| blob | cdb2663a2202cbe61b19d2d3a2fd05da04797dd3 |
2 /*--------------------------------------------------------------------*/
3 /*--- Handle system calls. syswrap-main.c ---*/
4 /*--------------------------------------------------------------------*/
6 /*
7 This file is part of Valgrind, a dynamic binary instrumentation
8 framework.
10 Copyright (C) 2000-2017 Julian Seward
11 jseward@acm.org
13 This program is free software; you can redistribute it and/or
14 modify it under the terms of the GNU General Public License as
15 published by the Free Software Foundation; either version 2 of the
16 License, or (at your option) any later version.
18 This program is distributed in the hope that it will be useful, but
19 WITHOUT ANY WARRANTY; without even the implied warranty of
20 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
21 General Public License for more details.
23 You should have received a copy of the GNU General Public License
24 along with this program; if not, see <http://www.gnu.org/licenses/>.
26 The GNU General Public License is contained in the file COPYING.
27 */
42 // and VG_(vg_yield)
56 #if defined(VGO_darwin)
58 #endif
60 /* Useful info which needs to be recorded somewhere:
61 Use of registers in syscalls is:
63 NUM ARG1 ARG2 ARG3 ARG4 ARG5 ARG6 ARG7 ARG8 RESULT
64 LINUX:
65 x86 eax ebx ecx edx esi edi ebp n/a n/a eax (== NUM)
66 amd64 rax rdi rsi rdx r10 r8 r9 n/a n/a rax (== NUM)
67 ppc32 r0 r3 r4 r5 r6 r7 r8 n/a n/a r3+CR0.SO (== ARG1)
68 ppc64 r0 r3 r4 r5 r6 r7 r8 n/a n/a r3+CR0.SO (== ARG1)
69 arm r7 r0 r1 r2 r3 r4 r5 n/a n/a r0 (== ARG1)
70 mips32 v0 a0 a1 a2 a3 stack stack n/a n/a v0 (== NUM)
71 mips64 v0 a0 a1 a2 a3 a4 a5 a6 a7 v0 (== NUM)
72 arm64 x8 x0 x1 x2 x3 x4 x5 n/a n/a x0 ?? (== ARG1??)
74 On s390x the svc instruction is used for system calls. The system call
75 number is encoded in the instruction (8 bit immediate field). Since Linux
76 2.6 it is also allowed to use svc 0 with the system call number in r1.
77 This was introduced for system calls >255, but works for all. It is
78 also possible to see the svc 0 together with an EXecute instruction, that
79 fills in the immediate field.
80 s390x r1/SVC r2 r3 r4 r5 r6 r7 n/a n/a r2 (== ARG1)
82 NUM ARG1 ARG2 ARG3 ARG4 ARG5 ARG6 ARG7 ARG8 RESULT
83 DARWIN:
84 x86 eax +4 +8 +12 +16 +20 +24 +28 +32 edx:eax, eflags.c
85 amd64 rax rdi rsi rdx rcx r8 r9 +8 +16 rdx:rax, rflags.c
87 For x86-darwin, "+N" denotes "in memory at N(%esp)"; ditto
88 amd64-darwin. Apparently 0(%esp) is some kind of return address
89 (perhaps for syscalls done with "sysenter"?) I don't think it is
90 relevant for syscalls done with "int $0x80/1/2".
92 SOLARIS:
93 x86 eax +4 +8 +12 +16 +20 +24 +28 +32 edx:eax, eflags.c
94 amd64 rax rdi rsi rdx r10 r8 r9 +8 +16 rdx:rax, rflags.c
96 "+N" denotes "in memory at N(%esp)". Solaris also supports fasttrap
97 syscalls. Fasttraps do not take any parameters (except of the sysno in eax)
98 and never fail (if the sysno is valid).
99 */
101 /* This is the top level of the system-call handler module. All
102 system calls are channelled through here, doing two things:
104 * notify the tool of the events (mem/reg reads, writes) happening
106 * perform the syscall, usually by passing it along to the kernel
107 unmodified.
109 A magical piece of assembly code, do_syscall_for_client_WRK, in
110 syscall-$PLATFORM.S does the tricky bit of passing a syscall to the
111 kernel, whilst having the simulator retain control.
112 */
114 /* The main function is VG_(client_syscall). The simulation calls it
115 whenever a client thread wants to do a syscall. The following is a
116 sketch of what it does.
118 * Ensures the root thread's stack is suitably mapped. Tedious and
119 arcane. See big big comment in VG_(client_syscall).
121 * First, it rounds up the syscall number and args (which is a
122 platform dependent activity) and puts them in a struct ("args")
123 and also a copy in "orig_args".
125 The pre/post wrappers refer to these structs and so no longer
126 need magic macros to access any specific registers. This struct
127 is stored in thread-specific storage.
130 * The pre-wrapper is called, passing it a pointer to struct
131 "args".
134 * The pre-wrapper examines the args and pokes the tool
135 appropriately. It may modify the args; this is why "orig_args"
136 is also stored.
138 The pre-wrapper may choose to 'do' the syscall itself, and
139 concludes one of three outcomes:
141 Success(N) -- syscall is already complete, with success;
142 result is N
144 Fail(N) -- syscall is already complete, with failure;
145 error code is N
147 HandToKernel -- (the usual case): this needs to be given to
148 the kernel to be done, using the values in
149 the possibly-modified "args" struct.
151 In addition, the pre-wrapper may set some flags:
153 MayBlock -- only applicable when outcome==HandToKernel
155 PostOnFail -- only applicable when outcome==HandToKernel or Fail
158 * If the pre-outcome is HandToKernel, the syscall is duly handed
159 off to the kernel (perhaps involving some thread switchery, but
160 that's not important). This reduces the possible set of outcomes
161 to either Success(N) or Fail(N).
164 * The outcome (Success(N) or Fail(N)) is written back to the guest
165 register(s). This is platform specific:
167 x86: Success(N) ==> eax = N
168 Fail(N) ==> eax = -N
170 ditto amd64
172 ppc32: Success(N) ==> r3 = N, CR0.SO = 0
173 Fail(N) ==> r3 = N, CR0.SO = 1
175 Darwin:
176 x86: Success(N) ==> edx:eax = N, cc = 0
177 Fail(N) ==> edx:eax = N, cc = 1
179 s390x: Success(N) ==> r2 = N
180 Fail(N) ==> r2 = -N
182 Solaris:
183 x86: Success(N) ==> edx:eax = N, cc = 0
184 Fail(N) ==> eax = N, cc = 1
185 Same applies for fasttraps except they never fail.
187 * The post wrapper is called if:
189 - it exists, and
190 - outcome==Success or (outcome==Fail and PostOnFail is set)
192 The post wrapper is passed the adulterated syscall args (struct
193 "args"), and the syscall outcome (viz, Success(N) or Fail(N)).
195 There are several other complications, primarily to do with
196 syscalls getting interrupted, explained in comments in the code.
197 */
199 /* CAVEATS for writing wrappers. It is important to follow these!
201 The macros defined in priv_types_n_macros.h are designed to help
202 decouple the wrapper logic from the actual representation of
203 syscall args/results, since these wrappers are designed to work on
204 multiple platforms.
206 Sometimes a PRE wrapper will complete the syscall itself, without
207 handing it to the kernel. It will use one of SET_STATUS_Success,
208 SET_STATUS_Failure or SET_STATUS_from_SysRes to set the return
209 value. It is critical to appreciate that use of the macro does not
210 immediately cause the underlying guest state to be updated -- that
211 is done by the driver logic in this file, when the wrapper returns.
213 As a result, PRE wrappers of the following form will malfunction:
215 PRE(fooble)
216 {
217 ... do stuff ...
218 SET_STATUS_Somehow(...)
220 // do something that assumes guest state is up to date
221 }
223 In particular, direct or indirect calls to VG_(poll_signals) after
224 setting STATUS can cause the guest state to be read (in order to
225 build signal frames). Do not do this. If you want a signal poll
226 after the syscall goes through, do "*flags |= SfPollAfter" and the
227 driver logic will do it for you.
229 -----------
231 Another critical requirement following introduction of new address
232 space manager (JRS, 20050923):
234 In a situation where the mappedness of memory has changed, aspacem
235 should be notified BEFORE the tool. Hence the following is
236 correct:
238 Bool d = VG_(am_notify_munmap)(s->start, s->end+1 - s->start);
239 VG_TRACK( die_mem_munmap, s->start, s->end+1 - s->start );
240 if (d)
241 VG_(discard_translations)(s->start, s->end+1 - s->start);
243 whilst this is wrong:
245 VG_TRACK( die_mem_munmap, s->start, s->end+1 - s->start );
246 Bool d = VG_(am_notify_munmap)(s->start, s->end+1 - s->start);
247 if (d)
248 VG_(discard_translations)(s->start, s->end+1 - s->start);
250 The reason is that the tool may itself ask aspacem for more shadow
251 memory as a result of the VG_TRACK call. In such a situation it is
252 critical that aspacem's segment array is up to date -- hence the
253 need to notify aspacem first.
255 -----------
257 Also .. take care to call VG_(discard_translations) whenever
258 memory with execute permissions is unmapped.
259 */
262 /* ---------------------------------------------------------------------
263 Do potentially blocking syscall for the client, and mess with
264 signal masks at the same time.
265 ------------------------------------------------------------------ */
267 /* Perform a syscall on behalf of a client thread, using a specific
268 signal mask. On completion, the signal mask is set to restore_mask
269 (which presumably blocks almost everything). If a signal happens
270 during the syscall, the handler should call
271 VG_(fixup_guest_state_after_syscall_interrupted) to adjust the
272 thread's context to do the right thing.
274 The _WRK function is handwritten assembly, implemented per-platform
275 in coregrind/m_syswrap/syscall-$PLAT.S. It has some very magic
276 properties. See comments at the top of
277 VG_(fixup_guest_state_after_syscall_interrupted) below for details.
279 This function (these functions) are required to return zero in case
280 of success (even if the syscall itself failed), and nonzero if the
281 sigprocmask-swizzling calls failed. We don't actually care about
282 the failure values from sigprocmask, although most of the assembly
283 implementations do attempt to return that, using the convention
284 0 for success, or 0x8000 | error-code for failure.
285 */
286 #if defined(VGO_linux)
287 extern
292 Word sigsetSzB );
293 #elif defined(VGO_darwin)
294 extern
300 extern
306 extern
312 #elif defined(VGO_solaris)
313 extern
324 #else
326 #endif
329 static
333 {
334 vki_sigset_t saved;
335 UWord err;
336 # if defined(VGO_linux)
340 );
341 # elif defined(VGO_darwin)
347 );
353 );
359 );
363 /*NOTREACHED*/
365 }
366 # elif defined(VGO_solaris)
367 UChar cflag;
369 /* Fasttraps or anything else cannot go through this path. */
373 /* If the syscall is a door_return call then it has to be handled very
374 differently. */
379 );
380 else
384 );
386 /* Save the carry flag. */
387 # if defined(VGP_x86_solaris)
389 # elif defined(VGP_amd64_solaris)
391 # else
393 # endif
395 # else
397 # endif
402 );
403 }
406 /* ---------------------------------------------------------------------
407 Impedance matchers and misc helpers
408 ------------------------------------------------------------------ */
410 static
412 {
422 }
424 static
426 {
427 /* was: return s1->what == s2->what && sr_EQ( s1->sres, s2->sres ); */
430 # if defined(VGO_darwin)
431 /* Darwin-specific debugging guff */
437 # endif
439 }
441 /* Convert between SysRes and SyscallStatus, to the extent possible. */
443 static
445 {
446 SyscallStatus status;
450 }
453 /* Impedance matchers. These convert syscall arg or result data from
454 the platform-specific in-guest-state format to the canonical
455 formats, and back. */
457 static
461 {
462 #if defined(VGP_x86_linux)
474 #elif defined(VGP_amd64_linux)
486 #elif defined(VGP_ppc32_linux)
498 #elif defined(VGP_ppc64be_linux) || defined(VGP_ppc64le_linux)
510 #elif defined(VGP_arm_linux)
522 #elif defined(VGP_arm64_linux)
534 #elif defined(VGP_mips32_linux)
555 // Fixme hack handle syscall()
565 }
567 #elif defined(VGP_mips64_linux)
579 #elif defined(VGP_nanomips_linux)
590 #elif defined(VGP_x86_darwin)
593 // GrP fixme hope syscalls aren't called with really shallow stacks...
596 // stack[0] is return address
606 // GrP fixme hack handle syscall()
607 // GrP fixme what about __syscall() ?
608 // stack[0] is return address
609 // DDD: the tool can't see that the params have been shifted! Can
610 // lead to incorrect checking, I think, because the PRRAn/PSARn
611 // macros will mention the pre-shifted args.
626 }
628 // Here we determine what kind of syscall it was by looking at the
629 // interrupt kind, and then encode the syscall number using the 64-bit
630 // encoding for Valgrind's internal use.
631 //
632 // DDD: Would it be better to stash the JMP kind into the Darwin
633 // thread state rather than passing in the trc?
636 // int $0x80 = Unix, 64-bit result
641 // syscall = Unix, 32-bit result
642 // OR Mach, 32-bit result
644 // GrP fixme hack: 0xffff == I386_SYSCALL_NUMBER_MASK
649 }
652 // int $0x81 = Mach, 32-bit result
657 // int $0x82 = mdep, 32-bit result
664 }
666 #elif defined(VGP_amd64_darwin)
672 // GrP fixme hope syscalls aren't called with really shallow stacks...
675 // stack[0] is return address
685 // GrP fixme hack handle syscall()
686 // GrP fixme what about __syscall() ?
687 // stack[0] is return address
688 // DDD: the tool can't see that the params have been shifted! Can
689 // lead to incorrect checking, I think, because the PRRAn/PSARn
690 // macros will mention the pre-shifted args.
705 }
707 // no canonical->sysno adjustment needed
709 #elif defined(VGP_s390x_linux)
721 #elif defined(VGP_x86_solaris)
725 /* stack[0] is a return address. */
739 /* These three are not actually valid syscall instructions on Solaris.
740 Pretend for now that we handle them as normal syscalls. */
744 /* int $0x91, sysenter, syscall = normal syscall */
747 /* int $0xD2 = fasttrap */
748 canonical->sysno
754 }
756 #elif defined(VGP_amd64_solaris)
760 /* stack[0] is a return address. */
772 /* syscall = normal syscall */
775 /* int $0xD2 = fasttrap */
776 canonical->sysno
782 }
784 #else
786 #endif
787 }
789 static
792 {
793 #if defined(VGP_x86_linux)
803 #elif defined(VGP_amd64_linux)
813 #elif defined(VGP_ppc32_linux)
823 #elif defined(VGP_ppc64be_linux) || defined(VGP_ppc64le_linux)
833 #elif defined(VGP_arm_linux)
843 #elif defined(VGP_arm64_linux)
853 #elif defined(VGP_x86_darwin)
859 // GrP fixme? gst->guest_TEMP_EFLAG_C = 0;
860 // stack[0] is return address
870 #elif defined(VGP_amd64_darwin)
875 // GrP fixme? gst->guest_TEMP_EFLAG_C = 0;
877 // stack[0] is return address
887 #elif defined(VGP_s390x_linux)
897 #elif defined(VGP_mips32_linux)
919 }
921 #elif defined(VGP_nanomips_linux)
932 #elif defined(VGP_mips64_linux)
944 #elif defined(VGP_x86_solaris)
948 /* Fasttraps or anything else cannot go through this way. */
952 /* stack[0] is a return address. */
962 #elif defined(VGP_amd64_solaris)
966 /* Fasttraps or anything else cannot go through this way. */
970 /* stack[0] is a return address. */
980 #else
982 #endif
983 }
985 static
988 {
989 # if defined(VGP_x86_linux)
994 # elif defined(VGP_amd64_linux)
999 # elif defined(VGP_ppc32_linux)
1006 # elif defined(VGP_ppc64be_linux) || defined(VGP_ppc64le_linux)
1013 # elif defined(VGP_arm_linux)
1018 # elif defined(VGP_arm64_linux)
1023 # elif defined(VGP_mips32_linux)
1031 # elif defined(VGP_mips64_linux)
1039 # elif defined(VGP_nanomips_linux)
1045 # elif defined(VGP_x86_darwin)
1046 /* duplicates logic in m_signals.VG_UCONTEXT_SYSCALL_SYSRES */
1054 // int $0x80 = Unix, 64-bit result
1060 // int $0x81 = Mach, 32-bit result
1064 // int $0x82 = mdep, 32-bit result
1070 }
1073 wHI, wLO
1074 );
1077 # elif defined(VGP_amd64_darwin)
1078 /* duplicates logic in m_signals.VG_UCONTEXT_SYSCALL_SYSRES */
1086 // syscall = Unix, 128-bit result
1092 // syscall = Mach, 64-bit result
1096 // syscall = mdep, 64-bit result
1102 }
1105 wHI, wLO
1106 );
1109 # elif defined(VGP_s390x_linux)
1114 # elif defined(VGP_x86_solaris)
1123 # elif defined(VGP_amd64_solaris)
1132 # else
1134 # endif
1135 }
1137 static
1141 {
1142 # if defined(VGP_x86_linux)
1146 /* This isn't exactly right, in that really a Failure with res
1147 not in the range 1 .. 4095 is unrepresentable in the
1148 Linux-x86 scheme. Oh well. */
1152 }
1156 # elif defined(VGP_amd64_linux)
1160 /* This isn't exactly right, in that really a Failure with res
1161 not in the range 1 .. 4095 is unrepresentable in the
1162 Linux-amd64 scheme. Oh well. */
1166 }
1170 # elif defined(VGP_ppc32_linux)
1175 /* set CR0.SO */
1179 /* clear CR0.SO */
1182 }
1188 # elif defined(VGP_ppc64be_linux) || defined(VGP_ppc64le_linux)
1193 /* set CR0.SO */
1197 /* clear CR0.SO */
1200 }
1206 # elif defined(VGP_arm_linux)
1210 /* This isn't exactly right, in that really a Failure with res
1211 not in the range 1 .. 4095 is unrepresentable in the
1212 Linux-arm scheme. Oh well. */
1216 }
1220 # elif defined(VGP_arm64_linux)
1224 /* This isn't exactly right, in that really a Failure with res
1225 not in the range 1 .. 4095 is unrepresentable in the
1226 Linux-arm64 scheme. Oh well. */
1230 }
1234 #elif defined(VGP_x86_darwin)
1238 /* Unfortunately here we have to break abstraction and look
1239 directly inside 'res', in order to decide what to do. */
1256 gst );
1257 // GrP fixme sets defined for entire eflags, not just bit c
1258 // DDD: this breaks exp-ptrcheck.
1265 }
1267 #elif defined(VGP_amd64_darwin)
1271 /* Unfortunately here we have to break abstraction and look
1272 directly inside 'res', in order to decide what to do. */
1289 gst );
1290 // GrP fixme sets defined for entire rflags, not just bit c
1291 // DDD: this breaks exp-ptrcheck.
1298 }
1300 # elif defined(VGP_s390x_linux)
1307 }
1309 # elif defined(VGP_mips32_linux)
1319 }
1327 # elif defined(VGP_mips64_linux)
1337 }
1345 # elif defined(VGP_nanomips_linux)
1352 # elif defined(VGP_x86_solaris)
1362 }
1371 }
1372 /* Make CC_DEP1 and CC_DEP2 defined. This is inaccurate because it makes
1373 other eflags defined too (see README.solaris). */
1379 # elif defined(VGP_amd64_solaris)
1389 }
1398 }
1399 /* Make CC_DEP1 and CC_DEP2 defined. This is inaccurate because it makes
1400 other eflags defined too (see README.solaris). */
1406 # else
1408 # endif
1409 }
1412 /* Tell me the offsets in the guest state of the syscall params, so
1413 that the scalar argument checkers don't have to have this info
1414 hardwired. */
1416 static
1418 {
1421 #if defined(VGP_x86_linux)
1432 #elif defined(VGP_amd64_linux)
1443 #elif defined(VGP_ppc32_linux)
1454 #elif defined(VGP_ppc64be_linux) || defined(VGP_ppc64le_linux)
1465 #elif defined(VGP_arm_linux)
1476 #elif defined(VGP_arm64_linux)
1487 #elif defined(VGP_mips32_linux)
1498 #elif defined(VGP_nanomips_linux)
1509 #elif defined(VGP_mips64_linux)
1520 #elif defined(VGP_x86_darwin)
1522 // syscall parameters are on stack in C convention
1532 #elif defined(VGP_amd64_darwin)
1543 #elif defined(VGP_s390x_linux)
1554 #elif defined(VGP_x86_solaris)
1556 /* Syscall parameters are on the stack. */
1566 #elif defined(VGP_amd64_solaris)
1577 #else
1579 #endif
1580 }
1583 /* ---------------------------------------------------------------------
1584 The main driver logic
1585 ------------------------------------------------------------------ */
1587 /* Finding the handlers for a given syscall, or faking up one
1588 when no handler is found. */
1590 static
1596 {
1601 }
1609 # if defined(VGO_solaris)
1611 # endif
1612 }
1618 {
1621 # if defined(VGO_linux)
1624 # elif defined(VGO_darwin)
1646 }
1648 # elif defined(VGO_solaris)
1651 # else
1652 # error Unknown OS
1653 # endif
1656 }
1659 /* Add and remove signals from mask so that we end up telling the
1660 kernel the state we actually want rather than what the client
1661 wants. */
1663 {
1667 }
1669 typedef
1671 SyscallArgs orig_args;
1672 SyscallArgs args;
1673 SyscallStatus status;
1674 UWord flags;
1675 }
1676 SyscallInfo;
1680 /* The scheduler needs to be able to zero out these records after a
1681 fork, hence this is exported from m_syswrap. */
1683 {
1688 }
1691 {
1694 }
1697 {
1700 }
1703 {
1704 Int i;
1714 }
1715 }
1717 /* --- This is the main function of this file. --- */
1720 {
1721 Word sysno;
1724 SyscallArgLayout layout;
1733 # if !defined(VGO_darwin)
1734 // Resync filtering is meaningless on non-Darwin targets.
1736 # endif
1740 /* BEGIN ensure root thread's stack is suitably mapped */
1741 /* In some rare circumstances, we may do the syscall without the
1742 bottom page of the stack being mapped, because the stack pointer
1743 was moved down just a few instructions before the syscall
1744 instruction, and there have been no memory references since
1745 then, that would cause a call to VG_(extend_stack) to have
1746 happened.
1748 In native execution that's OK: the kernel automagically extends
1749 the stack's mapped area down to cover the stack pointer (or sp -
1750 redzone, really). In simulated normal execution that's OK too,
1751 since any signals we get from accessing below the mapped area of
1752 the (guest's) stack lead us to VG_(extend_stack), where we
1753 simulate the kernel's stack extension logic. But that leaves
1754 the problem of entering a syscall with the SP unmapped. Because
1755 the kernel doesn't know that the segment immediately above SP is
1756 supposed to be a grow-down segment, it causes the syscall to
1757 fail, and thereby causes a divergence between native behaviour
1758 (syscall succeeds) and simulated behaviour (syscall fails).
1760 This is quite a rare failure mode. It has only been seen
1761 affecting calls to sys_readlink on amd64-linux, and even then it
1762 requires a certain code sequence around the syscall to trigger
1763 it. Here is one:
1765 extern int my_readlink ( const char* path );
1766 asm(
1767 ".text\n"
1768 ".globl my_readlink\n"
1769 "my_readlink:\n"
1770 "\tsubq $0x1008,%rsp\n"
1771 "\tmovq %rdi,%rdi\n" // path is in rdi
1772 "\tmovq %rsp,%rsi\n" // &buf[0] -> rsi
1773 "\tmovl $0x1000,%edx\n" // sizeof(buf) in rdx
1774 "\tmovl $"__NR_READLINK",%eax\n" // syscall number
1775 "\tsyscall\n"
1776 "\taddq $0x1008,%rsp\n"
1777 "\tret\n"
1778 ".previous\n"
1779 );
1781 For more details, see bug #156404
1782 (https://bugs.kde.org/show_bug.cgi?id=156404).
1784 The fix is actually very simple. We simply need to call
1785 VG_(extend_stack) for this thread, handing it the lowest
1786 possible valid address for stack (sp - redzone), to ensure the
1787 pages all the way down to that address, are mapped. Because
1788 this is a potentially expensive and frequent operation, we
1789 do the following:
1791 Only the main thread (tid=1) has a growdown stack. So
1792 ignore all others. It is conceivable, although highly unlikely,
1793 that the main thread exits, and later another thread is
1794 allocated tid=1, but that's harmless, I believe;
1795 VG_(extend_stack) will do nothing when applied to a non-root
1796 thread.
1798 All this guff is of course Linux-specific. Hence the ifdef.
1799 */
1800 # if defined(VGO_linux)
1804 /* The precise thing to do here would be to extend the stack only
1805 if the system call can be proven to access unmapped user stack
1806 memory. That is an enormous amount of work even if a proper
1807 spec of system calls was available.
1809 In the case where the system call does not access user memory
1810 the stack pointer here can have any value. A legitimate testcase
1811 that exercises this is none/tests/s390x/stmg.c:
1812 The stack pointer happens to be in the reservation segment near
1813 the end of the addressable memory and there is no SkAnonC segment
1814 above.
1816 So the approximation we're taking here is to extend the stack only
1817 if the client stack pointer does not look bogus. */
1820 }
1821 # endif
1822 /* END ensure root thread's stack is suitably mapped */
1824 /* First off, get the syscall args and number. This is a
1825 platform-dependent action. */
1832 /* Copy .orig_args to .args. The pre-handler may modify .args, but
1833 we want to keep the originals too, just in case. */
1836 /* Save the syscall number in the thread state in case the syscall
1837 is interrupted by a signal. */
1840 /* It's sometimes useful, as a crude debugging hack, to get a
1841 stack trace at each (or selected) syscalls. */
1846 }
1848 # if defined(VGO_darwin)
1849 /* Record syscall class. But why? Because the syscall might be
1850 interrupted by a signal, and in the signal handler (which will
1851 be m_signals.async_signalhandler) we will need to build a SysRes
1852 reflecting the syscall return result. In order to do that we
1853 need to know the syscall class. Hence stash it in the guest
1854 state of this thread. This madness is not needed on Linux
1855 because it only has a single syscall return convention and so
1856 there is no ambiguity involved in converting the post-signal
1857 machine state into a SysRes. */
1859 # endif
1861 /* The default what-to-do-next thing is hand the syscall to the
1862 kernel, so we pre-set that here. Set .sres to something
1863 harmless looking (is irrelevant because .what is not
1864 SsComplete.) */
1869 /* Fetch the syscall's handlers. If no handlers exist for this
1870 syscall, we are given dummy handlers which force an immediate
1871 return with ENOSYS. */
1874 /* Fetch the layout information, which tells us where in the guest
1875 state the syscall args reside. This is a platform-dependent
1876 action. This info is needed so that the scalar syscall argument
1877 checks (PRE_REG_READ calls) know which bits of the guest state
1878 they need to inspect. */
1881 /* Make sure the tmp signal mask matches the real signal mask;
1882 sigsuspend may change this. */
1885 /* Right, we're finally ready to Party. Call the pre-handler and
1886 see what we get back. At this point:
1888 sci->status.what is Unset (we don't know yet).
1889 sci->orig_args contains the original args.
1890 sci->args is the same as sci->orig_args.
1891 sci->flags is zero.
1892 */
1897 /* Do any pre-syscall actions */
1910 }
1918 /* If needed, gdbserver will report syscall entry to GDB */
1921 /* The pre-handler may have modified:
1922 sci->args
1923 sci->status
1924 sci->flags
1925 All else remains unchanged.
1926 Although the args may be modified, pre handlers are not allowed
1927 to change the syscall number.
1928 */
1929 /* Now we proceed according to what the pre-handler decided. */
1935 /* The pre-handler completed the syscall itself, declaring
1936 success. */
1941 }
1942 /* In this case the allowable flags are to ask for a signal-poll
1943 and/or a yield after the call. Changing the args isn't
1944 allowed. */
1948 }
1950 else
1952 /* The pre-handler decided to fail syscall itself. */
1954 /* In this case, the pre-handler is also allowed to ask for the
1955 post-handler to be run anyway. Changing the args is not
1956 allowed. */
1959 }
1961 else
1963 /* huh?! */
1965 }
1968 /* Ok, this is the usual case -- and the complicated one. There
1969 are two subcases: sync and async. async is the general case
1970 and is to be used when there is any possibility that the
1971 syscall might block [a fact that the pre-handler must tell us
1972 via the sci->flags field.] Because the tidying-away /
1973 context-switch overhead of the async case could be large, if
1974 we are sure that the syscall will not block, we fast-track it
1975 by doing it directly in this thread, which is a lot
1976 simpler. */
1978 /* Check that the given flags are allowable: MayBlock, PollAfter
1979 and PostOnFail are ok. */
1984 /* Syscall may block, so run it asynchronously */
1985 vki_sigset_t mask;
1992 /* Gack. More impedance matching. Copy the possibly
1993 modified syscall args back into the guest state. */
1994 /* JRS 2009-Mar-16: if the syscall args are possibly modified,
1995 then this assertion is senseless:
1996 vg_assert(eq_SyscallArgs(&sci->args, &sci->orig_args));
1997 The case that exposed it was sys_posix_spawn on Darwin,
1998 which heavily modifies its arguments but then lets the call
1999 go through anyway, with SfToBlock set, hence we end up here. */
2002 /* SfNoWriteResult flag is invalid for blocking signals because
2003 do_syscall_for_client() directly modifies the guest state. */
2006 /* Drop the bigLock */
2008 /* Urr. We're now in a race against other threads trying to
2009 acquire the bigLock. I guess that doesn't matter provided
2010 that do_syscall_for_client only touches thread-local
2011 state. */
2013 /* Do the call, which operates directly on the guest state,
2014 not on our abstracted copies of the args/result. */
2017 /* do_syscall_for_client may not return if the syscall was
2018 interrupted by a signal. In that case, flow of control is
2019 first to m_signals.async_sighandler, which calls
2020 VG_(fixup_guest_state_after_syscall_interrupted), which
2021 fixes up the guest state, and possibly calls
2022 VG_(post_syscall). Once that's done, control drops back
2023 to the scheduler. */
2025 /* Darwin: do_syscall_for_client may not return if the
2026 syscall was workq_ops(WQOPS_THREAD_RETURN) and the kernel
2027 responded by starting the thread at wqthread_hijack(reuse=1)
2028 (to run another workqueue item). In that case, wqthread_hijack
2029 calls ML_(wqthread_continue), which is similar to
2030 VG_(fixup_guest_state_after_syscall_interrupted). */
2032 /* Reacquire the lock */
2035 /* Even more impedance matching. Extract the syscall status
2036 from the guest state. */
2040 /* Be decorative, if required. */
2045 }
2049 /* run the syscall directly */
2050 /* The pre-handler may have modified the syscall args, but
2051 since we're passing values in ->args directly to the
2052 kernel, there's no point in flushing them back to the
2053 guest state. Indeed doing so could be construed as
2054 incorrect. */
2055 SysRes sres
2062 /* Be decorative, if required. */
2065 }
2066 }
2067 }
2073 /* Dump the syscall result back in the guest state. This is
2074 a platform-specific action. */
2078 /* If needed, gdbserver will report syscall return to GDB */
2081 /* Situation now:
2082 - the guest state is now correctly modified following the syscall
2083 - modified args, original args and syscall status are still
2084 available in the syscallInfo[] entry for this syscall.
2086 Now go on to do the post-syscall actions (read on down ..)
2087 */
2091 }
2094 /* Perform post syscall actions. The expected state on entry is
2095 precisely as at the end of VG_(client_syscall), that is:
2097 - guest state up to date following the syscall
2098 - modified args, original args and syscall status are still
2099 available in the syscallInfo[] entry for this syscall.
2100 - syscall status matches what's in the guest state.
2102 There are two ways to get here: the normal way -- being called by
2103 VG_(client_syscall), and the unusual way, from
2104 VG_(fixup_guest_state_after_syscall_interrupted).
2105 Darwin: there's a third way, ML_(wqthread_continue).
2106 */
2108 {
2111 SyscallStatus test_status;
2113 Word sysno;
2115 /* Preliminaries */
2123 /* m_signals.sigvgkill_handler might call here even when not in
2124 a syscall. */
2128 }
2130 /* Validate current syscallInfo entry. In particular we require
2131 that the current .status matches what's actually in the guest
2132 state. At least in the normal case where we have actually
2133 previously written the result into the guest state. */
2136 /* Get the system call number. Because the pre-handler isn't
2137 allowed to mess with it, it should be the same for both the
2138 original and potentially-modified args. */
2145 }
2146 /* Failure of the above assertion on Darwin can indicate a problem
2147 in the syscall wrappers that pre-fail or pre-succeed the
2148 syscall, by calling SET_STATUS_Success or SET_STATUS_Failure,
2149 when they really should call SET_STATUS_from_SysRes. The former
2150 create a UNIX-class syscall result on Darwin, which may not be
2151 correct for the syscall; if that's the case then this assertion
2152 fires. See PRE(thread_fast_set_cthread_self) for an example. On
2153 non-Darwin platforms this assertion is should never fail, and this
2154 comment is completely irrelevant. */
2155 /* Ok, looks sane */
2157 /* pre: status == Complete (asserted above) */
2158 /* Consider either success or failure. Now run the post handler if:
2159 - it exists, and
2160 - Success or (Failure and PostOnFail is set)
2161 */
2169 }
2171 /* Because the post handler might have changed the status (eg, the
2172 post-handler for sys_open can change the result from success to
2173 failure if the kernel supplied a fd that it doesn't like), once
2174 again dump the syscall result back in the guest state.*/
2178 /* Do any post-syscall actions required by the tool. */
2190 sysno,
2193 }
2195 /* The syscall is done. */
2199 /* The pre/post wrappers may have concluded that pending signals
2200 might have been created, and will have set SfPollAfter to
2201 request a poll for them once the syscall is done. */
2205 /* Similarly, the wrappers might have asked for a yield
2206 afterwards. */
2209 }
2212 /* ---------------------------------------------------------------------
2213 Dealing with syscalls which get interrupted by a signal:
2214 VG_(fixup_guest_state_after_syscall_interrupted)
2215 ------------------------------------------------------------------ */
2217 /* Syscalls done on behalf of the client are finally handed off to the
2218 kernel in VG_(client_syscall) above, either by calling
2219 do_syscall_for_client (the async case), or by calling
2220 VG_(do_syscall6) (the sync case).
2222 If the syscall is not interrupted by a signal (it may block and
2223 later unblock, but that's irrelevant here) then those functions
2224 eventually return and so control is passed to VG_(post_syscall).
2225 NB: not sure if the sync case can actually get interrupted, as it
2226 operates with all signals masked.
2228 However, the syscall may get interrupted by an async-signal. In
2229 that case do_syscall_for_client/VG_(do_syscall6) do not
2230 return. Instead we wind up in m_signals.async_sighandler. We need
2231 to fix up the guest state to make it look like the syscall was
2232 interrupted for guest. So async_sighandler calls here, and this
2233 does the fixup. Note that from here we wind up calling
2234 VG_(post_syscall) too.
2235 */
2238 /* These are addresses within ML_(do_syscall_for_client_WRK). See
2239 syscall-$PLAT.S for details.
2240 */
2241 #if defined(VGO_linux)
2247 #elif defined(VGO_darwin)
2248 /* Darwin requires extra uglyness */
2264 #elif defined(VGO_solaris)
2273 #else
2275 #endif
2278 /* Back up guest state to restart a system call. */
2281 {
2282 #if defined(VGP_x86_linux)
2285 /* Make sure our caller is actually sane, and we're really backing
2286 back over a syscall.
2288 int $0x80 == CD 80
2289 */
2290 {
2299 }
2301 #elif defined(VGP_amd64_linux)
2304 /* Make sure our caller is actually sane, and we're really backing
2305 back over a syscall.
2307 syscall == 0F 05
2308 */
2309 {
2318 }
2320 #elif defined(VGP_ppc32_linux) || defined(VGP_ppc64be_linux)
2323 /* Make sure our caller is actually sane, and we're really backing
2324 back over a syscall.
2326 sc == 44 00 00 02
2327 */
2328 {
2337 }
2339 #elif defined(VGP_ppc64le_linux)
2342 /* Make sure our caller is actually sane, and we're really backing
2343 back over a syscall.
2345 sc == 44 00 00 02
2346 */
2347 {
2356 }
2358 #elif defined(VGP_arm_linux)
2360 // Thumb mode. SVC is a encoded as
2361 // 1101 1111 imm8
2362 // where imm8 is the SVC number, and we only accept 0.
2368 "?! restarting over (Thumb) syscall that is not syscall "
2371 }
2373 // FIXME: NOTE, this really isn't right. We need to back up
2374 // ITSTATE to what it was before the SVC instruction, but we
2375 // don't know what it was. At least assert that it is now
2376 // zero, because if it is nonzero then it must also have
2377 // been nonzero for the SVC itself, which means it was
2378 // conditional. Urk.
2381 // ARM mode. SVC is encoded as
2382 // cond 1111 imm24
2383 // where imm24 is the SVC number, and we only accept 0.
2390 "?! restarting over (ARM) syscall that is not syscall "
2393 }
2395 }
2397 #elif defined(VGP_arm64_linux)
2400 /* Make sure our caller is actually sane, and we're really backing
2401 back over a syscall.
2403 svc #0 == d4 00 00 01
2404 */
2405 {
2410 Vg_DebugMsg,
2413 );
2416 }
2418 #elif defined(VGP_x86_darwin)
2421 /* Make sure our caller is actually sane, and we're really backing
2422 back over a syscall.
2424 int $0x80 == CD 80 // Used to communicate with BSD syscalls
2425 int $0x81 == CD 81 // Used to communicate with Mach traps
2426 int $0x82 == CD 82 // Used to communicate with "thread" ?
2427 sysenter == 0F 34 // Used to communicate with Unix syscalls
2428 */
2429 {
2440 }
2442 #elif defined(VGP_amd64_darwin)
2445 /* Make sure our caller is actually sane, and we're really backing
2446 back over a syscall.
2448 syscall == 0F 05
2449 */
2450 {
2459 }
2461 #elif defined(VGP_s390x_linux)
2464 /* Make sure our caller is actually sane, and we're really backing
2465 back over a syscall.
2467 syscall == 0A <num>
2468 */
2469 {
2477 }
2479 #elif defined(VGP_mips32_linux) || defined(VGP_mips64_linux)
2483 /* Make sure our caller is actually sane, and we're really backing
2484 back over a syscall.
2486 syscall == 00 00 00 0C
2487 big endian
2488 syscall == 0C 00 00 00
2489 */
2490 {
2492 # if defined (VG_LITTLEENDIAN)
2499 # elif defined (VG_BIGENDIAN)
2506 # else
2508 # endif
2509 }
2511 #elif defined(VGP_nanomips_linux)
2512 {
2513 /* Make sure our caller is actually sane, and we're really backing
2514 back over a syscall.
2515 */
2517 /* PC has to be 16-bit aligned. */
2528 }
2530 }
2531 }
2532 #elif defined(VGP_x86_solaris)
2535 /* Make sure our caller is actually sane, and we're really backing
2536 back over a syscall.
2538 int $0x91 == CD 91
2539 syscall == 0F 05
2540 sysenter == 0F 34
2542 Handle also other syscall instructions because we also handle them in
2543 the scheduler.
2544 int $0x80 == CD 80
2545 int $0x81 == CD 81
2546 int $0x82 == CD 82
2547 */
2548 {
2562 }
2564 #elif defined(VGP_amd64_solaris)
2567 /* Make sure our caller is actually sane, and we're really backing
2568 back over a syscall.
2570 syscall == 0F 05
2571 */
2572 {
2581 }
2583 #else
2585 #endif
2586 }
2589 /*
2590 Fix up the guest state when a syscall is interrupted by a signal
2591 and so has been forced to return 'sysret'.
2593 To do this, we determine the precise state of the syscall by
2594 looking at the (real) IP at the time the signal happened. The
2595 syscall sequence looks like:
2597 1. unblock signals
2598 2. perform syscall
2599 3. save result to guest state (EAX, RAX, R3+CR0.SO, R0, V0)
2600 4. re-block signals
2602 If a signal
2603 happens at Then Why?
2604 [1-2) restart nothing has happened (restart syscall)
2605 [2] restart syscall hasn't started, or kernel wants to restart
2606 [2-3) save syscall complete, but results not saved
2607 [3-4) syscall complete, results saved
2609 Sometimes we never want to restart an interrupted syscall (because
2610 sigaction says not to), so we only restart if "restart" is True.
2612 This will also call VG_(post_syscall) if the syscall has actually
2613 completed (either because it was interrupted, or because it
2614 actually finished). It will not call VG_(post_syscall) if the
2615 syscall is set up for restart, which means that the pre-wrapper may
2616 get called multiple times.
2617 */
2619 void
2621 Addr ip,
2622 SysRes sres,
2623 Bool restart,
2625 {
2626 /* Note that we don't know the syscall number here, since (1) in
2627 general there's no reliable way to get hold of it short of
2628 stashing it in the guest state before the syscall, and (2) in
2629 any case we don't need to know it for the actions done by this
2630 routine.
2632 Furthermore, 'sres' is only used in the case where the syscall
2633 is complete, but the result has not been committed to the guest
2634 state yet. In any other situation it will be meaningless and
2635 therefore ignored. */
2638 SyscallStatus canonical;
2642 /* Compute some Booleans indicating which range we're in. */
2643 Bool outside_range,
2651 "interrupted_syscall: tid=%u, ip=%#lx, "
2653 tid,
2654 ip,
2668 # if defined(VGO_linux)
2669 outside_range
2671 in_setup_to_restart
2673 at_restart
2675 in_complete_to_committed
2677 in_committed_to_finished
2679 # elif defined(VGO_darwin)
2680 outside_range
2684 in_setup_to_restart
2688 at_restart
2692 in_complete_to_committed
2696 in_committed_to_finished
2700 /* Wasn't that just So Much Fun? Does your head hurt yet? Mine does. */
2701 # elif defined(VGO_solaris)
2702 /* The solaris port is never outside the range. */
2704 /* The Solaris kernel never restarts syscalls directly! */
2710 in_setup_to_restart
2712 in_complete_to_committed
2714 in_committed_to_finished
2716 }
2720 in_setup_to_restart
2722 in_complete_to_committed
2724 in_committed_to_finished
2726 }
2727 # else
2729 # endif
2731 /* Figure out what the state of the syscall was by examining the
2732 (real) IP at the time of the signal, and act accordingly. */
2737 /* Looks like we weren't in a syscall at all. Hmm. */
2740 }
2742 /* We should not be here unless this thread had first started up
2743 the machinery for a syscall by calling VG_(client_syscall).
2744 Hence: */
2747 /* now, do one of four fixup actions, depending on where the IP has
2748 got to. */
2751 /* syscall hasn't even started; go around again */
2756 }
2758 else
2760 # if defined(VGO_solaris)
2761 /* We should never hit this branch on Solaris, see the comment above. */
2763 # endif
2765 /* We're either about to run the syscall, or it was interrupted
2766 and the kernel restarted it. Restart if asked, otherwise
2767 EINTR it. */
2777 );
2782 }
2783 }
2785 else
2787 /* Syscall complete, but result hasn't been written back yet.
2788 Write the SysRes we were supplied with back to the guest
2789 state. */
2796 # if defined(VGO_solaris)
2798 # if defined(VGP_x86_solaris)
2799 /* Registers %esp and %ebp were also modified by the syscall. */
2802 # elif defined(VGP_amd64_solaris)
2805 # endif
2806 }
2807 # endif
2810 }
2812 else
2814 /* Result committed, but the signal mask has not been restored;
2815 we expect our caller (the signal handler) will have fixed
2816 this up. */
2820 # if defined(VGP_x86_solaris)
2821 /* The %eax and %edx values are committed but the carry flag is still
2822 uncommitted. Save it now. */
2824 # elif defined(VGP_amd64_solaris)
2826 # endif
2830 }
2832 else
2835 /* In all cases, the syscall is now finished (even if we called
2836 ML_(fixup_guest_state_to_restart_syscall), since that just
2837 re-positions the guest's IP for another go at it). So we need
2838 to record that fact. */
2840 }
2843 #if defined(VGO_solaris)
2844 /* Returns True if ip is inside a fixable syscall code in syscall-*-*.S. This
2845 function can be called by a 'non-running' thread! */
2847 {
2852 else
2854 }
2855 #endif
2858 #if defined(VGO_darwin)
2859 // Clean up after workq_ops(WQOPS_THREAD_RETURN) jumped to wqthread_hijack.
2860 // This is similar to VG_(fixup_guest_state_after_syscall_interrupted).
2861 // This longjmps back to the scheduler.
2863 {
2881 // Pretend the syscall completed normally, but don't touch the thread state.
2893 /* NOTREACHED */
2895 }
2896 #endif
2899 /* ---------------------------------------------------------------------
2900 A place to store the where-to-call-when-really-done pointer
2901 ------------------------------------------------------------------ */
2903 // When the final thread is done, where shall I call to shutdown the
2904 // system cleanly? Is set once at startup (in m_main) and never
2905 // changes after that. Is basically a pointer to the exit
2906 // continuation. This is all just a nasty hack to avoid calling
2907 // directly from m_syswrap to m_main at exit, since that would cause
2908 // m_main to become part of a module cycle, which is silly.
2913 /*--------------------------------------------------------------------*/
2914 /*--- end ---*/
2915 /*--------------------------------------------------------------------*/