MFS r304143:

MFC r303934,r303937,r303942:

r303934:
Support rmdir(2).
r303937:
Use proper argument length for rmdir(2) for r303934.
r303942:
Fix sorting in r303934.

Approved by: re (gjb)

MFS r304143:

MFC r303934,r303937,r303942:

r303934:
Support rmdir(2).
r303937:
Use proper argument length for rmdir(2) for r303934.
r303942:
Fix sorting in r303934.

Approved by: re (gjb)

Copy stable/11@r303970 to releng/11.0 as part of the 11.0-RELEASE
cycle.

Prune svn:mergeinfo from the new branch, and rename it to RC1.

Update __FreeBSD_version.

Use the quarterly branch for the default FreeBSD.conf pkg(8) repo and
the dvd1.iso packages population.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

Copy head@r302406 to stable/11 as part of the 11.0-RELEASE cycle.
Prune svn:mergeinfo from the new branch, as nothing has been merged
here.

Additional commits post-branch will follow.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

Cleanup unnecessary semicolons from utilities we all love.

Replace the CloudABI system call table by a machine generated version.

The type definitions and constants that were used by COMPAT_CLOUDABI64
are a literal copy of some headers stored inside of CloudABI's C
library, cloudlibc. What is annoying is that we can't make use of
cloudlibc's system call list, as the format is completely different and
doesn't provide enough information. It had to be synced in manually.

We recently decided to solve this (and some other problems) by moving
the ABI definitions into a separate file:

https://github.com/NuxiNL/cloudabi/blob/master/cloudabi.txt

This file is processed by a pile of Python scripts to generate the
header files like before, documentation (markdown), but in our case more
importantly: a FreeBSD system call table.

This change discards the old files in sys/contrib/cloudabi and replaces
them by the latest copies, which requires some minor changes here and
there. Because cloudabi.txt also enforces consistent names of the system
call arguments, we have to patch up a small number of system call
implementations to use the new argument names.

The new header files can also be included directly in FreeBSD kernel
space without needing any includes/defines, so we can now remove
cloudabi_syscalldefs.h and cloudabi64_syscalldefs.h. Patch up the
sources to include the definitions directly from sys/contrib/cloudabi
instead.

Use ptrace(2) LWP events to track threads reliably in truss.

- truss can now log the system call invoked by a thread during a
voluntary process exit. No return value is logged, but the value passed
to exit() is included in the trace output. Arguments passed to thread
exit system calls such as thr_exit() are not logged as voluntary thread
exits cannot be distinguished from involuntary thread exits during a
system call.
- New events are now reported for thread births and exits similar to the
recently added events for new child processes when following forks.

Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D5561

Add handling for non-native error values to libsysdecode.

Add two new functions, sysdecode_abi_to_freebsd_errno() and
sysdecode_freebsd_to_abi_errno(), which convert errno values between
the native FreeBSD ABI and other supported ABIs. Note that the
mappings are not necessarily perfect meaning in some cases multiple
errors in one ABI might map to a single error in another ABI. In that
case, the reverse mapping will return one of the errors that maps, but
which error is non-deterministic.

Change truss to always report the raw error value to the user but
use libsysdecode to map it to a native errno value that can be used
with strerror() to generate a description. Previously truss reported
the "converted" error value. Now the user will always see the exact
error value that the application sees.

Change kdump to report the truly raw error value to the user. Previously
kdump would report the absolute value of the raw error value (so for
Linux binaries it didn't output the FreeBSD error value, but the positive
value of the Linux error). Now it reports the real (i.e. negative) error
value for Linux binaries. Also, use libsysdecode to convert the native
FreeBSD error reported in the ktrace record to the raw error used by the
ABI. This means that the Linux ABI can now be handled directly in
ktrsysret() and removes the need for linux_ktrsysret().

Reviewed by: bdrewery, kib
Helpful notes: wblock (manpage)
Differential Revision: https://reviews.freebsd.org/D5314

Add support for displaying thread IDs to truss(1).

- Consolidate duplicate code for printing the metadata at the start of
each line into a shared function.
- Add an -H option which will log the thread ID of the relevant thread
for each event.

While here, remove some extraneous calls to clock_gettime() in
print_syscall() and print_syscall_ret(). The caller of print_syscall_ret()
always updates the current thread's "after" time before it is called.

Reviewed by: kib
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D5363

Remove an unused variable that snuck into the previous revision.

Fetch the current thread and it's syscall state from the trussinfo object
instead of passing some of that state as arguments to print_syscall() and
print_syscallret(). This just makes the calls of these functions shorter
and easier to read.

Move the mkioctls script to libsysdecode and use it to generate a
sysdecode_ioctlname() function. This function matches the behavior
of the truss variant in that it returns a pointer to a string description
for known ioctls. The caller is responsible for displaying unknown
ioctl requests. For kdump this meant moving the logic to handle unknown
ioctl requests out of the generated function and into an ioctlname()
function in kdump.c instead.

Differential Revision: https://reviews.freebsd.org/D4610

Start on a new library (libsysdecode) that provides routines for decoding
system call information such as system call arguments. Initially this
will consist of pulling duplicated code out of truss and kdump though it
may prove useful for other utilities in the future.

This commit moves the shared utrace(2) record parser out of kdump into
the library and updates kdump and truss to use it. One difference from
the previous version is that the library version treats unknown events
that start with the "RTLD" signature as unknown events. This simplifies
the interface and allows the consumer to decide how to handle all
non-recognized events. Instead, this function only generates a string
description for known malloc() and RTLD records.

Reviewed by: bdrewery
Differential Revision: https://reviews.freebsd.org/D4537

Properly format pointer size independent CloudABI system calls.

CloudABI has approximately 50 system calls that do not depend on the
pointer size of the system. As the ABI is pretty compact, it takes
little effort to each truss(8) the formatting rules for these system
calls. Start off by formatting pointer size independent system calls.

Changes:

- Make it possible to include the CloudABI system call definitions in
FreeBSD userspace builds. Add ${root}/sys to the truss(8) Makefile so
we can pull in <compat/cloudabi/cloudabi_syscalldefs.h>.
- Refactoring: patch up amd64-cloudabi64.c to use the CLOUDABI_*
constants instead of rolling our own table.
- Add table entries for all of the system calls.
- Add new generic formatting types (UInt, IntArray) that we'll be using
to format unsigned integers and arrays of integers.
- Add CloudABI specific formatting types.

Approved by: jhb
Differential Revision: https://reviews.freebsd.org/D3836

truss: Add support for utrace(2).

This uses the kdump(1) utrace support code directly until a common library
is created.

This allows malloc(3) tracing with MALLOC_CONF=utrace:true and rtld tracing
with LD_UTRACE=1. Unknown utrace(2) data is just printed as hex.

PR: 43819 [inspired by]
Reviewed by: jhb
MFC after: 2 weeks
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D3819

Group the decoded system calls by ABI and sort the calls within each ABI.

Reviewed by: bdrewery
Glanced at by: kib
Differential Revision: https://reviews.freebsd.org/D3823

Add decoding for modfind(2)

Fix tracking of unknown syscalls for 'truss -c'.

This is done by changing get_syscall() to either lookup the known syscall
or add it into the list with the default handlers for printing.

This also simplifies some code to not have to check if the syscall variable
is set or NULL.

Reviewed by: jhb
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D3792

Style fix.

Add decoding for struct statfs.

Reviewed by: jhb (briefly)

Rather than groveling around in a socket address structure for a socket
address's length (and then overriding it if it "looks wrong"), use the
next argument to the system call to determine the length. This is more
reliable since this is what the kernel depends on anyway and is also
simpler.

The id_t type used to pass IDs to wait6(2) and procctl(6) is a 64-bit
integer. Fix the argument decoding to treat this as a quad instead of an
int. This includes using QUAD_ALIGN and QUAD_SLOTS as necessary. To
continue printing IDs in decimal, add a new QuadHex argument type that
prints a 64-bit integer in hex, use QuadHex for the existing off_t arguments,
repurpose Quad to print a 64-bit integer in decimal, and use Quad for id_t
arguments.

This fixes the decoding of wait6(2) and procctl(2) on 32-bit platforms.

- Remove extra integer argument from truncate() and ftruncate(). This is
probably fallout from the removal of the extra padding argument before
off_t in 7. However, that padding still exists for 32-bit powerpc, so
use QUAD_ALIGN.
- Fix QUAD_ALIGN to be zero for powerpc64. It should only be set to 1
for 32-bit platforms that add padding to align 64-bit arguments.

Several changes to truss.
- Refactor the interface between the ABI-independent code and the
ABI-specific backends. The backends now provide smaller hooks to
fetch system call arguments and return values. The rest of the
system call entry and exit handling that was previously duplicated
among all the backends has been moved to one place.
- Merge the loop when waiting for an event with the loop for handling stops.
This also means not emulating a procfs-like interface on top of ptrace().
Instead, use a single event loop that fetches process events via waitid().
Among other things this allows us to report the full 32-bit exit value.
- Use PT_FOLLOW_FORK to follow new child processes instead of forking a new
truss process for each new child. This allows one truss process to monitor
a tree of processes and truss -c should now display one total for the
entire tree instead of separate summaries per process.
- Use the recently added fields to ptrace_lwpinfo to determine the current
system call number and argument count. The latter is especially useful
and fixes a regression since the conversion from procfs. truss now
generally prints the correct number of arguments for most system calls
rather than printing extra arguments for any call not listed in the
table in syscalls.c.
- Actually check the new ABI when processes call exec. The comments claimed
that this happened but it was not being done (perhaps this was another
regression in the conversion to ptrace()). If the new ABI after exec
is not supported, truss detaches from the process. If truss does not
support the ABI for a newly executed process the process is killed
before it returns from exec.
- Along with the refactor, teach the various ABI-specific backends to
fetch both return values, not just the first. Use this to properly
report the full 64-bit return value from lseek(). In addition, the
handler for "pipe" now pulls the pair of descriptors out of the
return values (which is the true kernel system call interface) but
displays them as an argument (which matches the interface exported by
libc).
- Each ABI handler adds entries to a linker set rather than requiring
a statically defined table of handlers in main.c.
- The arm and mips system call fetching code was changed to follow the
same pattern as amd64 (and the in-kernel handler) of fetching register
arguments first and then reading any remaining arguments from the
stack. This should fix indirect system call arguments on at least
arm.
- The mipsn32 and n64 ABIs will now look for arguments in A4 through A7.
- Use register %ebp for the 6th system call argument for Linux/i386 ABIs
to match the in-kernel argument fetch code.
- For powerpc binaries on a powerpc64 system, fetch the extra arguments
on the stack as 32-bit values that are then copied into the 64-bit
argument array instead of reading the 32-bit values directly into the
64-bit array.

Reviewed by: kib (earlier version)
Tested on: amd64 (FreeBSD/amd64 & i386), i386, arm (earlier version)
Tested on: powerpc64 (FreeBSD/powerpc64 & powerpc)
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D3575

Trim trailing whitespace.

Decode recently added procctl(2) operations.

Handle the conditional decoding of execve() argument and environment
arrays generically rather than duplicating a hack in all of the backends.
- Add two new system call argument types and use them instead of StringArray
for the argument and environment arguments execve and linux_execve.
- Honor the -a/-e flags in the handling of these new types.
- Instead of printing "<missing argument>" when the decoding is disabled,
print the raw pointer value.

Rework the argv and env string fetching for execve to be more robust.
Before truss would fetch 100 string pointers and happily walk off the end
of the array if it never found a NULL. This also means for a short argv
list it could fail entirely if the 100 string pointers spanned into an
unmapped page.

Instead, fetch page-aligned blocks of string pointers in a loop fetching
each string until a NULL is found.

While here, make use of the open memstream file descriptor instead of
allocating a temporary array. This allows us to fetch each string once
instead of twice.

ino_t is unsigned, so use uintmax_t instead of intmax_t when printing it.

Submitted by: bde (sort of)

Always use %j with an intmax_t cast to print time_t values. time_t is
longer than long on 32-bit platforms with a 64-bit time_t.

Inspired by: mail from bde

Various style and whitespace fixes.

Expand the decoding of kevent structures.
- Print the ident value as decimal instead of hexadecimal for filter types
that use "small" values such as file descriptors and PIDs.
- Decode NOTE_* flags in the fflags field of kevents for several system
filter types.

Change the argument formatting function to use a stdio FILE object opened
with open_memstream() to build the string for each argument. This allows
for more complicated argument building without resorting to intermediate
malloc's, etc.

Related, the strsig*() functions no longer return allocated strings but
use a static global buffer instead.

Use an xlat table and xlookup() instead of a home-rolled version for the
sigprocmask operation type.

Tidy the linux_socketcall decoding:
- Don't exit if get_struct() fails, instead print the raw pointer value to
match all other argument decoding cases.
- Use an xlat table instead of a home-rolled switch for the operation name.
- Display the nested socketcall args structure as a structure instead of as
two inline arguments.

Decode the optional SOCK_NONBLOCK and SOCK_CLOEXEC flags passed in a
socket type.

- Decode the arguments for several signal-related system calls: sigpending,
sigqueue, sigreturn, sigsuspend, sigtimedwait, sigwait, sigwaitinfo, and
thr_kill.
- Print signal sets as a structure (with {}'s) and in particular use this to
differentiate empty sets from a NULL pointer.
- Decode arguments for some other system calls: issetugid, pipe2, sysarch
(operations are only decoded for amd64 and i386), and thr_self.

Consistently use both leading and trailing spaces inside of the {}'s
when pretty-printing structures. Most structures used both spaces,
but some only used a trailing space and some used neither.

Whitespace fixes to consistently use spaces before }'s and
wrap long lines.

Decode the arguments passed to the *at() family of system calls. This is
especially useful now that libc's open() always calls openat(). While here,
fix a few other things:
- Decode the mode argument passed to access(), eaccess(), and faccessat().
- Decode the atfd paramete to pretty-print AT_FDCWD.
- Decode the special AT_* flags used with some of the *at() system calls.
- Decode arguments for fchmod(), lchmod(), fchown(), lchown(), eaccess(),
and futimens().
- Decode both of the timeval structures passed to futimes() instead of just
the first one.

Decode the arguments to mkfifo() and fix an off-by-one error in the arguments
to mknod().

Don't mark the fcntl flag argument as an output parameter so that it is
always decoded. Previously the argument was not decoded if fcntl() failed.

Add recently added values of various flags and enumerations including
kevent filters, kevent flags, flags to mmap, seek locations, fcntl
operations, file flags, socket domains, open flags, resource limits, and
pathconf values.

Rework get_string() to make it more robust when fetching strings of unknown
length. In particular, instead of blinding fetching 1k blocks, do an initial
fetch up to the end of the current page followed by page-sized fetches up to
the maximum size. Previously if the 1k buffer crossed a page boundary and
the second page was not valid, the entire operation would fail.

Whitespace fix: remove some spurious spaces before commas.

The current POSIX semaphore implementation stores the _has_waiters flag
in a separate word from the _count. This does not permit both items to
be updated atomically in a portable manner. As a result, sem_post()
must always perform a system call to safely clear _has_waiters.

This change removes the _has_waiters field and instead uses the high bit
of _count as the _has_waiters flag. A new umtx object type (_usem2) and
two new umtx operations are added (SEM_WAIT2 and SEM_WAKE2) to implement
these semantics. The older operations are still supported under the
COMPAT_FREEBSD9/10 options. The POSIX semaphore API in libc has
been updated to use the new implementation. Note that the new
implementation is not compatible with the previous implementation.
However, this only affects static binaries (which cannot be helped by
symbol versioning). Binaries using a dynamic libc will continue to work
fine. SEM_MAGIC has been bumped so that mismatched binaries will error
rather than corrupting a shared semaphore. In addition, a padding field
has been added to sem_t so that it remains the same size.

Differential Revision: https://reviews.freebsd.org/D961
Reported by: adrian
Reviewed by: kib, jilles (earlier version)
Sponsored by: Norse

Retire the unimplemented MAP_RENAME and MAP_NORESERVE flags to mmap(2).
Older binaries are still permitted to use these flags.

PR: 193961 (exp-run in ports)
Differential Revision: https://reviews.freebsd.org/D848
Reviewed by: kib

Decode the arguments passed to _umtx_op(). In particular, decode the
opcode.

MFC after: 1 week
Sponsored by: Norse

Add Linux socket call decoding to truss

MFC after: 1 month

Remove dead code from umtx support:
- Retire long time unused (basically always unused) sys__umtx_lock()
and sys__umtx_unlock() syscalls
- struct umtx and their supporting definitions
- UMUTEX_ERROR_CHECK flag
- Retire UMTX_OP_LOCK/UMTX_OP_UNLOCK from _umtx_op() syscall

__FreeBSD_version is not bumped yet because it is expected that further
breakages to the umtx interface will follow up in the next days.
However there will be a final bump when necessary.

Sponsored by: EMC / Isilon storage division
Reviewed by: jhb

Extend the support for exempting processes from being killed when swap is
exhausted.
- Add a new protect(1) command that can be used to set or revoke protection
from arbitrary processes. Similar to ktrace it can apply a change to all
existing descendants of a process as well as future descendants.
- Add a new procctl(2) system call that provides a generic interface for
control operations on processes (as opposed to the debugger-specific
operations provided by ptrace(2)). procctl(2) uses a combination of
idtype_t and an id to identify the set of processes on which to operate
similar to wait6().
- Add a PROC_SPROTECT control operation to manage the protection status
of a set of processes. MADV_PROTECT still works for backwards
compatability.
- Add a p_flag2 to struct proc (and a corresponding ki_flag2 to kinfo_proc)
the first bit of which is used to track if P_PROTECT should be inherited
by new child processes.

Reviewed by: kib, jilles (earlier version)
Approved by: re (delphij)
MFC after: 1 month

- Decode the idtype argument passed to wait6() in kdump and truss.
- Don't treat an options argument of 0 to wait4() as an error in
kdump.
- Decode the wait options passed to wait4() and wait6() in truss
and decode the returned rusage and exit status.

Approved by: re (kib)
MFC after: 1 week

Add a mmap flag (MAP_32BIT) on 64-bit platforms to request that a mapping use
an address in the first 2GB of the process's address space. This flag should
have the same semantics as the same flag on Linux.

To facilitate this, add a new parameter to vm_map_find() that specifies an
optional maximum virtual address. While here, fix several callers of
vm_map_find() to use a VMFS_* constant for the findspace argument instead of
TRUE and FALSE.

Reviewed by: alc
Approved by: re (kib)

Remove incorrect 'const' qualifier from pointers to dynamic string
buffers I added in the previous commit.

Pointy hat to: jhb
MFC after: 1 month

Add new mmap(2) flags to permit applications to request specific virtual
address alignment of mappings.
- MAP_ALIGNED(n) requests a mapping aligned on a boundary of (1 << n).
Requests for n >= number of bits in a pointer or less than the size of
a page fail with EINVAL. This matches the API provided by NetBSD.
- MAP_ALIGNED_SUPER is a special case of MAP_ALIGNED. It can be used
to optimize the chances of using large pages. By default it will align
the mapping on a large page boundary (the system is free to choose any
large page size to align to that seems best for the mapping request).
However, if the object being mapped is already using large pages, then
it will align the virtual mapping to match the existing large pages in
the object instead.
- Internally, VMFS_ALIGNED_SPACE is now renamed to VMFS_SUPER_SPACE, and
VMFS_ALIGNED_SPACE(n) is repurposed for specifying a specific alignment.
MAP_ALIGNED(n) maps to using VMFS_ALIGNED_SPACE(n), while
MAP_ALIGNED_SUPER maps to VMFS_SUPER_SPACE.
- mmap() of a device object now uses VMFS_OPTIMAL_SPACE rather than
explicitly using VMFS_SUPER_SPACE. All device objects are forced to
use a specific color on creation, so VMFS_OPTIMAL_SPACE is effectively
equivalent.

Reviewed by: alc
MFC after: 1 month

Properly print arguments to vfork(2) and rfork(2).

PR: 180976
Submitted by: Yuri <yuri@tsoft.com> (original patch)
MFC after: 1 week

truss: recognize O_DIRECTORY, O_EXEC, O_TTY_INIT and O_CLOEXEC

MFC after: 3 days

Revert r247300 for now. I'll post a new changeset for review.

Expose timespec and timeval macros when __BSD_VISIBLE is defined. This
allows userland application to use the following macros:

timespecclear, timespecisset, timespeccmp, timespecadd,
timespecsub;

timevalclear, timevalisset, timevalcmp.

MFC after: 1 month

- Make truss thread-aware.

Approved by: kib (mentor)
MFC after: 2 weeks

- Style(9) cleanup.

Approved by: kib (mentor)

- Use pid_t type instead of just int.

Approved by: kib (mentor)

Add more static keywords to truss(1) source code.

There are some tables in the source code that are only used by the
individual source files themselves. Therefore there is no need to export
them.

Don't write the terminating NUL past end of buffer.

PR: bin/152345
Submitted by: Mateusz Guzik

Fix copyright spelling.

PR: 139825
Submitted by: Ruslan Mahmatkhanov

The devices that supported EVFILT_NETDEV kqueue filters were removed in
r195175. Remove all definitions, documentation, and usage.

fifo_misc.c:
Remove all kqueue tests as fifo_io.c performs all those that
would have remained.

Reviewed by: rwatson
MFC after: 3 weeks
X-MFC note: don't change vlan_link_state() function signature

Allow proper tracing of posix_openpt(2).

Cast time_t values to intmax_t and use %jd with printf.

OK'ed by: delphij
Approved by: trasz (mentor)

Remove non-working special case for pipe(2) from amd64-fbsd32.c and
i386-fbsd.c. Add pipe(2) to syscall table to decode it's pointer
argument properly and re-add special handling for pipe(2) return value
to print_syscall_ret().

PR: bin/120870
Approved by: trasz (mentor)

Add fork(2), getegid(2), geteuid(2), getgid(2), getpid(2), getpgid(2),
getpgrp(2), getppid(2), getsid(2) and getuid(2) to syscall table to
decode their arguments correctly.

OK'ed by: delphij
Approved by: trasz (mentor)

Add -c option to summarize number of calls, errors, and system time.

Reviewed by: alfred

Try to make this code slightly less painful to read.

The break() system call takes a pointer argument, not an integer. This
change fixes output for break() on LP64 systems.

Print integer-typed arguments as integers. This makes sure that
on 64-bit platforms the result is more reliable. For example,
-1 was previously printed as 0xffffffff.

Approved by: re (kensmith)

Fix handling of Quad-type arguments. Previously, syscalls
containing 64-bit arguments would have explicit padding.
On 64-bit platforms there was no padding, so the dummy
argument was not covering anything. On 32-bit platforms
with weak alignment (i.e. i386) the 64-bit argument did
not need to be aligned, so there too an aditional argument
was introduced. On 32-bit platforms with strong alignment
(i.e. PowerPC) the dummy argument in fact cover the padding.
By elimininating the dummy argument, 64-bit platforms now
have 1 argument less. This also applies to 32-bit platforms
with weak alignment. On PowerPC this doesn't matter, because
the padding is still there. We just don't "name" it.
Deal with those 3 cases.

Approved by: re (kensmith)

Make use of ptrace(2) instead of procfs in truss(1), eliminating
yet another need of an available /proc/ mount.

Tested with: make universe
Submitted by: howardsu
Reviewed by: alfred

- Add decoding of kse_release, kevent, sigprocmask, unmount, socket, getrusage,
rename, __getcwd, shutdown, getrlimit, setrlimit, _umtx_lock, _umtx_unlock,
pathconf, truncate, ftruncate, kill

- Decode more arguments of open, mprot, *stat, and fcntl.

- Convert all constant-macro and bitfield decoding to lookup tables; much
cleaner than previous code.

- Print the timestamp of process exit and signal reception when -d or -D are in
use

- Try six times with 1/2 second delay to debug the child

PR: bin/52190 (updated)
Submitted by: Dan Nelson <dnelson@allantgroup.com>
Approved by: alfred

Add a -s flag for the same functionality as strace. Introduce a Name
type which is a String type that has no -s limitations applied to it.
Change most Strings in the code to Names and add a few extra syscalls,
namely munmap, read, rename and symlink. This was enough to facilitate
following file descriptor allocations in the code more easily and
getting a hint at what's being read/written from/to files. More
syscalls should really be added.

While here, fix an off-by-one bug in the buffer truncation code and
add a fflush so that truss's output reflects the syscall that the
program is stuck in.

Sponsored by: Sophos/Activestate
MFC after: 2 weeks

The kernel accepts sockaddrs with len set to zero for sockaddr_in
types, so refactor the code here to grab them when length is zero.

Decode chroot(2) args.

Approved by: re

decode utimes, lutimes, futimes, chflags, lchflags.

decode mkdir args.

Change fix a bug where the length of data written by snprintf was
being mishandled by using accumulation (into an uninitialized
variable) instead of direct assignment.

Reviewed by: scottl

Fix Quad handling on 64-bit architectures. On 64-bit machines, a Quad
also occupies a single slot. There's no need for any special handling
of Quads. While here, remove the silly make_quad() function. We have
the 2 longs on 32-bit machines already lined up in the argument array,
so we can fetch the Quad with a simple cast.

Before:
lseek(1,0x123456789,0xd0d0d0d0d0d0d0d0) = 4886718345 (0x123456789)
After:
lseek(1,0x123456789,SEEK_SET) = 4886718345 (0x123456789)

don't seg if the syscall is invalid for i386fbsd.

Use the length modifier 'll' instead of 'q' to print long longs.

Support readlink(2) better. Readlink does not nul terminate the
result buffer, so we need to format it ourselves. The problem is
that the length is stored as the return value from readlink, so we
need to pass the return value from our syscall into print_arg.

Motivated by: truss garbage on my screen from reading /etc/malloc.conf.

When reporting reciept of a signal, print the signal's name.

Decode the "wence" arg to lseek and linux_lseek.

COMPAT_SUNOS is gone.

Add support for decoding Timespec, Timeval, Itimerval, Pollfd,
Fd_set and Sigaction structures. Use these for printing the arguments
to sigaction(), nanosleep(), select(), poll(), gettimeofday(),
clock_gettime(), recvfrom(), getitimer() and setitimer().

This is based on Dan's patch from the PR but I've hacked it for
style and some other issues. While Dan has checked this patch, any
goofs are probably my fault.

(The PR also contains support for the dual return values of pipe().
These will follow once I've ported that support to platforms other
than i386.)

PR: 52190
Submitted by: Dan Nelson <dnelson@allantgroup.com>

Use pread to implement pread, rather than taking a detour throug stdio.

PR: 52190
Submitted by: Dan Nelson <dnelson@allantgroup.com>

decode mprotect args while i'm here.

decode fcntl and mmap arguments.

Fix a printf format warning.

Do not ignore any possible errors that fseeko() may have. The fact
is that fseeko() fails in very predictable and frequent ways on ia64.
This is because the offset is actually an address in the process'
address space, which on ia64 can be larger than long (for lseek) or
off_t (for fseeko). The crux is the signedness. The register stack
and memory stack are in region 4 on ia64. This means that the sign bit
is 1. The large positive virtual address is wrongly interpreted as
a negative file offset.

There's no quick fix. Even if you get around the API by using a
SEEK_SET up to LONG_MAX and follow it up with a SEEK_CUR for the
remainder, the kernel simply cannot deal with it. and the second
seek will just fail.

Therefore, this change does not actually fix the root cause. It just
makes sure we're not spitting out all kinds of garbage or that the
get_struct() function in particular does not cause truss(1) to exit.
This, I might add, invariably happened way too soon for truss(1) to
be of any use on ia64...

Port truss(1) to 64-bit architectures:
o Syscall return values do not fit in int on 64-bit architectures.
Change the type of retval in <arch>_syscall_exit() to long and
change the prototype of said function to return a long as well.
o Change the prototype of print_syscall_ret() to take a long for
the return address and change the format string accordingly.
o Replace the code sequence
tmp = malloc(X);
sprintf(tmp, format, ...);
with X by definition too small on 64-bit platforms by
asprintf(&tmp, format, ...);

With these changes the output makes sense again, although it does
mess up the tabulation on ia64. Go widescreen...

Not tested on: alpha, sparc64.

Fix truss so that it doesn't abort/exit when a syscall has been given
a NULL-pointer for a sockaddr argument.

send() and recv() are just wrappers, not actual syscalls.

Add recv(2), recvfrom(2), send(2) and sendfrom(2).

Decode a few more syscalls.

Check if name is NULL before we strcmp the syscall name. This was
sometimes triggered if you began trussing a process while it was
in a syscall, as the name is filled in when the syscall is made.

Don't depend on <signal.h> to include <sys/time.h>, instead include
<sys/time.h> directly. This is mostly bogus since CLOCK_REALTIME
should be defined in <time.h>, which these files already include.

Remove an unnecessary cast.

- Use time.h not sys/time.h.
- Fix printf format errors.

Submitted by: bde

Remove extra space in output.

Use timespec not timeval.

Add options to print the argument and environment string parameters to
execve().

This could be done in a more general manner but it still wouldn't
be very pretty.

MFC after: 3 weeks

Add options to print absolute and relative timestamps.

PR: bin/25587 (in part)
MFC after: 3 weeks

Allow tracking fork()ed children.

PR: bin/25587 (in part)
MFC after: 3 weeks

Parameterize globals.

PR: bin/25587 (in part)
MFC after: 3 weeks

Use fseeko and uintptr_t to make sure that we get a sensible offset
when trying to read from the stack.

PR: 37104
Submitted by: Thomas Quinot <thomas@cuivre.fr.eu.org>
MFC after: 3 weeks

Print open(2) flags in hex instread of decimal for clarity.

Partial WARNS=1 fizes with NO_WERROR set to prevent world breakage.
Use __FBSDID().

Add missing include for <ctype.h>

Make sockaddr printing code unbad.

Always copy in sizeof(sockaddr_un) bytes for an AF_UNIX sockaddr,
despite what the length may be.

Teach truss(1) to display sockaddrs. It currently knows about AF_INET,
AF_INET6 and AF_UNIX sockaddrs, and will recognize accept(), bind(),
connect(), getpeername() and getsockname() as syscalls taking sockaddr
arguments. Some enterprising soul might want to add (and test) support
for the send() / recv() family of syscalls as well.

MFC after: 1 week

In get_string(), 0-terminate the contents of buf ``just in case'';
otherwise, if the very first fgetc() already yielded EOF, the returned
string won't get terminated at all.

MFC after: 1 day

Change the output of truss to more closely resemble SysV's. (Yes, it
really is much nicer looking.)

Submitted by: "Matthew N. Dodd" <winter@jurai.net>

Fix a leak. (Thanks Bruce, this was a bonehead mistake on my part :).)

Submitted by: Bruce Evans

$Id$ -> $FreeBSD$

Teach truss to print symbolic signal names (e.g. SIGHUP instead of 0x01).

Add access(2) to the list of recognized syscalls.

Add lstat() as a known system call.

Fixed printf format errors.

Sort Xrefs. Use err(3). Remove uneeded #include.
Correct usage: one of {-p pid, command} is required.
Open output file when command line is fully analyzed: incorrect `truss -o f'
command does not create an empty file anymore.

Add some copyright and license terms, at Jordan's request. Note that
syscall.h just refers to another file for the copyright notice.

First cut at printing out ioctl names intelligently. Note that this doesn't
handle linux ioctls (yet?). This uses the mkioctl script from kdump,
bless its little heart.

Reviewed by: Mike Smith

Truss program. Requires procfs.