Training courses

Kernel and Embedded Linux

Bootlin training courses

Embedded Linux, kernel,
Yocto Project, Buildroot, real-time,
graphics, boot time, debugging...

Bootlin logo

Elixir Cross Referencer

Open Menu /lib/libc/sys/ptrace.2 
   1
   2
   3
   4
   5
   6
   7
   8
   9
  10
  11
  12
  13
  14
  15
  16
  17
  18
  19
  20
  21
  22
  23
  24
  25
  26
  27
  28
  29
  30
  31
  32
  33
  34
  35
  36
  37
  38
  39
  40
  41
  42
  43
  44
  45
  46
  47
  48
  49
  50
  51
  52
  53
  54
  55
  56
  57
  58
  59
  60
  61
  62
  63
  64
  65
  66
  67
  68
  69
  70
  71
  72
  73
  74
  75
  76
  77
  78
  79
  80
  81
  82
  83
  84
  85
  86
  87
  88
  89
  90
  91
  92
  93
  94
  95
  96
  97
  98
  99
 100
 101
 102
 103
 104
 105
 106
 107
 108
 109
 110
 111
 112
 113
 114
 115
 116
 117
 118
 119
 120
 121
 122
 123
 124
 125
 126
 127
 128
 129
 130
 131
 132
 133
 134
 135
 136
 137
 138
 139
 140
 141
 142
 143
 144
 145
 146
 147
 148
 149
 150
 151
 152
 153
 154
 155
 156
 157
 158
 159
 160
 161
 162
 163
 164
 165
 166
 167
 168
 169
 170
 171
 172
 173
 174
 175
 176
 177
 178
 179
 180
 181
 182
 183
 184
 185
 186
 187
 188
 189
 190
 191
 192
 193
 194
 195
 196
 197
 198
 199
 200
 201
 202
 203
 204
 205
 206
 207
 208
 209
 210
 211
 212
 213
 214
 215
 216
 217
 218
 219
 220
 221
 222
 223
 224
 225
 226
 227
 228
 229
 230
 231
 232
 233
 234
 235
 236
 237
 238
 239
 240
 241
 242
 243
 244
 245
 246
 247
 248
 249
 250
 251
 252
 253
 254
 255
 256
 257
 258
 259
 260
 261
 262
 263
 264
 265
 266
 267
 268
 269
 270
 271
 272
 273
 274
 275
 276
 277
 278
 279
 280
 281
 282
 283
 284
 285
 286
 287
 288
 289
 290
 291
 292
 293
 294
 295
 296
 297
 298
 299
 300
 301
 302
 303
 304
 305
 306
 307
 308
 309
 310
 311
 312
 313
 314
 315
 316
 317
 318
 319
 320
 321
 322
 323
 324
 325
 326
 327
 328
 329
 330
 331
 332
 333
 334
 335
 336
 337
 338
 339
 340
 341
 342
 343
 344
 345
 346
 347
 348
 349
 350
 351
 352
 353
 354
 355
 356
 357
 358
 359
 360
 361
 362
 363
 364
 365
 366
 367
 368
 369
 370
 371
 372
 373
 374
 375
 376
 377
 378
 379
 380
 381
 382
 383
 384
 385
 386
 387
 388
 389
 390
 391
 392
 393
 394
 395
 396
 397
 398
 399
 400
 401
 402
 403
 404
 405
 406
 407
 408
 409
 410
 411
 412
 413
 414
 415
 416
 417
 418
 419
 420
 421
 422
 423
 424
 425
 426
 427
 428
 429
 430
 431
 432
 433
 434
 435
 436
 437
 438
 439
 440
 441
 442
 443
 444
 445
 446
 447
 448
 449
 450
 451
 452
 453
 454
 455
 456
 457
 458
 459
 460
 461
 462
 463
 464
 465
 466
 467
 468
 469
 470
 471
 472
 473
 474
 475
 476
 477
 478
 479
 480
 481
 482
 483
 484
 485
 486
 487
 488
 489
 490
 491
 492
 493
 494
 495
 496
 497
 498
 499
 500
 501
 502
 503
 504
 505
 506
 507
 508
 509
 510
 511
 512
 513
 514
 515
 516
 517
 518
 519
 520
 521
 522
 523
 524
 525
 526
 527
 528
 529
 530
 531
 532
 533
 534
 535
 536
 537
 538
 539
 540
 541
 542
 543
 544
 545
 546
 547
 548
 549
 550
 551
 552
 553
 554
 555
 556
 557
 558
 559
 560
 561
 562
 563
 564
 565
 566
 567
 568
 569
 570
 571
 572
 573
 574
 575
 576
 577
 578
 579
 580
 581
 582
 583
 584
 585
 586
 587
 588
 589
 590
 591
 592
 593
 594
 595
 596
 597
 598
 599
 600
 601
 602
 603
 604
 605
 606
 607
 608
 609
 610
 611
 612
 613
 614
 615
 616
 617
 618
 619
 620
 621
 622
 623
 624
 625
 626
 627
 628
 629
 630
 631
 632
 633
 634
 635
 636
 637
 638
 639
 640
 641
 642
 643
 644
 645
 646
 647
 648
 649
 650
 651
 652
 653
 654
 655
 656
 657
 658
 659
 660
 661
 662
 663
 664
 665
 666
 667
 668
 669
 670
 671
 672
 673
 674
 675
 676
 677
 678
 679
 680
 681
 682
 683
 684
 685
 686
 687
 688
 689
 690
 691
 692
 693
 694
 695
 696
 697
 698
 699
 700
 701
 702
 703
 704
 705
 706
 707
 708
 709
 710
 711
 712
 713
 714
 715
 716
 717
 718
 719
 720
 721
 722
 723
 724
 725
 726
 727
 728
 729
 730
 731
 732
 733
 734
 735
 736
 737
 738
 739
 740
 741
 742
 743
 744
 745
 746
 747
 748
 749
 750
 751
 752
 753
 754
 755
 756
 757
 758
 759
 760
 761
 762
 763
 764
 765
 766
 767
 768
 769
 770
 771
 772
 773
 774
 775
 776
 777
 778
 779
 780
 781
 782
 783
 784
 785
 786
 787
 788
 789
 790
 791
 792
 793
 794
 795
 796
 797
 798
 799
 800
 801
 802
 803
 804
 805
 806
 807
 808
 809
 810
 811
 812
 813
 814
 815
 816
 817
 818
 819
 820
 821
 822
 823
 824
 825
 826
 827
 828
 829
 830
 831
 832
 833
 834
 835
 836
 837
 838
 839
 840
 841
 842
 843
 844
 845
 846
 847
 848
 849
 850
 851
 852
 853
 854
 855
 856
 857
 858
 859
 860
 861
 862
 863
 864
 865
 866
 867
 868
 869
 870
 871
 872
 873
 874
 875
 876
 877
 878
 879
 880
 881
 882
 883
 884
 885
 886
 887
 888
 889
 890
 891
 892
 893
 894
 895
 896
 897
 898
 899
 900
 901
 902
 903
 904
 905
 906
 907
 908
 909
 910
 911
 912
 913
 914
 915
 916
 917
 918
 919
 920
 921
 922
 923
 924
 925
 926
 927
 928
 929
 930
 931
 932
 933
 934
 935
 936
 937
 938
 939
 940
 941
 942
 943
 944
 945
 946
 947
 948
 949
 950
 951
 952
 953
 954
 955
 956
 957
 958
 959
 960
 961
 962
 963
 964
 965
 966
 967
 968
 969
 970
 971
 972
 973
 974
 975
 976
 977
 978
 979
 980
 981
 982
 983
 984
 985
 986
 987
 988
 989
 990
 991
 992
 993
 994
 995
 996
 997
 998
 999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
.\"	$NetBSD: ptrace.2,v 1.85 2020/05/14 13:40:49 wiz Exp $
.\"
.\" This file is in the public domain.
.Dd May 14, 2020
.Dt PTRACE 2
.Os
.Sh NAME
.Nm ptrace
.Nd process tracing and debugging
.Sh LIBRARY
.Lb libc
.Sh SYNOPSIS
.In sys/types.h
.In sys/ptrace.h
.Ft int
.Fn ptrace "int request" "pid_t pid" "void *addr" "int data"
.Sh DESCRIPTION
.Fn ptrace
provides tracing and debugging facilities.
It allows one process (the
.Em tracing
process) to control another (the
.Em traced
process).
Most of the time, the traced process runs normally, but when
it receives a signal
.Po
see
.Xr sigaction 2
.Pc ,
it stops.
The tracing process is expected to notice this via
.Xr wait 2
or the delivery of a
.Dv SIGCHLD
signal
.Po
see
.Xr siginfo 2
.Pc ,
examine the state of the stopped process, and cause it to
terminate or continue as appropriate.
.Fn ptrace
is the mechanism by which all this happens.
.Pp
When a process that is traced by a debugger requests and calls
.Xr execve 2
or any of the routines built on it
.Po
such as
.Xr execv 3
.Pc ,
it will stop before executing the first instruction of the new image and emit
.Dv SIGTRAP
with
.Dv si_code
set to
.Dv TRAP_EXEC .
If a traced program calls
.Xr execve 2
any setuid or setgid bits on the executable being executed will be ignored.
.Pp
Program (software) breakpoints are reported with
.Dv SIGTRAP
and the
.Dv si_code
value set to
.Dv TRAP_BKPT .
These breakpoints are machine specific instructions that interrupt the process.
In order to put a trap by a tracer into the tracee's program,
debugger must violate the
.Dv PaX MPROTECT
restrictions.
For details check the
.Dv security.pax.mprotect.ptrace
option described in
.Xr sysctl 7 .
When a tracee is interrupted by a trap,
the trap is not removed by the kernel and it must be handled by a debugger.
.Pp
If a program is traced with single steps
.Dv ( PT_STEP )
it reports each step with
.Dv SIGTRAP
with
.Dv si_code
set to
.Dv TRAP_TRACE .
This event is not maskable
.Dv PT_SET_EVENT_MASK .
.Pp
Child program traps are reported with
.Dv SIGTRAP
and the
.Dv si_code
value set to
.Dv TRAP_CHLD .
These events are by default disabled and can be configured with
.Dv PT_SET_EVENT_MASK .
If this event occurs,
check with
.Dv PT_GET_PROCESS_STATE
the details of the process state associated with this event.
.Pp
Design choices for Debug Register accessors
.Bl -dash
.It
.Fn exec
.Dv ( TRAP_EXEC
event) must remove debug registers from LWP
.It
debug registers are only per-LWP, not per-process globally
.It
debug registers must not be inherited after (v)forking a process
.It
debug registers must not be inherited after forking a thread
.It
a debugger is responsible to set global watchpoints/breakpoints with the
debug registers,
to achieve this
.Dv PTRACE_LWP_CREATE
/
.Dv PTRACE_LWP_EXIT
event monitoring function is designed to be used
.It
debug register traps must generate
.Dv SIGTRAP with
.Dv si_code
.Dv TRAP_DBREG
.It
debugger is responsible to retrieve debug register state to distinguish
the exact debug register trap
.It
kernel must not remove debug register traps after triggering a trap event;
a debugger is responsible to detach this trap with appropriate
.Dv PT_SETDBREGS
call
.It
debug registers must not be exposed in mcontext
.It
userland must not be allowed to set a trap on the kernel
.El
.Pp
A debugger might reuse port specific symbols,
to help writing portable code as described in the port specific part of the
.In sys/ptrace.h
header.
Among these symbols,
there are:
.Bl -dash
.It
.Dv PTRACE_REG_PC
.It
.Dv PTRACE_REG_SET_PC
.It
.Dv PTRACE_REG_SP
.It
.Dv PTRACE_REG_INTRV
.It
.Dv PTRACE_BREAKPOINT
.It
.Dv PTRACE_BREAKPOINT_SIZE
.It
.Dv PTRACE_BREAKPOINT_ADJ
.El
.Pp
The
.Fa request
argument
of
.Nm
specifies what operation is being performed; the meaning of
the rest of the arguments depends on the operation, but except for one
special case noted below, all
.Nm
calls are made by the tracing process, and the
.Fa pid
argument specifies the process ID of the traced process.
.Fa request
can be:
.Bl -tag -width 12n
.It Dv PT_TRACE_ME
This request is the only one used by the traced process; it declares
that the process expects to be traced by its parent.
All the other arguments are ignored.
If the parent process does not expect to trace
the child, it will probably be rather confused by the results; once the
traced process stops, it cannot be made to continue except via
.Fn ptrace .
.Pp
This call does not stop the process neither emit
.Dv SIGSTOP
to parent.
.It Dv PT_READ_I , Dv PT_READ_D
These requests read a single
.Vt int
of data from the traced process' address space.
Traditionally,
.Fn ptrace
has allowed for machines with distinct address spaces for instruction
and data, which is why there are two requests: conceptually,
.Dv PT_READ_I
reads from the instruction space and
.Dv PT_READ_D
reads from the data space.
In the current
.Nx
implementation, these
two requests are completely identical.
The
.Fa addr
argument specifies the address (in the traced process' virtual address
space) at which the read is to be done.
This address does not have to meet any alignment constraints.
The value read is returned as the return value from
.Eo \&
.Fn ptrace
.Ec .
.Pp
These operations return success on incomplete and cancelled byte transfers.
New software shall use
.Dv PT_IO
as it allows to check whether a byte transfer was completed.
.It Dv PT_WRITE_I , Dv PT_WRITE_D
These requests parallel
.Dv PT_READ_I
and
.Dv PT_READ_D ,
except that they write rather than read.
The
.Fa data
argument supplies the value to be written.
.Pp
New software shall use
.Dv PT_IO
as it allows to check whether an operation was completed.
.It Dv PT_CONTINUE
The traced process continues execution.
.Fa addr
is an address specifying the place where execution is to be resumed (a
new value for the program counter), or
.Li (void *)1
to indicate that execution is to pick up where it left off.
.Fa data
provides a signal number to be delivered to the traced process as it
resumes execution, or 0 if no signal is to be sent.
If a negative value is supplied, that is the negative of the LWP
ID of the thread to be resumed, and only that thread executes.
.It Dv PT_KILL
The traced process terminates, as if
.Dv PT_CONTINUE
has been used with
.Dv SIGKILL
given as the signal to be delivered.
However, unlike
.Dv PT_CONTINUE ,
.Dv PT_KILL
can be used on a non-stopped tracee.
The
.Fa addr
and
.Fa data
arguments are ignored.
.It Dv PT_STOP
The traced process stops, as if
.Xr kill 2
has been used with
.Dv SIGSTOP
given as the signal to be delivered.
.Xr wait 2
will report the child (again) as stopped even if it was stopped before.
The
.Fa addr
and
.Fa data
arguments are ignored.
Unlike
.Dv PT_CONTINUE
call with
.Dv SIGSTOP ,
.Dv PT_STOP
works both on running and stopped processes.
.It Dv PT_ATTACH
This request allows a process to gain control of an otherwise unrelated
process and begin tracing it.
It does not need any cooperation from the to-be-traced process.
In this case,
.Fa pid
specifies the process ID of the to-be-traced process, and the other two
arguments are ignored.
This request requires that the target process
must have the same real UID as the tracing process, and that it must
not be executing a setuid or setgid executable.
(If the tracing process is running as root,
these restrictions do not apply.)
.Pp
The tracing process will see the newly-traced process stop and may then
control it as if it had been traced all along.
It means that the
.Dv SIGSTOP
signal is emitted to tracer.
It is different behavior to the one from
.Dv PT_TRACE_ME .
.Pp
Three other restrictions apply to all tracing processes, even those
running as root.
First, no process may trace a system process.
Second, no process may trace the process running
.Xr init 8 .
Third, if a process has its root directory set with
.Xr chroot 2 ,
it may not trace another process unless that process' root directory
is at or below the tracing process' root.
.It Dv PT_DETACH
This request is like PT_CONTINUE, except that after it
succeeds, the traced process is no longer traced and continues
execution normally.
.It Dv PT_IO
This request is a more general interface that can be used instead of
.Dv PT_READ_D ,
.Dv PT_WRITE_D ,
.Dv PT_READ_I ,
and
.Dv PT_WRITE_I .
The I/O request is encoded in a
.Vt struct ptrace_io_desc
defined as:
.Bd -literal -offset indent
struct ptrace_io_desc {
	int	piod_op;
	void	*piod_offs;
	void	*piod_addr;
	size_t	piod_len;
};
.Ed
.Pp
where
.Fa piod_offs
is the offset within the traced process where the I/O operation should
take place,
.Fa piod_addr
is the buffer in the tracing process, and
.Fa piod_len
is the length of the I/O request.
The
.Fa piod_op
field specifies which type of I/O operation to perform.
Possible values are:
.Pp
.Bl -tag -width 18n -offset indent -compact
.It Dv PIOD_READ_D
.It Dv PIOD_WRITE_D
.It Dv PIOD_READ_I
.It Dv PIOD_WRITE_I
.It Dv PIOD_READ_AUXV
.El
.Pp
See the description of
.Dv PT_READ_I
for the difference between I and D spaces.
.Pp
The
.Dv PIOD_READ_AUXV
operation can be used to read from the ELF auxiliary vector.
The
.Fa piod_offs
argument sets the offset within the tracee's vector.
To read from the beginning of it, this value must be set to 0 and cast to
.Dv (void *) .
.Pp
A pointer to the I/O descriptor is passed in the
.Fa addr
argument to
.Fn ptrace .
On return, the
.Fa piod_len
field in the I/O descriptor will be updated with the actual number of
bytes transferred.
If the requested I/O could not be successfully performed,
.Fn ptrace
will return \-1 and set
.Va errno .
.Pp
This interface returns success for partial and cancelled byte transfers.
For an interrupted transfer, a user shall check whether occurred at least
a single of the following two conditions:
.Dv piod_len == 0
and set
.Va errno .
Successful but incomplete byte transfers shall be restarted in the place
where they were stopped.
.It Dv PT_DUMPCORE
Makes the process specified in the
.Fa pid
pid generate a core dump.
The
.Fa addr
argument should contain the name of the core file to be generated
and the
.Fa data
argument should contain the length of the core filename.
.It Dv PT_LWPSTATUS
Returns information about a thread from the list of threads for the
process specified in the
.Fa pid
argument.
The
.Fa addr
argument should contain a
.Vt struct ptrace_lwpstatus
defined as:
.Bd -literal -offset indent
struct ptrace_lwpstatus {
	lwpid_t pl_lwpid;
	sigset_t pl_sigpend;
	sigset_t pl_sigmask;
	char pl_name[20];
	void *pl_private;
};
.Ed
.Pp
where
.Fa pl_lwpid
contains a thread LWP ID.
Information is returned for the thread specified in
.Fa pl_lwpid .
.Fa pl_sigpend
contains the signals pending on that LWP.
.Fa pl_sigmask
contains the signals masked on that LWP.
.Fa pl_name
contains printable name of the LWP.
The string is always NUL terminated.
.Fa pl_private
contains the pointer to TLS base.
.Pp
The
.Fa data
argument should contain
.Dq Li sizeof(struct ptrace_lwpinfo) .
.It Dv PT_LWPNEXT
Is the same as
.Dv PT_LWPSTATUS ,
except that information is returned for the thread following the one with the
specified ID in the process thread list, or for the first thread
if
.Fa pl_lwpid
is 0.
.Pp
Upon return
.Fa pl_lwpid
contains the LWP ID of the thread that was found, or 0 if there is
no thread after the one whose LWP ID was supplied in the call.
.It Dv PT_SYSCALL
Stops a process before and after executing each system call.
Otherwise this operation is the same as
.Dv PT_CONTINUE .
.It Dv PT_SYSCALLEMU
Intercept and ignore a system call before it has been executed, for use with
.Dv PT_SYSCALL .
This operation shall be called for syscall entry trap from
.Dv PT_SYSCALL .
To resume execution after intercepting the system call,
another
.Dv PT_SYSCALL
shall be used.
.It Dv PT_SET_EVENT_MASK
This request can be used to specify which events in the traced process
should be reported to the tracing process.
These events are specified in a
.Vt struct ptrace_event
defined as:
.Bd -literal -offset indent
typedef struct ptrace_event {
	int	pe_set_event;
} ptrace_event_t;
.Ed
.Pp
.Fa pe_set_event
is the set of events to be reported.
This set is formed by OR'ing together the following values:
.Bl -tag -width 18n
.It PTRACE_FORK
Report
.Xr fork 2 .
.It PTRACE_VFORK
Report
.Xr vfork 2 .
.It PTRACE_VFORK_DONE
Report parent resumed after
.Xr vfork 2 .
.It PTRACE_LWP_CREATE
Report thread birth.
.It PTRACE_LWP_EXIT
Report thread termination.
.It PTRACE_POSIX_SPAWN
Report
.Xr posix_spawn 3 .
.El
.Pp
The
.Xr fork 2
and
.Xr vfork 2
events can occur with
.Xr clone 2 .
The
.Dv PTRACE_FORK
value means that process gives birth to its child
without pending on its termination or
.Xr execve 2
operation.
If enabled,
the child is also traced by the debugger and
.Dv SIGTRAP
is generated twice,
first for the parent and second for the child.
The
.Dv PTRACE_VFORK
event is the same as
.Dv PTRACE_FORK ,
but the parent blocks after giving birth to the child.
The
.Dv PTRACE_VFORK_DONE
event can be used to report unblocking of the parent.
.Pp
.Fn posix_spawn
on
.Nx
directly creates the child process without intermediate fork.
The
.Dv PTRACE_POSIX_SPAWN
event semantics are the same as
.Dv PTRACE_FORK ,
but the child is reported with implied execution of a file.
.Pp
A pointer to this structure is passed in
.Fa addr .
The
.Fa data
argument should be set to
.Li sizeof(struct ptrace_event) .
.It Dv PT_GET_EVENT_MASK
This request can be used to determine which events in the traced
process will be reported.
The information is read into the
.Vt struct ptrace_event
pointed to by
.Fa addr .
The
.Fa data
argument should be set to
.Li sizeof(struct ptrace_event) .
.It Dv PT_GET_PROCESS_STATE
This request reads the state information associated with the event
that stopped the traced process.
The information is reported in a
.Vt struct ptrace_state
that is equivalent to:
.Bd -literal -offset indent
typedef struct ptrace_state {
	int	pe_report_event;
	union {
		pid_t	pe_other_pid;
		lwpid_t	pe_lwp;
	};
} ptrace_state_t;
.Ed
.Pp
A pointer to this structure is passed in
.Fa addr .
The
.Fa data
argument should be set to
.Li sizeof(struct ptrace_state) .
.It Dv PT_SET_SIGINFO
This request can be used to specify signal information emitted to tracee.
This signal information is specified in
.Vt struct ptrace_siginfo
defined as:
.Bd -literal -offset indentq
typedef struct ptrace_siginfo {
	siginfo_t	psi_siginfo;
	lwpid_t		psi_lwpid;
} ptrace_siginfo_t;
.Ed
.Pp
Where
.Fa psi_siginfo
is the set to signal information structure.
The
.Fa psi_lwpid
field describes LWP address of the signal.
Value
.Dv 0
means the whole process
(route signal to all LWPs).
.Pp
A pointer to this structure is passed in
.Fa addr .
The
.Fa data
argument should be set to
.Li sizeof(struct ptrace_siginfo) .
.Pp
In order to pass faked signal to the tracee,
the signal type must match the signal passed to the process with
.Dv PT_CONTINUE
or
.Dv PT_SYSCALL .
.It Dv PT_GET_SIGINFO
This request can be used to determine signal information that was received by
a debugger
.Po
see
.Xr siginfo 2
.Pc .
The information is read into the
.Vt struct ptrace_siginfo
pointed to by
.Fa addr .
The
.Fa data
argument should be set to
.Li sizeof(struct ptrace_siginfo) .
.It Dv PT_SET_SIGPASS
This request can be used to specify mask of signals that should be passed
directly to the debuggee, without reporting to the tracer.
A pointer to sigset_t is passed in
.Fa addr .
The
.Fa data
argument should be set to
.Li sizeof(sigset_t) .
.Pp
It is not permitted to mask
.Dv SIGSTOP
and
.Dv SIGKILL .
All debugger related signals
.Dv ( SIGTRAP , SIGILL , SIGSEGV , SIGBUS , SIGFPE )
are reported to the tracer without interruption,
unless they were emitted by a non-crash source.
.It Dv PT_GET_SIGPASS
This request can be used to determine mask of signals passed directly to the debuggee.
A pointer to sigset_t is passed in
.Fa addr .
The
.Fa data
argument should be set to
.Li sizeof(sigset_t) .
.Pp
Upon debugger attach the sigpass mask shall be empty.
.It Dv PT_RESUME
Allow execution of a specified thread,
change its state from suspended to continued.
The
.Fa addr
argument is unused.
The
.Fa data
argument specifies the LWP ID.
.Pp
This call is equivalent to
.Xr _lwp_continue 2
called by a traced process.
This call does not change the general process state from stopped to continued.
.It Dv PT_SUSPEND
Prevent execution of a specified thread,
change its state from continued to suspended.
The
.Fa addr
argument is unused.
The
.Fa data
argument specifies the requested LWP ID.
.Pp
This call is equivalent to
.Xr _lwp_suspend 2
called by a traced process.
This call does not change the general process state from continued to stopped.
.El
.Pp
Additionally, the following requests exist but are
not available on all machine architectures.
The file
.In machine/ptrace.h
lists which requests exist on a given machine.
.Bl -tag -width 12n
.It Dv PT_STEP
Execution continues as in request PT_CONTINUE; however
as soon as possible after execution of at least one
instruction, execution stops again.
If the
.Fa data
argument is greater than 0, it contains the LWP ID of the thread to be
stepped, and any other threads are continued.
If the
.Fa data
argument is less than zero, it contains the negative of the LWP ID of
the thread to be stepped, and only that thread executes.
.It Dv PT_SETSTEP
This request will turn on single stepping of the specified thread.
.Fa addr
is unused.
.Fa data
specifies the LWP ID of the thread to be stepped.
The execution does not continue until
.Dv PT_CONTINUE
is issued.
This request permits combining single-stepping with sending signals and
.Dv PT_SYSCALL .
.It Dv PT_CLEARSTEP
This request will turn off single stepping of the specified thread.
.Fa addr
is unused.
.Fa data
specifies the LWP ID of the thread to disable single-stepping.
.It Dv PT_GETREGS
This request reads the traced process' machine registers into the
.Vt struct reg
(defined in
.In machine/reg.h )
pointed to by
.Fa addr .
The
.Fa data
argument contains the LWP ID of the thread whose registers are to
be read.
If zero is supplied, the first thread of the process is read.
.It Dv PT_SETREGS
This request is the converse of
.Dv PT_GETREGS ;
it loads the traced process' machine registers from the
.Vt struct reg
(defined in
.In machine/reg.h )
pointed to by
.Fa addr .
The
.Fa data
argument contains the LWP ID of the thread whose registers are to
be written.
If zero is supplied, the first thread of the process is written.
.It Dv PT_GETFPREGS
This request reads the traced process' floating-point registers into
the
.Vt struct fpreg
(defined in
.In machine/reg.h )
pointed to by
.Fa addr .
The
.Fa data
argument contains the LWP ID of the thread whose registers are to
be read.
If zero is supplied, the first thread of the process is read.
.It Dv PT_SETFPREGS
This request is the converse of
.Dv PT_GETFPREGS ;
it loads the traced process' floating-point registers from the
.Vt struct fpreg
(defined in
.In machine/reg.h )
pointed to by
.Fa addr .
The
.Fa data
argument contains the LWP ID of the thread whose registers are to
be written.
If zero is supplied, the first thread of the process is written.
.It Dv PT_GETDBREGS
This request reads the traced process' debug registers into
the
.Vt struct dbreg
(defined in
.In machine/reg.h )
pointed to by
.Fa addr .
The
.Fa data
argument contains the LWP ID of the thread whose registers are to
be read.
If zero is supplied, the first thread of the process is read.
.It Dv PT_SETDBREGS
This request is the converse of
.Dv PT_GETDBREGS ;
it loads the traced process' debug registers from the
.Vt struct dbreg
(defined in
.In machine/reg.h )
pointed to by
.Fa addr .
The
.Fa data
argument contains the LWP ID of the thread whose registers are to
be written.
If zero is supplied, the first thread of the process is written.
.It Dv PT_GETXMMREGS
This request reads the traced process' XMM registers into
the
.Vt struct xmmregs
(defined in
.In machine/reg.h )
pointed to by
.Fa addr .
The
.Fa data
argument contains the LWP ID of the thread whose registers are to
be read.
If zero is supplied, the first thread of the process is read.
.It Dv PT_SETXMMREGS
This request is the converse of
.Dv PT_GETXMMREGS ;
it loads the traced process' XMM registers from the
.Vt struct xmmregs
(defined in
.In machine/reg.h )
pointed to by
.Fa addr .
The
.Fa data
argument contains the LWP ID of the thread whose registers are to
be written.
If zero is supplied, the first thread of the process is written.
.It Dv PT_GETVECREGS
This request reads the traced process' vector registers into
the
.Vt struct vreg
(defined in
.In machine/reg.h )
pointed to by
.Fa addr .
The
.Fa data
argument contains the LWP ID of the thread whose registers are to
be read.
If zero is supplied, the first thread of the process is read.
.It Dv PT_SETVECREGS
This request is the converse of
.Dv PT_GETVECREGS ;
it loads the traced process' vector registers from the
.Vt struct vreg
(defined in
.In machine/reg.h )
pointed to by
.Fa addr .
The
.Fa data
argument contains the LWP ID of the thread whose registers are to
be written.
If zero is supplied, the first thread of the process is written.
.It Dv PT_GETXSTATE
This request reads the traced process' FPU extended state into
the
.Vt struct xstate
(defined in
.In machine/cpu_extended_state.h ) .
.Fa addr
should be a pointer to
.Vt struct iovec
(defined in
.In sys/uio.h )
specifying the pointer to the aforementioned struct as
.Fa iov_base
and its size as
.Fa iov_len .
The
.Fa data
argument contains the LWP ID of the thread whose registers are to
be read.
If zero is supplied, the first thread of the process is read.
The struct will be filled up to the specified
.Fa iov_len .
The caller needs to check the
.Fa xs_rfbm
bitmap in order to determine which fields were provided by the CPU,
and may check
.Fa xs_xstate_bv
to determine which component states were changed from the initial state.
.It Dv PT_SETXSTATE
This request is the converse of
.Dv PT_GETXSTATE ;
it loads the traced process' extended FPU state from the
.Vt struct xstate
(defined in
.In machine/cpu_extended_state.h ) .
.Fa addr
should be a pointer to
.Vt struct iovec
(defined in
.In sys/uio.h )
specifying the pointer to the aforementioned struct as
.Fa iov_base
and its size as
.Fa iov_len .
The
.Fa data
argument contains the LWP ID of the thread whose registers are to
be written.
If zero is supplied, the first thread of the process is written.
The
.Fa xs_rfbm
field of the supplied xstate specifies which state components are to
be updated.
Other components (fields) will be ignored.
The
.Fa xs_xstate_bv
field specifies whether component state should be set to provided
values (when 1) or reset to unitialized (when 0).
The request will fail if
.Fa xs_xstate_bv
is not a subset of
.Fa xs_rfbm ,
or any of the specified components is not supported by the CPU or kernel
(i.e., not returned by
.Dv PT_GETXSTATE ) .
.El
.Sh ERRORS
Some requests can cause
.Fn ptrace
to return \-1 as a non-error value; to disambiguate,
.Va errno
can be set to 0 before the call and checked afterwards.
The possible errors are:
.Bl -tag -width "[EINVAL]"
.It Bq Er EAGAIN
Process is currently exec'ing and cannot be traced.
.It Bq Er EBUSY
.Bl -bullet -compact
.It
.Dv PT_ATTACH
was attempted on a process that was already being traced.
.It
A request attempted to manipulate a process that was being traced by
some process other than the one making the request.
.It
A request (other than
.Dv PT_ATTACH )
specified a process that wasn't stopped.
.El
.It Bq Er EDEADLK
An attempt to unstop a process with locked threads.
.It Bq Er EINVAL
.Bl -bullet -compact
.It
A process attempted to use
.Dv PT_ATTACH
on itself.
.It
The
.Fa request
was not a legal request on this machine architecture.
.It
The signal number (in
.Fa data )
to
.Dv PT_CONTINUE
was neither 0 nor a legal signal number.
.It
.Dv PT_GETREGS ,
.Dv PT_SETREGS ,
.Dv PT_GETFPREGS ,
.Dv PT_SETFPREGS ,
.Dv PT_GETXSTATE ,
or
.Dv PT_SETXSTATE
was attempted on a process with no valid register set.
(This is normally true only of system processes.)
.It
A process attempted to set Program Counter to 0 in
.Dv PT_CONTINUE ,
.Dv PT_SYSCALL
or
.Dv PT_DETACH
with
.Dv vm.user_va0_disable
set to 1.
.It
.Dv PT_SETXSTATE
attempted to set state components not supported by the kernel,
or
.Dv xs_xstate_bv
was not a subset of
.Dv xs_rfbm .
.El
.It Bq Er EPERM
.Bl -bullet -compact
.It
A request (other than
.Dv PT_ATTACH )
attempted to manipulate a process that wasn't being traced at all.
.It
An attempt was made to use
.Dv PT_ATTACH
on a process in violation of the requirements listed under
.Dv PT_ATTACH
above.
.El
.It Bq Er ESRCH
No process having the specified process ID exists.
.El
.Sh SEE ALSO
.Xr sigaction 2 ,
.Xr signal 7
.Sh HISTORY
The
.Fn ptrace
function appeared in
.At v7 .
.Sh BUGS
On the SPARC, the PC is set to the provided PC value for
.Dv PT_CONTINUE
and similar calls,
but the NPC is set willy-nilly to 4 greater than the PC value.
Using
.Dv PT_GETREGS
and
.Dv PT_SETREGS
to modify the PC, passing
.Li (void *)1
to
.Eo \&
.Fn ptrace
.Ec ,
should be able to sidestep this.