From: Daniel Jacobowitz <dan@debian.org>
To: Chuck Ebbert <76306.1226@compuserve.com>
Cc: linux-kernel <linux-kernel@vger.kernel.org>,
Michael Kerrisk <mtk-manpages@gmx.net>
Subject: Re: [RFC] Proposed manpage additions for ptrace(2)
Date: Thu, 16 Mar 2006 15:02:01 -0500 [thread overview]
Message-ID: <20060316200201.GA20315@nevyn.them.org> (raw)
In-Reply-To: <200603150415_MC3-1-BAB1-D3CE@compuserve.com>
First of all, thanks for doing this.
One nice addition might be when they became available; it varies,
but most of these were mid-2.5. PTRACE_O_TRACESYSGOOD is older,
but it hasn't always worked on all architectures (and I'm not sure if
it does now).
On Wed, Mar 15, 2006 at 04:12:10AM -0500, Chuck Ebbert wrote:
> The following is what I propose to add the the manpages entry for
> ptrace(2). Some of it came from experimentation, some from linux-kernel
> messages and the rest came from reading the source code.
>
>
> PTRACE_GETSIGINFO
> Retrieve information about the signal that caused the stop.
> Copies a siginfo_t from the child to location data in the par-
> ent.
>
> PTRACE_SETSIGINFO
> Set signal information. Copies a siginfo_t from location data
> in the parent to the child.
Right. These are usable any time we're stopped in ptrace_stop, and
nowadays I think that ought to be any time we're stopped. However,
when we come from ptrace_notify, you'll notice that the resulting
siginfo is discarded! It's only used in the get_signal_to_deliver
case.
I don't know offhand if there's a robust way to tell which of those
two cases we're in.
> PTRACE_O_TRACEFORK
> Stop the child at the next fork() call with SIGTRAP |
> PTRACE_EVENT_FORK << 8 and automatically start tracing
> the newly forked process, which will start with a
> SIGSTOP. The pid for the new process can be retrieved
> with PTRACE_GETEVENTMSG.
>
> PTRACE_O_TRACEVFORK
> Stop the child at the next vfork() call with SIGTRAP |
> PTRACE_EVENT_VFORK << 8 and automatically start tracing
> the the newly vforked process, which will start with a
> SIGSTOP. The pid for the new process can be retrieved
> with PTRACE_GETEVENTMSG.
>
> PTRACE_O_TRACECLONE
> Stop the child at the next clone() call with SIGTRAP |
> PTRACE_EVENT_CLONE << 8 and automatically start tracing
> the newly cloned process, which will start with a
> SIGSTOP. The pid for the new process can be retrieved
> with PTRACE_GETEVENTMSG.
Specifically, the three kinds of cloning are distinguished as:
if CLONE_VFORK -> PTRACE_EVENT_VFORK
else if clone exit signal == SIGCHLD -> PTRACE_EVENT_FORK
else PTRACE_EVENT_CLONE
You need to do some juggling to get the actual clone flags.
> PTRACE_O_TRACEEXEC
> Stop the child at the next exec() call with SIGTRAP |
> PTRACE_EVENT_EXEC << 8.
>
> PTRACE_O_TRACEVFORKDONE
> Stop the child at the completion of the next vfork() call
> with SIGTRAP | PTRACE_EVENT_VFORK_DONE << 8.
Right. BTW, I believe there are still some potential deadlocks between
the vfork event and the vfork done event; I used to regularly generate
unkillable processes working on this code.
> PTRACE_O_TRACEEXIT
> Stop the child at exit with SIGTRAP | PTRACE_EVENT_EXIT
> << 8. The child’s exit status can be retrieved with
> PTRACE_GETEVENTMSG. This stop will be done early during
> process exit whereas the normal notification is done
> after the process is done exiting.
Right. This is useful because the process's registers are still
available - we can actually check where we were before exiting!
However, there's no way to prevent the exit at this point.
> PTRACE_GETEVENTMSG
> Retrieve a message (as an unsigned long) about the ptrace event
> that just happened to the location data in the parent. For
> PTRACE_EVENT_EXIT this is the child’s exit code. For
> PTRACE_EVENT_FORK, PTRACE_EVENT_VFORK and PTRACE_EVENT_CLONE
> this is the pid of the new process.
Right.
> PTRACE_SYSEMU, PTRACE_SYSEMU_SINGLESTEP
> For PTRACE_SYSEMU, continue and stop on entry to the next
> syscall, which will not be executed. For PTRACE_SYSEMU_SIN-
> GLESTEP, so the same but also singlestep if not a syscall.
I think this is right; I had nothing to do with these :-)
--
Daniel Jacobowitz
CodeSourcery
next prev parent reply other threads:[~2006-03-16 20:02 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-03-15 9:12 [RFC] Proposed manpage additions for ptrace(2) Chuck Ebbert
2006-03-15 20:39 ` Michael Kerrisk
2006-03-16 20:02 ` Daniel Jacobowitz [this message]
2006-03-16 21:16 ` Charles P. Wright
2006-03-17 18:46 ` Blaisorblade
2006-03-18 20:37 ` Charles P. Wright
2006-03-25 0:07 ` Blaisorblade
-- strict thread matches above, loose matches on Subject: below --
2006-03-17 11:44 Chuck Ebbert
2006-03-17 20:04 ` Daniel Jacobowitz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20060316200201.GA20315@nevyn.them.org \
--to=dan@debian.org \
--cc=76306.1226@compuserve.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mtk-manpages@gmx.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox