2 * Copyright (c) 1991, 1992 Paul Kranenburg <pk@cs.few.eur.nl>
3 * Copyright (c) 1993 Branko Lankester <branko@hacktic.nl>
4 * Copyright (c) 1993, 1994, 1995, 1996 Rick Sladkey <jrs@world.std.com>
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. The name of the author may not be used to endorse or promote products
16 * derived from this software without specific prior written permission.
18 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
19 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
20 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
21 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
22 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
23 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
24 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
25 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
27 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
33 #ifdef _LARGEFILE64_SOURCE
34 /* This is the macro everything checks before using foo64 names. */
35 # ifndef _LFS64_LARGEFILE
36 # define _LFS64_LARGEFILE 1
48 #include <sys/types.h>
61 #include <sys/syscall.h>
64 const char *strerror(int);
67 /* Some libc have stpcpy, some don't. Sigh...
68 * Roll our private implementation...
71 #define stpcpy strace_stpcpy
72 extern char *stpcpy(char *dst, const char *src);
76 # define __attribute__(x) /*nothing*/
80 # define offsetof(type, member) \
81 (((char *) &(((type *) NULL)->member)) - ((char *) (type *) NULL))
84 #define ARRAY_SIZE(a) (sizeof(a) / sizeof((a)[0]))
86 /* Glibc has an efficient macro for sigemptyset
87 * (it just does one or two assignments of 0 to internal vector of longs).
89 #if defined(__GLIBC__) && defined(__sigemptyset) && !defined(sigemptyset)
90 # define sigemptyset __sigemptyset
93 /* Configuration section */
96 # define MAX_QUALS 7000 /* maximum number of syscalls, signals, etc. */
98 # define MAX_QUALS 2048 /* maximum number of syscalls, signals, etc. */
101 #ifndef DEFAULT_STRLEN
102 /* default maximum # of bytes printed in `printstr', change with -s switch */
103 # define DEFAULT_STRLEN 32
105 #ifndef DEFAULT_ACOLUMN
106 # define DEFAULT_ACOLUMN 40 /* default alignment column for results */
109 * Maximum number of args to a syscall.
111 * Make sure that all entries in all syscallent.h files have nargs <= MAX_ARGS!
112 * linux/<ARCH>/syscallent.h: all have nargs <= 6.
117 /* default sorting method for call profiling */
118 #ifndef DEFAULT_SORTBY
119 # define DEFAULT_SORTBY "time"
122 #if defined(SPARC) || defined(SPARC64)
125 #if defined(MIPS) && _MIPS_SIM == _MIPS_SIM_ABI32
126 # define LINUX_MIPSO32
128 #if defined(MIPS) && _MIPS_SIM == _MIPS_SIM_NABI32
129 # define LINUX_MIPSN32
130 # define LINUX_MIPS64
132 #if defined(MIPS) && _MIPS_SIM == _MIPS_SIM_ABI64
133 # define LINUX_MIPSN64
134 # define LINUX_MIPS64
137 #if (defined(LINUXSPARC) || defined(X86_64) || defined(ARM) || defined(AVR32)) && defined(__GLIBC__)
138 # include <sys/ptrace.h>
140 /* Work around awkward prototype in ptrace.h. */
141 # define ptrace xptrace
142 # include <sys/ptrace.h>
146 # include <asm/ptrace.h>
149 extern long ptrace(int, int, char *, long);
152 #if !defined(__GLIBC__)
153 # define PTRACE_PEEKUSER PTRACE_PEEKUSR
154 # define PTRACE_POKEUSER PTRACE_POKEUSR
156 #if defined(X86_64) || defined(I386)
157 /* For struct pt_regs. x86 strace uses PTRACE_GETREGS.
158 * PTRACE_GETREGS returns registers in the layout of this struct.
160 # include <asm/ptrace.h>
177 # define PT_GR20 (20*4)
178 # define PT_GR26 (26*4)
179 # define PT_GR28 (28*4)
180 # define PT_IAOQ0 (106*4)
181 # define PT_IAOQ1 (107*4)
184 /* SH64 Linux - this code assumes the following kernel API for system calls:
186 System Call Offset 16 (actually, (syscall no.) | (0x1n << 16),
187 where n = no. of parameters.
188 Other regs Offset 24+
190 On entry: R2-7 = parameters 1-6 (as many as necessary)
191 On return: R9 = result. */
193 /* Offset for peeks of registers */
194 # define REG_OFFSET (24)
195 # define REG_GENERAL(x) (8*(x)+REG_OFFSET)
196 # define REG_PC (0*8)
197 # define REG_SYSCALL (2*8)
200 #define SUPPORTED_PERSONALITIES 1
201 #define DEFAULT_PERSONALITY 0
204 /* Indexes into the pt_regs.u_reg[] array -- UREG_XX from kernel are all off
205 * by 1 and use Ix instead of Ox. These work for both 32 and 64 bit Linux. */
209 # define PERSONALITY0_WORDSIZE 4
210 # define PERSONALITY1_WORDSIZE 4
211 # undef SUPPORTED_PERSONALITIES
212 # if defined(SPARC64)
213 # include <asm/psrcompat.h>
214 # define SUPPORTED_PERSONALITIES 3
215 # define PERSONALITY2_WORDSIZE 8
217 # include <asm/psr.h>
218 # define SUPPORTED_PERSONALITIES 2
219 # endif /* SPARC64 */
220 #endif /* LINUXSPARC */
223 # undef SUPPORTED_PERSONALITIES
224 # define SUPPORTED_PERSONALITIES 2
225 # define PERSONALITY0_WORDSIZE 8
226 # define PERSONALITY1_WORDSIZE 4
230 # undef SUPPORTED_PERSONALITIES
231 # define SUPPORTED_PERSONALITIES 2
232 # define PERSONALITY0_WORDSIZE 4
233 # define PERSONALITY1_WORDSIZE 4
237 # undef SUPPORTED_PERSONALITIES
238 # define SUPPORTED_PERSONALITIES 2
239 # define PERSONALITY0_WORDSIZE 8
240 # define PERSONALITY1_WORDSIZE 4
243 #ifndef PERSONALITY0_WORDSIZE
244 # define PERSONALITY0_WORDSIZE sizeof(long)
247 #if !HAVE_DECL_PTRACE_SETOPTIONS
248 # define PTRACE_SETOPTIONS 0x4200
250 #if !HAVE_DECL_PTRACE_GETEVENTMSG
251 # define PTRACE_GETEVENTMSG 0x4201
253 #if !HAVE_DECL_PTRACE_GETSIGINFO
254 # define PTRACE_GETSIGINFO 0x4202
257 #if !HAVE_DECL_PTRACE_O_TRACESYSGOOD
258 # define PTRACE_O_TRACESYSGOOD 0x00000001
260 #if !HAVE_DECL_PTRACE_O_TRACEFORK
261 # define PTRACE_O_TRACEFORK 0x00000002
263 #if !HAVE_DECL_PTRACE_O_TRACEVFORK
264 # define PTRACE_O_TRACEVFORK 0x00000004
266 #if !HAVE_DECL_PTRACE_O_TRACECLONE
267 # define PTRACE_O_TRACECLONE 0x00000008
269 #if !HAVE_DECL_PTRACE_O_TRACEEXEC
270 # define PTRACE_O_TRACEEXEC 0x00000010
272 #if !HAVE_DECL_PTRACE_O_TRACEEXIT
273 # define PTRACE_O_TRACEEXIT 0x00000040
276 #if !HAVE_DECL_PTRACE_EVENT_FORK
277 # define PTRACE_EVENT_FORK 1
279 #if !HAVE_DECL_PTRACE_EVENT_VFORK
280 # define PTRACE_EVENT_VFORK 2
282 #if !HAVE_DECL_PTRACE_EVENT_CLONE
283 # define PTRACE_EVENT_CLONE 3
285 #if !HAVE_DECL_PTRACE_EVENT_EXEC
286 # define PTRACE_EVENT_EXEC 4
288 #if !HAVE_DECL_PTRACE_EVENT_VFORK_DONE
289 # define PTRACE_EVENT_VFORK_DONE 5
291 #if !HAVE_DECL_PTRACE_EVENT_EXIT
292 # define PTRACE_EVENT_EXIT 6
295 /* Experimental code using PTRACE_SEIZE can be enabled here: */
296 //# define USE_SEIZE 1
300 # define PTRACE_SEIZE 0x4206
301 # undef PTRACE_INTERRUPT
302 # define PTRACE_INTERRUPT 0x4207
303 # undef PTRACE_LISTEN
304 # define PTRACE_LISTEN 0x4208
305 # undef PTRACE_SEIZE_DEVEL
306 # define PTRACE_SEIZE_DEVEL 0x80000000
307 # undef PTRACE_EVENT_STOP
308 # define PTRACE_EVENT_STOP 7
309 # define PTRACE_EVENT_STOP1 128
313 extern struct pt_regs i386_regs;
319 /* Trace Control Block */
321 int flags; /* See below for TCB_ values */
322 int pid; /* Process Id of this entry */
323 int u_nargs; /* System call argument count */
324 int u_error; /* Error code */
325 long scno; /* System call number */
326 long u_arg[MAX_ARGS]; /* System call arguments */
327 #if defined(LINUX_MIPSN32)
328 long long ext_arg[MAX_ARGS]; /* System call arguments */
330 long u_rval; /* return value */
331 #if defined(LINUX_MIPSN32) || defined(X32)
332 long long u_lrval; /* long long return value */
334 #if SUPPORTED_PERSONALITIES > 1
335 int currpers; /* Personality at the time of scno update */
337 int curcol; /* Output column for this process */
338 FILE *outf; /* Output file for this process */
339 const char *auxstr; /* Auxiliary info from syscall (see RVAL_STR) */
340 struct timeval stime; /* System time usage as of last process wait */
341 struct timeval dtime; /* Delta for system time usage */
342 struct timeval etime; /* Syscall entry time */
343 /* Support for tracing forked processes: */
344 long inst[2]; /* Saved clone args (badly named) */
348 #define TCB_INUSE 00001 /* This table entry is in use */
349 /* We have attached to this process, but did not see it stopping yet */
350 #define TCB_STARTUP 00002
351 #define TCB_IGNORE_ONE_SIGSTOP 00004 /* Next SIGSTOP is to be ignored */
353 * Are we in system call entry or in syscall exit?
355 * This bit is set after all syscall entry processing is done.
356 * Therefore, this bit will be set when next ptrace stop occurs,
357 * which should be syscall exit stop. Other stops which are possible
358 * directly after syscall entry (death, ptrace event stop)
359 * are simpler and handled without calling trace_syscall(), therefore
360 * the places where TCB_INSYSCALL can be set but we aren't in syscall stop
361 * are limited to trace(), this condition is never observed in trace_syscall()
363 * The bit is cleared after all syscall exit processing is done.
364 * User-generated SIGTRAPs and post-execve SIGTRAP make it necessary
365 * to be very careful and NOT set TCB_INSYSCALL bit when they are encountered.
366 * TCB_WAITEXECVE bit is used for this purpose (see below).
368 * Use entering(tcp) / exiting(tcp) to check this bit to make code more readable.
370 #define TCB_INSYSCALL 00010
371 #define TCB_ATTACHED 00020 /* It is attached already */
372 /* Are we PROG from "strace PROG [ARGS]" invocation? */
373 #define TCB_STRACE_CHILD 0040
374 #define TCB_BPTSET 00100 /* "Breakpoint" set after fork(2) */
375 #define TCB_REPRINT 00200 /* We should reprint this syscall on exit */
376 #define TCB_FILTERED 00400 /* This system call has been filtered out */
377 /* x86 does not need TCB_WAITEXECVE.
378 * It can detect SIGTRAP by looking at eax/rax.
379 * See "not a syscall entry (eax = %ld)\n" message
380 * in syscall_fixup_on_sysenter().
382 #if defined(ALPHA) || defined(AVR32) || defined(SPARC) || defined(SPARC64) \
383 || defined(POWERPC) || defined(IA64) || defined(HPPA) \
384 || defined(SH) || defined(SH64) || defined(S390) || defined(S390X) \
385 || defined(ARM) || defined(MIPS) || defined(BFIN) || defined(TILE)
386 /* This tracee has entered into execve syscall. Expect post-execve SIGTRAP
387 * to happen. (When it is detected, tracee is continued and this bit is cleared.)
389 # define TCB_WAITEXECVE 01000
392 /* qualifier flags */
393 #define QUAL_TRACE 0001 /* this system call should be traced */
394 #define QUAL_ABBREV 0002 /* abbreviate the structures of this syscall */
395 #define QUAL_VERBOSE 0004 /* decode the structures of this syscall */
396 #define QUAL_RAW 0010 /* print all args in hex for this syscall */
397 #define QUAL_SIGNAL 0020 /* report events with this signal */
398 #define QUAL_FAULT 0040 /* report events with this fault */
399 #define QUAL_READ 0100 /* dump data read on this file descriptor */
400 #define QUAL_WRITE 0200 /* dump data written to this file descriptor */
402 #define entering(tcp) (!((tcp)->flags & TCB_INSYSCALL))
403 #define exiting(tcp) ((tcp)->flags & TCB_INSYSCALL)
404 #define syserror(tcp) ((tcp)->u_error != 0)
405 #define verbose(tcp) (qual_flags[(tcp)->scno] & QUAL_VERBOSE)
406 #define abbrev(tcp) (qual_flags[(tcp)->scno] & QUAL_ABBREV)
407 #define filtered(tcp) ((tcp)->flags & TCB_FILTERED)
414 extern const struct xlat open_mode_flags[];
415 extern const struct xlat addrfams[];
416 extern const struct xlat struct_user_offsets[];
417 extern const struct xlat open_access_modes[];
419 /* Format of syscall return values */
420 #define RVAL_DECIMAL 000 /* decimal format */
421 #define RVAL_HEX 001 /* hex format */
422 #define RVAL_OCTAL 002 /* octal format */
423 #define RVAL_UDECIMAL 003 /* unsigned decimal format */
424 #if defined(LINUX_MIPSN32) || defined(X32)
425 # if 0 /* unused so far */
426 # define RVAL_LDECIMAL 004 /* long decimal format */
427 # define RVAL_LHEX 005 /* long hex format */
428 # define RVAL_LOCTAL 006 /* long octal format */
430 # define RVAL_LUDECIMAL 007 /* long unsigned decimal format */
432 #define RVAL_MASK 007 /* mask for these values */
434 #define RVAL_STR 010 /* Print `auxstr' field after return val */
435 #define RVAL_NONE 020 /* Print nothing */
437 #define TRACE_FILE 001 /* Trace file-related syscalls. */
438 #define TRACE_IPC 002 /* Trace IPC-related syscalls. */
439 #define TRACE_NETWORK 004 /* Trace network-related syscalls. */
440 #define TRACE_PROCESS 010 /* Trace process-related syscalls. */
441 #define TRACE_SIGNAL 020 /* Trace signal-related syscalls. */
442 #define TRACE_DESC 040 /* Trace file descriptor-related syscalls. */
443 #define SYSCALL_NEVER_FAILS 0100 /* Syscall is always successful. */
450 extern cflag_t cflag;
451 extern int *qual_flags;
452 extern bool debug_flag;
455 extern bool not_failing_only;
456 extern bool show_fd_path;
457 extern bool tracing_paths;
458 extern unsigned int xflag;
459 extern unsigned int followfork;
460 extern unsigned int ptrace_setoptions;
461 extern unsigned int max_strlen;
463 enum bitness_t { BITNESS_CURRENT = 0, BITNESS_32 };
465 void error_msg(const char *fmt, ...) __attribute__ ((format(printf, 1, 2)));
466 void perror_msg(const char *fmt, ...) __attribute__ ((format(printf, 1, 2)));
467 void error_msg_and_die(const char *fmt, ...) __attribute__ ((noreturn, format(printf, 1, 2)));
468 void perror_msg_and_die(const char *fmt, ...) __attribute__ ((noreturn, format(printf, 1, 2)));
469 void die_out_of_memory(void) __attribute__ ((noreturn));
471 extern void set_sortby(const char *);
472 extern void set_overhead(int);
473 extern void qualify(const char *);
474 extern int trace_syscall(struct tcb *);
475 extern void count_syscall(struct tcb *, struct timeval *);
476 extern void call_summary(FILE *);
478 extern int umoven(struct tcb *, long, int, char *);
479 #define umove(pid, addr, objp) \
480 umoven((pid), (addr), sizeof(*(objp)), (char *) (objp))
481 extern int umovestr(struct tcb *, long, int, char *);
482 extern int upeek(struct tcb *, long, long *);
483 #if defined(SPARC) || defined(SPARC64) || defined(IA64) || defined(SH)
484 extern long getrval2(struct tcb *);
487 * On Linux, "setbpt" is a misnomer: we don't set a breakpoint
488 * (IOW: no poking in user's text segment),
489 * instead we change fork/vfork/clone into clone(CLONE_PTRACE).
490 * On newer kernels, we use PTRACE_O_TRACECLONE/TRACE[V]FORK instead.
492 extern int setbpt(struct tcb *);
493 extern int clearbpt(struct tcb *);
495 extern const char *signame(int);
496 extern int is_restart_error(struct tcb *);
497 extern int pathtrace_select(const char *);
498 extern int pathtrace_match(struct tcb *);
499 extern const char *getfdpath(struct tcb *, int);
501 extern const char *xlookup(const struct xlat *, int);
503 extern int string_to_uint(const char *str);
506 /* _l refers to the lower numbered u_arg,
507 * _h refers to the higher numbered u_arg
509 # if HAVE_LITTLE_ENDIAN_LONG_LONG
510 # define LONG_LONG(_l,_h) \
511 ((long long)((unsigned long long)(unsigned)(_l) | ((unsigned long long)(_h)<<32)))
513 # define LONG_LONG(_l,_h) \
514 ((long long)((unsigned long long)(unsigned)(_h) | ((unsigned long long)(_l)<<32)))
516 extern int printllval(struct tcb *, const char *, int);
518 extern void printxval(const struct xlat *, int, const char *);
519 extern int printargs(struct tcb *);
520 extern int printargs_lu(struct tcb *);
521 extern int printargs_ld(struct tcb *);
522 extern void addflags(const struct xlat *, int);
523 extern int printflags(const struct xlat *, int, const char *);
524 extern const char *sprintflags(const char *, const struct xlat *, int);
525 extern void dumpiov(struct tcb *, int, long);
526 extern void dumpstr(struct tcb *, long, int);
527 extern void printstr(struct tcb *, long, int);
528 extern void printnum(struct tcb *, long, const char *);
529 extern void printnum_int(struct tcb *, long, const char *);
530 extern void printpath(struct tcb *, long);
531 extern void printpathn(struct tcb *, long, int);
532 #define TIMESPEC_TEXT_BUFSIZE (sizeof(long)*3 * 2 + sizeof("{%u, %u}"))
533 #define TIMEVAL_TEXT_BUFSIZE TIMESPEC_TEXT_BUFSIZE
534 extern void printtv_bitness(struct tcb *, long, enum bitness_t, int);
535 #define printtv(tcp, addr) \
536 printtv_bitness((tcp), (addr), BITNESS_CURRENT, 0)
537 #define printtv_special(tcp, addr) \
538 printtv_bitness((tcp), (addr), BITNESS_CURRENT, 1)
539 extern char *sprinttv(char *, struct tcb *, long, enum bitness_t, int special);
540 extern void print_timespec(struct tcb *, long);
541 extern void sprint_timespec(char *, struct tcb *, long);
542 #ifdef HAVE_SIGINFO_T
543 extern void printsiginfo(siginfo_t *, int);
545 extern void printfd(struct tcb *, int);
546 extern void printsock(struct tcb *, long, int);
547 extern void print_sock_optmgmt(struct tcb *, long, int);
548 extern void printrusage(struct tcb *, long);
550 extern void printrusage32(struct tcb *, long);
552 extern void printuid(const char *, unsigned long);
553 extern void printcall(struct tcb *);
554 extern void print_sigset(struct tcb *, long, int);
555 extern void printsignal(int);
556 extern void tprint_iov(struct tcb *, unsigned long, unsigned long, int decode_iov);
557 extern void tprint_open_modes(mode_t);
558 extern const char *sprint_open_modes(mode_t);
559 extern void print_loff_t(struct tcb *, long);
561 extern const struct ioctlent *ioctl_lookup(long);
562 extern const struct ioctlent *ioctl_next_match(const struct ioctlent *);
563 extern int ioctl_decode(struct tcb *, long, long);
564 extern int term_ioctl(struct tcb *, long, long);
565 extern int sock_ioctl(struct tcb *, long, long);
566 extern int proc_ioctl(struct tcb *, int, int);
567 extern int rtc_ioctl(struct tcb *, long, long);
568 extern int scsi_ioctl(struct tcb *, long, long);
569 extern int block_ioctl(struct tcb *, long, long);
570 extern int mtd_ioctl(struct tcb *, long, long);
572 extern int tv_nz(struct timeval *);
573 extern int tv_cmp(struct timeval *, struct timeval *);
574 extern double tv_float(struct timeval *);
575 extern void tv_add(struct timeval *, struct timeval *, struct timeval *);
576 extern void tv_sub(struct timeval *, struct timeval *, struct timeval *);
577 extern void tv_mul(struct timeval *, struct timeval *, int);
578 extern void tv_div(struct timeval *, struct timeval *, int);
580 /* Strace log generation machinery.
582 * printing_tcp: tcb which has incomplete line being printed right now.
583 * NULL if last line has been completed ('\n'-terminated).
584 * printleader(tcp) examines it, finishes incomplete line if needed,
585 * the sets it to tcp.
586 * line_ended() clears printing_tcp and resets ->curcol = 0.
587 * tcp->curcol == 0 check is also used to detect completeness
588 * of last line, since in -ff mode just checking printing_tcp for NULL
591 * If you change this code, test log generation in both -f and -ff modes
593 * strace -oLOG -f[f] test/threaded_execve
594 * strace -oLOG -f[f] test/sigkill_rain
595 * strace -oLOG -f[f] -p "`pidof web_browser`"
597 extern struct tcb *printing_tcp;
598 extern void printleader(struct tcb *);
599 extern void line_ended(void);
600 extern void tabto(void);
601 extern void tprintf(const char *fmt, ...) __attribute__ ((format (printf, 1, 2)));
602 extern void tprints(const char *str);
604 #if SUPPORTED_PERSONALITIES > 1
605 extern void set_personality(int personality);
606 extern int current_personality;
607 extern const int personality_wordsize[];
608 # define current_wordsize (personality_wordsize[current_personality])
610 # define set_personality(personality) ((void)0)
611 # define current_personality 0
612 # define current_wordsize PERSONALITY0_WORDSIZE
619 const char *sys_name;
628 extern const struct sysent *sysent;
629 extern unsigned nsyscalls;
630 extern const char *const *errnoent;
631 extern unsigned nerrnos;
632 extern const struct ioctlent *ioctlent;
633 extern unsigned nioctlents;
634 extern const char *const *signalent;
635 extern unsigned nsignals;
637 #define SCNO_IN_RANGE(scno) \
638 ((unsigned long)(scno) < nsyscalls && sysent[scno].sys_func)