# SOME DESCRIPTIVE TITLE # Copyright (C) YEAR Free Software Foundation, Inc. # This file is distributed under the same license as the PACKAGE package. # FIRST AUTHOR , YEAR. # #, fuzzy msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "POT-Creation-Date: 2024-03-01 17:05+0100\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" "Language: \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #. type: TH #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "ptrace" msgstr "" #. type: TH #: archlinux fedora-40 fedora-rawhide mageia-cauldron #, no-wrap msgid "2023-10-31" msgstr "" #. type: TH #: archlinux fedora-40 fedora-rawhide mageia-cauldron #, no-wrap msgid "Linux man-pages 6.06" msgstr "" #. type: SH #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "NAME" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "ptrace - process trace" msgstr "" #. type: SH #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "LIBRARY" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "Standard C library (I, I<-lc>)" msgstr "" #. type: SH #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "SYNOPSIS" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B<#include Esys/ptrace.hE>\n" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "" "BIB<, pid_t >IB<,>\n" "B< void *>IB<, void *>IB<);>\n" msgstr "" #. type: SH #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "DESCRIPTION" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The B() system call provides a means by which one process (the " "\"tracer\") may observe and control the execution of another process (the " "\"tracee\"), and examine and change the tracee's memory and registers. It " "is primarily used to implement breakpoint debugging and system call tracing." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "A tracee first needs to be attached to the tracer. Attachment and " "subsequent commands are per thread: in a multithreaded process, every thread " "can be individually attached to a (potentially different) tracer, or left " "not attached and thus not debugged. Therefore, \"tracee\" always means " "\"(one) thread\", never \"a (possibly multithreaded) process\". Ptrace " "commands are always sent to a specific tracee using a call of the form" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "ptrace(PTRACE_foo, pid, ...)\n" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "where I is the thread ID of the corresponding Linux thread." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "(Note that in this page, a \"multithreaded process\" means a thread group " "consisting of threads created using the B(2) B flag.)" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "A process can initiate a trace by calling B(2) and having the " "resulting child do a B, followed (typically) by an " "B(2). Alternatively, one process may commence tracing another " "process using B or B." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "While being traced, the tracee will stop each time a signal is delivered, " "even if the signal is being ignored. (An exception is B, which has " "its usual effect.) The tracer will be notified at its next call to " "B(2) (or one of the related \"wait\" system calls); that call will " "return a I value containing information that indicates the cause of " "the stop in the tracee. While the tracee is stopped, the tracer can use " "various ptrace requests to inspect and modify the tracee. The tracer then " "causes the tracee to continue, optionally ignoring the delivered signal (or " "even delivering a different signal instead)." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "If the B option is not in effect, all successful calls " "to B(2) by the traced process will cause it to be sent a B " "signal, giving the parent a chance to gain control before the new program " "begins execution." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "When the tracer is finished tracing, it can cause the tracee to continue " "executing in a normal, untraced mode via B." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "The value of I determines the action to be performed:" msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Indicate that this process is to be traced by its parent. A process " "probably shouldn't make this request if its parent isn't expecting to trace " "it. (I, I, and I are ignored.)" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The B request is used only by the tracee; the remaining " "requests are used only by the tracer. In the following requests, I " "specifies the thread ID of the tracee to be acted on. For requests other " "than B, B, B, and " "B, the tracee must be stopped." msgstr "" #. type: TP #: archlinux fedora-40 fedora-rawhide mageia-cauldron #, no-wrap msgid "B" msgstr "" #. type: TQ #: archlinux fedora-40 fedora-rawhide mageia-cauldron #, no-wrap msgid "B" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Read a word at the address I in the tracee's memory, returning the " "word as the result of the B() call. Linux does not have separate " "text and data address spaces, so these two requests are currently " "equivalent. (I is ignored; but see NOTES.)" msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B" msgstr "" #. PTRACE_PEEKUSR in kernel source, but glibc uses PTRACE_PEEKUSER, #. and that is the name that seems common on other systems. #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Read a word at offset I in the tracee's USER area, which holds the " "registers and other information about the process (see Isys/user." "hE>). The word is returned as the result of the B() call. " "Typically, the offset must be word-aligned, though this might vary by " "architecture. See NOTES. (I is ignored; but see NOTES.)" msgstr "" #. type: TP #: archlinux fedora-40 fedora-rawhide mageia-cauldron #, no-wrap msgid "B" msgstr "" #. type: TQ #: archlinux fedora-40 fedora-rawhide mageia-cauldron #, no-wrap msgid "B" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Copy the word I to the address I in the tracee's memory. As for " "B and B, these two requests are currently " "equivalent." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B" msgstr "" #. PTRACE_POKEUSR in kernel source, but glibc uses PTRACE_POKEUSER, #. and that is the name that seems common on other systems. #. FIXME In the preceding sentence, which modifications are disallowed, #. and when they are disallowed, how does user space discover that fact? #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Copy the word I to offset I in the tracee's USER area. As for " "B, the offset must typically be word-aligned. In order to " "maintain the integrity of the kernel, some modifications to the USER area " "are disallowed." msgstr "" #. type: TP #: archlinux fedora-40 fedora-rawhide mageia-cauldron #, no-wrap msgid "B" msgstr "" #. type: TQ #: archlinux fedora-40 fedora-rawhide mageia-cauldron #, no-wrap msgid "B" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Copy the tracee's general-purpose or floating-point registers, respectively, " "to the address I in the tracer. See Isys/user.hE> for " "information on the format of this data. (I is ignored.) Note that " "SPARC systems have the meaning of I and I reversed; that is, " "I is ignored and the registers are copied to the address I. " "B and B are not present on all " "architectures." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B (since Linux 2.6.34)" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Read the tracee's registers. I specifies, in an architecture-" "dependent way, the type of registers to be read. B (with " "numerical value 1) usually results in reading of general-purpose " "registers. If the CPU has, for example, floating-point and/or vector " "registers, they can be retrieved by setting I to the corresponding " "B constant. I points to a B, which describes " "the destination buffer's location and length. On return, the kernel " "modifies B to indicate the actual number of bytes returned." msgstr "" #. type: TP #: archlinux fedora-40 fedora-rawhide mageia-cauldron #, no-wrap msgid "B" msgstr "" #. type: TQ #: archlinux fedora-40 fedora-rawhide mageia-cauldron #, no-wrap msgid "B" msgstr "" #. FIXME . In the preceding sentence, which modifications are disallowed, #. and when they are disallowed, how does user space discover that fact? #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Modify the tracee's general-purpose or floating-point registers, " "respectively, from the address I in the tracer. As for " "B, some general-purpose register modifications may be " "disallowed. (I is ignored.) Note that SPARC systems have the meaning " "of I and I reversed; that is, I is ignored and the " "registers are copied from the address I. B and " "B are not present on all architectures." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B (since Linux 2.6.34)" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Modify the tracee's registers. The meaning of I and I is " "analogous to B." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B (since Linux 2.3.99-pre6)" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Retrieve information about the signal that caused the stop. Copy a " "I structure (see B(2)) from the tracee to the address " "I in the tracer. (I is ignored.)" msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B (since Linux 2.3.99-pre6)" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Set signal information: copy a I structure from the address " "I in the tracer to the tracee. This will affect only signals that " "would normally be delivered to the tracee and were caught by the tracer. It " "may be difficult to tell these normal signals from synthetic signals " "generated by B() itself. (I is ignored.)" msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B (since Linux 3.10)" msgstr "" #. commit 84c751bd4aebbaae995fe32279d3dba48327bad4 #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Retrieve I structures without removing signals from a queue. " "I points to a I structure that specifies the " "ordinal position from which copying of signals should start, and the number " "of signals to copy. I structures are copied into the buffer " "pointed to by I. The return value contains the number of copied " "signals (zero indicates that there is no signal corresponding to the " "specified ordinal position). Within the returned I structures, the " "I field includes information (B<__SI_CHLD>, B<__SI_FAULT>, etc.) " "that are not otherwise exposed to user space." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "" "struct ptrace_peeksiginfo_args {\n" " u64 off; /* Ordinal position in queue at which\n" " to start copying signals */\n" " u32 flags; /* PTRACE_PEEKSIGINFO_SHARED or 0 */\n" " s32 nr; /* Number of signals to copy */\n" "};\n" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Currently, there is only one flag, B, for dumping " "signals from the process-wide signal queue. If this flag is not set, " "signals are read from the per-thread queue of the specified thread." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B (since Linux 3.11)" msgstr "" #. commit 29000caecbe87b6b66f144f72111f0d02fbbf0c1 #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Place a copy of the mask of blocked signals (see B(2)) in the " "buffer pointed to by I, which should be a pointer to a buffer of type " "I. The I argument contains the size of the buffer pointed " "to by I (i.e., I)." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B (since Linux 3.11)" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Change the mask of blocked signals (see B(2)) to the value " "specified in the buffer pointed to by I, which should be a pointer to " "a buffer of type I. The I argument contains the size of the " "buffer pointed to by I (i.e., I)." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B (since Linux 2.4.6; see BUGS for caveats)" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Set ptrace options from I. (I is ignored.) I is " "interpreted as a bit mask of options, which are specified by the following " "flags:" msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B (since Linux 3.8)" msgstr "" #. commit 992fb6e170639b0849bace8e49bf31bd37c4123 #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Send a B signal to the tracee if the tracer exits. This option is " "useful for ptrace jailers that want to ensure that tracees can never escape " "the tracer's control." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B (since Linux 2.5.46)" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Stop the tracee at the next B(2) and automatically start tracing the " "newly cloned process, which will start with a B, or " "B if B was used. A B(2) by the " "tracer will return a I value such that" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid " statusEE8 == (SIGTRAP | (PTRACE_EVENT_CLONEEE8))\n" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "The PID of the new process can be retrieved with B." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "This option may not catch B(2) calls in all cases. If the tracee " "calls B(2) with the B flag, B will " "be delivered instead if B is set; otherwise if the " "tracee calls B(2) with the exit signal set to B, " "B will be delivered if B is set." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B (since Linux 2.5.46)" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Stop the tracee at the next B(2). A B(2) by the tracer " "will return a I value such that" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid " statusEE8 == (SIGTRAP | (PTRACE_EVENT_EXECEE8))\n" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "If the execing thread is not a thread group leader, the thread ID is reset " "to thread group leader's ID before this stop. Since Linux 3.0, the former " "thread ID can be retrieved with B." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B (since Linux 2.5.60)" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Stop the tracee at exit. A B(2) by the tracer will return a " "I value such that" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid " statusEE8 == (SIGTRAP | (PTRACE_EVENT_EXITEE8))\n" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "The tracee's exit status can be retrieved with B." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The tracee is stopped early during process exit, when registers are still " "available, allowing the tracer to see where the exit occurred, whereas the " "normal exit notification is done after the process is finished exiting. " "Even though context is available, the tracer cannot prevent the exit from " "happening at this point." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B (since Linux 2.5.46)" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Stop the tracee at the next B(2) and automatically start tracing the " "newly forked process, which will start with a B, or " "B if B was used. A B(2) by the " "tracer will return a I value such that" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid " statusEE8 == (SIGTRAP | (PTRACE_EVENT_FORKEE8))\n" msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B (since Linux 2.4.6)" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "When delivering system call traps, set bit 7 in the signal number (i.e., " "deliver I). This makes it easy for the tracer to distinguish " "normal traps from those caused by a system call." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B (since Linux 2.5.46)" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Stop the tracee at the next B(2) and automatically start tracing the " "newly vforked process, which will start with a B, or " "B if B was used. A B(2) by the " "tracer will return a I value such that" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid " statusEE8 == (SIGTRAP | (PTRACE_EVENT_VFORKEE8))\n" msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B (since Linux 2.5.60)" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Stop the tracee at the completion of the next B(2). A B(2) " "by the tracer will return a I value such that" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid " statusEE8 == (SIGTRAP | (PTRACE_EVENT_VFORK_DONEEE8))\n" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The PID of the new process can (since Linux 2.6.18) be retrieved with " "B." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B (since Linux 3.5)" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Stop the tracee when a B(2) B rule is " "triggered. A B(2) by the tracer will return a I value " "such that" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid " statusEE8 == (SIGTRAP | (PTRACE_EVENT_SECCOMPEE8))\n" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "While this triggers a B stop, it is similar to a syscall-enter-" "stop. For details, see the note on B below. The " "seccomp event message data (from the B portion of the " "seccomp filter rule) can be retrieved with B." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B (since Linux 4.3)" msgstr "" #. commit 13c4a90119d28cfcb6b5bdd820c233b86c2b0237 #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Suspend the tracee's seccomp protections. This applies regardless of mode, " "and can be used when the tracee has not yet installed seccomp filters. That " "is, a valid use case is to suspend a tracee's seccomp protections before " "they are installed by the tracee, let the tracee install the filters, and " "then clear this flag when the filters should be resumed. Setting this " "option requires that the tracer have the B capability, not " "have any seccomp protections installed, and not have " "B set on itself." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B (since Linux 2.5.46)" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Retrieve a message (as an I) about the ptrace event that " "just happened, placing it at the address I in the tracer. For " "B, this is the tracee's exit status. For " "B, B, B, and " "B, this is the PID of the new process. For " "B, this is the B(2) filter's " "B associated with the triggered rule. (I is " "ignored.)" msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Restart the stopped tracee process. If I is nonzero, it is " "interpreted as the number of a signal to be delivered to the tracee; " "otherwise, no signal is delivered. Thus, for example, the tracer can " "control whether a signal sent to the tracee is delivered or not. (I " "is ignored.)" msgstr "" #. type: TP #: archlinux fedora-40 fedora-rawhide mageia-cauldron #, no-wrap msgid "B" msgstr "" #. type: TQ #: archlinux fedora-40 fedora-rawhide mageia-cauldron #, no-wrap msgid "B" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Restart the stopped tracee as for B, but arrange for the tracee " "to be stopped at the next entry to or exit from a system call, or after " "execution of a single instruction, respectively. (The tracee will also, as " "usual, be stopped upon receipt of a signal.) From the tracer's perspective, " "the tracee will appear to have been stopped by receipt of a B. So, " "for B, for example, the idea is to inspect the arguments to " "the system call at the first stop, then do another B and " "inspect the return value of the system call at the second stop. The I " "argument is treated as for B. (I is ignored.)" msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B (since Linux 2.6.16)" msgstr "" #. commit 3f471126ee53feb5e9b210ea2f525ed3bb9b7a7f #. As of 4.19-rc2 #. commit 27aa55c5e5123fa8b8ad0156559d34d7edff58ca #. see change_syscall in tools/testing/selftests/seccomp/seccomp_bpf.c #. and also strace's linux/*/set_scno.c files. #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "When in syscall-enter-stop, change the number of the system call that is " "about to be executed to the number specified in the I argument. The " "I argument is ignored. This request is currently supported only on " "arm (and arm64, though only for backwards compatibility), but most other " "architectures have other means of accomplishing this (usually by changing " "the register that the userland code passed the system call number in)." msgstr "" #. type: TP #: archlinux fedora-40 fedora-rawhide mageia-cauldron #, no-wrap msgid "B" msgstr "" #. type: TQ #: archlinux fedora-40 fedora-rawhide mageia-cauldron #, no-wrap msgid "B (since Linux 2.6.14)" msgstr "" #. As at 3.7 #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "For B, continue and stop on entry to the next system call, " "which will not be executed. See the documentation on syscall-stops below. " "For B, do the same but also singlestep if not a " "system call. This call is used by programs like User Mode Linux that want " "to emulate all the tracee's system calls. The I argument is treated " "as for B. The I argument is ignored. These requests are " "currently supported only on x86." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B (since Linux 3.4)" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Restart the stopped tracee, but prevent it from executing. The resulting " "state of the tracee is similar to a process which has been stopped by a " "B (or other stopping signal). See the \"group-stop\" subsection " "for additional information. B works only on tracees attached " "by B." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Send the tracee a B to terminate it. (I and I are " "ignored.)" msgstr "" #. [Note from Denys Vlasenko: #. deprecation suggested by Oleg Nesterov. He prefers to deprecate it #. instead of describing (and needing to support) PTRACE_KILL's quirks.] #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "I Instead, send a B " "directly using B(2) or B(2). The problem with B " "is that it requires the tracee to be in signal-delivery-stop, otherwise it " "may not work (i.e., may complete successfully but won't kill the tracee). " "By contrast, sending a B directly has no such limitation." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B (since Linux 3.4)" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Stop a tracee. If the tracee is running or sleeping in kernel space and " "B is in effect, the system call is interrupted and syscall-" "exit-stop is reported. (The interrupted system call is restarted when the " "tracee is restarted.) If the tracee was already stopped by a signal and " "B was sent to it, the tracee stops with B " "and I returns the stop signal. If any other ptrace-stop " "is generated at the same time (for example, if a signal is sent to the " "tracee), this ptrace-stop happens. If none of the above applies (for " "example, if the tracee is running in user space), it stops with " "B with I == B. " "B only works on tracees attached by B." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B" msgstr "" #. No longer true (removed by Denys Vlasenko, 2011, who remarks: #. "I think it isn't true in non-ancient 2.4 and in Linux 2.6/3.x. #. Basically, it's not true for any Linux in practical use. #. ; the behavior of the tracee is as if it had done a #. .BR PTRACE_TRACEME . #. The calling process actually becomes the parent of the tracee #. process for most purposes (e.g., it will receive #. notification of tracee events and appears in #. .BR ps (1) #. output as the tracee's parent), but a #. .BR getppid (2) #. by the tracee will still return the PID of the original parent. #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Attach to the process specified in I, making it a tracee of the calling " "process. The tracee is sent a B, but will not necessarily have " "stopped by the completion of this call; use B(2) to wait for the " "tracee to stop. See the \"Attaching and detaching\" subsection for " "additional information. (I and I are ignored.)" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Permission to perform a B is governed by a ptrace access mode " "B check; see below." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B (since Linux 3.4)" msgstr "" # # # #. Noted by Dmitry Levin: #. PTRACE_SEIZE was introduced by commit v3.1-rc1~308^2~28, but #. it had to be used along with a temporary flag PTRACE_SEIZE_DEVEL, #. which was removed later by commit v3.4-rc1~109^2~20. #. That is, [before] v3.4 we had a test mode of PTRACE_SEIZE API, #. which was not compatible with the current PTRACE_SEIZE API introduced #. in Linux 3.4. #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Attach to the process specified in I, making it a tracee of the calling " "process. Unlike B, B does not stop the " "process. Group-stops are reported as B and " "I returns the stop signal. Automatically attached " "children stop with B and I returns " "B instead of having B signal delivered to them. " "B(2) does not deliver an extra B. Only a Bd " "process can accept B and B commands. The " "\"seized\" behavior just described is inherited by children that are " "automatically attached using B, B, " "and B. I must be zero. I contains a bit " "mask of ptrace options to activate immediately." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Permission to perform a B is governed by a ptrace access mode " "B check; see below." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B (since Linux 4.4)" msgstr "" #. commit f8e529ed941ba2bbcbf310b575d968159ce7e895 #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "This operation allows the tracer to dump the tracee's classic BPF filters." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "I is an integer specifying the index of the filter to be dumped. The " "most recently installed filter has the index 0. If I is greater than " "the number of installed filters, the operation fails with the error " "B." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "I is either a pointer to a I array that is large " "enough to store the BPF program, or NULL if the program is not to be stored." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Upon success, the return value is the number of instructions in the BPF " "program. If I was NULL, then this return value can be used to " "correctly size the I array passed in a subsequent call." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "This operation fails with the error B if the caller does not have " "the B capability or if the caller is in strict or filter " "seccomp mode. If the filter referred to by I is not a classic BPF " "filter, the operation fails with the error B." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "This operation is available if the kernel was configured with both the " "B and the B options." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Restart the stopped tracee as for B, but first detach from it. " "Under Linux, a tracee can be detached in this way regardless of which method " "was used to initiate tracing. (I is ignored.)" msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B (since Linux 2.6.0)" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "This operation performs a similar task to B(2). It reads " "the TLS entry in the GDT whose index is given in I, placing a copy of " "the entry into the I pointed to by I. (By contrast " "with B(2), the I of the I " "is ignored.)" msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B (since Linux 2.6.0)" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "This operation performs a similar task to B(2). It sets " "the TLS entry in the GDT whose index is given in I, assigning it the " "data supplied in the I pointed to by I. (By " "contrast with B(2), the I of the I is ignored; in other words, this ptrace operation can't be used " "to allocate a free TLS entry.)" msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B (since Linux 5.3)" msgstr "" #. commit 201766a20e30f982ccfe36bebfad9602c3ff574a #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Retrieve information about the system call that caused the stop. The " "information is placed into the buffer pointed by the I argument, which " "should be a pointer to a buffer of type I. The " "I argument contains the size of the buffer pointed to by the I " "argument (i.e., I). The return value " "contains the number of bytes available to be written by the kernel. If the " "size of the data to be written by the kernel exceeds the size specified by " "the I argument, the output data is truncated." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "The I structure contains the following fields:" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "" "struct ptrace_syscall_info {\n" " __u8 op; /* Type of system call stop */\n" " __u32 arch; /* AUDIT_ARCH_* value; see seccomp(2) */\n" " __u64 instruction_pointer; /* CPU instruction pointer */\n" " __u64 stack_pointer; /* CPU stack pointer */\n" " union {\n" " struct { /* op == PTRACE_SYSCALL_INFO_ENTRY */\n" " __u64 nr; /* System call number */\n" " __u64 args[6]; /* System call arguments */\n" " } entry;\n" " struct { /* op == PTRACE_SYSCALL_INFO_EXIT */\n" " __s64 rval; /* System call return value */\n" " __u8 is_error; /* System call error flag;\n" " Boolean: does rval contain\n" " an error value (-ERRCODE) or\n" " a nonerror return value? */\n" " } exit;\n" " struct { /* op == PTRACE_SYSCALL_INFO_SECCOMP */\n" " __u64 nr; /* System call number */\n" " __u64 args[6]; /* System call arguments */\n" " __u32 ret_data; /* SECCOMP_RET_DATA portion\n" " of SECCOMP_RET_TRACE\n" " return value */\n" " } seccomp;\n" " };\n" "};\n" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The I, I, I, and I fields are " "defined for all kinds of ptrace system call stops. The rest of the " "structure is a union; one should read only those fields that are meaningful " "for the kind of system call stop specified by the I field." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The I field has one of the following values (defined in Ilinux/" "ptrace.hE>) indicating what type of stop occurred and which part of the " "union is filled:" msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The I component of the union contains information relating to a " "system call entry stop." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The I component of the union contains information relating to a system " "call exit stop." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The I component of the union contains information relating to a " "B stop." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "No component of the union contains relevant information." msgstr "" #. type: Plain text #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron #: opensuse-leap-15-6 opensuse-tumbleweed msgid "" "In case of system call entry or exit stops, the data returned by " "B is limited to type B " "unless B option is set before the corresponding " "system call stop has occurred." msgstr "" #. type: SS #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "Death under ptrace" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "When a (possibly multithreaded) process receives a killing signal (one whose " "disposition is set to B and whose default action is to kill the " "process), all threads exit. Tracees report their death to their tracer(s). " "Notification of this event is delivered via B(2)." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Note that the killing signal will first cause signal-delivery-stop (on one " "tracee only), and only after it is injected by the tracer (or after it was " "dispatched to a thread which isn't traced), will death from the signal " "happen on I tracees within a multithreaded process. (The term \"signal-" "delivery-stop\" is explained below.)" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "B does not generate signal-delivery-stop and therefore the tracer " "can't suppress it. B kills even within system calls (syscall-exit-" "stop is not generated prior to death by B). The net effect is that " "B always kills the process (all its threads), even if some threads " "of the process are ptraced." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "When the tracee calls B<_exit>(2), it reports its death to its tracer. " "Other threads are not affected." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "When any thread executes B(2), every tracee in its thread group " "reports its death to its tracer." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "If the B option is on, B will happen " "before actual death. This applies to exits via B(2), " "B(2), and signal deaths (except B, depending on the " "kernel version; see BUGS below), and when threads are torn down on " "B(2) in a multithreaded process." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The tracer cannot assume that the ptrace-stopped tracee exists. There are " "many scenarios when the tracee may die while stopped (such as B). " "Therefore, the tracer must be prepared to handle an B error on any " "ptrace operation. Unfortunately, the same error is returned if the tracee " "exists but is not ptrace-stopped (for commands which require a stopped " "tracee), or if it is not traced by the process which issued the ptrace " "call. The tracer needs to keep track of the stopped/running state of the " "tracee, and interpret B as \"tracee died unexpectedly\" only if it " "knows that the tracee has been observed to enter ptrace-stop. Note that " "there is no guarantee that I will reliably report the " "tracee's death status if a ptrace operation returned B. " "I may return 0 instead. In other words, the tracee may be " "\"not yet fully dead\", but already refusing ptrace requests." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The tracer can't assume that the tracee I ends its life by reporting " "I or I; there are cases where this " "does not occur. For example, if a thread other than thread group leader " "does an B(2), it disappears; its PID will never be seen again, and " "any subsequent ptrace stops will be reported under the thread group leader's " "PID." msgstr "" #. type: SS #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "Stopped states" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "A tracee can be in two states: running or stopped. For the purposes of " "ptrace, a tracee which is blocked in a system call (such as B(2), " "B(2), etc.) is nevertheless considered to be running, even if the " "tracee is blocked for a long time. The state of the tracee after " "B is somewhat of a gray area: it is not in any ptrace-stop " "(ptrace commands won't work on it, and it will deliver B(2) " "notifications), but it also may be considered \"stopped\" because it is not " "executing instructions (is not scheduled), and if it was in group-stop " "before B, it will not respond to signals until B is " "received." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "There are many kinds of states when the tracee is stopped, and in ptrace " "discussions they are often conflated. Therefore, it is important to use " "precise terms." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "In this manual page, any stopped state in which the tracee is ready to " "accept ptrace commands from the tracer is called I. Ptrace-" "stops can be further subdivided into I, I, " "I, I, and so on. These stopped states are " "described in detail below." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "When the running tracee enters ptrace-stop, it notifies its tracer using " "B(2) (or one of the other \"wait\" system calls). Most of this " "manual page assumes that the tracer waits with:" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "pid = waitpid(pid_or_minus_1, &status, __WALL);\n" msgstr "" #. Denys Vlasenko: #. Do we require __WALL usage, or will just using 0 be ok? (With 0, #. I am not 100% sure there aren't ugly corner cases.) Are the #. rules different if user wants to use waitid? Will waitid require #. WEXITED? #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Ptrace-stopped tracees are reported as returns with I greater than 0 " "and I true." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The B<__WALL> flag does not include the B and B flags, " "but implies their functionality." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Setting the B flag when calling B(2) is not " "recommended: the \"continued\" state is per-process and consuming it can " "confuse the real parent of the tracee." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Use of the B flag may cause B(2) to return 0 (\"no wait " "results available yet\") even if the tracer knows there should be a " "notification. Example:" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "" "errno = 0;\n" "ptrace(PTRACE_CONT, pid, 0L, 0L);\n" "if (errno == ESRCH) {\n" " /* tracee is dead */\n" " r = waitpid(tracee, &status, __WALL | WNOHANG);\n" " /* r can still be 0 here! */\n" "}\n" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The following kinds of ptrace-stops exist: signal-delivery-stops, group-" "stops, B stops, syscall-stops. They all are reported by " "B(2) with I true. They may be differentiated " "by examining the value IE8>, and if there is ambiguity in " "that value, by querying B. (Note: the " "I macro can't be used to perform this examination, because " "it returns the value I<(statusEE8)\\ &\\ 0xff>.)" msgstr "" #. type: SS #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "Signal-delivery-stop" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "When a (possibly multithreaded) process receives any signal except " "B, the kernel selects an arbitrary thread which handles the " "signal. (If the signal is generated with B(2), the target thread " "can be explicitly selected by the caller.) If the selected thread is " "traced, it enters signal-delivery-stop. At this point, the signal is not " "yet delivered to the process, and can be suppressed by the tracer. If the " "tracer doesn't suppress the signal, it passes the signal to the tracee in " "the next ptrace restart request. This second step of signal delivery is " "called I in this manual page. Note that if the signal is " "blocked, signal-delivery-stop doesn't happen until the signal is unblocked, " "with the usual exception that B can't be blocked." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Signal-delivery-stop is observed by the tracer as B(2) returning " "with I true, with the signal returned by " "I. If the signal is B, this may be a different " "kind of ptrace-stop; see the \"Syscall-stops\" and \"execve\" sections below " "for details. If I returns a stopping signal, this may be " "a group-stop; see below." msgstr "" #. type: SS #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "Signal injection and suppression" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "After signal-delivery-stop is observed by the tracer, the tracer should " "restart the tracee with the call" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "ptrace(PTRACE_restart, pid, 0, sig)\n" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "where B is one of the restarting ptrace requests. If I " "is 0, then a signal is not delivered. Otherwise, the signal I is " "delivered. This operation is called I in this manual " "page, to distinguish it from signal-delivery-stop." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The I value may be different from the I value: the " "tracer can cause a different signal to be injected." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Note that a suppressed signal still causes system calls to return " "prematurely. In this case, system calls will be restarted: the tracer will " "observe the tracee to reexecute the interrupted system call (or " "B(2) system call for a few system calls which use a " "different mechanism for restarting) if the tracer uses B. " "Even system calls (such as B(2)) which are not restartable after " "signal are restarted after signal is suppressed; however, kernel bugs exist " "which cause some system calls to fail with B even though no " "observable signal is injected to the tracee." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Restarting ptrace commands issued in ptrace-stops other than signal-delivery-" "stop are not guaranteed to inject a signal, even if I is nonzero. No " "error is reported; a nonzero I may simply be ignored. Ptrace users " "should not try to \"create a new signal\" this way: use B(2) " "instead." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The fact that signal injection requests may be ignored when restarting the " "tracee after ptrace stops that are not signal-delivery-stops is a cause of " "confusion among ptrace users. One typical scenario is that the tracer " "observes group-stop, mistakes it for signal-delivery-stop, restarts the " "tracee with" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "ptrace(PTRACE_restart, pid, 0, stopsig)\n" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "with the intention of injecting I, but I gets ignored and " "the tracee continues to run." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The B signal has a side effect of waking up (all threads of) a " "group-stopped process. This side effect happens before signal-delivery-" "stop. The tracer can't suppress this side effect (it can only suppress " "signal injection, which only causes the B handler to not be " "executed in the tracee, if such a handler is installed). In fact, waking up " "from group-stop may be followed by signal-delivery-stop for signal(s) " "I B, if they were pending when B was " "delivered. In other words, B may be not the first signal observed " "by the tracee after it was sent." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Stopping signals cause (all threads of) a process to enter group-stop. This " "side effect happens after signal injection, and therefore can be suppressed " "by the tracer." msgstr "" # #. In the Linux 2.4 sources, in arch/i386/kernel/signal.c::do_signal(), #. there is: #. /* The debugger continued. Ignore SIGSTOP. */ #. if (signr == SIGSTOP) #. continue; #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "In Linux 2.4 and earlier, the B signal can't be injected." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "B can be used to retrieve a I structure which " "corresponds to the delivered signal. B may be used to " "modify it. If B has been used to alter I, the " "I field and the I parameter in the restarting command must " "match, otherwise the result is undefined." msgstr "" #. type: SS #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "Group-stop" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "When a (possibly multithreaded) process receives a stopping signal, all " "threads stop. If some threads are traced, they enter a group-stop. Note " "that the stopping signal will first cause signal-delivery-stop (on one " "tracee only), and only after it is injected by the tracer (or after it was " "dispatched to a thread which isn't traced), will group-stop be initiated on " "I tracees within the multithreaded process. As usual, every tracee " "reports its group-stop separately to the corresponding tracer." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Group-stop is observed by the tracer as B(2) returning with " "I true, with the stopping signal available via " "I. The same result is returned by some other classes of " "ptrace-stops, therefore the recommended practice is to perform the call" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "ptrace(PTRACE_GETSIGINFO, pid, 0, &siginfo)\n" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The call can be avoided if the signal is not B, B, " "B, or B; only these four signals are stopping signals. If " "the tracer sees something else, it can't be a group-stop. Otherwise, the " "tracer needs to call B. If B fails " "with B, then it is definitely a group-stop. (Other failure codes " "are possible, such as B (\"no such process\") if a B killed " "the tracee.)" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "If tracee was attached using B, group-stop is indicated by " "B: IE16 == PTRACE_EVENT_STOP>. This " "allows detection of group-stops without requiring an extra " "B call." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "As of Linux 2.6.38, after the tracer sees the tracee ptrace-stop and until " "it restarts or kills it, the tracee will not run, and will not send " "notifications (except B death) to the tracer, even if the tracer " "enters into another B(2) call." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The kernel behavior described in the previous paragraph causes a problem " "with transparent handling of stopping signals. If the tracer restarts the " "tracee after group-stop, the stopping signal is effectively ignored\\[em]the " "tracee doesn't remain stopped, it runs. If the tracer doesn't restart the " "tracee before entering into the next B(2), future B " "signals will not be reported to the tracer; this would cause the B " "signals to have no effect on the tracee." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Since Linux 3.4, there is a method to overcome this problem: instead of " "B, a B command can be used to restart a tracee " "in a way where it does not execute, but waits for a new event which it can " "report via B(2) (such as when it is restarted by a B)." msgstr "" #. type: SS #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "PTRACE_EVENT stops" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "If the tracer sets B options, the tracee will enter ptrace-" "stops called B stops." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "B stops are observed by the tracer as B(2) returning " "with I, and I returns B (or " "for B, returns the stopping signal if tracee is in a " "group-stop). An additional bit is set in the higher byte of the status " "word: the value IE8> will be" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "((PTRACE_EVENT_fooEE8) | SIGTRAP).\n" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "The following events exist:" msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Stop before return from B(2) or B(2) with the B " "flag. When the tracee is continued after this stop, it will wait for child " "to exit/exec before continuing its execution (in other words, the usual " "behavior on B(2))." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Stop before return from B(2) or B(2) with the exit signal set " "to B." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "Stop before return from B(2)." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Stop before return from B(2) or B(2) with the B " "flag, but after the child unblocked this tracee by exiting or execing." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "For all four stops described above, the stop occurs in the parent (i.e., the " "tracee), not in the newly created thread. B can be used " "to retrieve the new thread's ID." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Stop before return from B(2). Since Linux 3.0, " "B returns the former thread ID." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Stop before exit (including death from B(2)), signal death, or " "exit caused by B(2) in a multithreaded process. " "B returns the exit status. Registers can be examined " "(unlike when \"real\" exit happens). The tracee is still alive; it needs to " "be Bed or Bed to finish exiting." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Stop induced by B command, or group-stop, or initial " "ptrace-stop when a new child is attached (only if attached using " "B)." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Stop triggered by a B(2) rule on tracee syscall entry when " "B has been set by the tracer. The seccomp event " "message data (from the B portion of the seccomp filter " "rule) can be retrieved with B. The semantics of this " "stop are described in detail in a separate section below." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "B on B stops returns B in " "I, with I set to I<(eventEE8)\\ |\\ SIGTRAP>." msgstr "" #. type: SS #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "Syscall-stops" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "If the tracee was restarted by B or B, the " "tracee enters syscall-enter-stop just prior to entering any system call " "(which will not be executed if the restart was using B, " "regardless of any change made to registers at this point or how the tracee " "is restarted after this stop). No matter which method caused the syscall-" "entry-stop, if the tracer restarts the tracee with B, the " "tracee enters syscall-exit-stop when the system call is finished, or if it " "is interrupted by a signal. (That is, signal-delivery-stop never happens " "between syscall-enter-stop and syscall-exit-stop; it happens I " "syscall-exit-stop.). If the tracee is continued using any other method " "(including B), no syscall-exit-stop occurs. Note that all " "mentions B apply equally to B." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "However, even if the tracee was continued using B, it is not " "guaranteed that the next stop will be a syscall-exit-stop. Other " "possibilities are that the tracee may stop in a B stop " "(including seccomp stops), exit (if it entered B<_exit>(2) or " "B(2)), be killed by B, or die silently (if it is a " "thread group leader, the B(2) happened in another thread, and that " "thread is not traced by the same tracer; this situation is discussed later)." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Syscall-enter-stop and syscall-exit-stop are observed by the tracer as " "B(2) returning with I true, and " "I giving B. If the B " "option was set by the tracer, then I will give the value " "I<(SIGTRAP\\ |\\ 0x80)>." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Syscall-stops can be distinguished from signal-delivery-stop with B " "by querying B for the following cases:" msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "I E= 0" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "B was delivered as a result of a user-space action, for example, a " "system call (B(2), B(2), B(3), etc.), expiration of " "a POSIX timer, change of state on a POSIX message queue, or completion of an " "asynchronous I/O request." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "I == SI_KERNEL (0x80)" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "B was sent by the kernel." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "I == SIGTRAP or I == (SIGTRAP|0x80)" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "This is a syscall-stop." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "However, syscall-stops happen very often (twice per system call), and " "performing B for every syscall-stop may be somewhat " "expensive." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Some architectures allow the cases to be distinguished by examining " "registers. For example, on x86, I == -B in syscall-enter-" "stop. Since B (like any other signal) always happens I " "syscall-exit-stop, and at this point I almost never contains -" "B, the B looks like \"syscall-stop which is not syscall-" "enter-stop\"; in other words, it looks like a \"stray syscall-exit-stop\" " "and can be detected this way. But such detection is fragile and is best " "avoided." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Using the B option is the recommended method to " "distinguish syscall-stops from other kinds of ptrace-stops, since it is " "reliable and does not incur a performance penalty." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Syscall-enter-stop and syscall-exit-stop are indistinguishable from each " "other by the tracer. The tracer needs to keep track of the sequence of " "ptrace-stops in order to not misinterpret syscall-enter-stop as syscall-exit-" "stop or vice versa. In general, a syscall-enter-stop is always followed by " "syscall-exit-stop, B stop, or the tracee's death; no other " "kinds of ptrace-stop can occur in between. However, note that seccomp stops " "(see below) can cause syscall-exit-stops, without preceding syscall-entry-" "stops. If seccomp is in use, care needs to be taken not to misinterpret " "such stops as syscall-entry-stops." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "If after syscall-enter-stop, the tracer uses a restarting command other than " "B, syscall-exit-stop is not generated." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "B on syscall-stops returns B in I, " "with I set to B or I<(SIGTRAP|0x80)>." msgstr "" #. type: SS #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "PTRACE_EVENT_SECCOMP stops (Linux 3.5 to Linux 4.7)" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The behavior of B stops and their interaction with " "other kinds of ptrace stops has changed between kernel versions. This " "documents the behavior from their introduction until Linux 4.7 (inclusive). " "The behavior in later kernel versions is documented in the next section." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "A B stop occurs whenever a B rule " "is triggered. This is independent of which methods was used to restart the " "system call. Notably, seccomp still runs even if the tracee was restarted " "using B and this system call is unconditionally skipped." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Restarts from this stop will behave as if the stop had occurred right before " "the system call in question. In particular, both B and " "B will normally cause a subsequent syscall-entry-stop. " "However, if after the B the system call number is " "negative, both the syscall-entry-stop and the system call itself will be " "skipped. This means that if the system call number is negative after a " "B and the tracee is restarted using B, " "the next observed stop will be a syscall-exit-stop, rather than the syscall-" "entry-stop that might have been expected." msgstr "" #. type: SS #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "PTRACE_EVENT_SECCOMP stops (since Linux 4.8)" msgstr "" #. commit 93e35efb8de45393cf61ed07f7b407629bf698ea #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Starting with Linux 4.8, the B stop was reordered to " "occur between syscall-entry-stop and syscall-exit-stop. Note that seccomp " "no longer runs (and no B will be reported) if the " "system call is skipped due to B." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Functionally, a B stop functions comparably to a " "syscall-entry-stop (i.e., continuations using B will cause " "syscall-exit-stops, the system call number may be changed and any other " "modified registers are visible to the to-be-executed system call as well). " "Note that there may be, but need not have been a preceding syscall-entry-" "stop." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "After a B stop, seccomp will be rerun, with a " "B rule now functioning the same as a " "B. Specifically, this means that if registers are not " "modified during the B stop, the system call will then " "be allowed." msgstr "" #. type: SS #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "PTRACE_SINGLESTEP stops" msgstr "" # #. FIXME . #. document stops occurring with PTRACE_SINGLESTEP #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "[Details of these kinds of stops are yet to be documented.]" msgstr "" #. type: SS #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "Informational and restarting ptrace commands" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Most ptrace commands (all except B, B, " "B, B, and B) require the " "tracee to be in a ptrace-stop, otherwise they fail with B." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "When the tracee is in ptrace-stop, the tracer can read and write data to the " "tracee using informational commands. These commands leave the tracee in " "ptrace-stopped state:" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "" "ptrace(PTRACE_PEEKTEXT/PEEKDATA/PEEKUSER, pid, addr, 0);\n" "ptrace(PTRACE_POKETEXT/POKEDATA/POKEUSER, pid, addr, long_val);\n" "ptrace(PTRACE_GETREGS/GETFPREGS, pid, 0, &struct);\n" "ptrace(PTRACE_SETREGS/SETFPREGS, pid, 0, &struct);\n" "ptrace(PTRACE_GETREGSET, pid, NT_foo, &iov);\n" "ptrace(PTRACE_SETREGSET, pid, NT_foo, &iov);\n" "ptrace(PTRACE_GETSIGINFO, pid, 0, &siginfo);\n" "ptrace(PTRACE_SETSIGINFO, pid, 0, &siginfo);\n" "ptrace(PTRACE_GETEVENTMSG, pid, 0, &long_var);\n" "ptrace(PTRACE_SETOPTIONS, pid, 0, PTRACE_O_flags);\n" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Note that some errors are not reported. For example, setting signal " "information (I) may have no effect in some ptrace-stops, yet the " "call may succeed (return 0 and not set I); querying " "B may succeed and return some random value if current " "ptrace-stop is not documented as returning a meaningful event message." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "The call" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "ptrace(PTRACE_SETOPTIONS, pid, 0, PTRACE_O_flags);\n" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "affects one tracee. The tracee's current flags are replaced. Flags are " "inherited by new tracees created and \"auto-attached\" via active " "B, B, or B " "options." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Another group of commands makes the ptrace-stopped tracee run. They have " "the form:" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "ptrace(cmd, pid, 0, sig);\n" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "where I is B, B, B, " "B, B, B, or " "B. If the tracee is in signal-delivery-stop, " "I is the signal to be injected (if it is nonzero). Otherwise, I " "may be ignored. (When restarting a tracee from a ptrace-stop other than " "signal-delivery-stop, recommended practice is to always pass 0 in I.)" msgstr "" #. type: SS #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "Attaching and detaching" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "A thread can be attached to the tracer using the call" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "ptrace(PTRACE_ATTACH, pid, 0, 0);\n" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "or" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "ptrace(PTRACE_SEIZE, pid, 0, PTRACE_O_flags);\n" msgstr "" # #. FIXME Describe how to attach to a thread which is already group-stopped. #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "B sends B to this thread. If the tracer wants this " "B to have no effect, it needs to suppress it. Note that if other " "signals are concurrently sent to this thread during attach, the tracer may " "see the tracee enter signal-delivery-stop with other signal(s) first! The " "usual practice is to reinject these signals until B is seen, then " "suppress B injection. The design bug here is that a ptrace attach " "and a concurrently delivered B may race and the concurrent " "B may be lost." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Since attaching sends B and the tracer usually suppresses it, this " "may cause a stray B return from the currently executing system call " "in the tracee, as described in the \"Signal injection and suppression\" " "section." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Since Linux 3.4, B can be used instead of B. " "B does not stop the attached process. If you need to stop it " "after attach (or at any other time) without sending it any signals, use " "B command." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "The request" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "ptrace(PTRACE_TRACEME, 0, 0, 0);\n" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "turns the calling thread into a tracee. The thread continues to run " "(doesn't enter ptrace-stop). A common practice is to follow the " "B with" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "raise(SIGSTOP);\n" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "and allow the parent (which is our tracer now) to observe our signal-" "delivery-stop." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "If the B, B, or " "B options are in effect, then children created by, " "respectively, B(2) or B(2) with the B flag, " "B(2) or B(2) with the exit signal set to B, and " "other kinds of B(2), are automatically attached to the same tracer " "which traced their parent. B is delivered to the children, causing " "them to enter signal-delivery-stop after they exit the system call which " "created them." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "Detaching of the tracee is performed by:" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "ptrace(PTRACE_DETACH, pid, 0, sig);\n" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "B is a restarting operation; therefore it requires the tracee " "to be in ptrace-stop. If the tracee is in signal-delivery-stop, a signal " "can be injected. Otherwise, the I parameter may be silently ignored." msgstr "" #. FIXME Describe how to detach from a group-stopped tracee so that it #. doesn't run, but continues to wait for SIGCONT. #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "If the tracee is running when the tracer wants to detach it, the usual " "solution is to send B (using B(2), to make sure it goes to " "the correct thread), wait for the tracee to stop in signal-delivery-stop for " "B and then detach it (suppressing B injection). A design " "bug is that this can race with concurrent Bs. Another complication " "is that the tracee may enter other ptrace-stops and needs to be restarted " "and waited for again, until B is seen. Yet another complication is " "to be sure that the tracee is not already ptrace-stopped, because no signal " "delivery happens while it is\\[em]not even B." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "If the tracer dies, all tracees are automatically detached and restarted, " "unless they were in group-stop. Handling of restart from group-stop is " "currently buggy, but the \"as planned\" behavior is to leave tracee stopped " "and waiting for B. If the tracee is restarted from signal-delivery-" "stop, the pending signal is injected." msgstr "" #. type: SS #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "execve(2) under ptrace" msgstr "" # #. clone(2) CLONE_THREAD says: #. If any of the threads in a thread group performs an execve(2), #. then all threads other than the thread group leader are terminated, #. and the new program is executed in the thread group leader. #. In Linux 3.1 sources, see fs/exec.c::de_thread() #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "When one thread in a multithreaded process calls B(2), the kernel " "destroys all other threads in the process, and resets the thread ID of the " "execing thread to the thread group ID (process ID). (Or, to put things " "another way, when a multithreaded process does an B(2), at " "completion of the call, it appears as though the B(2) occurred in " "the thread group leader, regardless of which thread did the B(2).) " "This resetting of the thread ID looks very confusing to tracers:" msgstr "" #. type: IP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "\\[bu]" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "All other threads stop in B stop, if the " "B option was turned on. Then all other threads except " "the thread group leader report death as if they exited via B<_exit>(2) with " "exit code 0." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The execing tracee changes its thread ID while it is in the B(2). " "(Remember, under ptrace, the \"pid\" returned from B(2), or fed " "into ptrace calls, is the tracee's thread ID.) That is, the tracee's thread " "ID is reset to be the same as its process ID, which is the same as the " "thread group leader's thread ID." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Then a B stop happens, if the B " "option was turned on." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "If the thread group leader has reported its B stop by " "this time, it appears to the tracer that the dead thread leader \"reappears " "from nowhere\". (Note: the thread group leader does not report death via " "I until there is at least one other live thread. This " "eliminates the possibility that the tracer will see it dying and then " "reappearing.) If the thread group leader was still alive, for the tracer " "this may look as if thread group leader returns from a different system call " "than it entered, or even \"returned from a system call even though it was " "not in any system call\". If the thread group leader was not traced (or was " "traced by a different tracer), then during B(2) it will appear as " "if it has become a tracee of the tracer of the execing tracee." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "All of the above effects are the artifacts of the thread ID change in the " "tracee." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The B option is the recommended tool for dealing with " "this situation. First, it enables B stop, which occurs " "before B(2) returns. In this stop, the tracer can use " "B to retrieve the tracee's former thread ID. (This " "feature was introduced in Linux 3.0.) Second, the B " "option disables legacy B generation on B(2)." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "When the tracer receives B stop notification, it is " "guaranteed that except this tracee and the thread group leader, no other " "threads from the process are alive." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "On receiving the B stop notification, the tracer should " "clean up all its internal data structures describing the threads of this " "process, and retain only one data structure\\[em]one which describes the " "single still running tracee, with" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "thread ID == thread group ID == process ID.\n" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "Example: two threads call B(2) at the same time:" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "" "*** we get syscall-enter-stop in thread 1: **\n" "PID1 execve(\"/bin/foo\", \"foo\" Eunfinished ...E\n" "*** we issue PTRACE_SYSCALL for thread 1 **\n" "*** we get syscall-enter-stop in thread 2: **\n" "PID2 execve(\"/bin/bar\", \"bar\" Eunfinished ...E\n" "*** we issue PTRACE_SYSCALL for thread 2 **\n" "*** we get PTRACE_EVENT_EXEC for PID0, we issue PTRACE_SYSCALL **\n" "*** we get syscall-exit-stop for PID0: **\n" "PID0 E... execve resumedE ) = 0\n" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "If the B option is I in effect for the execing " "tracee, and if the tracee was Bed rather that " "Bd, the kernel delivers an extra B to the tracee " "after B(2) returns. This is an ordinary signal (similar to one " "which can be generated by I), not a special kind of ptrace-" "stop. Employing B for this signal returns I set " "to 0 (I). This signal may be blocked by signal mask, and thus may " "be delivered (much) later." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Usually, the tracer (for example, B(1)) would not want to show this " "extra post-execve B signal to the user, and would suppress its " "delivery to the tracee (if B is set to B, it is a killing " "signal). However, determining I B to suppress is not easy. " "Setting the B option or using B and thus " "suppressing this extra B is the recommended approach." msgstr "" #. type: SS #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "Real parent" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The ptrace API (ab)uses the standard UNIX parent/child signaling over " "B(2). This used to cause the real parent of the process to stop " "receiving several kinds of B(2) notifications when the child " "process is traced by some other process." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Many of these bugs have been fixed, but as of Linux 2.6.38 several still " "exist; see BUGS below." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "As of Linux 2.6.38, the following is believed to work correctly:" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "exit/death by signal is reported first to the tracer, then, when the tracer " "consumes the B(2) result, to the real parent (to the real parent " "only when the whole multithreaded process exits). If the tracer and the " "real parent are the same process, the report is sent only once." msgstr "" #. type: SH #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "RETURN VALUE" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "On success, the B requests return the requested data (but see " "NOTES), the B request returns the number of " "instructions in the BPF program, the B request " "returns the number of bytes available to be written by the kernel, and other " "requests return zero." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "On error, all requests return -1, and I is set to indicate the " "error. Since the value returned by a successful B request may " "be -1, the caller must clear I before the call, and then check it " "afterward to determine whether or not an error occurred." msgstr "" #. type: SH #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "ERRORS" msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "(i386 only) There was an error with allocating or freeing a debug register." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "There was an attempt to read from or write to an invalid area in the " "tracer's or the tracee's memory, probably because the area wasn't mapped or " "accessible. Unfortunately, under Linux, different variations of this fault " "will return B or B more or less arbitrarily." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "An attempt was made to set an invalid option." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "I is invalid, or an attempt was made to read from or write to an " "invalid area in the tracer's or the tracee's memory, or there was a word-" "alignment violation, or an invalid signal was specified during a restart " "request." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The specified process cannot be traced. This could be because the tracer " "has insufficient privileges (the required capability is B); " "unprivileged processes cannot trace processes that they cannot send signals " "to or those running set-user-ID/set-group-ID programs, for obvious reasons. " "Alternatively, the process may already be being traced, or (before Linux " "2.6.26) be B(1) (PID 1)." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The specified process does not exist, or is not currently being traced by " "the caller, or is not stopped (for requests that require a stopped tracee)." msgstr "" #. type: SH #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "STANDARDS" msgstr "" #. type: Plain text #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron #: opensuse-leap-15-6 opensuse-tumbleweed msgid "None." msgstr "" #. type: SH #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron #: opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "HISTORY" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "SVr4, 4.3BSD." msgstr "" #. See commit 00cd5c37afd5f431ac186dd131705048c0a11fdb #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Before Linux 2.6.26, B(1), the process with PID 1, may not be traced." msgstr "" #. type: SH #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "NOTES" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Although arguments to B() are interpreted according to the " "prototype given, glibc currently declares B() as a variadic " "function with only the I argument fixed. It is recommended to " "always supply four arguments, even if the requested operation does not use " "them, setting unused/ignored arguments to I<0L> or I<(void\\ *)\\ 0>." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "A tracees parent continues to be the tracer even if that tracer calls " "B(2)." msgstr "" #. See http://lkml.org/lkml/2008/5/8/375 #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The layout of the contents of memory and the USER area are quite operating-" "system- and architecture-specific. The offset supplied, and the data " "returned, might not entirely match with the definition of I." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The size of a \"word\" is determined by the operating-system variant (e.g., " "for 32-bit Linux it is 32 bits)." msgstr "" # #. """""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "This page documents the way the B() call works currently in Linux. " "Its behavior differs significantly on other flavors of UNIX. In any case, " "use of B() is highly specific to the operating system and " "architecture." msgstr "" #. type: SS #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "Ptrace access mode checking" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Various parts of the kernel-user-space API (not just B() " "operations), require so-called \"ptrace access mode\" checks, whose outcome " "determines whether an operation is permitted (or, in a few cases, causes a " "\"read\" operation to return sanitized data). These checks are performed in " "cases where one process can inspect sensitive information about, or in some " "cases modify the state of, another process. The checks are based on factors " "such as the credentials and capabilities of the two processes, whether or " "not the \"target\" process is dumpable, and the results of checks performed " "by any enabled Linux Security Module (LSM)\\[em]for example, SELinux, Yama, " "or Smack\\[em]and by the commoncap LSM (which is always invoked)." msgstr "" #. commit 006ebb40d3d65338bd74abb03b945f8d60e362bd #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Prior to Linux 2.6.27, all access checks were of a single type. Since Linux " "2.6.27, two access mode levels are distinguished:" msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "For \"read\" operations or other operations that are less dangerous, such " "as: B(2); B(2); reading IpidI, IpidI, or IpidI; or B(2) of a IpidI file." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B" msgstr "" # # #. Regarding the above description of the distinction between #. PTRACE_MODE_READ and PTRACE_MODE_ATTACH, Stephen Smalley notes: #. That was the intent when the distinction was introduced, but it doesn't #. appear to have been properly maintained, e.g. there is now a common #. helper lock_trace() that is used for #. /proc/pid/{stack,syscall,personality} but checks PTRACE_MODE_ATTACH, and #. PTRACE_MODE_ATTACH is also used in timerslack_ns_write/show(). Likely #. should review and make them consistent. There was also some debate #. about proper handling of /proc/pid/fd. Arguably that one might belong #. back in the _ATTACH camp. #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "For \"write\" operations, or other operations that are more dangerous, such " "as: ptrace attaching (B) to another process or calling " "B(2). (B was effectively the default " "before Linux 2.6.27.)" msgstr "" #. commit caaee6234d05a58c5b4d05e7bf766131b810a657 #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Since Linux 4.5, the above access mode checks are combined (ORed) with one " "of the following modifiers:" msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Use the caller's filesystem UID and GID (see B(7)) or " "effective capabilities for LSM checks." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Use the caller's real UID and GID or permitted capabilities for LSM checks. " "This was effectively the default before Linux 4.5." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Because combining one of the credential modifiers with one of the " "aforementioned access modes is typical, some macros are defined in the " "kernel sources for the combinations:" msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "Defined as B." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "Defined as B." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "Defined as B." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "Defined as B." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "One further modifier can be ORed with the access mode:" msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B (since Linux 3.3)" msgstr "" #. commit 69f594a38967f4540ce7a29b3fd214e68a8330bd #. Just for /proc/pid/stat #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Don't audit this access mode check. This modifier is employed for ptrace " "access mode checks (such as checks when reading IpidI) that " "merely cause the output to be filtered or sanitized, rather than causing an " "error to be returned to the caller. In these cases, accessing the file is " "not a security violation and there is no reason to generate a security audit " "record. This modifier suppresses the generation of such an audit record for " "the particular access check." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Note that all of the B constants described in this subsection " "are kernel-internal, and not visible to user space. The constant names are " "mentioned here in order to label the various kinds of ptrace access mode " "checks that are performed for various system calls and accesses to various " "pseudofiles (e.g., under I). These names are used in other manual " "pages to provide a simple shorthand for labeling the different kernel checks." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The algorithm employed for ptrace access mode checking determines whether " "the calling process is allowed to perform the corresponding action on the " "target process. (In the case of opening Ipid files, the \"calling " "process\" is the one opening the file, and the process with the " "corresponding PID is the \"target process\".) The algorithm is as follows:" msgstr "" #. type: IP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "(1)" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "If the calling thread and the target thread are in the same thread group, " "access is always allowed." msgstr "" #. type: IP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "(2)" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "If the access mode specifies B, then, for the check in " "the next step, employ the caller's filesystem UID and GID. (As noted in " "B(7), the filesystem UID and GID almost always have the same " "values as the corresponding effective IDs.)" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Otherwise, the access mode specifies B, so use the " "caller's real UID and GID for the checks in the next step. (Most APIs that " "check the caller's UID and GID use the effective IDs. For historical " "reasons, the B check uses the real IDs instead.)" msgstr "" #. type: IP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "(3)" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "Deny access if I of the following is true:" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The real, effective, and saved-set user IDs of the target match the caller's " "user ID, I the real, effective, and saved-set group IDs of the target " "match the caller's group ID." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The caller has the B capability in the user namespace of the " "target." msgstr "" #. type: IP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "(4)" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Deny access if the target process \"dumpable\" attribute has a value other " "than 1 (B; see the discussion of B in " "B(2)), and the caller does not have the B capability " "in the user namespace of the target process." msgstr "" #. type: IP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "(5)" msgstr "" #. (in cap_ptrace_access_check()): #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The kernel LSM I() interface is invoked to " "see if ptrace access is permitted. The results depend on the LSM(s). The " "implementation of this interface in the commoncap LSM performs the following " "steps:" msgstr "" #. type: IP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "(5.1)" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "If the access mode includes B, then use the caller's " "I capability set in the following check; otherwise (the access " "mode specifies B, so) use the caller's I " "capability set." msgstr "" #. type: IP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "(5.2)" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The caller and the target process are in the same user namespace, and the " "caller's capabilities are a superset of the target process's I " "capabilities." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The caller has the B capability in the target process's user " "namespace." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Note that the commoncap LSM does not distinguish between B " "and B." msgstr "" #. type: IP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "(6)" msgstr "" # #. """""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "If access has not been denied by any of the preceding steps, then access is " "allowed." msgstr "" #. type: SS #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "/proc/sys/kernel/yama/ptrace_scope" msgstr "" #. commit 2d514487faf188938a4ee4fb3464eeecfbdcf8eb #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "On systems with the Yama Linux Security Module (LSM) installed (i.e., the " "kernel was configured with B), the I file (available since Linux 3.4) can be used to restrict " "the ability to trace a process with B() (and thus also the ability " "to use tools such as B(1) and B(1)). The goal of such " "restrictions is to prevent attack escalation whereby a compromised process " "can ptrace-attach to other sensitive processes (e.g., a GPG agent or an SSH " "session) owned by the user in order to gain additional credentials that may " "exist in memory and thus expand the scope of the attack." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "More precisely, the Yama LSM limits two types of operations:" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Any operation that performs a ptrace access mode B " "check\\[em]for example, B() B. (See the \"Ptrace " "access mode checking\" discussion above.)" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "B() B." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "A process that has the B capability can update the I file with one of the following values:" msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "0 (\"classic ptrace permissions\")" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "No additional restrictions on operations that perform B " "checks (beyond those imposed by the commoncap and other LSMs)." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "The use of B is unchanged." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "1 (\"restricted ptrace\") [default value]" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "When performing an operation that requires a B check, " "the calling process must either have the B capability in the " "user namespace of the target process or it must have a predefined " "relationship with the target process. By default, the predefined " "relationship is that the target process must be a descendant of the caller." msgstr "" #. commit 90bb766440f2147486a2acc3e793d7b8348b0c22 #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "A target process can employ the B(2) B operation to " "declare an additional PID that is allowed to perform B " "operations on the target. See the kernel source file I (or I before Linux " "4.13) for further details." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "2 (\"admin-only attach\")" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Only processes with the B capability in the user namespace " "of the target process may perform B operations or trace " "children that employ B." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "3 (\"no attach\")" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "No process may perform B operations or trace children " "that employ B." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "Once this value has been written to the file, it cannot be changed." msgstr "" # #. """""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "With respect to values 1 and 2, note that creating a new user namespace " "effectively removes the protection offered by Yama. This is because a " "process in the parent user namespace whose effective UID matches the UID of " "the creator of a child namespace has all capabilities (including " "B) when performing operations within the child user " "namespace (and further-removed descendants of that namespace). " "Consequently, when a process tries to use user namespaces to sandbox itself, " "it inadvertently weakens the protections offered by the Yama LSM." msgstr "" #. type: SS #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "C library/kernel differences" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "At the system call level, the B, B, and " "B requests have a different API: they store the result at " "the address specified by the I parameter, and the return value is the " "error flag. The glibc wrapper function provides the API given in " "DESCRIPTION above, with the result being returned via the function return " "value." msgstr "" #. type: SH #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "BUGS" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "On hosts with Linux 2.6 kernel headers, B is declared " "with a different value than the one for Linux 2.4. This leads to " "applications compiled with Linux 2.6 kernel headers failing when run on " "Linux 2.4. This can be worked around by redefining B to " "B, if that is defined." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Group-stop notifications are sent to the tracer, but not to real parent. " "Last confirmed on 2.6.38.6." msgstr "" #. Note from Denys Vlasenko: #. Here "exits" means any kind of death - _exit, exit_group, #. signal death. Signal death and exit_group cases are trivial, #. though: since signal death and exit_group kill all other threads #. too, "until all other threads exit" thing happens rather soon #. in these cases. Therefore, only _exit presents observably #. puzzling behavior to ptrace users: thread leader _exit's, #. but WIFEXITED isn't reported! We are trying to explain here #. why it is so. #. FIXME . need to test/verify this scenario #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "If a thread group leader is traced and exits by calling B<_exit>(2), a " "B stop will happen for it (if requested), but the " "subsequent B notification will not be delivered until all other " "threads exit. As explained above, if one of other threads calls " "B(2), the death of the thread group leader will I be " "reported. If the execed thread is not traced by this tracer, the tracer " "will never know that B(2) happened. One possible workaround is to " "B the thread group leader instead of restarting it in this " "case. Last confirmed on 2.6.38.6." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "A B signal may still cause a B stop before " "actual signal death. This may be changed in the future; B is meant " "to always immediately kill tasks even under ptrace. Last confirmed on Linux " "3.13." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Some system calls return with B if a signal was sent to a tracee, but " "delivery was suppressed by the tracer. (This is very typical operation: it " "is usually done by debuggers on every attach, in order to not introduce a " "bogus B). As of Linux 3.2.9, the following system calls are " "affected (this list is likely incomplete): B(2), and B(2) " "from an B(7) file descriptor. The usual symptom of this bug is " "that when you attach to a quiescent process with the command" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "strace -p Eprocess-IDE\n" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "then, instead of the usual and expected one-line output such as" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "restart_syscall(E... resuming interrupted call ...E_\n" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "select(6, [5], NULL, [5], NULL_\n" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "('_' denotes the cursor position), you observe more than one line. For " "example:" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "" " clock_gettime(CLOCK_MONOTONIC, {15370, 690928118}) = 0\n" " epoll_wait(4,_\n" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "What is not visible here is that the process was blocked in " "B(2) before B(1) has attached to it. Attaching caused " "B(2) to return to user space with the error B. In this " "particular case, the program reacted to B by checking the current " "time, and then executing B(2) again. (Programs which do not " "expect such \"stray\" B errors may behave in an unintended way upon " "an B(1) attach.)" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Contrary to the normal rules, the glibc wrapper for B() can set " "I to zero." msgstr "" #. type: SH #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "SEE ALSO" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "B(1), B(1), B(1), B(2), B(2), " "B(2), B(2), B(2), B(2), B(2), " "B(2), B(2), B(2), B(3), B(7), " "B(7)" msgstr "" #. type: TH #: debian-bookworm #, no-wrap msgid "2023-02-05" msgstr "" #. type: TH #: debian-bookworm #, no-wrap msgid "Linux man-pages 6.03" msgstr "" #. type: TP #: debian-bookworm debian-unstable opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B, B" msgstr "" #. type: TP #: debian-bookworm debian-unstable opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B, B" msgstr "" #. type: TP #: debian-bookworm debian-unstable opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B, B" msgstr "" #. type: TP #: debian-bookworm debian-unstable opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B, B" msgstr "" #. type: TP #: debian-bookworm debian-unstable opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B, B" msgstr "" #. type: TP #: debian-bookworm debian-unstable opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B, B (since Linux 2.6.14)" msgstr "" #. type: TH #: debian-unstable opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "2023-03-30" msgstr "" #. type: TH #: debian-unstable opensuse-tumbleweed #, no-wrap msgid "Linux man-pages 6.05.01" msgstr "" #. type: TH #: opensuse-leap-15-6 #, no-wrap msgid "Linux man-pages 6.04" msgstr ""