[PATCH] Decode paths associated with file descriptors returned by syscalls
Dmitry V. Levin
ldv at altlinux.org
Fri May 30 23:40:42 UTC 2014
On Fri, May 30, 2014 at 08:15:12PM +0400, Dmitry V. Levin wrote:
> On Fri, May 30, 2014 at 12:27:21PM +0530, zubin.mithra at gmail.com wrote:
> > From: Zubin Mithra <zubin.mithra at gmail.com>
> >
> > * defs.h (returns_fd): New prototype.
> > * util.c (returns_fd): New function that checks if the tcb refers
> > to a function that returns a file descriptor.
> > * syscall.c (trace_syscall_exiting): Use returns_fd to determine whether
> > tcp->u_rval is a file descriptor.
> >
> > Signed-off-by: Zubin Mithra <zubin.mithra at gmail.com>
> > ---
> > defs.h | 1 +
> > syscall.c | 7 ++++++-
> > util.c | 11 +++++++++++
> > 3 files changed, 18 insertions(+), 1 deletion(-)
> >
> > diff --git a/defs.h b/defs.h
> > index 4e06a92..25551a3 100644
> > --- a/defs.h
> > +++ b/defs.h
> > @@ -625,6 +625,7 @@ extern long getrval2(struct tcb *);
> > */
> > extern int setbpt(struct tcb *);
> > extern int clearbpt(struct tcb *);
> > +extern bool returns_fd(struct tcb *);
> >
> > extern const char *signame(int);
> > extern void pathtrace_select(const char *);
> > diff --git a/syscall.c b/syscall.c
> > index 28bdb66..e6ad7ad 100644
> > --- a/syscall.c
> > +++ b/syscall.c
> > @@ -2669,7 +2669,12 @@ trace_syscall_exiting(struct tcb *tcp)
> > tprintf("= %lu", tcp->u_rval);
> > break;
> > case RVAL_DECIMAL:
> > - tprintf("= %ld", tcp->u_rval);
> > + if (show_fd_path && returns_fd(tcp)) {
> > + tprints("= ");
> > + printfd(tcp, tcp->u_rval);
> > + }
> > + else
> > + tprintf("= %ld", tcp->u_rval);
> > break;
> > #if defined(LINUX_MIPSN32) || defined(X32)
> > /*
> > diff --git a/util.c b/util.c
> > index ff18b87..e47297a 100644
> > --- a/util.c
> > +++ b/util.c
> > @@ -1549,3 +1549,14 @@ clearbpt(struct tcb *tcp)
> > tcp->flags &= ~TCB_BPTSET;
> > return 0;
> > }
> > +
> > +bool
> > +returns_fd(struct tcb *tcp)
> > +{
> > + return tcp->s_ent->sys_func == sys_open ||
> > + tcp->s_ent->sys_func == sys_openat ||
> > + tcp->s_ent->sys_func == sys_creat ||
> > + tcp->s_ent->sys_func == sys_dup ||
> > + tcp->s_ent->sys_func == sys_dup2 ||
> > + tcp->s_ent->sys_func == sys_dup3;
> > +}
>
> How did you test this change? Some of syscall handlers are implemented as
> aliases to other handlers, for example, sys_dup is aliased to sys_close.
> As result, return code of close would be interpreted as a file descriptor:
>
> $ strace -yeclose cat /dev/null
> close(3</etc/ld.so.cache>) = 0</dev/pts/1>
> close(3</lib64/libc-2.19.so>) = 0</dev/pts/1>
> close(3</dev/null>) = 0</dev/pts/1>
> close(1</dev/pts/1>) = 0</dev/pts/1>
> close(2</dev/pts/1>) = 0</dev/pts/1>
> +++ exited with 0 +++
>
> Another example is sys_delete_module aliased to sys_open.
btw, wouldn't it be better to introduce a new return value code, e.g.
RVAL_FD, and update these several handlers to return RVAL_FD instead
of RVAL_DECIMAL, so that no sys_func checks would be necessary?
sys_dup and sys_delete_module would have to be split out anyway.
--
ldv
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 181 bytes
Desc: not available
URL: <http://lists.strace.io/pipermail/strace-devel/attachments/20140531/06a3f15c/attachment.bin>
More information about the Strace-devel
mailing list