1 /* 2 * Copyright (c) 1991, 1992 Paul Kranenburg <pk (at) cs.few.eur.nl> 3 * Copyright (c) 1993 Branko Lankester <branko (at) hacktic.nl> 4 * Copyright (c) 1993, 1994, 1995, 1996 Rick Sladkey <jrs (at) world.std.com> 5 * Copyright (c) 1996-1999 Wichert Akkerman <wichert (at) cistron.nl> 6 * Copyright (c) 1999-2017 The strace developers. 7 * All rights reserved. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in the 16 * documentation and/or other materials provided with the distribution. 17 * 3. The name of the author may not be used to endorse or promote products 18 * derived from this software without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 21 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 22 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 23 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 24 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 25 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 26 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 27 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 29 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 30 */ 31 32 #include "defs.h" 33 #include <stdarg.h> 34 #include <sys/param.h> 35 #include <fcntl.h> 36 #include <signal.h> 37 #include <sys/resource.h> 38 #include <sys/wait.h> 39 #include <sys/stat.h> 40 #include <pwd.h> 41 #include <grp.h> 42 #include <dirent.h> 43 #include <sys/utsname.h> 44 #ifdef HAVE_PRCTL 45 # include <sys/prctl.h> 46 #endif 47 #include <asm/unistd.h> 48 49 #include "scno.h" 50 #include "ptrace.h" 51 #include "printsiginfo.h" 52 53 /* In some libc, these aren't declared. Do it ourself: */ 54 extern char **environ; 55 extern int optind; 56 extern char *optarg; 57 58 #ifdef USE_LIBUNWIND 59 /* if this is true do the stack trace for every system call */ 60 bool stack_trace_enabled; 61 #endif 62 63 #define my_tkill(tid, sig) syscall(__NR_tkill, (tid), (sig)) 64 65 /* Glue for systems without a MMU that cannot provide fork() */ 66 #if !defined(HAVE_FORK) 67 # undef NOMMU_SYSTEM 68 # define NOMMU_SYSTEM 1 69 #endif 70 #if NOMMU_SYSTEM 71 # define fork() vfork() 72 #endif 73 74 const unsigned int syscall_trap_sig = SIGTRAP | 0x80; 75 76 cflag_t cflag = CFLAG_NONE; 77 unsigned int followfork; 78 unsigned int ptrace_setoptions = PTRACE_O_TRACESYSGOOD | PTRACE_O_TRACEEXEC 79 | PTRACE_O_TRACEEXIT; 80 unsigned int xflag; 81 bool debug_flag; 82 bool Tflag; 83 bool iflag; 84 bool count_wallclock; 85 unsigned int qflag; 86 static unsigned int tflag; 87 static bool rflag; 88 static bool print_pid_pfx; 89 90 /* -I n */ 91 enum { 92 INTR_NOT_SET = 0, 93 INTR_ANYWHERE = 1, /* don't block/ignore any signals */ 94 INTR_WHILE_WAIT = 2, /* block fatal signals while decoding syscall. default */ 95 INTR_NEVER = 3, /* block fatal signals. default if '-o FILE PROG' */ 96 INTR_BLOCK_TSTP_TOO = 4, /* block fatal signals and SIGTSTP (^Z) */ 97 NUM_INTR_OPTS 98 }; 99 static int opt_intr; 100 /* We play with signal mask only if this mode is active: */ 101 #define interactive (opt_intr == INTR_WHILE_WAIT) 102 103 /* 104 * daemonized_tracer supports -D option. 105 * With this option, strace forks twice. 106 * Unlike normal case, with -D *grandparent* process exec's, 107 * becoming a traced process. Child exits (this prevents traced process 108 * from having children it doesn't expect to have), and grandchild 109 * attaches to grandparent similarly to strace -p PID. 110 * This allows for more transparent interaction in cases 111 * when process and its parent are communicating via signals, 112 * wait() etc. Without -D, strace process gets lodged in between, 113 * disrupting parent<->child link. 114 */ 115 static bool daemonized_tracer; 116 117 #if USE_SEIZE 118 static int post_attach_sigstop = TCB_IGNORE_ONE_SIGSTOP; 119 # define use_seize (post_attach_sigstop == 0) 120 #else 121 # define post_attach_sigstop TCB_IGNORE_ONE_SIGSTOP 122 # define use_seize 0 123 #endif 124 125 /* Sometimes we want to print only succeeding syscalls. */ 126 bool not_failing_only; 127 128 /* Show path associated with fd arguments */ 129 unsigned int show_fd_path; 130 131 static bool detach_on_execve; 132 133 static int exit_code; 134 static int strace_child; 135 static int strace_tracer_pid; 136 137 static char *username; 138 static uid_t run_uid; 139 static gid_t run_gid; 140 141 unsigned int max_strlen = DEFAULT_STRLEN; 142 static int acolumn = DEFAULT_ACOLUMN; 143 static char *acolumn_spaces; 144 145 static char *outfname; 146 /* If -ff, points to stderr. Else, it's our common output log */ 147 static FILE *shared_log; 148 149 struct tcb *printing_tcp; 150 static struct tcb *current_tcp; 151 152 static struct tcb **tcbtab; 153 static unsigned int nprocs, tcbtabsize; 154 155 #ifndef HAVE_PROGRAM_INVOCATION_NAME 156 char *program_invocation_name; 157 #endif 158 159 unsigned os_release; /* generated from uname()'s u.release */ 160 161 static void detach(struct tcb *tcp); 162 static void cleanup(void); 163 static void interrupt(int sig); 164 static sigset_t start_set, blocked_set; 165 166 #ifdef HAVE_SIG_ATOMIC_T 167 static volatile sig_atomic_t interrupted; 168 #else 169 static volatile int interrupted; 170 #endif 171 172 #ifndef HAVE_STRERROR 173 174 #if !HAVE_DECL_SYS_ERRLIST 175 extern int sys_nerr; 176 extern char *sys_errlist[]; 177 #endif 178 179 const char * 180 strerror(int err_no) 181 { 182 static char buf[sizeof("Unknown error %d") + sizeof(int)*3]; 183 184 if (err_no < 1 || err_no >= sys_nerr) { 185 sprintf(buf, "Unknown error %d", err_no); 186 return buf; 187 } 188 return sys_errlist[err_no]; 189 } 190 191 #endif /* HAVE_STERRROR */ 192 193 static void 194 print_version(void) 195 { 196 printf("%s -- version %s\n" 197 "Copyright (c) 1991-%s The strace developers <%s>.\n" 198 "This is free software; see the source for copying conditions. There is NO\n" 199 "warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.\n", 200 PACKAGE_NAME, PACKAGE_VERSION, COPYRIGHT_YEAR, PACKAGE_URL); 201 } 202 203 static void 204 usage(void) 205 { 206 printf("\ 207 usage: strace [-CdffhiqrtttTvVwxxy] [-I n] [-e expr]...\n\ 208 [-a column] [-o file] [-s strsize] [-P path]...\n\ 209 -p pid... / [-D] [-E var=val]... [-u username] PROG [ARGS]\n\ 210 or: strace -c[dfw] [-I n] [-e expr]... [-O overhead] [-S sortby]\n\ 211 -p pid... / [-D] [-E var=val]... [-u username] PROG [ARGS]\n\ 212 \n\ 213 Output format:\n\ 214 -a column alignment COLUMN for printing syscall results (default %d)\n\ 215 -i print instruction pointer at time of syscall\n\ 216 " 217 #ifdef USE_LIBUNWIND 218 "\ 219 -k obtain stack trace between each syscall (experimental)\n\ 220 " 221 #endif 222 "\ 223 -o file send trace output to FILE instead of stderr\n\ 224 -q suppress messages about attaching, detaching, etc.\n\ 225 -r print relative timestamp\n\ 226 -s strsize limit length of print strings to STRSIZE chars (default %d)\n\ 227 -t print absolute timestamp\n\ 228 -tt print absolute timestamp with usecs\n\ 229 -T print time spent in each syscall\n\ 230 -x print non-ascii strings in hex\n\ 231 -xx print all strings in hex\n\ 232 -y print paths associated with file descriptor arguments\n\ 233 -yy print protocol specific information associated with socket file descriptors\n\ 234 \n\ 235 Statistics:\n\ 236 -c count time, calls, and errors for each syscall and report summary\n\ 237 -C like -c but also print regular output\n\ 238 -O overhead set overhead for tracing syscalls to OVERHEAD usecs\n\ 239 -S sortby sort syscall counts by: time, calls, name, nothing (default %s)\n\ 240 -w summarise syscall latency (default is system time)\n\ 241 \n\ 242 Filtering:\n\ 243 -e expr a qualifying expression: option=[!]all or option=[!]val1[,val2]...\n\ 244 options: trace, abbrev, verbose, raw, signal, read, write, fault\n\ 245 -P path trace accesses to path\n\ 246 \n\ 247 Tracing:\n\ 248 -b execve detach on execve syscall\n\ 249 -D run tracer process as a detached grandchild, not as parent\n\ 250 -f follow forks\n\ 251 -ff follow forks with output into separate files\n\ 252 -I interruptible\n\ 253 1: no signals are blocked\n\ 254 2: fatal signals are blocked while decoding syscall (default)\n\ 255 3: fatal signals are always blocked (default if '-o FILE PROG')\n\ 256 4: fatal signals and SIGTSTP (^Z) are always blocked\n\ 257 (useful to make 'strace -o FILE PROG' not stop on ^Z)\n\ 258 \n\ 259 Startup:\n\ 260 -E var remove var from the environment for command\n\ 261 -E var=val put var=val in the environment for command\n\ 262 -p pid trace process with process id PID, may be repeated\n\ 263 -u username run command as username handling setuid and/or setgid\n\ 264 \n\ 265 Miscellaneous:\n\ 266 -d enable debug output to stderr\n\ 267 -v verbose mode: print unabbreviated argv, stat, termios, etc. args\n\ 268 -h print help message\n\ 269 -V print version\n\ 270 " 271 /* ancient, no one should use it 272 -F -- attempt to follow vforks (deprecated, use -f)\n\ 273 */ 274 /* this is broken, so don't document it 275 -z -- print only succeeding syscalls\n\ 276 */ 277 , DEFAULT_ACOLUMN, DEFAULT_STRLEN, DEFAULT_SORTBY); 278 exit(0); 279 } 280 281 static void ATTRIBUTE_NORETURN 282 die(void) 283 { 284 if (strace_tracer_pid == getpid()) { 285 cflag = 0; 286 cleanup(); 287 } 288 exit(1); 289 } 290 291 static void verror_msg(int err_no, const char *fmt, va_list p) 292 { 293 char *msg; 294 295 fflush(NULL); 296 297 /* We want to print entire message with single fprintf to ensure 298 * message integrity if stderr is shared with other programs. 299 * Thus we use vasprintf + single fprintf. 300 */ 301 msg = NULL; 302 if (vasprintf(&msg, fmt, p) >= 0) { 303 if (err_no) 304 fprintf(stderr, "%s: %s: %s\n", 305 program_invocation_name, msg, strerror(err_no)); 306 else 307 fprintf(stderr, "%s: %s\n", 308 program_invocation_name, msg); 309 free(msg); 310 } else { 311 /* malloc in vasprintf failed, try it without malloc */ 312 fprintf(stderr, "%s: ", program_invocation_name); 313 vfprintf(stderr, fmt, p); 314 if (err_no) 315 fprintf(stderr, ": %s\n", strerror(err_no)); 316 else 317 putc('\n', stderr); 318 } 319 /* We don't switch stderr to buffered, thus fprintf(stderr) 320 * always flushes its output and this is not necessary: */ 321 /* fflush(stderr); */ 322 } 323 324 void error_msg(const char *fmt, ...) 325 { 326 va_list p; 327 va_start(p, fmt); 328 verror_msg(0, fmt, p); 329 va_end(p); 330 } 331 332 void error_msg_and_die(const char *fmt, ...) 333 { 334 va_list p; 335 va_start(p, fmt); 336 verror_msg(0, fmt, p); 337 die(); 338 } 339 340 void error_msg_and_help(const char *fmt, ...) 341 { 342 if (fmt != NULL) { 343 va_list p; 344 va_start(p, fmt); 345 verror_msg(0, fmt, p); 346 } 347 fprintf(stderr, "Try '%s -h' for more information.\n", 348 program_invocation_name); 349 die(); 350 } 351 352 void perror_msg(const char *fmt, ...) 353 { 354 va_list p; 355 va_start(p, fmt); 356 verror_msg(errno, fmt, p); 357 va_end(p); 358 } 359 360 void perror_msg_and_die(const char *fmt, ...) 361 { 362 va_list p; 363 va_start(p, fmt); 364 verror_msg(errno, fmt, p); 365 die(); 366 } 367 368 static void 369 error_opt_arg(int opt, const char *arg) 370 { 371 error_msg_and_help("invalid -%c argument: '%s'", opt, arg); 372 } 373 374 static const char *ptrace_attach_cmd; 375 376 static int 377 ptrace_attach_or_seize(int pid) 378 { 379 #if USE_SEIZE 380 int r; 381 if (!use_seize) 382 return ptrace_attach_cmd = "PTRACE_ATTACH", 383 ptrace(PTRACE_ATTACH, pid, 0L, 0L); 384 r = ptrace(PTRACE_SEIZE, pid, 0L, (unsigned long) ptrace_setoptions); 385 if (r) 386 return ptrace_attach_cmd = "PTRACE_SEIZE", r; 387 r = ptrace(PTRACE_INTERRUPT, pid, 0L, 0L); 388 return ptrace_attach_cmd = "PTRACE_INTERRUPT", r; 389 #else 390 return ptrace_attach_cmd = "PTRACE_ATTACH", 391 ptrace(PTRACE_ATTACH, pid, 0L, 0L); 392 #endif 393 } 394 395 /* 396 * Used when we want to unblock stopped traced process. 397 * Should be only used with PTRACE_CONT, PTRACE_DETACH and PTRACE_SYSCALL. 398 * Returns 0 on success or if error was ESRCH 399 * (presumably process was killed while we talk to it). 400 * Otherwise prints error message and returns -1. 401 */ 402 static int 403 ptrace_restart(const unsigned int op, struct tcb *const tcp, unsigned int sig) 404 { 405 int err; 406 const char *msg; 407 408 errno = 0; 409 ptrace(op, tcp->pid, 0L, (unsigned long) sig); 410 err = errno; 411 if (!err) 412 return 0; 413 414 switch (op) { 415 case PTRACE_CONT: 416 msg = "CONT"; 417 break; 418 case PTRACE_DETACH: 419 msg = "DETACH"; 420 break; 421 case PTRACE_LISTEN: 422 msg = "LISTEN"; 423 break; 424 default: 425 msg = "SYSCALL"; 426 } 427 428 /* 429 * Why curcol != 0? Otherwise sometimes we get this: 430 * 431 * 10252 kill(10253, SIGKILL) = 0 432 * <ptrace(SYSCALL,10252):No such process>10253 ...next decode... 433 * 434 * 10252 died after we retrieved syscall exit data, 435 * but before we tried to restart it. Log looks ugly. 436 */ 437 if (current_tcp && current_tcp->curcol != 0) { 438 tprintf(" <ptrace(%s):%s>\n", msg, strerror(err)); 439 line_ended(); 440 } 441 if (err == ESRCH) 442 return 0; 443 errno = err; 444 perror_msg("ptrace(PTRACE_%s,pid:%d,sig:%u)", msg, tcp->pid, sig); 445 return -1; 446 } 447 448 static void 449 set_cloexec_flag(int fd) 450 { 451 int flags, newflags; 452 453 flags = fcntl(fd, F_GETFD); 454 if (flags < 0) { 455 /* Can happen only if fd is bad. 456 * Should never happen: if it does, we have a bug 457 * in the caller. Therefore we just abort 458 * instead of propagating the error. 459 */ 460 perror_msg_and_die("fcntl(%d, F_GETFD)", fd); 461 } 462 463 newflags = flags | FD_CLOEXEC; 464 if (flags == newflags) 465 return; 466 467 fcntl(fd, F_SETFD, newflags); /* never fails */ 468 } 469 470 static void 471 kill_save_errno(pid_t pid, int sig) 472 { 473 int saved_errno = errno; 474 475 (void) kill(pid, sig); 476 errno = saved_errno; 477 } 478 479 /* 480 * When strace is setuid executable, we have to swap uids 481 * before and after filesystem and process management operations. 482 */ 483 static void 484 swap_uid(void) 485 { 486 int euid = geteuid(), uid = getuid(); 487 488 if (euid != uid && setreuid(euid, uid) < 0) { 489 perror_msg_and_die("setreuid"); 490 } 491 } 492 493 #ifdef _LARGEFILE64_SOURCE 494 # ifdef HAVE_FOPEN64 495 # define fopen_for_output fopen64 496 # else 497 # define fopen_for_output fopen 498 # endif 499 # define struct_stat struct stat64 500 # define stat_file stat64 501 # define struct_dirent struct dirent64 502 # define read_dir readdir64 503 # define struct_rlimit struct rlimit64 504 # define set_rlimit setrlimit64 505 #else 506 # define fopen_for_output fopen 507 # define struct_stat struct stat 508 # define stat_file stat 509 # define struct_dirent struct dirent 510 # define read_dir readdir 511 # define struct_rlimit struct rlimit 512 # define set_rlimit setrlimit 513 #endif 514 515 static FILE * 516 strace_fopen(const char *path) 517 { 518 FILE *fp; 519 520 swap_uid(); 521 fp = fopen_for_output(path, "w"); 522 if (!fp) 523 perror_msg_and_die("Can't fopen '%s'", path); 524 swap_uid(); 525 set_cloexec_flag(fileno(fp)); 526 return fp; 527 } 528 529 static int popen_pid; 530 531 #ifndef _PATH_BSHELL 532 # define _PATH_BSHELL "/bin/sh" 533 #endif 534 535 /* 536 * We cannot use standard popen(3) here because we have to distinguish 537 * popen child process from other processes we trace, and standard popen(3) 538 * does not export its child's pid. 539 */ 540 static FILE * 541 strace_popen(const char *command) 542 { 543 FILE *fp; 544 int pid; 545 int fds[2]; 546 547 swap_uid(); 548 if (pipe(fds) < 0) 549 perror_msg_and_die("pipe"); 550 551 set_cloexec_flag(fds[1]); /* never fails */ 552 553 pid = vfork(); 554 if (pid < 0) 555 perror_msg_and_die("vfork"); 556 557 if (pid == 0) { 558 /* child */ 559 close(fds[1]); 560 if (fds[0] != 0) { 561 if (dup2(fds[0], 0)) 562 perror_msg_and_die("dup2"); 563 close(fds[0]); 564 } 565 execl(_PATH_BSHELL, "sh", "-c", command, NULL); 566 perror_msg_and_die("Can't execute '%s'", _PATH_BSHELL); 567 } 568 569 /* parent */ 570 popen_pid = pid; 571 close(fds[0]); 572 swap_uid(); 573 fp = fdopen(fds[1], "w"); 574 if (!fp) 575 perror_msg_and_die("fdopen"); 576 return fp; 577 } 578 579 ATTRIBUTE_FORMAT((printf, 1, 0)) 580 static void 581 tvprintf(const char *const fmt, va_list args) 582 { 583 if (current_tcp) { 584 int n = vfprintf(current_tcp->outf, fmt, args); 585 if (n < 0) { 586 if (current_tcp->outf != stderr) 587 perror_msg("%s", outfname); 588 } else 589 current_tcp->curcol += n; 590 } 591 } 592 593 void 594 tprintf(const char *fmt, ...) 595 { 596 va_list args; 597 va_start(args, fmt); 598 tvprintf(fmt, args); 599 va_end(args); 600 } 601 602 #ifndef HAVE_FPUTS_UNLOCKED 603 # define fputs_unlocked fputs 604 #endif 605 606 void 607 tprints(const char *str) 608 { 609 if (current_tcp) { 610 int n = fputs_unlocked(str, current_tcp->outf); 611 if (n >= 0) { 612 current_tcp->curcol += strlen(str); 613 return; 614 } 615 if (current_tcp->outf != stderr) 616 perror_msg("%s", outfname); 617 } 618 } 619 620 void 621 tprints_comment(const char *const str) 622 { 623 if (str && *str) 624 tprintf(" /* %s */", str); 625 } 626 627 void 628 tprintf_comment(const char *fmt, ...) 629 { 630 if (!fmt || !*fmt) 631 return; 632 633 va_list args; 634 va_start(args, fmt); 635 tprints(" /* "); 636 tvprintf(fmt, args); 637 tprints(" */"); 638 va_end(args); 639 } 640 641 void 642 line_ended(void) 643 { 644 if (current_tcp) { 645 current_tcp->curcol = 0; 646 fflush(current_tcp->outf); 647 } 648 if (printing_tcp) { 649 printing_tcp->curcol = 0; 650 printing_tcp = NULL; 651 } 652 } 653 654 void 655 printleader(struct tcb *tcp) 656 { 657 /* If -ff, "previous tcb we printed" is always the same as current, 658 * because we have per-tcb output files. 659 */ 660 if (followfork >= 2) 661 printing_tcp = tcp; 662 663 if (printing_tcp) { 664 current_tcp = printing_tcp; 665 if (printing_tcp->curcol != 0 && (followfork < 2 || printing_tcp == tcp)) { 666 /* 667 * case 1: we have a shared log (i.e. not -ff), and last line 668 * wasn't finished (same or different tcb, doesn't matter). 669 * case 2: split log, we are the same tcb, but our last line 670 * didn't finish ("SIGKILL nuked us after syscall entry" etc). 671 */ 672 tprints(" <unfinished ...>\n"); 673 printing_tcp->curcol = 0; 674 } 675 } 676 677 printing_tcp = tcp; 678 current_tcp = tcp; 679 current_tcp->curcol = 0; 680 681 if (print_pid_pfx) 682 tprintf("%-5d ", tcp->pid); 683 else if (nprocs > 1 && !outfname) 684 tprintf("[pid %5u] ", tcp->pid); 685 686 if (tflag) { 687 char str[sizeof("HH:MM:SS")]; 688 struct timeval tv, dtv; 689 static struct timeval otv; 690 691 gettimeofday(&tv, NULL); 692 if (rflag) { 693 if (otv.tv_sec == 0) 694 otv = tv; 695 tv_sub(&dtv, &tv, &otv); 696 tprintf("%6ld.%06ld ", 697 (long) dtv.tv_sec, (long) dtv.tv_usec); 698 otv = tv; 699 } else if (tflag > 2) { 700 tprintf("%ld.%06ld ", 701 (long) tv.tv_sec, (long) tv.tv_usec); 702 } else { 703 time_t local = tv.tv_sec; 704 strftime(str, sizeof(str), "%T", localtime(&local)); 705 if (tflag > 1) 706 tprintf("%s.%06ld ", str, (long) tv.tv_usec); 707 else 708 tprintf("%s ", str); 709 } 710 } 711 if (iflag) 712 print_pc(tcp); 713 } 714 715 void 716 tabto(void) 717 { 718 if (current_tcp->curcol < acolumn) 719 tprints(acolumn_spaces + current_tcp->curcol); 720 } 721 722 /* Should be only called directly *after successful attach* to a tracee. 723 * Otherwise, "strace -oFILE -ff -p<nonexistant_pid>" 724 * may create bogus empty FILE.<nonexistant_pid>, and then die. 725 */ 726 static void 727 newoutf(struct tcb *tcp) 728 { 729 tcp->outf = shared_log; /* if not -ff mode, the same file is for all */ 730 if (followfork >= 2) { 731 char name[520 + sizeof(int) * 3]; 732 sprintf(name, "%.512s.%u", outfname, tcp->pid); 733 tcp->outf = strace_fopen(name); 734 } 735 } 736 737 static void 738 expand_tcbtab(void) 739 { 740 /* Allocate some (more) TCBs (and expand the table). 741 We don't want to relocate the TCBs because our 742 callers have pointers and it would be a pain. 743 So tcbtab is a table of pointers. Since we never 744 free the TCBs, we allocate a single chunk of many. */ 745 unsigned int new_tcbtabsize, alloc_tcbtabsize; 746 struct tcb *newtcbs; 747 748 if (tcbtabsize) { 749 alloc_tcbtabsize = tcbtabsize; 750 new_tcbtabsize = tcbtabsize * 2; 751 } else { 752 new_tcbtabsize = alloc_tcbtabsize = 1; 753 } 754 755 newtcbs = xcalloc(alloc_tcbtabsize, sizeof(newtcbs[0])); 756 tcbtab = xreallocarray(tcbtab, new_tcbtabsize, sizeof(tcbtab[0])); 757 while (tcbtabsize < new_tcbtabsize) 758 tcbtab[tcbtabsize++] = newtcbs++; 759 } 760 761 static struct tcb * 762 alloctcb(int pid) 763 { 764 unsigned int i; 765 struct tcb *tcp; 766 767 if (nprocs == tcbtabsize) 768 expand_tcbtab(); 769 770 for (i = 0; i < tcbtabsize; i++) { 771 tcp = tcbtab[i]; 772 if (!tcp->pid) { 773 memset(tcp, 0, sizeof(*tcp)); 774 tcp->pid = pid; 775 #if SUPPORTED_PERSONALITIES > 1 776 tcp->currpers = current_personality; 777 #endif 778 779 #ifdef USE_LIBUNWIND 780 if (stack_trace_enabled) 781 unwind_tcb_init(tcp); 782 #endif 783 784 nprocs++; 785 if (debug_flag) 786 error_msg("new tcb for pid %d, active tcbs:%d", 787 tcp->pid, nprocs); 788 return tcp; 789 } 790 } 791 error_msg_and_die("bug in alloctcb"); 792 } 793 794 void * 795 get_tcb_priv_data(const struct tcb *tcp) 796 { 797 return tcp->_priv_data; 798 } 799 800 int 801 set_tcb_priv_data(struct tcb *tcp, void *const priv_data, 802 void (*const free_priv_data)(void *)) 803 { 804 if (tcp->_priv_data) 805 return -1; 806 807 tcp->_free_priv_data = free_priv_data; 808 tcp->_priv_data = priv_data; 809 810 return 0; 811 } 812 813 void 814 free_tcb_priv_data(struct tcb *tcp) 815 { 816 if (tcp->_priv_data) { 817 if (tcp->_free_priv_data) { 818 tcp->_free_priv_data(tcp->_priv_data); 819 tcp->_free_priv_data = NULL; 820 } 821 tcp->_priv_data = NULL; 822 } 823 } 824 825 static void 826 droptcb(struct tcb *tcp) 827 { 828 if (tcp->pid == 0) 829 return; 830 831 int p; 832 for (p = 0; p < SUPPORTED_PERSONALITIES; ++p) 833 free(tcp->inject_vec[p]); 834 835 free_tcb_priv_data(tcp); 836 837 #ifdef USE_LIBUNWIND 838 if (stack_trace_enabled) { 839 unwind_tcb_fin(tcp); 840 } 841 #endif 842 843 nprocs--; 844 if (debug_flag) 845 error_msg("dropped tcb for pid %d, %d remain", 846 tcp->pid, nprocs); 847 848 if (tcp->outf) { 849 if (followfork >= 2) { 850 if (tcp->curcol != 0) 851 fprintf(tcp->outf, " <detached ...>\n"); 852 fclose(tcp->outf); 853 } else { 854 if (printing_tcp == tcp && tcp->curcol != 0) 855 fprintf(tcp->outf, " <detached ...>\n"); 856 fflush(tcp->outf); 857 } 858 } 859 860 if (current_tcp == tcp) 861 current_tcp = NULL; 862 if (printing_tcp == tcp) 863 printing_tcp = NULL; 864 865 memset(tcp, 0, sizeof(*tcp)); 866 } 867 868 /* Detach traced process. 869 * Never call DETACH twice on the same process as both unattached and 870 * attached-unstopped processes give the same ESRCH. For unattached process we 871 * would SIGSTOP it and wait for its SIGSTOP notification forever. 872 */ 873 static void 874 detach(struct tcb *tcp) 875 { 876 int error; 877 int status; 878 879 /* 880 * Linux wrongly insists the child be stopped 881 * before detaching. Arghh. We go through hoops 882 * to make a clean break of things. 883 */ 884 885 if (!(tcp->flags & TCB_ATTACHED)) 886 goto drop; 887 888 /* We attached but possibly didn't see the expected SIGSTOP. 889 * We must catch exactly one as otherwise the detached process 890 * would be left stopped (process state T). 891 */ 892 if (tcp->flags & TCB_IGNORE_ONE_SIGSTOP) 893 goto wait_loop; 894 895 error = ptrace(PTRACE_DETACH, tcp->pid, 0, 0); 896 if (!error) { 897 /* On a clear day, you can see forever. */ 898 goto drop; 899 } 900 if (errno != ESRCH) { 901 /* Shouldn't happen. */ 902 perror_msg("detach: ptrace(PTRACE_DETACH,%u)", tcp->pid); 903 goto drop; 904 } 905 /* ESRCH: process is either not stopped or doesn't exist. */ 906 if (my_tkill(tcp->pid, 0) < 0) { 907 if (errno != ESRCH) 908 /* Shouldn't happen. */ 909 perror_msg("detach: tkill(%u,0)", tcp->pid); 910 /* else: process doesn't exist. */ 911 goto drop; 912 } 913 /* Process is not stopped, need to stop it. */ 914 if (use_seize) { 915 /* 916 * With SEIZE, tracee can be in group-stop already. 917 * In this state sending it another SIGSTOP does nothing. 918 * Need to use INTERRUPT. 919 * Testcase: trying to ^C a "strace -p <stopped_process>". 920 */ 921 error = ptrace(PTRACE_INTERRUPT, tcp->pid, 0, 0); 922 if (!error) 923 goto wait_loop; 924 if (errno != ESRCH) 925 perror_msg("detach: ptrace(PTRACE_INTERRUPT,%u)", tcp->pid); 926 } else { 927 error = my_tkill(tcp->pid, SIGSTOP); 928 if (!error) 929 goto wait_loop; 930 if (errno != ESRCH) 931 perror_msg("detach: tkill(%u,SIGSTOP)", tcp->pid); 932 } 933 /* Either process doesn't exist, or some weird error. */ 934 goto drop; 935 936 wait_loop: 937 /* We end up here in three cases: 938 * 1. We sent PTRACE_INTERRUPT (use_seize case) 939 * 2. We sent SIGSTOP (!use_seize) 940 * 3. Attach SIGSTOP was already pending (TCB_IGNORE_ONE_SIGSTOP set) 941 */ 942 for (;;) { 943 unsigned int sig; 944 if (waitpid(tcp->pid, &status, __WALL) < 0) { 945 if (errno == EINTR) 946 continue; 947 /* 948 * if (errno == ECHILD) break; 949 * ^^^ WRONG! We expect this PID to exist, 950 * and want to emit a message otherwise: 951 */ 952 perror_msg("detach: waitpid(%u)", tcp->pid); 953 break; 954 } 955 if (!WIFSTOPPED(status)) { 956 /* 957 * Tracee exited or was killed by signal. 958 * We shouldn't normally reach this place: 959 * we don't want to consume exit status. 960 * Consider "strace -p PID" being ^C-ed: 961 * we want merely to detach from PID. 962 * 963 * However, we _can_ end up here if tracee 964 * was SIGKILLed. 965 */ 966 break; 967 } 968 sig = WSTOPSIG(status); 969 if (debug_flag) 970 error_msg("detach wait: event:%d sig:%d", 971 (unsigned)status >> 16, sig); 972 if (use_seize) { 973 unsigned event = (unsigned)status >> 16; 974 if (event == PTRACE_EVENT_STOP /*&& sig == SIGTRAP*/) { 975 /* 976 * sig == SIGTRAP: PTRACE_INTERRUPT stop. 977 * sig == other: process was already stopped 978 * with this stopping sig (see tests/detach-stopped). 979 * Looks like re-injecting this sig is not necessary 980 * in DETACH for the tracee to remain stopped. 981 */ 982 sig = 0; 983 } 984 /* 985 * PTRACE_INTERRUPT is not guaranteed to produce 986 * the above event if other ptrace-stop is pending. 987 * See tests/detach-sleeping testcase: 988 * strace got SIGINT while tracee is sleeping. 989 * We sent PTRACE_INTERRUPT. 990 * We see syscall exit, not PTRACE_INTERRUPT stop. 991 * We won't get PTRACE_INTERRUPT stop 992 * if we would CONT now. Need to DETACH. 993 */ 994 if (sig == syscall_trap_sig) 995 sig = 0; 996 /* else: not sure in which case we can be here. 997 * Signal stop? Inject it while detaching. 998 */ 999 ptrace_restart(PTRACE_DETACH, tcp, sig); 1000 break; 1001 } 1002 /* Note: this check has to be after use_seize check */ 1003 /* (else, in use_seize case SIGSTOP will be mistreated) */ 1004 if (sig == SIGSTOP) { 1005 /* Detach, suppressing SIGSTOP */ 1006 ptrace_restart(PTRACE_DETACH, tcp, 0); 1007 break; 1008 } 1009 if (sig == syscall_trap_sig) 1010 sig = 0; 1011 /* Can't detach just yet, may need to wait for SIGSTOP */ 1012 error = ptrace_restart(PTRACE_CONT, tcp, sig); 1013 if (error < 0) { 1014 /* Should not happen. 1015 * Note: ptrace_restart returns 0 on ESRCH, so it's not it. 1016 * ptrace_restart already emitted error message. 1017 */ 1018 break; 1019 } 1020 } 1021 1022 drop: 1023 if (!qflag && (tcp->flags & TCB_ATTACHED)) 1024 error_msg("Process %u detached", tcp->pid); 1025 1026 droptcb(tcp); 1027 } 1028 1029 static void 1030 process_opt_p_list(char *opt) 1031 { 1032 while (*opt) { 1033 /* 1034 * We accept -p PID,PID; -p "`pidof PROG`"; -p "`pgrep PROG`". 1035 * pidof uses space as delim, pgrep uses newline. :( 1036 */ 1037 int pid; 1038 char *delim = opt + strcspn(opt, "\n\t ,"); 1039 char c = *delim; 1040 1041 *delim = '\0'; 1042 pid = string_to_uint(opt); 1043 if (pid <= 0) { 1044 error_msg_and_die("Invalid process id: '%s'", opt); 1045 } 1046 if (pid == strace_tracer_pid) { 1047 error_msg_and_die("I'm sorry, I can't let you do that, Dave."); 1048 } 1049 *delim = c; 1050 alloctcb(pid); 1051 if (c == '\0') 1052 break; 1053 opt = delim + 1; 1054 } 1055 } 1056 1057 static void 1058 attach_tcb(struct tcb *const tcp) 1059 { 1060 if (ptrace_attach_or_seize(tcp->pid) < 0) { 1061 perror_msg("attach: ptrace(%s, %d)", 1062 ptrace_attach_cmd, tcp->pid); 1063 droptcb(tcp); 1064 return; 1065 } 1066 1067 tcp->flags |= TCB_ATTACHED | TCB_STARTUP | post_attach_sigstop; 1068 newoutf(tcp); 1069 if (debug_flag) 1070 error_msg("attach to pid %d (main) succeeded", tcp->pid); 1071 1072 char procdir[sizeof("/proc/%d/task") + sizeof(int) * 3]; 1073 DIR *dir; 1074 unsigned int ntid = 0, nerr = 0; 1075 1076 if (followfork && tcp->pid != strace_child && 1077 sprintf(procdir, "/proc/%d/task", tcp->pid) > 0 && 1078 (dir = opendir(procdir)) != NULL) { 1079 struct_dirent *de; 1080 1081 while ((de = read_dir(dir)) != NULL) { 1082 if (de->d_fileno == 0) 1083 continue; 1084 1085 int tid = string_to_uint(de->d_name); 1086 if (tid <= 0 || tid == tcp->pid) 1087 continue; 1088 1089 ++ntid; 1090 if (ptrace_attach_or_seize(tid) < 0) { 1091 ++nerr; 1092 if (debug_flag) 1093 perror_msg("attach: ptrace(%s, %d)", 1094 ptrace_attach_cmd, tid); 1095 continue; 1096 } 1097 if (debug_flag) 1098 error_msg("attach to pid %d succeeded", tid); 1099 1100 struct tcb *tid_tcp = alloctcb(tid); 1101 tid_tcp->flags |= TCB_ATTACHED | TCB_STARTUP | 1102 post_attach_sigstop; 1103 newoutf(tid_tcp); 1104 } 1105 1106 closedir(dir); 1107 } 1108 1109 if (!qflag) { 1110 if (ntid > nerr) 1111 error_msg("Process %u attached" 1112 " with %u threads", 1113 tcp->pid, ntid - nerr + 1); 1114 else 1115 error_msg("Process %u attached", 1116 tcp->pid); 1117 } 1118 } 1119 1120 static void 1121 startup_attach(void) 1122 { 1123 pid_t parent_pid = strace_tracer_pid; 1124 unsigned int tcbi; 1125 struct tcb *tcp; 1126 1127 /* 1128 * Block user interruptions as we would leave the traced 1129 * process stopped (process state T) if we would terminate in 1130 * between PTRACE_ATTACH and wait4() on SIGSTOP. 1131 * We rely on cleanup() from this point on. 1132 */ 1133 if (interactive) 1134 sigprocmask(SIG_SETMASK, &blocked_set, NULL); 1135 1136 if (daemonized_tracer) { 1137 pid_t pid = fork(); 1138 if (pid < 0) { 1139 perror_msg_and_die("fork"); 1140 } 1141 if (pid) { /* parent */ 1142 /* 1143 * Wait for grandchild to attach to straced process 1144 * (grandparent). Grandchild SIGKILLs us after it attached. 1145 * Grandparent's wait() is unblocked by our death, 1146 * it proceeds to exec the straced program. 1147 */ 1148 pause(); 1149 _exit(0); /* paranoia */ 1150 } 1151 /* grandchild */ 1152 /* We will be the tracer process. Remember our new pid: */ 1153 strace_tracer_pid = getpid(); 1154 } 1155 1156 for (tcbi = 0; tcbi < tcbtabsize; tcbi++) { 1157 tcp = tcbtab[tcbi]; 1158 1159 if (!tcp->pid) 1160 continue; 1161 1162 /* Is this a process we should attach to, but not yet attached? */ 1163 if (tcp->flags & TCB_ATTACHED) 1164 continue; /* no, we already attached it */ 1165 1166 if (tcp->pid == parent_pid || tcp->pid == strace_tracer_pid) { 1167 errno = EPERM; 1168 perror_msg("attach: pid %d", tcp->pid); 1169 droptcb(tcp); 1170 continue; 1171 } 1172 1173 attach_tcb(tcp); 1174 1175 if (interactive) { 1176 sigprocmask(SIG_SETMASK, &start_set, NULL); 1177 if (interrupted) 1178 goto ret; 1179 sigprocmask(SIG_SETMASK, &blocked_set, NULL); 1180 } 1181 } /* for each tcbtab[] */ 1182 1183 if (daemonized_tracer) { 1184 /* 1185 * Make parent go away. 1186 * Also makes grandparent's wait() unblock. 1187 */ 1188 kill(parent_pid, SIGKILL); 1189 strace_child = 0; 1190 } 1191 1192 ret: 1193 if (interactive) 1194 sigprocmask(SIG_SETMASK, &start_set, NULL); 1195 } 1196 1197 /* Stack-o-phobic exec helper, in the hope to work around 1198 * NOMMU + "daemonized tracer" difficulty. 1199 */ 1200 struct exec_params { 1201 int fd_to_close; 1202 uid_t run_euid; 1203 gid_t run_egid; 1204 char **argv; 1205 char *pathname; 1206 struct sigaction child_sa; 1207 }; 1208 static struct exec_params params_for_tracee; 1209 1210 static void ATTRIBUTE_NOINLINE ATTRIBUTE_NORETURN 1211 exec_or_die(void) 1212 { 1213 struct exec_params *params = ¶ms_for_tracee; 1214 1215 if (params->fd_to_close >= 0) 1216 close(params->fd_to_close); 1217 if (!daemonized_tracer && !use_seize) { 1218 if (ptrace(PTRACE_TRACEME, 0L, 0L, 0L) < 0) { 1219 perror_msg_and_die("ptrace(PTRACE_TRACEME, ...)"); 1220 } 1221 } 1222 1223 if (username != NULL) { 1224 /* 1225 * It is important to set groups before we 1226 * lose privileges on setuid. 1227 */ 1228 if (initgroups(username, run_gid) < 0) { 1229 perror_msg_and_die("initgroups"); 1230 } 1231 if (setregid(run_gid, params->run_egid) < 0) { 1232 perror_msg_and_die("setregid"); 1233 } 1234 if (setreuid(run_uid, params->run_euid) < 0) { 1235 perror_msg_and_die("setreuid"); 1236 } 1237 } else if (geteuid() != 0) 1238 if (setreuid(run_uid, run_uid) < 0) { 1239 perror_msg_and_die("setreuid"); 1240 } 1241 1242 if (!daemonized_tracer) { 1243 /* 1244 * Induce a ptrace stop. Tracer (our parent) 1245 * will resume us with PTRACE_SYSCALL and display 1246 * the immediately following execve syscall. 1247 * Can't do this on NOMMU systems, we are after 1248 * vfork: parent is blocked, stopping would deadlock. 1249 */ 1250 if (!NOMMU_SYSTEM) 1251 kill(getpid(), SIGSTOP); 1252 } else { 1253 alarm(3); 1254 /* we depend on SIGCHLD set to SIG_DFL by init code */ 1255 /* if it happens to be SIG_IGN'ed, wait won't block */ 1256 wait(NULL); 1257 alarm(0); 1258 } 1259 1260 if (params_for_tracee.child_sa.sa_handler != SIG_DFL) 1261 sigaction(SIGCHLD, ¶ms_for_tracee.child_sa, NULL); 1262 1263 execv(params->pathname, params->argv); 1264 perror_msg_and_die("exec"); 1265 } 1266 1267 /* 1268 * Open a dummy descriptor for use as a placeholder. 1269 * The descriptor is O_RDONLY with FD_CLOEXEC flag set. 1270 * A read attempt from such descriptor ends with EOF, 1271 * a write attempt is rejected with EBADF. 1272 */ 1273 static int 1274 open_dummy_desc(void) 1275 { 1276 int fds[2]; 1277 1278 if (pipe(fds)) 1279 perror_msg_and_die("pipe"); 1280 close(fds[1]); 1281 set_cloexec_flag(fds[0]); 1282 return fds[0]; 1283 } 1284 1285 /* placeholder fds status for stdin and stdout */ 1286 static bool fd_is_placeholder[2]; 1287 1288 /* 1289 * Ensure that all standard file descriptors are open by opening placeholder 1290 * file descriptors for those standard file descriptors that are not open. 1291 * 1292 * The information which descriptors have been made open is saved 1293 * in fd_is_placeholder for later use. 1294 */ 1295 static void 1296 ensure_standard_fds_opened(void) 1297 { 1298 int fd; 1299 1300 while ((fd = open_dummy_desc()) <= 2) { 1301 if (fd == 2) 1302 break; 1303 fd_is_placeholder[fd] = true; 1304 } 1305 1306 if (fd > 2) 1307 close(fd); 1308 } 1309 1310 /* 1311 * Redirect stdin and stdout unless they have been opened earlier 1312 * by ensure_standard_fds_opened as placeholders. 1313 */ 1314 static void 1315 redirect_standard_fds(void) 1316 { 1317 int i; 1318 1319 /* 1320 * It might be a good idea to redirect stderr as well, 1321 * but we sometimes need to print error messages. 1322 */ 1323 for (i = 0; i <= 1; ++i) { 1324 if (!fd_is_placeholder[i]) { 1325 close(i); 1326 open_dummy_desc(); 1327 } 1328 } 1329 } 1330 1331 static void 1332 startup_child(char **argv) 1333 { 1334 struct_stat statbuf; 1335 const char *filename; 1336 size_t filename_len; 1337 char pathname[PATH_MAX]; 1338 int pid; 1339 struct tcb *tcp; 1340 1341 filename = argv[0]; 1342 filename_len = strlen(filename); 1343 1344 if (filename_len > sizeof(pathname) - 1) { 1345 errno = ENAMETOOLONG; 1346 perror_msg_and_die("exec"); 1347 } 1348 if (strchr(filename, '/')) { 1349 strcpy(pathname, filename); 1350 } 1351 #ifdef USE_DEBUGGING_EXEC 1352 /* 1353 * Debuggers customarily check the current directory 1354 * first regardless of the path but doing that gives 1355 * security geeks a panic attack. 1356 */ 1357 else if (stat_file(filename, &statbuf) == 0) 1358 strcpy(pathname, filename); 1359 #endif /* USE_DEBUGGING_EXEC */ 1360 else { 1361 const char *path; 1362 size_t m, n, len; 1363 1364 for (path = getenv("PATH"); path && *path; path += m) { 1365 const char *colon = strchr(path, ':'); 1366 if (colon) { 1367 n = colon - path; 1368 m = n + 1; 1369 } else 1370 m = n = strlen(path); 1371 if (n == 0) { 1372 if (!getcwd(pathname, PATH_MAX)) 1373 continue; 1374 len = strlen(pathname); 1375 } else if (n > sizeof(pathname) - 1) 1376 continue; 1377 else { 1378 strncpy(pathname, path, n); 1379 len = n; 1380 } 1381 if (len && pathname[len - 1] != '/') 1382 pathname[len++] = '/'; 1383 if (filename_len + len > sizeof(pathname) - 1) 1384 continue; 1385 strcpy(pathname + len, filename); 1386 if (stat_file(pathname, &statbuf) == 0 && 1387 /* Accept only regular files 1388 with some execute bits set. 1389 XXX not perfect, might still fail */ 1390 S_ISREG(statbuf.st_mode) && 1391 (statbuf.st_mode & 0111)) 1392 break; 1393 } 1394 if (!path || !*path) 1395 pathname[0] = '\0'; 1396 } 1397 if (stat_file(pathname, &statbuf) < 0) { 1398 perror_msg_and_die("Can't stat '%s'", filename); 1399 } 1400 1401 params_for_tracee.fd_to_close = (shared_log != stderr) ? fileno(shared_log) : -1; 1402 params_for_tracee.run_euid = (statbuf.st_mode & S_ISUID) ? statbuf.st_uid : run_uid; 1403 params_for_tracee.run_egid = (statbuf.st_mode & S_ISGID) ? statbuf.st_gid : run_gid; 1404 params_for_tracee.argv = argv; 1405 /* 1406 * On NOMMU, can be safely freed only after execve in tracee. 1407 * It's hard to know when that happens, so we just leak it. 1408 */ 1409 params_for_tracee.pathname = NOMMU_SYSTEM ? xstrdup(pathname) : pathname; 1410 1411 #if defined HAVE_PRCTL && defined PR_SET_PTRACER && defined PR_SET_PTRACER_ANY 1412 if (daemonized_tracer) 1413 prctl(PR_SET_PTRACER, PR_SET_PTRACER_ANY); 1414 #endif 1415 1416 pid = fork(); 1417 if (pid < 0) { 1418 perror_msg_and_die("fork"); 1419 } 1420 if ((pid != 0 && daemonized_tracer) 1421 || (pid == 0 && !daemonized_tracer) 1422 ) { 1423 /* We are to become the tracee. Two cases: 1424 * -D: we are parent 1425 * not -D: we are child 1426 */ 1427 exec_or_die(); 1428 } 1429 1430 /* We are the tracer */ 1431 1432 if (!daemonized_tracer) { 1433 strace_child = pid; 1434 if (!use_seize) { 1435 /* child did PTRACE_TRACEME, nothing to do in parent */ 1436 } else { 1437 if (!NOMMU_SYSTEM) { 1438 /* Wait until child stopped itself */ 1439 int status; 1440 while (waitpid(pid, &status, WSTOPPED) < 0) { 1441 if (errno == EINTR) 1442 continue; 1443 perror_msg_and_die("waitpid"); 1444 } 1445 if (!WIFSTOPPED(status) || WSTOPSIG(status) != SIGSTOP) { 1446 kill_save_errno(pid, SIGKILL); 1447 perror_msg_and_die("Unexpected wait status %#x", 1448 status); 1449 } 1450 } 1451 /* Else: NOMMU case, we have no way to sync. 1452 * Just attach to it as soon as possible. 1453 * This means that we may miss a few first syscalls... 1454 */ 1455 1456 if (ptrace_attach_or_seize(pid)) { 1457 kill_save_errno(pid, SIGKILL); 1458 perror_msg_and_die("attach: ptrace(%s, %d)", 1459 ptrace_attach_cmd, pid); 1460 } 1461 if (!NOMMU_SYSTEM) 1462 kill(pid, SIGCONT); 1463 } 1464 tcp = alloctcb(pid); 1465 tcp->flags |= TCB_ATTACHED | TCB_STARTUP 1466 | TCB_SKIP_DETACH_ON_FIRST_EXEC 1467 | (NOMMU_SYSTEM ? 0 : (TCB_HIDE_LOG | post_attach_sigstop)); 1468 newoutf(tcp); 1469 } else { 1470 /* With -D, we are *child* here, the tracee is our parent. */ 1471 strace_child = strace_tracer_pid; 1472 strace_tracer_pid = getpid(); 1473 tcp = alloctcb(strace_child); 1474 tcp->flags |= TCB_SKIP_DETACH_ON_FIRST_EXEC | TCB_HIDE_LOG; 1475 /* attaching will be done later, by startup_attach */ 1476 /* note: we don't do newoutf(tcp) here either! */ 1477 1478 /* NOMMU BUG! -D mode is active, we (child) return, 1479 * and we will scribble over parent's stack! 1480 * When parent later unpauses, it segfaults. 1481 * 1482 * We work around it 1483 * (1) by declaring exec_or_die() NORETURN, 1484 * hopefully compiler will just jump to it 1485 * instead of call (won't push anything to stack), 1486 * (2) by trying very hard in exec_or_die() 1487 * to not use any stack, 1488 * (3) having a really big (PATH_MAX) stack object 1489 * in this function, which creates a "buffer" between 1490 * child's and parent's stack pointers. 1491 * This may save us if (1) and (2) failed 1492 * and compiler decided to use stack in exec_or_die() anyway 1493 * (happens on i386 because of stack parameter passing). 1494 * 1495 * A cleaner solution is to use makecontext + setcontext 1496 * to create a genuine separate stack and execute on it. 1497 */ 1498 } 1499 /* 1500 * A case where straced process is part of a pipe: 1501 * { sleep 1; yes | head -n99999; } | strace -o/dev/null sh -c 'exec <&-; sleep 9' 1502 * If strace won't close its fd#0, closing it in tracee is not enough: 1503 * the pipe is still open, it has a reader. Thus, "head" will not get its 1504 * SIGPIPE at once, on the first write. 1505 * 1506 * Preventing it by redirecting strace's stdin/out. 1507 * (Don't leave fds 0 and 1 closed, this is bad practice: future opens 1508 * will reuse them, unexpectedly making a newly opened object "stdin"). 1509 */ 1510 redirect_standard_fds(); 1511 } 1512 1513 #if USE_SEIZE 1514 static void 1515 test_ptrace_seize(void) 1516 { 1517 int pid; 1518 1519 /* Need fork for test. NOMMU has no forks */ 1520 if (NOMMU_SYSTEM) { 1521 post_attach_sigstop = 0; /* this sets use_seize to 1 */ 1522 return; 1523 } 1524 1525 pid = fork(); 1526 if (pid < 0) 1527 perror_msg_and_die("fork"); 1528 1529 if (pid == 0) { 1530 pause(); 1531 _exit(0); 1532 } 1533 1534 /* PTRACE_SEIZE, unlike ATTACH, doesn't force tracee to trap. After 1535 * attaching tracee continues to run unless a trap condition occurs. 1536 * PTRACE_SEIZE doesn't affect signal or group stop state. 1537 */ 1538 if (ptrace(PTRACE_SEIZE, pid, 0, 0) == 0) { 1539 post_attach_sigstop = 0; /* this sets use_seize to 1 */ 1540 } else if (debug_flag) { 1541 error_msg("PTRACE_SEIZE doesn't work"); 1542 } 1543 1544 kill(pid, SIGKILL); 1545 1546 while (1) { 1547 int status, tracee_pid; 1548 1549 errno = 0; 1550 tracee_pid = waitpid(pid, &status, 0); 1551 if (tracee_pid <= 0) { 1552 if (errno == EINTR) 1553 continue; 1554 perror_msg_and_die("%s: unexpected wait result %d", 1555 __func__, tracee_pid); 1556 } 1557 if (WIFSIGNALED(status)) { 1558 return; 1559 } 1560 error_msg_and_die("%s: unexpected wait status %#x", 1561 __func__, status); 1562 } 1563 } 1564 #else /* !USE_SEIZE */ 1565 # define test_ptrace_seize() ((void)0) 1566 #endif 1567 1568 static unsigned 1569 get_os_release(void) 1570 { 1571 unsigned rel; 1572 const char *p; 1573 struct utsname u; 1574 if (uname(&u) < 0) 1575 perror_msg_and_die("uname"); 1576 /* u.release has this form: "3.2.9[-some-garbage]" */ 1577 rel = 0; 1578 p = u.release; 1579 for (;;) { 1580 if (!(*p >= '0' && *p <= '9')) 1581 error_msg_and_die("Bad OS release string: '%s'", u.release); 1582 /* Note: this open-codes KERNEL_VERSION(): */ 1583 rel = (rel << 8) | atoi(p); 1584 if (rel >= KERNEL_VERSION(1, 0, 0)) 1585 break; 1586 while (*p >= '0' && *p <= '9') 1587 p++; 1588 if (*p != '.') { 1589 if (rel >= KERNEL_VERSION(0, 1, 0)) { 1590 /* "X.Y-something" means "X.Y.0" */ 1591 rel <<= 8; 1592 break; 1593 } 1594 error_msg_and_die("Bad OS release string: '%s'", u.release); 1595 } 1596 p++; 1597 } 1598 return rel; 1599 } 1600 1601 static void 1602 set_sigaction(int signo, void (*sighandler)(int), struct sigaction *oldact) 1603 { 1604 /* if signal handler is a function, add the signal to blocked_set */ 1605 if (sighandler != SIG_IGN && sighandler != SIG_DFL) 1606 sigaddset(&blocked_set, signo); 1607 1608 const struct sigaction sa = { .sa_handler = sighandler }; 1609 sigaction(signo, &sa, oldact); 1610 } 1611 1612 /* 1613 * Initialization part of main() was eating much stack (~0.5k), 1614 * which was unused after init. 1615 * We can reuse it if we move init code into a separate function. 1616 * 1617 * Don't want main() to inline us and defeat the reason 1618 * we have a separate function. 1619 */ 1620 static void ATTRIBUTE_NOINLINE 1621 init(int argc, char *argv[]) 1622 { 1623 int c, i; 1624 int optF = 0; 1625 1626 if (!program_invocation_name || !*program_invocation_name) { 1627 static char name[] = "strace"; 1628 program_invocation_name = 1629 (argv[0] && *argv[0]) ? argv[0] : name; 1630 } 1631 1632 strace_tracer_pid = getpid(); 1633 1634 os_release = get_os_release(); 1635 1636 shared_log = stderr; 1637 set_sortby(DEFAULT_SORTBY); 1638 set_personality(DEFAULT_PERSONALITY); 1639 qualify("trace=all"); 1640 qualify("abbrev=all"); 1641 qualify("verbose=all"); 1642 #if DEFAULT_QUAL_FLAGS != (QUAL_TRACE | QUAL_ABBREV | QUAL_VERBOSE) 1643 # error Bug in DEFAULT_QUAL_FLAGS 1644 #endif 1645 qualify("signal=all"); 1646 while ((c = getopt(argc, argv, 1647 "+b:cCdfFhiqrtTvVwxyz" 1648 #ifdef USE_LIBUNWIND 1649 "k" 1650 #endif 1651 "D" 1652 "a:e:o:O:p:s:S:u:E:P:I:")) != EOF) { 1653 switch (c) { 1654 case 'b': 1655 if (strcmp(optarg, "execve") != 0) 1656 error_msg_and_die("Syscall '%s' for -b isn't supported", 1657 optarg); 1658 detach_on_execve = 1; 1659 break; 1660 case 'c': 1661 if (cflag == CFLAG_BOTH) { 1662 error_msg_and_help("-c and -C are mutually exclusive"); 1663 } 1664 cflag = CFLAG_ONLY_STATS; 1665 break; 1666 case 'C': 1667 if (cflag == CFLAG_ONLY_STATS) { 1668 error_msg_and_help("-c and -C are mutually exclusive"); 1669 } 1670 cflag = CFLAG_BOTH; 1671 break; 1672 case 'd': 1673 debug_flag = 1; 1674 break; 1675 case 'D': 1676 daemonized_tracer = 1; 1677 break; 1678 case 'F': 1679 optF = 1; 1680 break; 1681 case 'f': 1682 followfork++; 1683 break; 1684 case 'h': 1685 usage(); 1686 break; 1687 case 'i': 1688 iflag = 1; 1689 break; 1690 case 'q': 1691 qflag++; 1692 break; 1693 case 'r': 1694 rflag = 1; 1695 break; 1696 case 't': 1697 tflag++; 1698 break; 1699 case 'T': 1700 Tflag = 1; 1701 break; 1702 case 'w': 1703 count_wallclock = 1; 1704 break; 1705 case 'x': 1706 xflag++; 1707 break; 1708 case 'y': 1709 show_fd_path++; 1710 break; 1711 case 'v': 1712 qualify("abbrev=none"); 1713 break; 1714 case 'V': 1715 print_version(); 1716 exit(0); 1717 break; 1718 case 'z': 1719 not_failing_only = 1; 1720 break; 1721 case 'a': 1722 acolumn = string_to_uint(optarg); 1723 if (acolumn < 0) 1724 error_opt_arg(c, optarg); 1725 break; 1726 case 'e': 1727 qualify(optarg); 1728 break; 1729 case 'o': 1730 outfname = xstrdup(optarg); 1731 break; 1732 case 'O': 1733 i = string_to_uint(optarg); 1734 if (i < 0) 1735 error_opt_arg(c, optarg); 1736 set_overhead(i); 1737 break; 1738 case 'p': 1739 process_opt_p_list(optarg); 1740 break; 1741 case 'P': 1742 pathtrace_select(optarg); 1743 break; 1744 case 's': 1745 i = string_to_uint(optarg); 1746 if (i < 0 || (unsigned int) i > -1U / 4) 1747 error_opt_arg(c, optarg); 1748 max_strlen = i; 1749 break; 1750 case 'S': 1751 set_sortby(optarg); 1752 break; 1753 case 'u': 1754 username = xstrdup(optarg); 1755 break; 1756 #ifdef USE_LIBUNWIND 1757 case 'k': 1758 stack_trace_enabled = true; 1759 break; 1760 #endif 1761 case 'E': 1762 if (putenv(optarg) < 0) 1763 perror_msg_and_die("putenv"); 1764 break; 1765 case 'I': 1766 opt_intr = string_to_uint_upto(optarg, NUM_INTR_OPTS - 1); 1767 if (opt_intr <= 0) 1768 error_opt_arg(c, optarg); 1769 break; 1770 default: 1771 error_msg_and_help(NULL); 1772 break; 1773 } 1774 } 1775 1776 argv += optind; 1777 argc -= optind; 1778 1779 if (argc < 0 || (!argv[0] && !nprocs)) { 1780 error_msg_and_help("must have PROG [ARGS] or -p PID"); 1781 } 1782 1783 if (!argv[0] && daemonized_tracer) { 1784 error_msg_and_help("PROG [ARGS] must be specified with -D"); 1785 } 1786 1787 if (!followfork) 1788 followfork = optF; 1789 1790 if (followfork >= 2 && cflag) { 1791 error_msg_and_help("(-c or -C) and -ff are mutually exclusive"); 1792 } 1793 1794 if (count_wallclock && !cflag) { 1795 error_msg_and_help("-w must be given with (-c or -C)"); 1796 } 1797 1798 if (cflag == CFLAG_ONLY_STATS) { 1799 if (iflag) 1800 error_msg("-%c has no effect with -c", 'i'); 1801 #ifdef USE_LIBUNWIND 1802 if (stack_trace_enabled) 1803 error_msg("-%c has no effect with -c", 'k'); 1804 #endif 1805 if (rflag) 1806 error_msg("-%c has no effect with -c", 'r'); 1807 if (tflag) 1808 error_msg("-%c has no effect with -c", 't'); 1809 if (Tflag) 1810 error_msg("-%c has no effect with -c", 'T'); 1811 if (show_fd_path) 1812 error_msg("-%c has no effect with -c", 'y'); 1813 } 1814 1815 if (rflag) { 1816 if (tflag > 1) 1817 error_msg("-tt has no effect with -r"); 1818 tflag = 1; 1819 } 1820 1821 acolumn_spaces = xmalloc(acolumn + 1); 1822 memset(acolumn_spaces, ' ', acolumn); 1823 acolumn_spaces[acolumn] = '\0'; 1824 1825 sigprocmask(SIG_SETMASK, NULL, &start_set); 1826 memcpy(&blocked_set, &start_set, sizeof(blocked_set)); 1827 1828 set_sigaction(SIGCHLD, SIG_DFL, ¶ms_for_tracee.child_sa); 1829 1830 #ifdef USE_LIBUNWIND 1831 if (stack_trace_enabled) { 1832 unsigned int tcbi; 1833 1834 unwind_init(); 1835 for (tcbi = 0; tcbi < tcbtabsize; ++tcbi) { 1836 unwind_tcb_init(tcbtab[tcbi]); 1837 } 1838 } 1839 #endif 1840 1841 /* See if they want to run as another user. */ 1842 if (username != NULL) { 1843 struct passwd *pent; 1844 1845 if (getuid() != 0 || geteuid() != 0) { 1846 error_msg_and_die("You must be root to use the -u option"); 1847 } 1848 pent = getpwnam(username); 1849 if (pent == NULL) { 1850 error_msg_and_die("Cannot find user '%s'", username); 1851 } 1852 run_uid = pent->pw_uid; 1853 run_gid = pent->pw_gid; 1854 } else { 1855 run_uid = getuid(); 1856 run_gid = getgid(); 1857 } 1858 1859 if (followfork) 1860 ptrace_setoptions |= PTRACE_O_TRACECLONE | 1861 PTRACE_O_TRACEFORK | 1862 PTRACE_O_TRACEVFORK; 1863 if (debug_flag) 1864 error_msg("ptrace_setoptions = %#x", ptrace_setoptions); 1865 test_ptrace_seize(); 1866 1867 /* 1868 * Is something weird with our stdin and/or stdout - 1869 * for example, may they be not open? In this case, 1870 * ensure that none of the future opens uses them. 1871 * 1872 * This was seen in the wild when /proc/sys/kernel/core_pattern 1873 * was set to "|/bin/strace -o/tmp/LOG PROG": 1874 * kernel runs coredump helper with fd#0 open but fd#1 closed (!), 1875 * therefore LOG gets opened to fd#1, and fd#1 is closed by 1876 * "don't hold up stdin/out open" code soon after. 1877 */ 1878 ensure_standard_fds_opened(); 1879 1880 /* Check if they want to redirect the output. */ 1881 if (outfname) { 1882 /* See if they want to pipe the output. */ 1883 if (outfname[0] == '|' || outfname[0] == '!') { 1884 /* 1885 * We can't do the <outfname>.PID funny business 1886 * when using popen, so prohibit it. 1887 */ 1888 if (followfork >= 2) 1889 error_msg_and_help("piping the output and -ff are mutually exclusive"); 1890 shared_log = strace_popen(outfname + 1); 1891 } else if (followfork < 2) 1892 shared_log = strace_fopen(outfname); 1893 } else { 1894 /* -ff without -o FILE is the same as single -f */ 1895 if (followfork >= 2) 1896 followfork = 1; 1897 } 1898 1899 if (!outfname || outfname[0] == '|' || outfname[0] == '!') { 1900 setvbuf(shared_log, NULL, _IOLBF, 0); 1901 } 1902 1903 /* 1904 * argv[0] -pPID -oFILE Default interactive setting 1905 * yes * 0 INTR_WHILE_WAIT 1906 * no 1 0 INTR_WHILE_WAIT 1907 * yes * 1 INTR_NEVER 1908 * no 1 1 INTR_WHILE_WAIT 1909 */ 1910 1911 if (outfname && argv[0]) { 1912 if (!opt_intr) 1913 opt_intr = INTR_NEVER; 1914 if (!qflag) 1915 qflag = 1; 1916 } 1917 if (!opt_intr) 1918 opt_intr = INTR_WHILE_WAIT; 1919 1920 /* 1921 * startup_child() must be called before the signal handlers get 1922 * installed below as they are inherited into the spawned process. 1923 * Also we do not need to be protected by them as during interruption 1924 * in the startup_child() mode we kill the spawned process anyway. 1925 */ 1926 if (argv[0]) { 1927 startup_child(argv); 1928 } 1929 1930 set_sigaction(SIGTTOU, SIG_IGN, NULL); 1931 set_sigaction(SIGTTIN, SIG_IGN, NULL); 1932 if (opt_intr != INTR_ANYWHERE) { 1933 if (opt_intr == INTR_BLOCK_TSTP_TOO) 1934 set_sigaction(SIGTSTP, SIG_IGN, NULL); 1935 /* 1936 * In interactive mode (if no -o OUTFILE, or -p PID is used), 1937 * fatal signals are blocked while syscall stop is processed, 1938 * and acted on in between, when waiting for new syscall stops. 1939 * In non-interactive mode, signals are ignored. 1940 */ 1941 set_sigaction(SIGHUP, interactive ? interrupt : SIG_IGN, NULL); 1942 set_sigaction(SIGINT, interactive ? interrupt : SIG_IGN, NULL); 1943 set_sigaction(SIGQUIT, interactive ? interrupt : SIG_IGN, NULL); 1944 set_sigaction(SIGPIPE, interactive ? interrupt : SIG_IGN, NULL); 1945 set_sigaction(SIGTERM, interactive ? interrupt : SIG_IGN, NULL); 1946 } 1947 1948 if (nprocs != 0 || daemonized_tracer) 1949 startup_attach(); 1950 1951 /* Do we want pids printed in our -o OUTFILE? 1952 * -ff: no (every pid has its own file); or 1953 * -f: yes (there can be more pids in the future); or 1954 * -p PID1,PID2: yes (there are already more than one pid) 1955 */ 1956 print_pid_pfx = (outfname && followfork < 2 && (followfork == 1 || nprocs > 1)); 1957 } 1958 1959 static struct tcb * 1960 pid2tcb(int pid) 1961 { 1962 unsigned int i; 1963 1964 if (pid <= 0) 1965 return NULL; 1966 1967 for (i = 0; i < tcbtabsize; i++) { 1968 struct tcb *tcp = tcbtab[i]; 1969 if (tcp->pid == pid) 1970 return tcp; 1971 } 1972 1973 return NULL; 1974 } 1975 1976 static void 1977 cleanup(void) 1978 { 1979 unsigned int i; 1980 struct tcb *tcp; 1981 int fatal_sig; 1982 1983 /* 'interrupted' is a volatile object, fetch it only once */ 1984 fatal_sig = interrupted; 1985 if (!fatal_sig) 1986 fatal_sig = SIGTERM; 1987 1988 for (i = 0; i < tcbtabsize; i++) { 1989 tcp = tcbtab[i]; 1990 if (!tcp->pid) 1991 continue; 1992 if (debug_flag) 1993 error_msg("cleanup: looking at pid %u", tcp->pid); 1994 if (tcp->pid == strace_child) { 1995 kill(tcp->pid, SIGCONT); 1996 kill(tcp->pid, fatal_sig); 1997 } 1998 detach(tcp); 1999 } 2000 if (cflag) 2001 call_summary(shared_log); 2002 } 2003 2004 static void 2005 interrupt(int sig) 2006 { 2007 interrupted = sig; 2008 } 2009 2010 static void 2011 print_debug_info(const int pid, int status) 2012 { 2013 const unsigned int event = (unsigned int) status >> 16; 2014 char buf[sizeof("WIFEXITED,exitcode=%u") + sizeof(int)*3 /*paranoia:*/ + 16]; 2015 char evbuf[sizeof(",EVENT_VFORK_DONE (%u)") + sizeof(int)*3 /*paranoia:*/ + 16]; 2016 2017 strcpy(buf, "???"); 2018 if (WIFSIGNALED(status)) 2019 #ifdef WCOREDUMP 2020 sprintf(buf, "WIFSIGNALED,%ssig=%s", 2021 WCOREDUMP(status) ? "core," : "", 2022 signame(WTERMSIG(status))); 2023 #else 2024 sprintf(buf, "WIFSIGNALED,sig=%s", 2025 signame(WTERMSIG(status))); 2026 #endif 2027 if (WIFEXITED(status)) 2028 sprintf(buf, "WIFEXITED,exitcode=%u", WEXITSTATUS(status)); 2029 if (WIFSTOPPED(status)) 2030 sprintf(buf, "WIFSTOPPED,sig=%s", signame(WSTOPSIG(status))); 2031 evbuf[0] = '\0'; 2032 if (event != 0) { 2033 static const char *const event_names[] = { 2034 [PTRACE_EVENT_CLONE] = "CLONE", 2035 [PTRACE_EVENT_FORK] = "FORK", 2036 [PTRACE_EVENT_VFORK] = "VFORK", 2037 [PTRACE_EVENT_VFORK_DONE] = "VFORK_DONE", 2038 [PTRACE_EVENT_EXEC] = "EXEC", 2039 [PTRACE_EVENT_EXIT] = "EXIT", 2040 /* [PTRACE_EVENT_STOP (=128)] would make biggish array */ 2041 }; 2042 const char *e = "??"; 2043 if (event < ARRAY_SIZE(event_names)) 2044 e = event_names[event]; 2045 else if (event == PTRACE_EVENT_STOP) 2046 e = "STOP"; 2047 sprintf(evbuf, ",EVENT_%s (%u)", e, event); 2048 } 2049 error_msg("[wait(0x%06x) = %u] %s%s", status, pid, buf, evbuf); 2050 } 2051 2052 static struct tcb * 2053 maybe_allocate_tcb(const int pid, int status) 2054 { 2055 if (!WIFSTOPPED(status)) { 2056 if (detach_on_execve && pid == strace_child) { 2057 /* example: strace -bexecve sh -c 'exec true' */ 2058 strace_child = 0; 2059 return NULL; 2060 } 2061 /* 2062 * This can happen if we inherited an unknown child. 2063 * Example: (sleep 1 & exec strace true) 2064 */ 2065 error_msg("Exit of unknown pid %u ignored", pid); 2066 return NULL; 2067 } 2068 if (followfork) { 2069 /* We assume it's a fork/vfork/clone child */ 2070 struct tcb *tcp = alloctcb(pid); 2071 tcp->flags |= TCB_ATTACHED | TCB_STARTUP | post_attach_sigstop; 2072 newoutf(tcp); 2073 if (!qflag) 2074 error_msg("Process %d attached", pid); 2075 return tcp; 2076 } else { 2077 /* This can happen if a clone call used 2078 * CLONE_PTRACE itself. 2079 */ 2080 ptrace(PTRACE_CONT, pid, NULL, 0); 2081 error_msg("Stop of unknown pid %u seen, PTRACE_CONTed it", pid); 2082 return NULL; 2083 } 2084 } 2085 2086 static struct tcb * 2087 maybe_switch_tcbs(struct tcb *tcp, const int pid) 2088 { 2089 FILE *fp; 2090 struct tcb *execve_thread; 2091 long old_pid = 0; 2092 2093 if (ptrace(PTRACE_GETEVENTMSG, pid, NULL, &old_pid) < 0) 2094 return tcp; 2095 /* Avoid truncation in pid2tcb() param passing */ 2096 if (old_pid <= 0 || old_pid == pid) 2097 return tcp; 2098 if ((unsigned long) old_pid > UINT_MAX) 2099 return tcp; 2100 execve_thread = pid2tcb(old_pid); 2101 /* It should be !NULL, but I feel paranoid */ 2102 if (!execve_thread) 2103 return tcp; 2104 2105 if (execve_thread->curcol != 0) { 2106 /* 2107 * One case we are here is -ff: 2108 * try "strace -oLOG -ff test/threaded_execve" 2109 */ 2110 fprintf(execve_thread->outf, " <pid changed to %d ...>\n", pid); 2111 /*execve_thread->curcol = 0; - no need, see code below */ 2112 } 2113 /* Swap output FILEs (needed for -ff) */ 2114 fp = execve_thread->outf; 2115 execve_thread->outf = tcp->outf; 2116 tcp->outf = fp; 2117 /* And their column positions */ 2118 execve_thread->curcol = tcp->curcol; 2119 tcp->curcol = 0; 2120 /* Drop leader, but close execve'd thread outfile (if -ff) */ 2121 droptcb(tcp); 2122 /* Switch to the thread, reusing leader's outfile and pid */ 2123 tcp = execve_thread; 2124 tcp->pid = pid; 2125 if (cflag != CFLAG_ONLY_STATS) { 2126 printleader(tcp); 2127 tprintf("+++ superseded by execve in pid %lu +++\n", old_pid); 2128 line_ended(); 2129 tcp->flags |= TCB_REPRINT; 2130 } 2131 2132 return tcp; 2133 } 2134 2135 static void 2136 print_signalled(struct tcb *tcp, const int pid, int status) 2137 { 2138 if (pid == strace_child) { 2139 exit_code = 0x100 | WTERMSIG(status); 2140 strace_child = 0; 2141 } 2142 2143 if (cflag != CFLAG_ONLY_STATS 2144 && is_number_in_set(WTERMSIG(status), &signal_set)) { 2145 printleader(tcp); 2146 #ifdef WCOREDUMP 2147 tprintf("+++ killed by %s %s+++\n", 2148 signame(WTERMSIG(status)), 2149 WCOREDUMP(status) ? "(core dumped) " : ""); 2150 #else 2151 tprintf("+++ killed by %s +++\n", 2152 signame(WTERMSIG(status))); 2153 #endif 2154 line_ended(); 2155 } 2156 } 2157 2158 static void 2159 print_exited(struct tcb *tcp, const int pid, int status) 2160 { 2161 if (pid == strace_child) { 2162 exit_code = WEXITSTATUS(status); 2163 strace_child = 0; 2164 } 2165 2166 if (cflag != CFLAG_ONLY_STATS && 2167 qflag < 2) { 2168 printleader(tcp); 2169 tprintf("+++ exited with %d +++\n", WEXITSTATUS(status)); 2170 line_ended(); 2171 } 2172 } 2173 2174 static void 2175 print_stopped(struct tcb *tcp, const siginfo_t *si, const unsigned int sig) 2176 { 2177 if (cflag != CFLAG_ONLY_STATS 2178 && !hide_log(tcp) 2179 && is_number_in_set(sig, &signal_set)) { 2180 printleader(tcp); 2181 if (si) { 2182 tprintf("--- %s ", signame(sig)); 2183 printsiginfo(si); 2184 tprints(" ---\n"); 2185 } else 2186 tprintf("--- stopped by %s ---\n", signame(sig)); 2187 line_ended(); 2188 } 2189 } 2190 2191 static void 2192 startup_tcb(struct tcb *tcp) 2193 { 2194 if (debug_flag) 2195 error_msg("pid %d has TCB_STARTUP, initializing it", tcp->pid); 2196 2197 tcp->flags &= ~TCB_STARTUP; 2198 2199 if (!use_seize) { 2200 if (debug_flag) 2201 error_msg("setting opts 0x%x on pid %d", 2202 ptrace_setoptions, tcp->pid); 2203 if (ptrace(PTRACE_SETOPTIONS, tcp->pid, NULL, ptrace_setoptions) < 0) { 2204 if (errno != ESRCH) { 2205 /* Should never happen, really */ 2206 perror_msg_and_die("PTRACE_SETOPTIONS"); 2207 } 2208 } 2209 } 2210 2211 if (get_scno(tcp) == 1) 2212 tcp->s_prev_ent = tcp->s_ent; 2213 } 2214 2215 static void 2216 print_event_exit(struct tcb *tcp) 2217 { 2218 if (entering(tcp) || filtered(tcp) || hide_log(tcp) 2219 || cflag == CFLAG_ONLY_STATS) { 2220 return; 2221 } 2222 2223 if (followfork < 2 && printing_tcp && printing_tcp != tcp 2224 && printing_tcp->curcol != 0) { 2225 current_tcp = printing_tcp; 2226 tprints(" <unfinished ...>\n"); 2227 fflush(printing_tcp->outf); 2228 printing_tcp->curcol = 0; 2229 current_tcp = tcp; 2230 } 2231 2232 if ((followfork < 2 && printing_tcp != tcp) 2233 || (tcp->flags & TCB_REPRINT)) { 2234 tcp->flags &= ~TCB_REPRINT; 2235 printleader(tcp); 2236 tprintf("<... %s resumed>", tcp->s_ent->sys_name); 2237 } 2238 2239 if (!(tcp->sys_func_rval & RVAL_DECODED)) { 2240 /* 2241 * The decoder has probably decided to print something 2242 * on exiting syscall which is not going to happen. 2243 */ 2244 tprints(" <unfinished ...>"); 2245 } 2246 tprints(") "); 2247 tabto(); 2248 tprints("= ?\n"); 2249 line_ended(); 2250 } 2251 2252 enum trace_event { 2253 /* Break the main loop. */ 2254 TE_BREAK, 2255 2256 /* Call next_event() again. */ 2257 TE_NEXT, 2258 2259 /* Restart the tracee with signal 0 and call next_event() again. */ 2260 TE_RESTART, 2261 2262 /* 2263 * For all the events below, current_tcp is set to current tracee's 2264 * tcb. All the suggested actions imply that you want to continue 2265 * tracing of the current tracee; alternatively, you can detach it. 2266 */ 2267 2268 /* 2269 * Syscall entry or exit. 2270 * Restart the tracee with signal 0, or with an injected signal number. 2271 */ 2272 TE_SYSCALL_STOP, 2273 2274 /* 2275 * Tracee received signal with number WSTOPSIG(*pstatus); signal info 2276 * is written to *si. Restart the tracee (with that signal number 2277 * if you want to deliver it). 2278 */ 2279 TE_SIGNAL_DELIVERY_STOP, 2280 2281 /* 2282 * Tracee was killed by a signal with number WTERMSIG(*pstatus). 2283 */ 2284 TE_SIGNALLED, 2285 2286 /* 2287 * Tracee was stopped by a signal with number WSTOPSIG(*pstatus). 2288 * Restart the tracee with that signal number. 2289 */ 2290 TE_GROUP_STOP, 2291 2292 /* 2293 * Tracee exited with status WEXITSTATUS(*pstatus). 2294 */ 2295 TE_EXITED, 2296 2297 /* 2298 * Tracee is going to perform execve(). 2299 * Restart the tracee with signal 0. 2300 */ 2301 TE_STOP_BEFORE_EXECVE, 2302 2303 /* 2304 * Tracee is going to terminate. 2305 * Restart the tracee with signal 0. 2306 */ 2307 TE_STOP_BEFORE_EXIT, 2308 }; 2309 2310 static enum trace_event 2311 next_event(int *pstatus, siginfo_t *si) 2312 { 2313 int pid; 2314 int wait_errno; 2315 int status; 2316 struct tcb *tcp; 2317 struct rusage ru; 2318 2319 if (interrupted) 2320 return TE_BREAK; 2321 2322 /* 2323 * Used to exit simply when nprocs hits zero, but in this testcase: 2324 * int main(void) { _exit(!!fork()); } 2325 * under strace -f, parent sometimes (rarely) manages 2326 * to exit before we see the first stop of the child, 2327 * and we are losing track of it: 2328 * 19923 clone(...) = 19924 2329 * 19923 exit_group(1) = ? 2330 * 19923 +++ exited with 1 +++ 2331 * Exiting only when wait() returns ECHILD works better. 2332 */ 2333 if (popen_pid != 0) { 2334 /* However, if -o|logger is in use, we can't do that. 2335 * Can work around that by double-forking the logger, 2336 * but that loses the ability to wait for its completion 2337 * on exit. Oh well... 2338 */ 2339 if (nprocs == 0) 2340 return TE_BREAK; 2341 } 2342 2343 if (interactive) 2344 sigprocmask(SIG_SETMASK, &start_set, NULL); 2345 pid = wait4(-1, pstatus, __WALL, (cflag ? &ru : NULL)); 2346 wait_errno = errno; 2347 if (interactive) 2348 sigprocmask(SIG_SETMASK, &blocked_set, NULL); 2349 2350 if (pid < 0) { 2351 if (wait_errno == EINTR) 2352 return TE_NEXT; 2353 if (nprocs == 0 && wait_errno == ECHILD) 2354 return TE_BREAK; 2355 /* 2356 * If nprocs > 0, ECHILD is not expected, 2357 * treat it as any other error here: 2358 */ 2359 errno = wait_errno; 2360 perror_msg_and_die("wait4(__WALL)"); 2361 } 2362 2363 status = *pstatus; 2364 2365 if (pid == popen_pid) { 2366 if (!WIFSTOPPED(status)) 2367 popen_pid = 0; 2368 return TE_NEXT; 2369 } 2370 2371 if (debug_flag) 2372 print_debug_info(pid, status); 2373 2374 /* Look up 'pid' in our table. */ 2375 tcp = pid2tcb(pid); 2376 2377 if (!tcp) { 2378 tcp = maybe_allocate_tcb(pid, status); 2379 if (!tcp) 2380 return TE_NEXT; 2381 } 2382 2383 clear_regs(); 2384 2385 /* Set current output file */ 2386 current_tcp = tcp; 2387 2388 if (cflag) { 2389 tv_sub(&tcp->dtime, &ru.ru_stime, &tcp->stime); 2390 tcp->stime = ru.ru_stime; 2391 } 2392 2393 if (WIFSIGNALED(status)) 2394 return TE_SIGNALLED; 2395 2396 if (WIFEXITED(status)) 2397 return TE_EXITED; 2398 2399 /* 2400 * As WCONTINUED flag has not been specified to wait4, 2401 * it cannot be WIFCONTINUED(status), so the only case 2402 * that remains is WIFSTOPPED(status). 2403 */ 2404 2405 /* Is this the very first time we see this tracee stopped? */ 2406 if (tcp->flags & TCB_STARTUP) 2407 startup_tcb(tcp); 2408 2409 const unsigned int sig = WSTOPSIG(status); 2410 const unsigned int event = (unsigned int) status >> 16; 2411 2412 switch (event) { 2413 case 0: 2414 /* 2415 * Is this post-attach SIGSTOP? 2416 * Interestingly, the process may stop 2417 * with STOPSIG equal to some other signal 2418 * than SIGSTOP if we happened to attach 2419 * just before the process takes a signal. 2420 */ 2421 if (sig == SIGSTOP && (tcp->flags & TCB_IGNORE_ONE_SIGSTOP)) { 2422 if (debug_flag) 2423 error_msg("ignored SIGSTOP on pid %d", tcp->pid); 2424 tcp->flags &= ~TCB_IGNORE_ONE_SIGSTOP; 2425 return TE_RESTART; 2426 } else if (sig == syscall_trap_sig) { 2427 return TE_SYSCALL_STOP; 2428 } else { 2429 *si = (siginfo_t) {}; 2430 /* 2431 * True if tracee is stopped by signal 2432 * (as opposed to "tracee received signal"). 2433 * TODO: shouldn't we check for errno == EINVAL too? 2434 * We can get ESRCH instead, you know... 2435 */ 2436 bool stopped = ptrace(PTRACE_GETSIGINFO, pid, 0, si) < 0; 2437 return stopped ? TE_GROUP_STOP : TE_SIGNAL_DELIVERY_STOP; 2438 } 2439 break; 2440 #if USE_SEIZE 2441 case PTRACE_EVENT_STOP: 2442 /* 2443 * PTRACE_INTERRUPT-stop or group-stop. 2444 * PTRACE_INTERRUPT-stop has sig == SIGTRAP here. 2445 */ 2446 switch (sig) { 2447 case SIGSTOP: 2448 case SIGTSTP: 2449 case SIGTTIN: 2450 case SIGTTOU: 2451 return TE_GROUP_STOP; 2452 } 2453 return TE_RESTART; 2454 #endif 2455 case PTRACE_EVENT_EXEC: 2456 return TE_STOP_BEFORE_EXECVE; 2457 case PTRACE_EVENT_EXIT: 2458 return TE_STOP_BEFORE_EXIT; 2459 default: 2460 return TE_RESTART; 2461 } 2462 } 2463 2464 static int 2465 trace_syscall(struct tcb *tcp, unsigned int *sig) 2466 { 2467 if (entering(tcp)) { 2468 int res = syscall_entering_decode(tcp); 2469 switch (res) { 2470 case 0: 2471 return 0; 2472 case 1: 2473 res = syscall_entering_trace(tcp, sig); 2474 } 2475 syscall_entering_finish(tcp, res); 2476 return res; 2477 } else { 2478 struct timeval tv = {}; 2479 int res = syscall_exiting_decode(tcp, &tv); 2480 if (res != 0) { 2481 res = syscall_exiting_trace(tcp, tv, res); 2482 } 2483 syscall_exiting_finish(tcp); 2484 return res; 2485 } 2486 } 2487 2488 /* Returns true iff the main trace loop has to continue. */ 2489 static bool 2490 dispatch_event(enum trace_event ret, int *pstatus, siginfo_t *si) 2491 { 2492 unsigned int restart_op = PTRACE_SYSCALL; 2493 unsigned int restart_sig = 0; 2494 2495 switch (ret) { 2496 case TE_BREAK: 2497 return false; 2498 2499 case TE_NEXT: 2500 return true; 2501 2502 case TE_RESTART: 2503 break; 2504 2505 case TE_SYSCALL_STOP: 2506 if (trace_syscall(current_tcp, &restart_sig) < 0) { 2507 /* 2508 * ptrace() failed in trace_syscall(). 2509 * Likely a result of process disappearing mid-flight. 2510 * Observed case: exit_group() or SIGKILL terminating 2511 * all processes in thread group. 2512 * We assume that ptrace error was caused by process death. 2513 * We used to detach(current_tcp) here, but since we no 2514 * longer implement "detach before death" policy/hack, 2515 * we can let this process to report its death to us 2516 * normally, via WIFEXITED or WIFSIGNALED wait status. 2517 */ 2518 return true; 2519 } 2520 break; 2521 2522 case TE_SIGNAL_DELIVERY_STOP: 2523 restart_sig = WSTOPSIG(*pstatus); 2524 print_stopped(current_tcp, si, restart_sig); 2525 break; 2526 2527 case TE_SIGNALLED: 2528 print_signalled(current_tcp, current_tcp->pid, *pstatus); 2529 droptcb(current_tcp); 2530 return true; 2531 2532 case TE_GROUP_STOP: 2533 restart_sig = WSTOPSIG(*pstatus); 2534 print_stopped(current_tcp, NULL, restart_sig); 2535 if (use_seize) { 2536 /* 2537 * This ends ptrace-stop, but does *not* end group-stop. 2538 * This makes stopping signals work properly on straced 2539 * process (that is, process really stops. It used to 2540 * continue to run). 2541 */ 2542 restart_op = PTRACE_LISTEN; 2543 restart_sig = 0; 2544 } 2545 break; 2546 2547 case TE_EXITED: 2548 print_exited(current_tcp, current_tcp->pid, *pstatus); 2549 droptcb(current_tcp); 2550 return true; 2551 2552 case TE_STOP_BEFORE_EXECVE: 2553 /* 2554 * Under Linux, execve changes pid to thread leader's pid, 2555 * and we see this changed pid on EVENT_EXEC and later, 2556 * execve sysexit. Leader "disappears" without exit 2557 * notification. Let user know that, drop leader's tcb, 2558 * and fix up pid in execve thread's tcb. 2559 * Effectively, execve thread's tcb replaces leader's tcb. 2560 * 2561 * BTW, leader is 'stuck undead' (doesn't report WIFEXITED 2562 * on exit syscall) in multithreaded programs exactly 2563 * in order to handle this case. 2564 * 2565 * PTRACE_GETEVENTMSG returns old pid starting from Linux 3.0. 2566 * On 2.6 and earlier, it can return garbage. 2567 */ 2568 if (os_release >= KERNEL_VERSION(3, 0, 0)) 2569 current_tcp = maybe_switch_tcbs(current_tcp, current_tcp->pid); 2570 2571 if (detach_on_execve) { 2572 if (current_tcp->flags & TCB_SKIP_DETACH_ON_FIRST_EXEC) { 2573 current_tcp->flags &= ~TCB_SKIP_DETACH_ON_FIRST_EXEC; 2574 } else { 2575 detach(current_tcp); /* do "-b execve" thingy */ 2576 return true; 2577 } 2578 } 2579 break; 2580 2581 case TE_STOP_BEFORE_EXIT: 2582 print_event_exit(current_tcp); 2583 break; 2584 } 2585 2586 /* We handled quick cases, we are permitted to interrupt now. */ 2587 if (interrupted) 2588 return false; 2589 2590 if (ptrace_restart(restart_op, current_tcp, restart_sig) < 0) { 2591 /* Note: ptrace_restart emitted error message */ 2592 exit_code = 1; 2593 return false; 2594 } 2595 return true; 2596 } 2597 2598 #ifdef ENABLE_COVERAGE_GCOV 2599 extern void __gcov_flush(void); 2600 #endif 2601 2602 static void ATTRIBUTE_NORETURN 2603 terminate(void) 2604 { 2605 cleanup(); 2606 fflush(NULL); 2607 if (shared_log != stderr) 2608 fclose(shared_log); 2609 if (popen_pid) { 2610 while (waitpid(popen_pid, NULL, 0) < 0 && errno == EINTR) 2611 ; 2612 } 2613 if (exit_code > 0xff) { 2614 /* Avoid potential core file clobbering. */ 2615 struct_rlimit rlim = {0, 0}; 2616 set_rlimit(RLIMIT_CORE, &rlim); 2617 2618 /* Child was killed by a signal, mimic that. */ 2619 exit_code &= 0xff; 2620 signal(exit_code, SIG_DFL); 2621 #ifdef ENABLE_COVERAGE_GCOV 2622 __gcov_flush(); 2623 #endif 2624 raise(exit_code); 2625 2626 /* Unblock the signal. */ 2627 sigset_t mask; 2628 sigemptyset(&mask); 2629 sigaddset(&mask, exit_code); 2630 #ifdef ENABLE_COVERAGE_GCOV 2631 __gcov_flush(); 2632 #endif 2633 sigprocmask(SIG_UNBLOCK, &mask, NULL); 2634 2635 /* Paranoia - what if this signal is not fatal? 2636 Exit with 128 + signo then. */ 2637 exit_code += 128; 2638 } 2639 exit(exit_code); 2640 } 2641 2642 int 2643 main(int argc, char *argv[]) 2644 { 2645 init(argc, argv); 2646 2647 exit_code = !nprocs; 2648 2649 int status; 2650 siginfo_t si; 2651 while (dispatch_event(next_event(&status, &si), &status, &si)) 2652 ; 2653 terminate(); 2654 } 2655