Merge pull request #1272 from owl129/dev

Feature/Fix some error in syscall fcntl and getsockopt

Author: xwings

qiling/os/posix/const.py

@@ -107,6 +107,45 @@
     "IP_MULTICAST_ALL"          : 0x0031,
 }
 
+# https://github.com/torvalds/linux/blob/master/include/uapi/linux/tcp.h
+linux_socket_tcp_options = {
+    "TCP_NODELAY"				: 0x1,
+    "TCP_MAXSEG"				: 0x2,
+    "TCP_CORK"					: 0x3,
+    "TCP_KEEPIDLE"				: 0x4,
+    "TCP_KEEPINTVL"				: 0x5,
+    "TCP_KEEPCNT"				: 0x6,
+    "TCP_SYNCNT"				: 0x7,
+    "TCP_LINGER2"				: 0x8,
+    "TCP_DEFER_ACCEPT"			: 0x9,
+    "TCP_WINDOW_CLAMP"			: 0xa,
+    "TCP_INFO"					: 0xb,
+    "TCP_QUICKACK"				: 0xc,
+    "TCP_CONGESTION"			: 0xd,
+    "TCP_MD5SIG"				: 0xe,
+    "TCP_THIN_LINEAR_TIMEOUTS"	: 0x10,
+    "TCP_THIN_DUPACK"			: 0x11,
+    "TCP_USER_TIMEOUT"			: 0x12,
+    "TCP_REPAIR"				: 0x13,
+    "TCP_REPAIR_QUEUE"			: 0x14,
+    "TCP_QUEUE_SEQ"				: 0x15,
+    "TCP_REPAIR_OPTIONS"		: 0x16,
+    "TCP_FASTOPEN"				: 0x17,
+    "TCP_TIMESTAMP"				: 0x18,
+    "TCP_NOTSENT_LOWAT"			: 0x19,
+    "TCP_CC_INFO"				: 0x1a,
+    "TCP_SAVE_SYN"				: 0x1b,
+    "TCP_SAVED_SYN"				: 0x1c,
+    "TCP_REPAIR_WINDOW"			: 0x1d,
+    "TCP_FASTOPEN_CONNECT"		: 0x1e,
+    "TCP_ULP"					: 0x1f,
+    "TCP_MD5SIG_EXT"			: 0x20,
+    "TCP_FASTOPEN_KEY"			: 0x21,
+    "TCP_FASTOPEN_NO_COOKIE"	: 0x22,
+    "TCP_ZEROCOPY_RECEIVE"		: 0x23,
+    "TCP_INQ"					: 0x24,
+    "TCP_TX_DELAY"				: 0x25,
+}
 
 macos_socket_ip_options = {
     "IP_TOS"                   : 0x0003,
@@ -338,6 +377,7 @@
     "SO_REUSEADDR"              : 0x0004,
     "SO_KEEPALIVE"              : 0x0008,
     "SO_DONTROUTE"              : 0x0010,
+    "SO_BINDTODEVICE"           : 0x0019,
     "SO_BROADCAST"              : 0x0020,
     "SO_LINGER"                 : 0x0080,
     "SO_OOBINLINE"              : 0x0100,

qiling/os/posix/const_mapping.py

@@ -154,6 +154,17 @@ def socket_domain_mapping(p: int, archtype: QL_ARCH, ostype: QL_OS) -> str:
     return _constant_mapping(p, socket_domain_map)
 
 
+def socket_tcp_option_mapping(t: int, archtype: QL_ARCH) -> str:
+    socket_option_map = {
+        QL_ARCH.X86: linux_socket_tcp_options,
+        QL_ARCH.X8664: linux_socket_tcp_options,
+        QL_ARCH.ARM: linux_socket_tcp_options,
+        QL_ARCH.ARM64: linux_socket_tcp_options,
+        QL_ARCH.MIPS: linux_socket_tcp_options,
+    }[archtype]
+    return _constant_mapping(t, socket_option_map)
+
+
 def socket_level_mapping(t: int, archtype: QL_ARCH) -> str:
     socket_level_map = {
         QL_ARCH.X86:   linux_x86_socket_level,

qiling/os/posix/filestruct.py

@@ -3,7 +3,7 @@
 # Cross Platform and Multi Architecture Advanced Binary Emulation Framework
 #
 import os
-from socket import socket, AddressFamily, SocketKind
+from socket import socket, AddressFamily, SocketKind, socketpair
 from typing import Union
 
 try:
@@ -40,6 +40,12 @@ def open(cls, domain: Union[AddressFamily, int], socktype: Union[SocketKind, int
 
         return cls(s)
 
+    @classmethod
+    def socketpair(cls, domain: Union[AddressFamily, int], socktype: Union[SocketKind, int], protocol: int):
+        a, b = socketpair(domain, socktype, protocol)
+
+        return cls(a), cls(b)
+
     def read(self, length: int) -> bytes:
         return os.read(self.__fd, length)
 

qiling/os/posix/structs.py

@@ -113,3 +113,16 @@ class iovec(Struct):
         )
 
     return iovec
+
+
+def make_pollfd(archbits: int, endian: QL_ENDIAN):
+    Struct = struct.get_aligned_struct(archbits, endian)
+
+    class pollfd(Struct):
+        _fields_ = (
+            ('fd', ctypes.c_int32),
+            ('events', ctypes.c_int16),
+            ('revents', ctypes.c_int16)
+        )
+
+    return pollfd

qiling/os/posix/syscall/fcntl.py

@@ -150,7 +150,8 @@ def ql_syscall_fcntl(ql: Qiling, fd: int, cmd: int, arg: int):
         regreturn = f.fcntl(cmd, arg)
 
     elif cmd == F_SETFL:
-        f.fcntl(cmd, arg)
+        flags = ql_open_flag_mapping(ql, arg)
+        f.fcntl(cmd, flags)
         regreturn = 0
 
     else:

qiling/os/posix/syscall/poll.py

@@ -4,6 +4,41 @@
 #
 
 from qiling import Qiling
+from qiling.const import QL_OS, QL_ENDIAN
+from qiling.os.posix.structs import *
+import select
+import ctypes
+
 
 def ql_syscall_poll(ql: Qiling, fds: int, nfds: int, timeout: int):
-    return 0
+    pollfd = make_pollfd(ql.arch.bits, ql.arch.endian)
+
+    if ql.host.os == QL_OS.LINUX:
+        fn_map = {}
+        try:
+            p = select.poll()
+            for i in range(nfds):
+                with pollfd.ref(ql.mem, fds + ctypes.sizeof(pollfd) * i) as pf:
+                    # clear revents field
+                    pf.revents = 0
+
+                    ql.log.debug(f"register poll fd {pf.fd}, event {pf.events}")
+                    fileno = ql.os.fd[pf.fd].fileno()
+                    fn_map[fileno] = i
+                    p.register(fileno, pf.events)
+
+            res_list = p.poll(timeout)
+            regreturn = len(res_list)
+
+            for fn, revent in res_list:
+                with pollfd.ref(ql.mem, fds + ctypes.sizeof(pollfd) * fn_map[fn]) as pf:
+                    ql.log.debug(f"receive event on fd {pf.fd}, revent {revent}")
+                    pf.revents = revent
+        except Exception as e:
+            ql.log.error(f'{e} {fds=}, {nfds=}, {timeout=}')
+            regreturn = -1
+                
+        return regreturn
+    else:
+        ql.log.warning(f'syscall poll not implemented')
+        return 0

qiling/os/posix/syscall/socket.py

@@ -9,7 +9,7 @@
 
 from qiling import Qiling
 from qiling.const import QL_ARCH, QL_VERBOSE
-from qiling.os.posix.const_mapping import socket_type_mapping, socket_level_mapping, socket_domain_mapping, socket_ip_option_mapping, socket_option_mapping
+from qiling.os.posix.const_mapping import socket_type_mapping, socket_level_mapping, socket_domain_mapping, socket_ip_option_mapping, socket_tcp_option_mapping, socket_option_mapping
 from qiling.os.posix.const import *
 from qiling.os.posix.filestruct import ql_socket
 from qiling.os.posix.structs import *
@@ -126,6 +126,52 @@ def ql_syscall_socket(ql: Qiling, domain: int, socktype: int, protocol: int):
     return idx
 
 
+def ql_syscall_socketpair(ql: Qiling, socket_domain, socket_type, socket_protocol, sv: int):
+    idx_list = [i for i in range(NR_OPEN) if ql.os.fd[i] is None]
+    if len(idx_list) > 1:
+        idx1, idx2 = idx_list[:2]
+
+        emu_socket_value = socket_type
+
+        # ql_socket.open should use host platform based socket_type.
+        try:
+            emu_socket_type = socket_type_mapping(socket_type, ql.arch.type)
+        except KeyError:
+            ql.log.error(f'Cannot convert emu_socket_type {emu_socket_value} to host platform based socket_type')
+            raise
+
+        try:
+            socket_type = getattr(socket, emu_socket_type)
+        except AttributeError:
+            ql.log.error(f'Cannot convert emu_socket_type {emu_socket_type}:{emu_socket_value} to host platform based socket_type')
+            raise
+
+        ql.log.debug(f'Convert emu_socket_type {emu_socket_type}:{emu_socket_value} to host platform based socket_type {emu_socket_type}:{socket_type}')
+
+        try:
+            sock1, sock2 = ql_socket.socketpair(socket_domain, socket_type, socket_protocol)
+
+            # save sock to ql
+            ql.os.fd[idx1] = sock1
+            ql.os.fd[idx2] = sock2
+
+            # save fd to &sv
+            ql.mem.write(sv, ql.pack32(idx1))
+            ql.mem.write(sv+4, ql.pack32(idx2))
+            regreturn = 0
+
+        # May raise error: Protocol not supported
+        except OSError as e:
+            ql.log.debug(f'{e}: {socket_domain=}, {socket_type=}, {socket_protocol=}, {sv=}')
+            regreturn = -1
+
+    socket_type = socket_type_mapping(socket_type, ql.arch.type)
+    socket_domain = socket_domain_mapping(socket_domain, ql.arch.type, ql.os.type)
+    ql.log.debug("socketpair(%s, %s, %s, %d) = %d" % (socket_domain, socket_type, socket_protocol, sv, regreturn))
+
+    return regreturn
+
+
 def ql_syscall_connect(ql: Qiling, sockfd: int, addr: int, addrlen: int):
     if sockfd not in range(NR_OPEN):
         return -1
@@ -218,6 +264,8 @@ def ql_syscall_getsockopt(ql: Qiling, sockfd: int, level: int, optname: int, opt
         # emu_opt_name is based on level
         if vsock_level_name == 'IPPROTO_IP':
             vsock_opt_name = socket_ip_option_mapping(vsock_opt, ql.arch.type, ql.os.type)
+        elif vsock_level_name == 'IPPROTO_TCP':
+            vsock_opt_name = socket_tcp_option_mapping(vsock_opt, ql.arch.type)
         else:
             vsock_opt_name = socket_option_mapping(vsock_opt, ql.arch.type)
 
@@ -288,6 +336,8 @@ def ql_syscall_setsockopt(ql: Qiling, sockfd: int, level: int, optname: int, opt
             # emu_opt_name is based on level
             if vsock_level_name == 'IPPROTO_IP':
                 vsock_opt_name = socket_ip_option_mapping(vsock_opt, ql.arch.type, ql.os.type)
+            elif vsock_level_name == 'IPPROTO_TCP':
+                vsock_opt_name = socket_tcp_option_mapping(vsock_opt, ql.arch.type)
             else:
                 vsock_opt_name = socket_option_mapping(vsock_opt, ql.arch.type)