2 * Copyright (c) 1991, 1992 Paul Kranenburg <pk@cs.few.eur.nl>
3 * Copyright (c) 1993 Branko Lankester <branko@hacktic.nl>
4 * Copyright (c) 1993, 1994, 1995, 1996 Rick Sladkey <jrs@world.std.com>
5 * Copyright (c) 1996-1999 Wichert Akkerman <wichert@cistron.nl>
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. The name of the author may not be used to endorse or promote products
17 * derived from this software without specific prior written permission.
19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
20 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
21 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
22 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
23 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
24 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
25 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
26 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
28 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35 #include <sys/types.h>
38 #include <sys/param.h>
40 #include <sys/resource.h>
50 # include <asm/unistd.h>
51 # if defined __NR_tgkill
52 # define my_tgkill(pid, tid, sig) syscall (__NR_tgkill, (pid), (tid), (sig))
53 # elif defined __NR_tkill
54 # define my_tgkill(pid, tid, sig) syscall (__NR_tkill, (tid), (sig))
56 /* kill() may choose arbitrarily the target task of the process group
57 while we later wait on a that specific TID. PID process waits become
58 TID task specific waits for a process under ptrace(2). */
59 # warning "Neither tkill(2) nor tgkill(2) available, risk of strace hangs!"
60 # define my_tgkill(pid, tid, sig) kill ((tid), (sig))
64 #if defined(IA64) && defined(LINUX)
65 # include <asm/ptrace_offsets.h>
73 #include <sys/stropts.h>
80 extern char **environ;
85 int debug = 0, followfork = 0;
86 unsigned int ptrace_setoptions = 0;
87 int dtime = 0, xflag = 0, qflag = 0;
88 cflag_t cflag = CFLAG_NONE;
89 static int iflag = 0, interactive = 0, pflag_seen = 0, rflag = 0, tflag = 0;
91 * daemonized_tracer supports -D option.
92 * With this option, strace forks twice.
93 * Unlike normal case, with -D *grandparent* process exec's,
94 * becoming a traced process. Child exits (this prevents traced process
95 * from having children it doesn't expect to have), and grandchild
96 * attaches to grandparent similarly to strace -p PID.
97 * This allows for more transparent interaction in cases
98 * when process and its parent are communicating via signals,
99 * wait() etc. Without -D, strace process gets lodged in between,
100 * disrupting parent<->child link.
102 static bool daemonized_tracer = 0;
104 /* Sometimes we want to print only succeeding syscalls. */
105 int not_failing_only = 0;
107 static int exit_code = 0;
108 static int strace_child = 0;
110 static char *username = NULL;
114 int acolumn = DEFAULT_ACOLUMN;
115 int max_strlen = DEFAULT_STRLEN;
116 static char *outfname = NULL;
120 unsigned int nprocs, tcbtabsize;
121 const char *progname;
122 extern char **environ;
124 static int detach(struct tcb *tcp, int sig);
125 static int trace(void);
126 static void cleanup(void);
127 static void interrupt(int sig);
128 static sigset_t empty_set, blocked_set;
130 #ifdef HAVE_SIG_ATOMIC_T
131 static volatile sig_atomic_t interrupted;
132 #else /* !HAVE_SIG_ATOMIC_T */
133 static volatile int interrupted;
134 #endif /* !HAVE_SIG_ATOMIC_T */
138 static struct tcb *pfd2tcb(int pfd);
139 static void reaper(int sig);
140 static void rebuild_pollv(void);
141 static struct pollfd *pollv;
143 #ifndef HAVE_POLLABLE_PROCFS
145 static void proc_poll_open(void);
146 static void proc_poller(int pfd);
154 static int poller_pid;
155 static int proc_poll_pipe[2] = { -1, -1 };
157 #endif /* !HAVE_POLLABLE_PROCFS */
159 #ifdef HAVE_MP_PROCFS
160 #define POLLWANT POLLWRNORM
162 #define POLLWANT POLLPRI
164 #endif /* USE_PROCFS */
172 usage: strace [-CdDffhiqrtttTvVxx] [-a column] [-e expr] ... [-o file]\n\
173 [-p pid] ... [-s strsize] [-u username] [-E var=val] ...\n\
174 [command [arg ...]]\n\
175 or: strace -c [-D] [-e expr] ... [-O overhead] [-S sortby] [-E var=val] ...\n\
176 [command [arg ...]]\n\
177 -c -- count time, calls, and errors for each syscall and report summary\n\
178 -C -- like -c but also print regular output while processes are running\n\
179 -f -- follow forks, -ff -- with output into separate files\n\
180 -F -- attempt to follow vforks, -h -- print help message\n\
181 -i -- print instruction pointer at time of syscall\n\
182 -q -- suppress messages about attaching, detaching, etc.\n\
183 -r -- print relative timestamp, -t -- absolute timestamp, -tt -- with usecs\n\
184 -T -- print time spent in each syscall, -V -- print version\n\
185 -v -- verbose mode: print unabbreviated argv, stat, termio[s], etc. args\n\
186 -x -- print non-ascii strings in hex, -xx -- print all strings in hex\n\
187 -a column -- alignment COLUMN for printing syscall results (default %d)\n\
188 -e expr -- a qualifying expression: option=[!]all or option=[!]val1[,val2]...\n\
189 options: trace, abbrev, verbose, raw, signal, read, or write\n\
190 -o file -- send trace output to FILE instead of stderr\n\
191 -O overhead -- set overhead for tracing syscalls to OVERHEAD usecs\n\
192 -p pid -- trace process with process id PID, may be repeated\n\
193 -D -- run tracer process as a detached grandchild, not as parent\n\
194 -s strsize -- limit length of print strings to STRSIZE chars (default %d)\n\
195 -S sortby -- sort syscall counts by: time, calls, name, nothing (default %s)\n\
196 -u username -- run command as username handling setuid and/or setgid\n\
197 -E var=val -- put var=val in the environment for command\n\
198 -E var -- remove var from the environment for command\n\
199 " /* this is broken, so don't document it
200 -z -- print only succeeding syscalls\n\
202 , DEFAULT_ACOLUMN, DEFAULT_STRLEN, DEFAULT_SORTBY);
215 /* Glue for systems without a MMU that cannot provide fork() */
217 # define strace_vforked 0
219 # define strace_vforked 1
220 # define fork() vfork()
224 set_cloexec_flag(int fd)
228 if ((flags = fcntl(fd, F_GETFD, 0)) < 0)
230 fprintf(stderr, "%s: fcntl F_GETFD: %s\n",
231 progname, strerror(errno));
235 newflags = flags | FD_CLOEXEC;
236 if (flags == newflags)
239 if (fcntl(fd, F_SETFD, newflags) < 0)
241 fprintf(stderr, "%s: fcntl F_SETFD: %s\n",
242 progname, strerror(errno));
250 * When strace is setuid executable, we have to swap uids
251 * before and after filesystem and process management operations.
257 int euid = geteuid(), uid = getuid();
259 if (euid != uid && setreuid(euid, uid) < 0)
261 fprintf(stderr, "%s: setreuid: %s\n",
262 progname, strerror(errno));
269 # define fopen_for_output fopen64
271 # define fopen_for_output fopen
275 strace_fopen(const char *path, const char *mode)
280 if ((fp = fopen_for_output(path, mode)) == NULL)
281 fprintf(stderr, "%s: can't fopen '%s': %s\n",
282 progname, path, strerror(errno));
284 if (fp && set_cloexec_flag(fileno(fp)) < 0)
292 static int popen_pid = -1;
295 # define _PATH_BSHELL "/bin/sh"
299 * We cannot use standard popen(3) here because we have to distinguish
300 * popen child process from other processes we trace, and standard popen(3)
301 * does not export its child's pid.
304 strace_popen(const char *command)
311 fprintf(stderr, "%s: pipe: %s\n",
312 progname, strerror(errno));
317 if (set_cloexec_flag(fds[1]) < 0)
325 if ((popen_pid = fork()) == -1)
327 fprintf(stderr, "%s: fork: %s\n",
328 progname, strerror(errno));
340 return fdopen(fds[1], "w");
345 if (fds[0] && (dup2(fds[0], 0) || close(fds[0])))
347 fprintf(stderr, "%s: dup2: %s\n",
348 progname, strerror(errno));
351 execl(_PATH_BSHELL, "sh", "-c", command, NULL);
352 fprintf(stderr, "%s: execl: %s: %s\n",
353 progname, _PATH_BSHELL, strerror(errno));
359 newoutf(struct tcb *tcp)
361 if (outfname && followfork > 1) {
362 char name[520 + sizeof(int) * 3];
365 sprintf(name, "%.512s.%u", outfname, tcp->pid);
366 if ((fp = strace_fopen(name, "w")) == NULL)
380 * Block user interruptions as we would leave the traced
381 * process stopped (process state T) if we would terminate in
382 * between PTRACE_ATTACH and wait4 () on SIGSTOP.
383 * We rely on cleanup () from this point on.
386 sigprocmask(SIG_BLOCK, &blocked_set, NULL);
388 if (daemonized_tracer) {
393 if (pid) { /* parent */
395 * Wait for child to attach to straced process
396 * (our parent). Child SIGKILLs us after it attached.
397 * Parent's wait() is unblocked by our death,
398 * it proceeds to exec the straced program.
401 _exit(0); /* paranoia */
405 for (tcbi = 0; tcbi < tcbtabsize; tcbi++) {
407 if (!(tcp->flags & TCB_INUSE) || !(tcp->flags & TCB_ATTACHED))
410 if (tcp->flags & TCB_CLONE_THREAD)
413 /* Reinitialize the output since it may have changed. */
415 if (newoutf(tcp) < 0)
419 if (proc_open(tcp, 1) < 0) {
420 fprintf(stderr, "trouble opening proc file\n");
424 #else /* !USE_PROCFS */
426 if (followfork && !daemonized_tracer) {
427 char procdir[sizeof("/proc/%d/task") + sizeof(int) * 3];
430 sprintf(procdir, "/proc/%d/task", tcp->pid);
431 dir = opendir(procdir);
433 unsigned int ntid = 0, nerr = 0;
436 while ((de = readdir(dir)) != NULL) {
437 if (de->d_fileno == 0)
439 tid = atoi(de->d_name);
443 if (ptrace(PTRACE_ATTACH, tid, (char *) 1, 0) < 0)
445 else if (tid != tcbtab[tcbi]->pid) {
447 tcp->flags |= TCB_ATTACHED|TCB_CLONE_THREAD|TCB_FOLLOWFORK;
448 tcbtab[tcbi]->nchildren++;
449 tcbtab[tcbi]->nclone_threads++;
450 tcp->parent = tcbtab[tcbi];
453 sigprocmask(SIG_SETMASK, &empty_set, NULL);
456 sigprocmask(SIG_BLOCK, &blocked_set, NULL);
462 perror("attach: ptrace(PTRACE_ATTACH, ...)");
467 fprintf(stderr, ntid > 1
468 ? "Process %u attached with %u threads - interrupt to quit\n"
469 : "Process %u attached - interrupt to quit\n",
470 tcbtab[tcbi]->pid, ntid);
473 } /* if (opendir worked) */
476 if (ptrace(PTRACE_ATTACH, tcp->pid, (char *) 1, 0) < 0) {
477 perror("attach: ptrace(PTRACE_ATTACH, ...)");
481 /* INTERRUPTED is going to be checked at the top of TRACE. */
483 if (daemonized_tracer) {
485 * It is our grandparent we trace, not a -p PID.
486 * Don't want to just detach on exit, so...
488 tcp->flags &= ~TCB_ATTACHED;
490 * Make parent go away.
491 * Also makes grandparent's wait() unblock.
493 kill(getppid(), SIGKILL);
496 #endif /* !USE_PROCFS */
499 "Process %u attached - interrupt to quit\n",
504 sigprocmask(SIG_SETMASK, &empty_set, NULL);
508 startup_child (char **argv)
511 const char *filename;
512 char pathname[MAXPATHLEN];
517 if (strchr(filename, '/')) {
518 if (strlen(filename) > sizeof pathname - 1) {
519 errno = ENAMETOOLONG;
520 perror("strace: exec");
523 strcpy(pathname, filename);
525 #ifdef USE_DEBUGGING_EXEC
527 * Debuggers customarily check the current directory
528 * first regardless of the path but doing that gives
529 * security geeks a panic attack.
531 else if (stat(filename, &statbuf) == 0)
532 strcpy(pathname, filename);
533 #endif /* USE_DEBUGGING_EXEC */
538 for (path = getenv("PATH"); path && *path; path += m) {
539 if (strchr(path, ':')) {
540 n = strchr(path, ':') - path;
544 m = n = strlen(path);
546 if (!getcwd(pathname, MAXPATHLEN))
548 len = strlen(pathname);
550 else if (n > sizeof pathname - 1)
553 strncpy(pathname, path, n);
556 if (len && pathname[len - 1] != '/')
557 pathname[len++] = '/';
558 strcpy(pathname + len, filename);
559 if (stat(pathname, &statbuf) == 0 &&
560 /* Accept only regular files
561 with some execute bits set.
562 XXX not perfect, might still fail */
563 S_ISREG(statbuf.st_mode) &&
564 (statbuf.st_mode & 0111))
568 if (stat(pathname, &statbuf) < 0) {
569 fprintf(stderr, "%s: %s: command not found\n",
573 strace_child = pid = fork();
575 perror("strace: fork");
579 if ((pid != 0 && daemonized_tracer) /* parent: to become a traced process */
580 || (pid == 0 && !daemonized_tracer) /* child: to become a traced process */
584 if (outf != stderr) close (fileno (outf));
586 /* Kludge for SGI, see proc_open for details. */
587 sa.sa_handler = foobar;
589 sigemptyset(&sa.sa_mask);
590 sigaction(SIGINT, &sa, NULL);
595 kill(pid, SIGSTOP); /* stop HERE */
597 #else /* !USE_PROCFS */
599 close(fileno (outf));
601 if (!daemonized_tracer) {
602 if (ptrace(PTRACE_TRACEME, 0, (char *) 1, 0) < 0) {
603 perror("strace: ptrace(PTRACE_TRACEME, ...)");
610 if (username != NULL || geteuid() == 0) {
611 uid_t run_euid = run_uid;
612 gid_t run_egid = run_gid;
614 if (statbuf.st_mode & S_ISUID)
615 run_euid = statbuf.st_uid;
616 if (statbuf.st_mode & S_ISGID)
617 run_egid = statbuf.st_gid;
620 * It is important to set groups before we
621 * lose privileges on setuid.
623 if (username != NULL) {
624 if (initgroups(username, run_gid) < 0) {
625 perror("initgroups");
628 if (setregid(run_gid, run_egid) < 0) {
632 if (setreuid(run_uid, run_euid) < 0) {
639 setreuid(run_uid, run_uid);
641 if (!daemonized_tracer) {
643 * Induce an immediate stop so that the parent
644 * will resume us with PTRACE_SYSCALL and display
645 * this execve call normally.
646 * Unless of course we're on a no-MMU system where
647 * we vfork()-ed, so we cannot stop the child.
650 kill(getpid(), SIGSTOP);
652 struct sigaction sv_sigchld;
653 sigaction(SIGCHLD, NULL, &sv_sigchld);
655 * Make sure it is not SIG_IGN, otherwise wait
658 signal(SIGCHLD, SIG_DFL);
660 * Wait for grandchild to attach to us.
661 * It kills child after that, and wait() unblocks.
666 sigaction(SIGCHLD, &sv_sigchld, NULL);
668 #endif /* !USE_PROCFS */
670 execv(pathname, argv);
671 perror("strace: exec");
675 /* We are the tracer. */
676 tcp = alloctcb(daemonized_tracer ? getppid() : pid);
677 if (daemonized_tracer) {
678 /* We want subsequent startup_attach() to attach to it. */
679 tcp->flags |= TCB_ATTACHED;
682 if (proc_open(tcp, 0) < 0) {
683 fprintf(stderr, "trouble opening proc file\n");
687 #endif /* USE_PROCFS */
692 * Test whether the kernel support PTRACE_O_TRACECLONE et al options.
693 * First fork a new child, call ptrace with PTRACE_SETOPTIONS on it,
694 * and then see which options are supported by the kernel.
697 test_ptrace_setoptions(void)
699 int pid, expected_grandchild = 0, found_grandchild = 0;
700 const unsigned int test_options = PTRACE_O_TRACECLONE |
704 if ((pid = fork()) < 0)
707 if (ptrace(PTRACE_TRACEME, 0, (char *)1, 0) < 0)
709 kill(getpid(), SIGSTOP);
714 int status, tracee_pid;
716 tracee_pid = wait(&status);
717 if (tracee_pid == -1) {
720 else if (errno == ECHILD)
722 perror("test_ptrace_setoptions");
725 if (tracee_pid != pid) {
726 found_grandchild = tracee_pid;
727 if (ptrace(PTRACE_CONT, tracee_pid, 0, 0) < 0 &&
729 kill(tracee_pid, SIGKILL);
731 else if (WIFSTOPPED(status)) {
732 switch (WSTOPSIG(status)) {
734 if (ptrace(PTRACE_SETOPTIONS, pid,
735 NULL, test_options) < 0) {
741 if (status >> 16 == PTRACE_EVENT_FORK) {
744 if (ptrace(PTRACE_GETEVENTMSG, pid,
745 NULL, (long) &msg) == 0)
746 expected_grandchild = msg;
750 if (ptrace(PTRACE_SYSCALL, pid, 0, 0) < 0 &&
755 if (expected_grandchild && expected_grandchild == found_grandchild)
756 ptrace_setoptions |= test_options;
762 main(int argc, char *argv[])
769 static char buf[BUFSIZ];
771 progname = argv[0] ? argv[0] : "strace";
773 /* Allocate the initial tcbtab. */
774 tcbtabsize = argc; /* Surely enough for all -p args. */
775 if ((tcbtab = calloc(tcbtabsize, sizeof tcbtab[0])) == NULL) {
776 fprintf(stderr, "%s: out of memory\n", progname);
779 if ((tcbtab[0] = calloc(tcbtabsize, sizeof tcbtab[0][0])) == NULL) {
780 fprintf(stderr, "%s: out of memory\n", progname);
783 for (tcp = tcbtab[0]; tcp < &tcbtab[0][tcbtabsize]; ++tcp)
784 tcbtab[tcp - tcbtab[0]] = &tcbtab[0][tcp - tcbtab[0]];
788 set_sortby(DEFAULT_SORTBY);
789 set_personality(DEFAULT_PERSONALITY);
790 qualify("trace=all");
791 qualify("abbrev=all");
792 qualify("verbose=all");
793 qualify("signal=all");
794 while ((c = getopt(argc, argv,
799 "a:e:o:O:p:s:S:u:E:")) != EOF) {
802 if (cflag == CFLAG_BOTH) {
803 fprintf(stderr, "%s: -c and -C are mutually exclusive options\n",
807 cflag = CFLAG_ONLY_STATS;
810 if (cflag == CFLAG_ONLY_STATS) {
811 fprintf(stderr, "%s: -c and -C are mutually exclusive options\n",
822 daemonized_tracer = 1;
854 qualify("abbrev=none");
857 printf("%s -- version %s\n", PACKAGE_NAME, VERSION);
861 not_failing_only = 1;
864 acolumn = atoi(optarg);
870 outfname = strdup(optarg);
873 set_overhead(atoi(optarg));
876 if ((pid = atoi(optarg)) <= 0) {
877 fprintf(stderr, "%s: Invalid process id: %s\n",
881 if (pid == getpid()) {
882 fprintf(stderr, "%s: I'm sorry, I can't let you do that, Dave.\n", progname);
885 tcp = alloc_tcb(pid, 0);
886 tcp->flags |= TCB_ATTACHED;
890 max_strlen = atoi(optarg);
891 if (max_strlen < 0) {
893 "%s: invalid -s argument: %s\n",
902 username = strdup(optarg);
905 if (putenv(optarg) < 0) {
906 fprintf(stderr, "%s: out of memory\n",
917 if ((optind == argc) == !pflag_seen)
920 if (pflag_seen && daemonized_tracer) {
922 "%s: -D and -p are mutually exclusive options\n",
930 if (followfork > 1 && cflag) {
932 "%s: (-c or -C) and -ff are mutually exclusive options\n",
937 /* See if they want to run as another user. */
938 if (username != NULL) {
941 if (getuid() != 0 || geteuid() != 0) {
943 "%s: you must be root to use the -u option\n",
947 if ((pent = getpwnam(username)) == NULL) {
948 fprintf(stderr, "%s: cannot find user `%s'\n",
952 run_uid = pent->pw_uid;
953 run_gid = pent->pw_gid;
962 if (test_ptrace_setoptions() < 0) {
964 "Test for options supported by PTRACE_SETOPTIONS "
965 "failed, giving up using this feature.\n");
966 ptrace_setoptions = 0;
969 fprintf(stderr, "ptrace_setoptions = %#x\n",
974 /* Check if they want to redirect the output. */
976 /* See if they want to pipe the output. */
977 if (outfname[0] == '|' || outfname[0] == '!') {
979 * We can't do the <outfname>.PID funny business
980 * when using popen, so prohibit it.
982 if (followfork > 1) {
984 %s: piping the output and -ff are mutually exclusive options\n",
989 if ((outf = strace_popen(outfname + 1)) == NULL)
992 else if (followfork <= 1 &&
993 (outf = strace_fopen(outfname, "w")) == NULL)
997 if (!outfname || outfname[0] == '|' || outfname[0] == '!')
998 setvbuf(outf, buf, _IOLBF, BUFSIZ);
999 if (outfname && optind < argc) {
1004 /* Valid states here:
1005 optind < argc pflag_seen outfname interactive
1012 /* STARTUP_CHILD must be called before the signal handlers get
1013 installed below as they are inherited into the spawned process.
1014 Also we do not need to be protected by them as during interruption
1015 in the STARTUP_CHILD mode we kill the spawned process anyway. */
1017 startup_child(&argv[optind]);
1019 sigemptyset(&empty_set);
1020 sigemptyset(&blocked_set);
1021 sa.sa_handler = SIG_IGN;
1022 sigemptyset(&sa.sa_mask);
1024 sigaction(SIGTTOU, &sa, NULL);
1025 sigaction(SIGTTIN, &sa, NULL);
1027 sigaddset(&blocked_set, SIGHUP);
1028 sigaddset(&blocked_set, SIGINT);
1029 sigaddset(&blocked_set, SIGQUIT);
1030 sigaddset(&blocked_set, SIGPIPE);
1031 sigaddset(&blocked_set, SIGTERM);
1032 sa.sa_handler = interrupt;
1034 /* POSIX signals on sunos4.1 are a little broken. */
1035 sa.sa_flags = SA_INTERRUPT;
1038 sigaction(SIGHUP, &sa, NULL);
1039 sigaction(SIGINT, &sa, NULL);
1040 sigaction(SIGQUIT, &sa, NULL);
1041 sigaction(SIGPIPE, &sa, NULL);
1042 sigaction(SIGTERM, &sa, NULL);
1044 sa.sa_handler = reaper;
1045 sigaction(SIGCHLD, &sa, NULL);
1047 /* Make sure SIGCHLD has the default action so that waitpid
1048 definitely works without losing track of children. The user
1049 should not have given us a bogus state to inherit, but he might
1050 have. Arguably we should detect SIG_IGN here and pass it on
1051 to children, but probably noone really needs that. */
1052 sa.sa_handler = SIG_DFL;
1053 sigaction(SIGCHLD, &sa, NULL);
1054 #endif /* USE_PROCFS */
1056 if (pflag_seen || daemonized_tracer)
1063 if (exit_code > 0xff) {
1064 /* Child was killed by a signal, mimic that. */
1066 signal(exit_code, SIG_DFL);
1068 /* Paranoia - what if this signal is not fatal?
1069 Exit with 128 + signo then. */
1078 /* Allocate some more TCBs and expand the table.
1079 We don't want to relocate the TCBs because our
1080 callers have pointers and it would be a pain.
1081 So tcbtab is a table of pointers. Since we never
1082 free the TCBs, we allocate a single chunk of many. */
1083 struct tcb **newtab = (struct tcb **)
1084 realloc(tcbtab, 2 * tcbtabsize * sizeof tcbtab[0]);
1085 struct tcb *newtcbs = (struct tcb *) calloc(tcbtabsize,
1088 if (newtab == NULL || newtcbs == NULL) {
1089 fprintf(stderr, "%s: expand_tcbtab: out of memory\n",
1094 for (i = tcbtabsize; i < 2 * tcbtabsize; ++i)
1095 newtab[i] = &newtcbs[i - tcbtabsize];
1101 alloc_tcb(int pid, int command_options_parsed)
1106 if (nprocs == tcbtabsize)
1109 for (i = 0; i < tcbtabsize; i++) {
1111 if ((tcp->flags & TCB_INUSE) == 0) {
1116 #ifdef TCB_CLONE_THREAD
1117 tcp->nclone_threads = 0;
1118 tcp->nclone_waiting = 0;
1120 tcp->flags = TCB_INUSE | TCB_STARTUP;
1121 tcp->outf = outf; /* Initialise to current out file */
1123 tcp->stime.tv_sec = 0;
1124 tcp->stime.tv_usec = 0;
1127 if (command_options_parsed)
1132 fprintf(stderr, "%s: bug in alloc_tcb\n", progname);
1139 proc_open(struct tcb *tcp, int attaching)
1149 #ifndef HAVE_POLLABLE_PROCFS
1150 static int last_pfd;
1153 #ifdef HAVE_MP_PROCFS
1154 /* Open the process pseudo-files in /proc. */
1155 sprintf(proc, "/proc/%d/ctl", tcp->pid);
1156 if ((tcp->pfd = open(proc, O_WRONLY|O_EXCL)) < 0) {
1157 perror("strace: open(\"/proc/...\", ...)");
1160 if (set_cloexec_flag(tcp->pfd) < 0) {
1163 sprintf(proc, "/proc/%d/status", tcp->pid);
1164 if ((tcp->pfd_stat = open(proc, O_RDONLY|O_EXCL)) < 0) {
1165 perror("strace: open(\"/proc/...\", ...)");
1168 if (set_cloexec_flag(tcp->pfd_stat) < 0) {
1171 sprintf(proc, "/proc/%d/as", tcp->pid);
1172 if ((tcp->pfd_as = open(proc, O_RDONLY|O_EXCL)) < 0) {
1173 perror("strace: open(\"/proc/...\", ...)");
1176 if (set_cloexec_flag(tcp->pfd_as) < 0) {
1180 /* Open the process pseudo-file in /proc. */
1182 sprintf(proc, "/proc/%d", tcp->pid);
1183 tcp->pfd = open(proc, O_RDWR|O_EXCL);
1185 sprintf(proc, "/proc/%d/mem", tcp->pid);
1186 tcp->pfd = open(proc, O_RDWR);
1187 #endif /* FREEBSD */
1189 perror("strace: open(\"/proc/...\", ...)");
1192 if (set_cloexec_flag(tcp->pfd) < 0) {
1197 sprintf(proc, "/proc/%d/regs", tcp->pid);
1198 if ((tcp->pfd_reg = open(proc, O_RDONLY)) < 0) {
1199 perror("strace: open(\"/proc/.../regs\", ...)");
1203 sprintf(proc, "/proc/%d/status", tcp->pid);
1204 if ((tcp->pfd_status = open(proc, O_RDONLY)) < 0) {
1205 perror("strace: open(\"/proc/.../status\", ...)");
1209 tcp->pfd_status = -1;
1210 #endif /* FREEBSD */
1214 * Wait for the child to pause. Because of a race
1215 * condition we have to poll for the event.
1218 if (IOCTL_STATUS (tcp) < 0) {
1219 perror("strace: PIOCSTATUS");
1222 if (tcp->status.PR_FLAGS & PR_ASLEEP)
1227 /* Stop the process so that we own the stop. */
1228 if (IOCTL(tcp->pfd, PIOCSTOP, (char *)NULL) < 0) {
1229 perror("strace: PIOCSTOP");
1234 /* Set Run-on-Last-Close. */
1236 if (IOCTL(tcp->pfd, PIOCSET, &arg) < 0) {
1237 perror("PIOCSET PR_RLC");
1240 /* Set or Reset Inherit-on-Fork. */
1242 if (IOCTL(tcp->pfd, followfork ? PIOCSET : PIOCRESET, &arg) < 0) {
1243 perror("PIOC{SET,RESET} PR_FORK");
1246 #else /* !PIOCSET */
1248 if (ioctl(tcp->pfd, PIOCSRLC) < 0) {
1252 if (ioctl(tcp->pfd, followfork ? PIOCSFORK : PIOCRFORK) < 0) {
1253 perror("PIOC{S,R}FORK");
1257 /* just unset the PF_LINGER flag for the Run-on-Last-Close. */
1258 if (ioctl(tcp->pfd, PIOCGFL, &arg) < 0) {
1263 if (ioctl(tcp->pfd, PIOCSFL, arg) < 0) {
1267 #endif /* FREEBSD */
1268 #endif /* !PIOCSET */
1270 /* Enable all syscall entries we care about. */
1271 premptyset(&syscalls);
1272 for (i = 1; i < MAX_QUALS; ++i) {
1273 if (i > (sizeof syscalls) * CHAR_BIT) break;
1274 if (qual_flags [i] & QUAL_TRACE) praddset (&syscalls, i);
1276 praddset (&syscalls, SYS_execve);
1278 praddset (&syscalls, SYS_fork);
1280 praddset (&syscalls, SYS_forkall);
1283 praddset (&syscalls, SYS_fork1);
1286 praddset (&syscalls, SYS_rfork1);
1289 praddset (&syscalls, SYS_rforkall);
1292 if (IOCTL(tcp->pfd, PIOCSENTRY, &syscalls) < 0) {
1293 perror("PIOCSENTRY");
1296 /* Enable the syscall exits. */
1297 if (IOCTL(tcp->pfd, PIOCSEXIT, &syscalls) < 0) {
1301 /* Enable signals we care about. */
1302 premptyset(&signals);
1303 for (i = 1; i < MAX_QUALS; ++i) {
1304 if (i > (sizeof signals) * CHAR_BIT) break;
1305 if (qual_flags [i] & QUAL_SIGNAL) praddset (&signals, i);
1307 if (IOCTL(tcp->pfd, PIOCSTRACE, &signals) < 0) {
1308 perror("PIOCSTRACE");
1311 /* Enable faults we care about */
1312 premptyset(&faults);
1313 for (i = 1; i < MAX_QUALS; ++i) {
1314 if (i > (sizeof faults) * CHAR_BIT) break;
1315 if (qual_flags [i] & QUAL_FAULT) praddset (&faults, i);
1317 if (IOCTL(tcp->pfd, PIOCSFAULT, &faults) < 0) {
1318 perror("PIOCSFAULT");
1322 /* set events flags. */
1323 arg = S_SIG | S_SCE | S_SCX ;
1324 if(ioctl(tcp->pfd, PIOCBIS, arg) < 0) {
1328 #endif /* FREEBSD */
1332 * The SGI PRSABORT doesn't work for pause() so
1333 * we send it a caught signal to wake it up.
1335 kill(tcp->pid, SIGINT);
1338 /* The child is in a pause(), abort it. */
1340 if (IOCTL (tcp->pfd, PIOCRUN, &arg) < 0) {
1347 /* wake up the child if it received the SIGSTOP */
1348 kill(tcp->pid, SIGCONT);
1351 /* Wait for the child to do something. */
1352 if (IOCTL_WSTOP (tcp) < 0) {
1353 perror("PIOCWSTOP");
1356 if (tcp->status.PR_WHY == PR_SYSENTRY) {
1357 tcp->flags &= ~TCB_INSYSCALL;
1359 if (known_scno(tcp) == SYS_execve)
1362 /* Set it running: maybe execve will be next. */
1365 if (IOCTL(tcp->pfd, PIOCRUN, &arg) < 0) {
1367 if (IOCTL(tcp->pfd, PIOCRUN, 0) < 0) {
1368 #endif /* FREEBSD */
1373 /* handle the case where we "opened" the child before
1374 it did the kill -STOP */
1375 if (tcp->status.PR_WHY == PR_SIGNALLED &&
1376 tcp->status.PR_WHAT == SIGSTOP)
1377 kill(tcp->pid, SIGCONT);
1384 if (attaching < 2) {
1385 /* We are attaching to an already running process.
1386 * Try to figure out the state of the process in syscalls,
1387 * to handle the first event well.
1388 * This is done by having a look at the "wchan" property of the
1389 * process, which tells where it is stopped (if it is). */
1391 char wchan[20]; /* should be enough */
1393 sprintf(proc, "/proc/%d/status", tcp->pid);
1394 status = fopen(proc, "r");
1396 (fscanf(status, "%*s %*d %*d %*d %*d %*d,%*d %*s %*d,%*d"
1397 "%*d,%*d %*d,%*d %19s", wchan) == 1) &&
1398 strcmp(wchan, "nochan") && strcmp(wchan, "spread") &&
1399 strcmp(wchan, "stopevent")) {
1400 /* The process is asleep in the middle of a syscall.
1401 Fake the syscall entry event */
1402 tcp->flags &= ~(TCB_INSYSCALL|TCB_STARTUP);
1403 tcp->status.PR_WHY = PR_SYSENTRY;
1408 } /* otherwise it's a fork being followed */
1410 #endif /* FREEBSD */
1411 #ifndef HAVE_POLLABLE_PROCFS
1412 if (proc_poll_pipe[0] != -1)
1413 proc_poller(tcp->pfd);
1414 else if (nprocs > 1) {
1416 proc_poller(last_pfd);
1417 proc_poller(tcp->pfd);
1419 last_pfd = tcp->pfd;
1420 #endif /* !HAVE_POLLABLE_PROCFS */
1424 #endif /* USE_PROCFS */
1434 for (i = 0; i < tcbtabsize; i++) {
1435 struct tcb *tcp = tcbtab[i];
1436 if (tcp->pid == pid && (tcp->flags & TCB_INUSE))
1446 first_used_tcb(void)
1450 for (i = 0; i < tcbtabsize; i++) {
1452 if (tcp->flags & TCB_INUSE)
1464 for (i = 0; i < tcbtabsize; i++) {
1465 struct tcb *tcp = tcbtab[i];
1466 if (tcp->pfd != pfd)
1468 if (tcp->flags & TCB_INUSE)
1474 #endif /* USE_PROCFS */
1482 #ifdef TCB_CLONE_THREAD
1483 if (tcp->nclone_threads > 0) {
1484 /* There are other threads left in this process, but this
1485 is the one whose PID represents the whole process.
1486 We need to keep this record around as a zombie until
1487 all the threads die. */
1488 tcp->flags |= TCB_EXITING;
1495 if (tcp->parent != NULL) {
1496 tcp->parent->nchildren--;
1497 #ifdef TCB_CLONE_THREAD
1498 if (tcp->flags & TCB_CLONE_THREAD)
1499 tcp->parent->nclone_threads--;
1501 tcp->parent->nzombies++;
1503 /* Update `tcp->parent->parent->nchildren' and the other fields
1504 like NCLONE_DETACHED, only for zombie group leader that has
1505 already reported and been short-circuited at the top of this
1506 function. The same condition as at the top of DETACH. */
1507 if ((tcp->flags & TCB_CLONE_THREAD) &&
1508 tcp->parent->nclone_threads == 0 &&
1509 (tcp->parent->flags & TCB_EXITING))
1510 droptcb(tcp->parent);
1516 if (tcp->pfd != -1) {
1520 if (tcp->pfd_reg != -1) {
1521 close(tcp->pfd_reg);
1524 if (tcp->pfd_status != -1) {
1525 close(tcp->pfd_status);
1526 tcp->pfd_status = -1;
1528 #endif /* !FREEBSD */
1530 rebuild_pollv(); /* Note, flags needs to be cleared by now. */
1534 if (outfname && followfork > 1 && tcp->outf)
1549 if (!(tcp->flags & TCB_SUSPENDED)) {
1550 fprintf(stderr, "PANIC: pid %u not suspended\n", tcp->pid);
1553 tcp->flags &= ~TCB_SUSPENDED;
1554 #ifdef TCB_CLONE_THREAD
1555 if (tcp->flags & TCB_CLONE_THREAD)
1556 tcp->parent->nclone_waiting--;
1559 if (ptrace_restart(PTRACE_SYSCALL, tcp, 0) < 0)
1563 fprintf(stderr, "Process %u resumed\n", tcp->pid);
1568 resume_from_tcp (struct tcb *tcp)
1573 /* XXX This won't always be quite right (but it never was).
1574 A waiter with argument 0 or < -1 is waiting for any pid in
1575 a particular pgrp, which this child might or might not be
1576 in. The waiter will only wake up if it's argument is -1
1577 or if it's waiting for tcp->pid's pgrp. It makes a
1578 difference to wake up a waiter when there might be more
1579 traced children, because it could get a false ECHILD
1580 error. OTOH, if this was the last child in the pgrp, then
1581 it ought to wake up and get ECHILD. We would have to
1582 search the system for all pid's in the pgrp to be sure.
1584 && (t->waitpid == -1 ||
1585 (t->waitpid == 0 && getpgid (tcp->pid) == getpgid (t->pid))
1586 || (t->waitpid < 0 && t->waitpid == -getpid (t->pid)))
1590 (tcp->parent->flags & TCB_SUSPENDED) &&
1591 (tcp->parent->waitpid <= 0 || tcp->parent->waitpid == tcp->pid)) {
1592 error = resume(tcp->parent);
1595 #ifdef TCB_CLONE_THREAD
1596 if (tcp->parent && tcp->parent->nclone_waiting > 0) {
1597 /* Some other threads of our parent are waiting too. */
1600 /* Resume all the threads that were waiting for this PID. */
1601 for (i = 0; i < tcbtabsize; i++) {
1602 struct tcb *t = tcbtab[i];
1603 if (t->parent == tcp->parent && t != tcp
1604 && ((t->flags & (TCB_CLONE_THREAD|TCB_SUSPENDED))
1605 == (TCB_CLONE_THREAD|TCB_SUSPENDED))
1606 && t->waitpid == tcp->pid) {
1607 error |= resume (t);
1612 /* Noone was waiting for this PID in particular,
1613 so now we might need to resume some wildcarders. */
1614 for (i = 0; i < tcbtabsize; i++) {
1615 struct tcb *t = tcbtab[i];
1616 if (t->parent == tcp->parent && t != tcp
1618 & (TCB_CLONE_THREAD|TCB_SUSPENDED))
1619 == (TCB_CLONE_THREAD|TCB_SUSPENDED))
1622 error |= resume (t);
1632 #endif /* !USE_PROCFS */
1634 /* detach traced process; continue with sig
1635 Never call DETACH twice on the same process as both unattached and
1636 attached-unstopped processes give the same ESRCH. For unattached process we
1637 would SIGSTOP it and wait for its SIGSTOP notification forever. */
1646 int status, catch_sigstop;
1647 struct tcb *zombie = NULL;
1649 /* If the group leader is lingering only because of this other
1650 thread now dying, then detach the leader as well. */
1651 if ((tcp->flags & TCB_CLONE_THREAD) &&
1652 tcp->parent->nclone_threads == 1 &&
1653 (tcp->parent->flags & TCB_EXITING))
1654 zombie = tcp->parent;
1657 if (tcp->flags & TCB_BPTSET)
1662 * Linux wrongly insists the child be stopped
1663 * before detaching. Arghh. We go through hoops
1664 * to make a clean break of things.
1667 #undef PTRACE_DETACH
1668 #define PTRACE_DETACH PTRACE_SUNDETACH
1671 * On TCB_STARTUP we did PTRACE_ATTACH but still did not get the
1672 * expected SIGSTOP. We must catch exactly one as otherwise the
1673 * detached process would be left stopped (process state T).
1675 catch_sigstop = (tcp->flags & TCB_STARTUP);
1676 if ((error = ptrace(PTRACE_DETACH, tcp->pid, (char *) 1, sig)) == 0) {
1677 /* On a clear day, you can see forever. */
1679 else if (errno != ESRCH) {
1680 /* Shouldn't happen. */
1681 perror("detach: ptrace(PTRACE_DETACH, ...)");
1683 else if (my_tgkill((tcp->flags & TCB_CLONE_THREAD ? tcp->parent->pid
1687 perror("detach: checking sanity");
1689 else if (!catch_sigstop && my_tgkill((tcp->flags & TCB_CLONE_THREAD
1690 ? tcp->parent->pid : tcp->pid),
1691 tcp->pid, SIGSTOP) < 0) {
1693 perror("detach: stopping child");
1697 if (catch_sigstop) {
1700 if (wait4(tcp->pid, &status, __WALL, NULL) < 0) {
1701 if (errno == ECHILD) /* Already gone. */
1703 if (errno != EINVAL) {
1704 perror("detach: waiting");
1708 /* No __WALL here. */
1709 if (waitpid(tcp->pid, &status, 0) < 0) {
1710 if (errno != ECHILD) {
1711 perror("detach: waiting");
1715 /* If no processes, try clones. */
1716 if (wait4(tcp->pid, &status, __WCLONE,
1718 if (errno != ECHILD)
1719 perror("detach: waiting");
1722 #endif /* __WCLONE */
1727 if (!WIFSTOPPED(status)) {
1728 /* Au revoir, mon ami. */
1731 if (WSTOPSIG(status) == SIGSTOP) {
1732 ptrace_restart(PTRACE_DETACH, tcp, sig);
1735 error = ptrace_restart(PTRACE_CONT, tcp,
1736 WSTOPSIG(status) == SIGTRAP ? 0
1737 : WSTOPSIG(status));
1745 /* PTRACE_DETACH won't respect `sig' argument, so we post it here. */
1746 if (sig && kill(tcp->pid, sig) < 0)
1747 perror("detach: kill");
1749 error = ptrace_restart(PTRACE_DETACH, tcp, sig);
1753 error |= resume_from_tcp (tcp);
1757 fprintf(stderr, "Process %u detached\n", tcp->pid);
1762 if (zombie != NULL) {
1763 /* TCP no longer exists therefore you must not detach () it. */
1773 static void reaper(int sig)
1778 while ((pid = waitpid(-1, &status, WNOHANG)) > 0) {
1782 #endif /* USE_PROCFS */
1790 for (i = 0; i < tcbtabsize; i++) {
1792 if (!(tcp->flags & TCB_INUSE))
1796 "cleanup: looking at pid %u\n", tcp->pid);
1798 (!outfname || followfork < 2 || tcp_last == tcp)) {
1799 tprintf(" <unfinished ...>");
1802 if (tcp->flags & TCB_ATTACHED)
1805 kill(tcp->pid, SIGCONT);
1806 kill(tcp->pid, SIGTERM);
1820 #ifndef HAVE_STRERROR
1822 #if !HAVE_DECL_SYS_ERRLIST
1823 extern int sys_nerr;
1824 extern char *sys_errlist[];
1825 #endif /* HAVE_DECL_SYS_ERRLIST */
1831 static char buf[64];
1833 if (errno < 1 || errno >= sys_nerr) {
1834 sprintf(buf, "Unknown error %d", errno);
1837 return sys_errlist[errno];
1840 #endif /* HAVE_STERRROR */
1842 #ifndef HAVE_STRSIGNAL
1844 #if defined HAVE_SYS_SIGLIST && !defined HAVE_DECL_SYS_SIGLIST
1845 extern char *sys_siglist[];
1847 #if defined HAVE_SYS__SIGLIST && !defined HAVE_DECL__SYS_SIGLIST
1848 extern char *_sys_siglist[];
1855 static char buf[64];
1857 if (sig < 1 || sig >= NSIG) {
1858 sprintf(buf, "Unknown signal %d", sig);
1861 #ifdef HAVE__SYS_SIGLIST
1862 return _sys_siglist[sig];
1864 return sys_siglist[sig];
1868 #endif /* HAVE_STRSIGNAL */
1879 pollv = (struct pollfd *) malloc(nprocs * sizeof pollv[0]);
1880 if (pollv == NULL) {
1881 fprintf(stderr, "%s: out of memory\n", progname);
1885 for (i = j = 0; i < tcbtabsize; i++) {
1886 struct tcb *tcp = tcbtab[i];
1887 if (!(tcp->flags & TCB_INUSE))
1889 pollv[j].fd = tcp->pfd;
1890 pollv[j].events = POLLWANT;
1894 fprintf(stderr, "strace: proc miscount\n");
1899 #ifndef HAVE_POLLABLE_PROCFS
1906 if (pipe(proc_poll_pipe) < 0) {
1910 for (i = 0; i < 2; i++) {
1911 if (set_cloexec_flag(proc_poll_pipe[i]) < 0) {
1918 proc_poll(pollv, nfds, timeout)
1919 struct pollfd *pollv;
1925 struct proc_pollfd pollinfo;
1927 if ((n = read(proc_poll_pipe[0], &pollinfo, sizeof(pollinfo))) < 0)
1929 if (n != sizeof(struct proc_pollfd)) {
1930 fprintf(stderr, "panic: short read: %d\n", n);
1933 for (i = 0; i < nprocs; i++) {
1934 if (pollv[i].fd == pollinfo.fd)
1935 pollv[i].revents = pollinfo.revents;
1937 pollv[i].revents = 0;
1939 poller_pid = pollinfo.pid;
1953 struct proc_pollfd pollinfo;
1954 struct sigaction sa;
1955 sigset_t blocked_set, empty_set;
1960 struct procfs_status pfs;
1961 #endif /* FREEBSD */
1973 sa.sa_handler = interactive ? SIG_DFL : SIG_IGN;
1975 sigemptyset(&sa.sa_mask);
1976 sigaction(SIGHUP, &sa, NULL);
1977 sigaction(SIGINT, &sa, NULL);
1978 sigaction(SIGQUIT, &sa, NULL);
1979 sigaction(SIGPIPE, &sa, NULL);
1980 sigaction(SIGTERM, &sa, NULL);
1981 sa.sa_handler = wakeup_handler;
1982 sigaction(SIGUSR1, &sa, NULL);
1983 sigemptyset(&blocked_set);
1984 sigaddset(&blocked_set, SIGUSR1);
1985 sigprocmask(SIG_BLOCK, &blocked_set, NULL);
1986 sigemptyset(&empty_set);
1988 if (getrlimit(RLIMIT_NOFILE, &rl) < 0) {
1989 perror("getrlimit(RLIMIT_NOFILE, ...)");
1993 for (i = 0; i < n; i++) {
1994 if (i != pfd && i != proc_poll_pipe[1])
1999 pollinfo.pid = getpid();
2002 if (ioctl(pfd, PIOCWSTOP, NULL) < 0)
2004 if (ioctl(pfd, PIOCWSTOP, &pfs) < 0)
2011 pollinfo.revents = POLLERR;
2014 pollinfo.revents = POLLHUP;
2017 perror("proc_poller: PIOCWSTOP");
2019 write(proc_poll_pipe[1], &pollinfo, sizeof(pollinfo));
2022 pollinfo.revents = POLLWANT;
2023 write(proc_poll_pipe[1], &pollinfo, sizeof(pollinfo));
2024 sigsuspend(&empty_set);
2028 #endif /* !HAVE_POLLABLE_PROCFS */
2038 if (followfork < 2 &&
2039 last < nprocs && (pollv[last].revents & POLLWANT)) {
2041 * The previous process is ready to run again. We'll
2042 * let it do so if it is currently in a syscall. This
2043 * heuristic improves the readability of the trace.
2045 tcp = pfd2tcb(pollv[last].fd);
2046 if (tcp && (tcp->flags & TCB_INSYSCALL))
2047 return pollv[last].fd;
2050 for (i = 0; i < nprocs; i++) {
2051 /* Let competing children run round robin. */
2052 j = (i + last + 1) % nprocs;
2053 if (pollv[j].revents & (POLLHUP | POLLERR)) {
2054 tcp = pfd2tcb(pollv[j].fd);
2056 fprintf(stderr, "strace: lost proc\n");
2062 if (pollv[j].revents & POLLWANT) {
2067 fprintf(stderr, "strace: nothing ready\n");
2075 struct tcb *in_syscall = NULL;
2080 int ioctl_result = 0, ioctl_errno = 0;
2085 sigprocmask(SIG_SETMASK, &empty_set, NULL);
2092 #ifndef HAVE_POLLABLE_PROCFS
2093 if (proc_poll_pipe[0] == -1) {
2095 tcp = first_used_tcb();
2102 #ifndef HAVE_POLLABLE_PROCFS
2104 /* fall through ... */
2105 #endif /* !HAVE_POLLABLE_PROCFS */
2107 #ifdef HAVE_POLLABLE_PROCFS
2109 /* On some systems (e.g. UnixWare) we get too much ugly
2110 "unfinished..." stuff when multiple proceses are in
2111 syscalls. Here's a nasty hack */
2118 pv.events = POLLWANT;
2119 if ((what = poll (&pv, 1, 1)) < 0) {
2124 else if (what == 1 && pv.revents & POLLWANT) {
2130 if (poll(pollv, nprocs, INFTIM) < 0) {
2135 #else /* !HAVE_POLLABLE_PROCFS */
2136 if (proc_poll(pollv, nprocs, INFTIM) < 0) {
2141 #endif /* !HAVE_POLLABLE_PROCFS */
2148 /* Look up `pfd' in our table. */
2149 if ((tcp = pfd2tcb(pfd)) == NULL) {
2150 fprintf(stderr, "unknown pfd: %u\n", pfd);
2156 /* Get the status of the process. */
2159 ioctl_result = IOCTL_WSTOP (tcp);
2161 /* Thanks to some scheduling mystery, the first poller
2162 sometimes waits for the already processed end of fork
2163 event. Doing a non blocking poll here solves the problem. */
2164 if (proc_poll_pipe[0] != -1)
2165 ioctl_result = IOCTL_STATUS (tcp);
2167 ioctl_result = IOCTL_WSTOP (tcp);
2168 #endif /* FREEBSD */
2169 ioctl_errno = errno;
2170 #ifndef HAVE_POLLABLE_PROCFS
2171 if (proc_poll_pipe[0] != -1) {
2172 if (ioctl_result < 0)
2173 kill(poller_pid, SIGKILL);
2175 kill(poller_pid, SIGUSR1);
2177 #endif /* !HAVE_POLLABLE_PROCFS */
2183 sigprocmask(SIG_BLOCK, &blocked_set, NULL);
2185 if (ioctl_result < 0) {
2186 /* Find out what happened if it failed. */
2187 switch (ioctl_errno) {
2198 perror("PIOCWSTOP");
2204 if ((tcp->flags & TCB_STARTUP) && (tcp->status.PR_WHY == PR_SYSEXIT)) {
2205 /* discard first event for a syscall we never entered */
2206 IOCTL (tcp->pfd, PIOCRUN, 0);
2211 /* clear the just started flag */
2212 tcp->flags &= ~TCB_STARTUP;
2214 /* set current output file */
2216 curcol = tcp->curcol;
2219 struct timeval stime;
2224 if ((len = pread(tcp->pfd_status, buf, sizeof(buf) - 1, 0)) > 0) {
2227 "%*s %*d %*d %*d %*d %*d,%*d %*s %*d,%*d %*d,%*d %ld,%ld",
2228 &stime.tv_sec, &stime.tv_usec);
2230 stime.tv_sec = stime.tv_usec = 0;
2231 #else /* !FREEBSD */
2232 stime.tv_sec = tcp->status.pr_stime.tv_sec;
2233 stime.tv_usec = tcp->status.pr_stime.tv_nsec/1000;
2234 #endif /* !FREEBSD */
2235 tv_sub(&tcp->dtime, &stime, &tcp->stime);
2238 what = tcp->status.PR_WHAT;
2239 switch (tcp->status.PR_WHY) {
2242 if (tcp->status.PR_FLAGS & PR_ASLEEP) {
2243 tcp->status.PR_WHY = PR_SYSENTRY;
2244 if (trace_syscall(tcp) < 0) {
2245 fprintf(stderr, "syscall trouble\n");
2250 #endif /* !FREEBSD */
2256 if (trace_syscall(tcp) < 0) {
2257 fprintf(stderr, "syscall trouble\n");
2262 if (cflag != CFLAG_ONLY_STATS
2263 && (qual_flags[what] & QUAL_SIGNAL)) {
2265 tprintf("--- %s (%s) ---",
2266 signame(what), strsignal(what));
2269 if (tcp->status.PR_INFO.si_signo == what) {
2271 tprintf(" siginfo=");
2272 printsiginfo(&tcp->status.PR_INFO, 1);
2279 if (cflag != CFLAGS_ONLY_STATS
2280 && (qual_flags[what] & QUAL_FAULT)) {
2282 tprintf("=== FAULT %d ===", what);
2287 case 0: /* handle case we polled for nothing */
2291 fprintf(stderr, "odd stop %d\n", tcp->status.PR_WHY);
2295 /* Remember current print column before continuing. */
2296 tcp->curcol = curcol;
2299 if (IOCTL (tcp->pfd, PIOCRUN, &arg) < 0)
2301 if (IOCTL (tcp->pfd, PIOCRUN, 0) < 0)
2311 #else /* !USE_PROCFS */
2313 #ifdef TCB_GROUP_EXITING
2314 /* Handle an exit detach or death signal that is taking all the
2315 related clone threads with it. This is called in three circumstances:
2316 SIG == -1 TCP has already died (TCB_ATTACHED is clear, strace is parent).
2317 SIG == 0 Continuing TCP will perform an exit_group syscall.
2318 SIG == other Continuing TCP with SIG will kill the process.
2321 handle_group_exit(struct tcb *tcp, int sig)
2323 /* We need to locate our records of all the clone threads
2324 related to TCP, either its children or siblings. */
2325 struct tcb *leader = NULL;
2327 if (tcp->flags & TCB_CLONE_THREAD)
2328 leader = tcp->parent;
2331 if (leader != NULL && leader != tcp
2332 && !(leader->flags & TCB_GROUP_EXITING)
2333 && !(tcp->flags & TCB_STARTUP)
2336 "PANIC: handle_group_exit: %d leader %d\n",
2337 tcp->pid, leader ? leader->pid : -1);
2339 /* TCP no longer exists therefore you must not detach() it. */
2341 resume_from_tcp(tcp);
2343 droptcb(tcp); /* Already died. */
2346 /* Mark that we are taking the process down. */
2347 tcp->flags |= TCB_EXITING | TCB_GROUP_EXITING;
2348 if (tcp->flags & TCB_ATTACHED) {
2350 if (leader != NULL && leader != tcp)
2351 leader->flags |= TCB_GROUP_EXITING;
2353 if (ptrace_restart(PTRACE_CONT, tcp, sig) < 0) {
2357 if (leader != NULL) {
2358 leader->flags |= TCB_GROUP_EXITING;
2362 /* The leader will report to us as parent now,
2363 and then we'll get to the SIG==-1 case. */
2374 handle_ptrace_event(int status, struct tcb *tcp)
2376 if (status >> 16 == PTRACE_EVENT_VFORK ||
2377 status >> 16 == PTRACE_EVENT_CLONE ||
2378 status >> 16 == PTRACE_EVENT_FORK) {
2381 if (do_ptrace(PTRACE_GETEVENTMSG, tcp, NULL, &childpid) < 0) {
2382 if (errno != ESRCH) {
2384 %s: handle_ptrace_event: ptrace cannot get new child's pid\n",
2391 return handle_new_child(tcp, childpid, 0);
2407 static int wait4_options = __WALL;
2411 while (nprocs != 0) {
2415 sigprocmask(SIG_SETMASK, &empty_set, NULL);
2418 pid = wait4(-1, &status, wait4_options, cflag ? &ru : NULL);
2419 if (pid < 0 && (wait4_options & __WALL) && errno == EINVAL) {
2420 /* this kernel does not support __WALL */
2421 wait4_options &= ~__WALL;
2423 pid = wait4(-1, &status, wait4_options,
2424 cflag ? &ru : NULL);
2426 if (pid < 0 && !(wait4_options & __WALL) && errno == ECHILD) {
2427 /* most likely a "cloned" process */
2428 pid = wait4(-1, &status, __WCLONE,
2429 cflag ? &ru : NULL);
2431 fprintf(stderr, "strace: clone wait4 "
2432 "failed: %s\n", strerror(errno));
2436 pid = wait4(-1, &status, 0, cflag ? &ru : NULL);
2440 pid = wait(&status);
2444 sigprocmask(SIG_BLOCK, &blocked_set, NULL);
2447 switch (wait_errno) {
2452 * We would like to verify this case
2453 * but sometimes a race in Solbourne's
2454 * version of SunOS sometimes reports
2455 * ECHILD before sending us SIGCHILD.
2460 perror("strace: wait");
2464 if (pid == popen_pid) {
2465 if (WIFEXITED(status) || WIFSIGNALED(status))
2470 fprintf(stderr, " [wait(%#x) = %u]\n", status, pid);
2472 /* Look up `pid' in our table. */
2473 if ((tcp = pid2tcb(pid)) == NULL) {
2476 /* This is needed to go with the CLONE_PTRACE
2477 changes in process.c/util.c: we might see
2478 the child's initial trap before we see the
2479 parent return from the clone syscall.
2480 Leave the child suspended until the parent
2481 returns from its system call. Only then
2482 will we have the association of parent and
2483 child so that we know how to do clearbpt
2485 tcp = alloctcb(pid);
2486 tcp->flags |= TCB_ATTACHED | TCB_SUSPENDED;
2489 Process %d attached (waiting for parent)\n",
2493 /* This can happen if a clone call used
2494 CLONE_PTRACE itself. */
2497 fprintf(stderr, "unknown pid: %u\n", pid);
2498 if (WIFSTOPPED(status))
2499 ptrace(PTRACE_CONT, pid, (char *) 1, 0);
2503 /* set current output file */
2505 curcol = tcp->curcol;
2508 tv_sub(&tcp->dtime, &ru.ru_stime, &tcp->stime);
2509 tcp->stime = ru.ru_stime;
2513 if (tcp->flags & TCB_SUSPENDED) {
2515 * Apparently, doing any ptrace() call on a stopped
2516 * process, provokes the kernel to report the process
2517 * status again on a subsequent wait(), even if the
2518 * process has not been actually restarted.
2519 * Since we have inspected the arguments of suspended
2520 * processes we end up here testing for this case.
2524 if (WIFSIGNALED(status)) {
2525 if (pid == strace_child)
2526 exit_code = 0x100 | WTERMSIG(status);
2527 if (cflag != CFLAG_ONLY_STATS
2528 && (qual_flags[WTERMSIG(status)] & QUAL_SIGNAL)) {
2530 tprintf("+++ killed by %s %s+++",
2531 signame(WTERMSIG(status)),
2533 WCOREDUMP(status) ? "(core dumped) " :
2538 #ifdef TCB_GROUP_EXITING
2539 handle_group_exit(tcp, -1);
2545 if (WIFEXITED(status)) {
2546 if (pid == strace_child)
2547 exit_code = WEXITSTATUS(status);
2549 fprintf(stderr, "pid %u exited with %d\n", pid, WEXITSTATUS(status));
2550 if ((tcp->flags & (TCB_ATTACHED|TCB_STARTUP)) == TCB_ATTACHED
2551 #ifdef TCB_GROUP_EXITING
2552 && !(tcp->parent && (tcp->parent->flags & TCB_GROUP_EXITING))
2553 && !(tcp->flags & TCB_GROUP_EXITING)
2557 "PANIC: attached pid %u exited with %d\n",
2558 pid, WEXITSTATUS(status));
2560 if (tcp == tcp_last) {
2561 if ((tcp->flags & (TCB_INSYSCALL|TCB_REPRINT)) == TCB_INSYSCALL)
2562 tprintf(" <unfinished ... exit status %d>\n",
2563 WEXITSTATUS(status));
2566 #ifdef TCB_GROUP_EXITING
2567 handle_group_exit(tcp, -1);
2573 if (!WIFSTOPPED(status)) {
2574 fprintf(stderr, "PANIC: pid %u not stopped\n", pid);
2579 fprintf(stderr, "pid %u stopped, [%s]\n",
2580 pid, signame(WSTOPSIG(status)));
2582 if (ptrace_setoptions && (status >> 16)) {
2583 if (handle_ptrace_event(status, tcp) != 1)
2588 * Interestingly, the process may stop
2589 * with STOPSIG equal to some other signal
2590 * than SIGSTOP if we happend to attach
2591 * just before the process takes a signal.
2592 * A no-MMU vforked child won't send up a signal,
2593 * so skip the first (lost) execve notification.
2595 if ((tcp->flags & TCB_STARTUP) &&
2596 (WSTOPSIG(status) == SIGSTOP || strace_vforked)) {
2598 * This flag is there to keep us in sync.
2599 * Next time this process stops it should
2600 * really be entering a system call.
2602 tcp->flags &= ~TCB_STARTUP;
2603 if (tcp->flags & TCB_BPTSET) {
2605 * One example is a breakpoint inherited from
2606 * parent through fork ().
2608 if (clearbpt(tcp) < 0) /* Pretty fatal */ {
2615 if (followfork && (tcp->parent == NULL) && ptrace_setoptions)
2616 if (ptrace(PTRACE_SETOPTIONS, tcp->pid,
2617 NULL, ptrace_setoptions) < 0 &&
2619 ptrace_setoptions = 0;
2624 if (WSTOPSIG(status) != SIGTRAP) {
2625 if (WSTOPSIG(status) == SIGSTOP &&
2626 (tcp->flags & TCB_SIGTRAPPED)) {
2628 * Trapped attempt to block SIGTRAP
2629 * Hope we are back in control now.
2631 tcp->flags &= ~(TCB_INSYSCALL | TCB_SIGTRAPPED);
2632 if (ptrace_restart(PTRACE_SYSCALL, tcp, 0) < 0) {
2638 if (cflag != CFLAG_ONLY_STATS
2639 && (qual_flags[WSTOPSIG(status)] & QUAL_SIGNAL)) {
2641 #if defined(PT_CR_IPSR) && defined(PT_CR_IIP)
2645 upeek(tcp, PT_CR_IPSR, &psr);
2646 upeek(tcp, PT_CR_IIP, &pc);
2649 pc += (psr >> PSR_RI) & 0x3;
2650 # define PC_FORMAT_STR " @ %lx"
2651 # define PC_FORMAT_ARG pc
2653 # define PC_FORMAT_STR "%s"
2654 # define PC_FORMAT_ARG ""
2657 if (ptrace(PTRACE_GETSIGINFO, pid, 0, &si) == 0) {
2659 printsiginfo(&si, verbose(tcp));
2660 tprintf(" (%s)" PC_FORMAT_STR " ---",
2661 strsignal(WSTOPSIG(status)),
2664 tprintf("--- %s by %s" PC_FORMAT_STR " ---",
2665 strsignal(WSTOPSIG(status)),
2666 signame(WSTOPSIG(status)),
2670 if (((tcp->flags & TCB_ATTACHED) ||
2671 tcp->nclone_threads > 0) &&
2672 !sigishandled(tcp, WSTOPSIG(status))) {
2673 #ifdef TCB_GROUP_EXITING
2674 handle_group_exit(tcp, WSTOPSIG(status));
2676 detach(tcp, WSTOPSIG(status));
2680 if (ptrace_restart(PTRACE_SYSCALL, tcp, WSTOPSIG(status)) < 0) {
2684 tcp->flags &= ~TCB_SUSPENDED;
2687 /* we handled the STATUS, we are permitted to interrupt now. */
2690 if (trace_syscall(tcp) < 0 && !tcp->ptrace_errno) {
2691 /* ptrace() failed in trace_syscall() with ESRCH.
2692 * Likely a result of process disappearing mid-flight.
2693 * Observed case: exit_group() terminating
2694 * all processes in thread group. In this case, threads
2695 * "disappear" in an unpredictable moment without any
2696 * notification to strace via wait().
2698 if (tcp->flags & TCB_ATTACHED) {
2700 /* Do we have dangling line "syscall(param, param"?
2701 * Finish the line then. We cannot
2703 tcp_last->flags |= TCB_REPRINT;
2704 tprintf(" <unfinished ...>");
2710 tcp->pid, (char *) 1, SIGTERM);
2715 if (tcp->flags & TCB_EXITING) {
2716 #ifdef TCB_GROUP_EXITING
2717 if (tcp->flags & TCB_GROUP_EXITING) {
2718 if (handle_group_exit(tcp, 0) < 0)
2723 if (tcp->flags & TCB_ATTACHED)
2725 else if (ptrace_restart(PTRACE_CONT, tcp, 0) < 0) {
2731 if (tcp->flags & TCB_SUSPENDED) {
2733 fprintf(stderr, "Process %u suspended\n", pid);
2737 /* Remember current print column before continuing. */
2738 tcp->curcol = curcol;
2739 if (ptrace_restart(PTRACE_SYSCALL, tcp, 0) < 0) {
2747 #endif /* !USE_PROCFS */
2752 tprintf(const char *fmt, ...)
2756 va_start(args, fmt);
2758 int n = vfprintf(outf, fmt, args);
2761 perror(outfname == NULL
2762 ? "<writing to pipe>" : outfname);
2775 if (tcp_last->ptrace_errno) {
2776 if (tcp_last->flags & TCB_INSYSCALL) {
2777 tprintf(" <unavailable>)");
2780 tprintf("= ? <unavailable>\n");
2781 tcp_last->ptrace_errno = 0;
2782 } else if (!outfname || followfork < 2 || tcp_last == tcp) {
2783 tcp_last->flags |= TCB_REPRINT;
2784 tprintf(" <unfinished ...>\n");
2788 if ((followfork == 1 || pflag_seen > 1) && outfname)
2789 tprintf("%-5d ", tcp->pid);
2790 else if (nprocs > 1 && !outfname)
2791 tprintf("[pid %5u] ", tcp->pid);
2793 char str[sizeof("HH:MM:SS")];
2794 struct timeval tv, dtv;
2795 static struct timeval otv;
2797 gettimeofday(&tv, NULL);
2799 if (otv.tv_sec == 0)
2801 tv_sub(&dtv, &tv, &otv);
2802 tprintf("%6ld.%06ld ",
2803 (long) dtv.tv_sec, (long) dtv.tv_usec);
2806 else if (tflag > 2) {
2807 tprintf("%ld.%06ld ",
2808 (long) tv.tv_sec, (long) tv.tv_usec);
2811 time_t local = tv.tv_sec;
2812 strftime(str, sizeof(str), "%T", localtime(&local));
2814 tprintf("%s.%06ld ", str, (long) tv.tv_usec);
2816 tprintf("%s ", str);
2828 tprintf("%*s", col - curcol, "");
2838 #ifdef HAVE_MP_PROCFS
2841 mp_ioctl(int fd, int cmd, void *arg, int size)
2843 struct iovec iov[2];
2846 iov[0].iov_base = &cmd;
2847 iov[0].iov_len = sizeof cmd;
2850 iov[1].iov_base = arg;
2851 iov[1].iov_len = size;
2854 return writev(fd, iov, n);
projects / strace / blob