317 Commits

Author SHA1 Message Date
45e7b189e2 Prepare for -yy option support
* defs.h (show_fd_path): Change type to unsigned int.
* strace.c (show_fd_path): Likewise.
(init): Handle repeated -y option.
2014-08-08 23:38:26 +00:00
2734a7010f Document -k option as experimental
strace -k does not produce a reliable output on all supported
configurations yet, even basic strace-k.test is known to fail
on some of them.

* strace.c (usage): Document -k option as experimental.
* strace.1: Likewise.
* NEWS: Likewise.
2014-06-18 15:41:19 +00:00
2727aae37c Warn about flags that have no effect with -c
* strace.c (init): Issue a warning if -i, -k, -r, -t, -T, or -y is used
along with -c.
This fixes Debian bug #443895.
2014-06-03 13:20:05 +00:00
Masatake YAMATO
2b09df9731 unwind: call unwind_tcb_fin before printing detached message
captured stacktrace is printed in unwind_tcb_fin if tcp->queue is not
empty.  This should happen before printing detached message, so
unwind_tcb_fin is moved to the top of droptcb.

This is implicitly suggested by Dmitry Levin in patch review process.

Signed-off-by: Masatake YAMATO <yamato@redhat.com>
2014-05-30 22:56:38 +00:00
Masatake YAMATO
6141392856 unwind: give all exported functions "unwind_" prefix
* unwind.c (init_unwind_addr_space): Rename to unwind_init.
(init_libunwind_ui): Rename to unwind_tcb_init.
(free_libunwind_ui): Rename to unwind_tcb_fin.
(delete_mmap_cache): Rename to unwind_cache_invalidate.
(print_stacktrace): Rename to unwind_print_stacktrace.
* defs.h: Update prototypes.
* mem.c: All callers updated.
* process.c: Likewise.
* strace.c: Likewise.
* syscall.c: Likewise.

Signed-off-by: Masatake YAMATO <yamato@redhat.com>
2014-05-30 22:40:22 +00:00
Masatake YAMATO
7721499fc7 unwind: delete mmap cache in free_libunwind_ui
free_libunwind_ui is expected to release all unwind related resources
attached to tcp.

* strace.c (droptcb): Move delete_mmap_cache call ...
* unwind.c (free_libunwind_ui): ... to here.

Signed-off-by: Masatake YAMATO <yamato@redhat.com>
2014-05-30 22:30:07 +00:00
Luca Clementi
327064b637 Add -k option to print stack trace after each syscall
Print the stack trace of the traced process after each system call when
-k option is specified.  It is implemented using libunwind to unwind the
stack and to obtain the function name pointed by the IP.

Based on the code that was originally taken from strace-plus
of Philip J. Guo.

* configure.ac: Add --with-libunwind option.  Check libunwind support.
* Makefile.am: Add libunwind support.
* defs.h (struct tcb) [USE_LIBUNWIND]: Append libunwind specific fields.
[USE_LIBUNWIND] (stack_trace_enabled, alloc_mmap_cache,
delete_mmap_cache, print_stacktrace): New prototypes.
* mem.c (print_mmap, sys_munmap, sys_mprotect): Add libunwind support.
* process.c (sys_execve): Likewise.
* strace.c (usage, alloctcb, droptcb, init): Likewise.
* syscall.c (trace_syscall_exiting): Likewise.
* unwind.c: New file.
* strace.1: Document -k option.
2014-05-30 22:24:31 +00:00
Mark Hills
e53bf23f1c Optionally produce stats on syscall latency
Time spent in system time is not useful where a syscall depends on some
non-CPU resource, eg. typically open() or stat() to a network drive.

This patch adds a new flag (-w) to produce a summary of the time
difference between beginning and end of the system call (ie. latency)

This functionality has been useful to profile slow processes that
are not CPU-bound.

Signed-off-by: Mark Hills <mark.hills@framestore.com>
2014-05-29 18:15:38 +00:00
Denys Vlasenko
329fa3919d Make int3 example in comments more cut-n-pastable
I found that I use it quite often. Lets make it so that
after cut-n-pasting it into a file, there is no need
to edit the result (e.g. no need to remove C comment
chars from every line.

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
2014-04-10 09:57:17 +02:00
d354130b3a Fix build with Bionic libc
Add generic tests for fopen64 and fputs_unlocked functions to fix build
with Bionic libc that does not provide them.

* configure.ac (AC_CHECK_FUNCS): Add fopen64 and fputs_unlocked.
* strace.c [_LARGEFILE64_SOURCE]: Use fopen instead of fopen64
if !HAVE_FOPEN64.
Use fputs instead of fputs_unlocked if !HAVE_FPUTS_UNLOCKED.
* vsprintf.c: Use fputs instead of fputs_unlocked
if !HAVE_FPUTS_UNLOCKED.

Reported-by: Elliott Hughes <enh@google.com>
2014-02-26 00:01:00 +00:00
0506f0f430 Stop using _LFS64_LARGEFILE
There is only one place left in the code where strace guesses whether
libc provides LFS64 functions and structures.  The most natural thing to
do there is to check for _LARGEFILE64_SOURCE - the macro provided by
glibc.  Other libc implementations that provide nondegenerate LFS64
interfaces are expected to define this macro as well.

* defs.h (_LFS64_LARGEFILE): Remove.
* strace.c: Use _LARGEFILE64_SOURCE instead of _LFS64_LARGEFILE.
2013-11-12 22:44:40 +00:00
Anton Blanchard
a34deadbb3 powerpc: fix iflag build issue (static -> extern)
Signed-off-by: Anton Blanchard <anton@samba.org>
Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
2013-07-12 12:22:06 +02:00
Denys Vlasenko
c169d94718 PTRACE_SEIZE can set ptrace options immediately, use this feature
This eliminates some rare bugs, such as post-execve SIGTRAP
generation when we attach to a process, and it manages to finish
execve'ing before we set TRACEEXEC option to suppress that.

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
2013-07-10 14:36:28 +02:00
Denys Vlasenko
7c41ce2878 If -o|logger is in use, exit trace loop if nprocs == 0.
Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
2013-07-08 13:55:04 +02:00
Denys Vlasenko
d2e1f42d8a Exit trace loop if got ECHILD, not if nprocs == 0.
Comment gives a testcase which wasn't handled correctly
by the old code.

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
2013-07-08 11:28:27 +02:00
Denys Vlasenko
6162a3f34f Add paranoia check before passing a long to pid2tcb(int pid)
Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
2013-07-04 09:26:24 +02:00
Denys Vlasenko
38eab5d6ea In debug output, show waitpid status with 6 hex digits, not 4
This shows event byte values better (without variable offset):

 [wait(0x01057f) = 29491] WIFSTOPPED,sig=SIGTRAP,EVENT_FORK (1)
 [wait(0x80057f) = 29492] WIFSTOPPED,sig=SIGTRAP,EVENT_STOP (128)
         ^^

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
2013-07-02 12:18:22 +02:00
Denys Vlasenko
519af5ad34 Replace suspicious popen_pid assignment with an obviously correct one
popen_pid = vfork() does work correctly, but for a subtle reason
that wrong assignment of 0 happens in the child _first_,
and _then_ correct value overwrites it in the parent.

(And in a hyphothetical system where vfork = fork,
popen_pid wouldn't be shared, so it will also be ok.)

However, it's not necessary to be difficult.
This change makes it so that assignment is done only in parent.

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
2013-07-02 11:31:24 +02:00
Denys Vlasenko
d0ffdf494a Convert trace() from returning int to returning void
The cleanup sequence in error cases, and on normal code path
was nearly the same, no point in duplicating it.

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
2013-07-01 13:02:33 +02:00
Denys Vlasenko
5a2483ba25 Remove ia64-specific printing of current address on signal delivery
The address is printed anyway by printleader() if -i is active.

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
2013-07-01 12:49:14 +02:00
Denys Vlasenko
752e5a02e6 Change upeek() to take pid, not full tcp.
This will be used by next change.

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
2013-06-28 14:35:47 +02:00
Denys Vlasenko
c8511f07ab In -f mode, do not assume that new pid is stopped - handle exits too
Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
2013-06-26 14:58:03 +02:00
Denys Vlasenko
e8681c926c Set strace_child only in the right branch
"strace_child = pid" assignment was racing in NOMMU case
because of vfork (no way to know which process would win).

After this change, strace_child is set to nonzero only
in one process after [v]fork.

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
2013-06-26 14:58:03 +02:00
Denys Vlasenko
fadbf6679c Get rid of TCB_INUSE and TCB_STRACE_CHILD
We can use tcb::pid == 0 as an indicator of free tcb,
and we already have strace_child variable which holds
pid of our child, if any.

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
2013-06-26 14:58:03 +02:00
Denys Vlasenko
1b2bfbc825 Fix debug output of wait4 result (was reusing buf[] on unknown events)
Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
2013-06-21 16:41:50 +02:00
Denys Vlasenko
4e020c0f4b Show PTRACE_EVENT_STOP correctly in debug output
Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
2013-06-21 16:33:56 +02:00
Denys Vlasenko
71d3d29a9d Panic a bit less when we see an unknown pid
I stumbeld over this case when I used "exec stace ...".

* strace.c (trace): Do not exit if we see an unknown pid in wait4.

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
2013-06-21 16:19:46 +02:00
Denys Vlasenko
e2567d54dd detach(): Reorganize code. Logic is the same.
* strace.c (detach): Use goto's instead of excessive nesting.
Drop sigstop_expected and interrupt_done variables.

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
2013-06-21 16:11:10 +02:00
Denys Vlasenko
a2de9dacec Eat pending SIGSTOP _before_ PTRACE_DETACH in detach()
* strace.c (detach): If TCB_IGNORE_ONE_SIGSTOP is set,
di not PTRACE_DETACH - wait for SIGSTOP first.

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
2013-06-21 15:50:41 +02:00
Denys Vlasenko
fdfa47af7e detach(): warn if we see ECHILD from waitpid
* strace.c (detach): Warn if we see ECHILD from waitpid.
Explain in comments that we don't normally expect !WIFSTOPPED
either, and also that PTRACE_CONT failure isn't expected
(the "break" there is a "I'm confused, bailing out" code style)..

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
2013-06-20 15:34:12 +02:00
Denys Vlasenko
4a9ba989e6 Improve error messages in detach()
* strace.c (detach): Change return type from int to void.
Improve error meesages: show PID, tell exactly which operation fails.

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
2013-06-20 11:23:00 +02:00
Denys Vlasenko
725dd425a6 Remove workarounds for ancient kernels lacking __WALL
__WALL is available and working at least since 2.4 kernels: 10 years ago.

* strace (detach): Remove workarounds for ancient kernels lacking __WALL.
Add missing EINTR check.
(trace): Remove workarounds for ancient kernels lacking __WALL.
Remove redundant double error printout.

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
2013-06-20 11:23:00 +02:00
Denys Vlasenko
69e27ef244 USE_SEIZE: fix detaching from stopped processes
V3: split SEIZE/!SEIZE code paths to reduce confusion.
Extensively comment every possible case.
Verified that all tests/detach* tests work in both SEIZE and !SEIZE
cases.

* strace.c (detach): If PTRACE_SEIZE API is in use, stop the tracee
using PTRACE_INTERRUPT instead of sending it a SIGSTOP.
In a subsequent waitpid loop, correctly wait and suppress SIGSTOP
on detach if PTRACE_INTERRUPT wasn't used, or wait for any ptrace
stop and detach without suppressing signals.

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
2013-06-20 11:23:00 +02:00
Denys Vlasenko
f1669e7975 Cleanups. No logic changes.
* defs.h: Define new ptrace constants unconditionally.
* strace.c (detach): Fix comment.
(trace): Remove now unnecessary "if USE_SEIZE".

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
2013-06-18 18:15:51 +02:00
e8ff4c6f86 Do not suppress signal delivery messages with -qq
Current implementation of -qq does not allow suppressing exit status
messages without suppressing signal delivery messages, which is not
good.  There is a traditional "-e signal=none" syntax that can be used
to suppress all signal delivery messages.
This partially reverts commit v4.7-222-g01997cf.

* strace.c (trace): Do not suppress signal delivery messages with -qq.
* strace.1: Update documentation about -qq option.
2013-05-28 21:49:16 +00:00
1d2435b20b NOMMU: do not hide startup syscalls unless in -D mode
On NOMMU systems in "strace PROG" case, we have no way to attach to
the tracee before it calls execve unless in -D mode.  That is, the
first execve call is very likely to be missed, and setting
hide_log_until_execve just results to empty log.

* strace.c (init) [NOMMU_SYSTEM]: Do not set hide_log_until_execve
unless in -D mode.
2013-05-14 22:50:11 +00:00
882478a072 Make -D mode work when the Yama LSM is enabled
* strace.c [HAVE_PRCTL]: Include sys/prctl.h.
(startup_child) [HAVE_PRCTL && PR_SET_PTRACER && PR_SET_PTRACER_ANY]:
In -D mode, allow tracing the process that is going to become the
tracee.
2013-05-14 22:29:18 +00:00
Denys Vlasenko
2a3d27552f Hide startup syscalls.
Tested with "./strace [-D] [-q] [-bexecve] env true",
all cases seem to work.

* defs.h: Declare new variable: bool hide_log_until_execve.
* strace.c: Define hide_log_until_execve.
Rename skip_startup_execve to skip_one_b_execve.
(startup_child): Do not set skip_one_b_execve = 1 here.
(init): If "strace PROG" case (as opposed to "strace -pPID"),
set skip_one_b_execve and hide_log_until_execve to 1.
(trace): Don't print signal messages if hide_log_until_execve == 1.
* syscall.c (trace_syscall_entering):
Skip syscall printing if hide_log_until_execve == 1.
Reset hide_log_until_execve if we enter execve syscall.
(trace_syscall_exiting): Skip syscall printing if hide_log_until_execve == 1.

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
2013-05-14 16:10:42 +02:00
Daniel P. Berrange
01997cf32d Allow -q to be repeated for very quiet output
Even with the -q flag specified, tracing output is still mixed
with messages about signals and process exit status, which is
often irrelevant.  Allow the -q option to be repeated to force
the suppression of signals / exit status info too.

* defs.h: Change 'qflag' from 'bool' to 'unsigned int'.
* strace.1: Document ability to repeat '-q' option.
* strace.c: Allow '-q' to be repeated to quieten process
exit status and signal messages.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-05-13 14:11:31 +00:00
c8938e08ad Use 64-bit versions of stat, readdir and setrlimit functions when available
strace already has a mechanism to use fopen64 for output when the 64-bit
version of fopen is available on 32-bit architectures.  Apply this
mechanism for other three functions to make strace fully adopted for
64-bit types.

* strace.c (struct_stat, stat_file, struct_dirent, read_dir,
struct_rlimit, set_rlimit): New macros.
(startup_attach): Use read_dir.
(startup_child): Use struct_stat and stat_file.
(main): Use struct_rlimit and set_rlimit.
2013-03-21 22:13:52 +00:00
Denys Vlasenko
38cfe7c923 Remove variable tracing_paths and check in pathtrace_match
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2013-03-05 16:01:53 +01:00
Denys Vlasenko
7239dbcf2d Use dynamically-sized selected[] array for -P PATH
While at it, added a small optimization of not remembering
the path twice if it happens to be the same.

   text	   data	    bss	    dec	    hex	filename
 245111	    680	  10860	 256651	  3ea8b	strace_old
 245075	    680	   9804	 255559	  3e647	strace

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2013-03-05 15:46:34 +01:00
Denys Vlasenko
22efaf0028 Make -b take SYSCALL param, document it in --help and in manpage.
To not waste an option letter for just one trick,
extend -b to take a parameter:
"on which syscalls do you want to detach?".
Currently supports only execve.

While at it, fixed (by removing non-Linux and stale info)
and extended manpage text about -f.

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2013-02-27 12:15:19 +01:00
Denys Vlasenko
905e8e0e2f Mass replace error_msg("%s", "literal") -> error_msg("literal")
There is no need to print literal strings through "%s".
Only untrusted strings such as filenames need that.

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2013-02-26 12:30:09 +01:00
Denys Vlasenko
05f325199a Assorted NOMMU fixes
With -D, strdup'ing of pathname is necessary only on NOMMU.

Don't set skip_startup_execve to 1 if NOMMU and not in daemonized mode
(try "strace [-D] -b env echo HI" to see whether we detach on correct execve).

Fix test_ptrace_FOO shortcuts on NOMMU to always assume success
and _properly_ set all variables.

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2013-02-26 12:00:34 +01:00
Denys Vlasenko
38e79bbb25 Shorten help text - no need to show deprecated option -F
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2013-02-26 11:33:54 +01:00
Denys Vlasenko
a9fe13c943 Create and use struct_sysent and struct_ioctlent typedefs.
This is a preparatory mass replace patch with no code changes.

The future change will need to typedef sysent to sysent0,
which results in compile failures when "struct sysent" string
gets mangled into "struct sysent0".

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2013-02-22 13:26:10 +01:00
Denys Vlasenko
74ec14f968 Eliminate many SCNO_IS_VALID checks
By adding tcp->s_ent pointer tot syscall table entry,
we can replace sysent[tcp->scno] references by tcp->s_ent.
More importantly, we may ensure that tcp->s_ent is always valid,
regardless of tcp->scno value. This allows us to drop
SCNO_IS_VALID(tcp->scno) checks before we access syscall
table entry.

We can optimize (qual_flags[tcp->scno] & QUAL_foo) checks
with a similar technique.

Resulting code shrink:
   text    data     bss     dec     hex filename
 245975     700   19072  265747   40e13 strace.t3/strace
 245703     700   19072  265475   40d03 strace.t4/strace

* count.c (count_syscall): Use cheaper SCNO_IN_RANGE() check.
* defs.h: Add "int qual_flg" and "const struct sysent *s_ent"
to struct tcb. Remove "int u_nargs" from it.
Add UNDEFINED_SCNO constant which will mark undefined scnos
in tcp->qual_flg.
* pathtrace.c (pathtrace_match): Drop SCNO_IS_VALID check.
Use tcp->s_ent instead of sysent[tcp->scno].
* process.c (sys_prctl): Use tcp->s_ent->nargs instead of tcp->u_nargs.
(sys_waitid): Likewise.
* strace.c (init): Add compile-time check that DEFAULT_QUAL_FLAGS
constant is consistent with init code.
* syscall.c (decode_socket_subcall): Use tcp->s_ent->nargs
instead of tcp->u_nargs. Set tcp->qual_flg and tcp->s_ent.
(decode_ipc_subcall): Likewise.
(printargs): Use tcp->s_ent->nargs instead of tcp->u_nargs.
(printargs_lu): Likewise.
(printargs_ld): Likewise.
(get_scno): [MIPS,ALPHA] Use cheaper SCNO_IN_RANGE() check.
If !SCNO_IS_VALID, set tcp->s_ent and tcp->qual_flg to default values.
(internal_fork): Use tcp->s_ent instead of sysent[tcp->scno].
(syscall_fixup_for_fork_exec): Remove SCNO_IS_VALID check.
Use tcp->s_ent instead of sysent[tcp->scno].
(get_syscall_args): Likewise.
(get_error): Drop SCNO_IS_VALID check where it is redundant.
(dumpio): Drop SCNO_IS_VALID check where it is redundant.
Use tcp->s_ent instead of sysent[tcp->scno].
(trace_syscall_entering): Use (tcp->qual_flg & UNDEFINED_SCNO) instead
of SCNO_IS_VALID check. Use tcp->s_ent instead of sysent[tcp->scno].
Drop SCNO_IS_VALID check where it is redundant.
Print undefined syscall name with undefined_scno_name(tcp).
(trace_syscall_exiting): Likewise.
* util.c (setbpt): Use tcp->s_ent instead of sysent[tcp->scno].

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2013-02-21 16:13:47 +01:00
Denys Vlasenko
f909c8d0d7 Fix NOMMU + daemonized tracer SEGV
pathname[] was getting destroyed, execve of garbage pathname
failing, and to top it off, the tracer's stack was also
smashed and trecer segfaulted.

* strace.c (exec_or_die): New function.
(startup_child): Don't use pathname[] contents after vfork,
make a malloced copy instead. Explain "NOMMU + -D bug"
and how we work around it.

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2013-02-19 16:30:31 +01:00
Denys Vlasenko
5c9d8f4fc5 Make it possible to to do test builds for NOMMU architectures
And while using it, I discovered that -D doesn't work too well
on NOMMU. Added a comment about it.

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2013-02-19 15:30:12 +01:00