IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Avoid NULL dereference when there are holes in sysent tables.
It can happen with syscall (number, ...) and number is in those holes.
There are no targets with holey systent tables so far, but at least
one such a target, x32, is already on the horizon.
* defs.h (SCNO_IN_RANGE): Also check the sys_func field.
Cast a value to long for %l in printf to avoid compiler warning
on systems where it may be long long.
* count.c (call_summary_pers): Cast to long.
* ipc.c (sys_mq_open, printmqattr): Likewise.
* quota.c (decode_cmd_data): Likewise.
* resource.c (sys_sysinfo): Likewise.
* time.c (tprint_timex): Likewise.
When HAVE_LONG_LONG_OFF_T is defined, those old stat functions aren't
used and strace won't link since they use realprintstat which isn't
defined when HAVE_LONG_LONG_OFF_T is defined.
* file.c (convertoldstat, sys_oldstat, sys_oldfstat, sys_oldlstat):
Define only if HAVE_LONG_LONG_OFF_T isn't defined.
* io.c [HAVE_LONG_LONG_OFF_T]: Remove sys_pread64 and sys_pwrite64
aliases.
(sys_pread64, sys_pwrite64): Define these functions only on
[SVR4 && _LFS64_LARGEFILE] platform.
* linux/mips/syscallent.h: Use sys_pread and sys_pwrite to handle
appropriate syscalls.
* linux/syscall.h (sys_pread64, sys_pwrite64): Remove.
* syscall.c (dumpio): Check sys_pread64 and sys_pwrite64 only on
[SVR4 && _LFS64_LARGEFILE] platform.
* strace.c (usage): Tweak help text: remove unpaired closing brackets,
make -V and -h sit on separate lines (hard to see them otherwise).
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
text data bss dec hex filename
239474 672 20484 260630 3fa16 strace.before
239234 668 19044 258946 3f382 strace
* file.c (sprint_open_modes): Reduce static buffer size.
Simplify separator printing.
* signal.c (sprintsigmask): Reduce static buffer size.
Simplify separator printing and printing of almost full masks.
Use stpcpy instead of sprintf and strcpy+strlen.
* strace.c (startup_child): Don't strchr() for ':' twice in a row.
* util.c (sprintflags): Exit loop early if possible.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Defaults are often ok, but when they are not, people get confused.
"Why can't I kill strace?" and "Why strace dies on ^C when I want
to _tracee_ to die instead?" are typical complaints.
* strace.c: Replace 'interactive' variable with 'opt_intr' variable.
Define INTR_foo constants for its possible values.
Define 'interactive' as a macro.
(usage): Document -I n option.
(main): Parse -I n option, modify signal handling to accomidate new
-I 1 and -I 4 modes.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
* strace.c (interrupt): Remember signal number.
(cleanup): If we exiting due to signal, send that signal to child tracee.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
All new code is predicated on "ifdef USE_SEIZE". If it is not defined,
behavior is not changed.
If USE_SEIZE is enabled and run-time check shows that PTRACE_SEIZE works, then:
- All attaching is done with PTRACE_SEIZE + PTRACE_INTERRUPT.
This means that we no longer generate (and possibly race with) SIGSTOP.
- PTRACE_EVENT_STOP will be generated if tracee is group-stopped.
When we detect it, we issue PTRACE_LISTEN instead of PTRACE_SYSCALL.
This leaves tracee stopped. This fixes the inability to SIGSTOP or ^Z
a straced process.
* defs.h: Add commented-out "define USE_SEIZE 1" and define PTRACE_SEIZE
and related constants.
* strace.c: New variable post_attach_sigstop shows whether we age going
to expect SIGSTOP on attach (IOW: are we going to use PTRACE_SEIZE).
(ptrace_attach_or_seize): New function. Uses PTRACE_ATTACH or
PTRACE_SEIZE + PTRACE_INTERRUPT to attach to given pid.
(startup_attach): Use ptrace_attach_or_seize() instead of ptrace(PTRACE_ATTACH).
(startup_child): Conditionally use alternative attach method using PTRACE_SEIZE.
(test_ptrace_setoptions_followfork): More robust parameters to PTRACE_TRACEME.
(test_ptrace_seize): New function to test whether PTRACE_SEIZE works.
(main): Call test_ptrace_seize() while initializing.
(trace): If PTRACE_EVENT_STOP is seen, restart using PTRACE_LISTEN in order
to not let tracee run.
* process.c: Decode PTRACE_SEIZE, PTRACE_INTERRUPT, PTRACE_LISTEN.
* util.c (ptrace_restart): Add "LISTEN" to a possible error message.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Currently, we use PTRACE_PEEKDATA to read things like filenames and
data passed by I/O syscalls.
PTRACE_PEEKDATA gets one word per syscall. This is VERY expensive.
For example, in order to print fstat syscall, we need to perform
more than twenty trips into kernel to fetch one struct stat!
Kernel 3.2 got a new syscall, process_vm_readv(), which can be used to
copy data blocks out of process' address space.
This change uses it in umoven() and umovestr() functions if possible,
with fallback to old method if process_vm_readv() fails.
If it returns ENOSYS, we don't try to use it anymore, eliminating
overhead of trying it on older kernels.
Result of "time strace -oLOG ls -l /usr/lib >/dev/null":
before patch: 0.372s
After patch: 0.262s
* util.c (process_vm_readv): Wrapper to call process_vm_readv syscall.
(umoven): Use process_vm_readv for block reads of tracee memory.
(umovestr): Likewise.
* linux/syscall.h: Declare new function sys_process_vm_readv.
* process.c (sys_process_vm_readv): Decoder for new syscall.
* linux/i386/syscallent.h: Add process_vm_readv, process_vm_writev syscalls.
* linux/x86_64/syscallent.h: Likewise.
* linux/powerpc/syscallent.h: Likewise.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
* defs.h: Rename tcp_last to printing_tcp. Explain what it means.
Remove printtrailer() function.
* process.c (sys_exit): Convert printtrailer() call to "printing_tcp = NULL".
* strace.c: Add new variable printing_tcp.
(cleanup): Convert printtrailer() call to "printing_tcp = NULL".
(trace): Likewise.
(trace): Fix checks for incomplete line - it was working wrongly if last syscall was exit.
(printleader): Set printing_tcp.
(printtrailer): Remove this function.
* syscall.c: Remove tcp_last variable.
(trace_syscall_entering): Don't set printing_tcp, printleader call now does it.
(trace_syscall_exiting): Convert printtrailer() call to "printing_tcp = NULL".
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Since 3.0, Linux has a way to identify which thread execve'ed.
This patch makes use of it in order to properly dispose
of disappeared ("superseded") thread leader,
and replace it with execve'ed thread.
Before this patch, strace was "leaking" thread which exec'ed.
It was thinking that it still runs. It would look like this:
18460 pause( <unfinished ...> <=== thread leader
18466 execve("/proc/self/exe", ["exe", "exe"], [/* 47 vars */] <unfinished ...>
18465 +++ exited with 0 +++ <=== exits from other threads
18460 <... pause resumed> ) = 0
The last line is wrong: it's not pause resumed, it's execve resumed.
If thread leader would do exit instead of pause, it is much worse:
strace panics because it thinks it sees return from exit syscall!
And strace isn't aware 18466 (exec'ed thread) is gone.
It still thinks it's executes execve syscall.
* strace.c: New variable "static char *os_release".
(get_os_release): New static function.
(main): Call get_os_release to retrieve Linux version.
(trace): If we see PTRACE_EVENT_EXEC, retrieve old pid, and if it
differs from new one, free one of tcbs and print correct messages.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
text data bss dec hex filename
238258 668 28676 267602 41552 strace.before
238274 668 20484 259426 3f562 strace
* strace.c (main): Allocate -o OUTFILE buffer only if needed:
unused buffer in bss is not entirely free.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
This change partially reverts commit 44d0532.
In code before commit 44d0532, single fprintf was used on purpose:
we want to send entire message as one write() call. Since stderr
is unbuffered, separate fprintf's to it always result in separate
writes, they are not coalesced. If we aren't the only program
which writes to this particular stderr, this may result
in interleaved messages.
Since this function is not performance critical, I guess
it's ok to make it less efficient.
* strace.c (verror_msg): Attempt to print the message in single
write operation. Use separate fprintfs as a fallback if malloc fails.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
* util.c (umoven): Move assignment out of function call. Make assignment
to a flag variable later, closer to the place where it will be used.
(umovestr): Likewise.
(uload): Likewise.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
* pathtrace.c (upathmatch): Adjust umovestr return value check for new API.
* util.c (printpathn): Use umovestr() > 0 return value for more efficient
(and robust - we don't depend on "no overwrote past NUL" behavior anymore)
handling of terminating NUL.
(printstr): Remove useless NUL placement before umovestr() call.
Allocate 1 byte more to outstr[] array - for NUL.
(umovestr): Change to return 1 if NUL was seen.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
* system.c (sys_mount): Be careful when printing umovestr result,
it may have no terminating NUL.
(sys_sysmips): Likewise.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
text data bss dec hex filename
238454 664 28772 267890 41672 strace.before
238106 664 28676 267446 414b6 strace
* defs.h: Add TIMESPEC_TEXT_BUFSIZE and TIMEVAL_TEXT_BUFSIZE defines.
Add 'int special' parameter to sprinttv().
* time.c (sprinttv): Add 'int special' parameter, and use it
similarly to 'int special' parameter of printtv_bitness().
(printtv_bitness): Use sprinttv() instead of duplicating its code.
(print_timespec): Use sprint_timespec() instead of duplicating
its code.
* desc.c (decode_select): Use TIMEVAL_TEXT_BUFSIZE instead of 128
when checking remaining buffer size.
* net.c (sys_recvmsg): Use TIMESPEC_TEXT_BUFSIZE instead of 128
for static buffer size.
* stream.c (decode_poll): Use TIMESPEC_TEXT_BUFSIZE instead of 128
when checking remaining buffer size.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
text data bss dec hex filename
237913 660 49284 287857 46471 strace.before
237973 660 28772 267405 4148d strace
This reduces L1 D-cache pressure a bit: instead of dirtying
20k of bss, we will reuse already dirty stack area.
* util.c (printpathn): Use on-stack buffers instead of static ones.
Saves 5*MAXPATHLEN in bss.
(printstr): Use tprints() instead of tprintf("%s") when printing
formatted string. May be a bit faster, depending on libc.
Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
On attempts to block or set SIGTRAP handler,
for example, using sigaction syscall, we generate
an additional SIGSTOP.
This change gets rid of this SIGSTOP sending/ignoring.
It appears to work just fine.
It also works if I force strace to not use PTRACE_O_TRACESYSGOOD,
which means strace stops will be marked with SIGTRAP,
not (SIGTRAP | 0x80) - I wondered maybe that's when
this hack is needed.
So, why we even have TCB_SIGTRAPPED? No one knows. It predates
version control: this code was present in the initial commit,
in 1999. No adequate comments, either.
Moreover, TCB_SIGTRAPPED is not set in sys_rt_sigaction
and sys_sigprocmask syscalls - the ones which are most usually
used to implement signal blocking, it is only set in obsolete
sys_signal, sys_sigaction, sys_sigsetmask, and in some dead
non-Linux code.
I think whatever bug it was fixing is gone long ago -
at least as long as sys_rt_sigaction is used by glibc.
Again, since glibc (and uclibc) uses sys_rt_sigaction
and sys_sigprocmask, modified code paths are not used
by most programs anyway.
* defs.h: Remove definition of TCB_SIGTRAPPED.
* signal.c (sys_sigvec): Don't set TCB_SIGTRAPPED and don't send SIGSTOP.
(sys_sigsetmask): Likewise.
(sys_sigaction): Likewise.
(sys_signal): Likewise.
* strace.c (trace): Remove code which executes if TCB_SIGTRAPPED is set.
Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
I observed a case when signal delivery message was buffered
by stdio until it was flushed along with the next syscall
entry message.
* strace.c (trace): Flush output buffers in a few more cases.
Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
* syscall.c: Change x86_64_regs struct type from
pt_regs to user_regs_struct, and explain the change in comment.
Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
There is widespread confusion about exact meaning
of ERESTARTxyz codes. Before this change, we were showing
all four of them the same: as "(To be restarted)".
This change prints better explanations for these codes,
and contains verbose comments which explain *why* we display
codes that way - or else someone confused
is bound to come later and mangle them again.
New messages are:
ERESTARTSYS (To be restarted if SA_RESTART is set)
ERESTARTNOINTR (To be restarted)
ERESTARTNOHAND (Interrupted by signal)
ERESTART_RESTARTBLOCK (Interrupted by signal)
* syscall.c (trace_syscall_exiting): Make ERESTARTxyz messages
more descriptive.
Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
sys_sigreturn() performs ugly manipulations in order to show
signal mask which is restored by this syscall: on syscall entry,
fetches it from the stack, saves it in tcp->u_arg[]
(where it used to overflow this array - fixed sometime ago),
then retrieves the mask and displays it on syscall exit.
Apparently, the motivation is to make it slightly more obvious
to user that signal mask is restored only when this syscall returns.
IMO, this hardly justifies the necessary hacks. It is much easier
to display the mask at the point when we fetch it - on syscall entry.
While at it, I made it so that we do display returned value/errno.
I see no point in hiding it and showing uninformative "= ?" instead.
Example of pause() being interrupted by ALRM which has installed handler
which re-arms ALRM:
Before the patch:
rt_sigsuspend([INT]) = ? ERESTARTNOHAND (To be restarted)
--- {si_signo=SIGALRM, si_code=SI_KERNEL} (Alarm clock) ---
alarm(1) = 0
sigreturn() = ? (mask now [INT])
After:
rt_sigsuspend([INT]) = ? ERESTARTNOHAND (To be restarted)
--- {si_signo=SIGALRM, si_code=SI_KERNEL} (Alarm clock) ---
alarm(1) = 0
sigreturn() (mask [INT]) = -1 EINTR (Interrupted system call)
* defs.h: Declare struct pt_regs i386_regs and struct pt_regs x86_64_regs.
* syscall.c: Remove "static" keywork from these structures' definitions.
* signal.c (sys_sigreturn): Display mask on enter, not on exit.
Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
Before this patch, if a thread got nuked by exit in another thread
and we happened to poke it at the same time, we print "????(" thingy
and detach the thread. Since we removed "detach before death" logic,
this no longer matches the behavior of other threads.
Before patch:
[pid 1780] exit_group(1) = ?
[pid 1778] ????( <unfinished ...>
Process 1778 detached
[pid 5860] +++ exited with 1 +++
After:
[pid 17765] exit_group(1) = ?
[pid 21680] ????( <unfinished ...>
[pid 17791] +++ exited with 1 +++
[pid 21680] +++ exited with 1 +++
* strace (trace): Do not detach from tracee which experienced ptrace error.
Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
* strace.c (detach): Drop sig parameter - it is zero in all calls.
(cleanup): Don't pass sig = 0 to detach() call.
(detach): Ditto.
Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
* util.c (umoven, umovestr) [SUPPORTED_PERSONALITIES > 1]: If current
personality's wordsize is less than sizeof(long), use only significant
bits of the given address.
