2 * Copyright (c) 1991, 1992 Paul Kranenburg <pk@cs.few.eur.nl>
3 * Copyright (c) 1993 Branko Lankester <branko@hacktic.nl>
4 * Copyright (c) 1993, 1994, 1995, 1996 Rick Sladkey <jrs@world.std.com>
5 * Copyright (c) 1996-1999 Wichert Akkerman <wichert@cistron.nl>
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. The name of the author may not be used to endorse or promote products
17 * derived from this software without specific prior written permission.
19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
20 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
21 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
22 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
23 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
24 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
25 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
26 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
28 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35 #include <sys/types.h>
39 #include <sys/param.h>
41 #include <sys/resource.h>
50 # include <asm/unistd.h>
51 # if defined __NR_tkill
52 # define my_tkill(tid, sig) syscall(__NR_tkill, (tid), (sig))
54 /* kill() may choose arbitrarily the target task of the process group
55 while we later wait on a that specific TID. PID process waits become
56 TID task specific waits for a process under ptrace(2). */
57 # warning "Neither tkill(2) nor tgkill(2) available, risk of strace hangs!"
58 # define my_tkill(tid, sig) kill((tid), (sig))
62 #if defined(IA64) && defined(LINUX)
63 # include <asm/ptrace_offsets.h>
71 #include <sys/stropts.h>
78 extern char **environ;
83 int debug = 0, followfork = 0;
84 unsigned int ptrace_setoptions = 0;
85 /* Which WSTOPSIG(status) value marks syscall traps? */
86 static unsigned int syscall_trap_sig = SIGTRAP;
87 int dtime = 0, xflag = 0, qflag = 0;
88 cflag_t cflag = CFLAG_NONE;
89 static int iflag = 0, pflag_seen = 0, rflag = 0, tflag = 0;
90 static int interactive = 1;
92 * daemonized_tracer supports -D option.
93 * With this option, strace forks twice.
94 * Unlike normal case, with -D *grandparent* process exec's,
95 * becoming a traced process. Child exits (this prevents traced process
96 * from having children it doesn't expect to have), and grandchild
97 * attaches to grandparent similarly to strace -p PID.
98 * This allows for more transparent interaction in cases
99 * when process and its parent are communicating via signals,
100 * wait() etc. Without -D, strace process gets lodged in between,
101 * disrupting parent<->child link.
103 static bool daemonized_tracer = 0;
105 /* Sometimes we want to print only succeeding syscalls. */
106 int not_failing_only = 0;
108 /* Show path associated with fd arguments */
109 int show_fd_path = 0;
111 /* are we filtering traces based on paths? */
112 int tracing_paths = 0;
114 static int exit_code = 0;
115 static int strace_child = 0;
116 static int strace_tracer_pid = 0;
118 static char *username = NULL;
119 static uid_t run_uid;
120 static gid_t run_gid;
122 int max_strlen = DEFAULT_STRLEN;
123 static int acolumn = DEFAULT_ACOLUMN;
124 static char *acolumn_spaces;
125 static char *outfname = NULL;
128 static struct tcb **tcbtab;
129 static unsigned int nprocs, tcbtabsize;
130 static const char *progname;
132 static int detach(struct tcb *tcp);
133 static int trace(void);
134 static void cleanup(void);
135 static void interrupt(int sig);
136 static sigset_t empty_set, blocked_set;
138 #ifdef HAVE_SIG_ATOMIC_T
139 static volatile sig_atomic_t interrupted;
140 #else /* !HAVE_SIG_ATOMIC_T */
141 static volatile int interrupted;
142 #endif /* !HAVE_SIG_ATOMIC_T */
146 static struct tcb *pfd2tcb(int pfd);
147 static void reaper(int sig);
148 static void rebuild_pollv(void);
149 static struct pollfd *pollv;
151 #ifndef HAVE_POLLABLE_PROCFS
153 static void proc_poll_open(void);
154 static void proc_poller(int pfd);
162 static int poller_pid;
163 static int proc_poll_pipe[2] = { -1, -1 };
165 #endif /* !HAVE_POLLABLE_PROCFS */
167 #ifdef HAVE_MP_PROCFS
168 #define POLLWANT POLLWRNORM
170 #define POLLWANT POLLPRI
172 #endif /* USE_PROCFS */
175 usage(FILE *ofp, int exitval)
178 usage: strace [-CdDffhiqrtttTvVxxy] [-a column] [-e expr] ... [-o file]\n\
179 [-p pid] ... [-s strsize] [-u username] [-E var=val] ...\n\
180 [-P path] [command [arg ...]]\n\
181 or: strace -c [-D] [-e expr] ... [-O overhead] [-S sortby] [-E var=val] ...\n\
182 [command [arg ...]]\n\
183 -c -- count time, calls, and errors for each syscall and report summary\n\
184 -C -- like -c but also print regular output while processes are running\n\
185 -f -- follow forks, -ff -- with output into separate files\n\
186 -F -- attempt to follow vforks, -h -- print help message\n\
187 -i -- print instruction pointer at time of syscall\n\
188 -q -- suppress messages about attaching, detaching, etc.\n\
189 -r -- print relative timestamp, -t -- absolute timestamp, -tt -- with usecs\n\
190 -T -- print time spent in each syscall, -V -- print version\n\
191 -v -- verbose mode: print unabbreviated argv, stat, termio[s], etc. args\n\
192 -x -- print non-ascii strings in hex, -xx -- print all strings in hex\n\
193 -y -- print paths associated with file descriptor arguments\n\
194 -a column -- alignment COLUMN for printing syscall results (default %d)\n\
195 -e expr -- a qualifying expression: option=[!]all or option=[!]val1[,val2]...\n\
196 options: trace, abbrev, verbose, raw, signal, read, or write\n\
197 -o file -- send trace output to FILE instead of stderr\n\
198 -O overhead -- set overhead for tracing syscalls to OVERHEAD usecs\n\
199 -p pid -- trace process with process id PID, may be repeated\n\
200 -D -- run tracer process as a detached grandchild, not as parent\n\
201 -s strsize -- limit length of print strings to STRSIZE chars (default %d)\n\
202 -S sortby -- sort syscall counts by: time, calls, name, nothing (default %s)\n\
203 -u username -- run command as username handling setuid and/or setgid\n\
204 -E var=val -- put var=val in the environment for command\n\
205 -E var -- remove var from the environment for command\n\
206 -P path -- trace accesses to path\n\
207 " /* this is broken, so don't document it
208 -z -- print only succeeding syscalls\n\
210 , DEFAULT_ACOLUMN, DEFAULT_STRLEN, DEFAULT_SORTBY);
214 static void die(void) __attribute__ ((noreturn));
215 static void die(void)
217 if (strace_tracer_pid == getpid()) {
224 static void verror_msg(int err_no, const char *fmt, va_list p)
230 /* We want to print entire message with single fprintf to ensure
231 * message integrity if stderr is shared with other programs.
232 * Thus we use vasprintf + single fprintf.
235 if (vasprintf(&msg, fmt, p) >= 0 && msg) {
237 fprintf(stderr, "%s: %s: %s\n", progname, msg, strerror(err_no));
239 fprintf(stderr, "%s: %s\n", progname, msg);
242 /* malloc in vasprintf failed, try it without malloc */
243 fprintf(stderr, "%s: ", progname);
244 vfprintf(stderr, fmt, p);
246 fprintf(stderr, ": %s\n", strerror(err_no));
250 /* We don't switch stderr to buffered, thus fprintf(stderr)
251 * always flushes its output and this is not necessary: */
252 /* fflush(stderr); */
255 void error_msg(const char *fmt, ...)
259 verror_msg(0, fmt, p);
263 void error_msg_and_die(const char *fmt, ...)
267 verror_msg(0, fmt, p);
271 void perror_msg(const char *fmt, ...)
275 verror_msg(errno, fmt, p);
279 void perror_msg_and_die(const char *fmt, ...)
283 verror_msg(errno, fmt, p);
287 void die_out_of_memory(void)
289 static bool recursed = 0;
293 error_msg_and_die("Out of memory");
305 /* Glue for systems without a MMU that cannot provide fork() */
307 # define strace_vforked 0
309 # define strace_vforked 1
310 # define fork() vfork()
314 set_cloexec_flag(int fd)
318 flags = fcntl(fd, F_GETFD);
320 /* Can happen only if fd is bad.
321 * Should never happen: if it does, we have a bug
322 * in the caller. Therefore we just abort
323 * instead of propagating the error.
325 perror_msg_and_die("fcntl(%d, F_GETFD)", fd);
328 newflags = flags | FD_CLOEXEC;
329 if (flags == newflags)
332 fcntl(fd, F_SETFD, newflags); /* never fails */
336 * When strace is setuid executable, we have to swap uids
337 * before and after filesystem and process management operations.
343 int euid = geteuid(), uid = getuid();
345 if (euid != uid && setreuid(euid, uid) < 0) {
346 perror_msg_and_die("setreuid");
352 # define fopen_for_output fopen64
354 # define fopen_for_output fopen
358 strace_fopen(const char *path)
363 fp = fopen_for_output(path, "w");
365 perror_msg_and_die("Can't fopen '%s'", path);
367 set_cloexec_flag(fileno(fp));
371 static int popen_pid = 0;
374 # define _PATH_BSHELL "/bin/sh"
378 * We cannot use standard popen(3) here because we have to distinguish
379 * popen child process from other processes we trace, and standard popen(3)
380 * does not export its child's pid.
383 strace_popen(const char *command)
390 perror_msg_and_die("pipe");
392 set_cloexec_flag(fds[1]); /* never fails */
396 perror_msg_and_die("vfork");
398 if (popen_pid == 0) {
403 perror_msg_and_die("dup2");
406 execl(_PATH_BSHELL, "sh", "-c", command, NULL);
407 perror_msg_and_die("Can't execute '%s'", _PATH_BSHELL);
413 fp = fdopen(fds[1], "w");
420 newoutf(struct tcb *tcp)
422 if (outfname && followfork > 1) {
423 char name[520 + sizeof(int) * 3];
424 sprintf(name, "%.512s.%u", outfname, tcp->pid);
425 tcp->outf = strace_fopen(name);
436 * Block user interruptions as we would leave the traced
437 * process stopped (process state T) if we would terminate in
438 * between PTRACE_ATTACH and wait4() on SIGSTOP.
439 * We rely on cleanup() from this point on.
442 sigprocmask(SIG_BLOCK, &blocked_set, NULL);
444 if (daemonized_tracer) {
447 perror_msg_and_die("fork");
449 if (pid) { /* parent */
451 * Wait for grandchild to attach to straced process
452 * (grandparent). Grandchild SIGKILLs us after it attached.
453 * Grandparent's wait() is unblocked by our death,
454 * it proceeds to exec the straced program.
457 _exit(0); /* paranoia */
460 /* We will be the tracer process. Remember our new pid: */
461 strace_tracer_pid = getpid();
464 for (tcbi = 0; tcbi < tcbtabsize; tcbi++) {
467 /* Is this a process we should attach to, but not yet attached? */
468 if ((tcp->flags & (TCB_ATTACHED | TCB_STARTUP)) != TCB_ATTACHED)
471 /* Reinitialize the output since it may have changed */
476 if (proc_open(tcp, 1) < 0) {
477 fprintf(stderr, "trouble opening proc file\n");
481 #else /* !USE_PROCFS */
483 if (followfork && !daemonized_tracer) {
484 char procdir[sizeof("/proc/%d/task") + sizeof(int) * 3];
487 sprintf(procdir, "/proc/%d/task", tcp->pid);
488 dir = opendir(procdir);
490 unsigned int ntid = 0, nerr = 0;
493 while ((de = readdir(dir)) != NULL) {
497 if (de->d_fileno == 0)
499 tid = atoi(de->d_name);
503 if (ptrace(PTRACE_ATTACH, tid, (char *) 1, 0) < 0) {
506 fprintf(stderr, "attach to pid %d failed\n", tid);
510 fprintf(stderr, "attach to pid %d succeeded\n", tid);
513 cur_tcp = alloctcb(tid);
514 cur_tcp->flags |= TCB_ATTACHED | TCB_STARTUP | TCB_IGNORE_ONE_SIGSTOP;
518 sigprocmask(SIG_SETMASK, &empty_set, NULL);
521 sigprocmask(SIG_BLOCK, &blocked_set, NULL);
525 perror("attach: ptrace(PTRACE_ATTACH, ...)");
530 fprintf(stderr, ntid > 1
531 ? "Process %u attached with %u threads - interrupt to quit\n"
532 : "Process %u attached - interrupt to quit\n",
535 if (!(tcp->flags & TCB_STARTUP)) {
536 /* -p PID, we failed to attach to PID itself
537 * but did attach to some of its sibling threads.
543 } /* if (opendir worked) */
546 if (ptrace(PTRACE_ATTACH, tcp->pid, (char *) 1, 0) < 0) {
547 perror("attach: ptrace(PTRACE_ATTACH, ...)");
551 tcp->flags |= TCB_STARTUP | TCB_IGNORE_ONE_SIGSTOP;
553 fprintf(stderr, "attach to pid %d (main) succeeded\n", tcp->pid);
555 if (daemonized_tracer) {
557 * It is our grandparent we trace, not a -p PID.
558 * Don't want to just detach on exit, so...
560 tcp->flags &= ~TCB_ATTACHED;
562 * Make parent go away.
563 * Also makes grandparent's wait() unblock.
565 kill(getppid(), SIGKILL);
568 #endif /* !USE_PROCFS */
571 "Process %u attached - interrupt to quit\n",
573 } /* for each tcbtab[] */
577 sigprocmask(SIG_SETMASK, &empty_set, NULL);
581 startup_child(char **argv)
584 const char *filename;
585 char pathname[MAXPATHLEN];
590 if (strchr(filename, '/')) {
591 if (strlen(filename) > sizeof pathname - 1) {
592 errno = ENAMETOOLONG;
593 perror_msg_and_die("exec");
595 strcpy(pathname, filename);
597 #ifdef USE_DEBUGGING_EXEC
599 * Debuggers customarily check the current directory
600 * first regardless of the path but doing that gives
601 * security geeks a panic attack.
603 else if (stat(filename, &statbuf) == 0)
604 strcpy(pathname, filename);
605 #endif /* USE_DEBUGGING_EXEC */
610 for (path = getenv("PATH"); path && *path; path += m) {
611 if (strchr(path, ':')) {
612 n = strchr(path, ':') - path;
616 m = n = strlen(path);
618 if (!getcwd(pathname, MAXPATHLEN))
620 len = strlen(pathname);
622 else if (n > sizeof pathname - 1)
625 strncpy(pathname, path, n);
628 if (len && pathname[len - 1] != '/')
629 pathname[len++] = '/';
630 strcpy(pathname + len, filename);
631 if (stat(pathname, &statbuf) == 0 &&
632 /* Accept only regular files
633 with some execute bits set.
634 XXX not perfect, might still fail */
635 S_ISREG(statbuf.st_mode) &&
636 (statbuf.st_mode & 0111))
640 if (stat(pathname, &statbuf) < 0) {
641 perror_msg_and_die("Can't stat '%s'", filename);
643 strace_child = pid = fork();
645 perror_msg_and_die("fork");
647 if ((pid != 0 && daemonized_tracer) /* -D: parent to become a traced process */
648 || (pid == 0 && !daemonized_tracer) /* not -D: child to become a traced process */
655 /* Kludge for SGI, see proc_open for details. */
656 sa.sa_handler = foobar;
658 sigemptyset(&sa.sa_mask);
659 sigaction(SIGINT, &sa, NULL);
666 #else /* !USE_PROCFS */
667 if (!daemonized_tracer) {
668 if (ptrace(PTRACE_TRACEME, 0, (char *) 1, 0) < 0) {
669 perror_msg_and_die("ptrace(PTRACE_TRACEME, ...)");
675 if (username != NULL) {
676 uid_t run_euid = run_uid;
677 gid_t run_egid = run_gid;
679 if (statbuf.st_mode & S_ISUID)
680 run_euid = statbuf.st_uid;
681 if (statbuf.st_mode & S_ISGID)
682 run_egid = statbuf.st_gid;
684 * It is important to set groups before we
685 * lose privileges on setuid.
687 if (initgroups(username, run_gid) < 0) {
688 perror_msg_and_die("initgroups");
690 if (setregid(run_gid, run_egid) < 0) {
691 perror_msg_and_die("setregid");
693 if (setreuid(run_uid, run_euid) < 0) {
694 perror_msg_and_die("setreuid");
697 else if (geteuid() != 0)
698 setreuid(run_uid, run_uid);
700 if (!daemonized_tracer) {
702 * Induce a ptrace stop. Tracer (our parent)
703 * will resume us with PTRACE_SYSCALL and display
704 * the immediately following execve syscall.
705 * Can't do this on NOMMU systems, we are after
706 * vfork: parent is blocked, stopping would deadlock.
711 struct sigaction sv_sigchld;
712 sigaction(SIGCHLD, NULL, &sv_sigchld);
714 * Make sure it is not SIG_IGN, otherwise wait
717 signal(SIGCHLD, SIG_DFL);
719 * Wait for grandchild to attach to us.
720 * It kills child after that, and wait() unblocks.
725 sigaction(SIGCHLD, &sv_sigchld, NULL);
727 #endif /* !USE_PROCFS */
729 execv(pathname, argv);
730 perror_msg_and_die("exec");
733 /* We are the tracer */
735 if (!daemonized_tracer) {
738 tcp->flags |= TCB_STARTUP | TCB_IGNORE_ONE_SIGSTOP;
740 tcp->flags |= TCB_STARTUP;
743 /* With -D, *we* are child here, IOW: different pid. Fetch it: */
744 strace_tracer_pid = getpid();
745 /* The tracee is our parent: */
748 /* We want subsequent startup_attach() to attach to it: */
749 tcp->flags |= TCB_ATTACHED;
752 if (proc_open(tcp, 0) < 0) {
753 perror_msg_and_die("trouble opening proc file");
759 static void kill_save_errno(pid_t pid, int sig)
761 int saved_errno = errno;
763 (void) kill(pid, sig);
768 * Test whether the kernel support PTRACE_O_TRACECLONE et al options.
769 * First fork a new child, call ptrace with PTRACE_SETOPTIONS on it,
770 * and then see which options are supported by the kernel.
773 test_ptrace_setoptions_followfork(void)
775 int pid, expected_grandchild = 0, found_grandchild = 0;
776 const unsigned int test_options = PTRACE_O_TRACECLONE |
782 perror_msg_and_die("fork");
785 if (ptrace(PTRACE_TRACEME, 0, 0, 0) < 0)
786 perror_msg_and_die("%s: PTRACE_TRACEME doesn't work",
790 perror_msg_and_die("fork");
795 int status, tracee_pid;
798 tracee_pid = wait(&status);
799 if (tracee_pid <= 0) {
802 else if (errno == ECHILD)
804 kill_save_errno(pid, SIGKILL);
805 perror_msg_and_die("%s: unexpected wait result %d",
806 __func__, tracee_pid);
808 if (WIFEXITED(status)) {
809 if (WEXITSTATUS(status)) {
810 if (tracee_pid != pid)
811 kill_save_errno(pid, SIGKILL);
812 error_msg_and_die("%s: unexpected exit status %u",
813 __func__, WEXITSTATUS(status));
817 if (WIFSIGNALED(status)) {
818 if (tracee_pid != pid)
819 kill_save_errno(pid, SIGKILL);
820 error_msg_and_die("%s: unexpected signal %u",
821 __func__, WTERMSIG(status));
823 if (!WIFSTOPPED(status)) {
824 if (tracee_pid != pid)
825 kill_save_errno(tracee_pid, SIGKILL);
827 error_msg_and_die("%s: unexpected wait status %x",
830 if (tracee_pid != pid) {
831 found_grandchild = tracee_pid;
832 if (ptrace(PTRACE_CONT, tracee_pid, 0, 0) < 0) {
833 kill_save_errno(tracee_pid, SIGKILL);
834 kill_save_errno(pid, SIGKILL);
835 perror_msg_and_die("PTRACE_CONT doesn't work");
839 switch (WSTOPSIG(status)) {
841 if (ptrace(PTRACE_SETOPTIONS, pid, 0, test_options) < 0
842 && errno != EINVAL && errno != EIO)
843 perror_msg("PTRACE_SETOPTIONS");
846 if (status >> 16 == PTRACE_EVENT_FORK) {
849 if (ptrace(PTRACE_GETEVENTMSG, pid,
850 NULL, (long) &msg) == 0)
851 expected_grandchild = msg;
855 if (ptrace(PTRACE_SYSCALL, pid, 0, 0) < 0) {
856 kill_save_errno(pid, SIGKILL);
857 perror_msg_and_die("PTRACE_SYSCALL doesn't work");
860 if (expected_grandchild && expected_grandchild == found_grandchild) {
861 ptrace_setoptions |= test_options;
863 fprintf(stderr, "ptrace_setoptions = %#x\n",
867 error_msg("Test for PTRACE_O_TRACECLONE failed, "
868 "giving up using this feature.");
872 * Test whether the kernel support PTRACE_O_TRACESYSGOOD.
873 * First fork a new child, call ptrace(PTRACE_SETOPTIONS) on it,
874 * and then see whether it will stop with (SIGTRAP | 0x80).
876 * Use of this option enables correct handling of user-generated SIGTRAPs,
877 * and SIGTRAPs generated by special instructions such as int3 on x86:
878 * _start: .globl _start
883 * (compile with: "gcc -nostartfiles -nostdlib -o int3 int3.S")
886 test_ptrace_setoptions_for_all(void)
888 const unsigned int test_options = PTRACE_O_TRACESYSGOOD |
895 perror_msg_and_die("fork");
899 if (ptrace(PTRACE_TRACEME, 0L, 0L, 0L) < 0)
900 /* Note: exits with exitcode 1 */
901 perror_msg_and_die("%s: PTRACE_TRACEME doesn't work",
904 _exit(0); /* parent should see entry into this syscall */
908 int status, tracee_pid;
911 tracee_pid = wait(&status);
912 if (tracee_pid <= 0) {
915 kill_save_errno(pid, SIGKILL);
916 perror_msg_and_die("%s: unexpected wait result %d",
917 __func__, tracee_pid);
919 if (WIFEXITED(status)) {
920 if (WEXITSTATUS(status) == 0)
922 error_msg_and_die("%s: unexpected exit status %u",
923 __func__, WEXITSTATUS(status));
925 if (WIFSIGNALED(status)) {
926 error_msg_and_die("%s: unexpected signal %u",
927 __func__, WTERMSIG(status));
929 if (!WIFSTOPPED(status)) {
931 error_msg_and_die("%s: unexpected wait status %x",
934 if (WSTOPSIG(status) == SIGSTOP) {
936 * We don't check "options aren't accepted" error.
937 * If it happens, we'll never get (SIGTRAP | 0x80),
938 * and thus will decide to not use the option.
939 * IOW: the outcome of the test will be correct.
941 if (ptrace(PTRACE_SETOPTIONS, pid, 0L, test_options) < 0
942 && errno != EINVAL && errno != EIO)
943 perror_msg("PTRACE_SETOPTIONS");
945 if (WSTOPSIG(status) == (SIGTRAP | 0x80)) {
948 if (ptrace(PTRACE_SYSCALL, pid, 0L, 0L) < 0) {
949 kill_save_errno(pid, SIGKILL);
950 perror_msg_and_die("PTRACE_SYSCALL doesn't work");
955 syscall_trap_sig = (SIGTRAP | 0x80);
956 ptrace_setoptions |= test_options;
958 fprintf(stderr, "ptrace_setoptions = %#x\n",
963 error_msg("Test for PTRACE_O_TRACESYSGOOD failed, "
964 "giving up using this feature.");
969 main(int argc, char *argv[])
976 progname = argv[0] ? argv[0] : "strace";
978 strace_tracer_pid = getpid();
980 /* Allocate the initial tcbtab. */
981 tcbtabsize = argc; /* Surely enough for all -p args. */
982 tcbtab = calloc(tcbtabsize, sizeof(tcbtab[0]));
985 tcp = calloc(tcbtabsize, sizeof(*tcp));
988 for (c = 0; c < tcbtabsize; c++)
992 set_sortby(DEFAULT_SORTBY);
993 set_personality(DEFAULT_PERSONALITY);
994 qualify("trace=all");
995 qualify("abbrev=all");
996 qualify("verbose=all");
997 qualify("signal=all");
998 while ((c = getopt(argc, argv,
1003 "a:e:o:O:p:s:S:u:E:P:")) != EOF) {
1006 if (cflag == CFLAG_BOTH) {
1007 error_msg_and_die("-c and -C are mutually exclusive options");
1009 cflag = CFLAG_ONLY_STATS;
1012 if (cflag == CFLAG_ONLY_STATS) {
1013 error_msg_and_die("-c and -C are mutually exclusive options");
1022 daemonized_tracer = 1;
1057 qualify("abbrev=none");
1060 printf("%s -- version %s\n", PACKAGE_NAME, VERSION);
1064 not_failing_only = 1;
1067 acolumn = atoi(optarg);
1069 error_msg_and_die("Bad column width '%s'", optarg);
1075 outfname = strdup(optarg);
1078 set_overhead(atoi(optarg));
1083 error_msg("Invalid process id: '%s'", optarg);
1086 if (pid == strace_tracer_pid) {
1087 error_msg("I'm sorry, I can't let you do that, Dave.");
1090 tcp = alloc_tcb(pid, 0);
1091 tcp->flags |= TCB_ATTACHED;
1096 if (pathtrace_select(optarg)) {
1097 error_msg_and_die("Failed to select path '%s'", optarg);
1101 max_strlen = atoi(optarg);
1102 if (max_strlen < 0) {
1103 error_msg_and_die("Invalid -s argument: '%s'", optarg);
1110 username = strdup(optarg);
1113 if (putenv(optarg) < 0)
1114 die_out_of_memory();
1122 /* argc -= optind; - no need, argc is not used below */
1124 acolumn_spaces = malloc(acolumn + 1);
1125 if (!acolumn_spaces)
1126 die_out_of_memory();
1127 memset(acolumn_spaces, ' ', acolumn);
1128 acolumn_spaces[acolumn] = '\0';
1130 /* Must have PROG [ARGS], or -p PID. Not both. */
1131 if (!argv[0] == !pflag_seen)
1134 if (pflag_seen && daemonized_tracer) {
1135 error_msg_and_die("-D and -p are mutually exclusive options");
1141 if (followfork > 1 && cflag) {
1142 error_msg_and_die("(-c or -C) and -ff are mutually exclusive options");
1145 /* See if they want to run as another user. */
1146 if (username != NULL) {
1147 struct passwd *pent;
1149 if (getuid() != 0 || geteuid() != 0) {
1150 error_msg_and_die("You must be root to use the -u option");
1152 pent = getpwnam(username);
1154 error_msg_and_die("Cannot find user '%s'", username);
1156 run_uid = pent->pw_uid;
1157 run_gid = pent->pw_gid;
1166 test_ptrace_setoptions_followfork();
1167 test_ptrace_setoptions_for_all();
1170 /* Check if they want to redirect the output. */
1172 /* See if they want to pipe the output. */
1173 if (outfname[0] == '|' || outfname[0] == '!') {
1175 * We can't do the <outfname>.PID funny business
1176 * when using popen, so prohibit it.
1179 error_msg_and_die("Piping the output and -ff are mutually exclusive");
1180 outf = strace_popen(outfname + 1);
1182 else if (followfork <= 1)
1183 outf = strace_fopen(outfname);
1186 if (!outfname || outfname[0] == '|' || outfname[0] == '!') {
1187 char *buf = malloc(BUFSIZ);
1189 die_out_of_memory();
1190 setvbuf(outf, buf, _IOLBF, BUFSIZ);
1192 if (outfname && argv[0]) {
1197 /* Valid states here:
1198 argv[0] pflag_seen outfname interactive
1205 /* STARTUP_CHILD must be called before the signal handlers get
1206 installed below as they are inherited into the spawned process.
1207 Also we do not need to be protected by them as during interruption
1208 in the STARTUP_CHILD mode we kill the spawned process anyway. */
1210 startup_child(argv);
1212 sigemptyset(&empty_set);
1213 sigemptyset(&blocked_set);
1214 sa.sa_handler = SIG_IGN;
1215 sigemptyset(&sa.sa_mask);
1217 sigaction(SIGTTOU, &sa, NULL);
1218 sigaction(SIGTTIN, &sa, NULL);
1219 /* In interactive mode (if no -o OUTFILE, or -p PID is used),
1220 * fatal signals are blocked across syscall waits, and acted on
1221 * in between. In non-interactive mode, signals are ignored.
1224 sigaddset(&blocked_set, SIGHUP);
1225 sigaddset(&blocked_set, SIGINT);
1226 sigaddset(&blocked_set, SIGQUIT);
1227 sigaddset(&blocked_set, SIGPIPE);
1228 sigaddset(&blocked_set, SIGTERM);
1229 sa.sa_handler = interrupt;
1231 /* POSIX signals on sunos4.1 are a little broken. */
1232 sa.sa_flags = SA_INTERRUPT;
1235 sigaction(SIGHUP, &sa, NULL);
1236 sigaction(SIGINT, &sa, NULL);
1237 sigaction(SIGQUIT, &sa, NULL);
1238 sigaction(SIGPIPE, &sa, NULL);
1239 sigaction(SIGTERM, &sa, NULL);
1241 sa.sa_handler = reaper;
1242 sigaction(SIGCHLD, &sa, NULL);
1244 /* Make sure SIGCHLD has the default action so that waitpid
1245 definitely works without losing track of children. The user
1246 should not have given us a bogus state to inherit, but he might
1247 have. Arguably we should detect SIG_IGN here and pass it on
1248 to children, but probably noone really needs that. */
1249 sa.sa_handler = SIG_DFL;
1250 sigaction(SIGCHLD, &sa, NULL);
1251 #endif /* USE_PROCFS */
1253 if (pflag_seen || daemonized_tracer)
1260 if (exit_code > 0xff) {
1261 /* Child was killed by a signal, mimic that. */
1263 signal(exit_code, SIG_DFL);
1265 /* Paranoia - what if this signal is not fatal?
1266 Exit with 128 + signo then. */
1275 /* Allocate some more TCBs and expand the table.
1276 We don't want to relocate the TCBs because our
1277 callers have pointers and it would be a pain.
1278 So tcbtab is a table of pointers. Since we never
1279 free the TCBs, we allocate a single chunk of many. */
1281 struct tcb *newtcbs = calloc(tcbtabsize, sizeof(newtcbs[0]));
1282 struct tcb **newtab = realloc(tcbtab, tcbtabsize * 2 * sizeof(tcbtab[0]));
1283 if (!newtab || !newtcbs)
1284 die_out_of_memory();
1287 while (i < tcbtabsize)
1288 tcbtab[i++] = newtcbs++;
1292 alloc_tcb(int pid, int command_options_parsed)
1297 if (nprocs == tcbtabsize)
1300 for (i = 0; i < tcbtabsize; i++) {
1302 if ((tcp->flags & TCB_INUSE) == 0) {
1303 memset(tcp, 0, sizeof(*tcp));
1305 tcp->flags = TCB_INUSE;
1306 tcp->outf = outf; /* Initialise to current out file */
1307 #if SUPPORTED_PERSONALITIES > 1
1308 tcp->currpers = current_personality;
1315 fprintf(stderr, "new tcb for pid %d, active tcbs:%d\n", tcp->pid, nprocs);
1316 if (command_options_parsed)
1321 error_msg_and_die("bug in alloc_tcb");
1326 proc_open(struct tcb *tcp, int attaching)
1336 #ifndef HAVE_POLLABLE_PROCFS
1337 static int last_pfd;
1340 #ifdef HAVE_MP_PROCFS
1341 /* Open the process pseudo-files in /proc. */
1342 sprintf(proc, "/proc/%d/ctl", tcp->pid);
1343 tcp->pfd = open(proc, O_WRONLY|O_EXCL);
1345 perror("strace: open(\"/proc/...\", ...)");
1348 set_cloexec_flag(tcp->pfd);
1349 sprintf(proc, "/proc/%d/status", tcp->pid);
1350 tcp->pfd_stat = open(proc, O_RDONLY|O_EXCL);
1351 if (tcp->pfd_stat < 0) {
1352 perror("strace: open(\"/proc/...\", ...)");
1355 set_cloexec_flag(tcp->pfd_stat);
1356 sprintf(proc, "/proc/%d/as", tcp->pid);
1357 tcp->pfd_as = open(proc, O_RDONLY|O_EXCL);
1358 if (tcp->pfd_as < 0) {
1359 perror("strace: open(\"/proc/...\", ...)");
1362 set_cloexec_flag(tcp->pfd_as);
1364 /* Open the process pseudo-file in /proc. */
1366 sprintf(proc, "/proc/%d", tcp->pid);
1367 tcp->pfd = open(proc, O_RDWR|O_EXCL);
1369 sprintf(proc, "/proc/%d/mem", tcp->pid);
1370 tcp->pfd = open(proc, O_RDWR);
1373 perror("strace: open(\"/proc/...\", ...)");
1376 set_cloexec_flag(tcp->pfd);
1379 sprintf(proc, "/proc/%d/regs", tcp->pid);
1380 tcp->pfd_reg = open(proc, O_RDONLY);
1381 if (tcp->pfd_reg < 0) {
1382 perror("strace: open(\"/proc/.../regs\", ...)");
1386 sprintf(proc, "/proc/%d/status", tcp->pid);
1387 tcp->pfd_status = open(proc, O_RDONLY);
1388 if (tcp->pfd_status < 0) {
1389 perror("strace: open(\"/proc/.../status\", ...)");
1393 tcp->pfd_status = -1;
1394 #endif /* FREEBSD */
1398 * Wait for the child to pause. Because of a race
1399 * condition we have to poll for the event.
1402 if (IOCTL_STATUS(tcp) < 0) {
1403 perror("strace: PIOCSTATUS");
1406 if (tcp->status.PR_FLAGS & PR_ASLEEP)
1411 /* Stop the process so that we own the stop. */
1412 if (IOCTL(tcp->pfd, PIOCSTOP, (char *)NULL) < 0) {
1413 perror("strace: PIOCSTOP");
1418 /* Set Run-on-Last-Close. */
1420 if (IOCTL(tcp->pfd, PIOCSET, &arg) < 0) {
1421 perror("PIOCSET PR_RLC");
1424 /* Set or Reset Inherit-on-Fork. */
1426 if (IOCTL(tcp->pfd, followfork ? PIOCSET : PIOCRESET, &arg) < 0) {
1427 perror("PIOC{SET,RESET} PR_FORK");
1430 #else /* !PIOCSET */
1432 if (ioctl(tcp->pfd, PIOCSRLC) < 0) {
1436 if (ioctl(tcp->pfd, followfork ? PIOCSFORK : PIOCRFORK) < 0) {
1437 perror("PIOC{S,R}FORK");
1441 /* just unset the PF_LINGER flag for the Run-on-Last-Close. */
1442 if (ioctl(tcp->pfd, PIOCGFL, &arg) < 0) {
1447 if (ioctl(tcp->pfd, PIOCSFL, arg) < 0) {
1451 #endif /* FREEBSD */
1452 #endif /* !PIOCSET */
1454 /* Enable all syscall entries we care about. */
1455 premptyset(&syscalls);
1456 for (i = 1; i < MAX_QUALS; ++i) {
1457 if (i > (sizeof syscalls) * CHAR_BIT) break;
1458 if (qual_flags[i] & QUAL_TRACE) praddset(&syscalls, i);
1460 praddset(&syscalls, SYS_execve);
1462 praddset(&syscalls, SYS_fork);
1464 praddset(&syscalls, SYS_forkall);
1467 praddset(&syscalls, SYS_fork1);
1470 praddset(&syscalls, SYS_rfork1);
1473 praddset(&syscalls, SYS_rforkall);
1476 if (IOCTL(tcp->pfd, PIOCSENTRY, &syscalls) < 0) {
1477 perror("PIOCSENTRY");
1480 /* Enable the syscall exits. */
1481 if (IOCTL(tcp->pfd, PIOCSEXIT, &syscalls) < 0) {
1485 /* Enable signals we care about. */
1486 premptyset(&signals);
1487 for (i = 1; i < MAX_QUALS; ++i) {
1488 if (i > (sizeof signals) * CHAR_BIT) break;
1489 if (qual_flags[i] & QUAL_SIGNAL) praddset(&signals, i);
1491 if (IOCTL(tcp->pfd, PIOCSTRACE, &signals) < 0) {
1492 perror("PIOCSTRACE");
1495 /* Enable faults we care about */
1496 premptyset(&faults);
1497 for (i = 1; i < MAX_QUALS; ++i) {
1498 if (i > (sizeof faults) * CHAR_BIT) break;
1499 if (qual_flags[i] & QUAL_FAULT) praddset(&faults, i);
1501 if (IOCTL(tcp->pfd, PIOCSFAULT, &faults) < 0) {
1502 perror("PIOCSFAULT");
1506 /* set events flags. */
1507 arg = S_SIG | S_SCE | S_SCX;
1508 if (ioctl(tcp->pfd, PIOCBIS, arg) < 0) {
1512 #endif /* FREEBSD */
1516 * The SGI PRSABORT doesn't work for pause() so
1517 * we send it a caught signal to wake it up.
1519 kill(tcp->pid, SIGINT);
1522 /* The child is in a pause(), abort it. */
1524 if (IOCTL(tcp->pfd, PIOCRUN, &arg) < 0) {
1531 /* wake up the child if it received the SIGSTOP */
1532 kill(tcp->pid, SIGCONT);
1535 /* Wait for the child to do something. */
1536 if (IOCTL_WSTOP(tcp) < 0) {
1537 perror("PIOCWSTOP");
1540 if (tcp->status.PR_WHY == PR_SYSENTRY) {
1541 tcp->flags &= ~TCB_INSYSCALL;
1543 if (known_scno(tcp) == SYS_execve)
1546 /* Set it running: maybe execve will be next. */
1549 if (IOCTL(tcp->pfd, PIOCRUN, &arg) < 0)
1551 if (IOCTL(tcp->pfd, PIOCRUN, 0) < 0)
1558 /* handle the case where we "opened" the child before
1559 it did the kill -STOP */
1560 if (tcp->status.PR_WHY == PR_SIGNALLED &&
1561 tcp->status.PR_WHAT == SIGSTOP)
1562 kill(tcp->pid, SIGCONT);
1568 if (attaching < 2) {
1569 /* We are attaching to an already running process.
1570 * Try to figure out the state of the process in syscalls,
1571 * to handle the first event well.
1572 * This is done by having a look at the "wchan" property of the
1573 * process, which tells where it is stopped (if it is). */
1575 char wchan[20]; /* should be enough */
1577 sprintf(proc, "/proc/%d/status", tcp->pid);
1578 status = fopen(proc, "r");
1580 (fscanf(status, "%*s %*d %*d %*d %*d %*d,%*d %*s %*d,%*d"
1581 "%*d,%*d %*d,%*d %19s", wchan) == 1) &&
1582 strcmp(wchan, "nochan") && strcmp(wchan, "spread") &&
1583 strcmp(wchan, "stopevent")) {
1584 /* The process is asleep in the middle of a syscall.
1585 Fake the syscall entry event */
1586 tcp->flags &= ~(TCB_INSYSCALL|TCB_STARTUP);
1587 tcp->status.PR_WHY = PR_SYSENTRY;
1592 } /* otherwise it's a fork being followed */
1594 #endif /* FREEBSD */
1595 #ifndef HAVE_POLLABLE_PROCFS
1596 if (proc_poll_pipe[0] != -1)
1597 proc_poller(tcp->pfd);
1598 else if (nprocs > 1) {
1600 proc_poller(last_pfd);
1601 proc_poller(tcp->pfd);
1603 last_pfd = tcp->pfd;
1604 #endif /* !HAVE_POLLABLE_PROCFS */
1608 #endif /* USE_PROCFS */
1618 for (i = 0; i < tcbtabsize; i++) {
1619 struct tcb *tcp = tcbtab[i];
1620 if (tcp->pid == pid && (tcp->flags & TCB_INUSE))
1630 first_used_tcb(void)
1634 for (i = 0; i < tcbtabsize; i++) {
1636 if (tcp->flags & TCB_INUSE)
1647 for (i = 0; i < tcbtabsize; i++) {
1648 struct tcb *tcp = tcbtab[i];
1649 if (tcp->pfd != pfd)
1651 if (tcp->flags & TCB_INUSE)
1657 #endif /* USE_PROCFS */
1660 droptcb(struct tcb *tcp)
1667 fprintf(stderr, "dropped tcb for pid %d, %d remain\n", tcp->pid, nprocs);
1670 if (tcp->pfd != -1) {
1674 if (tcp->pfd_reg != -1) {
1675 close(tcp->pfd_reg);
1678 if (tcp->pfd_status != -1) {
1679 close(tcp->pfd_status);
1680 tcp->pfd_status = -1;
1683 tcp->flags = 0; /* rebuild_pollv needs it */
1688 if (outfname && followfork > 1 && tcp->outf)
1691 memset(tcp, 0, sizeof(*tcp));
1694 /* detach traced process; continue with sig
1695 Never call DETACH twice on the same process as both unattached and
1696 attached-unstopped processes give the same ESRCH. For unattached process we
1697 would SIGSTOP it and wait for its SIGSTOP notification forever. */
1700 detach(struct tcb *tcp)
1704 int status, catch_sigstop;
1707 if (tcp->flags & TCB_BPTSET)
1712 * Linux wrongly insists the child be stopped
1713 * before detaching. Arghh. We go through hoops
1714 * to make a clean break of things.
1717 #undef PTRACE_DETACH
1718 #define PTRACE_DETACH PTRACE_SUNDETACH
1721 * We did PTRACE_ATTACH but possibly didn't see the expected SIGSTOP.
1722 * We must catch exactly one as otherwise the detached process
1723 * would be left stopped (process state T).
1725 catch_sigstop = (tcp->flags & TCB_IGNORE_ONE_SIGSTOP);
1726 error = ptrace(PTRACE_DETACH, tcp->pid, (char *) 1, 0);
1728 /* On a clear day, you can see forever. */
1730 else if (errno != ESRCH) {
1731 /* Shouldn't happen. */
1732 perror("detach: ptrace(PTRACE_DETACH, ...)");
1734 else if (my_tkill(tcp->pid, 0) < 0) {
1736 perror("detach: checking sanity");
1738 else if (!catch_sigstop && my_tkill(tcp->pid, SIGSTOP) < 0) {
1740 perror("detach: stopping child");
1744 if (catch_sigstop) {
1747 if (wait4(tcp->pid, &status, __WALL, NULL) < 0) {
1748 if (errno == ECHILD) /* Already gone. */
1750 if (errno != EINVAL) {
1751 perror("detach: waiting");
1755 /* No __WALL here. */
1756 if (waitpid(tcp->pid, &status, 0) < 0) {
1757 if (errno != ECHILD) {
1758 perror("detach: waiting");
1762 /* If no processes, try clones. */
1763 if (wait4(tcp->pid, &status, __WCLONE,
1765 if (errno != ECHILD)
1766 perror("detach: waiting");
1769 #endif /* __WCLONE */
1774 if (!WIFSTOPPED(status)) {
1775 /* Au revoir, mon ami. */
1778 if (WSTOPSIG(status) == SIGSTOP) {
1779 ptrace_restart(PTRACE_DETACH, tcp, 0);
1782 error = ptrace_restart(PTRACE_CONT, tcp,
1783 WSTOPSIG(status) == syscall_trap_sig ? 0
1784 : WSTOPSIG(status));
1792 /* PTRACE_DETACH won't respect `sig' argument, so we post it here. */
1793 error = ptrace_restart(PTRACE_DETACH, tcp, 0);
1797 fprintf(stderr, "Process %u detached\n", tcp->pid);
1806 static void reaper(int sig)
1811 while ((pid = waitpid(-1, &status, WNOHANG)) > 0) {
1815 #endif /* USE_PROCFS */
1823 for (i = 0; i < tcbtabsize; i++) {
1825 if (!(tcp->flags & TCB_INUSE))
1829 "cleanup: looking at pid %u\n", tcp->pid);
1831 (!outfname || followfork < 2 || tcp_last == tcp)) {
1832 tprints(" <unfinished ...>");
1835 if (tcp->flags & TCB_ATTACHED)
1838 kill(tcp->pid, SIGCONT);
1839 kill(tcp->pid, SIGTERM);
1852 #ifndef HAVE_STRERROR
1854 #if !HAVE_DECL_SYS_ERRLIST
1855 extern int sys_nerr;
1856 extern char *sys_errlist[];
1857 #endif /* HAVE_DECL_SYS_ERRLIST */
1860 strerror(int err_no)
1862 static char buf[64];
1864 if (err_no < 1 || err_no >= sys_nerr) {
1865 sprintf(buf, "Unknown error %d", err_no);
1868 return sys_errlist[err_no];
1871 #endif /* HAVE_STERRROR */
1873 #ifndef HAVE_STRSIGNAL
1875 #if defined HAVE_SYS_SIGLIST && !defined HAVE_DECL_SYS_SIGLIST
1876 extern char *sys_siglist[];
1878 #if defined HAVE_SYS__SIGLIST && !defined HAVE_DECL__SYS_SIGLIST
1879 extern char *_sys_siglist[];
1885 static char buf[64];
1887 if (sig < 1 || sig >= NSIG) {
1888 sprintf(buf, "Unknown signal %d", sig);
1891 #ifdef HAVE__SYS_SIGLIST
1892 return _sys_siglist[sig];
1894 return sys_siglist[sig];
1898 #endif /* HAVE_STRSIGNAL */
1908 pollv = malloc(nprocs * sizeof(pollv[0]));
1910 die_out_of_memory();
1912 for (i = j = 0; i < tcbtabsize; i++) {
1913 struct tcb *tcp = tcbtab[i];
1914 if (!(tcp->flags & TCB_INUSE))
1916 pollv[j].fd = tcp->pfd;
1917 pollv[j].events = POLLWANT;
1921 error_msg_and_die("proc miscount");
1925 #ifndef HAVE_POLLABLE_PROCFS
1928 proc_poll_open(void)
1932 if (pipe(proc_poll_pipe) < 0) {
1933 perror_msg_and_die("pipe");
1935 for (i = 0; i < 2; i++) {
1936 set_cloexec_flag(proc_poll_pipe[i]);
1941 proc_poll(struct pollfd *pollv, int nfds, int timeout)
1945 struct proc_pollfd pollinfo;
1947 n = read(proc_poll_pipe[0], &pollinfo, sizeof(pollinfo));
1950 if (n != sizeof(struct proc_pollfd)) {
1951 error_msg_and_die("panic: short read: %d", n);
1953 for (i = 0; i < nprocs; i++) {
1954 if (pollv[i].fd == pollinfo.fd)
1955 pollv[i].revents = pollinfo.revents;
1957 pollv[i].revents = 0;
1959 poller_pid = pollinfo.pid;
1964 wakeup_handler(int sig)
1969 proc_poller(int pfd)
1971 struct proc_pollfd pollinfo;
1972 struct sigaction sa;
1973 sigset_t blocked_set, empty_set;
1978 struct procfs_status pfs;
1979 #endif /* FREEBSD */
1983 perror_msg_and_die("fork");
1990 sa.sa_handler = interactive ? SIG_DFL : SIG_IGN;
1992 sigemptyset(&sa.sa_mask);
1993 sigaction(SIGHUP, &sa, NULL);
1994 sigaction(SIGINT, &sa, NULL);
1995 sigaction(SIGQUIT, &sa, NULL);
1996 sigaction(SIGPIPE, &sa, NULL);
1997 sigaction(SIGTERM, &sa, NULL);
1998 sa.sa_handler = wakeup_handler;
1999 sigaction(SIGUSR1, &sa, NULL);
2000 sigemptyset(&blocked_set);
2001 sigaddset(&blocked_set, SIGUSR1);
2002 sigprocmask(SIG_BLOCK, &blocked_set, NULL);
2003 sigemptyset(&empty_set);
2005 if (getrlimit(RLIMIT_NOFILE, &rl) < 0) {
2006 perror_msg_and_die("getrlimit(RLIMIT_NOFILE, ...)");
2009 for (i = 0; i < n; i++) {
2010 if (i != pfd && i != proc_poll_pipe[1])
2015 pollinfo.pid = getpid();
2018 if (ioctl(pfd, PIOCWSTOP, NULL) < 0)
2020 if (ioctl(pfd, PIOCWSTOP, &pfs) < 0)
2027 pollinfo.revents = POLLERR;
2030 pollinfo.revents = POLLHUP;
2033 perror("proc_poller: PIOCWSTOP");
2035 write(proc_poll_pipe[1], &pollinfo, sizeof(pollinfo));
2038 pollinfo.revents = POLLWANT;
2039 write(proc_poll_pipe[1], &pollinfo, sizeof(pollinfo));
2040 sigsuspend(&empty_set);
2044 #endif /* !HAVE_POLLABLE_PROCFS */
2054 if (followfork < 2 &&
2055 last < nprocs && (pollv[last].revents & POLLWANT)) {
2057 * The previous process is ready to run again. We'll
2058 * let it do so if it is currently in a syscall. This
2059 * heuristic improves the readability of the trace.
2061 tcp = pfd2tcb(pollv[last].fd);
2062 if (tcp && exiting(tcp))
2063 return pollv[last].fd;
2066 for (i = 0; i < nprocs; i++) {
2067 /* Let competing children run round robin. */
2068 j = (i + last + 1) % nprocs;
2069 if (pollv[j].revents & (POLLHUP | POLLERR)) {
2070 tcp = pfd2tcb(pollv[j].fd);
2072 error_msg_and_die("lost proc");
2077 if (pollv[j].revents & POLLWANT) {
2082 error_msg_and_die("nothing ready");
2089 struct tcb *in_syscall = NULL;
2094 int ioctl_result = 0, ioctl_errno = 0;
2099 sigprocmask(SIG_SETMASK, &empty_set, NULL);
2106 #ifndef HAVE_POLLABLE_PROCFS
2107 if (proc_poll_pipe[0] == -1) {
2109 tcp = first_used_tcb();
2116 #ifndef HAVE_POLLABLE_PROCFS
2118 /* fall through ... */
2119 #endif /* !HAVE_POLLABLE_PROCFS */
2121 #ifdef HAVE_POLLABLE_PROCFS
2123 /* On some systems (e.g. UnixWare) we get too much ugly
2124 "unfinished..." stuff when multiple proceses are in
2125 syscalls. Here's a nasty hack */
2132 pv.events = POLLWANT;
2133 what = poll(&pv, 1, 1);
2139 else if (what == 1 && pv.revents & POLLWANT) {
2145 if (poll(pollv, nprocs, INFTIM) < 0) {
2150 #else /* !HAVE_POLLABLE_PROCFS */
2151 if (proc_poll(pollv, nprocs, INFTIM) < 0) {
2156 #endif /* !HAVE_POLLABLE_PROCFS */
2163 /* Look up `pfd' in our table. */
2166 error_msg_and_die("unknown pfd: %u", pfd);
2171 /* Get the status of the process. */
2174 ioctl_result = IOCTL_WSTOP(tcp);
2176 /* Thanks to some scheduling mystery, the first poller
2177 sometimes waits for the already processed end of fork
2178 event. Doing a non blocking poll here solves the problem. */
2179 if (proc_poll_pipe[0] != -1)
2180 ioctl_result = IOCTL_STATUS(tcp);
2182 ioctl_result = IOCTL_WSTOP(tcp);
2183 #endif /* FREEBSD */
2184 ioctl_errno = errno;
2185 #ifndef HAVE_POLLABLE_PROCFS
2186 if (proc_poll_pipe[0] != -1) {
2187 if (ioctl_result < 0)
2188 kill(poller_pid, SIGKILL);
2190 kill(poller_pid, SIGUSR1);
2192 #endif /* !HAVE_POLLABLE_PROCFS */
2198 sigprocmask(SIG_BLOCK, &blocked_set, NULL);
2200 if (ioctl_result < 0) {
2201 /* Find out what happened if it failed. */
2202 switch (ioctl_errno) {
2213 perror_msg_and_die("PIOCWSTOP");
2218 if ((tcp->flags & TCB_STARTUP) && (tcp->status.PR_WHY == PR_SYSEXIT)) {
2219 /* discard first event for a syscall we never entered */
2220 IOCTL(tcp->pfd, PIOCRUN, 0);
2225 /* clear the just started flag */
2226 tcp->flags &= ~TCB_STARTUP;
2228 /* set current output file */
2230 curcol = tcp->curcol;
2233 struct timeval stime;
2238 len = pread(tcp->pfd_status, buf, sizeof(buf) - 1, 0);
2242 "%*s %*d %*d %*d %*d %*d,%*d %*s %*d,%*d %*d,%*d %ld,%ld",
2243 &stime.tv_sec, &stime.tv_usec);
2245 stime.tv_sec = stime.tv_usec = 0;
2246 #else /* !FREEBSD */
2247 stime.tv_sec = tcp->status.pr_stime.tv_sec;
2248 stime.tv_usec = tcp->status.pr_stime.tv_nsec/1000;
2249 #endif /* !FREEBSD */
2250 tv_sub(&tcp->dtime, &stime, &tcp->stime);
2253 what = tcp->status.PR_WHAT;
2254 switch (tcp->status.PR_WHY) {
2257 if (tcp->status.PR_FLAGS & PR_ASLEEP) {
2258 tcp->status.PR_WHY = PR_SYSENTRY;
2259 if (trace_syscall(tcp) < 0) {
2260 error_msg_and_die("syscall trouble");
2264 #endif /* !FREEBSD */
2270 if (trace_syscall(tcp) < 0) {
2271 error_msg_and_die("syscall trouble");
2275 if (cflag != CFLAG_ONLY_STATS
2276 && (qual_flags[what] & QUAL_SIGNAL)) {
2278 tprintf("--- %s (%s) ---",
2279 signame(what), strsignal(what));
2282 if (tcp->status.PR_INFO.si_signo == what) {
2284 tprints(" siginfo=");
2285 printsiginfo(&tcp->status.PR_INFO, 1);
2292 if (cflag != CFLAGS_ONLY_STATS
2293 && (qual_flags[what] & QUAL_FAULT)) {
2295 tprintf("=== FAULT %d ===", what);
2300 case 0: /* handle case we polled for nothing */
2304 error_msg_and_die("odd stop %d", tcp->status.PR_WHY);
2307 /* Remember current print column before continuing. */
2308 tcp->curcol = curcol;
2311 if (IOCTL(tcp->pfd, PIOCRUN, &arg) < 0)
2313 if (IOCTL(tcp->pfd, PIOCRUN, 0) < 0)
2316 perror_msg_and_die("PIOCRUN");
2322 #else /* !USE_PROCFS */
2333 struct rusage *rup = cflag ? &ru : NULL;
2335 static int wait4_options = __WALL;
2339 while (nprocs != 0) {
2343 sigprocmask(SIG_SETMASK, &empty_set, NULL);
2346 pid = wait4(-1, &status, wait4_options, rup);
2347 if (pid < 0 && (wait4_options & __WALL) && errno == EINVAL) {
2348 /* this kernel does not support __WALL */
2349 wait4_options &= ~__WALL;
2350 pid = wait4(-1, &status, wait4_options, rup);
2352 if (pid < 0 && !(wait4_options & __WALL) && errno == ECHILD) {
2353 /* most likely a "cloned" process */
2354 pid = wait4(-1, &status, __WCLONE, rup);
2356 perror_msg("wait4(__WCLONE) failed");
2360 pid = wait4(-1, &status, 0, rup);
2361 # endif /* __WALL */
2364 pid = wait(&status);
2368 sigprocmask(SIG_BLOCK, &blocked_set, NULL);
2371 switch (wait_errno) {
2376 * We would like to verify this case
2377 * but sometimes a race in Solbourne's
2378 * version of SunOS sometimes reports
2379 * ECHILD before sending us SIGCHILD.
2384 perror("strace: wait");
2388 if (pid == popen_pid) {
2389 if (WIFEXITED(status) || WIFSIGNALED(status))
2394 char buf[sizeof("WIFEXITED,exitcode=%u") + sizeof(int)*3 /*paranoia:*/ + 16];
2396 unsigned ev = (unsigned)status >> 16;
2398 static const char *const event_names[] = {
2399 [PTRACE_EVENT_CLONE] = "CLONE",
2400 [PTRACE_EVENT_FORK] = "FORK",
2401 [PTRACE_EVENT_VFORK] = "VFORK",
2402 [PTRACE_EVENT_VFORK_DONE] = "VFORK_DONE",
2403 [PTRACE_EVENT_EXEC] = "EXEC",
2404 [PTRACE_EVENT_EXIT] = "EXIT",
2407 if (ev < ARRAY_SIZE(event_names))
2408 e = event_names[ev];
2410 sprintf(buf, "?? (%u)", ev);
2413 fprintf(stderr, " PTRACE_EVENT_%s", e);
2417 if (WIFSIGNALED(status))
2419 sprintf(buf, "WIFSIGNALED,%ssig=%s",
2420 WCOREDUMP(status) ? "core," : "",
2421 signame(WTERMSIG(status)));
2423 sprintf(buf, "WIFSIGNALED,sig=%s",
2424 signame(WTERMSIG(status)));
2426 if (WIFEXITED(status))
2427 sprintf(buf, "WIFEXITED,exitcode=%u", WEXITSTATUS(status));
2428 if (WIFSTOPPED(status))
2429 sprintf(buf, "WIFSTOPPED,sig=%s", signame(WSTOPSIG(status)));
2431 if (WIFCONTINUED(status))
2432 strcpy(buf, "WIFCONTINUED");
2434 fprintf(stderr, " [wait(0x%04x) = %u] %s\n", status, pid, buf);
2437 /* Look up `pid' in our table. */
2442 /* This is needed to go with the CLONE_PTRACE
2443 changes in process.c/util.c: we might see
2444 the child's initial trap before we see the
2445 parent return from the clone syscall.
2446 Leave the child suspended until the parent
2447 returns from its system call. Only then
2448 will we have the association of parent and
2449 child so that we know how to do clearbpt
2451 tcp = alloctcb(pid);
2452 tcp->flags |= TCB_ATTACHED | TCB_STARTUP | TCB_IGNORE_ONE_SIGSTOP;
2454 fprintf(stderr, "Process %d attached\n",
2458 /* This can happen if a clone call used
2459 CLONE_PTRACE itself. */
2462 if (WIFSTOPPED(status))
2463 ptrace(PTRACE_CONT, pid, (char *) 1, 0);
2464 error_msg_and_die("Unknown pid: %u", pid);
2467 /* set current output file */
2469 curcol = tcp->curcol;
2472 tv_sub(&tcp->dtime, &ru.ru_stime, &tcp->stime);
2473 tcp->stime = ru.ru_stime;
2477 if (WIFSIGNALED(status)) {
2478 if (pid == strace_child)
2479 exit_code = 0x100 | WTERMSIG(status);
2480 if (cflag != CFLAG_ONLY_STATS
2481 && (qual_flags[WTERMSIG(status)] & QUAL_SIGNAL)) {
2484 tprintf("+++ killed by %s %s+++",
2485 signame(WTERMSIG(status)),
2486 WCOREDUMP(status) ? "(core dumped) " : "");
2488 tprintf("+++ killed by %s +++",
2489 signame(WTERMSIG(status)));
2497 if (WIFEXITED(status)) {
2498 if (pid == strace_child)
2499 exit_code = WEXITSTATUS(status);
2500 if (tcp == tcp_last) {
2501 if ((tcp->flags & (TCB_INSYSCALL|TCB_REPRINT)) == TCB_INSYSCALL)
2502 tprintf(" <unfinished ... exit status %d>\n",
2503 WEXITSTATUS(status));
2506 if (!cflag /* && (qual_flags[WTERMSIG(status)] & QUAL_SIGNAL) */ ) {
2508 tprintf("+++ exited with %d +++", WEXITSTATUS(status));
2515 if (!WIFSTOPPED(status)) {
2516 fprintf(stderr, "PANIC: pid %u not stopped\n", pid);
2521 /* Is this the very first time we see this tracee stopped? */
2522 if (tcp->flags & TCB_STARTUP) {
2524 fprintf(stderr, "pid %d has TCB_STARTUP, initializing it\n", tcp->pid);
2525 tcp->flags &= ~TCB_STARTUP;
2526 if (tcp->flags & TCB_BPTSET) {
2528 * One example is a breakpoint inherited from
2529 * parent through fork().
2531 if (clearbpt(tcp) < 0) {
2539 if (ptrace_setoptions) {
2541 fprintf(stderr, "setting opts %x on pid %d\n", ptrace_setoptions, tcp->pid);
2542 if (ptrace(PTRACE_SETOPTIONS, tcp->pid, NULL, ptrace_setoptions) < 0) {
2543 if (errno != ESRCH) {
2544 /* Should never happen, really */
2545 perror_msg_and_die("PTRACE_SETOPTIONS");
2552 if (((unsigned)status >> 16) != 0) {
2553 /* Ptrace event (we ignore all of them for now) */
2554 goto restart_tracee_with_sig_0;
2557 sig = WSTOPSIG(status);
2559 /* Is this post-attach SIGSTOP?
2560 * Interestingly, the process may stop
2561 * with STOPSIG equal to some other signal
2562 * than SIGSTOP if we happend to attach
2563 * just before the process takes a signal.
2565 if (sig == SIGSTOP && (tcp->flags & TCB_IGNORE_ONE_SIGSTOP)) {
2567 fprintf(stderr, "ignored SIGSTOP on pid %d\n", tcp->pid);
2568 tcp->flags &= ~TCB_IGNORE_ONE_SIGSTOP;
2569 goto restart_tracee_with_sig_0;
2572 if (sig != syscall_trap_sig) {
2573 if (cflag != CFLAG_ONLY_STATS
2574 && (qual_flags[sig] & QUAL_SIGNAL)) {
2576 #if defined(PT_CR_IPSR) && defined(PT_CR_IIP)
2580 upeek(tcp, PT_CR_IPSR, &psr);
2581 upeek(tcp, PT_CR_IIP, &pc);
2584 pc += (psr >> PSR_RI) & 0x3;
2585 # define PC_FORMAT_STR " @ %lx"
2586 # define PC_FORMAT_ARG , pc
2588 # define PC_FORMAT_STR ""
2589 # define PC_FORMAT_ARG /* nothing */
2592 if (ptrace(PTRACE_GETSIGINFO, pid, 0, (long) &si) == 0) {
2594 printsiginfo(&si, verbose(tcp));
2595 tprintf(" (%s)" PC_FORMAT_STR " ---",
2599 tprintf("--- %s by %s" PC_FORMAT_STR " ---",
2606 goto restart_tracee;
2609 /* We handled quick cases, we are permitted to interrupt now. */
2613 /* This should be syscall entry or exit.
2614 * (Or it still can be that pesky post-execve SIGTRAP!)
2617 if (trace_syscall(tcp) < 0 && !tcp->ptrace_errno) {
2618 /* ptrace() failed in trace_syscall() with ESRCH.
2619 * Likely a result of process disappearing mid-flight.
2620 * Observed case: exit_group() terminating
2621 * all processes in thread group.
2623 if (tcp->flags & TCB_ATTACHED) {
2625 /* Do we have dangling line "syscall(param, param"?
2626 * Finish the line then.
2628 tcp_last->flags |= TCB_REPRINT;
2629 tprints(" <unfinished ...>");
2633 /* We assume that ptrace error was caused by process death.
2634 * We used to detach(tcp) here, but since we no longer
2635 * implement "detach before death" policy/hack,
2636 * we can let this process to report its death to us
2637 * normally, via WIFEXITED or WIFSIGNALED wait status.
2640 /* It's our real child (and we also trace it) */
2641 /* my_tkill(pid, SIGKILL); - why? */
2642 /* droptcb(tcp); - why? */
2646 restart_tracee_with_sig_0:
2649 /* Remember current print column before continuing. */
2650 tcp->curcol = curcol;
2651 if (ptrace_restart(PTRACE_SYSCALL, tcp, sig) < 0) {
2659 #endif /* !USE_PROCFS */
2662 tprintf(const char *fmt, ...)
2666 va_start(args, fmt);
2668 int n = vfprintf(outf, fmt, args);
2671 perror(outfname == NULL
2672 ? "<writing to pipe>" : outfname);
2680 tprints(const char *str)
2683 int n = fputs(str, outf);
2685 curcol += strlen(str);
2689 perror(outfname == NULL
2690 ? "<writing to pipe>" : outfname);
2695 printleader(struct tcb *tcp)
2698 if (tcp_last->ptrace_errno) {
2699 if (tcp_last->flags & TCB_INSYSCALL) {
2700 tprints(" <unavailable>) ");
2703 tprints("= ? <unavailable>\n");
2704 tcp_last->ptrace_errno = 0;
2705 } else if (!outfname || followfork < 2 || tcp_last == tcp) {
2706 tcp_last->flags |= TCB_REPRINT;
2707 tprints(" <unfinished ...>\n");
2711 if ((followfork == 1 || pflag_seen > 1) && outfname)
2712 tprintf("%-5d ", tcp->pid);
2713 else if (nprocs > 1 && !outfname)
2714 tprintf("[pid %5u] ", tcp->pid);
2716 char str[sizeof("HH:MM:SS")];
2717 struct timeval tv, dtv;
2718 static struct timeval otv;
2720 gettimeofday(&tv, NULL);
2722 if (otv.tv_sec == 0)
2724 tv_sub(&dtv, &tv, &otv);
2725 tprintf("%6ld.%06ld ",
2726 (long) dtv.tv_sec, (long) dtv.tv_usec);
2729 else if (tflag > 2) {
2730 tprintf("%ld.%06ld ",
2731 (long) tv.tv_sec, (long) tv.tv_usec);
2734 time_t local = tv.tv_sec;
2735 strftime(str, sizeof(str), "%T", localtime(&local));
2737 tprintf("%s.%06ld ", str, (long) tv.tv_usec);
2739 tprintf("%s ", str);
2749 if (curcol < acolumn)
2750 tprints(acolumn_spaces + curcol);
2760 #ifdef HAVE_MP_PROCFS
2763 mp_ioctl(int fd, int cmd, void *arg, int size)
2765 struct iovec iov[2];
2768 iov[0].iov_base = &cmd;
2769 iov[0].iov_len = sizeof cmd;
2772 iov[1].iov_base = arg;
2773 iov[1].iov_len = size;
2776 return writev(fd, iov, n);
projects / strace / blob