[PATCH] Decode paths associated with file descriptors returned by syscalls
Dmitry V. Levin
ldv at altlinux.org
Fri May 30 16:15:12 UTC 2014
Hi Zubin,
On Fri, May 30, 2014 at 12:27:21PM +0530, zubin.mithra at gmail.com wrote:
> From: Zubin Mithra <zubin.mithra at gmail.com>
>
> * defs.h (returns_fd): New prototype.
> * util.c (returns_fd): New function that checks if the tcb refers
> to a function that returns a file descriptor.
> * syscall.c (trace_syscall_exiting): Use returns_fd to determine whether
> tcp->u_rval is a file descriptor.
>
> Signed-off-by: Zubin Mithra <zubin.mithra at gmail.com>
> ---
> defs.h | 1 +
> syscall.c | 7 ++++++-
> util.c | 11 +++++++++++
> 3 files changed, 18 insertions(+), 1 deletion(-)
>
> diff --git a/defs.h b/defs.h
> index 4e06a92..25551a3 100644
> --- a/defs.h
> +++ b/defs.h
> @@ -625,6 +625,7 @@ extern long getrval2(struct tcb *);
> */
> extern int setbpt(struct tcb *);
> extern int clearbpt(struct tcb *);
> +extern bool returns_fd(struct tcb *);
>
> extern const char *signame(int);
> extern void pathtrace_select(const char *);
> diff --git a/syscall.c b/syscall.c
> index 28bdb66..e6ad7ad 100644
> --- a/syscall.c
> +++ b/syscall.c
> @@ -2669,7 +2669,12 @@ trace_syscall_exiting(struct tcb *tcp)
> tprintf("= %lu", tcp->u_rval);
> break;
> case RVAL_DECIMAL:
> - tprintf("= %ld", tcp->u_rval);
> + if (show_fd_path && returns_fd(tcp)) {
> + tprints("= ");
> + printfd(tcp, tcp->u_rval);
> + }
> + else
> + tprintf("= %ld", tcp->u_rval);
> break;
> #if defined(LINUX_MIPSN32) || defined(X32)
> /*
> diff --git a/util.c b/util.c
> index ff18b87..e47297a 100644
> --- a/util.c
> +++ b/util.c
> @@ -1549,3 +1549,14 @@ clearbpt(struct tcb *tcp)
> tcp->flags &= ~TCB_BPTSET;
> return 0;
> }
> +
> +bool
> +returns_fd(struct tcb *tcp)
> +{
> + return tcp->s_ent->sys_func == sys_open ||
> + tcp->s_ent->sys_func == sys_openat ||
> + tcp->s_ent->sys_func == sys_creat ||
> + tcp->s_ent->sys_func == sys_dup ||
> + tcp->s_ent->sys_func == sys_dup2 ||
> + tcp->s_ent->sys_func == sys_dup3;
> +}
How did you test this change? Some of syscall handlers are implemented as
aliases to other handlers, for example, sys_dup is aliased to sys_close.
As result, return code of close would be interpreted as a file descriptor:
$ strace -yeclose cat /dev/null
close(3</etc/ld.so.cache>) = 0</dev/pts/1>
close(3</lib64/libc-2.19.so>) = 0</dev/pts/1>
close(3</dev/null>) = 0</dev/pts/1>
close(1</dev/pts/1>) = 0</dev/pts/1>
close(2</dev/pts/1>) = 0</dev/pts/1>
+++ exited with 0 +++
Another example is sys_delete_module aliased to sys_open.
--
ldv
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 181 bytes
Desc: not available
URL: <http://lists.strace.io/pipermail/strace-devel/attachments/20140530/69d70541/attachment.bin>
More information about the Strace-devel
mailing list