2 * Copyright (c) 1991, 1992 Paul Kranenburg <pk@cs.few.eur.nl>
3 * Copyright (c) 1993 Branko Lankester <branko@hacktic.nl>
4 * Copyright (c) 1993, 1994, 1995, 1996 Rick Sladkey <jrs@world.std.com>
5 * Copyright (c) 1996-1999 Wichert Akkerman <wichert@cistron.nl>
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. The name of the author may not be used to endorse or promote products
17 * derived from this software without specific prior written permission.
19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
20 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
21 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
22 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
23 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
24 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
25 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
26 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
28 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35 #include <sys/types.h>
39 #include <sys/param.h>
41 #include <sys/resource.h>
51 # include <asm/unistd.h>
52 # if defined __NR_tgkill
53 # define my_tgkill(pid, tid, sig) syscall(__NR_tgkill, (pid), (tid), (sig))
54 # elif defined __NR_tkill
55 # define my_tgkill(pid, tid, sig) syscall(__NR_tkill, (tid), (sig))
57 /* kill() may choose arbitrarily the target task of the process group
58 while we later wait on a that specific TID. PID process waits become
59 TID task specific waits for a process under ptrace(2). */
60 # warning "Neither tkill(2) nor tgkill(2) available, risk of strace hangs!"
61 # define my_tgkill(pid, tid, sig) kill((tid), (sig))
65 #if defined(IA64) && defined(LINUX)
66 # include <asm/ptrace_offsets.h>
74 #include <sys/stropts.h>
81 extern char **environ;
86 int debug = 0, followfork = 0;
87 unsigned int ptrace_setoptions = 0;
88 /* Which WSTOPSIG(status) value marks syscall traps? */
89 static unsigned int syscall_trap_sig = SIGTRAP;
90 int dtime = 0, xflag = 0, qflag = 0;
91 cflag_t cflag = CFLAG_NONE;
92 static int iflag = 0, interactive = 0, pflag_seen = 0, rflag = 0, tflag = 0;
94 * daemonized_tracer supports -D option.
95 * With this option, strace forks twice.
96 * Unlike normal case, with -D *grandparent* process exec's,
97 * becoming a traced process. Child exits (this prevents traced process
98 * from having children it doesn't expect to have), and grandchild
99 * attaches to grandparent similarly to strace -p PID.
100 * This allows for more transparent interaction in cases
101 * when process and its parent are communicating via signals,
102 * wait() etc. Without -D, strace process gets lodged in between,
103 * disrupting parent<->child link.
105 static bool daemonized_tracer = 0;
107 /* Sometimes we want to print only succeeding syscalls. */
108 int not_failing_only = 0;
110 /* Show path associated with fd arguments */
111 int show_fd_path = 0;
113 /* are we filtering traces based on paths? */
114 int tracing_paths = 0;
116 static int exit_code = 0;
117 static int strace_child = 0;
118 static int strace_tracer_pid = 0;
120 static char *username = NULL;
121 static uid_t run_uid;
122 static gid_t run_gid;
124 int acolumn = DEFAULT_ACOLUMN;
125 int max_strlen = DEFAULT_STRLEN;
126 static char *outfname = NULL;
129 static struct tcb **tcbtab;
130 static unsigned int nprocs, tcbtabsize;
131 static const char *progname;
133 static int detach(struct tcb *tcp, int sig);
134 static int trace(void);
135 static void cleanup(void);
136 static void interrupt(int sig);
137 static sigset_t empty_set, blocked_set;
139 #ifdef HAVE_SIG_ATOMIC_T
140 static volatile sig_atomic_t interrupted;
141 #else /* !HAVE_SIG_ATOMIC_T */
142 static volatile int interrupted;
143 #endif /* !HAVE_SIG_ATOMIC_T */
147 static struct tcb *pfd2tcb(int pfd);
148 static void reaper(int sig);
149 static void rebuild_pollv(void);
150 static struct pollfd *pollv;
152 #ifndef HAVE_POLLABLE_PROCFS
154 static void proc_poll_open(void);
155 static void proc_poller(int pfd);
163 static int poller_pid;
164 static int proc_poll_pipe[2] = { -1, -1 };
166 #endif /* !HAVE_POLLABLE_PROCFS */
168 #ifdef HAVE_MP_PROCFS
169 #define POLLWANT POLLWRNORM
171 #define POLLWANT POLLPRI
173 #endif /* USE_PROCFS */
176 usage(FILE *ofp, int exitval)
179 usage: strace [-CdDffhiqrtttTvVxxy] [-a column] [-e expr] ... [-o file]\n\
180 [-p pid] ... [-s strsize] [-u username] [-E var=val] ...\n\
181 [-P path] [command [arg ...]]\n\
182 or: strace -c [-D] [-e expr] ... [-O overhead] [-S sortby] [-E var=val] ...\n\
183 [command [arg ...]]\n\
184 -c -- count time, calls, and errors for each syscall and report summary\n\
185 -C -- like -c but also print regular output while processes are running\n\
186 -f -- follow forks, -ff -- with output into separate files\n\
187 -F -- attempt to follow vforks, -h -- print help message\n\
188 -i -- print instruction pointer at time of syscall\n\
189 -q -- suppress messages about attaching, detaching, etc.\n\
190 -r -- print relative timestamp, -t -- absolute timestamp, -tt -- with usecs\n\
191 -T -- print time spent in each syscall, -V -- print version\n\
192 -v -- verbose mode: print unabbreviated argv, stat, termio[s], etc. args\n\
193 -x -- print non-ascii strings in hex, -xx -- print all strings in hex\n\
194 -y -- print paths associated with file descriptor arguments\n\
195 -a column -- alignment COLUMN for printing syscall results (default %d)\n\
196 -e expr -- a qualifying expression: option=[!]all or option=[!]val1[,val2]...\n\
197 options: trace, abbrev, verbose, raw, signal, read, or write\n\
198 -o file -- send trace output to FILE instead of stderr\n\
199 -O overhead -- set overhead for tracing syscalls to OVERHEAD usecs\n\
200 -p pid -- trace process with process id PID, may be repeated\n\
201 -D -- run tracer process as a detached grandchild, not as parent\n\
202 -s strsize -- limit length of print strings to STRSIZE chars (default %d)\n\
203 -S sortby -- sort syscall counts by: time, calls, name, nothing (default %s)\n\
204 -u username -- run command as username handling setuid and/or setgid\n\
205 -E var=val -- put var=val in the environment for command\n\
206 -E var -- remove var from the environment for command\n\
207 -P path -- trace accesses to path\n\
208 " /* this is broken, so don't document it
209 -z -- print only succeeding syscalls\n\
211 , DEFAULT_ACOLUMN, DEFAULT_STRLEN, DEFAULT_SORTBY);
215 static void die(void) __attribute__ ((noreturn));
216 static void die(void)
218 if (strace_tracer_pid == getpid()) {
225 static void verror_msg(int err_no, const char *fmt, va_list p)
228 fprintf(stderr, "%s: ", progname);
229 vfprintf(stderr, fmt, p);
231 fprintf(stderr, ": %s\n", strerror(err_no));
237 void error_msg(const char *fmt, ...)
241 verror_msg(0, fmt, p);
245 void error_msg_and_die(const char *fmt, ...)
249 verror_msg(0, fmt, p);
253 void perror_msg(const char *fmt, ...)
257 verror_msg(errno, fmt, p);
261 void perror_msg_and_die(const char *fmt, ...)
265 verror_msg(errno, fmt, p);
278 /* Glue for systems without a MMU that cannot provide fork() */
280 # define strace_vforked 0
282 # define strace_vforked 1
283 # define fork() vfork()
287 set_cloexec_flag(int fd)
291 flags = fcntl(fd, F_GETFD);
293 /* Can happen only if fd is bad.
294 * Should never happen: if it does, we have a bug
295 * in the caller. Therefore we just abort
296 * instead of propagating the error.
298 perror_msg_and_die("fcntl(%d, F_GETFD)", fd);
301 newflags = flags | FD_CLOEXEC;
302 if (flags == newflags)
305 fcntl(fd, F_SETFD, newflags); /* never fails */
309 * When strace is setuid executable, we have to swap uids
310 * before and after filesystem and process management operations.
316 int euid = geteuid(), uid = getuid();
318 if (euid != uid && setreuid(euid, uid) < 0) {
319 perror_msg_and_die("setreuid");
325 # define fopen_for_output fopen64
327 # define fopen_for_output fopen
331 strace_fopen(const char *path)
336 fp = fopen_for_output(path, "w");
338 perror_msg_and_die("Can't fopen '%s'", path);
340 set_cloexec_flag(fileno(fp));
344 static int popen_pid = 0;
347 # define _PATH_BSHELL "/bin/sh"
351 * We cannot use standard popen(3) here because we have to distinguish
352 * popen child process from other processes we trace, and standard popen(3)
353 * does not export its child's pid.
356 strace_popen(const char *command)
363 perror_msg_and_die("pipe");
365 set_cloexec_flag(fds[1]); /* never fails */
369 perror_msg_and_die("vfork");
371 if (popen_pid == 0) {
376 perror_msg_and_die("dup2");
379 execl(_PATH_BSHELL, "sh", "-c", command, NULL);
380 perror_msg_and_die("Can't execute '%s'", _PATH_BSHELL);
386 fp = fdopen(fds[1], "w");
388 error_msg_and_die("Out of memory");
393 newoutf(struct tcb *tcp)
395 if (outfname && followfork > 1) {
396 char name[520 + sizeof(int) * 3];
397 sprintf(name, "%.512s.%u", outfname, tcp->pid);
398 tcp->outf = strace_fopen(name);
409 * Block user interruptions as we would leave the traced
410 * process stopped (process state T) if we would terminate in
411 * between PTRACE_ATTACH and wait4 () on SIGSTOP.
412 * We rely on cleanup() from this point on.
415 sigprocmask(SIG_BLOCK, &blocked_set, NULL);
417 if (daemonized_tracer) {
422 if (pid) { /* parent */
424 * Wait for grandchild to attach to straced process
425 * (grandparent). Grandchild SIGKILLs us after it attached.
426 * Grandparent's wait() is unblocked by our death,
427 * it proceeds to exec the straced program.
430 _exit(0); /* paranoia */
433 /* We will be the tracer process. Remember our new pid: */
434 strace_tracer_pid = getpid();
437 for (tcbi = 0; tcbi < tcbtabsize; tcbi++) {
439 if (!(tcp->flags & TCB_INUSE) || !(tcp->flags & TCB_ATTACHED))
442 if (tcp->flags & TCB_CLONE_THREAD)
445 /* Reinitialize the output since it may have changed. */
450 if (proc_open(tcp, 1) < 0) {
451 fprintf(stderr, "trouble opening proc file\n");
455 #else /* !USE_PROCFS */
457 if (followfork && !daemonized_tracer) {
458 char procdir[sizeof("/proc/%d/task") + sizeof(int) * 3];
461 sprintf(procdir, "/proc/%d/task", tcp->pid);
462 dir = opendir(procdir);
464 unsigned int ntid = 0, nerr = 0;
467 while ((de = readdir(dir)) != NULL) {
468 if (de->d_fileno == 0)
470 tid = atoi(de->d_name);
474 if (ptrace(PTRACE_ATTACH, tid, (char *) 1, 0) < 0) {
477 fprintf(stderr, "attach to pid %d failed\n", tid);
481 fprintf(stderr, "attach to pid %d succeeded\n", tid);
482 if (tid != tcbtab[tcbi]->pid) {
484 tcp->flags |= TCB_ATTACHED|TCB_CLONE_THREAD;
485 tcbtab[tcbi]->nclone_threads++;
486 tcp->parent = tcbtab[tcbi];
490 sigprocmask(SIG_SETMASK, &empty_set, NULL);
493 sigprocmask(SIG_BLOCK, &blocked_set, NULL);
499 perror("attach: ptrace(PTRACE_ATTACH, ...)");
504 fprintf(stderr, ntid > 1
505 ? "Process %u attached with %u threads - interrupt to quit\n"
506 : "Process %u attached - interrupt to quit\n",
507 tcbtab[tcbi]->pid, ntid);
510 } /* if (opendir worked) */
513 if (ptrace(PTRACE_ATTACH, tcp->pid, (char *) 1, 0) < 0) {
514 perror("attach: ptrace(PTRACE_ATTACH, ...)");
519 fprintf(stderr, "attach to pid %d (main) succeeded\n", tcp->pid);
521 if (daemonized_tracer) {
523 * It is our grandparent we trace, not a -p PID.
524 * Don't want to just detach on exit, so...
526 tcp->flags &= ~TCB_ATTACHED;
528 * Make parent go away.
529 * Also makes grandparent's wait() unblock.
531 kill(getppid(), SIGKILL);
534 #endif /* !USE_PROCFS */
537 "Process %u attached - interrupt to quit\n",
539 } /* for each tcbtab[] */
542 sigprocmask(SIG_SETMASK, &empty_set, NULL);
546 startup_child(char **argv)
549 const char *filename;
550 char pathname[MAXPATHLEN];
555 if (strchr(filename, '/')) {
556 if (strlen(filename) > sizeof pathname - 1) {
557 errno = ENAMETOOLONG;
558 perror_msg_and_die("exec");
560 strcpy(pathname, filename);
562 #ifdef USE_DEBUGGING_EXEC
564 * Debuggers customarily check the current directory
565 * first regardless of the path but doing that gives
566 * security geeks a panic attack.
568 else if (stat(filename, &statbuf) == 0)
569 strcpy(pathname, filename);
570 #endif /* USE_DEBUGGING_EXEC */
575 for (path = getenv("PATH"); path && *path; path += m) {
576 if (strchr(path, ':')) {
577 n = strchr(path, ':') - path;
581 m = n = strlen(path);
583 if (!getcwd(pathname, MAXPATHLEN))
585 len = strlen(pathname);
587 else if (n > sizeof pathname - 1)
590 strncpy(pathname, path, n);
593 if (len && pathname[len - 1] != '/')
594 pathname[len++] = '/';
595 strcpy(pathname + len, filename);
596 if (stat(pathname, &statbuf) == 0 &&
597 /* Accept only regular files
598 with some execute bits set.
599 XXX not perfect, might still fail */
600 S_ISREG(statbuf.st_mode) &&
601 (statbuf.st_mode & 0111))
605 if (stat(pathname, &statbuf) < 0) {
606 perror_msg_and_die("Can't stat '%s'", filename);
608 strace_child = pid = fork();
610 perror_msg_and_die("fork");
612 if ((pid != 0 && daemonized_tracer) /* -D: parent to become a traced process */
613 || (pid == 0 && !daemonized_tracer) /* not -D: child to become a traced process */
617 if (outf != stderr) close(fileno(outf));
619 /* Kludge for SGI, see proc_open for details. */
620 sa.sa_handler = foobar;
622 sigemptyset(&sa.sa_mask);
623 sigaction(SIGINT, &sa, NULL);
628 kill(pid, SIGSTOP); /* stop HERE */
630 #else /* !USE_PROCFS */
634 if (!daemonized_tracer) {
635 if (ptrace(PTRACE_TRACEME, 0, (char *) 1, 0) < 0) {
636 perror_msg_and_die("ptrace(PTRACE_TRACEME, ...)");
642 if (username != NULL || geteuid() == 0) {
643 uid_t run_euid = run_uid;
644 gid_t run_egid = run_gid;
646 if (statbuf.st_mode & S_ISUID)
647 run_euid = statbuf.st_uid;
648 if (statbuf.st_mode & S_ISGID)
649 run_egid = statbuf.st_gid;
652 * It is important to set groups before we
653 * lose privileges on setuid.
655 if (username != NULL) {
656 if (initgroups(username, run_gid) < 0) {
657 perror_msg_and_die("initgroups");
659 if (setregid(run_gid, run_egid) < 0) {
660 perror_msg_and_die("setregid");
662 if (setreuid(run_uid, run_euid) < 0) {
663 perror_msg_and_die("setreuid");
668 setreuid(run_uid, run_uid);
670 if (!daemonized_tracer) {
672 * Induce an immediate stop so that the parent
673 * will resume us with PTRACE_SYSCALL and display
674 * this execve call normally.
675 * Unless of course we're on a no-MMU system where
676 * we vfork()-ed, so we cannot stop the child.
679 kill(getpid(), SIGSTOP);
681 struct sigaction sv_sigchld;
682 sigaction(SIGCHLD, NULL, &sv_sigchld);
684 * Make sure it is not SIG_IGN, otherwise wait
687 signal(SIGCHLD, SIG_DFL);
689 * Wait for grandchild to attach to us.
690 * It kills child after that, and wait() unblocks.
695 sigaction(SIGCHLD, &sv_sigchld, NULL);
697 #endif /* !USE_PROCFS */
699 execv(pathname, argv);
700 perror_msg_and_die("exec");
703 /* We are the tracer. */
704 /* With -D, we are *child* here, IOW: different pid. Fetch it. */
705 strace_tracer_pid = getpid();
707 tcp = alloctcb(daemonized_tracer ? getppid() : pid);
708 if (daemonized_tracer) {
709 /* We want subsequent startup_attach() to attach to it. */
710 tcp->flags |= TCB_ATTACHED;
713 if (proc_open(tcp, 0) < 0) {
714 perror_msg_and_die("trouble opening proc file");
716 #endif /* USE_PROCFS */
721 * Test whether the kernel support PTRACE_O_TRACECLONE et al options.
722 * First fork a new child, call ptrace with PTRACE_SETOPTIONS on it,
723 * and then see which options are supported by the kernel.
726 test_ptrace_setoptions_followfork(void)
728 int pid, expected_grandchild = 0, found_grandchild = 0;
729 const unsigned int test_options = PTRACE_O_TRACECLONE |
733 if ((pid = fork()) < 0)
736 if (ptrace(PTRACE_TRACEME, 0, (char *)1, 0) < 0)
738 kill(getpid(), SIGSTOP);
743 int status, tracee_pid;
745 tracee_pid = wait(&status);
746 if (tracee_pid == -1) {
749 else if (errno == ECHILD)
751 perror("test_ptrace_setoptions_followfork");
754 if (tracee_pid != pid) {
755 found_grandchild = tracee_pid;
756 if (ptrace(PTRACE_CONT, tracee_pid, 0, 0) < 0 &&
758 kill(tracee_pid, SIGKILL);
760 else if (WIFSTOPPED(status)) {
761 switch (WSTOPSIG(status)) {
763 if (ptrace(PTRACE_SETOPTIONS, pid,
764 NULL, test_options) < 0) {
770 if (status >> 16 == PTRACE_EVENT_FORK) {
773 if (ptrace(PTRACE_GETEVENTMSG, pid,
774 NULL, (long) &msg) == 0)
775 expected_grandchild = msg;
779 if (ptrace(PTRACE_SYSCALL, pid, 0, 0) < 0 &&
784 if (expected_grandchild && expected_grandchild == found_grandchild)
785 ptrace_setoptions |= test_options;
790 * Test whether the kernel support PTRACE_O_TRACESYSGOOD.
791 * First fork a new child, call ptrace(PTRACE_SETOPTIONS) on it,
792 * and then see whether it will stop with (SIGTRAP | 0x80).
794 * Use of this option enables correct handling of user-generated SIGTRAPs,
795 * and SIGTRAPs generated by special instructions such as int3 on x86:
796 * _start: .globl _start
801 * (compile with: "gcc -nostartfiles -nostdlib -o int3 int3.S")
804 test_ptrace_setoptions_for_all(void)
806 const unsigned int test_options = PTRACE_O_TRACESYSGOOD | PTRACE_O_TRACEEXEC;
812 perror_msg_and_die("fork");
816 if (ptrace(PTRACE_TRACEME, 0L, 0L, 0L) < 0)
817 /* Note: exits with exitcode 1 */
818 perror_msg_and_die("%s: PTRACE_TRACEME doesn't work", __func__);
820 _exit(0); /* parent should see entry into this syscall */
824 int status, tracee_pid;
827 tracee_pid = wait(&status);
828 if (tracee_pid <= 0) {
832 perror_msg_and_die("%s: unexpected wait result %d", __func__, tracee_pid);
834 if (WIFEXITED(status)) {
835 if (WEXITSTATUS(status) == 0)
837 /* PTRACE_TRACEME failed in child. This is fatal. */
840 if (!WIFSTOPPED(status)) {
842 error_msg_and_die("%s: unexpected wait status %x", __func__, status);
844 if (WSTOPSIG(status) == SIGSTOP) {
846 * We don't check "options aren't accepted" error.
847 * If it happens, we'll never get (SIGTRAP | 0x80),
848 * and thus will decide to not use the option.
849 * IOW: the outcome of the test will be correct.
851 if (ptrace(PTRACE_SETOPTIONS, pid, 0L, test_options) < 0)
853 perror_msg("PTRACE_SETOPTIONS");
855 if (WSTOPSIG(status) == (SIGTRAP | 0x80)) {
858 if (ptrace(PTRACE_SYSCALL, pid, 0L, 0L) < 0) {
860 perror_msg_and_die("PTRACE_SYSCALL doesn't work");
865 syscall_trap_sig = (SIGTRAP | 0x80);
866 ptrace_setoptions |= test_options;
868 fprintf(stderr, "ptrace_setoptions = %#x\n",
874 "Test for PTRACE_O_TRACESYSGOOD failed, giving up using this feature.\n");
879 main(int argc, char *argv[])
886 progname = argv[0] ? argv[0] : "strace";
888 strace_tracer_pid = getpid();
890 /* Allocate the initial tcbtab. */
891 tcbtabsize = argc; /* Surely enough for all -p args. */
892 tcbtab = calloc(tcbtabsize, sizeof(tcbtab[0]));
894 error_msg_and_die("Out of memory");
895 tcp = calloc(tcbtabsize, sizeof(*tcp));
897 error_msg_and_die("Out of memory");
898 for (c = 0; c < tcbtabsize; c++)
903 set_sortby(DEFAULT_SORTBY);
904 set_personality(DEFAULT_PERSONALITY);
905 qualify("trace=all");
906 qualify("abbrev=all");
907 qualify("verbose=all");
908 qualify("signal=all");
909 while ((c = getopt(argc, argv,
914 "a:e:o:O:p:s:S:u:E:P:")) != EOF) {
917 if (cflag == CFLAG_BOTH) {
918 error_msg_and_die("-c and -C are mutually exclusive options");
920 cflag = CFLAG_ONLY_STATS;
923 if (cflag == CFLAG_ONLY_STATS) {
924 error_msg_and_die("-c and -C are mutually exclusive options");
933 daemonized_tracer = 1;
968 qualify("abbrev=none");
971 printf("%s -- version %s\n", PACKAGE_NAME, VERSION);
975 not_failing_only = 1;
978 acolumn = atoi(optarg);
984 outfname = strdup(optarg);
987 set_overhead(atoi(optarg));
990 if ((pid = atoi(optarg)) <= 0) {
991 error_msg("Invalid process id: '%s'", optarg);
994 if (pid == strace_tracer_pid) {
995 error_msg("I'm sorry, I can't let you do that, Dave.");
998 tcp = alloc_tcb(pid, 0);
999 tcp->flags |= TCB_ATTACHED;
1004 if (pathtrace_select(optarg)) {
1005 error_msg_and_die("Failed to select path '%s'", optarg);
1009 max_strlen = atoi(optarg);
1010 if (max_strlen < 0) {
1011 error_msg_and_die("Invalid -s argument: '%s'", optarg);
1018 username = strdup(optarg);
1021 if (putenv(optarg) < 0) {
1022 error_msg_and_die("Out of memory");
1031 if ((optind == argc) == !pflag_seen)
1034 if (pflag_seen && daemonized_tracer) {
1035 error_msg_and_die("-D and -p are mutually exclusive options");
1041 if (followfork > 1 && cflag) {
1042 error_msg_and_die("(-c or -C) and -ff are mutually exclusive options");
1045 /* See if they want to run as another user. */
1046 if (username != NULL) {
1047 struct passwd *pent;
1049 if (getuid() != 0 || geteuid() != 0) {
1050 error_msg_and_die("You must be root to use the -u option");
1052 if ((pent = getpwnam(username)) == NULL) {
1053 error_msg_and_die("Cannot find user '%s'", username);
1055 run_uid = pent->pw_uid;
1056 run_gid = pent->pw_gid;
1065 if (test_ptrace_setoptions_followfork() < 0) {
1067 "Test for options supported by PTRACE_SETOPTIONS "
1068 "failed, giving up using this feature.\n");
1069 ptrace_setoptions = 0;
1072 fprintf(stderr, "ptrace_setoptions = %#x\n",
1075 test_ptrace_setoptions_for_all();
1078 /* Check if they want to redirect the output. */
1080 /* See if they want to pipe the output. */
1081 if (outfname[0] == '|' || outfname[0] == '!') {
1083 * We can't do the <outfname>.PID funny business
1084 * when using popen, so prohibit it.
1087 error_msg_and_die("Piping the output and -ff are mutually exclusive");
1088 outf = strace_popen(outfname + 1);
1090 else if (followfork <= 1)
1091 outf = strace_fopen(outfname);
1094 if (!outfname || outfname[0] == '|' || outfname[0] == '!') {
1095 static char buf[BUFSIZ];
1096 setvbuf(outf, buf, _IOLBF, BUFSIZ);
1098 if (outfname && optind < argc) {
1103 /* Valid states here:
1104 optind < argc pflag_seen outfname interactive
1111 /* STARTUP_CHILD must be called before the signal handlers get
1112 installed below as they are inherited into the spawned process.
1113 Also we do not need to be protected by them as during interruption
1114 in the STARTUP_CHILD mode we kill the spawned process anyway. */
1116 startup_child(&argv[optind]);
1118 sigemptyset(&empty_set);
1119 sigemptyset(&blocked_set);
1120 sa.sa_handler = SIG_IGN;
1121 sigemptyset(&sa.sa_mask);
1123 sigaction(SIGTTOU, &sa, NULL);
1124 sigaction(SIGTTIN, &sa, NULL);
1126 sigaddset(&blocked_set, SIGHUP);
1127 sigaddset(&blocked_set, SIGINT);
1128 sigaddset(&blocked_set, SIGQUIT);
1129 sigaddset(&blocked_set, SIGPIPE);
1130 sigaddset(&blocked_set, SIGTERM);
1131 sa.sa_handler = interrupt;
1133 /* POSIX signals on sunos4.1 are a little broken. */
1134 sa.sa_flags = SA_INTERRUPT;
1137 sigaction(SIGHUP, &sa, NULL);
1138 sigaction(SIGINT, &sa, NULL);
1139 sigaction(SIGQUIT, &sa, NULL);
1140 sigaction(SIGPIPE, &sa, NULL);
1141 sigaction(SIGTERM, &sa, NULL);
1143 sa.sa_handler = reaper;
1144 sigaction(SIGCHLD, &sa, NULL);
1146 /* Make sure SIGCHLD has the default action so that waitpid
1147 definitely works without losing track of children. The user
1148 should not have given us a bogus state to inherit, but he might
1149 have. Arguably we should detect SIG_IGN here and pass it on
1150 to children, but probably noone really needs that. */
1151 sa.sa_handler = SIG_DFL;
1152 sigaction(SIGCHLD, &sa, NULL);
1153 #endif /* USE_PROCFS */
1155 if (pflag_seen || daemonized_tracer)
1162 if (exit_code > 0xff) {
1163 /* Child was killed by a signal, mimic that. */
1165 signal(exit_code, SIG_DFL);
1167 /* Paranoia - what if this signal is not fatal?
1168 Exit with 128 + signo then. */
1177 /* Allocate some more TCBs and expand the table.
1178 We don't want to relocate the TCBs because our
1179 callers have pointers and it would be a pain.
1180 So tcbtab is a table of pointers. Since we never
1181 free the TCBs, we allocate a single chunk of many. */
1183 struct tcb *newtcbs = calloc(tcbtabsize, sizeof(newtcbs[0]));
1184 struct tcb **newtab = realloc(tcbtab, tcbtabsize * 2 * sizeof(tcbtab[0]));
1185 if (newtab == NULL || newtcbs == NULL)
1186 error_msg_and_die("expand_tcbtab: out of memory");
1189 while (i < tcbtabsize)
1190 tcbtab[i++] = newtcbs++;
1194 alloc_tcb(int pid, int command_options_parsed)
1199 if (nprocs == tcbtabsize)
1202 for (i = 0; i < tcbtabsize; i++) {
1204 if ((tcp->flags & TCB_INUSE) == 0) {
1205 memset(tcp, 0, sizeof(*tcp));
1207 tcp->flags = TCB_INUSE | TCB_STARTUP;
1208 tcp->outf = outf; /* Initialise to current out file */
1212 fprintf(stderr, "new tcb for pid %d, active tcbs:%d\n", tcp->pid, nprocs);
1213 if (command_options_parsed)
1218 error_msg_and_die("bug in alloc_tcb");
1223 proc_open(struct tcb *tcp, int attaching)
1233 #ifndef HAVE_POLLABLE_PROCFS
1234 static int last_pfd;
1237 #ifdef HAVE_MP_PROCFS
1238 /* Open the process pseudo-files in /proc. */
1239 sprintf(proc, "/proc/%d/ctl", tcp->pid);
1240 if ((tcp->pfd = open(proc, O_WRONLY|O_EXCL)) < 0) {
1241 perror("strace: open(\"/proc/...\", ...)");
1244 set_cloexec_flag(tcp->pfd);
1245 sprintf(proc, "/proc/%d/status", tcp->pid);
1246 if ((tcp->pfd_stat = open(proc, O_RDONLY|O_EXCL)) < 0) {
1247 perror("strace: open(\"/proc/...\", ...)");
1250 set_cloexec_flag(tcp->pfd_stat);
1251 sprintf(proc, "/proc/%d/as", tcp->pid);
1252 if ((tcp->pfd_as = open(proc, O_RDONLY|O_EXCL)) < 0) {
1253 perror("strace: open(\"/proc/...\", ...)");
1256 set_cloexec_flag(tcp->pfd_as);
1258 /* Open the process pseudo-file in /proc. */
1260 sprintf(proc, "/proc/%d", tcp->pid);
1261 tcp->pfd = open(proc, O_RDWR|O_EXCL);
1263 sprintf(proc, "/proc/%d/mem", tcp->pid);
1264 tcp->pfd = open(proc, O_RDWR);
1265 #endif /* FREEBSD */
1267 perror("strace: open(\"/proc/...\", ...)");
1270 set_cloexec_flag(tcp->pfd);
1273 sprintf(proc, "/proc/%d/regs", tcp->pid);
1274 if ((tcp->pfd_reg = open(proc, O_RDONLY)) < 0) {
1275 perror("strace: open(\"/proc/.../regs\", ...)");
1279 sprintf(proc, "/proc/%d/status", tcp->pid);
1280 if ((tcp->pfd_status = open(proc, O_RDONLY)) < 0) {
1281 perror("strace: open(\"/proc/.../status\", ...)");
1285 tcp->pfd_status = -1;
1286 #endif /* FREEBSD */
1290 * Wait for the child to pause. Because of a race
1291 * condition we have to poll for the event.
1294 if (IOCTL_STATUS(tcp) < 0) {
1295 perror("strace: PIOCSTATUS");
1298 if (tcp->status.PR_FLAGS & PR_ASLEEP)
1303 /* Stop the process so that we own the stop. */
1304 if (IOCTL(tcp->pfd, PIOCSTOP, (char *)NULL) < 0) {
1305 perror("strace: PIOCSTOP");
1310 /* Set Run-on-Last-Close. */
1312 if (IOCTL(tcp->pfd, PIOCSET, &arg) < 0) {
1313 perror("PIOCSET PR_RLC");
1316 /* Set or Reset Inherit-on-Fork. */
1318 if (IOCTL(tcp->pfd, followfork ? PIOCSET : PIOCRESET, &arg) < 0) {
1319 perror("PIOC{SET,RESET} PR_FORK");
1322 #else /* !PIOCSET */
1324 if (ioctl(tcp->pfd, PIOCSRLC) < 0) {
1328 if (ioctl(tcp->pfd, followfork ? PIOCSFORK : PIOCRFORK) < 0) {
1329 perror("PIOC{S,R}FORK");
1333 /* just unset the PF_LINGER flag for the Run-on-Last-Close. */
1334 if (ioctl(tcp->pfd, PIOCGFL, &arg) < 0) {
1339 if (ioctl(tcp->pfd, PIOCSFL, arg) < 0) {
1343 #endif /* FREEBSD */
1344 #endif /* !PIOCSET */
1346 /* Enable all syscall entries we care about. */
1347 premptyset(&syscalls);
1348 for (i = 1; i < MAX_QUALS; ++i) {
1349 if (i > (sizeof syscalls) * CHAR_BIT) break;
1350 if (qual_flags[i] & QUAL_TRACE) praddset(&syscalls, i);
1352 praddset(&syscalls, SYS_execve);
1354 praddset(&syscalls, SYS_fork);
1356 praddset(&syscalls, SYS_forkall);
1359 praddset(&syscalls, SYS_fork1);
1362 praddset(&syscalls, SYS_rfork1);
1365 praddset(&syscalls, SYS_rforkall);
1368 if (IOCTL(tcp->pfd, PIOCSENTRY, &syscalls) < 0) {
1369 perror("PIOCSENTRY");
1372 /* Enable the syscall exits. */
1373 if (IOCTL(tcp->pfd, PIOCSEXIT, &syscalls) < 0) {
1377 /* Enable signals we care about. */
1378 premptyset(&signals);
1379 for (i = 1; i < MAX_QUALS; ++i) {
1380 if (i > (sizeof signals) * CHAR_BIT) break;
1381 if (qual_flags[i] & QUAL_SIGNAL) praddset(&signals, i);
1383 if (IOCTL(tcp->pfd, PIOCSTRACE, &signals) < 0) {
1384 perror("PIOCSTRACE");
1387 /* Enable faults we care about */
1388 premptyset(&faults);
1389 for (i = 1; i < MAX_QUALS; ++i) {
1390 if (i > (sizeof faults) * CHAR_BIT) break;
1391 if (qual_flags[i] & QUAL_FAULT) praddset(&faults, i);
1393 if (IOCTL(tcp->pfd, PIOCSFAULT, &faults) < 0) {
1394 perror("PIOCSFAULT");
1398 /* set events flags. */
1399 arg = S_SIG | S_SCE | S_SCX;
1400 if (ioctl(tcp->pfd, PIOCBIS, arg) < 0) {
1404 #endif /* FREEBSD */
1408 * The SGI PRSABORT doesn't work for pause() so
1409 * we send it a caught signal to wake it up.
1411 kill(tcp->pid, SIGINT);
1414 /* The child is in a pause(), abort it. */
1416 if (IOCTL(tcp->pfd, PIOCRUN, &arg) < 0) {
1423 /* wake up the child if it received the SIGSTOP */
1424 kill(tcp->pid, SIGCONT);
1427 /* Wait for the child to do something. */
1428 if (IOCTL_WSTOP(tcp) < 0) {
1429 perror("PIOCWSTOP");
1432 if (tcp->status.PR_WHY == PR_SYSENTRY) {
1433 tcp->flags &= ~TCB_INSYSCALL;
1435 if (known_scno(tcp) == SYS_execve)
1438 /* Set it running: maybe execve will be next. */
1441 if (IOCTL(tcp->pfd, PIOCRUN, &arg) < 0) {
1443 if (IOCTL(tcp->pfd, PIOCRUN, 0) < 0) {
1444 #endif /* FREEBSD */
1449 /* handle the case where we "opened" the child before
1450 it did the kill -STOP */
1451 if (tcp->status.PR_WHY == PR_SIGNALLED &&
1452 tcp->status.PR_WHAT == SIGSTOP)
1453 kill(tcp->pid, SIGCONT);
1460 if (attaching < 2) {
1461 /* We are attaching to an already running process.
1462 * Try to figure out the state of the process in syscalls,
1463 * to handle the first event well.
1464 * This is done by having a look at the "wchan" property of the
1465 * process, which tells where it is stopped (if it is). */
1467 char wchan[20]; /* should be enough */
1469 sprintf(proc, "/proc/%d/status", tcp->pid);
1470 status = fopen(proc, "r");
1472 (fscanf(status, "%*s %*d %*d %*d %*d %*d,%*d %*s %*d,%*d"
1473 "%*d,%*d %*d,%*d %19s", wchan) == 1) &&
1474 strcmp(wchan, "nochan") && strcmp(wchan, "spread") &&
1475 strcmp(wchan, "stopevent")) {
1476 /* The process is asleep in the middle of a syscall.
1477 Fake the syscall entry event */
1478 tcp->flags &= ~(TCB_INSYSCALL|TCB_STARTUP);
1479 tcp->status.PR_WHY = PR_SYSENTRY;
1484 } /* otherwise it's a fork being followed */
1486 #endif /* FREEBSD */
1487 #ifndef HAVE_POLLABLE_PROCFS
1488 if (proc_poll_pipe[0] != -1)
1489 proc_poller(tcp->pfd);
1490 else if (nprocs > 1) {
1492 proc_poller(last_pfd);
1493 proc_poller(tcp->pfd);
1495 last_pfd = tcp->pfd;
1496 #endif /* !HAVE_POLLABLE_PROCFS */
1500 #endif /* USE_PROCFS */
1510 for (i = 0; i < tcbtabsize; i++) {
1511 struct tcb *tcp = tcbtab[i];
1512 if (tcp->pid == pid && (tcp->flags & TCB_INUSE))
1522 first_used_tcb(void)
1526 for (i = 0; i < tcbtabsize; i++) {
1528 if (tcp->flags & TCB_INUSE)
1539 for (i = 0; i < tcbtabsize; i++) {
1540 struct tcb *tcp = tcbtab[i];
1541 if (tcp->pfd != pfd)
1543 if (tcp->flags & TCB_INUSE)
1549 #endif /* USE_PROCFS */
1552 droptcb(struct tcb *tcp)
1556 #ifdef TCB_CLONE_THREAD
1557 if (tcp->nclone_threads > 0) {
1558 /* There are other threads left in this process, but this
1559 is the one whose PID represents the whole process.
1560 We need to keep this record around as a zombie until
1561 all the threads die. */
1562 tcp->flags |= TCB_EXITING;
1568 fprintf(stderr, "dropped tcb for pid %d, %d remain\n", tcp->pid, nprocs);
1571 if (tcp->parent != NULL) {
1572 #ifdef TCB_CLONE_THREAD
1573 if (tcp->flags & TCB_CLONE_THREAD)
1574 tcp->parent->nclone_threads--;
1577 /* Update fields like NCLONE_DETACHED, only
1578 for zombie group leader that has already reported
1579 and been short-circuited at the top of this
1580 function. The same condition as at the top of DETACH. */
1581 if ((tcp->flags & TCB_CLONE_THREAD) &&
1582 tcp->parent->nclone_threads == 0 &&
1583 (tcp->parent->flags & TCB_EXITING))
1584 droptcb(tcp->parent);
1590 if (tcp->pfd != -1) {
1594 if (tcp->pfd_reg != -1) {
1595 close(tcp->pfd_reg);
1598 if (tcp->pfd_status != -1) {
1599 close(tcp->pfd_status);
1600 tcp->pfd_status = -1;
1602 #endif /* !FREEBSD */
1604 rebuild_pollv(); /* Note, flags needs to be cleared by now. */
1608 if (outfname && followfork > 1 && tcp->outf)
1614 /* detach traced process; continue with sig
1615 Never call DETACH twice on the same process as both unattached and
1616 attached-unstopped processes give the same ESRCH. For unattached process we
1617 would SIGSTOP it and wait for its SIGSTOP notification forever. */
1620 detach(struct tcb *tcp, int sig)
1624 int status, catch_sigstop;
1625 struct tcb *zombie = NULL;
1627 /* If the group leader is lingering only because of this other
1628 thread now dying, then detach the leader as well. */
1629 if ((tcp->flags & TCB_CLONE_THREAD) &&
1630 tcp->parent->nclone_threads == 1 &&
1631 (tcp->parent->flags & TCB_EXITING))
1632 zombie = tcp->parent;
1635 if (tcp->flags & TCB_BPTSET)
1640 * Linux wrongly insists the child be stopped
1641 * before detaching. Arghh. We go through hoops
1642 * to make a clean break of things.
1645 #undef PTRACE_DETACH
1646 #define PTRACE_DETACH PTRACE_SUNDETACH
1649 * On TCB_STARTUP we did PTRACE_ATTACH but still did not get the
1650 * expected SIGSTOP. We must catch exactly one as otherwise the
1651 * detached process would be left stopped (process state T).
1653 catch_sigstop = (tcp->flags & TCB_STARTUP);
1654 if ((error = ptrace(PTRACE_DETACH, tcp->pid, (char *) 1, sig)) == 0) {
1655 /* On a clear day, you can see forever. */
1657 else if (errno != ESRCH) {
1658 /* Shouldn't happen. */
1659 perror("detach: ptrace(PTRACE_DETACH, ...)");
1661 else if (my_tgkill((tcp->flags & TCB_CLONE_THREAD ? tcp->parent->pid
1665 perror("detach: checking sanity");
1667 else if (!catch_sigstop && my_tgkill((tcp->flags & TCB_CLONE_THREAD
1668 ? tcp->parent->pid : tcp->pid),
1669 tcp->pid, SIGSTOP) < 0) {
1671 perror("detach: stopping child");
1675 if (catch_sigstop) {
1678 if (wait4(tcp->pid, &status, __WALL, NULL) < 0) {
1679 if (errno == ECHILD) /* Already gone. */
1681 if (errno != EINVAL) {
1682 perror("detach: waiting");
1686 /* No __WALL here. */
1687 if (waitpid(tcp->pid, &status, 0) < 0) {
1688 if (errno != ECHILD) {
1689 perror("detach: waiting");
1693 /* If no processes, try clones. */
1694 if (wait4(tcp->pid, &status, __WCLONE,
1696 if (errno != ECHILD)
1697 perror("detach: waiting");
1700 #endif /* __WCLONE */
1705 if (!WIFSTOPPED(status)) {
1706 /* Au revoir, mon ami. */
1709 if (WSTOPSIG(status) == SIGSTOP) {
1710 ptrace_restart(PTRACE_DETACH, tcp, sig);
1713 error = ptrace_restart(PTRACE_CONT, tcp,
1714 WSTOPSIG(status) == syscall_trap_sig ? 0
1715 : WSTOPSIG(status));
1723 /* PTRACE_DETACH won't respect `sig' argument, so we post it here. */
1724 if (sig && kill(tcp->pid, sig) < 0)
1725 perror("detach: kill");
1727 error = ptrace_restart(PTRACE_DETACH, tcp, sig);
1731 fprintf(stderr, "Process %u detached\n", tcp->pid);
1736 if (zombie != NULL) {
1737 /* TCP no longer exists therefore you must not detach() it. */
1747 static void reaper(int sig)
1752 while ((pid = waitpid(-1, &status, WNOHANG)) > 0) {
1756 #endif /* USE_PROCFS */
1764 for (i = 0; i < tcbtabsize; i++) {
1766 if (!(tcp->flags & TCB_INUSE))
1770 "cleanup: looking at pid %u\n", tcp->pid);
1772 (!outfname || followfork < 2 || tcp_last == tcp)) {
1773 tprintf(" <unfinished ...>");
1776 if (tcp->flags & TCB_ATTACHED)
1779 kill(tcp->pid, SIGCONT);
1780 kill(tcp->pid, SIGTERM);
1793 #ifndef HAVE_STRERROR
1795 #if !HAVE_DECL_SYS_ERRLIST
1796 extern int sys_nerr;
1797 extern char *sys_errlist[];
1798 #endif /* HAVE_DECL_SYS_ERRLIST */
1801 strerror(int err_no)
1803 static char buf[64];
1805 if (err_no < 1 || err_no >= sys_nerr) {
1806 sprintf(buf, "Unknown error %d", err_no);
1809 return sys_errlist[err_no];
1812 #endif /* HAVE_STERRROR */
1814 #ifndef HAVE_STRSIGNAL
1816 #if defined HAVE_SYS_SIGLIST && !defined HAVE_DECL_SYS_SIGLIST
1817 extern char *sys_siglist[];
1819 #if defined HAVE_SYS__SIGLIST && !defined HAVE_DECL__SYS_SIGLIST
1820 extern char *_sys_siglist[];
1826 static char buf[64];
1828 if (sig < 1 || sig >= NSIG) {
1829 sprintf(buf, "Unknown signal %d", sig);
1832 #ifdef HAVE__SYS_SIGLIST
1833 return _sys_siglist[sig];
1835 return sys_siglist[sig];
1839 #endif /* HAVE_STRSIGNAL */
1850 pollv = (struct pollfd *) malloc(nprocs * sizeof pollv[0]);
1851 if (pollv == NULL) {
1852 error_msg_and_die("Out of memory");
1855 for (i = j = 0; i < tcbtabsize; i++) {
1856 struct tcb *tcp = tcbtab[i];
1857 if (!(tcp->flags & TCB_INUSE))
1859 pollv[j].fd = tcp->pfd;
1860 pollv[j].events = POLLWANT;
1864 error_msg_and_die("proc miscount");
1868 #ifndef HAVE_POLLABLE_PROCFS
1871 proc_poll_open(void)
1875 if (pipe(proc_poll_pipe) < 0) {
1876 perror_msg_and_die("pipe");
1878 for (i = 0; i < 2; i++) {
1879 set_cloexec_flag(proc_poll_pipe[i]);
1884 proc_poll(struct pollfd *pollv, int nfds, int timeout)
1888 struct proc_pollfd pollinfo;
1890 if ((n = read(proc_poll_pipe[0], &pollinfo, sizeof(pollinfo))) < 0)
1892 if (n != sizeof(struct proc_pollfd)) {
1893 error_msg_and_die("panic: short read: %d", n);
1895 for (i = 0; i < nprocs; i++) {
1896 if (pollv[i].fd == pollinfo.fd)
1897 pollv[i].revents = pollinfo.revents;
1899 pollv[i].revents = 0;
1901 poller_pid = pollinfo.pid;
1906 wakeup_handler(int sig)
1911 proc_poller(int pfd)
1913 struct proc_pollfd pollinfo;
1914 struct sigaction sa;
1915 sigset_t blocked_set, empty_set;
1920 struct procfs_status pfs;
1921 #endif /* FREEBSD */
1925 perror_msg_and_die("fork");
1932 sa.sa_handler = interactive ? SIG_DFL : SIG_IGN;
1934 sigemptyset(&sa.sa_mask);
1935 sigaction(SIGHUP, &sa, NULL);
1936 sigaction(SIGINT, &sa, NULL);
1937 sigaction(SIGQUIT, &sa, NULL);
1938 sigaction(SIGPIPE, &sa, NULL);
1939 sigaction(SIGTERM, &sa, NULL);
1940 sa.sa_handler = wakeup_handler;
1941 sigaction(SIGUSR1, &sa, NULL);
1942 sigemptyset(&blocked_set);
1943 sigaddset(&blocked_set, SIGUSR1);
1944 sigprocmask(SIG_BLOCK, &blocked_set, NULL);
1945 sigemptyset(&empty_set);
1947 if (getrlimit(RLIMIT_NOFILE, &rl) < 0) {
1948 perror_msg_and_die("getrlimit(RLIMIT_NOFILE, ...)");
1951 for (i = 0; i < n; i++) {
1952 if (i != pfd && i != proc_poll_pipe[1])
1957 pollinfo.pid = getpid();
1960 if (ioctl(pfd, PIOCWSTOP, NULL) < 0)
1962 if (ioctl(pfd, PIOCWSTOP, &pfs) < 0)
1969 pollinfo.revents = POLLERR;
1972 pollinfo.revents = POLLHUP;
1975 perror("proc_poller: PIOCWSTOP");
1977 write(proc_poll_pipe[1], &pollinfo, sizeof(pollinfo));
1980 pollinfo.revents = POLLWANT;
1981 write(proc_poll_pipe[1], &pollinfo, sizeof(pollinfo));
1982 sigsuspend(&empty_set);
1986 #endif /* !HAVE_POLLABLE_PROCFS */
1996 if (followfork < 2 &&
1997 last < nprocs && (pollv[last].revents & POLLWANT)) {
1999 * The previous process is ready to run again. We'll
2000 * let it do so if it is currently in a syscall. This
2001 * heuristic improves the readability of the trace.
2003 tcp = pfd2tcb(pollv[last].fd);
2004 if (tcp && (tcp->flags & TCB_INSYSCALL))
2005 return pollv[last].fd;
2008 for (i = 0; i < nprocs; i++) {
2009 /* Let competing children run round robin. */
2010 j = (i + last + 1) % nprocs;
2011 if (pollv[j].revents & (POLLHUP | POLLERR)) {
2012 tcp = pfd2tcb(pollv[j].fd);
2014 error_msg_and_die("lost proc");
2019 if (pollv[j].revents & POLLWANT) {
2024 error_msg_and_die("nothing ready");
2031 struct tcb *in_syscall = NULL;
2036 int ioctl_result = 0, ioctl_errno = 0;
2041 sigprocmask(SIG_SETMASK, &empty_set, NULL);
2048 #ifndef HAVE_POLLABLE_PROCFS
2049 if (proc_poll_pipe[0] == -1) {
2051 tcp = first_used_tcb();
2058 #ifndef HAVE_POLLABLE_PROCFS
2060 /* fall through ... */
2061 #endif /* !HAVE_POLLABLE_PROCFS */
2063 #ifdef HAVE_POLLABLE_PROCFS
2065 /* On some systems (e.g. UnixWare) we get too much ugly
2066 "unfinished..." stuff when multiple proceses are in
2067 syscalls. Here's a nasty hack */
2074 pv.events = POLLWANT;
2075 if ((what = poll(&pv, 1, 1)) < 0) {
2080 else if (what == 1 && pv.revents & POLLWANT) {
2086 if (poll(pollv, nprocs, INFTIM) < 0) {
2091 #else /* !HAVE_POLLABLE_PROCFS */
2092 if (proc_poll(pollv, nprocs, INFTIM) < 0) {
2097 #endif /* !HAVE_POLLABLE_PROCFS */
2104 /* Look up `pfd' in our table. */
2105 if ((tcp = pfd2tcb(pfd)) == NULL) {
2106 error_msg_and_die("unknown pfd: %u", pfd);
2111 /* Get the status of the process. */
2114 ioctl_result = IOCTL_WSTOP(tcp);
2116 /* Thanks to some scheduling mystery, the first poller
2117 sometimes waits for the already processed end of fork
2118 event. Doing a non blocking poll here solves the problem. */
2119 if (proc_poll_pipe[0] != -1)
2120 ioctl_result = IOCTL_STATUS(tcp);
2122 ioctl_result = IOCTL_WSTOP(tcp);
2123 #endif /* FREEBSD */
2124 ioctl_errno = errno;
2125 #ifndef HAVE_POLLABLE_PROCFS
2126 if (proc_poll_pipe[0] != -1) {
2127 if (ioctl_result < 0)
2128 kill(poller_pid, SIGKILL);
2130 kill(poller_pid, SIGUSR1);
2132 #endif /* !HAVE_POLLABLE_PROCFS */
2138 sigprocmask(SIG_BLOCK, &blocked_set, NULL);
2140 if (ioctl_result < 0) {
2141 /* Find out what happened if it failed. */
2142 switch (ioctl_errno) {
2153 perror_msg_and_die("PIOCWSTOP");
2158 if ((tcp->flags & TCB_STARTUP) && (tcp->status.PR_WHY == PR_SYSEXIT)) {
2159 /* discard first event for a syscall we never entered */
2160 IOCTL(tcp->pfd, PIOCRUN, 0);
2165 /* clear the just started flag */
2166 tcp->flags &= ~TCB_STARTUP;
2168 /* set current output file */
2170 curcol = tcp->curcol;
2173 struct timeval stime;
2178 if ((len = pread(tcp->pfd_status, buf, sizeof(buf) - 1, 0)) > 0) {
2181 "%*s %*d %*d %*d %*d %*d,%*d %*s %*d,%*d %*d,%*d %ld,%ld",
2182 &stime.tv_sec, &stime.tv_usec);
2184 stime.tv_sec = stime.tv_usec = 0;
2185 #else /* !FREEBSD */
2186 stime.tv_sec = tcp->status.pr_stime.tv_sec;
2187 stime.tv_usec = tcp->status.pr_stime.tv_nsec/1000;
2188 #endif /* !FREEBSD */
2189 tv_sub(&tcp->dtime, &stime, &tcp->stime);
2192 what = tcp->status.PR_WHAT;
2193 switch (tcp->status.PR_WHY) {
2196 if (tcp->status.PR_FLAGS & PR_ASLEEP) {
2197 tcp->status.PR_WHY = PR_SYSENTRY;
2198 if (trace_syscall(tcp) < 0) {
2199 error_msg_and_die("syscall trouble");
2203 #endif /* !FREEBSD */
2209 if (trace_syscall(tcp) < 0) {
2210 error_msg_and_die("syscall trouble");
2214 if (cflag != CFLAG_ONLY_STATS
2215 && (qual_flags[what] & QUAL_SIGNAL)) {
2217 tprintf("--- %s (%s) ---",
2218 signame(what), strsignal(what));
2221 if (tcp->status.PR_INFO.si_signo == what) {
2223 tprintf(" siginfo=");
2224 printsiginfo(&tcp->status.PR_INFO, 1);
2231 if (cflag != CFLAGS_ONLY_STATS
2232 && (qual_flags[what] & QUAL_FAULT)) {
2234 tprintf("=== FAULT %d ===", what);
2239 case 0: /* handle case we polled for nothing */
2243 error_msg_and_die("odd stop %d", tcp->status.PR_WHY);
2246 /* Remember current print column before continuing. */
2247 tcp->curcol = curcol;
2250 if (IOCTL(tcp->pfd, PIOCRUN, &arg) < 0)
2252 if (IOCTL(tcp->pfd, PIOCRUN, 0) < 0)
2255 perror_msg_and_die("PIOCRUN");
2261 #else /* !USE_PROCFS */
2263 #ifdef TCB_GROUP_EXITING
2264 /* Handle an exit detach or death signal that is taking all the
2265 related clone threads with it. This is called in three circumstances:
2266 SIG == -1 TCP has already died (TCB_ATTACHED is clear, strace is parent).
2267 SIG == 0 Continuing TCP will perform an exit_group syscall.
2268 SIG == other Continuing TCP with SIG will kill the process.
2271 handle_group_exit(struct tcb *tcp, int sig)
2273 /* We need to locate our records of all the clone threads
2274 related to TCP, either its children or siblings. */
2275 struct tcb *leader = NULL;
2277 if (tcp->flags & TCB_CLONE_THREAD)
2278 leader = tcp->parent;
2281 if (leader != NULL && leader != tcp
2282 && !(leader->flags & TCB_GROUP_EXITING)
2283 && !(tcp->flags & TCB_STARTUP)
2286 "PANIC: handle_group_exit: %d leader %d\n",
2287 tcp->pid, leader ? leader->pid : -1);
2289 /* TCP no longer exists therefore you must not detach() it. */
2290 droptcb(tcp); /* Already died. */
2293 /* Mark that we are taking the process down. */
2294 tcp->flags |= TCB_EXITING | TCB_GROUP_EXITING;
2295 if (tcp->flags & TCB_ATTACHED) {
2297 if (leader != NULL && leader != tcp)
2298 leader->flags |= TCB_GROUP_EXITING;
2300 if (ptrace_restart(PTRACE_CONT, tcp, sig) < 0) {
2304 if (leader != NULL) {
2305 leader->flags |= TCB_GROUP_EXITING;
2309 /* The leader will report to us as parent now,
2310 and then we'll get to the SIG==-1 case. */
2321 handle_ptrace_event(int status, struct tcb *tcp)
2323 if (status >> 16 == PTRACE_EVENT_VFORK ||
2324 status >> 16 == PTRACE_EVENT_CLONE ||
2325 status >> 16 == PTRACE_EVENT_FORK) {
2328 if (do_ptrace(PTRACE_GETEVENTMSG, tcp, NULL, &childpid) < 0) {
2329 if (errno != ESRCH) {
2330 error_msg_and_die("Cannot get new child's pid");
2334 return handle_new_child(tcp, childpid, 0);
2336 if (status >> 16 == PTRACE_EVENT_EXEC) {
2339 /* Some PTRACE_EVENT_foo we didn't ask for?! */
2340 error_msg("Unexpected status %x on pid %d", status, tcp->pid);
2354 struct rusage *rup = cflag ? &ru : NULL;
2356 static int wait4_options = __WALL;
2360 while (nprocs != 0) {
2364 sigprocmask(SIG_SETMASK, &empty_set, NULL);
2367 pid = wait4(-1, &status, wait4_options, rup);
2368 if (pid < 0 && (wait4_options & __WALL) && errno == EINVAL) {
2369 /* this kernel does not support __WALL */
2370 wait4_options &= ~__WALL;
2371 pid = wait4(-1, &status, wait4_options, rup);
2373 if (pid < 0 && !(wait4_options & __WALL) && errno == ECHILD) {
2374 /* most likely a "cloned" process */
2375 pid = wait4(-1, &status, __WCLONE, rup);
2377 perror_msg("wait4(__WCLONE) failed");
2381 pid = wait4(-1, &status, 0, rup);
2382 # endif /* __WALL */
2385 pid = wait(&status);
2389 sigprocmask(SIG_BLOCK, &blocked_set, NULL);
2392 switch (wait_errno) {
2397 * We would like to verify this case
2398 * but sometimes a race in Solbourne's
2399 * version of SunOS sometimes reports
2400 * ECHILD before sending us SIGCHILD.
2405 perror("strace: wait");
2409 if (pid == popen_pid) {
2410 if (WIFEXITED(status) || WIFSIGNALED(status))
2415 char buf[sizeof("WIFEXITED,exitcode=%u") + sizeof(int)*3 /*paranoia:*/ + 16];
2417 unsigned ev = (unsigned)status >> 16;
2419 static const char *const event_names[] = {
2420 [PTRACE_EVENT_CLONE] = "CLONE",
2421 [PTRACE_EVENT_FORK] = "FORK",
2422 [PTRACE_EVENT_VFORK] = "VFORK",
2423 [PTRACE_EVENT_VFORK_DONE] = "VFORK_DONE",
2424 [PTRACE_EVENT_EXEC] = "EXEC",
2425 [PTRACE_EVENT_EXIT] = "EXIT",
2428 if (ev < ARRAY_SIZE(event_names))
2429 e = event_names[ev];
2431 sprintf(buf, "?? (%u)", ev);
2434 fprintf(stderr, " PTRACE_EVENT_%s", e);
2438 if (WIFSIGNALED(status))
2440 sprintf(buf, "WIFSIGNALED,%ssig=%s",
2441 WCOREDUMP(status) ? "core," : "",
2442 signame(WTERMSIG(status)));
2444 sprintf(buf, "WIFSIGNALED,sig=%s",
2445 signame(WTERMSIG(status)));
2447 if (WIFEXITED(status))
2448 sprintf(buf, "WIFEXITED,exitcode=%u", WEXITSTATUS(status));
2449 if (WIFSTOPPED(status))
2450 sprintf(buf, "WIFSTOPPED,sig=%s", signame(WSTOPSIG(status)));
2452 if (WIFCONTINUED(status))
2453 strcpy(buf, "WIFCONTINUED");
2455 fprintf(stderr, " [wait(0x%04x) = %u] %s\n", status, pid, buf);
2458 /* Look up `pid' in our table. */
2459 if ((tcp = pid2tcb(pid)) == NULL) {
2462 /* This is needed to go with the CLONE_PTRACE
2463 changes in process.c/util.c: we might see
2464 the child's initial trap before we see the
2465 parent return from the clone syscall.
2466 Leave the child suspended until the parent
2467 returns from its system call. Only then
2468 will we have the association of parent and
2469 child so that we know how to do clearbpt
2471 tcp = alloctcb(pid);
2472 tcp->flags |= TCB_ATTACHED | TCB_SUSPENDED;
2475 Process %d attached (waiting for parent)\n",
2479 /* This can happen if a clone call used
2480 CLONE_PTRACE itself. */
2483 if (WIFSTOPPED(status))
2484 ptrace(PTRACE_CONT, pid, (char *) 1, 0);
2485 error_msg_and_die("Unknown pid: %u", pid);
2488 /* set current output file */
2490 curcol = tcp->curcol;
2493 tv_sub(&tcp->dtime, &ru.ru_stime, &tcp->stime);
2494 tcp->stime = ru.ru_stime;
2498 if (tcp->flags & TCB_SUSPENDED) {
2500 * Apparently, doing any ptrace() call on a stopped
2501 * process, provokes the kernel to report the process
2502 * status again on a subsequent wait(), even if the
2503 * process has not been actually restarted.
2504 * Since we have inspected the arguments of suspended
2505 * processes we end up here testing for this case.
2509 if (WIFSIGNALED(status)) {
2510 if (pid == strace_child)
2511 exit_code = 0x100 | WTERMSIG(status);
2512 if (cflag != CFLAG_ONLY_STATS
2513 && (qual_flags[WTERMSIG(status)] & QUAL_SIGNAL)) {
2516 tprintf("+++ killed by %s %s+++",
2517 signame(WTERMSIG(status)),
2518 WCOREDUMP(status) ? "(core dumped) " : "");
2520 tprintf("+++ killed by %s +++",
2521 signame(WTERMSIG(status)));
2525 #ifdef TCB_GROUP_EXITING
2526 handle_group_exit(tcp, -1);
2532 if (WIFEXITED(status)) {
2533 if (pid == strace_child)
2534 exit_code = WEXITSTATUS(status);
2535 if ((tcp->flags & (TCB_ATTACHED|TCB_STARTUP)) == TCB_ATTACHED
2536 #ifdef TCB_GROUP_EXITING
2537 && !(tcp->parent && (tcp->parent->flags & TCB_GROUP_EXITING))
2538 && !(tcp->flags & TCB_GROUP_EXITING)
2542 "PANIC: attached pid %u exited with %d\n",
2543 pid, WEXITSTATUS(status));
2545 if (tcp == tcp_last) {
2546 if ((tcp->flags & (TCB_INSYSCALL|TCB_REPRINT)) == TCB_INSYSCALL)
2547 tprintf(" <unfinished ... exit status %d>\n",
2548 WEXITSTATUS(status));
2551 #ifdef TCB_GROUP_EXITING
2552 handle_group_exit(tcp, -1);
2558 if (!WIFSTOPPED(status)) {
2559 fprintf(stderr, "PANIC: pid %u not stopped\n", pid);
2565 if (handle_ptrace_event(status, tcp) != 1)
2570 * Interestingly, the process may stop
2571 * with STOPSIG equal to some other signal
2572 * than SIGSTOP if we happend to attach
2573 * just before the process takes a signal.
2574 * A no-MMU vforked child won't send up a signal,
2575 * so skip the first (lost) execve notification.
2577 if ((tcp->flags & TCB_STARTUP) &&
2578 (WSTOPSIG(status) == SIGSTOP || strace_vforked)) {
2580 * This flag is there to keep us in sync.
2581 * Next time this process stops it should
2582 * really be entering a system call.
2584 tcp->flags &= ~TCB_STARTUP;
2585 if (tcp->flags & TCB_BPTSET) {
2587 * One example is a breakpoint inherited from
2588 * parent through fork ().
2590 if (clearbpt(tcp) < 0) /* Pretty fatal */ {
2597 /* If options were not set for this tracee yet */
2598 if (tcp->parent == NULL) {
2599 if (ptrace_setoptions) {
2601 fprintf(stderr, "setting opts %x on pid %d\n", ptrace_setoptions, tcp->pid);
2602 if (ptrace(PTRACE_SETOPTIONS, tcp->pid, NULL, ptrace_setoptions) < 0) {
2603 if (errno != ESRCH) {
2604 /* Should never happen, really */
2605 perror_msg_and_die("PTRACE_SETOPTIONS");
2614 if (WSTOPSIG(status) != syscall_trap_sig) {
2615 if (WSTOPSIG(status) == SIGSTOP &&
2616 (tcp->flags & TCB_SIGTRAPPED)) {
2618 * Trapped attempt to block SIGTRAP
2619 * Hope we are back in control now.
2621 tcp->flags &= ~(TCB_INSYSCALL | TCB_SIGTRAPPED);
2622 if (ptrace_restart(PTRACE_SYSCALL, tcp, 0) < 0) {
2628 if (cflag != CFLAG_ONLY_STATS
2629 && (qual_flags[WSTOPSIG(status)] & QUAL_SIGNAL)) {
2631 #if defined(PT_CR_IPSR) && defined(PT_CR_IIP)
2635 upeek(tcp, PT_CR_IPSR, &psr);
2636 upeek(tcp, PT_CR_IIP, &pc);
2639 pc += (psr >> PSR_RI) & 0x3;
2640 # define PC_FORMAT_STR " @ %lx"
2641 # define PC_FORMAT_ARG pc
2643 # define PC_FORMAT_STR "%s"
2644 # define PC_FORMAT_ARG ""
2647 if (ptrace(PTRACE_GETSIGINFO, pid, 0, &si) == 0) {
2649 printsiginfo(&si, verbose(tcp));
2650 tprintf(" (%s)" PC_FORMAT_STR " ---",
2651 strsignal(WSTOPSIG(status)),
2654 tprintf("--- %s by %s" PC_FORMAT_STR " ---",
2655 strsignal(WSTOPSIG(status)),
2656 signame(WSTOPSIG(status)),
2660 if (((tcp->flags & TCB_ATTACHED) ||
2661 tcp->nclone_threads > 0) &&
2662 !sigishandled(tcp, WSTOPSIG(status))) {
2663 #ifdef TCB_GROUP_EXITING
2664 handle_group_exit(tcp, WSTOPSIG(status));
2666 detach(tcp, WSTOPSIG(status));
2670 if (ptrace_restart(PTRACE_SYSCALL, tcp, WSTOPSIG(status)) < 0) {
2674 tcp->flags &= ~TCB_SUSPENDED;
2677 /* we handled the STATUS, we are permitted to interrupt now. */
2680 if (trace_syscall(tcp) < 0 && !tcp->ptrace_errno) {
2681 /* ptrace() failed in trace_syscall() with ESRCH.
2682 * Likely a result of process disappearing mid-flight.
2683 * Observed case: exit_group() terminating
2684 * all processes in thread group. In this case, threads
2685 * "disappear" in an unpredictable moment without any
2686 * notification to strace via wait().
2688 if (tcp->flags & TCB_ATTACHED) {
2690 /* Do we have dangling line "syscall(param, param"?
2691 * Finish the line then.
2693 tcp_last->flags |= TCB_REPRINT;
2694 tprintf(" <unfinished ...>");
2700 tcp->pid, (char *) 1, SIGTERM);
2705 if (tcp->flags & TCB_EXITING) {
2706 #ifdef TCB_GROUP_EXITING
2707 if (tcp->flags & TCB_GROUP_EXITING) {
2708 if (handle_group_exit(tcp, 0) < 0)
2713 if (tcp->flags & TCB_ATTACHED)
2715 else if (ptrace_restart(PTRACE_CONT, tcp, 0) < 0) {
2721 if (tcp->flags & TCB_SUSPENDED) {
2723 fprintf(stderr, "Process %u suspended\n", pid);
2727 /* Remember current print column before continuing. */
2728 tcp->curcol = curcol;
2729 if (ptrace_restart(PTRACE_SYSCALL, tcp, 0) < 0) {
2737 #endif /* !USE_PROCFS */
2740 tprintf(const char *fmt, ...)
2744 va_start(args, fmt);
2746 int n = vfprintf(outf, fmt, args);
2749 perror(outfname == NULL
2750 ? "<writing to pipe>" : outfname);
2759 printleader(struct tcb *tcp)
2762 if (tcp_last->ptrace_errno) {
2763 if (tcp_last->flags & TCB_INSYSCALL) {
2764 tprintf(" <unavailable>) ");
2767 tprintf("= ? <unavailable>\n");
2768 tcp_last->ptrace_errno = 0;
2769 } else if (!outfname || followfork < 2 || tcp_last == tcp) {
2770 tcp_last->flags |= TCB_REPRINT;
2771 tprintf(" <unfinished ...>\n");
2775 if ((followfork == 1 || pflag_seen > 1) && outfname)
2776 tprintf("%-5d ", tcp->pid);
2777 else if (nprocs > 1 && !outfname)
2778 tprintf("[pid %5u] ", tcp->pid);
2780 char str[sizeof("HH:MM:SS")];
2781 struct timeval tv, dtv;
2782 static struct timeval otv;
2784 gettimeofday(&tv, NULL);
2786 if (otv.tv_sec == 0)
2788 tv_sub(&dtv, &tv, &otv);
2789 tprintf("%6ld.%06ld ",
2790 (long) dtv.tv_sec, (long) dtv.tv_usec);
2793 else if (tflag > 2) {
2794 tprintf("%ld.%06ld ",
2795 (long) tv.tv_sec, (long) tv.tv_usec);
2798 time_t local = tv.tv_sec;
2799 strftime(str, sizeof(str), "%T", localtime(&local));
2801 tprintf("%s.%06ld ", str, (long) tv.tv_usec);
2803 tprintf("%s ", str);
2814 tprintf("%*s", col - curcol, "");
2824 #ifdef HAVE_MP_PROCFS
2827 mp_ioctl(int fd, int cmd, void *arg, int size)
2829 struct iovec iov[2];
2832 iov[0].iov_base = &cmd;
2833 iov[0].iov_len = sizeof cmd;
2836 iov[1].iov_base = arg;
2837 iov[1].iov_len = size;
2840 return writev(fd, iov, n);
projects / strace / blob