Skip to content

Commit

Permalink
Merge pull request #59 from marcinslusarz/fcntl-decoding
Browse files Browse the repository at this point in the history 
Syscall logging improvements.
  • Loading branch information
@marcinslusarz
marcinslusarz committed Sep 15, 2017
2 parents ab8a2b1 + bf42604 commit 7149bf2
Showing 1 changed file with 66 additions and 10 deletions.
76 changes: 66 additions & 10 deletions src/intercept_util.c
View file
Expand Up @@ -233,6 +233,34 @@ print_open_flags(char *buffer, int flags)
return c;
}

static const char *
desc_flock_type(short t)
{
#define F(x) case x: return #x;
switch (t) {
F(F_RDLCK);
F(F_WRLCK);
F(F_UNLCK);
}
#undef F
return "?";
}

static const char *
desc_whence(short w)
{
#define F(x) case x: return #x;
switch (w) {
F(SEEK_SET);
F(SEEK_CUR);
F(SEEK_END);
F(SEEK_DATA);
F(SEEK_HOLE);
}
#undef F
return "?";
}

/*
* fcntl_name
* Returns a pointer to string literal describing an fcntl command.
Expand Down Expand Up @@ -280,16 +308,37 @@ fcntl_name(long cmd)
#undef F
}

static int
print_fcntl_flock(char *buffer, struct flock *fl)
{
return sprintf(buffer,
" ({.l_type = %d (%s), .l_whence = %d (%s), .l_start = %ld, .l_len = %ld, .l_pid = %d})",
fl->l_type, desc_flock_type(fl->l_type), fl->l_whence,
desc_whence(fl->l_whence), fl->l_start, fl->l_len, fl->l_pid);
}

/*
* print_fcntl_cmd
* Prints an fcntl command in a human readable format to a buffer,
* advances to char pointer, and returns the pointer pointing right
* after the just printed text.
*/
static char *
print_fcntl_cmd(char *buffer, long cmd)
print_fcntl_args(char *buffer, long cmd, void *ptr)
{
return buffer + sprintf(buffer, "%ld (%s)", cmd, fcntl_name(cmd));
buffer += sprintf(buffer, "%ld (%s), %p", cmd, fcntl_name(cmd), ptr);
switch (cmd) {
case F_GETLK:
case F_SETLK:
case F_SETLKW:
case F_OFD_GETLK:
case F_OFD_SETLK:
case F_OFD_SETLKW:
buffer += print_fcntl_flock(buffer, ptr);
break;
}

return buffer;
}

/*
Expand Down Expand Up @@ -393,12 +442,15 @@ print_clone_flags(char buffer[static 0x100], long flags)
/* only used for oflags in open, openat */
#define F_OPEN_FLAGS 6

/* 2nd argument of fcntl */
#define F_FCNTL_CMD 7
/* 2nd and 3rd argument of fcntl */
#define F_FCNTL_ARGS 7

/* 1st argument of clone */
#define F_CLONE_FLAGS 8

/* last argument of lseek */
#define F_LSEEK_WHENCE 9

/*
* xprint_escape
* Prints a user provided buffer (in src) as printable characters (to dst).
Expand Down Expand Up @@ -514,10 +566,15 @@ print_syscall(char *b, const char *name, unsigned args, ...)
b = xprint_escape(b, data, 0x80, false, size);
} else if (format == F_OPEN_FLAGS) {
b = print_open_flags(b, va_arg(ap, int));
} else if (format == F_FCNTL_CMD) {
b = print_fcntl_cmd(b, va_arg(ap, long));
} else if (format == F_FCNTL_ARGS) {
long cmd = va_arg(ap, long);
b = print_fcntl_args(b, cmd, va_arg(ap, void *));
} else if (format == F_CLONE_FLAGS) {
b = print_clone_flags(b, va_arg(ap, long));
} else if (format == F_LSEEK_WHENCE) {
long whence = va_arg(ap, long);
b += sprintf(b, "%ld (%s)", whence,
desc_whence(whence));
}

--args;
Expand Down Expand Up @@ -622,7 +679,7 @@ intercept_log_syscall(const char *libpath, long nr, long arg0, long arg1,
buf = print_syscall(buf, "lseek", 3,
F_DEC, arg0,
F_DEC, arg1,
F_DEC, arg2,
F_LSEEK_WHENCE, arg2,
result_known, result);
} else if (nr == SYS_mmap) {
buf = print_syscall(buf, "mmap", 6,
Expand Down Expand Up @@ -709,10 +766,9 @@ intercept_log_syscall(const char *libpath, long nr, long arg0, long arg1,
F_DEC, arg1,
result_known, result);
} else if (nr == SYS_fcntl) {
buf = print_syscall(buf, "fcntl", 3,
buf = print_syscall(buf, "fcntl", 2,
F_DEC, arg0,
F_FCNTL_CMD, arg1,
F_HEX, arg2,
F_FCNTL_ARGS, arg1, arg2,
result_known, result);
} else if (nr == SYS_flock) {
buf = print_syscall(buf, "flock", 2,
Expand Down

0 comments on commit 7149bf2

Please sign in to comment.