JustAnotherArchivist
/
transfer.sh
forked from kiska/transfer.sh
1
0
Fork 1
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
306 Commits
17 Branches
34 MiB
 
 
 
Tree: 03d8efbf13
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '03d8efbf13'
${ noResults }
transfer.sh/vendor/cloud.google.com/go/cmd/go-cloud-debug-agent/internal/debug/doc/ptrace-nptl.txt

129 lines
6.0 KiB
Raw Blame History 

  1. ptrace and NTPL, the missing manpage

  2. 

  3. == Signals ==

  4. 

  5. A signal sent to a ptrace'd process or thread causes only the thread

  6. that receives it to stop and report to the attached process.

  7. 

  8. Use tgkill to target a signal (for example, SIGSTOP) at a particular

  9. thread.  If you use kill, the signal could be delivered to another

  10. thread in the same process.

  11. 

  12. Note that SIGSTOP differs from its usual behavior when a process is

  13. being traced.  Usually, a SIGSTOP sent to any thread in a thread group

  14. will stop all threads in the thread group.  When a thread is traced,

  15. however, a SIGSTOP affects only the receiving thread (and any other

  16. threads in the thread group that are not traced).

  17. 

  18. SIGKILL behaves like it does for non-traced processes.  It affects all

  19. threads in the process and terminates them without the WSTOPSIG event

  20. generated by other signals.  However, if PTRACE_O_TRACEEXIT is set,

  21. the attached process will still receive PTRACE_EVENT_EXIT events

  22. before receiving WIFSIGNALED events.

  23. 

  24. See "Following thread death" for a caveat regarding signal delivery to

  25. zombie threads.

  26. 

  27. == Waiting on threads ==

  28. 

  29. Cloned threads in ptrace'd processes are treated similarly to cloned

  30. threads in your own process.  Thus, you must use the __WALL option in

  31. order to receive notifications from threads created by the child

  32. process.  Similarly, the __WCLONE option will wait only on

  33. notifications from threads created by the child process and *not* on

  34. notifications from the initial child thread.

  35. 

  36. Even when waiting on a specific thread's PID using waitpid or similar,

  37. __WALL or __WCLONE is necessary or waitpid will return ECHILD.

  38. 

  39. == Attaching to existing threads ==

  40. 

  41. libthread_db (which gdb uses), attaches to existing threads by pulling

  42. the pthread data structures out of the traced process.  The much

  43. easier way is to traverse the /proc/PID/task directory, though it's

  44. unclear how the semantics of these two approaches differ.

  45. 

  46. Unfortunately, if the main thread has exited (but the overall process

  47. has not), it sticks around as a zombie process.  This zombie will

  48. appear in the /proc/PID/task directory, but trying to attach to it

  49. will yield EPERM.  In this case, the third field of the

  50. /proc/PID/task/PID/stat file will be "Z".  Attempting to open the stat

  51. file is also a convenient way to detect races between listing the task

  52. directory and the thread exiting.  Coincidentally, gdb will simply

  53. fail to attach to a process whose main thread is a zombie.

  54. 

  55. Because new threads may be created while the debugger is in the

  56. process of attaching to existing threads, the debugger must repeatedly

  57. re-list the task directory until it has attached to (and thus stopped)

  58. every thread listed.

  59. 

  60. In order to follow new threads created by existing threads,

  61. PTRACE_O_TRACECLONE must be set on each thread attached to.

  62. 

  63. == Following new threads ==

  64. 

  65. With the child process stopped, use PTRACE_SETOPTIONS to set the

  66. PTRACE_O_TRACECLONE option.  This option is per-thread, and thus must

  67. be set on each existing thread individually.  When an existing thread

  68. with PTRACE_O_TRACECLONE set spawns a new thread, the existing thread

  69. will stop with (SIGTRAP | PTRACE_EVENT_CLONE << 8) and the PID of the

  70. new thread can be retrieved with PTRACE_GETEVENTMSG on the creating

  71. thread.  At this time, the new thread will exist, but will initially

  72. be stopped with a SIGSTOP.  The new thread will automatically be

  73. traced and will inherit the PTRACE_O_TRACECLONE option from its

  74. parent.  The attached process should wait on the new thread to receive

  75. the SIGSTOP notification.

  76. 

  77. When using waitpid(-1, ...), don't rely on the parent thread reporting

  78. a SIGTRAP before receiving the SIGSTOP from the new child thread.

  79. 

  80. Without PTRACE_O_TRACECLONE, newly cloned threads will not be

  81. ptrace'd.  As a result, signals received by new threads will be

  82. handled in the usual way, which may affect the parent and in turn

  83. appear to the attached process, but attributed to the parent (possibly

  84. in unexpected ways).

  85. 

  86. == Following thread death ==

  87. 

  88. If any thread with the PTRACE_O_TRACEEXIT option set exits (either by

  89. returning or pthread_exit'ing), the tracing process will receive an

  90. immediate PTRACE_EVENT_EXIT.  At this point, the thread will still

  91. exist.  The exit status, encoded as for wait, can be queried using

  92. PTRACE_GETEVENTMSG on the exiting thread's PID.  The thread should be

  93. continued so it can actually exit, after which its wait behavior is

  94. the same as for a thread without the PTRACE_O_TRACEEXIT option.

  95. 

  96. If a non-main thread exits (either by returning or pthread_exit'ing),

  97. its corresponding process will also exit, producing a WIFEXITED event

  98. (after the process is continued from a possible PTRACE_EVENT_EXIT

  99. event).  It is *not* necessary for another thread to ptrace_join for

  100. this to happen.

  101. 

  102. If the main thread exits by returning, then all threads will exit,

  103. first generating a PTRACE_EVENT_EXIT event for each thread if

  104. appropriate, then producing a WIFEXITED event for each thread.

  105. 

  106. If the main thread exits using pthread_exit, then it enters a

  107. non-waitable zombie state.  It will still produce an immediate

  108. PTRACE_O_TRACEEXIT event, but the WIFEXITED event will be delayed

  109. until the entire process exits.  This state exists so that shells

  110. don't think the process is done until all of the threads have exited.

  111. Unfortunately, signals cannot be delivered to non-waitable zombies.

  112. Most notably, SIGSTOP cannot be delivered; as a result, when you

  113. broadcast SIGSTOP to all of the threads, you must not wait for

  114. non-waitable zombies to stop.  Furthermore, any ptrace command on a

  115. non-waitable zombie, including PTRACE_DETACH, will return ESRCH.

  116. 

  117. == Multi-threaded debuggers ==

  118. 

  119. If the debugger itself is multi-threaded, ptrace calls must come from

  120. the same thread that originally attached to the remote thread.  The

  121. kernel simply compares the PID of the caller of ptrace against the

  122. tracer PID of the process passed to ptrace.  Because each debugger

  123. thread has a different PID, calling ptrace from a different thread

  124. might as well be calling it from a different process and the kernel

  125. will return ESRCH.

  126. 

  127. wait, on the other hand, does not have this restriction.  Any debugger

  128. thread can wait on any thread in the attached process.