From e6ace76b7f0a753aa8fe6ef9562a719af0353ccb Mon Sep 17 00:00:00 2001 From: salsal97 Date: Fri, 26 Aug 2022 01:04:42 +0000 Subject: [PATCH] added group filter feature added strace tests docs updated man strace details added --- doc/user-getting-started.md | 29 +- include/myst/syscall.h | 15 + tests/strace/.gitignore | 11 +- tests/strace/1test.expected.txt | 2 + ...{test2.expected.txt => 2test.expected.txt} | 0 tests/strace/8test.expected.txt | 2 + tests/strace/Makefile | 35 +- tests/strace/test1.expected.txt | 2 - tools/myst/host/exec.c | 31 +- tools/myst/host/exec_linux.c | 31 +- tools/myst/host/package.c | 2 +- tools/myst/host/strace.c | 92 +++-- tools/myst/host/strace.h | 8 +- utils/syscall.c | 358 ++++++++++++++++++ 14 files changed, 546 insertions(+), 72 deletions(-) create mode 100644 tests/strace/1test.expected.txt rename tests/strace/{test2.expected.txt => 2test.expected.txt} (100%) create mode 100644 tests/strace/8test.expected.txt delete mode 100644 tests/strace/test1.expected.txt diff --git a/doc/user-getting-started.md b/doc/user-getting-started.md index cc12afcadf..16f2459f12 100644 --- a/doc/user-getting-started.md +++ b/doc/user-getting-started.md @@ -90,18 +90,25 @@ Options: to stop execution whenever a syscall fails. Use breakpoint conditions to control the behavior of the breakpoint. E.g: Use syscall number as a condition in the breakpoint - --strace-filter 'SYS_name1:SYS_name2:...' - -- Specify the set of syscalls to be traced. When filters - are specified, only those syscalls specified in the filter + --strace-filter 'SYS_name1:group1:SYS_name2:...' + -- Specify the set of syscalls or groups to be traced. When filters + are specified, only those syscalls/groups specified in the filter will be traced, in addition to failing syscalls if - specified as described above. - E.g: To trace open and mprotect syscalls, specify - --strace-filter 'SYS_open:SYS_mprotect' - --strace-exclude-filter 'SYS_name1:SYS_name2:...' - -- Specify a set of syscalls to exclude from the strace log. - All other syscalls will be logged in the strace. - E.g: To exclude open and mprotect syscalls, specify - --strace-exclude-filter 'SYS_open:SYS_mprotect' + specified as described above. Any combination of syscalls and groups + can be used. For a list of all the groups and their consituents check + out 'man strace' + E.g: To trace open and mprotect syscalls, and 'desc' group of + syscalls (file descriptor related group), specify + --strace-filter 'SYS_open:SYS_mprotect:desc' + --strace-exclude-filter 'SYS_name1:SYS_name2:group1...' + -- Specify a set of syscalls or groups to exclude from the strace log. + All other syscalls will be logged in the strace. Failing syscalls, even + if excluded, will also be logged if --strace-failing is specified. Any + combination of syscalls and groups can be used. For a list of all the + groups and their consituents check out 'man strace' + E.g: To exclude open and mprotect syscalls and the group of + file syscalls, specify + --strace-exclude-filter='SYS_open:SYS_mprotect:file' ``` You can also specify many other parameters in a configuration file, conventionally called `config.json`, you will also use this configuration file to package your application. diff --git a/include/myst/syscall.h b/include/myst/syscall.h index d99219aabf..d2b8539545 100644 --- a/include/myst/syscall.h +++ b/include/myst/syscall.h @@ -407,4 +407,19 @@ typedef struct myst_syscall_pair const myst_syscall_pair_t* myst_syscall_pairs(void); +#define SYSCALL_GROUP_MAX_SIZE 128 + +/* Stores the syscall group name, corresponding syscalls, and number of syscalls + */ +typedef struct myst_syscall_group +{ + const char* name; + const size_t group_size; + const int syscalls[SYSCALL_GROUP_MAX_SIZE]; +} myst_syscall_group_t; + +const int* myst_syscall_group(const char* name); + +size_t myst_syscall_group_size(const char* name); + #endif /* _MYST_SYSCALL_H */ diff --git a/tests/strace/.gitignore b/tests/strace/.gitignore index f34d65968e..9e93940bfd 100644 --- a/tests/strace/.gitignore +++ b/tests/strace/.gitignore @@ -1,7 +1,10 @@ 1 2 3 -test1.txt -test2.txt -test3.txt -test4.txt \ No newline at end of file +4 +5 +6 +7 +8 +9 +test*.txt \ No newline at end of file diff --git a/tests/strace/1test.expected.txt b/tests/strace/1test.expected.txt new file mode 100644 index 0000000000..90632a82ae --- /dev/null +++ b/tests/strace/1test.expected.txt @@ -0,0 +1,2 @@ +Invalid group name or syscall name 'SYS_invali' specified in --strace-filter or --strace-exclude-filter. +Aborted (core dumped) diff --git a/tests/strace/test2.expected.txt b/tests/strace/2test.expected.txt similarity index 100% rename from tests/strace/test2.expected.txt rename to tests/strace/2test.expected.txt diff --git a/tests/strace/8test.expected.txt b/tests/strace/8test.expected.txt new file mode 100644 index 0000000000..605f624581 --- /dev/null +++ b/tests/strace/8test.expected.txt @@ -0,0 +1,2 @@ +Invalid group name or syscall name 'SYS_maa' specified in --strace-filter or --strace-exclude-filter. +Aborted (core dumped) diff --git a/tests/strace/Makefile b/tests/strace/Makefile index 8a96f1cb95..2e102bc0ea 100644 --- a/tests/strace/Makefile +++ b/tests/strace/Makefile @@ -22,15 +22,21 @@ endif OPTS += --thread-stack-size=1048576 -tests: all test1 test2 test3 test4 +__TESTS=1 2 3 4 5 6 7 8 9 +.PHONY: $(__TESTS) + +tests: $(__TESTS) echo " === passed test strace" +$(__TESTS): + $(MAKE) test$@ + test1: - -$(MYST_EXEC) rootfs /bin/strace --strace-filter=SYS_invali $(OPTS) 2> test1.txt || $(RUNTEST) diff test1.txt test1.expected.txt + $(MYST_EXEC) rootfs /bin/strace --strace-filter=SYS_invali $(OPTS) 2> test1.txt || $(RUNTEST) diff test1.txt 1test.expected.txt echo "=== test1 passed" test2: - -$(MYST_EXEC) rootfs /bin/strace --strace-filter=SYS_mmap --strace-exclude-filter=SYS_ioctl $(OPTS) 2> test2.txt || $(RUNTEST) diff test2.txt test2.expected.txt + $(MYST_EXEC) rootfs /bin/strace --strace-filter=SYS_mmap --strace-exclude-filter=SYS_ioctl $(OPTS) 2> test2.txt || $(RUNTEST) diff test2.txt 2test.expected.txt echo "=== test2 passed" test3: @@ -44,6 +50,29 @@ test4: cat test4.txt | grep -v "SYS_close" > 3 && $(RUNTEST) diff 3 test4.txt echo "=== test4 passed" +test5: + $(MYST_EXEC) rootfs /bin/strace --strace-filter=file $(OPTS) 2> test5.txt + cat test5.txt | grep "SYS_" > 4 && cat test5.txt | grep -E '(SYS_open|SYS_getcwd)' > 5 && $(RUNTEST) diff 4 5 + echo "=== test5 passed" + +test6: + $(MYST_EXEC) rootfs /bin/strace --strace-filter=file:desc:memory $(OPTS) 2> test6.txt + cat test6.txt | grep "SYS_" > 6 && cat test6.txt | grep -E '(SYS_open|SYS_read|SYS_mmap|SYS_close|SYS_mprotect|SYS_getcwd)' > 7 && $(RUNTEST) diff 6 7 + echo "=== test6 passed" + +test7: + $(MYST_EXEC) rootfs /bin/strace --strace-filter=file:SYS_mmap $(OPTS) 2> test7.txt + cat test7.txt | grep "SYS_" > 8 && cat test7.txt | grep -E '(SYS_open|SYS_getcwd|SYS_mmap)' > 9 && $(RUNTEST) diff 8 9 + echo "=== test7 passed" + +test8: + $(MYST_EXEC) rootfs /bin/strace --strace-filter=file:SYS_maa $(OPTS) 2> test8.txt || $(RUNTEST) diff test8.txt 8test.expected.txt + echo "=== test8 passed" + +test9: + $(MYST_EXEC) rootfs /bin/strace --strace-filter=file --strace-exclude-filter=SYS_mmap $(OPTS) 2> test9.txt || $(RUNTEST) diff test9.txt 2test.expected.txt + echo "=== test9 passed" + myst: $(MAKE) -C $(TOP)/tools/myst diff --git a/tests/strace/test1.expected.txt b/tests/strace/test1.expected.txt deleted file mode 100644 index d0f0e887e0..0000000000 --- a/tests/strace/test1.expected.txt +++ /dev/null @@ -1,2 +0,0 @@ -Unknown syscall SYS_invali specified in --strace-filter or --strace-exclude-filter -Aborted (core dumped) diff --git a/tools/myst/host/exec.c b/tools/myst/host/exec.c index e1a2a6abdb..c7ea75ad5a 100644 --- a/tools/myst/host/exec.c +++ b/tools/myst/host/exec.c @@ -396,18 +396,25 @@ Options:\n\ to stop execution whenever a syscall fails. Use breakpoint \n\ conditions to control the behavior of the breakpoint.\n\ E.g: Use syscall number as a condition in the breakpoint\n\ - --strace-filter 'SYS_name1:SYS_name2:...'\n\ - -- Specify the set of syscalls to be traced. When filters \n\ - are specified, only those syscalls specified in the filter \n\ + --strace-filter 'SYS_name1:group1:SYS_name2:...'\n\ + -- Specify the set of syscalls or groups to be traced. When filters \n\ + are specified, only those syscalls/groups specified in the filter \n\ will be traced, in addition to failing syscalls if\n\ - specified as described above.\n\ - E.g: To trace open and mprotect syscalls, specify\n\ - --strace-filter 'SYS_open:SYS_mprotect'\n\ - --strace-exclude-filter 'SYS_name1:SYS_name2:...'\n\ - -- Specify a set of syscalls to exclude from the strace log. \n\ - All other syscalls will be logged in the strace. \n\ - E.g: To exclude open and mprotect syscalls, specify\n\ - --strace-exclude-filter 'SYS_open:SYS_mprotect'\n\ + specified as described above. Any combination of syscalls and groups \n\ + can be used. For a list of all the groups and their consituents check\n\ + out 'man strace' \n\ + E.g: To trace open and mprotect syscalls, and 'desc' group of \n\ + syscalls (file descriptor related group), specify \n\ + --strace-filter 'SYS_open:SYS_mprotect:desc'\n\ + --strace-exclude-filter 'SYS_name1:SYS_name2:group1...'\n\ + -- Specify a set of syscalls or groups to exclude from the strace log. \n\ + All other syscalls will be logged in the strace. Failing syscalls, even \n\ + if excluded, will also be logged if --strace-failing is specified. Any \n\ + combination of syscalls and groups can be used. For a list of all the \n\ + groups and their consituents check out 'man strace' \n\ + E.g: To exclude open and mprotect syscalls and the group of \n\ + file syscalls, specify\n\ + --strace-exclude-filter='SYS_open:SYS_mprotect:file'\n\ \n" int exec_action(int argc, const char* argv[], const char* envp[]) @@ -450,7 +457,7 @@ int exec_action(int argc, const char* argv[], const char* envp[]) options.strace_config.trace_syscalls = true; } - if (myst_parse_strace_config(&argc, argv, &options.strace_config) == 0) + if (myst_strace_parse_config(&argc, argv, &options.strace_config) == 0) { options.strace_config.trace_syscalls = true; } diff --git a/tools/myst/host/exec_linux.c b/tools/myst/host/exec_linux.c index 1c91c9a08a..0c6f672902 100644 --- a/tools/myst/host/exec_linux.c +++ b/tools/myst/host/exec_linux.c @@ -93,18 +93,25 @@ Options:\n\ to stop execution whenever a syscall fails. Use breakpoint \n\ conditions to control the behavior of the breakpoint.\n\ E.g: Use syscall number as a condition in the breakpoint\n\ - --strace-filter 'SYS_name1:SYS_name2:...'\n\ - -- Specify the set of syscalls to be traced. When filters \n\ - are specified, only those syscalls specified in the filter \n\ + --strace-filter 'SYS_name1:group1:SYS_name2:...'\n\ + -- Specify the set of syscalls or groups to be traced. When filters \n\ + are specified, only those syscalls/groups specified in the filter \n\ will be traced, in addition to failing syscalls if\n\ - specified as described above.\n\ - E.g: To trace open and mprotect syscalls, specify\n\ - --strace-filter 'SYS_open:SYS_mprotect'\n\ - --strace-exclude-filter 'SYS_name1:SYS_name2:...'\n\ - -- Specify a set of syscalls to exclude from the strace log. \n\ - All other syscalls will be logged in the strace. \n\ - E.g: To exclude open and mprotect syscalls, specify\n\ - --strace-exclude-filter 'SYS_open:SYS_mprotect'\n\ + specified as described above. Any combination of syscalls and groups \n\ + can be used. For a list of all the groups and their consituents check\n\ + out 'man strace' \n\ + E.g: To trace open and mprotect syscalls, and 'desc' group of \n\ + syscalls (file descriptor related group), specify \n\ + --strace-filter 'SYS_open:SYS_mprotect:desc'\n\ + --strace-exclude-filter 'SYS_name1:SYS_name2:group1...'\n\ + -- Specify a set of syscalls or groups to exclude from the strace log. \n\ + All other syscalls will be logged in the strace. Failing syscalls, even \n\ + if excluded, will also be logged if --strace-failing is specified. Any \n\ + combination of syscalls and groups can be used. For a list of all the \n\ + groups and their consituents check out 'man strace' \n\ + E.g: To exclude open and mprotect syscalls and the group of \n\ + file syscalls, specify\n\ + --strace-exclude-filter='SYS_open:SYS_mprotect:file'\n\ \n\ " @@ -137,7 +144,7 @@ static void _get_options( opts->strace_config.trace_syscalls = true; } - if (myst_parse_strace_config(argc, argv, &opts->strace_config) == 0) + if (myst_strace_parse_config(argc, argv, &opts->strace_config) == 0) { opts->strace_config.trace_syscalls = true; } diff --git a/tools/myst/host/package.c b/tools/myst/host/package.c index 514d5487ec..954a43f666 100644 --- a/tools/myst/host/package.c +++ b/tools/myst/host/package.c @@ -600,7 +600,7 @@ int _exec_package( options.strace_config.trace_syscalls = true; } - if (myst_parse_strace_config(&argc, argv, &options.strace_config) == 0) + if (myst_strace_parse_config(&argc, argv, &options.strace_config) == 0) { options.strace_config.trace_syscalls = true; } diff --git a/tools/myst/host/strace.c b/tools/myst/host/strace.c index 3a0407374f..af77e06600 100644 --- a/tools/myst/host/strace.c +++ b/tools/myst/host/strace.c @@ -8,6 +8,38 @@ #include #include +int myst_strace_add_syscall_to_filter( + long num, + const char* name, + myst_strace_config_t* strace_config, + bool include) +{ + if (num >= 0) + { + if (num < MYST_MAX_SYSCALLS) + strace_config->trace[num] = include; + else + { + fprintf( + stderr, + "Syscall %s exceeds trace array. Fix " + "myst_syscall_config_t\n", + name); + abort(); + } + } + else + { + fprintf( + stderr, + "Unknown syscall %s specified in --strace-filter or " + "--strace-exclude-filter\n", + name); + abort(); + } + return 0; +} + int myst_set_strace_filter( int num_tokens, char** tokens, @@ -22,36 +54,44 @@ int myst_set_strace_filter( for (size_t i = 0; i < num_tokens; ++i) { const char* name = tokens[i]; + + /* Check if filter is for a syscall */ long num = myst_syscall_num(name); - if (num >= 0) + + if (num != -ENOENT) + myst_strace_add_syscall_to_filter( + num, name, strace_config, include); + else { - if (num < MYST_MAX_SYSCALLS) - strace_config->trace[num] = include; - else + /* Check if filter is for a group of syscalls. Eg: file, memory, etc + */ + const int* syscalls = myst_syscall_group(name); + const size_t group_size = myst_syscall_group_size(name); + + /* token specified is not a syscall name or group name */ + if (syscalls == NULL) { fprintf( stderr, - "Syscall %s exceeds trace array. Fix " - "myst_syscall_config_t\n", + "Invalid group name or syscall name '%s' specified in " + "--strace-filter or --strace-exclude-filter.\n", name); abort(); } - } - else - { - fprintf( - stderr, - "Unknown syscall %s specified in --strace-filter or " - "--strace-exclude-filter \n", - name); - abort(); + + for (int j = 0; j < group_size; j++) + { + const char* name = myst_syscall_name((long)syscalls[j]); + myst_strace_add_syscall_to_filter( + (long)syscalls[j], name, strace_config, include); + } } } strace_config->filter = 1; return 0; } -int myst_parse_strace_config( +int myst_strace_parse_config( int* argc, const char** argv, myst_strace_config_t* strace_config) @@ -68,20 +108,23 @@ int myst_parse_strace_config( strace_config->filter = 1; } - if (cli_getopt(argc, argv, "--strace-filter", &filter) == 0 && filter) + if (cli_getopt(argc, argv, "--strace-exclude-filter", &filter) == 0 && + filter) { if (myst_strsplit(filter, ":", &tokens, &num_tokens) != 0) { - fprintf(stderr, "Invalid strace-filter '%s' specified.\n", filter); + fprintf( + stderr, + "Invalid strace-exclude-filter '%s' specified.\n", + filter); abort(); } - ret = myst_set_strace_filter(num_tokens, tokens, strace_config, 1); + ret = myst_set_strace_filter(num_tokens, tokens, strace_config, 0); filter_flag = true; } - if (cli_getopt(argc, argv, "--strace-exclude-filter", &filter) == 0 && - filter) + if (cli_getopt(argc, argv, "--strace-filter", &filter) == 0 && filter) { if (filter_flag) { @@ -94,14 +137,11 @@ int myst_parse_strace_config( if (myst_strsplit(filter, ":", &tokens, &num_tokens) != 0) { - fprintf( - stderr, - "Invalid strace-exclude-filter '%s' specified.\n", - filter); + fprintf(stderr, "Invalid strace-filter '%s' specified.\n", filter); abort(); } - ret = myst_set_strace_filter(num_tokens, tokens, strace_config, 0); + ret = myst_set_strace_filter(num_tokens, tokens, strace_config, 1); } if (tokens) diff --git a/tools/myst/host/strace.h b/tools/myst/host/strace.h index 3c9a101064..deae45f4e5 100644 --- a/tools/myst/host/strace.h +++ b/tools/myst/host/strace.h @@ -6,9 +6,15 @@ #include -int myst_parse_strace_config( +int myst_strace_parse_config( int* argc, const char** argv, myst_strace_config_t* strace_config); +int myst_strace_add_syscall_to_filter( + long num, + const char* name, + myst_strace_config_t* strace_config, + bool include); + #endif // _MYST_HOST_STRACE_H diff --git a/utils/syscall.c b/utils/syscall.c index ad4fd5379d..346d99b0a7 100644 --- a/utils/syscall.c +++ b/utils/syscall.c @@ -382,9 +382,343 @@ static const myst_syscall_pair_t _pairs[] = { PAIR(SYS_myst_interrupt_thread), PAIR(SYS_myst_pre_launch_hook), /* add new entries here! */ + /* NOTE: when you add a new syscall here, add it to its corresponding group + below as well! */ {0, NULL}, }; +const myst_syscall_group_t _groups[] = { + {"desc", + 98, + {SYS_read, + SYS_write, + SYS_open, + SYS_close, + SYS_fstat, + SYS_poll, + SYS_lseek, + SYS_mmap, + SYS_ioctl, + SYS_pread64, + SYS_pwrite64, + SYS_readv, + SYS_writev, + SYS_pipe, + SYS_select, + SYS_dup, + SYS_dup2, + SYS_sendfile, + SYS_fcntl, + SYS_flock, + SYS_fsync, + SYS_fdatasync, + SYS_ftruncate, + SYS_getdents, + SYS_fchdir, + SYS_creat, + SYS_fchmod, + SYS_fchown, + SYS_fstatfs, + SYS_readahead, + SYS_fsetxattr, + SYS_fgetxattr, + SYS_flistxattr, + SYS_fremovexattr, + SYS_epoll_create, + SYS_getdents64, + SYS_fadvise64, + SYS_epoll_wait, + SYS_epoll_ctl, + SYS_mq_open, + // SYS_q_timedsend, + // SYS_q_timedreceive, + SYS_mq_notify, + SYS_mq_getsetattr, + SYS_inotify_init, + SYS_inotify_add_watch, + SYS_inotify_rm_watch, + SYS_openat, + SYS_mkdirat, + SYS_mknodat, + SYS_fchownat, + SYS_futimesat, + SYS_newfstatat, + SYS_unlinkat, + SYS_renameat, + SYS_linkat, + SYS_symlinkat, + SYS_readlinkat, + SYS_fchmodat, + SYS_faccessat, + SYS_pselect6, + SYS_ppoll, + SYS_splice, + SYS_tee, + SYS_sync_file_range, + SYS_vmsplice, + SYS_utimensat, + SYS_epoll_pwait, + SYS_signalfd, + SYS_timerfd_create, + SYS_eventfd, + SYS_fallocate, + SYS_timerfd_settime, + SYS_timerfd_gettime, + SYS_signalfd4, + SYS_eventfd2, + SYS_epoll_create1, + SYS_dup3, + SYS_pipe2, + SYS_inotify_init1, + SYS_preadv, + SYS_pwritev, + SYS_perf_event_open, + SYS_fanotify_init, + SYS_fanotify_mark, + SYS_name_to_handle_at, + SYS_open_by_handle_at, + SYS_syncfs, + SYS_setns, + SYS_finit_module, + SYS_renameat2, + SYS_memfd_create, + SYS_kexec_file_load, + SYS_bpf, + SYS_execveat, + SYS_userfaultfd, + SYS_copy_file_range, + SYS_preadv2, + SYS_pwritev2, + SYS_statx}}, + {"file", + 60, + {SYS_stat, + SYS_open, + SYS_lstat, + SYS_access, + SYS_execve, + SYS_truncate, + SYS_getcwd, + SYS_chdir, + SYS_rename, + SYS_mkdir, + SYS_rmdir, + SYS_creat, + SYS_link, + SYS_unlink, + SYS_symlink, + SYS_readlink, + SYS_chmod, + SYS_chown, + SYS_lchown, + SYS_utime, + SYS_mknod, + SYS_uselib, + SYS_statfs, + SYS_pivot_root, + SYS_chroot, + SYS_acct, + SYS_mount, + SYS_umount2, + SYS_swapon, + SYS_swapoff, + SYS_quotactl, + SYS_setxattr, + SYS_lsetxattr, + SYS_getxattr, + SYS_lgetxattr, + SYS_listxattr, + SYS_llistxattr, + SYS_removexattr, + SYS_lremovexattr, + SYS_utimes, + SYS_inotify_add_watch, + SYS_openat, + SYS_mkdirat, + SYS_mknodat, + SYS_fchownat, + SYS_futimesat, + SYS_newfstatat, + SYS_unlinkat, + SYS_renameat, + SYS_linkat, + SYS_symlinkat, + SYS_readlinkat, + SYS_fchmodat, + SYS_faccessat, + SYS_utimensat, + SYS_fanotify_mark, + SYS_name_to_handle_at, + SYS_renameat2, + SYS_execveat, + SYS_statx}}, + {"ipc", + 12, + {SYS_shmget, + SYS_shmat, + SYS_shmctl, + SYS_semget, + SYS_semop, + SYS_semctl, + SYS_shmdt, + SYS_msgget, + SYS_msgsnd, + SYS_msgrcv, + SYS_msgctl, + SYS_semtimedop}}, + {"network", 21, {SYS_sendfile, SYS_socket, SYS_connect, + SYS_accept, SYS_sendto, SYS_recvfrom, + SYS_sendmsg, SYS_recvmsg, SYS_shutdown, + SYS_bind, SYS_listen, SYS_getsockname, + SYS_getpeername, SYS_socketpair, SYS_setsockopt, + SYS_getsockopt, SYS_getpmsg, SYS_putpmsg, + SYS_accept4, SYS_recvmmsg, SYS_sendmmsg}}, + {"process", + 14, + {SYS_clone, + SYS_fork, + SYS_vfork, + SYS_execve, + SYS_exit, + SYS_wait4, + SYS_kill, + SYS_rt_sigqueueinfo, + SYS_tkill, + SYS_exit_group, + SYS_tgkill, + SYS_waitid, + SYS_rt_tgsigqueueinfo, + SYS_execveat}}, + {"signal", + 14, + {SYS_rt_sigaction, + SYS_rt_sigprocmask, + SYS_rt_sigreturn, + SYS_pause, + SYS_kill, + SYS_rt_sigpending, + // SYS_t_sigtimedwait, + SYS_rt_sigqueueinfo, + SYS_rt_sigsuspend, + SYS_sigaltstack, + SYS_tkill, + SYS_tgkill, + SYS_signalfd, + SYS_signalfd4, + SYS_rt_tgsigqueueinfo}}, + {"memory", + 24, + {SYS_mmap, + SYS_mprotect, + SYS_munmap, + SYS_brk, + SYS_mremap, + SYS_msync, + SYS_mincore, + SYS_madvise, + SYS_shmat, + SYS_shmdt, + SYS_mlock, + SYS_munlock, + SYS_mlockall, + SYS_munlockall, + SYS_io_setup, + SYS_io_destroy, + SYS_remap_file_pages, + SYS_mbind, + SYS_set_mempolicy, + SYS_get_mempolicy, + SYS_migrate_pages, + SYS_move_pages, + SYS_mlock2, + SYS_pkey_mprotect}}, + {"stat", 1, {SYS_stat}}, + {"lstat", 1, {SYS_lstat}}, + {"fstat", 3, {SYS_fstat, SYS_newfstatat, SYS_statx}}, + {"stat_like", + 5, + {SYS_stat, SYS_fstat, SYS_lstat, SYS_newfstatat, SYS_statx}}, + {"statfs", 1, {SYS_statfs}}, + {"fstatfs", 1, {SYS_fstatfs}}, + {"statfs_like", 3, {SYS_ustat, SYS_statfs, SYS_fstatfs}}, + {"pure", + 8, + {SYS_getpid, + SYS_getuid, + SYS_getgid, + SYS_geteuid, + SYS_getegid, + SYS_getppid, + SYS_getpgrp, + SYS_gettid}}, + {"syscall_never_fails", + 12, + {SYS_getpid, + SYS_umask, + SYS_getuid, + SYS_getgid, + SYS_geteuid, + SYS_getegid, + SYS_getppid, + SYS_getpgrp, + SYS_setfsuid, + SYS_setfsgid, + SYS_personality, + SYS_gettid}}, + {"max_args", 0, {}}, + {"memory_mapping_change", + 11, + {SYS_mmap, + SYS_mprotect, + SYS_munmap, + SYS_brk, + SYS_mremap, + SYS_shmat, + SYS_execve, + SYS_shmdt, + SYS_remap_file_pages, + SYS_execveat, + SYS_pkey_mprotect}}, + {"stackcapture_on_enter", + 4, + {SYS_execve, SYS_exit, SYS_exit_group, SYS_execveat}}, + {"compat_syscall_types", 0, {}}, + {"seccomp_default", 2, {SYS_execve, SYS_execveat}}, + {"creds", + 19, + {SYS_getuid, + SYS_getgid, + SYS_setuid, + SYS_setgid, + SYS_geteuid, + SYS_getegid, + SYS_setreuid, + SYS_setregid, + SYS_getgroups, + SYS_setgroups, + SYS_setresuid, + SYS_getresuid, + SYS_setresgid, + SYS_getresgid, + SYS_setfsuid, + SYS_setfsgid, + SYS_capget, + SYS_capset, + SYS_prctl}}, + {"clock", + 7, + {SYS_gettimeofday, + SYS_adjtimex, + SYS_settimeofday, + SYS_time, + SYS_clock_settime, + SYS_clock_gettime, + // SYS_lock_getres, + SYS_clock_adjtime}}, + {"comm_change", 3, {SYS_execve, SYS_prctl, SYS_execveat}}, + {"", 0, {}}, +}; + __attribute__((__unused__)) static void _check_myst_syscalls(void) { myst_syscall_t msyscall = SYS_myst_trace; @@ -440,6 +774,30 @@ long myst_syscall_num(const char* name) return -ENOENT; } +const int* myst_syscall_group(const char* name) +{ + for (size_t i = 0; _groups[i].name; i++) + { + if (strcmp(_groups[i].name, name) == 0) + return _groups[i].syscalls; + } + + /* not found */ + return NULL; +} + +size_t myst_syscall_group_size(const char* name) +{ + for (size_t i = 0; _groups[i].name; i++) + { + if (strcmp(_groups[i].name, name) == 0) + return _groups[i].group_size; + } + + /* not found */ + return -ENOENT; +} + const myst_syscall_pair_t* myst_syscall_pairs(void) { return _pairs;