github.com/nicocha30/gvisor-ligolo@v0.0.0-20230726075806-989fa2c0a413/pkg/sentry/strace/syscalls.go (about) 1 // Copyright 2018 The gVisor Authors. 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 package strace 16 17 import ( 18 "github.com/nicocha30/gvisor-ligolo/pkg/abi" 19 "github.com/nicocha30/gvisor-ligolo/pkg/sentry/arch" 20 "github.com/nicocha30/gvisor-ligolo/pkg/sentry/kernel" 21 ) 22 23 // FormatSpecifier values describe how an individual syscall argument should be 24 // formatted. 25 type FormatSpecifier int 26 27 // Valid FormatSpecifiers. 28 // 29 // Unless otherwise specified, values are formatted before syscall execution 30 // and not updated after syscall execution (the same value is output). 31 const ( 32 // Hex is just a hexadecimal number. 33 Hex FormatSpecifier = iota 34 35 // Oct is just an octal number. 36 Oct 37 38 // FD is a file descriptor. 39 FD 40 41 // ReadBuffer is a buffer for a read-style call. The syscall return 42 // value is used for the length. 43 // 44 // Formatted after syscall execution. 45 ReadBuffer 46 47 // WriteBuffer is a buffer for a write-style call. The following arg is 48 // used for the length. 49 // 50 // Contents omitted after syscall execution. 51 WriteBuffer 52 53 // ReadIOVec is a pointer to a struct iovec for a writev-style call. 54 // The following arg is used for the length. The return value is used 55 // for the total length. 56 // 57 // Complete contents only formatted after syscall execution. 58 ReadIOVec 59 60 // WriteIOVec is a pointer to a struct iovec for a writev-style call. 61 // The following arg is used for the length. 62 // 63 // Complete contents only formatted before syscall execution, omitted 64 // after. 65 WriteIOVec 66 67 // IOVec is a generic pointer to a struct iovec. Contents are not dumped. 68 IOVec 69 70 // SendMsgHdr is a pointer to a struct msghdr for a sendmsg-style call. 71 // Contents formatted only before syscall execution, omitted after. 72 SendMsgHdr 73 74 // RecvMsgHdr is a pointer to a struct msghdr for a recvmsg-style call. 75 // Contents formatted only after syscall execution. 76 RecvMsgHdr 77 78 // Path is a pointer to a char* path. 79 Path 80 81 // PostPath is a pointer to a char* path, formatted after syscall 82 // execution. 83 PostPath 84 85 // ExecveStringVector is a NULL-terminated array of strings. Enforces 86 // the maximum execve array length. 87 ExecveStringVector 88 89 // PipeFDs is an array of two FDs, formatted after syscall execution. 90 PipeFDs 91 92 // Uname is a pointer to a struct uname, formatted after syscall execution. 93 Uname 94 95 // Stat is a pointer to a struct stat, formatted after syscall execution. 96 Stat 97 98 // SockAddr is a pointer to a struct sockaddr. The following arg is 99 // used for length. 100 SockAddr 101 102 // PostSockAddr is a pointer to a struct sockaddr, formatted after 103 // syscall execution. The following arg is a pointer to the socklen_t 104 // length. 105 PostSockAddr 106 107 // SockLen is a pointer to a socklen_t, formatted before and after 108 // syscall execution. 109 SockLen 110 111 // SockFamily is a socket protocol family value. 112 SockFamily 113 114 // SockType is a socket type and flags value. 115 SockType 116 117 // SockProtocol is a socket protocol value. Argument n-2 is the socket 118 // protocol family. 119 SockProtocol 120 121 // SockFlags are socket flags. 122 SockFlags 123 124 // Timespec is a pointer to a struct timespec. 125 Timespec 126 127 // PostTimespec is a pointer to a struct timespec, formatted after 128 // syscall execution. 129 PostTimespec 130 131 // UTimeTimespec is a pointer to a struct timespec. Formatting includes 132 // UTIME_NOW and UTIME_OMIT. 133 UTimeTimespec 134 135 // ItimerVal is a pointer to a struct itimerval. 136 ItimerVal 137 138 // PostItimerVal is a pointer to a struct itimerval, formatted after 139 // syscall execution. 140 PostItimerVal 141 142 // ItimerSpec is a pointer to a struct itimerspec. 143 ItimerSpec 144 145 // PostItimerSpec is a pointer to a struct itimerspec, formatted after 146 // syscall execution. 147 PostItimerSpec 148 149 // Timeval is a pointer to a struct timeval, formatted before and after 150 // syscall execution. 151 Timeval 152 153 // Utimbuf is a pointer to a struct utimbuf. 154 Utimbuf 155 156 // Rusage is a struct rusage, formatted after syscall execution. 157 Rusage 158 159 // CloneFlags are clone(2) flags. 160 CloneFlags 161 162 // OpenFlags are open(2) flags. 163 OpenFlags 164 165 // Mode is a mode_t. 166 Mode 167 168 // FutexOp is the futex(2) operation. 169 FutexOp 170 171 // PtraceRequest is the ptrace(2) request. 172 PtraceRequest 173 174 // ItimerType is an itimer type (ITIMER_REAL, etc). 175 ItimerType 176 177 // Signal is a signal number. 178 Signal 179 180 // SignalMaskAction is a signal mask action passed to rt_sigprocmask(2). 181 SignalMaskAction 182 183 // SigSet is a signal set. 184 SigSet 185 186 // PostSigSet is a signal set, formatted after syscall execution. 187 PostSigSet 188 189 // SigAction is a struct sigaction. 190 SigAction 191 192 // PostSigAction is a struct sigaction, formatted after syscall execution. 193 PostSigAction 194 195 // CapHeader is a cap_user_header_t. 196 CapHeader 197 198 // CapData is the data argument to capget(2)/capset(2). The previous 199 // argument must be CapHeader. 200 CapData 201 202 // PostCapData is the data argument to capget(2)/capset(2), formatted 203 // after syscall execution. The previous argument must be CapHeader. 204 PostCapData 205 206 // PollFDs is an array of struct pollfd. The number of entries in the 207 // array is in the next argument. 208 PollFDs 209 210 // SelectFDSet is an fd_set argument in select(2)/pselect(2). The 211 // number of FDs represented must be the first argument. 212 SelectFDSet 213 214 // GetSockOptVal is the optval argument in getsockopt(2). 215 // 216 // Formatted after syscall execution. 217 GetSockOptVal 218 219 // SetSockOptVal is the optval argument in setsockopt(2). 220 // 221 // Contents omitted after syscall execution. 222 SetSockOptVal 223 224 // SockOptLevel is the level argument in getsockopt(2) and 225 // setsockopt(2). 226 SockOptLevel 227 228 // SockOptLevel is the optname argument in getsockopt(2) and 229 // setsockopt(2). 230 SockOptName 231 232 // EpollCtlOp is the op argument to epoll_ctl(2). 233 EpollCtlOp 234 235 // EpollEvent is the event argument in epoll_ctl(2). 236 EpollEvent 237 238 // EpollEvents is an array of struct epoll_event. It is the events 239 // argument in epoll_wait(2)/epoll_pwait(2). 240 EpollEvents 241 242 // MmapProt is the protection argument in mmap(2). 243 MmapProt 244 245 // MmapFlags is the flags argument in mmap(2). 246 MmapFlags 247 248 // CloseRangeFlags are close_range(2) flags. 249 CloseRangeFlags 250 ) 251 252 // defaultFormat is the syscall argument format to use if the actual format is 253 // not known. It formats all six arguments as hex. 254 var defaultFormat = []FormatSpecifier{Hex, Hex, Hex, Hex, Hex, Hex} 255 256 // SyscallInfo captures the name and printing format of a syscall. 257 type SyscallInfo struct { 258 // name is the name of the syscall. 259 name string 260 261 // format contains the format specifiers for each argument. 262 // 263 // Syscall calls can have up to six arguments. Arguments without a 264 // corresponding entry in format will not be printed. 265 format []FormatSpecifier 266 } 267 268 // makeSyscallInfo returns a SyscallInfo for a syscall. 269 func makeSyscallInfo(name string, f ...FormatSpecifier) SyscallInfo { 270 return SyscallInfo{name: name, format: f} 271 } 272 273 // SyscallMap maps syscalls into names and printing formats. 274 type SyscallMap map[uintptr]SyscallInfo 275 276 var _ kernel.Stracer = (SyscallMap)(nil) 277 278 // syscallTable contains the syscalls for a specific OS/Arch. 279 type syscallTable struct { 280 // os is the operating system this table targets. 281 os abi.OS 282 283 // arch is the architecture this table targets. 284 arch arch.Arch 285 286 // syscalls contains the syscall mappings. 287 syscalls SyscallMap 288 } 289 290 var syscallTables []syscallTable 291 292 // Lookup returns the SyscallMap for the OS/Arch combination. The returned map 293 // must not be changed. 294 func Lookup(os abi.OS, a arch.Arch) (SyscallMap, bool) { 295 for _, s := range syscallTables { 296 if s.os == os && s.arch == a { 297 return s.syscalls, true 298 } 299 } 300 return nil, false 301 }