1f0bcd5c3SXin LI /*- 20a6c71f8SWarner Losh * Copyright 1997 Sean Eric Fagan 309d64da3SSean Eric Fagan * 409d64da3SSean Eric Fagan * Redistribution and use in source and binary forms, with or without 509d64da3SSean Eric Fagan * modification, are permitted provided that the following conditions 609d64da3SSean Eric Fagan * are met: 709d64da3SSean Eric Fagan * 1. Redistributions of source code must retain the above copyright 809d64da3SSean Eric Fagan * notice, this list of conditions and the following disclaimer. 909d64da3SSean Eric Fagan * 2. Redistributions in binary form must reproduce the above copyright 1009d64da3SSean Eric Fagan * notice, this list of conditions and the following disclaimer in the 1109d64da3SSean Eric Fagan * documentation and/or other materials provided with the distribution. 1209d64da3SSean Eric Fagan * 3. All advertising materials mentioning features or use of this software 1309d64da3SSean Eric Fagan * must display the following acknowledgement: 1409d64da3SSean Eric Fagan * This product includes software developed by Sean Eric Fagan 1509d64da3SSean Eric Fagan * 4. Neither the name of the author may be used to endorse or promote 1609d64da3SSean Eric Fagan * products derived from this software without specific prior written 1709d64da3SSean Eric Fagan * permission. 1809d64da3SSean Eric Fagan * 1909d64da3SSean Eric Fagan * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 2009d64da3SSean Eric Fagan * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 2109d64da3SSean Eric Fagan * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 2209d64da3SSean Eric Fagan * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 2309d64da3SSean Eric Fagan * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 2409d64da3SSean Eric Fagan * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 2509d64da3SSean Eric Fagan * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 2609d64da3SSean Eric Fagan * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 2709d64da3SSean Eric Fagan * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 2809d64da3SSean Eric Fagan * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 2909d64da3SSean Eric Fagan * SUCH DAMAGE. 3009d64da3SSean Eric Fagan */ 3109d64da3SSean Eric Fagan 32b956c13cSPhilippe Charnier #include <sys/cdefs.h> 33b956c13cSPhilippe Charnier __FBSDID("$FreeBSD$"); 343cf51049SPhilippe Charnier 3509d64da3SSean Eric Fagan /* 36bbeaf6c0SSean Eric Fagan * Various setup functions for truss. Not the cleanest-written code, 37bbeaf6c0SSean Eric Fagan * I'm afraid. 38bbeaf6c0SSean Eric Fagan */ 39bbeaf6c0SSean Eric Fagan 405d2d083cSXin LI #include <sys/ptrace.h> 412b75c8adSJohn Baldwin #include <sys/sysctl.h> 42580e0a2bSDag-Erling Smørgrav #include <sys/wait.h> 43580e0a2bSDag-Erling Smørgrav 442b75c8adSJohn Baldwin #include <assert.h> 453cf51049SPhilippe Charnier #include <err.h> 46821df508SXin LI #include <errno.h> 473cf51049SPhilippe Charnier #include <signal.h> 48*9289f547SJohn Baldwin #include <stdbool.h> 492b75c8adSJohn Baldwin #include <stdint.h> 50bbeaf6c0SSean Eric Fagan #include <stdio.h> 51bbeaf6c0SSean Eric Fagan #include <stdlib.h> 52821df508SXin LI #include <string.h> 53a5f14abfSJohn Baldwin #include <sysdecode.h> 54821df508SXin LI #include <time.h> 55bbeaf6c0SSean Eric Fagan #include <unistd.h> 56bbeaf6c0SSean Eric Fagan 57ec0bed25SMatthew N. Dodd #include "truss.h" 582b75c8adSJohn Baldwin #include "syscall.h" 591be5d704SMark Murray #include "extern.h" 601be5d704SMark Murray 612b75c8adSJohn Baldwin SET_DECLARE(procabi, struct procabi); 622b75c8adSJohn Baldwin 63896fc463SAndrey Zonov static sig_atomic_t detaching; 64bbeaf6c0SSean Eric Fagan 65b9befd33SJohn Baldwin static void enter_syscall(struct trussinfo *, struct threadinfo *, 66b9befd33SJohn Baldwin struct ptrace_lwpinfo *); 67b9befd33SJohn Baldwin static void new_proc(struct trussinfo *, pid_t, lwpid_t); 682b75c8adSJohn Baldwin 69bbeaf6c0SSean Eric Fagan /* 70bbeaf6c0SSean Eric Fagan * setup_and_wait() is called to start a process. All it really does 712b75c8adSJohn Baldwin * is fork(), enable tracing in the child, and then exec the given 722b75c8adSJohn Baldwin * command. At that point, the child process stops, and the parent 732b75c8adSJohn Baldwin * can wake up and deal with it. 74bbeaf6c0SSean Eric Fagan */ 752b75c8adSJohn Baldwin void 762b75c8adSJohn Baldwin setup_and_wait(struct trussinfo *info, char *command[]) 775321ae86SAlfred Perlstein { 78be305c9cSAndrey Zonov pid_t pid; 79bbeaf6c0SSean Eric Fagan 805d2d083cSXin LI pid = vfork(); 8194355cfdSAndrey Zonov if (pid == -1) 821fd98d7dSDag-Erling Smørgrav err(1, "fork failed"); 83bbeaf6c0SSean Eric Fagan if (pid == 0) { /* Child */ 845d2d083cSXin LI ptrace(PT_TRACE_ME, 0, 0, 0); 85bbeaf6c0SSean Eric Fagan execvp(command[0], command); 865d2d083cSXin LI err(1, "execvp %s", command[0]); 87bbeaf6c0SSean Eric Fagan } 885d2d083cSXin LI 89bbeaf6c0SSean Eric Fagan /* Only in the parent here */ 90310da894SAndrey Zonov if (waitpid(pid, NULL, 0) < 0) 915d2d083cSXin LI err(1, "unexpect stop in waitpid"); 92bbeaf6c0SSean Eric Fagan 93b9befd33SJohn Baldwin new_proc(info, pid, 0); 94bbeaf6c0SSean Eric Fagan } 95bbeaf6c0SSean Eric Fagan 96bbeaf6c0SSean Eric Fagan /* 972b75c8adSJohn Baldwin * start_tracing is called to attach to an existing process. 98bbeaf6c0SSean Eric Fagan */ 992b75c8adSJohn Baldwin void 1002b75c8adSJohn Baldwin start_tracing(struct trussinfo *info, pid_t pid) 1015321ae86SAlfred Perlstein { 102310da894SAndrey Zonov int ret, retry; 1035321ae86SAlfred Perlstein 10494355cfdSAndrey Zonov retry = 10; 1055d2d083cSXin LI do { 1065d2d083cSXin LI ret = ptrace(PT_ATTACH, pid, NULL, 0); 1075d2d083cSXin LI usleep(200); 1085d2d083cSXin LI } while (ret && retry-- > 0); 1095d2d083cSXin LI if (ret) 1105d2d083cSXin LI err(1, "can not attach to target process"); 11120fa828fSSean Eric Fagan 112310da894SAndrey Zonov if (waitpid(pid, NULL, 0) < 0) 1135d2d083cSXin LI err(1, "Unexpect stop in waitpid"); 114bbeaf6c0SSean Eric Fagan 115b9befd33SJohn Baldwin new_proc(info, pid, 0); 116bbeaf6c0SSean Eric Fagan } 117bbeaf6c0SSean Eric Fagan 118bbeaf6c0SSean Eric Fagan /* 119bbeaf6c0SSean Eric Fagan * Restore a process back to it's pre-truss state. 120bbeaf6c0SSean Eric Fagan * Called for SIGINT, SIGTERM, SIGQUIT. This only 121bbeaf6c0SSean Eric Fagan * applies if truss was told to monitor an already-existing 122bbeaf6c0SSean Eric Fagan * process. 123bbeaf6c0SSean Eric Fagan */ 124bbeaf6c0SSean Eric Fagan void 1255d2d083cSXin LI restore_proc(int signo __unused) 1265d2d083cSXin LI { 127896fc463SAndrey Zonov 128896fc463SAndrey Zonov detaching = 1; 129896fc463SAndrey Zonov } 130896fc463SAndrey Zonov 1312b75c8adSJohn Baldwin static void 132896fc463SAndrey Zonov detach_proc(pid_t pid) 133896fc463SAndrey Zonov { 134bbeaf6c0SSean Eric Fagan 1355d2d083cSXin LI /* stop the child so that we can detach */ 136896fc463SAndrey Zonov kill(pid, SIGSTOP); 1372b75c8adSJohn Baldwin if (waitpid(pid, NULL, 0) < 0) 1385d2d083cSXin LI err(1, "Unexpected stop in waitpid"); 1395d2d083cSXin LI 140896fc463SAndrey Zonov if (ptrace(PT_DETACH, pid, (caddr_t)1, 0) < 0) 1415d2d083cSXin LI err(1, "Can not detach the process"); 1425d2d083cSXin LI 143896fc463SAndrey Zonov kill(pid, SIGCONT); 144bbeaf6c0SSean Eric Fagan } 1455d2d083cSXin LI 1465d2d083cSXin LI /* 1472b75c8adSJohn Baldwin * Determine the ABI. This is called after every exec, and when 1482b75c8adSJohn Baldwin * a process is first monitored. 1492b75c8adSJohn Baldwin */ 1502b75c8adSJohn Baldwin static struct procabi * 1512b75c8adSJohn Baldwin find_abi(pid_t pid) 1522b75c8adSJohn Baldwin { 1532b75c8adSJohn Baldwin struct procabi **pabi; 1542b75c8adSJohn Baldwin size_t len; 1552b75c8adSJohn Baldwin int error; 1562b75c8adSJohn Baldwin int mib[4]; 1572b75c8adSJohn Baldwin char progt[32]; 1582b75c8adSJohn Baldwin 1592b75c8adSJohn Baldwin len = sizeof(progt); 1602b75c8adSJohn Baldwin mib[0] = CTL_KERN; 1612b75c8adSJohn Baldwin mib[1] = KERN_PROC; 1622b75c8adSJohn Baldwin mib[2] = KERN_PROC_SV_NAME; 1632b75c8adSJohn Baldwin mib[3] = pid; 1642b75c8adSJohn Baldwin error = sysctl(mib, 4, progt, &len, NULL, 0); 1652b75c8adSJohn Baldwin if (error != 0) 1662b75c8adSJohn Baldwin err(2, "can not get sysvec name"); 1672b75c8adSJohn Baldwin 1682b75c8adSJohn Baldwin SET_FOREACH(pabi, procabi) { 1692b75c8adSJohn Baldwin if (strcmp((*pabi)->type, progt) == 0) 1702b75c8adSJohn Baldwin return (*pabi); 1712b75c8adSJohn Baldwin } 1722b75c8adSJohn Baldwin warnx("ABI %s for pid %ld is not supported", progt, (long)pid); 1732b75c8adSJohn Baldwin return (NULL); 1742b75c8adSJohn Baldwin } 1752b75c8adSJohn Baldwin 176b9befd33SJohn Baldwin static struct threadinfo * 177b9befd33SJohn Baldwin new_thread(struct procinfo *p, lwpid_t lwpid) 178b9befd33SJohn Baldwin { 179b9befd33SJohn Baldwin struct threadinfo *nt; 180b9befd33SJohn Baldwin 181b9befd33SJohn Baldwin /* 182b9befd33SJohn Baldwin * If this happens it means there is a bug in truss. Unfortunately 183b9befd33SJohn Baldwin * this will kill any processes truss is attached to. 184b9befd33SJohn Baldwin */ 185b9befd33SJohn Baldwin LIST_FOREACH(nt, &p->threadlist, entries) { 186b9befd33SJohn Baldwin if (nt->tid == lwpid) 187b9befd33SJohn Baldwin errx(1, "Duplicate thread for LWP %ld", (long)lwpid); 188b9befd33SJohn Baldwin } 189b9befd33SJohn Baldwin 190b9befd33SJohn Baldwin nt = calloc(1, sizeof(struct threadinfo)); 191b9befd33SJohn Baldwin if (nt == NULL) 192b9befd33SJohn Baldwin err(1, "calloc() failed"); 193b9befd33SJohn Baldwin nt->proc = p; 194b9befd33SJohn Baldwin nt->tid = lwpid; 195b9befd33SJohn Baldwin LIST_INSERT_HEAD(&p->threadlist, nt, entries); 196b9befd33SJohn Baldwin return (nt); 197b9befd33SJohn Baldwin } 198b9befd33SJohn Baldwin 1992b75c8adSJohn Baldwin static void 200b9befd33SJohn Baldwin free_thread(struct threadinfo *t) 201b9befd33SJohn Baldwin { 202b9befd33SJohn Baldwin 203b9befd33SJohn Baldwin LIST_REMOVE(t, entries); 204b9befd33SJohn Baldwin free(t); 205b9befd33SJohn Baldwin } 206b9befd33SJohn Baldwin 207b9befd33SJohn Baldwin static void 208b9befd33SJohn Baldwin add_threads(struct trussinfo *info, struct procinfo *p) 209b9befd33SJohn Baldwin { 210b9befd33SJohn Baldwin struct ptrace_lwpinfo pl; 211b9befd33SJohn Baldwin struct threadinfo *t; 212b9befd33SJohn Baldwin lwpid_t *lwps; 213b9befd33SJohn Baldwin int i, nlwps; 214b9befd33SJohn Baldwin 215b9befd33SJohn Baldwin nlwps = ptrace(PT_GETNUMLWPS, p->pid, NULL, 0); 216b9befd33SJohn Baldwin if (nlwps == -1) 217b9befd33SJohn Baldwin err(1, "Unable to fetch number of LWPs"); 218b9befd33SJohn Baldwin assert(nlwps > 0); 219b9befd33SJohn Baldwin lwps = calloc(nlwps, sizeof(*lwps)); 220b9befd33SJohn Baldwin nlwps = ptrace(PT_GETLWPLIST, p->pid, (caddr_t)lwps, nlwps); 221b9befd33SJohn Baldwin if (nlwps == -1) 222b9befd33SJohn Baldwin err(1, "Unable to fetch LWP list"); 223b9befd33SJohn Baldwin for (i = 0; i < nlwps; i++) { 224b9befd33SJohn Baldwin t = new_thread(p, lwps[i]); 225b9befd33SJohn Baldwin if (ptrace(PT_LWPINFO, lwps[i], (caddr_t)&pl, sizeof(pl)) == -1) 226b9befd33SJohn Baldwin err(1, "ptrace(PT_LWPINFO)"); 2270f21f528SBaptiste Daroussin if (pl.pl_flags & PL_FLAG_SCE) { 2280f21f528SBaptiste Daroussin info->curthread = t; 229b9befd33SJohn Baldwin enter_syscall(info, t, &pl); 230b9befd33SJohn Baldwin } 2310f21f528SBaptiste Daroussin } 232b9befd33SJohn Baldwin free(lwps); 233b9befd33SJohn Baldwin } 234b9befd33SJohn Baldwin 235b9befd33SJohn Baldwin static void 236b9befd33SJohn Baldwin new_proc(struct trussinfo *info, pid_t pid, lwpid_t lwpid) 2372b75c8adSJohn Baldwin { 2382b75c8adSJohn Baldwin struct procinfo *np; 2392b75c8adSJohn Baldwin 2402b75c8adSJohn Baldwin /* 2412b75c8adSJohn Baldwin * If this happens it means there is a bug in truss. Unfortunately 242b9befd33SJohn Baldwin * this will kill any processes truss is attached to. 2432b75c8adSJohn Baldwin */ 2442b75c8adSJohn Baldwin LIST_FOREACH(np, &info->proclist, entries) { 2452b75c8adSJohn Baldwin if (np->pid == pid) 2462b75c8adSJohn Baldwin errx(1, "Duplicate process for pid %ld", (long)pid); 2472b75c8adSJohn Baldwin } 2482b75c8adSJohn Baldwin 2492b75c8adSJohn Baldwin if (info->flags & FOLLOWFORKS) 2502b75c8adSJohn Baldwin if (ptrace(PT_FOLLOW_FORK, pid, NULL, 1) == -1) 2512b75c8adSJohn Baldwin err(1, "Unable to follow forks for pid %ld", (long)pid); 252b9befd33SJohn Baldwin if (ptrace(PT_LWP_EVENTS, pid, NULL, 1) == -1) 253b9befd33SJohn Baldwin err(1, "Unable to enable LWP events for pid %ld", (long)pid); 2542b75c8adSJohn Baldwin np = calloc(1, sizeof(struct procinfo)); 2552b75c8adSJohn Baldwin np->pid = pid; 2562b75c8adSJohn Baldwin np->abi = find_abi(pid); 257b9befd33SJohn Baldwin LIST_INIT(&np->threadlist); 2582b75c8adSJohn Baldwin LIST_INSERT_HEAD(&info->proclist, np, entries); 259b9befd33SJohn Baldwin 260b9befd33SJohn Baldwin if (lwpid != 0) 261b9befd33SJohn Baldwin new_thread(np, lwpid); 262b9befd33SJohn Baldwin else 263b9befd33SJohn Baldwin add_threads(info, np); 2642b75c8adSJohn Baldwin } 2652b75c8adSJohn Baldwin 2662b75c8adSJohn Baldwin static void 2672b75c8adSJohn Baldwin free_proc(struct procinfo *p) 2682b75c8adSJohn Baldwin { 2692b75c8adSJohn Baldwin struct threadinfo *t, *t2; 2702b75c8adSJohn Baldwin 271b9befd33SJohn Baldwin LIST_FOREACH_SAFE(t, &p->threadlist, entries, t2) { 2722b75c8adSJohn Baldwin free(t); 2732b75c8adSJohn Baldwin } 2742b75c8adSJohn Baldwin LIST_REMOVE(p, entries); 2752b75c8adSJohn Baldwin free(p); 2762b75c8adSJohn Baldwin } 2772b75c8adSJohn Baldwin 2782b75c8adSJohn Baldwin static void 2792b75c8adSJohn Baldwin detach_all_procs(struct trussinfo *info) 2802b75c8adSJohn Baldwin { 2812b75c8adSJohn Baldwin struct procinfo *p, *p2; 2822b75c8adSJohn Baldwin 2832b75c8adSJohn Baldwin LIST_FOREACH_SAFE(p, &info->proclist, entries, p2) { 2842b75c8adSJohn Baldwin detach_proc(p->pid); 2852b75c8adSJohn Baldwin free_proc(p); 2862b75c8adSJohn Baldwin } 2872b75c8adSJohn Baldwin } 2882b75c8adSJohn Baldwin 2892b75c8adSJohn Baldwin static struct procinfo * 2902b75c8adSJohn Baldwin find_proc(struct trussinfo *info, pid_t pid) 2912b75c8adSJohn Baldwin { 2922b75c8adSJohn Baldwin struct procinfo *np; 2932b75c8adSJohn Baldwin 2942b75c8adSJohn Baldwin LIST_FOREACH(np, &info->proclist, entries) { 2952b75c8adSJohn Baldwin if (np->pid == pid) 2962b75c8adSJohn Baldwin return (np); 2972b75c8adSJohn Baldwin } 2982b75c8adSJohn Baldwin 2992b75c8adSJohn Baldwin return (NULL); 3002b75c8adSJohn Baldwin } 3012b75c8adSJohn Baldwin 3022b75c8adSJohn Baldwin /* 3032b75c8adSJohn Baldwin * Change curthread member based on (pid, lwpid). 3045d2d083cSXin LI */ 3055d2d083cSXin LI static void 3062b75c8adSJohn Baldwin find_thread(struct trussinfo *info, pid_t pid, lwpid_t lwpid) 3075d2d083cSXin LI { 3082b75c8adSJohn Baldwin struct procinfo *np; 3092b75c8adSJohn Baldwin struct threadinfo *nt; 31094355cfdSAndrey Zonov 3112b75c8adSJohn Baldwin np = find_proc(info, pid); 3122b75c8adSJohn Baldwin assert(np != NULL); 3132b75c8adSJohn Baldwin 314b9befd33SJohn Baldwin LIST_FOREACH(nt, &np->threadlist, entries) { 3152b75c8adSJohn Baldwin if (nt->tid == lwpid) { 3162b75c8adSJohn Baldwin info->curthread = nt; 3175d2d083cSXin LI return; 3185d2d083cSXin LI } 3195d2d083cSXin LI } 320b9befd33SJohn Baldwin errx(1, "could not find thread"); 3215d2d083cSXin LI } 3225d2d083cSXin LI 3235d2d083cSXin LI /* 324b9befd33SJohn Baldwin * When a process exits, it should have exactly one thread left. 325b9befd33SJohn Baldwin * All of the other threads should have reported thread exit events. 3262b75c8adSJohn Baldwin */ 3272b75c8adSJohn Baldwin static void 3282b75c8adSJohn Baldwin find_exit_thread(struct trussinfo *info, pid_t pid) 3292b75c8adSJohn Baldwin { 330b9befd33SJohn Baldwin struct procinfo *p; 3312b75c8adSJohn Baldwin 332b9befd33SJohn Baldwin p = find_proc(info, pid); 333b9befd33SJohn Baldwin assert(p != NULL); 3342b75c8adSJohn Baldwin 335b9befd33SJohn Baldwin info->curthread = LIST_FIRST(&p->threadlist); 336b9befd33SJohn Baldwin assert(info->curthread != NULL); 337b9befd33SJohn Baldwin assert(LIST_NEXT(info->curthread, entries) == NULL); 3382b75c8adSJohn Baldwin } 3392b75c8adSJohn Baldwin 3402b75c8adSJohn Baldwin static void 3412b75c8adSJohn Baldwin alloc_syscall(struct threadinfo *t, struct ptrace_lwpinfo *pl) 3422b75c8adSJohn Baldwin { 3432b75c8adSJohn Baldwin u_int i; 3442b75c8adSJohn Baldwin 3452b75c8adSJohn Baldwin assert(t->in_syscall == 0); 3462b75c8adSJohn Baldwin assert(t->cs.number == 0); 3472b75c8adSJohn Baldwin assert(t->cs.name == NULL); 3482b75c8adSJohn Baldwin assert(t->cs.nargs == 0); 3492b75c8adSJohn Baldwin for (i = 0; i < nitems(t->cs.s_args); i++) 3502b75c8adSJohn Baldwin assert(t->cs.s_args[i] == NULL); 3512b75c8adSJohn Baldwin memset(t->cs.args, 0, sizeof(t->cs.args)); 3522b75c8adSJohn Baldwin t->cs.number = pl->pl_syscall_code; 3532b75c8adSJohn Baldwin t->in_syscall = 1; 3542b75c8adSJohn Baldwin } 3552b75c8adSJohn Baldwin 3562b75c8adSJohn Baldwin static void 3572b75c8adSJohn Baldwin free_syscall(struct threadinfo *t) 3582b75c8adSJohn Baldwin { 3592b75c8adSJohn Baldwin u_int i; 3602b75c8adSJohn Baldwin 3612b75c8adSJohn Baldwin for (i = 0; i < t->cs.nargs; i++) 3622b75c8adSJohn Baldwin free(t->cs.s_args[i]); 3632b75c8adSJohn Baldwin memset(&t->cs, 0, sizeof(t->cs)); 3642b75c8adSJohn Baldwin t->in_syscall = 0; 3652b75c8adSJohn Baldwin } 3662b75c8adSJohn Baldwin 3672b75c8adSJohn Baldwin static void 368b9befd33SJohn Baldwin enter_syscall(struct trussinfo *info, struct threadinfo *t, 369b9befd33SJohn Baldwin struct ptrace_lwpinfo *pl) 3702b75c8adSJohn Baldwin { 3712b75c8adSJohn Baldwin struct syscall *sc; 3722b75c8adSJohn Baldwin u_int i, narg; 3732b75c8adSJohn Baldwin 3742b75c8adSJohn Baldwin alloc_syscall(t, pl); 3752b75c8adSJohn Baldwin narg = MIN(pl->pl_syscall_narg, nitems(t->cs.args)); 3762b75c8adSJohn Baldwin if (narg != 0 && t->proc->abi->fetch_args(info, narg) != 0) { 3772b75c8adSJohn Baldwin free_syscall(t); 3782b75c8adSJohn Baldwin return; 3792b75c8adSJohn Baldwin } 3802b75c8adSJohn Baldwin 381a5f14abfSJohn Baldwin t->cs.name = sysdecode_syscallname(t->proc->abi->abi, t->cs.number); 3822b75c8adSJohn Baldwin if (t->cs.name == NULL) 3832b75c8adSJohn Baldwin fprintf(info->outfile, "-- UNKNOWN %s SYSCALL %d --\n", 3842b75c8adSJohn Baldwin t->proc->abi->type, t->cs.number); 3852b75c8adSJohn Baldwin 3866c61b0f3SBryan Drewery sc = get_syscall(t->cs.name, narg); 3872b75c8adSJohn Baldwin t->cs.nargs = sc->nargs; 3882b75c8adSJohn Baldwin assert(sc->nargs <= nitems(t->cs.s_args)); 3892b75c8adSJohn Baldwin 3902b75c8adSJohn Baldwin t->cs.sc = sc; 3912b75c8adSJohn Baldwin 3922b75c8adSJohn Baldwin /* 3932b75c8adSJohn Baldwin * At this point, we set up the system call arguments. 3942b75c8adSJohn Baldwin * We ignore any OUT ones, however -- those are arguments that 3952b75c8adSJohn Baldwin * are set by the system call, and so are probably meaningless 3962b75c8adSJohn Baldwin * now. This doesn't currently support arguments that are 3972b75c8adSJohn Baldwin * passed in *and* out, however. 3982b75c8adSJohn Baldwin */ 3992b75c8adSJohn Baldwin if (t->cs.name != NULL) { 4002b75c8adSJohn Baldwin #if DEBUG 4012b75c8adSJohn Baldwin fprintf(stderr, "syscall %s(", t->cs.name); 4022b75c8adSJohn Baldwin #endif 4032b75c8adSJohn Baldwin for (i = 0; i < t->cs.nargs; i++) { 4042b75c8adSJohn Baldwin #if DEBUG 4052b75c8adSJohn Baldwin fprintf(stderr, "0x%lx%s", sc ? 4062b75c8adSJohn Baldwin t->cs.args[sc->args[i].offset] : t->cs.args[i], 4072b75c8adSJohn Baldwin i < (t->cs.nargs - 1) ? "," : ""); 4082b75c8adSJohn Baldwin #endif 4096c61b0f3SBryan Drewery if (!(sc->args[i].type & OUT)) { 4102b75c8adSJohn Baldwin t->cs.s_args[i] = print_arg(&sc->args[i], 4112b75c8adSJohn Baldwin t->cs.args, 0, info); 4122b75c8adSJohn Baldwin } 4132b75c8adSJohn Baldwin } 4142b75c8adSJohn Baldwin #if DEBUG 4152b75c8adSJohn Baldwin fprintf(stderr, ")\n"); 4162b75c8adSJohn Baldwin #endif 4172b75c8adSJohn Baldwin } 4182b75c8adSJohn Baldwin 4192b75c8adSJohn Baldwin clock_gettime(CLOCK_REALTIME, &t->before); 4202b75c8adSJohn Baldwin } 4212b75c8adSJohn Baldwin 422b9befd33SJohn Baldwin /* 423b9befd33SJohn Baldwin * When a thread exits voluntarily (including when a thread calls 424b9befd33SJohn Baldwin * exit() to trigger a process exit), the thread's internal state 425b9befd33SJohn Baldwin * holds the arguments passed to the exit system call. When the 426b9befd33SJohn Baldwin * thread's exit is reported, log that system call without a return 427b9befd33SJohn Baldwin * value. 428b9befd33SJohn Baldwin */ 429b9befd33SJohn Baldwin static void 430b9befd33SJohn Baldwin thread_exit_syscall(struct trussinfo *info) 431b9befd33SJohn Baldwin { 432b9befd33SJohn Baldwin struct threadinfo *t; 433b9befd33SJohn Baldwin 434b9befd33SJohn Baldwin t = info->curthread; 435b9befd33SJohn Baldwin if (!t->in_syscall) 436b9befd33SJohn Baldwin return; 437b9befd33SJohn Baldwin 438b9befd33SJohn Baldwin clock_gettime(CLOCK_REALTIME, &t->after); 439b9befd33SJohn Baldwin 440b9befd33SJohn Baldwin print_syscall_ret(info, 0, NULL); 441b9befd33SJohn Baldwin free_syscall(t); 442b9befd33SJohn Baldwin } 443b9befd33SJohn Baldwin 4442b75c8adSJohn Baldwin static void 4452b75c8adSJohn Baldwin exit_syscall(struct trussinfo *info, struct ptrace_lwpinfo *pl) 4462b75c8adSJohn Baldwin { 4472b75c8adSJohn Baldwin struct threadinfo *t; 4482b75c8adSJohn Baldwin struct procinfo *p; 4492b75c8adSJohn Baldwin struct syscall *sc; 4502b75c8adSJohn Baldwin long retval[2]; 4512b75c8adSJohn Baldwin u_int i; 4522b75c8adSJohn Baldwin int errorp; 4532b75c8adSJohn Baldwin 4542b75c8adSJohn Baldwin t = info->curthread; 4552b75c8adSJohn Baldwin if (!t->in_syscall) 4562b75c8adSJohn Baldwin return; 4572b75c8adSJohn Baldwin 4582b75c8adSJohn Baldwin clock_gettime(CLOCK_REALTIME, &t->after); 4592b75c8adSJohn Baldwin p = t->proc; 4602b75c8adSJohn Baldwin if (p->abi->fetch_retval(info, retval, &errorp) < 0) { 4612b75c8adSJohn Baldwin free_syscall(t); 4622b75c8adSJohn Baldwin return; 4632b75c8adSJohn Baldwin } 4642b75c8adSJohn Baldwin 4652b75c8adSJohn Baldwin sc = t->cs.sc; 4662b75c8adSJohn Baldwin /* 4672b75c8adSJohn Baldwin * Here, we only look for arguments that have OUT masked in -- 4682b75c8adSJohn Baldwin * otherwise, they were handled in enter_syscall(). 4692b75c8adSJohn Baldwin */ 4702b75c8adSJohn Baldwin for (i = 0; i < sc->nargs; i++) { 4712b75c8adSJohn Baldwin char *temp; 4722b75c8adSJohn Baldwin 4732b75c8adSJohn Baldwin if (sc->args[i].type & OUT) { 4742b75c8adSJohn Baldwin /* 4752b75c8adSJohn Baldwin * If an error occurred, then don't bother 4762b75c8adSJohn Baldwin * getting the data; it may not be valid. 4772b75c8adSJohn Baldwin */ 4782b75c8adSJohn Baldwin if (errorp) { 4792b75c8adSJohn Baldwin asprintf(&temp, "0x%lx", 4802b75c8adSJohn Baldwin t->cs.args[sc->args[i].offset]); 4812b75c8adSJohn Baldwin } else { 4822b75c8adSJohn Baldwin temp = print_arg(&sc->args[i], 4832b75c8adSJohn Baldwin t->cs.args, retval, info); 4842b75c8adSJohn Baldwin } 4852b75c8adSJohn Baldwin t->cs.s_args[i] = temp; 4862b75c8adSJohn Baldwin } 4872b75c8adSJohn Baldwin } 4882b75c8adSJohn Baldwin 48900ddbdf2SJohn Baldwin print_syscall_ret(info, errorp, retval); 4902b75c8adSJohn Baldwin free_syscall(t); 4912b75c8adSJohn Baldwin 4922b75c8adSJohn Baldwin /* 4932b75c8adSJohn Baldwin * If the process executed a new image, check the ABI. If the 4942b75c8adSJohn Baldwin * new ABI isn't supported, stop tracing this process. 4952b75c8adSJohn Baldwin */ 4962b75c8adSJohn Baldwin if (pl->pl_flags & PL_FLAG_EXEC) { 497b9befd33SJohn Baldwin assert(LIST_NEXT(LIST_FIRST(&p->threadlist), entries) == NULL); 4982b75c8adSJohn Baldwin p->abi = find_abi(p->pid); 4992b75c8adSJohn Baldwin if (p->abi == NULL) { 5002b75c8adSJohn Baldwin if (ptrace(PT_DETACH, p->pid, (caddr_t)1, 0) < 0) 5012b75c8adSJohn Baldwin err(1, "Can not detach the process"); 5022b75c8adSJohn Baldwin free_proc(p); 5032b75c8adSJohn Baldwin } 5042b75c8adSJohn Baldwin } 5052b75c8adSJohn Baldwin } 5062b75c8adSJohn Baldwin 507d70876fdSJohn Baldwin int 508d70876fdSJohn Baldwin print_line_prefix(struct trussinfo *info) 509d70876fdSJohn Baldwin { 510d70876fdSJohn Baldwin struct timespec timediff; 511d70876fdSJohn Baldwin struct threadinfo *t; 512d70876fdSJohn Baldwin int len; 513d70876fdSJohn Baldwin 514d70876fdSJohn Baldwin len = 0; 515d70876fdSJohn Baldwin t = info->curthread; 516d70876fdSJohn Baldwin if (info->flags & (FOLLOWFORKS | DISPLAYTIDS)) { 517d70876fdSJohn Baldwin if (info->flags & FOLLOWFORKS) 518d70876fdSJohn Baldwin len += fprintf(info->outfile, "%5d", t->proc->pid); 519d70876fdSJohn Baldwin if ((info->flags & (FOLLOWFORKS | DISPLAYTIDS)) == 520d70876fdSJohn Baldwin (FOLLOWFORKS | DISPLAYTIDS)) 521d70876fdSJohn Baldwin len += fprintf(info->outfile, " "); 522d70876fdSJohn Baldwin if (info->flags & DISPLAYTIDS) 523d70876fdSJohn Baldwin len += fprintf(info->outfile, "%6d", t->tid); 524d70876fdSJohn Baldwin len += fprintf(info->outfile, ": "); 525d70876fdSJohn Baldwin } 526d70876fdSJohn Baldwin if (info->flags & ABSOLUTETIMESTAMPS) { 527d70876fdSJohn Baldwin timespecsubt(&t->after, &info->start_time, &timediff); 528d70876fdSJohn Baldwin len += fprintf(info->outfile, "%jd.%09ld ", 529d70876fdSJohn Baldwin (intmax_t)timediff.tv_sec, timediff.tv_nsec); 530d70876fdSJohn Baldwin } 531d70876fdSJohn Baldwin if (info->flags & RELATIVETIMESTAMPS) { 532d70876fdSJohn Baldwin timespecsubt(&t->after, &t->before, &timediff); 533d70876fdSJohn Baldwin len += fprintf(info->outfile, "%jd.%09ld ", 534d70876fdSJohn Baldwin (intmax_t)timediff.tv_sec, timediff.tv_nsec); 535d70876fdSJohn Baldwin } 536d70876fdSJohn Baldwin return (len); 537d70876fdSJohn Baldwin } 538d70876fdSJohn Baldwin 5392b75c8adSJohn Baldwin static void 540b9befd33SJohn Baldwin report_thread_death(struct trussinfo *info) 541b9befd33SJohn Baldwin { 542b9befd33SJohn Baldwin struct threadinfo *t; 543b9befd33SJohn Baldwin 544b9befd33SJohn Baldwin t = info->curthread; 545b9befd33SJohn Baldwin clock_gettime(CLOCK_REALTIME, &t->after); 546b9befd33SJohn Baldwin print_line_prefix(info); 547b9befd33SJohn Baldwin fprintf(info->outfile, "<thread %ld exited>\n", (long)t->tid); 548b9befd33SJohn Baldwin } 549b9befd33SJohn Baldwin 550b9befd33SJohn Baldwin static void 551b9befd33SJohn Baldwin report_thread_birth(struct trussinfo *info) 552b9befd33SJohn Baldwin { 553b9befd33SJohn Baldwin struct threadinfo *t; 554b9befd33SJohn Baldwin 555b9befd33SJohn Baldwin t = info->curthread; 556b9befd33SJohn Baldwin clock_gettime(CLOCK_REALTIME, &t->after); 557b9befd33SJohn Baldwin t->before = t->after; 558b9befd33SJohn Baldwin print_line_prefix(info); 559b9befd33SJohn Baldwin fprintf(info->outfile, "<new thread %ld>\n", (long)t->tid); 560b9befd33SJohn Baldwin } 561b9befd33SJohn Baldwin 562b9befd33SJohn Baldwin static void 5632b75c8adSJohn Baldwin report_exit(struct trussinfo *info, siginfo_t *si) 5642b75c8adSJohn Baldwin { 565d70876fdSJohn Baldwin struct threadinfo *t; 5662b75c8adSJohn Baldwin 567d70876fdSJohn Baldwin t = info->curthread; 568d70876fdSJohn Baldwin clock_gettime(CLOCK_REALTIME, &t->after); 569d70876fdSJohn Baldwin print_line_prefix(info); 5702b75c8adSJohn Baldwin if (si->si_code == CLD_EXITED) 5712b75c8adSJohn Baldwin fprintf(info->outfile, "process exit, rval = %u\n", 5722b75c8adSJohn Baldwin si->si_status); 5732b75c8adSJohn Baldwin else 5742b75c8adSJohn Baldwin fprintf(info->outfile, "process killed, signal = %u%s\n", 5752b75c8adSJohn Baldwin si->si_status, si->si_code == CLD_DUMPED ? 5762b75c8adSJohn Baldwin " (core dumped)" : ""); 5772b75c8adSJohn Baldwin } 5782b75c8adSJohn Baldwin 5792b75c8adSJohn Baldwin static void 580d70876fdSJohn Baldwin report_new_child(struct trussinfo *info) 5812b75c8adSJohn Baldwin { 582d70876fdSJohn Baldwin struct threadinfo *t; 5832b75c8adSJohn Baldwin 584d70876fdSJohn Baldwin t = info->curthread; 585d70876fdSJohn Baldwin clock_gettime(CLOCK_REALTIME, &t->after); 586d70876fdSJohn Baldwin t->before = t->after; 587d70876fdSJohn Baldwin print_line_prefix(info); 5882b75c8adSJohn Baldwin fprintf(info->outfile, "<new process>\n"); 5892b75c8adSJohn Baldwin } 5902b75c8adSJohn Baldwin 5912b75c8adSJohn Baldwin static void 5922b75c8adSJohn Baldwin report_signal(struct trussinfo *info, siginfo_t *si) 5932b75c8adSJohn Baldwin { 594d70876fdSJohn Baldwin struct threadinfo *t; 595*9289f547SJohn Baldwin const char *signame; 5962b75c8adSJohn Baldwin 597d70876fdSJohn Baldwin t = info->curthread; 598d70876fdSJohn Baldwin clock_gettime(CLOCK_REALTIME, &t->after); 599d70876fdSJohn Baldwin print_line_prefix(info); 600*9289f547SJohn Baldwin signame = sysdecode_signal(si->si_status); 601*9289f547SJohn Baldwin if (signame == NULL) 602*9289f547SJohn Baldwin signame = "?"; 603*9289f547SJohn Baldwin fprintf(info->outfile, "SIGNAL %u (%s)\n", si->si_status, signame); 6042b75c8adSJohn Baldwin } 6052b75c8adSJohn Baldwin 6062b75c8adSJohn Baldwin /* 6072b75c8adSJohn Baldwin * Wait for events until all the processes have exited or truss has been 6082b75c8adSJohn Baldwin * asked to stop. 6095d2d083cSXin LI */ 6105d2d083cSXin LI void 6112b75c8adSJohn Baldwin eventloop(struct trussinfo *info) 6125d2d083cSXin LI { 6132b75c8adSJohn Baldwin struct ptrace_lwpinfo pl; 6142b75c8adSJohn Baldwin siginfo_t si; 6152b75c8adSJohn Baldwin int pending_signal; 6165d2d083cSXin LI 6172b75c8adSJohn Baldwin while (!LIST_EMPTY(&info->proclist)) { 618896fc463SAndrey Zonov if (detaching) { 6192b75c8adSJohn Baldwin detach_all_procs(info); 620896fc463SAndrey Zonov return; 621896fc463SAndrey Zonov } 622896fc463SAndrey Zonov 6232b75c8adSJohn Baldwin if (waitid(P_ALL, 0, &si, WTRAPPED | WEXITED) == -1) { 624896fc463SAndrey Zonov if (errno == EINTR) 6252b75c8adSJohn Baldwin continue; 6262b75c8adSJohn Baldwin err(1, "Unexpected error from waitid"); 627896fc463SAndrey Zonov } 6285d2d083cSXin LI 6292b75c8adSJohn Baldwin assert(si.si_signo == SIGCHLD); 6302b75c8adSJohn Baldwin 6312b75c8adSJohn Baldwin switch (si.si_code) { 6322b75c8adSJohn Baldwin case CLD_EXITED: 6332b75c8adSJohn Baldwin case CLD_KILLED: 6342b75c8adSJohn Baldwin case CLD_DUMPED: 6352b75c8adSJohn Baldwin find_exit_thread(info, si.si_pid); 636b9befd33SJohn Baldwin if ((info->flags & COUNTONLY) == 0) { 637b9befd33SJohn Baldwin if (si.si_code == CLD_EXITED) 638b9befd33SJohn Baldwin thread_exit_syscall(info); 6392b75c8adSJohn Baldwin report_exit(info, &si); 640b9befd33SJohn Baldwin } 6412b75c8adSJohn Baldwin free_proc(info->curthread->proc); 6422b75c8adSJohn Baldwin info->curthread = NULL; 6435d2d083cSXin LI break; 6442b75c8adSJohn Baldwin case CLD_TRAPPED: 6452b75c8adSJohn Baldwin if (ptrace(PT_LWPINFO, si.si_pid, (caddr_t)&pl, 6462b75c8adSJohn Baldwin sizeof(pl)) == -1) 6472b75c8adSJohn Baldwin err(1, "ptrace(PT_LWPINFO)"); 6482b75c8adSJohn Baldwin 6492b75c8adSJohn Baldwin if (pl.pl_flags & PL_FLAG_CHILD) { 650b9befd33SJohn Baldwin new_proc(info, si.si_pid, pl.pl_lwpid); 6512b75c8adSJohn Baldwin assert(LIST_FIRST(&info->proclist)->abi != 6522b75c8adSJohn Baldwin NULL); 653b9befd33SJohn Baldwin } else if (pl.pl_flags & PL_FLAG_BORN) 654b9befd33SJohn Baldwin new_thread(find_proc(info, si.si_pid), 655b9befd33SJohn Baldwin pl.pl_lwpid); 6562b75c8adSJohn Baldwin find_thread(info, si.si_pid, pl.pl_lwpid); 6572b75c8adSJohn Baldwin 65894746562SBryan Drewery if (si.si_status == SIGTRAP && 659b9befd33SJohn Baldwin (pl.pl_flags & (PL_FLAG_BORN|PL_FLAG_EXITED| 660b9befd33SJohn Baldwin PL_FLAG_SCE|PL_FLAG_SCX)) != 0) { 661b9befd33SJohn Baldwin if (pl.pl_flags & PL_FLAG_BORN) { 662b9befd33SJohn Baldwin if ((info->flags & COUNTONLY) == 0) 663b9befd33SJohn Baldwin report_thread_birth(info); 664b9befd33SJohn Baldwin } else if (pl.pl_flags & PL_FLAG_EXITED) { 665b9befd33SJohn Baldwin if ((info->flags & COUNTONLY) == 0) 666b9befd33SJohn Baldwin report_thread_death(info); 667b9befd33SJohn Baldwin free_thread(info->curthread); 668b9befd33SJohn Baldwin info->curthread = NULL; 669b9befd33SJohn Baldwin } else if (pl.pl_flags & PL_FLAG_SCE) 670b9befd33SJohn Baldwin enter_syscall(info, info->curthread, &pl); 6712b75c8adSJohn Baldwin else if (pl.pl_flags & PL_FLAG_SCX) 6722b75c8adSJohn Baldwin exit_syscall(info, &pl); 6732b75c8adSJohn Baldwin pending_signal = 0; 6742b75c8adSJohn Baldwin } else if (pl.pl_flags & PL_FLAG_CHILD) { 6752b75c8adSJohn Baldwin if ((info->flags & COUNTONLY) == 0) 676d70876fdSJohn Baldwin report_new_child(info); 6772b75c8adSJohn Baldwin pending_signal = 0; 6782b75c8adSJohn Baldwin } else { 6792b75c8adSJohn Baldwin if ((info->flags & NOSIGS) == 0) 6802b75c8adSJohn Baldwin report_signal(info, &si); 6812b75c8adSJohn Baldwin pending_signal = si.si_status; 68297695ad4SKonstantin Belousov } 6832b75c8adSJohn Baldwin ptrace(PT_SYSCALL, si.si_pid, (caddr_t)1, 6842b75c8adSJohn Baldwin pending_signal); 6852b75c8adSJohn Baldwin break; 6862b75c8adSJohn Baldwin case CLD_STOPPED: 6872b75c8adSJohn Baldwin errx(1, "waitid reported CLD_STOPPED"); 6882b75c8adSJohn Baldwin case CLD_CONTINUED: 6895d2d083cSXin LI break; 6905d2d083cSXin LI } 6915d2d083cSXin LI } 6925d2d083cSXin LI } 693