libcosmos
Linux C++ System Programming Library
Loading...
Searching...
No Matches
Tracee.cxx
1// cosmos
2#include "cosmos/error/RuntimeError.hxx"
3#include "cosmos/proc/SigInfo.hxx"
4#include "cosmos/proc/Tracee.hxx"
5
6// Linux
7#include <linux/filter.h>
8#ifdef COSMOS_X86
9# include <asm/ldt.h>
10#endif
11
12namespace cosmos {
13
14void Tracee::getSeccompFilter(std::vector<struct sock_filter> &instructions, const unsigned long prog_index) const {
15
16 if (instructions.empty()) {
17 const auto num_progs = this->request(ptrace::Request::SECCOMP_GET_FILTER, prog_index);
18 instructions.resize(*num_progs);
19 }
20
21 struct sock_fprog fprog;
22 fprog.len = instructions.size();
23 fprog.filter = instructions.data();
24
25 const auto num_progs = this->request(ptrace::Request::SECCOMP_GET_FILTER, prog_index, &fprog);
26
27 /*
28 * This ptrace request actually seems to be missing a size check in
29 * the kernel. We do communicate the number of filters we have in
30 * fprog.len, but the kernel simply copies into the sock_fprog
31 * whatever amount of data it has. This could lead to memory
32 * corruption or a SIGSEGV.
33 * TODO: test what exactly happens.
34 */
35
36 if (*num_progs < 0 || static_cast<unsigned long>(*num_progs) >= instructions.size()) {
37 cosmos_throw (RuntimeError("seccomp filter array size inconsistency"));
38 }
39}
40
41#ifdef COSMOS_X86
42void Tracee::getThreadArea(struct user_desc &desc) const {
43 // the entry_number in the struct is actually ignored by the kernel,
44 // we need to provide it as `addr` instead.
45 this->request(ptrace::Request::GET_THREAD_AREA, desc.entry_number, &desc);
46}
47
48void Tracee::setThreadArea(const struct user_desc &desc) {
49 this->request(ptrace::Request::SET_THREAD_AREA, desc.entry_number, &desc);
50}
51#endif // X86
52
53void Tracee::getSyscallInfo(ptrace::SyscallInfo &info) const {
54 const auto obtained = this->request(ptrace::Request::GET_SYSCALL_INFO, sizeof(*info.raw()), info.raw());
55
56 if (*obtained < 0 || static_cast<unsigned long>(*obtained) > sizeof(*info.raw())) {
57 cosmos_throw (RuntimeError("excess SYSCALL_INFO data, truncation occurred!"));
58 }
59}
60
61void Tracee::getSigInfo(SigInfo &info) const {
62 this->request(ptrace::Request::GETSIGINFO, nullptr, info.raw());
63}
64
65void Tracee::setSigInfo(const SigInfo &info) {
66 this->request(ptrace::Request::SETSIGINFO, nullptr, info.raw());
67}
68
69std::vector<SigInfo> Tracee::peekSigInfo(const ptrace::PeekSigInfo &settings) {
70 const auto raw_settings = settings.raw();
71 std::vector<SigInfo> ret;
72 ret.resize(raw_settings->nr);
73
74 const auto num_entries = this->request(
75 ptrace::Request::PEEKSIGINFO, raw_settings, ret.data());
76
77 ret.resize(*num_entries);
78
79 return ret;
80}
81
82} // end ns
cosmos::RuntimeError
Exception type for generic runtime errors.
Definition RuntimeError.hxx:14
cosmos::SigInfo
Signal information struct used when receiving signals.
Definition SigInfo.hxx:79
cosmos::Tracee::peekSigInfo
std::vector< SigInfo > peekSigInfo(const ptrace::PeekSigInfo &settings)
Obtains SigInfo structures pending for the tracee.
Definition Tracee.cxx:69
cosmos::Tracee::setSigInfo
void setSigInfo(const SigInfo &info)
Set signal information for the tracee.
Definition Tracee.cxx:65
cosmos::Tracee::getSigInfo
void getSigInfo(SigInfo &info) const
Obtain information about the signal that caused the stop.
Definition Tracee.cxx:61
cosmos::Tracee::getSyscallInfo
void getSyscallInfo(ptrace::SyscallInfo &info) const
Returns system call information in the context of the current ptrace stop.
Definition Tracee.cxx:53
cosmos::Tracee::getSeccompFilter
void getSeccompFilter(std::vector< struct sock_filter > &instructions, const unsigned long prog_index) const
Retrieve a classic seccomp BPF program installed in the tracee.
Definition Tracee.cxx:14
cosmos::ptrace::PeekSigInfo
Wrapper around data structure used with ptrace::Request::PEEKSIGINFO.
Definition ptrace.hxx:239
cosmos::ptrace::SyscallInfo
Wrapper around data structure used with ptrace::Request::GET_SYSCALL_INFO.
Definition ptrace.hxx:180