IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
tabto is used in many lines of strace output.
On glibc, tprintf("%*s", col - curcol, "") is noticeably slow
compared to tprintf(" "). Use the latter.
Observed ~15% reduction of time spent in userspace.
* defs.h: Drop extern declaration of acolumn. Make tabto()
take no parameters.
* process.c (sys_exit): Call tabto() with no parameters.
* syscall.c (trace_syscall_exiting): Call tabto() with no parameters.
* strace.c: Make acolumn static, add static char *acolumn_spaces.
(main): Allocate acolumn_spaces as a string of spaces.
(printleader): Call tabto() with no parameters.
(tabto): Use simpler method to print lots of spaces.
Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
Currently, get_scno does *much* more than "get syscall no".
It checks for post-execve SIGTRAP. It checks for changes
in personality. It retrieves params on entry and registers on exit.
Worse still, it is different in different architectures: for example,
for AVR32 regs are fetched in get_scno(), while for e.g. I386
it is done in syscall_enter().
Another problem is that get_scno() is called on both syscall entry and
syscall exit, which is stupid: we don't need to know scno on syscall
exit, it is already known from last syscall entry and stored in
tcp->scno! In essence, get_scno() does two completely different things
on syscall entry and on exit, they are just mixed into one bottle, like
shampoo and conditioner.
The following patches will try to improve this situation.
This change duplicates get_scno into identical get_scno_on_sysenter,
get_scno_on_sysexit functions. Call them in syscall enter and syscall
exit, correspondingly.
* defs.h: Rename get_scno to get_scno_on_sysenter; declare it only
if USE_PROCFS.
* strace.c (proc_open): Call get_scno_on_sysenter instead of get_scno.
* syscall.c (get_scno): Split into two (so far identical) functions
get_scno_on_sysenter and get_scno_on_sysexit.
(trace_syscall_entering): Call get_scno_on_sysenter instead of get_scno.
(trace_syscall_exiting): Call get_scno_on_sysexit instead of get_scno.
Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
* defs.h: Explain TCB_INSYSCALL and TCB_WAITEXECVE bits in detail.
* strace.c (choose_pfd): Use entering/exiting macros instead of direct check
for TCB_INSYSCALL.
* syscall.c (get_scno): Use entering/exiting macros instead of direct check
for TCB_INSYSCALL. Fix comments about post-execve SIGTRAP.
(syscall_fixup): Use entering/exiting instead of direct check
for TCB_INSYSCALL. Add a comment what "not a syscall entry" message
usually means. Change wrong "stray syscall exit" messages into
"not a syscall entry" ones.
Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
* strace.c (trace): Optimize out dummy PC printing on signal delivery.
While at it, tweak comments.
Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
* defs.h: Make struct tcb::pfd fields conditional on USE_PROCFS.
* strace.c (alloc_tcb): Use tcp->pfd only if USE_PROCFS.
(droptcb): Likewise.
Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
* strace.c [LINUX] (kill_save_errno): New function.
(test_ptrace_setoptions_followfork): Change return type to void.
Fix and harden error handling. Use kill_save_errno() to avoid errno
clobbering. Treat EIO from ptrace() the same way as EINVAL.
(test_ptrace_setoptions_for_all): Use kill_save_errno() to avoid errno
clobbering. Treat EIO from ptrace() the same way as EINVAL.
(main): Update use of test_ptrace_setoptions_followfork().
tcp->parent is used for only two things:
(1) to send signal on detach via tgkill (need to know tgid).
Solution: use tkill, it needs only tid.
(2) to optimize out ptrace options setting for new tracees.
Not a big deal if we drop this optimization: "set options" op is fast,
doing it just one extra time once per each tracee is hardly measurable.
TCB_CLONE_THREAD is a misnomer. It used only to flag sibling we attached to
in startup_attach. This is used to prevent infinite recursive rescanning
of /proc/PID/task.
Despite the name, there is no guarantee it is set only on non-leader:
if one would run "strace -f -p THREAD_ID" and THREAD_ID is *not*
a thread leader, strace will happily attach to it and all siblings
and will think that THREAD_ID is the leader! Which is a bug, but
since we no longer detach when we think tracee is going to die,
this bug no longer matters, because we do not use the knowledge
about thread group leaders for anything. (We used it to delay
leader's exit).
IOW: after this patch strace has no need to know about threads, parents
and children, and so on. Therefore it does not track that information.
It treats all tracees as independent entities. Overall,
this simplifies code a lot.
* defs.h: Add TCB_ATTACH_DONE flag, remove TCB_CLONE_THREAD flag
and struct tcb::parent field.
* process.c (internal_fork): Don't set tcpchild->parent.
* strace.c (startup_attach): Use TCB_ATTACH_DONE flag instead of
TCB_CLONE_THREAD to avoid attach attempts on already-attached threads.
Unlike TCB_CLONE_THREAD, TCB_ATTACH_DONE bit is used only temporarily,
and only in this function. We clear it on every tcb before we return.
(detach): Use tkill instead of tgkill.
(trace): Set ptrace options on new tracees unconditionally,
not only when tcp->parent == NULL.
Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
Since we no longer suspend waitpid'ing tracees, we have only one case when
we suspend tracee: when we pick up a new tracee created by clone/fork/vfork.
Background: on some other OSes, attach to child is done this way:
get fork's result (pid), loop ptrace(PTRACE_ATTACH) until you hook up
new process/thread. This is ugly and not safe, but what matters for us
is that it doesn't require suspending. Suspending is required
on Linux only, because on Linux attach to child is done differently.
On Linux, we use two methods of catching new tracee:
adding CLONE_THREAD bit to syscall (if needed, we change
[v]fork into clone before that), or using ptrace options.
In both cases, it may be so that new tracee appears before one which
created it returns from syscall. In this case, current code
suspends new tracee until its creator returns. Only then
strace can determine who is its parent (it needs child's pid for this,
which is visible in parent's [v]fork/clone result).
This is inherently racy. For example, what if SIGKILL kills
creator after it succeeded creating child, but before it returns?
Looks like we will have child suspended forever.
But after previous commit, we DO NOT NEED parent<->child link for anything.
Therefore we do not need suspending too. Bingo!
This patch removes suspending code. Now new tracees will be continued
right away. Next patch will remove tcp->parent member.
* defs.h: Remove TCB_SUSPENDED constant
* process.c (handle_new_child): Delete this function.
(internal_fork): Do not call handle_new_child on syscall exit.
* strace.c (handle_ptrace_event): Delete this function.
(trace): Do not suspend new child; remove all handling
of now impossible TCB_SUSPENDED condition.
Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
Current code plays some ungodly tricks, trying to not detach
thread group leader until all threads exit.
Also, it detaches from a tracee when signal delivery is detected
which will cause tracee to exit.
This operation is racy (not to mention the determination
whether signal is set to SIG_DFL is a horrible hack):
after we determined that this signal is indeed fatal
but before we detach and let process die,
*other thread* may set a handler to this signal, and
we will leak the process, falsely displaying it as killed!
I need to look in the past to figure out why we even do it.
First guess is that it's a workaround for old kernel bugs:
kernel used to deliver exit notifications to the tracer,
not to real parent. These workarounds are ancient
(internal_exit is from 1995).
The patch deletes the hacks. We no longer need tcp->nclone_threads,
TCB_EXITING and TCB_GROUP_EXITING. We also lose a few rather
ugly functions.
I also added a new message: "+++ exited with EXITCODE +++"
which shows exact moment strace got exit notification.
It is analogous to existing "+++ killed by SIG +++" message.
* defs.h: Delete struct tcb::nclone_threads field,
TCB_EXITING and TCB_GROUP_EXITING constants,
declarations of sigishandled() and internal_exit().
* process.c (internal_exit): Delete this function.
(handle_new_child): Don't ++tcp->nclone_threads.
* signal.c (parse_sigset_t): Delete this function.
(sigishandled): Delete this function.
* strace.c (startup_attach): Don't tcbtab[tcbi]->nclone_threads++.
(droptcb): Don't delay dropping if tcp->nclone_threads > 0,
don't drop parent if its nclone_threads reached 0:
just drop (only) this tcb unconditionally.
(detach): don't drop parent.
(handle_group_exit): Delete this function.
(handle_ptrace_event): Instead of handle_group_exit, just drop tcb;
do not panic if we see WIFEXITED from an attached pid;
print "+++ exited with EXITCODE +++" for every WIFEXITED pid.
* syscall.c (internal_syscall): Do not treat sys_exit specially -
don't call internal_exit on it.
Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
* strace.c (trace): Do not recalculate "cflag ? &ru : NULL"
again and again. Do not clear errno unnecessarily.
Consistently check wait errors as pid < 0, not pid == -1.
Indent ifdefs for better readability.
Remove comments after endif if ifdef/endif block is really tiny.
Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
* strace.c (trace): Change ifdef LINUX to make a bit more sense,
remove wrong comment at its endif. Slightly optimize
"+++ killed by SIG +++" message for systems without WCOREDUMP macro.
Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
* strace.c (alloc_tcb): Print number of allocated tcb's if -d.
(droptcb): Likewise.
(handle_ptrace_event): Remove PTRACE_EVENT_EXEC debug message.
(trace): Improve logging of waitpid: show WIFxxx, exitcode/signal,
ptrace event name, WCOREDUMP - all on one line.
Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
TCB_FOLLOWFORK flag seems to be unnecessary, because we either follow
all [v]forks/clones or don't follow any, therefore global variable
followfork is an already existing indicator of what we want to do.
This patch drops all setting/clearing of TCB_FOLLOWFORK bit,
and replaces checks for this bit by checks of followfork value.
In internal_fork, check is moved to in front of if(), since
the check is needed on both "entering" and "exiting" branch.
* defs.h: Remove TCB_FOLLOWFORK define.
* process.c (internal_fork): Do not set/clear TCB_FOLLOWFORK,
test followfork instead of tcp->flags & TCB_FOLLOWFORK.
(handle_new_child): Likewise.
* strace.c (startup_attach): Likewise.
Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
Error from strace_fopen in main results in call to exit(1).
Error from strace_fopen in newoutf is propagated to newoutf
callers: startup_attach (where it results in exit(1))
and alloc_tcb (where error is ignored). In second case,
the behavior doesn't seem to be right: it means with -ff
on open error for new LOGFILE.PID the output will continue
to go into *the same file as the previous process* - which
would be confusing. Moreover, on droptcb outf may be closed
and the output of other, still running process outputting
to the same outf will be lost. I don't think this is sane.
IOW: in all cases, error in strace_fopen should be fatal.
* strace.c (strace_fopen): Abort on error instead of returning NULL.
(newoutf): Change return type to void.
(startup_attach): Remove error check on newoutf return value.
(main): Remove error check on strace_fopen return value.
Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
set_cloexec_flag() may fail only if we pass it a bad fd,
such as -1 or non-opened one. If we do, we have a bug
in the caller. It makes no sense to try to continue
running when we detect such a blatant bug in our own code.
* strace (set_cloexec_flag): Abort instead of returning error
indicator. Change function to return void.
(strace_fopen): Remove error check on set_cloexec_flag return value.
(proc_open): Likewise.
(proc_poll_open): Likewise.
Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
It makes no sense to postpone abort on strace_popen error
unti it returns. Moreover, out-of-memory error was exiting
without any message.
While at it, use 0 as "none" for popen_pid, as optimization.
* strace: Initialize popen_pid to 0 - this puts it in bss.
(trace): Reset popen_pid to 0 instead of -1.
(strace_popen): Never return NULL as error indicator,
abort with good error message instead.
(main): Remove NULL check of strace_popen result.
Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
Get rid of fork_tcb() function. It used to do what the comment
above it says, but now it doesn't do much:
it only sets tcp->flags |= TCB_FOLLOWFORK and maybe calls
expand_tcbtab(). The second operation is not necessary, since
alloc_tcp() will do it itself when needed.
This patch deletes fork_tcb(), open-coding tcp->flags |= TCB_FOLLOWFORK
where it was formerly called. It also makes nprocs, tcbtabsize and
expand_tcbtab() static. (While at it, I nuked redundant
extern char **environ declaration: strace.c had *two* of them...)
* defs.h: Remove declarations of nprocs, tcbtabsize and
expand_tcbtab.
* process.c (fork_tcb): Remove this function.
(internal_fork): Open-code fork_tcb.
(handle_new_child): Likewise.
* strace.c: Remove redundant "extern char **environ". Declare
nprocs and tcbtabsize static.
(expand_tcbtab): Make it static.
Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
Get rid of a few intermediate variables, simplifies a few expressions,
and uses error_msg_and_die instead of more verbose
fprintf+cleanup+exit sequence.
In alloc_tcp, I use memset to clear entire new tcp.
This not only saves a few bytes of code, but lowers the chances
of future bugs where some data "leaks out" into new tcb's
from old ones because we forgot to re-initialize it.
* strace.c (expand_tcbtab): Simplify this function. No logic changes.
(alloc_tcb): Likewise.
Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
Commit 3454e4b463
introduced a bug: sometimes, TRACECLONE/TRACE[V]FORK opts were not set.
The check (tcp->parent == NULL) in old code was meant to check
"if we are not a child created by auto-attach" - in this case,
options need to be set on the child; otherwise they are inherited
and do not need to be set.
I misunderstood the check and if tcp->parent is not NULL, I was
setting only ptrace_setoptions_for_all bits.
This change fixes the problem. Since the fixed logic makes it
unnecessary to keep two sets of options in separate variables,
I merge them back into one variable, ptrace_setoptions.
* defs.h: Merge ptrace_setoptions_followfork and ptrace_setoptions_for_all
into one variable, ptrace_setoptions.
* strace.c: Likewise.
(test_ptrace_setoptions_followfork): Use ptrace_setoptions variable.
(test_ptrace_setoptions_for_all): Likewise.
(main): Likewise.
* process.c (internal_fork): Likewise.
(internal_exec): Likewise.
* strace.c (trace): Fix the bug where different options were set
depending on "tcp->parent == NULL" condition. Add a comment
which makes it more clear why this condition is checked.
Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
strace used to suspend waitpid until there is a child
for waitpid'ing process to collect status from.
Apparently, it was done because in some very old kernels
(circa 2002 or even earlier) there were ptrace bugs which
were making waitpid in real parent to not see children.
This kernel bug is fixed long ago. This change removes the workaround.
test/wait_must_be_interruptible.c is a test program which
illustrates why without this change strace changes
programs's behavior.
* defs.h: Delete waitpid and nclone_waiting members from from struct tcb.
Remove declaration of internal_wait().
* process.c (internal_wait): Remove this function.
* strace.c (alloc_tcb): Do not set tcp->nclone_waiting.
(resume): Remove this function.
(resume_from_tcp): Remove this function.
(detach): Do not call resume_from_tcp().
(handle_group_exit): Do not call resume_from_tcp().
* syscall.c (internal_syscall): Do not call internal_wait().
Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
We already do it in the normal case, but in rare code path where
tracee is gone (SIGKILLed?) sometimes we were printing this:
"SYSCALL(ARGS <unavailable>)= ? <unavailable>" - note jammed together ")=".
test/sigkill_rain.c can be used to verify the fix.
* strace.c (printleader): add a space after ")" in " <unavailable>)"
Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
based on Dmitry's comments.
* defs.h ([p]error_msg[_and_die]): Declare new functions.
* strace.c (SYSCALLTRAP): Rename to syscall_trap_sig.
([p]error_msg[_and_die]): Define new functions.
(strace_tracer_pid): New variable, it controls which pid will
do cleanup on exit via [p]error_msg_and_die.
(main): Set strace_tracer_pid to our initial pid.
(startup_attach): Change strace_tracer_pid if we are in -D mode.
(test_ptrace_setoptions_for_all): Minor changes to logic,
such as better diagnostic messages.
* defs.h (ptrace_setoptions_for_all): Expose this variable.
* strace.c (ptrace_setoptions_for_all): Remove "static".
* process.c (internal_exec): Don't set TCB_WAITEXECVE bit
if we know that post-execve SIGTRAP is not going to happen.
* defs.h (ptrace_setoptions): Variable renamed to ptrace_setoptions_followfork.
* process.c (internal_fork): Ditto.
* strace.c (ptrace_setoptions_for_all): New variable.
(SYSCALLTRAP): New variable.
(error_msg_and_die): New function.
(test_ptrace_setoptions_for_all): New function.
(main): Call test_ptrace_setoptions_for_all() at init.
(handle_ptrace_event): Handle PTRACE_EVENT_EXEC (by ignoring it).
(trace): Check events and set ptrace options without -f too.
Check WSTOPSIG(status) not for SIGTRAP, but for SYSCALLTRAP.
* pathtrace.c: New file, implements matching syscall arguments to
user-specified file paths.
* Makefile.am (strace_SOURCES): Add pathtrace.c.
* defs.h (TCB_FILTERED, filtered): New defines.
(getfdpath, pathtrace_select, pathtrace_match, show_fd_path,
tracing_paths): New declarations.
* strace.c (show_fd_path, tracing_paths): New global variables.
(usage, main): Implement handling of -y and -P options.
* strace.1: Add descriptions of -y and -P options.
* syscall.c (trace_syscall_entering): Add path matching logic to the
print/noprint decision and set the TCB_FILTERED bit appropriately.
(trace_syscall_exiting): Use filtered() macro that checks the
TCB_FILTERED bit to determine print/noprint status.
* util.c (printfd): Use getfdpath().
* strace.c [!USE_PROCFS] (trace): Differentiate output format depending
on PTRACE_GETSIGINFO success or failure. In the former case, use
printsiginfo() to show more details about received signal.
* strace.c [!USE_PROCFS] (trace): Assume that PTRACE_GETSIGINFO is
available. Replace PT_GETSIGINFO with PTRACE_GETSIGINFO. Use
PTRACE_GETSIGINFO for all signals.
* strace.c (test_ptrace_setoptions): Add PTRACE_O_TRACECLONE and
PTRACE_O_TRACEVFORK to PTRACE_SETOPTIONS call, to test exactly
the same set of options that is going to be used later in trace().
* strace.c (main): Call test_ptrace_setoptions() before parsing
-o option, otherwise a forked command will cause a hangup inside
test_ptrace_setoptions().