• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 1991, 1992 Paul Kranenburg <pk@cs.few.eur.nl>
3  * Copyright (c) 1993 Branko Lankester <branko@hacktic.nl>
4  * Copyright (c) 1993, 1994, 1995, 1996 Rick Sladkey <jrs@world.std.com>
5  * Copyright (c) 1996-2001 Wichert Akkerman <wichert@cistron.nl>
6  * Copyright (c) 1999-2018 The strace developers.
7  * All rights reserved.
8  *
9  * Redistribution and use in source and binary forms, with or without
10  * modification, are permitted provided that the following conditions
11  * are met:
12  * 1. Redistributions of source code must retain the above copyright
13  *    notice, this list of conditions and the following disclaimer.
14  * 2. Redistributions in binary form must reproduce the above copyright
15  *    notice, this list of conditions and the following disclaimer in the
16  *    documentation and/or other materials provided with the distribution.
17  * 3. The name of the author may not be used to endorse or promote products
18  *    derived from this software without specific prior written permission.
19  *
20  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
21  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
22  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
23  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
24  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
25  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
26  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
27  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
28  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
29  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30  */
31 
32 #include "defs.h"
33 #include <linux/ioctl.h>
34 #include "xlat/ioctl_dirs.h"
35 
36 static int
compare(const void * a,const void * b)37 compare(const void *a, const void *b)
38 {
39 	const unsigned int code1 = (const uintptr_t) a;
40 	const unsigned int code2 = ((struct_ioctlent *) b)->code;
41 	return (code1 > code2) ? 1 : (code1 < code2) ? -1 : 0;
42 }
43 
44 static const struct_ioctlent *
ioctl_lookup(const unsigned int code)45 ioctl_lookup(const unsigned int code)
46 {
47 	struct_ioctlent *iop;
48 
49 	iop = bsearch((const void *) (const uintptr_t) code, ioctlent,
50 			nioctlents, sizeof(ioctlent[0]), compare);
51 	while (iop > ioctlent) {
52 		iop--;
53 		if (iop->code != code) {
54 			iop++;
55 			break;
56 		}
57 	}
58 	return iop;
59 }
60 
61 static const struct_ioctlent *
ioctl_next_match(const struct_ioctlent * iop)62 ioctl_next_match(const struct_ioctlent *iop)
63 {
64 	const unsigned int code = iop->code;
65 	iop++;
66 	if (iop < ioctlent + nioctlents && iop->code == code)
67 		return iop;
68 	return NULL;
69 }
70 
71 static void
ioctl_print_code(const unsigned int code)72 ioctl_print_code(const unsigned int code)
73 {
74 	tprints("_IOC(");
75 	printflags(ioctl_dirs, _IOC_DIR(code), "_IOC_???");
76 	tprintf(", %#x, %#x, %#x)",
77 		_IOC_TYPE(code), _IOC_NR(code), _IOC_SIZE(code));
78 }
79 
80 static int
evdev_decode_number(const unsigned int code)81 evdev_decode_number(const unsigned int code)
82 {
83 	const unsigned int nr = _IOC_NR(code);
84 
85 	if (_IOC_DIR(code) == _IOC_WRITE) {
86 		if (nr >= 0xc0 && nr <= 0xc0 + 0x3f) {
87 			tprints("EVIOCSABS(");
88 			printxval_indexn(evdev_abs, evdev_abs_size, nr - 0xc0,
89 					 "ABS_???");
90 			tprints(")");
91 			return 1;
92 		}
93 	}
94 
95 	if (_IOC_DIR(code) != _IOC_READ)
96 		return 0;
97 
98 	if (nr >= 0x20 && nr <= 0x20 + 0x1f) {
99 		tprints("EVIOCGBIT(");
100 		if (nr == 0x20)
101 			tprintf("0");
102 		else
103 			printxval(evdev_ev, nr - 0x20, "EV_???");
104 		tprintf(", %u)", _IOC_SIZE(code));
105 		return 1;
106 	} else if (nr >= 0x40 && nr <= 0x40 + 0x3f) {
107 		tprints("EVIOCGABS(");
108 		printxval_indexn(evdev_abs, evdev_abs_size, nr - 0x40,
109 				 "ABS_???");
110 		tprints(")");
111 		return 1;
112 	}
113 
114 	switch (_IOC_NR(nr)) {
115 		case 0x06:
116 			tprintf("EVIOCGNAME(%u)", _IOC_SIZE(code));
117 			return 1;
118 		case 0x07:
119 			tprintf("EVIOCGPHYS(%u)", _IOC_SIZE(code));
120 			return 1;
121 		case 0x08:
122 			tprintf("EVIOCGUNIQ(%u)", _IOC_SIZE(code));
123 			return 1;
124 		case 0x09:
125 			tprintf("EVIOCGPROP(%u)", _IOC_SIZE(code));
126 			return 1;
127 		case 0x0a:
128 			tprintf("EVIOCGMTSLOTS(%u)", _IOC_SIZE(code));
129 			return 1;
130 		case 0x18:
131 			tprintf("EVIOCGKEY(%u)", _IOC_SIZE(code));
132 			return 1;
133 		case 0x19:
134 			tprintf("EVIOCGLED(%u)", _IOC_SIZE(code));
135 			return 1;
136 		case 0x1a:
137 			tprintf("EVIOCGSND(%u)", _IOC_SIZE(code));
138 			return 1;
139 		case 0x1b:
140 			tprintf("EVIOCGSW(%u)", _IOC_SIZE(code));
141 			return 1;
142 		default:
143 			return 0;
144 	}
145 }
146 
147 static int
hiddev_decode_number(const unsigned int code)148 hiddev_decode_number(const unsigned int code)
149 {
150 	if (_IOC_DIR(code) == _IOC_READ) {
151 		switch (_IOC_NR(code)) {
152 			case 0x04:
153 				tprintf("HIDIOCGRAWNAME(%u)", _IOC_SIZE(code));
154 				return 1;
155 			case 0x05:
156 				tprintf("HIDIOCGRAWPHYS(%u)", _IOC_SIZE(code));
157 				return 1;
158 			case 0x06:
159 				tprintf("HIDIOCSFEATURE(%u)", _IOC_SIZE(code));
160 				return 1;
161 			case 0x12:
162 				tprintf("HIDIOCGPHYS(%u)", _IOC_SIZE(code));
163 				return 1;
164 			default:
165 				return 0;
166 		}
167 	} else if (_IOC_DIR(code) == (_IOC_READ | _IOC_WRITE)) {
168 		switch (_IOC_NR(code)) {
169 			case 0x06:
170 				tprintf("HIDIOCSFEATURE(%u)", _IOC_SIZE(code));
171 				return 1;
172 			case 0x07:
173 				tprintf("HIDIOCGFEATURE(%u)", _IOC_SIZE(code));
174 				return 1;
175 			default:
176 				return 0;
177 		}
178 	}
179 
180 	return 0;
181 }
182 
183 static int
ioctl_decode_command_number(struct tcb * tcp)184 ioctl_decode_command_number(struct tcb *tcp)
185 {
186 	const unsigned int code = tcp->u_arg[1];
187 
188 	switch (_IOC_TYPE(code)) {
189 		case 'E':
190 			return evdev_decode_number(code);
191 		case 'H':
192 			return hiddev_decode_number(code);
193 		case 'M':
194 			if (_IOC_DIR(code) == _IOC_WRITE) {
195 				tprintf("MIXER_WRITE(%u)", _IOC_NR(code));
196 				return 1;
197 			} else if (_IOC_DIR(code) == _IOC_READ) {
198 				tprintf("MIXER_READ(%u)", _IOC_NR(code));
199 				return 1;
200 			}
201 			return 0;
202 		case 'U':
203 			if (_IOC_DIR(code) == _IOC_READ && _IOC_NR(code) == 0x2c) {
204 				tprintf("UI_GET_SYSNAME(%u)", _IOC_SIZE(code));
205 				return 1;
206 			}
207 			return 0;
208 		case 'j':
209 			if (_IOC_DIR(code) == _IOC_READ && _IOC_NR(code) == 0x13) {
210 				tprintf("JSIOCGNAME(%u)", _IOC_SIZE(code));
211 				return 1;
212 			}
213 			return 0;
214 		case 'k':
215 			if (_IOC_DIR(code) == _IOC_WRITE && _IOC_NR(code) == 0) {
216 				tprintf("SPI_IOC_MESSAGE(%u)", _IOC_SIZE(code));
217 				return 1;
218 			}
219 			return 0;
220 		default:
221 			return 0;
222 	}
223 }
224 
225 /**
226  * Decode arg parameter of the ioctl call.
227  *
228  * @return There are two flags of the return value important for the purposes of
229  *         processing by SYS_FUNC(ioctl):
230  *          - RVAL_IOCTL_DECODED: indicates that ioctl decoder code
231  *                                has printed arg parameter;
232  *          - RVAL_DECODED: indicates that decoding is done.
233  *         As a result, the following behaviour is expected:
234  *          - on entering:
235  *            - 0: decoding should be continued on exiting;
236  *            - RVAL_IOCTL_DECODED: decoding on exiting is not needed
237  *                                  and decoder has printed arg value;
238  *            - RVAL_DECODED: decoding on exiting is not needed
239  *                            and generic handler should print arg value.
240  *          - on exiting:
241  *            - 0: generic handler should print arg value;
242  *            - RVAL_IOCTL_DECODED: decoder has printed arg value.
243  *
244  *         Note that it makes no sense to return just RVAL_DECODED on exiting,
245  *         but, of course, it is not prohibited (for example, it may be useful
246  *         in cases where the return path is common on entering and on exiting
247  *         the syscall).
248  *
249  *         SYS_FUNC(ioctl) converts RVAL_IOCTL_DECODED flag to RVAL_DECODED,
250  *         and passes all other bits of ioctl_decode return value unchanged.
251  */
252 static int
ioctl_decode(struct tcb * tcp)253 ioctl_decode(struct tcb *tcp)
254 {
255 	const unsigned int code = tcp->u_arg[1];
256 	const kernel_ulong_t arg = tcp->u_arg[2];
257 
258 	switch (_IOC_TYPE(code)) {
259 	case '$':
260 		return perf_ioctl(tcp, code, arg);
261 #if defined(ALPHA) || defined(POWERPC)
262 	case 'f': {
263 		int ret = file_ioctl(tcp, code, arg);
264 		if (ret != RVAL_DECODED)
265 			return ret;
266 		ATTRIBUTE_FALLTHROUGH;
267 	}
268 	case 't':
269 	case 'T':
270 		return term_ioctl(tcp, code, arg);
271 #else /* !ALPHA */
272 	case 'f':
273 		return file_ioctl(tcp, code, arg);
274 	case 0x54:
275 #endif /* !ALPHA */
276 		return term_ioctl(tcp, code, arg);
277 	case 0x89:
278 		return sock_ioctl(tcp, code, arg);
279 	case 'p':
280 		return rtc_ioctl(tcp, code, arg);
281 	case 0x03:
282 		return hdio_ioctl(tcp, code, arg);
283 	case 0x12:
284 		return block_ioctl(tcp, code, arg);
285 	case 'X':
286 		return fs_x_ioctl(tcp, code, arg);
287 	case 0x22:
288 		return scsi_ioctl(tcp, code, arg);
289 	case 'L':
290 		return loop_ioctl(tcp, code, arg);
291 #ifdef HAVE_STRUCT_MTD_WRITE_REQ
292 	case 'M':
293 		return mtd_ioctl(tcp, code, arg);
294 #endif
295 #ifdef HAVE_STRUCT_UBI_ATTACH_REQ_MAX_BEB_PER1024
296 	case 'o':
297 	case 'O':
298 		return ubi_ioctl(tcp, code, arg);
299 #endif
300 	case 'V':
301 		return v4l2_ioctl(tcp, code, arg);
302 #ifdef HAVE_STRUCT_PTP_SYS_OFFSET
303 	case '=':
304 		return ptp_ioctl(tcp, code, arg);
305 #endif
306 #ifdef HAVE_LINUX_INPUT_H
307 	case 'E':
308 		return evdev_ioctl(tcp, code, arg);
309 #endif
310 #ifdef HAVE_LINUX_USERFAULTFD_H
311 	case 0xaa:
312 		return uffdio_ioctl(tcp, code, arg);
313 #endif
314 #ifdef HAVE_LINUX_BTRFS_H
315 	case 0x94:
316 		return btrfs_ioctl(tcp, code, arg);
317 #endif
318 	case 0xb7:
319 		return nsfs_ioctl(tcp, code, arg);
320 #ifdef HAVE_LINUX_DM_IOCTL_H
321 	case 0xfd:
322 		return dm_ioctl(tcp, code, arg);
323 #endif
324 #ifdef HAVE_LINUX_KVM_H
325 	case 0xae:
326 		return kvm_ioctl(tcp, code, arg);
327 #endif
328 	case 'I':
329 		return inotify_ioctl(tcp, code, arg);
330 	case 0xab:
331 		return nbd_ioctl(tcp, code, arg);
332 	default:
333 		break;
334 	}
335 	return 0;
336 }
337 
SYS_FUNC(ioctl)338 SYS_FUNC(ioctl)
339 {
340 	const struct_ioctlent *iop;
341 	int ret;
342 
343 	if (entering(tcp)) {
344 		printfd(tcp, tcp->u_arg[0]);
345 		tprints(", ");
346 
347 		if (xlat_verbosity != XLAT_STYLE_ABBREV)
348 			tprintf("%#x", (unsigned int) tcp->u_arg[1]);
349 		if (xlat_verbosity == XLAT_STYLE_VERBOSE)
350 			tprints(" /* ");
351 		if (xlat_verbosity != XLAT_STYLE_RAW) {
352 			ret = ioctl_decode_command_number(tcp);
353 			if (!(ret & IOCTL_NUMBER_STOP_LOOKUP)) {
354 				iop = ioctl_lookup(tcp->u_arg[1]);
355 				if (iop) {
356 					if (ret)
357 						tprints(" or ");
358 					tprints(iop->symbol);
359 					while ((iop = ioctl_next_match(iop)))
360 						tprintf(" or %s", iop->symbol);
361 				} else if (!ret) {
362 					ioctl_print_code(tcp->u_arg[1]);
363 				}
364 			}
365 		}
366 		if (xlat_verbosity == XLAT_STYLE_VERBOSE)
367 			tprints(" */");
368 
369 		ret = ioctl_decode(tcp);
370 	} else {
371 		ret = ioctl_decode(tcp) | RVAL_DECODED;
372 	}
373 
374 	if (ret & RVAL_IOCTL_DECODED) {
375 		ret &= ~RVAL_IOCTL_DECODED;
376 		ret |= RVAL_DECODED;
377 	} else if (ret & RVAL_DECODED) {
378 		tprintf(", %#" PRI_klx, tcp->u_arg[2]);
379 	}
380 
381 	return ret;
382 }
383