2 * Copyright (c) 1991, 1992 Paul Kranenburg <pk@cs.few.eur.nl>
3 * Copyright (c) 1993 Branko Lankester <branko@hacktic.nl>
4 * Copyright (c) 1993, 1994, 1995, 1996 Rick Sladkey <jrs@world.std.com>
5 * Copyright (c) 1996-1999 Wichert Akkerman <wichert@cistron.nl>
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. The name of the author may not be used to endorse or promote products
17 * derived from this software without specific prior written permission.
19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
20 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
21 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
22 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
23 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
24 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
25 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
26 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
28 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35 #include <sys/types.h>
38 #include <sys/param.h>
40 #include <sys/resource.h>
50 # include <asm/unistd.h>
51 # if defined __NR_tgkill
52 # define my_tgkill(pid, tid, sig) syscall (__NR_tgkill, (pid), (tid), (sig))
53 # elif defined __NR_tkill
54 # define my_tgkill(pid, tid, sig) syscall (__NR_tkill, (tid), (sig))
56 /* kill() may choose arbitrarily the target task of the process group
57 while we later wait on a that specific TID. PID process waits become
58 TID task specific waits for a process under ptrace(2). */
59 # warning "Neither tkill(2) nor tgkill(2) available, risk of strace hangs!"
60 # define my_tgkill(pid, tid, sig) kill ((tid), (sig))
64 #if defined(IA64) && defined(LINUX)
65 # include <asm/ptrace_offsets.h>
73 #include <sys/stropts.h>
80 extern char **environ;
85 int debug = 0, followfork = 0;
86 unsigned int ptrace_setoptions = 0;
87 int dtime = 0, xflag = 0, qflag = 0;
88 cflag_t cflag = CFLAG_NONE;
89 static int iflag = 0, interactive = 0, pflag_seen = 0, rflag = 0, tflag = 0;
91 * daemonized_tracer supports -D option.
92 * With this option, strace forks twice.
93 * Unlike normal case, with -D *grandparent* process exec's,
94 * becoming a traced process. Child exits (this prevents traced process
95 * from having children it doesn't expect to have), and grandchild
96 * attaches to grandparent similarly to strace -p PID.
97 * This allows for more transparent interaction in cases
98 * when process and its parent are communicating via signals,
99 * wait() etc. Without -D, strace process gets lodged in between,
100 * disrupting parent<->child link.
102 static bool daemonized_tracer = 0;
104 /* Sometimes we want to print only succeeding syscalls. */
105 int not_failing_only = 0;
107 static int exit_code = 0;
108 static int strace_child = 0;
110 static char *username = NULL;
114 int acolumn = DEFAULT_ACOLUMN;
115 int max_strlen = DEFAULT_STRLEN;
116 static char *outfname = NULL;
120 unsigned int nprocs, tcbtabsize;
121 const char *progname;
122 extern char **environ;
124 static int detach(struct tcb *tcp, int sig);
125 static int trace(void);
126 static void cleanup(void);
127 static void interrupt(int sig);
128 static sigset_t empty_set, blocked_set;
130 #ifdef HAVE_SIG_ATOMIC_T
131 static volatile sig_atomic_t interrupted;
132 #else /* !HAVE_SIG_ATOMIC_T */
133 static volatile int interrupted;
134 #endif /* !HAVE_SIG_ATOMIC_T */
138 static struct tcb *pfd2tcb(int pfd);
139 static void reaper(int sig);
140 static void rebuild_pollv(void);
141 static struct pollfd *pollv;
143 #ifndef HAVE_POLLABLE_PROCFS
145 static void proc_poll_open(void);
146 static void proc_poller(int pfd);
154 static int poller_pid;
155 static int proc_poll_pipe[2] = { -1, -1 };
157 #endif /* !HAVE_POLLABLE_PROCFS */
159 #ifdef HAVE_MP_PROCFS
160 #define POLLWANT POLLWRNORM
162 #define POLLWANT POLLPRI
164 #endif /* USE_PROCFS */
172 usage: strace [-CdDffhiqrtttTvVxx] [-a column] [-e expr] ... [-o file]\n\
173 [-p pid] ... [-s strsize] [-u username] [-E var=val] ...\n\
174 [command [arg ...]]\n\
175 or: strace -c [-D] [-e expr] ... [-O overhead] [-S sortby] [-E var=val] ...\n\
176 [command [arg ...]]\n\
177 -c -- count time, calls, and errors for each syscall and report summary\n\
178 -C -- like -c but also print regular output while processes are running\n\
179 -f -- follow forks, -ff -- with output into separate files\n\
180 -F -- attempt to follow vforks, -h -- print help message\n\
181 -i -- print instruction pointer at time of syscall\n\
182 -q -- suppress messages about attaching, detaching, etc.\n\
183 -r -- print relative timestamp, -t -- absolute timestamp, -tt -- with usecs\n\
184 -T -- print time spent in each syscall, -V -- print version\n\
185 -v -- verbose mode: print unabbreviated argv, stat, termio[s], etc. args\n\
186 -x -- print non-ascii strings in hex, -xx -- print all strings in hex\n\
187 -a column -- alignment COLUMN for printing syscall results (default %d)\n\
188 -e expr -- a qualifying expression: option=[!]all or option=[!]val1[,val2]...\n\
189 options: trace, abbrev, verbose, raw, signal, read, or write\n\
190 -o file -- send trace output to FILE instead of stderr\n\
191 -O overhead -- set overhead for tracing syscalls to OVERHEAD usecs\n\
192 -p pid -- trace process with process id PID, may be repeated\n\
193 -D -- run tracer process as a detached grandchild, not as parent\n\
194 -s strsize -- limit length of print strings to STRSIZE chars (default %d)\n\
195 -S sortby -- sort syscall counts by: time, calls, name, nothing (default %s)\n\
196 -u username -- run command as username handling setuid and/or setgid\n\
197 -E var=val -- put var=val in the environment for command\n\
198 -E var -- remove var from the environment for command\n\
199 " /* this is broken, so don't document it
200 -z -- print only succeeding syscalls\n\
202 , DEFAULT_ACOLUMN, DEFAULT_STRLEN, DEFAULT_SORTBY);
215 /* Glue for systems without a MMU that cannot provide fork() */
217 # define strace_vforked 0
219 # define strace_vforked 1
220 # define fork() vfork()
224 set_cloexec_flag(int fd)
228 if ((flags = fcntl(fd, F_GETFD, 0)) < 0)
230 fprintf(stderr, "%s: fcntl F_GETFD: %s\n",
231 progname, strerror(errno));
235 newflags = flags | FD_CLOEXEC;
236 if (flags == newflags)
239 if (fcntl(fd, F_SETFD, newflags) < 0)
241 fprintf(stderr, "%s: fcntl F_SETFD: %s\n",
242 progname, strerror(errno));
250 * When strace is setuid executable, we have to swap uids
251 * before and after filesystem and process management operations.
257 int euid = geteuid(), uid = getuid();
259 if (euid != uid && setreuid(euid, uid) < 0)
261 fprintf(stderr, "%s: setreuid: %s\n",
262 progname, strerror(errno));
269 # define fopen_for_output fopen64
271 # define fopen_for_output fopen
275 strace_fopen(const char *path, const char *mode)
280 if ((fp = fopen_for_output(path, mode)) == NULL)
281 fprintf(stderr, "%s: can't fopen '%s': %s\n",
282 progname, path, strerror(errno));
284 if (fp && set_cloexec_flag(fileno(fp)) < 0)
292 static int popen_pid = -1;
295 # define _PATH_BSHELL "/bin/sh"
299 * We cannot use standard popen(3) here because we have to distinguish
300 * popen child process from other processes we trace, and standard popen(3)
301 * does not export its child's pid.
304 strace_popen(const char *command)
311 fprintf(stderr, "%s: pipe: %s\n",
312 progname, strerror(errno));
317 if (set_cloexec_flag(fds[1]) < 0)
325 if ((popen_pid = fork()) == -1)
327 fprintf(stderr, "%s: fork: %s\n",
328 progname, strerror(errno));
340 return fdopen(fds[1], "w");
345 if (fds[0] && (dup2(fds[0], 0) || close(fds[0])))
347 fprintf(stderr, "%s: dup2: %s\n",
348 progname, strerror(errno));
351 execl(_PATH_BSHELL, "sh", "-c", command, NULL);
352 fprintf(stderr, "%s: execl: %s: %s\n",
353 progname, _PATH_BSHELL, strerror(errno));
359 newoutf(struct tcb *tcp)
361 if (outfname && followfork > 1) {
362 char name[520 + sizeof(int) * 3];
365 sprintf(name, "%.512s.%u", outfname, tcp->pid);
366 if ((fp = strace_fopen(name, "w")) == NULL)
380 * Block user interruptions as we would leave the traced
381 * process stopped (process state T) if we would terminate in
382 * between PTRACE_ATTACH and wait4 () on SIGSTOP.
383 * We rely on cleanup () from this point on.
386 sigprocmask(SIG_BLOCK, &blocked_set, NULL);
388 if (daemonized_tracer) {
393 if (pid) { /* parent */
395 * Wait for child to attach to straced process
396 * (our parent). Child SIGKILLs us after it attached.
397 * Parent's wait() is unblocked by our death,
398 * it proceeds to exec the straced program.
401 _exit(0); /* paranoia */
405 for (tcbi = 0; tcbi < tcbtabsize; tcbi++) {
407 if (!(tcp->flags & TCB_INUSE) || !(tcp->flags & TCB_ATTACHED))
410 if (tcp->flags & TCB_CLONE_THREAD)
413 /* Reinitialize the output since it may have changed. */
415 if (newoutf(tcp) < 0)
419 if (proc_open(tcp, 1) < 0) {
420 fprintf(stderr, "trouble opening proc file\n");
424 #else /* !USE_PROCFS */
426 if (followfork && !daemonized_tracer) {
427 char procdir[sizeof("/proc/%d/task") + sizeof(int) * 3];
430 sprintf(procdir, "/proc/%d/task", tcp->pid);
431 dir = opendir(procdir);
433 unsigned int ntid = 0, nerr = 0;
436 while ((de = readdir(dir)) != NULL) {
437 if (de->d_fileno == 0)
439 tid = atoi(de->d_name);
443 if (ptrace(PTRACE_ATTACH, tid, (char *) 1, 0) < 0)
445 else if (tid != tcbtab[tcbi]->pid) {
447 tcp->flags |= TCB_ATTACHED|TCB_CLONE_THREAD|TCB_FOLLOWFORK;
448 tcbtab[tcbi]->nchildren++;
449 tcbtab[tcbi]->nclone_threads++;
450 tcp->parent = tcbtab[tcbi];
453 sigprocmask(SIG_SETMASK, &empty_set, NULL);
456 sigprocmask(SIG_BLOCK, &blocked_set, NULL);
462 perror("attach: ptrace(PTRACE_ATTACH, ...)");
467 fprintf(stderr, ntid > 1
468 ? "Process %u attached with %u threads - interrupt to quit\n"
469 : "Process %u attached - interrupt to quit\n",
470 tcbtab[tcbi]->pid, ntid);
473 } /* if (opendir worked) */
476 if (ptrace(PTRACE_ATTACH, tcp->pid, (char *) 1, 0) < 0) {
477 perror("attach: ptrace(PTRACE_ATTACH, ...)");
481 /* INTERRUPTED is going to be checked at the top of TRACE. */
483 if (daemonized_tracer) {
485 * It is our grandparent we trace, not a -p PID.
486 * Don't want to just detach on exit, so...
488 tcp->flags &= ~TCB_ATTACHED;
490 * Make parent go away.
491 * Also makes grandparent's wait() unblock.
493 kill(getppid(), SIGKILL);
496 #endif /* !USE_PROCFS */
499 "Process %u attached - interrupt to quit\n",
504 sigprocmask(SIG_SETMASK, &empty_set, NULL);
508 startup_child (char **argv)
511 const char *filename;
512 char pathname[MAXPATHLEN];
517 if (strchr(filename, '/')) {
518 if (strlen(filename) > sizeof pathname - 1) {
519 errno = ENAMETOOLONG;
520 perror("strace: exec");
523 strcpy(pathname, filename);
525 #ifdef USE_DEBUGGING_EXEC
527 * Debuggers customarily check the current directory
528 * first regardless of the path but doing that gives
529 * security geeks a panic attack.
531 else if (stat(filename, &statbuf) == 0)
532 strcpy(pathname, filename);
533 #endif /* USE_DEBUGGING_EXEC */
538 for (path = getenv("PATH"); path && *path; path += m) {
539 if (strchr(path, ':')) {
540 n = strchr(path, ':') - path;
544 m = n = strlen(path);
546 if (!getcwd(pathname, MAXPATHLEN))
548 len = strlen(pathname);
550 else if (n > sizeof pathname - 1)
553 strncpy(pathname, path, n);
556 if (len && pathname[len - 1] != '/')
557 pathname[len++] = '/';
558 strcpy(pathname + len, filename);
559 if (stat(pathname, &statbuf) == 0 &&
560 /* Accept only regular files
561 with some execute bits set.
562 XXX not perfect, might still fail */
563 S_ISREG(statbuf.st_mode) &&
564 (statbuf.st_mode & 0111))
568 if (stat(pathname, &statbuf) < 0) {
569 fprintf(stderr, "%s: %s: command not found\n",
573 strace_child = pid = fork();
575 perror("strace: fork");
579 if ((pid != 0 && daemonized_tracer) /* parent: to become a traced process */
580 || (pid == 0 && !daemonized_tracer) /* child: to become a traced process */
584 if (outf != stderr) close (fileno (outf));
586 /* Kludge for SGI, see proc_open for details. */
587 sa.sa_handler = foobar;
589 sigemptyset(&sa.sa_mask);
590 sigaction(SIGINT, &sa, NULL);
595 kill(pid, SIGSTOP); /* stop HERE */
597 #else /* !USE_PROCFS */
599 close(fileno (outf));
601 if (!daemonized_tracer) {
602 if (ptrace(PTRACE_TRACEME, 0, (char *) 1, 0) < 0) {
603 perror("strace: ptrace(PTRACE_TRACEME, ...)");
610 if (username != NULL || geteuid() == 0) {
611 uid_t run_euid = run_uid;
612 gid_t run_egid = run_gid;
614 if (statbuf.st_mode & S_ISUID)
615 run_euid = statbuf.st_uid;
616 if (statbuf.st_mode & S_ISGID)
617 run_egid = statbuf.st_gid;
620 * It is important to set groups before we
621 * lose privileges on setuid.
623 if (username != NULL) {
624 if (initgroups(username, run_gid) < 0) {
625 perror("initgroups");
628 if (setregid(run_gid, run_egid) < 0) {
632 if (setreuid(run_uid, run_euid) < 0) {
639 setreuid(run_uid, run_uid);
641 if (!daemonized_tracer) {
643 * Induce an immediate stop so that the parent
644 * will resume us with PTRACE_SYSCALL and display
645 * this execve call normally.
646 * Unless of course we're on a no-MMU system where
647 * we vfork()-ed, so we cannot stop the child.
650 kill(getpid(), SIGSTOP);
652 struct sigaction sv_sigchld;
653 sigaction(SIGCHLD, NULL, &sv_sigchld);
655 * Make sure it is not SIG_IGN, otherwise wait
658 signal(SIGCHLD, SIG_DFL);
660 * Wait for grandchild to attach to us.
661 * It kills child after that, and wait() unblocks.
666 sigaction(SIGCHLD, &sv_sigchld, NULL);
668 #endif /* !USE_PROCFS */
670 execv(pathname, argv);
671 perror("strace: exec");
675 /* We are the tracer. */
676 tcp = alloctcb(daemonized_tracer ? getppid() : pid);
677 if (daemonized_tracer) {
678 /* We want subsequent startup_attach() to attach to it. */
679 tcp->flags |= TCB_ATTACHED;
682 if (proc_open(tcp, 0) < 0) {
683 fprintf(stderr, "trouble opening proc file\n");
687 #endif /* USE_PROCFS */
692 * Test whether the kernel support PTRACE_O_TRACECLONE et al options.
693 * First fork a new child, call ptrace with PTRACE_SETOPTIONS on it,
694 * and then see which options are supported by the kernel.
697 test_ptrace_setoptions(void)
701 if ((pid = fork()) < 0)
704 if (ptrace(PTRACE_TRACEME, 0, (char *)1, 0) < 0)
706 kill(getpid(), SIGSTOP);
711 int status, tracee_pid;
713 tracee_pid = wait(&status);
714 if (tracee_pid == -1) {
717 else if (errno == ECHILD)
719 perror("test_ptrace_setoptions");
722 if (tracee_pid != pid) {
724 if (ptrace(PTRACE_CONT, tracee_pid, 0, 0) < 0 &&
726 kill(tracee_pid, SIGKILL);
728 else if (WIFSTOPPED(status)) {
729 if (status >> 16 == PTRACE_EVENT_FORK)
730 ptrace_setoptions |= (PTRACE_O_TRACEVFORK |
731 PTRACE_O_TRACECLONE |
733 if (WSTOPSIG(status) == SIGSTOP) {
734 if (ptrace(PTRACE_SETOPTIONS, pid, NULL,
735 PTRACE_O_TRACEFORK) < 0) {
740 if (ptrace(PTRACE_SYSCALL, pid, 0, 0) < 0 &&
750 main(int argc, char *argv[])
757 static char buf[BUFSIZ];
759 progname = argv[0] ? argv[0] : "strace";
761 /* Allocate the initial tcbtab. */
762 tcbtabsize = argc; /* Surely enough for all -p args. */
763 if ((tcbtab = calloc(tcbtabsize, sizeof tcbtab[0])) == NULL) {
764 fprintf(stderr, "%s: out of memory\n", progname);
767 if ((tcbtab[0] = calloc(tcbtabsize, sizeof tcbtab[0][0])) == NULL) {
768 fprintf(stderr, "%s: out of memory\n", progname);
771 for (tcp = tcbtab[0]; tcp < &tcbtab[0][tcbtabsize]; ++tcp)
772 tcbtab[tcp - tcbtab[0]] = &tcbtab[0][tcp - tcbtab[0]];
776 set_sortby(DEFAULT_SORTBY);
777 set_personality(DEFAULT_PERSONALITY);
778 qualify("trace=all");
779 qualify("abbrev=all");
780 qualify("verbose=all");
781 qualify("signal=all");
782 while ((c = getopt(argc, argv,
787 "a:e:o:O:p:s:S:u:E:")) != EOF) {
790 if (cflag == CFLAG_BOTH) {
791 fprintf(stderr, "%s: -c and -C are mutually exclusive options\n",
795 cflag = CFLAG_ONLY_STATS;
798 if (cflag == CFLAG_ONLY_STATS) {
799 fprintf(stderr, "%s: -c and -C are mutually exclusive options\n",
810 daemonized_tracer = 1;
842 qualify("abbrev=none");
845 printf("%s -- version %s\n", PACKAGE_NAME, VERSION);
849 not_failing_only = 1;
852 acolumn = atoi(optarg);
858 outfname = strdup(optarg);
861 set_overhead(atoi(optarg));
864 if ((pid = atoi(optarg)) <= 0) {
865 fprintf(stderr, "%s: Invalid process id: %s\n",
869 if (pid == getpid()) {
870 fprintf(stderr, "%s: I'm sorry, I can't let you do that, Dave.\n", progname);
873 tcp = alloc_tcb(pid, 0);
874 tcp->flags |= TCB_ATTACHED;
878 max_strlen = atoi(optarg);
879 if (max_strlen < 0) {
881 "%s: invalid -s argument: %s\n",
890 username = strdup(optarg);
893 if (putenv(optarg) < 0) {
894 fprintf(stderr, "%s: out of memory\n",
905 if ((optind == argc) == !pflag_seen)
908 if (pflag_seen && daemonized_tracer) {
910 "%s: -D and -p are mutually exclusive options\n",
918 if (followfork > 1 && cflag) {
920 "%s: (-c or -C) and -ff are mutually exclusive options\n",
925 /* See if they want to run as another user. */
926 if (username != NULL) {
929 if (getuid() != 0 || geteuid() != 0) {
931 "%s: you must be root to use the -u option\n",
935 if ((pent = getpwnam(username)) == NULL) {
936 fprintf(stderr, "%s: cannot find user `%s'\n",
940 run_uid = pent->pw_uid;
941 run_gid = pent->pw_gid;
950 if (test_ptrace_setoptions() < 0) {
952 "Test for options supported by PTRACE_SETOPTIONS "
953 "failed, giving up using this feature.\n");
954 ptrace_setoptions = 0;
957 fprintf(stderr, "ptrace_setoptions = %#x\n",
962 /* Check if they want to redirect the output. */
964 /* See if they want to pipe the output. */
965 if (outfname[0] == '|' || outfname[0] == '!') {
967 * We can't do the <outfname>.PID funny business
968 * when using popen, so prohibit it.
970 if (followfork > 1) {
972 %s: piping the output and -ff are mutually exclusive options\n",
977 if ((outf = strace_popen(outfname + 1)) == NULL)
980 else if (followfork <= 1 &&
981 (outf = strace_fopen(outfname, "w")) == NULL)
985 if (!outfname || outfname[0] == '|' || outfname[0] == '!')
986 setvbuf(outf, buf, _IOLBF, BUFSIZ);
987 if (outfname && optind < argc) {
992 /* Valid states here:
993 optind < argc pflag_seen outfname interactive
1000 /* STARTUP_CHILD must be called before the signal handlers get
1001 installed below as they are inherited into the spawned process.
1002 Also we do not need to be protected by them as during interruption
1003 in the STARTUP_CHILD mode we kill the spawned process anyway. */
1005 startup_child(&argv[optind]);
1007 sigemptyset(&empty_set);
1008 sigemptyset(&blocked_set);
1009 sa.sa_handler = SIG_IGN;
1010 sigemptyset(&sa.sa_mask);
1012 sigaction(SIGTTOU, &sa, NULL);
1013 sigaction(SIGTTIN, &sa, NULL);
1015 sigaddset(&blocked_set, SIGHUP);
1016 sigaddset(&blocked_set, SIGINT);
1017 sigaddset(&blocked_set, SIGQUIT);
1018 sigaddset(&blocked_set, SIGPIPE);
1019 sigaddset(&blocked_set, SIGTERM);
1020 sa.sa_handler = interrupt;
1022 /* POSIX signals on sunos4.1 are a little broken. */
1023 sa.sa_flags = SA_INTERRUPT;
1026 sigaction(SIGHUP, &sa, NULL);
1027 sigaction(SIGINT, &sa, NULL);
1028 sigaction(SIGQUIT, &sa, NULL);
1029 sigaction(SIGPIPE, &sa, NULL);
1030 sigaction(SIGTERM, &sa, NULL);
1032 sa.sa_handler = reaper;
1033 sigaction(SIGCHLD, &sa, NULL);
1035 /* Make sure SIGCHLD has the default action so that waitpid
1036 definitely works without losing track of children. The user
1037 should not have given us a bogus state to inherit, but he might
1038 have. Arguably we should detect SIG_IGN here and pass it on
1039 to children, but probably noone really needs that. */
1040 sa.sa_handler = SIG_DFL;
1041 sigaction(SIGCHLD, &sa, NULL);
1042 #endif /* USE_PROCFS */
1044 if (pflag_seen || daemonized_tracer)
1051 if (exit_code > 0xff) {
1052 /* Child was killed by a signal, mimic that. */
1054 signal(exit_code, SIG_DFL);
1056 /* Paranoia - what if this signal is not fatal?
1057 Exit with 128 + signo then. */
1066 /* Allocate some more TCBs and expand the table.
1067 We don't want to relocate the TCBs because our
1068 callers have pointers and it would be a pain.
1069 So tcbtab is a table of pointers. Since we never
1070 free the TCBs, we allocate a single chunk of many. */
1071 struct tcb **newtab = (struct tcb **)
1072 realloc(tcbtab, 2 * tcbtabsize * sizeof tcbtab[0]);
1073 struct tcb *newtcbs = (struct tcb *) calloc(tcbtabsize,
1076 if (newtab == NULL || newtcbs == NULL) {
1077 fprintf(stderr, "%s: expand_tcbtab: out of memory\n",
1082 for (i = tcbtabsize; i < 2 * tcbtabsize; ++i)
1083 newtab[i] = &newtcbs[i - tcbtabsize];
1089 alloc_tcb(int pid, int command_options_parsed)
1094 if (nprocs == tcbtabsize)
1097 for (i = 0; i < tcbtabsize; i++) {
1099 if ((tcp->flags & TCB_INUSE) == 0) {
1104 #ifdef TCB_CLONE_THREAD
1105 tcp->nclone_threads = 0;
1106 tcp->nclone_waiting = 0;
1108 tcp->flags = TCB_INUSE | TCB_STARTUP;
1109 tcp->outf = outf; /* Initialise to current out file */
1111 tcp->stime.tv_sec = 0;
1112 tcp->stime.tv_usec = 0;
1115 if (command_options_parsed)
1120 fprintf(stderr, "%s: bug in alloc_tcb\n", progname);
1127 proc_open(struct tcb *tcp, int attaching)
1137 #ifndef HAVE_POLLABLE_PROCFS
1138 static int last_pfd;
1141 #ifdef HAVE_MP_PROCFS
1142 /* Open the process pseudo-files in /proc. */
1143 sprintf(proc, "/proc/%d/ctl", tcp->pid);
1144 if ((tcp->pfd = open(proc, O_WRONLY|O_EXCL)) < 0) {
1145 perror("strace: open(\"/proc/...\", ...)");
1148 if (set_cloexec_flag(tcp->pfd) < 0) {
1151 sprintf(proc, "/proc/%d/status", tcp->pid);
1152 if ((tcp->pfd_stat = open(proc, O_RDONLY|O_EXCL)) < 0) {
1153 perror("strace: open(\"/proc/...\", ...)");
1156 if (set_cloexec_flag(tcp->pfd_stat) < 0) {
1159 sprintf(proc, "/proc/%d/as", tcp->pid);
1160 if ((tcp->pfd_as = open(proc, O_RDONLY|O_EXCL)) < 0) {
1161 perror("strace: open(\"/proc/...\", ...)");
1164 if (set_cloexec_flag(tcp->pfd_as) < 0) {
1168 /* Open the process pseudo-file in /proc. */
1170 sprintf(proc, "/proc/%d", tcp->pid);
1171 tcp->pfd = open(proc, O_RDWR|O_EXCL);
1173 sprintf(proc, "/proc/%d/mem", tcp->pid);
1174 tcp->pfd = open(proc, O_RDWR);
1175 #endif /* FREEBSD */
1177 perror("strace: open(\"/proc/...\", ...)");
1180 if (set_cloexec_flag(tcp->pfd) < 0) {
1185 sprintf(proc, "/proc/%d/regs", tcp->pid);
1186 if ((tcp->pfd_reg = open(proc, O_RDONLY)) < 0) {
1187 perror("strace: open(\"/proc/.../regs\", ...)");
1191 sprintf(proc, "/proc/%d/status", tcp->pid);
1192 if ((tcp->pfd_status = open(proc, O_RDONLY)) < 0) {
1193 perror("strace: open(\"/proc/.../status\", ...)");
1197 tcp->pfd_status = -1;
1198 #endif /* FREEBSD */
1202 * Wait for the child to pause. Because of a race
1203 * condition we have to poll for the event.
1206 if (IOCTL_STATUS (tcp) < 0) {
1207 perror("strace: PIOCSTATUS");
1210 if (tcp->status.PR_FLAGS & PR_ASLEEP)
1215 /* Stop the process so that we own the stop. */
1216 if (IOCTL(tcp->pfd, PIOCSTOP, (char *)NULL) < 0) {
1217 perror("strace: PIOCSTOP");
1222 /* Set Run-on-Last-Close. */
1224 if (IOCTL(tcp->pfd, PIOCSET, &arg) < 0) {
1225 perror("PIOCSET PR_RLC");
1228 /* Set or Reset Inherit-on-Fork. */
1230 if (IOCTL(tcp->pfd, followfork ? PIOCSET : PIOCRESET, &arg) < 0) {
1231 perror("PIOC{SET,RESET} PR_FORK");
1234 #else /* !PIOCSET */
1236 if (ioctl(tcp->pfd, PIOCSRLC) < 0) {
1240 if (ioctl(tcp->pfd, followfork ? PIOCSFORK : PIOCRFORK) < 0) {
1241 perror("PIOC{S,R}FORK");
1245 /* just unset the PF_LINGER flag for the Run-on-Last-Close. */
1246 if (ioctl(tcp->pfd, PIOCGFL, &arg) < 0) {
1251 if (ioctl(tcp->pfd, PIOCSFL, arg) < 0) {
1255 #endif /* FREEBSD */
1256 #endif /* !PIOCSET */
1258 /* Enable all syscall entries we care about. */
1259 premptyset(&syscalls);
1260 for (i = 1; i < MAX_QUALS; ++i) {
1261 if (i > (sizeof syscalls) * CHAR_BIT) break;
1262 if (qual_flags [i] & QUAL_TRACE) praddset (&syscalls, i);
1264 praddset (&syscalls, SYS_execve);
1266 praddset (&syscalls, SYS_fork);
1268 praddset (&syscalls, SYS_forkall);
1271 praddset (&syscalls, SYS_fork1);
1274 praddset (&syscalls, SYS_rfork1);
1277 praddset (&syscalls, SYS_rforkall);
1280 if (IOCTL(tcp->pfd, PIOCSENTRY, &syscalls) < 0) {
1281 perror("PIOCSENTRY");
1284 /* Enable the syscall exits. */
1285 if (IOCTL(tcp->pfd, PIOCSEXIT, &syscalls) < 0) {
1289 /* Enable signals we care about. */
1290 premptyset(&signals);
1291 for (i = 1; i < MAX_QUALS; ++i) {
1292 if (i > (sizeof signals) * CHAR_BIT) break;
1293 if (qual_flags [i] & QUAL_SIGNAL) praddset (&signals, i);
1295 if (IOCTL(tcp->pfd, PIOCSTRACE, &signals) < 0) {
1296 perror("PIOCSTRACE");
1299 /* Enable faults we care about */
1300 premptyset(&faults);
1301 for (i = 1; i < MAX_QUALS; ++i) {
1302 if (i > (sizeof faults) * CHAR_BIT) break;
1303 if (qual_flags [i] & QUAL_FAULT) praddset (&faults, i);
1305 if (IOCTL(tcp->pfd, PIOCSFAULT, &faults) < 0) {
1306 perror("PIOCSFAULT");
1310 /* set events flags. */
1311 arg = S_SIG | S_SCE | S_SCX ;
1312 if(ioctl(tcp->pfd, PIOCBIS, arg) < 0) {
1316 #endif /* FREEBSD */
1320 * The SGI PRSABORT doesn't work for pause() so
1321 * we send it a caught signal to wake it up.
1323 kill(tcp->pid, SIGINT);
1326 /* The child is in a pause(), abort it. */
1328 if (IOCTL (tcp->pfd, PIOCRUN, &arg) < 0) {
1335 /* wake up the child if it received the SIGSTOP */
1336 kill(tcp->pid, SIGCONT);
1339 /* Wait for the child to do something. */
1340 if (IOCTL_WSTOP (tcp) < 0) {
1341 perror("PIOCWSTOP");
1344 if (tcp->status.PR_WHY == PR_SYSENTRY) {
1345 tcp->flags &= ~TCB_INSYSCALL;
1347 if (known_scno(tcp) == SYS_execve)
1350 /* Set it running: maybe execve will be next. */
1353 if (IOCTL(tcp->pfd, PIOCRUN, &arg) < 0) {
1355 if (IOCTL(tcp->pfd, PIOCRUN, 0) < 0) {
1356 #endif /* FREEBSD */
1361 /* handle the case where we "opened" the child before
1362 it did the kill -STOP */
1363 if (tcp->status.PR_WHY == PR_SIGNALLED &&
1364 tcp->status.PR_WHAT == SIGSTOP)
1365 kill(tcp->pid, SIGCONT);
1372 if (attaching < 2) {
1373 /* We are attaching to an already running process.
1374 * Try to figure out the state of the process in syscalls,
1375 * to handle the first event well.
1376 * This is done by having a look at the "wchan" property of the
1377 * process, which tells where it is stopped (if it is). */
1379 char wchan[20]; /* should be enough */
1381 sprintf(proc, "/proc/%d/status", tcp->pid);
1382 status = fopen(proc, "r");
1384 (fscanf(status, "%*s %*d %*d %*d %*d %*d,%*d %*s %*d,%*d"
1385 "%*d,%*d %*d,%*d %19s", wchan) == 1) &&
1386 strcmp(wchan, "nochan") && strcmp(wchan, "spread") &&
1387 strcmp(wchan, "stopevent")) {
1388 /* The process is asleep in the middle of a syscall.
1389 Fake the syscall entry event */
1390 tcp->flags &= ~(TCB_INSYSCALL|TCB_STARTUP);
1391 tcp->status.PR_WHY = PR_SYSENTRY;
1396 } /* otherwise it's a fork being followed */
1398 #endif /* FREEBSD */
1399 #ifndef HAVE_POLLABLE_PROCFS
1400 if (proc_poll_pipe[0] != -1)
1401 proc_poller(tcp->pfd);
1402 else if (nprocs > 1) {
1404 proc_poller(last_pfd);
1405 proc_poller(tcp->pfd);
1407 last_pfd = tcp->pfd;
1408 #endif /* !HAVE_POLLABLE_PROCFS */
1412 #endif /* USE_PROCFS */
1422 for (i = 0; i < tcbtabsize; i++) {
1423 struct tcb *tcp = tcbtab[i];
1424 if (tcp->pid == pid && (tcp->flags & TCB_INUSE))
1434 first_used_tcb(void)
1438 for (i = 0; i < tcbtabsize; i++) {
1440 if (tcp->flags & TCB_INUSE)
1452 for (i = 0; i < tcbtabsize; i++) {
1453 struct tcb *tcp = tcbtab[i];
1454 if (tcp->pfd != pfd)
1456 if (tcp->flags & TCB_INUSE)
1462 #endif /* USE_PROCFS */
1470 #ifdef TCB_CLONE_THREAD
1471 if (tcp->nclone_threads > 0) {
1472 /* There are other threads left in this process, but this
1473 is the one whose PID represents the whole process.
1474 We need to keep this record around as a zombie until
1475 all the threads die. */
1476 tcp->flags |= TCB_EXITING;
1483 if (tcp->parent != NULL) {
1484 tcp->parent->nchildren--;
1485 #ifdef TCB_CLONE_THREAD
1486 if (tcp->flags & TCB_CLONE_THREAD)
1487 tcp->parent->nclone_threads--;
1489 tcp->parent->nzombies++;
1491 /* Update `tcp->parent->parent->nchildren' and the other fields
1492 like NCLONE_DETACHED, only for zombie group leader that has
1493 already reported and been short-circuited at the top of this
1494 function. The same condition as at the top of DETACH. */
1495 if ((tcp->flags & TCB_CLONE_THREAD) &&
1496 tcp->parent->nclone_threads == 0 &&
1497 (tcp->parent->flags & TCB_EXITING))
1498 droptcb(tcp->parent);
1504 if (tcp->pfd != -1) {
1508 if (tcp->pfd_reg != -1) {
1509 close(tcp->pfd_reg);
1512 if (tcp->pfd_status != -1) {
1513 close(tcp->pfd_status);
1514 tcp->pfd_status = -1;
1516 #endif /* !FREEBSD */
1518 rebuild_pollv(); /* Note, flags needs to be cleared by now. */
1522 if (outfname && followfork > 1 && tcp->outf)
1537 if (!(tcp->flags & TCB_SUSPENDED)) {
1538 fprintf(stderr, "PANIC: pid %u not suspended\n", tcp->pid);
1541 tcp->flags &= ~TCB_SUSPENDED;
1542 #ifdef TCB_CLONE_THREAD
1543 if (tcp->flags & TCB_CLONE_THREAD)
1544 tcp->parent->nclone_waiting--;
1547 if (ptrace_restart(PTRACE_SYSCALL, tcp, 0) < 0)
1551 fprintf(stderr, "Process %u resumed\n", tcp->pid);
1556 resume_from_tcp (struct tcb *tcp)
1561 /* XXX This won't always be quite right (but it never was).
1562 A waiter with argument 0 or < -1 is waiting for any pid in
1563 a particular pgrp, which this child might or might not be
1564 in. The waiter will only wake up if it's argument is -1
1565 or if it's waiting for tcp->pid's pgrp. It makes a
1566 difference to wake up a waiter when there might be more
1567 traced children, because it could get a false ECHILD
1568 error. OTOH, if this was the last child in the pgrp, then
1569 it ought to wake up and get ECHILD. We would have to
1570 search the system for all pid's in the pgrp to be sure.
1572 && (t->waitpid == -1 ||
1573 (t->waitpid == 0 && getpgid (tcp->pid) == getpgid (t->pid))
1574 || (t->waitpid < 0 && t->waitpid == -getpid (t->pid)))
1578 (tcp->parent->flags & TCB_SUSPENDED) &&
1579 (tcp->parent->waitpid <= 0 || tcp->parent->waitpid == tcp->pid)) {
1580 error = resume(tcp->parent);
1583 #ifdef TCB_CLONE_THREAD
1584 if (tcp->parent && tcp->parent->nclone_waiting > 0) {
1585 /* Some other threads of our parent are waiting too. */
1588 /* Resume all the threads that were waiting for this PID. */
1589 for (i = 0; i < tcbtabsize; i++) {
1590 struct tcb *t = tcbtab[i];
1591 if (t->parent == tcp->parent && t != tcp
1592 && ((t->flags & (TCB_CLONE_THREAD|TCB_SUSPENDED))
1593 == (TCB_CLONE_THREAD|TCB_SUSPENDED))
1594 && t->waitpid == tcp->pid) {
1595 error |= resume (t);
1600 /* Noone was waiting for this PID in particular,
1601 so now we might need to resume some wildcarders. */
1602 for (i = 0; i < tcbtabsize; i++) {
1603 struct tcb *t = tcbtab[i];
1604 if (t->parent == tcp->parent && t != tcp
1606 & (TCB_CLONE_THREAD|TCB_SUSPENDED))
1607 == (TCB_CLONE_THREAD|TCB_SUSPENDED))
1610 error |= resume (t);
1620 #endif /* !USE_PROCFS */
1622 /* detach traced process; continue with sig
1623 Never call DETACH twice on the same process as both unattached and
1624 attached-unstopped processes give the same ESRCH. For unattached process we
1625 would SIGSTOP it and wait for its SIGSTOP notification forever. */
1634 int status, catch_sigstop;
1635 struct tcb *zombie = NULL;
1637 /* If the group leader is lingering only because of this other
1638 thread now dying, then detach the leader as well. */
1639 if ((tcp->flags & TCB_CLONE_THREAD) &&
1640 tcp->parent->nclone_threads == 1 &&
1641 (tcp->parent->flags & TCB_EXITING))
1642 zombie = tcp->parent;
1645 if (tcp->flags & TCB_BPTSET)
1650 * Linux wrongly insists the child be stopped
1651 * before detaching. Arghh. We go through hoops
1652 * to make a clean break of things.
1655 #undef PTRACE_DETACH
1656 #define PTRACE_DETACH PTRACE_SUNDETACH
1659 * On TCB_STARTUP we did PTRACE_ATTACH but still did not get the
1660 * expected SIGSTOP. We must catch exactly one as otherwise the
1661 * detached process would be left stopped (process state T).
1663 catch_sigstop = (tcp->flags & TCB_STARTUP);
1664 if ((error = ptrace(PTRACE_DETACH, tcp->pid, (char *) 1, sig)) == 0) {
1665 /* On a clear day, you can see forever. */
1667 else if (errno != ESRCH) {
1668 /* Shouldn't happen. */
1669 perror("detach: ptrace(PTRACE_DETACH, ...)");
1671 else if (my_tgkill((tcp->flags & TCB_CLONE_THREAD ? tcp->parent->pid
1675 perror("detach: checking sanity");
1677 else if (!catch_sigstop && my_tgkill((tcp->flags & TCB_CLONE_THREAD
1678 ? tcp->parent->pid : tcp->pid),
1679 tcp->pid, SIGSTOP) < 0) {
1681 perror("detach: stopping child");
1685 if (catch_sigstop) {
1688 if (wait4(tcp->pid, &status, __WALL, NULL) < 0) {
1689 if (errno == ECHILD) /* Already gone. */
1691 if (errno != EINVAL) {
1692 perror("detach: waiting");
1696 /* No __WALL here. */
1697 if (waitpid(tcp->pid, &status, 0) < 0) {
1698 if (errno != ECHILD) {
1699 perror("detach: waiting");
1703 /* If no processes, try clones. */
1704 if (wait4(tcp->pid, &status, __WCLONE,
1706 if (errno != ECHILD)
1707 perror("detach: waiting");
1710 #endif /* __WCLONE */
1715 if (!WIFSTOPPED(status)) {
1716 /* Au revoir, mon ami. */
1719 if (WSTOPSIG(status) == SIGSTOP) {
1720 ptrace_restart(PTRACE_DETACH, tcp, sig);
1723 error = ptrace_restart(PTRACE_CONT, tcp,
1724 WSTOPSIG(status) == SIGTRAP ? 0
1725 : WSTOPSIG(status));
1733 /* PTRACE_DETACH won't respect `sig' argument, so we post it here. */
1734 if (sig && kill(tcp->pid, sig) < 0)
1735 perror("detach: kill");
1737 error = ptrace_restart(PTRACE_DETACH, tcp, sig);
1741 error |= resume_from_tcp (tcp);
1745 fprintf(stderr, "Process %u detached\n", tcp->pid);
1750 if (zombie != NULL) {
1751 /* TCP no longer exists therefore you must not detach () it. */
1761 static void reaper(int sig)
1766 while ((pid = waitpid(-1, &status, WNOHANG)) > 0) {
1770 #endif /* USE_PROCFS */
1778 for (i = 0; i < tcbtabsize; i++) {
1780 if (!(tcp->flags & TCB_INUSE))
1784 "cleanup: looking at pid %u\n", tcp->pid);
1786 (!outfname || followfork < 2 || tcp_last == tcp)) {
1787 tprintf(" <unfinished ...>");
1790 if (tcp->flags & TCB_ATTACHED)
1793 kill(tcp->pid, SIGCONT);
1794 kill(tcp->pid, SIGTERM);
1808 #ifndef HAVE_STRERROR
1810 #if !HAVE_DECL_SYS_ERRLIST
1811 extern int sys_nerr;
1812 extern char *sys_errlist[];
1813 #endif /* HAVE_DECL_SYS_ERRLIST */
1819 static char buf[64];
1821 if (errno < 1 || errno >= sys_nerr) {
1822 sprintf(buf, "Unknown error %d", errno);
1825 return sys_errlist[errno];
1828 #endif /* HAVE_STERRROR */
1830 #ifndef HAVE_STRSIGNAL
1832 #if defined HAVE_SYS_SIGLIST && !defined HAVE_DECL_SYS_SIGLIST
1833 extern char *sys_siglist[];
1835 #if defined HAVE_SYS__SIGLIST && !defined HAVE_DECL__SYS_SIGLIST
1836 extern char *_sys_siglist[];
1843 static char buf[64];
1845 if (sig < 1 || sig >= NSIG) {
1846 sprintf(buf, "Unknown signal %d", sig);
1849 #ifdef HAVE__SYS_SIGLIST
1850 return _sys_siglist[sig];
1852 return sys_siglist[sig];
1856 #endif /* HAVE_STRSIGNAL */
1867 pollv = (struct pollfd *) malloc(nprocs * sizeof pollv[0]);
1868 if (pollv == NULL) {
1869 fprintf(stderr, "%s: out of memory\n", progname);
1873 for (i = j = 0; i < tcbtabsize; i++) {
1874 struct tcb *tcp = tcbtab[i];
1875 if (!(tcp->flags & TCB_INUSE))
1877 pollv[j].fd = tcp->pfd;
1878 pollv[j].events = POLLWANT;
1882 fprintf(stderr, "strace: proc miscount\n");
1887 #ifndef HAVE_POLLABLE_PROCFS
1894 if (pipe(proc_poll_pipe) < 0) {
1898 for (i = 0; i < 2; i++) {
1899 if (set_cloexec_flag(proc_poll_pipe[i]) < 0) {
1906 proc_poll(pollv, nfds, timeout)
1907 struct pollfd *pollv;
1913 struct proc_pollfd pollinfo;
1915 if ((n = read(proc_poll_pipe[0], &pollinfo, sizeof(pollinfo))) < 0)
1917 if (n != sizeof(struct proc_pollfd)) {
1918 fprintf(stderr, "panic: short read: %d\n", n);
1921 for (i = 0; i < nprocs; i++) {
1922 if (pollv[i].fd == pollinfo.fd)
1923 pollv[i].revents = pollinfo.revents;
1925 pollv[i].revents = 0;
1927 poller_pid = pollinfo.pid;
1941 struct proc_pollfd pollinfo;
1942 struct sigaction sa;
1943 sigset_t blocked_set, empty_set;
1948 struct procfs_status pfs;
1949 #endif /* FREEBSD */
1961 sa.sa_handler = interactive ? SIG_DFL : SIG_IGN;
1963 sigemptyset(&sa.sa_mask);
1964 sigaction(SIGHUP, &sa, NULL);
1965 sigaction(SIGINT, &sa, NULL);
1966 sigaction(SIGQUIT, &sa, NULL);
1967 sigaction(SIGPIPE, &sa, NULL);
1968 sigaction(SIGTERM, &sa, NULL);
1969 sa.sa_handler = wakeup_handler;
1970 sigaction(SIGUSR1, &sa, NULL);
1971 sigemptyset(&blocked_set);
1972 sigaddset(&blocked_set, SIGUSR1);
1973 sigprocmask(SIG_BLOCK, &blocked_set, NULL);
1974 sigemptyset(&empty_set);
1976 if (getrlimit(RLIMIT_NOFILE, &rl) < 0) {
1977 perror("getrlimit(RLIMIT_NOFILE, ...)");
1981 for (i = 0; i < n; i++) {
1982 if (i != pfd && i != proc_poll_pipe[1])
1987 pollinfo.pid = getpid();
1990 if (ioctl(pfd, PIOCWSTOP, NULL) < 0)
1992 if (ioctl(pfd, PIOCWSTOP, &pfs) < 0)
1999 pollinfo.revents = POLLERR;
2002 pollinfo.revents = POLLHUP;
2005 perror("proc_poller: PIOCWSTOP");
2007 write(proc_poll_pipe[1], &pollinfo, sizeof(pollinfo));
2010 pollinfo.revents = POLLWANT;
2011 write(proc_poll_pipe[1], &pollinfo, sizeof(pollinfo));
2012 sigsuspend(&empty_set);
2016 #endif /* !HAVE_POLLABLE_PROCFS */
2026 if (followfork < 2 &&
2027 last < nprocs && (pollv[last].revents & POLLWANT)) {
2029 * The previous process is ready to run again. We'll
2030 * let it do so if it is currently in a syscall. This
2031 * heuristic improves the readability of the trace.
2033 tcp = pfd2tcb(pollv[last].fd);
2034 if (tcp && (tcp->flags & TCB_INSYSCALL))
2035 return pollv[last].fd;
2038 for (i = 0; i < nprocs; i++) {
2039 /* Let competing children run round robin. */
2040 j = (i + last + 1) % nprocs;
2041 if (pollv[j].revents & (POLLHUP | POLLERR)) {
2042 tcp = pfd2tcb(pollv[j].fd);
2044 fprintf(stderr, "strace: lost proc\n");
2050 if (pollv[j].revents & POLLWANT) {
2055 fprintf(stderr, "strace: nothing ready\n");
2063 struct tcb *in_syscall = NULL;
2068 int ioctl_result = 0, ioctl_errno = 0;
2073 sigprocmask(SIG_SETMASK, &empty_set, NULL);
2080 #ifndef HAVE_POLLABLE_PROCFS
2081 if (proc_poll_pipe[0] == -1) {
2083 tcp = first_used_tcb();
2090 #ifndef HAVE_POLLABLE_PROCFS
2092 /* fall through ... */
2093 #endif /* !HAVE_POLLABLE_PROCFS */
2095 #ifdef HAVE_POLLABLE_PROCFS
2097 /* On some systems (e.g. UnixWare) we get too much ugly
2098 "unfinished..." stuff when multiple proceses are in
2099 syscalls. Here's a nasty hack */
2106 pv.events = POLLWANT;
2107 if ((what = poll (&pv, 1, 1)) < 0) {
2112 else if (what == 1 && pv.revents & POLLWANT) {
2118 if (poll(pollv, nprocs, INFTIM) < 0) {
2123 #else /* !HAVE_POLLABLE_PROCFS */
2124 if (proc_poll(pollv, nprocs, INFTIM) < 0) {
2129 #endif /* !HAVE_POLLABLE_PROCFS */
2136 /* Look up `pfd' in our table. */
2137 if ((tcp = pfd2tcb(pfd)) == NULL) {
2138 fprintf(stderr, "unknown pfd: %u\n", pfd);
2144 /* Get the status of the process. */
2147 ioctl_result = IOCTL_WSTOP (tcp);
2149 /* Thanks to some scheduling mystery, the first poller
2150 sometimes waits for the already processed end of fork
2151 event. Doing a non blocking poll here solves the problem. */
2152 if (proc_poll_pipe[0] != -1)
2153 ioctl_result = IOCTL_STATUS (tcp);
2155 ioctl_result = IOCTL_WSTOP (tcp);
2156 #endif /* FREEBSD */
2157 ioctl_errno = errno;
2158 #ifndef HAVE_POLLABLE_PROCFS
2159 if (proc_poll_pipe[0] != -1) {
2160 if (ioctl_result < 0)
2161 kill(poller_pid, SIGKILL);
2163 kill(poller_pid, SIGUSR1);
2165 #endif /* !HAVE_POLLABLE_PROCFS */
2171 sigprocmask(SIG_BLOCK, &blocked_set, NULL);
2173 if (ioctl_result < 0) {
2174 /* Find out what happened if it failed. */
2175 switch (ioctl_errno) {
2186 perror("PIOCWSTOP");
2192 if ((tcp->flags & TCB_STARTUP) && (tcp->status.PR_WHY == PR_SYSEXIT)) {
2193 /* discard first event for a syscall we never entered */
2194 IOCTL (tcp->pfd, PIOCRUN, 0);
2199 /* clear the just started flag */
2200 tcp->flags &= ~TCB_STARTUP;
2202 /* set current output file */
2204 curcol = tcp->curcol;
2207 struct timeval stime;
2212 if ((len = pread(tcp->pfd_status, buf, sizeof(buf) - 1, 0)) > 0) {
2215 "%*s %*d %*d %*d %*d %*d,%*d %*s %*d,%*d %*d,%*d %ld,%ld",
2216 &stime.tv_sec, &stime.tv_usec);
2218 stime.tv_sec = stime.tv_usec = 0;
2219 #else /* !FREEBSD */
2220 stime.tv_sec = tcp->status.pr_stime.tv_sec;
2221 stime.tv_usec = tcp->status.pr_stime.tv_nsec/1000;
2222 #endif /* !FREEBSD */
2223 tv_sub(&tcp->dtime, &stime, &tcp->stime);
2226 what = tcp->status.PR_WHAT;
2227 switch (tcp->status.PR_WHY) {
2230 if (tcp->status.PR_FLAGS & PR_ASLEEP) {
2231 tcp->status.PR_WHY = PR_SYSENTRY;
2232 if (trace_syscall(tcp) < 0) {
2233 fprintf(stderr, "syscall trouble\n");
2238 #endif /* !FREEBSD */
2244 if (trace_syscall(tcp) < 0) {
2245 fprintf(stderr, "syscall trouble\n");
2250 if (cflag != CFLAG_ONLY_STATS
2251 && (qual_flags[what] & QUAL_SIGNAL)) {
2253 tprintf("--- %s (%s) ---",
2254 signame(what), strsignal(what));
2257 if (tcp->status.PR_INFO.si_signo == what) {
2259 tprintf(" siginfo=");
2260 printsiginfo(&tcp->status.PR_INFO, 1);
2267 if (cflag != CFLAGS_ONLY_STATS
2268 && (qual_flags[what] & QUAL_FAULT)) {
2270 tprintf("=== FAULT %d ===", what);
2275 case 0: /* handle case we polled for nothing */
2279 fprintf(stderr, "odd stop %d\n", tcp->status.PR_WHY);
2283 /* Remember current print column before continuing. */
2284 tcp->curcol = curcol;
2287 if (IOCTL (tcp->pfd, PIOCRUN, &arg) < 0)
2289 if (IOCTL (tcp->pfd, PIOCRUN, 0) < 0)
2299 #else /* !USE_PROCFS */
2301 #ifdef TCB_GROUP_EXITING
2302 /* Handle an exit detach or death signal that is taking all the
2303 related clone threads with it. This is called in three circumstances:
2304 SIG == -1 TCP has already died (TCB_ATTACHED is clear, strace is parent).
2305 SIG == 0 Continuing TCP will perform an exit_group syscall.
2306 SIG == other Continuing TCP with SIG will kill the process.
2309 handle_group_exit(struct tcb *tcp, int sig)
2311 /* We need to locate our records of all the clone threads
2312 related to TCP, either its children or siblings. */
2313 struct tcb *leader = NULL;
2315 if (tcp->flags & TCB_CLONE_THREAD)
2316 leader = tcp->parent;
2319 if (leader != NULL && leader != tcp
2320 && !(leader->flags & TCB_GROUP_EXITING)
2321 && !(tcp->flags & TCB_STARTUP)
2324 "PANIC: handle_group_exit: %d leader %d\n",
2325 tcp->pid, leader ? leader->pid : -1);
2327 /* TCP no longer exists therefore you must not detach() it. */
2329 resume_from_tcp(tcp);
2331 droptcb(tcp); /* Already died. */
2334 /* Mark that we are taking the process down. */
2335 tcp->flags |= TCB_EXITING | TCB_GROUP_EXITING;
2336 if (tcp->flags & TCB_ATTACHED) {
2338 if (leader != NULL && leader != tcp)
2339 leader->flags |= TCB_GROUP_EXITING;
2341 if (ptrace_restart(PTRACE_CONT, tcp, sig) < 0) {
2345 if (leader != NULL) {
2346 leader->flags |= TCB_GROUP_EXITING;
2350 /* The leader will report to us as parent now,
2351 and then we'll get to the SIG==-1 case. */
2362 handle_ptrace_event(int status, struct tcb *tcp)
2364 if (status >> 16 == PTRACE_EVENT_VFORK ||
2365 status >> 16 == PTRACE_EVENT_CLONE ||
2366 status >> 16 == PTRACE_EVENT_FORK) {
2369 if (do_ptrace(PTRACE_GETEVENTMSG, tcp, NULL, &childpid) < 0) {
2370 if (errno != ESRCH) {
2372 %s: handle_ptrace_event: ptrace cannot get new child's pid\n",
2379 return handle_new_child(tcp, childpid, 0);
2395 static int wait4_options = __WALL;
2399 while (nprocs != 0) {
2403 sigprocmask(SIG_SETMASK, &empty_set, NULL);
2406 pid = wait4(-1, &status, wait4_options, cflag ? &ru : NULL);
2407 if (pid < 0 && (wait4_options & __WALL) && errno == EINVAL) {
2408 /* this kernel does not support __WALL */
2409 wait4_options &= ~__WALL;
2411 pid = wait4(-1, &status, wait4_options,
2412 cflag ? &ru : NULL);
2414 if (pid < 0 && !(wait4_options & __WALL) && errno == ECHILD) {
2415 /* most likely a "cloned" process */
2416 pid = wait4(-1, &status, __WCLONE,
2417 cflag ? &ru : NULL);
2419 fprintf(stderr, "strace: clone wait4 "
2420 "failed: %s\n", strerror(errno));
2424 pid = wait4(-1, &status, 0, cflag ? &ru : NULL);
2428 pid = wait(&status);
2432 sigprocmask(SIG_BLOCK, &blocked_set, NULL);
2435 switch (wait_errno) {
2440 * We would like to verify this case
2441 * but sometimes a race in Solbourne's
2442 * version of SunOS sometimes reports
2443 * ECHILD before sending us SIGCHILD.
2448 perror("strace: wait");
2452 if (pid == popen_pid) {
2453 if (WIFEXITED(status) || WIFSIGNALED(status))
2458 fprintf(stderr, " [wait(%#x) = %u]\n", status, pid);
2460 /* Look up `pid' in our table. */
2461 if ((tcp = pid2tcb(pid)) == NULL) {
2464 /* This is needed to go with the CLONE_PTRACE
2465 changes in process.c/util.c: we might see
2466 the child's initial trap before we see the
2467 parent return from the clone syscall.
2468 Leave the child suspended until the parent
2469 returns from its system call. Only then
2470 will we have the association of parent and
2471 child so that we know how to do clearbpt
2473 tcp = alloctcb(pid);
2474 tcp->flags |= TCB_ATTACHED | TCB_SUSPENDED;
2477 Process %d attached (waiting for parent)\n",
2481 /* This can happen if a clone call used
2482 CLONE_PTRACE itself. */
2485 fprintf(stderr, "unknown pid: %u\n", pid);
2486 if (WIFSTOPPED(status))
2487 ptrace(PTRACE_CONT, pid, (char *) 1, 0);
2491 /* set current output file */
2493 curcol = tcp->curcol;
2496 tv_sub(&tcp->dtime, &ru.ru_stime, &tcp->stime);
2497 tcp->stime = ru.ru_stime;
2501 if (tcp->flags & TCB_SUSPENDED) {
2503 * Apparently, doing any ptrace() call on a stopped
2504 * process, provokes the kernel to report the process
2505 * status again on a subsequent wait(), even if the
2506 * process has not been actually restarted.
2507 * Since we have inspected the arguments of suspended
2508 * processes we end up here testing for this case.
2512 if (WIFSIGNALED(status)) {
2513 if (pid == strace_child)
2514 exit_code = 0x100 | WTERMSIG(status);
2515 if (cflag != CFLAG_ONLY_STATS
2516 && (qual_flags[WTERMSIG(status)] & QUAL_SIGNAL)) {
2518 tprintf("+++ killed by %s %s+++",
2519 signame(WTERMSIG(status)),
2521 WCOREDUMP(status) ? "(core dumped) " :
2526 #ifdef TCB_GROUP_EXITING
2527 handle_group_exit(tcp, -1);
2533 if (WIFEXITED(status)) {
2534 if (pid == strace_child)
2535 exit_code = WEXITSTATUS(status);
2537 fprintf(stderr, "pid %u exited with %d\n", pid, WEXITSTATUS(status));
2538 if ((tcp->flags & (TCB_ATTACHED|TCB_STARTUP)) == TCB_ATTACHED
2539 #ifdef TCB_GROUP_EXITING
2540 && !(tcp->parent && (tcp->parent->flags & TCB_GROUP_EXITING))
2541 && !(tcp->flags & TCB_GROUP_EXITING)
2545 "PANIC: attached pid %u exited with %d\n",
2546 pid, WEXITSTATUS(status));
2548 if (tcp == tcp_last) {
2549 if ((tcp->flags & (TCB_INSYSCALL|TCB_REPRINT)) == TCB_INSYSCALL)
2550 tprintf(" <unfinished ... exit status %d>\n",
2551 WEXITSTATUS(status));
2554 #ifdef TCB_GROUP_EXITING
2555 handle_group_exit(tcp, -1);
2561 if (!WIFSTOPPED(status)) {
2562 fprintf(stderr, "PANIC: pid %u not stopped\n", pid);
2567 fprintf(stderr, "pid %u stopped, [%s]\n",
2568 pid, signame(WSTOPSIG(status)));
2570 if (ptrace_setoptions && (status >> 16)) {
2571 if (handle_ptrace_event(status, tcp) != 1)
2576 * Interestingly, the process may stop
2577 * with STOPSIG equal to some other signal
2578 * than SIGSTOP if we happend to attach
2579 * just before the process takes a signal.
2580 * A no-MMU vforked child won't send up a signal,
2581 * so skip the first (lost) execve notification.
2583 if ((tcp->flags & TCB_STARTUP) &&
2584 (WSTOPSIG(status) == SIGSTOP || strace_vforked)) {
2586 * This flag is there to keep us in sync.
2587 * Next time this process stops it should
2588 * really be entering a system call.
2590 tcp->flags &= ~TCB_STARTUP;
2591 if (tcp->flags & TCB_BPTSET) {
2593 * One example is a breakpoint inherited from
2594 * parent through fork ().
2596 if (clearbpt(tcp) < 0) /* Pretty fatal */ {
2603 if (followfork && (tcp->parent == NULL) && ptrace_setoptions)
2604 if (ptrace(PTRACE_SETOPTIONS, tcp->pid,
2605 NULL, ptrace_setoptions) < 0 &&
2607 ptrace_setoptions = 0;
2612 if (WSTOPSIG(status) != SIGTRAP) {
2613 if (WSTOPSIG(status) == SIGSTOP &&
2614 (tcp->flags & TCB_SIGTRAPPED)) {
2616 * Trapped attempt to block SIGTRAP
2617 * Hope we are back in control now.
2619 tcp->flags &= ~(TCB_INSYSCALL | TCB_SIGTRAPPED);
2620 if (ptrace_restart(PTRACE_SYSCALL, tcp, 0) < 0) {
2626 if (cflag != CFLAG_ONLY_STATS
2627 && (qual_flags[WSTOPSIG(status)] & QUAL_SIGNAL)) {
2628 unsigned long addr = 0;
2630 #if defined(PT_CR_IPSR) && defined(PT_CR_IIP) && defined(PT_GETSIGINFO)
2635 upeek(tcp, PT_CR_IPSR, &psr);
2636 upeek(tcp, PT_CR_IIP, &pc);
2638 pc += (psr >> PSR_RI) & 0x3;
2639 ptrace(PT_GETSIGINFO, pid, 0, (long) &si);
2640 addr = (unsigned long) si.si_addr;
2641 #elif defined PTRACE_GETSIGINFO
2642 if (WSTOPSIG(status) == SIGSEGV ||
2643 WSTOPSIG(status) == SIGBUS) {
2645 if (ptrace(PTRACE_GETSIGINFO, pid,
2647 addr = (unsigned long)
2652 tprintf("--- %s (%s) @ %lx (%lx) ---",
2653 signame(WSTOPSIG(status)),
2654 strsignal(WSTOPSIG(status)), pc, addr);
2657 if (((tcp->flags & TCB_ATTACHED) ||
2658 tcp->nclone_threads > 0) &&
2659 !sigishandled(tcp, WSTOPSIG(status))) {
2660 #ifdef TCB_GROUP_EXITING
2661 handle_group_exit(tcp, WSTOPSIG(status));
2663 detach(tcp, WSTOPSIG(status));
2667 if (ptrace_restart(PTRACE_SYSCALL, tcp, WSTOPSIG(status)) < 0) {
2671 tcp->flags &= ~TCB_SUSPENDED;
2674 /* we handled the STATUS, we are permitted to interrupt now. */
2677 if (trace_syscall(tcp) < 0 && !tcp->ptrace_errno) {
2678 /* ptrace() failed in trace_syscall() with ESRCH.
2679 * Likely a result of process disappearing mid-flight.
2680 * Observed case: exit_group() terminating
2681 * all processes in thread group. In this case, threads
2682 * "disappear" in an unpredictable moment without any
2683 * notification to strace via wait().
2685 if (tcp->flags & TCB_ATTACHED) {
2687 /* Do we have dangling line "syscall(param, param"?
2688 * Finish the line then. We cannot
2690 tcp_last->flags |= TCB_REPRINT;
2691 tprintf(" <unfinished ...>");
2697 tcp->pid, (char *) 1, SIGTERM);
2702 if (tcp->flags & TCB_EXITING) {
2703 #ifdef TCB_GROUP_EXITING
2704 if (tcp->flags & TCB_GROUP_EXITING) {
2705 if (handle_group_exit(tcp, 0) < 0)
2710 if (tcp->flags & TCB_ATTACHED)
2712 else if (ptrace_restart(PTRACE_CONT, tcp, 0) < 0) {
2718 if (tcp->flags & TCB_SUSPENDED) {
2720 fprintf(stderr, "Process %u suspended\n", pid);
2724 /* Remember current print column before continuing. */
2725 tcp->curcol = curcol;
2726 if (ptrace_restart(PTRACE_SYSCALL, tcp, 0) < 0) {
2734 #endif /* !USE_PROCFS */
2739 tprintf(const char *fmt, ...)
2743 va_start(args, fmt);
2745 int n = vfprintf(outf, fmt, args);
2748 perror(outfname == NULL
2749 ? "<writing to pipe>" : outfname);
2762 if (tcp_last->ptrace_errno) {
2763 if (tcp_last->flags & TCB_INSYSCALL) {
2764 tprintf(" <unavailable>)");
2767 tprintf("= ? <unavailable>\n");
2768 tcp_last->ptrace_errno = 0;
2769 } else if (!outfname || followfork < 2 || tcp_last == tcp) {
2770 tcp_last->flags |= TCB_REPRINT;
2771 tprintf(" <unfinished ...>\n");
2775 if ((followfork == 1 || pflag_seen > 1) && outfname)
2776 tprintf("%-5d ", tcp->pid);
2777 else if (nprocs > 1 && !outfname)
2778 tprintf("[pid %5u] ", tcp->pid);
2780 char str[sizeof("HH:MM:SS")];
2781 struct timeval tv, dtv;
2782 static struct timeval otv;
2784 gettimeofday(&tv, NULL);
2786 if (otv.tv_sec == 0)
2788 tv_sub(&dtv, &tv, &otv);
2789 tprintf("%6ld.%06ld ",
2790 (long) dtv.tv_sec, (long) dtv.tv_usec);
2793 else if (tflag > 2) {
2794 tprintf("%ld.%06ld ",
2795 (long) tv.tv_sec, (long) tv.tv_usec);
2798 time_t local = tv.tv_sec;
2799 strftime(str, sizeof(str), "%T", localtime(&local));
2801 tprintf("%s.%06ld ", str, (long) tv.tv_usec);
2803 tprintf("%s ", str);
2815 tprintf("%*s", col - curcol, "");
2825 #ifdef HAVE_MP_PROCFS
2828 mp_ioctl(int fd, int cmd, void *arg, int size)
2830 struct iovec iov[2];
2833 iov[0].iov_base = &cmd;
2834 iov[0].iov_len = sizeof cmd;
2837 iov[1].iov_base = arg;
2838 iov[1].iov_len = size;
2841 return writev(fd, iov, n);