Commit Graph

80 Commits

Author SHA1 Message Date
Konstantin Belousov
43ce0d902c truss: decode sysctl names.
Submitted by:	Pawel Biernacki
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D21688
2019-09-18 16:15:05 +00:00
John Baldwin
caa449b635 Use PT_GET_SC_ARGS and PT_GET_SC_RET in truss.
This removes all of the architecture-specific functions from truss.

A per-ABI structure is still needed to map syscall numbers to names
and FreeBSD errno values to ABI error values as well as hold syscall
counters.  However, the linker set of ABI structures is now replaced
with a simple table mapping ABI names to structures.  This approach
permits sharing the same ABI structure among separate names such as
i386 a.out and ELF binaries as well as ELF v1 vs ELF v2 for powerpc64.

A few differences are visible due to using PT_GET_SC_RET to fetch the
error value of a system call.  Note that ktrace/kdump have had the
"new" behaviors for a long time already:
- System calls that return with EJUSTRETURN or ERESTART will now be
  noticed and logged as such.  Previously sigreturn (which uses
  EJUSTRETURN) would report whatever random value was in the register
  holding errno from the previous system call for example.  Now it
  reports EJUSTRETURN.
- System calls that return errno as their error value such as
  posix_fallocate() and posix_fadvise() now report non-zero return
  values as errors instead of success with a non-zero return value.

Reviewed by:	kib
MFC after:	1 month
Sponsored by:	DARPA
Differential Revision:	https://reviews.freebsd.org/D20963
2019-07-16 22:59:15 +00:00
Thomas Munro
5b05dc5a8b truss: Fix display of shm_open(SHM_ANON, ...).
Currently truss(1) shows shm_open(SHM_ANON, ...) as shm_open("(null)", ...).
Detect the special value and display it by name.

Reviewed by:    jhb, allanjude, tuexen
Approved by:    mjg (mentor)
MFC with:       r339224
Differential Revision:  https://reviews.freebsd.org/D17461
2018-10-28 10:59:49 +00:00
John Baldwin
c830069674 Reformat the enum of syscall argument types.
List enum values on separate lines to minimize diffs as new types are
added.  Split the enum values up into groups and use some simple sorting
within groups (scalar enums are sorted by size, then base, all other
groups are generally sorted alphabetically).

No functional change.
2018-03-29 00:12:50 +00:00
John Baldwin
eee0738944 Rename ClouduABIFDSFlags to CloudABIFDSFlags. 2018-03-29 00:04:07 +00:00
Michael Tuexen
a2674e031c Decode msghdr argument of sendmsg() and recvmsg().
Sponsored by:		Netflix, Inc.
2018-01-15 20:39:42 +00:00
Michael Tuexen
4d7b980924 Improve support for sctp_generic_recvmsg() and sctp_generic_sendmsg()
and add support for sctp_generic_sendmsg_iov().

Handle the struct iovec argument and the struct sctp_sndrcvinfo
arguments.
2018-01-14 14:33:22 +00:00
Michael Tuexen
ee6e58b26e Add support for readv() and writev() to truss.
Sponsored by:	Netflix, Inc.
2018-01-13 13:59:35 +00:00
John Baldwin
9d9fee3eed Replace a reference to a license in another file with the license text.
The relevant file was recently renamed, so the reference was stale.
In addition, explicit licenses are more typical in our sources.
2017-11-29 05:07:54 +00:00
John Baldwin
ffb6607984 Decode kevent structures logged via ktrace(2) in kdump.
- Add a new KTR_STRUCT_ARRAY ktrace record type which dumps an array of
  structures.

  The structure name in the record payload is preceded by a size_t
  containing the size of the individual structures.  Use this to
  replace the previous code that dumped the kevent arrays dumped for
  kevent().  kdump is now able to decode the kevent structures rather
  than dumping their contents via a hexdump.

  One change from before is that the 'changes' and 'events' arrays are
  not marked with separate 'read' and 'write' annotations in kdump
  output.  Instead, the first array is the 'changes' array, and the
  second array (only present if kevent doesn't fail with an error) is
  the 'events' array.  For kevent(), empty arrays are denoted by an
  entry with an array containing zero entries rather than no record.

- Move kevent decoding tables from truss to libsysdecode.

  This adds three new functions to decode members of struct kevent:
  sysdecode_kevent_filter, sysdecode_kevent_flags, and
  sysdecode_kevent_fflags.

  kdump uses these helper functions to pretty-print kevent fields.

- Move structure definitions for freebsd11 and freebsd32 kevent
  structures to <sys/event.h> so that they can be shared with userland.
  The 32-bit structures are only exposed if _WANT_KEVENT32 is defined.
  The freebsd11 structures are only exposed if _WANT_FREEBSD11_KEVENT is
  defined.  The 32-bit freebsd11 structure requires both.

- Decode freebsd11 kevent structures in truss for the compat11.kevent()
  system call.

- Log 32-bit kevent structures via ktrace for 32-bit compat kevent()
  system calls.

- While here, constify the 'void *data' argument to ktrstruct().

Reviewed by:	kib (earlier version)
MFC after:	1 month
Differential Revision:	https://reviews.freebsd.org/D12470
2017-11-25 04:49:12 +00:00
John Baldwin
13e5e6b616 Decode signal information returned by system calls.
Specifically, decode the siginfo structure returned by sigtimedwait(),
sigwaitinfo(), and wait6().  While here, also decode the signal number
returned in the second argument to sigwait().
2017-08-30 15:45:23 +00:00
Warner Losh
8207f12d6a Decode FreeBSD 11 compat stat, fstat and lstat calls. 2017-06-23 18:06:46 +00:00
John Baldwin
a4110f9ffa Decode arguments to sched_* family of system calls.
This includes decoding both scheduler policy constants and the sched_param
structure for sched_get_priority_max(), sched_get_priority_min(),
sched_getparam(), sched_getscheduler(), sched_rr_get_interval(),
sched_setparam(), and sched_setscheduler().
2017-06-16 20:03:09 +00:00
John Baldwin
3cd40bc360 Decode arguments to rtprio() and rtprio_thread(). 2017-06-10 01:32:35 +00:00
John Baldwin
4152441f44 Decode the 'howto' argument to reboot(). 2017-06-10 01:22:40 +00:00
John Baldwin
dd0c462cf5 Decode the arguments to quotactl(). 2017-06-10 00:53:00 +00:00
John Baldwin
5ac1c7ac34 Decode the arguments to ptrace().
This does not decode structures returned by ptrace().
2017-06-10 00:45:07 +00:00
John Baldwin
ad419d3377 Decode arguments to getpriority() and setpriority(). 2017-06-10 00:37:02 +00:00
John Baldwin
114aeee03b Decode arguments passed to msync(). 2017-06-08 08:10:57 +00:00
John Baldwin
8acc8e78ea Decode flags passed to mount(), nmount(), and unmount(). 2017-06-08 08:07:51 +00:00
John Baldwin
94bde7556c Decode arguments to mlock(), mlockall(), and munlock(). 2017-06-08 04:50:50 +00:00
John Baldwin
2d9c998859 Decode arguments to minherit(). 2017-06-08 04:45:13 +00:00
John Baldwin
26606dcaa7 Decode arguments passed to extended attribute related system calls.
The cmd argument passed to extattrctl() is not decoded as a string constant
but is just printed in hex.  The value is filesystem-specific but in
practice is only used with UFS1 filesystems.
2017-06-08 04:31:15 +00:00
John Baldwin
7ce44f08f5 Decode arguments to ACL related system calls.
This only decodes the raw arguments but not the contents of the struct acl
objects.
2017-06-08 03:51:17 +00:00
John Baldwin
b60a095b93 Decode arguments to dup, dup2, getdirentries, pread, and pwrite.
- dup and dup2 print fd arguments in decimal.
- pread and pwrite are similar to read and write with the addition of the
  file offset.
- getdirentries displays the output entries as a string for now and also
  prints the value returned in *basep.  Eventually the buffer for
  getdirentries should perhaps be decoded as an array of dirent
  structures.

PR:		214885
Submitted by:	Jonathan de Boyne Pollard <J.deBoynePollard-newsgroups@NTLWorld.COM>
2017-06-05 05:25:50 +00:00
John Baldwin
ee8aa41dca Decode the 'who' argument passed to getrusage().
Add a new sysdecode_getrusage_who() which decodes the RUSAGE_* constant
passed as the first argument to getrusage().  Use this function in both
kdump and truss to decode the first argument to getrusage().

PR:		215448
Submitted by:	Anton Yuzhaninov <citrin+pr@citrin.ru>
MFC after:	1 month
2017-06-03 14:22:15 +00:00
John Baldwin
ebb2cc40d1 Decode the argument passed to cap_getmode().
The returned integer value is output.
2017-06-02 22:35:18 +00:00
John Baldwin
7136a1d97a Decode the arguments passed to __cap_rights_get() and cap_rights_limit().
Submitted by:	tobik
2017-06-02 13:33:50 +00:00
Michael Tuexen
8b429b6569 Decode the fourth argument of sendto and recvfrom call. 2017-05-03 12:23:58 +00:00
Michael Tuexen
832af45715 Add support for [gs]etsockopt(). 2017-05-03 12:18:09 +00:00
Michael Tuexen
ecac235bb0 Decode the third argument of socket(). 2017-05-03 09:23:13 +00:00
Michael Tuexen
58227c6061 Add Socklent for handling args of type socklen_t. 2017-05-03 09:20:36 +00:00
John Baldwin
98fdbeec47 Decode arguments to madvise(). 2017-03-19 00:31:21 +00:00
John Baldwin
e261fb2a5b Add a Sizet type for 'size_t' values and use it instead of Int.
Various size_t arguments were previously decoded as Int values instead
which would have truncated values above 2^31 on 64-bit systems.
2017-03-19 00:27:07 +00:00
John Baldwin
94e854c517 Decode arguments passed to kldsym() and kldunloadf().
This does not currently decode the kld_sym_lookup structure passed to
kldsym().
2017-03-18 19:59:21 +00:00
John Baldwin
ab43bedcce Decode arguments passed to getfsstat().
Note that this does not yet decode the statfs structures returned by
getfsstat().
2017-03-18 18:31:45 +00:00
John Baldwin
dd92181f60 Decode flock() operation. 2017-03-18 18:26:56 +00:00
John Baldwin
27459358ed Decode file flags passed to *chflags*().
While here, decode arguments passed to fchflags() and chflagsat().
2017-03-18 18:21:41 +00:00
John Baldwin
d2a9748593 Decode arguments passed to posix_fadvise(). 2017-03-18 18:12:09 +00:00
John Baldwin
bed418c8bd Decode the arguments passed to cap_fcntls_get() and cap_fcntls_limit(). 2017-03-18 18:10:02 +00:00
John Baldwin
1175b23f77 Rework syscall structure lookups.
Avoid always using an O(n^2) loop over known syscall structures with
strcmp() on each system call.  Instead, use a per-ABI cache indexed by
the system call number. The first 1024 system calls (which should cover
all of the normal system calls in currently-supported ABIs) use a flat array
indexed by the system call number to find system call structure.  For other
system calls, a linked list of structures storing an integer to structure
mapping is stored in the ABI.  The linked list isn't very smart, but it
should only be used by buggy applications invoking unknown system calls.

This also fixes handling of unknown system calls which currently trigger
a NULL pointer dereference.

Reviewed by:	kib
MFC after:	2 weeks
2016-12-06 00:39:00 +00:00
John Baldwin
9289f547a2 Move mksubr from kdump into libsysdecode.
Restructure this script so that it generates a header of tables instead
of a source file.  The tables are included in a flags.c source file which
provides functions to decode various system call arguments.

For functions that decode an enumeration, the function returns a pointer
to a string for known values and NULL for unknown values.

For functions that do more complex decoding (typically of a bitmask), the
function accepts a pointer to a FILE object (open_memstream() can be used
as a string builder) to which decoded values are written.  If the
function operates on a bitmask, the function returns true if any bits
were decoded or false if the entire value was valid.  Additionally, the
third argument accepts a pointer to a value to which any undecoded bits
are stored.  This pointer can be NULL if the caller doesn't care about
remaining bits.

Convert kdump over to using decoder functions from libsysdecode instead of
mksubr.  truss also uses decoders from libsysdecode instead of private
lookup tables, though lookup tables for objects not decoded by kdump remain
in truss for now.  Eventually most of these tables should move into
libsysdecode as the automated table generation approach from mksubr is
less stale than the static tables in truss.

Some changes have been made to truss and kdump output:
- The flags passed to open() are now properly decoded in that one of
  O_RDONLY, O_RDWR, O_WRONLY, or O_EXEC is always included in a decoded
  mask.
- Optional arguments to open(), openat(), and fcntl() are only printed
  in kdump if they exist (e.g. the mode is only printed for open() if
  O_CREAT is set in the flags).
- Print argument to F_GETLK/SETLK/SETLKW in kdump as a pointer, not int.
- Include all procctl() commands.
- Correctly decode pipe2() flags in truss by not assuming full
  open()-like flags with O_RDONLY, etc.
- Decode file flags passed to *chflags() as file flags (UF_* and SF_*)
  rather than as a file mode.
- Fix decoding of quotactl() commands by splitting out the two command
  components instead of assuming the raw command value matches the
  primary command component.

In addition, truss and kdump now build without triggering any warnings.
All of the sysdecode manpages now include the required headers in the
synopsis.

Reviewed by:	kib (several older versions), wblock (manpages)
MFC after:	2 months
Differential Revision:	https://reviews.freebsd.org/D7847
2016-10-17 22:37:07 +00:00
John Baldwin
00ddbdf2ee Fetch the current thread and it's syscall state from the trussinfo object
instead of passing some of that state as arguments to print_syscall() and
print_syscallret().  This just makes the calls of these functions shorter
and easier to read.
2016-02-16 22:00:01 +00:00
Ed Schouten
808d980506 Properly format pointer size independent CloudABI system calls.
CloudABI has approximately 50 system calls that do not depend on the
pointer size of the system. As the ABI is pretty compact, it takes
little effort to each truss(8) the formatting rules for these system
calls. Start off by formatting pointer size independent system calls.

Changes:

- Make it possible to include the CloudABI system call definitions in
  FreeBSD userspace builds. Add ${root}/sys to the truss(8) Makefile so
  we can pull in <compat/cloudabi/cloudabi_syscalldefs.h>.
- Refactoring: patch up amd64-cloudabi64.c to use the CLOUDABI_*
  constants instead of rolling our own table.
- Add table entries for all of the system calls.
- Add new generic formatting types (UInt, IntArray) that we'll be using
  to format unsigned integers and arrays of integers.
- Add CloudABI specific formatting types.

Approved by:	jhb
Differential Revision:	https://reviews.freebsd.org/D3836
2015-10-08 05:27:45 +00:00
Bryan Drewery
195aef9962 truss: Add support for utrace(2).
This uses the kdump(1) utrace support code directly until a common library
is created.

This allows malloc(3) tracing with MALLOC_CONF=utrace:true and rtld tracing
with LD_UTRACE=1.  Unknown utrace(2) data is just printed as hex.

PR:		43819 [inspired by]
Reviewed by:	jhb
MFC after:	2 weeks
Relnotes:	yes
Differential Revision:	https://reviews.freebsd.org/D3819
2015-10-06 21:58:38 +00:00
Bryan Drewery
6c61b0f324 Fix tracking of unknown syscalls for 'truss -c'.
This is done by changing get_syscall() to either lookup the known syscall
or add it into the list with the default handlers for printing.

This also simplifies some code to not have to check if the syscall variable
is set or NULL.

Reviewed by:	jhb
Relnotes:	yes
Differential Revision:	https://reviews.freebsd.org/D3792
2015-10-05 18:08:35 +00:00
Bryan Drewery
a776866b44 Add decoding for struct statfs.
Reviewed by:	jhb (briefly)
2015-10-03 18:57:15 +00:00
John Baldwin
72df19e7ab The id_t type used to pass IDs to wait6(2) and procctl(6) is a 64-bit
integer.  Fix the argument decoding to treat this as a quad instead of an
int.  This includes using QUAD_ALIGN and QUAD_SLOTS as necessary.  To
continue printing IDs in decimal, add a new QuadHex argument type that
prints a 64-bit integer in hex, use QuadHex for the existing off_t arguments,
repurpose Quad to print a 64-bit integer in decimal, and use Quad for id_t
arguments.

This fixes the decoding of wait6(2) and procctl(2) on 32-bit platforms.
2015-10-01 17:50:41 +00:00
John Baldwin
2b75c8ad3d Several changes to truss.
- Refactor the interface between the ABI-independent code and the
  ABI-specific backends.  The backends now provide smaller hooks to
  fetch system call arguments and return values.  The rest of the
  system call entry and exit handling that was previously duplicated
  among all the backends has been moved to one place.
- Merge the loop when waiting for an event with the loop for handling stops.
  This also means not emulating a procfs-like interface on top of ptrace().
  Instead, use a single event loop that fetches process events via waitid().
  Among other things this allows us to report the full 32-bit exit value.
- Use PT_FOLLOW_FORK to follow new child processes instead of forking a new
  truss process for each new child.  This allows one truss process to monitor
  a tree of processes and truss -c should now display one total for the
  entire tree instead of separate summaries per process.
- Use the recently added fields to ptrace_lwpinfo to determine the current
  system call number and argument count.  The latter is especially useful
  and fixes a regression since the conversion from procfs.  truss now
  generally prints the correct number of arguments for most system calls
  rather than printing extra arguments for any call not listed in the
  table in syscalls.c.
- Actually check the new ABI when processes call exec.  The comments claimed
  that this happened but it was not being done (perhaps this was another
  regression in the conversion to ptrace()).  If the new ABI after exec
  is not supported, truss detaches from the process.  If truss does not
  support the ABI for a newly executed process the process is killed
  before it returns from exec.
- Along with the refactor, teach the various ABI-specific backends to
  fetch both return values, not just the first.  Use this to properly
  report the full 64-bit return value from lseek().  In addition, the
  handler for "pipe" now pulls the pair of descriptors out of the
  return values (which is the true kernel system call interface) but
  displays them as an argument (which matches the interface exported by
  libc).
- Each ABI handler adds entries to a linker set rather than requiring
  a statically defined table of handlers in main.c.
- The arm and mips system call fetching code was changed to follow the
  same pattern as amd64 (and the in-kernel handler) of fetching register
  arguments first and then reading any remaining arguments from the
  stack.  This should fix indirect system call arguments on at least
  arm.
- The mipsn32 and n64 ABIs will now look for arguments in A4 through A7.
- Use register %ebp for the 6th system call argument for Linux/i386 ABIs
  to match the in-kernel argument fetch code.
- For powerpc binaries on a powerpc64 system, fetch the extra arguments
  on the stack as 32-bit values that are then copied into the 64-bit
  argument array instead of reading the 32-bit values directly into the
  64-bit array.

Reviewed by:	kib (earlier version)
Tested on:	amd64 (FreeBSD/amd64 & i386), i386, arm (earlier version)
Tested on:	powerpc64 (FreeBSD/powerpc64 & powerpc)
MFC after:	1 month
Differential Revision:	https://reviews.freebsd.org/D3575
2015-09-30 19:13:32 +00:00
John Baldwin
9e07e493b3 Trim trailing whitespace. 2015-09-30 00:08:24 +00:00