| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
286849,286857,286860,286913,286914,286937-286940,286962,286963,288405,
288406,288424,288454-288456,288625,288626,288832,288834,288950,288997,
289080:
Merge most of the recent changes to truss in HEAD. The largest effects
are that fork following now uses a single truss process (and thus truss -c
reports counts for the entire tree of processes instead of separate dumps
for each process). truss -c also reports counts for all system calls
instead of only a subset. More system call arguments are also decoded.
System calls should now report the correct number of arguments (instead
of 6), and some platforms that did not properly decode arguments might
now do so (e.g. mips64).
Changes relative to the equivalent commits to HEAD include:
- The ia64 backend was refactored similar to the other backends.
- _umtx_lock/_umtx_unlock entries were updated similar to other system
call entries.
- 10 does not have futimens(), utimensat(), EVFILT_PROCDESC, EVFILT_SENDFILE,
RLIMIT_KQUEUES, O_VERIFY, NOTE_FILE_POLL, or EV_FORCEONESHOT.
271389:
Stop accessing the saved stack pointer by looking past the end of the
array of registers.
286330:
Whitespace fix: remove some spurious spaces before commas.
286331:
Rework get_string() to make it more robust when fetching strings of unknown
length. In particular, instead of blinding fetching 1k blocks, do an initial
fetch up to the end of the current page followed by page-sized fetches up to
the maximum size. Previously if the 1k buffer crossed a page boundary and
the second page was not valid, the entire operation would fail.
286358:
Add recently added values of various flags and enumerations including
kevent filters, kevent flags, flags to mmap, seek locations, fcntl
operations, file flags, socket domains, open flags, resource limits, and
pathconf values.
286378:
Don't mark the fcntl flag argument as an output parameter so that it is
always decoded. Previously the argument was not decoded if fcntl() failed.
286380:
Decode the arguments to mkfifo() and fix an off-by-one error in the arguments
to mknod().
286381:
Decode the arguments passed to the *at() family of system calls. This is
especially useful now that libc's open() always calls openat(). While here,
fix a few other things:
- Decode the mode argument passed to access(), eaccess(), and faccessat().
- Decode the atfd paramete to pretty-print AT_FDCWD.
- Decode the special AT_* flags used with some of the *at() system calls.
- Decode arguments for fchmod(), lchmod(), fchown(), lchown(), eaccess(),
and futimens().
- Decode both of the timeval structures passed to futimes() instead of just
the first one.
286383:
Whitespace fixes to consistently use spaces before }'s and
wrap long lines.
286388:
Consistently use both leading and trailing spaces inside of the {}'s
when pretty-printing structures. Most structures used both spaces,
but some only used a trailing space and some used neither.
286848:
- Decode the arguments for several signal-related system calls: sigpending,
sigqueue, sigreturn, sigsuspend, sigtimedwait, sigwait, sigwaitinfo, and
thr_kill.
- Print signal sets as a structure (with {}'s) and in particular use this to
differentiate empty sets from a NULL pointer.
- Decode arguments for some other system calls: issetugid, pipe2, sysarch
(operations are only decoded for amd64 and i386), and thr_self.
286849:
Decode the optional SOCK_NONBLOCK and SOCK_CLOEXEC flags passed in a
socket type.
286857:
Tidy the linux_socketcall decoding:
- Don't exit if get_struct() fails, instead print the raw pointer value to
match all other argument decoding cases.
- Use an xlat table instead of a home-rolled switch for the operation name.
- Display the nested socketcall args structure as a structure instead of as
two inline arguments.
286860:
Use an xlat table and xlookup() instead of a home-rolled version for the
sigprocmask operation type.
286913:
Change the argument formatting function to use a stdio FILE object opened
with open_memstream() to build the string for each argument. This allows
for more complicated argument building without resorting to intermediate
malloc's, etc.
Related, the strsig*() functions no longer return allocated strings but
use a static global buffer instead.
286914:
Expand the decoding of kevent structures.
- Print the ident value as decimal instead of hexadecimal for filter types
that use "small" values such as file descriptors and PIDs.
- Decode NOTE_* flags in the fflags field of kevents for several system
filter types.
286937:
Use nitems().
286938:
Various style and whitespace fixes.
287939:
Always use %j with an intmax_t cast to print time_t values. time_t is
longer than long on 32-bit platforms with a 64-bit time_t.
286940:
ino_t is unsigned, so use uintmax_t instead of intmax_t when printing it.
286962:
Rework the argv and env string fetching for execve to be more robust.
Before truss would fetch 100 string pointers and happily walk off the end
of the array if it never found a NULL. This also means for a short argv
list it could fail entirely if the 100 string pointers spanned into an
unmapped page.
Instead, fetch page-aligned blocks of string pointers in a loop fetching
each string until a NULL is found.
While here, make use of the open memstream file descriptor instead of
allocating a temporary array. This allows us to fetch each string once
instead of twice.
286963:
Handle the conditional decoding of execve() argument and environment
arrays generically rather than duplicating a hack in all of the backends.
- Add two new system call argument types and use them instead of StringArray
for the argument and environment arguments execve and linux_execve.
- Honor the -a/-e flags in the handling of these new types.
- Instead of printing "<missing argument>" when the decoding is disabled,
print the raw pointer value.
288405:
Decode recently added procctl(2) operations.
288406:
Trim trailing whitespace.
288424:
Several changes to truss.
- Refactor the interface between the ABI-independent code and the
ABI-specific backends. The backends now provide smaller hooks to
fetch system call arguments and return values. The rest of the
system call entry and exit handling that was previously duplicated
among all the backends has been moved to one place.
- Merge the loop when waiting for an event with the loop for handling stops.
This also means not emulating a procfs-like interface on top of ptrace().
Instead, use a single event loop that fetches process events via waitid().
Among other things this allows us to report the full 32-bit exit value.
- Use PT_FOLLOW_FORK to follow new child processes instead of forking a new
truss process for each new child. This allows one truss process to monitor
a tree of processes and truss -c should now display one total for the
entire tree instead of separate summaries per process.
- Use the recently added fields to ptrace_lwpinfo to determine the current
system call number and argument count. The latter is especially useful
and fixes a regression since the conversion from procfs. truss now
generally prints the correct number of arguments for most system calls
rather than printing extra arguments for any call not listed in the
table in syscalls.c.
- Actually check the new ABI when processes call exec. The comments claimed
that this happened but it was not being done (perhaps this was another
regression in the conversion to ptrace()). If the new ABI after exec
is not supported, truss detaches from the process. If truss does not
support the ABI for a newly executed process the process is killed
before it returns from exec.
- Along with the refactor, teach the various ABI-specific backends to
fetch both return values, not just the first. Use this to properly
report the full 64-bit return value from lseek(). In addition, the
handler for "pipe" now pulls the pair of descriptors out of the
return values (which is the true kernel system call interface) but
displays them as an argument (which matches the interface exported by
libc).
- Each ABI handler adds entries to a linker set rather than requiring
a statically defined table of handlers in main.c.
- The arm and mips system call fetching code was changed to follow the
same pattern as amd64 (and the in-kernel handler) of fetching register
arguments first and then reading any remaining arguments from the
stack. This should fix indirect system call arguments on at least
arm.
- The mipsn32 and n64 ABIs will now look for arguments in A4 through A7.
- Use register %ebp for the 6th system call argument for Linux/i386 ABIs
to match the in-kernel argument fetch code.
- For powerpc binaries on a powerpc64 system, fetch the extra arguments
on the stack as 32-bit values that are then copied into the 64-bit
argument array instead of reading the 32-bit values directly into the
64-bit array.
288454:
- Remove extra integer argument from truncate() and ftruncate(). This is
probably fallout from the removal of the extra padding argument before
off_t in 7. However, that padding still exists for 32-bit powerpc, so
use QUAD_ALIGN.
- Fix QUAD_ALIGN to be zero for powerpc64. It should only be set to 1
for 32-bit platforms that add padding to align 64-bit arguments.
288455:
The id_t type used to pass IDs to wait6(2) and procctl(6) is a 64-bit
integer. Fix the argument decoding to treat this as a quad instead of an
int. This includes using QUAD_ALIGN and QUAD_SLOTS as necessary. To
continue printing IDs in decimal, add a new QuadHex argument type that
prints a 64-bit integer in hex, use QuadHex for the existing off_t arguments,
repurpose Quad to print a 64-bit integer in decimal, and use Quad for id_t
arguments.
This fixes the decoding of wait6(2) and procctl(2) on 32-bit platforms.
288456:
Rather than groveling around in a socket address structure for a socket
address's length (and then overriding it if it "looks wrong"), use the
next argument to the system call to determine the length. This is more
reliable since this is what the kernel depends on anyway and is also
simpler.
288625:
Add decoding for struct statfs.
288626:
Style fix.
288832:
Fix tracking of unknown syscalls for 'truss -c'.
This is done by changing get_syscall() to either lookup the known syscall
or add it into the list with the default handlers for printing.
This also simplifies some code to not have to check if the syscall variable
is set or NULL.
288834:
Add decoding for modfind(2)
288950:
Group the decoded system calls by ABI and sort the calls within each ABI.
288997:
Correct a comment.
289080:
Let -c imply -S (hide signal output).
Without this, the signals are shown seemingly randomly in the output before
the final summary is shown. This is especially noticeable when there is
not much output from the application being traced.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
allows userland application to use the following macros:
timespecclear, timespecisset, timespeccmp, timespecadd,
timespecsub;
timevalclear, timevalisset, timevalcmp.
MFC after: 1 month
|
| |
|
|
|
|
| |
MFC after: 3 days
|
|
|
|
|
| |
Approved by: kib (mentor)
MFC after: 2 weeks
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When truss is detaching from very active process it is possible to
hang on waitpid(2) in restore_proc() forever, because
ptrace(PT_SYSCALL) must be called before detaching, to allow the
debugging process to continue execution. Also when truss called with
'-c' argument, it does not print anything after detach, because it
immediately exits from restore_proc().
To fix these two problems make detaching deferred, but then it is
impossible to detach from a process which does not do any system call.
To fix this issue use sigaction(2) instead of signal(3) to disable
SA_RESTART flag for waitpid(2) that makes it non-restartable. Remove
global variable child_pid, because now detaching is handled in context
where child's pid is known.
Reported by: mjg
Tested by: mjg, swills
Approved by: kib (mentor)
MFC after: 2 weeks
|
|
|
|
| |
Approved by: kib (mentor)
|
|
|
|
|
|
| |
There are some tables in the source code that are only used by the
individual source files themselves. Therefore there is no need to export
them.
|
|
|
|
|
|
| |
Found by: codespell
Reviewed by: alfred
MFC after: 1 week
|
|
|
|
| |
This was changed in r218285.
|
|
|
|
|
|
|
|
|
|
|
|
| |
This matches the constants from <signal.h> with 'SIG' removed, which POSIX
requires kill and trap to accept and 'kill -l' to write.
'kill -l', 'trap', 'trap -l' output is now upper case.
In Turkish locales, signal names with an upper case 'I' are now accepted,
while signal names with a lower case 'i' are no longer accepted, and the
output of 'killall -l' now contains proper capital 'I' without dot instead
of a dotted capital 'I'.
|
|
|
|
|
|
|
|
|
| |
with the -o option. Setting the flag for stderr (the default) could
cause the traced process to redirect stderr to a random file.
PR: bin/152151
Submitted by: ashish
MFC after: 5 days
|
|
|
|
| |
64-bit powerpc by adding 32-bit compatibility features.
|
|
|
|
|
| |
PR: 139825
Submitted by: Ruslan Mahmatkhanov
|
|
|
|
|
|
|
|
|
| |
processes by setting the FD_CLOEXEC flag for the output file.
PR: bin/140493
Submitted by: Erik Lax
OK'ed by: delphij
Approved by: trasz (mentor)
|
|
|
|
| |
needed.
|
|
|
|
| |
Tested with: make universe
|
| |
|
|
|
|
| |
Reviewed by: alfred
|
| |
|
|
|
|
|
|
|
|
| |
been extensively tested. And the ELF64 stuff likely is not quite
right...
# There's a lot of cut-n-paste code here that could easily be
# refactored, at least for FreeBSD syscalls.
|
| |
|
|
|
|
|
|
|
| |
additional work is needed to handle ABI-specific syscall argument parsing,
but this gets the basic tracing working.
MFC after: 1 week
|
|
|
|
|
|
|
| |
Previously the offset argument to mmap(2) would be bogus as we
weren't reading it in.
Approved by: re (kensmith)
|
|
|
|
|
|
|
|
|
|
|
| |
- Fix logic handling execve(). We will not be able to
obtain information otherwise.
- truss coredump [1].
- truss does not work against itself [2].
PR: bin/58970 [1], bin/45193 [2]
Submitted by: Howard Su
Approved by: re (kensmith)
|
|
|
|
|
|
|
|
| |
yet another need of an available /proc/ mount.
Tested with: make universe
Submitted by: howardsu
Reviewed by: alfred
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
rename, __getcwd, shutdown, getrlimit, setrlimit, _umtx_lock, _umtx_unlock,
pathconf, truncate, ftruncate, kill
- Decode more arguments of open, mprot, *stat, and fcntl.
- Convert all constant-macro and bitfield decoding to lookup tables; much
cleaner than previous code.
- Print the timestamp of process exit and signal reception when -d or -D are in
use
- Try six times with 1/2 second delay to debug the child
PR: bin/52190 (updated)
Submitted by: Dan Nelson <dnelson@allantgroup.com>
Approved by: alfred
|
|
|
|
|
| |
Initial work by: Orlando Bassotto < orlando at break net >
Modified by: grehan
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
type which is a String type that has no -s limitations applied to it.
Change most Strings in the code to Names and add a few extra syscalls,
namely munmap, read, rename and symlink. This was enough to facilitate
following file descriptor allocations in the code more easily and
getting a hint at what's being read/written from/to files. More
syscalls should really be added.
While here, fix an off-by-one bug in the buffer truncation code and
add a fflush so that truss's output reflects the syscall that the
program is stuck in.
Sponsored by: Sophos/Activestate
MFC after: 2 weeks
|
|
|
|
|
|
| |
unable to open the /proc/pid/mem file. Otherwise doing a truss on
a nonexistant pid makes us return success even though no such process
exists.
|
|
|
|
| |
parts I'm touching to be as style(9) compliant as I can.
|
| |
|
|
|
|
| |
It seems to work in my limited tests.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In my last change I made sure that the signal as reported from a truss
exit is the same as if truss wasn't between parent and trussed
program. I was smart enough to not have it coredump on SIGQUIT but it
didn't ocur to me SIGSEGV might cause a coredump, too :-)
So get rid of SIGQUIT extra hack and limit coredumpsize to zero
instead.
Tested: still works, correct signal reported. No more codedumps from
SIGSEGV in the trussed proces. This file compiles cleanly on AMD64
(sledge).
PR:
Submitted by:
Reviewed by:
Approved by:
Obtained from:
MFC after:
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
o Syscall return values do not fit in int on 64-bit architectures.
Change the type of retval in <arch>_syscall_exit() to long and
change the prototype of said function to return a long as well.
o Change the prototype of print_syscall_ret() to take a long for
the return address and change the format string accordingly.
o Replace the code sequence
tmp = malloc(X);
sprintf(tmp, format, ...);
with X by definition too small on 64-bit platforms by
asprintf(&tmp, format, ...);
With these changes the output makes sense again, although it does
mess up the tabulation on ia64. Go widescreen...
Not tested on: alpha, sparc64.
|
| |
|
| |
|
|
|
|
|
| |
<sys/time.h> directly. This is mostly bogus since CLOCK_REALTIME
should be defined in <time.h>, which these files already include.
|
|
|
|
|
|
| |
- Fix printf format errors.
Submitted by: bde
|
| |
|
| |
|
|
|
|
|
|
| |
depend on namespace pollution in <signal.h>. (truss shouldn't be
using timevals anyway, since it was implemented long after timevals
were obsoleted by timespecs.)
|
|
|
|
|
|
|
|
|
| |
execve().
This could be done in a more general manner but it still wouldn't
be very pretty.
MFC after: 3 weeks
|
| |
|
|
|
|
|
| |
PR: bin/25587 (in part)
MFC after: 3 weeks
|
|
|
|
|
| |
PR: bin/25587 (in part)
MFC after: 3 weeks
|
|
|
|
|
| |
PR: bin/25587 (in part)
MFC after: 3 weeks
|
| |
|