search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
-> 3.17.0 final.
[valgrind.git] / coregrind / vgdb-invoker-ptrace.c
blob389748960f14d34fd4b05f1eaa49eeb5e38f05aa
1 /*--------------------------------------------------------------------*/
2 /*--- Implementation of vgdb invoker subsystem via ptrace() calls. ---*/
3 /*--------------------------------------------------------------------*/
4
5 /*
6 This file is part of Valgrind, a dynamic binary instrumentation
7 framework.
8
9 Copyright (C) 2011-2017 Philippe Waroquiers
10
11 This program is free software; you can redistribute it and/or
12 modify it under the terms of the GNU General Public License as
13 published by the Free Software Foundation; either version 2 of the
14 License, or (at your option) any later version.
15
16 This program is distributed in the hope that it will be useful, but
17 WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
19 General Public License for more details.
20
21 You should have received a copy of the GNU General Public License
22 along with this program; if not, see <http://www.gnu.org/licenses/>.
23
24 The GNU General Public License is contained in the file COPYING.
25 */
26
27 #include "config.h"
28
29 #include "vgdb.h"
30 #include "pub_core_threadstate.h"
31
32 #include <alloca.h>
33 #include <assert.h>
34 #include <errno.h>
35 #include <stdio.h>
36 #include <stdlib.h>
37 #include <string.h>
38 #include <sys/ptrace.h>
39 #include <sys/time.h>
40 #include <sys/user.h>
41 #include <sys/wait.h>
42
43 #ifdef PTRACE_GETREGSET
44 // TBD: better have a configure test instead ?
45 #define HAVE_PTRACE_GETREGSET
46
47 // A bi-arch build using PTRACE_GET/SETREGSET needs
48 // some conversion code for register structures.
49 // So, better do not use PTRACE_GET/SETREGSET
50 // Rather we use PTRACE_GETREGS or PTRACE_PEEKUSER.
51
52 // The only platform on which we must use PTRACE_GETREGSET is arm64.
53 // The resulting vgdb cannot work in a bi-arch setup.
54 // -1 means we will check that PTRACE_GETREGSET works.
55 # if defined(VGA_arm64)
56 #define USE_PTRACE_GETREGSET
57 # endif
58 #endif
59
60 #include <sys/uio.h>
61 #include <elf.h>
62
63 #include <sys/procfs.h>
64
65 // glibc versions prior to 2.5 do not define PTRACE_GETSIGINFO on
66 // the platforms we support.
67 #if !((__GLIBC__ > 2) || (__GLIBC__ == 2 && __GLIBC_MINOR__ >= 5))
68 # ifndef PTRACE_GETSIGINFO
69 # define PTRACE_GETSIGINFO 0x4202
70 # endif
71 #endif
72
73 // 32-bit or 64-bit wide, depending on primary architecture.
74 typedef Addr CORE_ADDR;
75 typedef Addr PTRACE_XFER_TYPE;
76 typedef void* PTRACE_ARG3_TYPE;
77
78 // if > 0, pid for which registers have to be restored.
79 // if == 0, means we have not yet called setregs (or have already
80 // restored the registers).
81 static int pid_of_save_regs = 0;
82 /* True if we have continued pid_of_save_regs after PTRACE_ATTACH. */
83 static Bool pid_of_save_regs_continued = False;
84 // When setregs has been called to change the registers of pid_of_save_regs,
85 // vgdb cannot transmit the signals intercepted during ptrace.
86 // So, we queue them, and will deliver them when detaching.
87 // See function waitstopped for more info.
88 static int signal_queue_sz = 0;
89 static siginfo_t *signal_queue;
90
91 /* True when loss of connection indicating that the Valgrind
92 process is dying. */
93 static Bool dying = False;
94
95 /* ptrace_(read|write)_memory are modified extracts of linux-low.c
96 from gdb 6.6. Copyrighted FSF */
97 /* Copy LEN bytes from valgrind memory starting at MEMADDR
98 to vgdb memory starting at MYADDR. */
99 static
100 int ptrace_read_memory (pid_t inferior_pid, CORE_ADDR memaddr,
101 void *myaddr, size_t len)
102 {
103 register int i;
104 /* Round starting address down to longword boundary. */
105 register CORE_ADDR addr = memaddr & -(CORE_ADDR) sizeof (PTRACE_XFER_TYPE);
106 /* Round ending address up; get number of longwords that makes. */
107 register int count
108 = (((memaddr + len) - addr) + sizeof (PTRACE_XFER_TYPE) - 1)
109 / sizeof (PTRACE_XFER_TYPE);
110 /* Allocate buffer of that many longwords. */
111 register PTRACE_XFER_TYPE *buffer
112 = (PTRACE_XFER_TYPE *) alloca (count * sizeof (PTRACE_XFER_TYPE));
113
114 /* Read all the longwords */
115 for (i = 0; i < count; i++, addr += sizeof (PTRACE_XFER_TYPE)) {
116 errno = 0;
117 buffer[i] = ptrace (PTRACE_PEEKTEXT, inferior_pid,
118 (PTRACE_ARG3_TYPE) addr, 0);
119 if (errno)
120 return errno;
121 }
122
123 /* Copy appropriate bytes out of the buffer. */
124 memcpy (myaddr,
125 (char *) buffer + (memaddr & (sizeof (PTRACE_XFER_TYPE) - 1)), len);
126
127 return 0;
128 }
129
130 /* Copy LEN bytes of data from vgdb memory at MYADDR
131 to valgrind memory at MEMADDR.
132 On failure (cannot write the valgrind memory)
133 returns the value of errno. */
134 __attribute__((unused)) /* not used on all platforms */
135 static
136 int ptrace_write_memory (pid_t inferior_pid, CORE_ADDR memaddr,
137 const void *myaddr, size_t len)
138 {
139 register int i;
140 /* Round starting address down to longword boundary. */
141 register CORE_ADDR addr = memaddr & -(CORE_ADDR) sizeof (PTRACE_XFER_TYPE);
142 /* Round ending address up; get number of longwords that makes. */
143 register int count
144 = (((memaddr + len) - addr) + sizeof (PTRACE_XFER_TYPE) - 1)
145 / sizeof (PTRACE_XFER_TYPE);
146 /* Allocate buffer of that many longwords. */
147 register PTRACE_XFER_TYPE *buffer
148 = (PTRACE_XFER_TYPE *) alloca (count * sizeof (PTRACE_XFER_TYPE));
149
150 if (debuglevel >= 1) {
151 DEBUG (1, "Writing ");
152 for (i = 0; i < len; i++)
153 PDEBUG (1, "%02x", ((const unsigned char*)myaddr)[i]);
154 PDEBUG(1, " to %p\n", (void *) memaddr);
155 }
156
157 /* Fill start and end extra bytes of buffer with existing memory data. */
158
159 buffer[0] = ptrace (PTRACE_PEEKTEXT, inferior_pid,
160 (PTRACE_ARG3_TYPE) addr, 0);
161
162 if (count > 1) {
163 buffer[count - 1]
164 = ptrace (PTRACE_PEEKTEXT, inferior_pid,
165 (PTRACE_ARG3_TYPE) (addr + (count - 1)
166 * sizeof (PTRACE_XFER_TYPE)),
167 0);
168 }
169
170 /* Copy data to be written over corresponding part of buffer */
171
172 memcpy ((char *) buffer + (memaddr & (sizeof (PTRACE_XFER_TYPE) - 1)),
173 myaddr, len);
174
175 /* Write the entire buffer. */
176
177 for (i = 0; i < count; i++, addr += sizeof (PTRACE_XFER_TYPE)) {
178 errno = 0;
179 ptrace (PTRACE_POKETEXT, inferior_pid,
180 (PTRACE_ARG3_TYPE) addr, buffer[i]);
181 if (errno)
182 return errno;
183 }
184
185 return 0;
186 }
187
188 /* subset of VG_(threads) needed for vgdb ptrace.
189 This is initialized when process is attached. */
190 typedef struct {
191 ThreadStatus status;
192 Int lwpid;
193 }
194 VgdbThreadState;
195 static VgdbThreadState *vgdb_threads;
196 static int vg_n_threads;
197
198 static const
199 HChar* name_of_ThreadStatus ( ThreadStatus status )
200 {
201 switch (status) {
202 case VgTs_Empty: return "VgTs_Empty";
203 case VgTs_Init: return "VgTs_Init";
204 case VgTs_Runnable: return "VgTs_Runnable";
205 case VgTs_WaitSys: return "VgTs_WaitSys";
206 case VgTs_Yielding: return "VgTs_Yielding";
207 case VgTs_Zombie: return "VgTs_Zombie";
208 default: return "VgTs_???";
209 }
210 }
211
212 static
213 char *status_image (int status)
214 {
215 static char result[256]; // large enough
216 int sz = 0;
217 #define APPEND(...) sz += snprintf (result+sz, 256 - sz - 1, __VA_ARGS__)
218
219 result[0] = 0;
220
221 if (WIFEXITED(status))
222 APPEND ("WIFEXITED %d ", WEXITSTATUS(status));
223
224 if (WIFSIGNALED(status)) {
225 APPEND ("WIFSIGNALED %d ", WTERMSIG(status));
226 if (WCOREDUMP(status)) APPEND ("WCOREDUMP ");
227 }
228
229 if (WIFSTOPPED(status))
230 APPEND ("WIFSTOPPED %d ", WSTOPSIG(status));
231
232 #ifdef WIFCONTINUED
233 if (WIFCONTINUED(status))
234 APPEND ("WIFCONTINUED ");
235 #endif
236
237 return result;
238 #undef APPEND
239 }
240
241 /* Wait till the process pid is reported as stopped with signal_expected.
242 If other signal(s) than signal_expected are received, waitstopped
243 will pass them to pid, waiting for signal_expected to stop pid.
244 Returns True when process is in stopped state with signal_expected.
245 Returns False if a problem was encountered while waiting for pid
246 to be stopped.
247
248 If pid is reported as being dead/exited, waitstopped will return False.
249 */
250 static
251 Bool waitstopped (pid_t pid, int signal_expected, const char *msg)
252 {
253 pid_t p;
254 int status = 0;
255 int signal_received;
256 int res;
257
258 while (1) {
259 DEBUG(1, "waitstopped %s before waitpid signal_expected %d\n",
260 msg, signal_expected);
261 p = waitpid(pid, &status, __WALL);
262 DEBUG(1, "after waitpid pid %d p %d status 0x%x %s\n", pid, p,
263 status, status_image (status));
264 if (p != pid) {
265 ERROR(errno, "%s waitpid pid %d in waitstopped %d status 0x%x %s\n",
266 msg, pid, p, status, status_image (status));
267 return False;
268 }
269
270 /* The process either exited or was terminated by a (fatal) signal. */
271 if (WIFEXITED(status) || WIFSIGNALED(status)) {
272 shutting_down = True;
273 return False;
274 }
275
276 assert (WIFSTOPPED(status));
277 signal_received = WSTOPSIG(status);
278 if (signal_received == signal_expected)
279 break;
280
281 /* pid received a signal which is not the signal we are waiting for.
282 If we have not (yet) changed the registers of the inferior
283 or we have (already) reset them, we can transmit the signal.
284
285 If we have already set the registers of the inferior, we cannot
286 transmit the signal, as this signal would arrive when the
287 gdbserver code runs. And valgrind only expects signals to
288 arrive in a small code portion around
289 client syscall logic, where signal are unmasked (see e.g.
290 m_syswrap/syscall-x86-linux.S ML_(do_syscall_for_client_WRK).
291
292 As ptrace is forcing a call to gdbserver by jumping
293 'out of this region', signals are not masked, but
294 will arrive outside of the allowed/expected code region.
295 So, if we have changed the registers of the inferior, we
296 rather queue the signal to transmit them when detaching,
297 after having restored the registers to the initial values. */
298 if (pid_of_save_regs) {
299 siginfo_t *newsiginfo;
300
301 // realloc a bigger queue, and store new signal at the end.
302 // This is not very efficient but we assume not many sigs are queued.
303 signal_queue_sz++;
304 signal_queue = vrealloc(signal_queue,
305 sizeof(siginfo_t) * signal_queue_sz);
306 newsiginfo = signal_queue + (signal_queue_sz - 1);
307
308 res = ptrace (PTRACE_GETSIGINFO, pid, NULL, newsiginfo);
309 if (res != 0) {
310 ERROR(errno, "PTRACE_GETSIGINFO failed: signal lost !!!!\n");
311 signal_queue_sz--;
312 } else
313 DEBUG(1, "waitstopped PTRACE_CONT, queuing signal %d"
314 " si_signo %d si_pid %d\n",
315 signal_received, newsiginfo->si_signo, newsiginfo->si_pid);
316 res = ptrace (PTRACE_CONT, pid, NULL, 0);
317 } else {
318 DEBUG(1, "waitstopped PTRACE_CONT with signal %d\n", signal_received);
319 res = ptrace (PTRACE_CONT, pid, NULL, signal_received);
320 }
321 if (res != 0) {
322 ERROR(errno, "waitstopped PTRACE_CONT\n");
323 return False;
324 }
325 }
326
327 return True;
328 }
329
330 /* Stops the given pid, wait for the process to be stopped.
331 Returns True if successful, False otherwise.
332 msg is used in tracing and error reporting. */
333 static
334 Bool stop (pid_t pid, const char *msg)
335 {
336 long res;
337
338 DEBUG(1, "%s SIGSTOP pid %d\n", msg, pid);
339 res = kill (pid, SIGSTOP);
340 if (res != 0) {
341 ERROR(errno, "%s SIGSTOP pid %d %ld\n", msg, pid, res);
342 return False;
343 }
344
345 return waitstopped (pid, SIGSTOP, msg);
346
347 }
348
349 /* Attaches to given pid, wait for the process to be stopped.
350 Returns True if successful, False otherwise.
351 msg is used in tracing and error reporting. */
352 static
353 Bool attach (pid_t pid, const char *msg)
354 {
355 long res;
356 static Bool output_error = True;
357 static Bool initial_attach = True;
358 // For a ptrace_scope protected system, we do not want to output
359 // repetitively attach error. We will output once an error
360 // for the initial_attach. Once the 1st attach has succeeded, we
361 // again show all errors.
362
363 DEBUG(1, "%s PTRACE_ATTACH pid %d\n", msg, pid);
364 res = ptrace (PTRACE_ATTACH, pid, NULL, NULL);
365 if (res != 0) {
366 if (output_error || debuglevel > 0) {
367 ERROR(errno, "%s PTRACE_ATTACH pid %d %ld\n", msg, pid, res);
368 if (initial_attach)
369 output_error = False;
370 }
371 return False;
372 }
373
374 initial_attach = False;
375 output_error = True;
376 return waitstopped(pid, SIGSTOP, msg);
377 }
378
379 /* once we are attached to the pid, get the list of threads and stop
380 them all.
381 Returns True if all threads properly suspended, False otherwise. */
382 static
383 Bool acquire_and_suspend_threads (pid_t pid)
384 {
385 int i;
386 int rw;
387 Bool pid_found = False;
388 Addr vgt;
389 int sz_tst;
390 int off_status;
391 int off_lwpid;
392 int nr_live_threads = 0;
393
394 if (shared32 != NULL) {
395 vgt = shared32->threads;
396 vg_n_threads = shared32->vg_n_threads;
397 sz_tst = shared32->sizeof_ThreadState;
398 off_status = shared32->offset_status;
399 off_lwpid = shared32->offset_lwpid;
400 }
401 else if (shared64 != NULL) {
402 vgt = shared64->threads;
403 vg_n_threads = shared64->vg_n_threads;
404 sz_tst = shared64->sizeof_ThreadState;
405 off_status = shared64->offset_status;
406 off_lwpid = shared64->offset_lwpid;
407 } else {
408 assert (0);
409 }
410
411 vgdb_threads = vmalloc(vg_n_threads * sizeof vgdb_threads[0]);
412
413 /* note: the entry 0 is unused */
414 DEBUG(1, "examining thread entries from tid 1 to tid %d\n", vg_n_threads-1);
415 for (i = 1; i < vg_n_threads; i++) {
416 vgt += sz_tst;
417 rw = ptrace_read_memory(pid, vgt+off_status,
418 &(vgdb_threads[i].status),
419 sizeof(ThreadStatus));
420 if (rw != 0) {
421 ERROR(rw, "status ptrace_read_memory\n");
422 return False;
423 }
424
425 rw = ptrace_read_memory(pid, vgt+off_lwpid,
426 &(vgdb_threads[i].lwpid),
427 sizeof(Int));
428 if (rw != 0) {
429 ERROR(rw, "lwpid ptrace_read_memory\n");
430 return False;
431 }
432
433 if (vgdb_threads[i].status != VgTs_Empty) {
434 DEBUG(1, "found tid %d status %s lwpid %d\n",
435 i, name_of_ThreadStatus(vgdb_threads[i].status),
436 vgdb_threads[i].lwpid);
437 nr_live_threads++;
438 if (vgdb_threads[i].lwpid <= 1) {
439 if (vgdb_threads[i].lwpid == 0
440 && vgdb_threads[i].status == VgTs_Init) {
441 DEBUG(1, "not set lwpid tid %d status %s lwpid %d\n",
442 i, name_of_ThreadStatus(vgdb_threads[i].status),
443 vgdb_threads[i].lwpid);
444 } else {
445 ERROR(1, "unexpected lwpid tid %d status %s lwpid %d\n",
446 i, name_of_ThreadStatus(vgdb_threads[i].status),
447 vgdb_threads[i].lwpid);
448 }
449 /* in case we have a VtTs_Init thread with lwpid not yet set,
450 we try again later. */
451 return False;
452 }
453 if (vgdb_threads[i].lwpid == pid) {
454 assert (!pid_found);
455 assert (i == 1);
456 pid_found = True;
457 } else {
458 if (!attach(vgdb_threads[i].lwpid, "attach_thread")) {
459 ERROR(0, "ERROR attach pid %d tid %d\n",
460 vgdb_threads[i].lwpid, i);
461 return False;
462 }
463 }
464 }
465 }
466 /* If we found no thread, it means the process is stopping, and
467 we better do not force anything to happen during that. */
468 if (nr_live_threads > 0)
469 return True;
470 else
471 return False;
472 }
473
474 static
475 void detach_from_all_threads (pid_t pid)
476 {
477 int i;
478 long res;
479 Bool pid_found = False;
480
481 /* detach from all the threads */
482 for (i = 1; i < vg_n_threads; i++) {
483 if (vgdb_threads[i].status != VgTs_Empty) {
484 if (vgdb_threads[i].status == VgTs_Init
485 && vgdb_threads[i].lwpid == 0) {
486 DEBUG(1, "skipping PTRACE_DETACH pid %d tid %d status %s\n",
487 vgdb_threads[i].lwpid, i,
488 name_of_ThreadStatus (vgdb_threads[i].status));
489 } else {
490 if (vgdb_threads[i].lwpid == pid) {
491 assert (!pid_found);
492 pid_found = True;
493 }
494 DEBUG(1, "PTRACE_DETACH pid %d tid %d status %s\n",
495 vgdb_threads[i].lwpid, i,
496 name_of_ThreadStatus (vgdb_threads[i].status));
497 res = ptrace (PTRACE_DETACH, vgdb_threads[i].lwpid, NULL, NULL);
498 if (res != 0) {
499 ERROR(errno, "PTRACE_DETACH pid %d tid %d status %s res %ld\n",
500 vgdb_threads[i].lwpid, i,
501 name_of_ThreadStatus (vgdb_threads[i].status),
502 res);
503 }
504 }
505 }
506 }
507
508 free (vgdb_threads);
509
510 if (!pid_found && pid) {
511 /* No threads are live. Process is busy stopping.
512 We need to detach from pid explicitly. */
513 DEBUG(1, "no thread live => PTRACE_DETACH pid %d\n", pid);
514 res = ptrace (PTRACE_DETACH, pid, NULL, NULL);
515 if (res != 0)
516 ERROR(errno, "PTRACE_DETACH pid %d res %ld\n", pid, res);
517 }
518 }
519
520 # if defined(VGA_arm64)
521 /* arm64 is extra special, old glibc defined kernel user_pt_regs, but
522 newer glibc instead define user_regs_struct. */
523 # ifdef HAVE_SYS_USER_REGS
524 static struct user_regs_struct user_save;
525 # else
526 static struct user_pt_regs user_save;
527 # endif
528 # else
529 static struct user user_save;
530 # endif
531 // The below indicates if ptrace_getregs (and ptrace_setregs) can be used.
532 // Note that some linux versions are defining PTRACE_GETREGS but using
533 // it gives back EIO.
534 // has_working_ptrace_getregs can take the following values:
535 // -1 : PTRACE_GETREGS is defined
536 // runtime check not yet done.
537 // 0 : PTRACE_GETREGS runtime check has failed.
538 // 1 : PTRACE_GETREGS defined and runtime check ok.
539 #ifdef HAVE_PTRACE_GETREGS
540 static int has_working_ptrace_getregs = -1;
541 #endif
542 // Similar but for PTRACE_GETREGSET
543 #ifdef HAVE_PTRACE_GETREGSET
544 static int has_working_ptrace_getregset = -1;
545 #endif
546
547 /* Get the registers from pid into regs.
548 regs_bsz value gives the length of *regs.
549 Returns True if all ok, otherwise False. */
550 static
551 Bool getregs (pid_t pid, void *regs, long regs_bsz)
552 {
553 DEBUG(1, "getregs regs_bsz %ld\n", regs_bsz);
554 # ifdef HAVE_PTRACE_GETREGSET
555 # ifndef USE_PTRACE_GETREGSET
556 if (has_working_ptrace_getregset)
557 DEBUG(1, "PTRACE_GETREGSET defined, not used (yet?) by vgdb\n");
558 has_working_ptrace_getregset = 0;
559 # endif
560 if (has_working_ptrace_getregset) {
561 // Platforms having GETREGSET
562 long res;
563 elf_gregset_t elf_regs;
564 struct iovec iovec;
565
566 DEBUG(1, "getregs PTRACE_GETREGSET sizeof(elf_regs) %zu\n",
567 sizeof(elf_regs));
568 iovec.iov_base = regs;
569 iovec.iov_len = sizeof(elf_regs);
570
571 res = ptrace (PTRACE_GETREGSET, pid, NT_PRSTATUS, &iovec);
572 if (res == 0) {
573 if (has_working_ptrace_getregset == -1) {
574 // First call to PTRACE_GETREGSET successful =>
575 has_working_ptrace_getregset = 1;
576 DEBUG(1, "detected a working PTRACE_GETREGSET\n");
577 }
578 assert (has_working_ptrace_getregset == 1);
579 return True;
580 }
581 else if (has_working_ptrace_getregset == 1) {
582 // We had a working call, but now it fails.
583 // This is unexpected.
584 ERROR(errno, "PTRACE_GETREGSET %ld\n", res);
585 return False;
586 } else {
587 // Check this is the first call:
588 assert (has_working_ptrace_getregset == -1);
589 if (errno == EIO) {
590 DEBUG(1, "detected a broken PTRACE_GETREGSET with EIO\n");
591 has_working_ptrace_getregset = 0;
592 // Fall over to the PTRACE_GETREGS or PTRACE_PEEKUSER case.
593 } else {
594 ERROR(errno, "broken PTRACE_GETREGSET unexpected errno %ld\n", res);
595 return False;
596 }
597 }
598 }
599 # endif
600
601 # ifdef HAVE_PTRACE_GETREGS
602 if (has_working_ptrace_getregs) {
603 // Platforms having GETREGS
604 long res;
605 DEBUG(1, "getregs PTRACE_GETREGS\n");
606 res = ptrace (PTRACE_GETREGS, pid, NULL, regs);
607 if (res == 0) {
608 if (has_working_ptrace_getregs == -1) {
609 // First call to PTRACE_GETREGS successful =>
610 has_working_ptrace_getregs = 1;
611 DEBUG(1, "detected a working PTRACE_GETREGS\n");
612 }
613 assert (has_working_ptrace_getregs == 1);
614 return True;
615 }
616 else if (has_working_ptrace_getregs == 1) {
617 // We had a working call, but now it fails.
618 // This is unexpected.
619 ERROR(errno, "PTRACE_GETREGS %ld\n", res);
620 return False;
621 } else {
622 // Check this is the first call:
623 assert (has_working_ptrace_getregs == -1);
624 if (errno == EIO) {
625 DEBUG(1, "detected a broken PTRACE_GETREGS with EIO\n");
626 has_working_ptrace_getregs = 0;
627 // Fall over to the PTRACE_PEEKUSER case.
628 } else {
629 ERROR(errno, "broken PTRACE_GETREGS unexpected errno %ld\n", res);
630 return False;
631 }
632 }
633 }
634 # endif
635
636 // We assume PTRACE_PEEKUSER is defined everywhere.
637 {
638 # ifdef PT_ENDREGS
639 long peek_bsz = PT_ENDREGS;
640 assert (peek_bsz <= regs_bsz);
641 # else
642 long peek_bsz = regs_bsz-1;
643 # endif
644 char *pregs = (char *) regs;
645 long offset;
646 errno = 0;
647 DEBUG(1, "getregs PTRACE_PEEKUSER(s) peek_bsz %ld\n", peek_bsz);
648 for (offset = 0; offset < peek_bsz; offset = offset + sizeof(long)) {
649 *(long *)(pregs+offset) = ptrace(PTRACE_PEEKUSER, pid, offset, NULL);
650 if (errno != 0) {
651 ERROR(errno, "PTRACE_PEEKUSER offset %ld\n", offset);
652 return False;
653 }
654 }
655 return True;
656 }
657
658 // If neither of PTRACE_GETREGSET PTRACE_GETREGS PTRACE_PEEKUSER have
659 // returned, then we are in serious trouble.
660 assert (0);
661 }
662
663 /* Set the registers of pid to regs.
664 regs_bsz value gives the length of *regs.
665 Returns True if all ok, otherwise False. */
666 static
667 Bool setregs (pid_t pid, void *regs, long regs_bsz)
668 {
669 DEBUG(1, "setregs regs_bsz %ld\n", regs_bsz);
670
671 // Note : the below is checking for GETREGSET, not SETREGSET
672 // as if one is defined and working, the other one should also work.
673 # ifdef HAVE_PTRACE_GETREGSET
674 if (has_working_ptrace_getregset) {
675 // Platforms having SETREGSET
676 long res;
677 elf_gregset_t elf_regs;
678 struct iovec iovec;
679
680 // setregset can never be called before getregset has done a runtime check.
681 assert (has_working_ptrace_getregset == 1);
682 DEBUG(1, "setregs PTRACE_SETREGSET sizeof(elf_regs) %zu\n",
683 sizeof(elf_regs));
684 iovec.iov_base = regs;
685 iovec.iov_len = sizeof(elf_regs);
686 res = ptrace (PTRACE_SETREGSET, pid, NT_PRSTATUS, &iovec);
687 if (res != 0) {
688 ERROR(errno, "PTRACE_SETREGSET %ld\n", res);
689 return False;
690 }
691 return True;
692 }
693 # endif
694
695 // Note : the below is checking for GETREGS, not SETREGS
696 // as if one is defined and working, the other one should also work.
697 # ifdef HAVE_PTRACE_GETREGS
698 if (has_working_ptrace_getregs) {
699 // Platforms having SETREGS
700 long res;
701 // setregs can never be called before getregs has done a runtime check.
702 assert (has_working_ptrace_getregs == 1);
703 DEBUG(1, "setregs PTRACE_SETREGS\n");
704 res = ptrace (PTRACE_SETREGS, pid, NULL, regs);
705 if (res != 0) {
706 ERROR(errno, "PTRACE_SETREGS %ld\n", res);
707 return False;
708 }
709 return True;
710 }
711 # endif
712
713 {
714 char *pregs = (char *) regs;
715 long offset;
716 long res;
717 # ifdef PT_ENDREGS
718 long peek_bsz = PT_ENDREGS;
719 assert (peek_bsz <= regs_bsz);
720 # else
721 long peek_bsz = regs_bsz-1;
722 # endif
723 errno = 0;
724 DEBUG(1, "setregs PTRACE_POKEUSER(s) %ld\n", peek_bsz);
725 for (offset = 0; offset < peek_bsz; offset = offset + sizeof(long)) {
726 res = ptrace(PTRACE_POKEUSER, pid, offset, *(long*)(pregs+offset));
727 if (errno != 0) {
728 ERROR(errno, "PTRACE_POKEUSER offset %ld res %ld\n", offset, res);
729 return False;
730 }
731 }
732 return True;
733 }
734
735 // If neither PTRACE_SETREGS not PTRACE_POKEUSER have returned,
736 // then we are in serious trouble.
737 assert (0);
738 }
739
740 /* Restore the registers to the saved value, then detaches from all threads */
741 static
742 void restore_and_detach (pid_t pid)
743 {
744 int res;
745
746 DEBUG(1, "restore_and_detach pid %d pid_of_save_regs %d\n",
747 pid, pid_of_save_regs);
748
749 if (pid_of_save_regs) {
750 /* In case the 'main pid' has been continued, we need to stop it
751 before resetting the registers. */
752 if (pid_of_save_regs_continued) {
753 pid_of_save_regs_continued = False;
754 if (!stop(pid_of_save_regs, "sigstop before reset regs"))
755 DEBUG(0, "Could not sigstop before reset");
756 }
757
758 DEBUG(1, "setregs restore registers pid %d\n", pid_of_save_regs);
759 if (!setregs(pid_of_save_regs, &user_save.regs, sizeof(user_save.regs))) {
760 ERROR(errno, "setregs restore registers pid %d after cont\n",
761 pid_of_save_regs);
762 }
763
764 /* Now, we transmit all the signals we have queued. */
765 if (signal_queue_sz > 0) {
766 int i;
767 for (i = 0; i < signal_queue_sz; i++) {
768 DEBUG(1, "PTRACE_CONT to transmit queued signal %d\n",
769 signal_queue[i].si_signo);
770 res = ptrace (PTRACE_CONT, pid_of_save_regs, NULL,
771 signal_queue[i].si_signo);
772 if (res != 0)
773 ERROR(errno, "PTRACE_CONT with signal %d\n",
774 signal_queue[i].si_signo);
775 if (!stop(pid_of_save_regs, "sigstop after transmit sig"))
776 DEBUG(0, "Could not sigstop after transmit sig");
777 }
778 free (signal_queue);
779 signal_queue = NULL;
780 signal_queue_sz = 0;
781 }
782 pid_of_save_regs = 0;
783 } else {
784 DEBUG(1, "PTRACE_SETREGS restore registers: no pid\n");
785 }
786 if (signal_queue)
787 ERROR (0, "One or more signals queued were not delivered. "
788 "First signal: %d\n", signal_queue[0].si_signo);
789 detach_from_all_threads(pid);
790 }
791
792 Bool invoker_invoke_gdbserver (pid_t pid)
793 {
794 long res;
795 Bool stopped;
796 # if defined(VGA_arm64)
797 /* arm64 is extra special, old glibc defined kernel user_pt_regs, but
798 newer glibc instead define user_regs_struct. */
799 # ifdef HAVE_SYS_USER_REGS
800 struct user_regs_struct user_mod;
801 # else
802 struct user_pt_regs user_mod;
803 # endif
804 # else
805 struct user user_mod;
806 # endif
807 Addr sp __attribute__((unused)); // Not used on all platforms.
808
809 /* A specific int value is passed to invoke_gdbserver, to check
810 everything goes according to the plan. */
811 const int check = 0x8BADF00D; // ate bad food.
812
813 const Addr bad_return = 0;
814 // A bad return address will be pushed on the stack.
815 // The function invoke_gdbserver cannot return. If ever it returns, a NULL
816 // address pushed on the stack should ensure this is detected.
817
818 /* Not yet attached. If problem, vgdb can abort,
819 no cleanup needed. */
820
821 DEBUG(1, "attach to 'main' pid %d\n", pid);
822 if (!attach(pid, "attach main pid")) {
823 ERROR(0, "error attach main pid %d\n", pid);
824 return False;
825 }
826
827 /* Now, we are attached. If problem, detach and return. */
828
829 if (!acquire_and_suspend_threads(pid)) {
830 detach_from_all_threads(pid);
831 /* if the pid does not exist anymore, we better stop */
832 if (kill(pid, 0) != 0)
833 XERROR (errno, "invoke_gdbserver: check for pid %d existence failed\n",
834 pid);
835 return False;
836 }
837
838 if (!getregs(pid, &user_mod.regs, sizeof(user_mod.regs))) {
839 detach_from_all_threads(pid);
840 return False;
841 }
842 user_save = user_mod;
843
844 #if defined(VGA_x86)
845 sp = user_mod.regs.esp;
846 #elif defined(VGA_amd64)
847 sp = user_mod.regs.rsp;
848 if (shared32 != NULL) {
849 /* 64bit vgdb speaking with a 32bit executable.
850 To have system call restart properly, we need to sign extend rax.
851 For more info:
852 web search '[patch] Fix syscall restarts for amd64->i386 biarch'
853 e.g. http://sourceware.org/ml/gdb-patches/2009-11/msg00592.html */
854 *(long *)&user_save.regs.rax = *(int*)&user_save.regs.rax;
855 DEBUG(1, "Sign extending %8.8lx to %8.8lx\n",
856 user_mod.regs.rax, user_save.regs.rax);
857 }
858 #elif defined(VGA_arm)
859 sp = user_mod.regs.uregs[13];
860 #elif defined(VGA_arm64)
861 sp = user_mod.sp;
862 #elif defined(VGA_ppc32)
863 sp = user_mod.regs.gpr[1];
864 #elif defined(VGA_ppc64be) || defined(VGA_ppc64le)
865 sp = user_mod.regs.gpr[1];
866 #elif defined(VGA_s390x)
867 sp = user_mod.regs.gprs[15];
868 #elif defined(VGA_mips32) || defined(VGA_nanomips)
869 long long *p = (long long *)user_mod.regs;
870 sp = p[29];
871 #elif defined(VGA_mips64)
872 sp = user_mod.regs[29];
873 #else
874 I_die_here : (sp) architecture missing in vgdb-invoker-ptrace.c
875 #endif
876
877
878 // the magic below is derived from spying what gdb sends to
879 // the (classical) gdbserver when invoking a C function.
880 if (shared32 != NULL) {
881 // vgdb speaking with a 32bit executable.
882 #if defined(VGA_x86) || defined(VGA_amd64)
883 const int regsize = 4;
884 int rw;
885 /* push check arg on the stack */
886 sp = sp - regsize;
887 DEBUG(1, "push check arg ptrace_write_memory\n");
888 assert(regsize == sizeof(check));
889 rw = ptrace_write_memory(pid, sp,
890 &check,
891 regsize);
892 if (rw != 0) {
893 ERROR(rw, "push check arg ptrace_write_memory");
894 detach_from_all_threads(pid);
895 return False;
896 }
897
898 sp = sp - regsize;
899 DEBUG(1, "push bad_return return address ptrace_write_memory\n");
900 // Note that for a 64 bits vgdb, only 4 bytes of NULL bad_return
901 // are written.
902 rw = ptrace_write_memory(pid, sp,
903 &bad_return,
904 regsize);
905 if (rw != 0) {
906 ERROR(rw, "push bad_return return address ptrace_write_memory");
907 detach_from_all_threads(pid);
908 return False;
909 }
910 #if defined(VGA_x86)
911 /* set ebp, esp, eip and orig_eax to invoke gdbserver */
912 // compiled in 32bits, speaking with a 32bits exe
913 user_mod.regs.ebp = sp; // bp set to sp
914 user_mod.regs.esp = sp;
915 user_mod.regs.eip = shared32->invoke_gdbserver;
916 user_mod.regs.orig_eax = -1L;
917 #elif defined(VGA_amd64)
918 /* set ebp, esp, eip and orig_eax to invoke gdbserver */
919 // compiled in 64bits, speaking with a 32bits exe
920 user_mod.regs.rbp = sp; // bp set to sp
921 user_mod.regs.rsp = sp;
922 user_mod.regs.rip = shared32->invoke_gdbserver;
923 user_mod.regs.orig_rax = -1L;
924 #else
925 I_die_here : not x86 or amd64 in x86/amd64 section/
926 #endif
927
928 #elif defined(VGA_ppc32) || defined(VGA_ppc64be) || defined(VGA_ppc64le)
929 user_mod.regs.nip = shared32->invoke_gdbserver;
930 user_mod.regs.trap = -1L;
931 /* put check arg in register 3 */
932 user_mod.regs.gpr[3] = check;
933 /* put NULL return address in Link Register */
934 user_mod.regs.link = bad_return;
935
936 #elif defined(VGA_arm)
937 /* put check arg in register 0 */
938 user_mod.regs.uregs[0] = check;
939 /* put NULL return address in Link Register */
940 user_mod.regs.uregs[14] = bad_return;
941 user_mod.regs.uregs[15] = shared32->invoke_gdbserver;
942
943 #elif defined(VGA_arm64)
944 XERROR(0, "TBD arm64: vgdb a 32 bits executable with a 64 bits exe");
945
946 #elif defined(VGA_s390x)
947 XERROR(0, "(fn32) s390x has no 32bits implementation");
948 #elif defined(VGA_mips32) || defined(VGA_nanomips)
949 /* put check arg in register 4 */
950 p[4] = check;
951 /* put NULL return address in ra */
952 p[31] = bad_return;
953 p[34] = shared32->invoke_gdbserver;
954 p[25] = shared32->invoke_gdbserver;
955 /* make stack space for args */
956 p[29] = sp - 32;
957
958 #elif defined(VGA_mips64)
959 assert(0); // cannot vgdb a 32 bits executable with a 64 bits exe
960 #else
961 I_die_here : architecture missing in vgdb-invoker-ptrace.c
962 #endif
963 }
964
965 else if (shared64 != NULL) {
966 #if defined(VGA_x86)
967 assert(0); // cannot vgdb a 64 bits executable with a 32 bits exe
968 #elif defined(VGA_amd64)
969 // vgdb speaking with a 64 bit executable.
970 const int regsize = 8;
971 int rw;
972
973 /* give check arg in rdi */
974 user_mod.regs.rdi = check;
975
976 /* push return address on stack : return to breakaddr */
977 sp &= ~0xf; // keep the stack aligned on 16 bytes ...
978 sp = sp - 128; // do not touch the amd64 redzone
979 sp = sp - regsize;
980 DEBUG(1, "push bad_return return address ptrace_write_memory\n");
981 rw = ptrace_write_memory(pid, sp,
982 &bad_return,
983 sizeof(bad_return));
984 if (rw != 0) {
985 ERROR(rw, "push bad_return return address ptrace_write_memory");
986 detach_from_all_threads(pid);
987 return False;
988 }
989
990 /* set rbp, rsp, rip and orig_rax to invoke gdbserver */
991 user_mod.regs.rbp = sp; // bp set to sp
992 user_mod.regs.rsp = sp;
993 user_mod.regs.rip = shared64->invoke_gdbserver;
994 user_mod.regs.orig_rax = -1L;
995
996 #elif defined(VGA_arm)
997 assert(0); // cannot vgdb a 64 bits executable with a 32 bits exe
998 #elif defined(VGA_arm64)
999 user_mod.regs[0] = check;
1000 user_mod.sp = sp;
1001 user_mod.pc = shared64->invoke_gdbserver;
1002 /* put NULL return address in Link Register */
1003 user_mod.regs[30] = bad_return;
1004
1005 #elif defined(VGA_ppc32)
1006 assert(0); // cannot vgdb a 64 bits executable with a 32 bits exe
1007 #elif defined(VGA_ppc64be)
1008 Addr func_addr;
1009 Addr toc_addr;
1010 int rw;
1011 rw = ptrace_read_memory(pid, shared64->invoke_gdbserver,
1012 &func_addr,
1013 sizeof(Addr));
1014 if (rw != 0) {
1015 ERROR(rw, "ppc64 read func_addr\n");
1016 detach_from_all_threads(pid);
1017 return False;
1018 }
1019 rw = ptrace_read_memory(pid, shared64->invoke_gdbserver+8,
1020 &toc_addr,
1021 sizeof(Addr));
1022 if (rw != 0) {
1023 ERROR(rw, "ppc64 read toc_addr\n");
1024 detach_from_all_threads(pid);
1025 return False;
1026 }
1027 // We are not pushing anything on the stack, so it is not
1028 // very clear why the sp has to be decreased, but it seems
1029 // needed. The ppc64 ABI might give some lights on this ?
1030 user_mod.regs.gpr[1] = sp - 220;
1031 user_mod.regs.gpr[2] = toc_addr;
1032 user_mod.regs.nip = func_addr;
1033 user_mod.regs.trap = -1L;
1034 /* put check arg in register 3 */
1035 user_mod.regs.gpr[3] = check;
1036 /* put bad_return return address in Link Register */
1037 user_mod.regs.link = bad_return;
1038 #elif defined(VGA_ppc64le)
1039 /* LE does not use the function pointer structure used in BE */
1040 user_mod.regs.nip = shared64->invoke_gdbserver;
1041 user_mod.regs.gpr[1] = sp - 512;
1042 user_mod.regs.gpr[12] = user_mod.regs.nip;
1043 user_mod.regs.trap = -1L;
1044 /* put check arg in register 3 */
1045 user_mod.regs.gpr[3] = check;
1046 /* put bad_return return address in Link Register */
1047 user_mod.regs.link = bad_return;
1048 #elif defined(VGA_s390x)
1049 /* put check arg in register r2 */
1050 user_mod.regs.gprs[2] = check;
1051 /* bad_return Return address is in r14 */
1052 user_mod.regs.gprs[14] = bad_return;
1053 /* minimum stack frame */
1054 sp = sp - 160;
1055 user_mod.regs.gprs[15] = sp;
1056 /* set program counter */
1057 user_mod.regs.psw.addr = shared64->invoke_gdbserver;
1058 #elif defined(VGA_mips32) || defined(VGA_nanomips)
1059 assert(0); // cannot vgdb a 64 bits executable with a 32 bits exe
1060 #elif defined(VGA_mips64)
1061 /* put check arg in register 4 */
1062 user_mod.regs[4] = check;
1063 /* put NULL return address in ra */
1064 user_mod.regs[31] = bad_return;
1065 user_mod.regs[34] = shared64->invoke_gdbserver;
1066 user_mod.regs[25] = shared64->invoke_gdbserver;
1067 #else
1068 I_die_here: architecture missing in vgdb-invoker-ptrace.c
1069 #endif
1070 }
1071 else {
1072 assert(0);
1073 }
1074
1075 if (!setregs(pid, &user_mod.regs, sizeof(user_mod.regs))) {
1076 detach_from_all_threads(pid);
1077 return False;
1078 }
1079 /* Now that we have modified the registers, we set
1080 pid_of_save_regs to indicate that restore_and_detach
1081 must restore the registers in case of cleanup. */
1082 pid_of_save_regs = pid;
1083 pid_of_save_regs_continued = False;
1084
1085
1086 /* We PTRACE_CONT-inue pid.
1087 Either gdbserver will be invoked directly (if all
1088 threads are interruptible) or gdbserver will be
1089 called soon by the scheduler. In the first case,
1090 pid will stop on the break inserted above when
1091 gdbserver returns. In the 2nd case, the break will
1092 be encountered directly. */
1093 DEBUG(1, "PTRACE_CONT to invoke\n");
1094 res = ptrace (PTRACE_CONT, pid, NULL, NULL);
1095 if (res != 0) {
1096 ERROR(errno, "PTRACE_CONT\n");
1097 restore_and_detach(pid);
1098 return False;
1099 }
1100 pid_of_save_regs_continued = True;
1101 /* Wait for SIGSTOP generated by m_gdbserver.c give_control_back_to_vgdb */
1102 stopped = waitstopped (pid, SIGSTOP,
1103 "waitpid status after PTRACE_CONT to invoke");
1104 if (stopped) {
1105 /* Here pid has properly stopped on the break. */
1106 pid_of_save_regs_continued = False;
1107 restore_and_detach(pid);
1108 return True;
1109 } else {
1110 /* Whatever kind of problem happened. We shutdown. */
1111 shutting_down = True;
1112 return False;
1113 }
1114 }
1115
1116 void invoker_cleanup_restore_and_detach(void *v_pid)
1117 {
1118 DEBUG(1, "invoker_cleanup_restore_and_detach dying: %d\n", dying);
1119 if (!dying)
1120 restore_and_detach(*(int*)v_pid);
1121 }
1122
1123 void invoker_restrictions_msg(void)
1124 {
1125 }
1126
1127 void invoker_valgrind_dying(void)
1128 {
1129 /* Avoid messing up with registers of valgrind when it is dying. */
1130 pid_of_save_regs_continued = False;
1131 dying = True;
1132 }
Instrumentation framework for detecting many memory management and threading bugs, and profile your programs in detail.