1 /* 2 * Copryight 1997 Sean Eric Fagan 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions 6 * are met: 7 * 1. Redistributions of source code must retain the above copyright 8 * notice, this list of conditions and the following disclaimer. 9 * 2. Redistributions in binary form must reproduce the above copyright 10 * notice, this list of conditions and the following disclaimer in the 11 * documentation and/or other materials provided with the distribution. 12 * 3. All advertising materials mentioning features or use of this software 13 * must display the following acknowledgement: 14 * This product includes software developed by Sean Eric Fagan 15 * 4. Neither the name of the author may be used to endorse or promote 16 * products derived from this software without specific prior written 17 * permission. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29 * SUCH DAMAGE. 30 */ 31 32 #include <sys/cdefs.h> 33 __FBSDID("$FreeBSD$"); 34 35 /* 36 * Various setup functions for truss. Not the cleanest-written code, 37 * I'm afraid. 38 */ 39 40 #include <sys/param.h> 41 #include <sys/ioctl.h> 42 #include <sys/pioctl.h> 43 #include <sys/wait.h> 44 45 #include <err.h> 46 #include <fcntl.h> 47 #include <signal.h> 48 #include <stdio.h> 49 #include <stdlib.h> 50 #include <string.h> 51 #include <time.h> 52 #include <unistd.h> 53 54 #include "truss.h" 55 #include "extern.h" 56 57 static int evflags = 0; 58 59 /* 60 * setup_and_wait() is called to start a process. All it really does 61 * is fork(), set itself up to stop on exec or exit, and then exec 62 * the given command. At that point, the child process stops, and 63 * the parent can wake up and deal with it. 64 */ 65 66 int 67 setup_and_wait(char *command[]) { 68 struct procfs_status pfs; 69 char buf[32]; 70 int fd; 71 int pid; 72 int flags; 73 74 pid = fork(); 75 if (pid == -1) { 76 err(1, "fork failed"); 77 } 78 if (pid == 0) { /* Child */ 79 int mask = S_EXEC | S_EXIT; 80 fd = open("/proc/curproc/mem", O_WRONLY); 81 if (fd == -1) 82 err(2, "cannot open /proc/curproc/mem"); 83 fcntl(fd, F_SETFD, 1); 84 if (ioctl(fd, PIOCBIS, mask) == -1) 85 err(3, "PIOCBIS"); 86 flags = PF_LINGER; 87 /* 88 * The PF_LINGER flag tells procfs not to wake up the 89 * process on last close; normally, this is the behaviour 90 * we want. 91 */ 92 if (ioctl(fd, PIOCSFL, flags) == -1) 93 warn("cannot set PF_LINGER"); 94 execvp(command[0], command); 95 mask = ~0; 96 ioctl(fd, PIOCBIC, ~0); 97 err(4, "execvp %s", command[0]); 98 } 99 /* Only in the parent here */ 100 101 if (waitpid(pid, NULL, WNOHANG) != 0) { 102 /* 103 * Process exited before it got to us -- meaning the exec failed 104 * miserably -- so we just quietly exit. 105 */ 106 exit(1); 107 } 108 109 sprintf(buf, "/proc/%d/mem", pid); 110 if ((fd = open(buf, O_RDWR)) == -1) 111 err(5, "cannot open %s", buf); 112 if (ioctl(fd, PIOCWAIT, &pfs) == -1) 113 err(6, "PIOCWAIT"); 114 if (pfs.why == S_EXIT) { 115 warnx("process exited before exec'ing"); 116 ioctl(fd, PIOCCONT, 0); 117 wait(0); 118 exit(7); 119 } 120 close(fd); 121 return pid; 122 } 123 124 /* 125 * start_tracing picks up where setup_and_wait() dropped off -- namely, 126 * it sets the event mask for the given process id. Called for both 127 * monitoring an existing process and when we create our own. 128 */ 129 130 int 131 start_tracing(int pid, int eventflags, int flags) { 132 int fd; 133 char buf[32]; 134 struct procfs_status tmp; 135 sprintf(buf, "/proc/%d/mem", pid); 136 137 fd = open(buf, O_RDWR); 138 if (fd == -1) { 139 /* 140 * The process may have run away before we could start -- this 141 * happens with SUGID programs. So we need to see if it still 142 * exists before we complain bitterly. 143 */ 144 if (kill(pid, 0) == -1) 145 return -1; 146 err(8, "cannot open %s", buf); 147 } 148 149 if (ioctl(fd, PIOCSTATUS, &tmp) == -1) { 150 err(10, "cannot get procfs status struct"); 151 } 152 evflags = tmp.events; 153 154 if (ioctl(fd, PIOCBIS, eventflags) == -1) 155 err(9, "cannot set procfs event bit mask"); 156 157 /* 158 * This clears the PF_LINGER set above in setup_and_wait(); 159 * if truss happens to die before this, then the process 160 * needs to be woken up via procctl. 161 */ 162 163 if (ioctl(fd, PIOCSFL, flags) == -1) 164 warn("cannot clear PF_LINGER"); 165 166 return fd; 167 } 168 169 /* 170 * Restore a process back to it's pre-truss state. 171 * Called for SIGINT, SIGTERM, SIGQUIT. This only 172 * applies if truss was told to monitor an already-existing 173 * process. 174 */ 175 void 176 restore_proc(int signo __unused) { 177 178 ioctl(Procfd, PIOCBIC, ~0); 179 if (evflags) 180 ioctl(Procfd, PIOCBIS, evflags); 181 exit(0); 182 } 183