Mirror of strace – the linux syscall tracer
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

strace.c 76KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371137213731374137513761377137813791380138113821383138413851386138713881389139013911392139313941395139613971398139914001401140214031404140514061407140814091410141114121413141414151416141714181419142014211422142314241425142614271428142914301431143214331434143514361437143814391440144114421443144414451446144714481449145014511452145314541455145614571458145914601461146214631464146514661467146814691470147114721473147414751476147714781479148014811482148314841485148614871488148914901491149214931494149514961497149814991500150115021503150415051506150715081509151015111512151315141515151615171518151915201521152215231524152515261527152815291530153115321533153415351536153715381539154015411542154315441545154615471548154915501551155215531554155515561557155815591560156115621563156415651566156715681569157015711572157315741575157615771578157915801581158215831584158515861587158815891590159115921593159415951596159715981599160016011602160316041605160616071608160916101611161216131614161516161617161816191620162116221623162416251626162716281629163016311632163316341635163616371638163916401641164216431644164516461647164816491650165116521653165416551656165716581659166016611662166316641665166616671668166916701671167216731674167516761677167816791680168116821683168416851686168716881689169016911692169316941695169616971698169917001701170217031704170517061707170817091710171117121713171417151716171717181719172017211722172317241725172617271728172917301731173217331734173517361737173817391740174117421743174417451746174717481749175017511752175317541755175617571758175917601761176217631764176517661767176817691770177117721773177417751776177717781779178017811782178317841785178617871788178917901791179217931794179517961797179817991800180118021803180418051806180718081809181018111812181318141815181618171818181918201821182218231824182518261827182818291830183118321833183418351836183718381839184018411842184318441845184618471848184918501851185218531854185518561857185818591860186118621863186418651866186718681869187018711872187318741875187618771878187918801881188218831884188518861887188818891890189118921893189418951896189718981899190019011902190319041905190619071908190919101911191219131914191519161917191819191920192119221923192419251926192719281929193019311932193319341935193619371938193919401941194219431944194519461947194819491950195119521953195419551956195719581959196019611962196319641965196619671968196919701971197219731974197519761977197819791980198119821983198419851986198719881989199019911992199319941995199619971998199920002001200220032004200520062007200820092010201120122013201420152016201720182019202020212022202320242025202620272028202920302031203220332034203520362037203820392040204120422043204420452046204720482049205020512052205320542055205620572058205920602061206220632064206520662067206820692070207120722073207420752076207720782079208020812082208320842085208620872088208920902091209220932094209520962097209820992100210121022103210421052106210721082109211021112112211321142115211621172118211921202121212221232124212521262127212821292130213121322133213421352136213721382139214021412142214321442145214621472148214921502151215221532154215521562157215821592160216121622163216421652166216721682169217021712172217321742175217621772178217921802181218221832184218521862187218821892190219121922193219421952196219721982199220022012202220322042205220622072208220922102211221222132214221522162217221822192220222122222223222422252226222722282229223022312232223322342235223622372238223922402241224222432244224522462247224822492250225122522253225422552256225722582259226022612262226322642265226622672268226922702271227222732274227522762277227822792280228122822283228422852286228722882289229022912292229322942295229622972298229923002301230223032304230523062307230823092310231123122313231423152316231723182319232023212322232323242325232623272328232923302331233223332334233523362337233823392340234123422343234423452346234723482349235023512352235323542355235623572358235923602361236223632364236523662367236823692370237123722373237423752376237723782379238023812382238323842385238623872388238923902391239223932394239523962397239823992400240124022403240424052406240724082409241024112412241324142415241624172418241924202421242224232424242524262427242824292430243124322433243424352436243724382439244024412442244324442445244624472448244924502451245224532454245524562457245824592460246124622463246424652466246724682469247024712472247324742475247624772478247924802481248224832484248524862487248824892490249124922493249424952496249724982499250025012502250325042505250625072508250925102511251225132514251525162517251825192520252125222523252425252526252725282529253025312532253325342535253625372538253925402541254225432544254525462547254825492550255125522553255425552556255725582559256025612562256325642565256625672568256925702571257225732574257525762577257825792580258125822583258425852586258725882589259025912592259325942595259625972598259926002601260226032604260526062607260826092610261126122613261426152616261726182619262026212622262326242625262626272628262926302631263226332634263526362637263826392640264126422643264426452646264726482649265026512652265326542655265626572658265926602661266226632664266526662667266826692670267126722673267426752676267726782679268026812682268326842685268626872688268926902691269226932694269526962697269826992700270127022703270427052706270727082709271027112712271327142715271627172718271927202721272227232724272527262727272827292730273127322733273427352736273727382739274027412742274327442745274627472748274927502751275227532754275527562757275827592760276127622763276427652766276727682769277027712772277327742775277627772778277927802781278227832784278527862787278827892790279127922793279427952796279727982799280028012802280328042805280628072808280928102811281228132814281528162817281828192820282128222823282428252826282728282829283028312832283328342835283628372838283928402841284228432844284528462847284828492850285128522853285428552856285728582859286028612862286328642865286628672868286928702871287228732874287528762877287828792880288128822883288428852886288728882889289028912892289328942895289628972898289929002901290229032904290529062907290829092910291129122913291429152916291729182919292029212922292329242925292629272928292929302931293229332934293529362937293829392940294129422943294429452946294729482949295029512952295329542955295629572958295929602961296229632964296529662967296829692970297129722973297429752976297729782979298029812982298329842985298629872988298929902991299229932994299529962997299829993000300130023003300430053006300730083009301030113012301330143015301630173018301930203021302230233024302530263027302830293030303130323033303430353036303730383039304030413042304330443045304630473048304930503051305230533054305530563057305830593060306130623063306430653066306730683069307030713072307330743075307630773078307930803081308230833084308530863087308830893090309130923093309430953096309730983099310031013102310331043105310631073108310931103111311231133114311531163117311831193120312131223123312431253126312731283129313031313132313331343135313631373138313931403141314231433144314531463147314831493150315131523153315431553156315731583159316031613162316331643165316631673168
  1. /*
  2. * Copyright (c) 1991, 1992 Paul Kranenburg <pk@cs.few.eur.nl>
  3. * Copyright (c) 1993 Branko Lankester <branko@hacktic.nl>
  4. * Copyright (c) 1993, 1994, 1995, 1996 Rick Sladkey <jrs@world.std.com>
  5. * Copyright (c) 1996-1999 Wichert Akkerman <wichert@cistron.nl>
  6. * Copyright (c) 1999-2018 The strace developers.
  7. * All rights reserved.
  8. *
  9. * SPDX-License-Identifier: LGPL-2.1-or-later
  10. */
  11. #include "defs.h"
  12. #include <stdarg.h>
  13. #include <limits.h>
  14. #include <fcntl.h>
  15. #include "ptrace.h"
  16. #include <signal.h>
  17. #include <spawn.h>
  18. #include <sys/resource.h>
  19. #include <sys/stat.h>
  20. #ifdef HAVE_PATHS_H
  21. # include <paths.h>
  22. #endif
  23. #include <pwd.h>
  24. #include <grp.h>
  25. #include <dirent.h>
  26. #include <locale.h>
  27. #include <sys/utsname.h>
  28. #ifdef HAVE_PRCTL
  29. # include <sys/prctl.h>
  30. #endif
  31. #include <asm/unistd.h>
  32. #include "aux_children.h"
  33. #include "kill_save_errno.h"
  34. #include "largefile_wrappers.h"
  35. #include "mmap_cache.h"
  36. #include "number_set.h"
  37. #include "ptrace_syscall_info.h"
  38. #include "scno.h"
  39. #include "printsiginfo.h"
  40. #include "tcb_wait_data.h"
  41. #include "trace_event.h"
  42. #include "xstring.h"
  43. #include "delay.h"
  44. #include "wait.h"
  45. #include "ptrace_wait_data.h"
  46. /* In some libc, these aren't declared. Do it ourself: */
  47. extern char **environ;
  48. extern int optind;
  49. extern char *optarg;
  50. #ifdef ENABLE_STACKTRACE
  51. /* if this is true do the stack trace for every system call */
  52. bool stack_trace_enabled;
  53. #endif
  54. #define my_tkill(tid, sig) syscall(__NR_tkill, (tid), (sig))
  55. /* Glue for systems without a MMU that cannot provide fork() */
  56. #if !defined(HAVE_FORK)
  57. # undef NOMMU_SYSTEM
  58. # define NOMMU_SYSTEM 1
  59. #endif
  60. #if NOMMU_SYSTEM
  61. # define fork() vfork()
  62. #endif
  63. const unsigned int syscall_trap_sig = SIGTRAP | 0x80;
  64. cflag_t cflag = CFLAG_NONE;
  65. unsigned int followfork;
  66. unsigned int ptrace_setoptions = PTRACE_O_TRACESYSGOOD | PTRACE_O_TRACEEXEC
  67. | PTRACE_O_TRACEEXIT;
  68. unsigned int xflag;
  69. bool debug_flag;
  70. bool Tflag;
  71. bool iflag;
  72. bool count_wallclock;
  73. unsigned int qflag;
  74. static unsigned int tflag;
  75. static bool rflag;
  76. static bool print_pid_pfx;
  77. /* -I n */
  78. enum {
  79. INTR_NOT_SET = 0,
  80. INTR_ANYWHERE = 1, /* don't block/ignore any signals */
  81. INTR_WHILE_WAIT = 2, /* block fatal signals while decoding syscall. default */
  82. INTR_NEVER = 3, /* block fatal signals. default if '-o FILE PROG' */
  83. INTR_BLOCK_TSTP_TOO = 4, /* block fatal signals and SIGTSTP (^Z) */
  84. NUM_INTR_OPTS
  85. };
  86. static int opt_intr;
  87. /* We play with signal mask only if this mode is active: */
  88. #define interactive (opt_intr == INTR_WHILE_WAIT)
  89. /*
  90. * daemonized_tracer supports -D option.
  91. * With this option, strace forks twice.
  92. * Unlike normal case, with -D *grandparent* process exec's,
  93. * becoming a traced process. Child exits (this prevents traced process
  94. * from having children it doesn't expect to have), and grandchild
  95. * attaches to grandparent similarly to strace -p PID.
  96. * This allows for more transparent interaction in cases
  97. * when process and its parent are communicating via signals,
  98. * wait() etc. Without -D, strace process gets lodged in between,
  99. * disrupting parent<->child link.
  100. */
  101. static bool daemonized_tracer;
  102. static int post_attach_sigstop = TCB_IGNORE_ONE_SIGSTOP;
  103. #define use_seize (post_attach_sigstop == 0)
  104. /* Sometimes we want to print only succeeding syscalls. */
  105. bool not_failing_only;
  106. /* Show path associated with fd arguments */
  107. unsigned int show_fd_path;
  108. static bool detach_on_execve;
  109. static int exit_code;
  110. static int strace_child;
  111. static int strace_tracer_pid;
  112. static const char *username;
  113. static uid_t run_uid;
  114. static gid_t run_gid;
  115. unsigned int max_strlen = DEFAULT_STRLEN;
  116. static int acolumn = DEFAULT_ACOLUMN;
  117. static char *acolumn_spaces;
  118. /* Default output style for xlat entities */
  119. enum xlat_style xlat_verbosity = XLAT_STYLE_ABBREV;
  120. static const char *outfname;
  121. /* If -ff, points to stderr. Else, it's our common output log */
  122. static FILE *shared_log;
  123. static bool open_append;
  124. struct tcb *printing_tcp;
  125. static struct tcb *current_tcp;
  126. static struct tcb **tcbtab;
  127. static unsigned int nprocs;
  128. static size_t tcbtabsize;
  129. /**
  130. * (ptrace-specific) storage for queued wait4() responses.
  131. * Since the queueing of tracees stops as soon as wait4() returns EAGAIN,
  132. * or at least two events for a single tracee, tab_wait_tab size shouldn't
  133. * exceed tcbtabsize + 1.
  134. */
  135. static struct ptrace_wait_data *tcb_wait_tab;
  136. static size_t tcb_wait_tab_size;
  137. #ifndef HAVE_PROGRAM_INVOCATION_NAME
  138. char *program_invocation_name;
  139. #endif
  140. unsigned os_release; /* generated from uname()'s u.release */
  141. static void cleanup(int fatal_sig);
  142. static void interrupt(int sig);
  143. #ifdef HAVE_SIG_ATOMIC_T
  144. static volatile sig_atomic_t interrupted, restart_failed;
  145. #else
  146. static volatile int interrupted, restart_failed;
  147. #endif
  148. static sigset_t timer_set;
  149. static void timer_sighandler(int);
  150. #ifndef HAVE_STRERROR
  151. # if !HAVE_DECL_SYS_ERRLIST
  152. extern int sys_nerr;
  153. extern char *sys_errlist[];
  154. # endif
  155. const char *
  156. strerror(int err_no)
  157. {
  158. static char buf[sizeof("Unknown error %d") + sizeof(int)*3];
  159. if (err_no < 1 || err_no >= sys_nerr) {
  160. xsprintf(buf, "Unknown error %d", err_no);
  161. return buf;
  162. }
  163. return sys_errlist[err_no];
  164. }
  165. #endif /* HAVE_STERRROR */
  166. static void
  167. print_version(void)
  168. {
  169. static const char features[] =
  170. #ifdef ENABLE_STACKTRACE
  171. " stack-trace=" USE_UNWINDER
  172. #endif
  173. #ifdef USE_DEMANGLE
  174. " stack-demangle"
  175. #endif
  176. #if SUPPORTED_PERSONALITIES > 1
  177. # if defined HAVE_M32_MPERS
  178. " m32-mpers"
  179. # else
  180. " no-m32-mpers"
  181. # endif
  182. #endif /* SUPPORTED_PERSONALITIES > 1 */
  183. #if SUPPORTED_PERSONALITIES > 2
  184. # if defined HAVE_MX32_MPERS
  185. " mx32-mpers"
  186. # else
  187. " no-mx32-mpers"
  188. # endif
  189. #endif /* SUPPORTED_PERSONALITIES > 2 */
  190. "";
  191. printf("%s -- version %s\n"
  192. "Copyright (c) 1991-%s The strace developers <%s>.\n"
  193. "This is free software; see the source for copying conditions. There is NO\n"
  194. "warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.\n",
  195. PACKAGE_NAME, PACKAGE_VERSION, COPYRIGHT_YEAR, PACKAGE_URL);
  196. printf("\nOptional features enabled:%s\n",
  197. features[0] ? features : " (none)");
  198. }
  199. static void
  200. usage(void)
  201. {
  202. printf("\
  203. usage: strace [-CdffhiqrtttTvVwxxy] [-I n] [-e expr]...\n\
  204. [-a column] [-o file] [-s strsize] [-P path]...\n\
  205. -p pid... / [-D] [-E var=val]... [-u username] PROG [ARGS]\n\
  206. or: strace -c[dfw] [-I n] [-e expr]... [-O overhead] [-S sortby]\n\
  207. -p pid... / [-D] [-E var=val]... [-u username] PROG [ARGS]\n\
  208. \n\
  209. Output format:\n\
  210. -a column alignment COLUMN for printing syscall results (default %d)\n\
  211. -i print instruction pointer at time of syscall\n\
  212. "
  213. #ifdef ENABLE_STACKTRACE
  214. "\
  215. -k obtain stack trace between each syscall\n\
  216. "
  217. #endif
  218. "\
  219. -o file send trace output to FILE instead of stderr\n\
  220. -q suppress messages about attaching, detaching, etc.\n\
  221. -r print relative timestamp\n\
  222. -s strsize limit length of print strings to STRSIZE chars (default %d)\n\
  223. -t print absolute timestamp\n\
  224. -tt print absolute timestamp with usecs\n\
  225. -T print time spent in each syscall\n\
  226. -x print non-ascii strings in hex\n\
  227. -xx print all strings in hex\n\
  228. -X format set the format for printing of named constants and flags\n\
  229. -y print paths associated with file descriptor arguments\n\
  230. -yy print protocol specific information associated with socket file descriptors\n\
  231. \n\
  232. Statistics:\n\
  233. -c count time, calls, and errors for each syscall and report summary\n\
  234. -C like -c but also print regular output\n\
  235. -O overhead set overhead for tracing syscalls to OVERHEAD usecs\n\
  236. -S sortby sort syscall counts by: time, calls, name, nothing (default %s)\n\
  237. -w summarise syscall latency (default is system time)\n\
  238. \n\
  239. Filtering:\n\
  240. -e expr a qualifying expression: option=[!]all or option=[!]val1[,val2]...\n\
  241. options: trace, abbrev, verbose, raw, signal, read, write, fault, inject, kvm\n\
  242. -P path trace accesses to path\n\
  243. \n\
  244. Tracing:\n\
  245. -b execve detach on execve syscall\n\
  246. -D run tracer process as a detached grandchild, not as parent\n\
  247. -f follow forks\n\
  248. -ff follow forks with output into separate files\n\
  249. -I interruptible\n\
  250. 1: no signals are blocked\n\
  251. 2: fatal signals are blocked while decoding syscall (default)\n\
  252. 3: fatal signals are always blocked (default if '-o FILE PROG')\n\
  253. 4: fatal signals and SIGTSTP (^Z) are always blocked\n\
  254. (useful to make 'strace -o FILE PROG' not stop on ^Z)\n\
  255. \n\
  256. Startup:\n\
  257. -E var remove var from the environment for command\n\
  258. -E var=val put var=val in the environment for command\n\
  259. -p pid trace process with process id PID, may be repeated\n\
  260. -u username run command as username handling setuid and/or setgid\n\
  261. \n\
  262. Miscellaneous:\n\
  263. -d enable debug output to stderr\n\
  264. -v verbose mode: print unabbreviated argv, stat, termios, etc. args\n\
  265. -h print help message\n\
  266. -V print version\n\
  267. "
  268. /* ancient, no one should use it
  269. -F -- attempt to follow vforks (deprecated, use -f)\n\
  270. */
  271. /* this is broken, so don't document it
  272. -z -- print only succeeding syscalls\n\
  273. */
  274. , DEFAULT_ACOLUMN, DEFAULT_STRLEN, DEFAULT_SORTBY);
  275. exit(0);
  276. }
  277. void ATTRIBUTE_NORETURN
  278. die(void)
  279. {
  280. if (strace_tracer_pid == getpid()) {
  281. cleanup(0);
  282. exit(1);
  283. }
  284. _exit(1);
  285. }
  286. static void
  287. error_opt_arg(int opt, const char *arg)
  288. {
  289. error_msg_and_help("invalid -%c argument: '%s'", opt, arg);
  290. }
  291. static const char *ptrace_attach_cmd;
  292. static int
  293. ptrace_attach_or_seize(int pid)
  294. {
  295. int r;
  296. if (!use_seize)
  297. return ptrace_attach_cmd = "PTRACE_ATTACH",
  298. ptrace(PTRACE_ATTACH, pid, 0L, 0L);
  299. r = ptrace(PTRACE_SEIZE, pid, 0L, (unsigned long) ptrace_setoptions);
  300. if (r)
  301. return ptrace_attach_cmd = "PTRACE_SEIZE", r;
  302. r = ptrace(PTRACE_INTERRUPT, pid, 0L, 0L);
  303. return ptrace_attach_cmd = "PTRACE_INTERRUPT", r;
  304. }
  305. static const char *
  306. ptrace_op_str(unsigned int op)
  307. {
  308. const char *str = xlookup(ptrace_cmds, op);
  309. if (str)
  310. return str;
  311. static char buf[sizeof(op) * 3];
  312. xsprintf(buf, "%u", op);
  313. return buf;
  314. }
  315. /*
  316. * Used when we want to unblock stopped traced process.
  317. * Should be only used with PTRACE_CONT, PTRACE_DETACH and PTRACE_SYSCALL.
  318. * Returns 0 on success or if error was ESRCH
  319. * (presumably process was killed while we talk to it).
  320. * Otherwise prints error message and returns -1.
  321. */
  322. static int
  323. ptrace_restart(const unsigned int op, struct tcb *const tcp, unsigned int sig)
  324. {
  325. int err;
  326. errno = 0;
  327. ptrace(op, tcp->pid, 0L, (unsigned long) sig);
  328. err = errno;
  329. if (!err || err == ESRCH)
  330. return 0;
  331. /*
  332. * Why curcol != 0? Otherwise sometimes we get this:
  333. *
  334. * 10252 kill(10253, SIGKILL) = 0
  335. * <ptrace(SYSCALL,10252):No such process>10253 ...next decode...
  336. *
  337. * 10252 died after we retrieved syscall exit data,
  338. * but before we tried to restart it. Log looks ugly.
  339. */
  340. if (current_tcp && current_tcp->curcol != 0) {
  341. tprintf(" <Cannot restart pid %d with ptrace(%s): %s>\n",
  342. tcp->pid, ptrace_op_str(op), strerror(err));
  343. line_ended();
  344. }
  345. errno = err;
  346. perror_msg("ptrace(%s,pid:%d,sig:%u)",
  347. ptrace_op_str(op), tcp->pid, sig);
  348. return -1;
  349. }
  350. static void
  351. set_cloexec_flag(int fd)
  352. {
  353. int flags, newflags;
  354. flags = fcntl(fd, F_GETFD);
  355. if (flags < 0) {
  356. /* Can happen only if fd is bad.
  357. * Should never happen: if it does, we have a bug
  358. * in the caller. Therefore we just abort
  359. * instead of propagating the error.
  360. */
  361. perror_msg_and_die("fcntl(%d, F_GETFD)", fd);
  362. }
  363. newflags = flags | FD_CLOEXEC;
  364. if (flags == newflags)
  365. return;
  366. if (fcntl(fd, F_SETFD, newflags)) /* never fails */
  367. perror_msg_and_die("fcntl(%d, F_SETFD, %#x)", fd, newflags);
  368. }
  369. /*
  370. * When strace is setuid executable, we have to swap uids
  371. * before and after filesystem and process management operations.
  372. */
  373. static void
  374. swap_uid(void)
  375. {
  376. int euid = geteuid(), uid = getuid();
  377. if (euid != uid && setreuid(euid, uid) < 0) {
  378. perror_msg_and_die("setreuid");
  379. }
  380. }
  381. static FILE *
  382. strace_fopen(const char *path)
  383. {
  384. FILE *fp;
  385. swap_uid();
  386. fp = fopen_stream(path, open_append ? "a" : "w");
  387. if (!fp)
  388. perror_msg_and_die("Can't fopen '%s'", path);
  389. swap_uid();
  390. set_cloexec_flag(fileno(fp));
  391. return fp;
  392. }
  393. #ifndef _PATH_BSHELL
  394. # define _PATH_BSHELL "/bin/sh"
  395. #endif
  396. #define ZERO_OR_DIE(f, ...) \
  397. do { \
  398. int ret = f(__VA_ARGS__); \
  399. if (ret) { \
  400. errno = ret; \
  401. perror_func_msg_and_die(#f); \
  402. } \
  403. } while (0)
  404. /**
  405. * Create a child and set up pipes for communication with it. It utilises
  406. * posix_spawn in an attempt to handle non-MMU systems correctly.
  407. *
  408. * @param[in] command Command to execute (using _PATH_BSHELL -c).
  409. * @param[out] in_fd Where to store file descriptor for writing to child's
  410. * stdin. If NULL, no stdin pipe is set up.
  411. * @param[out] out_fd Where to store file descriptor for reading from child's
  412. * stdout. If NULL, no stdout pipe is set up.
  413. * @return Child's PID.
  414. */
  415. int
  416. strace_pipe_exec(const char *command, int *in_fd, int *out_fd)
  417. {
  418. pid_t pid;
  419. posix_spawn_file_actions_t file_actions;
  420. const char * const argv[] = { "sh", "-c", command, NULL };
  421. int in_fds[2];
  422. int out_fds[2];
  423. swap_uid();
  424. if (in_fd) {
  425. if (pipe(in_fds) < 0)
  426. perror_func_msg_and_die("pipe");
  427. set_cloexec_flag(in_fds[1]); /* never fails */
  428. }
  429. if (out_fd) {
  430. if (pipe(out_fds) < 0)
  431. perror_func_msg_and_die("pipe");
  432. set_cloexec_flag(out_fds[0]); /* never fails */
  433. }
  434. ZERO_OR_DIE(posix_spawn_file_actions_init, &file_actions);
  435. /* Close our end in the child */
  436. if (in_fd)
  437. ZERO_OR_DIE(posix_spawn_file_actions_addclose, &file_actions,
  438. in_fds[1]);
  439. if (out_fd)
  440. ZERO_OR_DIE(posix_spawn_file_actions_addclose, &file_actions,
  441. out_fds[0]);
  442. /* Setting up child's stdin */
  443. if (in_fd && (in_fds[0] != STDIN_FILENO)) {
  444. ZERO_OR_DIE(posix_spawn_file_actions_adddup2,
  445. &file_actions, in_fds[0], STDIN_FILENO);
  446. ZERO_OR_DIE(posix_spawn_file_actions_addclose,
  447. &file_actions, in_fds[0]);
  448. }
  449. /* Setting up child's stdout */
  450. if (out_fd && (out_fds[1] != STDOUT_FILENO)) {
  451. ZERO_OR_DIE(posix_spawn_file_actions_adddup2,
  452. &file_actions, out_fds[1], STDOUT_FILENO);
  453. ZERO_OR_DIE(posix_spawn_file_actions_addclose,
  454. &file_actions, out_fds[1]);
  455. }
  456. /* Spawn the actual command */
  457. ZERO_OR_DIE(posix_spawn, &pid, _PATH_BSHELL, &file_actions, NULL,
  458. (char * const *) argv, environ);
  459. /* Cleanup */
  460. ZERO_OR_DIE(posix_spawn_file_actions_destroy, &file_actions);
  461. /* Parent */
  462. if (in_fd) {
  463. close(in_fds[0]);
  464. *in_fd = in_fds[1];
  465. }
  466. if (out_fd) {
  467. close(out_fds[1]);
  468. *out_fd = out_fds[0];
  469. }
  470. swap_uid();
  471. return pid;
  472. }
  473. /*
  474. * We cannot use standard popen(3) here because we have to distinguish
  475. * popen child process from other processes we trace, and standard popen(3)
  476. * does not export its child's pid.
  477. */
  478. static FILE *
  479. strace_popen(const char *command)
  480. {
  481. FILE *fp;
  482. int fd;
  483. register_aux_child(strace_pipe_exec(command, &fd, NULL));
  484. fp = fdopen(fd, "w");
  485. if (!fp)
  486. perror_msg_and_die("fdopen");
  487. return fp;
  488. }
  489. static void
  490. outf_perror(const struct tcb * const tcp)
  491. {
  492. if (tcp->outf == stderr)
  493. return;
  494. /* This is ugly, but we don't store separate file names */
  495. if (followfork >= 2)
  496. perror_msg("%s.%u", outfname, tcp->pid);
  497. else
  498. perror_msg("%s", outfname);
  499. }
  500. ATTRIBUTE_FORMAT((printf, 1, 0))
  501. static void
  502. tvprintf(const char *const fmt, va_list args)
  503. {
  504. if (current_tcp) {
  505. int n = vfprintf(current_tcp->outf, fmt, args);
  506. if (n < 0) {
  507. /* very unlikely due to vfprintf buffering */
  508. outf_perror(current_tcp);
  509. } else
  510. current_tcp->curcol += n;
  511. }
  512. }
  513. void
  514. tprintf(const char *fmt, ...)
  515. {
  516. va_list args;
  517. va_start(args, fmt);
  518. tvprintf(fmt, args);
  519. va_end(args);
  520. }
  521. #ifndef HAVE_FPUTS_UNLOCKED
  522. # define fputs_unlocked fputs
  523. #endif
  524. void
  525. tprints(const char *str)
  526. {
  527. if (current_tcp) {
  528. int n = fputs_unlocked(str, current_tcp->outf);
  529. if (n >= 0) {
  530. current_tcp->curcol += strlen(str);
  531. return;
  532. }
  533. /* very unlikely due to fputs_unlocked buffering */
  534. outf_perror(current_tcp);
  535. }
  536. }
  537. void
  538. tprints_comment(const char *const str)
  539. {
  540. if (str && *str)
  541. tprintf(" /* %s */", str);
  542. }
  543. void
  544. tprintf_comment(const char *fmt, ...)
  545. {
  546. if (!fmt || !*fmt)
  547. return;
  548. va_list args;
  549. va_start(args, fmt);
  550. tprints(" /* ");
  551. tvprintf(fmt, args);
  552. tprints(" */");
  553. va_end(args);
  554. }
  555. static void
  556. flush_tcp_output(const struct tcb *const tcp)
  557. {
  558. if (fflush(tcp->outf))
  559. outf_perror(tcp);
  560. }
  561. void
  562. line_ended(void)
  563. {
  564. if (current_tcp) {
  565. current_tcp->curcol = 0;
  566. flush_tcp_output(current_tcp);
  567. }
  568. if (printing_tcp) {
  569. printing_tcp->curcol = 0;
  570. printing_tcp = NULL;
  571. }
  572. }
  573. void
  574. set_current_tcp(const struct tcb *tcp)
  575. {
  576. current_tcp = (struct tcb *) tcp;
  577. /* Sync current_personality and stuff */
  578. if (current_tcp)
  579. set_personality(current_tcp->currpers);
  580. }
  581. void
  582. printleader(struct tcb *tcp)
  583. {
  584. /* If -ff, "previous tcb we printed" is always the same as current,
  585. * because we have per-tcb output files.
  586. */
  587. if (followfork >= 2)
  588. printing_tcp = tcp;
  589. if (printing_tcp) {
  590. set_current_tcp(printing_tcp);
  591. if (printing_tcp->curcol != 0 && (followfork < 2 || printing_tcp == tcp)) {
  592. /*
  593. * case 1: we have a shared log (i.e. not -ff), and last line
  594. * wasn't finished (same or different tcb, doesn't matter).
  595. * case 2: split log, we are the same tcb, but our last line
  596. * didn't finish ("SIGKILL nuked us after syscall entry" etc).
  597. */
  598. tprints(" <unfinished ...>\n");
  599. printing_tcp->curcol = 0;
  600. }
  601. }
  602. printing_tcp = tcp;
  603. set_current_tcp(tcp);
  604. current_tcp->curcol = 0;
  605. if (print_pid_pfx)
  606. tprintf("%-5d ", tcp->pid);
  607. else if (nprocs > 1 && !outfname)
  608. tprintf("[pid %5u] ", tcp->pid);
  609. if (tflag) {
  610. struct timespec ts;
  611. clock_gettime(CLOCK_REALTIME, &ts);
  612. if (tflag > 2) {
  613. tprintf("%lld.%06ld ",
  614. (long long) ts.tv_sec, (long) ts.tv_nsec / 1000);
  615. } else {
  616. time_t local = ts.tv_sec;
  617. char str[MAX(sizeof("HH:MM:SS"), sizeof(ts.tv_sec) * 3)];
  618. struct tm *tm = localtime(&local);
  619. if (tm)
  620. strftime(str, sizeof(str), "%T", tm);
  621. else
  622. xsprintf(str, "%lld", (long long) local);
  623. if (tflag > 1)
  624. tprintf("%s.%06ld ",
  625. str, (long) ts.tv_nsec / 1000);
  626. else
  627. tprintf("%s ", str);
  628. }
  629. }
  630. if (rflag) {
  631. struct timespec ts;
  632. clock_gettime(CLOCK_MONOTONIC, &ts);
  633. static struct timespec ots;
  634. if (ots.tv_sec == 0)
  635. ots = ts;
  636. struct timespec dts;
  637. ts_sub(&dts, &ts, &ots);
  638. ots = ts;
  639. tprintf("%s%6ld.%06ld%s ",
  640. tflag ? "(+" : "",
  641. (long) dts.tv_sec, (long) dts.tv_nsec / 1000,
  642. tflag ? ")" : "");
  643. }
  644. if (iflag)
  645. print_instruction_pointer(tcp);
  646. }
  647. void
  648. tabto(void)
  649. {
  650. if (current_tcp->curcol < acolumn)
  651. tprints(acolumn_spaces + current_tcp->curcol);
  652. }
  653. /* Should be only called directly *after successful attach* to a tracee.
  654. * Otherwise, "strace -oFILE -ff -p<nonexistant_pid>"
  655. * may create bogus empty FILE.<nonexistant_pid>, and then die.
  656. */
  657. static void
  658. after_successful_attach(struct tcb *tcp, const unsigned int flags)
  659. {
  660. tcp->flags |= TCB_ATTACHED | TCB_STARTUP | flags;
  661. tcp->outf = shared_log; /* if not -ff mode, the same file is for all */
  662. if (followfork >= 2) {
  663. char name[PATH_MAX];
  664. xsprintf(name, "%s.%u", outfname, tcp->pid);
  665. tcp->outf = strace_fopen(name);
  666. }
  667. #ifdef ENABLE_STACKTRACE
  668. if (stack_trace_enabled)
  669. unwind_tcb_init(tcp);
  670. #endif
  671. }
  672. static void
  673. expand_tcbtab(void)
  674. {
  675. /* Allocate some (more) TCBs (and expand the table).
  676. We don't want to relocate the TCBs because our
  677. callers have pointers and it would be a pain.
  678. So tcbtab is a table of pointers. Since we never
  679. free the TCBs, we allocate a single chunk of many. */
  680. size_t old_tcbtabsize;
  681. struct tcb *newtcbs;
  682. struct tcb **tcb_ptr;
  683. old_tcbtabsize = tcbtabsize;
  684. tcbtab = xgrowarray(tcbtab, &tcbtabsize, sizeof(tcbtab[0]));
  685. newtcbs = xcalloc(tcbtabsize - old_tcbtabsize, sizeof(newtcbs[0]));
  686. for (tcb_ptr = tcbtab + old_tcbtabsize;
  687. tcb_ptr < tcbtab + tcbtabsize; tcb_ptr++, newtcbs++)
  688. *tcb_ptr = newtcbs;
  689. }
  690. static struct tcb *
  691. alloctcb(int pid)
  692. {
  693. unsigned int i;
  694. struct tcb *tcp;
  695. if (nprocs == tcbtabsize)
  696. expand_tcbtab();
  697. for (i = 0; i < tcbtabsize; i++) {
  698. tcp = tcbtab[i];
  699. if (!tcp->pid) {
  700. memset(tcp, 0, sizeof(*tcp));
  701. list_init(&tcp->wait_list);
  702. tcp->pid = pid;
  703. #if SUPPORTED_PERSONALITIES > 1
  704. tcp->currpers = current_personality;
  705. #endif
  706. nprocs++;
  707. debug_msg("new tcb for pid %d, active tcbs:%d",
  708. tcp->pid, nprocs);
  709. return tcp;
  710. }
  711. }
  712. error_msg_and_die("bug in alloctcb");
  713. }
  714. void *
  715. get_tcb_priv_data(const struct tcb *tcp)
  716. {
  717. return tcp->_priv_data;
  718. }
  719. int
  720. set_tcb_priv_data(struct tcb *tcp, void *const priv_data,
  721. void (*const free_priv_data)(void *))
  722. {
  723. if (tcp->_priv_data)
  724. return -1;
  725. tcp->_free_priv_data = free_priv_data;
  726. tcp->_priv_data = priv_data;
  727. return 0;
  728. }
  729. void
  730. free_tcb_priv_data(struct tcb *tcp)
  731. {
  732. if (tcp->_priv_data) {
  733. if (tcp->_free_priv_data) {
  734. tcp->_free_priv_data(tcp->_priv_data);
  735. tcp->_free_priv_data = NULL;
  736. }
  737. tcp->_priv_data = NULL;
  738. }
  739. }
  740. static void
  741. droptcb(struct tcb *tcp)
  742. {
  743. if (tcp->pid == 0)
  744. return;
  745. int p;
  746. for (p = 0; p < SUPPORTED_PERSONALITIES; ++p)
  747. free(tcp->inject_vec[p]);
  748. free_tcb_priv_data(tcp);
  749. #ifdef ENABLE_STACKTRACE
  750. if (stack_trace_enabled)
  751. unwind_tcb_fin(tcp);
  752. #endif
  753. #ifdef HAVE_LINUX_KVM_H
  754. kvm_vcpu_info_free(tcp);
  755. #endif
  756. if (tcp->mmap_cache)
  757. tcp->mmap_cache->free_fn(tcp, __func__);
  758. nprocs--;
  759. debug_msg("dropped tcb for pid %d, %d remain", tcp->pid, nprocs);
  760. if (tcp->outf) {
  761. if (followfork >= 2) {
  762. if (tcp->curcol != 0)
  763. fprintf(tcp->outf, " <detached ...>\n");
  764. fclose(tcp->outf);
  765. } else {
  766. if (printing_tcp == tcp && tcp->curcol != 0)
  767. fprintf(tcp->outf, " <detached ...>\n");
  768. flush_tcp_output(tcp);
  769. }
  770. }
  771. if (current_tcp == tcp)
  772. set_current_tcp(NULL);
  773. if (printing_tcp == tcp)
  774. printing_tcp = NULL;
  775. list_remove(&tcp->wait_list);
  776. memset(tcp, 0, sizeof(*tcp));
  777. }
  778. /* Detach traced process.
  779. * Never call DETACH twice on the same process as both unattached and
  780. * attached-unstopped processes give the same ESRCH. For unattached process we
  781. * would SIGSTOP it and wait for its SIGSTOP notification forever.
  782. */
  783. void
  784. ptrace_detach(struct tcb *tcp)
  785. {
  786. int error;
  787. int status;
  788. /*
  789. * Linux wrongly insists the child be stopped
  790. * before detaching. Arghh. We go through hoops
  791. * to make a clean break of things.
  792. */
  793. if (!(tcp->flags & TCB_ATTACHED))
  794. goto drop;
  795. /* We attached but possibly didn't see the expected SIGSTOP.
  796. * We must catch exactly one as otherwise the detached process
  797. * would be left stopped (process state T).
  798. */
  799. if (tcp->flags & TCB_IGNORE_ONE_SIGSTOP)
  800. goto wait_loop;
  801. error = ptrace(PTRACE_DETACH, tcp->pid, 0, 0);
  802. if (!error) {
  803. /* On a clear day, you can see forever. */
  804. goto drop;
  805. }
  806. if (errno != ESRCH) {
  807. /* Shouldn't happen. */
  808. perror_func_msg("ptrace(PTRACE_DETACH,%u)", tcp->pid);
  809. goto drop;
  810. }
  811. /* ESRCH: process is either not stopped or doesn't exist. */
  812. if (my_tkill(tcp->pid, 0) < 0) {
  813. if (errno != ESRCH)
  814. /* Shouldn't happen. */
  815. perror_func_msg("tkill(%u,0)", tcp->pid);
  816. /* else: process doesn't exist. */
  817. goto drop;
  818. }
  819. /* Process is not stopped, need to stop it. */
  820. if (use_seize) {
  821. /*
  822. * With SEIZE, tracee can be in group-stop already.
  823. * In this state sending it another SIGSTOP does nothing.
  824. * Need to use INTERRUPT.
  825. * Testcase: trying to ^C a "strace -p <stopped_process>".
  826. */
  827. error = ptrace(PTRACE_INTERRUPT, tcp->pid, 0, 0);
  828. if (!error)
  829. goto wait_loop;
  830. if (errno != ESRCH)
  831. perror_func_msg("ptrace(PTRACE_INTERRUPT,%u)", tcp->pid);
  832. } else {
  833. error = my_tkill(tcp->pid, SIGSTOP);
  834. if (!error)
  835. goto wait_loop;
  836. if (errno != ESRCH)
  837. perror_func_msg("tkill(%u,SIGSTOP)", tcp->pid);
  838. }
  839. /* Either process doesn't exist, or some weird error. */
  840. goto drop;
  841. wait_loop:
  842. /* We end up here in three cases:
  843. * 1. We sent PTRACE_INTERRUPT (use_seize case)
  844. * 2. We sent SIGSTOP (!use_seize)
  845. * 3. Attach SIGSTOP was already pending (TCB_IGNORE_ONE_SIGSTOP set)
  846. */
  847. for (;;) {
  848. unsigned int sig;
  849. if (waitpid(tcp->pid, &status, __WALL) < 0) {
  850. if (errno == EINTR)
  851. continue;
  852. /*
  853. * if (errno == ECHILD) break;
  854. * ^^^ WRONG! We expect this PID to exist,
  855. * and want to emit a message otherwise:
  856. */
  857. perror_func_msg("waitpid(%u)", tcp->pid);
  858. break;
  859. }
  860. if (!WIFSTOPPED(status)) {
  861. /*
  862. * Tracee exited or was killed by signal.
  863. * We shouldn't normally reach this place:
  864. * we don't want to consume exit status.
  865. * Consider "strace -p PID" being ^C-ed:
  866. * we want merely to detach from PID.
  867. *
  868. * However, we _can_ end up here if tracee
  869. * was SIGKILLed.
  870. */
  871. break;
  872. }
  873. sig = WSTOPSIG(status);
  874. debug_msg("detach wait: event:%d sig:%d",
  875. (unsigned) status >> 16, sig);
  876. if (use_seize) {
  877. unsigned event = (unsigned)status >> 16;
  878. if (event == PTRACE_EVENT_STOP /*&& sig == SIGTRAP*/) {
  879. /*
  880. * sig == SIGTRAP: PTRACE_INTERRUPT stop.
  881. * sig == other: process was already stopped
  882. * with this stopping sig (see tests/detach-stopped).
  883. * Looks like re-injecting this sig is not necessary
  884. * in DETACH for the tracee to remain stopped.
  885. */
  886. sig = 0;
  887. }
  888. /*
  889. * PTRACE_INTERRUPT is not guaranteed to produce
  890. * the above event if other ptrace-stop is pending.
  891. * See tests/detach-sleeping testcase:
  892. * strace got SIGINT while tracee is sleeping.
  893. * We sent PTRACE_INTERRUPT.
  894. * We see syscall exit, not PTRACE_INTERRUPT stop.
  895. * We won't get PTRACE_INTERRUPT stop
  896. * if we would CONT now. Need to DETACH.
  897. */
  898. if (sig == syscall_trap_sig)
  899. sig = 0;
  900. /* else: not sure in which case we can be here.
  901. * Signal stop? Inject it while detaching.
  902. */
  903. ptrace_restart(PTRACE_DETACH, tcp, sig);
  904. break;
  905. }
  906. /* Note: this check has to be after use_seize check */
  907. /* (else, in use_seize case SIGSTOP will be mistreated) */
  908. if (sig == SIGSTOP) {
  909. /* Detach, suppressing SIGSTOP */
  910. ptrace_restart(PTRACE_DETACH, tcp, 0);
  911. break;
  912. }
  913. if (sig == syscall_trap_sig)
  914. sig = 0;
  915. /* Can't detach just yet, may need to wait for SIGSTOP */
  916. error = ptrace_restart(PTRACE_CONT, tcp, sig);
  917. if (error < 0) {
  918. /* Should not happen.
  919. * Note: ptrace_restart returns 0 on ESRCH, so it's not it.
  920. * ptrace_restart already emitted error message.
  921. */
  922. break;
  923. }
  924. }
  925. drop:
  926. if (!qflag && (tcp->flags & TCB_ATTACHED))
  927. error_msg("Process %u detached", tcp->pid);
  928. droptcb(tcp);
  929. }
  930. static void
  931. process_opt_p_list(char *opt)
  932. {
  933. while (*opt) {
  934. /*
  935. * We accept -p PID,PID; -p "`pidof PROG`"; -p "`pgrep PROG`".
  936. * pidof uses space as delim, pgrep uses newline. :(
  937. */
  938. int pid;
  939. char *delim = opt + strcspn(opt, "\n\t ,");
  940. char c = *delim;
  941. *delim = '\0';
  942. pid = string_to_uint(opt);
  943. if (pid <= 0) {
  944. error_msg_and_die("Invalid process id: '%s'", opt);
  945. }
  946. if (pid == strace_tracer_pid) {
  947. error_msg_and_die("I'm sorry, I can't let you do that, Dave.");
  948. }
  949. *delim = c;
  950. alloctcb(pid);
  951. if (c == '\0')
  952. break;
  953. opt = delim + 1;
  954. }
  955. }
  956. void
  957. ptrace_attach_tcb(struct tcb *const tcp)
  958. {
  959. if (ptrace_attach_or_seize(tcp->pid) < 0) {
  960. perror_msg("attach: ptrace(%s, %d)",
  961. ptrace_attach_cmd, tcp->pid);
  962. droptcb(tcp);
  963. return;
  964. }
  965. after_successful_attach(tcp, TCB_GRABBED | post_attach_sigstop);
  966. debug_msg("attach to pid %d (main) succeeded", tcp->pid);
  967. static const char task_path[] = "/proc/%d/task";
  968. char procdir[sizeof(task_path) + sizeof(int) * 3];
  969. DIR *dir;
  970. unsigned int ntid = 0, nerr = 0;
  971. if (followfork && tcp->pid != strace_child &&
  972. xsprintf(procdir, task_path, tcp->pid) > 0 &&
  973. (dir = opendir(procdir)) != NULL) {
  974. struct_dirent *de;
  975. while ((de = read_dir(dir)) != NULL) {
  976. if (de->d_fileno == 0)
  977. continue;
  978. int tid = string_to_uint(de->d_name);
  979. if (tid <= 0 || tid == tcp->pid)
  980. continue;
  981. ++ntid;
  982. if (ptrace_attach_or_seize(tid) < 0) {
  983. ++nerr;
  984. debug_perror_msg("attach: ptrace(%s, %d)",
  985. ptrace_attach_cmd, tid);
  986. continue;
  987. }
  988. after_successful_attach(alloctcb(tid),
  989. TCB_GRABBED | post_attach_sigstop);
  990. debug_msg("attach to pid %d succeeded", tid);
  991. }
  992. closedir(dir);
  993. }
  994. if (!qflag) {
  995. if (ntid > nerr)
  996. error_msg("Process %u attached"
  997. " with %u threads",
  998. tcp->pid, ntid - nerr + 1);
  999. else
  1000. error_msg("Process %u attached",
  1001. tcp->pid);
  1002. }
  1003. }
  1004. static void
  1005. startup_attach(void)
  1006. {
  1007. pid_t parent_pid = strace_tracer_pid;
  1008. unsigned int tcbi;
  1009. struct tcb *tcp;
  1010. if (daemonized_tracer) {
  1011. pid_t pid = fork();
  1012. if (pid < 0)
  1013. perror_func_msg_and_die("fork");
  1014. if (pid) { /* parent */
  1015. /*
  1016. * Wait for grandchild to attach to straced process
  1017. * (grandparent). Grandchild SIGKILLs us after it attached.
  1018. * Grandparent's wait() is unblocked by our death,
  1019. * it proceeds to exec the straced program.
  1020. */
  1021. pause();
  1022. _exit(0); /* paranoia */
  1023. }
  1024. /* grandchild */
  1025. /* We will be the tracer process. Remember our new pid: */
  1026. strace_tracer_pid = getpid();
  1027. }
  1028. for (tcbi = 0; tcbi < tcbtabsize; tcbi++) {
  1029. tcp = tcbtab[tcbi];
  1030. if (!tcp->pid)
  1031. continue;
  1032. /* Is this a process we should attach to, but not yet attached? */
  1033. if (tcp->flags & TCB_ATTACHED)
  1034. continue; /* no, we already attached it */
  1035. if (tcp->pid == parent_pid || tcp->pid == strace_tracer_pid) {
  1036. errno = EPERM;
  1037. perror_msg("attach: pid %d", tcp->pid);
  1038. droptcb(tcp);
  1039. continue;
  1040. }
  1041. attach_tcb(tcp);
  1042. if (interrupted)
  1043. return;
  1044. } /* for each tcbtab[] */
  1045. if (daemonized_tracer) {
  1046. /*
  1047. * Make parent go away.
  1048. * Also makes grandparent's wait() unblock.
  1049. */
  1050. kill(parent_pid, SIGKILL);
  1051. strace_child = 0;
  1052. }
  1053. }
  1054. /* Stack-o-phobic exec helper, in the hope to work around
  1055. * NOMMU + "daemonized tracer" difficulty.
  1056. */
  1057. struct exec_params {
  1058. int fd_to_close;
  1059. uid_t run_euid;
  1060. gid_t run_egid;
  1061. char **argv;
  1062. char **env;
  1063. char *pathname;
  1064. struct sigaction child_sa;
  1065. };
  1066. static struct exec_params params_for_tracee;
  1067. static void ATTRIBUTE_NOINLINE ATTRIBUTE_NORETURN
  1068. exec_or_die(void)
  1069. {
  1070. struct exec_params *params = &params_for_tracee;
  1071. if (params->fd_to_close >= 0)
  1072. close(params->fd_to_close);
  1073. if (!daemonized_tracer && !use_seize) {
  1074. if (ptrace(PTRACE_TRACEME, 0L, 0L, 0L) < 0) {
  1075. perror_msg_and_die("ptrace(PTRACE_TRACEME, ...)");
  1076. }
  1077. }
  1078. if (username != NULL) {
  1079. /*
  1080. * It is important to set groups before we
  1081. * lose privileges on setuid.
  1082. */
  1083. if (initgroups(username, run_gid) < 0) {
  1084. perror_msg_and_die("initgroups");
  1085. }
  1086. if (setregid(run_gid, params->run_egid) < 0) {
  1087. perror_msg_and_die("setregid");
  1088. }
  1089. if (setreuid(run_uid, params->run_euid) < 0) {
  1090. perror_msg_and_die("setreuid");
  1091. }
  1092. } else if (geteuid() != 0)
  1093. if (setreuid(run_uid, run_uid) < 0) {
  1094. perror_msg_and_die("setreuid");
  1095. }
  1096. if (!daemonized_tracer) {
  1097. /*
  1098. * Induce a ptrace stop. Tracer (our parent)
  1099. * will resume us with PTRACE_SYSCALL and display
  1100. * the immediately following execve syscall.
  1101. * Can't do this on NOMMU systems, we are after
  1102. * vfork: parent is blocked, stopping would deadlock.
  1103. */
  1104. if (!NOMMU_SYSTEM)
  1105. kill(getpid(), SIGSTOP);
  1106. } else {
  1107. alarm(3);
  1108. /* we depend on SIGCHLD set to SIG_DFL by init code */
  1109. /* if it happens to be SIG_IGN'ed, wait won't block */
  1110. wait(NULL);
  1111. alarm(0);
  1112. }
  1113. if (params_for_tracee.child_sa.sa_handler != SIG_DFL)
  1114. sigaction(SIGCHLD, &params_for_tracee.child_sa, NULL);
  1115. execve(params->pathname, params->argv, params->env);
  1116. perror_msg_and_die("exec");
  1117. }
  1118. /*
  1119. * Open a dummy descriptor for use as a placeholder.
  1120. * The descriptor is O_RDONLY with FD_CLOEXEC flag set.
  1121. * A read attempt from such descriptor ends with EOF,
  1122. * a write attempt is rejected with EBADF.
  1123. */
  1124. static int
  1125. open_dummy_desc(void)
  1126. {
  1127. int fds[2];
  1128. if (pipe(fds))
  1129. perror_func_msg_and_die("pipe");
  1130. close(fds[1]);
  1131. set_cloexec_flag(fds[0]);
  1132. return fds[0];
  1133. }
  1134. /* placeholder fds status for stdin and stdout */
  1135. static bool fd_is_placeholder[2];
  1136. /*
  1137. * Ensure that all standard file descriptors are open by opening placeholder
  1138. * file descriptors for those standard file descriptors that are not open.
  1139. *
  1140. * The information which descriptors have been made open is saved
  1141. * in fd_is_placeholder for later use.
  1142. */
  1143. static void
  1144. ensure_standard_fds_opened(void)
  1145. {
  1146. int fd;
  1147. while ((fd = open_dummy_desc()) <= 2) {
  1148. if (fd == 2)
  1149. break;
  1150. fd_is_placeholder[fd] = true;
  1151. }
  1152. if (fd > 2)
  1153. close(fd);
  1154. }
  1155. /*
  1156. * Redirect stdin and stdout unless they have been opened earlier
  1157. * by ensure_standard_fds_opened as placeholders.
  1158. */
  1159. static void
  1160. redirect_standard_fds(void)
  1161. {
  1162. int i;
  1163. /*
  1164. * It might be a good idea to redirect stderr as well,
  1165. * but we sometimes need to print error messages.
  1166. */
  1167. for (i = 0; i <= 1; ++i) {
  1168. if (!fd_is_placeholder[i]) {
  1169. close(i);
  1170. open_dummy_desc();
  1171. }
  1172. }
  1173. }
  1174. void
  1175. ptrace_startup_child(char **argv, char **env)
  1176. {
  1177. strace_stat_t statbuf;
  1178. const char *filename;
  1179. size_t filename_len;
  1180. char pathname[PATH_MAX];
  1181. int pid;
  1182. struct tcb *tcp;
  1183. filename = argv[0];
  1184. filename_len = strlen(filename);
  1185. if (filename_len > sizeof(pathname) - 1) {
  1186. errno = ENAMETOOLONG;
  1187. perror_msg_and_die("exec");
  1188. }
  1189. if (strchr(filename, '/')) {
  1190. strcpy(pathname, filename);
  1191. }
  1192. #ifdef USE_DEBUGGING_EXEC
  1193. /*
  1194. * Debuggers customarily check the current directory
  1195. * first regardless of the path but doing that gives
  1196. * security geeks a panic attack.
  1197. */
  1198. else if (stat_file(filename, &statbuf) == 0)
  1199. strcpy(pathname, filename);
  1200. #endif /* USE_DEBUGGING_EXEC */
  1201. else {
  1202. const char *path;
  1203. size_t m, n, len;
  1204. for (path = getenv("PATH"); path && *path; path += m) {
  1205. const char *colon = strchr(path, ':');
  1206. if (colon) {
  1207. n = colon - path;
  1208. m = n + 1;
  1209. } else
  1210. m = n = strlen(path);
  1211. if (n == 0) {
  1212. if (!getcwd(pathname, PATH_MAX))
  1213. continue;
  1214. len = strlen(pathname);
  1215. } else if (n > sizeof(pathname) - 1)
  1216. continue;
  1217. else {
  1218. strncpy(pathname, path, n);
  1219. len = n;
  1220. }
  1221. if (len && pathname[len - 1] != '/')
  1222. pathname[len++] = '/';
  1223. if (filename_len + len > sizeof(pathname) - 1)
  1224. continue;
  1225. strcpy(pathname + len, filename);
  1226. if (stat_file(pathname, &statbuf) == 0 &&
  1227. /* Accept only regular files
  1228. with some execute bits set.
  1229. XXX not perfect, might still fail */
  1230. S_ISREG(statbuf.st_mode) &&
  1231. (statbuf.st_mode & 0111))
  1232. break;
  1233. }
  1234. if (!path || !*path)
  1235. pathname[0] = '\0';
  1236. }
  1237. if (stat_file(pathname, &statbuf) < 0) {
  1238. perror_msg_and_die("Can't stat '%s' (resolved as '%s')",
  1239. filename, pathname);
  1240. }
  1241. params_for_tracee.fd_to_close = (shared_log != stderr) ? fileno(shared_log) : -1;
  1242. params_for_tracee.run_euid = (statbuf.st_mode & S_ISUID) ? statbuf.st_uid : run_uid;
  1243. params_for_tracee.run_egid = (statbuf.st_mode & S_ISGID) ? statbuf.st_gid : run_gid;
  1244. params_for_tracee.argv = argv;
  1245. params_for_tracee.env = env;
  1246. /*
  1247. * On NOMMU, can be safely freed only after execve in tracee.
  1248. * It's hard to know when that happens, so we just leak it.
  1249. */
  1250. params_for_tracee.pathname = NOMMU_SYSTEM ? xstrdup(pathname) : pathname;
  1251. #if defined HAVE_PRCTL && defined PR_SET_PTRACER && defined PR_SET_PTRACER_ANY
  1252. if (daemonized_tracer)
  1253. prctl(PR_SET_PTRACER, PR_SET_PTRACER_ANY);
  1254. #endif
  1255. pid = fork();
  1256. if (pid < 0)
  1257. perror_func_msg_and_die("fork");
  1258. if ((pid != 0 && daemonized_tracer)
  1259. || (pid == 0 && !daemonized_tracer)
  1260. ) {
  1261. /* We are to become the tracee. Two cases:
  1262. * -D: we are parent
  1263. * not -D: we are child
  1264. */
  1265. exec_or_die();
  1266. }
  1267. /* We are the tracer */
  1268. if (!daemonized_tracer) {
  1269. strace_child = pid;
  1270. if (!use_seize) {
  1271. /* child did PTRACE_TRACEME, nothing to do in parent */
  1272. } else {
  1273. if (!NOMMU_SYSTEM) {
  1274. /* Wait until child stopped itself */
  1275. int status;
  1276. while (waitpid(pid, &status, WSTOPPED) < 0) {
  1277. if (errno == EINTR)
  1278. continue;
  1279. perror_msg_and_die("waitpid");
  1280. }
  1281. if (!WIFSTOPPED(status) || WSTOPSIG(status) != SIGSTOP) {
  1282. kill_save_errno(pid, SIGKILL);
  1283. perror_msg_and_die("Unexpected wait status %#x",
  1284. status);
  1285. }
  1286. }
  1287. /* Else: NOMMU case, we have no way to sync.
  1288. * Just attach to it as soon as possible.
  1289. * This means that we may miss a few first syscalls...
  1290. */
  1291. if (ptrace_attach_or_seize(pid)) {
  1292. kill_save_errno(pid, SIGKILL);
  1293. perror_msg_and_die("attach: ptrace(%s, %d)",
  1294. ptrace_attach_cmd, pid);
  1295. }
  1296. if (!NOMMU_SYSTEM)
  1297. kill(pid, SIGCONT);
  1298. }
  1299. tcp = alloctcb(pid);
  1300. after_successful_attach(tcp, TCB_SKIP_DETACH_ON_FIRST_EXEC
  1301. | (NOMMU_SYSTEM ? 0
  1302. : (TCB_HIDE_LOG
  1303. | post_attach_sigstop)));
  1304. } else {
  1305. /* With -D, we are *child* here, the tracee is our parent. */
  1306. strace_child = strace_tracer_pid;
  1307. strace_tracer_pid = getpid();
  1308. tcp = alloctcb(strace_child);
  1309. tcp->flags |= TCB_SKIP_DETACH_ON_FIRST_EXEC | TCB_HIDE_LOG;
  1310. /*
  1311. * Attaching will be done later, by startup_attach.
  1312. * Note: we don't do after_successful_attach() here either!
  1313. */
  1314. /* NOMMU BUG! -D mode is active, we (child) return,
  1315. * and we will scribble over parent's stack!
  1316. * When parent later unpauses, it segfaults.
  1317. *
  1318. * We work around it
  1319. * (1) by declaring exec_or_die() NORETURN,
  1320. * hopefully compiler will just jump to it
  1321. * instead of call (won't push anything to stack),
  1322. * (2) by trying very hard in exec_or_die()
  1323. * to not use any stack,
  1324. * (3) having a really big (PATH_MAX) stack object
  1325. * in this function, which creates a "buffer" between
  1326. * child's and parent's stack pointers.
  1327. * This may save us if (1) and (2) failed
  1328. * and compiler decided to use stack in exec_or_die() anyway
  1329. * (happens on i386 because of stack parameter passing).
  1330. *
  1331. * A cleaner solution is to use makecontext + setcontext
  1332. * to create a genuine separate stack and execute on it.
  1333. */
  1334. }
  1335. /*
  1336. * A case where straced process is part of a pipe:
  1337. * { sleep 1; yes | head -n99999; } | strace -o/dev/null sh -c 'exec <&-; sleep 9'
  1338. * If strace won't close its fd#0, closing it in tracee is not enough:
  1339. * the pipe is still open, it has a reader. Thus, "head" will not get its
  1340. * SIGPIPE at once, on the first write.
  1341. *
  1342. * Preventing it by redirecting strace's stdin/out.
  1343. * (Don't leave fds 0 and 1 closed, this is bad practice: future opens
  1344. * will reuse them, unexpectedly making a newly opened object "stdin").
  1345. */
  1346. redirect_standard_fds();
  1347. }
  1348. static void
  1349. test_ptrace_seize(void)
  1350. {
  1351. int pid;
  1352. /* Need fork for test. NOMMU has no forks */
  1353. if (NOMMU_SYSTEM) {
  1354. post_attach_sigstop = 0; /* this sets use_seize to 1 */
  1355. return;
  1356. }
  1357. pid = fork();
  1358. if (pid < 0)
  1359. perror_func_msg_and_die("fork");
  1360. if (pid == 0) {
  1361. pause();
  1362. _exit(0);
  1363. }
  1364. /* PTRACE_SEIZE, unlike ATTACH, doesn't force tracee to trap. After
  1365. * attaching tracee continues to run unless a trap condition occurs.
  1366. * PTRACE_SEIZE doesn't affect signal or group stop state.
  1367. */
  1368. if (ptrace(PTRACE_SEIZE, pid, 0, 0) == 0) {
  1369. post_attach_sigstop = 0; /* this sets use_seize to 1 */
  1370. } else {
  1371. debug_msg("PTRACE_SEIZE doesn't work");
  1372. }
  1373. kill(pid, SIGKILL);
  1374. while (1) {
  1375. int status, tracee_pid;
  1376. errno = 0;
  1377. tracee_pid = waitpid(pid, &status, 0);
  1378. if (tracee_pid <= 0) {
  1379. if (errno == EINTR)
  1380. continue;
  1381. perror_func_msg_and_die("unexpected wait result %d",
  1382. tracee_pid);
  1383. }
  1384. if (WIFSIGNALED(status))
  1385. return;
  1386. error_func_msg_and_die("unexpected wait status %#x", status);
  1387. }
  1388. }
  1389. static unsigned
  1390. get_os_release(void)
  1391. {
  1392. unsigned rel;
  1393. const char *p;
  1394. struct utsname u;
  1395. if (uname(&u) < 0)
  1396. perror_msg_and_die("uname");
  1397. /* u.release has this form: "3.2.9[-some-garbage]" */
  1398. rel = 0;
  1399. p = u.release;
  1400. for (;;) {
  1401. if (!(*p >= '0' && *p <= '9'))
  1402. error_msg_and_die("Bad OS release string: '%s'", u.release);
  1403. /* Note: this open-codes KERNEL_VERSION(): */
  1404. rel = (rel << 8) | atoi(p);
  1405. if (rel >= KERNEL_VERSION(1, 0, 0))
  1406. break;
  1407. while (*p >= '0' && *p <= '9')
  1408. p++;
  1409. if (*p != '.') {
  1410. if (rel >= KERNEL_VERSION(0, 1, 0)) {
  1411. /* "X.Y-something" means "X.Y.0" */
  1412. rel <<= 8;
  1413. break;
  1414. }
  1415. error_msg_and_die("Bad OS release string: '%s'", u.release);
  1416. }
  1417. p++;
  1418. }
  1419. return rel;
  1420. }
  1421. static void
  1422. set_sighandler(int signo, void (*sighandler)(int), struct sigaction *oldact)
  1423. {
  1424. const struct sigaction sa = { .sa_handler = sighandler };
  1425. sigaction(signo, &sa, oldact);
  1426. }
  1427. bool
  1428. ptrace_init(int argc, char *argv[])
  1429. {
  1430. os_release = get_os_release();
  1431. if (!nprocs && !argc)
  1432. error_msg_and_help("must have PROG [ARGS] or -p PID");
  1433. if (!argc && daemonized_tracer)
  1434. error_msg_and_help("PROG [ARGS] must be specified with -D");
  1435. if (followfork)
  1436. ptrace_setoptions |= PTRACE_O_TRACECLONE |
  1437. PTRACE_O_TRACEFORK |
  1438. PTRACE_O_TRACEVFORK;
  1439. debug_msg("ptrace_setoptions = %#x", ptrace_setoptions);
  1440. test_ptrace_seize();
  1441. test_ptrace_get_syscall_info();
  1442. return true;
  1443. }
  1444. static void
  1445. add_to_env(char **env, size_t *env_count, char *var)
  1446. {
  1447. char *val = strchr(var, '=');
  1448. if (!val) {
  1449. /* Removing the variable */
  1450. const size_t len = strlen(var);
  1451. const size_t old_env_cnt = *env_count;
  1452. size_t r;
  1453. size_t w;
  1454. debug_func_msg("Removing variable \"%s\" from the command "
  1455. "environment", var);
  1456. for (r = 0, w = 0; r < old_env_cnt; r++, w++) {
  1457. while (r < old_env_cnt && !strncmp(env[r], var, len) &&
  1458. (env[r][len] == '=' || env[r][len] == '\0')) {
  1459. debug_func_msg("Matched entry %zu (\"%s\") "
  1460. "in the old env, skipping",
  1461. r, env[r]);
  1462. r++;
  1463. }
  1464. if (r >= old_env_cnt)
  1465. break;
  1466. if (w != r) {
  1467. debug_func_msg("Copying entry %zu to %zu",
  1468. r, w);
  1469. env[w] = env[r];
  1470. }
  1471. }
  1472. debug_func_msg("Setting env count from %zu to %zu",
  1473. old_env_cnt, w);
  1474. *env_count = w;
  1475. } else {
  1476. /* Replacing the variable */
  1477. const size_t len = val - var;
  1478. size_t r;
  1479. debug_func_msg("Adding/replacing variable \"%s\" (variable "
  1480. "to match: \"%.*s\")", var, (int) len, var);
  1481. for (r = 0; r < *env_count; r++) {
  1482. if (!strncmp(env[r], var, len) &&
  1483. (env[r][len] == '=' || env[r][len] == '\0')) {
  1484. debug_func_msg("Matched entry %zu (\"%s\") "
  1485. "in the old env, replacing",
  1486. r, env[r]);
  1487. break;
  1488. }
  1489. }
  1490. if (r == *env_count) {
  1491. debug_func_msg("Incrementing env count from %zu",
  1492. *env_count);
  1493. *env_count += 1;
  1494. }
  1495. debug_func_msg("Setting item %zu to \"%s\"", r, var);
  1496. env[r] = var;
  1497. }
  1498. }
  1499. static char **
  1500. make_env(char **orig_env, char **env_changes, size_t env_change_count)
  1501. {
  1502. if (!env_change_count)
  1503. return orig_env;
  1504. char **new_env;
  1505. size_t new_env_count = 0;
  1506. size_t new_env_size;
  1507. /* Determining the environment variable count */
  1508. if (orig_env) {
  1509. for (; orig_env[new_env_count]; new_env_count++)
  1510. ;
  1511. }
  1512. new_env_size = new_env_count + env_change_count;
  1513. if (new_env_size < new_env_count || new_env_size < env_change_count ||
  1514. new_env_size + 1 < new_env_size)
  1515. error_msg_and_die("Can't construct new environment: the sum "
  1516. "of old environment variable count (%zu) and "
  1517. "environment changes count (%zu) is too big",
  1518. new_env_count, env_change_count);
  1519. new_env_size++;
  1520. new_env = xallocarray(new_env_size, sizeof(*new_env));
  1521. if (orig_env)
  1522. memcpy(new_env, orig_env, new_env_count * sizeof(*orig_env));
  1523. for (size_t i = 0; i < env_change_count; i++)
  1524. add_to_env(new_env, &new_env_count, env_changes[i]);
  1525. new_env[new_env_count] = NULL;
  1526. return new_env;
  1527. }
  1528. /*
  1529. * Initialization part of main() was eating much stack (~0.5k),
  1530. * which was unused after init.
  1531. * We can reuse it if we move init code into a separate function.
  1532. *
  1533. * Don't want main() to inline us and defeat the reason
  1534. * we have a separate function.
  1535. */
  1536. static void ATTRIBUTE_NOINLINE
  1537. init(int argc, char *argv[])
  1538. {
  1539. int c, i;
  1540. int optF = 0;
  1541. /*
  1542. * We can initialise global_path_set only after tracing backend
  1543. * initialisation, so we store pointers to all the paths from
  1544. * command-line arguments during parsing in this array and then, after
  1545. * the successful backend initialisation, iterate over it in order
  1546. * to add them to global_path_set.
  1547. */
  1548. const char **pathtrace_paths = NULL;
  1549. size_t pathtrace_size = 0;
  1550. size_t pathtrace_count = 0;
  1551. /**
  1552. * Storage for environment changes requested for command. They
  1553. * are stored in a temporary array and not applied as is during
  1554. * command line parsing for two reasons:
  1555. * - putenv() changes environment of the tracer as well,
  1556. * which is undesirable.
  1557. * - Environment changes have to be applied in a
  1558. * tracing-backend-specific way.
  1559. */
  1560. char **env_changes = NULL;
  1561. size_t env_change_size = 0;
  1562. size_t env_change_count = 0;
  1563. size_t cnt;
  1564. if (!program_invocation_name || !*program_invocation_name) {
  1565. static char name[] = "strace";
  1566. program_invocation_name =
  1567. (argc > 0 && argv[0] && *argv[0]) ? argv[0] : name;
  1568. }
  1569. strace_tracer_pid = getpid();
  1570. shared_log = stderr;
  1571. set_sortby(DEFAULT_SORTBY);
  1572. set_personality(DEFAULT_PERSONALITY);
  1573. qualify("trace=all");
  1574. qualify("abbrev=all");
  1575. qualify("verbose=all");
  1576. #if DEFAULT_QUAL_FLAGS != (QUAL_TRACE | QUAL_ABBREV | QUAL_VERBOSE)
  1577. # error Bug in DEFAULT_QUAL_FLAGS
  1578. #endif
  1579. qualify("signal=all");
  1580. while ((c = getopt(argc, argv, "+"
  1581. #ifdef ENABLE_STACKTRACE
  1582. "k"
  1583. #endif
  1584. "a:Ab:cCdDe:E:fFhiI:o:O:p:P:qrs:S:tTu:vVwxX:yz")) != EOF) {
  1585. switch (c) {
  1586. case 'a':
  1587. acolumn = string_to_uint(optarg);
  1588. if (acolumn < 0)
  1589. error_opt_arg(c, optarg);
  1590. break;
  1591. case 'A':
  1592. open_append = true;
  1593. break;
  1594. case 'b':
  1595. if (strcmp(optarg, "execve") != 0)
  1596. error_msg_and_die("Syscall '%s' for -b isn't supported",
  1597. optarg);
  1598. detach_on_execve = 1;
  1599. break;
  1600. case 'c':
  1601. if (cflag == CFLAG_BOTH) {
  1602. error_msg_and_help("-c and -C are mutually exclusive");
  1603. }
  1604. cflag = CFLAG_ONLY_STATS;
  1605. break;
  1606. case 'C':
  1607. if (cflag == CFLAG_ONLY_STATS) {
  1608. error_msg_and_help("-c and -C are mutually exclusive");
  1609. }
  1610. cflag = CFLAG_BOTH;
  1611. break;
  1612. case 'd':
  1613. debug_flag = 1;
  1614. break;
  1615. case 'D':
  1616. daemonized_tracer = 1;
  1617. break;
  1618. case 'e':
  1619. qualify(optarg);
  1620. break;
  1621. case 'E':
  1622. if (env_change_count >= env_change_size)
  1623. env_changes = xgrowarray(env_changes,
  1624. &env_change_size,
  1625. sizeof(*env_changes));
  1626. env_changes[env_change_count++] = optarg;
  1627. break;
  1628. case 'f':
  1629. followfork++;
  1630. break;
  1631. case 'F':
  1632. optF = 1;
  1633. break;
  1634. case 'h':
  1635. usage();
  1636. break;
  1637. case 'i':
  1638. iflag = 1;
  1639. break;
  1640. case 'I':
  1641. opt_intr = string_to_uint_upto(optarg, NUM_INTR_OPTS - 1);
  1642. if (opt_intr <= 0)
  1643. error_opt_arg(c, optarg);
  1644. break;
  1645. #ifdef ENABLE_STACKTRACE
  1646. case 'k':
  1647. stack_trace_enabled = true;
  1648. break;
  1649. #endif
  1650. case 'o':
  1651. outfname = optarg;
  1652. break;
  1653. case 'O':
  1654. i = string_to_uint(optarg);
  1655. if (i < 0)
  1656. error_opt_arg(c, optarg);
  1657. set_overhead(i);
  1658. break;
  1659. case 'p':
  1660. process_opt_p_list(optarg);
  1661. break;
  1662. case 'P':
  1663. if (pathtrace_count >= pathtrace_size)
  1664. pathtrace_paths = xgrowarray(pathtrace_paths,
  1665. &pathtrace_size,
  1666. sizeof(pathtrace_paths[0]));
  1667. pathtrace_paths[pathtrace_count++] = optarg;
  1668. break;
  1669. case 'q':
  1670. qflag++;
  1671. break;
  1672. case 'r':
  1673. rflag = 1;
  1674. break;
  1675. case 's':
  1676. i = string_to_uint(optarg);
  1677. if (i < 0 || (unsigned int) i > -1U / 4)
  1678. error_opt_arg(c, optarg);
  1679. max_strlen = i;
  1680. break;
  1681. case 'S':
  1682. set_sortby(optarg);
  1683. break;
  1684. case 't':
  1685. tflag++;
  1686. break;
  1687. case 'T':
  1688. Tflag = 1;
  1689. break;
  1690. case 'u':
  1691. username = optarg;
  1692. break;
  1693. case 'v':
  1694. qualify("abbrev=none");
  1695. break;
  1696. case 'V':
  1697. print_version();
  1698. exit(0);
  1699. break;
  1700. case 'w':
  1701. count_wallclock = 1;
  1702. break;
  1703. case 'x':
  1704. xflag++;
  1705. break;
  1706. case 'X':
  1707. if (!strcmp(optarg, "raw"))
  1708. xlat_verbosity = XLAT_STYLE_RAW;
  1709. else if (!strcmp(optarg, "abbrev"))
  1710. xlat_verbosity = XLAT_STYLE_ABBREV;
  1711. else if (!strcmp(optarg, "verbose"))
  1712. xlat_verbosity = XLAT_STYLE_VERBOSE;
  1713. else
  1714. error_opt_arg(c, optarg);
  1715. break;
  1716. case 'y':
  1717. show_fd_path++;
  1718. break;
  1719. case 'z':
  1720. not_failing_only = 1;
  1721. break;
  1722. default:
  1723. error_msg_and_help(NULL);
  1724. break;
  1725. }
  1726. }
  1727. argv += optind;
  1728. argc -= optind;
  1729. if (argc < 0)
  1730. error_msg_and_help("must have command line arguments");
  1731. if (optF) {
  1732. if (followfork) {
  1733. error_msg("deprecated option -F ignored");
  1734. } else {
  1735. error_msg("option -F is deprecated, "
  1736. "please use -f instead");
  1737. followfork = optF;
  1738. }
  1739. }
  1740. if (followfork >= 2 && cflag) {
  1741. error_msg_and_help("(-c or -C) and -ff are mutually exclusive");
  1742. }
  1743. if (count_wallclock && !cflag) {
  1744. error_msg_and_help("-w must be given with (-c or -C)");
  1745. }
  1746. if (cflag == CFLAG_ONLY_STATS) {
  1747. if (iflag)
  1748. error_msg("-%c has no effect with -c", 'i');
  1749. if (stack_trace_enabled)
  1750. error_msg("-%c has no effect with -c", 'k');
  1751. if (rflag)
  1752. error_msg("-%c has no effect with -c", 'r');
  1753. if (tflag)
  1754. error_msg("-%c has no effect with -c", 't');
  1755. if (Tflag)
  1756. error_msg("-%c has no effect with -c", 'T');
  1757. if (show_fd_path)
  1758. error_msg("-%c has no effect with -c", 'y');
  1759. }
  1760. if (!tracing_backend_init(argc, argv))
  1761. error_msg_and_die("Cannot initialize backend \"%s\".",
  1762. tracing_backend_name());
  1763. for (cnt = 0; cnt < pathtrace_count; cnt++)
  1764. pathtrace_select(current_tcp, pathtrace_paths[cnt]);
  1765. free(pathtrace_paths);
  1766. acolumn_spaces = xmalloc(acolumn + 1);
  1767. memset(acolumn_spaces, ' ', acolumn);
  1768. acolumn_spaces[acolumn] = '\0';
  1769. set_sighandler(SIGCHLD, SIG_DFL, &params_for_tracee.child_sa);
  1770. #ifdef ENABLE_STACKTRACE
  1771. if (stack_trace_enabled)
  1772. unwind_init();
  1773. #endif
  1774. /* See if they want to run as another user. */
  1775. if (username != NULL) {
  1776. struct passwd *pent;
  1777. if (getuid() != 0 || geteuid() != 0) {
  1778. error_msg_and_die("You must be root to use the -u option");
  1779. }
  1780. pent = getpwnam(username);
  1781. if (pent == NULL) {
  1782. error_msg_and_die("Cannot find user '%s'", username);
  1783. }
  1784. run_uid = pent->pw_uid;
  1785. run_gid = pent->pw_gid;
  1786. } else {
  1787. run_uid = getuid();
  1788. run_gid = getgid();
  1789. }
  1790. /*
  1791. * Is something weird with our stdin and/or stdout -
  1792. * for example, may they be not open? In this case,
  1793. * ensure that none of the future opens uses them.
  1794. *
  1795. * This was seen in the wild when /proc/sys/kernel/core_pattern
  1796. * was set to "|/bin/strace -o/tmp/LOG PROG":
  1797. * kernel runs coredump helper with fd#0 open but fd#1 closed (!),
  1798. * therefore LOG gets opened to fd#1, and fd#1 is closed by
  1799. * "don't hold up stdin/out open" code soon after.
  1800. */
  1801. ensure_standard_fds_opened();
  1802. /* Check if they want to redirect the output. */
  1803. if (outfname) {
  1804. /* See if they want to pipe the output. */
  1805. if (outfname[0] == '|' || outfname[0] == '!') {
  1806. /*
  1807. * We can't do the <outfname>.PID funny business
  1808. * when using popen, so prohibit it.
  1809. */
  1810. if (followfork >= 2)
  1811. error_msg_and_help("piping the output and -ff "
  1812. "are mutually exclusive");
  1813. shared_log = strace_popen(outfname + 1);
  1814. } else if (followfork < 2) {
  1815. shared_log = strace_fopen(outfname);
  1816. } else if (strlen(outfname) >= PATH_MAX - sizeof(int) * 3) {
  1817. errno = ENAMETOOLONG;
  1818. perror_msg_and_die("%s", outfname);
  1819. }
  1820. } else {
  1821. /* -ff without -o FILE is the same as single -f */
  1822. if (followfork >= 2)
  1823. followfork = 1;
  1824. }
  1825. if (!outfname || outfname[0] == '|' || outfname[0] == '!') {
  1826. setvbuf(shared_log, NULL, _IOLBF, 0);
  1827. }
  1828. /*
  1829. * argv[0] -pPID -oFILE Default interactive setting
  1830. * yes * 0 INTR_WHILE_WAIT
  1831. * no 1 0 INTR_WHILE_WAIT
  1832. * yes * 1 INTR_NEVER
  1833. * no 1 1 INTR_WHILE_WAIT
  1834. */
  1835. if (outfname && argc) {
  1836. if (!opt_intr)
  1837. opt_intr = INTR_NEVER;
  1838. if (!qflag)
  1839. qflag = 1;
  1840. }
  1841. if (!opt_intr)
  1842. opt_intr = INTR_WHILE_WAIT;
  1843. /*
  1844. * startup_child() must be called before the signal handlers get
  1845. * installed below as they are inherited into the spawned process.
  1846. * Also we do not need to be protected by them as during interruption
  1847. * in the startup_child() mode we kill the spawned process anyway.
  1848. */
  1849. if (argc) {
  1850. char **new_environ = make_env(environ, env_changes,
  1851. env_change_count);
  1852. free(env_changes);
  1853. startup_child(argv, new_environ);
  1854. /*
  1855. * On a NOMMU system, new_environ can be freed only after exec
  1856. * in child, so we leak it in that case (similar to pathname
  1857. * in ptrace_startup_child).
  1858. */
  1859. if (new_environ != environ && !NOMMU_SYSTEM)
  1860. free(new_environ);
  1861. }
  1862. set_sighandler(SIGTTOU, SIG_IGN, NULL);
  1863. set_sighandler(SIGTTIN, SIG_IGN, NULL);
  1864. if (opt_intr != INTR_ANYWHERE) {
  1865. if (opt_intr == INTR_BLOCK_TSTP_TOO)
  1866. set_sighandler(SIGTSTP, SIG_IGN, NULL);
  1867. /*
  1868. * In interactive mode (if no -o OUTFILE, or -p PID is used),
  1869. * fatal signals are handled asynchronously and acted
  1870. * when waiting for process state changes.
  1871. * In non-interactive mode these signals are ignored.
  1872. */
  1873. set_sighandler(SIGHUP, interactive ? interrupt : SIG_IGN, NULL);
  1874. set_sighandler(SIGINT, interactive ? interrupt : SIG_IGN, NULL);
  1875. set_sighandler(SIGQUIT, interactive ? interrupt : SIG_IGN, NULL);
  1876. set_sighandler(SIGPIPE, interactive ? interrupt : SIG_IGN, NULL);
  1877. set_sighandler(SIGTERM, interactive ? interrupt : SIG_IGN, NULL);
  1878. }
  1879. sigemptyset(&timer_set);
  1880. sigaddset(&timer_set, SIGALRM);
  1881. sigprocmask(SIG_BLOCK, &timer_set, NULL);
  1882. set_sighandler(SIGALRM, timer_sighandler, NULL);
  1883. if (nprocs != 0 || daemonized_tracer)
  1884. startup_attach();
  1885. /* Do we want pids printed in our -o OUTFILE?
  1886. * -ff: no (every pid has its own file); or
  1887. * -f: yes (there can be more pids in the future); or
  1888. * -p PID1,PID2: yes (there are already more than one pid)
  1889. */
  1890. print_pid_pfx = (outfname && followfork < 2 && (followfork == 1 || nprocs > 1));
  1891. tracing_backend_post_init();
  1892. }
  1893. static struct tcb *
  1894. pid2tcb(const int pid, bool skip_preallocated)
  1895. {
  1896. if (pid <= 0)
  1897. return NULL;
  1898. #define PID2TCB_CACHE_SIZE 1024U
  1899. #define PID2TCB_CACHE_MASK (PID2TCB_CACHE_SIZE - 1)
  1900. static struct tcb *pid2tcb_cache[PID2TCB_CACHE_SIZE];
  1901. struct tcb **const ptcp = &pid2tcb_cache[pid & PID2TCB_CACHE_MASK];
  1902. struct tcb *tcp = *ptcp;
  1903. if (tcp && tcp->pid == pid)
  1904. return tcp;
  1905. for (unsigned int i = 0; i < tcbtabsize; ++i) {
  1906. tcp = tcbtab[i];
  1907. if (tcp->pid == pid) {
  1908. *ptcp = tcp;
  1909. if (skip_preallocated &&
  1910. (tcp->flags & TCB_PREALLOCATED))
  1911. return NULL;
  1912. return tcp;
  1913. }
  1914. }
  1915. return NULL;
  1916. }
  1917. static void
  1918. cleanup(int fatal_sig)
  1919. {
  1920. unsigned int i;
  1921. struct tcb *tcp;
  1922. if (!fatal_sig)
  1923. fatal_sig = SIGTERM;
  1924. for (i = 0; i < tcbtabsize; i++) {
  1925. tcp = tcbtab[i];
  1926. if (!tcp->pid)
  1927. continue;
  1928. debug_func_msg("looking at pid %u", tcp->pid);
  1929. /*
  1930. * Terminating the child we created with the signal we received.
  1931. */
  1932. if (tcp->pid == strace_child) {
  1933. tracee_kill(tcp, SIGCONT);
  1934. tracee_kill(tcp, fatal_sig);
  1935. }
  1936. detach(tcp);
  1937. }
  1938. tracing_backend_cleanup(fatal_sig);
  1939. }
  1940. static void
  1941. interrupt(int sig)
  1942. {
  1943. interrupted = sig;
  1944. }
  1945. static void
  1946. print_debug_info(const int pid, int status)
  1947. {
  1948. const unsigned int event = (unsigned int) status >> 16;
  1949. char buf[sizeof("WIFEXITED,exitcode=%u") + sizeof(int)*3 /*paranoia:*/ + 16];
  1950. char evbuf[sizeof(",EVENT_VFORK_DONE (%u)") + sizeof(int)*3 /*paranoia:*/ + 16];
  1951. strcpy(buf, "???");
  1952. if (WIFSIGNALED(status))
  1953. xsprintf(buf, "WIFSIGNALED,%ssig=%s",
  1954. WCOREDUMP(status) ? "core," : "",
  1955. sprintsigname(WTERMSIG(status)));
  1956. if (WIFEXITED(status))
  1957. xsprintf(buf, "WIFEXITED,exitcode=%u", WEXITSTATUS(status));
  1958. if (WIFSTOPPED(status))
  1959. xsprintf(buf, "WIFSTOPPED,sig=%s",
  1960. sprintsigname(WSTOPSIG(status)));
  1961. evbuf[0] = '\0';
  1962. if (event != 0) {
  1963. static const char *const event_names[] = {
  1964. [PTRACE_EVENT_CLONE] = "CLONE",
  1965. [PTRACE_EVENT_FORK] = "FORK",
  1966. [PTRACE_EVENT_VFORK] = "VFORK",
  1967. [PTRACE_EVENT_VFORK_DONE] = "VFORK_DONE",
  1968. [PTRACE_EVENT_EXEC] = "EXEC",
  1969. [PTRACE_EVENT_EXIT] = "EXIT",
  1970. /* [PTRACE_EVENT_STOP (=128)] would make biggish array */
  1971. };
  1972. const char *e = "??";
  1973. if (event < ARRAY_SIZE(event_names))
  1974. e = event_names[event];
  1975. else if (event == PTRACE_EVENT_STOP)
  1976. e = "STOP";
  1977. xsprintf(evbuf, ",EVENT_%s (%u)", e, event);
  1978. }
  1979. error_msg("[wait(0x%06x) = %u] %s%s", status, pid, buf, evbuf);
  1980. }
  1981. static struct tcb *
  1982. maybe_allocate_tcb(struct tcb *tcp, const int pid, int status)
  1983. {
  1984. if (!WIFSTOPPED(status)) {
  1985. if (detach_on_execve && pid == strace_child) {
  1986. /* example: strace -bexecve sh -c 'exec true' */
  1987. strace_child = 0;
  1988. goto out;
  1989. }
  1990. /*
  1991. * This can happen if we inherited an unknown child.
  1992. * Example: (sleep 1 & exec strace true)
  1993. */
  1994. error_msg("Exit of unknown pid %u ignored", pid);
  1995. goto out;
  1996. }
  1997. if (followfork) {
  1998. /* We assume it's a fork/vfork/clone child */
  1999. tcp = tcp ?: alloctcb(pid);
  2000. tcp->flags &= ~TCB_PREALLOCATED;
  2001. after_successful_attach(tcp, post_attach_sigstop);
  2002. if (!qflag)
  2003. error_msg("Process %d attached", pid);
  2004. return tcp;
  2005. } else {
  2006. /*
  2007. * This can happen if a clone call misused CLONE_PTRACE itself.
  2008. *
  2009. * There used to be a dance around possible re-injection of
  2010. * WSTOPSIG(status), but it was later removed as the only
  2011. * observable stop here is the initial ptrace-stop.
  2012. */
  2013. ptrace(PTRACE_DETACH, pid, NULL, 0L);
  2014. error_msg("Detached unknown pid %d", pid);
  2015. goto out;
  2016. }
  2017. out:
  2018. if (tcp)
  2019. droptcb(tcp);
  2020. return NULL;
  2021. }
  2022. static struct tcb *
  2023. maybe_switch_tcbs(struct tcb *tcp, struct tcb_wait_data *wd)
  2024. {
  2025. FILE *fp;
  2026. struct tcb *execve_thread;
  2027. long old_pid = to_ptrace_wait_data(wd)->msg;
  2028. /* Avoid truncation in pid2tcb() param passing */
  2029. if (old_pid <= 0 || old_pid == tcp->pid)
  2030. return tcp;
  2031. if ((unsigned long) old_pid > UINT_MAX)
  2032. return tcp;
  2033. execve_thread = pid2tcb(old_pid, true);
  2034. /* It should be !NULL, but I feel paranoid */
  2035. if (!execve_thread)
  2036. return tcp;
  2037. if (execve_thread->curcol != 0) {
  2038. /*
  2039. * One case we are here is -ff:
  2040. * try "strace -oLOG -ff test/threaded_execve"
  2041. */
  2042. fprintf(execve_thread->outf, " <pid changed to %d ...>\n",
  2043. tcp->pid);
  2044. /*execve_thread->curcol = 0; - no need, see code below */
  2045. }
  2046. /* Swap output FILEs (needed for -ff) */
  2047. fp = execve_thread->outf;
  2048. execve_thread->outf = tcp->outf;
  2049. tcp->outf = fp;
  2050. /* And their column positions */
  2051. execve_thread->curcol = tcp->curcol;
  2052. execve_thread->pid = tcp->pid;
  2053. tcp->curcol = 0;
  2054. /* Drop leader, but close execve'd thread outfile (if -ff) */
  2055. droptcb(tcp);
  2056. if (cflag != CFLAG_ONLY_STATS) {
  2057. printleader(execve_thread);
  2058. tprintf("+++ superseded by execve in pid %lu +++\n", old_pid);
  2059. line_ended();
  2060. execve_thread->flags |= TCB_REPRINT;
  2061. }
  2062. return execve_thread;
  2063. }
  2064. static void
  2065. print_signalled(struct tcb *tcp, const int pid, struct tcb_wait_data *wd)
  2066. {
  2067. if (pid == strace_child) {
  2068. exit_code = 0x100 | wd->sig;
  2069. strace_child = 0;
  2070. }
  2071. if (cflag != CFLAG_ONLY_STATS
  2072. && is_number_in_set(wd->sig, signal_set)) {
  2073. printleader(tcp);
  2074. tprintf("+++ killed by %s %s+++\n",
  2075. sprintsigname(wd->sig),
  2076. wd->core_dumped ? "(core dumped) " : "");
  2077. line_ended();
  2078. }
  2079. }
  2080. static void
  2081. print_exited(struct tcb *tcp, const int pid, int exit)
  2082. {
  2083. if (pid == strace_child) {
  2084. exit_code = exit;
  2085. strace_child = 0;
  2086. }
  2087. if (cflag != CFLAG_ONLY_STATS &&
  2088. qflag < 2) {
  2089. printleader(tcp);
  2090. tprintf("+++ exited with %d +++\n", exit);
  2091. line_ended();
  2092. }
  2093. }
  2094. static void
  2095. print_stopped(struct tcb *tcp, const siginfo_t *si, const unsigned int sig)
  2096. {
  2097. if (cflag != CFLAG_ONLY_STATS
  2098. && !hide_log(tcp)
  2099. && is_number_in_set(sig, signal_set)) {
  2100. printleader(tcp);
  2101. if (si) {
  2102. tprintf("--- %s ", sprintsigname(sig));
  2103. printsiginfo(si);
  2104. tprints(" ---\n");
  2105. } else
  2106. tprintf("--- stopped by %s ---\n", sprintsigname(sig));
  2107. line_ended();
  2108. #ifdef ENABLE_STACKTRACE
  2109. if (stack_trace_enabled)
  2110. unwind_tcb_print(tcp);
  2111. #endif
  2112. }
  2113. }
  2114. static void
  2115. startup_tcb(struct tcb *tcp)
  2116. {
  2117. debug_msg("pid %d has TCB_STARTUP, initializing it", tcp->pid);
  2118. tcp->flags &= ~TCB_STARTUP;
  2119. if (!use_seize) {
  2120. debug_msg("setting opts 0x%x on pid %d",
  2121. ptrace_setoptions, tcp->pid);
  2122. if (ptrace(PTRACE_SETOPTIONS, tcp->pid, NULL, ptrace_setoptions) < 0) {
  2123. if (errno != ESRCH) {
  2124. /* Should never happen, really */
  2125. perror_msg_and_die("PTRACE_SETOPTIONS");
  2126. }
  2127. }
  2128. }
  2129. if ((tcp->flags & TCB_GRABBED) && (get_scno(tcp) == 1))
  2130. tcp->s_prev_ent = tcp->s_ent;
  2131. }
  2132. static void
  2133. print_event_exit(struct tcb *tcp)
  2134. {
  2135. if (entering(tcp) || filtered(tcp) || hide_log(tcp)
  2136. || cflag == CFLAG_ONLY_STATS) {
  2137. return;
  2138. }
  2139. if (followfork < 2 && printing_tcp && printing_tcp != tcp
  2140. && printing_tcp->curcol != 0) {
  2141. set_current_tcp(printing_tcp);
  2142. tprints(" <unfinished ...>\n");
  2143. flush_tcp_output(printing_tcp);
  2144. printing_tcp->curcol = 0;
  2145. set_current_tcp(tcp);
  2146. }
  2147. print_syscall_resume(tcp);
  2148. if (!(tcp->sys_func_rval & RVAL_DECODED)) {
  2149. /*
  2150. * The decoder has probably decided to print something
  2151. * on exiting syscall which is not going to happen.
  2152. */
  2153. tprints(" <unfinished ...>");
  2154. }
  2155. printing_tcp = tcp;
  2156. tprints(") ");
  2157. tabto();
  2158. tprints("= ?\n");
  2159. line_ended();
  2160. }
  2161. struct tcb_wait_data *
  2162. ptrace_init_trace_wait_data(void *p)
  2163. {
  2164. struct ptrace_wait_data *ptrace_wd = p;
  2165. memset(ptrace_wd, 0, sizeof(*ptrace_wd));
  2166. ptrace_wd->restart_op = PTRACE_SYSCALL;
  2167. return &ptrace_wd->wd;
  2168. }
  2169. struct tcb_wait_data *
  2170. ptrace_copy_trace_wait_data(struct tcb_wait_data *wd)
  2171. {
  2172. struct ptrace_wait_data *ptrace_wd = to_ptrace_wait_data(wd);
  2173. struct ptrace_wait_data *new_wd = xmalloc(sizeof(*new_wd));
  2174. memcpy(new_wd, ptrace_wd, sizeof(*ptrace_wd));
  2175. return &new_wd->wd;
  2176. }
  2177. void
  2178. ptrace_free_trace_wait_data(struct tcb_wait_data *wd)
  2179. {
  2180. if (wd)
  2181. free(to_ptrace_wait_data(wd));
  2182. }
  2183. static void
  2184. tcb_wait_tab_check_size(size_t sz)
  2185. {
  2186. if (sz < tcb_wait_tab_size)
  2187. return;
  2188. tcb_wait_tab = xgrowarray_ex(tcb_wait_tab, &tcb_wait_tab_size, sz,
  2189. sizeof(tcb_wait_tab[0]));
  2190. }
  2191. static void
  2192. classify_ptrace_stop(int pid, int status, struct ptrace_wait_data *wd)
  2193. {
  2194. /*
  2195. * PTRACE_GETSIGINFO succeeds if tracee has received a signal and fails
  2196. * in other cases with EINVAL (when it has been stopped by signal).
  2197. */
  2198. int ret = ptrace(PTRACE_GETSIGINFO, pid, 0, &wd->wd.si);
  2199. if (!ret) {
  2200. wd->wd.te = TE_SIGNAL_DELIVERY_STOP;
  2201. wd->wd.sig = WSTOPSIG(status);
  2202. } else if (errno == ESRCH) {
  2203. /* Process is gone */
  2204. wd->wd.te = TE_RESTART;
  2205. } else if (errno == EINVAL) {
  2206. wd->wd.te = TE_GROUP_STOP;
  2207. if (use_seize) {
  2208. /*
  2209. * This ends ptrace-stop, but does *not* end group-stop.
  2210. * This makes stopping signals work properly on straced
  2211. * process (that is, process really stops. It used to
  2212. * continue to run).
  2213. */
  2214. wd->restart_op = PTRACE_LISTEN;
  2215. wd->wd.sig = 0;
  2216. } else {
  2217. wd->wd.sig = WSTOPSIG(status);
  2218. }
  2219. } else {
  2220. perror_msg("ptrace(PTRACE_GETSIGINFO, pid:%d)", pid);
  2221. }
  2222. }
  2223. struct tcb_wait_data *
  2224. ptrace_next_event(void)
  2225. {
  2226. if (interrupted)
  2227. return NULL;
  2228. struct tcb *tcp = NULL;
  2229. struct list_item *elem;
  2230. static EMPTY_LIST(pending_tcps);
  2231. /* Handling the queued tcbs first, before waiting for the new events */
  2232. if (!list_is_empty(&pending_tcps))
  2233. goto next_event_get_tcp;
  2234. static struct tcb *extra_tcp;
  2235. static size_t wait_extra_data_idx;
  2236. /* Handling an extra tcb event. */
  2237. if (extra_tcp) {
  2238. tcp = extra_tcp;
  2239. extra_tcp = NULL;
  2240. tcp->wait_data_idx = wait_extra_data_idx;
  2241. debug_msg("dequeued extra event for pid %u", tcp->pid);
  2242. goto next_event_exit;
  2243. }
  2244. /*
  2245. * Used to exit simply when nprocs hits zero, but in this testcase:
  2246. * int main(void) { _exit(!!fork()); }
  2247. * under strace -f, parent sometimes (rarely) manages
  2248. * to exit before we see the first stop of the child,
  2249. * and we are losing track of it:
  2250. * 19923 clone(...) = 19924
  2251. * 19923 exit_group(1) = ?
  2252. * 19923 +++ exited with 1 +++
  2253. * Exiting only when wait() returns ECHILD works better.
  2254. */
  2255. if (have_aux_children()) {
  2256. /* However, if -o|logger is in use, we can't do that.
  2257. * Can work around that by double-forking the logger,
  2258. * but that loses the ability to wait for its completion
  2259. * on exit. Oh well...
  2260. *
  2261. * Let's hope that pre-allocating a tcp on
  2262. * PTRACE_EVENT_{FORK,VFORK,CLONE} will handle this and won't
  2263. * create more problems.
  2264. */
  2265. if (nprocs == 0)
  2266. return NULL;
  2267. }
  2268. const bool unblock_delay_timer = is_delay_timer_armed();
  2269. /*
  2270. * The window of opportunity to handle expirations
  2271. * of the delay timer opens here.
  2272. *
  2273. * Unblock the signal handler for the delay timer
  2274. * iff the delay timer is already created.
  2275. */
  2276. if (unblock_delay_timer)
  2277. sigprocmask(SIG_UNBLOCK, &timer_set, NULL);
  2278. /*
  2279. * If the delay timer has expired, then its expiration
  2280. * has been handled already by the signal handler.
  2281. *
  2282. * If the delay timer expires during wait4(),
  2283. * then the system call will be interrupted and
  2284. * the expiration will be handled by the signal handler.
  2285. */
  2286. int status;
  2287. struct rusage ru;
  2288. int pid = wait4(-1, &status, __WALL, (cflag ? &ru : NULL));
  2289. int wait_errno = errno;
  2290. /*
  2291. * The window of opportunity to handle expirations
  2292. * of the delay timer closes here.
  2293. *
  2294. * Block the signal handler for the delay timer
  2295. * iff it was unblocked earlier.
  2296. */
  2297. if (unblock_delay_timer) {
  2298. sigprocmask(SIG_BLOCK, &timer_set, NULL);
  2299. if (restart_failed)
  2300. return NULL;
  2301. }
  2302. size_t wait_tab_pos = 0;
  2303. bool wait_nohang = false;
  2304. /*
  2305. * We wait for new events until wait4() returns 0 (meaning that there's
  2306. * nothing more to wait for for now), or a second event for some tcb
  2307. * appears (which may happen if a tracee SIGKILL'ed, for example).
  2308. */
  2309. for (;;) {
  2310. struct ptrace_wait_data *wd;
  2311. if (pid < 0) {
  2312. if (wait_errno == EINTR)
  2313. break;
  2314. if (wait_nohang)
  2315. break;
  2316. if (nprocs == 0 && wait_errno == ECHILD)
  2317. return NULL;
  2318. /*
  2319. * If nprocs > 0, ECHILD is not expected,
  2320. * treat it as any other error here:
  2321. */
  2322. errno = wait_errno;
  2323. perror_msg_and_die("wait4(__WALL)");
  2324. }
  2325. if (!pid)
  2326. break;
  2327. if (debug_flag)
  2328. print_debug_info(pid, status);
  2329. enum aux_child_sig acs = aux_children_signal(pid, status);
  2330. switch (acs) {
  2331. case ACS_CONTINUE:
  2332. goto next_event_wait_next;
  2333. case ACS_TERMINATE:
  2334. return NULL;
  2335. case ACS_NONE:
  2336. break;
  2337. default:
  2338. error_func_msg("Unknown aux_children_signal"
  2339. " return code: %d", acs);
  2340. break;
  2341. }
  2342. /* Look up 'pid' in our table. */
  2343. tcp = pid2tcb(pid, false);
  2344. if (!tcp || tcp->flags & TCB_PREALLOCATED) {
  2345. tcp = maybe_allocate_tcb(tcp, pid, status);
  2346. if (!tcp)
  2347. goto next_event_wait_next;
  2348. }
  2349. if (cflag) {
  2350. struct timespec stime = {
  2351. .tv_sec = ru.ru_stime.tv_sec,
  2352. .tv_nsec = ru.ru_stime.tv_usec * 1000
  2353. };
  2354. ts_sub(&tcp->dtime, &stime, &tcp->stime);
  2355. tcp->stime = stime;
  2356. }
  2357. tcb_wait_tab_check_size(wait_tab_pos + 1);
  2358. /* Initialising a new wait data structure */
  2359. wd = tcb_wait_tab + wait_tab_pos;
  2360. init_trace_wait_data(wd);
  2361. wd->status = status;
  2362. if (WIFSIGNALED(status)) {
  2363. wd->wd.te = TE_SIGNALLED;
  2364. wd->wd.sig = WTERMSIG(status);
  2365. wd->wd.core_dumped = WCOREDUMP(status);
  2366. } else if (WIFEXITED(status)) {
  2367. wd->wd.te = TE_EXITED;
  2368. wd->wd.exit = WEXITSTATUS(status);
  2369. } else {
  2370. /*
  2371. * As WCONTINUED flag has not been specified to wait4,
  2372. * it cannot be WIFCONTINUED(status), so the only case
  2373. * that remains is WIFSTOPPED(status).
  2374. */
  2375. const unsigned int sig = WSTOPSIG(status);
  2376. const unsigned int event = (unsigned int) status >> 16;
  2377. switch (event) {
  2378. case 0:
  2379. /*
  2380. * Is this post-attach SIGSTOP?
  2381. * Interestingly, the process may stop
  2382. * with STOPSIG equal to some other signal
  2383. * than SIGSTOP if we happened to attach
  2384. * just before the process takes a signal.
  2385. */
  2386. if (sig == SIGSTOP &&
  2387. (tcp->flags & TCB_IGNORE_ONE_SIGSTOP)) {
  2388. debug_func_msg("ignored SIGSTOP on "
  2389. "pid %d", tcp->pid);
  2390. tcp->flags &= ~TCB_IGNORE_ONE_SIGSTOP;
  2391. wd->wd.te = TE_RESTART;
  2392. } else if (sig == syscall_trap_sig) {
  2393. wd->wd.te = TE_SYSCALL_STOP;
  2394. } else {
  2395. classify_ptrace_stop(pid, status, wd);
  2396. }
  2397. break;
  2398. case PTRACE_EVENT_STOP:
  2399. /*
  2400. * PTRACE_INTERRUPT-stop or group-stop.
  2401. * PTRACE_INTERRUPT-stop has sig == SIGTRAP here.
  2402. */
  2403. switch (sig) {
  2404. case SIGSTOP:
  2405. case SIGTSTP:
  2406. case SIGTTIN:
  2407. case SIGTTOU:
  2408. wd->wd.te = TE_GROUP_STOP;
  2409. wd->wd.sig = WSTOPSIG(status);
  2410. break;
  2411. default:
  2412. wd->wd.te = TE_RESTART;
  2413. }
  2414. break;
  2415. case PTRACE_EVENT_EXEC:
  2416. /*
  2417. * TODO: shouldn't we check for
  2418. * errno == EINVAL here, too?
  2419. * We can get ESRCH instead, you know...
  2420. */
  2421. if (ptrace(PTRACE_GETEVENTMSG, pid, NULL,
  2422. &wd->msg) < 0)
  2423. wd->msg = 0;
  2424. wd->wd.te = TE_STOP_BEFORE_EXECVE;
  2425. break;
  2426. case PTRACE_EVENT_EXIT:
  2427. wd->wd.te = TE_STOP_BEFORE_EXIT;
  2428. break;
  2429. case PTRACE_EVENT_FORK:
  2430. case PTRACE_EVENT_VFORK:
  2431. case PTRACE_EVENT_CLONE: {
  2432. unsigned long new_pid = 0;
  2433. wd->wd.te = TE_RESTART;
  2434. if (!followfork)
  2435. break;
  2436. if (ptrace(PTRACE_GETEVENTMSG, pid,
  2437. NULL, &new_pid) < 0)
  2438. break;
  2439. if (!new_pid || pid2tcb(new_pid, false))
  2440. break;
  2441. struct tcb *prealloc_tcp = alloctcb(new_pid);
  2442. if (!prealloc_tcp)
  2443. break;
  2444. prealloc_tcp->flags = TCB_PREALLOCATED;
  2445. debug_msg("Pre-allocated a tcb for pid %lu",
  2446. new_pid);
  2447. break;
  2448. }
  2449. default:
  2450. wd->wd.te = TE_RESTART;
  2451. }
  2452. }
  2453. if (!wd->wd.te)
  2454. error_func_msg("Tracing event hasn't been determined "
  2455. "for pid %d, status %0#x", pid, status);
  2456. if (!list_is_empty(&tcp->wait_list)) {
  2457. wait_extra_data_idx = wait_tab_pos;
  2458. extra_tcp = tcp;
  2459. debug_func_msg("queued extra pid %d", tcp->pid);
  2460. } else {
  2461. tcp->wait_data_idx = wait_tab_pos;
  2462. list_append(&pending_tcps, &tcp->wait_list);
  2463. debug_func_msg("queued pid %d", tcp->pid);
  2464. }
  2465. wait_tab_pos++;
  2466. if (extra_tcp)
  2467. break;
  2468. next_event_wait_next:
  2469. pid = wait4(-1, &status, __WALL | WNOHANG, (cflag ? &ru : NULL));
  2470. wait_errno = errno;
  2471. wait_nohang = true;
  2472. }
  2473. next_event_get_tcp:
  2474. elem = list_remove_head(&pending_tcps);
  2475. if (!elem) {
  2476. tcb_wait_tab_check_size(1);
  2477. memset(tcb_wait_tab, 0, sizeof(*tcb_wait_tab));
  2478. tcb_wait_tab->wd.te = TE_NEXT;
  2479. return &(tcb_wait_tab->wd);
  2480. } else {
  2481. tcp = list_elem(elem, struct tcb, wait_list);
  2482. debug_func_msg("dequeued pid %d", tcp->pid);
  2483. }
  2484. next_event_exit:
  2485. /* Is this the very first time we see this tracee stopped? */
  2486. if (tcp->flags & TCB_STARTUP)
  2487. startup_tcb(tcp);
  2488. clear_regs(tcp);
  2489. /* Set current output file */
  2490. set_current_tcp(tcp);
  2491. return &(tcb_wait_tab[tcp->wait_data_idx].wd);
  2492. }
  2493. static int
  2494. trace_syscall(struct tcb *tcp, unsigned int *sig)
  2495. {
  2496. if (entering(tcp)) {
  2497. int res = syscall_entering_decode(tcp);
  2498. switch (res) {
  2499. case 0:
  2500. return 0;
  2501. case 1:
  2502. res = syscall_entering_trace(tcp, sig);
  2503. }
  2504. syscall_entering_finish(tcp, res);
  2505. return res;
  2506. } else {
  2507. struct timespec ts = {};
  2508. int res = syscall_exiting_decode(tcp, &ts);
  2509. if (res != 0) {
  2510. res = syscall_exiting_trace(tcp, &ts, res);
  2511. }
  2512. syscall_exiting_finish(tcp);
  2513. return res;
  2514. }
  2515. }
  2516. void
  2517. ptrace_handle_exec(struct tcb **current_tcp, struct tcb_wait_data *wd)
  2518. {
  2519. /* The syscall succeeded, clear the flag. */
  2520. (*current_tcp)->flags &= ~TCB_CHECK_EXEC_SYSCALL;
  2521. /*
  2522. * Check that we are inside syscall now (next event after
  2523. * PTRACE_EVENT_EXEC should be for syscall exiting). If it is
  2524. * not the case, we might have a situation when we attach to a
  2525. * process and the first thing we see is a PTRACE_EVENT_EXEC
  2526. * and all the following syscall state tracking is screwed up
  2527. * otherwise.
  2528. */
  2529. if (entering(*current_tcp)) {
  2530. int ret;
  2531. error_msg("Stray PTRACE_EVENT_EXEC from pid %d"
  2532. ", trying to recover...",
  2533. (*current_tcp)->pid);
  2534. (*current_tcp)->flags |= TCB_RECOVERING;
  2535. ret = trace_syscall(*current_tcp, &wd->sig);
  2536. (*current_tcp)->flags &= ~TCB_RECOVERING;
  2537. if (ret < 0) {
  2538. /* The reason is described in TE_SYSCALL_STOP */
  2539. return;
  2540. }
  2541. }
  2542. /*
  2543. * Under Linux, execve changes pid to thread leader's pid,
  2544. * and we see this changed pid on EVENT_EXEC and later,
  2545. * execve sysexit. Leader "disappears" without exit
  2546. * notification. Let user know that, drop leader's tcb,
  2547. * and fix up pid in execve thread's tcb.
  2548. * Effectively, execve thread's tcb replaces leader's tcb.
  2549. *
  2550. * BTW, leader is 'stuck undead' (doesn't report WIFEXITED
  2551. * on exit syscall) in multithreaded programs exactly
  2552. * in order to handle this case.
  2553. *
  2554. * PTRACE_GETEVENTMSG returns old pid starting from Linux 3.0.
  2555. * On 2.6 and earlier, it can return garbage.
  2556. */
  2557. if (os_release >= KERNEL_VERSION(3, 0, 0))
  2558. set_current_tcp(maybe_switch_tcbs(*current_tcp, wd));
  2559. }
  2560. bool
  2561. ptrace_restart_process(struct tcb *current_tcp, struct tcb_wait_data *wd)
  2562. {
  2563. struct ptrace_wait_data *ptrace_wd = to_ptrace_wait_data(wd);
  2564. if (ptrace_restart(ptrace_wd->restart_op, current_tcp, wd->sig) < 0) {
  2565. /* Note: ptrace_restart emitted error message */
  2566. return false;
  2567. }
  2568. return true;
  2569. }
  2570. /* Returns true iff the main trace loop has to continue. */
  2571. static bool
  2572. dispatch_event(struct tcb_wait_data *wd)
  2573. {
  2574. enum trace_event te = wd ? wd->te : TE_BREAK;
  2575. switch (te) {
  2576. case TE_BREAK:
  2577. return false;
  2578. case TE_NEXT:
  2579. return true;
  2580. case TE_RESTART:
  2581. break;
  2582. case TE_SYSCALL_STOP:
  2583. if (trace_syscall(current_tcp, &wd->sig) < 0) {
  2584. /*
  2585. * ptrace() failed in trace_syscall().
  2586. * Likely a result of process disappearing mid-flight.
  2587. * Observed case: exit_group() or SIGKILL terminating
  2588. * all processes in thread group.
  2589. * We assume that ptrace error was caused by process death.
  2590. * We used to detach(current_tcp) here, but since we no
  2591. * longer implement "detach before death" policy/hack,
  2592. * we can let this process to report its death to us
  2593. * normally, via WIFEXITED or WIFSIGNALED wait status.
  2594. */
  2595. return true;
  2596. }
  2597. break;
  2598. case TE_SIGNAL_DELIVERY_STOP:
  2599. print_stopped(current_tcp, &wd->si, wd->sig);
  2600. break;
  2601. case TE_SIGNALLED:
  2602. print_signalled(current_tcp, current_tcp->pid, wd);
  2603. droptcb(current_tcp);
  2604. return true;
  2605. case TE_GROUP_STOP:
  2606. print_stopped(current_tcp, NULL, wd->sig);
  2607. break;
  2608. case TE_EXITED:
  2609. print_exited(current_tcp, current_tcp->pid, wd->exit);
  2610. droptcb(current_tcp);
  2611. return true;
  2612. case TE_STOP_BEFORE_EXECVE:
  2613. handle_exec(&current_tcp, wd);
  2614. if (detach_on_execve) {
  2615. if (current_tcp->flags & TCB_SKIP_DETACH_ON_FIRST_EXEC) {
  2616. current_tcp->flags &= ~TCB_SKIP_DETACH_ON_FIRST_EXEC;
  2617. } else {
  2618. detach(current_tcp); /* do "-b execve" thingy */
  2619. return true;
  2620. }
  2621. }
  2622. break;
  2623. case TE_STOP_BEFORE_EXIT:
  2624. print_event_exit(current_tcp);
  2625. break;
  2626. }
  2627. /* We handled quick cases, we are permitted to interrupt now. */
  2628. if (interrupted)
  2629. return false;
  2630. /* If the process is being delayed, do not ptrace_restart just yet */
  2631. if (syscall_delayed(current_tcp)) {
  2632. if (current_tcp->delayed_wait_data)
  2633. error_func_msg("pid %d has delayed wait data set"
  2634. " already", current_tcp->pid);
  2635. current_tcp->delayed_wait_data = copy_trace_wait_data(wd);
  2636. return true;
  2637. }
  2638. if (!restart_process(current_tcp, wd)) {
  2639. exit_code = 1;
  2640. return false;
  2641. }
  2642. return true;
  2643. }
  2644. static bool
  2645. restart_delayed_tcb(struct tcb *const tcp)
  2646. {
  2647. struct tcb_wait_data *wd = tcp->delayed_wait_data;
  2648. if (!wd) {
  2649. error_func_msg("No delayed wait data found for pid %d",
  2650. tcp->pid);
  2651. wd = init_trace_wait_data(alloca(trace_wait_data_size(tcp)));
  2652. }
  2653. wd->te = TE_RESTART;
  2654. debug_func_msg("pid %d", tcp->pid);
  2655. tcp->flags &= ~TCB_DELAYED;
  2656. struct tcb *const prev_tcp = current_tcp;
  2657. current_tcp = tcp;
  2658. bool ret = dispatch_event(wd);
  2659. current_tcp = prev_tcp;
  2660. free_trace_wait_data(tcp->delayed_wait_data);
  2661. tcp->delayed_wait_data = NULL;
  2662. return ret;
  2663. }
  2664. static bool
  2665. restart_delayed_tcbs(void)
  2666. {
  2667. struct tcb *tcp_next = NULL;
  2668. struct timespec ts_now;
  2669. clock_gettime(CLOCK_MONOTONIC, &ts_now);
  2670. for (size_t i = 0; i < tcbtabsize; i++) {
  2671. struct tcb *tcp = tcbtab[i];
  2672. if (tcp->pid && syscall_delayed(tcp)) {
  2673. if (ts_cmp(&ts_now, &tcp->delay_expiration_time) > 0) {
  2674. if (!restart_delayed_tcb(tcp))
  2675. return false;
  2676. } else {
  2677. /* Check whether this tcb is the next. */
  2678. if (!tcp_next ||
  2679. ts_cmp(&tcp_next->delay_expiration_time,
  2680. &tcp->delay_expiration_time) > 0) {
  2681. tcp_next = tcp;
  2682. }
  2683. }
  2684. }
  2685. }
  2686. if (tcp_next)
  2687. arm_delay_timer(tcp_next);
  2688. return true;
  2689. }
  2690. /*
  2691. * As this signal handler does a lot of work that is not suitable
  2692. * for signal handlers, extra care must be taken to ensure that
  2693. * it is enabled only in those places where it's safe (see the related
  2694. * comments in next_event).
  2695. */
  2696. static void
  2697. timer_sighandler(int sig)
  2698. {
  2699. delay_timer_expired();
  2700. if (restart_failed)
  2701. return;
  2702. int saved_errno = errno;
  2703. if (!restart_delayed_tcbs())
  2704. restart_failed = 1;
  2705. errno = saved_errno;
  2706. }
  2707. #ifdef ENABLE_COVERAGE_GCOV
  2708. extern void __gcov_flush(void);
  2709. #endif
  2710. static void ATTRIBUTE_NORETURN
  2711. terminate(void)
  2712. {
  2713. int sig = interrupted;
  2714. cleanup(sig);
  2715. if (cflag)
  2716. call_summary(shared_log);
  2717. fflush(NULL);
  2718. if (shared_log != stderr)
  2719. fclose(shared_log);
  2720. aux_children_exit_notify(exit_code);
  2721. while (aux_children_exit_wait(exit_code))
  2722. ;
  2723. if (sig) {
  2724. exit_code = 0x100 | sig;
  2725. }
  2726. if (exit_code > 0xff) {
  2727. /* Avoid potential core file clobbering. */
  2728. struct_rlimit rlim = {0, 0};
  2729. set_rlimit(RLIMIT_CORE, &rlim);
  2730. /* Child was killed by a signal, mimic that. */
  2731. exit_code &= 0xff;
  2732. signal(exit_code, SIG_DFL);
  2733. #ifdef ENABLE_COVERAGE_GCOV
  2734. __gcov_flush();
  2735. #endif
  2736. raise(exit_code);
  2737. /* Unblock the signal. */
  2738. sigset_t mask;
  2739. sigemptyset(&mask);
  2740. sigaddset(&mask, exit_code);
  2741. #ifdef ENABLE_COVERAGE_GCOV
  2742. __gcov_flush();
  2743. #endif
  2744. sigprocmask(SIG_UNBLOCK, &mask, NULL);
  2745. /* Paranoia - what if this signal is not fatal?
  2746. Exit with 128 + signo then. */
  2747. exit_code += 128;
  2748. }
  2749. exit(exit_code);
  2750. }
  2751. int
  2752. main(int argc, char *argv[])
  2753. {
  2754. setlocale(LC_ALL, "");
  2755. init(argc, argv);
  2756. exit_code = !nprocs;
  2757. while (dispatch_event(next_event()))
  2758. ;
  2759. terminate();
  2760. }