| blob | 04611f6c092ee96c3672a6bc3e4c41c185b255f4 |
2 /*--------------------------------------------------------------------*/
3 /*--- Handle system calls. syswrap-main.c ---*/
4 /*--------------------------------------------------------------------*/
6 /*
7 This file is part of Valgrind, a dynamic binary instrumentation
8 framework.
10 Copyright (C) 2000-2013 Julian Seward
11 jseward@acm.org
13 This program is free software; you can redistribute it and/or
14 modify it under the terms of the GNU General Public License as
15 published by the Free Software Foundation; either version 2 of the
16 License, or (at your option) any later version.
18 This program is distributed in the hope that it will be useful, but
19 WITHOUT ANY WARRANTY; without even the implied warranty of
20 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
21 General Public License for more details.
23 You should have received a copy of the GNU General Public License
24 along with this program; if not, write to the Free Software
25 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
26 02111-1307, USA.
28 The GNU General Public License is contained in the file COPYING.
29 */
45 // and VG_(vg_yield)
57 #if defined(VGO_darwin)
59 #endif
61 /* Useful info which needs to be recorded somewhere:
62 Use of registers in syscalls is:
64 NUM ARG1 ARG2 ARG3 ARG4 ARG5 ARG6 ARG7 ARG8 RESULT
65 LINUX:
66 x86 eax ebx ecx edx esi edi ebp n/a n/a eax (== NUM)
67 amd64 rax rdi rsi rdx r10 r8 r9 n/a n/a rax (== NUM)
68 ppc32 r0 r3 r4 r5 r6 r7 r8 n/a n/a r3+CR0.SO (== ARG1)
69 ppc64 r0 r3 r4 r5 r6 r7 r8 n/a n/a r3+CR0.SO (== ARG1)
70 arm r7 r0 r1 r2 r3 r4 r5 n/a n/a r0 (== ARG1)
71 mips32 v0 a0 a1 a2 a3 stack stack n/a n/a v0 (== NUM)
72 mips64 v0 a0 a1 a2 a3 a4 a5 a6 a7 v0 (== NUM)
73 arm64 x8 x0 x1 x2 x3 x4 x5 n/a n/a x0 ?? (== ARG1??)
75 On s390x the svc instruction is used for system calls. The system call
76 number is encoded in the instruction (8 bit immediate field). Since Linux
77 2.6 it is also allowed to use svc 0 with the system call number in r1.
78 This was introduced for system calls >255, but works for all. It is
79 also possible to see the svc 0 together with an EXecute instruction, that
80 fills in the immediate field.
81 s390x r1/SVC r2 r3 r4 r5 r6 r7 n/a n/a r2 (== ARG1)
83 NUM ARG1 ARG2 ARG3 ARG4 ARG5 ARG6 ARG7 ARG8 RESULT
84 DARWIN:
85 x86 eax +4 +8 +12 +16 +20 +24 +28 +32 edx:eax, eflags.c
86 amd64 rax rdi rsi rdx rcx r8 r9 +8 +16 rdx:rax, rflags.c
88 For x86-darwin, "+N" denotes "in memory at N(%esp)"; ditto
89 amd64-darwin. Apparently 0(%esp) is some kind of return address
90 (perhaps for syscalls done with "sysenter"?) I don't think it is
91 relevant for syscalls done with "int $0x80/1/2".
92 */
94 /* This is the top level of the system-call handler module. All
95 system calls are channelled through here, doing two things:
97 * notify the tool of the events (mem/reg reads, writes) happening
99 * perform the syscall, usually by passing it along to the kernel
100 unmodified.
102 A magical piece of assembly code, do_syscall_for_client_WRK, in
103 syscall-$PLATFORM.S does the tricky bit of passing a syscall to the
104 kernel, whilst having the simulator retain control.
105 */
107 /* The main function is VG_(client_syscall). The simulation calls it
108 whenever a client thread wants to do a syscall. The following is a
109 sketch of what it does.
111 * Ensures the root thread's stack is suitably mapped. Tedious and
112 arcane. See big big comment in VG_(client_syscall).
114 * First, it rounds up the syscall number and args (which is a
115 platform dependent activity) and puts them in a struct ("args")
116 and also a copy in "orig_args".
118 The pre/post wrappers refer to these structs and so no longer
119 need magic macros to access any specific registers. This struct
120 is stored in thread-specific storage.
123 * The pre-wrapper is called, passing it a pointer to struct
124 "args".
127 * The pre-wrapper examines the args and pokes the tool
128 appropriately. It may modify the args; this is why "orig_args"
129 is also stored.
131 The pre-wrapper may choose to 'do' the syscall itself, and
132 concludes one of three outcomes:
134 Success(N) -- syscall is already complete, with success;
135 result is N
137 Fail(N) -- syscall is already complete, with failure;
138 error code is N
140 HandToKernel -- (the usual case): this needs to be given to
141 the kernel to be done, using the values in
142 the possibly-modified "args" struct.
144 In addition, the pre-wrapper may set some flags:
146 MayBlock -- only applicable when outcome==HandToKernel
148 PostOnFail -- only applicable when outcome==HandToKernel or Fail
151 * If the pre-outcome is HandToKernel, the syscall is duly handed
152 off to the kernel (perhaps involving some thread switchery, but
153 that's not important). This reduces the possible set of outcomes
154 to either Success(N) or Fail(N).
157 * The outcome (Success(N) or Fail(N)) is written back to the guest
158 register(s). This is platform specific:
160 x86: Success(N) ==> eax = N
161 Fail(N) ==> eax = -N
163 ditto amd64
165 ppc32: Success(N) ==> r3 = N, CR0.SO = 0
166 Fail(N) ==> r3 = N, CR0.SO = 1
168 Darwin:
169 x86: Success(N) ==> edx:eax = N, cc = 0
170 Fail(N) ==> edx:eax = N, cc = 1
172 s390x: Success(N) ==> r2 = N
173 Fail(N) ==> r2 = -N
175 * The post wrapper is called if:
177 - it exists, and
178 - outcome==Success or (outcome==Fail and PostOnFail is set)
180 The post wrapper is passed the adulterated syscall args (struct
181 "args"), and the syscall outcome (viz, Success(N) or Fail(N)).
183 There are several other complications, primarily to do with
184 syscalls getting interrupted, explained in comments in the code.
185 */
187 /* CAVEATS for writing wrappers. It is important to follow these!
189 The macros defined in priv_types_n_macros.h are designed to help
190 decouple the wrapper logic from the actual representation of
191 syscall args/results, since these wrappers are designed to work on
192 multiple platforms.
194 Sometimes a PRE wrapper will complete the syscall itself, without
195 handing it to the kernel. It will use one of SET_STATUS_Success,
196 SET_STATUS_Failure or SET_STATUS_from_SysRes to set the return
197 value. It is critical to appreciate that use of the macro does not
198 immediately cause the underlying guest state to be updated -- that
199 is done by the driver logic in this file, when the wrapper returns.
201 As a result, PRE wrappers of the following form will malfunction:
203 PRE(fooble)
204 {
205 ... do stuff ...
206 SET_STATUS_Somehow(...)
208 // do something that assumes guest state is up to date
209 }
211 In particular, direct or indirect calls to VG_(poll_signals) after
212 setting STATUS can cause the guest state to be read (in order to
213 build signal frames). Do not do this. If you want a signal poll
214 after the syscall goes through, do "*flags |= SfPollAfter" and the
215 driver logic will do it for you.
217 -----------
219 Another critical requirement following introduction of new address
220 space manager (JRS, 20050923):
222 In a situation where the mappedness of memory has changed, aspacem
223 should be notified BEFORE the tool. Hence the following is
224 correct:
226 Bool d = VG_(am_notify_munmap)(s->start, s->end+1 - s->start);
227 VG_TRACK( die_mem_munmap, s->start, s->end+1 - s->start );
228 if (d)
229 VG_(discard_translations)(s->start, s->end+1 - s->start);
231 whilst this is wrong:
233 VG_TRACK( die_mem_munmap, s->start, s->end+1 - s->start );
234 Bool d = VG_(am_notify_munmap)(s->start, s->end+1 - s->start);
235 if (d)
236 VG_(discard_translations)(s->start, s->end+1 - s->start);
238 The reason is that the tool may itself ask aspacem for more shadow
239 memory as a result of the VG_TRACK call. In such a situation it is
240 critical that aspacem's segment array is up to date -- hence the
241 need to notify aspacem first.
243 -----------
245 Also .. take care to call VG_(discard_translations) whenever
246 memory with execute permissions is unmapped.
247 */
250 /* ---------------------------------------------------------------------
251 Do potentially blocking syscall for the client, and mess with
252 signal masks at the same time.
253 ------------------------------------------------------------------ */
255 /* Perform a syscall on behalf of a client thread, using a specific
256 signal mask. On completion, the signal mask is set to restore_mask
257 (which presumably blocks almost everything). If a signal happens
258 during the syscall, the handler should call
259 VG_(fixup_guest_state_after_syscall_interrupted) to adjust the
260 thread's context to do the right thing.
262 The _WRK function is handwritten assembly, implemented per-platform
263 in coregrind/m_syswrap/syscall-$PLAT.S. It has some very magic
264 properties. See comments at the top of
265 VG_(fixup_guest_state_after_syscall_interrupted) below for details.
267 This function (these functions) are required to return zero in case
268 of success (even if the syscall itself failed), and nonzero if the
269 sigprocmask-swizzling calls failed. We don't actually care about
270 the failure values from sigprocmask, although most of the assembly
271 implementations do attempt to return that, using the convention
272 0 for success, or 0x8000 | error-code for failure.
273 */
274 #if defined(VGO_linux)
275 extern
280 Word sigsetSzB );
281 #elif defined(VGO_darwin)
282 extern
288 extern
294 extern
300 #else
302 #endif
305 static
309 {
310 vki_sigset_t saved;
311 UWord err;
312 # if defined(VGO_linux)
316 );
317 # elif defined(VGO_darwin)
323 );
329 );
335 );
339 /*NOTREACHED*/
341 }
342 # else
344 # endif
349 );
350 }
353 /* ---------------------------------------------------------------------
354 Impedance matchers and misc helpers
355 ------------------------------------------------------------------ */
357 static
359 {
369 }
371 static
373 {
374 /* was: return s1->what == s2->what && sr_EQ( s1->sres, s2->sres ); */
377 # if defined(VGO_darwin)
378 /* Darwin-specific debugging guff */
384 # endif
386 }
388 /* Convert between SysRes and SyscallStatus, to the extent possible. */
390 static
392 {
393 SyscallStatus status;
397 }
400 /* Impedance matchers. These convert syscall arg or result data from
401 the platform-specific in-guest-state format to the canonical
402 formats, and back. */
404 static
408 {
409 #if defined(VGP_x86_linux)
421 #elif defined(VGP_amd64_linux)
433 #elif defined(VGP_ppc32_linux)
445 #elif defined(VGP_ppc64be_linux) || defined(VGP_ppc64le_linux)
457 #elif defined(VGP_arm_linux)
469 #elif defined(VGP_arm64_linux)
481 #elif defined(VGP_mips32_linux)
501 // Fixme hack handle syscall()
510 }
512 #elif defined(VGP_mips64_linux)
522 #elif defined(VGP_x86_darwin)
525 // GrP fixme hope syscalls aren't called with really shallow stacks...
528 // stack[0] is return address
538 // GrP fixme hack handle syscall()
539 // GrP fixme what about __syscall() ?
540 // stack[0] is return address
541 // DDD: the tool can't see that the params have been shifted! Can
542 // lead to incorrect checking, I think, because the PRRAn/PSARn
543 // macros will mention the pre-shifted args.
558 }
560 // Here we determine what kind of syscall it was by looking at the
561 // interrupt kind, and then encode the syscall number using the 64-bit
562 // encoding for Valgrind's internal use.
563 //
564 // DDD: Would it be better to stash the JMP kind into the Darwin
565 // thread state rather than passing in the trc?
568 // int $0x80 = Unix, 64-bit result
573 // syscall = Unix, 32-bit result
574 // OR Mach, 32-bit result
576 // GrP fixme hack: 0xffff == I386_SYSCALL_NUMBER_MASK
581 }
584 // int $0x81 = Mach, 32-bit result
589 // int $0x82 = mdep, 32-bit result
596 }
598 #elif defined(VGP_amd64_darwin)
604 // GrP fixme hope syscalls aren't called with really shallow stacks...
607 // stack[0] is return address
617 // GrP fixme hack handle syscall()
618 // GrP fixme what about __syscall() ?
619 // stack[0] is return address
620 // DDD: the tool can't see that the params have been shifted! Can
621 // lead to incorrect checking, I think, because the PRRAn/PSARn
622 // macros will mention the pre-shifted args.
637 }
639 // no canonical->sysno adjustment needed
641 #elif defined(VGP_s390x_linux)
652 #else
654 #endif
655 }
657 static
660 {
661 #if defined(VGP_x86_linux)
671 #elif defined(VGP_amd64_linux)
681 #elif defined(VGP_ppc32_linux)
691 #elif defined(VGP_ppc64be_linux) || defined(VGP_ppc64le_linux)
701 #elif defined(VGP_arm_linux)
711 #elif defined(VGP_arm64_linux)
721 #elif defined(VGP_x86_darwin)
727 // GrP fixme? gst->guest_TEMP_EFLAG_C = 0;
728 // stack[0] is return address
738 #elif defined(VGP_amd64_darwin)
743 // GrP fixme? gst->guest_TEMP_EFLAG_C = 0;
745 // stack[0] is return address
755 #elif defined(VGP_s390x_linux)
765 #elif defined(VGP_mips32_linux)
785 }
787 #elif defined(VGP_mips64_linux)
796 #else
798 #endif
799 }
801 static
804 {
805 # if defined(VGP_x86_linux)
810 # elif defined(VGP_amd64_linux)
815 # elif defined(VGP_ppc32_linux)
822 # elif defined(VGP_ppc64be_linux) || defined(VGP_ppc64le_linux)
829 # elif defined(VGP_arm_linux)
834 # elif defined(VGP_arm64_linux)
839 # elif defined(VGP_mips32_linux)
847 # elif defined(VGP_mips64_linux)
855 # elif defined(VGP_x86_darwin)
856 /* duplicates logic in m_signals.VG_UCONTEXT_SYSCALL_SYSRES */
864 // int $0x80 = Unix, 64-bit result
870 // int $0x81 = Mach, 32-bit result
874 // int $0x82 = mdep, 32-bit result
880 }
883 wHI, wLO
884 );
887 # elif defined(VGP_amd64_darwin)
888 /* duplicates logic in m_signals.VG_UCONTEXT_SYSCALL_SYSRES */
896 // syscall = Unix, 128-bit result
902 // syscall = Mach, 64-bit result
906 // syscall = mdep, 64-bit result
912 }
915 wHI, wLO
916 );
919 # elif defined(VGP_s390x_linux)
924 # else
926 # endif
927 }
929 static
933 {
934 # if defined(VGP_x86_linux)
938 /* This isn't exactly right, in that really a Failure with res
939 not in the range 1 .. 4095 is unrepresentable in the
940 Linux-x86 scheme. Oh well. */
944 }
948 # elif defined(VGP_amd64_linux)
952 /* This isn't exactly right, in that really a Failure with res
953 not in the range 1 .. 4095 is unrepresentable in the
954 Linux-amd64 scheme. Oh well. */
958 }
962 # elif defined(VGP_ppc32_linux)
967 /* set CR0.SO */
971 /* clear CR0.SO */
974 }
980 # elif defined(VGP_ppc64be_linux) || defined(VGP_ppc64le_linux)
985 /* set CR0.SO */
989 /* clear CR0.SO */
992 }
998 # elif defined(VGP_arm_linux)
1002 /* This isn't exactly right, in that really a Failure with res
1003 not in the range 1 .. 4095 is unrepresentable in the
1004 Linux-arm scheme. Oh well. */
1008 }
1012 # elif defined(VGP_arm64_linux)
1016 /* This isn't exactly right, in that really a Failure with res
1017 not in the range 1 .. 4095 is unrepresentable in the
1018 Linux-arm64 scheme. Oh well. */
1022 }
1026 #elif defined(VGP_x86_darwin)
1030 /* Unfortunately here we have to break abstraction and look
1031 directly inside 'res', in order to decide what to do. */
1048 gst );
1049 // GrP fixme sets defined for entire eflags, not just bit c
1050 // DDD: this breaks exp-ptrcheck.
1057 }
1059 #elif defined(VGP_amd64_darwin)
1063 /* Unfortunately here we have to break abstraction and look
1064 directly inside 'res', in order to decide what to do. */
1081 gst );
1082 // GrP fixme sets defined for entire rflags, not just bit c
1083 // DDD: this breaks exp-ptrcheck.
1090 }
1092 # elif defined(VGP_s390x_linux)
1099 }
1101 # elif defined(VGP_mips32_linux)
1111 }
1119 # elif defined(VGP_mips64_linux)
1129 }
1137 # else
1139 # endif
1140 }
1143 /* Tell me the offsets in the guest state of the syscall params, so
1144 that the scalar argument checkers don't have to have this info
1145 hardwired. */
1147 static
1149 {
1152 #if defined(VGP_x86_linux)
1163 #elif defined(VGP_amd64_linux)
1174 #elif defined(VGP_ppc32_linux)
1185 #elif defined(VGP_ppc64be_linux) || defined(VGP_ppc64le_linux)
1196 #elif defined(VGP_arm_linux)
1207 #elif defined(VGP_arm64_linux)
1218 #elif defined(VGP_mips32_linux)
1229 #elif defined(VGP_mips64_linux)
1240 #elif defined(VGP_x86_darwin)
1242 // syscall parameters are on stack in C convention
1252 #elif defined(VGP_amd64_darwin)
1263 #elif defined(VGP_s390x_linux)
1273 #else
1275 #endif
1276 }
1279 /* ---------------------------------------------------------------------
1280 The main driver logic
1281 ------------------------------------------------------------------ */
1283 /* Finding the handlers for a given syscall, or faking up one
1284 when no handler is found. */
1286 static
1292 {
1297 }
1304 }
1310 {
1313 # if defined(VGO_linux)
1316 # elif defined(VGO_darwin)
1338 }
1340 # else
1341 # error Unknown OS
1342 # endif
1345 }
1348 /* Add and remove signals from mask so that we end up telling the
1349 kernel the state we actually want rather than what the client
1350 wants. */
1352 {
1356 }
1358 typedef
1360 SyscallArgs orig_args;
1361 SyscallArgs args;
1362 SyscallStatus status;
1363 UWord flags;
1364 }
1365 SyscallInfo;
1370 /* The scheduler needs to be able to zero out these records after a
1371 fork, hence this is exported from m_syswrap. */
1373 {
1377 }
1380 {
1381 Int i;
1388 }
1389 }
1391 /* --- This is the main function of this file. --- */
1394 {
1395 Word sysno;
1398 SyscallArgLayout layout;
1407 # if !defined(VGO_darwin)
1408 // Resync filtering is meaningless on non-Darwin targets.
1410 # endif
1414 /* BEGIN ensure root thread's stack is suitably mapped */
1415 /* In some rare circumstances, we may do the syscall without the
1416 bottom page of the stack being mapped, because the stack pointer
1417 was moved down just a few instructions before the syscall
1418 instruction, and there have been no memory references since
1419 then, that would cause a call to VG_(extend_stack) to have
1420 happened.
1422 In native execution that's OK: the kernel automagically extends
1423 the stack's mapped area down to cover the stack pointer (or sp -
1424 redzone, really). In simulated normal execution that's OK too,
1425 since any signals we get from accessing below the mapped area of
1426 the (guest's) stack lead us to VG_(extend_stack), where we
1427 simulate the kernel's stack extension logic. But that leaves
1428 the problem of entering a syscall with the SP unmapped. Because
1429 the kernel doesn't know that the segment immediately above SP is
1430 supposed to be a grow-down segment, it causes the syscall to
1431 fail, and thereby causes a divergence between native behaviour
1432 (syscall succeeds) and simulated behaviour (syscall fails).
1434 This is quite a rare failure mode. It has only been seen
1435 affecting calls to sys_readlink on amd64-linux, and even then it
1436 requires a certain code sequence around the syscall to trigger
1437 it. Here is one:
1439 extern int my_readlink ( const char* path );
1440 asm(
1441 ".text\n"
1442 ".globl my_readlink\n"
1443 "my_readlink:\n"
1444 "\tsubq $0x1008,%rsp\n"
1445 "\tmovq %rdi,%rdi\n" // path is in rdi
1446 "\tmovq %rsp,%rsi\n" // &buf[0] -> rsi
1447 "\tmovl $0x1000,%edx\n" // sizeof(buf) in rdx
1448 "\tmovl $"__NR_READLINK",%eax\n" // syscall number
1449 "\tsyscall\n"
1450 "\taddq $0x1008,%rsp\n"
1451 "\tret\n"
1452 ".previous\n"
1453 );
1455 For more details, see bug #156404
1456 (https://bugs.kde.org/show_bug.cgi?id=156404).
1458 The fix is actually very simple. We simply need to call
1459 VG_(extend_stack) for this thread, handing it the lowest
1460 possible valid address for stack (sp - redzone), to ensure the
1461 pages all the way down to that address, are mapped. Because
1462 this is a potentially expensive and frequent operation, we
1463 filter in two ways:
1465 First, only the main thread (tid=1) has a growdown stack. So
1466 ignore all others. It is conceivable, although highly unlikely,
1467 that the main thread exits, and later another thread is
1468 allocated tid=1, but that's harmless, I believe;
1469 VG_(extend_stack) will do nothing when applied to a non-root
1470 thread.
1472 Secondly, first call VG_(am_find_nsegment) directly, to see if
1473 the page holding (sp - redzone) is mapped correctly. If so, do
1474 nothing. This is almost always the case. VG_(extend_stack)
1475 calls VG_(am_find_nsegment) twice, so this optimisation -- and
1476 that's all it is -- more or less halves the number of calls to
1477 VG_(am_find_nsegment) required.
1479 TODO: the test "seg->kind == SkAnonC" is really inadequate,
1480 because although it tests whether the segment is mapped
1481 _somehow_, it doesn't check that it has the right permissions
1482 (r,w, maybe x) ? We could test that here, but it will also be
1483 necessary to fix the corresponding test in VG_(extend_stack).
1485 All this guff is of course Linux-specific. Hence the ifdef.
1486 */
1487 # if defined(VGO_linux)
1492 /* stackMin is already mapped. Nothing to do. */
1496 }
1497 }
1498 # endif
1499 /* END ensure root thread's stack is suitably mapped */
1501 /* First off, get the syscall args and number. This is a
1502 platform-dependent action. */
1509 /* Copy .orig_args to .args. The pre-handler may modify .args, but
1510 we want to keep the originals too, just in case. */
1513 /* Save the syscall number in the thread state in case the syscall
1514 is interrupted by a signal. */
1517 /* It's sometimes useful, as a crude debugging hack, to get a
1518 stack trace at each (or selected) syscalls. */
1523 }
1525 # if defined(VGO_darwin)
1526 /* Record syscall class. But why? Because the syscall might be
1527 interrupted by a signal, and in the signal handler (which will
1528 be m_signals.async_signalhandler) we will need to build a SysRes
1529 reflecting the syscall return result. In order to do that we
1530 need to know the syscall class. Hence stash it in the guest
1531 state of this thread. This madness is not needed on Linux
1532 because it only has a single syscall return convention and so
1533 there is no ambiguity involved in converting the post-signal
1534 machine state into a SysRes. */
1536 # endif
1538 /* The default what-to-do-next thing is hand the syscall to the
1539 kernel, so we pre-set that here. Set .sres to something
1540 harmless looking (is irrelevant because .what is not
1541 SsComplete.) */
1546 /* Fetch the syscall's handlers. If no handlers exist for this
1547 syscall, we are given dummy handlers which force an immediate
1548 return with ENOSYS. */
1551 /* Fetch the layout information, which tells us where in the guest
1552 state the syscall args reside. This is a platform-dependent
1553 action. This info is needed so that the scalar syscall argument
1554 checks (PRE_REG_READ calls) know which bits of the guest state
1555 they need to inspect. */
1558 /* Make sure the tmp signal mask matches the real signal mask;
1559 sigsuspend may change this. */
1562 /* Right, we're finally ready to Party. Call the pre-handler and
1563 see what we get back. At this point:
1565 sci->status.what is Unset (we don't know yet).
1566 sci->orig_args contains the original args.
1567 sci->args is the same as sci->orig_args.
1568 sci->flags is zero.
1569 */
1574 /* Do any pre-syscall actions */
1587 }
1595 /* The pre-handler may have modified:
1596 sci->args
1597 sci->status
1598 sci->flags
1599 All else remains unchanged.
1600 Although the args may be modified, pre handlers are not allowed
1601 to change the syscall number.
1602 */
1603 /* Now we proceed according to what the pre-handler decided. */
1609 /* The pre-handler completed the syscall itself, declaring
1610 success. */
1617 }
1618 /* In this case the allowable flags are to ask for a signal-poll
1619 and/or a yield after the call. Changing the args isn't
1620 allowed. */
1624 }
1626 else
1628 /* The pre-handler decided to fail syscall itself. */
1630 /* In this case, the pre-handler is also allowed to ask for the
1631 post-handler to be run anyway. Changing the args is not
1632 allowed. */
1635 }
1637 else
1639 /* huh?! */
1641 }
1644 /* Ok, this is the usual case -- and the complicated one. There
1645 are two subcases: sync and async. async is the general case
1646 and is to be used when there is any possibility that the
1647 syscall might block [a fact that the pre-handler must tell us
1648 via the sci->flags field.] Because the tidying-away /
1649 context-switch overhead of the async case could be large, if
1650 we are sure that the syscall will not block, we fast-track it
1651 by doing it directly in this thread, which is a lot
1652 simpler. */
1654 /* Check that the given flags are allowable: MayBlock, PollAfter
1655 and PostOnFail are ok. */
1660 /* Syscall may block, so run it asynchronously */
1661 vki_sigset_t mask;
1668 /* Gack. More impedance matching. Copy the possibly
1669 modified syscall args back into the guest state. */
1670 /* JRS 2009-Mar-16: if the syscall args are possibly modified,
1671 then this assertion is senseless:
1672 vg_assert(eq_SyscallArgs(&sci->args, &sci->orig_args));
1673 The case that exposed it was sys_posix_spawn on Darwin,
1674 which heavily modifies its arguments but then lets the call
1675 go through anyway, with SfToBlock set, hence we end up here. */
1678 /* Drop the bigLock */
1680 /* Urr. We're now in a race against other threads trying to
1681 acquire the bigLock. I guess that doesn't matter provided
1682 that do_syscall_for_client only touches thread-local
1683 state. */
1685 /* Do the call, which operates directly on the guest state,
1686 not on our abstracted copies of the args/result. */
1689 /* do_syscall_for_client may not return if the syscall was
1690 interrupted by a signal. In that case, flow of control is
1691 first to m_signals.async_sighandler, which calls
1692 VG_(fixup_guest_state_after_syscall_interrupted), which
1693 fixes up the guest state, and possibly calls
1694 VG_(post_syscall). Once that's done, control drops back
1695 to the scheduler. */
1697 /* Darwin: do_syscall_for_client may not return if the
1698 syscall was workq_ops(WQOPS_THREAD_RETURN) and the kernel
1699 responded by starting the thread at wqthread_hijack(reuse=1)
1700 (to run another workqueue item). In that case, wqthread_hijack
1701 calls ML_(wqthread_continue), which is similar to
1702 VG_(fixup_guest_state_after_syscall_interrupted). */
1704 /* Reacquire the lock */
1707 /* Even more impedance matching. Extract the syscall status
1708 from the guest state. */
1712 /* Be decorative, if required. */
1725 }
1726 }
1730 /* run the syscall directly */
1731 /* The pre-handler may have modified the syscall args, but
1732 since we're passing values in ->args directly to the
1733 kernel, there's no point in flushing them back to the
1734 guest state. Indeed doing so could be construed as
1735 incorrect. */
1736 SysRes sres
1743 /* Be decorative, if required. */
1753 }
1754 }
1755 }
1756 }
1762 /* Dump the syscall result back in the guest state. This is
1763 a platform-specific action. */
1767 /* Situation now:
1768 - the guest state is now correctly modified following the syscall
1769 - modified args, original args and syscall status are still
1770 available in the syscallInfo[] entry for this syscall.
1772 Now go on to do the post-syscall actions (read on down ..)
1773 */
1777 }
1780 /* Perform post syscall actions. The expected state on entry is
1781 precisely as at the end of VG_(client_syscall), that is:
1783 - guest state up to date following the syscall
1784 - modified args, original args and syscall status are still
1785 available in the syscallInfo[] entry for this syscall.
1786 - syscall status matches what's in the guest state.
1788 There are two ways to get here: the normal way -- being called by
1789 VG_(client_syscall), and the unusual way, from
1790 VG_(fixup_guest_state_after_syscall_interrupted).
1791 Darwin: there's a third way, ML_(wqthread_continue).
1792 */
1794 {
1797 SyscallStatus test_status;
1799 Word sysno;
1801 /* Preliminaries */
1809 /* m_signals.sigvgkill_handler might call here even when not in
1810 a syscall. */
1814 }
1816 /* Validate current syscallInfo entry. In particular we require
1817 that the current .status matches what's actually in the guest
1818 state. At least in the normal case where we have actually
1819 previously written the result into the guest state. */
1825 /* Failure of the above assertion on Darwin can indicate a problem
1826 in the syscall wrappers that pre-fail or pre-succeed the
1827 syscall, by calling SET_STATUS_Success or SET_STATUS_Failure,
1828 when they really should call SET_STATUS_from_SysRes. The former
1829 create a UNIX-class syscall result on Darwin, which may not be
1830 correct for the syscall; if that's the case then this assertion
1831 fires. See PRE(thread_fast_set_cthread_self) for an example. On
1832 non-Darwin platforms this assertion is should never fail, and this
1833 comment is completely irrelevant. */
1834 /* Ok, looks sane */
1836 /* Get the system call number. Because the pre-handler isn't
1837 allowed to mess with it, it should be the same for both the
1838 original and potentially-modified args. */
1843 /* pre: status == Complete (asserted above) */
1844 /* Consider either success or failure. Now run the post handler if:
1845 - it exists, and
1846 - Success or (Failure and PostOnFail is set)
1847 */
1854 }
1856 /* Because the post handler might have changed the status (eg, the
1857 post-handler for sys_open can change the result from success to
1858 failure if the kernel supplied a fd that it doesn't like), once
1859 again dump the syscall result back in the guest state.*/
1863 /* Do any post-syscall actions required by the tool. */
1875 sysno,
1878 }
1880 /* The syscall is done. */
1884 /* The pre/post wrappers may have concluded that pending signals
1885 might have been created, and will have set SfPollAfter to
1886 request a poll for them once the syscall is done. */
1890 /* Similarly, the wrappers might have asked for a yield
1891 afterwards. */
1894 }
1897 /* ---------------------------------------------------------------------
1898 Dealing with syscalls which get interrupted by a signal:
1899 VG_(fixup_guest_state_after_syscall_interrupted)
1900 ------------------------------------------------------------------ */
1902 /* Syscalls done on behalf of the client are finally handed off to the
1903 kernel in VG_(client_syscall) above, either by calling
1904 do_syscall_for_client (the async case), or by calling
1905 VG_(do_syscall6) (the sync case).
1907 If the syscall is not interrupted by a signal (it may block and
1908 later unblock, but that's irrelevant here) then those functions
1909 eventually return and so control is passed to VG_(post_syscall).
1910 NB: not sure if the sync case can actually get interrupted, as it
1911 operates with all signals masked.
1913 However, the syscall may get interrupted by an async-signal. In
1914 that case do_syscall_for_client/VG_(do_syscall6) do not
1915 return. Instead we wind up in m_signals.async_sighandler. We need
1916 to fix up the guest state to make it look like the syscall was
1917 interrupted for guest. So async_sighandler calls here, and this
1918 does the fixup. Note that from here we wind up calling
1919 VG_(post_syscall) too.
1920 */
1923 /* These are addresses within ML_(do_syscall_for_client_WRK). See
1924 syscall-$PLAT.S for details.
1925 */
1926 #if defined(VGO_linux)
1932 #elif defined(VGO_darwin)
1933 /* Darwin requires extra uglyness */
1949 #else
1951 #endif
1954 /* Back up guest state to restart a system call. */
1957 {
1958 #if defined(VGP_x86_linux)
1961 /* Make sure our caller is actually sane, and we're really backing
1962 back over a syscall.
1964 int $0x80 == CD 80
1965 */
1966 {
1975 }
1977 #elif defined(VGP_amd64_linux)
1980 /* Make sure our caller is actually sane, and we're really backing
1981 back over a syscall.
1983 syscall == 0F 05
1984 */
1985 {
1994 }
1996 #elif defined(VGP_ppc32_linux) || defined(VGP_ppc64be_linux)
1999 /* Make sure our caller is actually sane, and we're really backing
2000 back over a syscall.
2002 sc == 44 00 00 02
2003 */
2004 {
2013 }
2015 #elif defined(VGP_ppc64le_linux)
2018 /* Make sure our caller is actually sane, and we're really backing
2019 back over a syscall.
2021 sc == 44 00 00 02
2022 */
2023 {
2032 }
2034 #elif defined(VGP_arm_linux)
2036 // Thumb mode. SVC is a encoded as
2037 // 1101 1111 imm8
2038 // where imm8 is the SVC number, and we only accept 0.
2044 "?! restarting over (Thumb) syscall that is not syscall "
2047 }
2049 // FIXME: NOTE, this really isn't right. We need to back up
2050 // ITSTATE to what it was before the SVC instruction, but we
2051 // don't know what it was. At least assert that it is now
2052 // zero, because if it is nonzero then it must also have
2053 // been nonzero for the SVC itself, which means it was
2054 // conditional. Urk.
2057 // ARM mode. SVC is encoded as
2058 // cond 1111 imm24
2059 // where imm24 is the SVC number, and we only accept 0.
2066 "?! restarting over (ARM) syscall that is not syscall "
2069 }
2071 }
2073 #elif defined(VGP_arm64_linux)
2076 /* Make sure our caller is actually sane, and we're really backing
2077 back over a syscall.
2079 svc #0 == d4 00 00 01
2080 */
2081 {
2086 Vg_DebugMsg,
2089 );
2092 }
2094 #elif defined(VGP_x86_darwin)
2097 /* Make sure our caller is actually sane, and we're really backing
2098 back over a syscall.
2100 int $0x80 == CD 80
2101 int $0x81 == CD 81
2102 int $0x82 == CD 82
2103 sysenter == 0F 34
2104 */
2105 {
2116 }
2118 #elif defined(VGP_amd64_darwin)
2119 // DDD: #warning GrP fixme amd64 restart unimplemented
2122 #elif defined(VGP_s390x_linux)
2125 /* Make sure our caller is actually sane, and we're really backing
2126 back over a syscall.
2128 syscall == 0A <num>
2129 */
2130 {
2138 }
2140 #elif defined(VGP_mips32_linux) || defined(VGP_mips64_linux)
2144 /* Make sure our caller is actually sane, and we're really backing
2145 back over a syscall.
2147 syscall == 00 00 00 0C
2148 big endian
2149 syscall == 0C 00 00 00
2150 */
2151 {
2153 # if defined (VG_LITTLEENDIAN)
2160 # elif defined (VG_BIGENDIAN)
2167 # else
2169 # endif
2170 }
2172 #else
2174 #endif
2175 }
2178 /*
2179 Fix up the guest state when a syscall is interrupted by a signal
2180 and so has been forced to return 'sysret'.
2182 To do this, we determine the precise state of the syscall by
2183 looking at the (real) IP at the time the signal happened. The
2184 syscall sequence looks like:
2186 1. unblock signals
2187 2. perform syscall
2188 3. save result to guest state (EAX, RAX, R3+CR0.SO, R0, V0)
2189 4. re-block signals
2191 If a signal
2192 happens at Then Why?
2193 [1-2) restart nothing has happened (restart syscall)
2194 [2] restart syscall hasn't started, or kernel wants to restart
2195 [2-3) save syscall complete, but results not saved
2196 [3-4) syscall complete, results saved
2198 Sometimes we never want to restart an interrupted syscall (because
2199 sigaction says not to), so we only restart if "restart" is True.
2201 This will also call VG_(post_syscall) if the syscall has actually
2202 completed (either because it was interrupted, or because it
2203 actually finished). It will not call VG_(post_syscall) if the
2204 syscall is set up for restart, which means that the pre-wrapper may
2205 get called multiple times.
2206 */
2208 void
2210 Addr ip,
2211 SysRes sres,
2212 Bool restart)
2213 {
2214 /* Note that we don't know the syscall number here, since (1) in
2215 general there's no reliable way to get hold of it short of
2216 stashing it in the guest state before the syscall, and (2) in
2217 any case we don't need to know it for the actions done by this
2218 routine.
2220 Furthermore, 'sres' is only used in the case where the syscall
2221 is complete, but the result has not been committed to the guest
2222 state yet. In any other situation it will be meaningless and
2223 therefore ignored. */
2226 SyscallStatus canonical;
2230 /* Compute some Booleans indicating which range we're in. */
2231 Bool outside_range,
2237 # if defined(VGO_linux)
2238 outside_range
2240 in_setup_to_restart
2242 at_restart
2244 in_complete_to_committed
2246 in_committed_to_finished
2248 # elif defined(VGO_darwin)
2249 outside_range
2253 in_setup_to_restart
2257 at_restart
2261 in_complete_to_committed
2265 in_committed_to_finished
2269 /* Wasn't that just So Much Fun? Does your head hurt yet? Mine does. */
2270 # else
2272 # endif
2276 "interrupted_syscall: tid=%d, ip=0x%llx, "
2292 /* Figure out what the state of the syscall was by examining the
2293 (real) IP at the time of the signal, and act accordingly. */
2298 /* Looks like we weren't in a syscall at all. Hmm. */
2301 }
2303 /* We should not be here unless this thread had first started up
2304 the machinery for a syscall by calling VG_(client_syscall).
2305 Hence: */
2308 /* now, do one of four fixup actions, depending on where the IP has
2309 got to. */
2312 /* syscall hasn't even started; go around again */
2317 }
2319 else
2321 /* We're either about to run the syscall, or it was interrupted
2322 and the kernel restarted it. Restart if asked, otherwise
2323 EINTR it. */
2333 );
2338 }
2339 }
2341 else
2343 /* Syscall complete, but result hasn't been written back yet.
2344 Write the SysRes we were supplied with back to the guest
2345 state. */
2354 }
2356 else
2358 /* Result committed, but the signal mask has not been restored;
2359 we expect our caller (the signal handler) will have fixed
2360 this up. */
2367 }
2369 else
2372 /* In all cases, the syscall is now finished (even if we called
2373 ML_(fixup_guest_state_to_restart_syscall), since that just
2374 re-positions the guest's IP for another go at it). So we need
2375 to record that fact. */
2377 }
2380 #if defined(VGO_darwin)
2381 // Clean up after workq_ops(WQOPS_THREAD_RETURN) jumped to wqthread_hijack.
2382 // This is similar to VG_(fixup_guest_state_after_syscall_interrupted).
2383 // This longjmps back to the scheduler.
2385 {
2403 // Pretend the syscall completed normally, but don't touch the thread state.
2415 /* NOTREACHED */
2417 }
2418 #endif
2421 /* ---------------------------------------------------------------------
2422 A place to store the where-to-call-when-really-done pointer
2423 ------------------------------------------------------------------ */
2425 // When the final thread is done, where shall I call to shutdown the
2426 // system cleanly? Is set once at startup (in m_main) and never
2427 // changes after that. Is basically a pointer to the exit
2428 // continuation. This is all just a nasty hack to avoid calling
2429 // directly from m_syswrap to m_main at exit, since that would cause
2430 // m_main to become part of a module cycle, which is silly.
2435 /*--------------------------------------------------------------------*/
2436 /*--- end ---*/
2437 /*--------------------------------------------------------------------*/