strace.c revision b87d30c785679b37a2ec7242881f0d0b819c738d
1/* 2 * Copyright (c) 1991, 1992 Paul Kranenburg <pk@cs.few.eur.nl> 3 * Copyright (c) 1993 Branko Lankester <branko@hacktic.nl> 4 * Copyright (c) 1993, 1994, 1995, 1996 Rick Sladkey <jrs@world.std.com> 5 * Copyright (c) 1996-1999 Wichert Akkerman <wichert@cistron.nl> 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. The name of the author may not be used to endorse or promote products 17 * derived from this software without specific prior written permission. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 20 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 21 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 22 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 23 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 24 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 25 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 26 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 28 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 * 30 * $Id$ 31 */ 32 33#include "defs.h" 34 35#include <sys/types.h> 36#include <signal.h> 37#include <errno.h> 38#include <sys/param.h> 39#include <fcntl.h> 40#include <sys/resource.h> 41#include <sys/wait.h> 42#include <sys/stat.h> 43#include <pwd.h> 44#include <grp.h> 45#include <string.h> 46#include <limits.h> 47#include <dirent.h> 48 49#ifdef LINUX 50# include <asm/unistd.h> 51# if defined __NR_tgkill 52# define my_tgkill(pid, tid, sig) syscall (__NR_tgkill, (pid), (tid), (sig)) 53# elif defined __NR_tkill 54# define my_tgkill(pid, tid, sig) syscall (__NR_tkill, (tid), (sig)) 55# else 56 /* kill() may choose arbitrarily the target task of the process group 57 while we later wait on a that specific TID. PID process waits become 58 TID task specific waits for a process under ptrace(2). */ 59# warning "Neither tkill(2) nor tgkill(2) available, risk of strace hangs!" 60# define my_tgkill(pid, tid, sig) kill ((tid), (sig)) 61# endif 62#endif 63 64#if defined(IA64) && defined(LINUX) 65# include <asm/ptrace_offsets.h> 66#endif 67 68#ifdef USE_PROCFS 69#include <poll.h> 70#endif 71 72#ifdef SVR4 73#include <sys/stropts.h> 74#ifdef HAVE_MP_PROCFS 75#ifdef HAVE_SYS_UIO_H 76#include <sys/uio.h> 77#endif 78#endif 79#endif 80extern char **environ; 81extern int optind; 82extern char *optarg; 83 84 85int debug = 0, followfork = 0; 86int dtime = 0, xflag = 0, qflag = 0; 87cflag_t cflag = CFLAG_NONE; 88static int iflag = 0, interactive = 0, pflag_seen = 0, rflag = 0, tflag = 0; 89/* 90 * daemonized_tracer supports -D option. 91 * With this option, strace forks twice. 92 * Unlike normal case, with -D *grandparent* process exec's, 93 * becoming a traced process. Child exits (this prevents traced process 94 * from having children it doesn't expect to have), and grandchild 95 * attaches to grandparent similarly to strace -p PID. 96 * This allows for more transparent interaction in cases 97 * when process and its parent are communicating via signals, 98 * wait() etc. Without -D, strace process gets lodged in between, 99 * disrupting parent<->child link. 100 */ 101static bool daemonized_tracer = 0; 102 103/* Sometimes we want to print only succeeding syscalls. */ 104int not_failing_only = 0; 105 106static int exit_code = 0; 107static int strace_child = 0; 108 109static char *username = NULL; 110uid_t run_uid; 111gid_t run_gid; 112 113int acolumn = DEFAULT_ACOLUMN; 114int max_strlen = DEFAULT_STRLEN; 115static char *outfname = NULL; 116FILE *outf; 117static int curcol; 118struct tcb **tcbtab; 119unsigned int nprocs, tcbtabsize; 120char *progname; 121extern char **environ; 122 123static int detach(struct tcb *tcp, int sig); 124static int trace(void); 125static void cleanup(void); 126static void interrupt(int sig); 127static sigset_t empty_set, blocked_set; 128 129#ifdef HAVE_SIG_ATOMIC_T 130static volatile sig_atomic_t interrupted; 131#else /* !HAVE_SIG_ATOMIC_T */ 132static volatile int interrupted; 133#endif /* !HAVE_SIG_ATOMIC_T */ 134 135#ifdef USE_PROCFS 136 137static struct tcb *pfd2tcb(int pfd); 138static void reaper(int sig); 139static void rebuild_pollv(void); 140static struct pollfd *pollv; 141 142#ifndef HAVE_POLLABLE_PROCFS 143 144static void proc_poll_open(void); 145static void proc_poller(int pfd); 146 147struct proc_pollfd { 148 int fd; 149 int revents; 150 int pid; 151}; 152 153static int poller_pid; 154static int proc_poll_pipe[2] = { -1, -1 }; 155 156#endif /* !HAVE_POLLABLE_PROCFS */ 157 158#ifdef HAVE_MP_PROCFS 159#define POLLWANT POLLWRNORM 160#else 161#define POLLWANT POLLPRI 162#endif 163#endif /* USE_PROCFS */ 164 165static void 166usage(ofp, exitval) 167FILE *ofp; 168int exitval; 169{ 170 fprintf(ofp, "\ 171usage: strace [-CdDffhiqrtttTvVxx] [-a column] [-e expr] ... [-o file]\n\ 172 [-p pid] ... [-s strsize] [-u username] [-E var=val] ...\n\ 173 [command [arg ...]]\n\ 174 or: strace -c [-D] [-e expr] ... [-O overhead] [-S sortby] [-E var=val] ...\n\ 175 [command [arg ...]]\n\ 176-c -- count time, calls, and errors for each syscall and report summary\n\ 177-C -- like -c but also print regular output while processes are running\n\ 178-f -- follow forks, -ff -- with output into separate files\n\ 179-F -- attempt to follow vforks, -h -- print help message\n\ 180-i -- print instruction pointer at time of syscall\n\ 181-q -- suppress messages about attaching, detaching, etc.\n\ 182-r -- print relative timestamp, -t -- absolute timestamp, -tt -- with usecs\n\ 183-T -- print time spent in each syscall, -V -- print version\n\ 184-v -- verbose mode: print unabbreviated argv, stat, termio[s], etc. args\n\ 185-x -- print non-ascii strings in hex, -xx -- print all strings in hex\n\ 186-a column -- alignment COLUMN for printing syscall results (default %d)\n\ 187-e expr -- a qualifying expression: option=[!]all or option=[!]val1[,val2]...\n\ 188 options: trace, abbrev, verbose, raw, signal, read, or write\n\ 189-o file -- send trace output to FILE instead of stderr\n\ 190-O overhead -- set overhead for tracing syscalls to OVERHEAD usecs\n\ 191-p pid -- trace process with process id PID, may be repeated\n\ 192-D -- run tracer process as a detached grandchild, not as parent\n\ 193-s strsize -- limit length of print strings to STRSIZE chars (default %d)\n\ 194-S sortby -- sort syscall counts by: time, calls, name, nothing (default %s)\n\ 195-u username -- run command as username handling setuid and/or setgid\n\ 196-E var=val -- put var=val in the environment for command\n\ 197-E var -- remove var from the environment for command\n\ 198" /* this is broken, so don't document it 199-z -- print only succeeding syscalls\n\ 200 */ 201, DEFAULT_ACOLUMN, DEFAULT_STRLEN, DEFAULT_SORTBY); 202 exit(exitval); 203} 204 205#ifdef SVR4 206#ifdef MIPS 207void 208foobar() 209{ 210} 211#endif /* MIPS */ 212#endif /* SVR4 */ 213 214/* Glue for systems without a MMU that cannot provide fork() */ 215#ifdef HAVE_FORK 216# define strace_vforked 0 217#else 218# define strace_vforked 1 219# define fork() vfork() 220#endif 221 222static int 223set_cloexec_flag(int fd) 224{ 225 int flags, newflags; 226 227 if ((flags = fcntl(fd, F_GETFD, 0)) < 0) 228 { 229 fprintf(stderr, "%s: fcntl F_GETFD: %s\n", 230 progname, strerror(errno)); 231 return -1; 232 } 233 234 newflags = flags | FD_CLOEXEC; 235 if (flags == newflags) 236 return 0; 237 238 if (fcntl(fd, F_SETFD, newflags) < 0) 239 { 240 fprintf(stderr, "%s: fcntl F_SETFD: %s\n", 241 progname, strerror(errno)); 242 return -1; 243 } 244 245 return 0; 246} 247 248/* 249 * When strace is setuid executable, we have to swap uids 250 * before and after filesystem and process management operations. 251 */ 252static void 253swap_uid(void) 254{ 255#ifndef SVR4 256 int euid = geteuid(), uid = getuid(); 257 258 if (euid != uid && setreuid(euid, uid) < 0) 259 { 260 fprintf(stderr, "%s: setreuid: %s\n", 261 progname, strerror(errno)); 262 exit(1); 263 } 264#endif 265} 266 267#if _LFS64_LARGEFILE 268# define fopen_for_output fopen64 269#else 270# define fopen_for_output fopen 271#endif 272 273static FILE * 274strace_fopen(const char *path, const char *mode) 275{ 276 FILE *fp; 277 278 swap_uid(); 279 if ((fp = fopen_for_output(path, mode)) == NULL) 280 fprintf(stderr, "%s: can't fopen '%s': %s\n", 281 progname, path, strerror(errno)); 282 swap_uid(); 283 if (fp && set_cloexec_flag(fileno(fp)) < 0) 284 { 285 fclose(fp); 286 fp = NULL; 287 } 288 return fp; 289} 290 291static int popen_pid = -1; 292 293#ifndef _PATH_BSHELL 294# define _PATH_BSHELL "/bin/sh" 295#endif 296 297/* 298 * We cannot use standard popen(3) here because we have to distinguish 299 * popen child process from other processes we trace, and standard popen(3) 300 * does not export its child's pid. 301 */ 302static FILE * 303strace_popen(const char *command) 304{ 305 int fds[2]; 306 307 swap_uid(); 308 if (pipe(fds) < 0) 309 { 310 fprintf(stderr, "%s: pipe: %s\n", 311 progname, strerror(errno)); 312 swap_uid(); 313 return NULL; 314 } 315 316 if (set_cloexec_flag(fds[1]) < 0) 317 { 318 close(fds[0]); 319 close(fds[1]); 320 swap_uid(); 321 return NULL; 322 } 323 324 if ((popen_pid = fork()) == -1) 325 { 326 fprintf(stderr, "%s: fork: %s\n", 327 progname, strerror(errno)); 328 close(fds[0]); 329 close(fds[1]); 330 swap_uid(); 331 return NULL; 332 } 333 334 if (popen_pid) 335 { 336 /* parent */ 337 close(fds[0]); 338 swap_uid(); 339 return fdopen(fds[1], "w"); 340 } else 341 { 342 /* child */ 343 close(fds[1]); 344 if (fds[0] && (dup2(fds[0], 0) || close(fds[0]))) 345 { 346 fprintf(stderr, "%s: dup2: %s\n", 347 progname, strerror(errno)); 348 _exit(1); 349 } 350 execl(_PATH_BSHELL, "sh", "-c", command, NULL); 351 fprintf(stderr, "%s: execl: %s: %s\n", 352 progname, _PATH_BSHELL, strerror(errno)); 353 _exit(1); 354 } 355} 356 357static int 358newoutf(struct tcb *tcp) 359{ 360 if (outfname && followfork > 1) { 361 char name[520 + sizeof(int) * 3]; 362 FILE *fp; 363 364 sprintf(name, "%.512s.%u", outfname, tcp->pid); 365 if ((fp = strace_fopen(name, "w")) == NULL) 366 return -1; 367 tcp->outf = fp; 368 } 369 return 0; 370} 371 372static void 373startup_attach(void) 374{ 375 int tcbi; 376 struct tcb *tcp; 377 378 /* 379 * Block user interruptions as we would leave the traced 380 * process stopped (process state T) if we would terminate in 381 * between PTRACE_ATTACH and wait4 () on SIGSTOP. 382 * We rely on cleanup () from this point on. 383 */ 384 if (interactive) 385 sigprocmask(SIG_BLOCK, &blocked_set, NULL); 386 387 if (daemonized_tracer) { 388 pid_t pid = fork(); 389 if (pid < 0) { 390 _exit(1); 391 } 392 if (pid) { /* parent */ 393 /* 394 * Wait for child to attach to straced process 395 * (our parent). Child SIGKILLs us after it attached. 396 * Parent's wait() is unblocked by our death, 397 * it proceeds to exec the straced program. 398 */ 399 pause(); 400 _exit(0); /* paranoia */ 401 } 402 } 403 404 for (tcbi = 0; tcbi < tcbtabsize; tcbi++) { 405 tcp = tcbtab[tcbi]; 406 if (!(tcp->flags & TCB_INUSE) || !(tcp->flags & TCB_ATTACHED)) 407 continue; 408#ifdef LINUX 409 if (tcp->flags & TCB_CLONE_THREAD) 410 continue; 411#endif 412 /* Reinitialize the output since it may have changed. */ 413 tcp->outf = outf; 414 if (newoutf(tcp) < 0) 415 exit(1); 416 417#ifdef USE_PROCFS 418 if (proc_open(tcp, 1) < 0) { 419 fprintf(stderr, "trouble opening proc file\n"); 420 droptcb(tcp); 421 continue; 422 } 423#else /* !USE_PROCFS */ 424# ifdef LINUX 425 if (followfork && !daemonized_tracer) { 426 char procdir[sizeof("/proc/%d/task") + sizeof(int) * 3]; 427 DIR *dir; 428 429 sprintf(procdir, "/proc/%d/task", tcp->pid); 430 dir = opendir(procdir); 431 if (dir != NULL) { 432 unsigned int ntid = 0, nerr = 0; 433 struct dirent *de; 434 int tid; 435 while ((de = readdir(dir)) != NULL) { 436 if (de->d_fileno == 0) 437 continue; 438 tid = atoi(de->d_name); 439 if (tid <= 0) 440 continue; 441 ++ntid; 442 if (ptrace(PTRACE_ATTACH, tid, (char *) 1, 0) < 0) 443 ++nerr; 444 else if (tid != tcbtab[tcbi]->pid) { 445 tcp = alloctcb(tid); 446 tcp->flags |= TCB_ATTACHED|TCB_CLONE_THREAD|TCB_CLONE_DETACHED|TCB_FOLLOWFORK; 447 tcbtab[tcbi]->nchildren++; 448 tcbtab[tcbi]->nclone_threads++; 449 tcbtab[tcbi]->nclone_detached++; 450 tcp->parent = tcbtab[tcbi]; 451 } 452 if (interactive) { 453 sigprocmask(SIG_SETMASK, &empty_set, NULL); 454 if (interrupted) 455 return; 456 sigprocmask(SIG_BLOCK, &blocked_set, NULL); 457 } 458 } 459 closedir(dir); 460 ntid -= nerr; 461 if (ntid == 0) { 462 perror("attach: ptrace(PTRACE_ATTACH, ...)"); 463 droptcb(tcp); 464 continue; 465 } 466 if (!qflag) { 467 fprintf(stderr, ntid > 1 468? "Process %u attached with %u threads - interrupt to quit\n" 469: "Process %u attached - interrupt to quit\n", 470 tcbtab[tcbi]->pid, ntid); 471 } 472 continue; 473 } /* if (opendir worked) */ 474 } /* if (-f) */ 475# endif 476 if (ptrace(PTRACE_ATTACH, tcp->pid, (char *) 1, 0) < 0) { 477 perror("attach: ptrace(PTRACE_ATTACH, ...)"); 478 droptcb(tcp); 479 continue; 480 } 481 /* INTERRUPTED is going to be checked at the top of TRACE. */ 482 483 if (daemonized_tracer) { 484 /* 485 * It is our grandparent we trace, not a -p PID. 486 * Don't want to just detach on exit, so... 487 */ 488 tcp->flags &= ~TCB_ATTACHED; 489 /* 490 * Make parent go away. 491 * Also makes grandparent's wait() unblock. 492 */ 493 kill(getppid(), SIGKILL); 494 } 495 496#endif /* !USE_PROCFS */ 497 if (!qflag) 498 fprintf(stderr, 499 "Process %u attached - interrupt to quit\n", 500 tcp->pid); 501 } 502 503 if (interactive) 504 sigprocmask(SIG_SETMASK, &empty_set, NULL); 505} 506 507static void 508startup_child (char **argv) 509{ 510 struct stat statbuf; 511 const char *filename; 512 char pathname[MAXPATHLEN]; 513 int pid = 0; 514 struct tcb *tcp; 515 516 filename = argv[0]; 517 if (strchr(filename, '/')) { 518 if (strlen(filename) > sizeof pathname - 1) { 519 errno = ENAMETOOLONG; 520 perror("strace: exec"); 521 exit(1); 522 } 523 strcpy(pathname, filename); 524 } 525#ifdef USE_DEBUGGING_EXEC 526 /* 527 * Debuggers customarily check the current directory 528 * first regardless of the path but doing that gives 529 * security geeks a panic attack. 530 */ 531 else if (stat(filename, &statbuf) == 0) 532 strcpy(pathname, filename); 533#endif /* USE_DEBUGGING_EXEC */ 534 else { 535 char *path; 536 int m, n, len; 537 538 for (path = getenv("PATH"); path && *path; path += m) { 539 if (strchr(path, ':')) { 540 n = strchr(path, ':') - path; 541 m = n + 1; 542 } 543 else 544 m = n = strlen(path); 545 if (n == 0) { 546 if (!getcwd(pathname, MAXPATHLEN)) 547 continue; 548 len = strlen(pathname); 549 } 550 else if (n > sizeof pathname - 1) 551 continue; 552 else { 553 strncpy(pathname, path, n); 554 len = n; 555 } 556 if (len && pathname[len - 1] != '/') 557 pathname[len++] = '/'; 558 strcpy(pathname + len, filename); 559 if (stat(pathname, &statbuf) == 0 && 560 /* Accept only regular files 561 with some execute bits set. 562 XXX not perfect, might still fail */ 563 S_ISREG(statbuf.st_mode) && 564 (statbuf.st_mode & 0111)) 565 break; 566 } 567 } 568 if (stat(pathname, &statbuf) < 0) { 569 fprintf(stderr, "%s: %s: command not found\n", 570 progname, filename); 571 exit(1); 572 } 573 strace_child = pid = fork(); 574 if (pid < 0) { 575 perror("strace: fork"); 576 cleanup(); 577 exit(1); 578 } 579 if ((pid != 0 && daemonized_tracer) /* parent: to become a traced process */ 580 || (pid == 0 && !daemonized_tracer) /* child: to become a traced process */ 581 ) { 582 pid = getpid(); 583#ifdef USE_PROCFS 584 if (outf != stderr) close (fileno (outf)); 585#ifdef MIPS 586 /* Kludge for SGI, see proc_open for details. */ 587 sa.sa_handler = foobar; 588 sa.sa_flags = 0; 589 sigemptyset(&sa.sa_mask); 590 sigaction(SIGINT, &sa, NULL); 591#endif /* MIPS */ 592#ifndef FREEBSD 593 pause(); 594#else /* FREEBSD */ 595 kill(pid, SIGSTOP); /* stop HERE */ 596#endif /* FREEBSD */ 597#else /* !USE_PROCFS */ 598 if (outf!=stderr) 599 close(fileno (outf)); 600 601 if (!daemonized_tracer) { 602 if (ptrace(PTRACE_TRACEME, 0, (char *) 1, 0) < 0) { 603 perror("strace: ptrace(PTRACE_TRACEME, ...)"); 604 exit(1); 605 } 606 if (debug) 607 kill(pid, SIGSTOP); 608 } 609 610 if (username != NULL || geteuid() == 0) { 611 uid_t run_euid = run_uid; 612 gid_t run_egid = run_gid; 613 614 if (statbuf.st_mode & S_ISUID) 615 run_euid = statbuf.st_uid; 616 if (statbuf.st_mode & S_ISGID) 617 run_egid = statbuf.st_gid; 618 619 /* 620 * It is important to set groups before we 621 * lose privileges on setuid. 622 */ 623 if (username != NULL) { 624 if (initgroups(username, run_gid) < 0) { 625 perror("initgroups"); 626 exit(1); 627 } 628 if (setregid(run_gid, run_egid) < 0) { 629 perror("setregid"); 630 exit(1); 631 } 632 if (setreuid(run_uid, run_euid) < 0) { 633 perror("setreuid"); 634 exit(1); 635 } 636 } 637 } 638 else 639 setreuid(run_uid, run_uid); 640 641 if (!daemonized_tracer) { 642 /* 643 * Induce an immediate stop so that the parent 644 * will resume us with PTRACE_SYSCALL and display 645 * this execve call normally. 646 * Unless of course we're on a no-MMU system where 647 * we vfork()-ed, so we cannot stop the child. 648 */ 649 if (!strace_vforked) 650 kill(getpid(), SIGSTOP); 651 } else { 652 struct sigaction sv_sigchld; 653 sigaction(SIGCHLD, NULL, &sv_sigchld); 654 /* 655 * Make sure it is not SIG_IGN, otherwise wait 656 * will not block. 657 */ 658 signal(SIGCHLD, SIG_DFL); 659 /* 660 * Wait for grandchild to attach to us. 661 * It kills child after that, and wait() unblocks. 662 */ 663 alarm(3); 664 wait(NULL); 665 alarm(0); 666 sigaction(SIGCHLD, &sv_sigchld, NULL); 667 } 668#endif /* !USE_PROCFS */ 669 670 execv(pathname, argv); 671 perror("strace: exec"); 672 _exit(1); 673 } 674 675 /* We are the tracer. */ 676 tcp = alloctcb(daemonized_tracer ? getppid() : pid); 677 if (daemonized_tracer) { 678 /* We want subsequent startup_attach() to attach to it. */ 679 tcp->flags |= TCB_ATTACHED; 680 } 681#ifdef USE_PROCFS 682 if (proc_open(tcp, 0) < 0) { 683 fprintf(stderr, "trouble opening proc file\n"); 684 cleanup(); 685 exit(1); 686 } 687#endif /* USE_PROCFS */ 688} 689 690int 691main(int argc, char *argv[]) 692{ 693 struct tcb *tcp; 694 int c, pid = 0; 695 int optF = 0; 696 struct sigaction sa; 697 698 static char buf[BUFSIZ]; 699 700 progname = argv[0] ? argv[0] : "strace"; 701 702 /* Allocate the initial tcbtab. */ 703 tcbtabsize = argc; /* Surely enough for all -p args. */ 704 if ((tcbtab = calloc(tcbtabsize, sizeof tcbtab[0])) == NULL) { 705 fprintf(stderr, "%s: out of memory\n", progname); 706 exit(1); 707 } 708 if ((tcbtab[0] = calloc(tcbtabsize, sizeof tcbtab[0][0])) == NULL) { 709 fprintf(stderr, "%s: out of memory\n", progname); 710 exit(1); 711 } 712 for (tcp = tcbtab[0]; tcp < &tcbtab[0][tcbtabsize]; ++tcp) 713 tcbtab[tcp - tcbtab[0]] = &tcbtab[0][tcp - tcbtab[0]]; 714 715 outf = stderr; 716 interactive = 1; 717 set_sortby(DEFAULT_SORTBY); 718 set_personality(DEFAULT_PERSONALITY); 719 qualify("trace=all"); 720 qualify("abbrev=all"); 721 qualify("verbose=all"); 722 qualify("signal=all"); 723 while ((c = getopt(argc, argv, 724 "+cCdfFhiqrtTvVxz" 725#ifndef USE_PROCFS 726 "D" 727#endif 728 "a:e:o:O:p:s:S:u:E:")) != EOF) { 729 switch (c) { 730 case 'c': 731 if (cflag == CFLAG_BOTH) { 732 fprintf(stderr, "%s: -c and -C are mutually exclusive options\n", 733 progname); 734 exit(1); 735 } 736 cflag = CFLAG_ONLY_STATS; 737 break; 738 case 'C': 739 if (cflag == CFLAG_ONLY_STATS) { 740 fprintf(stderr, "%s: -c and -C are mutually exclusive options\n", 741 progname); 742 exit(1); 743 } 744 cflag = CFLAG_BOTH; 745 break; 746 case 'd': 747 debug++; 748 break; 749#ifndef USE_PROCFS 750 case 'D': 751 daemonized_tracer = 1; 752 break; 753#endif 754 case 'F': 755 optF = 1; 756 break; 757 case 'f': 758 followfork++; 759 break; 760 case 'h': 761 usage(stdout, 0); 762 break; 763 case 'i': 764 iflag++; 765 break; 766 case 'q': 767 qflag++; 768 break; 769 case 'r': 770 rflag++; 771 tflag++; 772 break; 773 case 't': 774 tflag++; 775 break; 776 case 'T': 777 dtime++; 778 break; 779 case 'x': 780 xflag++; 781 break; 782 case 'v': 783 qualify("abbrev=none"); 784 break; 785 case 'V': 786 printf("%s -- version %s\n", PACKAGE_NAME, VERSION); 787 exit(0); 788 break; 789 case 'z': 790 not_failing_only = 1; 791 break; 792 case 'a': 793 acolumn = atoi(optarg); 794 break; 795 case 'e': 796 qualify(optarg); 797 break; 798 case 'o': 799 outfname = strdup(optarg); 800 break; 801 case 'O': 802 set_overhead(atoi(optarg)); 803 break; 804 case 'p': 805 if ((pid = atoi(optarg)) <= 0) { 806 fprintf(stderr, "%s: Invalid process id: %s\n", 807 progname, optarg); 808 break; 809 } 810 if (pid == getpid()) { 811 fprintf(stderr, "%s: I'm sorry, I can't let you do that, Dave.\n", progname); 812 break; 813 } 814 tcp = alloc_tcb(pid, 0); 815 tcp->flags |= TCB_ATTACHED; 816 pflag_seen++; 817 break; 818 case 's': 819 max_strlen = atoi(optarg); 820 if (max_strlen < 0) { 821 fprintf(stderr, 822 "%s: invalid -s argument: %s\n", 823 progname, optarg); 824 exit(1); 825 } 826 break; 827 case 'S': 828 set_sortby(optarg); 829 break; 830 case 'u': 831 username = strdup(optarg); 832 break; 833 case 'E': 834 if (putenv(optarg) < 0) { 835 fprintf(stderr, "%s: out of memory\n", 836 progname); 837 exit(1); 838 } 839 break; 840 default: 841 usage(stderr, 1); 842 break; 843 } 844 } 845 846 if ((optind == argc) == !pflag_seen) 847 usage(stderr, 1); 848 849 if (!followfork) 850 followfork = optF; 851 852 if (followfork > 1 && cflag) { 853 fprintf(stderr, 854 "%s: (-c or -C) and -ff are mutually exclusive options\n", 855 progname); 856 exit(1); 857 } 858 859 /* See if they want to run as another user. */ 860 if (username != NULL) { 861 struct passwd *pent; 862 863 if (getuid() != 0 || geteuid() != 0) { 864 fprintf(stderr, 865 "%s: you must be root to use the -u option\n", 866 progname); 867 exit(1); 868 } 869 if ((pent = getpwnam(username)) == NULL) { 870 fprintf(stderr, "%s: cannot find user `%s'\n", 871 progname, username); 872 exit(1); 873 } 874 run_uid = pent->pw_uid; 875 run_gid = pent->pw_gid; 876 } 877 else { 878 run_uid = getuid(); 879 run_gid = getgid(); 880 } 881 882 /* Check if they want to redirect the output. */ 883 if (outfname) { 884 /* See if they want to pipe the output. */ 885 if (outfname[0] == '|' || outfname[0] == '!') { 886 /* 887 * We can't do the <outfname>.PID funny business 888 * when using popen, so prohibit it. 889 */ 890 if (followfork > 1) { 891 fprintf(stderr, "\ 892%s: piping the output and -ff are mutually exclusive options\n", 893 progname); 894 exit(1); 895 } 896 897 if ((outf = strace_popen(outfname + 1)) == NULL) 898 exit(1); 899 } 900 else if (followfork <= 1 && 901 (outf = strace_fopen(outfname, "w")) == NULL) 902 exit(1); 903 } 904 905 if (!outfname || outfname[0] == '|' || outfname[0] == '!') 906 setvbuf(outf, buf, _IOLBF, BUFSIZ); 907 if (outfname && optind < argc) { 908 interactive = 0; 909 qflag = 1; 910 } 911 /* Valid states here: 912 optind < argc pflag_seen outfname interactive 913 1 0 0 1 914 0 1 0 1 915 1 0 1 0 916 0 1 1 1 917 */ 918 919 /* STARTUP_CHILD must be called before the signal handlers get 920 installed below as they are inherited into the spawned process. 921 Also we do not need to be protected by them as during interruption 922 in the STARTUP_CHILD mode we kill the spawned process anyway. */ 923 if (!pflag_seen) 924 startup_child(&argv[optind]); 925 926 sigemptyset(&empty_set); 927 sigemptyset(&blocked_set); 928 sa.sa_handler = SIG_IGN; 929 sigemptyset(&sa.sa_mask); 930 sa.sa_flags = 0; 931 sigaction(SIGTTOU, &sa, NULL); 932 sigaction(SIGTTIN, &sa, NULL); 933 if (interactive) { 934 sigaddset(&blocked_set, SIGHUP); 935 sigaddset(&blocked_set, SIGINT); 936 sigaddset(&blocked_set, SIGQUIT); 937 sigaddset(&blocked_set, SIGPIPE); 938 sigaddset(&blocked_set, SIGTERM); 939 sa.sa_handler = interrupt; 940#ifdef SUNOS4 941 /* POSIX signals on sunos4.1 are a little broken. */ 942 sa.sa_flags = SA_INTERRUPT; 943#endif /* SUNOS4 */ 944 } 945 sigaction(SIGHUP, &sa, NULL); 946 sigaction(SIGINT, &sa, NULL); 947 sigaction(SIGQUIT, &sa, NULL); 948 sigaction(SIGPIPE, &sa, NULL); 949 sigaction(SIGTERM, &sa, NULL); 950#ifdef USE_PROCFS 951 sa.sa_handler = reaper; 952 sigaction(SIGCHLD, &sa, NULL); 953#else 954 /* Make sure SIGCHLD has the default action so that waitpid 955 definitely works without losing track of children. The user 956 should not have given us a bogus state to inherit, but he might 957 have. Arguably we should detect SIG_IGN here and pass it on 958 to children, but probably noone really needs that. */ 959 sa.sa_handler = SIG_DFL; 960 sigaction(SIGCHLD, &sa, NULL); 961#endif /* USE_PROCFS */ 962 963 if (pflag_seen || daemonized_tracer) 964 startup_attach(); 965 966 if (trace() < 0) 967 exit(1); 968 cleanup(); 969 fflush(NULL); 970 if (exit_code > 0xff) { 971 /* Child was killed by a signal, mimic that. */ 972 exit_code &= 0xff; 973 signal(exit_code, SIG_DFL); 974 raise(exit_code); 975 /* Paranoia - what if this signal is not fatal? 976 Exit with 128 + signo then. */ 977 exit_code += 128; 978 } 979 exit(exit_code); 980} 981 982void 983expand_tcbtab(void) 984{ 985 /* Allocate some more TCBs and expand the table. 986 We don't want to relocate the TCBs because our 987 callers have pointers and it would be a pain. 988 So tcbtab is a table of pointers. Since we never 989 free the TCBs, we allocate a single chunk of many. */ 990 struct tcb **newtab = (struct tcb **) 991 realloc(tcbtab, 2 * tcbtabsize * sizeof tcbtab[0]); 992 struct tcb *newtcbs = (struct tcb *) calloc(tcbtabsize, 993 sizeof *newtcbs); 994 int i; 995 if (newtab == NULL || newtcbs == NULL) { 996 fprintf(stderr, "%s: expand_tcbtab: out of memory\n", 997 progname); 998 cleanup(); 999 exit(1); 1000 } 1001 for (i = tcbtabsize; i < 2 * tcbtabsize; ++i) 1002 newtab[i] = &newtcbs[i - tcbtabsize]; 1003 tcbtabsize *= 2; 1004 tcbtab = newtab; 1005} 1006 1007struct tcb * 1008alloc_tcb(int pid, int command_options_parsed) 1009{ 1010 int i; 1011 struct tcb *tcp; 1012 1013 if (nprocs == tcbtabsize) 1014 expand_tcbtab(); 1015 1016 for (i = 0; i < tcbtabsize; i++) { 1017 tcp = tcbtab[i]; 1018 if ((tcp->flags & TCB_INUSE) == 0) { 1019 tcp->pid = pid; 1020 tcp->parent = NULL; 1021 tcp->nchildren = 0; 1022 tcp->nzombies = 0; 1023#ifdef TCB_CLONE_THREAD 1024 tcp->nclone_threads = tcp->nclone_detached = 0; 1025 tcp->nclone_waiting = 0; 1026#endif 1027 tcp->flags = TCB_INUSE | TCB_STARTUP; 1028 tcp->outf = outf; /* Initialise to current out file */ 1029 tcp->curcol = 0; 1030 tcp->stime.tv_sec = 0; 1031 tcp->stime.tv_usec = 0; 1032 tcp->pfd = -1; 1033 nprocs++; 1034 if (command_options_parsed) 1035 newoutf(tcp); 1036 return tcp; 1037 } 1038 } 1039 fprintf(stderr, "%s: bug in alloc_tcb\n", progname); 1040 cleanup(); 1041 exit(1); 1042} 1043 1044#ifdef USE_PROCFS 1045int 1046proc_open(struct tcb *tcp, int attaching) 1047{ 1048 char proc[32]; 1049 long arg; 1050#ifdef SVR4 1051 int i; 1052 sysset_t syscalls; 1053 sigset_t signals; 1054 fltset_t faults; 1055#endif 1056#ifndef HAVE_POLLABLE_PROCFS 1057 static int last_pfd; 1058#endif 1059 1060#ifdef HAVE_MP_PROCFS 1061 /* Open the process pseudo-files in /proc. */ 1062 sprintf(proc, "/proc/%d/ctl", tcp->pid); 1063 if ((tcp->pfd = open(proc, O_WRONLY|O_EXCL)) < 0) { 1064 perror("strace: open(\"/proc/...\", ...)"); 1065 return -1; 1066 } 1067 if (set_cloexec_flag(tcp->pfd) < 0) { 1068 return -1; 1069 } 1070 sprintf(proc, "/proc/%d/status", tcp->pid); 1071 if ((tcp->pfd_stat = open(proc, O_RDONLY|O_EXCL)) < 0) { 1072 perror("strace: open(\"/proc/...\", ...)"); 1073 return -1; 1074 } 1075 if (set_cloexec_flag(tcp->pfd_stat) < 0) { 1076 return -1; 1077 } 1078 sprintf(proc, "/proc/%d/as", tcp->pid); 1079 if ((tcp->pfd_as = open(proc, O_RDONLY|O_EXCL)) < 0) { 1080 perror("strace: open(\"/proc/...\", ...)"); 1081 return -1; 1082 } 1083 if (set_cloexec_flag(tcp->pfd_as) < 0) { 1084 return -1; 1085 } 1086#else 1087 /* Open the process pseudo-file in /proc. */ 1088#ifndef FREEBSD 1089 sprintf(proc, "/proc/%d", tcp->pid); 1090 if ((tcp->pfd = open(proc, O_RDWR|O_EXCL)) < 0) { 1091#else /* FREEBSD */ 1092 sprintf(proc, "/proc/%d/mem", tcp->pid); 1093 if ((tcp->pfd = open(proc, O_RDWR)) < 0) { 1094#endif /* FREEBSD */ 1095 perror("strace: open(\"/proc/...\", ...)"); 1096 return -1; 1097 } 1098 if (set_cloexec_flag(tcp->pfd) < 0) { 1099 return -1; 1100 } 1101#endif 1102#ifdef FREEBSD 1103 sprintf(proc, "/proc/%d/regs", tcp->pid); 1104 if ((tcp->pfd_reg = open(proc, O_RDONLY)) < 0) { 1105 perror("strace: open(\"/proc/.../regs\", ...)"); 1106 return -1; 1107 } 1108 if (cflag) { 1109 sprintf(proc, "/proc/%d/status", tcp->pid); 1110 if ((tcp->pfd_status = open(proc, O_RDONLY)) < 0) { 1111 perror("strace: open(\"/proc/.../status\", ...)"); 1112 return -1; 1113 } 1114 } else 1115 tcp->pfd_status = -1; 1116#endif /* FREEBSD */ 1117 rebuild_pollv(); 1118 if (!attaching) { 1119 /* 1120 * Wait for the child to pause. Because of a race 1121 * condition we have to poll for the event. 1122 */ 1123 for (;;) { 1124 if (IOCTL_STATUS (tcp) < 0) { 1125 perror("strace: PIOCSTATUS"); 1126 return -1; 1127 } 1128 if (tcp->status.PR_FLAGS & PR_ASLEEP) 1129 break; 1130 } 1131 } 1132#ifndef FREEBSD 1133 /* Stop the process so that we own the stop. */ 1134 if (IOCTL(tcp->pfd, PIOCSTOP, (char *)NULL) < 0) { 1135 perror("strace: PIOCSTOP"); 1136 return -1; 1137 } 1138#endif 1139#ifdef PIOCSET 1140 /* Set Run-on-Last-Close. */ 1141 arg = PR_RLC; 1142 if (IOCTL(tcp->pfd, PIOCSET, &arg) < 0) { 1143 perror("PIOCSET PR_RLC"); 1144 return -1; 1145 } 1146 /* Set or Reset Inherit-on-Fork. */ 1147 arg = PR_FORK; 1148 if (IOCTL(tcp->pfd, followfork ? PIOCSET : PIOCRESET, &arg) < 0) { 1149 perror("PIOC{SET,RESET} PR_FORK"); 1150 return -1; 1151 } 1152#else /* !PIOCSET */ 1153#ifndef FREEBSD 1154 if (ioctl(tcp->pfd, PIOCSRLC) < 0) { 1155 perror("PIOCSRLC"); 1156 return -1; 1157 } 1158 if (ioctl(tcp->pfd, followfork ? PIOCSFORK : PIOCRFORK) < 0) { 1159 perror("PIOC{S,R}FORK"); 1160 return -1; 1161 } 1162#else /* FREEBSD */ 1163 /* just unset the PF_LINGER flag for the Run-on-Last-Close. */ 1164 if (ioctl(tcp->pfd, PIOCGFL, &arg) < 0) { 1165 perror("PIOCGFL"); 1166 return -1; 1167 } 1168 arg &= ~PF_LINGER; 1169 if (ioctl(tcp->pfd, PIOCSFL, arg) < 0) { 1170 perror("PIOCSFL"); 1171 return -1; 1172 } 1173#endif /* FREEBSD */ 1174#endif /* !PIOCSET */ 1175#ifndef FREEBSD 1176 /* Enable all syscall entries we care about. */ 1177 premptyset(&syscalls); 1178 for (i = 1; i < MAX_QUALS; ++i) { 1179 if (i > (sizeof syscalls) * CHAR_BIT) break; 1180 if (qual_flags [i] & QUAL_TRACE) praddset (&syscalls, i); 1181 } 1182 praddset (&syscalls, SYS_execve); 1183 if (followfork) { 1184 praddset (&syscalls, SYS_fork); 1185#ifdef SYS_forkall 1186 praddset (&syscalls, SYS_forkall); 1187#endif 1188#ifdef SYS_fork1 1189 praddset (&syscalls, SYS_fork1); 1190#endif 1191#ifdef SYS_rfork1 1192 praddset (&syscalls, SYS_rfork1); 1193#endif 1194#ifdef SYS_rforkall 1195 praddset (&syscalls, SYS_rforkall); 1196#endif 1197 } 1198 if (IOCTL(tcp->pfd, PIOCSENTRY, &syscalls) < 0) { 1199 perror("PIOCSENTRY"); 1200 return -1; 1201 } 1202 /* Enable the syscall exits. */ 1203 if (IOCTL(tcp->pfd, PIOCSEXIT, &syscalls) < 0) { 1204 perror("PIOSEXIT"); 1205 return -1; 1206 } 1207 /* Enable signals we care about. */ 1208 premptyset(&signals); 1209 for (i = 1; i < MAX_QUALS; ++i) { 1210 if (i > (sizeof signals) * CHAR_BIT) break; 1211 if (qual_flags [i] & QUAL_SIGNAL) praddset (&signals, i); 1212 } 1213 if (IOCTL(tcp->pfd, PIOCSTRACE, &signals) < 0) { 1214 perror("PIOCSTRACE"); 1215 return -1; 1216 } 1217 /* Enable faults we care about */ 1218 premptyset(&faults); 1219 for (i = 1; i < MAX_QUALS; ++i) { 1220 if (i > (sizeof faults) * CHAR_BIT) break; 1221 if (qual_flags [i] & QUAL_FAULT) praddset (&faults, i); 1222 } 1223 if (IOCTL(tcp->pfd, PIOCSFAULT, &faults) < 0) { 1224 perror("PIOCSFAULT"); 1225 return -1; 1226 } 1227#else /* FREEBSD */ 1228 /* set events flags. */ 1229 arg = S_SIG | S_SCE | S_SCX ; 1230 if(ioctl(tcp->pfd, PIOCBIS, arg) < 0) { 1231 perror("PIOCBIS"); 1232 return -1; 1233 } 1234#endif /* FREEBSD */ 1235 if (!attaching) { 1236#ifdef MIPS 1237 /* 1238 * The SGI PRSABORT doesn't work for pause() so 1239 * we send it a caught signal to wake it up. 1240 */ 1241 kill(tcp->pid, SIGINT); 1242#else /* !MIPS */ 1243#ifdef PRSABORT 1244 /* The child is in a pause(), abort it. */ 1245 arg = PRSABORT; 1246 if (IOCTL (tcp->pfd, PIOCRUN, &arg) < 0) { 1247 perror("PIOCRUN"); 1248 return -1; 1249 } 1250#endif 1251#endif /* !MIPS*/ 1252#ifdef FREEBSD 1253 /* wake up the child if it received the SIGSTOP */ 1254 kill(tcp->pid, SIGCONT); 1255#endif 1256 for (;;) { 1257 /* Wait for the child to do something. */ 1258 if (IOCTL_WSTOP (tcp) < 0) { 1259 perror("PIOCWSTOP"); 1260 return -1; 1261 } 1262 if (tcp->status.PR_WHY == PR_SYSENTRY) { 1263 tcp->flags &= ~TCB_INSYSCALL; 1264 get_scno(tcp); 1265 if (known_scno(tcp) == SYS_execve) 1266 break; 1267 } 1268 /* Set it running: maybe execve will be next. */ 1269#ifndef FREEBSD 1270 arg = 0; 1271 if (IOCTL(tcp->pfd, PIOCRUN, &arg) < 0) { 1272#else /* FREEBSD */ 1273 if (IOCTL(tcp->pfd, PIOCRUN, 0) < 0) { 1274#endif /* FREEBSD */ 1275 perror("PIOCRUN"); 1276 return -1; 1277 } 1278#ifdef FREEBSD 1279 /* handle the case where we "opened" the child before 1280 it did the kill -STOP */ 1281 if (tcp->status.PR_WHY == PR_SIGNALLED && 1282 tcp->status.PR_WHAT == SIGSTOP) 1283 kill(tcp->pid, SIGCONT); 1284#endif 1285 } 1286#ifndef FREEBSD 1287 } 1288#else /* FREEBSD */ 1289 } else { 1290 if (attaching < 2) { 1291 /* We are attaching to an already running process. 1292 * Try to figure out the state of the process in syscalls, 1293 * to handle the first event well. 1294 * This is done by having a look at the "wchan" property of the 1295 * process, which tells where it is stopped (if it is). */ 1296 FILE * status; 1297 char wchan[20]; /* should be enough */ 1298 1299 sprintf(proc, "/proc/%d/status", tcp->pid); 1300 status = fopen(proc, "r"); 1301 if (status && 1302 (fscanf(status, "%*s %*d %*d %*d %*d %*d,%*d %*s %*d,%*d" 1303 "%*d,%*d %*d,%*d %19s", wchan) == 1) && 1304 strcmp(wchan, "nochan") && strcmp(wchan, "spread") && 1305 strcmp(wchan, "stopevent")) { 1306 /* The process is asleep in the middle of a syscall. 1307 Fake the syscall entry event */ 1308 tcp->flags &= ~(TCB_INSYSCALL|TCB_STARTUP); 1309 tcp->status.PR_WHY = PR_SYSENTRY; 1310 trace_syscall(tcp); 1311 } 1312 if (status) 1313 fclose(status); 1314 } /* otherwise it's a fork being followed */ 1315 } 1316#endif /* FREEBSD */ 1317#ifndef HAVE_POLLABLE_PROCFS 1318 if (proc_poll_pipe[0] != -1) 1319 proc_poller(tcp->pfd); 1320 else if (nprocs > 1) { 1321 proc_poll_open(); 1322 proc_poller(last_pfd); 1323 proc_poller(tcp->pfd); 1324 } 1325 last_pfd = tcp->pfd; 1326#endif /* !HAVE_POLLABLE_PROCFS */ 1327 return 0; 1328} 1329 1330#endif /* USE_PROCFS */ 1331 1332struct tcb * 1333pid2tcb(pid) 1334int pid; 1335{ 1336 int i; 1337 struct tcb *tcp; 1338 1339 for (i = 0; i < tcbtabsize; i++) { 1340 tcp = tcbtab[i]; 1341 if (pid && tcp->pid != pid) 1342 continue; 1343 if (tcp->flags & TCB_INUSE) 1344 return tcp; 1345 } 1346 return NULL; 1347} 1348 1349#ifdef USE_PROCFS 1350 1351static struct tcb * 1352pfd2tcb(pfd) 1353int pfd; 1354{ 1355 int i; 1356 1357 for (i = 0; i < tcbtabsize; i++) { 1358 struct tcb *tcp = tcbtab[i]; 1359 if (tcp->pfd != pfd) 1360 continue; 1361 if (tcp->flags & TCB_INUSE) 1362 return tcp; 1363 } 1364 return NULL; 1365} 1366 1367#endif /* USE_PROCFS */ 1368 1369void 1370droptcb(tcp) 1371struct tcb *tcp; 1372{ 1373 if (tcp->pid == 0) 1374 return; 1375#ifdef TCB_CLONE_THREAD 1376 if (tcp->nclone_threads > 0) { 1377 /* There are other threads left in this process, but this 1378 is the one whose PID represents the whole process. 1379 We need to keep this record around as a zombie until 1380 all the threads die. */ 1381 tcp->flags |= TCB_EXITING; 1382 return; 1383 } 1384#endif 1385 nprocs--; 1386 tcp->pid = 0; 1387 1388 if (tcp->parent != NULL) { 1389 tcp->parent->nchildren--; 1390#ifdef TCB_CLONE_THREAD 1391 if (tcp->flags & TCB_CLONE_DETACHED) 1392 tcp->parent->nclone_detached--; 1393 if (tcp->flags & TCB_CLONE_THREAD) 1394 tcp->parent->nclone_threads--; 1395#endif 1396#ifdef TCB_CLONE_DETACHED 1397 if (!(tcp->flags & TCB_CLONE_DETACHED)) 1398#endif 1399 tcp->parent->nzombies++; 1400#ifdef LINUX 1401 /* Update `tcp->parent->parent->nchildren' and the other fields 1402 like NCLONE_DETACHED, only for zombie group leader that has 1403 already reported and been short-circuited at the top of this 1404 function. The same condition as at the top of DETACH. */ 1405 if ((tcp->flags & TCB_CLONE_THREAD) && 1406 tcp->parent->nclone_threads == 0 && 1407 (tcp->parent->flags & TCB_EXITING)) 1408 droptcb(tcp->parent); 1409#endif 1410 tcp->parent = NULL; 1411 } 1412 1413 tcp->flags = 0; 1414 if (tcp->pfd != -1) { 1415 close(tcp->pfd); 1416 tcp->pfd = -1; 1417#ifdef FREEBSD 1418 if (tcp->pfd_reg != -1) { 1419 close(tcp->pfd_reg); 1420 tcp->pfd_reg = -1; 1421 } 1422 if (tcp->pfd_status != -1) { 1423 close(tcp->pfd_status); 1424 tcp->pfd_status = -1; 1425 } 1426#endif /* !FREEBSD */ 1427#ifdef USE_PROCFS 1428 rebuild_pollv(); /* Note, flags needs to be cleared by now. */ 1429#endif 1430 } 1431 1432 if (outfname && followfork > 1 && tcp->outf) 1433 fclose(tcp->outf); 1434 1435 tcp->outf = 0; 1436} 1437 1438#ifndef USE_PROCFS 1439 1440static int 1441resume(tcp) 1442struct tcb *tcp; 1443{ 1444 if (tcp == NULL) 1445 return -1; 1446 1447 if (!(tcp->flags & TCB_SUSPENDED)) { 1448 fprintf(stderr, "PANIC: pid %u not suspended\n", tcp->pid); 1449 return -1; 1450 } 1451 tcp->flags &= ~TCB_SUSPENDED; 1452#ifdef TCB_CLONE_THREAD 1453 if (tcp->flags & TCB_CLONE_THREAD) 1454 tcp->parent->nclone_waiting--; 1455#endif 1456 1457 if (ptrace_restart(PTRACE_SYSCALL, tcp, 0) < 0) 1458 return -1; 1459 1460 if (!qflag) 1461 fprintf(stderr, "Process %u resumed\n", tcp->pid); 1462 return 0; 1463} 1464 1465static int 1466resume_from_tcp (struct tcb *tcp) 1467{ 1468 int error = 0; 1469 int resumed = 0; 1470 1471 /* XXX This won't always be quite right (but it never was). 1472 A waiter with argument 0 or < -1 is waiting for any pid in 1473 a particular pgrp, which this child might or might not be 1474 in. The waiter will only wake up if it's argument is -1 1475 or if it's waiting for tcp->pid's pgrp. It makes a 1476 difference to wake up a waiter when there might be more 1477 traced children, because it could get a false ECHILD 1478 error. OTOH, if this was the last child in the pgrp, then 1479 it ought to wake up and get ECHILD. We would have to 1480 search the system for all pid's in the pgrp to be sure. 1481 1482 && (t->waitpid == -1 || 1483 (t->waitpid == 0 && getpgid (tcp->pid) == getpgid (t->pid)) 1484 || (t->waitpid < 0 && t->waitpid == -getpid (t->pid))) 1485 */ 1486 1487 if (tcp->parent && 1488 (tcp->parent->flags & TCB_SUSPENDED) && 1489 (tcp->parent->waitpid <= 0 || tcp->parent->waitpid == tcp->pid)) { 1490 error = resume(tcp->parent); 1491 ++resumed; 1492 } 1493#ifdef TCB_CLONE_THREAD 1494 if (tcp->parent && tcp->parent->nclone_waiting > 0) { 1495 /* Some other threads of our parent are waiting too. */ 1496 unsigned int i; 1497 1498 /* Resume all the threads that were waiting for this PID. */ 1499 for (i = 0; i < tcbtabsize; i++) { 1500 struct tcb *t = tcbtab[i]; 1501 if (t->parent == tcp->parent && t != tcp 1502 && ((t->flags & (TCB_CLONE_THREAD|TCB_SUSPENDED)) 1503 == (TCB_CLONE_THREAD|TCB_SUSPENDED)) 1504 && t->waitpid == tcp->pid) { 1505 error |= resume (t); 1506 ++resumed; 1507 } 1508 } 1509 if (resumed == 0) 1510 /* Noone was waiting for this PID in particular, 1511 so now we might need to resume some wildcarders. */ 1512 for (i = 0; i < tcbtabsize; i++) { 1513 struct tcb *t = tcbtab[i]; 1514 if (t->parent == tcp->parent && t != tcp 1515 && ((t->flags 1516 & (TCB_CLONE_THREAD|TCB_SUSPENDED)) 1517 == (TCB_CLONE_THREAD|TCB_SUSPENDED)) 1518 && t->waitpid <= 0 1519 ) { 1520 error |= resume (t); 1521 break; 1522 } 1523 } 1524 } 1525#endif 1526 1527 return error; 1528} 1529 1530#endif /* !USE_PROCFS */ 1531 1532/* detach traced process; continue with sig 1533 Never call DETACH twice on the same process as both unattached and 1534 attached-unstopped processes give the same ESRCH. For unattached process we 1535 would SIGSTOP it and wait for its SIGSTOP notification forever. */ 1536 1537static int 1538detach(tcp, sig) 1539struct tcb *tcp; 1540int sig; 1541{ 1542 int error = 0; 1543#ifdef LINUX 1544 int status, catch_sigstop; 1545 struct tcb *zombie = NULL; 1546 1547 /* If the group leader is lingering only because of this other 1548 thread now dying, then detach the leader as well. */ 1549 if ((tcp->flags & TCB_CLONE_THREAD) && 1550 tcp->parent->nclone_threads == 1 && 1551 (tcp->parent->flags & TCB_EXITING)) 1552 zombie = tcp->parent; 1553#endif 1554 1555 if (tcp->flags & TCB_BPTSET) 1556 clearbpt(tcp); 1557 1558#ifdef LINUX 1559 /* 1560 * Linux wrongly insists the child be stopped 1561 * before detaching. Arghh. We go through hoops 1562 * to make a clean break of things. 1563 */ 1564#if defined(SPARC) 1565#undef PTRACE_DETACH 1566#define PTRACE_DETACH PTRACE_SUNDETACH 1567#endif 1568 /* 1569 * On TCB_STARTUP we did PTRACE_ATTACH but still did not get the 1570 * expected SIGSTOP. We must catch exactly one as otherwise the 1571 * detached process would be left stopped (process state T). 1572 */ 1573 catch_sigstop = (tcp->flags & TCB_STARTUP); 1574 if ((error = ptrace(PTRACE_DETACH, tcp->pid, (char *) 1, sig)) == 0) { 1575 /* On a clear day, you can see forever. */ 1576 } 1577 else if (errno != ESRCH) { 1578 /* Shouldn't happen. */ 1579 perror("detach: ptrace(PTRACE_DETACH, ...)"); 1580 } 1581 else if (my_tgkill((tcp->flags & TCB_CLONE_THREAD ? tcp->parent->pid 1582 : tcp->pid), 1583 tcp->pid, 0) < 0) { 1584 if (errno != ESRCH) 1585 perror("detach: checking sanity"); 1586 } 1587 else if (!catch_sigstop && my_tgkill((tcp->flags & TCB_CLONE_THREAD 1588 ? tcp->parent->pid : tcp->pid), 1589 tcp->pid, SIGSTOP) < 0) { 1590 if (errno != ESRCH) 1591 perror("detach: stopping child"); 1592 } 1593 else 1594 catch_sigstop = 1; 1595 if (catch_sigstop) { 1596 for (;;) { 1597#ifdef __WALL 1598 if (wait4(tcp->pid, &status, __WALL, NULL) < 0) { 1599 if (errno == ECHILD) /* Already gone. */ 1600 break; 1601 if (errno != EINVAL) { 1602 perror("detach: waiting"); 1603 break; 1604 } 1605#endif /* __WALL */ 1606 /* No __WALL here. */ 1607 if (waitpid(tcp->pid, &status, 0) < 0) { 1608 if (errno != ECHILD) { 1609 perror("detach: waiting"); 1610 break; 1611 } 1612#ifdef __WCLONE 1613 /* If no processes, try clones. */ 1614 if (wait4(tcp->pid, &status, __WCLONE, 1615 NULL) < 0) { 1616 if (errno != ECHILD) 1617 perror("detach: waiting"); 1618 break; 1619 } 1620#endif /* __WCLONE */ 1621 } 1622#ifdef __WALL 1623 } 1624#endif 1625 if (!WIFSTOPPED(status)) { 1626 /* Au revoir, mon ami. */ 1627 break; 1628 } 1629 if (WSTOPSIG(status) == SIGSTOP) { 1630 ptrace_restart(PTRACE_DETACH, tcp, sig); 1631 break; 1632 } 1633 error = ptrace_restart(PTRACE_CONT, tcp, 1634 WSTOPSIG(status) == SIGTRAP ? 0 1635 : WSTOPSIG(status)); 1636 if (error < 0) 1637 break; 1638 } 1639 } 1640#endif /* LINUX */ 1641 1642#if defined(SUNOS4) 1643 /* PTRACE_DETACH won't respect `sig' argument, so we post it here. */ 1644 if (sig && kill(tcp->pid, sig) < 0) 1645 perror("detach: kill"); 1646 sig = 0; 1647 error = ptrace_restart(PTRACE_DETACH, tcp, sig); 1648#endif /* SUNOS4 */ 1649 1650#ifndef USE_PROCFS 1651 error |= resume_from_tcp (tcp); 1652#endif 1653 1654 if (!qflag) 1655 fprintf(stderr, "Process %u detached\n", tcp->pid); 1656 1657 droptcb(tcp); 1658 1659#ifdef LINUX 1660 if (zombie != NULL) { 1661 /* TCP no longer exists therefore you must not detach () it. */ 1662 droptcb(zombie); 1663 } 1664#endif 1665 1666 return error; 1667} 1668 1669#ifdef USE_PROCFS 1670 1671static void reaper(int sig) 1672{ 1673 int pid; 1674 int status; 1675 1676 while ((pid = waitpid(-1, &status, WNOHANG)) > 0) { 1677 } 1678} 1679 1680#endif /* USE_PROCFS */ 1681 1682static void 1683cleanup() 1684{ 1685 int i; 1686 struct tcb *tcp; 1687 1688 for (i = 0; i < tcbtabsize; i++) { 1689 tcp = tcbtab[i]; 1690 if (!(tcp->flags & TCB_INUSE)) 1691 continue; 1692 if (debug) 1693 fprintf(stderr, 1694 "cleanup: looking at pid %u\n", tcp->pid); 1695 if (tcp_last && 1696 (!outfname || followfork < 2 || tcp_last == tcp)) { 1697 tprintf(" <unfinished ...>"); 1698 printtrailer(); 1699 } 1700 if (tcp->flags & TCB_ATTACHED) 1701 detach(tcp, 0); 1702 else { 1703 kill(tcp->pid, SIGCONT); 1704 kill(tcp->pid, SIGTERM); 1705 } 1706 } 1707 if (cflag) 1708 call_summary(outf); 1709} 1710 1711static void 1712interrupt(sig) 1713int sig; 1714{ 1715 interrupted = 1; 1716} 1717 1718#ifndef HAVE_STRERROR 1719 1720#if !HAVE_DECL_SYS_ERRLIST 1721extern int sys_nerr; 1722extern char *sys_errlist[]; 1723#endif /* HAVE_DECL_SYS_ERRLIST */ 1724 1725const char * 1726strerror(errno) 1727int errno; 1728{ 1729 static char buf[64]; 1730 1731 if (errno < 1 || errno >= sys_nerr) { 1732 sprintf(buf, "Unknown error %d", errno); 1733 return buf; 1734 } 1735 return sys_errlist[errno]; 1736} 1737 1738#endif /* HAVE_STERRROR */ 1739 1740#ifndef HAVE_STRSIGNAL 1741 1742#if defined HAVE_SYS_SIGLIST && !defined HAVE_DECL_SYS_SIGLIST 1743extern char *sys_siglist[]; 1744#endif 1745#if defined HAVE_SYS__SIGLIST && !defined HAVE_DECL__SYS_SIGLIST 1746extern char *_sys_siglist[]; 1747#endif 1748 1749const char * 1750strsignal(sig) 1751int sig; 1752{ 1753 static char buf[64]; 1754 1755 if (sig < 1 || sig >= NSIG) { 1756 sprintf(buf, "Unknown signal %d", sig); 1757 return buf; 1758 } 1759#ifdef HAVE__SYS_SIGLIST 1760 return _sys_siglist[sig]; 1761#else 1762 return sys_siglist[sig]; 1763#endif 1764} 1765 1766#endif /* HAVE_STRSIGNAL */ 1767 1768#ifdef USE_PROCFS 1769 1770static void 1771rebuild_pollv() 1772{ 1773 int i, j; 1774 1775 if (pollv != NULL) 1776 free (pollv); 1777 pollv = (struct pollfd *) malloc(nprocs * sizeof pollv[0]); 1778 if (pollv == NULL) { 1779 fprintf(stderr, "%s: out of memory\n", progname); 1780 exit(1); 1781 } 1782 1783 for (i = j = 0; i < tcbtabsize; i++) { 1784 struct tcb *tcp = tcbtab[i]; 1785 if (!(tcp->flags & TCB_INUSE)) 1786 continue; 1787 pollv[j].fd = tcp->pfd; 1788 pollv[j].events = POLLWANT; 1789 j++; 1790 } 1791 if (j != nprocs) { 1792 fprintf(stderr, "strace: proc miscount\n"); 1793 exit(1); 1794 } 1795} 1796 1797#ifndef HAVE_POLLABLE_PROCFS 1798 1799static void 1800proc_poll_open() 1801{ 1802 int i; 1803 1804 if (pipe(proc_poll_pipe) < 0) { 1805 perror("pipe"); 1806 exit(1); 1807 } 1808 for (i = 0; i < 2; i++) { 1809 if (set_cloexec_flag(proc_poll_pipe[i]) < 0) { 1810 exit(1); 1811 } 1812 } 1813} 1814 1815static int 1816proc_poll(pollv, nfds, timeout) 1817struct pollfd *pollv; 1818int nfds; 1819int timeout; 1820{ 1821 int i; 1822 int n; 1823 struct proc_pollfd pollinfo; 1824 1825 if ((n = read(proc_poll_pipe[0], &pollinfo, sizeof(pollinfo))) < 0) 1826 return n; 1827 if (n != sizeof(struct proc_pollfd)) { 1828 fprintf(stderr, "panic: short read: %d\n", n); 1829 exit(1); 1830 } 1831 for (i = 0; i < nprocs; i++) { 1832 if (pollv[i].fd == pollinfo.fd) 1833 pollv[i].revents = pollinfo.revents; 1834 else 1835 pollv[i].revents = 0; 1836 } 1837 poller_pid = pollinfo.pid; 1838 return 1; 1839} 1840 1841static void 1842wakeup_handler(sig) 1843int sig; 1844{ 1845} 1846 1847static void 1848proc_poller(pfd) 1849int pfd; 1850{ 1851 struct proc_pollfd pollinfo; 1852 struct sigaction sa; 1853 sigset_t blocked_set, empty_set; 1854 int i; 1855 int n; 1856 struct rlimit rl; 1857#ifdef FREEBSD 1858 struct procfs_status pfs; 1859#endif /* FREEBSD */ 1860 1861 switch (fork()) { 1862 case -1: 1863 perror("fork"); 1864 _exit(1); 1865 case 0: 1866 break; 1867 default: 1868 return; 1869 } 1870 1871 sa.sa_handler = interactive ? SIG_DFL : SIG_IGN; 1872 sa.sa_flags = 0; 1873 sigemptyset(&sa.sa_mask); 1874 sigaction(SIGHUP, &sa, NULL); 1875 sigaction(SIGINT, &sa, NULL); 1876 sigaction(SIGQUIT, &sa, NULL); 1877 sigaction(SIGPIPE, &sa, NULL); 1878 sigaction(SIGTERM, &sa, NULL); 1879 sa.sa_handler = wakeup_handler; 1880 sigaction(SIGUSR1, &sa, NULL); 1881 sigemptyset(&blocked_set); 1882 sigaddset(&blocked_set, SIGUSR1); 1883 sigprocmask(SIG_BLOCK, &blocked_set, NULL); 1884 sigemptyset(&empty_set); 1885 1886 if (getrlimit(RLIMIT_NOFILE, &rl) < 0) { 1887 perror("getrlimit(RLIMIT_NOFILE, ...)"); 1888 _exit(1); 1889 } 1890 n = rl.rlim_cur; 1891 for (i = 0; i < n; i++) { 1892 if (i != pfd && i != proc_poll_pipe[1]) 1893 close(i); 1894 } 1895 1896 pollinfo.fd = pfd; 1897 pollinfo.pid = getpid(); 1898 for (;;) { 1899#ifndef FREEBSD 1900 if (ioctl(pfd, PIOCWSTOP, NULL) < 0) 1901#else 1902 if (ioctl(pfd, PIOCWSTOP, &pfs) < 0) 1903#endif 1904 { 1905 switch (errno) { 1906 case EINTR: 1907 continue; 1908 case EBADF: 1909 pollinfo.revents = POLLERR; 1910 break; 1911 case ENOENT: 1912 pollinfo.revents = POLLHUP; 1913 break; 1914 default: 1915 perror("proc_poller: PIOCWSTOP"); 1916 } 1917 write(proc_poll_pipe[1], &pollinfo, sizeof(pollinfo)); 1918 _exit(0); 1919 } 1920 pollinfo.revents = POLLWANT; 1921 write(proc_poll_pipe[1], &pollinfo, sizeof(pollinfo)); 1922 sigsuspend(&empty_set); 1923 } 1924} 1925 1926#endif /* !HAVE_POLLABLE_PROCFS */ 1927 1928static int 1929choose_pfd() 1930{ 1931 int i, j; 1932 struct tcb *tcp; 1933 1934 static int last; 1935 1936 if (followfork < 2 && 1937 last < nprocs && (pollv[last].revents & POLLWANT)) { 1938 /* 1939 * The previous process is ready to run again. We'll 1940 * let it do so if it is currently in a syscall. This 1941 * heuristic improves the readability of the trace. 1942 */ 1943 tcp = pfd2tcb(pollv[last].fd); 1944 if (tcp && (tcp->flags & TCB_INSYSCALL)) 1945 return pollv[last].fd; 1946 } 1947 1948 for (i = 0; i < nprocs; i++) { 1949 /* Let competing children run round robin. */ 1950 j = (i + last + 1) % nprocs; 1951 if (pollv[j].revents & (POLLHUP | POLLERR)) { 1952 tcp = pfd2tcb(pollv[j].fd); 1953 if (!tcp) { 1954 fprintf(stderr, "strace: lost proc\n"); 1955 exit(1); 1956 } 1957 droptcb(tcp); 1958 return -1; 1959 } 1960 if (pollv[j].revents & POLLWANT) { 1961 last = j; 1962 return pollv[j].fd; 1963 } 1964 } 1965 fprintf(stderr, "strace: nothing ready\n"); 1966 exit(1); 1967} 1968 1969static int 1970trace() 1971{ 1972#ifdef POLL_HACK 1973 struct tcb *in_syscall = NULL; 1974#endif 1975 struct tcb *tcp; 1976 int pfd; 1977 int what; 1978 int ioctl_result = 0, ioctl_errno = 0; 1979 long arg; 1980 1981 for (;;) { 1982 if (interactive) 1983 sigprocmask(SIG_SETMASK, &empty_set, NULL); 1984 1985 if (nprocs == 0) 1986 break; 1987 1988 switch (nprocs) { 1989 case 1: 1990#ifndef HAVE_POLLABLE_PROCFS 1991 if (proc_poll_pipe[0] == -1) { 1992#endif 1993 tcp = pid2tcb(0); 1994 if (!tcp) 1995 continue; 1996 pfd = tcp->pfd; 1997 if (pfd == -1) 1998 continue; 1999 break; 2000#ifndef HAVE_POLLABLE_PROCFS 2001 } 2002 /* fall through ... */ 2003#endif /* !HAVE_POLLABLE_PROCFS */ 2004 default: 2005#ifdef HAVE_POLLABLE_PROCFS 2006#ifdef POLL_HACK 2007 /* On some systems (e.g. UnixWare) we get too much ugly 2008 "unfinished..." stuff when multiple proceses are in 2009 syscalls. Here's a nasty hack */ 2010 2011 if (in_syscall) { 2012 struct pollfd pv; 2013 tcp = in_syscall; 2014 in_syscall = NULL; 2015 pv.fd = tcp->pfd; 2016 pv.events = POLLWANT; 2017 if ((what = poll (&pv, 1, 1)) < 0) { 2018 if (interrupted) 2019 return 0; 2020 continue; 2021 } 2022 else if (what == 1 && pv.revents & POLLWANT) { 2023 goto FOUND; 2024 } 2025 } 2026#endif 2027 2028 if (poll(pollv, nprocs, INFTIM) < 0) { 2029 if (interrupted) 2030 return 0; 2031 continue; 2032 } 2033#else /* !HAVE_POLLABLE_PROCFS */ 2034 if (proc_poll(pollv, nprocs, INFTIM) < 0) { 2035 if (interrupted) 2036 return 0; 2037 continue; 2038 } 2039#endif /* !HAVE_POLLABLE_PROCFS */ 2040 pfd = choose_pfd(); 2041 if (pfd == -1) 2042 continue; 2043 break; 2044 } 2045 2046 /* Look up `pfd' in our table. */ 2047 if ((tcp = pfd2tcb(pfd)) == NULL) { 2048 fprintf(stderr, "unknown pfd: %u\n", pfd); 2049 exit(1); 2050 } 2051#ifdef POLL_HACK 2052 FOUND: 2053#endif 2054 /* Get the status of the process. */ 2055 if (!interrupted) { 2056#ifndef FREEBSD 2057 ioctl_result = IOCTL_WSTOP (tcp); 2058#else /* FREEBSD */ 2059 /* Thanks to some scheduling mystery, the first poller 2060 sometimes waits for the already processed end of fork 2061 event. Doing a non blocking poll here solves the problem. */ 2062 if (proc_poll_pipe[0] != -1) 2063 ioctl_result = IOCTL_STATUS (tcp); 2064 else 2065 ioctl_result = IOCTL_WSTOP (tcp); 2066#endif /* FREEBSD */ 2067 ioctl_errno = errno; 2068#ifndef HAVE_POLLABLE_PROCFS 2069 if (proc_poll_pipe[0] != -1) { 2070 if (ioctl_result < 0) 2071 kill(poller_pid, SIGKILL); 2072 else 2073 kill(poller_pid, SIGUSR1); 2074 } 2075#endif /* !HAVE_POLLABLE_PROCFS */ 2076 } 2077 if (interrupted) 2078 return 0; 2079 2080 if (interactive) 2081 sigprocmask(SIG_BLOCK, &blocked_set, NULL); 2082 2083 if (ioctl_result < 0) { 2084 /* Find out what happened if it failed. */ 2085 switch (ioctl_errno) { 2086 case EINTR: 2087 case EBADF: 2088 continue; 2089#ifdef FREEBSD 2090 case ENOTTY: 2091#endif 2092 case ENOENT: 2093 droptcb(tcp); 2094 continue; 2095 default: 2096 perror("PIOCWSTOP"); 2097 exit(1); 2098 } 2099 } 2100 2101#ifdef FREEBSD 2102 if ((tcp->flags & TCB_STARTUP) && (tcp->status.PR_WHY == PR_SYSEXIT)) { 2103 /* discard first event for a syscall we never entered */ 2104 IOCTL (tcp->pfd, PIOCRUN, 0); 2105 continue; 2106 } 2107#endif 2108 2109 /* clear the just started flag */ 2110 tcp->flags &= ~TCB_STARTUP; 2111 2112 /* set current output file */ 2113 outf = tcp->outf; 2114 curcol = tcp->curcol; 2115 2116 if (cflag) { 2117 struct timeval stime; 2118#ifdef FREEBSD 2119 char buf[1024]; 2120 int len; 2121 2122 if ((len = pread(tcp->pfd_status, buf, sizeof(buf) - 1, 0)) > 0) { 2123 buf[len] = '\0'; 2124 sscanf(buf, 2125 "%*s %*d %*d %*d %*d %*d,%*d %*s %*d,%*d %*d,%*d %ld,%ld", 2126 &stime.tv_sec, &stime.tv_usec); 2127 } else 2128 stime.tv_sec = stime.tv_usec = 0; 2129#else /* !FREEBSD */ 2130 stime.tv_sec = tcp->status.pr_stime.tv_sec; 2131 stime.tv_usec = tcp->status.pr_stime.tv_nsec/1000; 2132#endif /* !FREEBSD */ 2133 tv_sub(&tcp->dtime, &stime, &tcp->stime); 2134 tcp->stime = stime; 2135 } 2136 what = tcp->status.PR_WHAT; 2137 switch (tcp->status.PR_WHY) { 2138#ifndef FREEBSD 2139 case PR_REQUESTED: 2140 if (tcp->status.PR_FLAGS & PR_ASLEEP) { 2141 tcp->status.PR_WHY = PR_SYSENTRY; 2142 if (trace_syscall(tcp) < 0) { 2143 fprintf(stderr, "syscall trouble\n"); 2144 exit(1); 2145 } 2146 } 2147 break; 2148#endif /* !FREEBSD */ 2149 case PR_SYSENTRY: 2150#ifdef POLL_HACK 2151 in_syscall = tcp; 2152#endif 2153 case PR_SYSEXIT: 2154 if (trace_syscall(tcp) < 0) { 2155 fprintf(stderr, "syscall trouble\n"); 2156 exit(1); 2157 } 2158 break; 2159 case PR_SIGNALLED: 2160 if (cflag != CFLAG_ONLY_STATS 2161 && (qual_flags[what] & QUAL_SIGNAL)) { 2162 printleader(tcp); 2163 tprintf("--- %s (%s) ---", 2164 signame(what), strsignal(what)); 2165 printtrailer(); 2166#ifdef PR_INFO 2167 if (tcp->status.PR_INFO.si_signo == what) { 2168 printleader(tcp); 2169 tprintf(" siginfo="); 2170 printsiginfo(&tcp->status.PR_INFO, 1); 2171 printtrailer(); 2172 } 2173#endif 2174 } 2175 break; 2176 case PR_FAULTED: 2177 if (cflag != CFLAGS_ONLY_STATS 2178 && (qual_flags[what] & QUAL_FAULT)) { 2179 printleader(tcp); 2180 tprintf("=== FAULT %d ===", what); 2181 printtrailer(); 2182 } 2183 break; 2184#ifdef FREEBSD 2185 case 0: /* handle case we polled for nothing */ 2186 continue; 2187#endif 2188 default: 2189 fprintf(stderr, "odd stop %d\n", tcp->status.PR_WHY); 2190 exit(1); 2191 break; 2192 } 2193 /* Remember current print column before continuing. */ 2194 tcp->curcol = curcol; 2195 arg = 0; 2196#ifndef FREEBSD 2197 if (IOCTL (tcp->pfd, PIOCRUN, &arg) < 0) { 2198#else 2199 if (IOCTL (tcp->pfd, PIOCRUN, 0) < 0) { 2200#endif 2201 perror("PIOCRUN"); 2202 exit(1); 2203 } 2204 } 2205 return 0; 2206} 2207 2208#else /* !USE_PROCFS */ 2209 2210#ifdef TCB_GROUP_EXITING 2211/* Handle an exit detach or death signal that is taking all the 2212 related clone threads with it. This is called in three circumstances: 2213 SIG == -1 TCP has already died (TCB_ATTACHED is clear, strace is parent). 2214 SIG == 0 Continuing TCP will perform an exit_group syscall. 2215 SIG == other Continuing TCP with SIG will kill the process. 2216*/ 2217static int 2218handle_group_exit(struct tcb *tcp, int sig) 2219{ 2220 /* We need to locate our records of all the clone threads 2221 related to TCP, either its children or siblings. */ 2222 struct tcb *leader = NULL; 2223 2224 if (tcp->flags & TCB_CLONE_THREAD) 2225 leader = tcp->parent; 2226 else if (tcp->nclone_detached > 0) 2227 leader = tcp; 2228 2229 if (sig < 0) { 2230 if (leader != NULL && leader != tcp 2231 && !(leader->flags & TCB_GROUP_EXITING) 2232 && !(tcp->flags & TCB_STARTUP) 2233 ) { 2234 fprintf(stderr, 2235 "PANIC: handle_group_exit: %d leader %d\n", 2236 tcp->pid, leader ? leader->pid : -1); 2237 } 2238 /* TCP no longer exists therefore you must not detach() it. */ 2239#ifndef USE_PROCFS 2240 resume_from_tcp(tcp); 2241#endif 2242 droptcb(tcp); /* Already died. */ 2243 } 2244 else { 2245 /* Mark that we are taking the process down. */ 2246 tcp->flags |= TCB_EXITING | TCB_GROUP_EXITING; 2247 if (tcp->flags & TCB_ATTACHED) { 2248 detach(tcp, sig); 2249 if (leader != NULL && leader != tcp) 2250 leader->flags |= TCB_GROUP_EXITING; 2251 } else { 2252 if (ptrace_restart(PTRACE_CONT, tcp, sig) < 0) { 2253 cleanup(); 2254 return -1; 2255 } 2256 if (leader != NULL) { 2257 leader->flags |= TCB_GROUP_EXITING; 2258 if (leader != tcp) 2259 droptcb(tcp); 2260 } 2261 /* The leader will report to us as parent now, 2262 and then we'll get to the SIG==-1 case. */ 2263 return 0; 2264 } 2265 } 2266 2267 return 0; 2268} 2269#endif 2270 2271static int 2272trace() 2273{ 2274 int pid; 2275 int wait_errno; 2276 int status; 2277 struct tcb *tcp; 2278#ifdef LINUX 2279 struct rusage ru; 2280#ifdef __WALL 2281 static int wait4_options = __WALL; 2282#endif 2283#endif /* LINUX */ 2284 2285 while (nprocs != 0) { 2286 if (interrupted) 2287 return 0; 2288 if (interactive) 2289 sigprocmask(SIG_SETMASK, &empty_set, NULL); 2290#ifdef LINUX 2291#ifdef __WALL 2292 pid = wait4(-1, &status, wait4_options, cflag ? &ru : NULL); 2293 if (pid < 0 && (wait4_options & __WALL) && errno == EINVAL) { 2294 /* this kernel does not support __WALL */ 2295 wait4_options &= ~__WALL; 2296 errno = 0; 2297 pid = wait4(-1, &status, wait4_options, 2298 cflag ? &ru : NULL); 2299 } 2300 if (pid < 0 && !(wait4_options & __WALL) && errno == ECHILD) { 2301 /* most likely a "cloned" process */ 2302 pid = wait4(-1, &status, __WCLONE, 2303 cflag ? &ru : NULL); 2304 if (pid == -1) { 2305 fprintf(stderr, "strace: clone wait4 " 2306 "failed: %s\n", strerror(errno)); 2307 } 2308 } 2309#else 2310 pid = wait4(-1, &status, 0, cflag ? &ru : NULL); 2311#endif /* __WALL */ 2312#endif /* LINUX */ 2313#ifdef SUNOS4 2314 pid = wait(&status); 2315#endif /* SUNOS4 */ 2316 wait_errno = errno; 2317 if (interactive) 2318 sigprocmask(SIG_BLOCK, &blocked_set, NULL); 2319 2320 if (pid == -1) { 2321 switch (wait_errno) { 2322 case EINTR: 2323 continue; 2324 case ECHILD: 2325 /* 2326 * We would like to verify this case 2327 * but sometimes a race in Solbourne's 2328 * version of SunOS sometimes reports 2329 * ECHILD before sending us SIGCHILD. 2330 */ 2331 return 0; 2332 default: 2333 errno = wait_errno; 2334 perror("strace: wait"); 2335 return -1; 2336 } 2337 } 2338 if (pid == popen_pid) { 2339 if (WIFEXITED(status) || WIFSIGNALED(status)) 2340 popen_pid = -1; 2341 continue; 2342 } 2343 if (debug) 2344 fprintf(stderr, " [wait(%#x) = %u]\n", status, pid); 2345 2346 /* Look up `pid' in our table. */ 2347 if ((tcp = pid2tcb(pid)) == NULL) { 2348#ifdef LINUX 2349 if (followfork) { 2350 /* This is needed to go with the CLONE_PTRACE 2351 changes in process.c/util.c: we might see 2352 the child's initial trap before we see the 2353 parent return from the clone syscall. 2354 Leave the child suspended until the parent 2355 returns from its system call. Only then 2356 will we have the association of parent and 2357 child so that we know how to do clearbpt 2358 in the child. */ 2359 tcp = alloctcb(pid); 2360 tcp->flags |= TCB_ATTACHED | TCB_SUSPENDED; 2361 if (!qflag) 2362 fprintf(stderr, "\ 2363Process %d attached (waiting for parent)\n", 2364 pid); 2365 } 2366 else 2367 /* This can happen if a clone call used 2368 CLONE_PTRACE itself. */ 2369#endif 2370 { 2371 fprintf(stderr, "unknown pid: %u\n", pid); 2372 if (WIFSTOPPED(status)) 2373 ptrace(PTRACE_CONT, pid, (char *) 1, 0); 2374 exit(1); 2375 } 2376 } 2377 /* set current output file */ 2378 outf = tcp->outf; 2379 curcol = tcp->curcol; 2380 if (cflag) { 2381#ifdef LINUX 2382 tv_sub(&tcp->dtime, &ru.ru_stime, &tcp->stime); 2383 tcp->stime = ru.ru_stime; 2384#endif /* !LINUX */ 2385 } 2386 2387 if (tcp->flags & TCB_SUSPENDED) { 2388 /* 2389 * Apparently, doing any ptrace() call on a stopped 2390 * process, provokes the kernel to report the process 2391 * status again on a subsequent wait(), even if the 2392 * process has not been actually restarted. 2393 * Since we have inspected the arguments of suspended 2394 * processes we end up here testing for this case. 2395 */ 2396 continue; 2397 } 2398 if (WIFSIGNALED(status)) { 2399 if (pid == strace_child) 2400 exit_code = 0x100 | WTERMSIG(status); 2401 if (cflag != CFLAG_ONLY_STATS 2402 && (qual_flags[WTERMSIG(status)] & QUAL_SIGNAL)) { 2403 printleader(tcp); 2404 tprintf("+++ killed by %s %s+++", 2405 signame(WTERMSIG(status)), 2406#ifdef WCOREDUMP 2407 WCOREDUMP(status) ? "(core dumped) " : 2408#endif 2409 ""); 2410 printtrailer(); 2411 } 2412#ifdef TCB_GROUP_EXITING 2413 handle_group_exit(tcp, -1); 2414#else 2415 droptcb(tcp); 2416#endif 2417 continue; 2418 } 2419 if (WIFEXITED(status)) { 2420 if (pid == strace_child) 2421 exit_code = WEXITSTATUS(status); 2422 if (debug) 2423 fprintf(stderr, "pid %u exited with %d\n", pid, WEXITSTATUS(status)); 2424 if ((tcp->flags & (TCB_ATTACHED|TCB_STARTUP)) == TCB_ATTACHED 2425#ifdef TCB_GROUP_EXITING 2426 && !(tcp->parent && (tcp->parent->flags & TCB_GROUP_EXITING)) 2427 && !(tcp->flags & TCB_GROUP_EXITING) 2428#endif 2429 ) { 2430 fprintf(stderr, 2431 "PANIC: attached pid %u exited with %d\n", 2432 pid, WEXITSTATUS(status)); 2433 } 2434 if (tcp == tcp_last) { 2435 if ((tcp->flags & (TCB_INSYSCALL|TCB_REPRINT)) == TCB_INSYSCALL) 2436 tprintf(" <unfinished ... exit status %d>\n", 2437 WEXITSTATUS(status)); 2438 tcp_last = NULL; 2439 } 2440#ifdef TCB_GROUP_EXITING 2441 handle_group_exit(tcp, -1); 2442#else 2443 droptcb(tcp); 2444#endif 2445 continue; 2446 } 2447 if (!WIFSTOPPED(status)) { 2448 fprintf(stderr, "PANIC: pid %u not stopped\n", pid); 2449 droptcb(tcp); 2450 continue; 2451 } 2452 if (debug) 2453 fprintf(stderr, "pid %u stopped, [%s]\n", 2454 pid, signame(WSTOPSIG(status))); 2455 2456 /* 2457 * Interestingly, the process may stop 2458 * with STOPSIG equal to some other signal 2459 * than SIGSTOP if we happend to attach 2460 * just before the process takes a signal. 2461 * A no-MMU vforked child won't send up a signal, 2462 * so skip the first (lost) execve notification. 2463 */ 2464 if ((tcp->flags & TCB_STARTUP) && 2465 (WSTOPSIG(status) == SIGSTOP || strace_vforked)) { 2466 /* 2467 * This flag is there to keep us in sync. 2468 * Next time this process stops it should 2469 * really be entering a system call. 2470 */ 2471 tcp->flags &= ~TCB_STARTUP; 2472 if (tcp->flags & TCB_BPTSET) { 2473 /* 2474 * One example is a breakpoint inherited from 2475 * parent through fork (). 2476 */ 2477 if (clearbpt(tcp) < 0) /* Pretty fatal */ { 2478 droptcb(tcp); 2479 cleanup(); 2480 return -1; 2481 } 2482 } 2483 goto tracing; 2484 } 2485 2486 if (WSTOPSIG(status) != SIGTRAP) { 2487 if (WSTOPSIG(status) == SIGSTOP && 2488 (tcp->flags & TCB_SIGTRAPPED)) { 2489 /* 2490 * Trapped attempt to block SIGTRAP 2491 * Hope we are back in control now. 2492 */ 2493 tcp->flags &= ~(TCB_INSYSCALL | TCB_SIGTRAPPED); 2494 if (ptrace_restart(PTRACE_SYSCALL, tcp, 0) < 0) { 2495 cleanup(); 2496 return -1; 2497 } 2498 continue; 2499 } 2500 if (cflag != CFLAG_ONLY_STATS 2501 && (qual_flags[WSTOPSIG(status)] & QUAL_SIGNAL)) { 2502 unsigned long addr = 0; 2503 long pc = 0; 2504#if defined(PT_CR_IPSR) && defined(PT_CR_IIP) && defined(PT_GETSIGINFO) 2505# define PSR_RI 41 2506 struct siginfo si; 2507 long psr; 2508 2509 upeek(tcp, PT_CR_IPSR, &psr); 2510 upeek(tcp, PT_CR_IIP, &pc); 2511 2512 pc += (psr >> PSR_RI) & 0x3; 2513 ptrace(PT_GETSIGINFO, pid, 0, (long) &si); 2514 addr = (unsigned long) si.si_addr; 2515#elif defined PTRACE_GETSIGINFO 2516 if (WSTOPSIG(status) == SIGSEGV || 2517 WSTOPSIG(status) == SIGBUS) { 2518 siginfo_t si; 2519 if (ptrace(PTRACE_GETSIGINFO, pid, 2520 0, &si) == 0) 2521 addr = (unsigned long) 2522 si.si_addr; 2523 } 2524#endif 2525 printleader(tcp); 2526 tprintf("--- %s (%s) @ %lx (%lx) ---", 2527 signame(WSTOPSIG(status)), 2528 strsignal(WSTOPSIG(status)), pc, addr); 2529 printtrailer(); 2530 } 2531 if (((tcp->flags & TCB_ATTACHED) || 2532 tcp->nclone_threads > 0) && 2533 !sigishandled(tcp, WSTOPSIG(status))) { 2534#ifdef TCB_GROUP_EXITING 2535 handle_group_exit(tcp, WSTOPSIG(status)); 2536#else 2537 detach(tcp, WSTOPSIG(status)); 2538#endif 2539 continue; 2540 } 2541 if (ptrace_restart(PTRACE_SYSCALL, tcp, WSTOPSIG(status)) < 0) { 2542 cleanup(); 2543 return -1; 2544 } 2545 tcp->flags &= ~TCB_SUSPENDED; 2546 continue; 2547 } 2548 /* we handled the STATUS, we are permitted to interrupt now. */ 2549 if (interrupted) 2550 return 0; 2551 if (trace_syscall(tcp) < 0 && !tcp->ptrace_errno) { 2552 /* ptrace() failed in trace_syscall() with ESRCH. 2553 * Likely a result of process disappearing mid-flight. 2554 * Observed case: exit_group() terminating 2555 * all processes in thread group. In this case, threads 2556 * "disappear" in an unpredictable moment without any 2557 * notification to strace via wait(). 2558 */ 2559 if (tcp->flags & TCB_ATTACHED) { 2560 if (tcp_last) { 2561 /* Do we have dangling line "syscall(param, param"? 2562 * Finish the line then. We cannot 2563 */ 2564 tcp_last->flags |= TCB_REPRINT; 2565 tprintf(" <unfinished ...>"); 2566 printtrailer(); 2567 } 2568 detach(tcp, 0); 2569 } else { 2570 ptrace(PTRACE_KILL, 2571 tcp->pid, (char *) 1, SIGTERM); 2572 droptcb(tcp); 2573 } 2574 continue; 2575 } 2576 if (tcp->flags & TCB_EXITING) { 2577#ifdef TCB_GROUP_EXITING 2578 if (tcp->flags & TCB_GROUP_EXITING) { 2579 if (handle_group_exit(tcp, 0) < 0) 2580 return -1; 2581 continue; 2582 } 2583#endif 2584 if (tcp->flags & TCB_ATTACHED) 2585 detach(tcp, 0); 2586 else if (ptrace_restart(PTRACE_CONT, tcp, 0) < 0) { 2587 cleanup(); 2588 return -1; 2589 } 2590 continue; 2591 } 2592 if (tcp->flags & TCB_SUSPENDED) { 2593 if (!qflag) 2594 fprintf(stderr, "Process %u suspended\n", pid); 2595 continue; 2596 } 2597 tracing: 2598 /* Remember current print column before continuing. */ 2599 tcp->curcol = curcol; 2600 if (ptrace_restart(PTRACE_SYSCALL, tcp, 0) < 0) { 2601 cleanup(); 2602 return -1; 2603 } 2604 } 2605 return 0; 2606} 2607 2608#endif /* !USE_PROCFS */ 2609 2610#include <stdarg.h> 2611 2612void 2613tprintf(const char *fmt, ...) 2614{ 2615 va_list args; 2616 2617 va_start(args, fmt); 2618 if (outf) { 2619 int n = vfprintf(outf, fmt, args); 2620 if (n < 0) { 2621 if (outf != stderr) 2622 perror(outfname == NULL 2623 ? "<writing to pipe>" : outfname); 2624 } else 2625 curcol += n; 2626 } 2627 va_end(args); 2628 return; 2629} 2630 2631void 2632printleader(tcp) 2633struct tcb *tcp; 2634{ 2635 if (tcp_last) { 2636 if (tcp_last->ptrace_errno) { 2637 if (tcp_last->flags & TCB_INSYSCALL) { 2638 tprintf(" <unavailable>)"); 2639 tabto(acolumn); 2640 } 2641 tprintf("= ? <unavailable>\n"); 2642 tcp_last->ptrace_errno = 0; 2643 } else if (!outfname || followfork < 2 || tcp_last == tcp) { 2644 tcp_last->flags |= TCB_REPRINT; 2645 tprintf(" <unfinished ...>\n"); 2646 } 2647 } 2648 curcol = 0; 2649 if ((followfork == 1 || pflag_seen > 1) && outfname) 2650 tprintf("%-5d ", tcp->pid); 2651 else if (nprocs > 1 && !outfname) 2652 tprintf("[pid %5u] ", tcp->pid); 2653 if (tflag) { 2654 char str[sizeof("HH:MM:SS")]; 2655 struct timeval tv, dtv; 2656 static struct timeval otv; 2657 2658 gettimeofday(&tv, NULL); 2659 if (rflag) { 2660 if (otv.tv_sec == 0) 2661 otv = tv; 2662 tv_sub(&dtv, &tv, &otv); 2663 tprintf("%6ld.%06ld ", 2664 (long) dtv.tv_sec, (long) dtv.tv_usec); 2665 otv = tv; 2666 } 2667 else if (tflag > 2) { 2668 tprintf("%ld.%06ld ", 2669 (long) tv.tv_sec, (long) tv.tv_usec); 2670 } 2671 else { 2672 time_t local = tv.tv_sec; 2673 strftime(str, sizeof(str), "%T", localtime(&local)); 2674 if (tflag > 1) 2675 tprintf("%s.%06ld ", str, (long) tv.tv_usec); 2676 else 2677 tprintf("%s ", str); 2678 } 2679 } 2680 if (iflag) 2681 printcall(tcp); 2682} 2683 2684void 2685tabto(col) 2686int col; 2687{ 2688 if (curcol < col) 2689 tprintf("%*s", col - curcol, ""); 2690} 2691 2692void 2693printtrailer(void) 2694{ 2695 tprintf("\n"); 2696 tcp_last = NULL; 2697} 2698 2699#ifdef HAVE_MP_PROCFS 2700 2701int 2702mp_ioctl(int fd, int cmd, void *arg, int size) 2703{ 2704 struct iovec iov[2]; 2705 int n = 1; 2706 2707 iov[0].iov_base = &cmd; 2708 iov[0].iov_len = sizeof cmd; 2709 if (arg) { 2710 ++n; 2711 iov[1].iov_base = arg; 2712 iov[1].iov_len = size; 2713 } 2714 2715 return writev(fd, iov, n); 2716} 2717 2718#endif 2719