Errno: Difference between revisions

From Hackepedia
Jump to navigationJump to search
m subsections for venturing into the source code.
Line 67: Line 67:
  ...
  ...
   
   
Ok so we've found warn() and it calls vwarn(), so we'll have to dig deeper (hey noone said this was going to be a breeze).
Ok so we've found warn() and it calls _vwarn(), so we'll have to dig deeper (hey noone said this was going to be a breeze).


  $ more vwarn.c
  $ more vwarn.c
Line 84: Line 84:
  }  
  }  


Bingo! _vwarn() prints the argument followed with a colon and then strerror() of the errno followed by a newline.  So we know how the error message is created and how it is tied in with the errno variable.
Bingo! _vwarn() prints the program name followed by a colon and then prints the argument followed with a colon and then strerror() of the errno followed by a newline.  So we know how the error message is created and how it is tied in with the errno variable.


Does this look like our error message?
cat: /dev/pf: Permission denied
Yes it does.  The source code matches reality (a good thing).


=== Wandering into the Kernel ===
=== Wandering into the Kernel ===

Revision as of 11:17, 2 December 2005

When a system call fails the system sets a variable called errno with a certain integer. Usually a subsequent error message will contain the human readable string associated with the errno. Ie. if you do:

$ cat /dev/pf
cat: /dev/pf: Permission denied

You get the string "Permission denied". If you cross reference this string in the errno(2) or intro(2) manpage you'll see that this belongs to errno 13:

     ...
     13 EACCES Permission denied.  An attempt was made to access a file in a
           way forbidden by its file access permissions.
     ...

Great! We now know that the errno that cat failed with was errno 13 (EACCES) also known as Permission denied. Better check who you are!


A Journey into the Userland Source Code

So how does that help anyone? Well you can now use grep on the systems source code (you do have source code don't you? Don't leave home without it) to track down what location of the source code returns with EACCES. So let's go and do it here is an example run:

$ cd /usr/src/bin/cat
$ ls
CVS      Makefile cat.1    cat.c    cat.cat1 obj
$ grep -4 open\( cat.c
       do {
               if (*argv) {
                       if (!strcmp(*argv, "-"))
                               fp = stdin;
                       else if ((fp = fopen(*argv, "r")) == NULL) {
                               warn("%s", *argv);
                               rval = 1;
                               ++argv;
                               continue;
--
       do {
               if (*argv) {
                       if (!strcmp(*argv, "-"))
                               fd = fileno(stdin);
                       else if ((fd = open(*argv, O_RDONLY, 0)) < 0) {
                               warn("%s", *argv);
                               rval = 1;
                               ++argv;
                               continue;

OK I knew that we were failing on the open syscall (out of experience) and it is actually wrapped by fopen() which then calls open(), when fopen() fails by returning NULL it is warn() that prints the filename that was attempted to be opened and if we were to dig deeper in warn() we would see that it displays the errno string with strerror(), watch:

$ cd /usr/src/lib/libc/gen
$ grep -l warn\( *
auth_subr.c
authenticate.c
devname.c
getnetgrent.c
vwarn.c
warn.c
$ more warn.c
...
void
_warn(const char *fmt, ...)
{
       va_list ap;
...
       va_start(ap, fmt);
       _vwarn(fmt, ap);
       va_end(ap);
}
...
__weak_alias(warn, _warn);
...

Ok so we've found warn() and it calls _vwarn(), so we'll have to dig deeper (hey noone said this was going to be a breeze).

$ more vwarn.c
...
_vwarn(const char *fmt, va_list ap)
{
       int sverrno;
...
       sverrno = errno;
       (void)fprintf(stderr, "%s: ", __progname);
       if (fmt != NULL) {
               (void)vfprintf(stderr, fmt, ap);
               (void)fprintf(stderr, ": ");
       }
       (void)fprintf(stderr, "%s\n", strerror(sverrno));
} 

Bingo! _vwarn() prints the program name followed by a colon and then prints the argument followed with a colon and then strerror() of the errno followed by a newline. So we know how the error message is created and how it is tied in with the errno variable.

Does this look like our error message?

cat: /dev/pf: Permission denied

Yes it does. The source code matches reality (a good thing).

Wandering into the Kernel

How does the errno come from the kernel though? Remember it was the open syscall right? So we'll dig in the kernel a little:

$ cd /usr/src/sys/kern
$ grep -l open\( *
kern_acct.c
kern_descrip.c
kern_ktrace.c
kern_lkm.c
kern_sig.c
makesyscalls.sh
subr_log.c
subr_prf.c
syscalls.master
tty.c
tty_conf.c
tty_pty.c
tty_tb.c
tty_tty.c
vfs_syscalls.c
vfs_vnops.c

Whew! lots of files, which one is it? Let's just check them all if we don't know or I'm going to make a lucky guess here:

$ grep open\( vfs_syscalls.c
sys_open(struct proc *p, void *v, register_t *retval)
       if ((error = vn_open(&nd, flags, cmode)) != 0) {
                       dupfdopen(fdp, indx, p->p_dupfd, flags, error)) == 0) {
sys_fhopen(struct proc *p, void *v, register_t *retval)

Looks good! sys_open() is the function we're looking for. So let's take a look at it:

...
/*
 * Check permissions, allocate an open file structure,
 * and call the device open routine if any.
 */
int
sys_open(struct proc *p, void *v, register_t *retval)
{
...

Looking at it we don't see any mention of EACCES, but there is return conditions on other functions that return with that error, so let's dig into all the functions:

       ...
       if ((error = vn_open(&nd, flags, cmode)) != 0) {
               if ((error == ENODEV || error == ENXIO) &&
                   p->p_dupfd >= 0 &&                  /* XXX from fdopen */
                   (error =
                       dupfdopen(fdp, indx, p->p_dupfd, flags, error)) == 0) {
                       closef(fp, p);
                       *retval = indx;
                       goto out;
               }
               if (error == ERESTART)
                       error = EINTR;
               fdremove(fdp, indx);
               closef(fp, p);
               goto out;
       }
       ...

if vn_open() doesn't return with 0, it sets the error with the return value and goes to 'out.

...
out:
       fdpunlock(fdp);
       return (error);
...

So what does vn_open() look like? Can we find the EACCES in it? It's found in the file /usr/src/sys/kern/vfs_vnops.c in the same directory (we found it with grep) and at first glance it does not show any obvious returns with EACCES, so we dig further. This line looks interesting:

       if ((fmode & O_CREAT) == 0) {
               if (fmode & FREAD) {
                       if ((error = VOP_ACCESS(vp, VREAD, cred, p)) != 0)
                               goto bad;

We're not creating a file, and we are reading the file so VOP_ACCESS() is going to determine whether we can access this file or not.

int VOP_ACCESS(vp, mode, cred, p)
       struct vnode *vp;
       int mode;
       struct ucred *cred;
       struct proc *p;
{
...
       return (VCALL(vp, VOFFSET(vop_access), &a));
}


VOP_ACCESS() returns only what VCALL() returns so we look at that.

sys/vnode.h:#define VCALL(VP,OFF,AP) VOCALL((VP)->v_op,(OFF),(AP))

VCALL() is a macro for VOCALL(), (hey noone said this was going to be easy!).

sys/vnode.h:#define VOCALL(OPSV,OFF,AP) (( *((OPSV)[(OFF)])) (AP))

It's a macro as well so we are going to function *(vp->v_op)[VOFFSET(vop_access)] ... so a pointer to a function. Let's pretend it points to ufs_access() in /usr/src/sys/ufs/ufs/ufs_vnops.c:

int
ufs_access(void *v)
{
...
       return (vaccess(ip->i_ffs_mode, ip->i_ffs_uid, ip->i_ffs_gid,
                                       mode, ap->a_cred));
}

Looks like it returns what vaccess() returns, we found this in /usr/src/sys/kern/vfs_subr.c:

/*
 * Do the usual access checking.
 * file_mode, uid and gid are from the vnode in question,
 * while acc_mode and cred are from the VOP_ACCESS parameter list
 */
int
vaccess(mode_t file_mode, uid_t uid, gid_t gid, mode_t acc_mode,
   struct ucred *cred)
...
         return (file_mode & mask) == mask ? 0 : EACCES;
...
               return (file_mode & mask) == mask ? 0 : EACCES;
...
                return (file_mode & mask) == mask ? 0 : EACCES;
...
       return (file_mode & mask) == mask ? 0 : EACCES;


Looks like it can return EACCES at many spots, seems like the function vaccess() determines whether we have permissions or not return either 0 or EACCES.

So when all these functions return in the end sys_open() will also return with EACCES. It's an almost crazy foxhunt but we located it.

So now you should know where errno errors originate (the kernel), and how they are treated in userland to provide you with an error message.