Handle PTRACE_EVENT_* events for child processes/threads.

fvalasiad · fvalasiad · commit a18f00b420a7 · 2024-12-10T20:58:27.000+02:00
While we so far support clone(2), fork(2), vfork(2), there
are other variants we don't. In my testing I found a case
where gcc utilized clone3(2), resulting in build-recorder
not recording the process creation step.

This commit follows a second approach utilizing the signals
ptrace(2) delivers to inform the tracer of a new process
or thread.

Signed-off-by: Fotios Valasiadis &lt;fvalasiad@gmail.com&gt;
diff --git a/src/tracer.c b/src/tracer.c
@@ -377,19 +377,6 @@ handle_rename_exit(pid_t pid, PROCESS_INFO *pi, int newdirfd, char *newpath)
     record_rename(pi->outname, from->outname, to->outname);
 }
 
-static void
-handle_create_process(PROCESS_INFO *pi, pid_t child)
-{
-    PROCESS_INFO *child_pi = find_pinfo(child);
-
-    if (!child_pi) {
-	child_pi = next_pinfo(child);
-	pinfo_new(child_pi, 1);
-    }
-
-    record_process_create(pi->outname, child_pi->outname);
-}
-
 static void
 handle_syscall_entry(pid_t pid, PROCESS_INFO *pi)
 {
@@ -556,24 +543,6 @@ handle_syscall_exit(pid_t pid, PROCESS_INFO *pi, int64_t rval)
 
 	    handle_rename_exit(pid, pi, newdirfd, newpath);
 	    break;
-#endif
-#ifdef HAVE_SYS_FORK
-	case SYS_fork:
-	    // pid_t fork(void);
-	    handle_create_process(pi, rval);
-	    break;
-#endif
-#ifdef HAVE_SYS_VFORK
-	case SYS_vfork:
-	    // pid_t vfork(void);
-	    handle_create_process(pi, rval);
-	    break;
-#endif
-#ifdef HAVE_SYS_CLONE
-	case SYS_clone:
-	    // int clone(...);
-	    handle_create_process(pi, rval);
-	    break;
 #endif
     }
 }
@@ -662,6 +631,27 @@ tracer_main(pid_t pid, PROCESS_INFO *pi, char *path, char **envp)
 		case SIGTRAP:
 		    // Also ignore SIGTRAPs since they are
 		    // generated by ptrace(2)
+		    switch (status >> 8) {
+			case SIGTRAP | (PTRACE_EVENT_VFORK << 8):
+			case SIGTRAP | (PTRACE_EVENT_FORK << 8):
+			case SIGTRAP | (PTRACE_EVENT_CLONE << 8):
+			    pid_t child;
+
+			    if (ptrace(PTRACE_GETEVENTMSG, pid, NULL, &child) <
+				0) {
+				perror("tracer.c:tracer_main():ptrace(PTRACE_GETEVENTMSG)");
+				exit(EXIT_FAILURE);
+			    }
+
+			    PROCESS_INFO *child_pi = find_pinfo(child);
+
+			    if (!child_pi) {
+				child_pi = next_pinfo(child);
+				pinfo_new(child_pi, 1);
+			    }
+			    record_process_create(pi->outname,
+						  child_pi->outname);
+		    }
 		    break;
 		default:
 		    restart_sig = WSTOPSIG(status);
