linux3.5.4 ptrace源码分析二（系列二）

相比较于PTRACE_TRACEME,PTRACE_ATTACH则是一个进程（将要成为父进程）主动的去trace一个正在运行的进程（子进程）PTRACE_ATTACH的主要处理函数如下：

static int ptrace_attach(struct task_struct *task, long request,
			 unsigned long addr,
			 unsigned long flags)
{
	bool seize = (request == PTRACE_SEIZE);
	int retval;

	retval = -EIO;
	if (seize) {
		if (addr != 0)
			goto out;
		if (flags & ~(unsigned long)PTRACE_O_MASK)
			goto out;
		flags = PT_PTRACED | PT_SEIZED | (flags << PT_OPT_FLAG_SHIFT);
	} else {
		flags = PT_PTRACED;
	}

	audit_ptrace(task);

	retval = -EPERM;
	if (unlikely(task->flags & PF_KTHREAD))
		goto out;
	if (same_thread_group(task, current))
		goto out;

	/*
	 * Protect exec's credential calculations against our interference;
	 * SUID, SGID and LSM creds get determined differently
	 * under ptrace.
	 */
	retval = -ERESTARTNOINTR;
	if (mutex_lock_interruptible(&task->signal->cred_guard_mutex))
		goto out;

	task_lock(task);
	retval = __ptrace_may_access(task, PTRACE_MODE_ATTACH);
	task_unlock(task);
	if (retval)
		goto unlock_creds;

	write_lock_irq(&tasklist_lock);
	retval = -EPERM;
	if (unlikely(task->exit_state))
		goto unlock_tasklist;
	if (task->ptrace)
		goto unlock_tasklist;

	if (seize)
		flags |= PT_SEIZED;
	if (ns_capable(task_user_ns(task), CAP_SYS_PTRACE))
		flags |= PT_PTRACE_CAP;
	task->ptrace = flags;

	__ptrace_link(task, current);

	/* SEIZE doesn't trap tracee on attach */
	if (!seize)
		send_sig_info(SIGSTOP, SEND_SIG_FORCED, task);

	spin_lock(&task->sighand->siglock);

	/*
	 * If the task is already STOPPED, set JOBCTL_TRAP_STOP and
	 * TRAPPING, and kick it so that it transits to TRACED.  TRAPPING
	 * will be cleared if the child completes the transition or any
	 * event which clears the group stop states happens.  We'll wait
	 * for the transition to complete before returning from this
	 * function.
	 *
	 * This hides STOPPED -> RUNNING -> TRACED transition from the
	 * attaching thread but a different thread in the same group can
	 * still observe the transient RUNNING state.  IOW, if another
	 * thread's WNOHANG wait(2) on the stopped tracee races against
	 * ATTACH, the wait(2) may fail due to the transient RUNNING.
	 *
	 * The following task_is_stopped() test is safe as both transitions
	 * in and out of STOPPED are protected by siglock.
	 */
	if (task_is_stopped(task) &&
	    task_set_jobctl_pending(task, JOBCTL_TRAP_STOP | JOBCTL_TRAPPING))
		signal_wake_up(task, 1);

	spin_unlock(&task->sighand->siglock);

	retval = 0;
unlock_tasklist:
	write_unlock_irq(&tasklist_lock);
unlock_creds:
	mutex_unlock(&task->signal->cred_guard_mutex);
out:
	if (!retval) {
		wait_on_bit(&task->jobctl, JOBCTL_TRAPPING_BIT,
			    ptrace_trapping_sleep_fn, TASK_UNINTERRUPTIBLE);
		proc_ptrace_connector(task, PTRACE_ATTACH);
	}

	return retval;
}

整个函数的流程总结如下

1． 判断请求是PTRACE_SEIZE还是PTRACE_ATTACH，如果ptrace请求为PTRACE_SEIZE，则检查其参数是否正确，参数有误则退出

2． 判断task进程是否为kernel thread(PF_KTHREAD)，调用same_thread_group(task,current)，判断task是否和current进程在同一个线程组，查看current进程是否有权限追踪task进程，不符合要求则退出

3． 设置子进程task->ptrace = PT_TRACED，被跟踪状态，如果当前进程拥有CAP_SYS_PTRACED，设置task->ptrace |= PT_TRACE_CAP

4． 调用__ptrace_link(task, current),将task->ptrace_entry链接到current->ptraced链表中

5． 如果是PTRACE_ATTACH请求（PTRACE_SEIZE请求不会停止被追踪进程），则调用send_sig_info(SIGSTOP,SEND_SIG_FORCED, task);发送SIGSTOP信号，中止task运行，设置task->state为TASK_STOPPED

6． 等待task->jobctl的JOBCTL_TRAPPING_BIT位被清零，阻塞时进程状态被设置为TASK_UNINTERRUPTIBLE并引发进程调度

PTRACE_ATTACH处理的方式与PTRACE_TRACEME处理的方式不同，PTRACE_ATTACH会使父进程向子进程发送SIGTRAP信号，如果子进程停止，父进程的wait操作则会被唤醒，从而成功attach。

而PTRACE_TRACEME只是表明该进程（child）想被trace的意愿。如果一个进程调用了PTRACE_TRACEME，那么该进程处理信号的方式将会变得不同。比如：如果一个进程正在运行，此时输入ctrl+c(SIGINT),则该进程直接退出。但是，如果该进程中有ptrace（PTRACE_TRACEME,0，NULL,NULL）。即该进程主动要求被跟踪，那么，当输入CTRL+C时，该进程将会处于stopped的状态。