sys::ptrace: adding ::syscall_info() for linux/glibc. (#2627)

devnexen · web-flow · commit 525c74d405e9 · 2025-04-10T05:59:14.000Z
to retrieve the very system call which stopped the process.
Can be found the type of calls and their related informations.
e.g. on exit we get the return value of the call.
diff --git a/changelog/2627.added.md b/changelog/2627.added.md
@@ -0,0 +1 @@
+Add `ptrace::syscall_info` for linux/glibc
diff --git a/src/sys/ptrace/linux.rs b/src/sys/ptrace/linux.rs
@@ -146,6 +146,8 @@ libc_enum! {
         #[cfg(all(target_os = "linux", target_env = "gnu",
                   any(target_arch = "x86", target_arch = "x86_64")))]
         PTRACE_SYSEMU_SINGLESTEP,
+        #[cfg(all(target_os = "linux", target_env = "gnu"))]
+        PTRACE_GET_SYSCALL_INFO,
     }
 }
 
@@ -567,6 +569,13 @@ pub fn setsiginfo(pid: Pid, sig: &siginfo_t) -> Result<()> {
     }
 }
 
+/// Get the informations of the syscall that caused the stop, as with
+/// `ptrace(PTRACE_GET_SYSCALL_INFO, ...`.
+#[cfg(all(target_os = "linux", target_env = "gnu"))]
+pub fn syscall_info(pid: Pid) -> Result<libc::ptrace_syscall_info> {
+    ptrace_get_data::<libc::ptrace_syscall_info>(Request::PTRACE_GET_SYSCALL_INFO, pid)
+}
+
 /// Sets the process as traceable, as with `ptrace(PTRACE_TRACEME, ...)`
 ///
 /// Indicates that this process is to be traced by its parent.
diff --git a/test/sys/test_ptrace.rs b/test/sys/test_ptrace.rs
@@ -381,3 +381,32 @@ fn test_ptrace_regsets() {
         }
     }
 }
+
+#[cfg(all(target_os = "linux", target_env = "gnu"))]
+#[test]
+fn test_ptrace_syscall_info() {
+    use nix::sys::ptrace;
+    use nix::sys::wait::{waitpid, WaitStatus};
+    use nix::unistd::fork;
+    use nix::unistd::ForkResult::*;
+
+    require_capability!("test_ptrace_syscall_info", CAP_SYS_PTRACE);
+
+    let _m = crate::FORK_MTX.lock();
+    match unsafe { fork() }.expect("Error: Fork Failed") {
+        Child => {
+            ptrace::traceme().unwrap();
+            std::thread::sleep(std::time::Duration::from_millis(1000));
+            unsafe {
+                ::libc::_exit(0);
+            }
+        }
+        Parent { child } => loop {
+            if let Ok(WaitStatus::Exited(_, 0)) = waitpid(child, None) {
+                break;
+            }
+            let si = ptrace::syscall_info(child).unwrap();
+            assert!(si.op >= libc::PTRACE_SYSCALL_INFO_ENTRY);
+        },
+    }
+}

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	+Add `ptrace::syscall_info` for linux/glibc
Original file line number	Diff line number	Diff line change
`@@ -146,6 +146,8 @@ libc_enum! {`
`146`	`146`	`#[cfg(all(target_os = "linux", target_env = "gnu",`
`147`	`147`	`any(target_arch = "x86", target_arch = "x86_64")))]`
`148`	`148`	`PTRACE_SYSEMU_SINGLESTEP,`
	`149`	`+ #[cfg(all(target_os = "linux", target_env = "gnu"))]`
	`150`	`+ PTRACE_GET_SYSCALL_INFO,`
`149`	`151`	`}`
`150`	`152`	`}`
`151`	`153`
`@@ -567,6 +569,13 @@ pub fn setsiginfo(pid: Pid, sig: &siginfo_t) -> Result<()> {`
`567`	`569`	`}`
`568`	`570`	`}`
`569`	`571`
	`572`	`+/// Get the informations of the syscall that caused the stop, as with`
	`573`	+/// `ptrace(PTRACE_GET_SYSCALL_INFO, ...`.
	`574`	`+#[cfg(all(target_os = "linux", target_env = "gnu"))]`
	`575`	`+pub fn syscall_info(pid: Pid) -> Result<libc::ptrace_syscall_info> {`
	`576`	`+ ptrace_get_data::<libc::ptrace_syscall_info>(Request::PTRACE_GET_SYSCALL_INFO, pid)`
	`577`	`+}`
	`578`	`+`
`570`	`579`	/// Sets the process as traceable, as with `ptrace(PTRACE_TRACEME, ...)`
`571`	`580`	`///`
`572`	`581`	`/// Indicates that this process is to be traced by its parent.`