Something missing in truss

Kostik Belousov kostikbel at gmail.com
Sun Dec 4 18:54:08 UTC 2011 

On Sat, Dec 03, 2011 at 01:54:58PM -0600, Dan Nelson wrote:
> In the last episode (Dec 02), Eivind Evensen said:
> > Does anybody else see this or know why?
> > 
> > The machine here is running :
> > 
> > > uname -a
> > FreeBSD elg.hjerdalen.lokalnett 8.2-STABLE FreeBSD 8.2-STABLE #36: Wed Nov 30 22:03:07 CET 2011     rumrunner at elg.hjerdalen.lokalnett:/usr/obj/usr/src/sys/RUM  amd64
> > 
> > While trying to weed out some firefox problems, I've noticed
> > that truss doesn't recognise certain syscalls :
> > 
> > getpid()					 = 1519 (0x5ef)
> > clock_gettime(4,{48496.335142903 })		 = 0 (0x0)
> > kevent(20,{0x23,EVFILT_READ,EV_ADD,0,0x0,0x809ec9d80},1,{0x15,EVFILT_READ,0x0,0,0x1,0x809ec9e80},64,0x0) = 1 (0x1)
> > clock_gettime(4,{48496.335293202 })		 = 0 (0x0)
> > read(21,"\0",1)					 = 1 (0x1)
> > clock_gettime(4,{48496.335382599 })		 = 0 (0x0)
> > umask(0x80a52ee20,0x8,0x0,0x80a52ee00,0x7fffff1f9eb0,0x80a52ee00) = 116 (0x74)
> > -- UNKNOWN SYSCALL -14704864 --
> > syscall(0x7fffff1f9ec0,0x0,0x18745,0x7fffff1f9eb0,0x1,0x7fffff1f9e90) = 454 (0x1c6)
> > umask(0x80a52ee20,0x8,0x0,0x80a52ee00,0x7fffff1f9eb0,0x80a52ee00) = 116 (0x74)
> > -- UNKNOWN SYSCALL -14704864 --
> > syscall(0x7fffff1f9ec0,0x0,0x18745,0x7fffff1f9eb0,0x1,0x7fffff1f9e90) = 454 (0x1c6)
> > umask(0x80a52ee20,0x8,0x0,0x80a52ee00,0x7fffff1f9eb0,0x80a52ee00) = 116 (0x74)
> > -- UNKNOWN SYSCALL -14704864 --
> > syscall(0x7fffff1f9ec0,0x0,0x18745,0x7fffff1f9eb0,0x1,0x7fffff1f9e90) = 454 (0x1c6)
> > umask(0x80a52ee20,0x8,0x0,0x80a52ee00,0x7fffff1f9eb0,0x80a52ee00) = 116 (0x74)
> > -- UNKNOWN SYSCALL -14704864 --
> > syscall(0x7fffff1f9ec0,0x0,0x18745,0x7fffff1f9eb0,0x1,0x7fffff1f9e90) = 454 (0x1c6)
> > umask(0x80a52ee20,0x8,0x0,0x80a52ee00,0x7fffff1f9eb0,0x80a52ee00) = 116 (0x74)
> > -- UNKNOWN SYSCALL -14704864 --
> > syscall(0x7fffff1f9ec0,0x0,0x18745,0x7fffff1f9eb0,0x1,0x7fffff1f9e90) = 454 (0x1c6)
> 
> Two problems: truss get confused when you attach to a process that's
> currently executing a syscall, and it gets even more confused when you have
> a threaded process waiting in many syscalls at once.
> 
> The following patch fixes problem #1, but problem #2 involves keeping more
> per-thread state and ends up touching a lot of the truss code.  See
> http://www.evoy.net/FreeBSD/truss.diff for one solution (and more syscall
> decodes).
> 
> Index: setup.c
> ===================================================================
> --- setup.c	(revision 228242)
> +++ setup.c	(working copy)
> @@ -202,8 +202,10 @@
>  		find_thread(info, lwpinfo.pl_lwpid);
>  		switch(WSTOPSIG(waitval)) {
>  		case SIGTRAP:
> -			info->pr_why = info->curthread->in_syscall?S_SCX:S_SCE;
> -			info->curthread->in_syscall = 1 - info->curthread->in_syscall;
> +			if ((lwpinfo.pl_flags&(PL_FLAG_SCE|PL_FLAG_SCX)) == 0)
> +				err(1,"pl_flags=%x contains neither PL_FLAG_SCE or PL_FLAG_SCX", lwpinfo.pl_flags);
> +			info->pr_why = (lwpinfo.pl_flags&PL_FLAG_SCE) ? S_SCE:S_SCX;
> +			info->curthread->in_syscall = (info->pr_why == S_SCE) ? 1:0;
>  			break;
>  		default:
>  			info->pr_why = S_SIG;
> 
I started the similar but bigger patch to handle syscalls entry, leave using
explicit kernel hints. The patch is bigger because it also aims to also
handle execve(2) kind of syscalls to properly change ABI decoder, and
forks to attach to the childs in race-free manner. Unfortunately, it is
stalled.

I just committed the similar change from the patch, adding your assertion
for the case when no PL_FLAG_SCE/SCX were provided. I think that assertion
is in fact not quite right, and code should fall to the default case in
the switch. The reason is that SIGTRAP may be sent as a normal signal.
But this change is more controversial, and the patch should be an improvement
over the current situation.

Also, I should note that the patch cannot be merged even to stable/9,
because MIPS and ARM still does not properly support PL_FLAGS_XXX.
I hope to handle the merges after 9.0 is released.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20111204/0a1d02e7/attachment.pgp

More information about the freebsd-stable mailing list