events.c revision 642626096a694c6af279d25d2b1b2fba5b10ddfb 
1/*
2 * This file is part of ltrace.
3 * Copyright (C) 2007,2011,2012 Petr Machata, Red Hat Inc.
4 * Copyright (C) 1998,2001,2004,2007,2008,2009 Juan Cespedes
5 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License as
8 * published by the Free Software Foundation; either version 2 of the
9 * License, or (at your option) any later version.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
14 * General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
19 * 02110-1301 USA
20 */
21
22#include "config.h"
23
24#define	_GNU_SOURCE	1
25#include <stdlib.h>
26#include <sys/types.h>
27#include <sys/wait.h>
28#include <errno.h>
29#include <signal.h>
30#include <string.h>
31#include <sys/ptrace.h>
32#include <assert.h>
33#include <unistd.h>
34
35#include "breakpoint.h"
36#include "proc.h"
37#include "backend.h"
38#include "events.h"
39
40static Event event;
41
42/* A queue of events that we missed while enabling the
43 * breakpoint in one of tasks.  */
44static Event * delayed_events = NULL;
45static Event * end_delayed_events = NULL;
46
47static enum callback_status
48first (Process * proc, void * data)
49{
50	return CBS_STOP;
51}
52
53void
54enque_event(Event * event)
55{
56	debug(DEBUG_FUNCTION, "%d: queuing event %d for later",
57	      event->proc->pid, event->type);
58	Event * ne = malloc(sizeof(*ne));
59	if (ne == NULL) {
60		perror("event will be missed: malloc");
61		return;
62	}
63
64	*ne = *event;
65	ne->next = NULL;
66	if (end_delayed_events == NULL) {
67		assert(delayed_events == NULL);
68		end_delayed_events = delayed_events = ne;
69	}
70	else {
71		assert(delayed_events != NULL);
72		end_delayed_events = end_delayed_events->next = ne;
73	}
74}
75
76Event *
77each_qd_event(enum ecb_status (*pred)(Event *, void *), void * data)
78{
79	Event * prev = delayed_events;
80	Event * event;
81	for (event = prev; event != NULL; ) {
82		switch ((*pred)(event, data)) {
83		case ecb_cont:
84			prev = event;
85			event = event->next;
86			continue;
87
88		case ecb_deque:
89			debug(DEBUG_FUNCTION, "dequeuing event %d for %d",
90			      event->type,
91			      event->proc != NULL ? event->proc->pid : -1);
92			/*
93			printf("dequeuing event %d for %d\n", event->type,
94			       event->proc != NULL ? event->proc->pid : -1) ;
95			*/
96			if (end_delayed_events == event)
97				end_delayed_events = prev;
98			if (delayed_events == event)
99				delayed_events = event->next;
100			else
101				prev->next = event->next;
102			if (delayed_events == NULL)
103				end_delayed_events = NULL;
104			/* fall-through */
105
106		case ecb_yield:
107			return event;
108		}
109	}
110
111	return NULL;
112}
113
114static enum ecb_status
115event_process_not_reenabling(Event * event, void * data)
116{
117	if (event->proc == NULL
118	    || event->proc->leader == NULL
119	    || event->proc->leader->event_handler == NULL)
120		return ecb_deque;
121	else
122		return ecb_cont;
123}
124
125static Event *
126next_qd_event(void)
127{
128	return each_qd_event(&event_process_not_reenabling, NULL);
129}
130
131int linux_in_waitpid = 0;
132
133Event *
134next_event(void)
135{
136	pid_t pid;
137	int status;
138	int tmp;
139	int stop_signal;
140
141	debug(DEBUG_FUNCTION, "next_event()");
142	Event * ev;
143	if ((ev = next_qd_event()) != NULL) {
144		event = *ev;
145		free(ev);
146		return &event;
147	}
148
149	if (!each_process(NULL, &first, NULL)) {
150		debug(DEBUG_EVENT, "event: No more traced programs: exiting");
151		exit(0);
152	}
153
154	linux_in_waitpid = 1;
155	pid = waitpid(-1, &status, __WALL);
156	linux_in_waitpid = 0;
157
158	if (pid == -1) {
159		if (errno == ECHILD) {
160			debug(DEBUG_EVENT, "event: No more traced programs: exiting");
161			exit(0);
162		} else if (errno == EINTR) {
163			debug(DEBUG_EVENT, "event: none (wait received EINTR?)");
164			event.type = EVENT_NONE;
165			return &event;
166		}
167		perror("wait");
168		exit(1);
169	}
170	event.proc = pid2proc(pid);
171	if (!event.proc || event.proc->state == STATE_BEING_CREATED) {
172		/* Work around (presumably) a bug on some kernels,
173		 * where we are seeing a waitpid event even though the
174		 * process is still reported to be running.  Wait for
175		 * the tracing stop to propagate.  But don't get stuck
176		 * here forever.
177		 *
178		 * We need the process in T, because there's a lot of
179		 * ptracing going on all over the place, and these
180		 * calls fail when the process is not in T.
181		 *
182		 * N.B. This was observed on RHEL 5 Itanium, but I'm
183		 * turning this on globally, to save some poor soul
184		 * down the road (which could well be me a year from
185		 * now) the pain of figuring this out all over again.
186		 * Petr Machata 2011-11-22.  */
187		int i = 0;
188		for (; i < 100 && process_status(pid) != ps_tracing_stop; ++i) {
189			debug(2, "waiting for %d to stop", pid);
190			usleep(10000);
191		}
192		event.type = EVENT_NEW;
193		event.e_un.newpid = pid;
194		debug(DEBUG_EVENT, "event: NEW: pid=%d", pid);
195		return &event;
196	}
197	get_arch_dep(event.proc);
198	debug(3, "event from pid %u", pid);
199	Process *leader = event.proc->leader;
200
201	/* The process should be stopped after the waitpid call.  But
202	 * when the whole thread group is terminated, we see
203	 * individual tasks spontaneously transitioning from 't' to
204	 * 'R' and 'Z'.  Calls to ptrace fail and /proc/pid/status may
205	 * not even be available anymore, so we can't check in
206	 * advance.  So we just drop the error checking around ptrace
207	 * calls.  We check for termination ex post when it fails,
208	 * suppress the event, and let the event loop collect the
209	 * termination in the next iteration.  */
210#define CHECK_PROCESS_TERMINATED					\
211	do {								\
212		int errno_save = errno;					\
213		switch (process_stopped(pid))				\
214		case 0:							\
215		case -1: {						\
216			debug(DEBUG_EVENT,				\
217			      "process not stopped, is it terminating?"); \
218			event.type = EVENT_NONE;			\
219			continue_process(event.proc->pid);		\
220			return &event;					\
221		}							\
222		errno = errno_save;					\
223	} while (0)
224
225	event.proc->instruction_pointer = (void *)(uintptr_t)-1;
226
227	/* Check for task termination now, before we have a need to
228	 * call CHECK_PROCESS_TERMINATED later.  That would suppress
229	 * the event that we are processing.  */
230	if (WIFSIGNALED(status)) {
231		event.type = EVENT_EXIT_SIGNAL;
232		event.e_un.signum = WTERMSIG(status);
233		debug(DEBUG_EVENT, "event: EXIT_SIGNAL: pid=%d, signum=%d", pid, event.e_un.signum);
234		return &event;
235	}
236	if (WIFEXITED(status)) {
237		event.type = EVENT_EXIT;
238		event.e_un.ret_val = WEXITSTATUS(status);
239		debug(DEBUG_EVENT, "event: EXIT: pid=%d, status=%d", pid, event.e_un.ret_val);
240		return &event;
241	}
242
243	event.proc->instruction_pointer = get_instruction_pointer(event.proc);
244	if (event.proc->instruction_pointer == (void *)(uintptr_t)-1) {
245		CHECK_PROCESS_TERMINATED;
246		if (errno != 0)
247			perror("get_instruction_pointer");
248	}
249
250	switch (syscall_p(event.proc, status, &tmp)) {
251		case 1:
252			event.type = EVENT_SYSCALL;
253			event.e_un.sysnum = tmp;
254			debug(DEBUG_EVENT, "event: SYSCALL: pid=%d, sysnum=%d", pid, tmp);
255			return &event;
256		case 2:
257			event.type = EVENT_SYSRET;
258			event.e_un.sysnum = tmp;
259			debug(DEBUG_EVENT, "event: SYSRET: pid=%d, sysnum=%d", pid, tmp);
260			return &event;
261		case 3:
262			event.type = EVENT_ARCH_SYSCALL;
263			event.e_un.sysnum = tmp;
264			debug(DEBUG_EVENT, "event: ARCH_SYSCALL: pid=%d, sysnum=%d", pid, tmp);
265			return &event;
266		case 4:
267			event.type = EVENT_ARCH_SYSRET;
268			event.e_un.sysnum = tmp;
269			debug(DEBUG_EVENT, "event: ARCH_SYSRET: pid=%d, sysnum=%d", pid, tmp);
270			return &event;
271		case -1:
272			CHECK_PROCESS_TERMINATED;
273			if (errno != 0)
274				perror("syscall_p");
275	}
276	if (WIFSTOPPED(status)) {
277		int what = status >> 16;
278		if (what == PTRACE_EVENT_VFORK
279		    || what == PTRACE_EVENT_FORK
280		    || what == PTRACE_EVENT_CLONE) {
281			unsigned long data;
282			event.type = what == PTRACE_EVENT_VFORK
283				? EVENT_VFORK : EVENT_CLONE;
284			ptrace(PTRACE_GETEVENTMSG, pid, NULL, &data);
285			event.e_un.newpid = data;
286			debug(DEBUG_EVENT, "event: CLONE: pid=%d, newpid=%d",
287			      pid, (int)data);
288			return &event;
289		}
290	}
291	if (WIFSTOPPED(status) && (status>>16 == PTRACE_EVENT_EXEC)) {
292		event.type = EVENT_EXEC;
293		debug(DEBUG_EVENT, "event: EXEC: pid=%d", pid);
294		return &event;
295	}
296	if (!WIFSTOPPED(status)) {
297		/* should never happen */
298		event.type = EVENT_NONE;
299		debug(DEBUG_EVENT, "event: NONE: pid=%d (wait error?)", pid);
300		return &event;
301	}
302
303	stop_signal = WSTOPSIG(status);
304
305	/* On some targets, breakpoints are signalled not using
306	   SIGTRAP, but also with SIGILL, SIGSEGV or SIGEMT.  SIGEMT
307	   is not defined on Linux, but check for the others.
308
309	   N.B. see comments in GDB's infrun.c for details.  I've
310	   actually seen this on an Itanium machine on RHEL 5, I don't
311	   remember the exact kernel version anymore.  ia64-sigill.s
312	   in the test suite tests this.  Petr Machata 2011-06-08.  */
313	void * break_address
314		= event.proc->instruction_pointer - DECR_PC_AFTER_BREAK;
315	if ((stop_signal == SIGSEGV || stop_signal == SIGILL)
316	    && leader != NULL
317	    && address2bpstruct(leader, break_address))
318			stop_signal = SIGTRAP;
319
320	if (stop_signal != (SIGTRAP | event.proc->tracesysgood)
321			&& stop_signal != SIGTRAP) {
322		event.type = EVENT_SIGNAL;
323		event.e_un.signum = stop_signal;
324		debug(DEBUG_EVENT, "event: SIGNAL: pid=%d, signum=%d", pid, stop_signal);
325		return &event;
326	}
327
328	/* last case [by exhaustion] */
329	event.type = EVENT_BREAKPOINT;
330
331	event.e_un.brk_addr = break_address;
332	debug(DEBUG_EVENT, "event: BREAKPOINT: pid=%d, addr=%p", pid, event.e_un.brk_addr);
333
334	return &event;
335}
336
337static enum ecb_status
338event_for_proc(struct Event *event, void *data)
339{
340	if (event->proc == data)
341		return ecb_deque;
342	else
343		return ecb_cont;
344}
345
346void
347delete_events_for(struct Process *proc)
348{
349	struct Event *event;
350	while ((event = each_qd_event(&event_for_proc, proc)) != NULL)
351		free(event);
352}
353