libclues
Linux C++ Tracing Library
Loading...
Searching...
No Matches
process.hxx
1#pragma once
2
3// cosmos
4#include <cosmos/fs/types.hxx>
5
6// clues
7#include <clues/SystemCall.hxx>
8#include <clues/arch.hxx>
9#include <clues/dso_export.h>
10#include <clues/items/clone.hxx>
11#include <clues/items/creds.hxx>
12#include <clues/items/fs.hxx>
13#include <clues/items/items.hxx>
14#include <clues/items/prctl.hxx>
15#include <clues/items/process.hxx>
16#include <clues/items/strings.hxx>
17#include <clues/sysnrs/generic.hxx>
18
19namespace clues {
20
21#ifdef CLUES_HAVE_ARCH_PRCTL
22
24struct CLUES_API ArchPrctlSystemCall :
25 public SystemCall {
26
27 ArchPrctlSystemCall() :
28 SystemCall{SystemCallNr::ARCH_PRCTL} {
29 setParameters(op);
30 result.emplace(item::SuccessResult{});
31 setReturnItem(*result);
32 }
33
34 /* parameters */
35 item::ArchOpParameter op;
37 std::optional<item::ULongValue> on_off;
39 std::optional<item::GenericPointerValue> set_addr;
41 std::optional<item::PointerToScalar<unsigned long>> get_addr;
42 /* return values */
43 std::optional<item::SuccessResult> result;
45 std::optional<item::IntValue> on_off_ret;
46
47protected: // functions
48
49 bool check2ndPass(const Tracee&) override;
50
51 void prepareNewSystemCall() override;
52};
53
54#endif
55
57
61struct CLUES_API CloneSystemCall :
62 public SystemCall {
63
64 CloneSystemCall() :
65 SystemCall{SystemCallNr::CLONE},
66 stack{"stack", "stack address"},
67 new_pid{ItemType::RETVAL, "child pid"} {
68 setReturnItem(new_pid);
69 setParameters(flags, stack);
70 }
71
72 /* fixed parameters */
73 item::CloneFlagsValue flags;
74 item::GenericPointerValue stack;
75
76 /* optional parameters */
77
78 /* the following two are based on the same `parent_tid` pointer argument */
79
81
84 std::optional<item::PointerToScalar<cosmos::ProcessID>> parent_tid;
86
89 std::optional<item::PointerToScalar<cosmos::FileNum>> pidfd;
90
92
99 std::optional<item::GenericPointerValue> child_tid;
101
107 std::optional<item::GenericPointerValue> tls;
108
109 /* return value */
110
112 item::ProcessIDItem new_pid;
113
114protected: // functions
115
116 bool check2ndPass(const Tracee&) override;
117
118 void prepareNewSystemCall() override;
119};
120
121struct CLUES_API Clone3SystemCall :
122 public SystemCall {
123 Clone3SystemCall() :
124 SystemCall{SystemCallNr::CLONE3},
125 size{"size", "cl_args structure size"},
126 pid{ItemType::RETVAL, "child pid"} {
127 setParameters(cl_args, size);
128 setReturnItem(pid);
129 }
130
132 item::CloneArgs cl_args;
134 item::SizeValue size;
136 item::ProcessIDItem pid;
137
138protected: // functions
139
140 void updateFDTracking(const Tracee &proc) override;
141};
142
143struct CLUES_API ForkSystemCall :
144 public SystemCall {
145
146 ForkSystemCall() :
147 SystemCall{SystemCallNr::FORK},
148 pid{ItemType::RETVAL, "child pid"} {
149 setReturnItem(pid);
150 }
151
152 item::ProcessIDItem pid;
153};
154
155struct CLUES_API ExecveSystemCall :
156 public SystemCall {
157
158 ExecveSystemCall() :
159 SystemCall{SystemCallNr::EXECVE},
160 pathname{"filename"},
161 argv{"argv", "argument vector"},
162 envp{"envp", "environment block pointer"} {
163 setReturnItem(result);
164 setParameters(pathname, argv, envp);
165 }
166
167 item::StringData pathname;
168 item::StringArrayData argv;
169 item::StringArrayData envp;
170 item::SuccessResult result;
171};
172
173struct CLUES_API ExecveAtSystemCall :
174 public SystemCall {
175
176 ExecveAtSystemCall() :
177 SystemCall{SystemCallNr::EXECVEAT},
178 dirfd{ItemType::PARAM_IN, item::AtSemantics{true}},
179 pathname{"filename"},
180 argv{"argv", "argument vector"},
181 envp{"envp", "environment block pointer"} {
182 setReturnItem(result);
183 setParameters(dirfd, pathname, argv, envp, flags);
184 }
185
186 item::FileDescriptor dirfd;
187 item::StringData pathname;
188 item::StringArrayData argv;
189 item::StringArrayData envp;
190 item::AtFlagsValue flags;
191 item::SuccessResult result;
192};
193
194template <typename ID_T>
195struct GetXIdSystemCall :
196 public SystemCall {
197
198 GetXIdSystemCall(const SystemCallNr nr) :
199 SystemCall{nr},
200 id{ItemType::RETVAL, getShortLabel(), getLongLabel()} {
201 setReturnItem(id);
202 }
203
205 ID_T id;
206
207protected:
208
209 const char* getShortLabel() {
210 switch (callNr()) {
211 case SystemCallNr::GETUID32: [[fallthrough]];
212 case SystemCallNr::GETUID: return "uid";
213 case SystemCallNr::GETEUID32: [[fallthrough]];
214 case SystemCallNr::GETEUID: return "euid";
215 case SystemCallNr::GETGID32: [[fallthrough]];
216 case SystemCallNr::GETGID: return "gid";
217 case SystemCallNr::GETEGID32: [[fallthrough]];
218 case SystemCallNr::GETEGID: return "egid";
219 default: return "???";
220 }
221 }
222
223 const char* getLongLabel() {
224 switch (callNr()) {
225 case SystemCallNr::GETUID32: [[fallthrough]];
226 case SystemCallNr::GETUID: return "real user ID";
227 case SystemCallNr::GETEUID32: [[fallthrough]];
228 case SystemCallNr::GETEUID: return "effective user ID";
229 case SystemCallNr::GETGID32: [[fallthrough]];
230 case SystemCallNr::GETGID: return "real group ID";
231 case SystemCallNr::GETEGID32: [[fallthrough]];
232 case SystemCallNr::GETEGID: return "effective group ID";
233 default: return "???";
234 }
235 }
236};
237
238using GetUidSystemCall = GetXIdSystemCall<item::UserID>;
239using GetEuidSystemCall = GetXIdSystemCall<item::UserID>;
240using GetGidSystemCall = GetXIdSystemCall<item::GroupID>;
241using GetEgidSystemCall = GetXIdSystemCall<item::GroupID>;
242
243struct CLUES_API Wait4SystemCall :
244 public SystemCall {
245 Wait4SystemCall() :
246 SystemCall{SystemCallNr::WAIT4},
247 pid{ItemType::PARAM_IN, "pid to wait for"},
248 event_pid{ItemType::RETVAL, "pid of child with status change"} {
249 setReturnItem(event_pid);
250 setParameters(pid, wstatus, options, rusage);
251 }
252
253 /* parameters */
254 item::ProcessIDItem pid;
255 item::WaitStatusItem wstatus;
256 item::WaitOptionsItem options;
257 item::ResourceUsageItem rusage;
258
259 /* return value */
260 item::ProcessIDItem event_pid;
261};
262
263} // end ns
clues::SystemCall
Access to System Call Data.
Definition SystemCall.hxx:47
clues::SystemCall::setReturnItem
void setReturnItem(SystemCallItem &ret)
Sets the return value system call item.
Definition SystemCall.hxx:151
clues::SystemCall::SystemCall
SystemCall(const SystemCallNr nr)
Instantiates a new SystemCall object with given properties.
Definition SystemCall.cxx:36
clues::SystemCall::callNr
SystemCallNr callNr() const
Returns the system call table number for this system call.
Definition SystemCall.hxx:90
clues::Tracee
Base class for traced processes.
Definition Tracee.hxx:39
clues::item::AtFlagsValue
Flags for system calls with at semantics like linkat(), faccessat().
Definition fs.hxx:104
clues::item::CloneArgs
Structure used in clone3().
Definition clone.hxx:45
clues::item::FileDescriptor
Base class for file descriptor system call items.
Definition fs.hxx:28
clues::item::ResourceUsageItem
Pointer to a struct rusage to be filled in.
Definition process.hxx:112
clues::item::StringArrayData
A nullptr-terminated array of pointers to c-strings.
Definition strings.hxx:52
clues::item::StringData
c-string style system call data.
Definition strings.hxx:11
clues::item::SuccessResult
An always-success return value.
Definition error.hxx:15
clues::item::WaitStatusItem
Pointer to an int containing wait() status result data.
Definition process.hxx:154
clues::ItemType::PARAM_IN
@ PARAM_IN
An input parameter to the system call.
Definition SystemCallItem.hxx:22
clues::ItemType::RETVAL
@ RETVAL
A system call return value.
Definition SystemCallItem.hxx:25
clues::SystemCallNr
SystemCallNr
Abstract system call number usable across architectures and ABIs.
Definition generic.hxx:29
clues::Clone3SystemCall::pid
item::ProcessIDItem pid
New child's PID or zero if executing in child context.
Definition process.hxx:136
clues::Clone3SystemCall::cl_args
item::CloneArgs cl_args
Combined clone arguments.
Definition process.hxx:132
clues::Clone3SystemCall::updateFDTracking
void updateFDTracking(const Tracee &proc) override
Update file descriptor tracking.
Definition process.cxx:136
clues::Clone3SystemCall::size
item::SizeValue size
Size of the CloneArgs structure argument in cl_args.
Definition process.hxx:134
clues::CloneSystemCall::tls
std::optional< item::GenericPointerValue > tls
Thread-local-storage data for the new child.
Definition process.hxx:107
clues::CloneSystemCall::new_pid
item::ProcessIDItem new_pid
The new child's PID.
Definition process.hxx:112
clues::CloneSystemCall::pidfd
std::optional< item::PointerToScalar< cosmos::FileNum > > pidfd
PID file descriptor referring to the new child.
Definition process.hxx:89
clues::CloneSystemCall::child_tid
std::optional< item::GenericPointerValue > child_tid
TID of the new child written out to a pid_* in the child.
Definition process.hxx:99
clues::CloneSystemCall::prepareNewSystemCall
void prepareNewSystemCall() override
Perform any necessary actions before processing a new system call entry event.
Definition process.cxx:53
clues::CloneSystemCall::parent_tid
std::optional< item::PointerToScalar< cosmos::ProcessID > > parent_tid
TID of the new child written out to a pid_t* in the parent.
Definition process.hxx:84
clues::CloneSystemCall::check2ndPass
bool check2ndPass(const Tracee &) override
Check whether a second pass needs to be made processing parameters.
Definition process.cxx:64