1 /* 2 * This file is part of ltrace. 3 * Copyright (C) 2007,2011,2012 Petr Machata, Red Hat Inc. 4 * Copyright (C) 1998,2001,2004,2007,2008,2009 Juan Cespedes 5 * 6 * This program is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU General Public License as 8 * published by the Free Software Foundation; either version 2 of the 9 * License, or (at your option) any later version. 10 * 11 * This program is distributed in the hope that it will be useful, but 12 * WITHOUT ANY WARRANTY; without even the implied warranty of 13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 * General Public License for more details. 15 * 16 * You should have received a copy of the GNU General Public License 17 * along with this program; if not, write to the Free Software 18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 19 * 02110-1301 USA 20 */ 21 22 #include "config.h" 23 24 #define _GNU_SOURCE 1 25 #include <sys/ptrace.h> 26 #include <sys/types.h> 27 #include <sys/wait.h> 28 #include <assert.h> 29 #include <errno.h> 30 #include <signal.h> 31 #include <stdio.h> 32 #include <stdlib.h> 33 #include <string.h> 34 #include <unistd.h> 35 36 #include "backend.h" 37 #include "breakpoint.h" 38 #include "debug.h" 39 #include "events.h" 40 #include "proc.h" 41 #include "linux-gnu/trace-defs.h" 42 43 static Event event; 44 45 /* A queue of events that we missed while enabling the 46 * breakpoint in one of tasks. */ 47 static Event * delayed_events = NULL; 48 static Event * end_delayed_events = NULL; 49 50 static enum callback_status 51 first(struct process *proc, void *data) 52 { 53 return CBS_STOP; 54 } 55 56 void 57 enque_event(Event * event) 58 { 59 debug(DEBUG_FUNCTION, "%d: queuing event %d for later", 60 event->proc->pid, event->type); 61 Event * ne = malloc(sizeof(*ne)); 62 if (ne == NULL) { 63 fprintf(stderr, "event will be missed: %s\n", strerror(errno)); 64 return; 65 } 66 67 *ne = *event; 68 ne->next = NULL; 69 if (end_delayed_events == NULL) { 70 assert(delayed_events == NULL); 71 end_delayed_events = delayed_events = ne; 72 } 73 else { 74 assert(delayed_events != NULL); 75 end_delayed_events = end_delayed_events->next = ne; 76 } 77 } 78 79 Event * 80 each_qd_event(enum ecb_status (*pred)(Event *, void *), void * data) 81 { 82 Event * prev = delayed_events; 83 Event * event; 84 for (event = prev; event != NULL; ) { 85 switch ((*pred)(event, data)) { 86 case ECB_CONT: 87 prev = event; 88 event = event->next; 89 continue; 90 91 case ECB_DEQUE: 92 debug(DEBUG_FUNCTION, "dequeuing event %d for %d", 93 event->type, 94 event->proc != NULL ? event->proc->pid : -1); 95 /* 96 printf("dequeuing event %d for %d\n", event->type, 97 event->proc != NULL ? event->proc->pid : -1) ; 98 */ 99 if (end_delayed_events == event) 100 end_delayed_events = prev; 101 if (delayed_events == event) 102 delayed_events = event->next; 103 else 104 prev->next = event->next; 105 if (delayed_events == NULL) 106 end_delayed_events = NULL; 107 /* fall-through */ 108 109 case ECB_YIELD: 110 return event; 111 } 112 } 113 114 return NULL; 115 } 116 117 static enum ecb_status 118 event_process_not_reenabling(Event * event, void * data) 119 { 120 if (event->proc == NULL 121 || event->proc->leader == NULL 122 || event->proc->leader->event_handler == NULL) 123 return ECB_DEQUE; 124 else 125 return ECB_CONT; 126 } 127 128 static Event * 129 next_qd_event(void) 130 { 131 return each_qd_event(&event_process_not_reenabling, NULL); 132 } 133 134 int linux_in_waitpid = 0; 135 136 Event * 137 next_event(void) 138 { 139 pid_t pid; 140 int status; 141 int tmp; 142 int stop_signal; 143 144 debug(DEBUG_FUNCTION, "next_event()"); 145 Event * ev; 146 if ((ev = next_qd_event()) != NULL) { 147 event = *ev; 148 free(ev); 149 return &event; 150 } 151 152 if (!each_process(NULL, &first, NULL)) { 153 debug(DEBUG_EVENT, "event: No more traced programs: exiting"); 154 exit(0); 155 } 156 157 linux_in_waitpid = 1; 158 pid = waitpid(-1, &status, __WALL); 159 linux_in_waitpid = 0; 160 161 if (pid == -1) { 162 if (errno == ECHILD) { 163 debug(DEBUG_EVENT, "event: No more traced programs: exiting"); 164 exit(0); 165 } else if (errno == EINTR) { 166 debug(DEBUG_EVENT, "event: none (wait received EINTR?)"); 167 event.type = EVENT_NONE; 168 return &event; 169 } 170 perror("wait"); 171 exit(1); 172 } 173 event.proc = pid2proc(pid); 174 if (!event.proc || event.proc->state == STATE_BEING_CREATED) { 175 /* Work around (presumably) a bug on some kernels, 176 * where we are seeing a waitpid event even though the 177 * process is still reported to be running. Wait for 178 * the tracing stop to propagate. But don't get stuck 179 * here forever. 180 * 181 * We need the process in T, because there's a lot of 182 * ptracing going on all over the place, and these 183 * calls fail when the process is not in T. 184 * 185 * N.B. This was observed on RHEL 5 Itanium, but I'm 186 * turning this on globally, to save some poor soul 187 * down the road (which could well be me a year from 188 * now) the pain of figuring this out all over again. 189 * Petr Machata 2011-11-22. */ 190 int i = 0; 191 for (; i < 100 && process_status(pid) != PS_TRACING_STOP; ++i) { 192 debug(2, "waiting for %d to stop", pid); 193 usleep(10000); 194 } 195 event.type = EVENT_NEW; 196 event.e_un.newpid = pid; 197 debug(DEBUG_EVENT, "event: NEW: pid=%d", pid); 198 return &event; 199 } 200 201 get_arch_dep(event.proc); 202 debug(3, "event from pid %u", pid); 203 struct process *leader = event.proc->leader; 204 205 /* The process should be stopped after the waitpid call. But 206 * when the whole thread group is terminated, we see 207 * individual tasks spontaneously transitioning from 't' to 208 * 'R' and 'Z'. Calls to ptrace fail and /proc/pid/status may 209 * not even be available anymore, so we can't check in 210 * advance. So we just drop the error checking around ptrace 211 * calls. We check for termination ex post when it fails, 212 * suppress the event, and let the event loop collect the 213 * termination in the next iteration. */ 214 #define CHECK_PROCESS_TERMINATED \ 215 do { \ 216 int errno_save = errno; \ 217 switch (process_stopped(pid)) \ 218 case 0: \ 219 case -1: { \ 220 debug(DEBUG_EVENT, \ 221 "process not stopped, is it terminating?"); \ 222 event.type = EVENT_NONE; \ 223 continue_process(event.proc->pid); \ 224 return &event; \ 225 } \ 226 errno = errno_save; \ 227 } while (0) 228 229 event.proc->instruction_pointer = (void *)(uintptr_t)-1; 230 231 /* Check for task termination now, before we have a need to 232 * call CHECK_PROCESS_TERMINATED later. That would suppress 233 * the event that we are processing. */ 234 if (WIFSIGNALED(status)) { 235 event.type = EVENT_EXIT_SIGNAL; 236 event.e_un.signum = WTERMSIG(status); 237 debug(DEBUG_EVENT, "event: EXIT_SIGNAL: pid=%d, signum=%d", pid, event.e_un.signum); 238 return &event; 239 } 240 if (WIFEXITED(status)) { 241 event.type = EVENT_EXIT; 242 event.e_un.ret_val = WEXITSTATUS(status); 243 debug(DEBUG_EVENT, "event: EXIT: pid=%d, status=%d", pid, event.e_un.ret_val); 244 return &event; 245 } 246 247 event.proc->instruction_pointer = get_instruction_pointer(event.proc); 248 if (event.proc->instruction_pointer == (void *)(uintptr_t)-1) { 249 CHECK_PROCESS_TERMINATED; 250 if (errno != 0) 251 perror("get_instruction_pointer"); 252 } 253 254 switch (syscall_p(event.proc, status, &tmp)) { 255 case 1: 256 event.type = EVENT_SYSCALL; 257 event.e_un.sysnum = tmp; 258 debug(DEBUG_EVENT, "event: SYSCALL: pid=%d, sysnum=%d", pid, tmp); 259 return &event; 260 case 2: 261 event.type = EVENT_SYSRET; 262 event.e_un.sysnum = tmp; 263 debug(DEBUG_EVENT, "event: SYSRET: pid=%d, sysnum=%d", pid, tmp); 264 return &event; 265 case 3: 266 event.type = EVENT_ARCH_SYSCALL; 267 event.e_un.sysnum = tmp; 268 debug(DEBUG_EVENT, "event: ARCH_SYSCALL: pid=%d, sysnum=%d", pid, tmp); 269 return &event; 270 case 4: 271 event.type = EVENT_ARCH_SYSRET; 272 event.e_un.sysnum = tmp; 273 debug(DEBUG_EVENT, "event: ARCH_SYSRET: pid=%d, sysnum=%d", pid, tmp); 274 return &event; 275 case -1: 276 CHECK_PROCESS_TERMINATED; 277 if (errno != 0) 278 perror("syscall_p"); 279 } 280 if (WIFSTOPPED(status)) { 281 int what = status >> 16; 282 if (what == PTRACE_EVENT_VFORK 283 || what == PTRACE_EVENT_FORK 284 || what == PTRACE_EVENT_CLONE) { 285 unsigned long data; 286 event.type = what == PTRACE_EVENT_VFORK 287 ? EVENT_VFORK : EVENT_CLONE; 288 ptrace(PTRACE_GETEVENTMSG, pid, NULL, &data); 289 event.e_un.newpid = data; 290 debug(DEBUG_EVENT, "event: CLONE: pid=%d, newpid=%d", 291 pid, (int)data); 292 return &event; 293 } 294 } 295 if (WIFSTOPPED(status) && (status>>16 == PTRACE_EVENT_EXEC)) { 296 event.type = EVENT_EXEC; 297 debug(DEBUG_EVENT, "event: EXEC: pid=%d", pid); 298 return &event; 299 } 300 if (!WIFSTOPPED(status)) { 301 /* should never happen */ 302 event.type = EVENT_NONE; 303 debug(DEBUG_EVENT, "event: NONE: pid=%d (wait error?)", pid); 304 return &event; 305 } 306 307 stop_signal = WSTOPSIG(status); 308 309 /* On some targets, breakpoints are signalled not using 310 SIGTRAP, but also with SIGILL, SIGSEGV or SIGEMT. SIGEMT 311 is not defined on Linux, but check for the others. 312 313 N.B. see comments in GDB's infrun.c for details. I've 314 actually seen this on an Itanium machine on RHEL 5, I don't 315 remember the exact kernel version anymore. ia64-sigill.s 316 in the test suite tests this. Petr Machata 2011-06-08. */ 317 arch_addr_t break_address 318 = event.proc->instruction_pointer - DECR_PC_AFTER_BREAK; 319 if ((stop_signal == SIGSEGV || stop_signal == SIGILL) 320 && leader != NULL 321 && address2bpstruct(leader, break_address)) 322 stop_signal = SIGTRAP; 323 324 if (stop_signal != (SIGTRAP | event.proc->tracesysgood) 325 && stop_signal != SIGTRAP) { 326 event.type = EVENT_SIGNAL; 327 event.e_un.signum = stop_signal; 328 debug(DEBUG_EVENT, "event: SIGNAL: pid=%d, signum=%d", pid, stop_signal); 329 return &event; 330 } 331 332 /* last case [by exhaustion] */ 333 event.type = EVENT_BREAKPOINT; 334 335 event.e_un.brk_addr = break_address; 336 debug(DEBUG_EVENT, "event: BREAKPOINT: pid=%d, addr=%p", pid, event.e_un.brk_addr); 337 338 return &event; 339 } 340 341 static enum ecb_status 342 event_for_proc(struct Event *event, void *data) 343 { 344 if (event->proc == data) 345 return ECB_DEQUE; 346 else 347 return ECB_CONT; 348 } 349 350 void 351 delete_events_for(struct process *proc) 352 { 353 struct Event *event; 354 while ((event = each_qd_event(&event_for_proc, proc)) != NULL) 355 free(event); 356 } 357
