2 * Copyright (c) 1991, 1992 Paul Kranenburg <pk@cs.few.eur.nl>
3 * Copyright (c) 1993 Branko Lankester <branko@hacktic.nl>
4 * Copyright (c) 1993, 1994, 1995, 1996 Rick Sladkey <jrs@world.std.com>
5 * Copyright (c) 1996-1999 Wichert Akkerman <wichert@cistron.nl>
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. The name of the author may not be used to endorse or promote products
17 * derived from this software without specific prior written permission.
19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
20 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
21 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
22 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
23 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
24 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
25 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
26 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
28 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35 #include <sys/types.h>
38 #include <sys/param.h>
40 #include <sys/resource.h>
50 # include <asm/unistd.h>
51 # if defined __NR_tgkill
52 # define my_tgkill(pid, tid, sig) syscall (__NR_tgkill, (pid), (tid), (sig))
53 # elif defined __NR_tkill
54 # define my_tgkill(pid, tid, sig) syscall (__NR_tkill, (tid), (sig))
56 /* kill() may choose arbitrarily the target task of the process group
57 while we later wait on a that specific TID. PID process waits become
58 TID task specific waits for a process under ptrace(2). */
59 # warning "Neither tkill(2) nor tgkill(2) available, risk of strace hangs!"
60 # define my_tgkill(pid, tid, sig) kill ((tid), (sig))
64 #if defined(IA64) && defined(LINUX)
65 # include <asm/ptrace_offsets.h>
73 #include <sys/stropts.h>
80 extern char **environ;
85 int debug = 0, followfork = 0;
86 unsigned int ptrace_setoptions = 0;
87 int dtime = 0, xflag = 0, qflag = 0;
88 cflag_t cflag = CFLAG_NONE;
89 static int iflag = 0, interactive = 0, pflag_seen = 0, rflag = 0, tflag = 0;
91 * daemonized_tracer supports -D option.
92 * With this option, strace forks twice.
93 * Unlike normal case, with -D *grandparent* process exec's,
94 * becoming a traced process. Child exits (this prevents traced process
95 * from having children it doesn't expect to have), and grandchild
96 * attaches to grandparent similarly to strace -p PID.
97 * This allows for more transparent interaction in cases
98 * when process and its parent are communicating via signals,
99 * wait() etc. Without -D, strace process gets lodged in between,
100 * disrupting parent<->child link.
102 static bool daemonized_tracer = 0;
104 /* Sometimes we want to print only succeeding syscalls. */
105 int not_failing_only = 0;
107 /* Show path associated with fd arguments */
108 int show_fd_path = 0;
110 /* are we filtering traces based on paths? */
111 int tracing_paths = 0;
113 static int exit_code = 0;
114 static int strace_child = 0;
116 static char *username = NULL;
120 int acolumn = DEFAULT_ACOLUMN;
121 int max_strlen = DEFAULT_STRLEN;
122 static char *outfname = NULL;
126 unsigned int nprocs, tcbtabsize;
127 const char *progname;
128 extern char **environ;
130 static int detach(struct tcb *tcp, int sig);
131 static int trace(void);
132 static void cleanup(void);
133 static void interrupt(int sig);
134 static sigset_t empty_set, blocked_set;
136 #ifdef HAVE_SIG_ATOMIC_T
137 static volatile sig_atomic_t interrupted;
138 #else /* !HAVE_SIG_ATOMIC_T */
139 static volatile int interrupted;
140 #endif /* !HAVE_SIG_ATOMIC_T */
144 static struct tcb *pfd2tcb(int pfd);
145 static void reaper(int sig);
146 static void rebuild_pollv(void);
147 static struct pollfd *pollv;
149 #ifndef HAVE_POLLABLE_PROCFS
151 static void proc_poll_open(void);
152 static void proc_poller(int pfd);
160 static int poller_pid;
161 static int proc_poll_pipe[2] = { -1, -1 };
163 #endif /* !HAVE_POLLABLE_PROCFS */
165 #ifdef HAVE_MP_PROCFS
166 #define POLLWANT POLLWRNORM
168 #define POLLWANT POLLPRI
170 #endif /* USE_PROCFS */
178 usage: strace [-CdDffhiqrtttTvVxxy] [-a column] [-e expr] ... [-o file]\n\
179 [-p pid] ... [-s strsize] [-u username] [-E var=val] ...\n\
180 [-P path] [command [arg ...]]\n\
181 or: strace -c [-D] [-e expr] ... [-O overhead] [-S sortby] [-E var=val] ...\n\
182 [command [arg ...]]\n\
183 -c -- count time, calls, and errors for each syscall and report summary\n\
184 -C -- like -c but also print regular output while processes are running\n\
185 -f -- follow forks, -ff -- with output into separate files\n\
186 -F -- attempt to follow vforks, -h -- print help message\n\
187 -i -- print instruction pointer at time of syscall\n\
188 -q -- suppress messages about attaching, detaching, etc.\n\
189 -r -- print relative timestamp, -t -- absolute timestamp, -tt -- with usecs\n\
190 -T -- print time spent in each syscall, -V -- print version\n\
191 -v -- verbose mode: print unabbreviated argv, stat, termio[s], etc. args\n\
192 -x -- print non-ascii strings in hex, -xx -- print all strings in hex\n\
193 -y -- print paths associated with file descriptor arguments\n\
194 -a column -- alignment COLUMN for printing syscall results (default %d)\n\
195 -e expr -- a qualifying expression: option=[!]all or option=[!]val1[,val2]...\n\
196 options: trace, abbrev, verbose, raw, signal, read, or write\n\
197 -o file -- send trace output to FILE instead of stderr\n\
198 -O overhead -- set overhead for tracing syscalls to OVERHEAD usecs\n\
199 -p pid -- trace process with process id PID, may be repeated\n\
200 -D -- run tracer process as a detached grandchild, not as parent\n\
201 -s strsize -- limit length of print strings to STRSIZE chars (default %d)\n\
202 -S sortby -- sort syscall counts by: time, calls, name, nothing (default %s)\n\
203 -u username -- run command as username handling setuid and/or setgid\n\
204 -E var=val -- put var=val in the environment for command\n\
205 -E var -- remove var from the environment for command\n\
206 -P path -- trace accesses to path\n\
207 " /* this is broken, so don't document it
208 -z -- print only succeeding syscalls\n\
210 , DEFAULT_ACOLUMN, DEFAULT_STRLEN, DEFAULT_SORTBY);
223 /* Glue for systems without a MMU that cannot provide fork() */
225 # define strace_vforked 0
227 # define strace_vforked 1
228 # define fork() vfork()
232 set_cloexec_flag(int fd)
236 if ((flags = fcntl(fd, F_GETFD, 0)) < 0)
238 fprintf(stderr, "%s: fcntl F_GETFD: %s\n",
239 progname, strerror(errno));
243 newflags = flags | FD_CLOEXEC;
244 if (flags == newflags)
247 if (fcntl(fd, F_SETFD, newflags) < 0)
249 fprintf(stderr, "%s: fcntl F_SETFD: %s\n",
250 progname, strerror(errno));
258 * When strace is setuid executable, we have to swap uids
259 * before and after filesystem and process management operations.
265 int euid = geteuid(), uid = getuid();
267 if (euid != uid && setreuid(euid, uid) < 0)
269 fprintf(stderr, "%s: setreuid: %s\n",
270 progname, strerror(errno));
277 # define fopen_for_output fopen64
279 # define fopen_for_output fopen
283 strace_fopen(const char *path, const char *mode)
288 if ((fp = fopen_for_output(path, mode)) == NULL)
289 fprintf(stderr, "%s: can't fopen '%s': %s\n",
290 progname, path, strerror(errno));
292 if (fp && set_cloexec_flag(fileno(fp)) < 0)
300 static int popen_pid = -1;
303 # define _PATH_BSHELL "/bin/sh"
307 * We cannot use standard popen(3) here because we have to distinguish
308 * popen child process from other processes we trace, and standard popen(3)
309 * does not export its child's pid.
312 strace_popen(const char *command)
319 fprintf(stderr, "%s: pipe: %s\n",
320 progname, strerror(errno));
325 if (set_cloexec_flag(fds[1]) < 0)
333 if ((popen_pid = fork()) == -1)
335 fprintf(stderr, "%s: fork: %s\n",
336 progname, strerror(errno));
348 return fdopen(fds[1], "w");
353 if (fds[0] && (dup2(fds[0], 0) || close(fds[0])))
355 fprintf(stderr, "%s: dup2: %s\n",
356 progname, strerror(errno));
359 execl(_PATH_BSHELL, "sh", "-c", command, NULL);
360 fprintf(stderr, "%s: execl: %s: %s\n",
361 progname, _PATH_BSHELL, strerror(errno));
367 newoutf(struct tcb *tcp)
369 if (outfname && followfork > 1) {
370 char name[520 + sizeof(int) * 3];
373 sprintf(name, "%.512s.%u", outfname, tcp->pid);
374 if ((fp = strace_fopen(name, "w")) == NULL)
388 * Block user interruptions as we would leave the traced
389 * process stopped (process state T) if we would terminate in
390 * between PTRACE_ATTACH and wait4 () on SIGSTOP.
391 * We rely on cleanup () from this point on.
394 sigprocmask(SIG_BLOCK, &blocked_set, NULL);
396 if (daemonized_tracer) {
401 if (pid) { /* parent */
403 * Wait for child to attach to straced process
404 * (our parent). Child SIGKILLs us after it attached.
405 * Parent's wait() is unblocked by our death,
406 * it proceeds to exec the straced program.
409 _exit(0); /* paranoia */
413 for (tcbi = 0; tcbi < tcbtabsize; tcbi++) {
415 if (!(tcp->flags & TCB_INUSE) || !(tcp->flags & TCB_ATTACHED))
418 if (tcp->flags & TCB_CLONE_THREAD)
421 /* Reinitialize the output since it may have changed. */
423 if (newoutf(tcp) < 0)
427 if (proc_open(tcp, 1) < 0) {
428 fprintf(stderr, "trouble opening proc file\n");
432 #else /* !USE_PROCFS */
434 if (followfork && !daemonized_tracer) {
435 char procdir[sizeof("/proc/%d/task") + sizeof(int) * 3];
438 sprintf(procdir, "/proc/%d/task", tcp->pid);
439 dir = opendir(procdir);
441 unsigned int ntid = 0, nerr = 0;
444 while ((de = readdir(dir)) != NULL) {
445 if (de->d_fileno == 0)
447 tid = atoi(de->d_name);
451 if (ptrace(PTRACE_ATTACH, tid, (char *) 1, 0) < 0)
453 else if (tid != tcbtab[tcbi]->pid) {
455 tcp->flags |= TCB_ATTACHED|TCB_CLONE_THREAD|TCB_FOLLOWFORK;
456 tcbtab[tcbi]->nchildren++;
457 tcbtab[tcbi]->nclone_threads++;
458 tcp->parent = tcbtab[tcbi];
461 sigprocmask(SIG_SETMASK, &empty_set, NULL);
464 sigprocmask(SIG_BLOCK, &blocked_set, NULL);
470 perror("attach: ptrace(PTRACE_ATTACH, ...)");
475 fprintf(stderr, ntid > 1
476 ? "Process %u attached with %u threads - interrupt to quit\n"
477 : "Process %u attached - interrupt to quit\n",
478 tcbtab[tcbi]->pid, ntid);
481 } /* if (opendir worked) */
484 if (ptrace(PTRACE_ATTACH, tcp->pid, (char *) 1, 0) < 0) {
485 perror("attach: ptrace(PTRACE_ATTACH, ...)");
489 /* INTERRUPTED is going to be checked at the top of TRACE. */
491 if (daemonized_tracer) {
493 * It is our grandparent we trace, not a -p PID.
494 * Don't want to just detach on exit, so...
496 tcp->flags &= ~TCB_ATTACHED;
498 * Make parent go away.
499 * Also makes grandparent's wait() unblock.
501 kill(getppid(), SIGKILL);
504 #endif /* !USE_PROCFS */
507 "Process %u attached - interrupt to quit\n",
512 sigprocmask(SIG_SETMASK, &empty_set, NULL);
516 startup_child (char **argv)
519 const char *filename;
520 char pathname[MAXPATHLEN];
525 if (strchr(filename, '/')) {
526 if (strlen(filename) > sizeof pathname - 1) {
527 errno = ENAMETOOLONG;
528 perror("strace: exec");
531 strcpy(pathname, filename);
533 #ifdef USE_DEBUGGING_EXEC
535 * Debuggers customarily check the current directory
536 * first regardless of the path but doing that gives
537 * security geeks a panic attack.
539 else if (stat(filename, &statbuf) == 0)
540 strcpy(pathname, filename);
541 #endif /* USE_DEBUGGING_EXEC */
546 for (path = getenv("PATH"); path && *path; path += m) {
547 if (strchr(path, ':')) {
548 n = strchr(path, ':') - path;
552 m = n = strlen(path);
554 if (!getcwd(pathname, MAXPATHLEN))
556 len = strlen(pathname);
558 else if (n > sizeof pathname - 1)
561 strncpy(pathname, path, n);
564 if (len && pathname[len - 1] != '/')
565 pathname[len++] = '/';
566 strcpy(pathname + len, filename);
567 if (stat(pathname, &statbuf) == 0 &&
568 /* Accept only regular files
569 with some execute bits set.
570 XXX not perfect, might still fail */
571 S_ISREG(statbuf.st_mode) &&
572 (statbuf.st_mode & 0111))
576 if (stat(pathname, &statbuf) < 0) {
577 fprintf(stderr, "%s: %s: command not found\n",
581 strace_child = pid = fork();
583 perror("strace: fork");
587 if ((pid != 0 && daemonized_tracer) /* parent: to become a traced process */
588 || (pid == 0 && !daemonized_tracer) /* child: to become a traced process */
592 if (outf != stderr) close (fileno (outf));
594 /* Kludge for SGI, see proc_open for details. */
595 sa.sa_handler = foobar;
597 sigemptyset(&sa.sa_mask);
598 sigaction(SIGINT, &sa, NULL);
603 kill(pid, SIGSTOP); /* stop HERE */
605 #else /* !USE_PROCFS */
607 close(fileno (outf));
609 if (!daemonized_tracer) {
610 if (ptrace(PTRACE_TRACEME, 0, (char *) 1, 0) < 0) {
611 perror("strace: ptrace(PTRACE_TRACEME, ...)");
618 if (username != NULL || geteuid() == 0) {
619 uid_t run_euid = run_uid;
620 gid_t run_egid = run_gid;
622 if (statbuf.st_mode & S_ISUID)
623 run_euid = statbuf.st_uid;
624 if (statbuf.st_mode & S_ISGID)
625 run_egid = statbuf.st_gid;
628 * It is important to set groups before we
629 * lose privileges on setuid.
631 if (username != NULL) {
632 if (initgroups(username, run_gid) < 0) {
633 perror("initgroups");
636 if (setregid(run_gid, run_egid) < 0) {
640 if (setreuid(run_uid, run_euid) < 0) {
647 setreuid(run_uid, run_uid);
649 if (!daemonized_tracer) {
651 * Induce an immediate stop so that the parent
652 * will resume us with PTRACE_SYSCALL and display
653 * this execve call normally.
654 * Unless of course we're on a no-MMU system where
655 * we vfork()-ed, so we cannot stop the child.
658 kill(getpid(), SIGSTOP);
660 struct sigaction sv_sigchld;
661 sigaction(SIGCHLD, NULL, &sv_sigchld);
663 * Make sure it is not SIG_IGN, otherwise wait
666 signal(SIGCHLD, SIG_DFL);
668 * Wait for grandchild to attach to us.
669 * It kills child after that, and wait() unblocks.
674 sigaction(SIGCHLD, &sv_sigchld, NULL);
676 #endif /* !USE_PROCFS */
678 execv(pathname, argv);
679 perror("strace: exec");
683 /* We are the tracer. */
684 tcp = alloctcb(daemonized_tracer ? getppid() : pid);
685 if (daemonized_tracer) {
686 /* We want subsequent startup_attach() to attach to it. */
687 tcp->flags |= TCB_ATTACHED;
690 if (proc_open(tcp, 0) < 0) {
691 fprintf(stderr, "trouble opening proc file\n");
695 #endif /* USE_PROCFS */
700 * Test whether the kernel support PTRACE_O_TRACECLONE et al options.
701 * First fork a new child, call ptrace with PTRACE_SETOPTIONS on it,
702 * and then see which options are supported by the kernel.
705 test_ptrace_setoptions(void)
707 int pid, expected_grandchild = 0, found_grandchild = 0;
708 const unsigned int test_options = PTRACE_O_TRACECLONE |
712 if ((pid = fork()) < 0)
715 if (ptrace(PTRACE_TRACEME, 0, (char *)1, 0) < 0)
717 kill(getpid(), SIGSTOP);
722 int status, tracee_pid;
724 tracee_pid = wait(&status);
725 if (tracee_pid == -1) {
728 else if (errno == ECHILD)
730 perror("test_ptrace_setoptions");
733 if (tracee_pid != pid) {
734 found_grandchild = tracee_pid;
735 if (ptrace(PTRACE_CONT, tracee_pid, 0, 0) < 0 &&
737 kill(tracee_pid, SIGKILL);
739 else if (WIFSTOPPED(status)) {
740 switch (WSTOPSIG(status)) {
742 if (ptrace(PTRACE_SETOPTIONS, pid,
743 NULL, test_options) < 0) {
749 if (status >> 16 == PTRACE_EVENT_FORK) {
752 if (ptrace(PTRACE_GETEVENTMSG, pid,
753 NULL, (long) &msg) == 0)
754 expected_grandchild = msg;
758 if (ptrace(PTRACE_SYSCALL, pid, 0, 0) < 0 &&
763 if (expected_grandchild && expected_grandchild == found_grandchild)
764 ptrace_setoptions |= test_options;
770 main(int argc, char *argv[])
777 static char buf[BUFSIZ];
779 progname = argv[0] ? argv[0] : "strace";
781 /* Allocate the initial tcbtab. */
782 tcbtabsize = argc; /* Surely enough for all -p args. */
783 if ((tcbtab = calloc(tcbtabsize, sizeof tcbtab[0])) == NULL) {
784 fprintf(stderr, "%s: out of memory\n", progname);
787 if ((tcbtab[0] = calloc(tcbtabsize, sizeof tcbtab[0][0])) == NULL) {
788 fprintf(stderr, "%s: out of memory\n", progname);
791 for (tcp = tcbtab[0]; tcp < &tcbtab[0][tcbtabsize]; ++tcp)
792 tcbtab[tcp - tcbtab[0]] = &tcbtab[0][tcp - tcbtab[0]];
796 set_sortby(DEFAULT_SORTBY);
797 set_personality(DEFAULT_PERSONALITY);
798 qualify("trace=all");
799 qualify("abbrev=all");
800 qualify("verbose=all");
801 qualify("signal=all");
802 while ((c = getopt(argc, argv,
807 "a:e:o:O:p:s:S:u:E:P:")) != EOF) {
810 if (cflag == CFLAG_BOTH) {
811 fprintf(stderr, "%s: -c and -C are mutually exclusive options\n",
815 cflag = CFLAG_ONLY_STATS;
818 if (cflag == CFLAG_ONLY_STATS) {
819 fprintf(stderr, "%s: -c and -C are mutually exclusive options\n",
830 daemonized_tracer = 1;
865 qualify("abbrev=none");
868 printf("%s -- version %s\n", PACKAGE_NAME, VERSION);
872 not_failing_only = 1;
875 acolumn = atoi(optarg);
881 outfname = strdup(optarg);
884 set_overhead(atoi(optarg));
887 if ((pid = atoi(optarg)) <= 0) {
888 fprintf(stderr, "%s: Invalid process id: %s\n",
892 if (pid == getpid()) {
893 fprintf(stderr, "%s: I'm sorry, I can't let you do that, Dave.\n", progname);
896 tcp = alloc_tcb(pid, 0);
897 tcp->flags |= TCB_ATTACHED;
902 if (pathtrace_select(optarg)) {
903 fprintf(stderr,"%s : failed to select path '%s'\n", progname, optarg);
908 max_strlen = atoi(optarg);
909 if (max_strlen < 0) {
911 "%s: invalid -s argument: %s\n",
920 username = strdup(optarg);
923 if (putenv(optarg) < 0) {
924 fprintf(stderr, "%s: out of memory\n",
935 if ((optind == argc) == !pflag_seen)
938 if (pflag_seen && daemonized_tracer) {
940 "%s: -D and -p are mutually exclusive options\n",
948 if (followfork > 1 && cflag) {
950 "%s: (-c or -C) and -ff are mutually exclusive options\n",
955 /* See if they want to run as another user. */
956 if (username != NULL) {
959 if (getuid() != 0 || geteuid() != 0) {
961 "%s: you must be root to use the -u option\n",
965 if ((pent = getpwnam(username)) == NULL) {
966 fprintf(stderr, "%s: cannot find user `%s'\n",
970 run_uid = pent->pw_uid;
971 run_gid = pent->pw_gid;
980 if (test_ptrace_setoptions() < 0) {
982 "Test for options supported by PTRACE_SETOPTIONS "
983 "failed, giving up using this feature.\n");
984 ptrace_setoptions = 0;
987 fprintf(stderr, "ptrace_setoptions = %#x\n",
992 /* Check if they want to redirect the output. */
994 /* See if they want to pipe the output. */
995 if (outfname[0] == '|' || outfname[0] == '!') {
997 * We can't do the <outfname>.PID funny business
998 * when using popen, so prohibit it.
1000 if (followfork > 1) {
1002 %s: piping the output and -ff are mutually exclusive options\n",
1007 if ((outf = strace_popen(outfname + 1)) == NULL)
1010 else if (followfork <= 1 &&
1011 (outf = strace_fopen(outfname, "w")) == NULL)
1015 if (!outfname || outfname[0] == '|' || outfname[0] == '!')
1016 setvbuf(outf, buf, _IOLBF, BUFSIZ);
1017 if (outfname && optind < argc) {
1022 /* Valid states here:
1023 optind < argc pflag_seen outfname interactive
1030 /* STARTUP_CHILD must be called before the signal handlers get
1031 installed below as they are inherited into the spawned process.
1032 Also we do not need to be protected by them as during interruption
1033 in the STARTUP_CHILD mode we kill the spawned process anyway. */
1035 startup_child(&argv[optind]);
1037 sigemptyset(&empty_set);
1038 sigemptyset(&blocked_set);
1039 sa.sa_handler = SIG_IGN;
1040 sigemptyset(&sa.sa_mask);
1042 sigaction(SIGTTOU, &sa, NULL);
1043 sigaction(SIGTTIN, &sa, NULL);
1045 sigaddset(&blocked_set, SIGHUP);
1046 sigaddset(&blocked_set, SIGINT);
1047 sigaddset(&blocked_set, SIGQUIT);
1048 sigaddset(&blocked_set, SIGPIPE);
1049 sigaddset(&blocked_set, SIGTERM);
1050 sa.sa_handler = interrupt;
1052 /* POSIX signals on sunos4.1 are a little broken. */
1053 sa.sa_flags = SA_INTERRUPT;
1056 sigaction(SIGHUP, &sa, NULL);
1057 sigaction(SIGINT, &sa, NULL);
1058 sigaction(SIGQUIT, &sa, NULL);
1059 sigaction(SIGPIPE, &sa, NULL);
1060 sigaction(SIGTERM, &sa, NULL);
1062 sa.sa_handler = reaper;
1063 sigaction(SIGCHLD, &sa, NULL);
1065 /* Make sure SIGCHLD has the default action so that waitpid
1066 definitely works without losing track of children. The user
1067 should not have given us a bogus state to inherit, but he might
1068 have. Arguably we should detect SIG_IGN here and pass it on
1069 to children, but probably noone really needs that. */
1070 sa.sa_handler = SIG_DFL;
1071 sigaction(SIGCHLD, &sa, NULL);
1072 #endif /* USE_PROCFS */
1074 if (pflag_seen || daemonized_tracer)
1081 if (exit_code > 0xff) {
1082 /* Child was killed by a signal, mimic that. */
1084 signal(exit_code, SIG_DFL);
1086 /* Paranoia - what if this signal is not fatal?
1087 Exit with 128 + signo then. */
1096 /* Allocate some more TCBs and expand the table.
1097 We don't want to relocate the TCBs because our
1098 callers have pointers and it would be a pain.
1099 So tcbtab is a table of pointers. Since we never
1100 free the TCBs, we allocate a single chunk of many. */
1101 struct tcb **newtab = (struct tcb **)
1102 realloc(tcbtab, 2 * tcbtabsize * sizeof tcbtab[0]);
1103 struct tcb *newtcbs = (struct tcb *) calloc(tcbtabsize,
1106 if (newtab == NULL || newtcbs == NULL) {
1107 fprintf(stderr, "%s: expand_tcbtab: out of memory\n",
1112 for (i = tcbtabsize; i < 2 * tcbtabsize; ++i)
1113 newtab[i] = &newtcbs[i - tcbtabsize];
1119 alloc_tcb(int pid, int command_options_parsed)
1124 if (nprocs == tcbtabsize)
1127 for (i = 0; i < tcbtabsize; i++) {
1129 if ((tcp->flags & TCB_INUSE) == 0) {
1134 #ifdef TCB_CLONE_THREAD
1135 tcp->nclone_threads = 0;
1136 tcp->nclone_waiting = 0;
1138 tcp->flags = TCB_INUSE | TCB_STARTUP;
1139 tcp->outf = outf; /* Initialise to current out file */
1141 tcp->stime.tv_sec = 0;
1142 tcp->stime.tv_usec = 0;
1145 if (command_options_parsed)
1150 fprintf(stderr, "%s: bug in alloc_tcb\n", progname);
1157 proc_open(struct tcb *tcp, int attaching)
1167 #ifndef HAVE_POLLABLE_PROCFS
1168 static int last_pfd;
1171 #ifdef HAVE_MP_PROCFS
1172 /* Open the process pseudo-files in /proc. */
1173 sprintf(proc, "/proc/%d/ctl", tcp->pid);
1174 if ((tcp->pfd = open(proc, O_WRONLY|O_EXCL)) < 0) {
1175 perror("strace: open(\"/proc/...\", ...)");
1178 if (set_cloexec_flag(tcp->pfd) < 0) {
1181 sprintf(proc, "/proc/%d/status", tcp->pid);
1182 if ((tcp->pfd_stat = open(proc, O_RDONLY|O_EXCL)) < 0) {
1183 perror("strace: open(\"/proc/...\", ...)");
1186 if (set_cloexec_flag(tcp->pfd_stat) < 0) {
1189 sprintf(proc, "/proc/%d/as", tcp->pid);
1190 if ((tcp->pfd_as = open(proc, O_RDONLY|O_EXCL)) < 0) {
1191 perror("strace: open(\"/proc/...\", ...)");
1194 if (set_cloexec_flag(tcp->pfd_as) < 0) {
1198 /* Open the process pseudo-file in /proc. */
1200 sprintf(proc, "/proc/%d", tcp->pid);
1201 tcp->pfd = open(proc, O_RDWR|O_EXCL);
1203 sprintf(proc, "/proc/%d/mem", tcp->pid);
1204 tcp->pfd = open(proc, O_RDWR);
1205 #endif /* FREEBSD */
1207 perror("strace: open(\"/proc/...\", ...)");
1210 if (set_cloexec_flag(tcp->pfd) < 0) {
1215 sprintf(proc, "/proc/%d/regs", tcp->pid);
1216 if ((tcp->pfd_reg = open(proc, O_RDONLY)) < 0) {
1217 perror("strace: open(\"/proc/.../regs\", ...)");
1221 sprintf(proc, "/proc/%d/status", tcp->pid);
1222 if ((tcp->pfd_status = open(proc, O_RDONLY)) < 0) {
1223 perror("strace: open(\"/proc/.../status\", ...)");
1227 tcp->pfd_status = -1;
1228 #endif /* FREEBSD */
1232 * Wait for the child to pause. Because of a race
1233 * condition we have to poll for the event.
1236 if (IOCTL_STATUS (tcp) < 0) {
1237 perror("strace: PIOCSTATUS");
1240 if (tcp->status.PR_FLAGS & PR_ASLEEP)
1245 /* Stop the process so that we own the stop. */
1246 if (IOCTL(tcp->pfd, PIOCSTOP, (char *)NULL) < 0) {
1247 perror("strace: PIOCSTOP");
1252 /* Set Run-on-Last-Close. */
1254 if (IOCTL(tcp->pfd, PIOCSET, &arg) < 0) {
1255 perror("PIOCSET PR_RLC");
1258 /* Set or Reset Inherit-on-Fork. */
1260 if (IOCTL(tcp->pfd, followfork ? PIOCSET : PIOCRESET, &arg) < 0) {
1261 perror("PIOC{SET,RESET} PR_FORK");
1264 #else /* !PIOCSET */
1266 if (ioctl(tcp->pfd, PIOCSRLC) < 0) {
1270 if (ioctl(tcp->pfd, followfork ? PIOCSFORK : PIOCRFORK) < 0) {
1271 perror("PIOC{S,R}FORK");
1275 /* just unset the PF_LINGER flag for the Run-on-Last-Close. */
1276 if (ioctl(tcp->pfd, PIOCGFL, &arg) < 0) {
1281 if (ioctl(tcp->pfd, PIOCSFL, arg) < 0) {
1285 #endif /* FREEBSD */
1286 #endif /* !PIOCSET */
1288 /* Enable all syscall entries we care about. */
1289 premptyset(&syscalls);
1290 for (i = 1; i < MAX_QUALS; ++i) {
1291 if (i > (sizeof syscalls) * CHAR_BIT) break;
1292 if (qual_flags [i] & QUAL_TRACE) praddset (&syscalls, i);
1294 praddset (&syscalls, SYS_execve);
1296 praddset (&syscalls, SYS_fork);
1298 praddset (&syscalls, SYS_forkall);
1301 praddset (&syscalls, SYS_fork1);
1304 praddset (&syscalls, SYS_rfork1);
1307 praddset (&syscalls, SYS_rforkall);
1310 if (IOCTL(tcp->pfd, PIOCSENTRY, &syscalls) < 0) {
1311 perror("PIOCSENTRY");
1314 /* Enable the syscall exits. */
1315 if (IOCTL(tcp->pfd, PIOCSEXIT, &syscalls) < 0) {
1319 /* Enable signals we care about. */
1320 premptyset(&signals);
1321 for (i = 1; i < MAX_QUALS; ++i) {
1322 if (i > (sizeof signals) * CHAR_BIT) break;
1323 if (qual_flags [i] & QUAL_SIGNAL) praddset (&signals, i);
1325 if (IOCTL(tcp->pfd, PIOCSTRACE, &signals) < 0) {
1326 perror("PIOCSTRACE");
1329 /* Enable faults we care about */
1330 premptyset(&faults);
1331 for (i = 1; i < MAX_QUALS; ++i) {
1332 if (i > (sizeof faults) * CHAR_BIT) break;
1333 if (qual_flags [i] & QUAL_FAULT) praddset (&faults, i);
1335 if (IOCTL(tcp->pfd, PIOCSFAULT, &faults) < 0) {
1336 perror("PIOCSFAULT");
1340 /* set events flags. */
1341 arg = S_SIG | S_SCE | S_SCX ;
1342 if(ioctl(tcp->pfd, PIOCBIS, arg) < 0) {
1346 #endif /* FREEBSD */
1350 * The SGI PRSABORT doesn't work for pause() so
1351 * we send it a caught signal to wake it up.
1353 kill(tcp->pid, SIGINT);
1356 /* The child is in a pause(), abort it. */
1358 if (IOCTL (tcp->pfd, PIOCRUN, &arg) < 0) {
1365 /* wake up the child if it received the SIGSTOP */
1366 kill(tcp->pid, SIGCONT);
1369 /* Wait for the child to do something. */
1370 if (IOCTL_WSTOP (tcp) < 0) {
1371 perror("PIOCWSTOP");
1374 if (tcp->status.PR_WHY == PR_SYSENTRY) {
1375 tcp->flags &= ~TCB_INSYSCALL;
1377 if (known_scno(tcp) == SYS_execve)
1380 /* Set it running: maybe execve will be next. */
1383 if (IOCTL(tcp->pfd, PIOCRUN, &arg) < 0) {
1385 if (IOCTL(tcp->pfd, PIOCRUN, 0) < 0) {
1386 #endif /* FREEBSD */
1391 /* handle the case where we "opened" the child before
1392 it did the kill -STOP */
1393 if (tcp->status.PR_WHY == PR_SIGNALLED &&
1394 tcp->status.PR_WHAT == SIGSTOP)
1395 kill(tcp->pid, SIGCONT);
1402 if (attaching < 2) {
1403 /* We are attaching to an already running process.
1404 * Try to figure out the state of the process in syscalls,
1405 * to handle the first event well.
1406 * This is done by having a look at the "wchan" property of the
1407 * process, which tells where it is stopped (if it is). */
1409 char wchan[20]; /* should be enough */
1411 sprintf(proc, "/proc/%d/status", tcp->pid);
1412 status = fopen(proc, "r");
1414 (fscanf(status, "%*s %*d %*d %*d %*d %*d,%*d %*s %*d,%*d"
1415 "%*d,%*d %*d,%*d %19s", wchan) == 1) &&
1416 strcmp(wchan, "nochan") && strcmp(wchan, "spread") &&
1417 strcmp(wchan, "stopevent")) {
1418 /* The process is asleep in the middle of a syscall.
1419 Fake the syscall entry event */
1420 tcp->flags &= ~(TCB_INSYSCALL|TCB_STARTUP);
1421 tcp->status.PR_WHY = PR_SYSENTRY;
1426 } /* otherwise it's a fork being followed */
1428 #endif /* FREEBSD */
1429 #ifndef HAVE_POLLABLE_PROCFS
1430 if (proc_poll_pipe[0] != -1)
1431 proc_poller(tcp->pfd);
1432 else if (nprocs > 1) {
1434 proc_poller(last_pfd);
1435 proc_poller(tcp->pfd);
1437 last_pfd = tcp->pfd;
1438 #endif /* !HAVE_POLLABLE_PROCFS */
1442 #endif /* USE_PROCFS */
1452 for (i = 0; i < tcbtabsize; i++) {
1453 struct tcb *tcp = tcbtab[i];
1454 if (tcp->pid == pid && (tcp->flags & TCB_INUSE))
1464 first_used_tcb(void)
1468 for (i = 0; i < tcbtabsize; i++) {
1470 if (tcp->flags & TCB_INUSE)
1482 for (i = 0; i < tcbtabsize; i++) {
1483 struct tcb *tcp = tcbtab[i];
1484 if (tcp->pfd != pfd)
1486 if (tcp->flags & TCB_INUSE)
1492 #endif /* USE_PROCFS */
1500 #ifdef TCB_CLONE_THREAD
1501 if (tcp->nclone_threads > 0) {
1502 /* There are other threads left in this process, but this
1503 is the one whose PID represents the whole process.
1504 We need to keep this record around as a zombie until
1505 all the threads die. */
1506 tcp->flags |= TCB_EXITING;
1513 if (tcp->parent != NULL) {
1514 tcp->parent->nchildren--;
1515 #ifdef TCB_CLONE_THREAD
1516 if (tcp->flags & TCB_CLONE_THREAD)
1517 tcp->parent->nclone_threads--;
1519 tcp->parent->nzombies++;
1521 /* Update `tcp->parent->parent->nchildren' and the other fields
1522 like NCLONE_DETACHED, only for zombie group leader that has
1523 already reported and been short-circuited at the top of this
1524 function. The same condition as at the top of DETACH. */
1525 if ((tcp->flags & TCB_CLONE_THREAD) &&
1526 tcp->parent->nclone_threads == 0 &&
1527 (tcp->parent->flags & TCB_EXITING))
1528 droptcb(tcp->parent);
1534 if (tcp->pfd != -1) {
1538 if (tcp->pfd_reg != -1) {
1539 close(tcp->pfd_reg);
1542 if (tcp->pfd_status != -1) {
1543 close(tcp->pfd_status);
1544 tcp->pfd_status = -1;
1546 #endif /* !FREEBSD */
1548 rebuild_pollv(); /* Note, flags needs to be cleared by now. */
1552 if (outfname && followfork > 1 && tcp->outf)
1567 if (!(tcp->flags & TCB_SUSPENDED)) {
1568 fprintf(stderr, "PANIC: pid %u not suspended\n", tcp->pid);
1571 tcp->flags &= ~TCB_SUSPENDED;
1572 #ifdef TCB_CLONE_THREAD
1573 if (tcp->flags & TCB_CLONE_THREAD)
1574 tcp->parent->nclone_waiting--;
1577 if (ptrace_restart(PTRACE_SYSCALL, tcp, 0) < 0)
1581 fprintf(stderr, "Process %u resumed\n", tcp->pid);
1586 resume_from_tcp (struct tcb *tcp)
1591 /* XXX This won't always be quite right (but it never was).
1592 A waiter with argument 0 or < -1 is waiting for any pid in
1593 a particular pgrp, which this child might or might not be
1594 in. The waiter will only wake up if it's argument is -1
1595 or if it's waiting for tcp->pid's pgrp. It makes a
1596 difference to wake up a waiter when there might be more
1597 traced children, because it could get a false ECHILD
1598 error. OTOH, if this was the last child in the pgrp, then
1599 it ought to wake up and get ECHILD. We would have to
1600 search the system for all pid's in the pgrp to be sure.
1602 && (t->waitpid == -1 ||
1603 (t->waitpid == 0 && getpgid (tcp->pid) == getpgid (t->pid))
1604 || (t->waitpid < 0 && t->waitpid == -getpid (t->pid)))
1608 (tcp->parent->flags & TCB_SUSPENDED) &&
1609 (tcp->parent->waitpid <= 0 || tcp->parent->waitpid == tcp->pid)) {
1610 error = resume(tcp->parent);
1613 #ifdef TCB_CLONE_THREAD
1614 if (tcp->parent && tcp->parent->nclone_waiting > 0) {
1615 /* Some other threads of our parent are waiting too. */
1618 /* Resume all the threads that were waiting for this PID. */
1619 for (i = 0; i < tcbtabsize; i++) {
1620 struct tcb *t = tcbtab[i];
1621 if (t->parent == tcp->parent && t != tcp
1622 && ((t->flags & (TCB_CLONE_THREAD|TCB_SUSPENDED))
1623 == (TCB_CLONE_THREAD|TCB_SUSPENDED))
1624 && t->waitpid == tcp->pid) {
1625 error |= resume (t);
1630 /* Noone was waiting for this PID in particular,
1631 so now we might need to resume some wildcarders. */
1632 for (i = 0; i < tcbtabsize; i++) {
1633 struct tcb *t = tcbtab[i];
1634 if (t->parent == tcp->parent && t != tcp
1636 & (TCB_CLONE_THREAD|TCB_SUSPENDED))
1637 == (TCB_CLONE_THREAD|TCB_SUSPENDED))
1640 error |= resume (t);
1650 #endif /* !USE_PROCFS */
1652 /* detach traced process; continue with sig
1653 Never call DETACH twice on the same process as both unattached and
1654 attached-unstopped processes give the same ESRCH. For unattached process we
1655 would SIGSTOP it and wait for its SIGSTOP notification forever. */
1664 int status, catch_sigstop;
1665 struct tcb *zombie = NULL;
1667 /* If the group leader is lingering only because of this other
1668 thread now dying, then detach the leader as well. */
1669 if ((tcp->flags & TCB_CLONE_THREAD) &&
1670 tcp->parent->nclone_threads == 1 &&
1671 (tcp->parent->flags & TCB_EXITING))
1672 zombie = tcp->parent;
1675 if (tcp->flags & TCB_BPTSET)
1680 * Linux wrongly insists the child be stopped
1681 * before detaching. Arghh. We go through hoops
1682 * to make a clean break of things.
1685 #undef PTRACE_DETACH
1686 #define PTRACE_DETACH PTRACE_SUNDETACH
1689 * On TCB_STARTUP we did PTRACE_ATTACH but still did not get the
1690 * expected SIGSTOP. We must catch exactly one as otherwise the
1691 * detached process would be left stopped (process state T).
1693 catch_sigstop = (tcp->flags & TCB_STARTUP);
1694 if ((error = ptrace(PTRACE_DETACH, tcp->pid, (char *) 1, sig)) == 0) {
1695 /* On a clear day, you can see forever. */
1697 else if (errno != ESRCH) {
1698 /* Shouldn't happen. */
1699 perror("detach: ptrace(PTRACE_DETACH, ...)");
1701 else if (my_tgkill((tcp->flags & TCB_CLONE_THREAD ? tcp->parent->pid
1705 perror("detach: checking sanity");
1707 else if (!catch_sigstop && my_tgkill((tcp->flags & TCB_CLONE_THREAD
1708 ? tcp->parent->pid : tcp->pid),
1709 tcp->pid, SIGSTOP) < 0) {
1711 perror("detach: stopping child");
1715 if (catch_sigstop) {
1718 if (wait4(tcp->pid, &status, __WALL, NULL) < 0) {
1719 if (errno == ECHILD) /* Already gone. */
1721 if (errno != EINVAL) {
1722 perror("detach: waiting");
1726 /* No __WALL here. */
1727 if (waitpid(tcp->pid, &status, 0) < 0) {
1728 if (errno != ECHILD) {
1729 perror("detach: waiting");
1733 /* If no processes, try clones. */
1734 if (wait4(tcp->pid, &status, __WCLONE,
1736 if (errno != ECHILD)
1737 perror("detach: waiting");
1740 #endif /* __WCLONE */
1745 if (!WIFSTOPPED(status)) {
1746 /* Au revoir, mon ami. */
1749 if (WSTOPSIG(status) == SIGSTOP) {
1750 ptrace_restart(PTRACE_DETACH, tcp, sig);
1753 error = ptrace_restart(PTRACE_CONT, tcp,
1754 WSTOPSIG(status) == SIGTRAP ? 0
1755 : WSTOPSIG(status));
1763 /* PTRACE_DETACH won't respect `sig' argument, so we post it here. */
1764 if (sig && kill(tcp->pid, sig) < 0)
1765 perror("detach: kill");
1767 error = ptrace_restart(PTRACE_DETACH, tcp, sig);
1771 error |= resume_from_tcp (tcp);
1775 fprintf(stderr, "Process %u detached\n", tcp->pid);
1780 if (zombie != NULL) {
1781 /* TCP no longer exists therefore you must not detach () it. */
1791 static void reaper(int sig)
1796 while ((pid = waitpid(-1, &status, WNOHANG)) > 0) {
1800 #endif /* USE_PROCFS */
1808 for (i = 0; i < tcbtabsize; i++) {
1810 if (!(tcp->flags & TCB_INUSE))
1814 "cleanup: looking at pid %u\n", tcp->pid);
1816 (!outfname || followfork < 2 || tcp_last == tcp)) {
1817 tprintf(" <unfinished ...>");
1820 if (tcp->flags & TCB_ATTACHED)
1823 kill(tcp->pid, SIGCONT);
1824 kill(tcp->pid, SIGTERM);
1838 #ifndef HAVE_STRERROR
1840 #if !HAVE_DECL_SYS_ERRLIST
1841 extern int sys_nerr;
1842 extern char *sys_errlist[];
1843 #endif /* HAVE_DECL_SYS_ERRLIST */
1849 static char buf[64];
1851 if (errno < 1 || errno >= sys_nerr) {
1852 sprintf(buf, "Unknown error %d", errno);
1855 return sys_errlist[errno];
1858 #endif /* HAVE_STERRROR */
1860 #ifndef HAVE_STRSIGNAL
1862 #if defined HAVE_SYS_SIGLIST && !defined HAVE_DECL_SYS_SIGLIST
1863 extern char *sys_siglist[];
1865 #if defined HAVE_SYS__SIGLIST && !defined HAVE_DECL__SYS_SIGLIST
1866 extern char *_sys_siglist[];
1873 static char buf[64];
1875 if (sig < 1 || sig >= NSIG) {
1876 sprintf(buf, "Unknown signal %d", sig);
1879 #ifdef HAVE__SYS_SIGLIST
1880 return _sys_siglist[sig];
1882 return sys_siglist[sig];
1886 #endif /* HAVE_STRSIGNAL */
1897 pollv = (struct pollfd *) malloc(nprocs * sizeof pollv[0]);
1898 if (pollv == NULL) {
1899 fprintf(stderr, "%s: out of memory\n", progname);
1903 for (i = j = 0; i < tcbtabsize; i++) {
1904 struct tcb *tcp = tcbtab[i];
1905 if (!(tcp->flags & TCB_INUSE))
1907 pollv[j].fd = tcp->pfd;
1908 pollv[j].events = POLLWANT;
1912 fprintf(stderr, "strace: proc miscount\n");
1917 #ifndef HAVE_POLLABLE_PROCFS
1924 if (pipe(proc_poll_pipe) < 0) {
1928 for (i = 0; i < 2; i++) {
1929 if (set_cloexec_flag(proc_poll_pipe[i]) < 0) {
1936 proc_poll(pollv, nfds, timeout)
1937 struct pollfd *pollv;
1943 struct proc_pollfd pollinfo;
1945 if ((n = read(proc_poll_pipe[0], &pollinfo, sizeof(pollinfo))) < 0)
1947 if (n != sizeof(struct proc_pollfd)) {
1948 fprintf(stderr, "panic: short read: %d\n", n);
1951 for (i = 0; i < nprocs; i++) {
1952 if (pollv[i].fd == pollinfo.fd)
1953 pollv[i].revents = pollinfo.revents;
1955 pollv[i].revents = 0;
1957 poller_pid = pollinfo.pid;
1971 struct proc_pollfd pollinfo;
1972 struct sigaction sa;
1973 sigset_t blocked_set, empty_set;
1978 struct procfs_status pfs;
1979 #endif /* FREEBSD */
1991 sa.sa_handler = interactive ? SIG_DFL : SIG_IGN;
1993 sigemptyset(&sa.sa_mask);
1994 sigaction(SIGHUP, &sa, NULL);
1995 sigaction(SIGINT, &sa, NULL);
1996 sigaction(SIGQUIT, &sa, NULL);
1997 sigaction(SIGPIPE, &sa, NULL);
1998 sigaction(SIGTERM, &sa, NULL);
1999 sa.sa_handler = wakeup_handler;
2000 sigaction(SIGUSR1, &sa, NULL);
2001 sigemptyset(&blocked_set);
2002 sigaddset(&blocked_set, SIGUSR1);
2003 sigprocmask(SIG_BLOCK, &blocked_set, NULL);
2004 sigemptyset(&empty_set);
2006 if (getrlimit(RLIMIT_NOFILE, &rl) < 0) {
2007 perror("getrlimit(RLIMIT_NOFILE, ...)");
2011 for (i = 0; i < n; i++) {
2012 if (i != pfd && i != proc_poll_pipe[1])
2017 pollinfo.pid = getpid();
2020 if (ioctl(pfd, PIOCWSTOP, NULL) < 0)
2022 if (ioctl(pfd, PIOCWSTOP, &pfs) < 0)
2029 pollinfo.revents = POLLERR;
2032 pollinfo.revents = POLLHUP;
2035 perror("proc_poller: PIOCWSTOP");
2037 write(proc_poll_pipe[1], &pollinfo, sizeof(pollinfo));
2040 pollinfo.revents = POLLWANT;
2041 write(proc_poll_pipe[1], &pollinfo, sizeof(pollinfo));
2042 sigsuspend(&empty_set);
2046 #endif /* !HAVE_POLLABLE_PROCFS */
2056 if (followfork < 2 &&
2057 last < nprocs && (pollv[last].revents & POLLWANT)) {
2059 * The previous process is ready to run again. We'll
2060 * let it do so if it is currently in a syscall. This
2061 * heuristic improves the readability of the trace.
2063 tcp = pfd2tcb(pollv[last].fd);
2064 if (tcp && (tcp->flags & TCB_INSYSCALL))
2065 return pollv[last].fd;
2068 for (i = 0; i < nprocs; i++) {
2069 /* Let competing children run round robin. */
2070 j = (i + last + 1) % nprocs;
2071 if (pollv[j].revents & (POLLHUP | POLLERR)) {
2072 tcp = pfd2tcb(pollv[j].fd);
2074 fprintf(stderr, "strace: lost proc\n");
2080 if (pollv[j].revents & POLLWANT) {
2085 fprintf(stderr, "strace: nothing ready\n");
2093 struct tcb *in_syscall = NULL;
2098 int ioctl_result = 0, ioctl_errno = 0;
2103 sigprocmask(SIG_SETMASK, &empty_set, NULL);
2110 #ifndef HAVE_POLLABLE_PROCFS
2111 if (proc_poll_pipe[0] == -1) {
2113 tcp = first_used_tcb();
2120 #ifndef HAVE_POLLABLE_PROCFS
2122 /* fall through ... */
2123 #endif /* !HAVE_POLLABLE_PROCFS */
2125 #ifdef HAVE_POLLABLE_PROCFS
2127 /* On some systems (e.g. UnixWare) we get too much ugly
2128 "unfinished..." stuff when multiple proceses are in
2129 syscalls. Here's a nasty hack */
2136 pv.events = POLLWANT;
2137 if ((what = poll (&pv, 1, 1)) < 0) {
2142 else if (what == 1 && pv.revents & POLLWANT) {
2148 if (poll(pollv, nprocs, INFTIM) < 0) {
2153 #else /* !HAVE_POLLABLE_PROCFS */
2154 if (proc_poll(pollv, nprocs, INFTIM) < 0) {
2159 #endif /* !HAVE_POLLABLE_PROCFS */
2166 /* Look up `pfd' in our table. */
2167 if ((tcp = pfd2tcb(pfd)) == NULL) {
2168 fprintf(stderr, "unknown pfd: %u\n", pfd);
2174 /* Get the status of the process. */
2177 ioctl_result = IOCTL_WSTOP (tcp);
2179 /* Thanks to some scheduling mystery, the first poller
2180 sometimes waits for the already processed end of fork
2181 event. Doing a non blocking poll here solves the problem. */
2182 if (proc_poll_pipe[0] != -1)
2183 ioctl_result = IOCTL_STATUS (tcp);
2185 ioctl_result = IOCTL_WSTOP (tcp);
2186 #endif /* FREEBSD */
2187 ioctl_errno = errno;
2188 #ifndef HAVE_POLLABLE_PROCFS
2189 if (proc_poll_pipe[0] != -1) {
2190 if (ioctl_result < 0)
2191 kill(poller_pid, SIGKILL);
2193 kill(poller_pid, SIGUSR1);
2195 #endif /* !HAVE_POLLABLE_PROCFS */
2201 sigprocmask(SIG_BLOCK, &blocked_set, NULL);
2203 if (ioctl_result < 0) {
2204 /* Find out what happened if it failed. */
2205 switch (ioctl_errno) {
2216 perror("PIOCWSTOP");
2222 if ((tcp->flags & TCB_STARTUP) && (tcp->status.PR_WHY == PR_SYSEXIT)) {
2223 /* discard first event for a syscall we never entered */
2224 IOCTL (tcp->pfd, PIOCRUN, 0);
2229 /* clear the just started flag */
2230 tcp->flags &= ~TCB_STARTUP;
2232 /* set current output file */
2234 curcol = tcp->curcol;
2237 struct timeval stime;
2242 if ((len = pread(tcp->pfd_status, buf, sizeof(buf) - 1, 0)) > 0) {
2245 "%*s %*d %*d %*d %*d %*d,%*d %*s %*d,%*d %*d,%*d %ld,%ld",
2246 &stime.tv_sec, &stime.tv_usec);
2248 stime.tv_sec = stime.tv_usec = 0;
2249 #else /* !FREEBSD */
2250 stime.tv_sec = tcp->status.pr_stime.tv_sec;
2251 stime.tv_usec = tcp->status.pr_stime.tv_nsec/1000;
2252 #endif /* !FREEBSD */
2253 tv_sub(&tcp->dtime, &stime, &tcp->stime);
2256 what = tcp->status.PR_WHAT;
2257 switch (tcp->status.PR_WHY) {
2260 if (tcp->status.PR_FLAGS & PR_ASLEEP) {
2261 tcp->status.PR_WHY = PR_SYSENTRY;
2262 if (trace_syscall(tcp) < 0) {
2263 fprintf(stderr, "syscall trouble\n");
2268 #endif /* !FREEBSD */
2274 if (trace_syscall(tcp) < 0) {
2275 fprintf(stderr, "syscall trouble\n");
2280 if (cflag != CFLAG_ONLY_STATS
2281 && (qual_flags[what] & QUAL_SIGNAL)) {
2283 tprintf("--- %s (%s) ---",
2284 signame(what), strsignal(what));
2287 if (tcp->status.PR_INFO.si_signo == what) {
2289 tprintf(" siginfo=");
2290 printsiginfo(&tcp->status.PR_INFO, 1);
2297 if (cflag != CFLAGS_ONLY_STATS
2298 && (qual_flags[what] & QUAL_FAULT)) {
2300 tprintf("=== FAULT %d ===", what);
2305 case 0: /* handle case we polled for nothing */
2309 fprintf(stderr, "odd stop %d\n", tcp->status.PR_WHY);
2313 /* Remember current print column before continuing. */
2314 tcp->curcol = curcol;
2317 if (IOCTL (tcp->pfd, PIOCRUN, &arg) < 0)
2319 if (IOCTL (tcp->pfd, PIOCRUN, 0) < 0)
2329 #else /* !USE_PROCFS */
2331 #ifdef TCB_GROUP_EXITING
2332 /* Handle an exit detach or death signal that is taking all the
2333 related clone threads with it. This is called in three circumstances:
2334 SIG == -1 TCP has already died (TCB_ATTACHED is clear, strace is parent).
2335 SIG == 0 Continuing TCP will perform an exit_group syscall.
2336 SIG == other Continuing TCP with SIG will kill the process.
2339 handle_group_exit(struct tcb *tcp, int sig)
2341 /* We need to locate our records of all the clone threads
2342 related to TCP, either its children or siblings. */
2343 struct tcb *leader = NULL;
2345 if (tcp->flags & TCB_CLONE_THREAD)
2346 leader = tcp->parent;
2349 if (leader != NULL && leader != tcp
2350 && !(leader->flags & TCB_GROUP_EXITING)
2351 && !(tcp->flags & TCB_STARTUP)
2354 "PANIC: handle_group_exit: %d leader %d\n",
2355 tcp->pid, leader ? leader->pid : -1);
2357 /* TCP no longer exists therefore you must not detach() it. */
2359 resume_from_tcp(tcp);
2361 droptcb(tcp); /* Already died. */
2364 /* Mark that we are taking the process down. */
2365 tcp->flags |= TCB_EXITING | TCB_GROUP_EXITING;
2366 if (tcp->flags & TCB_ATTACHED) {
2368 if (leader != NULL && leader != tcp)
2369 leader->flags |= TCB_GROUP_EXITING;
2371 if (ptrace_restart(PTRACE_CONT, tcp, sig) < 0) {
2375 if (leader != NULL) {
2376 leader->flags |= TCB_GROUP_EXITING;
2380 /* The leader will report to us as parent now,
2381 and then we'll get to the SIG==-1 case. */
2392 handle_ptrace_event(int status, struct tcb *tcp)
2394 if (status >> 16 == PTRACE_EVENT_VFORK ||
2395 status >> 16 == PTRACE_EVENT_CLONE ||
2396 status >> 16 == PTRACE_EVENT_FORK) {
2399 if (do_ptrace(PTRACE_GETEVENTMSG, tcp, NULL, &childpid) < 0) {
2400 if (errno != ESRCH) {
2402 %s: handle_ptrace_event: ptrace cannot get new child's pid\n",
2409 return handle_new_child(tcp, childpid, 0);
2425 static int wait4_options = __WALL;
2429 while (nprocs != 0) {
2433 sigprocmask(SIG_SETMASK, &empty_set, NULL);
2436 pid = wait4(-1, &status, wait4_options, cflag ? &ru : NULL);
2437 if (pid < 0 && (wait4_options & __WALL) && errno == EINVAL) {
2438 /* this kernel does not support __WALL */
2439 wait4_options &= ~__WALL;
2441 pid = wait4(-1, &status, wait4_options,
2442 cflag ? &ru : NULL);
2444 if (pid < 0 && !(wait4_options & __WALL) && errno == ECHILD) {
2445 /* most likely a "cloned" process */
2446 pid = wait4(-1, &status, __WCLONE,
2447 cflag ? &ru : NULL);
2449 fprintf(stderr, "strace: clone wait4 "
2450 "failed: %s\n", strerror(errno));
2454 pid = wait4(-1, &status, 0, cflag ? &ru : NULL);
2458 pid = wait(&status);
2462 sigprocmask(SIG_BLOCK, &blocked_set, NULL);
2465 switch (wait_errno) {
2470 * We would like to verify this case
2471 * but sometimes a race in Solbourne's
2472 * version of SunOS sometimes reports
2473 * ECHILD before sending us SIGCHILD.
2478 perror("strace: wait");
2482 if (pid == popen_pid) {
2483 if (WIFEXITED(status) || WIFSIGNALED(status))
2488 fprintf(stderr, " [wait(%#x) = %u]\n", status, pid);
2490 /* Look up `pid' in our table. */
2491 if ((tcp = pid2tcb(pid)) == NULL) {
2494 /* This is needed to go with the CLONE_PTRACE
2495 changes in process.c/util.c: we might see
2496 the child's initial trap before we see the
2497 parent return from the clone syscall.
2498 Leave the child suspended until the parent
2499 returns from its system call. Only then
2500 will we have the association of parent and
2501 child so that we know how to do clearbpt
2503 tcp = alloctcb(pid);
2504 tcp->flags |= TCB_ATTACHED | TCB_SUSPENDED;
2507 Process %d attached (waiting for parent)\n",
2511 /* This can happen if a clone call used
2512 CLONE_PTRACE itself. */
2515 fprintf(stderr, "unknown pid: %u\n", pid);
2516 if (WIFSTOPPED(status))
2517 ptrace(PTRACE_CONT, pid, (char *) 1, 0);
2521 /* set current output file */
2523 curcol = tcp->curcol;
2526 tv_sub(&tcp->dtime, &ru.ru_stime, &tcp->stime);
2527 tcp->stime = ru.ru_stime;
2531 if (tcp->flags & TCB_SUSPENDED) {
2533 * Apparently, doing any ptrace() call on a stopped
2534 * process, provokes the kernel to report the process
2535 * status again on a subsequent wait(), even if the
2536 * process has not been actually restarted.
2537 * Since we have inspected the arguments of suspended
2538 * processes we end up here testing for this case.
2542 if (WIFSIGNALED(status)) {
2543 if (pid == strace_child)
2544 exit_code = 0x100 | WTERMSIG(status);
2545 if (cflag != CFLAG_ONLY_STATS
2546 && (qual_flags[WTERMSIG(status)] & QUAL_SIGNAL)) {
2548 tprintf("+++ killed by %s %s+++",
2549 signame(WTERMSIG(status)),
2551 WCOREDUMP(status) ? "(core dumped) " :
2556 #ifdef TCB_GROUP_EXITING
2557 handle_group_exit(tcp, -1);
2563 if (WIFEXITED(status)) {
2564 if (pid == strace_child)
2565 exit_code = WEXITSTATUS(status);
2567 fprintf(stderr, "pid %u exited with %d\n", pid, WEXITSTATUS(status));
2568 if ((tcp->flags & (TCB_ATTACHED|TCB_STARTUP)) == TCB_ATTACHED
2569 #ifdef TCB_GROUP_EXITING
2570 && !(tcp->parent && (tcp->parent->flags & TCB_GROUP_EXITING))
2571 && !(tcp->flags & TCB_GROUP_EXITING)
2575 "PANIC: attached pid %u exited with %d\n",
2576 pid, WEXITSTATUS(status));
2578 if (tcp == tcp_last) {
2579 if ((tcp->flags & (TCB_INSYSCALL|TCB_REPRINT)) == TCB_INSYSCALL)
2580 tprintf(" <unfinished ... exit status %d>\n",
2581 WEXITSTATUS(status));
2584 #ifdef TCB_GROUP_EXITING
2585 handle_group_exit(tcp, -1);
2591 if (!WIFSTOPPED(status)) {
2592 fprintf(stderr, "PANIC: pid %u not stopped\n", pid);
2597 fprintf(stderr, "pid %u stopped, [%s]\n",
2598 pid, signame(WSTOPSIG(status)));
2600 if (ptrace_setoptions && (status >> 16)) {
2601 if (handle_ptrace_event(status, tcp) != 1)
2606 * Interestingly, the process may stop
2607 * with STOPSIG equal to some other signal
2608 * than SIGSTOP if we happend to attach
2609 * just before the process takes a signal.
2610 * A no-MMU vforked child won't send up a signal,
2611 * so skip the first (lost) execve notification.
2613 if ((tcp->flags & TCB_STARTUP) &&
2614 (WSTOPSIG(status) == SIGSTOP || strace_vforked)) {
2616 * This flag is there to keep us in sync.
2617 * Next time this process stops it should
2618 * really be entering a system call.
2620 tcp->flags &= ~TCB_STARTUP;
2621 if (tcp->flags & TCB_BPTSET) {
2623 * One example is a breakpoint inherited from
2624 * parent through fork ().
2626 if (clearbpt(tcp) < 0) /* Pretty fatal */ {
2633 if (followfork && (tcp->parent == NULL) && ptrace_setoptions)
2634 if (ptrace(PTRACE_SETOPTIONS, tcp->pid,
2635 NULL, ptrace_setoptions) < 0 &&
2637 ptrace_setoptions = 0;
2642 if (WSTOPSIG(status) != SIGTRAP) {
2643 if (WSTOPSIG(status) == SIGSTOP &&
2644 (tcp->flags & TCB_SIGTRAPPED)) {
2646 * Trapped attempt to block SIGTRAP
2647 * Hope we are back in control now.
2649 tcp->flags &= ~(TCB_INSYSCALL | TCB_SIGTRAPPED);
2650 if (ptrace_restart(PTRACE_SYSCALL, tcp, 0) < 0) {
2656 if (cflag != CFLAG_ONLY_STATS
2657 && (qual_flags[WSTOPSIG(status)] & QUAL_SIGNAL)) {
2659 #if defined(PT_CR_IPSR) && defined(PT_CR_IIP)
2663 upeek(tcp, PT_CR_IPSR, &psr);
2664 upeek(tcp, PT_CR_IIP, &pc);
2667 pc += (psr >> PSR_RI) & 0x3;
2668 # define PC_FORMAT_STR " @ %lx"
2669 # define PC_FORMAT_ARG pc
2671 # define PC_FORMAT_STR "%s"
2672 # define PC_FORMAT_ARG ""
2675 if (ptrace(PTRACE_GETSIGINFO, pid, 0, &si) == 0) {
2677 printsiginfo(&si, verbose(tcp));
2678 tprintf(" (%s)" PC_FORMAT_STR " ---",
2679 strsignal(WSTOPSIG(status)),
2682 tprintf("--- %s by %s" PC_FORMAT_STR " ---",
2683 strsignal(WSTOPSIG(status)),
2684 signame(WSTOPSIG(status)),
2688 if (((tcp->flags & TCB_ATTACHED) ||
2689 tcp->nclone_threads > 0) &&
2690 !sigishandled(tcp, WSTOPSIG(status))) {
2691 #ifdef TCB_GROUP_EXITING
2692 handle_group_exit(tcp, WSTOPSIG(status));
2694 detach(tcp, WSTOPSIG(status));
2698 if (ptrace_restart(PTRACE_SYSCALL, tcp, WSTOPSIG(status)) < 0) {
2702 tcp->flags &= ~TCB_SUSPENDED;
2705 /* we handled the STATUS, we are permitted to interrupt now. */
2708 if (trace_syscall(tcp) < 0 && !tcp->ptrace_errno) {
2709 /* ptrace() failed in trace_syscall() with ESRCH.
2710 * Likely a result of process disappearing mid-flight.
2711 * Observed case: exit_group() terminating
2712 * all processes in thread group. In this case, threads
2713 * "disappear" in an unpredictable moment without any
2714 * notification to strace via wait().
2716 if (tcp->flags & TCB_ATTACHED) {
2718 /* Do we have dangling line "syscall(param, param"?
2719 * Finish the line then. We cannot
2721 tcp_last->flags |= TCB_REPRINT;
2722 tprintf(" <unfinished ...>");
2728 tcp->pid, (char *) 1, SIGTERM);
2733 if (tcp->flags & TCB_EXITING) {
2734 #ifdef TCB_GROUP_EXITING
2735 if (tcp->flags & TCB_GROUP_EXITING) {
2736 if (handle_group_exit(tcp, 0) < 0)
2741 if (tcp->flags & TCB_ATTACHED)
2743 else if (ptrace_restart(PTRACE_CONT, tcp, 0) < 0) {
2749 if (tcp->flags & TCB_SUSPENDED) {
2751 fprintf(stderr, "Process %u suspended\n", pid);
2755 /* Remember current print column before continuing. */
2756 tcp->curcol = curcol;
2757 if (ptrace_restart(PTRACE_SYSCALL, tcp, 0) < 0) {
2765 #endif /* !USE_PROCFS */
2770 tprintf(const char *fmt, ...)
2774 va_start(args, fmt);
2776 int n = vfprintf(outf, fmt, args);
2779 perror(outfname == NULL
2780 ? "<writing to pipe>" : outfname);
2793 if (tcp_last->ptrace_errno) {
2794 if (tcp_last->flags & TCB_INSYSCALL) {
2795 tprintf(" <unavailable>)");
2798 tprintf("= ? <unavailable>\n");
2799 tcp_last->ptrace_errno = 0;
2800 } else if (!outfname || followfork < 2 || tcp_last == tcp) {
2801 tcp_last->flags |= TCB_REPRINT;
2802 tprintf(" <unfinished ...>\n");
2806 if ((followfork == 1 || pflag_seen > 1) && outfname)
2807 tprintf("%-5d ", tcp->pid);
2808 else if (nprocs > 1 && !outfname)
2809 tprintf("[pid %5u] ", tcp->pid);
2811 char str[sizeof("HH:MM:SS")];
2812 struct timeval tv, dtv;
2813 static struct timeval otv;
2815 gettimeofday(&tv, NULL);
2817 if (otv.tv_sec == 0)
2819 tv_sub(&dtv, &tv, &otv);
2820 tprintf("%6ld.%06ld ",
2821 (long) dtv.tv_sec, (long) dtv.tv_usec);
2824 else if (tflag > 2) {
2825 tprintf("%ld.%06ld ",
2826 (long) tv.tv_sec, (long) tv.tv_usec);
2829 time_t local = tv.tv_sec;
2830 strftime(str, sizeof(str), "%T", localtime(&local));
2832 tprintf("%s.%06ld ", str, (long) tv.tv_usec);
2834 tprintf("%s ", str);
2846 tprintf("%*s", col - curcol, "");
2856 #ifdef HAVE_MP_PROCFS
2859 mp_ioctl(int fd, int cmd, void *arg, int size)
2861 struct iovec iov[2];
2864 iov[0].iov_base = &cmd;
2865 iov[0].iov_len = sizeof cmd;
2868 iov[1].iov_base = arg;
2869 iov[1].iov_len = size;
2872 return writev(fd, iov, n);
projects / strace / blob