strace.c revision 9a71bcdab254e4cd93b8f1e93c659644eb70ea9b
1/* 2 * Copyright (c) 1991, 1992 Paul Kranenburg <pk@cs.few.eur.nl> 3 * Copyright (c) 1993 Branko Lankester <branko@hacktic.nl> 4 * Copyright (c) 1993, 1994, 1995, 1996 Rick Sladkey <jrs@world.std.com> 5 * Copyright (c) 1996-1999 Wichert Akkerman <wichert@cistron.nl> 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. The name of the author may not be used to endorse or promote products 17 * derived from this software without specific prior written permission. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 20 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 21 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 22 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 23 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 24 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 25 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 26 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 28 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 */ 30 31#include "defs.h" 32#include <stdarg.h> 33#include <sys/param.h> 34#include <fcntl.h> 35#include <sys/resource.h> 36#include <sys/wait.h> 37#include <sys/stat.h> 38#include <pwd.h> 39#include <grp.h> 40#include <dirent.h> 41#include <sys/utsname.h> 42#if defined(IA64) 43# include <asm/ptrace_offsets.h> 44#endif 45/* In some libc, these aren't declared. Do it ourself: */ 46extern char **environ; 47extern int optind; 48extern char *optarg; 49 50 51#if defined __NR_tkill 52# define my_tkill(tid, sig) syscall(__NR_tkill, (tid), (sig)) 53#else 54 /* kill() may choose arbitrarily the target task of the process group 55 while we later wait on a that specific TID. PID process waits become 56 TID task specific waits for a process under ptrace(2). */ 57# warning "tkill(2) not available, risk of strace hangs!" 58# define my_tkill(tid, sig) kill((tid), (sig)) 59#endif 60 61#undef KERNEL_VERSION 62#define KERNEL_VERSION(a,b,c) (((a) << 16) + ((b) << 8) + (c)) 63 64cflag_t cflag = CFLAG_NONE; 65unsigned int followfork = 0; 66unsigned int ptrace_setoptions = 0; 67unsigned int xflag = 0; 68bool debug_flag = 0; 69bool Tflag = 0; 70bool qflag = 0; 71/* Which WSTOPSIG(status) value marks syscall traps? */ 72static unsigned int syscall_trap_sig = SIGTRAP; 73static unsigned int tflag = 0; 74static bool iflag = 0; 75static bool rflag = 0; 76static bool print_pid_pfx = 0; 77 78/* -I n */ 79enum { 80 INTR_NOT_SET = 0, 81 INTR_ANYWHERE = 1, /* don't block/ignore any signals */ 82 INTR_WHILE_WAIT = 2, /* block fatal signals while decoding syscall. default */ 83 INTR_NEVER = 3, /* block fatal signals. default if '-o FILE PROG' */ 84 INTR_BLOCK_TSTP_TOO = 4, /* block fatal signals and SIGTSTP (^Z) */ 85 NUM_INTR_OPTS 86}; 87static int opt_intr; 88/* We play with signal mask only if this mode is active: */ 89#define interactive (opt_intr == INTR_WHILE_WAIT) 90 91/* 92 * daemonized_tracer supports -D option. 93 * With this option, strace forks twice. 94 * Unlike normal case, with -D *grandparent* process exec's, 95 * becoming a traced process. Child exits (this prevents traced process 96 * from having children it doesn't expect to have), and grandchild 97 * attaches to grandparent similarly to strace -p PID. 98 * This allows for more transparent interaction in cases 99 * when process and its parent are communicating via signals, 100 * wait() etc. Without -D, strace process gets lodged in between, 101 * disrupting parent<->child link. 102 */ 103static bool daemonized_tracer = 0; 104 105#ifdef USE_SEIZE 106static int post_attach_sigstop = TCB_IGNORE_ONE_SIGSTOP; 107# define use_seize (post_attach_sigstop == 0) 108#else 109# define post_attach_sigstop TCB_IGNORE_ONE_SIGSTOP 110# define use_seize 0 111#endif 112 113/* Sometimes we want to print only succeeding syscalls. */ 114bool not_failing_only = 0; 115 116/* Show path associated with fd arguments */ 117bool show_fd_path = 0; 118 119/* are we filtering traces based on paths? */ 120bool tracing_paths = 0; 121 122static bool detach_on_execve = 0; 123static bool skip_startup_execve = 0; 124 125static int exit_code = 0; 126static int strace_child = 0; 127static int strace_tracer_pid = 0; 128 129static char *username = NULL; 130static uid_t run_uid; 131static gid_t run_gid; 132 133unsigned int max_strlen = DEFAULT_STRLEN; 134static int acolumn = DEFAULT_ACOLUMN; 135static char *acolumn_spaces; 136 137static char *outfname = NULL; 138/* If -ff, points to stderr. Else, it's our common output log */ 139static FILE *shared_log; 140 141struct tcb *printing_tcp = NULL; 142static struct tcb *current_tcp; 143 144static struct tcb **tcbtab; 145static unsigned int nprocs, tcbtabsize; 146static const char *progname; 147 148static unsigned os_release; /* generated from uname()'s u.release */ 149 150static int detach(struct tcb *tcp); 151static int trace(void); 152static void cleanup(void); 153static void interrupt(int sig); 154static sigset_t empty_set, blocked_set; 155 156#ifdef HAVE_SIG_ATOMIC_T 157static volatile sig_atomic_t interrupted; 158#else 159static volatile int interrupted; 160#endif 161 162#ifndef HAVE_STRERROR 163 164#if !HAVE_DECL_SYS_ERRLIST 165extern int sys_nerr; 166extern char *sys_errlist[]; 167#endif 168 169const char * 170strerror(int err_no) 171{ 172 static char buf[sizeof("Unknown error %d") + sizeof(int)*3]; 173 174 if (err_no < 1 || err_no >= sys_nerr) { 175 sprintf(buf, "Unknown error %d", err_no); 176 return buf; 177 } 178 return sys_errlist[err_no]; 179} 180 181#endif /* HAVE_STERRROR */ 182 183static void 184usage(FILE *ofp, int exitval) 185{ 186 fprintf(ofp, "\ 187usage: strace [-CdffhiqrtttTvVxxy] [-I n] [-e expr]...\n\ 188 [-a column] [-o file] [-s strsize] [-P path]...\n\ 189 -p pid... / [-D] [-E var=val]... [-u username] PROG [ARGS]\n\ 190 or: strace -c[df] [-I n] [-e expr]... [-O overhead] [-S sortby]\n\ 191 -p pid... / [-D] [-E var=val]... [-u username] PROG [ARGS]\n\ 192-c -- count time, calls, and errors for each syscall and report summary\n\ 193-C -- like -c but also print regular output\n\ 194-d -- enable debug output to stderr\n\ 195-D -- run tracer process as a detached grandchild, not as parent\n\ 196-f -- follow forks, -ff -- with output into separate files\n\ 197-F -- attempt to follow vforks (deprecated, use -f)\n\ 198-i -- print instruction pointer at time of syscall\n\ 199-q -- suppress messages about attaching, detaching, etc.\n\ 200-r -- print relative timestamp, -t -- absolute timestamp, -tt -- with usecs\n\ 201-T -- print time spent in each syscall\n\ 202-v -- verbose mode: print unabbreviated argv, stat, termios, etc. args\n\ 203-x -- print non-ascii strings in hex, -xx -- print all strings in hex\n\ 204-y -- print paths associated with file descriptor arguments\n\ 205-h -- print help message, -V -- print version\n\ 206-a column -- alignment COLUMN for printing syscall results (default %d)\n\ 207-e expr -- a qualifying expression: option=[!]all or option=[!]val1[,val2]...\n\ 208 options: trace, abbrev, verbose, raw, signal, read, or write\n\ 209-I interruptible --\n\ 210 1: no signals are blocked\n\ 211 2: fatal signals are blocked while decoding syscall (default)\n\ 212 3: fatal signals are always blocked (default if '-o FILE PROG')\n\ 213 4: fatal signals and SIGTSTP (^Z) are always blocked\n\ 214 (useful to make 'strace -o FILE PROG' not stop on ^Z)\n\ 215-o file -- send trace output to FILE instead of stderr\n\ 216-O overhead -- set overhead for tracing syscalls to OVERHEAD usecs\n\ 217-p pid -- trace process with process id PID, may be repeated\n\ 218-s strsize -- limit length of print strings to STRSIZE chars (default %d)\n\ 219-S sortby -- sort syscall counts by: time, calls, name, nothing (default %s)\n\ 220-u username -- run command as username handling setuid and/or setgid\n\ 221-E var=val -- put var=val in the environment for command\n\ 222-E var -- remove var from the environment for command\n\ 223-P path -- trace accesses to path\n\ 224" 225/* this is broken, so don't document it 226-z -- print only succeeding syscalls\n\ 227 */ 228/* experimental, don't document it yet (option letter may change in the future!) 229-b -- detach on successful execve\n\ 230 */ 231, DEFAULT_ACOLUMN, DEFAULT_STRLEN, DEFAULT_SORTBY); 232 exit(exitval); 233} 234 235static void die(void) __attribute__ ((noreturn)); 236static void die(void) 237{ 238 if (strace_tracer_pid == getpid()) { 239 cflag = 0; 240 cleanup(); 241 } 242 exit(1); 243} 244 245static void verror_msg(int err_no, const char *fmt, va_list p) 246{ 247 char *msg; 248 249 fflush(NULL); 250 251 /* We want to print entire message with single fprintf to ensure 252 * message integrity if stderr is shared with other programs. 253 * Thus we use vasprintf + single fprintf. 254 */ 255 msg = NULL; 256 if (vasprintf(&msg, fmt, p) >= 0) { 257 if (err_no) 258 fprintf(stderr, "%s: %s: %s\n", progname, msg, strerror(err_no)); 259 else 260 fprintf(stderr, "%s: %s\n", progname, msg); 261 free(msg); 262 } else { 263 /* malloc in vasprintf failed, try it without malloc */ 264 fprintf(stderr, "%s: ", progname); 265 vfprintf(stderr, fmt, p); 266 if (err_no) 267 fprintf(stderr, ": %s\n", strerror(err_no)); 268 else 269 putc('\n', stderr); 270 } 271 /* We don't switch stderr to buffered, thus fprintf(stderr) 272 * always flushes its output and this is not necessary: */ 273 /* fflush(stderr); */ 274} 275 276void error_msg(const char *fmt, ...) 277{ 278 va_list p; 279 va_start(p, fmt); 280 verror_msg(0, fmt, p); 281 va_end(p); 282} 283 284void error_msg_and_die(const char *fmt, ...) 285{ 286 va_list p; 287 va_start(p, fmt); 288 verror_msg(0, fmt, p); 289 die(); 290} 291 292void perror_msg(const char *fmt, ...) 293{ 294 va_list p; 295 va_start(p, fmt); 296 verror_msg(errno, fmt, p); 297 va_end(p); 298} 299 300void perror_msg_and_die(const char *fmt, ...) 301{ 302 va_list p; 303 va_start(p, fmt); 304 verror_msg(errno, fmt, p); 305 die(); 306} 307 308void die_out_of_memory(void) 309{ 310 static bool recursed = 0; 311 if (recursed) 312 exit(1); 313 recursed = 1; 314 error_msg_and_die("Out of memory"); 315} 316 317static void 318error_opt_arg(int opt, const char *arg) 319{ 320 error_msg_and_die("Invalid -%c argument: '%s'", opt, arg); 321} 322 323/* Glue for systems without a MMU that cannot provide fork() */ 324#ifdef HAVE_FORK 325# define strace_vforked 0 326#else 327# define strace_vforked 1 328# define fork() vfork() 329#endif 330 331#ifdef USE_SEIZE 332static int 333ptrace_attach_or_seize(int pid) 334{ 335 int r; 336 if (!use_seize) 337 return ptrace(PTRACE_ATTACH, pid, 0, 0); 338 r = ptrace(PTRACE_SEIZE, pid, 0, 0); 339 if (r) 340 return r; 341 r = ptrace(PTRACE_INTERRUPT, pid, 0, 0); 342 return r; 343} 344#else 345# define ptrace_attach_or_seize(pid) ptrace(PTRACE_ATTACH, (pid), 0, 0) 346#endif 347 348/* 349 * Used when we want to unblock stopped traced process. 350 * Should be only used with PTRACE_CONT, PTRACE_DETACH and PTRACE_SYSCALL. 351 * Returns 0 on success or if error was ESRCH 352 * (presumably process was killed while we talk to it). 353 * Otherwise prints error message and returns -1. 354 */ 355static int 356ptrace_restart(int op, struct tcb *tcp, int sig) 357{ 358 int err; 359 const char *msg; 360 361 errno = 0; 362 ptrace(op, tcp->pid, (void *) 0, (long) sig); 363 err = errno; 364 if (!err) 365 return 0; 366 367 msg = "SYSCALL"; 368 if (op == PTRACE_CONT) 369 msg = "CONT"; 370 if (op == PTRACE_DETACH) 371 msg = "DETACH"; 372#ifdef PTRACE_LISTEN 373 if (op == PTRACE_LISTEN) 374 msg = "LISTEN"; 375#endif 376 /* 377 * Why curcol != 0? Otherwise sometimes we get this: 378 * 379 * 10252 kill(10253, SIGKILL) = 0 380 * <ptrace(SYSCALL,10252):No such process>10253 ...next decode... 381 * 382 * 10252 died after we retrieved syscall exit data, 383 * but before we tried to restart it. Log looks ugly. 384 */ 385 if (current_tcp && current_tcp->curcol != 0) { 386 tprintf(" <ptrace(%s):%s>\n", msg, strerror(err)); 387 line_ended(); 388 } 389 if (err == ESRCH) 390 return 0; 391 errno = err; 392 perror_msg("ptrace(PTRACE_%s,pid:%d,sig:%d)", msg, tcp->pid, sig); 393 return -1; 394} 395 396static void 397set_cloexec_flag(int fd) 398{ 399 int flags, newflags; 400 401 flags = fcntl(fd, F_GETFD); 402 if (flags < 0) { 403 /* Can happen only if fd is bad. 404 * Should never happen: if it does, we have a bug 405 * in the caller. Therefore we just abort 406 * instead of propagating the error. 407 */ 408 perror_msg_and_die("fcntl(%d, F_GETFD)", fd); 409 } 410 411 newflags = flags | FD_CLOEXEC; 412 if (flags == newflags) 413 return; 414 415 fcntl(fd, F_SETFD, newflags); /* never fails */ 416} 417 418static void kill_save_errno(pid_t pid, int sig) 419{ 420 int saved_errno = errno; 421 422 (void) kill(pid, sig); 423 errno = saved_errno; 424} 425 426/* 427 * When strace is setuid executable, we have to swap uids 428 * before and after filesystem and process management operations. 429 */ 430static void 431swap_uid(void) 432{ 433 int euid = geteuid(), uid = getuid(); 434 435 if (euid != uid && setreuid(euid, uid) < 0) { 436 perror_msg_and_die("setreuid"); 437 } 438} 439 440#if _LFS64_LARGEFILE 441# define fopen_for_output fopen64 442#else 443# define fopen_for_output fopen 444#endif 445 446static FILE * 447strace_fopen(const char *path) 448{ 449 FILE *fp; 450 451 swap_uid(); 452 fp = fopen_for_output(path, "w"); 453 if (!fp) 454 perror_msg_and_die("Can't fopen '%s'", path); 455 swap_uid(); 456 set_cloexec_flag(fileno(fp)); 457 return fp; 458} 459 460static int popen_pid = 0; 461 462#ifndef _PATH_BSHELL 463# define _PATH_BSHELL "/bin/sh" 464#endif 465 466/* 467 * We cannot use standard popen(3) here because we have to distinguish 468 * popen child process from other processes we trace, and standard popen(3) 469 * does not export its child's pid. 470 */ 471static FILE * 472strace_popen(const char *command) 473{ 474 FILE *fp; 475 int fds[2]; 476 477 swap_uid(); 478 if (pipe(fds) < 0) 479 perror_msg_and_die("pipe"); 480 481 set_cloexec_flag(fds[1]); /* never fails */ 482 483 popen_pid = vfork(); 484 if (popen_pid == -1) 485 perror_msg_and_die("vfork"); 486 487 if (popen_pid == 0) { 488 /* child */ 489 close(fds[1]); 490 if (fds[0] != 0) { 491 if (dup2(fds[0], 0)) 492 perror_msg_and_die("dup2"); 493 close(fds[0]); 494 } 495 execl(_PATH_BSHELL, "sh", "-c", command, NULL); 496 perror_msg_and_die("Can't execute '%s'", _PATH_BSHELL); 497 } 498 499 /* parent */ 500 close(fds[0]); 501 swap_uid(); 502 fp = fdopen(fds[1], "w"); 503 if (!fp) 504 die_out_of_memory(); 505 return fp; 506} 507 508void 509tprintf(const char *fmt, ...) 510{ 511 va_list args; 512 513 va_start(args, fmt); 514 if (current_tcp) { 515 int n = strace_vfprintf(current_tcp->outf, fmt, args); 516 if (n < 0) { 517 if (current_tcp->outf != stderr) 518 perror_msg("%s", outfname); 519 } else 520 current_tcp->curcol += n; 521 } 522 va_end(args); 523} 524 525void 526tprints(const char *str) 527{ 528 if (current_tcp) { 529 int n = fputs_unlocked(str, current_tcp->outf); 530 if (n >= 0) { 531 current_tcp->curcol += strlen(str); 532 return; 533 } 534 if (current_tcp->outf != stderr) 535 perror_msg("%s", outfname); 536 } 537} 538 539void 540line_ended(void) 541{ 542 if (current_tcp) { 543 current_tcp->curcol = 0; 544 fflush(current_tcp->outf); 545 } 546 if (printing_tcp) { 547 printing_tcp->curcol = 0; 548 printing_tcp = NULL; 549 } 550} 551 552void 553printleader(struct tcb *tcp) 554{ 555 /* If -ff, "previous tcb we printed" is always the same as current, 556 * because we have per-tcb output files. 557 */ 558 if (followfork >= 2) 559 printing_tcp = tcp; 560 561 if (printing_tcp) { 562 current_tcp = printing_tcp; 563 if (printing_tcp->curcol != 0 && (followfork < 2 || printing_tcp == tcp)) { 564 /* 565 * case 1: we have a shared log (i.e. not -ff), and last line 566 * wasn't finished (same or different tcb, doesn't matter). 567 * case 2: split log, we are the same tcb, but our last line 568 * didn't finish ("SIGKILL nuked us after syscall entry" etc). 569 */ 570 tprints(" <unfinished ...>\n"); 571 printing_tcp->curcol = 0; 572 } 573 } 574 575 printing_tcp = tcp; 576 current_tcp = tcp; 577 current_tcp->curcol = 0; 578 579 if (print_pid_pfx) 580 tprintf("%-5d ", tcp->pid); 581 else if (nprocs > 1 && !outfname) 582 tprintf("[pid %5u] ", tcp->pid); 583 584 if (tflag) { 585 char str[sizeof("HH:MM:SS")]; 586 struct timeval tv, dtv; 587 static struct timeval otv; 588 589 gettimeofday(&tv, NULL); 590 if (rflag) { 591 if (otv.tv_sec == 0) 592 otv = tv; 593 tv_sub(&dtv, &tv, &otv); 594 tprintf("%6ld.%06ld ", 595 (long) dtv.tv_sec, (long) dtv.tv_usec); 596 otv = tv; 597 } 598 else if (tflag > 2) { 599 tprintf("%ld.%06ld ", 600 (long) tv.tv_sec, (long) tv.tv_usec); 601 } 602 else { 603 time_t local = tv.tv_sec; 604 strftime(str, sizeof(str), "%T", localtime(&local)); 605 if (tflag > 1) 606 tprintf("%s.%06ld ", str, (long) tv.tv_usec); 607 else 608 tprintf("%s ", str); 609 } 610 } 611 if (iflag) 612 printcall(tcp); 613} 614 615void 616tabto(void) 617{ 618 if (current_tcp->curcol < acolumn) 619 tprints(acolumn_spaces + current_tcp->curcol); 620} 621 622/* Should be only called directly *after successful attach* to a tracee. 623 * Otherwise, "strace -oFILE -ff -p<nonexistant_pid>" 624 * may create bogus empty FILE.<nonexistant_pid>, and then die. 625 */ 626static void 627newoutf(struct tcb *tcp) 628{ 629 tcp->outf = shared_log; /* if not -ff mode, the same file is for all */ 630 if (followfork >= 2) { 631 char name[520 + sizeof(int) * 3]; 632 sprintf(name, "%.512s.%u", outfname, tcp->pid); 633 tcp->outf = strace_fopen(name); 634 } 635} 636 637static void 638expand_tcbtab(void) 639{ 640 /* Allocate some more TCBs and expand the table. 641 We don't want to relocate the TCBs because our 642 callers have pointers and it would be a pain. 643 So tcbtab is a table of pointers. Since we never 644 free the TCBs, we allocate a single chunk of many. */ 645 int i = tcbtabsize; 646 struct tcb *newtcbs = calloc(tcbtabsize, sizeof(newtcbs[0])); 647 struct tcb **newtab = realloc(tcbtab, tcbtabsize * 2 * sizeof(tcbtab[0])); 648 if (!newtab || !newtcbs) 649 die_out_of_memory(); 650 tcbtabsize *= 2; 651 tcbtab = newtab; 652 while (i < tcbtabsize) 653 tcbtab[i++] = newtcbs++; 654} 655 656static struct tcb * 657alloctcb(int pid) 658{ 659 int i; 660 struct tcb *tcp; 661 662 if (nprocs == tcbtabsize) 663 expand_tcbtab(); 664 665 for (i = 0; i < tcbtabsize; i++) { 666 tcp = tcbtab[i]; 667 if ((tcp->flags & TCB_INUSE) == 0) { 668 memset(tcp, 0, sizeof(*tcp)); 669 tcp->pid = pid; 670 tcp->flags = TCB_INUSE; 671#if SUPPORTED_PERSONALITIES > 1 672 tcp->currpers = current_personality; 673#endif 674 nprocs++; 675 if (debug_flag) 676 fprintf(stderr, "new tcb for pid %d, active tcbs:%d\n", tcp->pid, nprocs); 677 return tcp; 678 } 679 } 680 error_msg_and_die("bug in alloctcb"); 681} 682 683static void 684droptcb(struct tcb *tcp) 685{ 686 if (tcp->pid == 0) 687 return; 688 689 nprocs--; 690 if (debug_flag) 691 fprintf(stderr, "dropped tcb for pid %d, %d remain\n", tcp->pid, nprocs); 692 693 if (tcp->outf) { 694 if (followfork >= 2) { 695 if (tcp->curcol != 0) 696 fprintf(tcp->outf, " <detached ...>\n"); 697 fclose(tcp->outf); 698 } else { 699 if (printing_tcp == tcp && tcp->curcol != 0) 700 fprintf(tcp->outf, " <detached ...>\n"); 701 fflush(tcp->outf); 702 } 703 } 704 705 if (current_tcp == tcp) 706 current_tcp = NULL; 707 if (printing_tcp == tcp) 708 printing_tcp = NULL; 709 710 memset(tcp, 0, sizeof(*tcp)); 711} 712 713/* detach traced process; continue with sig 714 * Never call DETACH twice on the same process as both unattached and 715 * attached-unstopped processes give the same ESRCH. For unattached process we 716 * would SIGSTOP it and wait for its SIGSTOP notification forever. 717 */ 718static int 719detach(struct tcb *tcp) 720{ 721 int error; 722 int status, sigstop_expected; 723 724 if (tcp->flags & TCB_BPTSET) 725 clearbpt(tcp); 726 727 /* 728 * Linux wrongly insists the child be stopped 729 * before detaching. Arghh. We go through hoops 730 * to make a clean break of things. 731 */ 732#if defined(SPARC) 733# undef PTRACE_DETACH 734# define PTRACE_DETACH PTRACE_SUNDETACH 735#endif 736 737 error = 0; 738 sigstop_expected = 0; 739 if (tcp->flags & TCB_ATTACHED) { 740 /* 741 * We attached but possibly didn't see the expected SIGSTOP. 742 * We must catch exactly one as otherwise the detached process 743 * would be left stopped (process state T). 744 */ 745 sigstop_expected = (tcp->flags & TCB_IGNORE_ONE_SIGSTOP); 746 error = ptrace(PTRACE_DETACH, tcp->pid, (char *) 1, 0); 747 if (error == 0) { 748 /* On a clear day, you can see forever. */ 749 } 750 else if (errno != ESRCH) { 751 /* Shouldn't happen. */ 752 perror_msg("%s", "detach: ptrace(PTRACE_DETACH, ...)"); 753 } 754 else if (my_tkill(tcp->pid, 0) < 0) { 755 if (errno != ESRCH) 756 perror_msg("%s", "detach: checking sanity"); 757 } 758 else if (!sigstop_expected && my_tkill(tcp->pid, SIGSTOP) < 0) { 759 if (errno != ESRCH) 760 perror_msg("%s", "detach: stopping child"); 761 } 762 else 763 sigstop_expected = 1; 764 } 765 766 if (sigstop_expected) { 767 for (;;) { 768#ifdef __WALL 769 if (waitpid(tcp->pid, &status, __WALL) < 0) { 770 if (errno == ECHILD) /* Already gone. */ 771 break; 772 if (errno != EINVAL) { 773 perror_msg("%s", "detach: waiting"); 774 break; 775 } 776#endif /* __WALL */ 777 /* No __WALL here. */ 778 if (waitpid(tcp->pid, &status, 0) < 0) { 779 if (errno != ECHILD) { 780 perror_msg("%s", "detach: waiting"); 781 break; 782 } 783#ifdef __WCLONE 784 /* If no processes, try clones. */ 785 if (waitpid(tcp->pid, &status, __WCLONE) < 0) { 786 if (errno != ECHILD) 787 perror_msg("%s", "detach: waiting"); 788 break; 789 } 790#endif /* __WCLONE */ 791 } 792#ifdef __WALL 793 } 794#endif 795 if (!WIFSTOPPED(status)) { 796 /* Au revoir, mon ami. */ 797 break; 798 } 799 if (WSTOPSIG(status) == SIGSTOP) { 800 ptrace_restart(PTRACE_DETACH, tcp, 0); 801 break; 802 } 803 error = ptrace_restart(PTRACE_CONT, tcp, 804 WSTOPSIG(status) == syscall_trap_sig ? 0 805 : WSTOPSIG(status)); 806 if (error < 0) 807 break; 808 } 809 } 810 811 if (!qflag && (tcp->flags & TCB_ATTACHED)) 812 fprintf(stderr, "Process %u detached\n", tcp->pid); 813 814 droptcb(tcp); 815 816 return error; 817} 818 819static void 820process_opt_p_list(char *opt) 821{ 822 while (*opt) { 823 /* 824 * We accept -p PID,PID; -p "`pidof PROG`"; -p "`pgrep PROG`". 825 * pidof uses space as delim, pgrep uses newline. :( 826 */ 827 int pid; 828 char *delim = opt + strcspn(opt, ", \n\t"); 829 char c = *delim; 830 831 *delim = '\0'; 832 pid = string_to_uint(opt); 833 if (pid <= 0) { 834 error_msg_and_die("Invalid process id: '%s'", opt); 835 } 836 if (pid == strace_tracer_pid) { 837 error_msg_and_die("I'm sorry, I can't let you do that, Dave."); 838 } 839 *delim = c; 840 alloctcb(pid); 841 if (c == '\0') 842 break; 843 opt = delim + 1; 844 } 845} 846 847static void 848startup_attach(void) 849{ 850 int tcbi; 851 struct tcb *tcp; 852 853 /* 854 * Block user interruptions as we would leave the traced 855 * process stopped (process state T) if we would terminate in 856 * between PTRACE_ATTACH and wait4() on SIGSTOP. 857 * We rely on cleanup() from this point on. 858 */ 859 if (interactive) 860 sigprocmask(SIG_BLOCK, &blocked_set, NULL); 861 862 if (daemonized_tracer) { 863 pid_t pid = fork(); 864 if (pid < 0) { 865 perror_msg_and_die("fork"); 866 } 867 if (pid) { /* parent */ 868 /* 869 * Wait for grandchild to attach to straced process 870 * (grandparent). Grandchild SIGKILLs us after it attached. 871 * Grandparent's wait() is unblocked by our death, 872 * it proceeds to exec the straced program. 873 */ 874 pause(); 875 _exit(0); /* paranoia */ 876 } 877 /* grandchild */ 878 /* We will be the tracer process. Remember our new pid: */ 879 strace_tracer_pid = getpid(); 880 } 881 882 for (tcbi = 0; tcbi < tcbtabsize; tcbi++) { 883 tcp = tcbtab[tcbi]; 884 885 if (!(tcp->flags & TCB_INUSE)) 886 continue; 887 888 /* Is this a process we should attach to, but not yet attached? */ 889 if (tcp->flags & TCB_ATTACHED) 890 continue; /* no, we already attached it */ 891 892 if (followfork && !daemonized_tracer) { 893 char procdir[sizeof("/proc/%d/task") + sizeof(int) * 3]; 894 DIR *dir; 895 896 sprintf(procdir, "/proc/%d/task", tcp->pid); 897 dir = opendir(procdir); 898 if (dir != NULL) { 899 unsigned int ntid = 0, nerr = 0; 900 struct dirent *de; 901 902 while ((de = readdir(dir)) != NULL) { 903 struct tcb *cur_tcp; 904 int tid; 905 906 if (de->d_fileno == 0) 907 continue; 908 /* we trust /proc filesystem */ 909 tid = atoi(de->d_name); 910 if (tid <= 0) 911 continue; 912 ++ntid; 913 if (ptrace_attach_or_seize(tid) < 0) { 914 ++nerr; 915 if (debug_flag) 916 fprintf(stderr, "attach to pid %d failed\n", tid); 917 continue; 918 } 919 if (debug_flag) 920 fprintf(stderr, "attach to pid %d succeeded\n", tid); 921 cur_tcp = tcp; 922 if (tid != tcp->pid) 923 cur_tcp = alloctcb(tid); 924 cur_tcp->flags |= TCB_ATTACHED | TCB_STARTUP | post_attach_sigstop; 925 newoutf(cur_tcp); 926 } 927 closedir(dir); 928 if (interactive) { 929 sigprocmask(SIG_SETMASK, &empty_set, NULL); 930 if (interrupted) 931 goto ret; 932 sigprocmask(SIG_BLOCK, &blocked_set, NULL); 933 } 934 ntid -= nerr; 935 if (ntid == 0) { 936 perror_msg("%s", "attach: ptrace(PTRACE_ATTACH, ...)"); 937 droptcb(tcp); 938 continue; 939 } 940 if (!qflag) { 941 fprintf(stderr, ntid > 1 942? "Process %u attached with %u threads\n" 943: "Process %u attached\n", 944 tcp->pid, ntid); 945 } 946 if (!(tcp->flags & TCB_ATTACHED)) { 947 /* -p PID, we failed to attach to PID itself 948 * but did attach to some of its sibling threads. 949 * Drop PID's tcp. 950 */ 951 droptcb(tcp); 952 } 953 continue; 954 } /* if (opendir worked) */ 955 } /* if (-f) */ 956 if (ptrace_attach_or_seize(tcp->pid) < 0) { 957 perror_msg("%s", "attach: ptrace(PTRACE_ATTACH, ...)"); 958 droptcb(tcp); 959 continue; 960 } 961 tcp->flags |= TCB_ATTACHED | TCB_STARTUP | post_attach_sigstop; 962 newoutf(tcp); 963 if (debug_flag) 964 fprintf(stderr, "attach to pid %d (main) succeeded\n", tcp->pid); 965 966 if (daemonized_tracer) { 967 /* 968 * Make parent go away. 969 * Also makes grandparent's wait() unblock. 970 */ 971 kill(getppid(), SIGKILL); 972 } 973 974 if (!qflag) 975 fprintf(stderr, 976 "Process %u attached\n", 977 tcp->pid); 978 } /* for each tcbtab[] */ 979 980 ret: 981 if (interactive) 982 sigprocmask(SIG_SETMASK, &empty_set, NULL); 983} 984 985static void 986startup_child(char **argv) 987{ 988 struct stat statbuf; 989 const char *filename; 990 char pathname[MAXPATHLEN]; 991 int pid = 0; 992 struct tcb *tcp; 993 994 filename = argv[0]; 995 if (strchr(filename, '/')) { 996 if (strlen(filename) > sizeof pathname - 1) { 997 errno = ENAMETOOLONG; 998 perror_msg_and_die("exec"); 999 } 1000 strcpy(pathname, filename); 1001 } 1002#ifdef USE_DEBUGGING_EXEC 1003 /* 1004 * Debuggers customarily check the current directory 1005 * first regardless of the path but doing that gives 1006 * security geeks a panic attack. 1007 */ 1008 else if (stat(filename, &statbuf) == 0) 1009 strcpy(pathname, filename); 1010#endif /* USE_DEBUGGING_EXEC */ 1011 else { 1012 const char *path; 1013 int m, n, len; 1014 1015 for (path = getenv("PATH"); path && *path; path += m) { 1016 const char *colon = strchr(path, ':'); 1017 if (colon) { 1018 n = colon - path; 1019 m = n + 1; 1020 } 1021 else 1022 m = n = strlen(path); 1023 if (n == 0) { 1024 if (!getcwd(pathname, MAXPATHLEN)) 1025 continue; 1026 len = strlen(pathname); 1027 } 1028 else if (n > sizeof pathname - 1) 1029 continue; 1030 else { 1031 strncpy(pathname, path, n); 1032 len = n; 1033 } 1034 if (len && pathname[len - 1] != '/') 1035 pathname[len++] = '/'; 1036 strcpy(pathname + len, filename); 1037 if (stat(pathname, &statbuf) == 0 && 1038 /* Accept only regular files 1039 with some execute bits set. 1040 XXX not perfect, might still fail */ 1041 S_ISREG(statbuf.st_mode) && 1042 (statbuf.st_mode & 0111)) 1043 break; 1044 } 1045 } 1046 if (stat(pathname, &statbuf) < 0) { 1047 perror_msg_and_die("Can't stat '%s'", filename); 1048 } 1049 strace_child = pid = fork(); 1050 if (pid < 0) { 1051 perror_msg_and_die("fork"); 1052 } 1053 if ((pid != 0 && daemonized_tracer) /* -D: parent to become a traced process */ 1054 || (pid == 0 && !daemonized_tracer) /* not -D: child to become a traced process */ 1055 ) { 1056 pid = getpid(); 1057 if (shared_log != stderr) 1058 close(fileno(shared_log)); 1059 if (!daemonized_tracer && !use_seize) { 1060 if (ptrace(PTRACE_TRACEME, 0L, 0L, 0L) < 0) { 1061 perror_msg_and_die("ptrace(PTRACE_TRACEME, ...)"); 1062 } 1063 } 1064 1065 if (username != NULL) { 1066 uid_t run_euid = run_uid; 1067 gid_t run_egid = run_gid; 1068 1069 if (statbuf.st_mode & S_ISUID) 1070 run_euid = statbuf.st_uid; 1071 if (statbuf.st_mode & S_ISGID) 1072 run_egid = statbuf.st_gid; 1073 /* 1074 * It is important to set groups before we 1075 * lose privileges on setuid. 1076 */ 1077 if (initgroups(username, run_gid) < 0) { 1078 perror_msg_and_die("initgroups"); 1079 } 1080 if (setregid(run_gid, run_egid) < 0) { 1081 perror_msg_and_die("setregid"); 1082 } 1083 if (setreuid(run_uid, run_euid) < 0) { 1084 perror_msg_and_die("setreuid"); 1085 } 1086 } 1087 else if (geteuid() != 0) 1088 if (setreuid(run_uid, run_uid) < 0) { 1089 perror_msg_and_die("setreuid"); 1090 } 1091 1092 if (!daemonized_tracer) { 1093 /* 1094 * Induce a ptrace stop. Tracer (our parent) 1095 * will resume us with PTRACE_SYSCALL and display 1096 * the immediately following execve syscall. 1097 * Can't do this on NOMMU systems, we are after 1098 * vfork: parent is blocked, stopping would deadlock. 1099 */ 1100 if (!strace_vforked) 1101 kill(pid, SIGSTOP); 1102 } else { 1103 alarm(3); 1104 /* we depend on SIGCHLD set to SIG_DFL by init code */ 1105 /* if it happens to be SIG_IGN'ed, wait won't block */ 1106 wait(NULL); 1107 alarm(0); 1108 } 1109 1110 execv(pathname, argv); 1111 perror_msg_and_die("exec"); 1112 } 1113 1114 /* We are the tracer */ 1115 1116 if (!daemonized_tracer) { 1117 if (!use_seize) { 1118 /* child did PTRACE_TRACEME, nothing to do in parent */ 1119 } else { 1120 if (!strace_vforked) { 1121 /* Wait until child stopped itself */ 1122 int status; 1123 while (waitpid(pid, &status, WSTOPPED) < 0) { 1124 if (errno == EINTR) 1125 continue; 1126 perror_msg_and_die("waitpid"); 1127 } 1128 if (!WIFSTOPPED(status) || WSTOPSIG(status) != SIGSTOP) { 1129 kill_save_errno(pid, SIGKILL); 1130 perror_msg_and_die("Unexpected wait status %x", status); 1131 } 1132 } 1133 /* Else: vforked case, we have no way to sync. 1134 * Just attach to it as soon as possible. 1135 * This means that we may miss a few first syscalls... 1136 */ 1137 1138 if (ptrace_attach_or_seize(pid)) { 1139 kill_save_errno(pid, SIGKILL); 1140 perror_msg_and_die("Can't attach to %d", pid); 1141 } 1142 if (!strace_vforked) 1143 kill(pid, SIGCONT); 1144 } 1145 tcp = alloctcb(pid); 1146 if (!strace_vforked) 1147 tcp->flags |= TCB_ATTACHED | TCB_STRACE_CHILD | TCB_STARTUP | post_attach_sigstop; 1148 else 1149 tcp->flags |= TCB_ATTACHED | TCB_STRACE_CHILD | TCB_STARTUP; 1150 newoutf(tcp); 1151 } 1152 else { 1153 /* With -D, *we* are child here, IOW: different pid. Fetch it: */ 1154 strace_tracer_pid = getpid(); 1155 /* The tracee is our parent: */ 1156 pid = getppid(); 1157 alloctcb(pid); 1158 /* attaching will be done later, by startup_attach */ 1159 /* note: we don't do newoutf(tcp) here either! */ 1160 } 1161} 1162 1163/* 1164 * Test whether the kernel support PTRACE_O_TRACECLONE et al options. 1165 * First fork a new child, call ptrace with PTRACE_SETOPTIONS on it, 1166 * and then see which options are supported by the kernel. 1167 */ 1168static void 1169test_ptrace_setoptions_followfork(void) 1170{ 1171 int pid, expected_grandchild = 0, found_grandchild = 0; 1172 const unsigned int test_options = PTRACE_O_TRACECLONE | 1173 PTRACE_O_TRACEFORK | 1174 PTRACE_O_TRACEVFORK; 1175 1176 pid = fork(); 1177 if (pid < 0) 1178 perror_msg_and_die("fork"); 1179 if (pid == 0) { 1180 pid = getpid(); 1181 if (ptrace(PTRACE_TRACEME, 0L, 0L, 0L) < 0) 1182 perror_msg_and_die("%s: PTRACE_TRACEME doesn't work", 1183 __func__); 1184 kill_save_errno(pid, SIGSTOP); 1185 if (fork() < 0) 1186 perror_msg_and_die("fork"); 1187 _exit(0); 1188 } 1189 1190 while (1) { 1191 int status, tracee_pid; 1192 1193 errno = 0; 1194 tracee_pid = wait(&status); 1195 if (tracee_pid <= 0) { 1196 if (errno == EINTR) 1197 continue; 1198 if (errno == ECHILD) 1199 break; 1200 kill_save_errno(pid, SIGKILL); 1201 perror_msg_and_die("%s: unexpected wait result %d", 1202 __func__, tracee_pid); 1203 } 1204 if (WIFEXITED(status)) { 1205 if (WEXITSTATUS(status)) { 1206 if (tracee_pid != pid) 1207 kill_save_errno(pid, SIGKILL); 1208 error_msg_and_die("%s: unexpected exit status %u", 1209 __func__, WEXITSTATUS(status)); 1210 } 1211 continue; 1212 } 1213 if (WIFSIGNALED(status)) { 1214 if (tracee_pid != pid) 1215 kill_save_errno(pid, SIGKILL); 1216 error_msg_and_die("%s: unexpected signal %u", 1217 __func__, WTERMSIG(status)); 1218 } 1219 if (!WIFSTOPPED(status)) { 1220 if (tracee_pid != pid) 1221 kill_save_errno(tracee_pid, SIGKILL); 1222 kill_save_errno(pid, SIGKILL); 1223 error_msg_and_die("%s: unexpected wait status %x", 1224 __func__, status); 1225 } 1226 if (tracee_pid != pid) { 1227 found_grandchild = tracee_pid; 1228 if (ptrace(PTRACE_CONT, tracee_pid, 0, 0) < 0) { 1229 kill_save_errno(tracee_pid, SIGKILL); 1230 kill_save_errno(pid, SIGKILL); 1231 perror_msg_and_die("PTRACE_CONT doesn't work"); 1232 } 1233 continue; 1234 } 1235 switch (WSTOPSIG(status)) { 1236 case SIGSTOP: 1237 if (ptrace(PTRACE_SETOPTIONS, pid, 0, test_options) < 0 1238 && errno != EINVAL && errno != EIO) 1239 perror_msg("PTRACE_SETOPTIONS"); 1240 break; 1241 case SIGTRAP: 1242 if (status >> 16 == PTRACE_EVENT_FORK) { 1243 long msg = 0; 1244 1245 if (ptrace(PTRACE_GETEVENTMSG, pid, 1246 NULL, (long) &msg) == 0) 1247 expected_grandchild = msg; 1248 } 1249 break; 1250 } 1251 if (ptrace(PTRACE_SYSCALL, pid, 0, 0) < 0) { 1252 kill_save_errno(pid, SIGKILL); 1253 perror_msg_and_die("PTRACE_SYSCALL doesn't work"); 1254 } 1255 } 1256 if (expected_grandchild && expected_grandchild == found_grandchild) { 1257 ptrace_setoptions |= test_options; 1258 if (debug_flag) 1259 fprintf(stderr, "ptrace_setoptions = %#x\n", 1260 ptrace_setoptions); 1261 return; 1262 } 1263 error_msg("Test for PTRACE_O_TRACECLONE failed, " 1264 "giving up using this feature."); 1265} 1266 1267/* 1268 * Test whether the kernel support PTRACE_O_TRACESYSGOOD. 1269 * First fork a new child, call ptrace(PTRACE_SETOPTIONS) on it, 1270 * and then see whether it will stop with (SIGTRAP | 0x80). 1271 * 1272 * Use of this option enables correct handling of user-generated SIGTRAPs, 1273 * and SIGTRAPs generated by special instructions such as int3 on x86: 1274 * _start: .globl _start 1275 * int3 1276 * movl $42, %ebx 1277 * movl $1, %eax 1278 * int $0x80 1279 * (compile with: "gcc -nostartfiles -nostdlib -o int3 int3.S") 1280 */ 1281static void 1282test_ptrace_setoptions_for_all(void) 1283{ 1284 const unsigned int test_options = PTRACE_O_TRACESYSGOOD | 1285 PTRACE_O_TRACEEXEC; 1286 int pid; 1287 int it_worked = 0; 1288 1289 /* this fork test doesn't work on no-mmu systems */ 1290 if (strace_vforked) 1291 return; 1292 1293 pid = fork(); 1294 if (pid < 0) 1295 perror_msg_and_die("fork"); 1296 1297 if (pid == 0) { 1298 pid = getpid(); 1299 if (ptrace(PTRACE_TRACEME, 0L, 0L, 0L) < 0) 1300 /* Note: exits with exitcode 1 */ 1301 perror_msg_and_die("%s: PTRACE_TRACEME doesn't work", 1302 __func__); 1303 kill(pid, SIGSTOP); 1304 _exit(0); /* parent should see entry into this syscall */ 1305 } 1306 1307 while (1) { 1308 int status, tracee_pid; 1309 1310 errno = 0; 1311 tracee_pid = wait(&status); 1312 if (tracee_pid <= 0) { 1313 if (errno == EINTR) 1314 continue; 1315 kill_save_errno(pid, SIGKILL); 1316 perror_msg_and_die("%s: unexpected wait result %d", 1317 __func__, tracee_pid); 1318 } 1319 if (WIFEXITED(status)) { 1320 if (WEXITSTATUS(status) == 0) 1321 break; 1322 error_msg_and_die("%s: unexpected exit status %u", 1323 __func__, WEXITSTATUS(status)); 1324 } 1325 if (WIFSIGNALED(status)) { 1326 error_msg_and_die("%s: unexpected signal %u", 1327 __func__, WTERMSIG(status)); 1328 } 1329 if (!WIFSTOPPED(status)) { 1330 kill(pid, SIGKILL); 1331 error_msg_and_die("%s: unexpected wait status %x", 1332 __func__, status); 1333 } 1334 if (WSTOPSIG(status) == SIGSTOP) { 1335 /* 1336 * We don't check "options aren't accepted" error. 1337 * If it happens, we'll never get (SIGTRAP | 0x80), 1338 * and thus will decide to not use the option. 1339 * IOW: the outcome of the test will be correct. 1340 */ 1341 if (ptrace(PTRACE_SETOPTIONS, pid, 0L, test_options) < 0 1342 && errno != EINVAL && errno != EIO) 1343 perror_msg("PTRACE_SETOPTIONS"); 1344 } 1345 if (WSTOPSIG(status) == (SIGTRAP | 0x80)) { 1346 it_worked = 1; 1347 } 1348 if (ptrace(PTRACE_SYSCALL, pid, 0L, 0L) < 0) { 1349 kill_save_errno(pid, SIGKILL); 1350 perror_msg_and_die("PTRACE_SYSCALL doesn't work"); 1351 } 1352 } 1353 1354 if (it_worked) { 1355 syscall_trap_sig = (SIGTRAP | 0x80); 1356 ptrace_setoptions |= test_options; 1357 if (debug_flag) 1358 fprintf(stderr, "ptrace_setoptions = %#x\n", 1359 ptrace_setoptions); 1360 return; 1361 } 1362 1363 error_msg("Test for PTRACE_O_TRACESYSGOOD failed, " 1364 "giving up using this feature."); 1365} 1366 1367#ifdef USE_SEIZE 1368static void 1369test_ptrace_seize(void) 1370{ 1371 int pid; 1372 1373 pid = fork(); 1374 if (pid < 0) 1375 perror_msg_and_die("fork"); 1376 1377 if (pid == 0) { 1378 pause(); 1379 _exit(0); 1380 } 1381 1382 /* PTRACE_SEIZE, unlike ATTACH, doesn't force tracee to trap. After 1383 * attaching tracee continues to run unless a trap condition occurs. 1384 * PTRACE_SEIZE doesn't affect signal or group stop state. 1385 */ 1386 if (ptrace(PTRACE_SEIZE, pid, 0, 0) == 0) { 1387 post_attach_sigstop = 0; /* this sets use_seize to 1 */ 1388 } else if (debug_flag) { 1389 fprintf(stderr, "PTRACE_SEIZE doesn't work\n"); 1390 } 1391 1392 kill(pid, SIGKILL); 1393 1394 while (1) { 1395 int status, tracee_pid; 1396 1397 errno = 0; 1398 tracee_pid = waitpid(pid, &status, 0); 1399 if (tracee_pid <= 0) { 1400 if (errno == EINTR) 1401 continue; 1402 perror_msg_and_die("%s: unexpected wait result %d", 1403 __func__, tracee_pid); 1404 } 1405 if (WIFSIGNALED(status)) { 1406 return; 1407 } 1408 error_msg_and_die("%s: unexpected wait status %x", 1409 __func__, status); 1410 } 1411} 1412#else /* !USE_SEIZE */ 1413# define test_ptrace_seize() ((void)0) 1414#endif 1415 1416static unsigned 1417get_os_release(void) 1418{ 1419 unsigned rel; 1420 const char *p; 1421 struct utsname u; 1422 if (uname(&u) < 0) 1423 perror_msg_and_die("uname"); 1424 /* u.release has this form: "3.2.9[-some-garbage]" */ 1425 rel = 0; 1426 p = u.release; 1427 for (;;) { 1428 if (!(*p >= '0' && *p <= '9')) 1429 error_msg_and_die("Bad OS release string: '%s'", u.release); 1430 /* Note: this open-codes KERNEL_VERSION(): */ 1431 rel = (rel << 8) | atoi(p); 1432 if (rel >= KERNEL_VERSION(1,0,0)) 1433 break; 1434 while (*p >= '0' && *p <= '9') 1435 p++; 1436 if (*p != '.') { 1437 if (rel >= KERNEL_VERSION(0,1,0)) { 1438 /* "X.Y-something" means "X.Y.0" */ 1439 rel <<= 8; 1440 break; 1441 } 1442 error_msg_and_die("Bad OS release string: '%s'", u.release); 1443 } 1444 p++; 1445 } 1446 return rel; 1447} 1448 1449/* 1450 * Initialization part of main() was eating much stack (~0.5k), 1451 * which was unused after init. 1452 * We can reuse it if we move init code into a separate function. 1453 * 1454 * Don't want main() to inline us and defeat the reason 1455 * we have a separate function. 1456 */ 1457static void __attribute__ ((noinline)) 1458init(int argc, char *argv[]) 1459{ 1460 struct tcb *tcp; 1461 int c, i; 1462 int optF = 0; 1463 struct sigaction sa; 1464 1465 progname = argv[0] ? argv[0] : "strace"; 1466 1467 /* Make sure SIGCHLD has the default action so that waitpid 1468 definitely works without losing track of children. The user 1469 should not have given us a bogus state to inherit, but he might 1470 have. Arguably we should detect SIG_IGN here and pass it on 1471 to children, but probably noone really needs that. */ 1472 signal(SIGCHLD, SIG_DFL); 1473 1474 strace_tracer_pid = getpid(); 1475 1476 os_release = get_os_release(); 1477 1478 /* Allocate the initial tcbtab. */ 1479 tcbtabsize = argc; /* Surely enough for all -p args. */ 1480 tcbtab = calloc(tcbtabsize, sizeof(tcbtab[0])); 1481 if (!tcbtab) 1482 die_out_of_memory(); 1483 tcp = calloc(tcbtabsize, sizeof(*tcp)); 1484 if (!tcp) 1485 die_out_of_memory(); 1486 for (c = 0; c < tcbtabsize; c++) 1487 tcbtab[c] = tcp++; 1488 1489 shared_log = stderr; 1490 set_sortby(DEFAULT_SORTBY); 1491 set_personality(DEFAULT_PERSONALITY); 1492 qualify("trace=all"); 1493 qualify("abbrev=all"); 1494 qualify("verbose=all"); 1495 qualify("signal=all"); 1496 while ((c = getopt(argc, argv, 1497 "+bcCdfFhiqrtTvVxyz" 1498 "D" 1499 "a:e:o:O:p:s:S:u:E:P:I:")) != EOF) { 1500 switch (c) { 1501 case 'b': 1502 detach_on_execve = 1; 1503 break; 1504 case 'c': 1505 if (cflag == CFLAG_BOTH) { 1506 error_msg_and_die("-c and -C are mutually exclusive"); 1507 } 1508 cflag = CFLAG_ONLY_STATS; 1509 break; 1510 case 'C': 1511 if (cflag == CFLAG_ONLY_STATS) { 1512 error_msg_and_die("-c and -C are mutually exclusive"); 1513 } 1514 cflag = CFLAG_BOTH; 1515 break; 1516 case 'd': 1517 debug_flag = 1; 1518 break; 1519 case 'D': 1520 daemonized_tracer = 1; 1521 break; 1522 case 'F': 1523 optF = 1; 1524 break; 1525 case 'f': 1526 followfork++; 1527 break; 1528 case 'h': 1529 usage(stdout, 0); 1530 break; 1531 case 'i': 1532 iflag = 1; 1533 break; 1534 case 'q': 1535 qflag = 1; 1536 break; 1537 case 'r': 1538 rflag = 1; 1539 /* fall through to tflag++ */ 1540 case 't': 1541 tflag++; 1542 break; 1543 case 'T': 1544 Tflag = 1; 1545 break; 1546 case 'x': 1547 xflag++; 1548 break; 1549 case 'y': 1550 show_fd_path = 1; 1551 break; 1552 case 'v': 1553 qualify("abbrev=none"); 1554 break; 1555 case 'V': 1556 printf("%s -- version %s\n", PACKAGE_NAME, VERSION); 1557 exit(0); 1558 break; 1559 case 'z': 1560 not_failing_only = 1; 1561 break; 1562 case 'a': 1563 acolumn = string_to_uint(optarg); 1564 if (acolumn < 0) 1565 error_opt_arg(c, optarg); 1566 break; 1567 case 'e': 1568 qualify(optarg); 1569 break; 1570 case 'o': 1571 outfname = strdup(optarg); 1572 break; 1573 case 'O': 1574 i = string_to_uint(optarg); 1575 if (i < 0) 1576 error_opt_arg(c, optarg); 1577 set_overhead(i); 1578 break; 1579 case 'p': 1580 process_opt_p_list(optarg); 1581 break; 1582 case 'P': 1583 tracing_paths = 1; 1584 if (pathtrace_select(optarg)) { 1585 error_msg_and_die("Failed to select path '%s'", optarg); 1586 } 1587 break; 1588 case 's': 1589 i = string_to_uint(optarg); 1590 if (i < 0) 1591 error_opt_arg(c, optarg); 1592 max_strlen = i; 1593 break; 1594 case 'S': 1595 set_sortby(optarg); 1596 break; 1597 case 'u': 1598 username = strdup(optarg); 1599 break; 1600 case 'E': 1601 if (putenv(optarg) < 0) 1602 die_out_of_memory(); 1603 break; 1604 case 'I': 1605 opt_intr = string_to_uint(optarg); 1606 if (opt_intr <= 0 || opt_intr >= NUM_INTR_OPTS) 1607 error_opt_arg(c, optarg); 1608 break; 1609 default: 1610 usage(stderr, 1); 1611 break; 1612 } 1613 } 1614 argv += optind; 1615 /* argc -= optind; - no need, argc is not used below */ 1616 1617 acolumn_spaces = malloc(acolumn + 1); 1618 if (!acolumn_spaces) 1619 die_out_of_memory(); 1620 memset(acolumn_spaces, ' ', acolumn); 1621 acolumn_spaces[acolumn] = '\0'; 1622 1623 /* Must have PROG [ARGS], or -p PID. Not both. */ 1624 if (!argv[0] == !nprocs) 1625 usage(stderr, 1); 1626 1627 if (nprocs != 0 && daemonized_tracer) { 1628 error_msg_and_die("-D and -p are mutually exclusive"); 1629 } 1630 1631 if (!followfork) 1632 followfork = optF; 1633 1634 if (followfork >= 2 && cflag) { 1635 error_msg_and_die("(-c or -C) and -ff are mutually exclusive"); 1636 } 1637 1638 /* See if they want to run as another user. */ 1639 if (username != NULL) { 1640 struct passwd *pent; 1641 1642 if (getuid() != 0 || geteuid() != 0) { 1643 error_msg_and_die("You must be root to use the -u option"); 1644 } 1645 pent = getpwnam(username); 1646 if (pent == NULL) { 1647 error_msg_and_die("Cannot find user '%s'", username); 1648 } 1649 run_uid = pent->pw_uid; 1650 run_gid = pent->pw_gid; 1651 } 1652 else { 1653 run_uid = getuid(); 1654 run_gid = getgid(); 1655 } 1656 1657 if (followfork) 1658 test_ptrace_setoptions_followfork(); 1659 test_ptrace_setoptions_for_all(); 1660 test_ptrace_seize(); 1661 1662 /* Check if they want to redirect the output. */ 1663 if (outfname) { 1664 /* See if they want to pipe the output. */ 1665 if (outfname[0] == '|' || outfname[0] == '!') { 1666 /* 1667 * We can't do the <outfname>.PID funny business 1668 * when using popen, so prohibit it. 1669 */ 1670 if (followfork >= 2) 1671 error_msg_and_die("Piping the output and -ff are mutually exclusive"); 1672 shared_log = strace_popen(outfname + 1); 1673 } 1674 else if (followfork < 2) 1675 shared_log = strace_fopen(outfname); 1676 } else { 1677 /* -ff without -o FILE is the same as single -f */ 1678 if (followfork >= 2) 1679 followfork = 1; 1680 } 1681 1682 if (!outfname || outfname[0] == '|' || outfname[0] == '!') { 1683 char *buf = malloc(BUFSIZ); 1684 if (!buf) 1685 die_out_of_memory(); 1686 setvbuf(shared_log, buf, _IOLBF, BUFSIZ); 1687 } 1688 if (outfname && argv[0]) { 1689 if (!opt_intr) 1690 opt_intr = INTR_NEVER; 1691 qflag = 1; 1692 } 1693 if (!opt_intr) 1694 opt_intr = INTR_WHILE_WAIT; 1695 1696 /* argv[0] -pPID -oFILE Default interactive setting 1697 * yes 0 0 INTR_WHILE_WAIT 1698 * no 1 0 INTR_WHILE_WAIT 1699 * yes 0 1 INTR_NEVER 1700 * no 1 1 INTR_WHILE_WAIT 1701 */ 1702 1703 /* STARTUP_CHILD must be called before the signal handlers get 1704 installed below as they are inherited into the spawned process. 1705 Also we do not need to be protected by them as during interruption 1706 in the STARTUP_CHILD mode we kill the spawned process anyway. */ 1707 if (argv[0]) { 1708 skip_startup_execve = 1; 1709 startup_child(argv); 1710 } 1711 1712 sigemptyset(&empty_set); 1713 sigemptyset(&blocked_set); 1714 sa.sa_handler = SIG_IGN; 1715 sigemptyset(&sa.sa_mask); 1716 sa.sa_flags = 0; 1717 sigaction(SIGTTOU, &sa, NULL); /* SIG_IGN */ 1718 sigaction(SIGTTIN, &sa, NULL); /* SIG_IGN */ 1719 if (opt_intr != INTR_ANYWHERE) { 1720 if (opt_intr == INTR_BLOCK_TSTP_TOO) 1721 sigaction(SIGTSTP, &sa, NULL); /* SIG_IGN */ 1722 /* 1723 * In interactive mode (if no -o OUTFILE, or -p PID is used), 1724 * fatal signals are blocked while syscall stop is processed, 1725 * and acted on in between, when waiting for new syscall stops. 1726 * In non-interactive mode, signals are ignored. 1727 */ 1728 if (opt_intr == INTR_WHILE_WAIT) { 1729 sigaddset(&blocked_set, SIGHUP); 1730 sigaddset(&blocked_set, SIGINT); 1731 sigaddset(&blocked_set, SIGQUIT); 1732 sigaddset(&blocked_set, SIGPIPE); 1733 sigaddset(&blocked_set, SIGTERM); 1734 sa.sa_handler = interrupt; 1735 } 1736 /* SIG_IGN, or set handler for these */ 1737 sigaction(SIGHUP, &sa, NULL); 1738 sigaction(SIGINT, &sa, NULL); 1739 sigaction(SIGQUIT, &sa, NULL); 1740 sigaction(SIGPIPE, &sa, NULL); 1741 sigaction(SIGTERM, &sa, NULL); 1742 } 1743 if (nprocs != 0 || daemonized_tracer) 1744 startup_attach(); 1745 1746 /* Do we want pids printed in our -o OUTFILE? 1747 * -ff: no (every pid has its own file); or 1748 * -f: yes (there can be more pids in the future); or 1749 * -p PID1,PID2: yes (there are already more than one pid) 1750 */ 1751 print_pid_pfx = (outfname && followfork < 2 && (followfork == 1 || nprocs > 1)); 1752} 1753 1754static struct tcb * 1755pid2tcb(int pid) 1756{ 1757 int i; 1758 1759 if (pid <= 0) 1760 return NULL; 1761 1762 for (i = 0; i < tcbtabsize; i++) { 1763 struct tcb *tcp = tcbtab[i]; 1764 if (tcp->pid == pid && (tcp->flags & TCB_INUSE)) 1765 return tcp; 1766 } 1767 1768 return NULL; 1769} 1770 1771static void 1772cleanup(void) 1773{ 1774 int i; 1775 struct tcb *tcp; 1776 int fatal_sig; 1777 1778 /* 'interrupted' is a volatile object, fetch it only once */ 1779 fatal_sig = interrupted; 1780 if (!fatal_sig) 1781 fatal_sig = SIGTERM; 1782 1783 for (i = 0; i < tcbtabsize; i++) { 1784 tcp = tcbtab[i]; 1785 if (!(tcp->flags & TCB_INUSE)) 1786 continue; 1787 if (debug_flag) 1788 fprintf(stderr, 1789 "cleanup: looking at pid %u\n", tcp->pid); 1790 if (tcp->flags & TCB_STRACE_CHILD) { 1791 kill(tcp->pid, SIGCONT); 1792 kill(tcp->pid, fatal_sig); 1793 } 1794 detach(tcp); 1795 } 1796 if (cflag) 1797 call_summary(shared_log); 1798} 1799 1800static void 1801interrupt(int sig) 1802{ 1803 interrupted = sig; 1804} 1805 1806static int 1807trace(void) 1808{ 1809 struct rusage ru; 1810 struct rusage *rup = cflag ? &ru : NULL; 1811#ifdef __WALL 1812 static int wait4_options = __WALL; 1813#endif 1814 1815 while (nprocs != 0) { 1816 int pid; 1817 int wait_errno; 1818 int status, sig; 1819 int stopped; 1820 struct tcb *tcp; 1821 unsigned event; 1822 1823 if (interrupted) 1824 return 0; 1825 if (interactive) 1826 sigprocmask(SIG_SETMASK, &empty_set, NULL); 1827#ifdef __WALL 1828 pid = wait4(-1, &status, wait4_options, rup); 1829 if (pid < 0 && (wait4_options & __WALL) && errno == EINVAL) { 1830 /* this kernel does not support __WALL */ 1831 wait4_options &= ~__WALL; 1832 pid = wait4(-1, &status, wait4_options, rup); 1833 } 1834 if (pid < 0 && !(wait4_options & __WALL) && errno == ECHILD) { 1835 /* most likely a "cloned" process */ 1836 pid = wait4(-1, &status, __WCLONE, rup); 1837 if (pid < 0) { 1838 perror_msg("wait4(__WCLONE) failed"); 1839 } 1840 } 1841#else 1842 pid = wait4(-1, &status, 0, rup); 1843#endif /* __WALL */ 1844 wait_errno = errno; 1845 if (interactive) 1846 sigprocmask(SIG_BLOCK, &blocked_set, NULL); 1847 1848 if (pid < 0) { 1849 switch (wait_errno) { 1850 case EINTR: 1851 continue; 1852 case ECHILD: 1853 /* 1854 * We would like to verify this case 1855 * but sometimes a race in Solbourne's 1856 * version of SunOS sometimes reports 1857 * ECHILD before sending us SIGCHILD. 1858 */ 1859 return 0; 1860 default: 1861 errno = wait_errno; 1862 perror_msg("wait"); 1863 return -1; 1864 } 1865 } 1866 if (pid == popen_pid) { 1867 if (WIFEXITED(status) || WIFSIGNALED(status)) 1868 popen_pid = 0; 1869 continue; 1870 } 1871 1872 event = ((unsigned)status >> 16); 1873 if (debug_flag) { 1874 char buf[sizeof("WIFEXITED,exitcode=%u") + sizeof(int)*3 /*paranoia:*/ + 16]; 1875 char evbuf[sizeof(",PTRACE_EVENT_?? (%u)") + sizeof(int)*3 /*paranoia:*/ + 16]; 1876 strcpy(buf, "???"); 1877 if (WIFSIGNALED(status)) 1878#ifdef WCOREDUMP 1879 sprintf(buf, "WIFSIGNALED,%ssig=%s", 1880 WCOREDUMP(status) ? "core," : "", 1881 signame(WTERMSIG(status))); 1882#else 1883 sprintf(buf, "WIFSIGNALED,sig=%s", 1884 signame(WTERMSIG(status))); 1885#endif 1886 if (WIFEXITED(status)) 1887 sprintf(buf, "WIFEXITED,exitcode=%u", WEXITSTATUS(status)); 1888 if (WIFSTOPPED(status)) 1889 sprintf(buf, "WIFSTOPPED,sig=%s", signame(WSTOPSIG(status))); 1890#ifdef WIFCONTINUED 1891 if (WIFCONTINUED(status)) 1892 strcpy(buf, "WIFCONTINUED"); 1893#endif 1894 evbuf[0] = '\0'; 1895 if (event != 0) { 1896 static const char *const event_names[] = { 1897 [PTRACE_EVENT_CLONE] = "CLONE", 1898 [PTRACE_EVENT_FORK] = "FORK", 1899 [PTRACE_EVENT_VFORK] = "VFORK", 1900 [PTRACE_EVENT_VFORK_DONE] = "VFORK_DONE", 1901 [PTRACE_EVENT_EXEC] = "EXEC", 1902 [PTRACE_EVENT_EXIT] = "EXIT", 1903 }; 1904 const char *e; 1905 if (event < ARRAY_SIZE(event_names)) 1906 e = event_names[event]; 1907 else { 1908 sprintf(buf, "?? (%u)", event); 1909 e = buf; 1910 } 1911 sprintf(evbuf, ",PTRACE_EVENT_%s", e); 1912 } 1913 fprintf(stderr, " [wait(0x%04x) = %u] %s%s\n", status, pid, buf, evbuf); 1914 } 1915 1916 /* Look up 'pid' in our table. */ 1917 tcp = pid2tcb(pid); 1918 1919 if (!tcp) { 1920 if (followfork) { 1921 tcp = alloctcb(pid); 1922 tcp->flags |= TCB_ATTACHED | TCB_STARTUP | post_attach_sigstop; 1923 newoutf(tcp); 1924 if (!qflag) 1925 fprintf(stderr, "Process %d attached\n", 1926 pid); 1927 } else { 1928 /* This can happen if a clone call used 1929 CLONE_PTRACE itself. */ 1930 if (WIFSTOPPED(status)) 1931 ptrace(PTRACE_CONT, pid, (char *) 0, 0); 1932 error_msg_and_die("Unknown pid: %u", pid); 1933 } 1934 } 1935 1936 /* Under Linux, execve changes pid to thread leader's pid, 1937 * and we see this changed pid on EVENT_EXEC and later, 1938 * execve sysexit. Leader "disappears" without exit 1939 * notification. Let user know that, drop leader's tcb, 1940 * and fix up pid in execve thread's tcb. 1941 * Effectively, execve thread's tcb replaces leader's tcb. 1942 * 1943 * BTW, leader is 'stuck undead' (doesn't report WIFEXITED 1944 * on exit syscall) in multithreaded programs exactly 1945 * in order to handle this case. 1946 * 1947 * PTRACE_GETEVENTMSG returns old pid starting from Linux 3.0. 1948 * On 2.6 and earlier, it can return garbage. 1949 */ 1950 if (event == PTRACE_EVENT_EXEC && os_release >= KERNEL_VERSION(3,0,0)) { 1951 FILE *fp; 1952 struct tcb *execve_thread; 1953 long old_pid = 0; 1954 1955 if (ptrace(PTRACE_GETEVENTMSG, pid, NULL, (long) &old_pid) < 0) 1956 goto dont_switch_tcbs; 1957 if (old_pid <= 0 || old_pid == pid) 1958 goto dont_switch_tcbs; 1959 execve_thread = pid2tcb(old_pid); 1960 /* It should be !NULL, but I feel paranoid */ 1961 if (!execve_thread) 1962 goto dont_switch_tcbs; 1963 1964 if (execve_thread->curcol != 0) { 1965 /* 1966 * One case we are here is -ff: 1967 * try "strace -oLOG -ff test/threaded_execve" 1968 */ 1969 fprintf(execve_thread->outf, " <pid changed to %d ...>\n", pid); 1970 /*execve_thread->curcol = 0; - no need, see code below */ 1971 } 1972 /* Swap output FILEs (needed for -ff) */ 1973 fp = execve_thread->outf; 1974 execve_thread->outf = tcp->outf; 1975 tcp->outf = fp; 1976 /* And their column positions */ 1977 execve_thread->curcol = tcp->curcol; 1978 tcp->curcol = 0; 1979 /* Drop leader, but close execve'd thread outfile (if -ff) */ 1980 droptcb(tcp); 1981 /* Switch to the thread, reusing leader's outfile and pid */ 1982 tcp = execve_thread; 1983 tcp->pid = pid; 1984 if (cflag != CFLAG_ONLY_STATS) { 1985 printleader(tcp); 1986 tprintf("+++ superseded by execve in pid %lu +++\n", old_pid); 1987 line_ended(); 1988 tcp->flags |= TCB_REPRINT; 1989 } 1990 } 1991 dont_switch_tcbs: 1992 1993 if (event == PTRACE_EVENT_EXEC && detach_on_execve) { 1994 if (!skip_startup_execve) 1995 detach(tcp); 1996 /* This was initial execve for "strace PROG". Skip. */ 1997 skip_startup_execve = 0; 1998 } 1999 2000 /* Set current output file */ 2001 current_tcp = tcp; 2002 2003 if (cflag) { 2004 tv_sub(&tcp->dtime, &ru.ru_stime, &tcp->stime); 2005 tcp->stime = ru.ru_stime; 2006 } 2007 2008 if (WIFSIGNALED(status)) { 2009 if (pid == strace_child) 2010 exit_code = 0x100 | WTERMSIG(status); 2011 if (cflag != CFLAG_ONLY_STATS 2012 && (qual_flags[WTERMSIG(status)] & QUAL_SIGNAL)) { 2013 printleader(tcp); 2014#ifdef WCOREDUMP 2015 tprintf("+++ killed by %s %s+++\n", 2016 signame(WTERMSIG(status)), 2017 WCOREDUMP(status) ? "(core dumped) " : ""); 2018#else 2019 tprintf("+++ killed by %s +++\n", 2020 signame(WTERMSIG(status))); 2021#endif 2022 line_ended(); 2023 } 2024 droptcb(tcp); 2025 continue; 2026 } 2027 if (WIFEXITED(status)) { 2028 if (pid == strace_child) 2029 exit_code = WEXITSTATUS(status); 2030 if (cflag != CFLAG_ONLY_STATS) { 2031 printleader(tcp); 2032 tprintf("+++ exited with %d +++\n", WEXITSTATUS(status)); 2033 line_ended(); 2034 } 2035 droptcb(tcp); 2036 continue; 2037 } 2038 if (!WIFSTOPPED(status)) { 2039 fprintf(stderr, "PANIC: pid %u not stopped\n", pid); 2040 droptcb(tcp); 2041 continue; 2042 } 2043 2044 /* Is this the very first time we see this tracee stopped? */ 2045 if (tcp->flags & TCB_STARTUP) { 2046 if (debug_flag) 2047 fprintf(stderr, "pid %d has TCB_STARTUP, initializing it\n", tcp->pid); 2048 tcp->flags &= ~TCB_STARTUP; 2049 if (tcp->flags & TCB_BPTSET) { 2050 /* 2051 * One example is a breakpoint inherited from 2052 * parent through fork(). 2053 */ 2054 if (clearbpt(tcp) < 0) { 2055 /* Pretty fatal */ 2056 droptcb(tcp); 2057 cleanup(); 2058 return -1; 2059 } 2060 } 2061 if (ptrace_setoptions) { 2062 if (debug_flag) 2063 fprintf(stderr, "setting opts %x on pid %d\n", ptrace_setoptions, tcp->pid); 2064 if (ptrace(PTRACE_SETOPTIONS, tcp->pid, NULL, ptrace_setoptions) < 0) { 2065 if (errno != ESRCH) { 2066 /* Should never happen, really */ 2067 perror_msg_and_die("PTRACE_SETOPTIONS"); 2068 } 2069 } 2070 } 2071 } 2072 2073 sig = WSTOPSIG(status); 2074 2075 if (event != 0) { 2076 /* Ptrace event */ 2077#ifdef USE_SEIZE 2078 if (event == PTRACE_EVENT_STOP) { 2079 /* 2080 * PTRACE_INTERRUPT-stop or group-stop. 2081 * PTRACE_INTERRUPT-stop has sig == SIGTRAP here. 2082 */ 2083 if (sig == SIGSTOP 2084 || sig == SIGTSTP 2085 || sig == SIGTTIN 2086 || sig == SIGTTOU 2087 ) { 2088 stopped = 1; 2089 goto show_stopsig; 2090 } 2091 } 2092#endif 2093 goto restart_tracee_with_sig_0; 2094 } 2095 2096 /* Is this post-attach SIGSTOP? 2097 * Interestingly, the process may stop 2098 * with STOPSIG equal to some other signal 2099 * than SIGSTOP if we happend to attach 2100 * just before the process takes a signal. 2101 */ 2102 if (sig == SIGSTOP && (tcp->flags & TCB_IGNORE_ONE_SIGSTOP)) { 2103 if (debug_flag) 2104 fprintf(stderr, "ignored SIGSTOP on pid %d\n", tcp->pid); 2105 tcp->flags &= ~TCB_IGNORE_ONE_SIGSTOP; 2106 goto restart_tracee_with_sig_0; 2107 } 2108 2109 if (sig != syscall_trap_sig) { 2110 siginfo_t si; 2111 2112 /* Nonzero (true) if tracee is stopped by signal 2113 * (as opposed to "tracee received signal"). 2114 * TODO: shouldn't we check for errno == EINVAL too? 2115 * We can get ESRCH instead, you know... 2116 */ 2117 stopped = (ptrace(PTRACE_GETSIGINFO, pid, 0, (long) &si) < 0); 2118#ifdef USE_SEIZE 2119 show_stopsig: 2120#endif 2121 if (cflag != CFLAG_ONLY_STATS 2122 && (qual_flags[sig] & QUAL_SIGNAL)) { 2123#if defined(PT_CR_IPSR) && defined(PT_CR_IIP) 2124 long pc = 0; 2125 long psr = 0; 2126 2127 upeek(tcp, PT_CR_IPSR, &psr); 2128 upeek(tcp, PT_CR_IIP, &pc); 2129 2130# define PSR_RI 41 2131 pc += (psr >> PSR_RI) & 0x3; 2132# define PC_FORMAT_STR " @ %lx" 2133# define PC_FORMAT_ARG , pc 2134#else 2135# define PC_FORMAT_STR "" 2136# define PC_FORMAT_ARG /* nothing */ 2137#endif 2138 printleader(tcp); 2139 if (!stopped) { 2140 tprintf("--- %s ", signame(sig)); 2141 printsiginfo(&si, verbose(tcp)); 2142 tprintf(PC_FORMAT_STR " ---\n" 2143 PC_FORMAT_ARG); 2144 } else 2145 tprintf("--- stopped by %s" PC_FORMAT_STR " ---\n", 2146 signame(sig) 2147 PC_FORMAT_ARG); 2148 line_ended(); 2149 } 2150 2151 if (!stopped) 2152 /* It's signal-delivery-stop. Inject the signal */ 2153 goto restart_tracee; 2154 2155 /* It's group-stop */ 2156#ifdef USE_SEIZE 2157 if (use_seize) { 2158 /* 2159 * This ends ptrace-stop, but does *not* end group-stop. 2160 * This makes stopping signals work properly on straced process 2161 * (that is, process really stops. It used to continue to run). 2162 */ 2163 if (ptrace_restart(PTRACE_LISTEN, tcp, 0) < 0) { 2164 cleanup(); 2165 return -1; 2166 } 2167 continue; 2168 } 2169 /* We don't have PTRACE_LISTEN support... */ 2170#endif 2171 goto restart_tracee; 2172 } 2173 2174 /* We handled quick cases, we are permitted to interrupt now. */ 2175 if (interrupted) 2176 return 0; 2177 2178 /* This should be syscall entry or exit. 2179 * (Or it still can be that pesky post-execve SIGTRAP!) 2180 * Handle it. 2181 */ 2182 if (trace_syscall(tcp) < 0) { 2183 /* ptrace() failed in trace_syscall(). 2184 * Likely a result of process disappearing mid-flight. 2185 * Observed case: exit_group() or SIGKILL terminating 2186 * all processes in thread group. 2187 * We assume that ptrace error was caused by process death. 2188 * We used to detach(tcp) here, but since we no longer 2189 * implement "detach before death" policy/hack, 2190 * we can let this process to report its death to us 2191 * normally, via WIFEXITED or WIFSIGNALED wait status. 2192 */ 2193 continue; 2194 } 2195 restart_tracee_with_sig_0: 2196 sig = 0; 2197 restart_tracee: 2198 if (ptrace_restart(PTRACE_SYSCALL, tcp, sig) < 0) { 2199 cleanup(); 2200 return -1; 2201 } 2202 } 2203 return 0; 2204} 2205 2206int 2207main(int argc, char *argv[]) 2208{ 2209 init(argc, argv); 2210 2211 /* Run main tracing loop */ 2212 if (trace() < 0) 2213 return 1; 2214 2215 cleanup(); 2216 fflush(NULL); 2217 if (shared_log != stderr) 2218 fclose(shared_log); 2219 if (popen_pid) { 2220 while (waitpid(popen_pid, NULL, 0) < 0 && errno == EINTR) 2221 ; 2222 } 2223 if (exit_code > 0xff) { 2224 /* Avoid potential core file clobbering. */ 2225 struct rlimit rlim = {0, 0}; 2226 setrlimit(RLIMIT_CORE, &rlim); 2227 2228 /* Child was killed by a signal, mimic that. */ 2229 exit_code &= 0xff; 2230 signal(exit_code, SIG_DFL); 2231 raise(exit_code); 2232 /* Paranoia - what if this signal is not fatal? 2233 Exit with 128 + signo then. */ 2234 exit_code += 128; 2235 } 2236 2237 return exit_code; 2238} 2239