events.c revision 71f25e25a4081b726e75026727483b6959dd8661 
1/*
2 * This file is part of ltrace.
3 * Copyright (C) 2007,2011,2012 Petr Machata, Red Hat Inc.
4 * Copyright (C) 1998,2001,2004,2007,2008,2009 Juan Cespedes
5 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License as
8 * published by the Free Software Foundation; either version 2 of the
9 * License, or (at your option) any later version.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
14 * General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
19 * 02110-1301 USA
20 */
21
22#include "config.h"
23
24#define	_GNU_SOURCE	1
25#include <sys/ptrace.h>
26#include <sys/types.h>
27#include <sys/wait.h>
28#include <assert.h>
29#include <errno.h>
30#include <signal.h>
31#include <stdio.h>
32#include <stdlib.h>
33#include <string.h>
34#include <unistd.h>
35
36#include "backend.h"
37#include "breakpoint.h"
38#include "debug.h"
39#include "events.h"
40#include "proc.h"
41#include "linux-gnu/trace-defs.h"
42
43static Event event;
44
45/* A queue of events that we missed while enabling the
46 * breakpoint in one of tasks.  */
47static Event * delayed_events = NULL;
48static Event * end_delayed_events = NULL;
49
50static enum callback_status
51first(struct process *proc, void *data)
52{
53	return CBS_STOP;
54}
55
56void
57enque_event(Event * event)
58{
59	debug(DEBUG_FUNCTION, "%d: queuing event %d for later",
60	      event->proc->pid, event->type);
61	Event * ne = malloc(sizeof(*ne));
62	if (ne == NULL) {
63		fprintf(stderr, "event will be missed: %s\n", strerror(errno));
64		return;
65	}
66
67	*ne = *event;
68	ne->next = NULL;
69	if (end_delayed_events == NULL) {
70		assert(delayed_events == NULL);
71		end_delayed_events = delayed_events = ne;
72	}
73	else {
74		assert(delayed_events != NULL);
75		end_delayed_events = end_delayed_events->next = ne;
76	}
77}
78
79Event *
80each_qd_event(enum ecb_status (*pred)(Event *, void *), void * data)
81{
82	Event * prev = delayed_events;
83	Event * event;
84	for (event = prev; event != NULL; ) {
85		switch ((*pred)(event, data)) {
86		case ECB_CONT:
87			prev = event;
88			event = event->next;
89			continue;
90
91		case ECB_DEQUE:
92			debug(DEBUG_FUNCTION, "dequeuing event %d for %d",
93			      event->type,
94			      event->proc != NULL ? event->proc->pid : -1);
95			/*
96			printf("dequeuing event %d for %d\n", event->type,
97			       event->proc != NULL ? event->proc->pid : -1) ;
98			*/
99			if (end_delayed_events == event)
100				end_delayed_events = prev;
101			if (delayed_events == event)
102				delayed_events = event->next;
103			else
104				prev->next = event->next;
105			if (delayed_events == NULL)
106				end_delayed_events = NULL;
107			/* fall-through */
108
109		case ECB_YIELD:
110			return event;
111		}
112	}
113
114	return NULL;
115}
116
117static enum ecb_status
118event_process_not_reenabling(Event * event, void * data)
119{
120	if (event->proc == NULL
121	    || event->proc->leader == NULL
122	    || event->proc->leader->event_handler == NULL)
123		return ECB_DEQUE;
124	else
125		return ECB_CONT;
126}
127
128static Event *
129next_qd_event(void)
130{
131	return each_qd_event(&event_process_not_reenabling, NULL);
132}
133
134int linux_in_waitpid = 0;
135
136Event *
137next_event(void)
138{
139	pid_t pid;
140	int status;
141	int tmp;
142	int stop_signal;
143
144	debug(DEBUG_FUNCTION, "next_event()");
145	Event * ev;
146	if ((ev = next_qd_event()) != NULL) {
147		event = *ev;
148		free(ev);
149		return &event;
150	}
151
152	if (!each_process(NULL, &first, NULL)) {
153		debug(DEBUG_EVENT, "event: No more traced programs: exiting");
154		exit(0);
155	}
156
157	linux_in_waitpid = 1;
158	pid = waitpid(-1, &status, __WALL);
159	linux_in_waitpid = 0;
160
161	if (pid == -1) {
162		if (errno == ECHILD) {
163			debug(DEBUG_EVENT, "event: No more traced programs: exiting");
164			exit(0);
165		} else if (errno == EINTR) {
166			debug(DEBUG_EVENT, "event: none (wait received EINTR?)");
167			event.type = EVENT_NONE;
168			return &event;
169		}
170		perror("wait");
171		exit(1);
172	}
173	event.proc = pid2proc(pid);
174	if (!event.proc || event.proc->state == STATE_BEING_CREATED) {
175		/* Work around (presumably) a bug on some kernels,
176		 * where we are seeing a waitpid event even though the
177		 * process is still reported to be running.  Wait for
178		 * the tracing stop to propagate.  But don't get stuck
179		 * here forever.
180		 *
181		 * We need the process in T, because there's a lot of
182		 * ptracing going on all over the place, and these
183		 * calls fail when the process is not in T.
184		 *
185		 * N.B. This was observed on RHEL 5 Itanium, but I'm
186		 * turning this on globally, to save some poor soul
187		 * down the road (which could well be me a year from
188		 * now) the pain of figuring this out all over again.
189		 * Petr Machata 2011-11-22.  */
190		int i = 0;
191		for (; i < 100 && process_status(pid) != PS_TRACING_STOP; ++i) {
192			debug(2, "waiting for %d to stop", pid);
193			usleep(10000);
194		}
195		event.type = EVENT_NEW;
196		event.e_un.newpid = pid;
197		debug(DEBUG_EVENT, "event: NEW: pid=%d", pid);
198		return &event;
199	}
200	get_arch_dep(event.proc);
201	debug(3, "event from pid %u", pid);
202	struct process *leader = event.proc->leader;
203
204	/* The process should be stopped after the waitpid call.  But
205	 * when the whole thread group is terminated, we see
206	 * individual tasks spontaneously transitioning from 't' to
207	 * 'R' and 'Z'.  Calls to ptrace fail and /proc/pid/status may
208	 * not even be available anymore, so we can't check in
209	 * advance.  So we just drop the error checking around ptrace
210	 * calls.  We check for termination ex post when it fails,
211	 * suppress the event, and let the event loop collect the
212	 * termination in the next iteration.  */
213#define CHECK_PROCESS_TERMINATED					\
214	do {								\
215		int errno_save = errno;					\
216		switch (process_stopped(pid))				\
217		case 0:							\
218		case -1: {						\
219			debug(DEBUG_EVENT,				\
220			      "process not stopped, is it terminating?"); \
221			event.type = EVENT_NONE;			\
222			continue_process(event.proc->pid);		\
223			return &event;					\
224		}							\
225		errno = errno_save;					\
226	} while (0)
227
228	event.proc->instruction_pointer = (void *)(uintptr_t)-1;
229
230	/* Check for task termination now, before we have a need to
231	 * call CHECK_PROCESS_TERMINATED later.  That would suppress
232	 * the event that we are processing.  */
233	if (WIFSIGNALED(status)) {
234		event.type = EVENT_EXIT_SIGNAL;
235		event.e_un.signum = WTERMSIG(status);
236		debug(DEBUG_EVENT, "event: EXIT_SIGNAL: pid=%d, signum=%d", pid, event.e_un.signum);
237		return &event;
238	}
239	if (WIFEXITED(status)) {
240		event.type = EVENT_EXIT;
241		event.e_un.ret_val = WEXITSTATUS(status);
242		debug(DEBUG_EVENT, "event: EXIT: pid=%d, status=%d", pid, event.e_un.ret_val);
243		return &event;
244	}
245
246	event.proc->instruction_pointer = get_instruction_pointer(event.proc);
247	if (event.proc->instruction_pointer == (void *)(uintptr_t)-1) {
248		CHECK_PROCESS_TERMINATED;
249		if (errno != 0)
250			perror("get_instruction_pointer");
251	}
252
253	switch (syscall_p(event.proc, status, &tmp)) {
254		case 1:
255			event.type = EVENT_SYSCALL;
256			event.e_un.sysnum = tmp;
257			debug(DEBUG_EVENT, "event: SYSCALL: pid=%d, sysnum=%d", pid, tmp);
258			return &event;
259		case 2:
260			event.type = EVENT_SYSRET;
261			event.e_un.sysnum = tmp;
262			debug(DEBUG_EVENT, "event: SYSRET: pid=%d, sysnum=%d", pid, tmp);
263			return &event;
264		case 3:
265			event.type = EVENT_ARCH_SYSCALL;
266			event.e_un.sysnum = tmp;
267			debug(DEBUG_EVENT, "event: ARCH_SYSCALL: pid=%d, sysnum=%d", pid, tmp);
268			return &event;
269		case 4:
270			event.type = EVENT_ARCH_SYSRET;
271			event.e_un.sysnum = tmp;
272			debug(DEBUG_EVENT, "event: ARCH_SYSRET: pid=%d, sysnum=%d", pid, tmp);
273			return &event;
274		case -1:
275			CHECK_PROCESS_TERMINATED;
276			if (errno != 0)
277				perror("syscall_p");
278	}
279	if (WIFSTOPPED(status)) {
280		int what = status >> 16;
281		if (what == PTRACE_EVENT_VFORK
282		    || what == PTRACE_EVENT_FORK
283		    || what == PTRACE_EVENT_CLONE) {
284			unsigned long data;
285			event.type = what == PTRACE_EVENT_VFORK
286				? EVENT_VFORK : EVENT_CLONE;
287			ptrace(PTRACE_GETEVENTMSG, pid, NULL, &data);
288			event.e_un.newpid = data;
289			debug(DEBUG_EVENT, "event: CLONE: pid=%d, newpid=%d",
290			      pid, (int)data);
291			return &event;
292		}
293	}
294	if (WIFSTOPPED(status) && (status>>16 == PTRACE_EVENT_EXEC)) {
295		event.type = EVENT_EXEC;
296		debug(DEBUG_EVENT, "event: EXEC: pid=%d", pid);
297		return &event;
298	}
299	if (!WIFSTOPPED(status)) {
300		/* should never happen */
301		event.type = EVENT_NONE;
302		debug(DEBUG_EVENT, "event: NONE: pid=%d (wait error?)", pid);
303		return &event;
304	}
305
306	stop_signal = WSTOPSIG(status);
307
308	/* On some targets, breakpoints are signalled not using
309	   SIGTRAP, but also with SIGILL, SIGSEGV or SIGEMT.  SIGEMT
310	   is not defined on Linux, but check for the others.
311
312	   N.B. see comments in GDB's infrun.c for details.  I've
313	   actually seen this on an Itanium machine on RHEL 5, I don't
314	   remember the exact kernel version anymore.  ia64-sigill.s
315	   in the test suite tests this.  Petr Machata 2011-06-08.  */
316	void * break_address
317		= event.proc->instruction_pointer - DECR_PC_AFTER_BREAK;
318	if ((stop_signal == SIGSEGV || stop_signal == SIGILL)
319	    && leader != NULL
320	    && address2bpstruct(leader, break_address))
321			stop_signal = SIGTRAP;
322
323	if (stop_signal != (SIGTRAP | event.proc->tracesysgood)
324			&& stop_signal != SIGTRAP) {
325		event.type = EVENT_SIGNAL;
326		event.e_un.signum = stop_signal;
327		debug(DEBUG_EVENT, "event: SIGNAL: pid=%d, signum=%d", pid, stop_signal);
328		return &event;
329	}
330
331	/* last case [by exhaustion] */
332	event.type = EVENT_BREAKPOINT;
333
334	event.e_un.brk_addr = break_address;
335	debug(DEBUG_EVENT, "event: BREAKPOINT: pid=%d, addr=%p", pid, event.e_un.brk_addr);
336
337	return &event;
338}
339
340static enum ecb_status
341event_for_proc(struct Event *event, void *data)
342{
343	if (event->proc == data)
344		return ECB_DEQUE;
345	else
346		return ECB_CONT;
347}
348
349void
350delete_events_for(struct process *proc)
351{
352	struct Event *event;
353	while ((event = each_qd_event(&event_for_proc, proc)) != NULL)
354		free(event);
355}
356