usr.bin/truss/main.c

   1 /*
   2  * Copryight 1997 Sean Eric Fagan
   3  *
   4  * Redistribution and use in source and binary forms, with or without
   5  * modification, are permitted provided that the following conditions
   6  * are met:
   7  * 1. Redistributions of source code must retain the above copyright
   8  *    notice, this list of conditions and the following disclaimer.
   9  * 2. Redistributions in binary form must reproduce the above copyright
  10  *    notice, this list of conditions and the following disclaimer in the
  11  *    documentation and/or other materials provided with the distribution.
  12  * 3. All advertising materials mentioning features or use of this software
  13  *    must display the following acknowledgement:
  14  *      This product includes software developed by Sean Eric Fagan
  15  * 4. Neither the name of the author may be used to endorse or promote
  16  *    products derived from this software without specific prior written
  17  *    permission.
  18  *
  19  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
  20  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  21  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  22  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
  23  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  24  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  25  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  26  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  27  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  28  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  29  * SUCH DAMAGE.
  30  *
  31  * $FreeBSD: src/usr.bin/truss/main.c,v 1.15.2.3 2002/05/16 23:41:23 peter Exp $
  32  */
  33
  34 /*
  35  * The main module for truss.  Suprisingly simple, but, then, the other
  36  * files handle the bulk of the work.  And, of course, the kernel has to
  37  * do a lot of the work :).
  38  */
  39
  40 #include <sys/param.h>
  41 #include <sys/ioctl.h>
  42 #include <sys/pioctl.h>
  43 #include <sys/ucred.h>
  44 #include <sys/mount.h>
  45
  46 #include <err.h>
  47 #include <errno.h>
  48 #include <fcntl.h>
  49 #include <signal.h>
  50 #include <stdio.h>
  51 #include <stdlib.h>
  52 #include <string.h>
  53 #include <unistd.h>
  54
  55 #include "truss.h"
  56 #include "extern.h"
  57
  58 char procfs_path[FILENAME_MAX];
  59 int have_procfs;
  60
  61 /*
  62  * These should really be parameterized -- I don't like having globals,
  63  * but this is the easiest way, right now, to deal with them.
  64  */
  65
  66 int Procfd;
  67
  68 static void
  69 usage(void)
  70 {
  71   fprintf(stderr, "%s\n%s\n",
  72         "usage: truss [-S] [-o file] -p pid",
  73         "       truss [-S] [-o file] command [args]");
  74   exit(1);
  75 }
  76
  77 struct ex_types {
  78   const char *type;
  79   void (*enter_syscall)(struct trussinfo *, int);
  80   int (*exit_syscall)(struct trussinfo *, int);
  81 } ex_types[] = {
  82 #ifdef __x86_64__
  83   { "DragonFly ELF64", x86_64_syscall_entry, x86_64_syscall_exit },
  84   { "FreeBSD ELF64", x86_64_syscall_entry, x86_64_syscall_exit },
  85 #endif
  86   { 0, 0, 0 },
  87 };
  88
  89 /*
  90  * Set the execution type.  This is called after every exec, and when
  91  * a process is first monitored.  The procfs pseudo-file "etype" has
  92  * the execution module type -- see /proc/curproc/etype for an example.
  93  */
  94
  95 static struct ex_types *
  96 set_etype(struct trussinfo *trussinfo) {
  97   struct ex_types *funcs;
  98   char *etype;
  99   char progt[32];
 100   int fd;
 101
 102   asprintf(&etype, "%s/%d/etype", procfs_path, trussinfo->pid);
 103   if (etype == NULL)
 104     err(1, "Out of memory");
 105   if ((fd = open(etype, O_RDONLY)) == -1) {
 106     strcpy(progt, "FreeBSD a.out");
 107   } else {
 108     int len = read(fd, progt, sizeof(progt));
 109     progt[len-1] = '\0';
 110     close(fd);
 111   }
 112   free(etype);
 113
 114   for (funcs = ex_types; funcs->type; funcs++)
 115     if (!strcmp(funcs->type, progt))
 116       break;
 117
 118   if (funcs->type == NULL) {
 119     funcs = &ex_types[0];
 120     warn("Execution type %s is not supported -- using %s\n",
 121       progt, funcs->type);
 122   }
 123   return funcs;
 124 }
 125
 126 int
 127 main(int ac, char **av) {
 128   int c, i, mntsize;
 129   char **command;
 130   struct procfs_status pfs;
 131   struct ex_types *funcs;
 132   struct statfs *mntbuf;
 133   int in_exec = 0;
 134   char *fname = NULL;
 135   int sigexit = 0;
 136   struct trussinfo *trussinfo;
 137
 138   /* Initialize the trussinfo struct */
 139   trussinfo = (struct trussinfo *)malloc(sizeof(struct trussinfo));
 140   if (trussinfo == NULL)
 141           errx(1, "malloc() failed");
 142   bzero(trussinfo, sizeof(struct trussinfo));
 143   trussinfo->outfile = stderr;
 144
 145   /* Check where procfs is mounted if it is mounted */
 146   if ((mntsize = getmntinfo(&mntbuf, MNT_NOWAIT)) == 0)
 147           err(1, "getmntinfo");
 148   for (i = 0; i < mntsize; i++) {
 149           if (strcasecmp(mntbuf[i].f_mntfromname, "procfs") == 0) {
 150                   strlcpy(procfs_path, mntbuf[i].f_mntonname, sizeof(procfs_path));
 151                   have_procfs = 1;
 152                   break;
 153           }
 154   }
 155   if (!have_procfs) {
 156           errno = 2;
 157           err(1, "You must have a mounted procfs to use truss");
 158   }
 159
 160   while ((c = getopt(ac, av, "p:o:S")) != -1) {
 161     switch (c) {
 162     case 'p':   /* specified pid */
 163       trussinfo->pid = atoi(optarg);
 164       if (trussinfo->pid == getpid()) {
 165               /* make sure truss doesn't trace itself */
 166               fprintf(stderr, "truss: attempt to self trace: %d\n", trussinfo->pid);
 167               exit(2);
 168       }
 169       break;
 170     case 'o':   /* Specified output file */
 171       fname = optarg;
 172       break;
 173     case 'S':   /* Don't trace signals */
 174       trussinfo->flags |= NOSIGS;
 175       break;
 176     default:
 177       usage();
 178     }
 179   }
 180
 181   ac -= optind; av += optind;
 182   if ((trussinfo->pid == 0 && ac == 0) || (trussinfo->pid != 0 && ac != 0))
 183     usage();
 184
 185   if (fname != NULL) { /* Use output file */
 186     if ((trussinfo->outfile = fopen(fname, "w")) == NULL)
 187       errx(1, "cannot open %s", fname);
 188   }
 189
 190   /*
 191    * If truss starts the process itself, it will ignore some signals --
 192    * they should be passed off to the process, which may or may not
 193    * exit.  If, however, we are examining an already-running process,
 194    * then we restore the event mask on these same signals.
 195    */
 196
 197   if (trussinfo->pid == 0) {    /* Start a command ourselves */
 198     command = av;
 199     trussinfo->pid = setup_and_wait(command);
 200     signal(SIGINT, SIG_IGN);
 201     signal(SIGTERM, SIG_IGN);
 202     signal(SIGQUIT, SIG_IGN);
 203   } else {
 204     signal(SIGINT, restore_proc);
 205     signal(SIGTERM, restore_proc);
 206     signal(SIGQUIT, restore_proc);
 207   }
 208
 209
 210   /*
 211    * At this point, if we started the process, it is stopped waiting to
 212    * be woken up, either in exit() or in execve().
 213    */
 214
 215   Procfd = start_tracing(
 216       trussinfo->pid, S_EXEC | S_SCE | S_SCX | S_CORE | S_EXIT |
 217                      ((trussinfo->flags & NOSIGS) ? 0 : S_SIG));
 218   if (Procfd == -1)
 219     return 0;
 220
 221   pfs.why = 0;
 222
 223   funcs = set_etype(trussinfo);
 224   /*
 225    * At this point, it's a simple loop, waiting for the process to
 226    * stop, finding out why, printing out why, and then continuing it.
 227    * All of the grunt work is done in the support routines.
 228    */
 229
 230   do {
 231     int val = 0;
 232
 233     if (ioctl(Procfd, PIOCWAIT, &pfs) == -1)
 234       warn("PIOCWAIT top of loop");
 235     else {
 236       switch(i = pfs.why) {
 237       case S_SCE:
 238         funcs->enter_syscall(trussinfo, pfs.val);
 239         break;
 240       case S_SCX:
 241         /*
 242          * This is so we don't get two messages for an exec -- one
 243          * for the S_EXEC, and one for the syscall exit.  It also,
 244          * conveniently, ensures that the first message printed out
 245          * isn't the return-from-syscall used to create the process.
 246          */
 247
 248         if (in_exec) {
 249           in_exec = 0;
 250           break;
 251         }
 252         funcs->exit_syscall(trussinfo, pfs.val);
 253         break;
 254       case S_SIG:
 255         fprintf(trussinfo->outfile, "SIGNAL %lu\n", pfs.val);
 256         sigexit = pfs.val;
 257         break;
 258       case S_EXIT:
 259         fprintf (trussinfo->outfile, "process exit, rval = %lu\n", pfs.val);
 260         break;
 261       case S_EXEC:
 262         funcs = set_etype(trussinfo);
 263         in_exec = 1;
 264         break;
 265       default:
 266         fprintf (trussinfo->outfile, "Process stopped because of:  %d\n", i);
 267         break;
 268       }
 269     }
 270     if (ioctl(Procfd, PIOCCONT, val) == -1) {
 271       if (kill(trussinfo->pid, 0) == -1 && errno == ESRCH)
 272         break;
 273       else
 274         warn("PIOCCONT");
 275     }
 276   } while (pfs.why != S_EXIT);
 277   fflush(trussinfo->outfile);
 278   if (sigexit) {
 279     if (sigexit == SIGQUIT)
 280       exit(sigexit);
 281     (void) signal(sigexit, SIG_DFL);
 282     (void) kill(getpid(), sigexit);
 283   }
 284   return 0;
 285 }