_file: 1154 case SYS___acl_aclcheck_fd: 1155 case SYS___acl_get_link: 1156 case SYS___acl_set_link: 1157 case SYS___acl_delete_link: 1158 case SYS___acl_aclcheck_link: 1159 print_number(ip, narg, c); 1160 putchar(','); 1161 acltypename(*ip); 1162 ip++; 1163 narg--; 1164 break; 1165 case SYS_sigaction: 1166 putchar('('); 1167 signame(*ip); 1168 ip++; 1169 narg--; 1170 c = ','; 1171 break; 1172 case SYS_extattrctl: 1173 print_number(ip, narg, c); 1174 putchar(','); 1175 extattrctlname(*ip); 1176 ip++; 1177 narg--; 1178 break; 1179 case SYS_nmount: 1180 print_number(ip, narg, c); 1181 print_number(ip, narg, c); 1182 putchar(','); 1183 mountflagsname(*ip); 1184 ip++; 1185 narg--; 1186 break; 1187 case SYS_thr_create: 1188 print_number(ip, narg, c); 1189 print_number(ip, narg, c); 1190 putchar(','); 1191 thrcreateflagsname(*ip); 1192 ip++; 1193 narg--; 1194 break; 1195 case SYS_thr_kill: 1196 print_number(ip, narg, c); 1197 putchar(','); 1198 signame(*ip); 1199 ip++; 1200 narg--; 1201 break; 1202 case SYS_kldunloadf: 1203 print_number(ip, narg, c); 1204 putchar(','); 1205 kldunloadfflagsname(*ip); 1206 ip++; 1207 narg--; 1208 break; 1209 case SYS_linkat: 1210 case SYS_renameat: 1211 case SYS_symlinkat: 1212 print_number(ip, narg, c); 1213 putchar(','); 1214 atfdname(*ip, decimal); 1215 ip++; 1216 narg--; 1217 break; 1218 case SYS_cap_fcntls_limit: 1219 print_number(ip, narg, c); 1220 putchar(','); 1221 arg = *ip; 1222 ip++; 1223 narg--; 1224 capfcntlname(arg); 1225 break; 1226 case SYS_posix_fadvise: 1227 print_number(ip, narg, c); 1228 print_number(ip, narg, c); 1229 print_number(ip, narg, c); 1230 (void)putchar(','); 1231 fadvisebehavname((int)*ip); 1232 ip++; 1233 narg--; 1234 break; 1235 case SYS_procctl: 1236 putchar('('); 1237 idtypename(*ip, decimal); 1238 c = ','; 1239 ip++; 1240 narg--; 1241 print_number(ip, narg, c); 1242 putchar(','); 1243 procctlcmdname(*ip); 1244 ip++; 1245 narg--; 1246 break; 1247 } 1248 } 1249 while (narg > 0) { 1250 print_number(ip, narg, c); 1251 } 1252 putchar(')'); 1253 } 1254 putchar('\n'); 1255 } 1256 1257 void 1258 ktrsysret(struct ktr_sysret *ktr, u_int flags) 1259 { 1260 register_t ret = ktr->ktr_retval; 1261 int error = ktr->ktr_error; 1262 int code = ktr->ktr_code; 1263 1264 if ((flags != 0 && ((flags & SV_ABI_MASK) != SV_ABI_FREEBSD)) || 1265 (code >= nsyscalls || code < 0)) 1266 printf("[%d] ", code); 1267 else 1268 printf("%s ", syscallnames[code]); 1269 1270 if (error == 0) { 1271 if (fancy) { 1272 printf("%ld", (long)ret); 1273 if (ret < 0 || ret > 9) 1274 printf("/%#lx", (unsigned long)ret); 1275 } else { 1276 if (decimal) 1277 printf("%ld", (long)ret); 1278 else 1279 printf("%#lx", (unsigned long)ret); 1280 } 1281 } else if (error == ERESTART) 1282 printf("RESTART"); 1283 else if (error == EJUSTRETURN) 1284 printf("JUSTRETURN"); 1285 else { 1286 printf("-1 errno %d", ktr->ktr_error); 1287 if (fancy) 1288 printf(" %s", strerror(ktr->ktr_error)); 1289 } 1290 putchar('\n'); 1291 } 1292 1293 void 1294 ktrnamei(char *cp, int len) 1295 { 1296 printf("\"%.*s\"\n", len, cp); 1297 } 1298 1299 void 1300 hexdump(char *p, int len, int screenwidth) 1301 { 1302 int n, i; 1303 int width; 1304 1305 width = 0; 1306 do { 1307 width += 2; 1308 i = 13; /* base offset */ 1309 i += (width / 2) + 1; /* spaces every second byte */ 1310 i += (width * 2); /* width of bytes */ 1311 i += 3; /* " |" */ 1312 i += width; /* each byte */ 1313 i += 1; /* "|" */ 1314 } while (i < screenwidth); 1315 width -= 2; 1316 1317 for (n = 0; n < len; n += width) { 1318 for (i = n; i < n + width; i++) { 1319 if ((i % width) == 0) { /* beginning of line */ 1320 printf(" 0x%04x", i); 1321 } 1322 if ((i % 2) == 0) { 1323 printf(" "); 1324 } 1325 if (i < len) 1326 printf("%02x", p[i] & 0xff); 1327 else 1328 printf(" "); 1329 } 1330 printf(" |"); 1331 for (i = n; i < n + width; i++) { 1332 if (i >= len) 1333 break; 1334 if (p[i] >= ' ' && p[i] <= '~') 1335 printf("%c", p[i]); 1336 else 1337 printf("."); 1338 } 1339 printf("|\n"); 1340 } 1341 if ((i % width) != 0) 1342 printf("\n"); 1343 } 1344 1345 void 1346 visdump(char *dp, int datalen, int screenwidth) 1347 { 1348 int col = 0; 1349 char *cp; 1350 int width; 1351 char visbuf[5]; 1352 1353 printf(" \""); 1354 col = 8; 1355 for (;datalen > 0; datalen--, dp++) { 1356 vis(visbuf, *dp, VIS_CSTYLE, *(dp+1)); 1357 cp = visbuf; 1358 /* 1359 * Keep track of printables and 1360 * space chars (like fold(1)). 1361 */ 1362 if (col == 0) { 1363 putchar('\t'); 1364 col = 8; 1365 } 1366 switch(*cp) { 1367 case '\n': 1368 col = 0; 1369 putchar('\n'); 1370 continue; 1371 case '\t': 1372 width = 8 - (col&07); 1373 break; 1374 default: 1375 width = strlen(cp); 1376 } 1377 if (col + width > (screenwidth-2)) { 1378 printf("\\\n\t"); 1379 col = 8; 1380 } 1381 col += width; 1382 do { 1383 putchar(*cp++); 1384 } while (*cp); 1385 } 1386 if (col == 0) 1387 printf(" "); 1388 printf("\"\n"); 1389 } 1390 1391 void 1392 ktrgenio(struct ktr_genio *ktr, int len) 1393 { 1394 int datalen = len - sizeof (struct ktr_genio); 1395 char *dp = (char *)ktr + sizeof (struct ktr_genio); 1396 static int screenwidth = 0; 1397 int i, binary; 1398 1399 printf("fd %d %s %d byte%s\n", ktr->ktr_fd, 1400 ktr->ktr_rw == UIO_READ ? "read" : "wrote", datalen, 1401 datalen == 1 ? "" : "s"); 1402 if (suppressdata) 1403 return; 1404 if (screenwidth == 0) { 1405 struct winsize ws; 1406 1407 if (fancy && ioctl(fileno(stderr), TIOCGWINSZ, &ws) != -1 && 1408 ws.ws_col > 8) 1409 screenwidth = ws.ws_col; 1410 else 1411 screenwidth = 80; 1412 } 1413 if (maxdata && datalen > maxdata) 1414 datalen = maxdata; 1415 1416 for (i = 0, binary = 0; i < datalen && binary == 0; i++) { 1417 if (dp[i] >= 32 && dp[i] < 127) 1418 continue; 1419 if (dp[i] == 10 || dp[i] == 13 || dp[i] == 0 || dp[i] == 9) 1420 continue; 1421 binary = 1; 1422 } 1423 if (binary) 1424 hexdump(dp, datalen, screenwidth); 1425 else 1426 visdump(dp, datalen, screenwidth); 1427 } 1428 1429 const char *signames[] = { 1430 "NULL", "HUP", "INT", "QUIT", "ILL", "TRAP", "IOT", /* 1 - 6 */ 1431 "EMT", "FPE", "KILL", "BUS", "SEGV", "SYS", /* 7 - 12 */ 1432 "PIPE", "ALRM", "TERM", "URG", "STOP", "TSTP", /* 13 - 18 */ 1433 "CONT", "CHLD", "TTIN", "TTOU", "IO", "XCPU", /* 19 - 24 */ 1434 "XFSZ", "VTALRM", "PROF", "WINCH", "29", "USR1", /* 25 - 30 */ 1435 "USR2", NULL, /* 31 - 32 */ 1436 }; 1437 1438 void 1439 ktrpsig(struct ktr_psig *psig) 1440 { 1441 if (psig->signo > 0 && psig->signo < NSIG) 1442 printf("SIG%s ", signames[psig->signo]); 1443 else 1444 printf("SIG %d ", psig->signo); 1445 if (psig->action == SIG_DFL) { 1446 printf("SIG_DFL code="); 1447 sigcodename(psig->signo, psig->code); 1448 putchar('\n'); 1449 } else { 1450 printf("caught handler=0x%lx mask=0x%x code=", 1451 (u_long)psig->action, psig->mask.__bits[0]); 1452 sigcodename(psig->signo, psig->code); 1453 putchar('\n'); 1454 } 1455 } 1456 1457 void 1458 ktrcsw_old(struct ktr_csw_old *cs) 1459 { 1460 printf("%s %s\n", cs->out ? "stop" : "resume", 1461 cs->user ? "user" : "kernel"); 1462 } 1463 1464 void 1465 ktrcsw(struct ktr_csw *cs) 1466 { 1467 printf("%s %s \"%s\"\n", cs->out ? "stop" : "resume", 1468 cs->user ? "user" : "kernel", cs->wmesg); 1469 } 1470 1471 #define UTRACE_DLOPEN_START 1 1472 #define UTRACE_DLOPEN_STOP 2 1473 #define UTRACE_DLCLOSE_START 3 1474 #define UTRACE_DLCLOSE_STOP 4 1475 #define UTRACE_LOAD_OBJECT 5 1476 #define UTRACE_UNLOAD_OBJECT 6 1477 #define UTRACE_ADD_RUNDEP 7 1478 #define UTRACE_PRELOAD_FINISHED 8 1479 #define UTRACE_INIT_CALL 9 1480 #define UTRACE_FINI_CALL 10 1481 1482 struct utrace_rtld { 1483 char sig[4]; /* 'RTLD' */ 1484 int event; 1485 void *handle; 1486 void *mapbase; 1487 size_t mapsize; 1488 int refcnt; 1489 char name[MAXPATHLEN]; 1490 }; 1491 1492 void 1493 ktruser_rtld(int len, unsigned char *p) 1494 { 1495 struct utrace_rtld *ut = (struct utrace_rtld *)p; 1496 void *parent; 1497 int mode; 1498 1499 switch (ut->event) { 1500 case UTRACE_DLOPEN_START: 1501 mode = ut->refcnt; 1502 printf("dlopen(%s, ", ut->name); 1503 switch (mode & RTLD_MODEMASK) { 1504 case RTLD_NOW: 1505 printf("RTLD_NOW"); 1506 break; 1507 case RTLD_LAZY: 1508 printf("RTLD_LAZY"); 1509 break; 1510 default: 1511 printf("%#x", mode & RTLD_MODEMASK); 1512 } 1513 if (mode & RTLD_GLOBAL) 1514 printf(" | RTLD_GLOBAL"); 1515 if (mode & RTLD_TRACE) 1516 printf(" | RTLD_TRACE"); 1517 if (mode & ~(RTLD_MODEMASK | RTLD_GLOBAL | RTLD_TRACE)) 1518 printf(" | %#x", mode & 1519 ~(RTLD_MODEMASK | RTLD_GLOBAL | RTLD_TRACE)); 1520 printf(")\n"); 1521 break; 1522 case UTRACE_DLOPEN_STOP: 1523 printf("%p = dlopen(%s) ref %d\n", ut->handle, ut->name, 1524 ut->refcnt); 1525 break; 1526 case UTRACE_DLCLOSE_START: 1527 printf("dlclose(%p) (%s, %d)\n", ut->handle, ut->name, 1528 ut->refcnt); 1529 break; 1530 case UTRACE_DLCLOSE_STOP: 1531 printf("dlclose(%p) finished\n", ut->handle); 1532 break; 1533 case UTRACE_LOAD_OBJECT: 1534 printf("RTLD: loaded %p @ %p - %p (%s)\n", ut->handle, 1535 ut->mapbase, (char *)ut->mapbase + ut->mapsize - 1, 1536 ut->name); 1537 break; 1538 case UTRACE_UNLOAD_OBJECT: 1539 printf("RTLD: unloaded %p @ %p - %p (%s)\n", ut->handle, 1540 ut->mapbase, (char *)ut->mapbase + ut->mapsize - 1, 1541 ut->name); 1542 break; 1543 case UTRACE_ADD_RUNDEP: 1544 parent = ut->mapbase; 1545 printf("RTLD: %p now depends on %p (%s, %d)\n", parent, 1546 ut->handle, ut->name, ut->refcnt); 1547 break; 1548 case UTRACE_PRELOAD_FINISHED: 1549 printf("RTLD: LD_PRELOAD finished\n"); 1550 break; 1551 case UTRACE_INIT_CALL: 1552 printf("RTLD: init %p for %p (%s)\n", ut->mapbase, ut->handle, 1553 ut->name); 1554 break; 1555 case UTRACE_FINI_CALL: 1556 printf("RTLD: fini %p for %p (%s)\n", ut->mapbase, ut->handle, 1557 ut->name); 1558 break; 1559 default: 1560 p += 4; 1561 len -= 4; 1562 printf("RTLD: %d ", len); 1563 while (len--) 1564 if (decimal) 1565 printf(" %d", *p++); 1566 else 1567 printf(" %02x", *p++); 1568 printf("\n"); 1569 } 1570 } 1571 1572 struct utrace_malloc { 1573 void *p; 1574 size_t s; 1575 void *r; 1576 }; 1577 1578 void 1579 ktruser_malloc(unsigned char *p) 1580 { 1581 struct utrace_malloc *ut = (struct utrace_malloc *)p; 1582 1583 if (ut->p == (void *)(intptr_t)(-1)) 1584 printf("malloc_init()\n"); 1585 else if (ut->s == 0) 1586 printf("free(%p)\n", ut->p); 1587 else if (ut->p == NULL) 1588 printf("%p = malloc(%zu)\n", ut->r, ut->s); 1589 else 1590 printf("%p = realloc(%p, %zu)\n", ut->r, ut->p, ut->s); 1591 } 1592 1593 void 1594 ktruser(int len, unsigned char *p) 1595 { 1596 1597 if (len >= 8 && bcmp(p, "RTLD", 4) == 0) { 1598 ktruser_rtld(len, p); 1599 return; 1600 } 1601 1602 if (len == sizeof(struct utrace_malloc)) { 1603 ktruser_malloc(p); 1604 return; 1605 } 1606 1607 printf("%d ", len); 1608 while (len--) 1609 if (decimal) 1610 printf(" %d", *p++); 1611 else 1612 printf(" %02x", *p++); 1613 printf("\n"); 1614 } 1615 1616 void 1617 ktrcaprights(cap_rights_t *rightsp) 1618 { 1619 1620 printf("cap_rights_t "); 1621 capname(rightsp); 1622 printf("\n"); 1623 } 1624 1625 void 1626 ktrsockaddr(struct sockaddr *sa) 1627 { 1628 /* 1629 TODO: Support additional address families 1630 #include <netnatm/natm.h> 1631 struct sockaddr_natm *natm; 1632 #include <netsmb/netbios.h> 1633 struct sockaddr_nb *nb; 1634 */ 1635 char addr[64]; 1636 1637 /* 1638 * note: ktrstruct() has already verified that sa points to a 1639 * buffer at least sizeof(struct sockaddr) bytes long and exactly 1640 * sa->sa_len bytes long. 1641 */ 1642 printf("struct sockaddr { "); 1643 sockfamilyname(sa->sa_family); 1644 printf(", "); 1645 1646 #define check_sockaddr_len(n) \ 1647 if (sa_##n.s##n##_len < sizeof(struct sockaddr_##n)) { \ 1648 printf("invalid"); \ 1649 break; \ 1650 } 1651 1652 switch(sa->sa_family) { 1653 case AF_INET: { 1654 struct sockaddr_in sa_in; 1655 1656 memset(&sa_in, 0, sizeof(sa_in)); 1657 memcpy(&sa_in, sa, sa->sa_len); 1658 check_sockaddr_len(in); 1659 inet_ntop(AF_INET, &sa_in.sin_addr, addr, sizeof addr); 1660 printf("%s:%u", addr, ntohs(sa_in.sin_port)); 1661 break; 1662 } 1663 #ifdef NETATALK 1664 case AF_APPLETALK: { 1665 struct sockaddr_at sa_at; 1666 struct netrange *nr; 1667 1668 memset(&sa_at, 0, sizeof(sa_at)); 1669 memcpy(&sa_at, sa, sa->sa_len); 1670 check_sockaddr_len(at); 1671 nr = &sa_at.sat_range.r_netrange; 1672 printf("%d.%d, %d-%d, %d", ntohs(sa_at.sat_addr.s_net), 1673 sa_at.sat_addr.s_node, ntohs(nr->nr_firstnet), 1674 ntohs(nr->nr_lastnet), nr->nr_phase); 1675 break; 1676 } 1677 #endif 1678 case AF_INET6: { 1679 struct sockaddr_in6 sa_in6; 1680 1681 memset(&sa_in6, 0, sizeof(sa_in6)); 1682 memcpy(&sa_in6, sa, sa->sa_len); 1683 check_sockaddr_len(in6); 1684 getnameinfo((struct sockaddr *)&sa_in6, sizeof(sa_in6), 1685 addr, sizeof(addr), NULL, 0, NI_NUMERICHOST); 1686 printf("[%s]:%u", addr, htons(sa_in6.sin6_port)); 1687 break; 1688 } 1689 #ifdef IPX 1690 case AF_IPX: { 1691 struct sockaddr_ipx sa_ipx; 1692 1693 memset(&sa_ipx, 0, sizeof(sa_ipx)); 1694 memcpy(&sa_ipx, sa, sa->sa_len); 1695 check_sockaddr_len(ipx); 1696 /* XXX wish we had ipx_ntop */ 1697 printf("%s", ipx_ntoa(sa_ipx.sipx_addr)); 1698 free(sa_ipx); 1699 break; 1700 } 1701 #endif 1702 case AF_UNIX: { 1703 struct sockaddr_un sa_un; 1704 1705 memset(&sa_un, 0, sizeof(sa_un)); 1706 memcpy(&sa_un, sa, sa->sa_len); 1707 printf("%.*s", (int)sizeof(sa_un.sun_path), sa_un.sun_path); 1708 break; 1709 } 1710 default: 1711 printf("unknown address family"); 1712 } 1713 printf(" }\n"); 1714 } 1715 1716 void 1717 ktrstat(struct stat *statp) 1718 { 1719 char mode[12], timestr[PATH_MAX + 4]; 1720 struct passwd *pwd; 1721 struct group *grp; 1722 struct tm *tm; 1723 1724 /* 1725 * note: ktrstruct() has already verified that statp points to a 1726 * buffer exactly sizeof(struct stat) bytes long. 1727 */ 1728 printf("struct stat {"); 1729 printf("dev=%ju, ino=%ju, ", 1730 (uintmax_t)statp->st_dev, (uintmax_t)statp->st_ino); 1731 if (resolv == 0) 1732 printf("mode=0%jo, ", (uintmax_t)statp->st_mode); 1733 else { 1734 strmode(statp->st_mode, mode); 1735 printf("mode=%s, ", mode); 1736 } 1737 printf("nlink=%ju, ", (uintmax_t)statp->st_nlink); 1738 if (resolv == 0) { 1739 pwd = NULL; 1740 } else { 1741 #ifdef HAVE_LIBCAPSICUM 1742 if (cappwd != NULL) 1743 pwd = cap_getpwuid(cappwd, statp->st_uid); 1744 else 1745 #endif 1746 pwd = getpwuid(statp->st_uid); 1747 } 1748 if (pwd == NULL) 1749 printf("uid=%ju, ", (uintmax_t)statp->st_uid); 1750 else 1751 printf("uid=\"%s\", ", pwd->pw_name); 1752 if (resolv == 0) { 1753 grp = NULL; 1754 } else { 1755 #ifdef HAVE_LIBCAPSICUM 1756 if (capgrp != NULL) 1757 grp = cap_getgrgid(capgrp, statp->st_gid); 1758 else 1759 #endif 1760 grp = getgrgid(statp->st_gid); 1761 } 1762 if (grp == NULL) 1763 printf("gid=%ju, ", (uintmax_t)statp->st_gid); 1764 else 1765 printf("gid=\"%s\", ", grp->gr_name); 1766 printf("rdev=%ju, ", (uintmax_t)statp->st_rdev); 1767 printf("atime="); 1768 if (resolv == 0) 1769 printf("%jd", (intmax_t)statp->st_atim.tv_sec); 1770 else { 1771 tm = localtime(&statp->st_atim.tv_sec); 1772 strftime(timestr, sizeof(timestr), TIME_FORMAT, tm); 1773 printf("\"%s\"", timestr); 1774 } 1775 if (statp->st_atim.tv_nsec != 0) 1776 printf(".%09ld, ", statp->st_atim.tv_nsec); 1777 else 1778 printf(", "); 1779 printf("stime="); 1780 if (resolv == 0) 1781 printf("%jd", (intmax_t)statp->st_mtim.tv_sec); 1782 else { 1783 tm = localtime(&statp->st_mtim.tv_sec); 1784 strftime(timestr, sizeof(timestr), TIME_FORMAT, tm); 1785 printf("\"%s\"", timestr); 1786 } 1787 if (statp->st_mtim.tv_nsec != 0) 1788 printf(".%09ld, ", statp->st_mtim.tv_nsec); 1789 else 1790 printf(", "); 1791 printf("ctime="); 1792 if (resolv == 0) 1793 printf("%jd", (intmax_t)statp->st_ctim.tv_sec); 1794 else { 1795 tm = localtime(&statp->st_ctim.tv_sec); 1796 strftime(timestr, sizeof(timestr), TIME_FORMAT, tm); 1797 printf("\"%s\"", timestr); 1798 } 1799 if (statp->st_ctim.tv_nsec != 0) 1800 printf(".%09ld, ", statp->st_ctim.tv_nsec); 1801 else 1802 printf(", "); 1803 printf("birthtime="); 1804 if (resolv == 0) 1805 printf("%jd", (intmax_t)statp->st_birthtim.tv_sec); 1806 else { 1807 tm = localtime(&statp->st_birthtim.tv_sec); 1808 strftime(timestr, sizeof(timestr), TIME_FORMAT, tm); 1809 printf("\"%s\"", timestr); 1810 } 1811 if (statp->st_birthtim.tv_nsec != 0) 1812 printf(".%09ld, ", statp->st_birthtim.tv_nsec); 1813 else 1814 printf(", "); 1815 printf("size=%jd, blksize=%ju, blocks=%jd, flags=0x%x", 1816 (uintmax_t)statp->st_size, (uintmax_t)statp->st_blksize, 1817 (intmax_t)statp->st_blocks, statp->st_flags); 1818 printf(" }\n"); 1819 } 1820 1821 void 1822 ktrstruct(char *buf, size_t buflen) 1823 { 1824 char *name, *data; 1825 size_t namelen, datalen; 1826 int i; 1827 cap_rights_t rights; 1828 struct stat sb; 1829 struct sockaddr_storage ss; 1830 1831 for (name = buf, namelen = 0; 1832 namelen < buflen && name[namelen] != '\0'; 1833 ++namelen) 1834 /* nothing */; 1835 if (namelen == buflen) 1836 goto invalid; 1837 if (name[namelen] != '\0') 1838 goto invalid; 1839 data = buf + namelen + 1; 1840 datalen = buflen - namelen - 1; 1841 if (datalen == 0) 1842 goto invalid; 1843 /* sanity check */ 1844 for (i = 0; i < (int)namelen; ++i) 1845 if (!isalpha(name[i])) 1846 goto invalid; 1847 if (strcmp(name, "caprights") == 0) { 1848 if (datalen != sizeof(cap_rights_t)) 1849 goto invalid; 1850 memcpy(&rights, data, datalen); 1851 ktrcaprights(&rights); 1852 } else if (strcmp(name, "stat") == 0) { 1853 if (datalen != sizeof(struct stat)) 1854 goto invalid; 1855 memcpy(&sb, data, datalen); 1856 ktrstat(&sb); 1857 } else if (strcmp(name, "sockaddr") == 0) { 1858 if (datalen > sizeof(ss)) 1859 goto invalid; 1860 memcpy(&ss, data, datalen); 1861 if (datalen != ss.ss_len) 1862 goto invalid; 1863 ktrsockaddr((struct sockaddr *)&ss); 1864 } else { 1865 printf("unknown structure\n"); 1866 } 1867 return; 1868 invalid: 1869 printf("invalid record\n"); 1870 } 1871 1872 void 1873 ktrcapfail(struct ktr_cap_fail *ktr) 1874 { 1875 switch (ktr->cap_type) { 1876 case CAPFAIL_NOTCAPABLE: 1877 /* operation on fd with insufficient capabilities */ 1878 printf("operation requires "); 1879 capname(&ktr->cap_needed); 1880 printf(", descriptor holds "); 1881 capname(&ktr->cap_held); 1882 break; 1883 case CAPFAIL_INCREASE: 1884 /* requested more capabilities than fd already has */ 1885 printf("attempt to increase capabilities from "); 1886 capname(&ktr->cap_held); 1887 printf(" to "); 1888 capname(&ktr->cap_needed); 1889 break; 1890 case CAPFAIL_SYSCALL: 1891 /* called restricted syscall */ 1892 printf("disallowed system call"); 1893 break; 1894 case CAPFAIL_LOOKUP: 1895 /* used ".." in strict-relative mode */ 1896 printf("restricted VFS lookup"); 1897 break; 1898 default: 1899 printf("unknown capability failure: "); 1900 capname(&ktr->cap_needed); 1901 printf(" "); 1902 capname(&ktr->cap_held); 1903 break; 1904 } 1905 printf("\n"); 1906 } 1907 1908 void 1909 ktrfault(struct ktr_fault *ktr) 1910 { 1911 1912 printf("0x%jx ", ktr->vaddr); 1913 vmprotname(ktr->type); 1914 printf("\n"); 1915 } 1916 1917 void 1918 ktrfaultend(struct ktr_faultend *ktr) 1919 { 1920 1921 vmresultname(ktr->result); 1922 printf("\n"); 1923 } 1924 1925 #if defined(__amd64__) || defined(__i386__) 1926 void 1927 linux_ktrsyscall(struct ktr_syscall *ktr) 1928 { 1929 int narg = ktr->ktr_narg; 1930 register_t *ip; 1931 1932 if (ktr->ktr_code >= nlinux_syscalls || ktr->ktr_code < 0) 1933 printf("[%d]", ktr->ktr_code); 1934 else 1935 printf("%s", linux_syscallnames[ktr->ktr_code]); 1936 ip = &ktr->ktr_args[0]; 1937 if (narg) { 1938 char c = '('; 1939 while (narg > 0) 1940 print_number(ip, narg, c); 1941 putchar(')'); 1942 } 1943 putchar('\n'); 1944 } 1945 1946 void 1947 linux_ktrsysret(struct ktr_sysret *ktr) 1948 { 1949 register_t ret = ktr->ktr_retval; 1950 int error = ktr->ktr_error; 1951 int code = ktr->ktr_code; 1952 1953 if (code >= nlinux_syscalls || code < 0) 1954 printf("[%d] ", code); 1955 else 1956 printf("%s ", linux_syscallnames[code]); 1957 1958 if (error == 0) { 1959 if (fancy) { 1960 printf("%ld", (long)ret); 1961 if (ret < 0 || ret > 9) 1962 printf("/%#lx", (unsigned long)ret); 1963 } else { 1964 if (decimal) 1965 printf("%ld", (long)ret); 1966 else 1967 printf("%#lx", (unsigned long)ret); 1968 } 1969 } else if (error == ERESTART) 1970 printf("RESTART"); 1971 else if (error == EJUSTRETURN) 1972 printf("JUSTRETURN"); 1973 else { 1974 if (ktr->ktr_error <= ELAST + 1) 1975 error = abs(bsd_to_linux_errno[ktr->ktr_error]); 1976 else 1977 error = 999; 1978 printf("-1 errno %d", error); 1979 if (fancy) 1980 printf(" %s", strerror(ktr->ktr_error)); 1981 } 1982 putchar('\n'); 1983 } 1984 #endif 1985 1986 void 1987 usage(void) 1988 { 1989 fprintf(stderr, "usage: kdump [-dEnlHRrsTA] [-f trfile] " 1990 "[-m maxdata] [-p pid] [-t trstr]\n"); 1991 exit(1); 1992 } 1993