2 * Copyright (c) 1991, 1992 Paul Kranenburg <pk@cs.few.eur.nl>
3 * Copyright (c) 1993 Branko Lankester <branko@hacktic.nl>
4 * Copyright (c) 1993, 1994, 1995, 1996 Rick Sladkey <jrs@world.std.com>
5 * Copyright (c) 1996-1999 Wichert Akkerman <wichert@cistron.nl>
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. The name of the author may not be used to endorse or promote products
17 * derived from this software without specific prior written permission.
19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
20 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
21 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
22 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
23 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
24 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
25 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
26 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
28 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
33 #include <sys/param.h>
35 #include <sys/resource.h>
41 #include <sys/utsname.h>
43 # include <asm/ptrace_offsets.h>
45 /* In some libc, these aren't declared. Do it ourself: */
46 extern char **environ;
51 #if defined __NR_tkill
52 # define my_tkill(tid, sig) syscall(__NR_tkill, (tid), (sig))
54 /* kill() may choose arbitrarily the target task of the process group
55 while we later wait on a that specific TID. PID process waits become
56 TID task specific waits for a process under ptrace(2). */
57 # warning "Neither tkill(2) nor tgkill(2) available, risk of strace hangs!"
58 # define my_tkill(tid, sig) kill((tid), (sig))
62 #define KERNEL_VERSION(a,b,c) (((a) << 16) + ((b) << 8) + (c))
64 cflag_t cflag = CFLAG_NONE;
65 unsigned int followfork = 0;
66 unsigned int ptrace_setoptions = 0;
67 unsigned int xflag = 0;
71 /* Which WSTOPSIG(status) value marks syscall traps? */
72 static unsigned int syscall_trap_sig = SIGTRAP;
73 static unsigned int tflag = 0;
74 static bool iflag = 0;
75 static bool rflag = 0;
76 static bool print_pid_pfx = 0;
81 INTR_ANYWHERE = 1, /* don't block/ignore any signals */
82 INTR_WHILE_WAIT = 2, /* block fatal signals while decoding syscall. default */
83 INTR_NEVER = 3, /* block fatal signals. default if '-o FILE PROG' */
84 INTR_BLOCK_TSTP_TOO = 4, /* block fatal signals and SIGTSTP (^Z) */
88 /* We play with signal mask only if this mode is active: */
89 #define interactive (opt_intr == INTR_WHILE_WAIT)
92 * daemonized_tracer supports -D option.
93 * With this option, strace forks twice.
94 * Unlike normal case, with -D *grandparent* process exec's,
95 * becoming a traced process. Child exits (this prevents traced process
96 * from having children it doesn't expect to have), and grandchild
97 * attaches to grandparent similarly to strace -p PID.
98 * This allows for more transparent interaction in cases
99 * when process and its parent are communicating via signals,
100 * wait() etc. Without -D, strace process gets lodged in between,
101 * disrupting parent<->child link.
103 static bool daemonized_tracer = 0;
106 static int post_attach_sigstop = TCB_IGNORE_ONE_SIGSTOP;
107 # define use_seize (post_attach_sigstop == 0)
109 # define post_attach_sigstop TCB_IGNORE_ONE_SIGSTOP
113 /* Sometimes we want to print only succeeding syscalls. */
114 bool not_failing_only = 0;
116 /* Show path associated with fd arguments */
117 bool show_fd_path = 0;
119 /* are we filtering traces based on paths? */
120 bool tracing_paths = 0;
122 static bool detach_on_execve = 0;
123 static bool skip_startup_execve = 0;
125 static int exit_code = 0;
126 static int strace_child = 0;
127 static int strace_tracer_pid = 0;
129 static char *username = NULL;
130 static uid_t run_uid;
131 static gid_t run_gid;
133 unsigned int max_strlen = DEFAULT_STRLEN;
134 static unsigned int acolumn = DEFAULT_ACOLUMN;
135 static char *acolumn_spaces;
136 static char *outfname = NULL;
138 struct tcb *printing_tcp = NULL;
139 static unsigned int curcol;
140 static struct tcb **tcbtab;
141 static unsigned int nprocs, tcbtabsize;
142 static const char *progname;
144 static unsigned os_release; /* generated from uname()'s u.release */
146 static int detach(struct tcb *tcp);
147 static int trace(void);
148 static void cleanup(void);
149 static void interrupt(int sig);
150 static sigset_t empty_set, blocked_set;
152 #ifdef HAVE_SIG_ATOMIC_T
153 static volatile sig_atomic_t interrupted;
155 static volatile int interrupted;
158 #ifndef HAVE_STRERROR
160 #if !HAVE_DECL_SYS_ERRLIST
162 extern char *sys_errlist[];
168 static char buf[sizeof("Unknown error %d") + sizeof(int)*3];
170 if (err_no < 1 || err_no >= sys_nerr) {
171 sprintf(buf, "Unknown error %d", err_no);
174 return sys_errlist[err_no];
177 #endif /* HAVE_STERRROR */
180 usage(FILE *ofp, int exitval)
183 usage: strace [-CdDffhiqrtttTvVxxy] [-I n] [-a column] [-e expr]... [-o file]\n\
184 [-p pid]... [-s strsize] [-u username] [-E var=val]...\n\
185 [-P path] [PROG [ARGS]]\n\
186 or: strace -c [-D] [-I n] [-e expr]... [-O overhead] [-S sortby] [-E var=val]...\n\
188 -c -- count time, calls, and errors for each syscall and report summary\n\
189 -C -- like -c but also print regular output while processes are running\n\
190 -d -- enable debug output to stderr\n\
191 -D -- run tracer process as a detached grandchild, not as parent\n\
192 -f -- follow forks, -ff -- with output into separate files\n\
193 -F -- attempt to follow vforks (deprecated, use -f)\n\
194 -i -- print instruction pointer at time of syscall\n\
196 1: no signals are blocked\n\
197 2: fatal signals are blocked while decoding syscall (default)\n\
198 3: fatal signals are always blocked (default if '-o FILE PROG')\n\
199 4: fatal signals and SIGTSTP (^Z) are always blocked\n\
200 (useful to make 'strace -o FILE PROG' not stop on ^Z)\n\
201 -q -- suppress messages about attaching, detaching, etc.\n\
202 -r -- print relative timestamp, -t -- absolute timestamp, -tt -- with usecs\n\
203 -T -- print time spent in each syscall\n\
204 -v -- verbose mode: print unabbreviated argv, stat, termios, etc. args\n\
205 -x -- print non-ascii strings in hex, -xx -- print all strings in hex\n\
206 -y -- print paths associated with file descriptor arguments\n\
207 -h -- print help message\n\
208 -V -- print version\n\
209 -a column -- alignment COLUMN for printing syscall results (default %d)\n\
210 -e expr -- a qualifying expression: option=[!]all or option=[!]val1[,val2]...\n\
211 options: trace, abbrev, verbose, raw, signal, read, or write\n\
212 -o file -- send trace output to FILE instead of stderr\n\
213 -O overhead -- set overhead for tracing syscalls to OVERHEAD usecs\n\
214 -p pid -- trace process with process id PID, may be repeated\n\
215 -s strsize -- limit length of print strings to STRSIZE chars (default %d)\n\
216 -S sortby -- sort syscall counts by: time, calls, name, nothing (default %s)\n\
217 -u username -- run command as username handling setuid and/or setgid\n\
218 -E var=val -- put var=val in the environment for command\n\
219 -E var -- remove var from the environment for command\n\
220 -P path -- trace accesses to path\n\
222 /* this is broken, so don't document it
223 -z -- print only succeeding syscalls\n\
225 /* experimental, don't document it yet (option letter may change in the future!)
226 -b -- detach on successful execve\n\
228 , DEFAULT_ACOLUMN, DEFAULT_STRLEN, DEFAULT_SORTBY);
232 static void die(void) __attribute__ ((noreturn));
233 static void die(void)
235 if (strace_tracer_pid == getpid()) {
242 static void verror_msg(int err_no, const char *fmt, va_list p)
248 /* We want to print entire message with single fprintf to ensure
249 * message integrity if stderr is shared with other programs.
250 * Thus we use vasprintf + single fprintf.
253 if (vasprintf(&msg, fmt, p) >= 0) {
255 fprintf(stderr, "%s: %s: %s\n", progname, msg, strerror(err_no));
257 fprintf(stderr, "%s: %s\n", progname, msg);
260 /* malloc in vasprintf failed, try it without malloc */
261 fprintf(stderr, "%s: ", progname);
262 vfprintf(stderr, fmt, p);
264 fprintf(stderr, ": %s\n", strerror(err_no));
268 /* We don't switch stderr to buffered, thus fprintf(stderr)
269 * always flushes its output and this is not necessary: */
270 /* fflush(stderr); */
273 void error_msg(const char *fmt, ...)
277 verror_msg(0, fmt, p);
281 void error_msg_and_die(const char *fmt, ...)
285 verror_msg(0, fmt, p);
289 void perror_msg(const char *fmt, ...)
293 verror_msg(errno, fmt, p);
297 void perror_msg_and_die(const char *fmt, ...)
301 verror_msg(errno, fmt, p);
305 void die_out_of_memory(void)
307 static bool recursed = 0;
311 error_msg_and_die("Out of memory");
314 /* Glue for systems without a MMU that cannot provide fork() */
316 # define strace_vforked 0
318 # define strace_vforked 1
319 # define fork() vfork()
324 ptrace_attach_or_seize(int pid)
328 return ptrace(PTRACE_ATTACH, pid, 0, 0);
329 r = ptrace(PTRACE_SEIZE, pid, 0, PTRACE_SEIZE_DEVEL);
332 r = ptrace(PTRACE_INTERRUPT, pid, 0, 0);
336 # define ptrace_attach_or_seize(pid) ptrace(PTRACE_ATTACH, (pid), 0, 0)
340 set_cloexec_flag(int fd)
344 flags = fcntl(fd, F_GETFD);
346 /* Can happen only if fd is bad.
347 * Should never happen: if it does, we have a bug
348 * in the caller. Therefore we just abort
349 * instead of propagating the error.
351 perror_msg_and_die("fcntl(%d, F_GETFD)", fd);
354 newflags = flags | FD_CLOEXEC;
355 if (flags == newflags)
358 fcntl(fd, F_SETFD, newflags); /* never fails */
361 static void kill_save_errno(pid_t pid, int sig)
363 int saved_errno = errno;
365 (void) kill(pid, sig);
370 tprintf(const char *fmt, ...)
376 int n = vfprintf(outf, fmt, args);
379 perror(outfname == NULL
380 ? "<writing to pipe>" : outfname);
388 tprints(const char *str)
391 int n = fputs(str, outf);
393 curcol += strlen(str);
397 perror(outfname == NULL
398 ? "<writing to pipe>" : outfname);
409 printing_tcp->curcol = 0;
414 printleader(struct tcb *tcp)
416 /* If -ff, "previous tcb we printed" is always the same as current,
417 * because we have per-tcb output files.
423 outf = printing_tcp->outf;
424 curcol = printing_tcp->curcol;
425 if (printing_tcp->ptrace_errno) {
426 if (printing_tcp->flags & TCB_INSYSCALL) {
427 tprints(" <unavailable>) ");
430 tprints("= ? <unavailable>\n");
431 printing_tcp->ptrace_errno = 0;
432 printing_tcp->curcol = 0;
434 if (printing_tcp->curcol != 0 && (followfork < 2 || printing_tcp == tcp)) {
436 * case 1: we have a shared log (i.e. not -ff), and last line
437 * wasn't finished (same or different tcb, doesn't matter).
438 * case 2: split log, we are the same tcb, but our last line
439 * didn't finish ("SIGKILL nuked us after syscall entry" etc).
441 tprints(" <unfinished ...>\n");
442 printing_tcp->flags |= TCB_REPRINT;
443 printing_tcp->curcol = 0;
452 tprintf("%-5d ", tcp->pid);
453 else if (nprocs > 1 && !outfname)
454 tprintf("[pid %5u] ", tcp->pid);
457 char str[sizeof("HH:MM:SS")];
458 struct timeval tv, dtv;
459 static struct timeval otv;
461 gettimeofday(&tv, NULL);
465 tv_sub(&dtv, &tv, &otv);
466 tprintf("%6ld.%06ld ",
467 (long) dtv.tv_sec, (long) dtv.tv_usec);
470 else if (tflag > 2) {
471 tprintf("%ld.%06ld ",
472 (long) tv.tv_sec, (long) tv.tv_usec);
475 time_t local = tv.tv_sec;
476 strftime(str, sizeof(str), "%T", localtime(&local));
478 tprintf("%s.%06ld ", str, (long) tv.tv_usec);
490 if (curcol < acolumn)
491 tprints(acolumn_spaces + curcol);
495 * When strace is setuid executable, we have to swap uids
496 * before and after filesystem and process management operations.
501 int euid = geteuid(), uid = getuid();
503 if (euid != uid && setreuid(euid, uid) < 0) {
504 perror_msg_and_die("setreuid");
509 # define fopen_for_output fopen64
511 # define fopen_for_output fopen
515 strace_fopen(const char *path)
520 fp = fopen_for_output(path, "w");
522 perror_msg_and_die("Can't fopen '%s'", path);
524 set_cloexec_flag(fileno(fp));
528 static int popen_pid = 0;
531 # define _PATH_BSHELL "/bin/sh"
535 * We cannot use standard popen(3) here because we have to distinguish
536 * popen child process from other processes we trace, and standard popen(3)
537 * does not export its child's pid.
540 strace_popen(const char *command)
547 perror_msg_and_die("pipe");
549 set_cloexec_flag(fds[1]); /* never fails */
553 perror_msg_and_die("vfork");
555 if (popen_pid == 0) {
560 perror_msg_and_die("dup2");
563 execl(_PATH_BSHELL, "sh", "-c", command, NULL);
564 perror_msg_and_die("Can't execute '%s'", _PATH_BSHELL);
570 fp = fdopen(fds[1], "w");
577 newoutf(struct tcb *tcp)
579 if (outfname && followfork >= 2) {
580 char name[520 + sizeof(int) * 3];
581 sprintf(name, "%.512s.%u", outfname, tcp->pid);
582 tcp->outf = strace_fopen(name);
587 process_opt_p_list(char *opt)
591 * We accept -p PID,PID; -p "`pidof PROG`"; -p "`pgrep PROG`".
592 * pidof uses space as delim, pgrep uses newline. :(
595 char *delim = opt + strcspn(opt, ", \n\t");
599 pid = atoi(opt); /* TODO: stricter parsing of the number? */
601 error_msg("Invalid process id: '%s'", opt);
605 if (pid == strace_tracer_pid) {
606 error_msg("I'm sorry, I can't let you do that, Dave.");
625 * Block user interruptions as we would leave the traced
626 * process stopped (process state T) if we would terminate in
627 * between PTRACE_ATTACH and wait4() on SIGSTOP.
628 * We rely on cleanup() from this point on.
631 sigprocmask(SIG_BLOCK, &blocked_set, NULL);
633 if (daemonized_tracer) {
636 perror_msg_and_die("fork");
638 if (pid) { /* parent */
640 * Wait for grandchild to attach to straced process
641 * (grandparent). Grandchild SIGKILLs us after it attached.
642 * Grandparent's wait() is unblocked by our death,
643 * it proceeds to exec the straced program.
646 _exit(0); /* paranoia */
649 /* We will be the tracer process. Remember our new pid: */
650 strace_tracer_pid = getpid();
653 for (tcbi = 0; tcbi < tcbtabsize; tcbi++) {
656 if (!(tcp->flags & TCB_INUSE))
659 /* Is this a process we should attach to, but not yet attached? */
660 if (tcp->flags & TCB_ATTACHED)
661 continue; /* no, we already attached it */
663 /* Reinitialize the output since it may have changed */
667 if (followfork && !daemonized_tracer) {
668 char procdir[sizeof("/proc/%d/task") + sizeof(int) * 3];
671 sprintf(procdir, "/proc/%d/task", tcp->pid);
672 dir = opendir(procdir);
674 unsigned int ntid = 0, nerr = 0;
677 while ((de = readdir(dir)) != NULL) {
681 if (de->d_fileno == 0)
683 tid = atoi(de->d_name);
687 if (ptrace_attach_or_seize(tid) < 0) {
690 fprintf(stderr, "attach to pid %d failed\n", tid);
694 fprintf(stderr, "attach to pid %d succeeded\n", tid);
697 cur_tcp = alloctcb(tid);
698 cur_tcp->flags |= TCB_ATTACHED | TCB_STARTUP | post_attach_sigstop;
702 sigprocmask(SIG_SETMASK, &empty_set, NULL);
705 sigprocmask(SIG_BLOCK, &blocked_set, NULL);
709 perror("attach: ptrace(PTRACE_ATTACH, ...)");
714 fprintf(stderr, ntid > 1
715 ? "Process %u attached with %u threads - interrupt to quit\n"
716 : "Process %u attached - interrupt to quit\n",
719 if (!(tcp->flags & TCB_ATTACHED)) {
720 /* -p PID, we failed to attach to PID itself
721 * but did attach to some of its sibling threads.
727 } /* if (opendir worked) */
729 if (ptrace_attach_or_seize(tcp->pid) < 0) {
730 perror("attach: ptrace(PTRACE_ATTACH, ...)");
734 tcp->flags |= TCB_ATTACHED | TCB_STARTUP | post_attach_sigstop;
736 fprintf(stderr, "attach to pid %d (main) succeeded\n", tcp->pid);
738 if (daemonized_tracer) {
740 * Make parent go away.
741 * Also makes grandparent's wait() unblock.
743 kill(getppid(), SIGKILL);
748 "Process %u attached - interrupt to quit\n",
750 } /* for each tcbtab[] */
754 sigprocmask(SIG_SETMASK, &empty_set, NULL);
758 startup_child(char **argv)
761 const char *filename;
762 char pathname[MAXPATHLEN];
767 if (strchr(filename, '/')) {
768 if (strlen(filename) > sizeof pathname - 1) {
769 errno = ENAMETOOLONG;
770 perror_msg_and_die("exec");
772 strcpy(pathname, filename);
774 #ifdef USE_DEBUGGING_EXEC
776 * Debuggers customarily check the current directory
777 * first regardless of the path but doing that gives
778 * security geeks a panic attack.
780 else if (stat(filename, &statbuf) == 0)
781 strcpy(pathname, filename);
782 #endif /* USE_DEBUGGING_EXEC */
787 for (path = getenv("PATH"); path && *path; path += m) {
788 const char *colon = strchr(path, ':');
794 m = n = strlen(path);
796 if (!getcwd(pathname, MAXPATHLEN))
798 len = strlen(pathname);
800 else if (n > sizeof pathname - 1)
803 strncpy(pathname, path, n);
806 if (len && pathname[len - 1] != '/')
807 pathname[len++] = '/';
808 strcpy(pathname + len, filename);
809 if (stat(pathname, &statbuf) == 0 &&
810 /* Accept only regular files
811 with some execute bits set.
812 XXX not perfect, might still fail */
813 S_ISREG(statbuf.st_mode) &&
814 (statbuf.st_mode & 0111))
818 if (stat(pathname, &statbuf) < 0) {
819 perror_msg_and_die("Can't stat '%s'", filename);
821 strace_child = pid = fork();
823 perror_msg_and_die("fork");
825 if ((pid != 0 && daemonized_tracer) /* -D: parent to become a traced process */
826 || (pid == 0 && !daemonized_tracer) /* not -D: child to become a traced process */
831 if (!daemonized_tracer && !use_seize) {
832 if (ptrace(PTRACE_TRACEME, 0L, 0L, 0L) < 0) {
833 perror_msg_and_die("ptrace(PTRACE_TRACEME, ...)");
837 if (username != NULL) {
838 uid_t run_euid = run_uid;
839 gid_t run_egid = run_gid;
841 if (statbuf.st_mode & S_ISUID)
842 run_euid = statbuf.st_uid;
843 if (statbuf.st_mode & S_ISGID)
844 run_egid = statbuf.st_gid;
846 * It is important to set groups before we
847 * lose privileges on setuid.
849 if (initgroups(username, run_gid) < 0) {
850 perror_msg_and_die("initgroups");
852 if (setregid(run_gid, run_egid) < 0) {
853 perror_msg_and_die("setregid");
855 if (setreuid(run_uid, run_euid) < 0) {
856 perror_msg_and_die("setreuid");
859 else if (geteuid() != 0)
860 setreuid(run_uid, run_uid);
862 if (!daemonized_tracer) {
864 * Induce a ptrace stop. Tracer (our parent)
865 * will resume us with PTRACE_SYSCALL and display
866 * the immediately following execve syscall.
867 * Can't do this on NOMMU systems, we are after
868 * vfork: parent is blocked, stopping would deadlock.
874 /* we depend on SIGCHLD set to SIG_DFL by init code */
875 /* if it happens to be SIG_IGN'ed, wait won't block */
880 execv(pathname, argv);
881 perror_msg_and_die("exec");
884 /* We are the tracer */
886 if (!daemonized_tracer) {
888 /* child did PTRACE_TRACEME, nothing to do in parent */
890 if (!strace_vforked) {
891 /* Wait until child stopped itself */
893 while (waitpid(pid, &status, WSTOPPED) < 0) {
896 perror_msg_and_die("waitpid");
898 if (!WIFSTOPPED(status) || WSTOPSIG(status) != SIGSTOP) {
899 kill_save_errno(pid, SIGKILL);
900 perror_msg_and_die("Unexpected wait status %x", status);
903 /* Else: vforked case, we have no way to sync.
904 * Just attach to it as soon as possible.
905 * This means that we may miss a few first syscalls...
908 if (ptrace_attach_or_seize(pid)) {
909 kill_save_errno(pid, SIGKILL);
910 perror_msg_and_die("Can't attach to %d", pid);
917 tcp->flags |= TCB_ATTACHED | TCB_STRACE_CHILD | TCB_STARTUP | post_attach_sigstop;
919 tcp->flags |= TCB_ATTACHED | TCB_STRACE_CHILD | TCB_STARTUP;
922 /* With -D, *we* are child here, IOW: different pid. Fetch it: */
923 strace_tracer_pid = getpid();
924 /* The tracee is our parent: */
927 /* attaching will be done later, by startup_attach */
932 * Test whether the kernel support PTRACE_O_TRACECLONE et al options.
933 * First fork a new child, call ptrace with PTRACE_SETOPTIONS on it,
934 * and then see which options are supported by the kernel.
937 test_ptrace_setoptions_followfork(void)
939 int pid, expected_grandchild = 0, found_grandchild = 0;
940 const unsigned int test_options = PTRACE_O_TRACECLONE |
946 perror_msg_and_die("fork");
949 if (ptrace(PTRACE_TRACEME, 0L, 0L, 0L) < 0)
950 perror_msg_and_die("%s: PTRACE_TRACEME doesn't work",
952 kill_save_errno(pid, SIGSTOP);
954 perror_msg_and_die("fork");
959 int status, tracee_pid;
962 tracee_pid = wait(&status);
963 if (tracee_pid <= 0) {
968 kill_save_errno(pid, SIGKILL);
969 perror_msg_and_die("%s: unexpected wait result %d",
970 __func__, tracee_pid);
972 if (WIFEXITED(status)) {
973 if (WEXITSTATUS(status)) {
974 if (tracee_pid != pid)
975 kill_save_errno(pid, SIGKILL);
976 error_msg_and_die("%s: unexpected exit status %u",
977 __func__, WEXITSTATUS(status));
981 if (WIFSIGNALED(status)) {
982 if (tracee_pid != pid)
983 kill_save_errno(pid, SIGKILL);
984 error_msg_and_die("%s: unexpected signal %u",
985 __func__, WTERMSIG(status));
987 if (!WIFSTOPPED(status)) {
988 if (tracee_pid != pid)
989 kill_save_errno(tracee_pid, SIGKILL);
990 kill_save_errno(pid, SIGKILL);
991 error_msg_and_die("%s: unexpected wait status %x",
994 if (tracee_pid != pid) {
995 found_grandchild = tracee_pid;
996 if (ptrace(PTRACE_CONT, tracee_pid, 0, 0) < 0) {
997 kill_save_errno(tracee_pid, SIGKILL);
998 kill_save_errno(pid, SIGKILL);
999 perror_msg_and_die("PTRACE_CONT doesn't work");
1003 switch (WSTOPSIG(status)) {
1005 if (ptrace(PTRACE_SETOPTIONS, pid, 0, test_options) < 0
1006 && errno != EINVAL && errno != EIO)
1007 perror_msg("PTRACE_SETOPTIONS");
1010 if (status >> 16 == PTRACE_EVENT_FORK) {
1013 if (ptrace(PTRACE_GETEVENTMSG, pid,
1014 NULL, (long) &msg) == 0)
1015 expected_grandchild = msg;
1019 if (ptrace(PTRACE_SYSCALL, pid, 0, 0) < 0) {
1020 kill_save_errno(pid, SIGKILL);
1021 perror_msg_and_die("PTRACE_SYSCALL doesn't work");
1024 if (expected_grandchild && expected_grandchild == found_grandchild) {
1025 ptrace_setoptions |= test_options;
1027 fprintf(stderr, "ptrace_setoptions = %#x\n",
1031 error_msg("Test for PTRACE_O_TRACECLONE failed, "
1032 "giving up using this feature.");
1036 * Test whether the kernel support PTRACE_O_TRACESYSGOOD.
1037 * First fork a new child, call ptrace(PTRACE_SETOPTIONS) on it,
1038 * and then see whether it will stop with (SIGTRAP | 0x80).
1040 * Use of this option enables correct handling of user-generated SIGTRAPs,
1041 * and SIGTRAPs generated by special instructions such as int3 on x86:
1042 * _start: .globl _start
1047 * (compile with: "gcc -nostartfiles -nostdlib -o int3 int3.S")
1050 test_ptrace_setoptions_for_all(void)
1052 const unsigned int test_options = PTRACE_O_TRACESYSGOOD |
1059 perror_msg_and_die("fork");
1063 if (ptrace(PTRACE_TRACEME, 0L, 0L, 0L) < 0)
1064 /* Note: exits with exitcode 1 */
1065 perror_msg_and_die("%s: PTRACE_TRACEME doesn't work",
1068 _exit(0); /* parent should see entry into this syscall */
1072 int status, tracee_pid;
1075 tracee_pid = wait(&status);
1076 if (tracee_pid <= 0) {
1079 kill_save_errno(pid, SIGKILL);
1080 perror_msg_and_die("%s: unexpected wait result %d",
1081 __func__, tracee_pid);
1083 if (WIFEXITED(status)) {
1084 if (WEXITSTATUS(status) == 0)
1086 error_msg_and_die("%s: unexpected exit status %u",
1087 __func__, WEXITSTATUS(status));
1089 if (WIFSIGNALED(status)) {
1090 error_msg_and_die("%s: unexpected signal %u",
1091 __func__, WTERMSIG(status));
1093 if (!WIFSTOPPED(status)) {
1095 error_msg_and_die("%s: unexpected wait status %x",
1098 if (WSTOPSIG(status) == SIGSTOP) {
1100 * We don't check "options aren't accepted" error.
1101 * If it happens, we'll never get (SIGTRAP | 0x80),
1102 * and thus will decide to not use the option.
1103 * IOW: the outcome of the test will be correct.
1105 if (ptrace(PTRACE_SETOPTIONS, pid, 0L, test_options) < 0
1106 && errno != EINVAL && errno != EIO)
1107 perror_msg("PTRACE_SETOPTIONS");
1109 if (WSTOPSIG(status) == (SIGTRAP | 0x80)) {
1112 if (ptrace(PTRACE_SYSCALL, pid, 0L, 0L) < 0) {
1113 kill_save_errno(pid, SIGKILL);
1114 perror_msg_and_die("PTRACE_SYSCALL doesn't work");
1119 syscall_trap_sig = (SIGTRAP | 0x80);
1120 ptrace_setoptions |= test_options;
1122 fprintf(stderr, "ptrace_setoptions = %#x\n",
1127 error_msg("Test for PTRACE_O_TRACESYSGOOD failed, "
1128 "giving up using this feature.");
1133 test_ptrace_seize(void)
1139 perror_msg_and_die("fork");
1146 /* PTRACE_SEIZE, unlike ATTACH, doesn't force tracee to trap. After
1147 * attaching tracee continues to run unless a trap condition occurs.
1148 * PTRACE_SEIZE doesn't affect signal or group stop state.
1150 if (ptrace(PTRACE_SEIZE, pid, 0, PTRACE_SEIZE_DEVEL) == 0) {
1151 post_attach_sigstop = 0; /* this sets use_seize to 1 */
1152 } else if (debug_flag) {
1153 fprintf(stderr, "PTRACE_SEIZE doesn't work\n");
1159 int status, tracee_pid;
1162 tracee_pid = waitpid(pid, &status, 0);
1163 if (tracee_pid <= 0) {
1166 perror_msg_and_die("%s: unexpected wait result %d",
1167 __func__, tracee_pid);
1169 if (WIFSIGNALED(status)) {
1172 error_msg_and_die("%s: unexpected wait status %x",
1176 # else /* !USE_SEIZE */
1177 # define test_ptrace_seize() ((void)0)
1181 get_os_release(void)
1187 perror_msg_and_die("uname");
1188 /* u.release has this form: "3.2.9[-some-garbage]" */
1192 if (!(*p >= '0' && *p <= '9'))
1193 error_msg_and_die("Bad OS release string: '%s'", u.release);
1194 /* Note: this open-codes KERNEL_VERSION(): */
1195 rel = (rel << 8) | atoi(p);
1196 if (rel >= KERNEL_VERSION(1,0,0))
1198 while (*p >= '0' && *p <= '9')
1201 error_msg_and_die("Bad OS release string: '%s'", u.release);
1208 * Initialization part of main() was eating much stack (~0.5k),
1209 * which was unused after init.
1210 * We can reuse it if we move init code into a separate function.
1212 * Don't want main() to inline us and defeat the reason
1213 * we have a separate function.
1215 static void __attribute__ ((noinline))
1216 init(int argc, char *argv[])
1221 struct sigaction sa;
1223 progname = argv[0] ? argv[0] : "strace";
1225 /* Make sure SIGCHLD has the default action so that waitpid
1226 definitely works without losing track of children. The user
1227 should not have given us a bogus state to inherit, but he might
1228 have. Arguably we should detect SIG_IGN here and pass it on
1229 to children, but probably noone really needs that. */
1230 signal(SIGCHLD, SIG_DFL);
1232 strace_tracer_pid = getpid();
1234 os_release = get_os_release();
1236 /* Allocate the initial tcbtab. */
1237 tcbtabsize = argc; /* Surely enough for all -p args. */
1238 tcbtab = calloc(tcbtabsize, sizeof(tcbtab[0]));
1240 die_out_of_memory();
1241 tcp = calloc(tcbtabsize, sizeof(*tcp));
1243 die_out_of_memory();
1244 for (c = 0; c < tcbtabsize; c++)
1248 set_sortby(DEFAULT_SORTBY);
1249 set_personality(DEFAULT_PERSONALITY);
1250 qualify("trace=all");
1251 qualify("abbrev=all");
1252 qualify("verbose=all");
1253 qualify("signal=all");
1254 while ((c = getopt(argc, argv,
1255 "+bcCdfFhiqrtTvVxyz"
1257 "a:e:o:O:p:s:S:u:E:P:I:")) != EOF) {
1260 detach_on_execve = 1;
1263 if (cflag == CFLAG_BOTH) {
1264 error_msg_and_die("-c and -C are mutually exclusive options");
1266 cflag = CFLAG_ONLY_STATS;
1269 if (cflag == CFLAG_ONLY_STATS) {
1270 error_msg_and_die("-c and -C are mutually exclusive options");
1278 daemonized_tracer = 1;
1297 /* fall through to tflag++ */
1311 qualify("abbrev=none");
1314 printf("%s -- version %s\n", PACKAGE_NAME, VERSION);
1318 not_failing_only = 1;
1321 acolumn = atoi(optarg);
1323 error_msg_and_die("Bad column width '%s'", optarg);
1329 outfname = strdup(optarg);
1332 set_overhead(atoi(optarg));
1335 process_opt_p_list(optarg);
1339 if (pathtrace_select(optarg)) {
1340 error_msg_and_die("Failed to select path '%s'", optarg);
1344 max_strlen = atoi(optarg);
1345 if (max_strlen < 0) {
1346 error_msg_and_die("Invalid -%c argument: '%s'", c, optarg);
1353 username = strdup(optarg);
1356 if (putenv(optarg) < 0)
1357 die_out_of_memory();
1360 opt_intr = atoi(optarg);
1361 if (opt_intr <= 0 || opt_intr >= NUM_INTR_OPTS) {
1362 error_msg_and_die("Invalid -%c argument: '%s'", c, optarg);
1371 /* argc -= optind; - no need, argc is not used below */
1373 acolumn_spaces = malloc(acolumn + 1);
1374 if (!acolumn_spaces)
1375 die_out_of_memory();
1376 memset(acolumn_spaces, ' ', acolumn);
1377 acolumn_spaces[acolumn] = '\0';
1379 /* Must have PROG [ARGS], or -p PID. Not both. */
1380 if (!argv[0] == !nprocs)
1383 if (nprocs != 0 && daemonized_tracer) {
1384 error_msg_and_die("-D and -p are mutually exclusive options");
1390 if (followfork > 1 && cflag) {
1391 error_msg_and_die("(-c or -C) and -ff are mutually exclusive options");
1394 /* See if they want to run as another user. */
1395 if (username != NULL) {
1396 struct passwd *pent;
1398 if (getuid() != 0 || geteuid() != 0) {
1399 error_msg_and_die("You must be root to use the -u option");
1401 pent = getpwnam(username);
1403 error_msg_and_die("Cannot find user '%s'", username);
1405 run_uid = pent->pw_uid;
1406 run_gid = pent->pw_gid;
1414 test_ptrace_setoptions_followfork();
1415 test_ptrace_setoptions_for_all();
1416 test_ptrace_seize();
1418 /* Check if they want to redirect the output. */
1420 /* See if they want to pipe the output. */
1421 if (outfname[0] == '|' || outfname[0] == '!') {
1423 * We can't do the <outfname>.PID funny business
1424 * when using popen, so prohibit it.
1427 error_msg_and_die("Piping the output and -ff are mutually exclusive");
1428 outf = strace_popen(outfname + 1);
1430 else if (followfork <= 1)
1431 outf = strace_fopen(outfname);
1433 /* -ff without -o FILE is the same as single -f */
1438 if (!outfname || outfname[0] == '|' || outfname[0] == '!') {
1439 char *buf = malloc(BUFSIZ);
1441 die_out_of_memory();
1442 setvbuf(outf, buf, _IOLBF, BUFSIZ);
1444 if (outfname && argv[0]) {
1446 opt_intr = INTR_NEVER;
1450 opt_intr = INTR_WHILE_WAIT;
1452 /* argv[0] -pPID -oFILE Default interactive setting
1453 * yes 0 0 INTR_WHILE_WAIT
1454 * no 1 0 INTR_WHILE_WAIT
1455 * yes 0 1 INTR_NEVER
1456 * no 1 1 INTR_WHILE_WAIT
1459 /* STARTUP_CHILD must be called before the signal handlers get
1460 installed below as they are inherited into the spawned process.
1461 Also we do not need to be protected by them as during interruption
1462 in the STARTUP_CHILD mode we kill the spawned process anyway. */
1464 skip_startup_execve = 1;
1465 startup_child(argv);
1468 sigemptyset(&empty_set);
1469 sigemptyset(&blocked_set);
1470 sa.sa_handler = SIG_IGN;
1471 sigemptyset(&sa.sa_mask);
1473 sigaction(SIGTTOU, &sa, NULL); /* SIG_IGN */
1474 sigaction(SIGTTIN, &sa, NULL); /* SIG_IGN */
1475 if (opt_intr != INTR_ANYWHERE) {
1476 if (opt_intr == INTR_BLOCK_TSTP_TOO)
1477 sigaction(SIGTSTP, &sa, NULL); /* SIG_IGN */
1479 * In interactive mode (if no -o OUTFILE, or -p PID is used),
1480 * fatal signals are blocked while syscall stop is processed,
1481 * and acted on in between, when waiting for new syscall stops.
1482 * In non-interactive mode, signals are ignored.
1484 if (opt_intr == INTR_WHILE_WAIT) {
1485 sigaddset(&blocked_set, SIGHUP);
1486 sigaddset(&blocked_set, SIGINT);
1487 sigaddset(&blocked_set, SIGQUIT);
1488 sigaddset(&blocked_set, SIGPIPE);
1489 sigaddset(&blocked_set, SIGTERM);
1490 sa.sa_handler = interrupt;
1492 /* SIG_IGN, or set handler for these */
1493 sigaction(SIGHUP, &sa, NULL);
1494 sigaction(SIGINT, &sa, NULL);
1495 sigaction(SIGQUIT, &sa, NULL);
1496 sigaction(SIGPIPE, &sa, NULL);
1497 sigaction(SIGTERM, &sa, NULL);
1499 if (nprocs != 0 || daemonized_tracer)
1502 /* Do we want pids printed in our -o OUTFILE?
1503 * -ff: no (every pid has its own file); or
1504 * -f: yes (there can be more pids in the future); or
1505 * -p PID1,PID2: yes (there are already more than one pid)
1507 print_pid_pfx = (outfname && followfork < 2 && (followfork == 1 || nprocs > 1));
1513 /* Allocate some more TCBs and expand the table.
1514 We don't want to relocate the TCBs because our
1515 callers have pointers and it would be a pain.
1516 So tcbtab is a table of pointers. Since we never
1517 free the TCBs, we allocate a single chunk of many. */
1519 struct tcb *newtcbs = calloc(tcbtabsize, sizeof(newtcbs[0]));
1520 struct tcb **newtab = realloc(tcbtab, tcbtabsize * 2 * sizeof(tcbtab[0]));
1521 if (!newtab || !newtcbs)
1522 die_out_of_memory();
1525 while (i < tcbtabsize)
1526 tcbtab[i++] = newtcbs++;
1530 alloc_tcb(int pid, int command_options_parsed)
1535 if (nprocs == tcbtabsize)
1538 for (i = 0; i < tcbtabsize; i++) {
1540 if ((tcp->flags & TCB_INUSE) == 0) {
1541 memset(tcp, 0, sizeof(*tcp));
1543 tcp->flags = TCB_INUSE;
1544 tcp->outf = outf; /* Initialise to current out file */
1545 #if SUPPORTED_PERSONALITIES > 1
1546 tcp->currpers = current_personality;
1550 fprintf(stderr, "new tcb for pid %d, active tcbs:%d\n", tcp->pid, nprocs);
1551 if (command_options_parsed)
1556 error_msg_and_die("bug in alloc_tcb");
1567 for (i = 0; i < tcbtabsize; i++) {
1568 struct tcb *tcp = tcbtab[i];
1569 if (tcp->pid == pid && (tcp->flags & TCB_INUSE))
1577 droptcb(struct tcb *tcp)
1584 fprintf(stderr, "dropped tcb for pid %d, %d remain\n", tcp->pid, nprocs);
1587 if (outfname && followfork >= 2) {
1588 if (tcp->curcol != 0)
1589 fprintf(tcp->outf, " <detached ...>\n");
1591 if (outf == tcp->outf)
1594 if (printing_tcp == tcp && tcp->curcol != 0)
1595 fprintf(tcp->outf, " <detached ...>\n");
1600 if (printing_tcp == tcp)
1601 printing_tcp = NULL;
1603 memset(tcp, 0, sizeof(*tcp));
1606 /* detach traced process; continue with sig
1607 * Never call DETACH twice on the same process as both unattached and
1608 * attached-unstopped processes give the same ESRCH. For unattached process we
1609 * would SIGSTOP it and wait for its SIGSTOP notification forever.
1612 detach(struct tcb *tcp)
1615 int status, sigstop_expected;
1617 if (tcp->flags & TCB_BPTSET)
1621 * Linux wrongly insists the child be stopped
1622 * before detaching. Arghh. We go through hoops
1623 * to make a clean break of things.
1626 #undef PTRACE_DETACH
1627 #define PTRACE_DETACH PTRACE_SUNDETACH
1631 sigstop_expected = 0;
1632 if (tcp->flags & TCB_ATTACHED) {
1634 * We attached but possibly didn't see the expected SIGSTOP.
1635 * We must catch exactly one as otherwise the detached process
1636 * would be left stopped (process state T).
1638 sigstop_expected = (tcp->flags & TCB_IGNORE_ONE_SIGSTOP);
1639 error = ptrace(PTRACE_DETACH, tcp->pid, (char *) 1, 0);
1641 /* On a clear day, you can see forever. */
1643 else if (errno != ESRCH) {
1644 /* Shouldn't happen. */
1645 perror("detach: ptrace(PTRACE_DETACH, ...)");
1647 else if (my_tkill(tcp->pid, 0) < 0) {
1649 perror("detach: checking sanity");
1651 else if (!sigstop_expected && my_tkill(tcp->pid, SIGSTOP) < 0) {
1653 perror("detach: stopping child");
1656 sigstop_expected = 1;
1659 if (sigstop_expected) {
1662 if (waitpid(tcp->pid, &status, __WALL) < 0) {
1663 if (errno == ECHILD) /* Already gone. */
1665 if (errno != EINVAL) {
1666 perror("detach: waiting");
1670 /* No __WALL here. */
1671 if (waitpid(tcp->pid, &status, 0) < 0) {
1672 if (errno != ECHILD) {
1673 perror("detach: waiting");
1677 /* If no processes, try clones. */
1678 if (waitpid(tcp->pid, &status, __WCLONE) < 0) {
1679 if (errno != ECHILD)
1680 perror("detach: waiting");
1683 #endif /* __WCLONE */
1688 if (!WIFSTOPPED(status)) {
1689 /* Au revoir, mon ami. */
1692 if (WSTOPSIG(status) == SIGSTOP) {
1693 ptrace_restart(PTRACE_DETACH, tcp, 0);
1696 error = ptrace_restart(PTRACE_CONT, tcp,
1697 WSTOPSIG(status) == syscall_trap_sig ? 0
1698 : WSTOPSIG(status));
1704 if (!qflag && (tcp->flags & TCB_ATTACHED))
1705 fprintf(stderr, "Process %u detached\n", tcp->pid);
1719 /* 'interrupted' is a volatile object, fetch it only once */
1720 fatal_sig = interrupted;
1722 fatal_sig = SIGTERM;
1724 for (i = 0; i < tcbtabsize; i++) {
1726 if (!(tcp->flags & TCB_INUSE))
1730 "cleanup: looking at pid %u\n", tcp->pid);
1731 if (tcp->flags & TCB_STRACE_CHILD) {
1732 kill(tcp->pid, SIGCONT);
1733 kill(tcp->pid, fatal_sig);
1751 struct rusage *rup = cflag ? &ru : NULL;
1753 static int wait4_options = __WALL;
1756 while (nprocs != 0) {
1767 sigprocmask(SIG_SETMASK, &empty_set, NULL);
1769 pid = wait4(-1, &status, wait4_options, rup);
1770 if (pid < 0 && (wait4_options & __WALL) && errno == EINVAL) {
1771 /* this kernel does not support __WALL */
1772 wait4_options &= ~__WALL;
1773 pid = wait4(-1, &status, wait4_options, rup);
1775 if (pid < 0 && !(wait4_options & __WALL) && errno == ECHILD) {
1776 /* most likely a "cloned" process */
1777 pid = wait4(-1, &status, __WCLONE, rup);
1779 perror_msg("wait4(__WCLONE) failed");
1783 pid = wait4(-1, &status, 0, rup);
1784 # endif /* __WALL */
1787 sigprocmask(SIG_BLOCK, &blocked_set, NULL);
1790 switch (wait_errno) {
1795 * We would like to verify this case
1796 * but sometimes a race in Solbourne's
1797 * version of SunOS sometimes reports
1798 * ECHILD before sending us SIGCHILD.
1807 if (pid == popen_pid) {
1808 if (WIFEXITED(status) || WIFSIGNALED(status))
1813 event = ((unsigned)status >> 16);
1815 char buf[sizeof("WIFEXITED,exitcode=%u") + sizeof(int)*3 /*paranoia:*/ + 16];
1816 char evbuf[sizeof(",PTRACE_EVENT_?? (%u)") + sizeof(int)*3 /*paranoia:*/ + 16];
1818 if (WIFSIGNALED(status))
1820 sprintf(buf, "WIFSIGNALED,%ssig=%s",
1821 WCOREDUMP(status) ? "core," : "",
1822 signame(WTERMSIG(status)));
1824 sprintf(buf, "WIFSIGNALED,sig=%s",
1825 signame(WTERMSIG(status)));
1827 if (WIFEXITED(status))
1828 sprintf(buf, "WIFEXITED,exitcode=%u", WEXITSTATUS(status));
1829 if (WIFSTOPPED(status))
1830 sprintf(buf, "WIFSTOPPED,sig=%s", signame(WSTOPSIG(status)));
1832 if (WIFCONTINUED(status))
1833 strcpy(buf, "WIFCONTINUED");
1837 static const char *const event_names[] = {
1838 [PTRACE_EVENT_CLONE] = "CLONE",
1839 [PTRACE_EVENT_FORK] = "FORK",
1840 [PTRACE_EVENT_VFORK] = "VFORK",
1841 [PTRACE_EVENT_VFORK_DONE] = "VFORK_DONE",
1842 [PTRACE_EVENT_EXEC] = "EXEC",
1843 [PTRACE_EVENT_EXIT] = "EXIT",
1846 if (event < ARRAY_SIZE(event_names))
1847 e = event_names[event];
1849 sprintf(buf, "?? (%u)", event);
1852 sprintf(evbuf, ",PTRACE_EVENT_%s", e);
1854 fprintf(stderr, " [wait(0x%04x) = %u] %s%s\n", status, pid, buf, evbuf);
1857 /* Look up 'pid' in our table. */
1860 /* Under Linux, execve changes pid to thread leader's pid,
1861 * and we see this changed pid on EVENT_EXEC and later,
1862 * execve sysexit. Leader "disappears" without exit
1863 * notification. Let user know that, drop leader's tcb,
1864 * and fix up pid in execve thread's tcb.
1865 * Effectively, execve thread's tcb replaces leader's tcb.
1867 * BTW, leader is 'stuck undead' (doesn't report WIFEXITED
1868 * on exit syscall) in multithreaded programs exactly
1869 * in order to handle this case.
1871 * PTRACE_GETEVENTMSG returns old pid starting from Linux 3.0.
1872 * On 2.6 and earlier, it can return garbage.
1874 if (event == PTRACE_EVENT_EXEC && os_release >= KERNEL_VERSION(3,0,0)) {
1876 if (ptrace(PTRACE_GETEVENTMSG, pid, NULL, (long) &old_pid) >= 0
1880 struct tcb *execve_thread = pid2tcb(old_pid);
1883 curcol = tcp->curcol;
1884 if (execve_thread) {
1885 if (execve_thread->curcol != 0) {
1887 * One case we are here is -ff:
1888 * try "strace -oLOG -ff test/threaded_execve"
1890 fprintf(execve_thread->outf, " <pid changed to %d ...>\n", pid);
1891 execve_thread->curcol = 0;
1893 /* swap output FILEs (needed for -ff) */
1894 tcp->outf = execve_thread->outf;
1895 tcp->curcol = execve_thread->curcol;
1896 execve_thread->outf = outf;
1897 execve_thread->curcol = curcol;
1901 tcp = execve_thread;
1904 tcp->flags |= TCB_REPRINT;
1907 tprintf("+++ superseded by execve in pid %lu +++\n", old_pid);
1914 if (event == PTRACE_EVENT_EXEC && detach_on_execve) {
1915 if (!skip_startup_execve)
1917 /* This was initial execve for "strace PROG". Skip. */
1918 skip_startup_execve = 0;
1923 /* This is needed to go with the CLONE_PTRACE
1924 changes in process.c/util.c: we might see
1925 the child's initial trap before we see the
1926 parent return from the clone syscall.
1927 Leave the child suspended until the parent
1928 returns from its system call. Only then
1929 will we have the association of parent and
1930 child so that we know how to do clearbpt
1932 tcp = alloctcb(pid);
1933 tcp->flags |= TCB_ATTACHED | TCB_STARTUP | post_attach_sigstop;
1935 fprintf(stderr, "Process %d attached\n",
1939 /* This can happen if a clone call used
1940 CLONE_PTRACE itself. */
1942 if (WIFSTOPPED(status))
1943 ptrace(PTRACE_CONT, pid, (char *) 0, 0);
1944 error_msg_and_die("Unknown pid: %u", pid);
1948 /* Set current output file */
1950 curcol = tcp->curcol;
1953 tv_sub(&tcp->dtime, &ru.ru_stime, &tcp->stime);
1954 tcp->stime = ru.ru_stime;
1957 if (WIFSIGNALED(status)) {
1958 if (pid == strace_child)
1959 exit_code = 0x100 | WTERMSIG(status);
1960 if (cflag != CFLAG_ONLY_STATS
1961 && (qual_flags[WTERMSIG(status)] & QUAL_SIGNAL)) {
1964 tprintf("+++ killed by %s %s+++\n",
1965 signame(WTERMSIG(status)),
1966 WCOREDUMP(status) ? "(core dumped) " : "");
1968 tprintf("+++ killed by %s +++\n",
1969 signame(WTERMSIG(status)));
1976 if (WIFEXITED(status)) {
1977 if (pid == strace_child)
1978 exit_code = WEXITSTATUS(status);
1979 if (!cflag /* && (qual_flags[WTERMSIG(status)] & QUAL_SIGNAL) */ ) {
1981 tprintf("+++ exited with %d +++\n", WEXITSTATUS(status));
1987 if (!WIFSTOPPED(status)) {
1988 fprintf(stderr, "PANIC: pid %u not stopped\n", pid);
1993 /* Is this the very first time we see this tracee stopped? */
1994 if (tcp->flags & TCB_STARTUP) {
1996 fprintf(stderr, "pid %d has TCB_STARTUP, initializing it\n", tcp->pid);
1997 tcp->flags &= ~TCB_STARTUP;
1998 if (tcp->flags & TCB_BPTSET) {
2000 * One example is a breakpoint inherited from
2001 * parent through fork().
2003 if (clearbpt(tcp) < 0) {
2010 if (ptrace_setoptions) {
2012 fprintf(stderr, "setting opts %x on pid %d\n", ptrace_setoptions, tcp->pid);
2013 if (ptrace(PTRACE_SETOPTIONS, tcp->pid, NULL, ptrace_setoptions) < 0) {
2014 if (errno != ESRCH) {
2015 /* Should never happen, really */
2016 perror_msg_and_die("PTRACE_SETOPTIONS");
2022 sig = WSTOPSIG(status);
2027 if (event == PTRACE_EVENT_STOP || event == PTRACE_EVENT_STOP1) {
2029 * PTRACE_INTERRUPT-stop or group-stop.
2030 * PTRACE_INTERRUPT-stop has sig == SIGTRAP here.
2042 goto restart_tracee_with_sig_0;
2045 /* Is this post-attach SIGSTOP?
2046 * Interestingly, the process may stop
2047 * with STOPSIG equal to some other signal
2048 * than SIGSTOP if we happend to attach
2049 * just before the process takes a signal.
2051 if (sig == SIGSTOP && (tcp->flags & TCB_IGNORE_ONE_SIGSTOP)) {
2053 fprintf(stderr, "ignored SIGSTOP on pid %d\n", tcp->pid);
2054 tcp->flags &= ~TCB_IGNORE_ONE_SIGSTOP;
2055 goto restart_tracee_with_sig_0;
2058 if (sig != syscall_trap_sig) {
2061 /* Nonzero (true) if tracee is stopped by signal
2062 * (as opposed to "tracee received signal").
2064 stopped = (ptrace(PTRACE_GETSIGINFO, pid, 0, (long) &si) < 0);
2068 if (cflag != CFLAG_ONLY_STATS
2069 && (qual_flags[sig] & QUAL_SIGNAL)) {
2070 #if defined(PT_CR_IPSR) && defined(PT_CR_IIP)
2074 upeek(tcp, PT_CR_IPSR, &psr);
2075 upeek(tcp, PT_CR_IIP, &pc);
2078 pc += (psr >> PSR_RI) & 0x3;
2079 # define PC_FORMAT_STR " @ %lx"
2080 # define PC_FORMAT_ARG , pc
2082 # define PC_FORMAT_STR ""
2083 # define PC_FORMAT_ARG /* nothing */
2087 tprintf("--- %s ", signame(sig));
2088 printsiginfo(&si, verbose(tcp));
2089 tprintf(PC_FORMAT_STR " ---\n"
2092 tprintf("--- stopped by %s" PC_FORMAT_STR " ---\n",
2099 /* It's signal-delivery-stop. Inject the signal */
2100 goto restart_tracee;
2102 /* It's group-stop */
2106 * This ends ptrace-stop, but does *not* end group-stop.
2107 * This makes stopping signals work properly on straced process
2108 * (that is, process really stops. It used to continue to run).
2110 if (ptrace_restart(PTRACE_LISTEN, tcp, 0) < 0) {
2114 tcp->curcol = curcol;
2117 /* We don't have PTRACE_LISTEN support... */
2119 goto restart_tracee;
2122 /* We handled quick cases, we are permitted to interrupt now. */
2126 /* This should be syscall entry or exit.
2127 * (Or it still can be that pesky post-execve SIGTRAP!)
2130 if (trace_syscall(tcp) < 0 && !tcp->ptrace_errno) {
2131 /* ptrace() failed in trace_syscall() with ESRCH.
2132 * Likely a result of process disappearing mid-flight.
2133 * Observed case: exit_group() terminating
2134 * all processes in thread group.
2135 * We assume that ptrace error was caused by process death.
2136 * We used to detach(tcp) here, but since we no longer
2137 * implement "detach before death" policy/hack,
2138 * we can let this process to report its death to us
2139 * normally, via WIFEXITED or WIFSIGNALED wait status.
2141 tcp->curcol = curcol;
2144 restart_tracee_with_sig_0:
2147 /* Remember current print column before continuing. */
2148 tcp->curcol = curcol;
2149 if (ptrace_restart(PTRACE_SYSCALL, tcp, sig) < 0) {
2158 main(int argc, char *argv[])
2162 /* Run main tracing loop */
2168 if (exit_code > 0xff) {
2169 /* Avoid potential core file clobbering. */
2170 struct rlimit rlim = {0, 0};
2171 setrlimit(RLIMIT_CORE, &rlim);
2173 /* Child was killed by a signal, mimic that. */
2175 signal(exit_code, SIG_DFL);
2177 /* Paranoia - what if this signal is not fatal?
2178 Exit with 128 + signo then. */