2 * Copyright (c) 1991, 1992 Paul Kranenburg <pk@cs.few.eur.nl>
3 * Copyright (c) 1993 Branko Lankester <branko@hacktic.nl>
4 * Copyright (c) 1993, 1994, 1995, 1996 Rick Sladkey <jrs@world.std.com>
5 * Copyright (c) 1996-1999 Wichert Akkerman <wichert@cistron.nl>
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. The name of the author may not be used to endorse or promote products
17 * derived from this software without specific prior written permission.
19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
20 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
21 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
22 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
23 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
24 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
25 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
26 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
28 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35 #include <sys/types.h>
38 #include <sys/param.h>
40 #include <sys/resource.h>
50 # include <asm/unistd.h>
51 # if defined __NR_tgkill
52 # define my_tgkill(pid, tid, sig) syscall (__NR_tgkill, (pid), (tid), (sig))
53 # elif defined __NR_tkill
54 # define my_tgkill(pid, tid, sig) syscall (__NR_tkill, (tid), (sig))
56 /* kill() may choose arbitrarily the target task of the process group
57 while we later wait on a that specific TID. PID process waits become
58 TID task specific waits for a process under ptrace(2). */
59 # warning "Neither tkill(2) nor tgkill(2) available, risk of strace hangs!"
60 # define my_tgkill(pid, tid, sig) kill ((tid), (sig))
64 #if defined(IA64) && defined(LINUX)
65 # include <asm/ptrace_offsets.h>
73 #include <sys/stropts.h>
80 extern char **environ;
85 int debug = 0, followfork = 0;
86 unsigned int ptrace_setoptions = 0;
87 int dtime = 0, xflag = 0, qflag = 0;
88 cflag_t cflag = CFLAG_NONE;
89 static int iflag = 0, interactive = 0, pflag_seen = 0, rflag = 0, tflag = 0;
91 * daemonized_tracer supports -D option.
92 * With this option, strace forks twice.
93 * Unlike normal case, with -D *grandparent* process exec's,
94 * becoming a traced process. Child exits (this prevents traced process
95 * from having children it doesn't expect to have), and grandchild
96 * attaches to grandparent similarly to strace -p PID.
97 * This allows for more transparent interaction in cases
98 * when process and its parent are communicating via signals,
99 * wait() etc. Without -D, strace process gets lodged in between,
100 * disrupting parent<->child link.
102 static bool daemonized_tracer = 0;
104 /* Sometimes we want to print only succeeding syscalls. */
105 int not_failing_only = 0;
107 static int exit_code = 0;
108 static int strace_child = 0;
110 static char *username = NULL;
114 int acolumn = DEFAULT_ACOLUMN;
115 int max_strlen = DEFAULT_STRLEN;
116 static char *outfname = NULL;
120 unsigned int nprocs, tcbtabsize;
121 const char *progname;
122 extern char **environ;
124 static int detach(struct tcb *tcp, int sig);
125 static int trace(void);
126 static void cleanup(void);
127 static void interrupt(int sig);
128 static sigset_t empty_set, blocked_set;
130 #ifdef HAVE_SIG_ATOMIC_T
131 static volatile sig_atomic_t interrupted;
132 #else /* !HAVE_SIG_ATOMIC_T */
133 static volatile int interrupted;
134 #endif /* !HAVE_SIG_ATOMIC_T */
138 static struct tcb *pfd2tcb(int pfd);
139 static void reaper(int sig);
140 static void rebuild_pollv(void);
141 static struct pollfd *pollv;
143 #ifndef HAVE_POLLABLE_PROCFS
145 static void proc_poll_open(void);
146 static void proc_poller(int pfd);
154 static int poller_pid;
155 static int proc_poll_pipe[2] = { -1, -1 };
157 #endif /* !HAVE_POLLABLE_PROCFS */
159 #ifdef HAVE_MP_PROCFS
160 #define POLLWANT POLLWRNORM
162 #define POLLWANT POLLPRI
164 #endif /* USE_PROCFS */
172 usage: strace [-CdDffhiqrtttTvVxx] [-a column] [-e expr] ... [-o file]\n\
173 [-p pid] ... [-s strsize] [-u username] [-E var=val] ...\n\
174 [command [arg ...]]\n\
175 or: strace -c [-D] [-e expr] ... [-O overhead] [-S sortby] [-E var=val] ...\n\
176 [command [arg ...]]\n\
177 -c -- count time, calls, and errors for each syscall and report summary\n\
178 -C -- like -c but also print regular output while processes are running\n\
179 -f -- follow forks, -ff -- with output into separate files\n\
180 -F -- attempt to follow vforks, -h -- print help message\n\
181 -i -- print instruction pointer at time of syscall\n\
182 -q -- suppress messages about attaching, detaching, etc.\n\
183 -r -- print relative timestamp, -t -- absolute timestamp, -tt -- with usecs\n\
184 -T -- print time spent in each syscall, -V -- print version\n\
185 -v -- verbose mode: print unabbreviated argv, stat, termio[s], etc. args\n\
186 -x -- print non-ascii strings in hex, -xx -- print all strings in hex\n\
187 -a column -- alignment COLUMN for printing syscall results (default %d)\n\
188 -e expr -- a qualifying expression: option=[!]all or option=[!]val1[,val2]...\n\
189 options: trace, abbrev, verbose, raw, signal, read, or write\n\
190 -o file -- send trace output to FILE instead of stderr\n\
191 -O overhead -- set overhead for tracing syscalls to OVERHEAD usecs\n\
192 -p pid -- trace process with process id PID, may be repeated\n\
193 -D -- run tracer process as a detached grandchild, not as parent\n\
194 -s strsize -- limit length of print strings to STRSIZE chars (default %d)\n\
195 -S sortby -- sort syscall counts by: time, calls, name, nothing (default %s)\n\
196 -u username -- run command as username handling setuid and/or setgid\n\
197 -E var=val -- put var=val in the environment for command\n\
198 -E var -- remove var from the environment for command\n\
199 " /* this is broken, so don't document it
200 -z -- print only succeeding syscalls\n\
202 , DEFAULT_ACOLUMN, DEFAULT_STRLEN, DEFAULT_SORTBY);
215 /* Glue for systems without a MMU that cannot provide fork() */
217 # define strace_vforked 0
219 # define strace_vforked 1
220 # define fork() vfork()
224 set_cloexec_flag(int fd)
228 if ((flags = fcntl(fd, F_GETFD, 0)) < 0)
230 fprintf(stderr, "%s: fcntl F_GETFD: %s\n",
231 progname, strerror(errno));
235 newflags = flags | FD_CLOEXEC;
236 if (flags == newflags)
239 if (fcntl(fd, F_SETFD, newflags) < 0)
241 fprintf(stderr, "%s: fcntl F_SETFD: %s\n",
242 progname, strerror(errno));
250 * When strace is setuid executable, we have to swap uids
251 * before and after filesystem and process management operations.
257 int euid = geteuid(), uid = getuid();
259 if (euid != uid && setreuid(euid, uid) < 0)
261 fprintf(stderr, "%s: setreuid: %s\n",
262 progname, strerror(errno));
269 # define fopen_for_output fopen64
271 # define fopen_for_output fopen
275 strace_fopen(const char *path, const char *mode)
280 if ((fp = fopen_for_output(path, mode)) == NULL)
281 fprintf(stderr, "%s: can't fopen '%s': %s\n",
282 progname, path, strerror(errno));
284 if (fp && set_cloexec_flag(fileno(fp)) < 0)
292 static int popen_pid = -1;
295 # define _PATH_BSHELL "/bin/sh"
299 * We cannot use standard popen(3) here because we have to distinguish
300 * popen child process from other processes we trace, and standard popen(3)
301 * does not export its child's pid.
304 strace_popen(const char *command)
311 fprintf(stderr, "%s: pipe: %s\n",
312 progname, strerror(errno));
317 if (set_cloexec_flag(fds[1]) < 0)
325 if ((popen_pid = fork()) == -1)
327 fprintf(stderr, "%s: fork: %s\n",
328 progname, strerror(errno));
340 return fdopen(fds[1], "w");
345 if (fds[0] && (dup2(fds[0], 0) || close(fds[0])))
347 fprintf(stderr, "%s: dup2: %s\n",
348 progname, strerror(errno));
351 execl(_PATH_BSHELL, "sh", "-c", command, NULL);
352 fprintf(stderr, "%s: execl: %s: %s\n",
353 progname, _PATH_BSHELL, strerror(errno));
359 newoutf(struct tcb *tcp)
361 if (outfname && followfork > 1) {
362 char name[520 + sizeof(int) * 3];
365 sprintf(name, "%.512s.%u", outfname, tcp->pid);
366 if ((fp = strace_fopen(name, "w")) == NULL)
380 * Block user interruptions as we would leave the traced
381 * process stopped (process state T) if we would terminate in
382 * between PTRACE_ATTACH and wait4 () on SIGSTOP.
383 * We rely on cleanup () from this point on.
386 sigprocmask(SIG_BLOCK, &blocked_set, NULL);
388 if (daemonized_tracer) {
393 if (pid) { /* parent */
395 * Wait for child to attach to straced process
396 * (our parent). Child SIGKILLs us after it attached.
397 * Parent's wait() is unblocked by our death,
398 * it proceeds to exec the straced program.
401 _exit(0); /* paranoia */
405 for (tcbi = 0; tcbi < tcbtabsize; tcbi++) {
407 if (!(tcp->flags & TCB_INUSE) || !(tcp->flags & TCB_ATTACHED))
410 if (tcp->flags & TCB_CLONE_THREAD)
413 /* Reinitialize the output since it may have changed. */
415 if (newoutf(tcp) < 0)
419 if (proc_open(tcp, 1) < 0) {
420 fprintf(stderr, "trouble opening proc file\n");
424 #else /* !USE_PROCFS */
426 if (followfork && !daemonized_tracer) {
427 char procdir[sizeof("/proc/%d/task") + sizeof(int) * 3];
430 sprintf(procdir, "/proc/%d/task", tcp->pid);
431 dir = opendir(procdir);
433 unsigned int ntid = 0, nerr = 0;
436 while ((de = readdir(dir)) != NULL) {
437 if (de->d_fileno == 0)
439 tid = atoi(de->d_name);
443 if (ptrace(PTRACE_ATTACH, tid, (char *) 1, 0) < 0)
445 else if (tid != tcbtab[tcbi]->pid) {
447 tcp->flags |= TCB_ATTACHED|TCB_CLONE_THREAD|TCB_FOLLOWFORK;
448 tcbtab[tcbi]->nchildren++;
449 tcbtab[tcbi]->nclone_threads++;
450 tcp->parent = tcbtab[tcbi];
453 sigprocmask(SIG_SETMASK, &empty_set, NULL);
456 sigprocmask(SIG_BLOCK, &blocked_set, NULL);
462 perror("attach: ptrace(PTRACE_ATTACH, ...)");
467 fprintf(stderr, ntid > 1
468 ? "Process %u attached with %u threads - interrupt to quit\n"
469 : "Process %u attached - interrupt to quit\n",
470 tcbtab[tcbi]->pid, ntid);
473 } /* if (opendir worked) */
476 if (ptrace(PTRACE_ATTACH, tcp->pid, (char *) 1, 0) < 0) {
477 perror("attach: ptrace(PTRACE_ATTACH, ...)");
481 /* INTERRUPTED is going to be checked at the top of TRACE. */
483 if (daemonized_tracer) {
485 * It is our grandparent we trace, not a -p PID.
486 * Don't want to just detach on exit, so...
488 tcp->flags &= ~TCB_ATTACHED;
490 * Make parent go away.
491 * Also makes grandparent's wait() unblock.
493 kill(getppid(), SIGKILL);
496 #endif /* !USE_PROCFS */
499 "Process %u attached - interrupt to quit\n",
504 sigprocmask(SIG_SETMASK, &empty_set, NULL);
508 startup_child (char **argv)
511 const char *filename;
512 char pathname[MAXPATHLEN];
517 if (strchr(filename, '/')) {
518 if (strlen(filename) > sizeof pathname - 1) {
519 errno = ENAMETOOLONG;
520 perror("strace: exec");
523 strcpy(pathname, filename);
525 #ifdef USE_DEBUGGING_EXEC
527 * Debuggers customarily check the current directory
528 * first regardless of the path but doing that gives
529 * security geeks a panic attack.
531 else if (stat(filename, &statbuf) == 0)
532 strcpy(pathname, filename);
533 #endif /* USE_DEBUGGING_EXEC */
538 for (path = getenv("PATH"); path && *path; path += m) {
539 if (strchr(path, ':')) {
540 n = strchr(path, ':') - path;
544 m = n = strlen(path);
546 if (!getcwd(pathname, MAXPATHLEN))
548 len = strlen(pathname);
550 else if (n > sizeof pathname - 1)
553 strncpy(pathname, path, n);
556 if (len && pathname[len - 1] != '/')
557 pathname[len++] = '/';
558 strcpy(pathname + len, filename);
559 if (stat(pathname, &statbuf) == 0 &&
560 /* Accept only regular files
561 with some execute bits set.
562 XXX not perfect, might still fail */
563 S_ISREG(statbuf.st_mode) &&
564 (statbuf.st_mode & 0111))
568 if (stat(pathname, &statbuf) < 0) {
569 fprintf(stderr, "%s: %s: command not found\n",
573 strace_child = pid = fork();
575 perror("strace: fork");
579 if ((pid != 0 && daemonized_tracer) /* parent: to become a traced process */
580 || (pid == 0 && !daemonized_tracer) /* child: to become a traced process */
584 if (outf != stderr) close (fileno (outf));
586 /* Kludge for SGI, see proc_open for details. */
587 sa.sa_handler = foobar;
589 sigemptyset(&sa.sa_mask);
590 sigaction(SIGINT, &sa, NULL);
595 kill(pid, SIGSTOP); /* stop HERE */
597 #else /* !USE_PROCFS */
599 close(fileno (outf));
601 if (!daemonized_tracer) {
602 if (ptrace(PTRACE_TRACEME, 0, (char *) 1, 0) < 0) {
603 perror("strace: ptrace(PTRACE_TRACEME, ...)");
610 if (username != NULL || geteuid() == 0) {
611 uid_t run_euid = run_uid;
612 gid_t run_egid = run_gid;
614 if (statbuf.st_mode & S_ISUID)
615 run_euid = statbuf.st_uid;
616 if (statbuf.st_mode & S_ISGID)
617 run_egid = statbuf.st_gid;
620 * It is important to set groups before we
621 * lose privileges on setuid.
623 if (username != NULL) {
624 if (initgroups(username, run_gid) < 0) {
625 perror("initgroups");
628 if (setregid(run_gid, run_egid) < 0) {
632 if (setreuid(run_uid, run_euid) < 0) {
639 setreuid(run_uid, run_uid);
641 if (!daemonized_tracer) {
643 * Induce an immediate stop so that the parent
644 * will resume us with PTRACE_SYSCALL and display
645 * this execve call normally.
646 * Unless of course we're on a no-MMU system where
647 * we vfork()-ed, so we cannot stop the child.
650 kill(getpid(), SIGSTOP);
652 struct sigaction sv_sigchld;
653 sigaction(SIGCHLD, NULL, &sv_sigchld);
655 * Make sure it is not SIG_IGN, otherwise wait
658 signal(SIGCHLD, SIG_DFL);
660 * Wait for grandchild to attach to us.
661 * It kills child after that, and wait() unblocks.
666 sigaction(SIGCHLD, &sv_sigchld, NULL);
668 #endif /* !USE_PROCFS */
670 execv(pathname, argv);
671 perror("strace: exec");
675 /* We are the tracer. */
676 tcp = alloctcb(daemonized_tracer ? getppid() : pid);
677 if (daemonized_tracer) {
678 /* We want subsequent startup_attach() to attach to it. */
679 tcp->flags |= TCB_ATTACHED;
682 if (proc_open(tcp, 0) < 0) {
683 fprintf(stderr, "trouble opening proc file\n");
687 #endif /* USE_PROCFS */
692 * Test whether the kernel support PTRACE_O_TRACECLONE et al options.
693 * First fork a new child, call ptrace with PTRACE_SETOPTIONS on it,
694 * and then see which options are supported by the kernel.
697 test_ptrace_setoptions(void)
701 if ((pid = fork()) < 0)
704 if (ptrace(PTRACE_TRACEME, 0, (char *)1, 0) < 0)
706 kill(getpid(), SIGSTOP);
711 int status, tracee_pid;
713 tracee_pid = wait(&status);
714 if (tracee_pid == -1) {
717 else if (errno == ECHILD)
719 perror("test_ptrace_setoptions");
722 if (tracee_pid != pid) {
724 if (ptrace(PTRACE_CONT, tracee_pid, 0, 0) < 0 &&
726 kill(tracee_pid, SIGKILL);
728 else if (WIFSTOPPED(status)) {
729 const unsigned int test_options = PTRACE_O_TRACECLONE |
732 if (status >> 16 == PTRACE_EVENT_FORK)
733 ptrace_setoptions |= test_options;
734 if (WSTOPSIG(status) == SIGSTOP) {
735 if (ptrace(PTRACE_SETOPTIONS, pid, NULL,
741 if (ptrace(PTRACE_SYSCALL, pid, 0, 0) < 0 &&
751 main(int argc, char *argv[])
758 static char buf[BUFSIZ];
760 progname = argv[0] ? argv[0] : "strace";
762 /* Allocate the initial tcbtab. */
763 tcbtabsize = argc; /* Surely enough for all -p args. */
764 if ((tcbtab = calloc(tcbtabsize, sizeof tcbtab[0])) == NULL) {
765 fprintf(stderr, "%s: out of memory\n", progname);
768 if ((tcbtab[0] = calloc(tcbtabsize, sizeof tcbtab[0][0])) == NULL) {
769 fprintf(stderr, "%s: out of memory\n", progname);
772 for (tcp = tcbtab[0]; tcp < &tcbtab[0][tcbtabsize]; ++tcp)
773 tcbtab[tcp - tcbtab[0]] = &tcbtab[0][tcp - tcbtab[0]];
777 set_sortby(DEFAULT_SORTBY);
778 set_personality(DEFAULT_PERSONALITY);
779 qualify("trace=all");
780 qualify("abbrev=all");
781 qualify("verbose=all");
782 qualify("signal=all");
783 while ((c = getopt(argc, argv,
788 "a:e:o:O:p:s:S:u:E:")) != EOF) {
791 if (cflag == CFLAG_BOTH) {
792 fprintf(stderr, "%s: -c and -C are mutually exclusive options\n",
796 cflag = CFLAG_ONLY_STATS;
799 if (cflag == CFLAG_ONLY_STATS) {
800 fprintf(stderr, "%s: -c and -C are mutually exclusive options\n",
811 daemonized_tracer = 1;
843 qualify("abbrev=none");
846 printf("%s -- version %s\n", PACKAGE_NAME, VERSION);
850 not_failing_only = 1;
853 acolumn = atoi(optarg);
859 outfname = strdup(optarg);
862 set_overhead(atoi(optarg));
865 if ((pid = atoi(optarg)) <= 0) {
866 fprintf(stderr, "%s: Invalid process id: %s\n",
870 if (pid == getpid()) {
871 fprintf(stderr, "%s: I'm sorry, I can't let you do that, Dave.\n", progname);
874 tcp = alloc_tcb(pid, 0);
875 tcp->flags |= TCB_ATTACHED;
879 max_strlen = atoi(optarg);
880 if (max_strlen < 0) {
882 "%s: invalid -s argument: %s\n",
891 username = strdup(optarg);
894 if (putenv(optarg) < 0) {
895 fprintf(stderr, "%s: out of memory\n",
906 if ((optind == argc) == !pflag_seen)
909 if (pflag_seen && daemonized_tracer) {
911 "%s: -D and -p are mutually exclusive options\n",
919 if (followfork > 1 && cflag) {
921 "%s: (-c or -C) and -ff are mutually exclusive options\n",
926 /* See if they want to run as another user. */
927 if (username != NULL) {
930 if (getuid() != 0 || geteuid() != 0) {
932 "%s: you must be root to use the -u option\n",
936 if ((pent = getpwnam(username)) == NULL) {
937 fprintf(stderr, "%s: cannot find user `%s'\n",
941 run_uid = pent->pw_uid;
942 run_gid = pent->pw_gid;
951 if (test_ptrace_setoptions() < 0) {
953 "Test for options supported by PTRACE_SETOPTIONS "
954 "failed, giving up using this feature.\n");
955 ptrace_setoptions = 0;
958 fprintf(stderr, "ptrace_setoptions = %#x\n",
963 /* Check if they want to redirect the output. */
965 /* See if they want to pipe the output. */
966 if (outfname[0] == '|' || outfname[0] == '!') {
968 * We can't do the <outfname>.PID funny business
969 * when using popen, so prohibit it.
971 if (followfork > 1) {
973 %s: piping the output and -ff are mutually exclusive options\n",
978 if ((outf = strace_popen(outfname + 1)) == NULL)
981 else if (followfork <= 1 &&
982 (outf = strace_fopen(outfname, "w")) == NULL)
986 if (!outfname || outfname[0] == '|' || outfname[0] == '!')
987 setvbuf(outf, buf, _IOLBF, BUFSIZ);
988 if (outfname && optind < argc) {
993 /* Valid states here:
994 optind < argc pflag_seen outfname interactive
1001 /* STARTUP_CHILD must be called before the signal handlers get
1002 installed below as they are inherited into the spawned process.
1003 Also we do not need to be protected by them as during interruption
1004 in the STARTUP_CHILD mode we kill the spawned process anyway. */
1006 startup_child(&argv[optind]);
1008 sigemptyset(&empty_set);
1009 sigemptyset(&blocked_set);
1010 sa.sa_handler = SIG_IGN;
1011 sigemptyset(&sa.sa_mask);
1013 sigaction(SIGTTOU, &sa, NULL);
1014 sigaction(SIGTTIN, &sa, NULL);
1016 sigaddset(&blocked_set, SIGHUP);
1017 sigaddset(&blocked_set, SIGINT);
1018 sigaddset(&blocked_set, SIGQUIT);
1019 sigaddset(&blocked_set, SIGPIPE);
1020 sigaddset(&blocked_set, SIGTERM);
1021 sa.sa_handler = interrupt;
1023 /* POSIX signals on sunos4.1 are a little broken. */
1024 sa.sa_flags = SA_INTERRUPT;
1027 sigaction(SIGHUP, &sa, NULL);
1028 sigaction(SIGINT, &sa, NULL);
1029 sigaction(SIGQUIT, &sa, NULL);
1030 sigaction(SIGPIPE, &sa, NULL);
1031 sigaction(SIGTERM, &sa, NULL);
1033 sa.sa_handler = reaper;
1034 sigaction(SIGCHLD, &sa, NULL);
1036 /* Make sure SIGCHLD has the default action so that waitpid
1037 definitely works without losing track of children. The user
1038 should not have given us a bogus state to inherit, but he might
1039 have. Arguably we should detect SIG_IGN here and pass it on
1040 to children, but probably noone really needs that. */
1041 sa.sa_handler = SIG_DFL;
1042 sigaction(SIGCHLD, &sa, NULL);
1043 #endif /* USE_PROCFS */
1045 if (pflag_seen || daemonized_tracer)
1052 if (exit_code > 0xff) {
1053 /* Child was killed by a signal, mimic that. */
1055 signal(exit_code, SIG_DFL);
1057 /* Paranoia - what if this signal is not fatal?
1058 Exit with 128 + signo then. */
1067 /* Allocate some more TCBs and expand the table.
1068 We don't want to relocate the TCBs because our
1069 callers have pointers and it would be a pain.
1070 So tcbtab is a table of pointers. Since we never
1071 free the TCBs, we allocate a single chunk of many. */
1072 struct tcb **newtab = (struct tcb **)
1073 realloc(tcbtab, 2 * tcbtabsize * sizeof tcbtab[0]);
1074 struct tcb *newtcbs = (struct tcb *) calloc(tcbtabsize,
1077 if (newtab == NULL || newtcbs == NULL) {
1078 fprintf(stderr, "%s: expand_tcbtab: out of memory\n",
1083 for (i = tcbtabsize; i < 2 * tcbtabsize; ++i)
1084 newtab[i] = &newtcbs[i - tcbtabsize];
1090 alloc_tcb(int pid, int command_options_parsed)
1095 if (nprocs == tcbtabsize)
1098 for (i = 0; i < tcbtabsize; i++) {
1100 if ((tcp->flags & TCB_INUSE) == 0) {
1105 #ifdef TCB_CLONE_THREAD
1106 tcp->nclone_threads = 0;
1107 tcp->nclone_waiting = 0;
1109 tcp->flags = TCB_INUSE | TCB_STARTUP;
1110 tcp->outf = outf; /* Initialise to current out file */
1112 tcp->stime.tv_sec = 0;
1113 tcp->stime.tv_usec = 0;
1116 if (command_options_parsed)
1121 fprintf(stderr, "%s: bug in alloc_tcb\n", progname);
1128 proc_open(struct tcb *tcp, int attaching)
1138 #ifndef HAVE_POLLABLE_PROCFS
1139 static int last_pfd;
1142 #ifdef HAVE_MP_PROCFS
1143 /* Open the process pseudo-files in /proc. */
1144 sprintf(proc, "/proc/%d/ctl", tcp->pid);
1145 if ((tcp->pfd = open(proc, O_WRONLY|O_EXCL)) < 0) {
1146 perror("strace: open(\"/proc/...\", ...)");
1149 if (set_cloexec_flag(tcp->pfd) < 0) {
1152 sprintf(proc, "/proc/%d/status", tcp->pid);
1153 if ((tcp->pfd_stat = open(proc, O_RDONLY|O_EXCL)) < 0) {
1154 perror("strace: open(\"/proc/...\", ...)");
1157 if (set_cloexec_flag(tcp->pfd_stat) < 0) {
1160 sprintf(proc, "/proc/%d/as", tcp->pid);
1161 if ((tcp->pfd_as = open(proc, O_RDONLY|O_EXCL)) < 0) {
1162 perror("strace: open(\"/proc/...\", ...)");
1165 if (set_cloexec_flag(tcp->pfd_as) < 0) {
1169 /* Open the process pseudo-file in /proc. */
1171 sprintf(proc, "/proc/%d", tcp->pid);
1172 tcp->pfd = open(proc, O_RDWR|O_EXCL);
1174 sprintf(proc, "/proc/%d/mem", tcp->pid);
1175 tcp->pfd = open(proc, O_RDWR);
1176 #endif /* FREEBSD */
1178 perror("strace: open(\"/proc/...\", ...)");
1181 if (set_cloexec_flag(tcp->pfd) < 0) {
1186 sprintf(proc, "/proc/%d/regs", tcp->pid);
1187 if ((tcp->pfd_reg = open(proc, O_RDONLY)) < 0) {
1188 perror("strace: open(\"/proc/.../regs\", ...)");
1192 sprintf(proc, "/proc/%d/status", tcp->pid);
1193 if ((tcp->pfd_status = open(proc, O_RDONLY)) < 0) {
1194 perror("strace: open(\"/proc/.../status\", ...)");
1198 tcp->pfd_status = -1;
1199 #endif /* FREEBSD */
1203 * Wait for the child to pause. Because of a race
1204 * condition we have to poll for the event.
1207 if (IOCTL_STATUS (tcp) < 0) {
1208 perror("strace: PIOCSTATUS");
1211 if (tcp->status.PR_FLAGS & PR_ASLEEP)
1216 /* Stop the process so that we own the stop. */
1217 if (IOCTL(tcp->pfd, PIOCSTOP, (char *)NULL) < 0) {
1218 perror("strace: PIOCSTOP");
1223 /* Set Run-on-Last-Close. */
1225 if (IOCTL(tcp->pfd, PIOCSET, &arg) < 0) {
1226 perror("PIOCSET PR_RLC");
1229 /* Set or Reset Inherit-on-Fork. */
1231 if (IOCTL(tcp->pfd, followfork ? PIOCSET : PIOCRESET, &arg) < 0) {
1232 perror("PIOC{SET,RESET} PR_FORK");
1235 #else /* !PIOCSET */
1237 if (ioctl(tcp->pfd, PIOCSRLC) < 0) {
1241 if (ioctl(tcp->pfd, followfork ? PIOCSFORK : PIOCRFORK) < 0) {
1242 perror("PIOC{S,R}FORK");
1246 /* just unset the PF_LINGER flag for the Run-on-Last-Close. */
1247 if (ioctl(tcp->pfd, PIOCGFL, &arg) < 0) {
1252 if (ioctl(tcp->pfd, PIOCSFL, arg) < 0) {
1256 #endif /* FREEBSD */
1257 #endif /* !PIOCSET */
1259 /* Enable all syscall entries we care about. */
1260 premptyset(&syscalls);
1261 for (i = 1; i < MAX_QUALS; ++i) {
1262 if (i > (sizeof syscalls) * CHAR_BIT) break;
1263 if (qual_flags [i] & QUAL_TRACE) praddset (&syscalls, i);
1265 praddset (&syscalls, SYS_execve);
1267 praddset (&syscalls, SYS_fork);
1269 praddset (&syscalls, SYS_forkall);
1272 praddset (&syscalls, SYS_fork1);
1275 praddset (&syscalls, SYS_rfork1);
1278 praddset (&syscalls, SYS_rforkall);
1281 if (IOCTL(tcp->pfd, PIOCSENTRY, &syscalls) < 0) {
1282 perror("PIOCSENTRY");
1285 /* Enable the syscall exits. */
1286 if (IOCTL(tcp->pfd, PIOCSEXIT, &syscalls) < 0) {
1290 /* Enable signals we care about. */
1291 premptyset(&signals);
1292 for (i = 1; i < MAX_QUALS; ++i) {
1293 if (i > (sizeof signals) * CHAR_BIT) break;
1294 if (qual_flags [i] & QUAL_SIGNAL) praddset (&signals, i);
1296 if (IOCTL(tcp->pfd, PIOCSTRACE, &signals) < 0) {
1297 perror("PIOCSTRACE");
1300 /* Enable faults we care about */
1301 premptyset(&faults);
1302 for (i = 1; i < MAX_QUALS; ++i) {
1303 if (i > (sizeof faults) * CHAR_BIT) break;
1304 if (qual_flags [i] & QUAL_FAULT) praddset (&faults, i);
1306 if (IOCTL(tcp->pfd, PIOCSFAULT, &faults) < 0) {
1307 perror("PIOCSFAULT");
1311 /* set events flags. */
1312 arg = S_SIG | S_SCE | S_SCX ;
1313 if(ioctl(tcp->pfd, PIOCBIS, arg) < 0) {
1317 #endif /* FREEBSD */
1321 * The SGI PRSABORT doesn't work for pause() so
1322 * we send it a caught signal to wake it up.
1324 kill(tcp->pid, SIGINT);
1327 /* The child is in a pause(), abort it. */
1329 if (IOCTL (tcp->pfd, PIOCRUN, &arg) < 0) {
1336 /* wake up the child if it received the SIGSTOP */
1337 kill(tcp->pid, SIGCONT);
1340 /* Wait for the child to do something. */
1341 if (IOCTL_WSTOP (tcp) < 0) {
1342 perror("PIOCWSTOP");
1345 if (tcp->status.PR_WHY == PR_SYSENTRY) {
1346 tcp->flags &= ~TCB_INSYSCALL;
1348 if (known_scno(tcp) == SYS_execve)
1351 /* Set it running: maybe execve will be next. */
1354 if (IOCTL(tcp->pfd, PIOCRUN, &arg) < 0) {
1356 if (IOCTL(tcp->pfd, PIOCRUN, 0) < 0) {
1357 #endif /* FREEBSD */
1362 /* handle the case where we "opened" the child before
1363 it did the kill -STOP */
1364 if (tcp->status.PR_WHY == PR_SIGNALLED &&
1365 tcp->status.PR_WHAT == SIGSTOP)
1366 kill(tcp->pid, SIGCONT);
1373 if (attaching < 2) {
1374 /* We are attaching to an already running process.
1375 * Try to figure out the state of the process in syscalls,
1376 * to handle the first event well.
1377 * This is done by having a look at the "wchan" property of the
1378 * process, which tells where it is stopped (if it is). */
1380 char wchan[20]; /* should be enough */
1382 sprintf(proc, "/proc/%d/status", tcp->pid);
1383 status = fopen(proc, "r");
1385 (fscanf(status, "%*s %*d %*d %*d %*d %*d,%*d %*s %*d,%*d"
1386 "%*d,%*d %*d,%*d %19s", wchan) == 1) &&
1387 strcmp(wchan, "nochan") && strcmp(wchan, "spread") &&
1388 strcmp(wchan, "stopevent")) {
1389 /* The process is asleep in the middle of a syscall.
1390 Fake the syscall entry event */
1391 tcp->flags &= ~(TCB_INSYSCALL|TCB_STARTUP);
1392 tcp->status.PR_WHY = PR_SYSENTRY;
1397 } /* otherwise it's a fork being followed */
1399 #endif /* FREEBSD */
1400 #ifndef HAVE_POLLABLE_PROCFS
1401 if (proc_poll_pipe[0] != -1)
1402 proc_poller(tcp->pfd);
1403 else if (nprocs > 1) {
1405 proc_poller(last_pfd);
1406 proc_poller(tcp->pfd);
1408 last_pfd = tcp->pfd;
1409 #endif /* !HAVE_POLLABLE_PROCFS */
1413 #endif /* USE_PROCFS */
1423 for (i = 0; i < tcbtabsize; i++) {
1424 struct tcb *tcp = tcbtab[i];
1425 if (tcp->pid == pid && (tcp->flags & TCB_INUSE))
1435 first_used_tcb(void)
1439 for (i = 0; i < tcbtabsize; i++) {
1441 if (tcp->flags & TCB_INUSE)
1453 for (i = 0; i < tcbtabsize; i++) {
1454 struct tcb *tcp = tcbtab[i];
1455 if (tcp->pfd != pfd)
1457 if (tcp->flags & TCB_INUSE)
1463 #endif /* USE_PROCFS */
1471 #ifdef TCB_CLONE_THREAD
1472 if (tcp->nclone_threads > 0) {
1473 /* There are other threads left in this process, but this
1474 is the one whose PID represents the whole process.
1475 We need to keep this record around as a zombie until
1476 all the threads die. */
1477 tcp->flags |= TCB_EXITING;
1484 if (tcp->parent != NULL) {
1485 tcp->parent->nchildren--;
1486 #ifdef TCB_CLONE_THREAD
1487 if (tcp->flags & TCB_CLONE_THREAD)
1488 tcp->parent->nclone_threads--;
1490 tcp->parent->nzombies++;
1492 /* Update `tcp->parent->parent->nchildren' and the other fields
1493 like NCLONE_DETACHED, only for zombie group leader that has
1494 already reported and been short-circuited at the top of this
1495 function. The same condition as at the top of DETACH. */
1496 if ((tcp->flags & TCB_CLONE_THREAD) &&
1497 tcp->parent->nclone_threads == 0 &&
1498 (tcp->parent->flags & TCB_EXITING))
1499 droptcb(tcp->parent);
1505 if (tcp->pfd != -1) {
1509 if (tcp->pfd_reg != -1) {
1510 close(tcp->pfd_reg);
1513 if (tcp->pfd_status != -1) {
1514 close(tcp->pfd_status);
1515 tcp->pfd_status = -1;
1517 #endif /* !FREEBSD */
1519 rebuild_pollv(); /* Note, flags needs to be cleared by now. */
1523 if (outfname && followfork > 1 && tcp->outf)
1538 if (!(tcp->flags & TCB_SUSPENDED)) {
1539 fprintf(stderr, "PANIC: pid %u not suspended\n", tcp->pid);
1542 tcp->flags &= ~TCB_SUSPENDED;
1543 #ifdef TCB_CLONE_THREAD
1544 if (tcp->flags & TCB_CLONE_THREAD)
1545 tcp->parent->nclone_waiting--;
1548 if (ptrace_restart(PTRACE_SYSCALL, tcp, 0) < 0)
1552 fprintf(stderr, "Process %u resumed\n", tcp->pid);
1557 resume_from_tcp (struct tcb *tcp)
1562 /* XXX This won't always be quite right (but it never was).
1563 A waiter with argument 0 or < -1 is waiting for any pid in
1564 a particular pgrp, which this child might or might not be
1565 in. The waiter will only wake up if it's argument is -1
1566 or if it's waiting for tcp->pid's pgrp. It makes a
1567 difference to wake up a waiter when there might be more
1568 traced children, because it could get a false ECHILD
1569 error. OTOH, if this was the last child in the pgrp, then
1570 it ought to wake up and get ECHILD. We would have to
1571 search the system for all pid's in the pgrp to be sure.
1573 && (t->waitpid == -1 ||
1574 (t->waitpid == 0 && getpgid (tcp->pid) == getpgid (t->pid))
1575 || (t->waitpid < 0 && t->waitpid == -getpid (t->pid)))
1579 (tcp->parent->flags & TCB_SUSPENDED) &&
1580 (tcp->parent->waitpid <= 0 || tcp->parent->waitpid == tcp->pid)) {
1581 error = resume(tcp->parent);
1584 #ifdef TCB_CLONE_THREAD
1585 if (tcp->parent && tcp->parent->nclone_waiting > 0) {
1586 /* Some other threads of our parent are waiting too. */
1589 /* Resume all the threads that were waiting for this PID. */
1590 for (i = 0; i < tcbtabsize; i++) {
1591 struct tcb *t = tcbtab[i];
1592 if (t->parent == tcp->parent && t != tcp
1593 && ((t->flags & (TCB_CLONE_THREAD|TCB_SUSPENDED))
1594 == (TCB_CLONE_THREAD|TCB_SUSPENDED))
1595 && t->waitpid == tcp->pid) {
1596 error |= resume (t);
1601 /* Noone was waiting for this PID in particular,
1602 so now we might need to resume some wildcarders. */
1603 for (i = 0; i < tcbtabsize; i++) {
1604 struct tcb *t = tcbtab[i];
1605 if (t->parent == tcp->parent && t != tcp
1607 & (TCB_CLONE_THREAD|TCB_SUSPENDED))
1608 == (TCB_CLONE_THREAD|TCB_SUSPENDED))
1611 error |= resume (t);
1621 #endif /* !USE_PROCFS */
1623 /* detach traced process; continue with sig
1624 Never call DETACH twice on the same process as both unattached and
1625 attached-unstopped processes give the same ESRCH. For unattached process we
1626 would SIGSTOP it and wait for its SIGSTOP notification forever. */
1635 int status, catch_sigstop;
1636 struct tcb *zombie = NULL;
1638 /* If the group leader is lingering only because of this other
1639 thread now dying, then detach the leader as well. */
1640 if ((tcp->flags & TCB_CLONE_THREAD) &&
1641 tcp->parent->nclone_threads == 1 &&
1642 (tcp->parent->flags & TCB_EXITING))
1643 zombie = tcp->parent;
1646 if (tcp->flags & TCB_BPTSET)
1651 * Linux wrongly insists the child be stopped
1652 * before detaching. Arghh. We go through hoops
1653 * to make a clean break of things.
1656 #undef PTRACE_DETACH
1657 #define PTRACE_DETACH PTRACE_SUNDETACH
1660 * On TCB_STARTUP we did PTRACE_ATTACH but still did not get the
1661 * expected SIGSTOP. We must catch exactly one as otherwise the
1662 * detached process would be left stopped (process state T).
1664 catch_sigstop = (tcp->flags & TCB_STARTUP);
1665 if ((error = ptrace(PTRACE_DETACH, tcp->pid, (char *) 1, sig)) == 0) {
1666 /* On a clear day, you can see forever. */
1668 else if (errno != ESRCH) {
1669 /* Shouldn't happen. */
1670 perror("detach: ptrace(PTRACE_DETACH, ...)");
1672 else if (my_tgkill((tcp->flags & TCB_CLONE_THREAD ? tcp->parent->pid
1676 perror("detach: checking sanity");
1678 else if (!catch_sigstop && my_tgkill((tcp->flags & TCB_CLONE_THREAD
1679 ? tcp->parent->pid : tcp->pid),
1680 tcp->pid, SIGSTOP) < 0) {
1682 perror("detach: stopping child");
1686 if (catch_sigstop) {
1689 if (wait4(tcp->pid, &status, __WALL, NULL) < 0) {
1690 if (errno == ECHILD) /* Already gone. */
1692 if (errno != EINVAL) {
1693 perror("detach: waiting");
1697 /* No __WALL here. */
1698 if (waitpid(tcp->pid, &status, 0) < 0) {
1699 if (errno != ECHILD) {
1700 perror("detach: waiting");
1704 /* If no processes, try clones. */
1705 if (wait4(tcp->pid, &status, __WCLONE,
1707 if (errno != ECHILD)
1708 perror("detach: waiting");
1711 #endif /* __WCLONE */
1716 if (!WIFSTOPPED(status)) {
1717 /* Au revoir, mon ami. */
1720 if (WSTOPSIG(status) == SIGSTOP) {
1721 ptrace_restart(PTRACE_DETACH, tcp, sig);
1724 error = ptrace_restart(PTRACE_CONT, tcp,
1725 WSTOPSIG(status) == SIGTRAP ? 0
1726 : WSTOPSIG(status));
1734 /* PTRACE_DETACH won't respect `sig' argument, so we post it here. */
1735 if (sig && kill(tcp->pid, sig) < 0)
1736 perror("detach: kill");
1738 error = ptrace_restart(PTRACE_DETACH, tcp, sig);
1742 error |= resume_from_tcp (tcp);
1746 fprintf(stderr, "Process %u detached\n", tcp->pid);
1751 if (zombie != NULL) {
1752 /* TCP no longer exists therefore you must not detach () it. */
1762 static void reaper(int sig)
1767 while ((pid = waitpid(-1, &status, WNOHANG)) > 0) {
1771 #endif /* USE_PROCFS */
1779 for (i = 0; i < tcbtabsize; i++) {
1781 if (!(tcp->flags & TCB_INUSE))
1785 "cleanup: looking at pid %u\n", tcp->pid);
1787 (!outfname || followfork < 2 || tcp_last == tcp)) {
1788 tprintf(" <unfinished ...>");
1791 if (tcp->flags & TCB_ATTACHED)
1794 kill(tcp->pid, SIGCONT);
1795 kill(tcp->pid, SIGTERM);
1809 #ifndef HAVE_STRERROR
1811 #if !HAVE_DECL_SYS_ERRLIST
1812 extern int sys_nerr;
1813 extern char *sys_errlist[];
1814 #endif /* HAVE_DECL_SYS_ERRLIST */
1820 static char buf[64];
1822 if (errno < 1 || errno >= sys_nerr) {
1823 sprintf(buf, "Unknown error %d", errno);
1826 return sys_errlist[errno];
1829 #endif /* HAVE_STERRROR */
1831 #ifndef HAVE_STRSIGNAL
1833 #if defined HAVE_SYS_SIGLIST && !defined HAVE_DECL_SYS_SIGLIST
1834 extern char *sys_siglist[];
1836 #if defined HAVE_SYS__SIGLIST && !defined HAVE_DECL__SYS_SIGLIST
1837 extern char *_sys_siglist[];
1844 static char buf[64];
1846 if (sig < 1 || sig >= NSIG) {
1847 sprintf(buf, "Unknown signal %d", sig);
1850 #ifdef HAVE__SYS_SIGLIST
1851 return _sys_siglist[sig];
1853 return sys_siglist[sig];
1857 #endif /* HAVE_STRSIGNAL */
1868 pollv = (struct pollfd *) malloc(nprocs * sizeof pollv[0]);
1869 if (pollv == NULL) {
1870 fprintf(stderr, "%s: out of memory\n", progname);
1874 for (i = j = 0; i < tcbtabsize; i++) {
1875 struct tcb *tcp = tcbtab[i];
1876 if (!(tcp->flags & TCB_INUSE))
1878 pollv[j].fd = tcp->pfd;
1879 pollv[j].events = POLLWANT;
1883 fprintf(stderr, "strace: proc miscount\n");
1888 #ifndef HAVE_POLLABLE_PROCFS
1895 if (pipe(proc_poll_pipe) < 0) {
1899 for (i = 0; i < 2; i++) {
1900 if (set_cloexec_flag(proc_poll_pipe[i]) < 0) {
1907 proc_poll(pollv, nfds, timeout)
1908 struct pollfd *pollv;
1914 struct proc_pollfd pollinfo;
1916 if ((n = read(proc_poll_pipe[0], &pollinfo, sizeof(pollinfo))) < 0)
1918 if (n != sizeof(struct proc_pollfd)) {
1919 fprintf(stderr, "panic: short read: %d\n", n);
1922 for (i = 0; i < nprocs; i++) {
1923 if (pollv[i].fd == pollinfo.fd)
1924 pollv[i].revents = pollinfo.revents;
1926 pollv[i].revents = 0;
1928 poller_pid = pollinfo.pid;
1942 struct proc_pollfd pollinfo;
1943 struct sigaction sa;
1944 sigset_t blocked_set, empty_set;
1949 struct procfs_status pfs;
1950 #endif /* FREEBSD */
1962 sa.sa_handler = interactive ? SIG_DFL : SIG_IGN;
1964 sigemptyset(&sa.sa_mask);
1965 sigaction(SIGHUP, &sa, NULL);
1966 sigaction(SIGINT, &sa, NULL);
1967 sigaction(SIGQUIT, &sa, NULL);
1968 sigaction(SIGPIPE, &sa, NULL);
1969 sigaction(SIGTERM, &sa, NULL);
1970 sa.sa_handler = wakeup_handler;
1971 sigaction(SIGUSR1, &sa, NULL);
1972 sigemptyset(&blocked_set);
1973 sigaddset(&blocked_set, SIGUSR1);
1974 sigprocmask(SIG_BLOCK, &blocked_set, NULL);
1975 sigemptyset(&empty_set);
1977 if (getrlimit(RLIMIT_NOFILE, &rl) < 0) {
1978 perror("getrlimit(RLIMIT_NOFILE, ...)");
1982 for (i = 0; i < n; i++) {
1983 if (i != pfd && i != proc_poll_pipe[1])
1988 pollinfo.pid = getpid();
1991 if (ioctl(pfd, PIOCWSTOP, NULL) < 0)
1993 if (ioctl(pfd, PIOCWSTOP, &pfs) < 0)
2000 pollinfo.revents = POLLERR;
2003 pollinfo.revents = POLLHUP;
2006 perror("proc_poller: PIOCWSTOP");
2008 write(proc_poll_pipe[1], &pollinfo, sizeof(pollinfo));
2011 pollinfo.revents = POLLWANT;
2012 write(proc_poll_pipe[1], &pollinfo, sizeof(pollinfo));
2013 sigsuspend(&empty_set);
2017 #endif /* !HAVE_POLLABLE_PROCFS */
2027 if (followfork < 2 &&
2028 last < nprocs && (pollv[last].revents & POLLWANT)) {
2030 * The previous process is ready to run again. We'll
2031 * let it do so if it is currently in a syscall. This
2032 * heuristic improves the readability of the trace.
2034 tcp = pfd2tcb(pollv[last].fd);
2035 if (tcp && (tcp->flags & TCB_INSYSCALL))
2036 return pollv[last].fd;
2039 for (i = 0; i < nprocs; i++) {
2040 /* Let competing children run round robin. */
2041 j = (i + last + 1) % nprocs;
2042 if (pollv[j].revents & (POLLHUP | POLLERR)) {
2043 tcp = pfd2tcb(pollv[j].fd);
2045 fprintf(stderr, "strace: lost proc\n");
2051 if (pollv[j].revents & POLLWANT) {
2056 fprintf(stderr, "strace: nothing ready\n");
2064 struct tcb *in_syscall = NULL;
2069 int ioctl_result = 0, ioctl_errno = 0;
2074 sigprocmask(SIG_SETMASK, &empty_set, NULL);
2081 #ifndef HAVE_POLLABLE_PROCFS
2082 if (proc_poll_pipe[0] == -1) {
2084 tcp = first_used_tcb();
2091 #ifndef HAVE_POLLABLE_PROCFS
2093 /* fall through ... */
2094 #endif /* !HAVE_POLLABLE_PROCFS */
2096 #ifdef HAVE_POLLABLE_PROCFS
2098 /* On some systems (e.g. UnixWare) we get too much ugly
2099 "unfinished..." stuff when multiple proceses are in
2100 syscalls. Here's a nasty hack */
2107 pv.events = POLLWANT;
2108 if ((what = poll (&pv, 1, 1)) < 0) {
2113 else if (what == 1 && pv.revents & POLLWANT) {
2119 if (poll(pollv, nprocs, INFTIM) < 0) {
2124 #else /* !HAVE_POLLABLE_PROCFS */
2125 if (proc_poll(pollv, nprocs, INFTIM) < 0) {
2130 #endif /* !HAVE_POLLABLE_PROCFS */
2137 /* Look up `pfd' in our table. */
2138 if ((tcp = pfd2tcb(pfd)) == NULL) {
2139 fprintf(stderr, "unknown pfd: %u\n", pfd);
2145 /* Get the status of the process. */
2148 ioctl_result = IOCTL_WSTOP (tcp);
2150 /* Thanks to some scheduling mystery, the first poller
2151 sometimes waits for the already processed end of fork
2152 event. Doing a non blocking poll here solves the problem. */
2153 if (proc_poll_pipe[0] != -1)
2154 ioctl_result = IOCTL_STATUS (tcp);
2156 ioctl_result = IOCTL_WSTOP (tcp);
2157 #endif /* FREEBSD */
2158 ioctl_errno = errno;
2159 #ifndef HAVE_POLLABLE_PROCFS
2160 if (proc_poll_pipe[0] != -1) {
2161 if (ioctl_result < 0)
2162 kill(poller_pid, SIGKILL);
2164 kill(poller_pid, SIGUSR1);
2166 #endif /* !HAVE_POLLABLE_PROCFS */
2172 sigprocmask(SIG_BLOCK, &blocked_set, NULL);
2174 if (ioctl_result < 0) {
2175 /* Find out what happened if it failed. */
2176 switch (ioctl_errno) {
2187 perror("PIOCWSTOP");
2193 if ((tcp->flags & TCB_STARTUP) && (tcp->status.PR_WHY == PR_SYSEXIT)) {
2194 /* discard first event for a syscall we never entered */
2195 IOCTL (tcp->pfd, PIOCRUN, 0);
2200 /* clear the just started flag */
2201 tcp->flags &= ~TCB_STARTUP;
2203 /* set current output file */
2205 curcol = tcp->curcol;
2208 struct timeval stime;
2213 if ((len = pread(tcp->pfd_status, buf, sizeof(buf) - 1, 0)) > 0) {
2216 "%*s %*d %*d %*d %*d %*d,%*d %*s %*d,%*d %*d,%*d %ld,%ld",
2217 &stime.tv_sec, &stime.tv_usec);
2219 stime.tv_sec = stime.tv_usec = 0;
2220 #else /* !FREEBSD */
2221 stime.tv_sec = tcp->status.pr_stime.tv_sec;
2222 stime.tv_usec = tcp->status.pr_stime.tv_nsec/1000;
2223 #endif /* !FREEBSD */
2224 tv_sub(&tcp->dtime, &stime, &tcp->stime);
2227 what = tcp->status.PR_WHAT;
2228 switch (tcp->status.PR_WHY) {
2231 if (tcp->status.PR_FLAGS & PR_ASLEEP) {
2232 tcp->status.PR_WHY = PR_SYSENTRY;
2233 if (trace_syscall(tcp) < 0) {
2234 fprintf(stderr, "syscall trouble\n");
2239 #endif /* !FREEBSD */
2245 if (trace_syscall(tcp) < 0) {
2246 fprintf(stderr, "syscall trouble\n");
2251 if (cflag != CFLAG_ONLY_STATS
2252 && (qual_flags[what] & QUAL_SIGNAL)) {
2254 tprintf("--- %s (%s) ---",
2255 signame(what), strsignal(what));
2258 if (tcp->status.PR_INFO.si_signo == what) {
2260 tprintf(" siginfo=");
2261 printsiginfo(&tcp->status.PR_INFO, 1);
2268 if (cflag != CFLAGS_ONLY_STATS
2269 && (qual_flags[what] & QUAL_FAULT)) {
2271 tprintf("=== FAULT %d ===", what);
2276 case 0: /* handle case we polled for nothing */
2280 fprintf(stderr, "odd stop %d\n", tcp->status.PR_WHY);
2284 /* Remember current print column before continuing. */
2285 tcp->curcol = curcol;
2288 if (IOCTL (tcp->pfd, PIOCRUN, &arg) < 0)
2290 if (IOCTL (tcp->pfd, PIOCRUN, 0) < 0)
2300 #else /* !USE_PROCFS */
2302 #ifdef TCB_GROUP_EXITING
2303 /* Handle an exit detach or death signal that is taking all the
2304 related clone threads with it. This is called in three circumstances:
2305 SIG == -1 TCP has already died (TCB_ATTACHED is clear, strace is parent).
2306 SIG == 0 Continuing TCP will perform an exit_group syscall.
2307 SIG == other Continuing TCP with SIG will kill the process.
2310 handle_group_exit(struct tcb *tcp, int sig)
2312 /* We need to locate our records of all the clone threads
2313 related to TCP, either its children or siblings. */
2314 struct tcb *leader = NULL;
2316 if (tcp->flags & TCB_CLONE_THREAD)
2317 leader = tcp->parent;
2320 if (leader != NULL && leader != tcp
2321 && !(leader->flags & TCB_GROUP_EXITING)
2322 && !(tcp->flags & TCB_STARTUP)
2325 "PANIC: handle_group_exit: %d leader %d\n",
2326 tcp->pid, leader ? leader->pid : -1);
2328 /* TCP no longer exists therefore you must not detach() it. */
2330 resume_from_tcp(tcp);
2332 droptcb(tcp); /* Already died. */
2335 /* Mark that we are taking the process down. */
2336 tcp->flags |= TCB_EXITING | TCB_GROUP_EXITING;
2337 if (tcp->flags & TCB_ATTACHED) {
2339 if (leader != NULL && leader != tcp)
2340 leader->flags |= TCB_GROUP_EXITING;
2342 if (ptrace_restart(PTRACE_CONT, tcp, sig) < 0) {
2346 if (leader != NULL) {
2347 leader->flags |= TCB_GROUP_EXITING;
2351 /* The leader will report to us as parent now,
2352 and then we'll get to the SIG==-1 case. */
2363 handle_ptrace_event(int status, struct tcb *tcp)
2365 if (status >> 16 == PTRACE_EVENT_VFORK ||
2366 status >> 16 == PTRACE_EVENT_CLONE ||
2367 status >> 16 == PTRACE_EVENT_FORK) {
2370 if (do_ptrace(PTRACE_GETEVENTMSG, tcp, NULL, &childpid) < 0) {
2371 if (errno != ESRCH) {
2373 %s: handle_ptrace_event: ptrace cannot get new child's pid\n",
2380 return handle_new_child(tcp, childpid, 0);
2396 static int wait4_options = __WALL;
2400 while (nprocs != 0) {
2404 sigprocmask(SIG_SETMASK, &empty_set, NULL);
2407 pid = wait4(-1, &status, wait4_options, cflag ? &ru : NULL);
2408 if (pid < 0 && (wait4_options & __WALL) && errno == EINVAL) {
2409 /* this kernel does not support __WALL */
2410 wait4_options &= ~__WALL;
2412 pid = wait4(-1, &status, wait4_options,
2413 cflag ? &ru : NULL);
2415 if (pid < 0 && !(wait4_options & __WALL) && errno == ECHILD) {
2416 /* most likely a "cloned" process */
2417 pid = wait4(-1, &status, __WCLONE,
2418 cflag ? &ru : NULL);
2420 fprintf(stderr, "strace: clone wait4 "
2421 "failed: %s\n", strerror(errno));
2425 pid = wait4(-1, &status, 0, cflag ? &ru : NULL);
2429 pid = wait(&status);
2433 sigprocmask(SIG_BLOCK, &blocked_set, NULL);
2436 switch (wait_errno) {
2441 * We would like to verify this case
2442 * but sometimes a race in Solbourne's
2443 * version of SunOS sometimes reports
2444 * ECHILD before sending us SIGCHILD.
2449 perror("strace: wait");
2453 if (pid == popen_pid) {
2454 if (WIFEXITED(status) || WIFSIGNALED(status))
2459 fprintf(stderr, " [wait(%#x) = %u]\n", status, pid);
2461 /* Look up `pid' in our table. */
2462 if ((tcp = pid2tcb(pid)) == NULL) {
2465 /* This is needed to go with the CLONE_PTRACE
2466 changes in process.c/util.c: we might see
2467 the child's initial trap before we see the
2468 parent return from the clone syscall.
2469 Leave the child suspended until the parent
2470 returns from its system call. Only then
2471 will we have the association of parent and
2472 child so that we know how to do clearbpt
2474 tcp = alloctcb(pid);
2475 tcp->flags |= TCB_ATTACHED | TCB_SUSPENDED;
2478 Process %d attached (waiting for parent)\n",
2482 /* This can happen if a clone call used
2483 CLONE_PTRACE itself. */
2486 fprintf(stderr, "unknown pid: %u\n", pid);
2487 if (WIFSTOPPED(status))
2488 ptrace(PTRACE_CONT, pid, (char *) 1, 0);
2492 /* set current output file */
2494 curcol = tcp->curcol;
2497 tv_sub(&tcp->dtime, &ru.ru_stime, &tcp->stime);
2498 tcp->stime = ru.ru_stime;
2502 if (tcp->flags & TCB_SUSPENDED) {
2504 * Apparently, doing any ptrace() call on a stopped
2505 * process, provokes the kernel to report the process
2506 * status again on a subsequent wait(), even if the
2507 * process has not been actually restarted.
2508 * Since we have inspected the arguments of suspended
2509 * processes we end up here testing for this case.
2513 if (WIFSIGNALED(status)) {
2514 if (pid == strace_child)
2515 exit_code = 0x100 | WTERMSIG(status);
2516 if (cflag != CFLAG_ONLY_STATS
2517 && (qual_flags[WTERMSIG(status)] & QUAL_SIGNAL)) {
2519 tprintf("+++ killed by %s %s+++",
2520 signame(WTERMSIG(status)),
2522 WCOREDUMP(status) ? "(core dumped) " :
2527 #ifdef TCB_GROUP_EXITING
2528 handle_group_exit(tcp, -1);
2534 if (WIFEXITED(status)) {
2535 if (pid == strace_child)
2536 exit_code = WEXITSTATUS(status);
2538 fprintf(stderr, "pid %u exited with %d\n", pid, WEXITSTATUS(status));
2539 if ((tcp->flags & (TCB_ATTACHED|TCB_STARTUP)) == TCB_ATTACHED
2540 #ifdef TCB_GROUP_EXITING
2541 && !(tcp->parent && (tcp->parent->flags & TCB_GROUP_EXITING))
2542 && !(tcp->flags & TCB_GROUP_EXITING)
2546 "PANIC: attached pid %u exited with %d\n",
2547 pid, WEXITSTATUS(status));
2549 if (tcp == tcp_last) {
2550 if ((tcp->flags & (TCB_INSYSCALL|TCB_REPRINT)) == TCB_INSYSCALL)
2551 tprintf(" <unfinished ... exit status %d>\n",
2552 WEXITSTATUS(status));
2555 #ifdef TCB_GROUP_EXITING
2556 handle_group_exit(tcp, -1);
2562 if (!WIFSTOPPED(status)) {
2563 fprintf(stderr, "PANIC: pid %u not stopped\n", pid);
2568 fprintf(stderr, "pid %u stopped, [%s]\n",
2569 pid, signame(WSTOPSIG(status)));
2571 if (ptrace_setoptions && (status >> 16)) {
2572 if (handle_ptrace_event(status, tcp) != 1)
2577 * Interestingly, the process may stop
2578 * with STOPSIG equal to some other signal
2579 * than SIGSTOP if we happend to attach
2580 * just before the process takes a signal.
2581 * A no-MMU vforked child won't send up a signal,
2582 * so skip the first (lost) execve notification.
2584 if ((tcp->flags & TCB_STARTUP) &&
2585 (WSTOPSIG(status) == SIGSTOP || strace_vforked)) {
2587 * This flag is there to keep us in sync.
2588 * Next time this process stops it should
2589 * really be entering a system call.
2591 tcp->flags &= ~TCB_STARTUP;
2592 if (tcp->flags & TCB_BPTSET) {
2594 * One example is a breakpoint inherited from
2595 * parent through fork ().
2597 if (clearbpt(tcp) < 0) /* Pretty fatal */ {
2604 if (followfork && (tcp->parent == NULL) && ptrace_setoptions)
2605 if (ptrace(PTRACE_SETOPTIONS, tcp->pid,
2606 NULL, ptrace_setoptions) < 0 &&
2608 ptrace_setoptions = 0;
2613 if (WSTOPSIG(status) != SIGTRAP) {
2614 if (WSTOPSIG(status) == SIGSTOP &&
2615 (tcp->flags & TCB_SIGTRAPPED)) {
2617 * Trapped attempt to block SIGTRAP
2618 * Hope we are back in control now.
2620 tcp->flags &= ~(TCB_INSYSCALL | TCB_SIGTRAPPED);
2621 if (ptrace_restart(PTRACE_SYSCALL, tcp, 0) < 0) {
2627 if (cflag != CFLAG_ONLY_STATS
2628 && (qual_flags[WSTOPSIG(status)] & QUAL_SIGNAL)) {
2629 unsigned long addr = 0;
2631 #if defined(PT_CR_IPSR) && defined(PT_CR_IIP) && defined(PT_GETSIGINFO)
2636 upeek(tcp, PT_CR_IPSR, &psr);
2637 upeek(tcp, PT_CR_IIP, &pc);
2639 pc += (psr >> PSR_RI) & 0x3;
2640 ptrace(PT_GETSIGINFO, pid, 0, (long) &si);
2641 addr = (unsigned long) si.si_addr;
2642 #elif defined PTRACE_GETSIGINFO
2643 if (WSTOPSIG(status) == SIGSEGV ||
2644 WSTOPSIG(status) == SIGBUS) {
2646 if (ptrace(PTRACE_GETSIGINFO, pid,
2648 addr = (unsigned long)
2653 tprintf("--- %s (%s) @ %lx (%lx) ---",
2654 signame(WSTOPSIG(status)),
2655 strsignal(WSTOPSIG(status)), pc, addr);
2658 if (((tcp->flags & TCB_ATTACHED) ||
2659 tcp->nclone_threads > 0) &&
2660 !sigishandled(tcp, WSTOPSIG(status))) {
2661 #ifdef TCB_GROUP_EXITING
2662 handle_group_exit(tcp, WSTOPSIG(status));
2664 detach(tcp, WSTOPSIG(status));
2668 if (ptrace_restart(PTRACE_SYSCALL, tcp, WSTOPSIG(status)) < 0) {
2672 tcp->flags &= ~TCB_SUSPENDED;
2675 /* we handled the STATUS, we are permitted to interrupt now. */
2678 if (trace_syscall(tcp) < 0 && !tcp->ptrace_errno) {
2679 /* ptrace() failed in trace_syscall() with ESRCH.
2680 * Likely a result of process disappearing mid-flight.
2681 * Observed case: exit_group() terminating
2682 * all processes in thread group. In this case, threads
2683 * "disappear" in an unpredictable moment without any
2684 * notification to strace via wait().
2686 if (tcp->flags & TCB_ATTACHED) {
2688 /* Do we have dangling line "syscall(param, param"?
2689 * Finish the line then. We cannot
2691 tcp_last->flags |= TCB_REPRINT;
2692 tprintf(" <unfinished ...>");
2698 tcp->pid, (char *) 1, SIGTERM);
2703 if (tcp->flags & TCB_EXITING) {
2704 #ifdef TCB_GROUP_EXITING
2705 if (tcp->flags & TCB_GROUP_EXITING) {
2706 if (handle_group_exit(tcp, 0) < 0)
2711 if (tcp->flags & TCB_ATTACHED)
2713 else if (ptrace_restart(PTRACE_CONT, tcp, 0) < 0) {
2719 if (tcp->flags & TCB_SUSPENDED) {
2721 fprintf(stderr, "Process %u suspended\n", pid);
2725 /* Remember current print column before continuing. */
2726 tcp->curcol = curcol;
2727 if (ptrace_restart(PTRACE_SYSCALL, tcp, 0) < 0) {
2735 #endif /* !USE_PROCFS */
2740 tprintf(const char *fmt, ...)
2744 va_start(args, fmt);
2746 int n = vfprintf(outf, fmt, args);
2749 perror(outfname == NULL
2750 ? "<writing to pipe>" : outfname);
2763 if (tcp_last->ptrace_errno) {
2764 if (tcp_last->flags & TCB_INSYSCALL) {
2765 tprintf(" <unavailable>)");
2768 tprintf("= ? <unavailable>\n");
2769 tcp_last->ptrace_errno = 0;
2770 } else if (!outfname || followfork < 2 || tcp_last == tcp) {
2771 tcp_last->flags |= TCB_REPRINT;
2772 tprintf(" <unfinished ...>\n");
2776 if ((followfork == 1 || pflag_seen > 1) && outfname)
2777 tprintf("%-5d ", tcp->pid);
2778 else if (nprocs > 1 && !outfname)
2779 tprintf("[pid %5u] ", tcp->pid);
2781 char str[sizeof("HH:MM:SS")];
2782 struct timeval tv, dtv;
2783 static struct timeval otv;
2785 gettimeofday(&tv, NULL);
2787 if (otv.tv_sec == 0)
2789 tv_sub(&dtv, &tv, &otv);
2790 tprintf("%6ld.%06ld ",
2791 (long) dtv.tv_sec, (long) dtv.tv_usec);
2794 else if (tflag > 2) {
2795 tprintf("%ld.%06ld ",
2796 (long) tv.tv_sec, (long) tv.tv_usec);
2799 time_t local = tv.tv_sec;
2800 strftime(str, sizeof(str), "%T", localtime(&local));
2802 tprintf("%s.%06ld ", str, (long) tv.tv_usec);
2804 tprintf("%s ", str);
2816 tprintf("%*s", col - curcol, "");
2826 #ifdef HAVE_MP_PROCFS
2829 mp_ioctl(int fd, int cmd, void *arg, int size)
2831 struct iovec iov[2];
2834 iov[0].iov_base = &cmd;
2835 iov[0].iov_len = sizeof cmd;
2838 iov[1].iov_base = arg;
2839 iov[1].iov_len = size;
2842 return writev(fd, iov, n);