diff options
Diffstat (limited to 'man2/ptrace.2')
| -rw-r--r-- | man2/ptrace.2 | 277 |
1 files changed, 139 insertions, 138 deletions
diff --git a/man2/ptrace.2 b/man2/ptrace.2 index 73afd3174..f1e59d5be 100644 --- a/man2/ptrace.2 +++ b/man2/ptrace.2 @@ -128,16 +128,16 @@ is the thread ID of the corresponding Linux thread. .P (Note that in this page, a "multithreaded process" means a thread group consisting of threads created using the -.BR clone (2) +.MR clone 2 .B CLONE_THREAD flag.) .P A process can initiate a trace by calling -.BR fork (2) +.MR fork 2 and having the resulting child do a .BR PTRACE_TRACEME , followed (typically) by an -.BR execve (2). +.MR execve 2 . Alternatively, one process may commence tracing another process using .B PTRACE_ATTACH or @@ -149,7 +149,7 @@ even if the signal is being ignored. .BR SIGKILL , which has its usual effect.) The tracer will be notified at its next call to -.BR waitpid (2) +.MR waitpid 2 (or one of the related "wait" system calls); that call will return a .I status value containing information that indicates @@ -163,7 +163,7 @@ optionally ignoring the delivered signal If the .B PTRACE_O_TRACEEXEC option is not in effect, all successful calls to -.BR execve (2) +.MR execve 2 by the traced process will cause it to be sent a .B SIGTRAP signal, @@ -351,7 +351,7 @@ Retrieve information about the signal that caused the stop. Copy a .I siginfo_t structure (see -.BR sigaction (2)) +.MR sigaction 2 ) from the tracee to the address .I data in the tracer. @@ -421,7 +421,7 @@ signals are read from the per-thread queue of the specified thread. .BR PTRACE_GETSIGMASK " (since Linux 3.11)" .\" commit 29000caecbe87b6b66f144f72111f0d02fbbf0c1 Place a copy of the mask of blocked signals (see -.BR sigprocmask (2)) +.MR sigprocmask 2 ) in the buffer pointed to by .IR data , which should be a pointer to a buffer of type @@ -435,7 +435,7 @@ argument contains the size of the buffer pointed to by .TP .BR PTRACE_SETSIGMASK " (since Linux 3.11)" Change the mask of blocked signals (see -.BR sigprocmask (2)) +.MR sigprocmask 2 ) to the value specified in the buffer pointed to by .IR data , which should be a pointer to a buffer of type @@ -467,7 +467,7 @@ want to ensure that tracees can never escape the tracer's control. .TP .BR PTRACE_O_TRACECLONE " (since Linux 2.5.46)" Stop the tracee at the next -.BR clone (2) +.MR clone 2 and automatically start tracing the newly cloned process, which will start with a .BR SIGSTOP , @@ -477,7 +477,7 @@ if .B PTRACE_SEIZE was used. A -.BR waitpid (2) +.MR waitpid 2 by the tracer will return a .I status value such that @@ -490,10 +490,10 @@ The PID of the new process can be retrieved with .BR PTRACE_GETEVENTMSG . .IP This option may not catch -.BR clone (2) +.MR clone 2 calls in all cases. If the tracee calls -.BR clone (2) +.MR clone 2 with the .B CLONE_VFORK flag, @@ -502,7 +502,7 @@ will be delivered instead if .B PTRACE_O_TRACEVFORK is set; otherwise if the tracee calls -.BR clone (2) +.MR clone 2 with the exit signal set to .BR SIGCHLD , .B PTRACE_EVENT_FORK @@ -512,9 +512,9 @@ is set. .TP .BR PTRACE_O_TRACEEXEC " (since Linux 2.5.46)" Stop the tracee at the next -.BR execve (2). +.MR execve 2 . A -.BR waitpid (2) +.MR waitpid 2 by the tracer will return a .I status value such that @@ -531,7 +531,7 @@ Since Linux 3.0, the former thread ID can be retrieved with .BR PTRACE_O_TRACEEXIT " (since Linux 2.5.60)" Stop the tracee at exit. A -.BR waitpid (2) +.MR waitpid 2 by the tracer will return a .I status value such that @@ -553,7 +553,7 @@ the tracer cannot prevent the exit from happening at this point. .TP .BR PTRACE_O_TRACEFORK " (since Linux 2.5.46)" Stop the tracee at the next -.BR fork (2) +.MR fork 2 and automatically start tracing the newly forked process, which will start with a .BR SIGSTOP , @@ -563,7 +563,7 @@ if .B PTRACE_SEIZE was used. A -.BR waitpid (2) +.MR waitpid 2 by the tracer will return a .I status value such that @@ -584,7 +584,7 @@ normal traps from those caused by a system call. .TP .BR PTRACE_O_TRACEVFORK " (since Linux 2.5.46)" Stop the tracee at the next -.BR vfork (2) +.MR vfork 2 and automatically start tracing the newly vforked process, which will start with a .BR SIGSTOP , @@ -594,7 +594,7 @@ if .B PTRACE_SEIZE was used. A -.BR waitpid (2) +.MR waitpid 2 by the tracer will return a .I status value such that @@ -608,9 +608,9 @@ The PID of the new process can be retrieved with .TP .BR PTRACE_O_TRACEVFORKDONE " (since Linux 2.5.60)" Stop the tracee at the completion of the next -.BR vfork (2). +.MR vfork 2 . A -.BR waitpid (2) +.MR waitpid 2 by the tracer will return a .I status value such that @@ -624,11 +624,11 @@ The PID of the new process can (since Linux 2.6.18) be retrieved with .TP .BR PTRACE_O_TRACESECCOMP " (since Linux 3.5)" Stop the tracee when a -.BR seccomp (2) +.MR seccomp 2 .B SECCOMP_RET_TRACE rule is triggered. A -.BR waitpid (2) +.MR waitpid 2 by the tracer will return a .I status value such that @@ -685,7 +685,7 @@ this is the PID of the new process. For .BR PTRACE_EVENT_SECCOMP , this is the -.BR seccomp (2) +.MR seccomp 2 filter's .B SECCOMP_RET_DATA associated with the triggered rule. @@ -798,9 +798,9 @@ are ignored.) Instead, send a .B SIGKILL directly using -.BR kill (2) +.MR kill 2 or -.BR tgkill (2). +.MR tgkill 2 . The problem with .B PTRACE_KILL is that it requires the tracee to be in signal-delivery-stop, @@ -861,7 +861,7 @@ The tracee is sent a .BR SIGSTOP , but will not necessarily have stopped by the completion of this call; use -.BR waitpid (2) +.MR waitpid 2 to wait for the tracee to stop. See the "Attaching and detaching" subsection for additional information. .RI ( addr @@ -908,7 +908,7 @@ returns instead of having .B SIGSTOP signal delivered to them. -.BR execve (2) +.MR execve 2 does not deliver an extra .BR SIGTRAP . Only a @@ -992,7 +992,7 @@ is ignored.) .TP .BR PTRACE_GET_THREAD_AREA " (since Linux 2.6.0)" This operation performs a similar task to -.BR get_thread_area (2). +.MR get_thread_area 2 . It reads the TLS entry in the GDT whose index is given in .IR addr , placing a copy of the entry into the @@ -1000,7 +1000,7 @@ placing a copy of the entry into the pointed to by .IR data . (By contrast with -.BR get_thread_area (2), +.MR get_thread_area 2 , the .I entry_number of the @@ -1009,7 +1009,7 @@ is ignored.) .TP .BR PTRACE_SET_THREAD_AREA " (since Linux 2.6.0)" This operation performs a similar task to -.BR set_thread_area (2). +.MR set_thread_area 2 . It sets the TLS entry in the GDT whose index is given in .IR addr , assigning it the data supplied in the @@ -1017,7 +1017,7 @@ assigning it the data supplied in the pointed to by .IR data . (By contrast with -.BR set_thread_area (2), +.MR set_thread_area 2 , the .I entry_number of the @@ -1141,7 +1141,7 @@ and whose default action is to kill the process), all threads exit. Tracees report their death to their tracer(s). Notification of this event is delivered via -.BR waitpid (2). +.MR waitpid 2 . .P Note that the killing signal will first cause signal-delivery-stop (on one tracee only), @@ -1165,12 +1165,12 @@ always kills the process (all its threads), even if some threads of the process are ptraced. .P When the tracee calls -.BR _exit (2), +.MR _exit 2 , it reports its death to its tracer. Other threads are not affected. .P When any thread executes -.BR exit_group (2), +.MR exit_group 2 , every tracee in its thread group reports its death to its tracer. .P If the @@ -1179,13 +1179,13 @@ option is on, .B PTRACE_EVENT_EXIT will happen before actual death. This applies to exits via -.BR exit (2), -.BR exit_group (2), +.MR exit 2 , +.MR exit_group 2 , and signal deaths (except .BR SIGKILL , depending on the kernel version; see BUGS below), and when threads are torn down on -.BR execve (2) +.MR execve 2 in a multithreaded process. .P The tracer cannot assume that the ptrace-stopped tracee exists. @@ -1221,7 +1221,7 @@ or .IR WIFSIGNALED(status) ; there are cases where this does not occur. For example, if a thread other than thread group leader does an -.BR execve (2), +.MR execve 2 , it disappears; its PID will never be seen again, and any subsequent ptrace stops will be reported under @@ -1230,8 +1230,8 @@ the thread group leader's PID. A tracee can be in two states: running or stopped. For the purposes of ptrace, a tracee which is blocked in a system call (such as -.BR read (2), -.BR pause (2), +.MR read 2 , +.MR pause 2 , etc.) is nevertheless considered to be running, even if the tracee is blocked for a long time. @@ -1239,7 +1239,7 @@ The state of the tracee after .B PTRACE_LISTEN is somewhat of a gray area: it is not in any ptrace-stop (ptrace commands won't work on it, and it will deliver -.BR waitpid (2) +.MR waitpid 2 notifications), but it also may be considered "stopped" because it is not executing instructions (is not scheduled), and if it was @@ -1266,7 +1266,7 @@ and so on. These stopped states are described in detail below. .P When the running tracee enters ptrace-stop, it notifies its tracer using -.BR waitpid (2) +.MR waitpid 2 (or one of the other "wait" system calls). Most of this manual page assumes that the tracer waits with: .P @@ -1299,14 +1299,14 @@ flags, but implies their functionality. Setting the .B WCONTINUED flag when calling -.BR waitpid (2) +.MR waitpid 2 is not recommended: the "continued" state is per-process and consuming it can confuse the real parent of the tracee. .P Use of the .B WNOHANG flag may cause -.BR waitpid (2) +.MR waitpid 2 to return 0 ("no wait results available yet") even if the tracer knows there should be a notification. Example: @@ -1331,7 +1331,7 @@ group-stops, .B PTRACE_EVENT stops, syscall-stops. They all are reported by -.BR waitpid (2) +.MR waitpid 2 with .I WIFSTOPPED(status) true. @@ -1349,7 +1349,7 @@ When a (possibly multithreaded) process receives any signal except .BR SIGKILL , the kernel selects an arbitrary thread which handles the signal. (If the signal is generated with -.BR tgkill (2), +.MR tgkill 2 , the target thread can be explicitly selected by the caller.) If the selected thread is traced, it enters signal-delivery-stop. At this point, the signal is not yet delivered to the process, @@ -1366,7 +1366,7 @@ with the usual exception that can't be blocked. .P Signal-delivery-stop is observed by the tracer as -.BR waitpid (2) +.MR waitpid 2 returning with .I WIFSTOPPED(status) true, with the signal returned by @@ -1411,12 +1411,12 @@ Note that a suppressed signal still causes system calls to return prematurely. In this case, system calls will be restarted: the tracer will observe the tracee to reexecute the interrupted system call (or -.BR restart_syscall (2) +.MR restart_syscall 2 system call for a few system calls which use a different mechanism for restarting) if the tracer uses .BR PTRACE_SYSCALL . Even system calls (such as -.BR poll (2)) +.MR poll 2 ) which are not restartable after signal are restarted after signal is suppressed; however, kernel bugs exist which cause some system calls to fail with @@ -1431,7 +1431,7 @@ No error is reported; a nonzero .I sig may simply be ignored. Ptrace users should not try to "create a new signal" this way: use -.BR tgkill (2) +.MR tgkill 2 instead. .P The fact that signal injection requests may be ignored @@ -1517,7 +1517,7 @@ As usual, every tracee reports its group-stop separately to the corresponding tracer. .P Group-stop is observed by the tracer as -.BR waitpid (2) +.MR waitpid 2 returning with .I WIFSTOPPED(status) true, with the stopping signal available via @@ -1568,7 +1568,7 @@ restarts or kills it, the tracee will not run, and will not send notifications (except .B SIGKILL death) to the tracer, even if the tracer enters into another -.BR waitpid (2) +.MR waitpid 2 call. .P The kernel behavior described in the previous paragraph @@ -1577,7 +1577,7 @@ If the tracer restarts the tracee after group-stop, the stopping signal is effectively ignored\[em]the tracee doesn't remain stopped, it runs. If the tracer doesn't restart the tracee before entering into the next -.BR waitpid (2), +.MR waitpid 2 , future .B SIGCONT signals will not be reported to the tracer; @@ -1591,7 +1591,7 @@ a .B PTRACE_LISTEN command can be used to restart a tracee in a way where it does not execute, but waits for a new event which it can report via -.BR waitpid (2) +.MR waitpid 2 (such as when it is restarted by a .BR SIGCONT ). @@ -1604,7 +1604,7 @@ stops. .P .B PTRACE_EVENT stops are observed by the tracer as -.BR waitpid (2) +.MR waitpid 2 returning with .IR WIFSTOPPED(status) , and @@ -1629,34 +1629,34 @@ The following events exist: .TP .B PTRACE_EVENT_VFORK Stop before return from -.BR vfork (2) +.MR vfork 2 or -.BR clone (2) +.MR clone 2 with the .B CLONE_VFORK flag. When the tracee is continued after this stop, it will wait for child to exit/exec before continuing its execution (in other words, the usual behavior on -.BR vfork (2)). +.MR vfork 2 ). .TP .B PTRACE_EVENT_FORK Stop before return from -.BR fork (2) +.MR fork 2 or -.BR clone (2) +.MR clone 2 with the exit signal set to .BR SIGCHLD . .TP .B PTRACE_EVENT_CLONE Stop before return from -.BR clone (2). +.MR clone 2 . .TP .B PTRACE_EVENT_VFORK_DONE Stop before return from -.BR vfork (2) +.MR vfork 2 or -.BR clone (2) +.MR clone 2 with the .B CLONE_VFORK flag, @@ -1670,16 +1670,16 @@ can be used to retrieve the new thread's ID. .TP .B PTRACE_EVENT_EXEC Stop before return from -.BR execve (2). +.MR execve 2 . Since Linux 3.0, .B PTRACE_GETEVENTMSG returns the former thread ID. .TP .B PTRACE_EVENT_EXIT Stop before exit (including death from -.BR exit_group (2)), +.MR exit_group 2 ), signal death, or exit caused by -.BR execve (2) +.MR execve 2 in a multithreaded process. .B PTRACE_GETEVENTMSG returns the exit status. @@ -1700,7 +1700,7 @@ command, or group-stop, or initial ptrace-stop when a new child is attached .TP .B PTRACE_EVENT_SECCOMP Stop triggered by a -.BR seccomp (2) +.MR seccomp 2 rule on tracee syscall entry when .B PTRACE_O_TRACESECCOMP has been set by the tracer. @@ -1756,19 +1756,19 @@ it is not guaranteed that the next stop will be a syscall-exit-stop. Other possibilities are that the tracee may stop in a .B PTRACE_EVENT stop (including seccomp stops), exit (if it entered -.BR _exit (2) +.MR _exit 2 or -.BR exit_group (2)), +.MR exit_group 2 ), be killed by .BR SIGKILL , or die silently (if it is a thread group leader, the -.BR execve (2) +.MR execve 2 happened in another thread, and that thread is not traced by the same tracer; this situation is discussed later). .P Syscall-enter-stop and syscall-exit-stop are observed by the tracer as -.BR waitpid (2) +.MR waitpid 2 returning with .I WIFSTOPPED(status) true, and @@ -1792,9 +1792,10 @@ for the following cases: .B SIGTRAP was delivered as a result of a user-space action, for example, a system call -.RB ( tgkill (2), -.BR kill (2), -.BR sigqueue (3), +\%(\c +.MR tgkill 2 , +.MR kill 2 , +.MR sigqueue 3 , etc.), expiration of a POSIX timer, change of state on a POSIX message queue, @@ -2126,19 +2127,19 @@ If the or .B PTRACE_O_TRACECLONE options are in effect, then children created by, respectively, -.BR vfork (2) +.MR vfork 2 or -.BR clone (2) +.MR clone 2 with the .B CLONE_VFORK flag, -.BR fork (2) +.MR fork 2 or -.BR clone (2) +.MR clone 2 with the exit signal set to .BR SIGCHLD , and other kinds of -.BR clone (2), +.MR clone 2 , are automatically attached to the same tracer which traced their parent. .B SIGSTOP is delivered to the children, causing them to enter @@ -2164,7 +2165,7 @@ If the tracee is running when the tracer wants to detach it, the usual solution is to send .B SIGSTOP (using -.BR tgkill (2), +.MR tgkill 2 , to make sure it goes to the correct thread), wait for the tracee to stop in signal-delivery-stop for .B SIGSTOP @@ -2198,17 +2199,17 @@ the pending signal is injected. .\" and the new program is executed in the thread group leader. .\" When one thread in a multithreaded process calls -.BR execve (2), +.MR execve 2 , the kernel destroys all other threads in the process, .\" In Linux 3.1 sources, see fs/exec.c::de_thread() and resets the thread ID of the execing thread to the thread group ID (process ID). (Or, to put things another way, when a multithreaded process does an -.BR execve (2), +.MR execve 2 , at completion of the call, it appears as though the -.BR execve (2) +.MR execve 2 occurred in the thread group leader, regardless of which thread did the -.BR execve (2).) +.MR execve 2 .) This resetting of the thread ID looks very confusing to tracers: .IP \[bu] 3 All other threads stop in @@ -2218,13 +2219,13 @@ stop, if the option was turned on. Then all other threads except the thread group leader report death as if they exited via -.BR _exit (2) +.MR _exit 2 with exit code 0. .IP \[bu] The execing tracee changes its thread ID while it is in the -.BR execve (2). +.MR execve 2 . (Remember, under ptrace, the "pid" returned from -.BR waitpid (2), +.MR waitpid 2 , or fed into ptrace calls, is the tracee's thread ID.) That is, the tracee's thread ID is reset to be the same as its process ID, which is the same as the thread group leader's thread ID. @@ -2252,7 +2253,7 @@ or even "returned from a system call even though it was not in any system call". If the thread group leader was not traced (or was traced by a different tracer), then during -.BR execve (2) +.MR execve 2 it will appear as if it has become a tracee of the tracer of the execing tracee. .P @@ -2266,7 +2267,7 @@ First, it enables .B PTRACE_EVENT_EXEC stop, which occurs before -.BR execve (2) +.MR execve 2 returns. In this stop, the tracer can use .B PTRACE_GETEVENTMSG @@ -2277,7 +2278,7 @@ Second, the option disables legacy .B SIGTRAP generation on -.BR execve (2). +.MR execve 2 . .P When the tracer receives .B PTRACE_EVENT_EXEC @@ -2300,7 +2301,7 @@ thread ID == thread group ID == process ID. .in .P Example: two threads call -.BR execve (2) +.MR execve 2 at the same time: .P .nf @@ -2327,7 +2328,7 @@ rather that the kernel delivers an extra .B SIGTRAP to the tracee after -.BR execve (2) +.MR execve 2 returns. This is an ordinary signal (similar to one which can be generated by @@ -2343,7 +2344,7 @@ This signal may be blocked by signal mask, and thus may be delivered (much) later. .P Usually, the tracer (for example, -.BR strace (1)) +.MR strace 1 ) would not want to show this extra post-execve .B SIGTRAP signal to the user, and would suppress its delivery to the tracee (if @@ -2364,10 +2365,10 @@ and thus suppressing this extra is the recommended approach. .SS Real parent The ptrace API (ab)uses the standard UNIX parent/child signaling over -.BR waitpid (2). +.MR waitpid 2 . This used to cause the real parent of the process to stop receiving several kinds of -.BR waitpid (2) +.MR waitpid 2 notifications when the child process is traced by some other process. .P Many of these bugs have been fixed, but as of Linux 2.6.38 several still @@ -2377,7 +2378,7 @@ As of Linux 2.6.38, the following is believed to work correctly: .IP \[bu] 3 exit/death by signal is reported first to the tracer, then, when the tracer consumes the -.BR waitpid (2) +.MR waitpid 2 result, to the real parent (to the real parent only when the whole multithreaded process exits). If the tracer and the real parent are the same process, @@ -2439,7 +2440,7 @@ cannot send signals to or those running set-user-ID/set-group-ID programs, for obvious reasons. Alternatively, the process may already be being traced, or (before Linux 2.6.26) be -.BR init (1) +.MR init 1 (PID 1). .TP .B ESRCH @@ -2453,7 +2454,7 @@ SVr4, 4.3BSD. .P Before Linux 2.6.26, .\" See commit 00cd5c37afd5f431ac186dd131705048c0a11fdb -.BR init (1), +.MR init 1 , the process with PID 1, may not be traced. .SH NOTES Although arguments to @@ -2472,7 +2473,7 @@ or .IR "(void\ *)\ 0". .P A tracees parent continues to be the tracer even if that tracer calls -.BR execve (2). +.MR execve 2 . .P The layout of the contents of memory and the USER area are quite operating-system- and architecture-specific. @@ -2518,15 +2519,15 @@ two access mode levels are distinguished: .B PTRACE_MODE_READ For "read" operations or other operations that are less dangerous, such as: -.BR get_robust_list (2); -.BR kcmp (2); +.MR get_robust_list 2 ; +.MR kcmp 2 ; reading .IR /proc/ pid /auxv , .IR /proc/ pid /environ , or .IR /proc/ pid /stat ; or -.BR readlink (2) +.MR readlink 2 of a .IR /proc/ pid /ns/* file. @@ -2537,7 +2538,7 @@ such as: ptrace attaching .RB ( PTRACE_ATTACH ) to another process or calling -.BR process_vm_writev (2). +.MR process_vm_writev 2 . .RB ( PTRACE_MODE_ATTACH was effectively the default before Linux 2.6.27.) .\" @@ -2561,7 +2562,7 @@ one of the following modifiers: .TP .B PTRACE_MODE_FSCREDS Use the caller's filesystem UID and GID (see -.BR credentials (7)) +.MR credentials 7 ) or effective capabilities for LSM checks. .TP .B PTRACE_MODE_REALCREDS @@ -2632,7 +2633,7 @@ If the access mode specifies then, for the check in the next step, employ the caller's filesystem UID and GID. (As noted in -.BR credentials (7), +.MR credentials 7 , the filesystem UID and GID almost always have the same values as the corresponding effective IDs.) .IP @@ -2665,7 +2666,7 @@ Deny access if the target process "dumpable" attribute has a value other than 1 see the discussion of .B PR_SET_DUMPABLE in -.BR prctl (2)), +.MR prctl 2 ), and the caller does not have the .B CAP_SYS_PTRACE capability in the user namespace of the target process. @@ -2728,9 +2729,9 @@ file (available since Linux 3.4) can be used to restrict the ability to trace a process with .BR ptrace () (and thus also the ability to use tools such as -.BR strace (1) +.MR strace 1 and -.BR gdb (1)). +.MR gdb 1 ). The goal of such restrictions is to prevent attack escalation whereby a compromised process can ptrace-attach to other sensitive processes (e.g., a GPG agent or an SSH session) owned by the user in order @@ -2776,7 +2777,7 @@ the predefined relationship is that the target process must be a descendant of the caller. .IP A target process can employ the -.BR prctl (2) +.MR prctl 2 .B PR_SET_PTRACER operation to declare an additional PID that is allowed to perform .B PTRACE_MODE_ATTACH @@ -2851,7 +2852,7 @@ Group-stop notifications are sent to the tracer, but not to real parent. Last confirmed on 2.6.38.6. .P If a thread group leader is traced and exits by calling -.BR _exit (2), +.MR _exit 2 , .\" Note from Denys Vlasenko: .\" Here "exits" means any kind of death - _exit, exit_group, .\" signal death. Signal death and exit_group cases are trivial, @@ -2867,13 +2868,13 @@ stop will happen for it (if requested), but the subsequent .B WIFEXITED notification will not be delivered until all other threads exit. As explained above, if one of other threads calls -.BR execve (2), +.MR execve 2 , the death of the thread group leader will .I never be reported. If the execed thread is not traced by this tracer, the tracer will never know that -.BR execve (2) +.MR execve 2 happened. One possible workaround is to .B PTRACE_DETACH @@ -2900,11 +2901,11 @@ a bogus .BR SIGSTOP ). As of Linux 3.2.9, the following system calls are affected (this list is likely incomplete): -.BR epoll_wait (2), +.MR epoll_wait 2 , and -.BR read (2) +.MR read 2 from an -.BR inotify (7) +.MR inotify 7 file descriptor. The usual symptom of this bug is that when you attach to a quiescent process with the command @@ -2943,23 +2944,23 @@ For example: .in .P What is not visible here is that the process was blocked in -.BR epoll_wait (2) +.MR epoll_wait 2 before -.BR strace (1) +.MR strace 1 has attached to it. Attaching caused -.BR epoll_wait (2) +.MR epoll_wait 2 to return to user space with the error .BR EINTR . In this particular case, the program reacted to .B EINTR by checking the current time, and then executing -.BR epoll_wait (2) +.MR epoll_wait 2 again. (Programs which do not expect such "stray" .B EINTR errors may behave in an unintended way upon an -.BR strace (1) +.MR strace 1 attach.) .P Contrary to the normal rules, the glibc wrapper for @@ -2968,19 +2969,19 @@ can set .I errno to zero. .SH SEE ALSO -.BR gdb (1), -.BR ltrace (1), -.BR strace (1), -.BR clone (2), -.BR execve (2), -.BR fork (2), -.BR gettid (2), -.BR prctl (2), -.BR seccomp (2), -.BR sigaction (2), -.BR tgkill (2), -.BR vfork (2), -.BR waitpid (2), -.BR exec (3), -.BR capabilities (7), -.BR signal (7) +.MR gdb 1 , +.MR ltrace 1 , +.MR strace 1 , +.MR clone 2 , +.MR execve 2 , +.MR fork 2 , +.MR gettid 2 , +.MR prctl 2 , +.MR seccomp 2 , +.MR sigaction 2 , +.MR tgkill 2 , +.MR vfork 2 , +.MR waitpid 2 , +.MR exec 3 , +.MR capabilities 7 , +.MR signal 7 |