| blob | 0479400ffba54a5b7c24aaf9b09d1f641d5e1ab3 |
2 /*--------------------------------------------------------------------*/
3 /*--- Handle system calls. syswrap-main.c ---*/
4 /*--------------------------------------------------------------------*/
6 /*
7 This file is part of Valgrind, a dynamic binary instrumentation
8 framework.
10 Copyright (C) 2000-2013 Julian Seward
11 jseward@acm.org
13 This program is free software; you can redistribute it and/or
14 modify it under the terms of the GNU General Public License as
15 published by the Free Software Foundation; either version 2 of the
16 License, or (at your option) any later version.
18 This program is distributed in the hope that it will be useful, but
19 WITHOUT ANY WARRANTY; without even the implied warranty of
20 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
21 General Public License for more details.
23 You should have received a copy of the GNU General Public License
24 along with this program; if not, write to the Free Software
25 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
26 02111-1307, USA.
28 The GNU General Public License is contained in the file COPYING.
29 */
44 // and VG_(vg_yield)
57 #if defined(VGO_darwin)
59 #endif
61 /* Useful info which needs to be recorded somewhere:
62 Use of registers in syscalls is:
64 NUM ARG1 ARG2 ARG3 ARG4 ARG5 ARG6 ARG7 ARG8 RESULT
65 LINUX:
66 x86 eax ebx ecx edx esi edi ebp n/a n/a eax (== NUM)
67 amd64 rax rdi rsi rdx r10 r8 r9 n/a n/a rax (== NUM)
68 ppc32 r0 r3 r4 r5 r6 r7 r8 n/a n/a r3+CR0.SO (== ARG1)
69 ppc64 r0 r3 r4 r5 r6 r7 r8 n/a n/a r3+CR0.SO (== ARG1)
70 arm r7 r0 r1 r2 r3 r4 r5 n/a n/a r0 (== ARG1)
71 mips32 v0 a0 a1 a2 a3 stack stack n/a n/a v0 (== NUM)
72 mips64 v0 a0 a1 a2 a3 a4 a5 a6 a7 v0 (== NUM)
73 arm64 x8 x0 x1 x2 x3 x4 x5 n/a n/a x0 ?? (== ARG1??)
75 On s390x the svc instruction is used for system calls. The system call
76 number is encoded in the instruction (8 bit immediate field). Since Linux
77 2.6 it is also allowed to use svc 0 with the system call number in r1.
78 This was introduced for system calls >255, but works for all. It is
79 also possible to see the svc 0 together with an EXecute instruction, that
80 fills in the immediate field.
81 s390x r1/SVC r2 r3 r4 r5 r6 r7 n/a n/a r2 (== ARG1)
83 NUM ARG1 ARG2 ARG3 ARG4 ARG5 ARG6 ARG7 ARG8 RESULT
84 DARWIN:
85 x86 eax +4 +8 +12 +16 +20 +24 +28 +32 edx:eax, eflags.c
86 amd64 rax rdi rsi rdx rcx r8 r9 +8 +16 rdx:rax, rflags.c
88 For x86-darwin, "+N" denotes "in memory at N(%esp)"; ditto
89 amd64-darwin. Apparently 0(%esp) is some kind of return address
90 (perhaps for syscalls done with "sysenter"?) I don't think it is
91 relevant for syscalls done with "int $0x80/1/2".
93 SOLARIS:
94 x86 eax +4 +8 +12 +16 +20 +24 +28 +32 edx:eax, eflags.c
95 amd64 rax rdi rsi rdx r10 r8 r9 +8 +16 rdx:rax, rflags.c
97 "+N" denotes "in memory at N(%esp)". Solaris also supports fasttrap
98 syscalls. Fasttraps do not take any parameters (except of the sysno in eax)
99 and never fail (if the sysno is valid).
100 */
102 /* This is the top level of the system-call handler module. All
103 system calls are channelled through here, doing two things:
105 * notify the tool of the events (mem/reg reads, writes) happening
107 * perform the syscall, usually by passing it along to the kernel
108 unmodified.
110 A magical piece of assembly code, do_syscall_for_client_WRK, in
111 syscall-$PLATFORM.S does the tricky bit of passing a syscall to the
112 kernel, whilst having the simulator retain control.
113 */
115 /* The main function is VG_(client_syscall). The simulation calls it
116 whenever a client thread wants to do a syscall. The following is a
117 sketch of what it does.
119 * Ensures the root thread's stack is suitably mapped. Tedious and
120 arcane. See big big comment in VG_(client_syscall).
122 * First, it rounds up the syscall number and args (which is a
123 platform dependent activity) and puts them in a struct ("args")
124 and also a copy in "orig_args".
126 The pre/post wrappers refer to these structs and so no longer
127 need magic macros to access any specific registers. This struct
128 is stored in thread-specific storage.
131 * The pre-wrapper is called, passing it a pointer to struct
132 "args".
135 * The pre-wrapper examines the args and pokes the tool
136 appropriately. It may modify the args; this is why "orig_args"
137 is also stored.
139 The pre-wrapper may choose to 'do' the syscall itself, and
140 concludes one of three outcomes:
142 Success(N) -- syscall is already complete, with success;
143 result is N
145 Fail(N) -- syscall is already complete, with failure;
146 error code is N
148 HandToKernel -- (the usual case): this needs to be given to
149 the kernel to be done, using the values in
150 the possibly-modified "args" struct.
152 In addition, the pre-wrapper may set some flags:
154 MayBlock -- only applicable when outcome==HandToKernel
156 PostOnFail -- only applicable when outcome==HandToKernel or Fail
159 * If the pre-outcome is HandToKernel, the syscall is duly handed
160 off to the kernel (perhaps involving some thread switchery, but
161 that's not important). This reduces the possible set of outcomes
162 to either Success(N) or Fail(N).
165 * The outcome (Success(N) or Fail(N)) is written back to the guest
166 register(s). This is platform specific:
168 x86: Success(N) ==> eax = N
169 Fail(N) ==> eax = -N
171 ditto amd64
173 ppc32: Success(N) ==> r3 = N, CR0.SO = 0
174 Fail(N) ==> r3 = N, CR0.SO = 1
176 Darwin:
177 x86: Success(N) ==> edx:eax = N, cc = 0
178 Fail(N) ==> edx:eax = N, cc = 1
180 s390x: Success(N) ==> r2 = N
181 Fail(N) ==> r2 = -N
183 Solaris:
184 x86: Success(N) ==> edx:eax = N, cc = 0
185 Fail(N) ==> eax = N, cc = 1
186 Same applies for fasttraps except they never fail.
188 * The post wrapper is called if:
190 - it exists, and
191 - outcome==Success or (outcome==Fail and PostOnFail is set)
193 The post wrapper is passed the adulterated syscall args (struct
194 "args"), and the syscall outcome (viz, Success(N) or Fail(N)).
196 There are several other complications, primarily to do with
197 syscalls getting interrupted, explained in comments in the code.
198 */
200 /* CAVEATS for writing wrappers. It is important to follow these!
202 The macros defined in priv_types_n_macros.h are designed to help
203 decouple the wrapper logic from the actual representation of
204 syscall args/results, since these wrappers are designed to work on
205 multiple platforms.
207 Sometimes a PRE wrapper will complete the syscall itself, without
208 handing it to the kernel. It will use one of SET_STATUS_Success,
209 SET_STATUS_Failure or SET_STATUS_from_SysRes to set the return
210 value. It is critical to appreciate that use of the macro does not
211 immediately cause the underlying guest state to be updated -- that
212 is done by the driver logic in this file, when the wrapper returns.
214 As a result, PRE wrappers of the following form will malfunction:
216 PRE(fooble)
217 {
218 ... do stuff ...
219 SET_STATUS_Somehow(...)
221 // do something that assumes guest state is up to date
222 }
224 In particular, direct or indirect calls to VG_(poll_signals) after
225 setting STATUS can cause the guest state to be read (in order to
226 build signal frames). Do not do this. If you want a signal poll
227 after the syscall goes through, do "*flags |= SfPollAfter" and the
228 driver logic will do it for you.
230 -----------
232 Another critical requirement following introduction of new address
233 space manager (JRS, 20050923):
235 In a situation where the mappedness of memory has changed, aspacem
236 should be notified BEFORE the tool. Hence the following is
237 correct:
239 Bool d = VG_(am_notify_munmap)(s->start, s->end+1 - s->start);
240 VG_TRACK( die_mem_munmap, s->start, s->end+1 - s->start );
241 if (d)
242 VG_(discard_translations)(s->start, s->end+1 - s->start);
244 whilst this is wrong:
246 VG_TRACK( die_mem_munmap, s->start, s->end+1 - s->start );
247 Bool d = VG_(am_notify_munmap)(s->start, s->end+1 - s->start);
248 if (d)
249 VG_(discard_translations)(s->start, s->end+1 - s->start);
251 The reason is that the tool may itself ask aspacem for more shadow
252 memory as a result of the VG_TRACK call. In such a situation it is
253 critical that aspacem's segment array is up to date -- hence the
254 need to notify aspacem first.
256 -----------
258 Also .. take care to call VG_(discard_translations) whenever
259 memory with execute permissions is unmapped.
260 */
263 /* ---------------------------------------------------------------------
264 Do potentially blocking syscall for the client, and mess with
265 signal masks at the same time.
266 ------------------------------------------------------------------ */
268 /* Perform a syscall on behalf of a client thread, using a specific
269 signal mask. On completion, the signal mask is set to restore_mask
270 (which presumably blocks almost everything). If a signal happens
271 during the syscall, the handler should call
272 VG_(fixup_guest_state_after_syscall_interrupted) to adjust the
273 thread's context to do the right thing.
275 The _WRK function is handwritten assembly, implemented per-platform
276 in coregrind/m_syswrap/syscall-$PLAT.S. It has some very magic
277 properties. See comments at the top of
278 VG_(fixup_guest_state_after_syscall_interrupted) below for details.
280 This function (these functions) are required to return zero in case
281 of success (even if the syscall itself failed), and nonzero if the
282 sigprocmask-swizzling calls failed. We don't actually care about
283 the failure values from sigprocmask, although most of the assembly
284 implementations do attempt to return that, using the convention
285 0 for success, or 0x8000 | error-code for failure.
286 */
287 #if defined(VGO_linux)
288 extern
293 Word sigsetSzB );
294 #elif defined(VGO_darwin)
295 extern
301 extern
307 extern
313 #elif defined(VGO_solaris)
314 extern
325 #else
327 #endif
330 static
334 {
335 vki_sigset_t saved;
336 UWord err;
337 # if defined(VGO_linux)
341 );
342 # elif defined(VGO_darwin)
348 );
354 );
360 );
364 /*NOTREACHED*/
366 }
367 # elif defined(VGO_solaris)
368 UChar cflag;
370 /* Fasttraps or anything else cannot go through this path. */
374 /* If the syscall is a door_return call then it has to be handled very
375 differently. */
380 );
381 else
385 );
387 /* Save the carry flag. */
388 # if defined(VGP_x86_solaris)
390 # elif defined(VGP_amd64_solaris)
392 # else
394 # endif
396 # else
398 # endif
403 );
404 }
407 /* ---------------------------------------------------------------------
408 Impedance matchers and misc helpers
409 ------------------------------------------------------------------ */
411 static
413 {
423 }
425 static
427 {
428 /* was: return s1->what == s2->what && sr_EQ( s1->sres, s2->sres ); */
431 # if defined(VGO_darwin)
432 /* Darwin-specific debugging guff */
438 # endif
440 }
442 /* Convert between SysRes and SyscallStatus, to the extent possible. */
444 static
446 {
447 SyscallStatus status;
451 }
454 /* Impedance matchers. These convert syscall arg or result data from
455 the platform-specific in-guest-state format to the canonical
456 formats, and back. */
458 static
462 {
463 #if defined(VGP_x86_linux)
475 #elif defined(VGP_amd64_linux)
487 #elif defined(VGP_ppc32_linux)
499 #elif defined(VGP_ppc64be_linux) || defined(VGP_ppc64le_linux)
511 #elif defined(VGP_arm_linux)
523 #elif defined(VGP_arm64_linux)
535 #elif defined(VGP_mips32_linux)
555 // Fixme hack handle syscall()
564 }
566 #elif defined(VGP_mips64_linux)
576 #elif defined(VGP_x86_darwin)
579 // GrP fixme hope syscalls aren't called with really shallow stacks...
582 // stack[0] is return address
592 // GrP fixme hack handle syscall()
593 // GrP fixme what about __syscall() ?
594 // stack[0] is return address
595 // DDD: the tool can't see that the params have been shifted! Can
596 // lead to incorrect checking, I think, because the PRRAn/PSARn
597 // macros will mention the pre-shifted args.
612 }
614 // Here we determine what kind of syscall it was by looking at the
615 // interrupt kind, and then encode the syscall number using the 64-bit
616 // encoding for Valgrind's internal use.
617 //
618 // DDD: Would it be better to stash the JMP kind into the Darwin
619 // thread state rather than passing in the trc?
622 // int $0x80 = Unix, 64-bit result
627 // syscall = Unix, 32-bit result
628 // OR Mach, 32-bit result
630 // GrP fixme hack: 0xffff == I386_SYSCALL_NUMBER_MASK
635 }
638 // int $0x81 = Mach, 32-bit result
643 // int $0x82 = mdep, 32-bit result
650 }
652 #elif defined(VGP_amd64_darwin)
658 // GrP fixme hope syscalls aren't called with really shallow stacks...
661 // stack[0] is return address
671 // GrP fixme hack handle syscall()
672 // GrP fixme what about __syscall() ?
673 // stack[0] is return address
674 // DDD: the tool can't see that the params have been shifted! Can
675 // lead to incorrect checking, I think, because the PRRAn/PSARn
676 // macros will mention the pre-shifted args.
691 }
693 // no canonical->sysno adjustment needed
695 #elif defined(VGP_s390x_linux)
707 #elif defined(VGP_tilegx_linux)
719 #elif defined(VGP_x86_solaris)
723 /* stack[0] is a return address. */
737 /* These three are not actually valid syscall instructions on Solaris.
738 Pretend for now that we handle them as normal syscalls. */
742 /* int $0x91, sysenter, syscall = normal syscall */
745 /* int $0xD2 = fasttrap */
746 canonical->sysno
752 }
754 #elif defined(VGP_amd64_solaris)
758 /* stack[0] is a return address. */
770 /* syscall = normal syscall */
773 /* int $0xD2 = fasttrap */
774 canonical->sysno
780 }
782 #else
784 #endif
785 }
787 static
790 {
791 #if defined(VGP_x86_linux)
801 #elif defined(VGP_amd64_linux)
811 #elif defined(VGP_ppc32_linux)
821 #elif defined(VGP_ppc64be_linux) || defined(VGP_ppc64le_linux)
831 #elif defined(VGP_arm_linux)
841 #elif defined(VGP_arm64_linux)
851 #elif defined(VGP_x86_darwin)
857 // GrP fixme? gst->guest_TEMP_EFLAG_C = 0;
858 // stack[0] is return address
868 #elif defined(VGP_amd64_darwin)
873 // GrP fixme? gst->guest_TEMP_EFLAG_C = 0;
875 // stack[0] is return address
885 #elif defined(VGP_s390x_linux)
895 #elif defined(VGP_mips32_linux)
915 }
917 #elif defined(VGP_mips64_linux)
927 #elif defined(VGP_tilegx_linux)
937 #elif defined(VGP_x86_solaris)
941 /* Fasttraps or anything else cannot go through this way. */
945 /* stack[0] is a return address. */
955 #elif defined(VGP_amd64_solaris)
959 /* Fasttraps or anything else cannot go through this way. */
963 /* stack[0] is a return address. */
973 #else
975 #endif
976 }
978 static
981 {
982 # if defined(VGP_x86_linux)
987 # elif defined(VGP_amd64_linux)
992 # elif defined(VGP_ppc32_linux)
999 # elif defined(VGP_ppc64be_linux) || defined(VGP_ppc64le_linux)
1006 # elif defined(VGP_arm_linux)
1011 # elif defined(VGP_arm64_linux)
1016 # elif defined(VGP_mips32_linux)
1024 # elif defined(VGP_mips64_linux)
1032 # elif defined(VGP_x86_darwin)
1033 /* duplicates logic in m_signals.VG_UCONTEXT_SYSCALL_SYSRES */
1041 // int $0x80 = Unix, 64-bit result
1047 // int $0x81 = Mach, 32-bit result
1051 // int $0x82 = mdep, 32-bit result
1057 }
1060 wHI, wLO
1061 );
1064 # elif defined(VGP_amd64_darwin)
1065 /* duplicates logic in m_signals.VG_UCONTEXT_SYSCALL_SYSRES */
1073 // syscall = Unix, 128-bit result
1079 // syscall = Mach, 64-bit result
1083 // syscall = mdep, 64-bit result
1089 }
1092 wHI, wLO
1093 );
1096 # elif defined(VGP_s390x_linux)
1101 # elif defined(VGP_tilegx_linux)
1106 # elif defined(VGP_x86_solaris)
1115 # elif defined(VGP_amd64_solaris)
1124 # else
1126 # endif
1127 }
1129 static
1133 {
1134 # if defined(VGP_x86_linux)
1138 /* This isn't exactly right, in that really a Failure with res
1139 not in the range 1 .. 4095 is unrepresentable in the
1140 Linux-x86 scheme. Oh well. */
1144 }
1148 # elif defined(VGP_amd64_linux)
1152 /* This isn't exactly right, in that really a Failure with res
1153 not in the range 1 .. 4095 is unrepresentable in the
1154 Linux-amd64 scheme. Oh well. */
1158 }
1162 # elif defined(VGP_ppc32_linux)
1167 /* set CR0.SO */
1171 /* clear CR0.SO */
1174 }
1180 # elif defined(VGP_ppc64be_linux) || defined(VGP_ppc64le_linux)
1185 /* set CR0.SO */
1189 /* clear CR0.SO */
1192 }
1198 # elif defined(VGP_arm_linux)
1202 /* This isn't exactly right, in that really a Failure with res
1203 not in the range 1 .. 4095 is unrepresentable in the
1204 Linux-arm scheme. Oh well. */
1208 }
1212 # elif defined(VGP_arm64_linux)
1216 /* This isn't exactly right, in that really a Failure with res
1217 not in the range 1 .. 4095 is unrepresentable in the
1218 Linux-arm64 scheme. Oh well. */
1222 }
1226 #elif defined(VGP_x86_darwin)
1230 /* Unfortunately here we have to break abstraction and look
1231 directly inside 'res', in order to decide what to do. */
1248 gst );
1249 // GrP fixme sets defined for entire eflags, not just bit c
1250 // DDD: this breaks exp-ptrcheck.
1257 }
1259 #elif defined(VGP_amd64_darwin)
1263 /* Unfortunately here we have to break abstraction and look
1264 directly inside 'res', in order to decide what to do. */
1281 gst );
1282 // GrP fixme sets defined for entire rflags, not just bit c
1283 // DDD: this breaks exp-ptrcheck.
1290 }
1292 # elif defined(VGP_s390x_linux)
1299 }
1301 # elif defined(VGP_mips32_linux)
1311 }
1319 # elif defined(VGP_mips64_linux)
1329 }
1337 # elif defined(VGP_tilegx_linux)
1342 // r1 hold errno
1347 }
1349 # elif defined(VGP_x86_solaris)
1359 }
1368 }
1369 /* Make CC_DEP1 and CC_DEP2 defined. This is inaccurate because it makes
1370 other eflags defined too (see README.solaris). */
1376 # elif defined(VGP_amd64_solaris)
1386 }
1395 }
1396 /* Make CC_DEP1 and CC_DEP2 defined. This is inaccurate because it makes
1397 other eflags defined too (see README.solaris). */
1403 # else
1405 # endif
1406 }
1409 /* Tell me the offsets in the guest state of the syscall params, so
1410 that the scalar argument checkers don't have to have this info
1411 hardwired. */
1413 static
1415 {
1418 #if defined(VGP_x86_linux)
1429 #elif defined(VGP_amd64_linux)
1440 #elif defined(VGP_ppc32_linux)
1451 #elif defined(VGP_ppc64be_linux) || defined(VGP_ppc64le_linux)
1462 #elif defined(VGP_arm_linux)
1473 #elif defined(VGP_arm64_linux)
1484 #elif defined(VGP_mips32_linux)
1495 #elif defined(VGP_mips64_linux)
1506 #elif defined(VGP_x86_darwin)
1508 // syscall parameters are on stack in C convention
1518 #elif defined(VGP_amd64_darwin)
1529 #elif defined(VGP_s390x_linux)
1540 #elif defined(VGP_tilegx_linux)
1551 #elif defined(VGP_x86_solaris)
1553 /* Syscall parameters are on the stack. */
1563 #elif defined(VGP_amd64_solaris)
1574 #else
1576 #endif
1577 }
1580 /* ---------------------------------------------------------------------
1581 The main driver logic
1582 ------------------------------------------------------------------ */
1584 /* Finding the handlers for a given syscall, or faking up one
1585 when no handler is found. */
1587 static
1593 {
1598 }
1606 # if defined(VGO_solaris)
1608 # endif
1609 }
1615 {
1618 # if defined(VGO_linux)
1621 # elif defined(VGO_darwin)
1643 }
1645 # elif defined(VGO_solaris)
1648 # else
1649 # error Unknown OS
1650 # endif
1653 }
1656 /* Add and remove signals from mask so that we end up telling the
1657 kernel the state we actually want rather than what the client
1658 wants. */
1660 {
1664 }
1666 typedef
1668 SyscallArgs orig_args;
1669 SyscallArgs args;
1670 SyscallStatus status;
1671 UWord flags;
1672 }
1673 SyscallInfo;
1677 /* The scheduler needs to be able to zero out these records after a
1678 fork, hence this is exported from m_syswrap. */
1680 {
1685 }
1688 {
1691 }
1694 {
1695 Int i;
1705 }
1706 }
1708 /* --- This is the main function of this file. --- */
1711 {
1712 Word sysno;
1715 SyscallArgLayout layout;
1724 # if !defined(VGO_darwin)
1725 // Resync filtering is meaningless on non-Darwin targets.
1727 # endif
1731 /* BEGIN ensure root thread's stack is suitably mapped */
1732 /* In some rare circumstances, we may do the syscall without the
1733 bottom page of the stack being mapped, because the stack pointer
1734 was moved down just a few instructions before the syscall
1735 instruction, and there have been no memory references since
1736 then, that would cause a call to VG_(extend_stack) to have
1737 happened.
1739 In native execution that's OK: the kernel automagically extends
1740 the stack's mapped area down to cover the stack pointer (or sp -
1741 redzone, really). In simulated normal execution that's OK too,
1742 since any signals we get from accessing below the mapped area of
1743 the (guest's) stack lead us to VG_(extend_stack), where we
1744 simulate the kernel's stack extension logic. But that leaves
1745 the problem of entering a syscall with the SP unmapped. Because
1746 the kernel doesn't know that the segment immediately above SP is
1747 supposed to be a grow-down segment, it causes the syscall to
1748 fail, and thereby causes a divergence between native behaviour
1749 (syscall succeeds) and simulated behaviour (syscall fails).
1751 This is quite a rare failure mode. It has only been seen
1752 affecting calls to sys_readlink on amd64-linux, and even then it
1753 requires a certain code sequence around the syscall to trigger
1754 it. Here is one:
1756 extern int my_readlink ( const char* path );
1757 asm(
1758 ".text\n"
1759 ".globl my_readlink\n"
1760 "my_readlink:\n"
1761 "\tsubq $0x1008,%rsp\n"
1762 "\tmovq %rdi,%rdi\n" // path is in rdi
1763 "\tmovq %rsp,%rsi\n" // &buf[0] -> rsi
1764 "\tmovl $0x1000,%edx\n" // sizeof(buf) in rdx
1765 "\tmovl $"__NR_READLINK",%eax\n" // syscall number
1766 "\tsyscall\n"
1767 "\taddq $0x1008,%rsp\n"
1768 "\tret\n"
1769 ".previous\n"
1770 );
1772 For more details, see bug #156404
1773 (https://bugs.kde.org/show_bug.cgi?id=156404).
1775 The fix is actually very simple. We simply need to call
1776 VG_(extend_stack) for this thread, handing it the lowest
1777 possible valid address for stack (sp - redzone), to ensure the
1778 pages all the way down to that address, are mapped. Because
1779 this is a potentially expensive and frequent operation, we
1780 do the following:
1782 Only the main thread (tid=1) has a growdown stack. So
1783 ignore all others. It is conceivable, although highly unlikely,
1784 that the main thread exits, and later another thread is
1785 allocated tid=1, but that's harmless, I believe;
1786 VG_(extend_stack) will do nothing when applied to a non-root
1787 thread.
1789 All this guff is of course Linux-specific. Hence the ifdef.
1790 */
1791 # if defined(VGO_linux)
1795 /* The precise thing to do here would be to extend the stack only
1796 if the system call can be proven to access unmapped user stack
1797 memory. That is an enormous amount of work even if a proper
1798 spec of system calls was available.
1800 In the case where the system call does not access user memory
1801 the stack pointer here can have any value. A legitimate testcase
1802 that exercises this is none/tests/s390x/stmg.c:
1803 The stack pointer happens to be in the reservation segment near
1804 the end of the addressable memory and there is no SkAnonC segment
1805 above.
1807 So the approximation we're taking here is to extend the stack only
1808 if the client stack pointer does not look bogus. */
1811 }
1812 # endif
1813 /* END ensure root thread's stack is suitably mapped */
1815 /* First off, get the syscall args and number. This is a
1816 platform-dependent action. */
1823 /* Copy .orig_args to .args. The pre-handler may modify .args, but
1824 we want to keep the originals too, just in case. */
1827 /* Save the syscall number in the thread state in case the syscall
1828 is interrupted by a signal. */
1831 /* It's sometimes useful, as a crude debugging hack, to get a
1832 stack trace at each (or selected) syscalls. */
1837 }
1839 # if defined(VGO_darwin)
1840 /* Record syscall class. But why? Because the syscall might be
1841 interrupted by a signal, and in the signal handler (which will
1842 be m_signals.async_signalhandler) we will need to build a SysRes
1843 reflecting the syscall return result. In order to do that we
1844 need to know the syscall class. Hence stash it in the guest
1845 state of this thread. This madness is not needed on Linux
1846 because it only has a single syscall return convention and so
1847 there is no ambiguity involved in converting the post-signal
1848 machine state into a SysRes. */
1850 # endif
1852 /* The default what-to-do-next thing is hand the syscall to the
1853 kernel, so we pre-set that here. Set .sres to something
1854 harmless looking (is irrelevant because .what is not
1855 SsComplete.) */
1860 /* Fetch the syscall's handlers. If no handlers exist for this
1861 syscall, we are given dummy handlers which force an immediate
1862 return with ENOSYS. */
1865 /* Fetch the layout information, which tells us where in the guest
1866 state the syscall args reside. This is a platform-dependent
1867 action. This info is needed so that the scalar syscall argument
1868 checks (PRE_REG_READ calls) know which bits of the guest state
1869 they need to inspect. */
1872 /* Make sure the tmp signal mask matches the real signal mask;
1873 sigsuspend may change this. */
1876 /* Right, we're finally ready to Party. Call the pre-handler and
1877 see what we get back. At this point:
1879 sci->status.what is Unset (we don't know yet).
1880 sci->orig_args contains the original args.
1881 sci->args is the same as sci->orig_args.
1882 sci->flags is zero.
1883 */
1888 /* Do any pre-syscall actions */
1901 }
1909 /* The pre-handler may have modified:
1910 sci->args
1911 sci->status
1912 sci->flags
1913 All else remains unchanged.
1914 Although the args may be modified, pre handlers are not allowed
1915 to change the syscall number.
1916 */
1917 /* Now we proceed according to what the pre-handler decided. */
1923 /* The pre-handler completed the syscall itself, declaring
1924 success. */
1929 }
1930 /* In this case the allowable flags are to ask for a signal-poll
1931 and/or a yield after the call. Changing the args isn't
1932 allowed. */
1936 }
1938 else
1940 /* The pre-handler decided to fail syscall itself. */
1942 /* In this case, the pre-handler is also allowed to ask for the
1943 post-handler to be run anyway. Changing the args is not
1944 allowed. */
1947 }
1949 else
1951 /* huh?! */
1953 }
1956 /* Ok, this is the usual case -- and the complicated one. There
1957 are two subcases: sync and async. async is the general case
1958 and is to be used when there is any possibility that the
1959 syscall might block [a fact that the pre-handler must tell us
1960 via the sci->flags field.] Because the tidying-away /
1961 context-switch overhead of the async case could be large, if
1962 we are sure that the syscall will not block, we fast-track it
1963 by doing it directly in this thread, which is a lot
1964 simpler. */
1966 /* Check that the given flags are allowable: MayBlock, PollAfter
1967 and PostOnFail are ok. */
1972 /* Syscall may block, so run it asynchronously */
1973 vki_sigset_t mask;
1980 /* Gack. More impedance matching. Copy the possibly
1981 modified syscall args back into the guest state. */
1982 /* JRS 2009-Mar-16: if the syscall args are possibly modified,
1983 then this assertion is senseless:
1984 vg_assert(eq_SyscallArgs(&sci->args, &sci->orig_args));
1985 The case that exposed it was sys_posix_spawn on Darwin,
1986 which heavily modifies its arguments but then lets the call
1987 go through anyway, with SfToBlock set, hence we end up here. */
1990 /* SfNoWriteResult flag is invalid for blocking signals because
1991 do_syscall_for_client() directly modifies the guest state. */
1994 /* Drop the bigLock */
1996 /* Urr. We're now in a race against other threads trying to
1997 acquire the bigLock. I guess that doesn't matter provided
1998 that do_syscall_for_client only touches thread-local
1999 state. */
2001 /* Do the call, which operates directly on the guest state,
2002 not on our abstracted copies of the args/result. */
2005 /* do_syscall_for_client may not return if the syscall was
2006 interrupted by a signal. In that case, flow of control is
2007 first to m_signals.async_sighandler, which calls
2008 VG_(fixup_guest_state_after_syscall_interrupted), which
2009 fixes up the guest state, and possibly calls
2010 VG_(post_syscall). Once that's done, control drops back
2011 to the scheduler. */
2013 /* Darwin: do_syscall_for_client may not return if the
2014 syscall was workq_ops(WQOPS_THREAD_RETURN) and the kernel
2015 responded by starting the thread at wqthread_hijack(reuse=1)
2016 (to run another workqueue item). In that case, wqthread_hijack
2017 calls ML_(wqthread_continue), which is similar to
2018 VG_(fixup_guest_state_after_syscall_interrupted). */
2020 /* Reacquire the lock */
2023 /* Even more impedance matching. Extract the syscall status
2024 from the guest state. */
2028 /* Be decorative, if required. */
2033 }
2037 /* run the syscall directly */
2038 /* The pre-handler may have modified the syscall args, but
2039 since we're passing values in ->args directly to the
2040 kernel, there's no point in flushing them back to the
2041 guest state. Indeed doing so could be construed as
2042 incorrect. */
2043 SysRes sres
2050 /* Be decorative, if required. */
2053 }
2054 }
2055 }
2061 /* Dump the syscall result back in the guest state. This is
2062 a platform-specific action. */
2066 /* Situation now:
2067 - the guest state is now correctly modified following the syscall
2068 - modified args, original args and syscall status are still
2069 available in the syscallInfo[] entry for this syscall.
2071 Now go on to do the post-syscall actions (read on down ..)
2072 */
2076 }
2079 /* Perform post syscall actions. The expected state on entry is
2080 precisely as at the end of VG_(client_syscall), that is:
2082 - guest state up to date following the syscall
2083 - modified args, original args and syscall status are still
2084 available in the syscallInfo[] entry for this syscall.
2085 - syscall status matches what's in the guest state.
2087 There are two ways to get here: the normal way -- being called by
2088 VG_(client_syscall), and the unusual way, from
2089 VG_(fixup_guest_state_after_syscall_interrupted).
2090 Darwin: there's a third way, ML_(wqthread_continue).
2091 */
2093 {
2096 SyscallStatus test_status;
2098 Word sysno;
2100 /* Preliminaries */
2108 /* m_signals.sigvgkill_handler might call here even when not in
2109 a syscall. */
2113 }
2115 /* Validate current syscallInfo entry. In particular we require
2116 that the current .status matches what's actually in the guest
2117 state. At least in the normal case where we have actually
2118 previously written the result into the guest state. */
2121 /* Get the system call number. Because the pre-handler isn't
2122 allowed to mess with it, it should be the same for both the
2123 original and potentially-modified args. */
2130 /* Failure of the above assertion on Darwin can indicate a problem
2131 in the syscall wrappers that pre-fail or pre-succeed the
2132 syscall, by calling SET_STATUS_Success or SET_STATUS_Failure,
2133 when they really should call SET_STATUS_from_SysRes. The former
2134 create a UNIX-class syscall result on Darwin, which may not be
2135 correct for the syscall; if that's the case then this assertion
2136 fires. See PRE(thread_fast_set_cthread_self) for an example. On
2137 non-Darwin platforms this assertion is should never fail, and this
2138 comment is completely irrelevant. */
2139 /* Ok, looks sane */
2141 /* pre: status == Complete (asserted above) */
2142 /* Consider either success or failure. Now run the post handler if:
2143 - it exists, and
2144 - Success or (Failure and PostOnFail is set)
2145 */
2153 }
2155 /* Because the post handler might have changed the status (eg, the
2156 post-handler for sys_open can change the result from success to
2157 failure if the kernel supplied a fd that it doesn't like), once
2158 again dump the syscall result back in the guest state.*/
2162 /* Do any post-syscall actions required by the tool. */
2174 sysno,
2177 }
2179 /* The syscall is done. */
2183 /* The pre/post wrappers may have concluded that pending signals
2184 might have been created, and will have set SfPollAfter to
2185 request a poll for them once the syscall is done. */
2189 /* Similarly, the wrappers might have asked for a yield
2190 afterwards. */
2193 }
2196 /* ---------------------------------------------------------------------
2197 Dealing with syscalls which get interrupted by a signal:
2198 VG_(fixup_guest_state_after_syscall_interrupted)
2199 ------------------------------------------------------------------ */
2201 /* Syscalls done on behalf of the client are finally handed off to the
2202 kernel in VG_(client_syscall) above, either by calling
2203 do_syscall_for_client (the async case), or by calling
2204 VG_(do_syscall6) (the sync case).
2206 If the syscall is not interrupted by a signal (it may block and
2207 later unblock, but that's irrelevant here) then those functions
2208 eventually return and so control is passed to VG_(post_syscall).
2209 NB: not sure if the sync case can actually get interrupted, as it
2210 operates with all signals masked.
2212 However, the syscall may get interrupted by an async-signal. In
2213 that case do_syscall_for_client/VG_(do_syscall6) do not
2214 return. Instead we wind up in m_signals.async_sighandler. We need
2215 to fix up the guest state to make it look like the syscall was
2216 interrupted for guest. So async_sighandler calls here, and this
2217 does the fixup. Note that from here we wind up calling
2218 VG_(post_syscall) too.
2219 */
2222 /* These are addresses within ML_(do_syscall_for_client_WRK). See
2223 syscall-$PLAT.S for details.
2224 */
2225 #if defined(VGO_linux)
2231 #elif defined(VGO_darwin)
2232 /* Darwin requires extra uglyness */
2248 #elif defined(VGO_solaris)
2257 #else
2259 #endif
2262 /* Back up guest state to restart a system call. */
2265 {
2266 #if defined(VGP_x86_linux)
2269 /* Make sure our caller is actually sane, and we're really backing
2270 back over a syscall.
2272 int $0x80 == CD 80
2273 */
2274 {
2283 }
2285 #elif defined(VGP_amd64_linux)
2288 /* Make sure our caller is actually sane, and we're really backing
2289 back over a syscall.
2291 syscall == 0F 05
2292 */
2293 {
2302 }
2304 #elif defined(VGP_ppc32_linux) || defined(VGP_ppc64be_linux)
2307 /* Make sure our caller is actually sane, and we're really backing
2308 back over a syscall.
2310 sc == 44 00 00 02
2311 */
2312 {
2321 }
2323 #elif defined(VGP_ppc64le_linux)
2326 /* Make sure our caller is actually sane, and we're really backing
2327 back over a syscall.
2329 sc == 44 00 00 02
2330 */
2331 {
2340 }
2342 #elif defined(VGP_arm_linux)
2344 // Thumb mode. SVC is a encoded as
2345 // 1101 1111 imm8
2346 // where imm8 is the SVC number, and we only accept 0.
2352 "?! restarting over (Thumb) syscall that is not syscall "
2355 }
2357 // FIXME: NOTE, this really isn't right. We need to back up
2358 // ITSTATE to what it was before the SVC instruction, but we
2359 // don't know what it was. At least assert that it is now
2360 // zero, because if it is nonzero then it must also have
2361 // been nonzero for the SVC itself, which means it was
2362 // conditional. Urk.
2365 // ARM mode. SVC is encoded as
2366 // cond 1111 imm24
2367 // where imm24 is the SVC number, and we only accept 0.
2374 "?! restarting over (ARM) syscall that is not syscall "
2377 }
2379 }
2381 #elif defined(VGP_arm64_linux)
2384 /* Make sure our caller is actually sane, and we're really backing
2385 back over a syscall.
2387 svc #0 == d4 00 00 01
2388 */
2389 {
2394 Vg_DebugMsg,
2397 );
2400 }
2402 #elif defined(VGP_x86_darwin)
2405 /* Make sure our caller is actually sane, and we're really backing
2406 back over a syscall.
2408 int $0x80 == CD 80
2409 int $0x81 == CD 81
2410 int $0x82 == CD 82
2411 sysenter == 0F 34
2412 */
2413 {
2424 }
2426 #elif defined(VGP_amd64_darwin)
2427 // DDD: #warning GrP fixme amd64 restart unimplemented
2430 #elif defined(VGP_s390x_linux)
2433 /* Make sure our caller is actually sane, and we're really backing
2434 back over a syscall.
2436 syscall == 0A <num>
2437 */
2438 {
2446 }
2448 #elif defined(VGP_mips32_linux) || defined(VGP_mips64_linux)
2452 /* Make sure our caller is actually sane, and we're really backing
2453 back over a syscall.
2455 syscall == 00 00 00 0C
2456 big endian
2457 syscall == 0C 00 00 00
2458 */
2459 {
2461 # if defined (VG_LITTLEENDIAN)
2468 # elif defined (VG_BIGENDIAN)
2475 # else
2477 # endif
2478 }
2479 #elif defined(VGP_tilegx_linux)
2482 /* Make sure our caller is actually sane, and we're really backing
2483 back over a syscall. no other instruction in same bundle.
2484 */
2485 {
2493 }
2495 #elif defined(VGP_x86_solaris)
2498 /* Make sure our caller is actually sane, and we're really backing
2499 back over a syscall.
2501 int $0x91 == CD 91
2502 syscall == 0F 05
2503 sysenter == 0F 34
2505 Handle also other syscall instructions because we also handle them in
2506 the scheduler.
2507 int $0x80 == CD 80
2508 int $0x81 == CD 81
2509 int $0x82 == CD 82
2510 */
2511 {
2525 }
2527 #elif defined(VGP_amd64_solaris)
2530 /* Make sure our caller is actually sane, and we're really backing
2531 back over a syscall.
2533 syscall == 0F 05
2534 */
2535 {
2544 }
2546 #else
2548 #endif
2549 }
2552 /*
2553 Fix up the guest state when a syscall is interrupted by a signal
2554 and so has been forced to return 'sysret'.
2556 To do this, we determine the precise state of the syscall by
2557 looking at the (real) IP at the time the signal happened. The
2558 syscall sequence looks like:
2560 1. unblock signals
2561 2. perform syscall
2562 3. save result to guest state (EAX, RAX, R3+CR0.SO, R0, V0)
2563 4. re-block signals
2565 If a signal
2566 happens at Then Why?
2567 [1-2) restart nothing has happened (restart syscall)
2568 [2] restart syscall hasn't started, or kernel wants to restart
2569 [2-3) save syscall complete, but results not saved
2570 [3-4) syscall complete, results saved
2572 Sometimes we never want to restart an interrupted syscall (because
2573 sigaction says not to), so we only restart if "restart" is True.
2575 This will also call VG_(post_syscall) if the syscall has actually
2576 completed (either because it was interrupted, or because it
2577 actually finished). It will not call VG_(post_syscall) if the
2578 syscall is set up for restart, which means that the pre-wrapper may
2579 get called multiple times.
2580 */
2582 void
2584 Addr ip,
2585 SysRes sres,
2586 Bool restart,
2588 {
2589 /* Note that we don't know the syscall number here, since (1) in
2590 general there's no reliable way to get hold of it short of
2591 stashing it in the guest state before the syscall, and (2) in
2592 any case we don't need to know it for the actions done by this
2593 routine.
2595 Furthermore, 'sres' is only used in the case where the syscall
2596 is complete, but the result has not been committed to the guest
2597 state yet. In any other situation it will be meaningless and
2598 therefore ignored. */
2601 SyscallStatus canonical;
2605 /* Compute some Booleans indicating which range we're in. */
2606 Bool outside_range,
2614 "interrupted_syscall: tid=%d, ip=0x%llx, "
2630 # if defined(VGO_linux)
2631 outside_range
2633 in_setup_to_restart
2635 at_restart
2637 in_complete_to_committed
2639 in_committed_to_finished
2641 # elif defined(VGO_darwin)
2642 outside_range
2646 in_setup_to_restart
2650 at_restart
2654 in_complete_to_committed
2658 in_committed_to_finished
2662 /* Wasn't that just So Much Fun? Does your head hurt yet? Mine does. */
2663 # elif defined(VGO_solaris)
2664 /* The solaris port is never outside the range. */
2666 /* The Solaris kernel never restarts syscalls directly! */
2672 in_setup_to_restart
2674 in_complete_to_committed
2676 in_committed_to_finished
2678 }
2682 in_setup_to_restart
2684 in_complete_to_committed
2686 in_committed_to_finished
2688 }
2689 # else
2691 # endif
2693 /* Figure out what the state of the syscall was by examining the
2694 (real) IP at the time of the signal, and act accordingly. */
2699 /* Looks like we weren't in a syscall at all. Hmm. */
2702 }
2704 /* We should not be here unless this thread had first started up
2705 the machinery for a syscall by calling VG_(client_syscall).
2706 Hence: */
2709 /* now, do one of four fixup actions, depending on where the IP has
2710 got to. */
2713 /* syscall hasn't even started; go around again */
2718 }
2720 else
2722 # if defined(VGO_solaris)
2723 /* We should never hit this branch on Solaris, see the comment above. */
2725 # endif
2727 /* We're either about to run the syscall, or it was interrupted
2728 and the kernel restarted it. Restart if asked, otherwise
2729 EINTR it. */
2739 );
2744 }
2745 }
2747 else
2749 /* Syscall complete, but result hasn't been written back yet.
2750 Write the SysRes we were supplied with back to the guest
2751 state. */
2758 # if defined(VGO_solaris)
2760 # if defined(VGP_x86_solaris)
2761 /* Registers %esp and %ebp were also modified by the syscall. */
2764 # elif defined(VGP_amd64_solaris)
2767 # endif
2768 }
2769 # endif
2772 }
2774 else
2776 /* Result committed, but the signal mask has not been restored;
2777 we expect our caller (the signal handler) will have fixed
2778 this up. */
2782 # if defined(VGP_x86_solaris)
2783 /* The %eax and %edx values are committed but the carry flag is still
2784 uncommitted. Save it now. */
2786 # elif defined(VGP_amd64_solaris)
2788 # endif
2792 }
2794 else
2797 /* In all cases, the syscall is now finished (even if we called
2798 ML_(fixup_guest_state_to_restart_syscall), since that just
2799 re-positions the guest's IP for another go at it). So we need
2800 to record that fact. */
2802 }
2805 #if defined(VGO_solaris)
2806 /* Returns True if ip is inside a fixable syscall code in syscall-*-*.S. This
2807 function can be called by a 'non-running' thread! */
2809 {
2814 else
2816 }
2817 #endif
2820 #if defined(VGO_darwin)
2821 // Clean up after workq_ops(WQOPS_THREAD_RETURN) jumped to wqthread_hijack.
2822 // This is similar to VG_(fixup_guest_state_after_syscall_interrupted).
2823 // This longjmps back to the scheduler.
2825 {
2843 // Pretend the syscall completed normally, but don't touch the thread state.
2855 /* NOTREACHED */
2857 }
2858 #endif
2861 /* ---------------------------------------------------------------------
2862 A place to store the where-to-call-when-really-done pointer
2863 ------------------------------------------------------------------ */
2865 // When the final thread is done, where shall I call to shutdown the
2866 // system cleanly? Is set once at startup (in m_main) and never
2867 // changes after that. Is basically a pointer to the exit
2868 // continuation. This is all just a nasty hack to avoid calling
2869 // directly from m_syswrap to m_main at exit, since that would cause
2870 // m_main to become part of a module cycle, which is silly.
2875 /*--------------------------------------------------------------------*/
2876 /*--- end ---*/
2877 /*--------------------------------------------------------------------*/