4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
26 * Copyright 2012 DEY Storage Systems, Inc. All rights reserved.
27 * Copyright (c) 2018, Joyent, Inc. All rights reserved.
28 * Copyright (c) 2013 by Delphix. All rights reserved.
29 * Copyright 2015 Gary Mills
32 #include <sys/types.h>
33 #include <sys/utsname.h>
34 #include <sys/sysmacros.h>
54 #include "Pcore_linux.h"
58 * Pcore.c - Code to initialize a ps_prochandle from a core dump. We
59 * allocate an additional structure to hold information from the core
60 * file, and attach this to the standard ps_prochandle in place of the
61 * ability to examine /proc/<pid>/ files.
65 * Basic i/o function for reading and writing from the process address space
66 * stored in the core file and associated shared libraries. We compute the
67 * appropriate fd and offsets, and let the provided prw function do the rest.
70 core_rw(struct ps_prochandle
*P
, void *buf
, size_t n
, uintptr_t addr
,
71 ssize_t (*prw
)(int, void *, size_t, off64_t
))
76 map_info_t
*mp
= Paddr2mptr(P
, addr
);
84 break; /* No mapping for this address */
86 if (mp
->map_pmap
.pr_mflags
& MA_RESERVED1
) {
87 if (mp
->map_file
== NULL
|| mp
->map_file
->file_fd
< 0)
88 break; /* No file or file not open */
90 fd
= mp
->map_file
->file_fd
;
94 mapoff
= addr
- mp
->map_pmap
.pr_vaddr
;
95 len
= MIN(resid
, mp
->map_pmap
.pr_size
- mapoff
);
96 off
= mp
->map_offset
+ mapoff
;
98 if ((len
= prw(fd
, buf
, len
, off
)) <= 0)
103 buf
= (char *)buf
+ len
;
107 * Important: Be consistent with the behavior of i/o on the as file:
108 * writing to an invalid address yields EIO; reading from an invalid
109 * address falls through to returning success and zero bytes.
111 if (resid
== n
&& n
!= 0 && prw
!= pread64
) {
121 Pread_core(struct ps_prochandle
*P
, void *buf
, size_t n
, uintptr_t addr
,
124 return (core_rw(P
, buf
, n
, addr
, pread64
));
129 Pwrite_core(struct ps_prochandle
*P
, const void *buf
, size_t n
, uintptr_t addr
,
132 return (core_rw(P
, (void *)buf
, n
, addr
,
133 (ssize_t (*)(int, void *, size_t, off64_t
)) pwrite64
));
138 Pcred_core(struct ps_prochandle
*P
, prcred_t
*pcrp
, int ngroups
, void *data
)
140 core_info_t
*core
= data
;
142 if (core
->core_cred
!= NULL
) {
144 * Avoid returning more supplementary group data than the
145 * caller has allocated in their buffer. We expect them to
146 * check pr_ngroups afterward and potentially call us again.
148 ngroups
= MIN(ngroups
, core
->core_cred
->pr_ngroups
);
150 (void) memcpy(pcrp
, core
->core_cred
,
151 sizeof (prcred_t
) + (ngroups
- 1) * sizeof (gid_t
));
162 Psecflags_core(struct ps_prochandle
*P
, prsecflags_t
**psf
, void *data
)
164 core_info_t
*core
= data
;
166 if (core
->core_secflags
== NULL
) {
171 if ((*psf
= calloc(1, sizeof (prsecflags_t
))) == NULL
)
174 (void) memcpy(*psf
, core
->core_secflags
, sizeof (prsecflags_t
));
181 Ppriv_core(struct ps_prochandle
*P
, prpriv_t
**pprv
, void *data
)
183 core_info_t
*core
= data
;
185 if (core
->core_priv
== NULL
) {
190 *pprv
= malloc(core
->core_priv_size
);
195 (void) memcpy(*pprv
, core
->core_priv
, core
->core_priv_size
);
200 static const psinfo_t
*
201 Ppsinfo_core(struct ps_prochandle
*P
, psinfo_t
*psinfo
, void *data
)
208 Pfini_core(struct ps_prochandle
*P
, void *data
)
210 core_info_t
*core
= data
;
213 extern void __priv_free_info(void *);
214 lwp_info_t
*nlwp
, *lwp
= list_next(&core
->core_lwp_head
);
217 for (i
= 0; i
< core
->core_nlwp
; i
++, lwp
= nlwp
) {
218 nlwp
= list_next(lwp
);
220 if (lwp
->lwp_gwins
!= NULL
)
221 free(lwp
->lwp_gwins
);
222 if (lwp
->lwp_xregs
!= NULL
)
223 free(lwp
->lwp_xregs
);
224 if (lwp
->lwp_asrs
!= NULL
)
230 if (core
->core_platform
!= NULL
)
231 free(core
->core_platform
);
232 if (core
->core_uts
!= NULL
)
233 free(core
->core_uts
);
234 if (core
->core_cred
!= NULL
)
235 free(core
->core_cred
);
236 if (core
->core_priv
!= NULL
)
237 free(core
->core_priv
);
238 if (core
->core_privinfo
!= NULL
)
239 __priv_free_info(core
->core_privinfo
);
240 if (core
->core_ppii
!= NULL
)
241 free(core
->core_ppii
);
242 if (core
->core_zonename
!= NULL
)
243 free(core
->core_zonename
);
244 if (core
->core_secflags
!= NULL
)
245 free(core
->core_secflags
);
247 if (core
->core_ldt
!= NULL
)
248 free(core
->core_ldt
);
257 Pplatform_core(struct ps_prochandle
*P
, char *s
, size_t n
, void *data
)
259 core_info_t
*core
= data
;
261 if (core
->core_platform
== NULL
) {
265 (void) strncpy(s
, core
->core_platform
, n
- 1);
272 Puname_core(struct ps_prochandle
*P
, struct utsname
*u
, void *data
)
274 core_info_t
*core
= data
;
276 if (core
->core_uts
== NULL
) {
280 (void) memcpy(u
, core
->core_uts
, sizeof (struct utsname
));
286 Pzonename_core(struct ps_prochandle
*P
, char *s
, size_t n
, void *data
)
288 core_info_t
*core
= data
;
290 if (core
->core_zonename
== NULL
) {
294 (void) strlcpy(s
, core
->core_zonename
, n
);
301 Pldt_core(struct ps_prochandle
*P
, struct ssd
*pldt
, int nldt
, void *data
)
303 core_info_t
*core
= data
;
305 if (pldt
== NULL
|| nldt
== 0)
306 return (core
->core_nldt
);
308 if (core
->core_ldt
!= NULL
) {
309 nldt
= MIN(nldt
, core
->core_nldt
);
311 (void) memcpy(pldt
, core
->core_ldt
,
312 nldt
* sizeof (struct ssd
));
322 static const ps_ops_t P_core_ops
= {
323 .pop_pread
= Pread_core
,
324 .pop_pwrite
= Pwrite_core
,
325 .pop_cred
= Pcred_core
,
326 .pop_priv
= Ppriv_core
,
327 .pop_psinfo
= Ppsinfo_core
,
328 .pop_fini
= Pfini_core
,
329 .pop_platform
= Pplatform_core
,
330 .pop_uname
= Puname_core
,
331 .pop_zonename
= Pzonename_core
,
332 .pop_secflags
= Psecflags_core
,
339 * Return the lwp_info_t for the given lwpid. If no such lwpid has been
340 * encountered yet, allocate a new structure and return a pointer to it.
341 * Create a list of lwp_info_t structures sorted in decreasing lwp_id order.
344 lwpid2info(struct ps_prochandle
*P
, lwpid_t id
)
346 core_info_t
*core
= P
->data
;
347 lwp_info_t
*lwp
= list_next(&core
->core_lwp_head
);
351 for (i
= 0; i
< core
->core_nlwp
; i
++, lwp
= list_next(lwp
)) {
352 if (lwp
->lwp_id
== id
) {
353 core
->core_lwp
= lwp
;
356 if (lwp
->lwp_id
< id
) {
362 if ((lwp
= calloc(1, sizeof (lwp_info_t
))) == NULL
)
365 list_link(lwp
, next
);
368 core
->core_lwp
= lwp
;
375 * The core file itself contains a series of NOTE segments containing saved
376 * structures from /proc at the time the process died. For each note we
377 * comprehend, we define a function to read it in from the core file,
378 * convert it to our native data model if necessary, and store it inside
379 * the ps_prochandle. Each function is invoked by Pfgrab_core() with the
380 * seek pointer on P->asfd positioned appropriately. We populate a table
381 * of pointers to these note functions below.
385 note_pstatus(struct ps_prochandle
*P
, size_t nbytes
)
388 core_info_t
*core
= P
->data
;
390 if (core
->core_dmodel
== PR_MODEL_ILP32
) {
393 if (nbytes
< sizeof (pstatus32_t
) ||
394 read(P
->asfd
, &ps32
, sizeof (ps32
)) != sizeof (ps32
))
397 pstatus_32_to_n(&ps32
, &P
->status
);
401 if (nbytes
< sizeof (pstatus_t
) ||
402 read(P
->asfd
, &P
->status
, sizeof (pstatus_t
)) != sizeof (pstatus_t
))
405 P
->orig_status
= P
->status
;
406 P
->pid
= P
->status
.pr_pid
;
411 dprintf("Pgrab_core: failed to read NT_PSTATUS\n");
416 note_lwpstatus(struct ps_prochandle
*P
, size_t nbytes
)
422 core_info_t
*core
= P
->data
;
424 if (core
->core_dmodel
== PR_MODEL_ILP32
) {
427 if (nbytes
< sizeof (lwpstatus32_t
) ||
428 read(P
->asfd
, &l32
, sizeof (l32
)) != sizeof (l32
))
431 lwpstatus_32_to_n(&l32
, &lps
);
434 if (nbytes
< sizeof (lwpstatus_t
) ||
435 read(P
->asfd
, &lps
, sizeof (lps
)) != sizeof (lps
))
438 if ((lwp
= lwpid2info(P
, lps
.pr_lwpid
)) == NULL
) {
439 dprintf("Pgrab_core: failed to add NT_LWPSTATUS\n");
444 * Erase a useless and confusing artifact of the kernel implementation:
445 * the lwps which did *not* create the core will show SIGKILL. We can
446 * be assured this is bogus because SIGKILL can't produce core files.
448 if (lps
.pr_cursig
== SIGKILL
)
451 (void) memcpy(&lwp
->lwp_status
, &lps
, sizeof (lps
));
455 dprintf("Pgrab_core: failed to read NT_LWPSTATUS\n");
462 lx_prpsinfo32_to_psinfo(lx_prpsinfo32_t
*p32
, psinfo_t
*psinfo
)
464 psinfo
->pr_flag
= p32
->pr_flag
;
465 psinfo
->pr_pid
= p32
->pr_pid
;
466 psinfo
->pr_ppid
= p32
->pr_ppid
;
467 psinfo
->pr_uid
= p32
->pr_uid
;
468 psinfo
->pr_gid
= p32
->pr_gid
;
469 psinfo
->pr_sid
= p32
->pr_sid
;
470 psinfo
->pr_pgid
= p32
->pr_pgrp
;
472 (void) memcpy(psinfo
->pr_fname
, p32
->pr_fname
,
473 sizeof (psinfo
->pr_fname
));
474 (void) memcpy(psinfo
->pr_psargs
, p32
->pr_psargs
,
475 sizeof (psinfo
->pr_psargs
));
479 lx_prpsinfo64_to_psinfo(lx_prpsinfo64_t
*p64
, psinfo_t
*psinfo
)
481 psinfo
->pr_flag
= p64
->pr_flag
;
482 psinfo
->pr_pid
= p64
->pr_pid
;
483 psinfo
->pr_ppid
= p64
->pr_ppid
;
484 psinfo
->pr_uid
= p64
->pr_uid
;
485 psinfo
->pr_gid
= p64
->pr_gid
;
486 psinfo
->pr_sid
= p64
->pr_sid
;
487 psinfo
->pr_pgid
= p64
->pr_pgrp
;
488 psinfo
->pr_pgid
= p64
->pr_pgrp
;
490 (void) memcpy(psinfo
->pr_fname
, p64
->pr_fname
,
491 sizeof (psinfo
->pr_fname
));
492 (void) memcpy(psinfo
->pr_psargs
, p64
->pr_psargs
,
493 sizeof (psinfo
->pr_psargs
));
497 note_linux_psinfo(struct ps_prochandle
*P
, size_t nbytes
)
499 core_info_t
*core
= P
->data
;
503 if (core
->core_dmodel
== PR_MODEL_ILP32
) {
504 if (nbytes
< sizeof (p32
) ||
505 read(P
->asfd
, &p32
, sizeof (p32
)) != sizeof (p32
))
508 lx_prpsinfo32_to_psinfo(&p32
, &P
->psinfo
);
510 if (nbytes
< sizeof (p64
) ||
511 read(P
->asfd
, &p64
, sizeof (p64
)) != sizeof (p64
))
514 lx_prpsinfo64_to_psinfo(&p64
, &P
->psinfo
);
518 P
->status
.pr_pid
= P
->psinfo
.pr_pid
;
519 P
->status
.pr_ppid
= P
->psinfo
.pr_ppid
;
520 P
->status
.pr_pgid
= P
->psinfo
.pr_pgid
;
521 P
->status
.pr_sid
= P
->psinfo
.pr_sid
;
523 P
->psinfo
.pr_nlwp
= 0;
524 P
->status
.pr_nlwp
= 0;
528 dprintf("Pgrab_core: failed to read NT_PSINFO\n");
533 lx_prstatus64_to_lwp(lx_prstatus64_t
*prs64
, lwp_info_t
*lwp
)
535 LTIME_TO_TIMESPEC(lwp
->lwp_status
.pr_utime
, prs64
->pr_utime
);
536 LTIME_TO_TIMESPEC(lwp
->lwp_status
.pr_stime
, prs64
->pr_stime
);
538 lwp
->lwp_status
.pr_reg
[REG_R15
] = prs64
->pr_reg
.lxr_r15
;
539 lwp
->lwp_status
.pr_reg
[REG_R14
] = prs64
->pr_reg
.lxr_r14
;
540 lwp
->lwp_status
.pr_reg
[REG_R13
] = prs64
->pr_reg
.lxr_r13
;
541 lwp
->lwp_status
.pr_reg
[REG_R12
] = prs64
->pr_reg
.lxr_r12
;
542 lwp
->lwp_status
.pr_reg
[REG_R11
] = prs64
->pr_reg
.lxr_r11
;
543 lwp
->lwp_status
.pr_reg
[REG_R10
] = prs64
->pr_reg
.lxr_r10
;
544 lwp
->lwp_status
.pr_reg
[REG_R9
] = prs64
->pr_reg
.lxr_r9
;
545 lwp
->lwp_status
.pr_reg
[REG_R8
] = prs64
->pr_reg
.lxr_r8
;
547 lwp
->lwp_status
.pr_reg
[REG_RDI
] = prs64
->pr_reg
.lxr_rdi
;
548 lwp
->lwp_status
.pr_reg
[REG_RSI
] = prs64
->pr_reg
.lxr_rsi
;
549 lwp
->lwp_status
.pr_reg
[REG_RBP
] = prs64
->pr_reg
.lxr_rbp
;
550 lwp
->lwp_status
.pr_reg
[REG_RBX
] = prs64
->pr_reg
.lxr_rbx
;
551 lwp
->lwp_status
.pr_reg
[REG_RDX
] = prs64
->pr_reg
.lxr_rdx
;
552 lwp
->lwp_status
.pr_reg
[REG_RCX
] = prs64
->pr_reg
.lxr_rcx
;
553 lwp
->lwp_status
.pr_reg
[REG_RAX
] = prs64
->pr_reg
.lxr_rax
;
555 lwp
->lwp_status
.pr_reg
[REG_RIP
] = prs64
->pr_reg
.lxr_rip
;
556 lwp
->lwp_status
.pr_reg
[REG_CS
] = prs64
->pr_reg
.lxr_cs
;
557 lwp
->lwp_status
.pr_reg
[REG_RSP
] = prs64
->pr_reg
.lxr_rsp
;
558 lwp
->lwp_status
.pr_reg
[REG_FS
] = prs64
->pr_reg
.lxr_fs
;
559 lwp
->lwp_status
.pr_reg
[REG_SS
] = prs64
->pr_reg
.lxr_ss
;
560 lwp
->lwp_status
.pr_reg
[REG_GS
] = prs64
->pr_reg
.lxr_gs
;
561 lwp
->lwp_status
.pr_reg
[REG_ES
] = prs64
->pr_reg
.lxr_es
;
562 lwp
->lwp_status
.pr_reg
[REG_DS
] = prs64
->pr_reg
.lxr_ds
;
564 lwp
->lwp_status
.pr_reg
[REG_GSBASE
] = prs64
->pr_reg
.lxr_gs_base
;
565 lwp
->lwp_status
.pr_reg
[REG_FSBASE
] = prs64
->pr_reg
.lxr_fs_base
;
569 lx_prstatus32_to_lwp(lx_prstatus32_t
*prs32
, lwp_info_t
*lwp
)
571 LTIME_TO_TIMESPEC(lwp
->lwp_status
.pr_utime
, prs32
->pr_utime
);
572 LTIME_TO_TIMESPEC(lwp
->lwp_status
.pr_stime
, prs32
->pr_stime
);
575 lwp
->lwp_status
.pr_reg
[REG_GS
] = prs32
->pr_reg
.lxr_gs
;
576 lwp
->lwp_status
.pr_reg
[REG_FS
] = prs32
->pr_reg
.lxr_fs
;
577 lwp
->lwp_status
.pr_reg
[REG_DS
] = prs32
->pr_reg
.lxr_ds
;
578 lwp
->lwp_status
.pr_reg
[REG_ES
] = prs32
->pr_reg
.lxr_es
;
579 lwp
->lwp_status
.pr_reg
[REG_RDI
] = prs32
->pr_reg
.lxr_di
;
580 lwp
->lwp_status
.pr_reg
[REG_RSI
] = prs32
->pr_reg
.lxr_si
;
581 lwp
->lwp_status
.pr_reg
[REG_RBP
] = prs32
->pr_reg
.lxr_bp
;
582 lwp
->lwp_status
.pr_reg
[REG_RBX
] = prs32
->pr_reg
.lxr_bx
;
583 lwp
->lwp_status
.pr_reg
[REG_RDX
] = prs32
->pr_reg
.lxr_dx
;
584 lwp
->lwp_status
.pr_reg
[REG_RCX
] = prs32
->pr_reg
.lxr_cx
;
585 lwp
->lwp_status
.pr_reg
[REG_RAX
] = prs32
->pr_reg
.lxr_ax
;
586 lwp
->lwp_status
.pr_reg
[REG_RIP
] = prs32
->pr_reg
.lxr_ip
;
587 lwp
->lwp_status
.pr_reg
[REG_CS
] = prs32
->pr_reg
.lxr_cs
;
588 lwp
->lwp_status
.pr_reg
[REG_RFL
] = prs32
->pr_reg
.lxr_flags
;
589 lwp
->lwp_status
.pr_reg
[REG_RSP
] = prs32
->pr_reg
.lxr_sp
;
590 lwp
->lwp_status
.pr_reg
[REG_SS
] = prs32
->pr_reg
.lxr_ss
;
592 lwp
->lwp_status
.pr_reg
[EBX
] = prs32
->pr_reg
.lxr_bx
;
593 lwp
->lwp_status
.pr_reg
[ECX
] = prs32
->pr_reg
.lxr_cx
;
594 lwp
->lwp_status
.pr_reg
[EDX
] = prs32
->pr_reg
.lxr_dx
;
595 lwp
->lwp_status
.pr_reg
[ESI
] = prs32
->pr_reg
.lxr_si
;
596 lwp
->lwp_status
.pr_reg
[EDI
] = prs32
->pr_reg
.lxr_di
;
597 lwp
->lwp_status
.pr_reg
[EBP
] = prs32
->pr_reg
.lxr_bp
;
598 lwp
->lwp_status
.pr_reg
[EAX
] = prs32
->pr_reg
.lxr_ax
;
599 lwp
->lwp_status
.pr_reg
[EIP
] = prs32
->pr_reg
.lxr_ip
;
600 lwp
->lwp_status
.pr_reg
[UESP
] = prs32
->pr_reg
.lxr_sp
;
602 lwp
->lwp_status
.pr_reg
[DS
] = prs32
->pr_reg
.lxr_ds
;
603 lwp
->lwp_status
.pr_reg
[ES
] = prs32
->pr_reg
.lxr_es
;
604 lwp
->lwp_status
.pr_reg
[FS
] = prs32
->pr_reg
.lxr_fs
;
605 lwp
->lwp_status
.pr_reg
[GS
] = prs32
->pr_reg
.lxr_gs
;
606 lwp
->lwp_status
.pr_reg
[CS
] = prs32
->pr_reg
.lxr_cs
;
607 lwp
->lwp_status
.pr_reg
[SS
] = prs32
->pr_reg
.lxr_ss
;
609 lwp
->lwp_status
.pr_reg
[EFL
] = prs32
->pr_reg
.lxr_flags
;
610 #endif /* !__amd64 */
614 note_linux_prstatus(struct ps_prochandle
*P
, size_t nbytes
)
616 core_info_t
*core
= P
->data
;
618 lx_prstatus64_t prs64
;
619 lx_prstatus32_t prs32
;
623 dprintf("looking for model %d, %ld/%ld\n", core
->core_dmodel
,
624 (ulong_t
)nbytes
, (ulong_t
)sizeof (prs32
));
625 if (core
->core_dmodel
== PR_MODEL_ILP32
) {
626 if (nbytes
< sizeof (prs32
) ||
627 read(P
->asfd
, &prs32
, sizeof (prs32
)) != nbytes
)
631 if (nbytes
< sizeof (prs64
) ||
632 read(P
->asfd
, &prs64
, sizeof (prs64
)) != nbytes
)
637 if ((lwp
= lwpid2info(P
, tid
)) == NULL
) {
638 dprintf("Pgrab_core: failed to add lwpid2info "
646 lwp
->lwp_status
.pr_lwpid
= tid
;
648 if (core
->core_dmodel
== PR_MODEL_ILP32
)
649 lx_prstatus32_to_lwp(&prs32
, lwp
);
651 lx_prstatus64_to_lwp(&prs64
, lwp
);
655 dprintf("Pgrab_core: failed to read NT_PRSTATUS\n");
662 note_psinfo(struct ps_prochandle
*P
, size_t nbytes
)
665 core_info_t
*core
= P
->data
;
667 if (core
->core_dmodel
== PR_MODEL_ILP32
) {
670 if (nbytes
< sizeof (psinfo32_t
) ||
671 read(P
->asfd
, &ps32
, sizeof (ps32
)) != sizeof (ps32
))
674 psinfo_32_to_n(&ps32
, &P
->psinfo
);
677 if (nbytes
< sizeof (psinfo_t
) ||
678 read(P
->asfd
, &P
->psinfo
, sizeof (psinfo_t
)) != sizeof (psinfo_t
))
681 dprintf("pr_fname = <%s>\n", P
->psinfo
.pr_fname
);
682 dprintf("pr_psargs = <%s>\n", P
->psinfo
.pr_psargs
);
683 dprintf("pr_wstat = 0x%x\n", P
->psinfo
.pr_wstat
);
688 dprintf("Pgrab_core: failed to read NT_PSINFO\n");
693 note_lwpsinfo(struct ps_prochandle
*P
, size_t nbytes
)
699 core_info_t
*core
= P
->data
;
701 if (core
->core_dmodel
== PR_MODEL_ILP32
) {
704 if (nbytes
< sizeof (lwpsinfo32_t
) ||
705 read(P
->asfd
, &l32
, sizeof (l32
)) != sizeof (l32
))
708 lwpsinfo_32_to_n(&l32
, &lps
);
711 if (nbytes
< sizeof (lwpsinfo_t
) ||
712 read(P
->asfd
, &lps
, sizeof (lps
)) != sizeof (lps
))
715 if ((lwp
= lwpid2info(P
, lps
.pr_lwpid
)) == NULL
) {
716 dprintf("Pgrab_core: failed to add NT_LWPSINFO\n");
720 (void) memcpy(&lwp
->lwp_psinfo
, &lps
, sizeof (lps
));
724 dprintf("Pgrab_core: failed to read NT_LWPSINFO\n");
729 note_lwpname(struct ps_prochandle
*P
, size_t nbytes
)
734 if (nbytes
!= sizeof (name
) ||
735 read(P
->asfd
, &name
, sizeof (name
)) != sizeof (name
))
738 if ((lwp
= lwpid2info(P
, name
.pr_lwpid
)) == NULL
)
741 if (strlcpy(lwp
->lwp_name
, name
.pr_lwpname
,
742 sizeof (lwp
->lwp_name
)) >= sizeof (lwp
->lwp_name
)) {
743 errno
= ENAMETOOLONG
;
750 dprintf("Pgrab_core: failed to read NT_LWPNAME\n");
755 note_fdinfo(struct ps_prochandle
*P
, size_t nbytes
)
760 if ((nbytes
< sizeof (prfd
)) ||
761 (read(P
->asfd
, &prfd
, sizeof (prfd
)) != sizeof (prfd
))) {
762 dprintf("Pgrab_core: failed to read NT_FDINFO\n");
766 if ((fip
= Pfd2info(P
, prfd
.pr_fd
)) == NULL
) {
767 dprintf("Pgrab_core: failed to add NT_FDINFO\n");
770 (void) memcpy(&fip
->fd_info
, &prfd
, sizeof (prfd
));
775 note_platform(struct ps_prochandle
*P
, size_t nbytes
)
777 core_info_t
*core
= P
->data
;
780 if (core
->core_platform
!= NULL
)
781 return (0); /* Already seen */
783 if (nbytes
!= 0 && ((plat
= malloc(nbytes
+ 1)) != NULL
)) {
784 if (read(P
->asfd
, plat
, nbytes
) != nbytes
) {
785 dprintf("Pgrab_core: failed to read NT_PLATFORM\n");
789 plat
[nbytes
- 1] = '\0';
790 core
->core_platform
= plat
;
797 note_secflags(struct ps_prochandle
*P
, size_t nbytes
)
799 core_info_t
*core
= P
->data
;
802 if (core
->core_secflags
!= NULL
)
803 return (0); /* Already seen */
805 if (sizeof (*psf
) != nbytes
) {
806 dprintf("Pgrab_core: NT_SECFLAGS changed size."
807 " Need to handle a version change?\n");
811 if (nbytes
!= 0 && ((psf
= malloc(nbytes
)) != NULL
)) {
812 if (read(P
->asfd
, psf
, nbytes
) != nbytes
) {
813 dprintf("Pgrab_core: failed to read NT_SECFLAGS\n");
818 core
->core_secflags
= psf
;
825 note_utsname(struct ps_prochandle
*P
, size_t nbytes
)
827 core_info_t
*core
= P
->data
;
828 size_t ubytes
= sizeof (struct utsname
);
829 struct utsname
*utsp
;
831 if (core
->core_uts
!= NULL
|| nbytes
< ubytes
)
832 return (0); /* Already seen or bad size */
834 if ((utsp
= malloc(ubytes
)) == NULL
)
837 if (read(P
->asfd
, utsp
, ubytes
) != ubytes
) {
838 dprintf("Pgrab_core: failed to read NT_UTSNAME\n");
843 if (_libproc_debug
) {
844 dprintf("uts.sysname = \"%s\"\n", utsp
->sysname
);
845 dprintf("uts.nodename = \"%s\"\n", utsp
->nodename
);
846 dprintf("uts.release = \"%s\"\n", utsp
->release
);
847 dprintf("uts.version = \"%s\"\n", utsp
->version
);
848 dprintf("uts.machine = \"%s\"\n", utsp
->machine
);
851 core
->core_uts
= utsp
;
856 note_content(struct ps_prochandle
*P
, size_t nbytes
)
858 core_info_t
*core
= P
->data
;
859 core_content_t content
;
861 if (sizeof (core
->core_content
) != nbytes
)
864 if (read(P
->asfd
, &content
, sizeof (content
)) != sizeof (content
))
867 core
->core_content
= content
;
869 dprintf("core content = %llx\n", content
);
875 note_cred(struct ps_prochandle
*P
, size_t nbytes
)
877 core_info_t
*core
= P
->data
;
880 const size_t min_size
= sizeof (prcred_t
) - sizeof (gid_t
);
883 * We allow for prcred_t notes that are actually smaller than a
884 * prcred_t since the last member isn't essential if there are
885 * no group memberships. This allows for more flexibility when it
886 * comes to slightly malformed -- but still valid -- notes.
888 if (core
->core_cred
!= NULL
|| nbytes
< min_size
)
889 return (0); /* Already seen or bad size */
891 ngroups
= (nbytes
- min_size
) / sizeof (gid_t
);
892 nbytes
= sizeof (prcred_t
) + (ngroups
- 1) * sizeof (gid_t
);
894 if ((pcrp
= malloc(nbytes
)) == NULL
)
897 if (read(P
->asfd
, pcrp
, nbytes
) != nbytes
) {
898 dprintf("Pgrab_core: failed to read NT_PRCRED\n");
903 if (pcrp
->pr_ngroups
> ngroups
) {
904 dprintf("pr_ngroups = %d; resetting to %d based on note size\n",
905 pcrp
->pr_ngroups
, ngroups
);
906 pcrp
->pr_ngroups
= ngroups
;
909 core
->core_cred
= pcrp
;
915 note_ldt(struct ps_prochandle
*P
, size_t nbytes
)
917 core_info_t
*core
= P
->data
;
921 if (core
->core_ldt
!= NULL
|| nbytes
< sizeof (struct ssd
))
922 return (0); /* Already seen or bad size */
924 nldt
= nbytes
/ sizeof (struct ssd
);
925 nbytes
= nldt
* sizeof (struct ssd
);
927 if ((pldt
= malloc(nbytes
)) == NULL
)
930 if (read(P
->asfd
, pldt
, nbytes
) != nbytes
) {
931 dprintf("Pgrab_core: failed to read NT_LDT\n");
936 core
->core_ldt
= pldt
;
937 core
->core_nldt
= nldt
;
943 note_priv(struct ps_prochandle
*P
, size_t nbytes
)
945 core_info_t
*core
= P
->data
;
948 if (core
->core_priv
!= NULL
|| nbytes
< sizeof (prpriv_t
))
949 return (0); /* Already seen or bad size */
951 if ((pprvp
= malloc(nbytes
)) == NULL
)
954 if (read(P
->asfd
, pprvp
, nbytes
) != nbytes
) {
955 dprintf("Pgrab_core: failed to read NT_PRPRIV\n");
960 core
->core_priv
= pprvp
;
961 core
->core_priv_size
= nbytes
;
966 note_priv_info(struct ps_prochandle
*P
, size_t nbytes
)
968 core_info_t
*core
= P
->data
;
969 extern void *__priv_parse_info();
970 priv_impl_info_t
*ppii
;
972 if (core
->core_privinfo
!= NULL
||
973 nbytes
< sizeof (priv_impl_info_t
))
974 return (0); /* Already seen or bad size */
976 if ((ppii
= malloc(nbytes
)) == NULL
)
979 if (read(P
->asfd
, ppii
, nbytes
) != nbytes
||
980 PRIV_IMPL_INFO_SIZE(ppii
) != nbytes
) {
981 dprintf("Pgrab_core: failed to read NT_PRPRIVINFO\n");
986 core
->core_privinfo
= __priv_parse_info(ppii
);
987 core
->core_ppii
= ppii
;
992 note_zonename(struct ps_prochandle
*P
, size_t nbytes
)
994 core_info_t
*core
= P
->data
;
997 if (core
->core_zonename
!= NULL
)
998 return (0); /* Already seen */
1001 if ((zonename
= malloc(nbytes
)) == NULL
)
1003 if (read(P
->asfd
, zonename
, nbytes
) != nbytes
) {
1004 dprintf("Pgrab_core: failed to read NT_ZONENAME\n");
1008 zonename
[nbytes
- 1] = '\0';
1009 core
->core_zonename
= zonename
;
1016 note_auxv(struct ps_prochandle
*P
, size_t nbytes
)
1021 core_info_t
*core
= P
->data
;
1023 if (core
->core_dmodel
== PR_MODEL_ILP32
) {
1026 n
= nbytes
/ sizeof (auxv32_t
);
1027 nbytes
= n
* sizeof (auxv32_t
);
1028 a32
= alloca(nbytes
);
1030 if (read(P
->asfd
, a32
, nbytes
) != nbytes
) {
1031 dprintf("Pgrab_core: failed to read NT_AUXV\n");
1035 if ((P
->auxv
= malloc(sizeof (auxv_t
) * (n
+ 1))) == NULL
)
1038 for (i
= 0; i
< n
; i
++)
1039 auxv_32_to_n(&a32
[i
], &P
->auxv
[i
]);
1043 n
= nbytes
/ sizeof (auxv_t
);
1044 nbytes
= n
* sizeof (auxv_t
);
1046 if ((P
->auxv
= malloc(nbytes
+ sizeof (auxv_t
))) == NULL
)
1049 if (read(P
->asfd
, P
->auxv
, nbytes
) != nbytes
) {
1058 if (_libproc_debug
) {
1059 for (i
= 0; i
< n
; i
++) {
1060 dprintf("P->auxv[%lu] = ( %d, 0x%lx )\n", (ulong_t
)i
,
1061 P
->auxv
[i
].a_type
, P
->auxv
[i
].a_un
.a_val
);
1066 * Defensive coding for loops which depend upon the auxv array being
1067 * terminated by an AT_NULL element; in each case, we've allocated
1068 * P->auxv to have an additional element which we force to be AT_NULL.
1070 P
->auxv
[n
].a_type
= AT_NULL
;
1071 P
->auxv
[n
].a_un
.a_val
= 0L;
1079 note_xreg(struct ps_prochandle
*P
, size_t nbytes
)
1081 core_info_t
*core
= P
->data
;
1082 lwp_info_t
*lwp
= core
->core_lwp
;
1083 size_t xbytes
= sizeof (prxregset_t
);
1086 if (lwp
== NULL
|| lwp
->lwp_xregs
!= NULL
|| nbytes
< xbytes
)
1087 return (0); /* No lwp yet, already seen, or bad size */
1089 if ((xregs
= malloc(xbytes
)) == NULL
)
1092 if (read(P
->asfd
, xregs
, xbytes
) != xbytes
) {
1093 dprintf("Pgrab_core: failed to read NT_PRXREG\n");
1098 lwp
->lwp_xregs
= xregs
;
1103 note_gwindows(struct ps_prochandle
*P
, size_t nbytes
)
1105 core_info_t
*core
= P
->data
;
1106 lwp_info_t
*lwp
= core
->core_lwp
;
1108 if (lwp
== NULL
|| lwp
->lwp_gwins
!= NULL
|| nbytes
== 0)
1109 return (0); /* No lwp yet or already seen or no data */
1111 if ((lwp
->lwp_gwins
= malloc(sizeof (gwindows_t
))) == NULL
)
1115 * Since the amount of gwindows data varies with how many windows were
1116 * actually saved, we just read up to the minimum of the note size
1117 * and the size of the gwindows_t type. It doesn't matter if the read
1118 * fails since we have to zero out gwindows first anyway.
1121 if (core
->core_dmodel
== PR_MODEL_ILP32
) {
1124 (void) memset(&g32
, 0, sizeof (g32
));
1125 (void) read(P
->asfd
, &g32
, MIN(nbytes
, sizeof (g32
)));
1126 gwindows_32_to_n(&g32
, lwp
->lwp_gwins
);
1130 (void) memset(lwp
->lwp_gwins
, 0, sizeof (gwindows_t
));
1131 (void) read(P
->asfd
, lwp
->lwp_gwins
,
1132 MIN(nbytes
, sizeof (gwindows_t
)));
1141 note_asrs(struct ps_prochandle
*P
, size_t nbytes
)
1143 core_info_t
*core
= P
->data
;
1144 lwp_info_t
*lwp
= core
->core_lwp
;
1147 if (lwp
== NULL
|| lwp
->lwp_asrs
!= NULL
|| nbytes
< sizeof (asrset_t
))
1148 return (0); /* No lwp yet, already seen, or bad size */
1150 if ((asrs
= malloc(sizeof (asrset_t
))) == NULL
)
1153 if (read(P
->asfd
, asrs
, sizeof (asrset_t
)) != sizeof (asrset_t
)) {
1154 dprintf("Pgrab_core: failed to read NT_ASRS\n");
1159 lwp
->lwp_asrs
= asrs
;
1162 #endif /* __sparcv9 */
1163 #endif /* __sparc */
1166 note_spymaster(struct ps_prochandle
*P
, size_t nbytes
)
1169 core_info_t
*core
= P
->data
;
1171 if (core
->core_dmodel
== PR_MODEL_ILP32
) {
1174 if (nbytes
< sizeof (psinfo32_t
) ||
1175 read(P
->asfd
, &ps32
, sizeof (ps32
)) != sizeof (ps32
))
1178 psinfo_32_to_n(&ps32
, &P
->spymaster
);
1181 if (nbytes
< sizeof (psinfo_t
) || read(P
->asfd
,
1182 &P
->spymaster
, sizeof (psinfo_t
)) != sizeof (psinfo_t
))
1185 dprintf("spymaster pr_fname = <%s>\n", P
->psinfo
.pr_fname
);
1186 dprintf("spymaster pr_psargs = <%s>\n", P
->psinfo
.pr_psargs
);
1187 dprintf("spymaster pr_wstat = 0x%x\n", P
->psinfo
.pr_wstat
);
1192 dprintf("Pgrab_core: failed to read NT_SPYMASTER\n");
1198 note_notsup(struct ps_prochandle
*P
, size_t nbytes
)
1200 dprintf("skipping unsupported note type of size %ld bytes\n",
1206 * Populate a table of function pointers indexed by Note type with our
1207 * functions to process each type of core file note:
1209 static int (*nhdlrs
[])(struct ps_prochandle
*, size_t) = {
1210 note_notsup
, /* 0 unassigned */
1212 note_linux_prstatus
, /* 1 NT_PRSTATUS (old) */
1214 note_notsup
, /* 1 NT_PRSTATUS (old) */
1216 note_notsup
, /* 2 NT_PRFPREG (old) */
1218 note_linux_psinfo
, /* 3 NT_PRPSINFO (old) */
1220 note_notsup
, /* 3 NT_PRPSINFO (old) */
1223 note_xreg
, /* 4 NT_PRXREG */
1225 note_notsup
, /* 4 NT_PRXREG */
1227 note_platform
, /* 5 NT_PLATFORM */
1228 note_auxv
, /* 6 NT_AUXV */
1230 note_gwindows
, /* 7 NT_GWINDOWS */
1232 note_asrs
, /* 8 NT_ASRS */
1234 note_notsup
, /* 8 NT_ASRS */
1237 note_notsup
, /* 7 NT_GWINDOWS */
1238 note_notsup
, /* 8 NT_ASRS */
1241 note_ldt
, /* 9 NT_LDT */
1243 note_notsup
, /* 9 NT_LDT */
1245 note_pstatus
, /* 10 NT_PSTATUS */
1246 note_notsup
, /* 11 unassigned */
1247 note_notsup
, /* 12 unassigned */
1248 note_psinfo
, /* 13 NT_PSINFO */
1249 note_cred
, /* 14 NT_PRCRED */
1250 note_utsname
, /* 15 NT_UTSNAME */
1251 note_lwpstatus
, /* 16 NT_LWPSTATUS */
1252 note_lwpsinfo
, /* 17 NT_LWPSINFO */
1253 note_priv
, /* 18 NT_PRPRIV */
1254 note_priv_info
, /* 19 NT_PRPRIVINFO */
1255 note_content
, /* 20 NT_CONTENT */
1256 note_zonename
, /* 21 NT_ZONENAME */
1257 note_fdinfo
, /* 22 NT_FDINFO */
1258 note_spymaster
, /* 23 NT_SPYMASTER */
1259 note_secflags
, /* 24 NT_SECFLAGS */
1260 note_lwpname
, /* 25 NT_LWPNAME */
1264 core_report_mapping(struct ps_prochandle
*P
, GElf_Phdr
*php
)
1266 prkillinfo_t killinfo
;
1267 siginfo_t
*si
= &killinfo
.prk_info
;
1268 char signame
[SIG2STR_MAX
], sig
[64], info
[64];
1269 void *addr
= (void *)(uintptr_t)php
->p_vaddr
;
1271 const char *errfmt
= "core file data for mapping at %p not saved: %s\n";
1272 const char *incfmt
= "core file incomplete due to %s%s\n";
1273 const char *msgfmt
= "mappings at and above %p are missing\n";
1275 if (!(php
->p_flags
& PF_SUNW_KILLED
)) {
1278 (void) pread64(P
->asfd
, &err
,
1279 sizeof (err
), (off64_t
)php
->p_offset
);
1281 Perror_printf(P
, errfmt
, addr
, strerror(err
));
1282 dprintf(errfmt
, addr
, strerror(err
));
1286 if (!(php
->p_flags
& PF_SUNW_SIGINFO
))
1289 (void) memset(&killinfo
, 0, sizeof (killinfo
));
1291 (void) pread64(P
->asfd
, &killinfo
,
1292 sizeof (killinfo
), (off64_t
)php
->p_offset
);
1295 * While there is (or at least should be) only one segment that has
1296 * PF_SUNW_SIGINFO set, the signal information there is globally
1297 * useful (even if only to those debugging libproc consumers); we hang
1298 * the signal information gleaned here off of the ps_prochandle.
1300 P
->map_missing
= php
->p_vaddr
;
1301 P
->killinfo
= killinfo
.prk_info
;
1303 if (sig2str(si
->si_signo
, signame
) == -1) {
1304 (void) snprintf(sig
, sizeof (sig
),
1305 "<Unknown signal: 0x%x>, ", si
->si_signo
);
1307 (void) snprintf(sig
, sizeof (sig
), "SIG%s, ", signame
);
1310 if (si
->si_code
== SI_USER
|| si
->si_code
== SI_QUEUE
) {
1311 (void) snprintf(info
, sizeof (info
),
1312 "pid=%d uid=%d zone=%d ctid=%d",
1313 si
->si_pid
, si
->si_uid
, si
->si_zoneid
, si
->si_ctid
);
1315 (void) snprintf(info
, sizeof (info
),
1316 "code=%d", si
->si_code
);
1319 Perror_printf(P
, incfmt
, sig
, info
);
1320 Perror_printf(P
, msgfmt
, addr
);
1322 dprintf(incfmt
, sig
, info
);
1323 dprintf(msgfmt
, addr
);
1327 * Add information on the address space mapping described by the given
1328 * PT_LOAD program header. We fill in more information on the mapping later.
1331 core_add_mapping(struct ps_prochandle
*P
, GElf_Phdr
*php
)
1333 core_info_t
*core
= P
->data
;
1336 dprintf("mapping base %llx filesz %llx memsz %llx offset %llx\n",
1337 (u_longlong_t
)php
->p_vaddr
, (u_longlong_t
)php
->p_filesz
,
1338 (u_longlong_t
)php
->p_memsz
, (u_longlong_t
)php
->p_offset
);
1340 pmap
.pr_vaddr
= (uintptr_t)php
->p_vaddr
;
1341 pmap
.pr_size
= php
->p_memsz
;
1344 * If Pgcore() or elfcore() fail to write a mapping, they will set
1345 * PF_SUNW_FAILURE in the Phdr and try to stash away the errno for us.
1347 if (php
->p_flags
& PF_SUNW_FAILURE
) {
1348 core_report_mapping(P
, php
);
1349 } else if (php
->p_filesz
!= 0 && php
->p_offset
>= core
->core_size
) {
1350 Perror_printf(P
, "core file may be corrupt -- data for mapping "
1351 "at %p is missing\n", (void *)(uintptr_t)php
->p_vaddr
);
1352 dprintf("core file may be corrupt -- data for mapping "
1353 "at %p is missing\n", (void *)(uintptr_t)php
->p_vaddr
);
1357 * The mapping name and offset will hopefully be filled in
1358 * by the librtld_db agent. Unfortunately, if it isn't a
1359 * shared library mapping, this information is gone forever.
1361 pmap
.pr_mapname
[0] = '\0';
1365 if (php
->p_flags
& PF_R
)
1366 pmap
.pr_mflags
|= MA_READ
;
1367 if (php
->p_flags
& PF_W
)
1368 pmap
.pr_mflags
|= MA_WRITE
;
1369 if (php
->p_flags
& PF_X
)
1370 pmap
.pr_mflags
|= MA_EXEC
;
1372 if (php
->p_filesz
== 0)
1373 pmap
.pr_mflags
|= MA_RESERVED1
;
1376 * At the time of adding this mapping, we just zero the pagesize.
1377 * Once we've processed more of the core file, we'll have the
1378 * pagesize from the auxv's AT_PAGESZ element and we can fill this in.
1380 pmap
.pr_pagesize
= 0;
1383 * Unfortunately whether or not the mapping was a System V
1384 * shared memory segment is lost. We use -1 to mark it as not shm.
1388 return (Padd_mapping(P
, php
->p_offset
, NULL
, &pmap
));
1392 * Given a virtual address, name the mapping at that address using the
1393 * specified name, and return the map_info_t pointer.
1396 core_name_mapping(struct ps_prochandle
*P
, uintptr_t addr
, const char *name
)
1398 map_info_t
*mp
= Paddr2mptr(P
, addr
);
1401 (void) strncpy(mp
->map_pmap
.pr_mapname
, name
, PRMAPSZ
);
1402 mp
->map_pmap
.pr_mapname
[PRMAPSZ
- 1] = '\0';
1409 * libproc uses libelf for all of its symbol table manipulation. This function
1410 * takes a symbol table and string table from a core file and places them
1411 * in a memory backed elf file.
1414 fake_up_symtab(struct ps_prochandle
*P
, const elf_file_header_t
*ehdr
,
1415 GElf_Shdr
*symtab
, GElf_Shdr
*strtab
)
1424 if (symtab
->sh_addr
== 0 ||
1425 (mp
= Paddr2mptr(P
, symtab
->sh_addr
)) == NULL
||
1426 (fp
= mp
->map_file
) == NULL
) {
1427 dprintf("fake_up_symtab: invalid section\n");
1431 if (fp
->file_symtab
.sym_data_pri
!= NULL
) {
1432 dprintf("Symbol table already loaded (sh_addr 0x%lx)\n",
1433 (long)symtab
->sh_addr
);
1437 if (P
->status
.pr_dmodel
== PR_MODEL_ILP32
) {
1444 base
= sizeof (b
->ehdr
) + sizeof (b
->shdr
);
1445 size
= base
+ symtab
->sh_size
+ strtab
->sh_size
;
1447 if ((b
= calloc(1, size
)) == NULL
)
1450 (void) memcpy(b
->ehdr
.e_ident
, ehdr
->e_ident
,
1451 sizeof (ehdr
->e_ident
));
1452 b
->ehdr
.e_type
= ehdr
->e_type
;
1453 b
->ehdr
.e_machine
= ehdr
->e_machine
;
1454 b
->ehdr
.e_version
= ehdr
->e_version
;
1455 b
->ehdr
.e_flags
= ehdr
->e_flags
;
1456 b
->ehdr
.e_ehsize
= sizeof (b
->ehdr
);
1457 b
->ehdr
.e_shoff
= sizeof (b
->ehdr
);
1458 b
->ehdr
.e_shentsize
= sizeof (b
->shdr
[0]);
1459 b
->ehdr
.e_shnum
= 3;
1462 b
->shdr
[1].sh_size
= symtab
->sh_size
;
1463 b
->shdr
[1].sh_type
= SHT_SYMTAB
;
1464 b
->shdr
[1].sh_offset
= off
+ base
;
1465 b
->shdr
[1].sh_entsize
= sizeof (Elf32_Sym
);
1466 b
->shdr
[1].sh_link
= 2;
1467 b
->shdr
[1].sh_info
= symtab
->sh_info
;
1468 b
->shdr
[1].sh_addralign
= symtab
->sh_addralign
;
1470 if (pread64(P
->asfd
, &b
->data
[off
], b
->shdr
[1].sh_size
,
1471 symtab
->sh_offset
) != b
->shdr
[1].sh_size
) {
1472 dprintf("fake_up_symtab: pread of symtab[1] failed\n");
1477 off
+= b
->shdr
[1].sh_size
;
1479 b
->shdr
[2].sh_flags
= SHF_STRINGS
;
1480 b
->shdr
[2].sh_size
= strtab
->sh_size
;
1481 b
->shdr
[2].sh_type
= SHT_STRTAB
;
1482 b
->shdr
[2].sh_offset
= off
+ base
;
1483 b
->shdr
[2].sh_info
= strtab
->sh_info
;
1484 b
->shdr
[2].sh_addralign
= 1;
1486 if (pread64(P
->asfd
, &b
->data
[off
], b
->shdr
[2].sh_size
,
1487 strtab
->sh_offset
) != b
->shdr
[2].sh_size
) {
1488 dprintf("fake_up_symtab: pread of symtab[2] failed\n");
1493 off
+= b
->shdr
[2].sh_size
;
1495 fp
->file_symtab
.sym_elf
= elf_memory((char *)b
, size
);
1496 if (fp
->file_symtab
.sym_elf
== NULL
) {
1501 fp
->file_symtab
.sym_elfmem
= b
;
1510 base
= sizeof (b
->ehdr
) + sizeof (b
->shdr
);
1511 size
= base
+ symtab
->sh_size
+ strtab
->sh_size
;
1513 if ((b
= calloc(1, size
)) == NULL
)
1516 (void) memcpy(b
->ehdr
.e_ident
, ehdr
->e_ident
,
1517 sizeof (ehdr
->e_ident
));
1518 b
->ehdr
.e_type
= ehdr
->e_type
;
1519 b
->ehdr
.e_machine
= ehdr
->e_machine
;
1520 b
->ehdr
.e_version
= ehdr
->e_version
;
1521 b
->ehdr
.e_flags
= ehdr
->e_flags
;
1522 b
->ehdr
.e_ehsize
= sizeof (b
->ehdr
);
1523 b
->ehdr
.e_shoff
= sizeof (b
->ehdr
);
1524 b
->ehdr
.e_shentsize
= sizeof (b
->shdr
[0]);
1525 b
->ehdr
.e_shnum
= 3;
1528 b
->shdr
[1].sh_size
= symtab
->sh_size
;
1529 b
->shdr
[1].sh_type
= SHT_SYMTAB
;
1530 b
->shdr
[1].sh_offset
= off
+ base
;
1531 b
->shdr
[1].sh_entsize
= sizeof (Elf64_Sym
);
1532 b
->shdr
[1].sh_link
= 2;
1533 b
->shdr
[1].sh_info
= symtab
->sh_info
;
1534 b
->shdr
[1].sh_addralign
= symtab
->sh_addralign
;
1536 if (pread64(P
->asfd
, &b
->data
[off
], b
->shdr
[1].sh_size
,
1537 symtab
->sh_offset
) != b
->shdr
[1].sh_size
) {
1542 off
+= b
->shdr
[1].sh_size
;
1544 b
->shdr
[2].sh_flags
= SHF_STRINGS
;
1545 b
->shdr
[2].sh_size
= strtab
->sh_size
;
1546 b
->shdr
[2].sh_type
= SHT_STRTAB
;
1547 b
->shdr
[2].sh_offset
= off
+ base
;
1548 b
->shdr
[2].sh_info
= strtab
->sh_info
;
1549 b
->shdr
[2].sh_addralign
= 1;
1551 if (pread64(P
->asfd
, &b
->data
[off
], b
->shdr
[2].sh_size
,
1552 strtab
->sh_offset
) != b
->shdr
[2].sh_size
) {
1557 off
+= b
->shdr
[2].sh_size
;
1559 fp
->file_symtab
.sym_elf
= elf_memory((char *)b
, size
);
1560 if (fp
->file_symtab
.sym_elf
== NULL
) {
1565 fp
->file_symtab
.sym_elfmem
= b
;
1569 if ((scn
= elf_getscn(fp
->file_symtab
.sym_elf
, 1)) == NULL
||
1570 (fp
->file_symtab
.sym_data_pri
= elf_getdata(scn
, NULL
)) == NULL
||
1571 (scn
= elf_getscn(fp
->file_symtab
.sym_elf
, 2)) == NULL
||
1572 (data
= elf_getdata(scn
, NULL
)) == NULL
) {
1573 dprintf("fake_up_symtab: failed to get section data at %p\n",
1578 fp
->file_symtab
.sym_strs
= data
->d_buf
;
1579 fp
->file_symtab
.sym_strsz
= data
->d_size
;
1580 fp
->file_symtab
.sym_symn
= symtab
->sh_size
/ symtab
->sh_entsize
;
1581 fp
->file_symtab
.sym_hdr_pri
= *symtab
;
1582 fp
->file_symtab
.sym_strhdr
= *strtab
;
1584 optimize_symtab(&fp
->file_symtab
);
1588 (void) elf_end(fp
->file_symtab
.sym_elf
);
1589 free(fp
->file_symtab
.sym_elfmem
);
1590 fp
->file_symtab
.sym_elf
= NULL
;
1591 fp
->file_symtab
.sym_elfmem
= NULL
;
1595 core_phdr_to_gelf(const Elf32_Phdr
*src
, GElf_Phdr
*dst
)
1597 dst
->p_type
= src
->p_type
;
1598 dst
->p_flags
= src
->p_flags
;
1599 dst
->p_offset
= (Elf64_Off
)src
->p_offset
;
1600 dst
->p_vaddr
= (Elf64_Addr
)src
->p_vaddr
;
1601 dst
->p_paddr
= (Elf64_Addr
)src
->p_paddr
;
1602 dst
->p_filesz
= (Elf64_Xword
)src
->p_filesz
;
1603 dst
->p_memsz
= (Elf64_Xword
)src
->p_memsz
;
1604 dst
->p_align
= (Elf64_Xword
)src
->p_align
;
1608 core_shdr_to_gelf(const Elf32_Shdr
*src
, GElf_Shdr
*dst
)
1610 dst
->sh_name
= src
->sh_name
;
1611 dst
->sh_type
= src
->sh_type
;
1612 dst
->sh_flags
= (Elf64_Xword
)src
->sh_flags
;
1613 dst
->sh_addr
= (Elf64_Addr
)src
->sh_addr
;
1614 dst
->sh_offset
= (Elf64_Off
)src
->sh_offset
;
1615 dst
->sh_size
= (Elf64_Xword
)src
->sh_size
;
1616 dst
->sh_link
= src
->sh_link
;
1617 dst
->sh_info
= src
->sh_info
;
1618 dst
->sh_addralign
= (Elf64_Xword
)src
->sh_addralign
;
1619 dst
->sh_entsize
= (Elf64_Xword
)src
->sh_entsize
;
1623 * Perform elf_begin on efp->e_fd and verify the ELF file's type and class.
1626 core_elf_fdopen(elf_file_t
*efp
, GElf_Half type
, int *perr
)
1629 uchar_t order
= ELFDATA2MSB
;
1631 uchar_t order
= ELFDATA2LSB
;
1638 * Because 32-bit libelf cannot deal with large files, we need to read,
1639 * check, and convert the file header manually in case type == ET_CORE.
1641 if (pread64(efp
->e_fd
, &e32
, sizeof (e32
), 0) != sizeof (e32
)) {
1646 if ((is_noelf
= memcmp(&e32
.e_ident
[EI_MAG0
], ELFMAG
, SELFMAG
)) != 0 ||
1647 e32
.e_type
!= type
|| (isa_err
= (e32
.e_ident
[EI_DATA
] != order
)) ||
1648 e32
.e_version
!= EV_CURRENT
) {
1650 if (is_noelf
== 0 && isa_err
) {
1660 * If the file is 64-bit and we are 32-bit, fail with G_LP64. If the
1661 * file is 64-bit and we are 64-bit, re-read the header as a Elf64_Ehdr,
1662 * and convert it to a elf_file_header_t. Otherwise, the file is
1663 * 32-bit, so convert e32 to a elf_file_header_t.
1665 if (e32
.e_ident
[EI_CLASS
] == ELFCLASS64
) {
1669 if (pread64(efp
->e_fd
, &e64
, sizeof (e64
), 0) != sizeof (e64
)) {
1675 (void) memcpy(efp
->e_hdr
.e_ident
, e64
.e_ident
, EI_NIDENT
);
1676 efp
->e_hdr
.e_type
= e64
.e_type
;
1677 efp
->e_hdr
.e_machine
= e64
.e_machine
;
1678 efp
->e_hdr
.e_version
= e64
.e_version
;
1679 efp
->e_hdr
.e_entry
= e64
.e_entry
;
1680 efp
->e_hdr
.e_phoff
= e64
.e_phoff
;
1681 efp
->e_hdr
.e_shoff
= e64
.e_shoff
;
1682 efp
->e_hdr
.e_flags
= e64
.e_flags
;
1683 efp
->e_hdr
.e_ehsize
= e64
.e_ehsize
;
1684 efp
->e_hdr
.e_phentsize
= e64
.e_phentsize
;
1685 efp
->e_hdr
.e_phnum
= (Elf64_Word
)e64
.e_phnum
;
1686 efp
->e_hdr
.e_shentsize
= e64
.e_shentsize
;
1687 efp
->e_hdr
.e_shnum
= (Elf64_Word
)e64
.e_shnum
;
1688 efp
->e_hdr
.e_shstrndx
= (Elf64_Word
)e64
.e_shstrndx
;
1695 (void) memcpy(efp
->e_hdr
.e_ident
, e32
.e_ident
, EI_NIDENT
);
1696 efp
->e_hdr
.e_type
= e32
.e_type
;
1697 efp
->e_hdr
.e_machine
= e32
.e_machine
;
1698 efp
->e_hdr
.e_version
= e32
.e_version
;
1699 efp
->e_hdr
.e_entry
= (Elf64_Addr
)e32
.e_entry
;
1700 efp
->e_hdr
.e_phoff
= (Elf64_Off
)e32
.e_phoff
;
1701 efp
->e_hdr
.e_shoff
= (Elf64_Off
)e32
.e_shoff
;
1702 efp
->e_hdr
.e_flags
= e32
.e_flags
;
1703 efp
->e_hdr
.e_ehsize
= e32
.e_ehsize
;
1704 efp
->e_hdr
.e_phentsize
= e32
.e_phentsize
;
1705 efp
->e_hdr
.e_phnum
= (Elf64_Word
)e32
.e_phnum
;
1706 efp
->e_hdr
.e_shentsize
= e32
.e_shentsize
;
1707 efp
->e_hdr
.e_shnum
= (Elf64_Word
)e32
.e_shnum
;
1708 efp
->e_hdr
.e_shstrndx
= (Elf64_Word
)e32
.e_shstrndx
;
1712 * If the number of section headers or program headers or the section
1713 * header string table index would overflow their respective fields
1714 * in the ELF header, they're stored in the section header at index
1715 * zero. To simplify use elsewhere, we look for those sentinel values
1718 if ((efp
->e_hdr
.e_shnum
== 0 && efp
->e_hdr
.e_shoff
!= 0) ||
1719 efp
->e_hdr
.e_shstrndx
== SHN_XINDEX
||
1720 efp
->e_hdr
.e_phnum
== PN_XNUM
) {
1723 dprintf("extended ELF header\n");
1725 if (efp
->e_hdr
.e_shoff
== 0) {
1731 if (efp
->e_hdr
.e_ident
[EI_CLASS
] == ELFCLASS32
) {
1734 if (pread64(efp
->e_fd
, &shdr32
, sizeof (shdr32
),
1735 efp
->e_hdr
.e_shoff
) != sizeof (shdr32
)) {
1741 core_shdr_to_gelf(&shdr32
, &shdr
);
1743 if (pread64(efp
->e_fd
, &shdr
, sizeof (shdr
),
1744 efp
->e_hdr
.e_shoff
) != sizeof (shdr
)) {
1751 if (efp
->e_hdr
.e_shnum
== 0) {
1752 efp
->e_hdr
.e_shnum
= shdr
.sh_size
;
1753 dprintf("section header count %lu\n",
1754 (ulong_t
)shdr
.sh_size
);
1757 if (efp
->e_hdr
.e_shstrndx
== SHN_XINDEX
) {
1758 efp
->e_hdr
.e_shstrndx
= shdr
.sh_link
;
1759 dprintf("section string index %u\n", shdr
.sh_link
);
1762 if (efp
->e_hdr
.e_phnum
== PN_XNUM
&& shdr
.sh_info
!= 0) {
1763 efp
->e_hdr
.e_phnum
= shdr
.sh_info
;
1764 dprintf("program header count %u\n", shdr
.sh_info
);
1767 } else if (efp
->e_hdr
.e_phoff
!= 0) {
1772 * It's possible this core file came from a system that
1773 * accidentally truncated the e_phnum field without correctly
1774 * using the extended format in the section header at index
1775 * zero. We try to detect and correct that specific type of
1776 * corruption by using the knowledge that the core dump
1777 * routines usually place the data referenced by the first
1778 * program header immediately after the last header element.
1780 if (efp
->e_hdr
.e_ident
[EI_CLASS
] == ELFCLASS32
) {
1783 if (pread64(efp
->e_fd
, &phdr32
, sizeof (phdr32
),
1784 efp
->e_hdr
.e_phoff
) != sizeof (phdr32
)) {
1790 core_phdr_to_gelf(&phdr32
, &phdr
);
1792 if (pread64(efp
->e_fd
, &phdr
, sizeof (phdr
),
1793 efp
->e_hdr
.e_phoff
) != sizeof (phdr
)) {
1800 phnum
= phdr
.p_offset
- efp
->e_hdr
.e_ehsize
-
1801 (uint64_t)efp
->e_hdr
.e_shnum
* efp
->e_hdr
.e_shentsize
;
1802 phnum
/= efp
->e_hdr
.e_phentsize
;
1804 if (phdr
.p_offset
!= 0 && phnum
!= efp
->e_hdr
.e_phnum
) {
1805 dprintf("suspicious program header count %u %u\n",
1806 (uint_t
)phnum
, efp
->e_hdr
.e_phnum
);
1809 * If the new program header count we computed doesn't
1810 * jive with count in the ELF header, we'll use the
1811 * data that's there and hope for the best.
1813 * If it does, it's also possible that the section
1814 * header offset is incorrect; we'll check that and
1815 * possibly try to fix it.
1817 if (phnum
<= INT_MAX
&&
1818 (uint16_t)phnum
== efp
->e_hdr
.e_phnum
) {
1820 if (efp
->e_hdr
.e_shoff
== efp
->e_hdr
.e_phoff
+
1821 efp
->e_hdr
.e_phentsize
*
1822 (uint_t
)efp
->e_hdr
.e_phnum
) {
1823 efp
->e_hdr
.e_shoff
=
1824 efp
->e_hdr
.e_phoff
+
1825 efp
->e_hdr
.e_phentsize
* phnum
;
1828 efp
->e_hdr
.e_phnum
= (Elf64_Word
)phnum
;
1829 dprintf("using new program header count\n");
1831 dprintf("inconsistent program header count\n");
1837 * The libelf implementation was never ported to be large-file aware.
1838 * This is typically not a problem for your average executable or
1839 * shared library, but a large 32-bit core file can exceed 2GB in size.
1840 * So if type is ET_CORE, we don't bother doing elf_begin; the code
1841 * in Pfgrab_core() below will do its own i/o and struct conversion.
1844 if (type
== ET_CORE
) {
1849 if ((efp
->e_elf
= elf_begin(efp
->e_fd
, ELF_C_READ
, NULL
)) == NULL
) {
1863 * Open the specified file and then do a core_elf_fdopen on it.
1866 core_elf_open(elf_file_t
*efp
, const char *path
, GElf_Half type
, int *perr
)
1868 (void) memset(efp
, 0, sizeof (elf_file_t
));
1870 if ((efp
->e_fd
= open64(path
, O_RDONLY
)) >= 0) {
1871 if (core_elf_fdopen(efp
, type
, perr
) == 0)
1874 (void) close(efp
->e_fd
);
1882 * Close the ELF handle and file descriptor.
1885 core_elf_close(elf_file_t
*efp
)
1887 if (efp
->e_elf
!= NULL
) {
1888 (void) elf_end(efp
->e_elf
);
1892 if (efp
->e_fd
!= -1) {
1893 (void) close(efp
->e_fd
);
1899 * Given an ELF file for a statically linked executable, locate the likely
1900 * primary text section and fill in rl_base with its virtual address.
1903 core_find_text(struct ps_prochandle
*P
, Elf
*elf
, rd_loadobj_t
*rlp
)
1909 if (elf_getphdrnum(elf
, &nphdrs
) == -1)
1912 for (i
= 0; i
< nphdrs
; i
++) {
1913 if (gelf_getphdr(elf
, i
, &phdr
) != NULL
&&
1914 phdr
.p_type
== PT_LOAD
&& (phdr
.p_flags
& PF_X
)) {
1915 rlp
->rl_base
= phdr
.p_vaddr
;
1916 return (Paddr2mptr(P
, rlp
->rl_base
));
1924 * Given an ELF file and the librtld_db structure corresponding to its primary
1925 * text mapping, deduce where its data segment was loaded and fill in
1926 * rl_data_base and prmap_t.pr_offset accordingly.
1929 core_find_data(struct ps_prochandle
*P
, Elf
*elf
, rd_loadobj_t
*rlp
)
1937 rlp
->rl_data_base
= NULL
;
1940 * Find the first loadable, writeable Phdr and compute rl_data_base
1941 * as the virtual address at which is was loaded.
1943 if (gelf_getehdr(elf
, &ehdr
) == NULL
||
1944 elf_getphdrnum(elf
, &nphdrs
) == -1)
1947 for (i
= 0; i
< nphdrs
; i
++) {
1948 if (gelf_getphdr(elf
, i
, &phdr
) != NULL
&&
1949 phdr
.p_type
== PT_LOAD
&& (phdr
.p_flags
& PF_W
)) {
1950 rlp
->rl_data_base
= phdr
.p_vaddr
;
1951 if (ehdr
.e_type
== ET_DYN
)
1952 rlp
->rl_data_base
+= rlp
->rl_base
;
1958 * If we didn't find an appropriate phdr or if the address we
1959 * computed has no mapping, return NULL.
1961 if (rlp
->rl_data_base
== NULL
||
1962 (mp
= Paddr2mptr(P
, rlp
->rl_data_base
)) == NULL
)
1966 * It wouldn't be procfs-related code if we didn't make use of
1967 * unclean knowledge of segvn, even in userland ... the prmap_t's
1968 * pr_offset field will be the segvn offset from mmap(2)ing the
1969 * data section, which will be the file offset & PAGEMASK.
1971 pagemask
= ~(mp
->map_pmap
.pr_pagesize
- 1);
1972 mp
->map_pmap
.pr_offset
= phdr
.p_offset
& pagemask
;
1978 * Librtld_db agent callback for iterating over load object mappings.
1979 * For each load object, we allocate a new file_info_t, perform naming,
1980 * and attempt to construct a symbol table for the load object.
1983 core_iter_mapping(const rd_loadobj_t
*rlp
, struct ps_prochandle
*P
)
1985 core_info_t
*core
= P
->data
;
1986 char lname
[PATH_MAX
], buf
[PATH_MAX
];
1990 if (Pread_string(P
, lname
, PATH_MAX
, (off_t
)rlp
->rl_nameaddr
) <= 0) {
1991 dprintf("failed to read name %p\n", (void *)rlp
->rl_nameaddr
);
1992 return (1); /* Keep going; forget this if we can't get a name */
1995 dprintf("rd_loadobj name = \"%s\" rl_base = %p\n",
1996 lname
, (void *)rlp
->rl_base
);
1998 if ((mp
= Paddr2mptr(P
, rlp
->rl_base
)) == NULL
) {
1999 dprintf("no mapping for %p\n", (void *)rlp
->rl_base
);
2000 return (1); /* No mapping; advance to next mapping */
2004 * Create a new file_info_t for this mapping, and therefore for
2007 * If there's an ELF header at the beginning of this mapping,
2008 * file_info_new() will try to use its section headers to
2009 * identify any other mappings that belong to this load object.
2011 if ((fp
= mp
->map_file
) == NULL
&&
2012 (fp
= file_info_new(P
, mp
)) == NULL
) {
2013 core
->core_errno
= errno
;
2014 dprintf("failed to malloc mapping data\n");
2015 return (0); /* Abort */
2019 /* Create a local copy of the load object representation */
2020 if ((fp
->file_lo
= calloc(1, sizeof (rd_loadobj_t
))) == NULL
) {
2021 core
->core_errno
= errno
;
2022 dprintf("failed to malloc mapping data\n");
2023 return (0); /* Abort */
2025 *fp
->file_lo
= *rlp
;
2027 if (lname
[0] != '\0') {
2029 * Naming dance part 1: if we got a name from librtld_db, then
2030 * copy this name to the prmap_t if it is unnamed. If the
2031 * file_info_t is unnamed, name it after the lname.
2033 if (mp
->map_pmap
.pr_mapname
[0] == '\0') {
2034 (void) strncpy(mp
->map_pmap
.pr_mapname
, lname
, PRMAPSZ
);
2035 mp
->map_pmap
.pr_mapname
[PRMAPSZ
- 1] = '\0';
2038 if (fp
->file_lname
== NULL
)
2039 fp
->file_lname
= strdup(lname
);
2041 } else if (fp
->file_lname
== NULL
&&
2042 mp
->map_pmap
.pr_mapname
[0] != '\0') {
2044 * Naming dance part 2: if the mapping is named and the
2045 * file_info_t is not, name the file after the mapping.
2047 fp
->file_lname
= strdup(mp
->map_pmap
.pr_mapname
);
2050 if ((fp
->file_rname
== NULL
) &&
2051 (Pfindmap(P
, mp
, buf
, sizeof (buf
)) != NULL
))
2052 fp
->file_rname
= strdup(buf
);
2054 if (fp
->file_lname
!= NULL
)
2055 fp
->file_lbase
= basename(fp
->file_lname
);
2056 if (fp
->file_rname
!= NULL
)
2057 fp
->file_rbase
= basename(fp
->file_rname
);
2059 /* Associate the file and the mapping. */
2060 (void) strncpy(fp
->file_pname
, mp
->map_pmap
.pr_mapname
, PRMAPSZ
);
2061 fp
->file_pname
[PRMAPSZ
- 1] = '\0';
2064 * If no section headers were available then we'll have to
2065 * identify this load object's other mappings with what we've
2066 * got: the start and end of the object's corresponding
2069 if (fp
->file_saddrs
== NULL
) {
2070 for (mp
= fp
->file_map
+ 1; mp
< P
->mappings
+ P
->map_count
&&
2071 mp
->map_pmap
.pr_vaddr
< rlp
->rl_bend
; mp
++) {
2073 if (mp
->map_file
== NULL
) {
2074 dprintf("core_iter_mapping %s: associating "
2077 (void *)mp
->map_pmap
.pr_vaddr
);
2081 dprintf("core_iter_mapping %s: segment at "
2082 "%p already associated with %s\n",
2084 (void *)mp
->map_pmap
.pr_vaddr
,
2085 (mp
== fp
->file_map
? "this file" :
2086 mp
->map_file
->file_pname
));
2091 /* Ensure that all this file's mappings are named. */
2092 for (mp
= fp
->file_map
; mp
< P
->mappings
+ P
->map_count
&&
2093 mp
->map_file
== fp
; mp
++) {
2094 if (mp
->map_pmap
.pr_mapname
[0] == '\0' &&
2095 !(mp
->map_pmap
.pr_mflags
& MA_BREAK
)) {
2096 (void) strncpy(mp
->map_pmap
.pr_mapname
, fp
->file_pname
,
2098 mp
->map_pmap
.pr_mapname
[PRMAPSZ
- 1] = '\0';
2102 /* Attempt to build a symbol table for this file. */
2103 Pbuild_file_symtab(P
, fp
);
2104 if (fp
->file_elf
== NULL
)
2105 dprintf("core_iter_mapping: no symtab for %s\n",
2108 /* Locate the start of a data segment associated with this file. */
2109 if ((mp
= core_find_data(P
, fp
->file_elf
, fp
->file_lo
)) != NULL
) {
2110 dprintf("found data for %s at %p (pr_offset 0x%llx)\n",
2111 fp
->file_pname
, (void *)fp
->file_lo
->rl_data_base
,
2112 mp
->map_pmap
.pr_offset
);
2114 dprintf("core_iter_mapping: no data found for %s\n",
2118 return (1); /* Advance to next mapping */
2122 * Callback function for Pfindexec(). In order to confirm a given pathname,
2123 * we verify that we can open it as an ELF file of type ET_EXEC or ET_DYN.
2126 core_exec_open(const char *path
, void *efp
)
2128 if (core_elf_open(efp
, path
, ET_EXEC
, NULL
) == 0)
2130 if (core_elf_open(efp
, path
, ET_DYN
, NULL
) == 0)
2136 * Attempt to load any section headers found in the core file. If present,
2137 * this will refer to non-loadable data added to the core file by the kernel
2138 * based on coreadm(1M) settings, including CTF data and the symbol table.
2141 core_load_shdrs(struct ps_prochandle
*P
, elf_file_t
*efp
)
2143 GElf_Shdr
*shp
, *shdrs
= NULL
;
2144 char *shstrtab
= NULL
;
2153 if (efp
->e_hdr
.e_shstrndx
>= efp
->e_hdr
.e_shnum
) {
2154 dprintf("corrupt shstrndx (%u) exceeds shnum (%u)\n",
2155 efp
->e_hdr
.e_shstrndx
, efp
->e_hdr
.e_shnum
);
2160 * Read the section header table from the core file and then iterate
2161 * over the section headers, converting each to a GElf_Shdr.
2163 if ((shdrs
= malloc(efp
->e_hdr
.e_shnum
* sizeof (GElf_Shdr
))) == NULL
) {
2164 dprintf("failed to malloc %u section headers: %s\n",
2165 (uint_t
)efp
->e_hdr
.e_shnum
, strerror(errno
));
2169 nbytes
= efp
->e_hdr
.e_shnum
* efp
->e_hdr
.e_shentsize
;
2170 if ((buf
= malloc(nbytes
)) == NULL
) {
2171 dprintf("failed to malloc %d bytes: %s\n", (int)nbytes
,
2177 if (pread64(efp
->e_fd
, buf
, nbytes
, efp
->e_hdr
.e_shoff
) != nbytes
) {
2178 dprintf("failed to read section headers at off %lld: %s\n",
2179 (longlong_t
)efp
->e_hdr
.e_shoff
, strerror(errno
));
2184 for (i
= 0; i
< efp
->e_hdr
.e_shnum
; i
++) {
2185 void *p
= (uchar_t
*)buf
+ efp
->e_hdr
.e_shentsize
* i
;
2187 if (efp
->e_hdr
.e_ident
[EI_CLASS
] == ELFCLASS32
)
2188 core_shdr_to_gelf(p
, &shdrs
[i
]);
2190 (void) memcpy(&shdrs
[i
], p
, sizeof (GElf_Shdr
));
2197 * Read the .shstrtab section from the core file, terminating it with
2198 * an extra \0 so that a corrupt section will not cause us to die.
2200 shp
= &shdrs
[efp
->e_hdr
.e_shstrndx
];
2201 shstrtabsz
= shp
->sh_size
;
2203 if ((shstrtab
= malloc(shstrtabsz
+ 1)) == NULL
) {
2204 dprintf("failed to allocate %lu bytes for shstrtab\n",
2205 (ulong_t
)shstrtabsz
);
2209 if (pread64(efp
->e_fd
, shstrtab
, shstrtabsz
,
2210 shp
->sh_offset
) != shstrtabsz
) {
2211 dprintf("failed to read %lu bytes of shstrs at off %lld: %s\n",
2212 shstrtabsz
, (longlong_t
)shp
->sh_offset
, strerror(errno
));
2216 shstrtab
[shstrtabsz
] = '\0';
2219 * Now iterate over each section in the section header table, locating
2220 * sections of interest and initializing more of the ps_prochandle.
2222 for (i
= 0; i
< efp
->e_hdr
.e_shnum
; i
++) {
2224 name
= shstrtab
+ shp
->sh_name
;
2226 if (shp
->sh_name
>= shstrtabsz
) {
2227 dprintf("skipping section [%d]: corrupt sh_name\n", i
);
2231 if (shp
->sh_link
>= efp
->e_hdr
.e_shnum
) {
2232 dprintf("skipping section [%d]: corrupt sh_link\n", i
);
2236 dprintf("found section header %s (sh_addr 0x%llx)\n",
2237 name
, (u_longlong_t
)shp
->sh_addr
);
2239 if (strcmp(name
, ".SUNW_ctf") == 0) {
2240 if ((mp
= Paddr2mptr(P
, shp
->sh_addr
)) == NULL
) {
2241 dprintf("no map at addr 0x%llx for %s [%d]\n",
2242 (u_longlong_t
)shp
->sh_addr
, name
, i
);
2246 if (mp
->map_file
== NULL
||
2247 mp
->map_file
->file_ctf_buf
!= NULL
) {
2248 dprintf("no mapping file or duplicate buffer "
2249 "for %s [%d]\n", name
, i
);
2253 if ((buf
= malloc(shp
->sh_size
)) == NULL
||
2254 pread64(efp
->e_fd
, buf
, shp
->sh_size
,
2255 shp
->sh_offset
) != shp
->sh_size
) {
2256 dprintf("skipping section %s [%d]: %s\n",
2257 name
, i
, strerror(errno
));
2262 mp
->map_file
->file_ctf_size
= shp
->sh_size
;
2263 mp
->map_file
->file_ctf_buf
= buf
;
2265 if (shdrs
[shp
->sh_link
].sh_type
== SHT_DYNSYM
)
2266 mp
->map_file
->file_ctf_dyn
= 1;
2268 } else if (strcmp(name
, ".symtab") == 0) {
2269 fake_up_symtab(P
, &efp
->e_hdr
,
2270 shp
, &shdrs
[shp
->sh_link
]);
2279 * Main engine for core file initialization: given an fd for the core file
2280 * and an optional pathname, construct the ps_prochandle. The aout_path can
2281 * either be a suggested executable pathname, or a suggested directory to
2282 * use as a possible current working directory.
2284 struct ps_prochandle
*
2285 Pfgrab_core(int core_fd
, const char *aout_path
, int *perr
)
2287 struct ps_prochandle
*P
;
2288 core_info_t
*core_info
;
2289 map_info_t
*stk_mp
, *brk_mp
;
2290 const char *execname
;
2292 int i
, notes
, pagesize
;
2293 uintptr_t addr
, base_addr
;
2294 struct stat64 stbuf
;
2298 boolean_t from_linux
= B_FALSE
;
2304 Elf_Scn
*scn
, *intp_scn
= NULL
;
2307 GElf_Phdr phdr
, note_phdr
;
2311 if (elf_version(EV_CURRENT
) == EV_NONE
) {
2312 dprintf("libproc ELF version is more recent than libelf\n");
2321 core
.e_fd
= core_fd
;
2324 * Allocate and initialize a ps_prochandle structure for the core.
2325 * There are several key pieces of initialization here:
2327 * 1. The PS_DEAD state flag marks this prochandle as a core file.
2328 * PS_DEAD also thus prevents all operations which require state
2329 * to be PS_STOP from operating on this handle.
2331 * 2. We keep the core file fd in P->asfd since the core file contains
2332 * the remnants of the process address space.
2334 * 3. We set the P->info_valid bit because all information about the
2335 * core is determined by the end of this function; there is no need
2336 * for proc_update_maps() to reload mappings at any later point.
2338 * 4. The read/write ops vector uses our core_rw() function defined
2339 * above to handle i/o requests.
2341 if ((P
= malloc(sizeof (struct ps_prochandle
))) == NULL
) {
2346 (void) memset(P
, 0, sizeof (struct ps_prochandle
));
2347 (void) mutex_init(&P
->proc_lock
, USYNC_THREAD
, NULL
);
2350 P
->asfd
= core
.e_fd
;
2354 P
->agentstatfd
= -1;
2357 Pinit_ops(&P
->ops
, &P_core_ops
);
2362 * Fstat and open the core file and make sure it is a valid ELF core.
2364 if (fstat64(P
->asfd
, &stbuf
) == -1) {
2369 if (core_elf_fdopen(&core
, ET_CORE
, perr
) == -1)
2373 * Allocate and initialize a core_info_t to hang off the ps_prochandle
2374 * structure. We keep all core-specific information in this structure.
2376 if ((core_info
= calloc(1, sizeof (core_info_t
))) == NULL
) {
2381 P
->data
= core_info
;
2382 list_link(&core_info
->core_lwp_head
, NULL
);
2383 core_info
->core_size
= stbuf
.st_size
;
2385 * In the days before adjustable core file content, this was the
2386 * default core file content. For new core files, this value will
2387 * be overwritten by the NT_CONTENT note section.
2389 core_info
->core_content
= CC_CONTENT_STACK
| CC_CONTENT_HEAP
|
2390 CC_CONTENT_DATA
| CC_CONTENT_RODATA
| CC_CONTENT_ANON
|
2393 switch (core
.e_hdr
.e_ident
[EI_CLASS
]) {
2395 core_info
->core_dmodel
= PR_MODEL_ILP32
;
2398 core_info
->core_dmodel
= PR_MODEL_LP64
;
2404 core_info
->core_osabi
= core
.e_hdr
.e_ident
[EI_OSABI
];
2407 * Because the core file may be a large file, we can't use libelf to
2408 * read the Phdrs. We use e_phnum and e_phentsize to simplify things.
2410 nbytes
= core
.e_hdr
.e_phnum
* core
.e_hdr
.e_phentsize
;
2412 if ((phbuf
= malloc(nbytes
)) == NULL
) {
2417 if (pread64(core_fd
, phbuf
, nbytes
, core
.e_hdr
.e_phoff
) != nbytes
) {
2424 * Iterate through the program headers in the core file.
2425 * We're interested in two types of Phdrs: PT_NOTE (which
2426 * contains a set of saved /proc structures), and PT_LOAD (which
2427 * represents a memory mapping from the process's address space).
2428 * In the case of PT_NOTE, we're interested in the last PT_NOTE
2429 * in the core file; currently the first PT_NOTE (if present)
2430 * contains /proc structs in the pre-2.6 unstructured /proc format.
2432 for (php
= phbuf
, notes
= 0, i
= 0; i
< core
.e_hdr
.e_phnum
; i
++) {
2433 if (core
.e_hdr
.e_ident
[EI_CLASS
] == ELFCLASS64
)
2434 (void) memcpy(&phdr
, php
, sizeof (GElf_Phdr
));
2436 core_phdr_to_gelf(php
, &phdr
);
2438 switch (phdr
.p_type
) {
2445 if (core_add_mapping(P
, &phdr
) == -1) {
2452 dprintf("Pgrab_core: unknown phdr %d\n", phdr
.p_type
);
2456 php
= (char *)php
+ core
.e_hdr
.e_phentsize
;
2464 * If we couldn't find anything of type PT_NOTE, or only one PT_NOTE
2465 * was present, abort. The core file is either corrupt or too old.
2467 if (notes
== 0 || (notes
== 1 && core_info
->core_osabi
==
2468 ELFOSABI_SOLARIS
)) {
2474 * Advance the seek pointer to the start of the PT_NOTE data
2476 if (lseek64(P
->asfd
, note_phdr
.p_offset
, SEEK_SET
) == (off64_t
)-1) {
2477 dprintf("Pgrab_core: failed to lseek to PT_NOTE data\n");
2483 * Now process the PT_NOTE structures. Each one is preceded by
2484 * an Elf{32/64}_Nhdr structure describing its type and size.
2496 for (nleft
= note_phdr
.p_filesz
; nleft
> 0; ) {
2498 off64_t off
, namesz
, descsz
;
2501 * Although <sys/elf.h> defines both Elf32_Nhdr and Elf64_Nhdr
2502 * as different types, they are both of the same content and
2503 * size, so we don't need to worry about 32/64 conversion here.
2505 if (read(P
->asfd
, &nhdr
, sizeof (nhdr
)) != sizeof (nhdr
)) {
2506 dprintf("Pgrab_core: failed to read ELF note header\n");
2512 * According to the System V ABI, the amount of padding
2513 * following the name field should align the description
2514 * field on a 4 byte boundary for 32-bit binaries or on an 8
2515 * byte boundary for 64-bit binaries. However, this change
2516 * was not made correctly during the 64-bit port so all
2517 * descriptions can assume only 4-byte alignment. We ignore
2518 * the name field and the padding to 4-byte alignment.
2520 namesz
= P2ROUNDUP((off64_t
)nhdr
.n_namesz
, (off64_t
)4);
2522 if (lseek64(P
->asfd
, namesz
, SEEK_CUR
) == (off64_t
)-1) {
2523 dprintf("failed to seek past name and padding\n");
2528 dprintf("Note hdr n_type=%u n_namesz=%u n_descsz=%u\n",
2529 nhdr
.n_type
, nhdr
.n_namesz
, nhdr
.n_descsz
);
2531 off
= lseek64(P
->asfd
, (off64_t
)0L, SEEK_CUR
);
2534 * Invoke the note handler function from our table
2536 if (nhdr
.n_type
< sizeof (nhdlrs
) / sizeof (nhdlrs
[0])) {
2537 if (nhdlrs
[nhdr
.n_type
](P
, nhdr
.n_descsz
) < 0) {
2538 dprintf("handler for type %d returned < 0",
2544 * The presence of either of these notes indicates that
2545 * the dump was generated on Linux.
2548 if (nhdr
.n_type
== NT_PRSTATUS
||
2549 nhdr
.n_type
== NT_PRPSINFO
)
2550 from_linux
= B_TRUE
;
2553 (void) note_notsup(P
, nhdr
.n_descsz
);
2557 * Seek past the current note data to the next Elf_Nhdr
2559 descsz
= P2ROUNDUP((off64_t
)nhdr
.n_descsz
, (off64_t
)4);
2560 if (lseek64(P
->asfd
, off
+ descsz
, SEEK_SET
) == (off64_t
)-1) {
2561 dprintf("Pgrab_core: failed to seek to next nhdr\n");
2567 * Subtract the size of the header and its data from what
2568 * we have left to process.
2570 nleft
-= sizeof (nhdr
) + namesz
+ descsz
;
2578 P
->status
.pr_dmodel
= core_info
->core_dmodel
;
2580 lwp
= list_next(&core_info
->core_lwp_head
);
2582 pid
= P
->status
.pr_pid
;
2584 for (tcount
= 0; tcount
< core_info
->core_nlwp
;
2585 tcount
++, lwp
= list_next(lwp
)) {
2586 dprintf("Linux thread with id %d\n", lwp
->lwp_id
);
2589 * In the case we don't have a valid psinfo (i.e. pid is
2590 * 0, probably because of gdb creating the core) assume
2591 * lowest pid count is the first thread (what if the
2592 * next thread wraps the pid around?)
2594 if (P
->status
.pr_pid
== 0 &&
2595 ((pid
== 0 && lwp
->lwp_id
> 0) ||
2596 (lwp
->lwp_id
< pid
))) {
2601 if (P
->status
.pr_pid
!= pid
) {
2602 dprintf("No valid pid, setting to %ld\n", (ulong_t
)pid
);
2603 P
->status
.pr_pid
= pid
;
2604 P
->psinfo
.pr_pid
= pid
;
2608 * Consumers like mdb expect the first thread to actually have
2609 * an id of 1, on linux that is actually the pid. Find the the
2610 * thread with our process id, and set the id to 1
2612 if ((lwp
= lwpid2info(P
, pid
)) == NULL
) {
2613 dprintf("Couldn't find first thread\n");
2618 dprintf("setting representative thread: %d\n", lwp
->lwp_id
);
2621 lwp
->lwp_status
.pr_lwpid
= 1;
2623 /* set representative thread */
2624 (void) memcpy(&P
->status
.pr_lwp
, &lwp
->lwp_status
,
2625 sizeof (P
->status
.pr_lwp
));
2630 dprintf("Pgrab_core: note section malformed\n");
2635 if ((pagesize
= Pgetauxval(P
, AT_PAGESZ
)) == -1) {
2636 pagesize
= getpagesize();
2637 dprintf("AT_PAGESZ missing; defaulting to %d\n", pagesize
);
2641 * Locate and label the mappings corresponding to the end of the
2642 * heap (MA_BREAK) and the base of the stack (MA_STACK).
2644 if ((P
->status
.pr_brkbase
!= 0 || P
->status
.pr_brksize
!= 0) &&
2645 (brk_mp
= Paddr2mptr(P
, P
->status
.pr_brkbase
+
2646 P
->status
.pr_brksize
- 1)) != NULL
)
2647 brk_mp
->map_pmap
.pr_mflags
|= MA_BREAK
;
2651 if ((stk_mp
= Paddr2mptr(P
, P
->status
.pr_stkbase
)) != NULL
)
2652 stk_mp
->map_pmap
.pr_mflags
|= MA_STACK
;
2655 * At this point, we have enough information to look for the
2656 * executable and open it: we have access to the auxv, a psinfo_t,
2657 * and the ability to read from mappings provided by the core file.
2659 (void) Pfindexec(P
, aout_path
, core_exec_open
, &aout
);
2660 dprintf("P->execname = \"%s\"\n", P
->execname
? P
->execname
: "NULL");
2661 execname
= P
->execname
? P
->execname
: "a.out";
2664 * Iterate through the sections, looking for the .dynamic and .interp
2665 * sections. If we encounter them, remember their section pointers.
2667 for (scn
= NULL
; (scn
= elf_nextscn(aout
.e_elf
, scn
)) != NULL
; ) {
2670 if ((gelf_getshdr(scn
, &shdr
) == NULL
) ||
2671 (sname
= elf_strptr(aout
.e_elf
, aout
.e_hdr
.e_shstrndx
,
2672 (size_t)shdr
.sh_name
)) == NULL
)
2675 if (strcmp(sname
, ".interp") == 0)
2680 * Get the AT_BASE auxv element. If this is missing (-1), then
2681 * we assume this is a statically-linked executable.
2683 base_addr
= Pgetauxval(P
, AT_BASE
);
2686 * In order to get librtld_db initialized, we'll need to identify
2687 * and name the mapping corresponding to the run-time linker. The
2688 * AT_BASE auxv element tells us the address where it was mapped,
2689 * and the .interp section of the executable tells us its path.
2690 * If for some reason that doesn't pan out, just use ld.so.1.
2692 if (intp_scn
!= NULL
&& (dp
= elf_getdata(intp_scn
, NULL
)) != NULL
&&
2694 dprintf(".interp = <%s>\n", (char *)dp
->d_buf
);
2697 } else if (base_addr
!= (uintptr_t)-1L) {
2698 if (core_info
->core_dmodel
== PR_MODEL_LP64
)
2699 interp
= "/usr/lib/64/ld.so.1";
2701 interp
= "/usr/lib/ld.so.1";
2703 dprintf(".interp section is missing or could not be read; "
2704 "defaulting to %s\n", interp
);
2706 dprintf("detected statically linked executable\n");
2709 * If we have an AT_BASE element, name the mapping at that address
2710 * using the interpreter pathname. Name the corresponding data
2711 * mapping after the interpreter as well.
2713 if (base_addr
!= (uintptr_t)-1L) {
2716 P
->map_ldso
= core_name_mapping(P
, base_addr
, interp
);
2718 if (core_elf_open(&intf
, interp
, ET_DYN
, NULL
) == 0) {
2722 rl
.rl_base
= base_addr
;
2723 dmp
= core_find_data(P
, intf
.e_elf
, &rl
);
2726 dprintf("renamed data at %p to %s\n",
2727 (void *)rl
.rl_data_base
, interp
);
2728 (void) strncpy(dmp
->map_pmap
.pr_mapname
,
2730 dmp
->map_pmap
.pr_mapname
[PRMAPSZ
- 1] = '\0';
2734 core_elf_close(&intf
);
2738 * If we have an AT_ENTRY element, name the mapping at that address
2739 * using the special name "a.out" just like /proc does.
2741 if ((addr
= Pgetauxval(P
, AT_ENTRY
)) != (uintptr_t)-1L)
2742 P
->map_exec
= core_name_mapping(P
, addr
, "a.out");
2745 * If we're a statically linked executable (or we're on x86 and looking
2746 * at a Linux core dump), then just locate the executable's text and
2747 * data and name them after the executable.
2750 if (base_addr
== (uintptr_t)-1L) {
2752 if (base_addr
== (uintptr_t)-1L || from_linux
) {
2754 dprintf("looking for text and data: %s\n", execname
);
2755 map_info_t
*tmp
, *dmp
;
2759 if ((tmp
= core_find_text(P
, aout
.e_elf
, &rl
)) != NULL
&&
2760 (dmp
= core_find_data(P
, aout
.e_elf
, &rl
)) != NULL
) {
2761 (void) strncpy(tmp
->map_pmap
.pr_mapname
,
2763 tmp
->map_pmap
.pr_mapname
[PRMAPSZ
- 1] = '\0';
2764 (void) strncpy(dmp
->map_pmap
.pr_mapname
,
2766 dmp
->map_pmap
.pr_mapname
[PRMAPSZ
- 1] = '\0';
2769 if ((P
->map_exec
= tmp
) != NULL
&&
2770 (fp
= malloc(sizeof (file_info_t
))) != NULL
) {
2772 (void) memset(fp
, 0, sizeof (file_info_t
));
2774 list_link(fp
, &P
->file_head
);
2781 fp
->file_lo
= malloc(sizeof (rd_loadobj_t
));
2782 fp
->file_lname
= strdup(execname
);
2787 fp
->file_lbase
= basename(fp
->file_lname
);
2789 fp
->file_rbase
= basename(fp
->file_rname
);
2791 (void) strcpy(fp
->file_pname
,
2792 P
->mappings
[0].map_pmap
.pr_mapname
);
2795 Pbuild_file_symtab(P
, fp
);
2804 core_elf_close(&aout
);
2807 * We now have enough information to initialize librtld_db.
2808 * After it warms up, we can iterate through the load object chain
2809 * in the core, which will allow us to construct the file info
2810 * we need to provide symbol information for the other shared
2811 * libraries, and also to fill in the missing mapping names.
2813 rd_log(_libproc_debug
);
2815 if ((P
->rap
= rd_new(P
)) != NULL
) {
2816 (void) rd_loadobj_iter(P
->rap
, (rl_iter_f
*)
2817 core_iter_mapping
, P
);
2819 if (core_info
->core_errno
!= 0) {
2820 errno
= core_info
->core_errno
;
2825 dprintf("failed to initialize rtld_db agent\n");
2828 * If there are sections, load them and process the data from any
2829 * sections that we can use to annotate the file_info_t's.
2831 core_load_shdrs(P
, &core
);
2834 * If we previously located a stack or break mapping, and they are
2835 * still anonymous, we now assume that they were MAP_ANON mappings.
2836 * If brk_mp turns out to now have a name, then the heap is still
2837 * sitting at the end of the executable's data+bss mapping: remove
2838 * the previous MA_BREAK setting to be consistent with /proc.
2840 if (stk_mp
!= NULL
&& stk_mp
->map_pmap
.pr_mapname
[0] == '\0')
2841 stk_mp
->map_pmap
.pr_mflags
|= MA_ANON
;
2842 if (brk_mp
!= NULL
&& brk_mp
->map_pmap
.pr_mapname
[0] == '\0')
2843 brk_mp
->map_pmap
.pr_mflags
|= MA_ANON
;
2844 else if (brk_mp
!= NULL
)
2845 brk_mp
->map_pmap
.pr_mflags
&= ~MA_BREAK
;
2852 core_elf_close(&aout
);
2857 * Grab a core file using a pathname. We just open it and call Pfgrab_core().
2859 struct ps_prochandle
*
2860 Pgrab_core(const char *core
, const char *aout
, int gflag
, int *perr
)
2862 int fd
, oflag
= (gflag
& PGRAB_RDONLY
) ? O_RDONLY
: O_RDWR
;
2864 if ((fd
= open64(core
, oflag
)) >= 0)
2865 return (Pfgrab_core(fd
, aout
, perr
));
2867 if (errno
!= ENOENT
)