1 /* 2 * Copyright (c) 1991, 1992 Paul Kranenburg <pk (at) cs.few.eur.nl> 3 * Copyright (c) 1993 Branko Lankester <branko (at) hacktic.nl> 4 * Copyright (c) 1993, 1994, 1995, 1996 Rick Sladkey <jrs (at) world.std.com> 5 * Copyright (c) 1996-1999 Wichert Akkerman <wichert (at) cistron.nl> 6 * Copyright (c) 1999-2018 The strace developers. 7 * All rights reserved. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in the 16 * documentation and/or other materials provided with the distribution. 17 * 3. The name of the author may not be used to endorse or promote products 18 * derived from this software without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 21 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 22 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 23 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 24 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 25 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 26 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 27 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 29 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 30 */ 31 32 #include "defs.h" 33 #include <stdarg.h> 34 #include <limits.h> 35 #include <fcntl.h> 36 #include "ptrace.h" 37 #include <signal.h> 38 #include <sys/resource.h> 39 #include <sys/wait.h> 40 #include <sys/stat.h> 41 #ifdef HAVE_PATHS_H 42 # include <paths.h> 43 #endif 44 #include <pwd.h> 45 #include <grp.h> 46 #include <dirent.h> 47 #include <sys/utsname.h> 48 #ifdef HAVE_PRCTL 49 # include <sys/prctl.h> 50 #endif 51 #include <asm/unistd.h> 52 53 #include "largefile_wrappers.h" 54 #include "number_set.h" 55 #include "scno.h" 56 #include "printsiginfo.h" 57 #include "trace_event.h" 58 #include "xstring.h" 59 60 /* In some libc, these aren't declared. Do it ourself: */ 61 extern char **environ; 62 extern int optind; 63 extern char *optarg; 64 65 #ifdef USE_LIBUNWIND 66 /* if this is true do the stack trace for every system call */ 67 bool stack_trace_enabled; 68 #endif 69 70 #define my_tkill(tid, sig) syscall(__NR_tkill, (tid), (sig)) 71 72 /* Glue for systems without a MMU that cannot provide fork() */ 73 #if !defined(HAVE_FORK) 74 # undef NOMMU_SYSTEM 75 # define NOMMU_SYSTEM 1 76 #endif 77 #if NOMMU_SYSTEM 78 # define fork() vfork() 79 #endif 80 81 const unsigned int syscall_trap_sig = SIGTRAP | 0x80; 82 83 cflag_t cflag = CFLAG_NONE; 84 unsigned int followfork; 85 unsigned int ptrace_setoptions = PTRACE_O_TRACESYSGOOD | PTRACE_O_TRACEEXEC 86 | PTRACE_O_TRACEEXIT; 87 unsigned int xflag; 88 bool debug_flag; 89 bool Tflag; 90 bool iflag; 91 bool count_wallclock; 92 unsigned int qflag; 93 static unsigned int tflag; 94 static bool rflag; 95 static bool print_pid_pfx; 96 97 /* -I n */ 98 enum { 99 INTR_NOT_SET = 0, 100 INTR_ANYWHERE = 1, /* don't block/ignore any signals */ 101 INTR_WHILE_WAIT = 2, /* block fatal signals while decoding syscall. default */ 102 INTR_NEVER = 3, /* block fatal signals. default if '-o FILE PROG' */ 103 INTR_BLOCK_TSTP_TOO = 4, /* block fatal signals and SIGTSTP (^Z) */ 104 NUM_INTR_OPTS 105 }; 106 static int opt_intr; 107 /* We play with signal mask only if this mode is active: */ 108 #define interactive (opt_intr == INTR_WHILE_WAIT) 109 110 /* 111 * daemonized_tracer supports -D option. 112 * With this option, strace forks twice. 113 * Unlike normal case, with -D *grandparent* process exec's, 114 * becoming a traced process. Child exits (this prevents traced process 115 * from having children it doesn't expect to have), and grandchild 116 * attaches to grandparent similarly to strace -p PID. 117 * This allows for more transparent interaction in cases 118 * when process and its parent are communicating via signals, 119 * wait() etc. Without -D, strace process gets lodged in between, 120 * disrupting parent<->child link. 121 */ 122 static bool daemonized_tracer; 123 124 #if USE_SEIZE 125 static int post_attach_sigstop = TCB_IGNORE_ONE_SIGSTOP; 126 # define use_seize (post_attach_sigstop == 0) 127 #else 128 # define post_attach_sigstop TCB_IGNORE_ONE_SIGSTOP 129 # define use_seize 0 130 #endif 131 132 /* Sometimes we want to print only succeeding syscalls. */ 133 bool not_failing_only; 134 135 /* Show path associated with fd arguments */ 136 unsigned int show_fd_path; 137 138 static bool detach_on_execve; 139 140 static int exit_code; 141 static int strace_child; 142 static int strace_tracer_pid; 143 144 static const char *username; 145 static uid_t run_uid; 146 static gid_t run_gid; 147 148 unsigned int max_strlen = DEFAULT_STRLEN; 149 static int acolumn = DEFAULT_ACOLUMN; 150 static char *acolumn_spaces; 151 152 static const char *outfname; 153 /* If -ff, points to stderr. Else, it's our common output log */ 154 static FILE *shared_log; 155 156 struct tcb *printing_tcp; 157 static struct tcb *current_tcp; 158 159 static struct tcb **tcbtab; 160 static unsigned int nprocs; 161 static size_t tcbtabsize; 162 163 #ifndef HAVE_PROGRAM_INVOCATION_NAME 164 char *program_invocation_name; 165 #endif 166 167 unsigned os_release; /* generated from uname()'s u.release */ 168 169 static void detach(struct tcb *tcp); 170 static void cleanup(void); 171 static void interrupt(int sig); 172 static sigset_t start_set, blocked_set; 173 174 #ifdef HAVE_SIG_ATOMIC_T 175 static volatile sig_atomic_t interrupted; 176 #else 177 static volatile int interrupted; 178 #endif 179 180 #ifndef HAVE_STRERROR 181 182 #if !HAVE_DECL_SYS_ERRLIST 183 extern int sys_nerr; 184 extern char *sys_errlist[]; 185 #endif 186 187 const char * 188 strerror(int err_no) 189 { 190 static char buf[sizeof("Unknown error %d") + sizeof(int)*3]; 191 192 if (err_no < 1 || err_no >= sys_nerr) { 193 xsprintf(buf, "Unknown error %d", err_no); 194 return buf; 195 } 196 return sys_errlist[err_no]; 197 } 198 199 #endif /* HAVE_STERRROR */ 200 201 static void 202 print_version(void) 203 { 204 static const char features[] = 205 #ifdef USE_LIBUNWIND 206 " stack-unwind" 207 #endif /* USE_LIBUNWIND */ 208 #ifdef USE_DEMANGLE 209 " stack-demangle" 210 #endif /* USE_DEMANGLE */ 211 #if SUPPORTED_PERSONALITIES > 1 212 # if defined HAVE_M32_MPERS 213 " m32-mpers" 214 # else 215 " no-m32-mpers" 216 # endif 217 #endif /* SUPPORTED_PERSONALITIES > 1 */ 218 #if SUPPORTED_PERSONALITIES > 2 219 # if defined HAVE_MX32_MPERS 220 " mx32-mpers" 221 # else 222 " no-mx32-mpers" 223 # endif 224 #endif /* SUPPORTED_PERSONALITIES > 2 */ 225 ""; 226 227 printf("%s -- version %s\n" 228 "Copyright (c) 1991-%s The strace developers <%s>.\n" 229 "This is free software; see the source for copying conditions. There is NO\n" 230 "warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.\n", 231 PACKAGE_NAME, PACKAGE_VERSION, COPYRIGHT_YEAR, PACKAGE_URL); 232 printf("\nOptional features enabled:%s\n", 233 features[0] ? features : " (none)"); 234 } 235 236 static void 237 usage(void) 238 { 239 printf("\ 240 usage: strace [-CdffhiqrtttTvVwxxy] [-I n] [-e expr]...\n\ 241 [-a column] [-o file] [-s strsize] [-P path]...\n\ 242 -p pid... / [-D] [-E var=val]... [-u username] PROG [ARGS]\n\ 243 or: strace -c[dfw] [-I n] [-e expr]... [-O overhead] [-S sortby]\n\ 244 -p pid... / [-D] [-E var=val]... [-u username] PROG [ARGS]\n\ 245 \n\ 246 Output format:\n\ 247 -a column alignment COLUMN for printing syscall results (default %d)\n\ 248 -i print instruction pointer at time of syscall\n\ 249 " 250 #ifdef USE_LIBUNWIND 251 "\ 252 -k obtain stack trace between each syscall (experimental)\n\ 253 " 254 #endif 255 "\ 256 -o file send trace output to FILE instead of stderr\n\ 257 -q suppress messages about attaching, detaching, etc.\n\ 258 -r print relative timestamp\n\ 259 -s strsize limit length of print strings to STRSIZE chars (default %d)\n\ 260 -t print absolute timestamp\n\ 261 -tt print absolute timestamp with usecs\n\ 262 -T print time spent in each syscall\n\ 263 -x print non-ascii strings in hex\n\ 264 -xx print all strings in hex\n\ 265 -y print paths associated with file descriptor arguments\n\ 266 -yy print protocol specific information associated with socket file descriptors\n\ 267 \n\ 268 Statistics:\n\ 269 -c count time, calls, and errors for each syscall and report summary\n\ 270 -C like -c but also print regular output\n\ 271 -O overhead set overhead for tracing syscalls to OVERHEAD usecs\n\ 272 -S sortby sort syscall counts by: time, calls, name, nothing (default %s)\n\ 273 -w summarise syscall latency (default is system time)\n\ 274 \n\ 275 Filtering:\n\ 276 -e expr a qualifying expression: option=[!]all or option=[!]val1[,val2]...\n\ 277 options: trace, abbrev, verbose, raw, signal, read, write, fault\n\ 278 -P path trace accesses to path\n\ 279 \n\ 280 Tracing:\n\ 281 -b execve detach on execve syscall\n\ 282 -D run tracer process as a detached grandchild, not as parent\n\ 283 -f follow forks\n\ 284 -ff follow forks with output into separate files\n\ 285 -I interruptible\n\ 286 1: no signals are blocked\n\ 287 2: fatal signals are blocked while decoding syscall (default)\n\ 288 3: fatal signals are always blocked (default if '-o FILE PROG')\n\ 289 4: fatal signals and SIGTSTP (^Z) are always blocked\n\ 290 (useful to make 'strace -o FILE PROG' not stop on ^Z)\n\ 291 \n\ 292 Startup:\n\ 293 -E var remove var from the environment for command\n\ 294 -E var=val put var=val in the environment for command\n\ 295 -p pid trace process with process id PID, may be repeated\n\ 296 -u username run command as username handling setuid and/or setgid\n\ 297 \n\ 298 Miscellaneous:\n\ 299 -d enable debug output to stderr\n\ 300 -v verbose mode: print unabbreviated argv, stat, termios, etc. args\n\ 301 -h print help message\n\ 302 -V print version\n\ 303 " 304 /* ancient, no one should use it 305 -F -- attempt to follow vforks (deprecated, use -f)\n\ 306 */ 307 /* this is broken, so don't document it 308 -z -- print only succeeding syscalls\n\ 309 */ 310 , DEFAULT_ACOLUMN, DEFAULT_STRLEN, DEFAULT_SORTBY); 311 exit(0); 312 } 313 314 void ATTRIBUTE_NORETURN 315 die(void) 316 { 317 if (strace_tracer_pid == getpid()) { 318 cflag = 0; 319 cleanup(); 320 exit(1); 321 } 322 323 _exit(1); 324 } 325 326 static void 327 error_opt_arg(int opt, const char *arg) 328 { 329 error_msg_and_help("invalid -%c argument: '%s'", opt, arg); 330 } 331 332 static const char *ptrace_attach_cmd; 333 334 static int 335 ptrace_attach_or_seize(int pid) 336 { 337 #if USE_SEIZE 338 int r; 339 if (!use_seize) 340 return ptrace_attach_cmd = "PTRACE_ATTACH", 341 ptrace(PTRACE_ATTACH, pid, 0L, 0L); 342 r = ptrace(PTRACE_SEIZE, pid, 0L, (unsigned long) ptrace_setoptions); 343 if (r) 344 return ptrace_attach_cmd = "PTRACE_SEIZE", r; 345 r = ptrace(PTRACE_INTERRUPT, pid, 0L, 0L); 346 return ptrace_attach_cmd = "PTRACE_INTERRUPT", r; 347 #else 348 return ptrace_attach_cmd = "PTRACE_ATTACH", 349 ptrace(PTRACE_ATTACH, pid, 0L, 0L); 350 #endif 351 } 352 353 /* 354 * Used when we want to unblock stopped traced process. 355 * Should be only used with PTRACE_CONT, PTRACE_DETACH and PTRACE_SYSCALL. 356 * Returns 0 on success or if error was ESRCH 357 * (presumably process was killed while we talk to it). 358 * Otherwise prints error message and returns -1. 359 */ 360 static int 361 ptrace_restart(const unsigned int op, struct tcb *const tcp, unsigned int sig) 362 { 363 int err; 364 const char *msg; 365 366 errno = 0; 367 ptrace(op, tcp->pid, 0L, (unsigned long) sig); 368 err = errno; 369 if (!err) 370 return 0; 371 372 switch (op) { 373 case PTRACE_CONT: 374 msg = "CONT"; 375 break; 376 case PTRACE_DETACH: 377 msg = "DETACH"; 378 break; 379 case PTRACE_LISTEN: 380 msg = "LISTEN"; 381 break; 382 default: 383 msg = "SYSCALL"; 384 } 385 386 /* 387 * Why curcol != 0? Otherwise sometimes we get this: 388 * 389 * 10252 kill(10253, SIGKILL) = 0 390 * <ptrace(SYSCALL,10252):No such process>10253 ...next decode... 391 * 392 * 10252 died after we retrieved syscall exit data, 393 * but before we tried to restart it. Log looks ugly. 394 */ 395 if (current_tcp && current_tcp->curcol != 0) { 396 tprintf(" <ptrace(%s):%s>\n", msg, strerror(err)); 397 line_ended(); 398 } 399 if (err == ESRCH) 400 return 0; 401 errno = err; 402 perror_msg("ptrace(PTRACE_%s,pid:%d,sig:%u)", msg, tcp->pid, sig); 403 return -1; 404 } 405 406 static void 407 set_cloexec_flag(int fd) 408 { 409 int flags, newflags; 410 411 flags = fcntl(fd, F_GETFD); 412 if (flags < 0) { 413 /* Can happen only if fd is bad. 414 * Should never happen: if it does, we have a bug 415 * in the caller. Therefore we just abort 416 * instead of propagating the error. 417 */ 418 perror_msg_and_die("fcntl(%d, F_GETFD)", fd); 419 } 420 421 newflags = flags | FD_CLOEXEC; 422 if (flags == newflags) 423 return; 424 425 fcntl(fd, F_SETFD, newflags); /* never fails */ 426 } 427 428 static void 429 kill_save_errno(pid_t pid, int sig) 430 { 431 int saved_errno = errno; 432 433 (void) kill(pid, sig); 434 errno = saved_errno; 435 } 436 437 /* 438 * When strace is setuid executable, we have to swap uids 439 * before and after filesystem and process management operations. 440 */ 441 static void 442 swap_uid(void) 443 { 444 int euid = geteuid(), uid = getuid(); 445 446 if (euid != uid && setreuid(euid, uid) < 0) { 447 perror_msg_and_die("setreuid"); 448 } 449 } 450 451 static FILE * 452 strace_fopen(const char *path) 453 { 454 FILE *fp; 455 456 swap_uid(); 457 fp = fopen_for_output(path, "w"); 458 if (!fp) 459 perror_msg_and_die("Can't fopen '%s'", path); 460 swap_uid(); 461 set_cloexec_flag(fileno(fp)); 462 return fp; 463 } 464 465 static int popen_pid; 466 467 #ifndef _PATH_BSHELL 468 # define _PATH_BSHELL "/bin/sh" 469 #endif 470 471 /* 472 * We cannot use standard popen(3) here because we have to distinguish 473 * popen child process from other processes we trace, and standard popen(3) 474 * does not export its child's pid. 475 */ 476 static FILE * 477 strace_popen(const char *command) 478 { 479 FILE *fp; 480 int pid; 481 int fds[2]; 482 483 swap_uid(); 484 if (pipe(fds) < 0) 485 perror_msg_and_die("pipe"); 486 487 set_cloexec_flag(fds[1]); /* never fails */ 488 489 pid = vfork(); 490 if (pid < 0) 491 perror_msg_and_die("vfork"); 492 493 if (pid == 0) { 494 /* child */ 495 close(fds[1]); 496 if (fds[0] != 0) { 497 if (dup2(fds[0], 0)) 498 perror_msg_and_die("dup2"); 499 close(fds[0]); 500 } 501 execl(_PATH_BSHELL, "sh", "-c", command, NULL); 502 perror_msg_and_die("Can't execute '%s'", _PATH_BSHELL); 503 } 504 505 /* parent */ 506 popen_pid = pid; 507 close(fds[0]); 508 swap_uid(); 509 fp = fdopen(fds[1], "w"); 510 if (!fp) 511 perror_msg_and_die("fdopen"); 512 return fp; 513 } 514 515 static void 516 outf_perror(const struct tcb * const tcp) 517 { 518 if (tcp->outf == stderr) 519 return; 520 521 /* This is ugly, but we don't store separate file names */ 522 if (followfork >= 2) 523 perror_msg("%s.%u", outfname, tcp->pid); 524 else 525 perror_msg("%s", outfname); 526 } 527 528 ATTRIBUTE_FORMAT((printf, 1, 0)) 529 static void 530 tvprintf(const char *const fmt, va_list args) 531 { 532 if (current_tcp) { 533 int n = vfprintf(current_tcp->outf, fmt, args); 534 if (n < 0) { 535 /* very unlikely due to vfprintf buffering */ 536 outf_perror(current_tcp); 537 } else 538 current_tcp->curcol += n; 539 } 540 } 541 542 void 543 tprintf(const char *fmt, ...) 544 { 545 va_list args; 546 va_start(args, fmt); 547 tvprintf(fmt, args); 548 va_end(args); 549 } 550 551 #ifndef HAVE_FPUTS_UNLOCKED 552 # define fputs_unlocked fputs 553 #endif 554 555 void 556 tprints(const char *str) 557 { 558 if (current_tcp) { 559 int n = fputs_unlocked(str, current_tcp->outf); 560 if (n >= 0) { 561 current_tcp->curcol += strlen(str); 562 return; 563 } 564 /* very unlikely due to fputs_unlocked buffering */ 565 outf_perror(current_tcp); 566 } 567 } 568 569 void 570 tprints_comment(const char *const str) 571 { 572 if (str && *str) 573 tprintf(" /* %s */", str); 574 } 575 576 void 577 tprintf_comment(const char *fmt, ...) 578 { 579 if (!fmt || !*fmt) 580 return; 581 582 va_list args; 583 va_start(args, fmt); 584 tprints(" /* "); 585 tvprintf(fmt, args); 586 tprints(" */"); 587 va_end(args); 588 } 589 590 static void 591 flush_tcp_output(const struct tcb *const tcp) 592 { 593 if (fflush(tcp->outf)) 594 outf_perror(tcp); 595 } 596 597 void 598 line_ended(void) 599 { 600 if (current_tcp) { 601 current_tcp->curcol = 0; 602 flush_tcp_output(current_tcp); 603 } 604 if (printing_tcp) { 605 printing_tcp->curcol = 0; 606 printing_tcp = NULL; 607 } 608 } 609 610 void 611 set_current_tcp(const struct tcb *tcp) 612 { 613 current_tcp = (struct tcb *) tcp; 614 615 /* Sync current_personality and stuff */ 616 if (current_tcp) 617 set_personality(current_tcp->currpers); 618 } 619 620 void 621 printleader(struct tcb *tcp) 622 { 623 /* If -ff, "previous tcb we printed" is always the same as current, 624 * because we have per-tcb output files. 625 */ 626 if (followfork >= 2) 627 printing_tcp = tcp; 628 629 if (printing_tcp) { 630 set_current_tcp(printing_tcp); 631 if (printing_tcp->curcol != 0 && (followfork < 2 || printing_tcp == tcp)) { 632 /* 633 * case 1: we have a shared log (i.e. not -ff), and last line 634 * wasn't finished (same or different tcb, doesn't matter). 635 * case 2: split log, we are the same tcb, but our last line 636 * didn't finish ("SIGKILL nuked us after syscall entry" etc). 637 */ 638 tprints(" <unfinished ...>\n"); 639 printing_tcp->curcol = 0; 640 } 641 } 642 643 printing_tcp = tcp; 644 set_current_tcp(tcp); 645 current_tcp->curcol = 0; 646 647 if (print_pid_pfx) 648 tprintf("%-5d ", tcp->pid); 649 else if (nprocs > 1 && !outfname) 650 tprintf("[pid %5u] ", tcp->pid); 651 652 if (tflag) { 653 char str[sizeof("HH:MM:SS")]; 654 struct timeval tv, dtv; 655 static struct timeval otv; 656 657 gettimeofday(&tv, NULL); 658 if (rflag) { 659 if (otv.tv_sec == 0) 660 otv = tv; 661 tv_sub(&dtv, &tv, &otv); 662 tprintf("%6ld.%06ld ", 663 (long) dtv.tv_sec, (long) dtv.tv_usec); 664 otv = tv; 665 } else if (tflag > 2) { 666 tprintf("%ld.%06ld ", 667 (long) tv.tv_sec, (long) tv.tv_usec); 668 } else { 669 time_t local = tv.tv_sec; 670 strftime(str, sizeof(str), "%T", localtime(&local)); 671 if (tflag > 1) 672 tprintf("%s.%06ld ", str, (long) tv.tv_usec); 673 else 674 tprintf("%s ", str); 675 } 676 } 677 if (iflag) 678 print_pc(tcp); 679 } 680 681 void 682 tabto(void) 683 { 684 if (current_tcp->curcol < acolumn) 685 tprints(acolumn_spaces + current_tcp->curcol); 686 } 687 688 /* Should be only called directly *after successful attach* to a tracee. 689 * Otherwise, "strace -oFILE -ff -p<nonexistant_pid>" 690 * may create bogus empty FILE.<nonexistant_pid>, and then die. 691 */ 692 static void 693 newoutf(struct tcb *tcp) 694 { 695 tcp->outf = shared_log; /* if not -ff mode, the same file is for all */ 696 if (followfork >= 2) { 697 char name[PATH_MAX]; 698 xsprintf(name, "%s.%u", outfname, tcp->pid); 699 tcp->outf = strace_fopen(name); 700 } 701 } 702 703 static void 704 expand_tcbtab(void) 705 { 706 /* Allocate some (more) TCBs (and expand the table). 707 We don't want to relocate the TCBs because our 708 callers have pointers and it would be a pain. 709 So tcbtab is a table of pointers. Since we never 710 free the TCBs, we allocate a single chunk of many. */ 711 size_t old_tcbtabsize; 712 struct tcb *newtcbs; 713 struct tcb **tcb_ptr; 714 715 old_tcbtabsize = tcbtabsize; 716 717 tcbtab = xgrowarray(tcbtab, &tcbtabsize, sizeof(tcbtab[0])); 718 newtcbs = xcalloc(tcbtabsize - old_tcbtabsize, sizeof(newtcbs[0])); 719 720 for (tcb_ptr = tcbtab + old_tcbtabsize; 721 tcb_ptr < tcbtab + tcbtabsize; tcb_ptr++, newtcbs++) 722 *tcb_ptr = newtcbs; 723 } 724 725 static struct tcb * 726 alloctcb(int pid) 727 { 728 unsigned int i; 729 struct tcb *tcp; 730 731 if (nprocs == tcbtabsize) 732 expand_tcbtab(); 733 734 for (i = 0; i < tcbtabsize; i++) { 735 tcp = tcbtab[i]; 736 if (!tcp->pid) { 737 memset(tcp, 0, sizeof(*tcp)); 738 tcp->pid = pid; 739 #if SUPPORTED_PERSONALITIES > 1 740 tcp->currpers = current_personality; 741 #endif 742 743 #ifdef USE_LIBUNWIND 744 if (stack_trace_enabled) 745 unwind_tcb_init(tcp); 746 #endif 747 748 nprocs++; 749 debug_msg("new tcb for pid %d, active tcbs:%d", 750 tcp->pid, nprocs); 751 return tcp; 752 } 753 } 754 error_msg_and_die("bug in alloctcb"); 755 } 756 757 void * 758 get_tcb_priv_data(const struct tcb *tcp) 759 { 760 return tcp->_priv_data; 761 } 762 763 int 764 set_tcb_priv_data(struct tcb *tcp, void *const priv_data, 765 void (*const free_priv_data)(void *)) 766 { 767 if (tcp->_priv_data) 768 return -1; 769 770 tcp->_free_priv_data = free_priv_data; 771 tcp->_priv_data = priv_data; 772 773 return 0; 774 } 775 776 void 777 free_tcb_priv_data(struct tcb *tcp) 778 { 779 if (tcp->_priv_data) { 780 if (tcp->_free_priv_data) { 781 tcp->_free_priv_data(tcp->_priv_data); 782 tcp->_free_priv_data = NULL; 783 } 784 tcp->_priv_data = NULL; 785 } 786 } 787 788 static void 789 droptcb(struct tcb *tcp) 790 { 791 if (tcp->pid == 0) 792 return; 793 794 int p; 795 for (p = 0; p < SUPPORTED_PERSONALITIES; ++p) 796 free(tcp->inject_vec[p]); 797 798 free_tcb_priv_data(tcp); 799 800 #ifdef USE_LIBUNWIND 801 if (stack_trace_enabled) { 802 unwind_tcb_fin(tcp); 803 } 804 #endif 805 806 nprocs--; 807 debug_msg("dropped tcb for pid %d, %d remain", tcp->pid, nprocs); 808 809 if (tcp->outf) { 810 if (followfork >= 2) { 811 if (tcp->curcol != 0) 812 fprintf(tcp->outf, " <detached ...>\n"); 813 fclose(tcp->outf); 814 } else { 815 if (printing_tcp == tcp && tcp->curcol != 0) 816 fprintf(tcp->outf, " <detached ...>\n"); 817 flush_tcp_output(tcp); 818 } 819 } 820 821 if (current_tcp == tcp) 822 set_current_tcp(NULL); 823 if (printing_tcp == tcp) 824 printing_tcp = NULL; 825 826 memset(tcp, 0, sizeof(*tcp)); 827 } 828 829 /* Detach traced process. 830 * Never call DETACH twice on the same process as both unattached and 831 * attached-unstopped processes give the same ESRCH. For unattached process we 832 * would SIGSTOP it and wait for its SIGSTOP notification forever. 833 */ 834 static void 835 detach(struct tcb *tcp) 836 { 837 int error; 838 int status; 839 840 /* 841 * Linux wrongly insists the child be stopped 842 * before detaching. Arghh. We go through hoops 843 * to make a clean break of things. 844 */ 845 846 if (!(tcp->flags & TCB_ATTACHED)) 847 goto drop; 848 849 /* We attached but possibly didn't see the expected SIGSTOP. 850 * We must catch exactly one as otherwise the detached process 851 * would be left stopped (process state T). 852 */ 853 if (tcp->flags & TCB_IGNORE_ONE_SIGSTOP) 854 goto wait_loop; 855 856 error = ptrace(PTRACE_DETACH, tcp->pid, 0, 0); 857 if (!error) { 858 /* On a clear day, you can see forever. */ 859 goto drop; 860 } 861 if (errno != ESRCH) { 862 /* Shouldn't happen. */ 863 perror_func_msg("ptrace(PTRACE_DETACH,%u)", tcp->pid); 864 goto drop; 865 } 866 /* ESRCH: process is either not stopped or doesn't exist. */ 867 if (my_tkill(tcp->pid, 0) < 0) { 868 if (errno != ESRCH) 869 /* Shouldn't happen. */ 870 perror_func_msg("tkill(%u,0)", tcp->pid); 871 /* else: process doesn't exist. */ 872 goto drop; 873 } 874 /* Process is not stopped, need to stop it. */ 875 if (use_seize) { 876 /* 877 * With SEIZE, tracee can be in group-stop already. 878 * In this state sending it another SIGSTOP does nothing. 879 * Need to use INTERRUPT. 880 * Testcase: trying to ^C a "strace -p <stopped_process>". 881 */ 882 error = ptrace(PTRACE_INTERRUPT, tcp->pid, 0, 0); 883 if (!error) 884 goto wait_loop; 885 if (errno != ESRCH) 886 perror_func_msg("ptrace(PTRACE_INTERRUPT,%u)", tcp->pid); 887 } else { 888 error = my_tkill(tcp->pid, SIGSTOP); 889 if (!error) 890 goto wait_loop; 891 if (errno != ESRCH) 892 perror_func_msg("tkill(%u,SIGSTOP)", tcp->pid); 893 } 894 /* Either process doesn't exist, or some weird error. */ 895 goto drop; 896 897 wait_loop: 898 /* We end up here in three cases: 899 * 1. We sent PTRACE_INTERRUPT (use_seize case) 900 * 2. We sent SIGSTOP (!use_seize) 901 * 3. Attach SIGSTOP was already pending (TCB_IGNORE_ONE_SIGSTOP set) 902 */ 903 for (;;) { 904 unsigned int sig; 905 if (waitpid(tcp->pid, &status, __WALL) < 0) { 906 if (errno == EINTR) 907 continue; 908 /* 909 * if (errno == ECHILD) break; 910 * ^^^ WRONG! We expect this PID to exist, 911 * and want to emit a message otherwise: 912 */ 913 perror_func_msg("waitpid(%u)", tcp->pid); 914 break; 915 } 916 if (!WIFSTOPPED(status)) { 917 /* 918 * Tracee exited or was killed by signal. 919 * We shouldn't normally reach this place: 920 * we don't want to consume exit status. 921 * Consider "strace -p PID" being ^C-ed: 922 * we want merely to detach from PID. 923 * 924 * However, we _can_ end up here if tracee 925 * was SIGKILLed. 926 */ 927 break; 928 } 929 sig = WSTOPSIG(status); 930 debug_msg("detach wait: event:%d sig:%d", 931 (unsigned) status >> 16, sig); 932 if (use_seize) { 933 unsigned event = (unsigned)status >> 16; 934 if (event == PTRACE_EVENT_STOP /*&& sig == SIGTRAP*/) { 935 /* 936 * sig == SIGTRAP: PTRACE_INTERRUPT stop. 937 * sig == other: process was already stopped 938 * with this stopping sig (see tests/detach-stopped). 939 * Looks like re-injecting this sig is not necessary 940 * in DETACH for the tracee to remain stopped. 941 */ 942 sig = 0; 943 } 944 /* 945 * PTRACE_INTERRUPT is not guaranteed to produce 946 * the above event if other ptrace-stop is pending. 947 * See tests/detach-sleeping testcase: 948 * strace got SIGINT while tracee is sleeping. 949 * We sent PTRACE_INTERRUPT. 950 * We see syscall exit, not PTRACE_INTERRUPT stop. 951 * We won't get PTRACE_INTERRUPT stop 952 * if we would CONT now. Need to DETACH. 953 */ 954 if (sig == syscall_trap_sig) 955 sig = 0; 956 /* else: not sure in which case we can be here. 957 * Signal stop? Inject it while detaching. 958 */ 959 ptrace_restart(PTRACE_DETACH, tcp, sig); 960 break; 961 } 962 /* Note: this check has to be after use_seize check */ 963 /* (else, in use_seize case SIGSTOP will be mistreated) */ 964 if (sig == SIGSTOP) { 965 /* Detach, suppressing SIGSTOP */ 966 ptrace_restart(PTRACE_DETACH, tcp, 0); 967 break; 968 } 969 if (sig == syscall_trap_sig) 970 sig = 0; 971 /* Can't detach just yet, may need to wait for SIGSTOP */ 972 error = ptrace_restart(PTRACE_CONT, tcp, sig); 973 if (error < 0) { 974 /* Should not happen. 975 * Note: ptrace_restart returns 0 on ESRCH, so it's not it. 976 * ptrace_restart already emitted error message. 977 */ 978 break; 979 } 980 } 981 982 drop: 983 if (!qflag && (tcp->flags & TCB_ATTACHED)) 984 error_msg("Process %u detached", tcp->pid); 985 986 droptcb(tcp); 987 } 988 989 static void 990 process_opt_p_list(char *opt) 991 { 992 while (*opt) { 993 /* 994 * We accept -p PID,PID; -p "`pidof PROG`"; -p "`pgrep PROG`". 995 * pidof uses space as delim, pgrep uses newline. :( 996 */ 997 int pid; 998 char *delim = opt + strcspn(opt, "\n\t ,"); 999 char c = *delim; 1000 1001 *delim = '\0'; 1002 pid = string_to_uint(opt); 1003 if (pid <= 0) { 1004 error_msg_and_die("Invalid process id: '%s'", opt); 1005 } 1006 if (pid == strace_tracer_pid) { 1007 error_msg_and_die("I'm sorry, I can't let you do that, Dave."); 1008 } 1009 *delim = c; 1010 alloctcb(pid); 1011 if (c == '\0') 1012 break; 1013 opt = delim + 1; 1014 } 1015 } 1016 1017 static void 1018 attach_tcb(struct tcb *const tcp) 1019 { 1020 if (ptrace_attach_or_seize(tcp->pid) < 0) { 1021 perror_msg("attach: ptrace(%s, %d)", 1022 ptrace_attach_cmd, tcp->pid); 1023 droptcb(tcp); 1024 return; 1025 } 1026 1027 tcp->flags |= TCB_ATTACHED | TCB_GRABBED | TCB_STARTUP | 1028 post_attach_sigstop; 1029 newoutf(tcp); 1030 debug_msg("attach to pid %d (main) succeeded", tcp->pid); 1031 1032 static const char task_path[] = "/proc/%d/task"; 1033 char procdir[sizeof(task_path) + sizeof(int) * 3]; 1034 DIR *dir; 1035 unsigned int ntid = 0, nerr = 0; 1036 1037 if (followfork && tcp->pid != strace_child && 1038 xsprintf(procdir, task_path, tcp->pid) > 0 && 1039 (dir = opendir(procdir)) != NULL) { 1040 struct_dirent *de; 1041 1042 while ((de = read_dir(dir)) != NULL) { 1043 if (de->d_fileno == 0) 1044 continue; 1045 1046 int tid = string_to_uint(de->d_name); 1047 if (tid <= 0 || tid == tcp->pid) 1048 continue; 1049 1050 ++ntid; 1051 if (ptrace_attach_or_seize(tid) < 0) { 1052 ++nerr; 1053 debug_perror_msg("attach: ptrace(%s, %d)", 1054 ptrace_attach_cmd, tid); 1055 continue; 1056 } 1057 debug_msg("attach to pid %d succeeded", tid); 1058 1059 struct tcb *tid_tcp = alloctcb(tid); 1060 tid_tcp->flags |= TCB_ATTACHED | TCB_GRABBED | 1061 TCB_STARTUP | post_attach_sigstop; 1062 newoutf(tid_tcp); 1063 } 1064 1065 closedir(dir); 1066 } 1067 1068 if (!qflag) { 1069 if (ntid > nerr) 1070 error_msg("Process %u attached" 1071 " with %u threads", 1072 tcp->pid, ntid - nerr + 1); 1073 else 1074 error_msg("Process %u attached", 1075 tcp->pid); 1076 } 1077 } 1078 1079 static void 1080 startup_attach(void) 1081 { 1082 pid_t parent_pid = strace_tracer_pid; 1083 unsigned int tcbi; 1084 struct tcb *tcp; 1085 1086 /* 1087 * Block user interruptions as we would leave the traced 1088 * process stopped (process state T) if we would terminate in 1089 * between PTRACE_ATTACH and wait4() on SIGSTOP. 1090 * We rely on cleanup() from this point on. 1091 */ 1092 if (interactive) 1093 sigprocmask(SIG_SETMASK, &blocked_set, NULL); 1094 1095 if (daemonized_tracer) { 1096 pid_t pid = fork(); 1097 if (pid < 0) 1098 perror_func_msg_and_die("fork"); 1099 1100 if (pid) { /* parent */ 1101 /* 1102 * Wait for grandchild to attach to straced process 1103 * (grandparent). Grandchild SIGKILLs us after it attached. 1104 * Grandparent's wait() is unblocked by our death, 1105 * it proceeds to exec the straced program. 1106 */ 1107 pause(); 1108 _exit(0); /* paranoia */ 1109 } 1110 /* grandchild */ 1111 /* We will be the tracer process. Remember our new pid: */ 1112 strace_tracer_pid = getpid(); 1113 } 1114 1115 for (tcbi = 0; tcbi < tcbtabsize; tcbi++) { 1116 tcp = tcbtab[tcbi]; 1117 1118 if (!tcp->pid) 1119 continue; 1120 1121 /* Is this a process we should attach to, but not yet attached? */ 1122 if (tcp->flags & TCB_ATTACHED) 1123 continue; /* no, we already attached it */ 1124 1125 if (tcp->pid == parent_pid || tcp->pid == strace_tracer_pid) { 1126 errno = EPERM; 1127 perror_msg("attach: pid %d", tcp->pid); 1128 droptcb(tcp); 1129 continue; 1130 } 1131 1132 attach_tcb(tcp); 1133 1134 if (interactive) { 1135 sigprocmask(SIG_SETMASK, &start_set, NULL); 1136 if (interrupted) 1137 goto ret; 1138 sigprocmask(SIG_SETMASK, &blocked_set, NULL); 1139 } 1140 } /* for each tcbtab[] */ 1141 1142 if (daemonized_tracer) { 1143 /* 1144 * Make parent go away. 1145 * Also makes grandparent's wait() unblock. 1146 */ 1147 kill(parent_pid, SIGKILL); 1148 strace_child = 0; 1149 } 1150 1151 ret: 1152 if (interactive) 1153 sigprocmask(SIG_SETMASK, &start_set, NULL); 1154 } 1155 1156 /* Stack-o-phobic exec helper, in the hope to work around 1157 * NOMMU + "daemonized tracer" difficulty. 1158 */ 1159 struct exec_params { 1160 int fd_to_close; 1161 uid_t run_euid; 1162 gid_t run_egid; 1163 char **argv; 1164 char *pathname; 1165 struct sigaction child_sa; 1166 }; 1167 static struct exec_params params_for_tracee; 1168 1169 static void ATTRIBUTE_NOINLINE ATTRIBUTE_NORETURN 1170 exec_or_die(void) 1171 { 1172 struct exec_params *params = ¶ms_for_tracee; 1173 1174 if (params->fd_to_close >= 0) 1175 close(params->fd_to_close); 1176 if (!daemonized_tracer && !use_seize) { 1177 if (ptrace(PTRACE_TRACEME, 0L, 0L, 0L) < 0) { 1178 perror_msg_and_die("ptrace(PTRACE_TRACEME, ...)"); 1179 } 1180 } 1181 1182 if (username != NULL) { 1183 /* 1184 * It is important to set groups before we 1185 * lose privileges on setuid. 1186 */ 1187 if (initgroups(username, run_gid) < 0) { 1188 perror_msg_and_die("initgroups"); 1189 } 1190 if (setregid(run_gid, params->run_egid) < 0) { 1191 perror_msg_and_die("setregid"); 1192 } 1193 if (setreuid(run_uid, params->run_euid) < 0) { 1194 perror_msg_and_die("setreuid"); 1195 } 1196 } else if (geteuid() != 0) 1197 if (setreuid(run_uid, run_uid) < 0) { 1198 perror_msg_and_die("setreuid"); 1199 } 1200 1201 if (!daemonized_tracer) { 1202 /* 1203 * Induce a ptrace stop. Tracer (our parent) 1204 * will resume us with PTRACE_SYSCALL and display 1205 * the immediately following execve syscall. 1206 * Can't do this on NOMMU systems, we are after 1207 * vfork: parent is blocked, stopping would deadlock. 1208 */ 1209 if (!NOMMU_SYSTEM) 1210 kill(getpid(), SIGSTOP); 1211 } else { 1212 alarm(3); 1213 /* we depend on SIGCHLD set to SIG_DFL by init code */ 1214 /* if it happens to be SIG_IGN'ed, wait won't block */ 1215 wait(NULL); 1216 alarm(0); 1217 } 1218 1219 if (params_for_tracee.child_sa.sa_handler != SIG_DFL) 1220 sigaction(SIGCHLD, ¶ms_for_tracee.child_sa, NULL); 1221 1222 execv(params->pathname, params->argv); 1223 perror_msg_and_die("exec"); 1224 } 1225 1226 /* 1227 * Open a dummy descriptor for use as a placeholder. 1228 * The descriptor is O_RDONLY with FD_CLOEXEC flag set. 1229 * A read attempt from such descriptor ends with EOF, 1230 * a write attempt is rejected with EBADF. 1231 */ 1232 static int 1233 open_dummy_desc(void) 1234 { 1235 int fds[2]; 1236 1237 if (pipe(fds)) 1238 perror_func_msg_and_die("pipe"); 1239 close(fds[1]); 1240 set_cloexec_flag(fds[0]); 1241 return fds[0]; 1242 } 1243 1244 /* placeholder fds status for stdin and stdout */ 1245 static bool fd_is_placeholder[2]; 1246 1247 /* 1248 * Ensure that all standard file descriptors are open by opening placeholder 1249 * file descriptors for those standard file descriptors that are not open. 1250 * 1251 * The information which descriptors have been made open is saved 1252 * in fd_is_placeholder for later use. 1253 */ 1254 static void 1255 ensure_standard_fds_opened(void) 1256 { 1257 int fd; 1258 1259 while ((fd = open_dummy_desc()) <= 2) { 1260 if (fd == 2) 1261 break; 1262 fd_is_placeholder[fd] = true; 1263 } 1264 1265 if (fd > 2) 1266 close(fd); 1267 } 1268 1269 /* 1270 * Redirect stdin and stdout unless they have been opened earlier 1271 * by ensure_standard_fds_opened as placeholders. 1272 */ 1273 static void 1274 redirect_standard_fds(void) 1275 { 1276 int i; 1277 1278 /* 1279 * It might be a good idea to redirect stderr as well, 1280 * but we sometimes need to print error messages. 1281 */ 1282 for (i = 0; i <= 1; ++i) { 1283 if (!fd_is_placeholder[i]) { 1284 close(i); 1285 open_dummy_desc(); 1286 } 1287 } 1288 } 1289 1290 static void 1291 startup_child(char **argv) 1292 { 1293 struct_stat statbuf; 1294 const char *filename; 1295 size_t filename_len; 1296 char pathname[PATH_MAX]; 1297 int pid; 1298 struct tcb *tcp; 1299 1300 filename = argv[0]; 1301 filename_len = strlen(filename); 1302 1303 if (filename_len > sizeof(pathname) - 1) { 1304 errno = ENAMETOOLONG; 1305 perror_msg_and_die("exec"); 1306 } 1307 if (strchr(filename, '/')) { 1308 strcpy(pathname, filename); 1309 } 1310 #ifdef USE_DEBUGGING_EXEC 1311 /* 1312 * Debuggers customarily check the current directory 1313 * first regardless of the path but doing that gives 1314 * security geeks a panic attack. 1315 */ 1316 else if (stat_file(filename, &statbuf) == 0) 1317 strcpy(pathname, filename); 1318 #endif /* USE_DEBUGGING_EXEC */ 1319 else { 1320 const char *path; 1321 size_t m, n, len; 1322 1323 for (path = getenv("PATH"); path && *path; path += m) { 1324 const char *colon = strchr(path, ':'); 1325 if (colon) { 1326 n = colon - path; 1327 m = n + 1; 1328 } else 1329 m = n = strlen(path); 1330 if (n == 0) { 1331 if (!getcwd(pathname, PATH_MAX)) 1332 continue; 1333 len = strlen(pathname); 1334 } else if (n > sizeof(pathname) - 1) 1335 continue; 1336 else { 1337 strncpy(pathname, path, n); 1338 len = n; 1339 } 1340 if (len && pathname[len - 1] != '/') 1341 pathname[len++] = '/'; 1342 if (filename_len + len > sizeof(pathname) - 1) 1343 continue; 1344 strcpy(pathname + len, filename); 1345 if (stat_file(pathname, &statbuf) == 0 && 1346 /* Accept only regular files 1347 with some execute bits set. 1348 XXX not perfect, might still fail */ 1349 S_ISREG(statbuf.st_mode) && 1350 (statbuf.st_mode & 0111)) 1351 break; 1352 } 1353 if (!path || !*path) 1354 pathname[0] = '\0'; 1355 } 1356 if (stat_file(pathname, &statbuf) < 0) { 1357 perror_msg_and_die("Can't stat '%s'", filename); 1358 } 1359 1360 params_for_tracee.fd_to_close = (shared_log != stderr) ? fileno(shared_log) : -1; 1361 params_for_tracee.run_euid = (statbuf.st_mode & S_ISUID) ? statbuf.st_uid : run_uid; 1362 params_for_tracee.run_egid = (statbuf.st_mode & S_ISGID) ? statbuf.st_gid : run_gid; 1363 params_for_tracee.argv = argv; 1364 /* 1365 * On NOMMU, can be safely freed only after execve in tracee. 1366 * It's hard to know when that happens, so we just leak it. 1367 */ 1368 params_for_tracee.pathname = NOMMU_SYSTEM ? xstrdup(pathname) : pathname; 1369 1370 #if defined HAVE_PRCTL && defined PR_SET_PTRACER && defined PR_SET_PTRACER_ANY 1371 if (daemonized_tracer) 1372 prctl(PR_SET_PTRACER, PR_SET_PTRACER_ANY); 1373 #endif 1374 1375 pid = fork(); 1376 if (pid < 0) 1377 perror_func_msg_and_die("fork"); 1378 1379 if ((pid != 0 && daemonized_tracer) 1380 || (pid == 0 && !daemonized_tracer) 1381 ) { 1382 /* We are to become the tracee. Two cases: 1383 * -D: we are parent 1384 * not -D: we are child 1385 */ 1386 exec_or_die(); 1387 } 1388 1389 /* We are the tracer */ 1390 1391 if (!daemonized_tracer) { 1392 strace_child = pid; 1393 if (!use_seize) { 1394 /* child did PTRACE_TRACEME, nothing to do in parent */ 1395 } else { 1396 if (!NOMMU_SYSTEM) { 1397 /* Wait until child stopped itself */ 1398 int status; 1399 while (waitpid(pid, &status, WSTOPPED) < 0) { 1400 if (errno == EINTR) 1401 continue; 1402 perror_msg_and_die("waitpid"); 1403 } 1404 if (!WIFSTOPPED(status) || WSTOPSIG(status) != SIGSTOP) { 1405 kill_save_errno(pid, SIGKILL); 1406 perror_msg_and_die("Unexpected wait status %#x", 1407 status); 1408 } 1409 } 1410 /* Else: NOMMU case, we have no way to sync. 1411 * Just attach to it as soon as possible. 1412 * This means that we may miss a few first syscalls... 1413 */ 1414 1415 if (ptrace_attach_or_seize(pid)) { 1416 kill_save_errno(pid, SIGKILL); 1417 perror_msg_and_die("attach: ptrace(%s, %d)", 1418 ptrace_attach_cmd, pid); 1419 } 1420 if (!NOMMU_SYSTEM) 1421 kill(pid, SIGCONT); 1422 } 1423 tcp = alloctcb(pid); 1424 tcp->flags |= TCB_ATTACHED | TCB_STARTUP 1425 | TCB_SKIP_DETACH_ON_FIRST_EXEC 1426 | (NOMMU_SYSTEM ? 0 : (TCB_HIDE_LOG | post_attach_sigstop)); 1427 newoutf(tcp); 1428 } else { 1429 /* With -D, we are *child* here, the tracee is our parent. */ 1430 strace_child = strace_tracer_pid; 1431 strace_tracer_pid = getpid(); 1432 tcp = alloctcb(strace_child); 1433 tcp->flags |= TCB_SKIP_DETACH_ON_FIRST_EXEC | TCB_HIDE_LOG; 1434 /* attaching will be done later, by startup_attach */ 1435 /* note: we don't do newoutf(tcp) here either! */ 1436 1437 /* NOMMU BUG! -D mode is active, we (child) return, 1438 * and we will scribble over parent's stack! 1439 * When parent later unpauses, it segfaults. 1440 * 1441 * We work around it 1442 * (1) by declaring exec_or_die() NORETURN, 1443 * hopefully compiler will just jump to it 1444 * instead of call (won't push anything to stack), 1445 * (2) by trying very hard in exec_or_die() 1446 * to not use any stack, 1447 * (3) having a really big (PATH_MAX) stack object 1448 * in this function, which creates a "buffer" between 1449 * child's and parent's stack pointers. 1450 * This may save us if (1) and (2) failed 1451 * and compiler decided to use stack in exec_or_die() anyway 1452 * (happens on i386 because of stack parameter passing). 1453 * 1454 * A cleaner solution is to use makecontext + setcontext 1455 * to create a genuine separate stack and execute on it. 1456 */ 1457 } 1458 /* 1459 * A case where straced process is part of a pipe: 1460 * { sleep 1; yes | head -n99999; } | strace -o/dev/null sh -c 'exec <&-; sleep 9' 1461 * If strace won't close its fd#0, closing it in tracee is not enough: 1462 * the pipe is still open, it has a reader. Thus, "head" will not get its 1463 * SIGPIPE at once, on the first write. 1464 * 1465 * Preventing it by redirecting strace's stdin/out. 1466 * (Don't leave fds 0 and 1 closed, this is bad practice: future opens 1467 * will reuse them, unexpectedly making a newly opened object "stdin"). 1468 */ 1469 redirect_standard_fds(); 1470 } 1471 1472 #if USE_SEIZE 1473 static void 1474 test_ptrace_seize(void) 1475 { 1476 int pid; 1477 1478 /* Need fork for test. NOMMU has no forks */ 1479 if (NOMMU_SYSTEM) { 1480 post_attach_sigstop = 0; /* this sets use_seize to 1 */ 1481 return; 1482 } 1483 1484 pid = fork(); 1485 if (pid < 0) 1486 perror_func_msg_and_die("fork"); 1487 1488 if (pid == 0) { 1489 pause(); 1490 _exit(0); 1491 } 1492 1493 /* PTRACE_SEIZE, unlike ATTACH, doesn't force tracee to trap. After 1494 * attaching tracee continues to run unless a trap condition occurs. 1495 * PTRACE_SEIZE doesn't affect signal or group stop state. 1496 */ 1497 if (ptrace(PTRACE_SEIZE, pid, 0, 0) == 0) { 1498 post_attach_sigstop = 0; /* this sets use_seize to 1 */ 1499 } else { 1500 debug_msg("PTRACE_SEIZE doesn't work"); 1501 } 1502 1503 kill(pid, SIGKILL); 1504 1505 while (1) { 1506 int status, tracee_pid; 1507 1508 errno = 0; 1509 tracee_pid = waitpid(pid, &status, 0); 1510 if (tracee_pid <= 0) { 1511 if (errno == EINTR) 1512 continue; 1513 perror_func_msg_and_die("unexpected wait result %d", 1514 tracee_pid); 1515 } 1516 if (WIFSIGNALED(status)) 1517 return; 1518 1519 error_func_msg_and_die("unexpected wait status %#x", status); 1520 } 1521 } 1522 #else /* !USE_SEIZE */ 1523 # define test_ptrace_seize() ((void)0) 1524 #endif 1525 1526 static unsigned 1527 get_os_release(void) 1528 { 1529 unsigned rel; 1530 const char *p; 1531 struct utsname u; 1532 if (uname(&u) < 0) 1533 perror_msg_and_die("uname"); 1534 /* u.release has this form: "3.2.9[-some-garbage]" */ 1535 rel = 0; 1536 p = u.release; 1537 for (;;) { 1538 if (!(*p >= '0' && *p <= '9')) 1539 error_msg_and_die("Bad OS release string: '%s'", u.release); 1540 /* Note: this open-codes KERNEL_VERSION(): */ 1541 rel = (rel << 8) | atoi(p); 1542 if (rel >= KERNEL_VERSION(1, 0, 0)) 1543 break; 1544 while (*p >= '0' && *p <= '9') 1545 p++; 1546 if (*p != '.') { 1547 if (rel >= KERNEL_VERSION(0, 1, 0)) { 1548 /* "X.Y-something" means "X.Y.0" */ 1549 rel <<= 8; 1550 break; 1551 } 1552 error_msg_and_die("Bad OS release string: '%s'", u.release); 1553 } 1554 p++; 1555 } 1556 return rel; 1557 } 1558 1559 static void 1560 set_sighandler(int signo, void (*sighandler)(int), struct sigaction *oldact) 1561 { 1562 /* if signal handler is a function, add the signal to blocked_set */ 1563 if (sighandler != SIG_IGN && sighandler != SIG_DFL) 1564 sigaddset(&blocked_set, signo); 1565 1566 const struct sigaction sa = { .sa_handler = sighandler }; 1567 sigaction(signo, &sa, oldact); 1568 } 1569 1570 /* 1571 * Initialization part of main() was eating much stack (~0.5k), 1572 * which was unused after init. 1573 * We can reuse it if we move init code into a separate function. 1574 * 1575 * Don't want main() to inline us and defeat the reason 1576 * we have a separate function. 1577 */ 1578 static void ATTRIBUTE_NOINLINE 1579 init(int argc, char *argv[]) 1580 { 1581 int c, i; 1582 int optF = 0; 1583 1584 if (!program_invocation_name || !*program_invocation_name) { 1585 static char name[] = "strace"; 1586 program_invocation_name = 1587 (argc > 0 && argv[0] && *argv[0]) ? argv[0] : name; 1588 } 1589 1590 strace_tracer_pid = getpid(); 1591 1592 os_release = get_os_release(); 1593 1594 shared_log = stderr; 1595 set_sortby(DEFAULT_SORTBY); 1596 set_personality(DEFAULT_PERSONALITY); 1597 qualify("trace=all"); 1598 qualify("abbrev=all"); 1599 qualify("verbose=all"); 1600 #if DEFAULT_QUAL_FLAGS != (QUAL_TRACE | QUAL_ABBREV | QUAL_VERBOSE) 1601 # error Bug in DEFAULT_QUAL_FLAGS 1602 #endif 1603 qualify("signal=all"); 1604 while ((c = getopt(argc, argv, "+" 1605 #ifdef USE_LIBUNWIND 1606 "k" 1607 #endif 1608 "a:b:cCdDe:E:fFhiI:o:O:p:P:qrs:S:tTu:vVwxyz")) != EOF) { 1609 switch (c) { 1610 case 'a': 1611 acolumn = string_to_uint(optarg); 1612 if (acolumn < 0) 1613 error_opt_arg(c, optarg); 1614 break; 1615 case 'b': 1616 if (strcmp(optarg, "execve") != 0) 1617 error_msg_and_die("Syscall '%s' for -b isn't supported", 1618 optarg); 1619 detach_on_execve = 1; 1620 break; 1621 case 'c': 1622 if (cflag == CFLAG_BOTH) { 1623 error_msg_and_help("-c and -C are mutually exclusive"); 1624 } 1625 cflag = CFLAG_ONLY_STATS; 1626 break; 1627 case 'C': 1628 if (cflag == CFLAG_ONLY_STATS) { 1629 error_msg_and_help("-c and -C are mutually exclusive"); 1630 } 1631 cflag = CFLAG_BOTH; 1632 break; 1633 case 'd': 1634 debug_flag = 1; 1635 break; 1636 case 'D': 1637 daemonized_tracer = 1; 1638 break; 1639 case 'e': 1640 qualify(optarg); 1641 break; 1642 case 'E': 1643 if (putenv(optarg) < 0) 1644 perror_msg_and_die("putenv"); 1645 break; 1646 case 'f': 1647 followfork++; 1648 break; 1649 case 'F': 1650 optF = 1; 1651 break; 1652 case 'h': 1653 usage(); 1654 break; 1655 case 'i': 1656 iflag = 1; 1657 break; 1658 case 'I': 1659 opt_intr = string_to_uint_upto(optarg, NUM_INTR_OPTS - 1); 1660 if (opt_intr <= 0) 1661 error_opt_arg(c, optarg); 1662 break; 1663 #ifdef USE_LIBUNWIND 1664 case 'k': 1665 stack_trace_enabled = true; 1666 break; 1667 #endif 1668 case 'o': 1669 outfname = optarg; 1670 break; 1671 case 'O': 1672 i = string_to_uint(optarg); 1673 if (i < 0) 1674 error_opt_arg(c, optarg); 1675 set_overhead(i); 1676 break; 1677 case 'p': 1678 process_opt_p_list(optarg); 1679 break; 1680 case 'P': 1681 pathtrace_select(optarg); 1682 break; 1683 case 'q': 1684 qflag++; 1685 break; 1686 case 'r': 1687 rflag = 1; 1688 break; 1689 case 's': 1690 i = string_to_uint(optarg); 1691 if (i < 0 || (unsigned int) i > -1U / 4) 1692 error_opt_arg(c, optarg); 1693 max_strlen = i; 1694 break; 1695 case 'S': 1696 set_sortby(optarg); 1697 break; 1698 case 't': 1699 tflag++; 1700 break; 1701 case 'T': 1702 Tflag = 1; 1703 break; 1704 case 'u': 1705 username = optarg; 1706 break; 1707 case 'v': 1708 qualify("abbrev=none"); 1709 break; 1710 case 'V': 1711 print_version(); 1712 exit(0); 1713 break; 1714 case 'w': 1715 count_wallclock = 1; 1716 break; 1717 case 'x': 1718 xflag++; 1719 break; 1720 case 'y': 1721 show_fd_path++; 1722 break; 1723 case 'z': 1724 not_failing_only = 1; 1725 break; 1726 default: 1727 error_msg_and_help(NULL); 1728 break; 1729 } 1730 } 1731 1732 argv += optind; 1733 argc -= optind; 1734 1735 if (argc < 0 || (!nprocs && !argc)) { 1736 error_msg_and_help("must have PROG [ARGS] or -p PID"); 1737 } 1738 1739 if (!argc && daemonized_tracer) { 1740 error_msg_and_help("PROG [ARGS] must be specified with -D"); 1741 } 1742 1743 if (optF) { 1744 if (followfork) { 1745 error_msg("deprecated option -F ignored"); 1746 } else { 1747 error_msg("option -F is deprecated, " 1748 "please use -f instead"); 1749 followfork = optF; 1750 } 1751 } 1752 1753 if (followfork >= 2 && cflag) { 1754 error_msg_and_help("(-c or -C) and -ff are mutually exclusive"); 1755 } 1756 1757 if (count_wallclock && !cflag) { 1758 error_msg_and_help("-w must be given with (-c or -C)"); 1759 } 1760 1761 if (cflag == CFLAG_ONLY_STATS) { 1762 if (iflag) 1763 error_msg("-%c has no effect with -c", 'i'); 1764 #ifdef USE_LIBUNWIND 1765 if (stack_trace_enabled) 1766 error_msg("-%c has no effect with -c", 'k'); 1767 #endif 1768 if (rflag) 1769 error_msg("-%c has no effect with -c", 'r'); 1770 if (tflag) 1771 error_msg("-%c has no effect with -c", 't'); 1772 if (Tflag) 1773 error_msg("-%c has no effect with -c", 'T'); 1774 if (show_fd_path) 1775 error_msg("-%c has no effect with -c", 'y'); 1776 } 1777 1778 if (rflag) { 1779 if (tflag > 1) 1780 error_msg("-tt has no effect with -r"); 1781 tflag = 1; 1782 } 1783 1784 acolumn_spaces = xmalloc(acolumn + 1); 1785 memset(acolumn_spaces, ' ', acolumn); 1786 acolumn_spaces[acolumn] = '\0'; 1787 1788 sigprocmask(SIG_SETMASK, NULL, &start_set); 1789 memcpy(&blocked_set, &start_set, sizeof(blocked_set)); 1790 1791 set_sighandler(SIGCHLD, SIG_DFL, ¶ms_for_tracee.child_sa); 1792 1793 #ifdef USE_LIBUNWIND 1794 if (stack_trace_enabled) { 1795 unsigned int tcbi; 1796 1797 unwind_init(); 1798 for (tcbi = 0; tcbi < tcbtabsize; ++tcbi) { 1799 unwind_tcb_init(tcbtab[tcbi]); 1800 } 1801 } 1802 #endif 1803 1804 /* See if they want to run as another user. */ 1805 if (username != NULL) { 1806 struct passwd *pent; 1807 1808 if (getuid() != 0 || geteuid() != 0) { 1809 error_msg_and_die("You must be root to use the -u option"); 1810 } 1811 pent = getpwnam(username); 1812 if (pent == NULL) { 1813 error_msg_and_die("Cannot find user '%s'", username); 1814 } 1815 run_uid = pent->pw_uid; 1816 run_gid = pent->pw_gid; 1817 } else { 1818 run_uid = getuid(); 1819 run_gid = getgid(); 1820 } 1821 1822 if (followfork) 1823 ptrace_setoptions |= PTRACE_O_TRACECLONE | 1824 PTRACE_O_TRACEFORK | 1825 PTRACE_O_TRACEVFORK; 1826 debug_msg("ptrace_setoptions = %#x", ptrace_setoptions); 1827 test_ptrace_seize(); 1828 1829 /* 1830 * Is something weird with our stdin and/or stdout - 1831 * for example, may they be not open? In this case, 1832 * ensure that none of the future opens uses them. 1833 * 1834 * This was seen in the wild when /proc/sys/kernel/core_pattern 1835 * was set to "|/bin/strace -o/tmp/LOG PROG": 1836 * kernel runs coredump helper with fd#0 open but fd#1 closed (!), 1837 * therefore LOG gets opened to fd#1, and fd#1 is closed by 1838 * "don't hold up stdin/out open" code soon after. 1839 */ 1840 ensure_standard_fds_opened(); 1841 1842 /* Check if they want to redirect the output. */ 1843 if (outfname) { 1844 /* See if they want to pipe the output. */ 1845 if (outfname[0] == '|' || outfname[0] == '!') { 1846 /* 1847 * We can't do the <outfname>.PID funny business 1848 * when using popen, so prohibit it. 1849 */ 1850 if (followfork >= 2) 1851 error_msg_and_help("piping the output and -ff " 1852 "are mutually exclusive"); 1853 shared_log = strace_popen(outfname + 1); 1854 } else if (followfork < 2) { 1855 shared_log = strace_fopen(outfname); 1856 } else if (strlen(outfname) >= PATH_MAX - sizeof(int) * 3) { 1857 errno = ENAMETOOLONG; 1858 perror_msg_and_die("%s", outfname); 1859 } 1860 } else { 1861 /* -ff without -o FILE is the same as single -f */ 1862 if (followfork >= 2) 1863 followfork = 1; 1864 } 1865 1866 if (!outfname || outfname[0] == '|' || outfname[0] == '!') { 1867 setvbuf(shared_log, NULL, _IOLBF, 0); 1868 } 1869 1870 /* 1871 * argv[0] -pPID -oFILE Default interactive setting 1872 * yes * 0 INTR_WHILE_WAIT 1873 * no 1 0 INTR_WHILE_WAIT 1874 * yes * 1 INTR_NEVER 1875 * no 1 1 INTR_WHILE_WAIT 1876 */ 1877 1878 if (outfname && argc) { 1879 if (!opt_intr) 1880 opt_intr = INTR_NEVER; 1881 if (!qflag) 1882 qflag = 1; 1883 } 1884 if (!opt_intr) 1885 opt_intr = INTR_WHILE_WAIT; 1886 1887 /* 1888 * startup_child() must be called before the signal handlers get 1889 * installed below as they are inherited into the spawned process. 1890 * Also we do not need to be protected by them as during interruption 1891 * in the startup_child() mode we kill the spawned process anyway. 1892 */ 1893 if (argc) { 1894 startup_child(argv); 1895 } 1896 1897 set_sighandler(SIGTTOU, SIG_IGN, NULL); 1898 set_sighandler(SIGTTIN, SIG_IGN, NULL); 1899 if (opt_intr != INTR_ANYWHERE) { 1900 if (opt_intr == INTR_BLOCK_TSTP_TOO) 1901 set_sighandler(SIGTSTP, SIG_IGN, NULL); 1902 /* 1903 * In interactive mode (if no -o OUTFILE, or -p PID is used), 1904 * fatal signals are blocked while syscall stop is processed, 1905 * and acted on in between, when waiting for new syscall stops. 1906 * In non-interactive mode, signals are ignored. 1907 */ 1908 set_sighandler(SIGHUP, interactive ? interrupt : SIG_IGN, NULL); 1909 set_sighandler(SIGINT, interactive ? interrupt : SIG_IGN, NULL); 1910 set_sighandler(SIGQUIT, interactive ? interrupt : SIG_IGN, NULL); 1911 set_sighandler(SIGPIPE, interactive ? interrupt : SIG_IGN, NULL); 1912 set_sighandler(SIGTERM, interactive ? interrupt : SIG_IGN, NULL); 1913 } 1914 1915 if (nprocs != 0 || daemonized_tracer) 1916 startup_attach(); 1917 1918 /* Do we want pids printed in our -o OUTFILE? 1919 * -ff: no (every pid has its own file); or 1920 * -f: yes (there can be more pids in the future); or 1921 * -p PID1,PID2: yes (there are already more than one pid) 1922 */ 1923 print_pid_pfx = (outfname && followfork < 2 && (followfork == 1 || nprocs > 1)); 1924 } 1925 1926 static struct tcb * 1927 pid2tcb(int pid) 1928 { 1929 unsigned int i; 1930 1931 if (pid <= 0) 1932 return NULL; 1933 1934 for (i = 0; i < tcbtabsize; i++) { 1935 struct tcb *tcp = tcbtab[i]; 1936 if (tcp->pid == pid) 1937 return tcp; 1938 } 1939 1940 return NULL; 1941 } 1942 1943 static void 1944 cleanup(void) 1945 { 1946 unsigned int i; 1947 struct tcb *tcp; 1948 int fatal_sig; 1949 1950 /* 'interrupted' is a volatile object, fetch it only once */ 1951 fatal_sig = interrupted; 1952 if (!fatal_sig) 1953 fatal_sig = SIGTERM; 1954 1955 for (i = 0; i < tcbtabsize; i++) { 1956 tcp = tcbtab[i]; 1957 if (!tcp->pid) 1958 continue; 1959 debug_func_msg("looking at pid %u", tcp->pid); 1960 if (tcp->pid == strace_child) { 1961 kill(tcp->pid, SIGCONT); 1962 kill(tcp->pid, fatal_sig); 1963 } 1964 detach(tcp); 1965 } 1966 if (cflag) 1967 call_summary(shared_log); 1968 } 1969 1970 static void 1971 interrupt(int sig) 1972 { 1973 interrupted = sig; 1974 } 1975 1976 static void 1977 print_debug_info(const int pid, int status) 1978 { 1979 const unsigned int event = (unsigned int) status >> 16; 1980 char buf[sizeof("WIFEXITED,exitcode=%u") + sizeof(int)*3 /*paranoia:*/ + 16]; 1981 char evbuf[sizeof(",EVENT_VFORK_DONE (%u)") + sizeof(int)*3 /*paranoia:*/ + 16]; 1982 1983 strcpy(buf, "???"); 1984 if (WIFSIGNALED(status)) 1985 #ifdef WCOREDUMP 1986 xsprintf(buf, "WIFSIGNALED,%ssig=%s", 1987 WCOREDUMP(status) ? "core," : "", 1988 signame(WTERMSIG(status))); 1989 #else 1990 xsprintf(buf, "WIFSIGNALED,sig=%s", 1991 signame(WTERMSIG(status))); 1992 #endif 1993 if (WIFEXITED(status)) 1994 xsprintf(buf, "WIFEXITED,exitcode=%u", WEXITSTATUS(status)); 1995 if (WIFSTOPPED(status)) 1996 xsprintf(buf, "WIFSTOPPED,sig=%s", signame(WSTOPSIG(status))); 1997 evbuf[0] = '\0'; 1998 if (event != 0) { 1999 static const char *const event_names[] = { 2000 [PTRACE_EVENT_CLONE] = "CLONE", 2001 [PTRACE_EVENT_FORK] = "FORK", 2002 [PTRACE_EVENT_VFORK] = "VFORK", 2003 [PTRACE_EVENT_VFORK_DONE] = "VFORK_DONE", 2004 [PTRACE_EVENT_EXEC] = "EXEC", 2005 [PTRACE_EVENT_EXIT] = "EXIT", 2006 /* [PTRACE_EVENT_STOP (=128)] would make biggish array */ 2007 }; 2008 const char *e = "??"; 2009 if (event < ARRAY_SIZE(event_names)) 2010 e = event_names[event]; 2011 else if (event == PTRACE_EVENT_STOP) 2012 e = "STOP"; 2013 xsprintf(evbuf, ",EVENT_%s (%u)", e, event); 2014 } 2015 error_msg("[wait(0x%06x) = %u] %s%s", status, pid, buf, evbuf); 2016 } 2017 2018 static struct tcb * 2019 maybe_allocate_tcb(const int pid, int status) 2020 { 2021 if (!WIFSTOPPED(status)) { 2022 if (detach_on_execve && pid == strace_child) { 2023 /* example: strace -bexecve sh -c 'exec true' */ 2024 strace_child = 0; 2025 return NULL; 2026 } 2027 /* 2028 * This can happen if we inherited an unknown child. 2029 * Example: (sleep 1 & exec strace true) 2030 */ 2031 error_msg("Exit of unknown pid %u ignored", pid); 2032 return NULL; 2033 } 2034 if (followfork) { 2035 /* We assume it's a fork/vfork/clone child */ 2036 struct tcb *tcp = alloctcb(pid); 2037 tcp->flags |= TCB_ATTACHED | TCB_STARTUP | post_attach_sigstop; 2038 newoutf(tcp); 2039 if (!qflag) 2040 error_msg("Process %d attached", pid); 2041 return tcp; 2042 } else { 2043 /* 2044 * This can happen if a clone call misused CLONE_PTRACE itself. 2045 * 2046 * There used to be a dance around possible re-injection of 2047 * WSTOPSIG(status), but it was later removed as the only 2048 * observable stop here is the initial ptrace-stop. 2049 */ 2050 ptrace(PTRACE_DETACH, pid, NULL, 0L); 2051 error_msg("Detached unknown pid %d", pid); 2052 return NULL; 2053 } 2054 } 2055 2056 static struct tcb * 2057 maybe_switch_tcbs(struct tcb *tcp, const int pid) 2058 { 2059 FILE *fp; 2060 struct tcb *execve_thread; 2061 long old_pid = 0; 2062 2063 if (ptrace(PTRACE_GETEVENTMSG, pid, NULL, &old_pid) < 0) 2064 return tcp; 2065 /* Avoid truncation in pid2tcb() param passing */ 2066 if (old_pid <= 0 || old_pid == pid) 2067 return tcp; 2068 if ((unsigned long) old_pid > UINT_MAX) 2069 return tcp; 2070 execve_thread = pid2tcb(old_pid); 2071 /* It should be !NULL, but I feel paranoid */ 2072 if (!execve_thread) 2073 return tcp; 2074 2075 if (execve_thread->curcol != 0) { 2076 /* 2077 * One case we are here is -ff: 2078 * try "strace -oLOG -ff test/threaded_execve" 2079 */ 2080 fprintf(execve_thread->outf, " <pid changed to %d ...>\n", pid); 2081 /*execve_thread->curcol = 0; - no need, see code below */ 2082 } 2083 /* Swap output FILEs (needed for -ff) */ 2084 fp = execve_thread->outf; 2085 execve_thread->outf = tcp->outf; 2086 tcp->outf = fp; 2087 /* And their column positions */ 2088 execve_thread->curcol = tcp->curcol; 2089 tcp->curcol = 0; 2090 /* Drop leader, but close execve'd thread outfile (if -ff) */ 2091 droptcb(tcp); 2092 /* Switch to the thread, reusing leader's outfile and pid */ 2093 tcp = execve_thread; 2094 tcp->pid = pid; 2095 if (cflag != CFLAG_ONLY_STATS) { 2096 printleader(tcp); 2097 tprintf("+++ superseded by execve in pid %lu +++\n", old_pid); 2098 line_ended(); 2099 tcp->flags |= TCB_REPRINT; 2100 } 2101 2102 return tcp; 2103 } 2104 2105 static void 2106 print_signalled(struct tcb *tcp, const int pid, int status) 2107 { 2108 if (pid == strace_child) { 2109 exit_code = 0x100 | WTERMSIG(status); 2110 strace_child = 0; 2111 } 2112 2113 if (cflag != CFLAG_ONLY_STATS 2114 && is_number_in_set(WTERMSIG(status), signal_set)) { 2115 printleader(tcp); 2116 #ifdef WCOREDUMP 2117 tprintf("+++ killed by %s %s+++\n", 2118 signame(WTERMSIG(status)), 2119 WCOREDUMP(status) ? "(core dumped) " : ""); 2120 #else 2121 tprintf("+++ killed by %s +++\n", 2122 signame(WTERMSIG(status))); 2123 #endif 2124 line_ended(); 2125 } 2126 } 2127 2128 static void 2129 print_exited(struct tcb *tcp, const int pid, int status) 2130 { 2131 if (pid == strace_child) { 2132 exit_code = WEXITSTATUS(status); 2133 strace_child = 0; 2134 } 2135 2136 if (cflag != CFLAG_ONLY_STATS && 2137 qflag < 2) { 2138 printleader(tcp); 2139 tprintf("+++ exited with %d +++\n", WEXITSTATUS(status)); 2140 line_ended(); 2141 } 2142 } 2143 2144 static void 2145 print_stopped(struct tcb *tcp, const siginfo_t *si, const unsigned int sig) 2146 { 2147 if (cflag != CFLAG_ONLY_STATS 2148 && !hide_log(tcp) 2149 && is_number_in_set(sig, signal_set)) { 2150 printleader(tcp); 2151 if (si) { 2152 tprintf("--- %s ", signame(sig)); 2153 printsiginfo(si); 2154 tprints(" ---\n"); 2155 } else 2156 tprintf("--- stopped by %s ---\n", signame(sig)); 2157 line_ended(); 2158 } 2159 } 2160 2161 static void 2162 startup_tcb(struct tcb *tcp) 2163 { 2164 debug_msg("pid %d has TCB_STARTUP, initializing it", tcp->pid); 2165 2166 tcp->flags &= ~TCB_STARTUP; 2167 2168 if (!use_seize) { 2169 debug_msg("setting opts 0x%x on pid %d", 2170 ptrace_setoptions, tcp->pid); 2171 if (ptrace(PTRACE_SETOPTIONS, tcp->pid, NULL, ptrace_setoptions) < 0) { 2172 if (errno != ESRCH) { 2173 /* Should never happen, really */ 2174 perror_msg_and_die("PTRACE_SETOPTIONS"); 2175 } 2176 } 2177 } 2178 2179 if ((tcp->flags & TCB_GRABBED) && (get_scno(tcp) == 1)) 2180 tcp->s_prev_ent = tcp->s_ent; 2181 } 2182 2183 static void 2184 print_event_exit(struct tcb *tcp) 2185 { 2186 if (entering(tcp) || filtered(tcp) || hide_log(tcp) 2187 || cflag == CFLAG_ONLY_STATS) { 2188 return; 2189 } 2190 2191 if (followfork < 2 && printing_tcp && printing_tcp != tcp 2192 && printing_tcp->curcol != 0) { 2193 set_current_tcp(printing_tcp); 2194 tprints(" <unfinished ...>\n"); 2195 flush_tcp_output(printing_tcp); 2196 printing_tcp->curcol = 0; 2197 set_current_tcp(tcp); 2198 } 2199 2200 if ((followfork < 2 && printing_tcp != tcp) 2201 || (tcp->flags & TCB_REPRINT)) { 2202 tcp->flags &= ~TCB_REPRINT; 2203 printleader(tcp); 2204 tprintf("<... %s resumed>", tcp->s_ent->sys_name); 2205 } 2206 2207 if (!(tcp->sys_func_rval & RVAL_DECODED)) { 2208 /* 2209 * The decoder has probably decided to print something 2210 * on exiting syscall which is not going to happen. 2211 */ 2212 tprints(" <unfinished ...>"); 2213 } 2214 2215 printing_tcp = tcp; 2216 tprints(") "); 2217 tabto(); 2218 tprints("= ?\n"); 2219 line_ended(); 2220 } 2221 2222 static enum trace_event 2223 next_event(int *pstatus, siginfo_t *si) 2224 { 2225 int pid; 2226 int wait_errno; 2227 int status; 2228 struct tcb *tcp; 2229 struct rusage ru; 2230 2231 if (interrupted) 2232 return TE_BREAK; 2233 2234 /* 2235 * Used to exit simply when nprocs hits zero, but in this testcase: 2236 * int main(void) { _exit(!!fork()); } 2237 * under strace -f, parent sometimes (rarely) manages 2238 * to exit before we see the first stop of the child, 2239 * and we are losing track of it: 2240 * 19923 clone(...) = 19924 2241 * 19923 exit_group(1) = ? 2242 * 19923 +++ exited with 1 +++ 2243 * Exiting only when wait() returns ECHILD works better. 2244 */ 2245 if (popen_pid != 0) { 2246 /* However, if -o|logger is in use, we can't do that. 2247 * Can work around that by double-forking the logger, 2248 * but that loses the ability to wait for its completion 2249 * on exit. Oh well... 2250 */ 2251 if (nprocs == 0) 2252 return TE_BREAK; 2253 } 2254 2255 if (interactive) 2256 sigprocmask(SIG_SETMASK, &start_set, NULL); 2257 pid = wait4(-1, pstatus, __WALL, (cflag ? &ru : NULL)); 2258 wait_errno = errno; 2259 if (interactive) 2260 sigprocmask(SIG_SETMASK, &blocked_set, NULL); 2261 2262 if (pid < 0) { 2263 if (wait_errno == EINTR) 2264 return TE_NEXT; 2265 if (nprocs == 0 && wait_errno == ECHILD) 2266 return TE_BREAK; 2267 /* 2268 * If nprocs > 0, ECHILD is not expected, 2269 * treat it as any other error here: 2270 */ 2271 errno = wait_errno; 2272 perror_msg_and_die("wait4(__WALL)"); 2273 } 2274 2275 status = *pstatus; 2276 2277 if (pid == popen_pid) { 2278 if (!WIFSTOPPED(status)) 2279 popen_pid = 0; 2280 return TE_NEXT; 2281 } 2282 2283 if (debug_flag) 2284 print_debug_info(pid, status); 2285 2286 /* Look up 'pid' in our table. */ 2287 tcp = pid2tcb(pid); 2288 2289 if (!tcp) { 2290 tcp = maybe_allocate_tcb(pid, status); 2291 if (!tcp) 2292 return TE_NEXT; 2293 } 2294 2295 clear_regs(tcp); 2296 2297 /* Set current output file */ 2298 set_current_tcp(tcp); 2299 2300 if (cflag) { 2301 tv_sub(&tcp->dtime, &ru.ru_stime, &tcp->stime); 2302 tcp->stime = ru.ru_stime; 2303 } 2304 2305 if (WIFSIGNALED(status)) 2306 return TE_SIGNALLED; 2307 2308 if (WIFEXITED(status)) 2309 return TE_EXITED; 2310 2311 /* 2312 * As WCONTINUED flag has not been specified to wait4, 2313 * it cannot be WIFCONTINUED(status), so the only case 2314 * that remains is WIFSTOPPED(status). 2315 */ 2316 2317 /* Is this the very first time we see this tracee stopped? */ 2318 if (tcp->flags & TCB_STARTUP) 2319 startup_tcb(tcp); 2320 2321 const unsigned int sig = WSTOPSIG(status); 2322 const unsigned int event = (unsigned int) status >> 16; 2323 2324 switch (event) { 2325 case 0: 2326 /* 2327 * Is this post-attach SIGSTOP? 2328 * Interestingly, the process may stop 2329 * with STOPSIG equal to some other signal 2330 * than SIGSTOP if we happened to attach 2331 * just before the process takes a signal. 2332 */ 2333 if (sig == SIGSTOP && (tcp->flags & TCB_IGNORE_ONE_SIGSTOP)) { 2334 debug_func_msg("ignored SIGSTOP on pid %d", tcp->pid); 2335 tcp->flags &= ~TCB_IGNORE_ONE_SIGSTOP; 2336 return TE_RESTART; 2337 } else if (sig == syscall_trap_sig) { 2338 return TE_SYSCALL_STOP; 2339 } else { 2340 *si = (siginfo_t) {}; 2341 /* 2342 * True if tracee is stopped by signal 2343 * (as opposed to "tracee received signal"). 2344 * TODO: shouldn't we check for errno == EINVAL too? 2345 * We can get ESRCH instead, you know... 2346 */ 2347 bool stopped = ptrace(PTRACE_GETSIGINFO, pid, 0, si) < 0; 2348 return stopped ? TE_GROUP_STOP : TE_SIGNAL_DELIVERY_STOP; 2349 } 2350 break; 2351 #if USE_SEIZE 2352 case PTRACE_EVENT_STOP: 2353 /* 2354 * PTRACE_INTERRUPT-stop or group-stop. 2355 * PTRACE_INTERRUPT-stop has sig == SIGTRAP here. 2356 */ 2357 switch (sig) { 2358 case SIGSTOP: 2359 case SIGTSTP: 2360 case SIGTTIN: 2361 case SIGTTOU: 2362 return TE_GROUP_STOP; 2363 } 2364 return TE_RESTART; 2365 #endif 2366 case PTRACE_EVENT_EXEC: 2367 return TE_STOP_BEFORE_EXECVE; 2368 case PTRACE_EVENT_EXIT: 2369 return TE_STOP_BEFORE_EXIT; 2370 default: 2371 return TE_RESTART; 2372 } 2373 } 2374 2375 static int 2376 trace_syscall(struct tcb *tcp, unsigned int *sig) 2377 { 2378 if (entering(tcp)) { 2379 int res = syscall_entering_decode(tcp); 2380 switch (res) { 2381 case 0: 2382 return 0; 2383 case 1: 2384 res = syscall_entering_trace(tcp, sig); 2385 } 2386 syscall_entering_finish(tcp, res); 2387 return res; 2388 } else { 2389 struct timeval tv = {}; 2390 int res = syscall_exiting_decode(tcp, &tv); 2391 if (res != 0) { 2392 res = syscall_exiting_trace(tcp, tv, res); 2393 } 2394 syscall_exiting_finish(tcp); 2395 return res; 2396 } 2397 } 2398 2399 /* Returns true iff the main trace loop has to continue. */ 2400 static bool 2401 dispatch_event(enum trace_event ret, int *pstatus, siginfo_t *si) 2402 { 2403 unsigned int restart_op = PTRACE_SYSCALL; 2404 unsigned int restart_sig = 0; 2405 2406 switch (ret) { 2407 case TE_BREAK: 2408 return false; 2409 2410 case TE_NEXT: 2411 return true; 2412 2413 case TE_RESTART: 2414 break; 2415 2416 case TE_SYSCALL_STOP: 2417 if (trace_syscall(current_tcp, &restart_sig) < 0) { 2418 /* 2419 * ptrace() failed in trace_syscall(). 2420 * Likely a result of process disappearing mid-flight. 2421 * Observed case: exit_group() or SIGKILL terminating 2422 * all processes in thread group. 2423 * We assume that ptrace error was caused by process death. 2424 * We used to detach(current_tcp) here, but since we no 2425 * longer implement "detach before death" policy/hack, 2426 * we can let this process to report its death to us 2427 * normally, via WIFEXITED or WIFSIGNALED wait status. 2428 */ 2429 return true; 2430 } 2431 break; 2432 2433 case TE_SIGNAL_DELIVERY_STOP: 2434 restart_sig = WSTOPSIG(*pstatus); 2435 print_stopped(current_tcp, si, restart_sig); 2436 break; 2437 2438 case TE_SIGNALLED: 2439 print_signalled(current_tcp, current_tcp->pid, *pstatus); 2440 droptcb(current_tcp); 2441 return true; 2442 2443 case TE_GROUP_STOP: 2444 restart_sig = WSTOPSIG(*pstatus); 2445 print_stopped(current_tcp, NULL, restart_sig); 2446 if (use_seize) { 2447 /* 2448 * This ends ptrace-stop, but does *not* end group-stop. 2449 * This makes stopping signals work properly on straced 2450 * process (that is, process really stops. It used to 2451 * continue to run). 2452 */ 2453 restart_op = PTRACE_LISTEN; 2454 restart_sig = 0; 2455 } 2456 break; 2457 2458 case TE_EXITED: 2459 print_exited(current_tcp, current_tcp->pid, *pstatus); 2460 droptcb(current_tcp); 2461 return true; 2462 2463 case TE_STOP_BEFORE_EXECVE: 2464 /* 2465 * Check that we are inside syscall now (next event after 2466 * PTRACE_EVENT_EXEC should be for syscall exiting). If it is 2467 * not the case, we might have a situation when we attach to a 2468 * process and the first thing we see is a PTRACE_EVENT_EXEC 2469 * and all the following syscall state tracking is screwed up 2470 * otherwise. 2471 */ 2472 if (entering(current_tcp)) { 2473 int ret; 2474 2475 error_msg("Stray PTRACE_EVENT_EXEC from pid %d" 2476 ", trying to recover...", 2477 current_tcp->pid); 2478 2479 current_tcp->flags |= TCB_RECOVERING; 2480 ret = trace_syscall(current_tcp, &restart_sig); 2481 current_tcp->flags &= ~TCB_RECOVERING; 2482 2483 if (ret < 0) { 2484 /* The reason is described in TE_SYSCALL_STOP */ 2485 return true; 2486 } 2487 } 2488 2489 /* 2490 * Under Linux, execve changes pid to thread leader's pid, 2491 * and we see this changed pid on EVENT_EXEC and later, 2492 * execve sysexit. Leader "disappears" without exit 2493 * notification. Let user know that, drop leader's tcb, 2494 * and fix up pid in execve thread's tcb. 2495 * Effectively, execve thread's tcb replaces leader's tcb. 2496 * 2497 * BTW, leader is 'stuck undead' (doesn't report WIFEXITED 2498 * on exit syscall) in multithreaded programs exactly 2499 * in order to handle this case. 2500 * 2501 * PTRACE_GETEVENTMSG returns old pid starting from Linux 3.0. 2502 * On 2.6 and earlier, it can return garbage. 2503 */ 2504 if (os_release >= KERNEL_VERSION(3, 0, 0)) 2505 set_current_tcp(maybe_switch_tcbs(current_tcp, 2506 current_tcp->pid)); 2507 2508 if (detach_on_execve) { 2509 if (current_tcp->flags & TCB_SKIP_DETACH_ON_FIRST_EXEC) { 2510 current_tcp->flags &= ~TCB_SKIP_DETACH_ON_FIRST_EXEC; 2511 } else { 2512 detach(current_tcp); /* do "-b execve" thingy */ 2513 return true; 2514 } 2515 } 2516 break; 2517 2518 case TE_STOP_BEFORE_EXIT: 2519 print_event_exit(current_tcp); 2520 break; 2521 } 2522 2523 /* We handled quick cases, we are permitted to interrupt now. */ 2524 if (interrupted) 2525 return false; 2526 2527 if (ptrace_restart(restart_op, current_tcp, restart_sig) < 0) { 2528 /* Note: ptrace_restart emitted error message */ 2529 exit_code = 1; 2530 return false; 2531 } 2532 return true; 2533 } 2534 2535 #ifdef ENABLE_COVERAGE_GCOV 2536 extern void __gcov_flush(void); 2537 #endif 2538 2539 static void ATTRIBUTE_NORETURN 2540 terminate(void) 2541 { 2542 cleanup(); 2543 fflush(NULL); 2544 if (shared_log != stderr) 2545 fclose(shared_log); 2546 if (popen_pid) { 2547 while (waitpid(popen_pid, NULL, 0) < 0 && errno == EINTR) 2548 ; 2549 } 2550 if (exit_code > 0xff) { 2551 /* Avoid potential core file clobbering. */ 2552 struct_rlimit rlim = {0, 0}; 2553 set_rlimit(RLIMIT_CORE, &rlim); 2554 2555 /* Child was killed by a signal, mimic that. */ 2556 exit_code &= 0xff; 2557 signal(exit_code, SIG_DFL); 2558 #ifdef ENABLE_COVERAGE_GCOV 2559 __gcov_flush(); 2560 #endif 2561 raise(exit_code); 2562 2563 /* Unblock the signal. */ 2564 sigset_t mask; 2565 sigemptyset(&mask); 2566 sigaddset(&mask, exit_code); 2567 #ifdef ENABLE_COVERAGE_GCOV 2568 __gcov_flush(); 2569 #endif 2570 sigprocmask(SIG_UNBLOCK, &mask, NULL); 2571 2572 /* Paranoia - what if this signal is not fatal? 2573 Exit with 128 + signo then. */ 2574 exit_code += 128; 2575 } 2576 exit(exit_code); 2577 } 2578 2579 int 2580 main(int argc, char *argv[]) 2581 { 2582 init(argc, argv); 2583 2584 exit_code = !nprocs; 2585 2586 int status; 2587 siginfo_t si; 2588 while (dispatch_event(next_event(&status, &si), &status, &si)) 2589 ; 2590 terminate(); 2591 } 2592