Denys Vlasenko [Thu, 15 Mar 2012 11:56:25 +0000 (12:56 +0100)]
Remove extra include directives. No code changes.
* defs.h: Include <signal.h> unconditionally.
Other files were doing it unconditionally, so no harm done.
* bjm.c: Remove system includes which are already included by defs.h.
* pathtrace.c: Likewise.
* process.c: Likewise.
* signal.c: Likewise.
* strace.c: Likewise.
* stream.c: Likewise.
* syscall.c: Likewise.
* system.c: Likewise.
* util.c: Likewise.
Denys Vlasenko [Thu, 15 Mar 2012 11:49:52 +0000 (12:49 +0100)]
Tidy up order of includes; make bool variables explicit.
Bool variables are more compact in data and (on x86) on code too:
text data bss dec hex filename
237950 676 19044 257670 3ee86 strace.before
237838 676 19012 257526 3edf6 strace
* defs.h: Group library includes at the top of the file.
Rename dtime to Tflag, debug to debug_flag.
Change debug_flag,Tflag,qflag,not_failing_only,show_fd_path,tracing_paths
variable declarations from int to bool.
* strace.c: Change corresponding definitions. Do the same for static
variables iflag,rflag,print_pid_pfx.
Rename dtime to Tflag, debug to debug_flag.
* syscall.c: Rename dtime to Tflag, debug to debug_flag.
Dmitry V. Levin [Thu, 15 Mar 2012 02:03:36 +0000 (02:03 +0000)]
Fix compiler warnings about breaking strict-aliasing rules
* system.c (sys_capget, sys_capset): Use proxy unions to cast long*
pointers to cap_user_header_t and cap_user_data_t pointers without
breaking strict-aliasing rules.
Dmitry V. Levin [Tue, 13 Mar 2012 23:26:01 +0000 (23:26 +0000)]
Fix *at syscalls flags decoding
Several *at decoders were defining own incomplete *atflags xlat
structures. That was error prone, and fchownat decoder actually
failed to recognize AT_EMPTY_PATH. Merging these incomplete
structures into the single at_flags xlat structure will fix
flags handling in all these decoders altogether.
* file.c: Define all AT_* constants used by *at decoders.
(at_flags): New xlat structure, with records for all AT_* constants.
(fstatatflags, linkat_flags, unlinkatflags): Remove.
(sys_newfstatat, sys_linkat, sys_unlinkat, sys_fchownat,
sys_utimensat): Use at_flags.
Dmitry V. Levin [Tue, 13 Mar 2012 15:51:13 +0000 (15:51 +0000)]
Implement sys_rt_tgsigqueueinfo syscall decoder
* linux/dummy.h (sys_rt_tgsigqueueinfo): Remove.
* linux/syscall.h (sys_rt_tgsigqueueinfo): New prototype.
* signal.c (print_sigqueueinfo): New function, based on
sys_rt_sigqueueinfo.
(sys_rt_sigqueueinfo): Use print_sigqueueinfo.
(sys_rt_tgsigqueueinfo): New function.
Denys Vlasenko [Tue, 13 Mar 2012 10:44:31 +0000 (11:44 +0100)]
Fix logging for "strace -o FILE -ff test/threaded_execve" test case
Our logic which was deciding whether to print "<unfinished ...>"
thingy wasn't working properly for -ff case.
* defs.h: Group log generation-related declarations together.
Add a large comment which explains how it works.
Add declaration of line_ended() function.
* strace.c (line_ended): New function which sets up internal data
to indicate that previous line was finished.
(printleader): Change logic to fix log generation in -ff mode.
(newoutf): Make check for -ff mode consistent with other places.
(droptcb): Print "<detached ...>" if last line for this tcp wasn't finished.
(cleanup): Remove code to print "<unfinished ...>", printleader()
or detach() will do it instead.
(trace): Remove code to print "<unfinished ...>".
Add code which finishes threaded execve's incomplete line
with " <pid changed to PID ...>" message. Replace printing_tcp = NULL
followed by fflush() by line_ended() call.
* process.c (sys_exit): Call line_ended() to indicate that we finished priting.
* syscall.c (trace_syscall_exiting): Set printing_tcp to current tcp.
Call line_ended() to indicate that we finished priting.
Remove call to fflush(), it is done by line_ended() now.
Denys Vlasenko [Mon, 12 Mar 2012 22:05:25 +0000 (23:05 +0100)]
Reduce stack usage by ~0.5k
main() uses ~0.5k of stack for local variables and such. When we enter
main tracing loop, most of these variables are no longer used.
But they still take up stack for the entire life of strace.
We can avoid this wastage if we move init code into a separate function.
(Need to be careful and not allow automatic inlining).
* strace.c (init): New function. Most of pre-existing code of
main is now living here.
(main): Call init() to do initialization.
Dmitry V. Levin [Sun, 11 Mar 2012 23:59:29 +0000 (23:59 +0000)]
Implement sendmmsg syscall decoder
* linux/dummy.h (sys_sendmmsg): Remove.
* linux/syscall.h (sys_sendmmsg): New prototype.
* net.c (printmmsghdr): Add index argument specifying the element in
mmsghdr array to print.
(decode_mmsg): New function, prints the whole mmsghdr array, its length
and message flags.
(sys_sendmmsg): New function.
(sys_recvmmsg): Use decode_mmsg to fix mmsghdr array decoding.
Dmitry V. Levin [Sun, 11 Mar 2012 21:25:51 +0000 (21:25 +0000)]
Implement clock_adjtime syscall decoder
* linux/dummy.h (sys_clock_adjtime): Remove.
* linux/syscall.h (sys_clock_adjtime): New prototype.
* time.c (do_adjtimex): New function, based on sys_adjtimex.
(sys_adjtimex): Use it.
(sys_clock_adjtime): New function.
Dmitry V. Levin [Fri, 9 Mar 2012 21:02:19 +0000 (21:02 +0000)]
swapon: decode swap flags
* file.c: Include <sys/swap.h>.
(swap_flags): New xlat structure.
(sys_swapon): New function.
* linux/dummy.h (sys_swapon): Remove.
* linux/syscall.h (sys_swapon): New declaration.
Denys Vlasenko [Fri, 9 Mar 2012 14:29:45 +0000 (15:29 +0100)]
Don't consider PROG to be our child in "strace -D PROG" case
TCB_STRACE_CHILD is used for the case when "strace PROG" is ^C-ed
or something like that. strace should not just exit - it should
do something with its child (such as signal it too).
In -D case, PROG is not really a child of _strace_, it is a child
of strace's parent. It's ok to handle it exactly as an attached process.
While we are at it, remove nonsensical special-casing of TCB_STRACE_CHILD
in printing of "<unfinished ...>" message.
* strace.c (startup_attach): Don't set TCB_STRACE_CHILD if -D.
(trace): Print "<unfinished ...>" on error regardless of TCB_STRACE_CHILD.
Denys Vlasenko [Fri, 9 Mar 2012 14:15:24 +0000 (15:15 +0100)]
Fix the case where we try to detach unattached processes
Before this change:
$ strace -D -p1
strace: -D and -p are mutually exclusive options
Process 1 detached <==== WRONG! (and we try to SIGSTOP it!!!)
* defs.h: Change the meaning of TCB_ATTACHED: now it means "this tracee
is attached to us". Add TCB_STRACE_CHILD: "this tracee is our child".
* strace.c (kill_save_errno): Move up. No code changes.
(process_opt_p_list): Don't set TCB_ATTACHED on new tcb.
(startup_attach): Change how we work with TCB_ATTACHED.
Set TCB_STRACE_CHILD on -D.
(startup_child): Use kill_save_errno instead of kill.
Set TCB_ATTACHED and TCB_STRACE_CHILD on attached strace child.
If we are in -D case, don't set TCB_ATTACHED (we aren't attached yet).
(detach): do not do PTRACE_DETACH if TCB_ATTACHED is not set.
(cleanup): Check TCB_STRACE_CHILD instead of TCB_ATTACHED.
(trace): Likewise.
Denys Vlasenko [Fri, 9 Mar 2012 12:03:41 +0000 (13:03 +0100)]
Fix PID prefix printing in "strace -oLOG -ff -p1 -p2 -p3" case
In this case we were printing PIDs to LOG.* files
even though it is not necessary.
The fix is in the addition of "&& followfork < 2" condition.
* strace.c: Remove pflag_seen variable, add print_pid_pfx one.
(process_opt_p_list): Do not pflag_seen++.
(main): Use "nprocs != 0" condition instead of "pflag_seen != 0".
Set print_pid_pfx before entering main tracing loop.
(printleader): Use print_pid_pfx to decide whether to print pid prefix.
Denys Vlasenko [Fri, 9 Mar 2012 12:01:04 +0000 (13:01 +0100)]
Allow -p PID to take comma or whitespace-separated list of PIDs
* defs.h: Clarify meaning of TCB_ATTACHED. No code changes.
* strace.c (process_opt_p_list): New function.
(main): Call process_opt_p_list to process -p PIDs argument.
Denys Vlasenko [Thu, 8 Mar 2012 11:13:44 +0000 (12:13 +0100)]
Pass addr=0 instead of 1 into restarting ptrace calls
While we are at it, fold do_ptrace into its lone caller.
We no longer set tcp->ptrace_errno = ESRCH on ESRC error in upeek.
Other code paths where ptrace fails wern't doing it, and the code which
checks tcp->ptrace_errno even assumes it is never set to ESRCH.
(It was me who added this code sometime ago, so it was my fault
that it was a bit messy)
I ran sigkill_rain test and verified that unfinished syscalls are
still handled correctly.
* util.c (ptrace_restart): Do not pass addr=1 to ptrace(), pass 0 instead.
I have no idea why we were passing 1. Ptrace documentation says
that addr parameter is ignored.
(do_ptrace): Remove this function.
(upeek): Use ptrace() instead of do_ptrace().
* defs.h: Remove do_ptrace() declaration.
Denys Vlasenko [Tue, 28 Feb 2012 15:39:44 +0000 (16:39 +0100)]
Remove stray sys_swapon() declaration
* linux/syscall.h: Remove stray sys_swapon() declaration.
* linux/mips/syscallent.h: Include dummy.h with correct relative path.
* linux/dummy.h: Tweak one place where spaces are used instead of tabs.
* linux/dummy_check.sh: New script. It helps in finding stray syscall
handler declarations.
Denys Vlasenko [Mon, 27 Feb 2012 13:18:02 +0000 (14:18 +0100)]
Alias a few more syscall printing functions
text data bss dec hex filename
237384 672 19044 257100 3ec4c strace.before
236448 672 19044 256164 3e8a4 strace
* defs.h: Declare new functions printargs_lu(), printargs_ld()
which simply print syscall all args as unsigned or signed longs.
* desc.c (sys_epoll_create): Call printargs_ld() instead of open-coding it.
* linux/syscall.h: Remove declarations of the following functions:
sys_alarm, sys_getresgid, sys_getsid, sys_nice, sys_setgid, sys_setpgid,
sys_setpgrp, sys_setregid, sys_setresgid.
* process.c (sys_setgid): Delete this function: now aliased to sys_setuid().
(sys_getresgid): Delete this function: now aliased to sys_getresuid().
(sys_setregid): Delete this function: now aliased to sys_setreuid().
(sys_setresgid): Delete this function: now aliased to sys_setresuid().
(sys_setpgrp): Delete this function: now aliased to printargs_lu().
(sys_getsid): Likewise.
(sys_setpgid): Likewise.
(sys_alarm): Likewise.
(sys_getpgrp): Delete this function: was unused - was already shadowed
by a define in linux/dummy.h.
(sys_setsid): Likewise.
(sys_getpgid): Likewise.
* resource.c (sys_nice): Delete this function: now aliased to printargs_ld().
* linux/dummy.h: Define new aliases (see above for the list).
* syscall.c (printargs_lu): New function.
(printargs_ld): New function.
Dmitry V. Levin [Sat, 25 Feb 2012 14:34:10 +0000 (15:34 +0100)]
Remove parts of automake machinery which are not needed on Linux
This change is a verbatim part of Dmitry's changes to remove support
for non-Linux architectures.
* Makefile.am: Don't install PORTING file. Install README-linux-ptrace file.
Set OS variable to linux unconditionally.
* configure.ac: Remove code to set opsys variable, and its usage.
Remove checks for headers which are never present on Linux.
* m4/stat.m4: Remove 'ifdef LINUX' check.
* m4/statfs.m4: Likewise.
Signed-off-by: Dmitry V. Levin <ldv@altlinux.org> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Dmitry V. Levin [Sat, 25 Feb 2012 14:29:21 +0000 (15:29 +0100)]
Remove and update documentation
This change is a verbatim part of Dmitry's changes to remove support
for non-Linux architectures.
* PORTING: Deleted.
* INSTALL: Modified.
* README: Modified.
* strace.1: Modified: bugs should be reported to mailing list, not Debian.
* strace.spec: do not install PORTING file.
Signed-off-by: Dmitry V. Levin <ldv@altlinux.org> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Denys Vlasenko [Sat, 25 Feb 2012 01:46:14 +0000 (02:46 +0100)]
Reindent preprocessor directives in util.c; fix style.
* util.c: Fix indentation of preprocessor directives broken by
automatic removal of non-Linux code. Fix style to use consistent
defined(FOO) instead of defined (FOO).
Denys Vlasenko [Sat, 25 Feb 2012 01:44:25 +0000 (02:44 +0100)]
Reindent preprocessor directives in syscall.c; fix style.
* syscall.c: Fix indentation of preprocessor directives broken by
automatic removal of non-Linux code. Fix style to use consistent
defined(FOO) instead of defined (FOO).
Denys Vlasenko [Sat, 25 Feb 2012 01:38:52 +0000 (02:38 +0100)]
Cleanup after non-Linux code removal.
Conditions such as defined(LINUX) are always true now,
defined(FREEBSD) etc are always false.
When if directive has them as subexpressions, it can be simplified.
Another trivial changes here are fixes for directive indentation.
linux/sparc/{errnoent1,ioctlent1,signalent1}.h used to point to svr4/ files -
replace their contents with copies of used (and now deleted) files.
Make linux/sparc64/{errnoent1,ioctlent1,signalent1}.h include these files
instead of svr4/* ones.
Makefile.am: remove references to deleted files.
configure.ac: Remove a few tests which make no sense on Linux.
Man page: remove non-Linux quirks information.
Dmitry V. Levin [Mon, 20 Feb 2012 21:17:58 +0000 (21:17 +0000)]
Remove initialization of native_scno field
* linux/i386/syscallent.h: Remove native_scno initialization for clone,
fork and vfork.
* linux/ia64/syscallent.h (sys_fork, sys_vfork): Remove redirections
to printargs.
* linux/syscall.h [IA64]: Do not define SYS_fork and SYS_vfork.
* util.c (printcall) [IA64]: Likewise.
(setbpt): Use sys_func to check for clone, fork and vfork syscalls.
Dmitry V. Levin [Fri, 10 Feb 2012 22:33:36 +0000 (22:33 +0000)]
Remove initialization of native_scno field for most of syscalls
The native_scno field is not so much used in the code than before.
In many cases sys_func is checked instead, and for most of syscall
entries there is no need to initialize native_scno.
* linux/i386/syscallent.h: Remove native_scno initialization for
_exit, read, write, waitpid, execve, wait4, sysfs, readv, writev,
pread64, pwrite64, exit_group, waitid, send, recv, sendto and
recvfrom syscall entries.
* linux/syscall.h: Do not define no longer used SYS_waitid and
SYS_sub_* constants.
[IA64]: Do not define SYS_waitpid and SYS32_* constants.
* defs.h: Do not define no longer used __NR_exit_group constant.
* strace.c [USE_PROCFS] (proc_open): Use sys_func to check for execve.
H.J. Lu [Fri, 3 Feb 2012 18:19:55 +0000 (10:19 -0800)]
Skip the syscall entry if the sys_func field is NULL
Avoid NULL dereference when there are holes in sysent tables.
It can happen with syscall (number, ...) and number is in those holes.
There are no targets with holey systent tables so far, but at least
one such a target, x32, is already on the horizon.
* defs.h (SCNO_IN_RANGE): Also check the sys_func field.
H.J. Lu [Fri, 3 Feb 2012 18:10:30 +0000 (10:10 -0800)]
Define old stat functions only if needed
When HAVE_LONG_LONG_OFF_T is defined, those old stat functions aren't
used and strace won't link since they use realprintstat which isn't
defined when HAVE_LONG_LONG_OFF_T is defined.
* file.c (convertoldstat, sys_oldstat, sys_oldfstat, sys_oldlstat):
Define only if HAVE_LONG_LONG_OFF_T isn't defined.
Dmitry V. Levin [Sat, 4 Feb 2012 15:17:43 +0000 (15:17 +0000)]
Remove unused sys_pread64 and sys_pwrite64 parsers on Linux
* io.c [HAVE_LONG_LONG_OFF_T]: Remove sys_pread64 and sys_pwrite64
aliases.
(sys_pread64, sys_pwrite64): Define these functions only on
[SVR4 && _LFS64_LARGEFILE] platform.
* linux/mips/syscallent.h: Use sys_pread and sys_pwrite to handle
appropriate syscalls.
* linux/syscall.h (sys_pread64, sys_pwrite64): Remove.
* syscall.c (dumpio): Check sys_pread64 and sys_pwrite64 only on
[SVR4 && _LFS64_LARGEFILE] platform.
Denys Vlasenko [Sun, 29 Jan 2012 21:38:35 +0000 (22:38 +0100)]
Simple optimizations
text data bss dec hex filename
239474 672 20484 260630 3fa16 strace.before
239234 668 19044 258946 3f382 strace
* file.c (sprint_open_modes): Reduce static buffer size.
Simplify separator printing.
* signal.c (sprintsigmask): Reduce static buffer size.
Simplify separator printing and printing of almost full masks.
Use stpcpy instead of sprintf and strcpy+strlen.
* strace.c (startup_child): Don't strchr() for ':' twice in a row.
* util.c (sprintflags): Exit loop early if possible.
Denys Vlasenko [Sun, 29 Jan 2012 15:53:03 +0000 (16:53 +0100)]
Make interactive-ness directly controllable via command line option
Defaults are often ok, but when they are not, people get confused.
"Why can't I kill strace?" and "Why strace dies on ^C when I want
to _tracee_ to die instead?" are typical complaints.
* strace.c: Replace 'interactive' variable with 'opt_intr' variable.
Define INTR_foo constants for its possible values.
Define 'interactive' as a macro.
(usage): Document -I n option.
(main): Parse -I n option, modify signal handling to accomidate new
-I 1 and -I 4 modes.
Denys Vlasenko [Sun, 29 Jan 2012 01:01:44 +0000 (02:01 +0100)]
Add experimental code to use PTRACE_SEIZE, disabled by default
All new code is predicated on "ifdef USE_SEIZE". If it is not defined,
behavior is not changed.
If USE_SEIZE is enabled and run-time check shows that PTRACE_SEIZE works, then:
- All attaching is done with PTRACE_SEIZE + PTRACE_INTERRUPT.
This means that we no longer generate (and possibly race with) SIGSTOP.
- PTRACE_EVENT_STOP will be generated if tracee is group-stopped.
When we detect it, we issue PTRACE_LISTEN instead of PTRACE_SYSCALL.
This leaves tracee stopped. This fixes the inability to SIGSTOP or ^Z
a straced process.
* defs.h: Add commented-out "define USE_SEIZE 1" and define PTRACE_SEIZE
and related constants.
* strace.c: New variable post_attach_sigstop shows whether we age going
to expect SIGSTOP on attach (IOW: are we going to use PTRACE_SEIZE).
(ptrace_attach_or_seize): New function. Uses PTRACE_ATTACH or
PTRACE_SEIZE + PTRACE_INTERRUPT to attach to given pid.
(startup_attach): Use ptrace_attach_or_seize() instead of ptrace(PTRACE_ATTACH).
(startup_child): Conditionally use alternative attach method using PTRACE_SEIZE.
(test_ptrace_setoptions_followfork): More robust parameters to PTRACE_TRACEME.
(test_ptrace_seize): New function to test whether PTRACE_SEIZE works.
(main): Call test_ptrace_seize() while initializing.
(trace): If PTRACE_EVENT_STOP is seen, restart using PTRACE_LISTEN in order
to not let tracee run.
* process.c: Decode PTRACE_SEIZE, PTRACE_INTERRUPT, PTRACE_LISTEN.
* util.c (ptrace_restart): Add "LISTEN" to a possible error message.
Denys Vlasenko [Sat, 28 Jan 2012 00:46:33 +0000 (01:46 +0100)]
Use process_vm_readv instead of PTRACE_PEEKDATA to read data blocks
Currently, we use PTRACE_PEEKDATA to read things like filenames and
data passed by I/O syscalls.
PTRACE_PEEKDATA gets one word per syscall. This is VERY expensive.
For example, in order to print fstat syscall, we need to perform
more than twenty trips into kernel to fetch one struct stat!
Kernel 3.2 got a new syscall, process_vm_readv(), which can be used to
copy data blocks out of process' address space.
This change uses it in umoven() and umovestr() functions if possible,
with fallback to old method if process_vm_readv() fails.
If it returns ENOSYS, we don't try to use it anymore, eliminating
overhead of trying it on older kernels.
Result of "time strace -oLOG ls -l /usr/lib >/dev/null":
before patch: 0.372s
After patch: 0.262s
* util.c (process_vm_readv): Wrapper to call process_vm_readv syscall.
(umoven): Use process_vm_readv for block reads of tracee memory.
(umovestr): Likewise.
* linux/syscall.h: Declare new function sys_process_vm_readv.
* process.c (sys_process_vm_readv): Decoder for new syscall.
* linux/i386/syscallent.h: Add process_vm_readv, process_vm_writev syscalls.
* linux/x86_64/syscallent.h: Likewise.
* linux/powerpc/syscallent.h: Likewise.
Denys Vlasenko [Sat, 28 Jan 2012 00:25:03 +0000 (01:25 +0100)]
Fix a case of broken output if last seen syscall was exit
* defs.h: Rename tcp_last to printing_tcp. Explain what it means.
Remove printtrailer() function.
* process.c (sys_exit): Convert printtrailer() call to "printing_tcp = NULL".
* strace.c: Add new variable printing_tcp.
(cleanup): Convert printtrailer() call to "printing_tcp = NULL".
(trace): Likewise.
(trace): Fix checks for incomplete line - it was working wrongly if last syscall was exit.
(printleader): Set printing_tcp.
(printtrailer): Remove this function.
* syscall.c: Remove tcp_last variable.
(trace_syscall_entering): Don't set printing_tcp, printleader call now does it.
(trace_syscall_exiting): Convert printtrailer() call to "printing_tcp = NULL".
Denys Vlasenko [Sat, 28 Jan 2012 00:16:02 +0000 (01:16 +0100)]
Fix handling of test/threaded_execve.c testcase
Since 3.0, Linux has a way to identify which thread execve'ed.
This patch makes use of it in order to properly dispose
of disappeared ("superseded") thread leader,
and replace it with execve'ed thread.
Before this patch, strace was "leaking" thread which exec'ed.
It was thinking that it still runs. It would look like this:
18460 pause( <unfinished ...> <=== thread leader
18466 execve("/proc/self/exe", ["exe", "exe"], [/* 47 vars */] <unfinished ...>
18465 +++ exited with 0 +++ <=== exits from other threads
18460 <... pause resumed> ) = 0
The last line is wrong: it's not pause resumed, it's execve resumed.
If thread leader would do exit instead of pause, it is much worse:
strace panics because it thinks it sees return from exit syscall!
And strace isn't aware 18466 (exec'ed thread) is gone.
It still thinks it's executes execve syscall.
* strace.c: New variable "static char *os_release".
(get_os_release): New static function.
(main): Call get_os_release to retrieve Linux version.
(trace): If we see PTRACE_EVENT_EXEC, retrieve old pid, and if it
differs from new one, free one of tcbs and print correct messages.
projects / strace / log