1/*--------------------------------------------------------------------*/ 2/*--- Implementation of vgdb invoker subsystem via ptrace() calls. ---*/ 3/*--------------------------------------------------------------------*/ 4 5/* 6 This file is part of Valgrind, a dynamic binary instrumentation 7 framework. 8 9 Copyright (C) 2011-2013 Philippe Waroquiers 10 11 This program is free software; you can redistribute it and/or 12 modify it under the terms of the GNU General Public License as 13 published by the Free Software Foundation; either version 2 of the 14 License, or (at your option) any later version. 15 16 This program is distributed in the hope that it will be useful, but 17 WITHOUT ANY WARRANTY; without even the implied warranty of 18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 19 General Public License for more details. 20 21 You should have received a copy of the GNU General Public License 22 along with this program; if not, write to the Free Software 23 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 24 02111-1307, USA. 25 26 The GNU General Public License is contained in the file COPYING. 27*/ 28 29#include "config.h" 30 31#include "vgdb.h" 32#include "pub_core_threadstate.h" 33 34#include <alloca.h> 35#include <assert.h> 36#include <errno.h> 37#include <stdio.h> 38#include <stdlib.h> 39#include <string.h> 40#include <sys/ptrace.h> 41#include <sys/time.h> 42#include <sys/user.h> 43#include <sys/wait.h> 44 45#ifdef PTRACE_GETREGSET 46// TBD: better have a configure test instead ? 47#define HAVE_PTRACE_GETREGSET 48 49// A bi-arch build using PTRACE_GET/SETREGSET needs 50// some conversion code for register structures. 51// So, better do not use PTRACE_GET/SETREGSET 52// Rather we use PTRACE_GETREGS or PTRACE_PEEKUSER. 53 54// The only platform on which we must use PTRACE_GETREGSET is arm64. 55// The resulting vgdb cannot work in a bi-arch setup. 56// -1 means we will check that PTRACE_GETREGSET works. 57# if defined(VGA_arm64) 58#define USE_PTRACE_GETREGSET 59# endif 60#endif 61 62#include <sys/uio.h> 63#include <elf.h> 64 65#include <sys/procfs.h> 66 67#if VEX_HOST_WORDSIZE == 8 68typedef Addr64 CORE_ADDR; 69#elif VEX_HOST_WORDSIZE == 4 70typedef Addr32 CORE_ADDR; 71#else 72# error "unexpected wordsize" 73#endif 74 75#if VEX_HOST_WORDSIZE == 8 76typedef Addr64 PTRACE_XFER_TYPE; 77typedef void* PTRACE_ARG3_TYPE; 78#elif VEX_HOST_WORDSIZE == 4 79typedef Addr32 PTRACE_XFER_TYPE; 80typedef void* PTRACE_ARG3_TYPE; 81#else 82# error "unexpected wordsize" 83#endif 84 85// if > 0, pid for which registers have to be restored. 86// if == 0, means we have not yet called setregs (or have already 87// restored the registers). 88static int pid_of_save_regs = 0; 89/* True if we have continued pid_of_save_regs after PTRACE_ATTACH. */ 90static Bool pid_of_save_regs_continued = False; 91// When setregs has been called to change the registers of pid_of_save_regs, 92// vgdb cannot transmit the signals intercepted during ptrace. 93// So, we queue them, and will deliver them when detaching. 94// See function waitstopped for more info. 95static int signal_queue_sz = 0; 96static siginfo_t *signal_queue; 97 98/* True when loss of connection indicating that the Valgrind 99 process is dying. */ 100static Bool dying = False; 101 102/* ptrace_(read|write)_memory are modified extracts of linux-low.c 103 from gdb 6.6. Copyrighted FSF */ 104/* Copy LEN bytes from valgrind memory starting at MEMADDR 105 to vgdb memory starting at MYADDR. */ 106static 107int ptrace_read_memory (pid_t inferior_pid, CORE_ADDR memaddr, 108 void *myaddr, size_t len) 109{ 110 register int i; 111 /* Round starting address down to longword boundary. */ 112 register CORE_ADDR addr = memaddr & -(CORE_ADDR) sizeof (PTRACE_XFER_TYPE); 113 /* Round ending address up; get number of longwords that makes. */ 114 register int count 115 = (((memaddr + len) - addr) + sizeof (PTRACE_XFER_TYPE) - 1) 116 / sizeof (PTRACE_XFER_TYPE); 117 /* Allocate buffer of that many longwords. */ 118 register PTRACE_XFER_TYPE *buffer 119 = (PTRACE_XFER_TYPE *) alloca (count * sizeof (PTRACE_XFER_TYPE)); 120 121 /* Read all the longwords */ 122 for (i = 0; i < count; i++, addr += sizeof (PTRACE_XFER_TYPE)) { 123 errno = 0; 124 buffer[i] = ptrace (PTRACE_PEEKTEXT, inferior_pid, 125 (PTRACE_ARG3_TYPE) addr, 0); 126 if (errno) 127 return errno; 128 } 129 130 /* Copy appropriate bytes out of the buffer. */ 131 memcpy (myaddr, 132 (char *) buffer + (memaddr & (sizeof (PTRACE_XFER_TYPE) - 1)), len); 133 134 return 0; 135} 136 137/* Copy LEN bytes of data from vgdb memory at MYADDR 138 to valgrind memory at MEMADDR. 139 On failure (cannot write the valgrind memory) 140 returns the value of errno. */ 141__attribute__((unused)) /* not used on all platforms */ 142static 143int ptrace_write_memory (pid_t inferior_pid, CORE_ADDR memaddr, 144 const void *myaddr, size_t len) 145{ 146 register int i; 147 /* Round starting address down to longword boundary. */ 148 register CORE_ADDR addr = memaddr & -(CORE_ADDR) sizeof (PTRACE_XFER_TYPE); 149 /* Round ending address up; get number of longwords that makes. */ 150 register int count 151 = (((memaddr + len) - addr) + sizeof (PTRACE_XFER_TYPE) - 1) 152 / sizeof (PTRACE_XFER_TYPE); 153 /* Allocate buffer of that many longwords. */ 154 register PTRACE_XFER_TYPE *buffer 155 = (PTRACE_XFER_TYPE *) alloca (count * sizeof (PTRACE_XFER_TYPE)); 156 157 if (debuglevel >= 1) { 158 DEBUG (1, "Writing "); 159 for (i = 0; i < len; i++) 160 PDEBUG (1, "%02x", ((const unsigned char*)myaddr)[i]); 161 PDEBUG(1, " to %p\n", (void *) memaddr); 162 } 163 164 /* Fill start and end extra bytes of buffer with existing memory data. */ 165 166 buffer[0] = ptrace (PTRACE_PEEKTEXT, inferior_pid, 167 (PTRACE_ARG3_TYPE) addr, 0); 168 169 if (count > 1) { 170 buffer[count - 1] 171 = ptrace (PTRACE_PEEKTEXT, inferior_pid, 172 (PTRACE_ARG3_TYPE) (addr + (count - 1) 173 * sizeof (PTRACE_XFER_TYPE)), 174 0); 175 } 176 177 /* Copy data to be written over corresponding part of buffer */ 178 179 memcpy ((char *) buffer + (memaddr & (sizeof (PTRACE_XFER_TYPE) - 1)), 180 myaddr, len); 181 182 /* Write the entire buffer. */ 183 184 for (i = 0; i < count; i++, addr += sizeof (PTRACE_XFER_TYPE)) { 185 errno = 0; 186 ptrace (PTRACE_POKETEXT, inferior_pid, 187 (PTRACE_ARG3_TYPE) addr, buffer[i]); 188 if (errno) 189 return errno; 190 } 191 192 return 0; 193} 194 195/* subset of VG_(threads) needed for vgdb ptrace. 196 This is initialized when process is attached. */ 197typedef struct { 198 ThreadStatus status; 199 Int lwpid; 200} 201VgdbThreadState; 202static VgdbThreadState vgdb_threads[VG_N_THREADS]; 203 204static const 205HChar* name_of_ThreadStatus ( ThreadStatus status ) 206{ 207 switch (status) { 208 case VgTs_Empty: return "VgTs_Empty"; 209 case VgTs_Init: return "VgTs_Init"; 210 case VgTs_Runnable: return "VgTs_Runnable"; 211 case VgTs_WaitSys: return "VgTs_WaitSys"; 212 case VgTs_Yielding: return "VgTs_Yielding"; 213 case VgTs_Zombie: return "VgTs_Zombie"; 214 default: return "VgTs_???"; 215 } 216} 217 218static 219char *status_image (int status) 220{ 221 static char result[256]; 222 int sz = 0; 223#define APPEND(...) sz += snprintf (result+sz, 256 - sz - 1, __VA_ARGS__) 224 225 result[0] = 0; 226 227 if (WIFEXITED(status)) 228 APPEND ("WIFEXITED %d ", WEXITSTATUS(status)); 229 230 if (WIFSIGNALED(status)) { 231 APPEND ("WIFSIGNALED %d ", WTERMSIG(status)); 232 if (WCOREDUMP(status)) APPEND ("WCOREDUMP "); 233 } 234 235 if (WIFSTOPPED(status)) 236 APPEND ("WIFSTOPPED %d ", WSTOPSIG(status)); 237 238#ifdef WIFCONTINUED 239 if (WIFCONTINUED(status)) 240 APPEND ("WIFCONTINUED "); 241#endif 242 243 return result; 244#undef APPEND 245} 246 247/* Wait till the process pid is reported as stopped with signal_expected. 248 If other signal(s) than signal_expected are received, waitstopped 249 will pass them to pid, waiting for signal_expected to stop pid. 250 Returns True when process is in stopped state with signal_expected. 251 Returns False if a problem was encountered while waiting for pid 252 to be stopped. 253 254 If pid is reported as being dead/exited, waitstopped will return False. 255*/ 256static 257Bool waitstopped (pid_t pid, int signal_expected, const char *msg) 258{ 259 pid_t p; 260 int status = 0; 261 int signal_received; 262 int res; 263 264 while (1) { 265 DEBUG(1, "waitstopped %s before waitpid signal_expected %d\n", 266 msg, signal_expected); 267 p = waitpid(pid, &status, __WALL); 268 DEBUG(1, "after waitpid pid %d p %d status 0x%x %s\n", pid, p, 269 status, status_image (status)); 270 if (p != pid) { 271 ERROR(errno, "%s waitpid pid %d in waitstopped %d status 0x%x %s\n", 272 msg, pid, p, status, status_image (status)); 273 return False; 274 } 275 276 if (WIFEXITED(status)) { 277 shutting_down = True; 278 return False; 279 } 280 281 assert (WIFSTOPPED(status)); 282 signal_received = WSTOPSIG(status); 283 if (signal_received == signal_expected) 284 break; 285 286 /* pid received a signal which is not the signal we are waiting for. 287 If we have not (yet) changed the registers of the inferior 288 or we have (already) reset them, we can transmit the signal. 289 290 If we have already set the registers of the inferior, we cannot 291 transmit the signal, as this signal would arrive when the 292 gdbserver code runs. And valgrind only expects signals to 293 arrive in a small code portion around 294 client syscall logic, where signal are unmasked (see e.g. 295 m_syswrap/syscall-x86-linux.S ML_(do_syscall_for_client_WRK). 296 297 As ptrace is forcing a call to gdbserver by jumping 298 'out of this region', signals are not masked, but 299 will arrive outside of the allowed/expected code region. 300 So, if we have changed the registers of the inferior, we 301 rather queue the signal to transmit them when detaching, 302 after having restored the registers to the initial values. */ 303 if (pid_of_save_regs) { 304 siginfo_t *newsiginfo; 305 306 // realloc a bigger queue, and store new signal at the end. 307 // This is not very efficient but we assume not many sigs are queued. 308 signal_queue_sz++; 309 signal_queue = vrealloc(signal_queue, sizeof(siginfo_t) * signal_queue_sz); 310 newsiginfo = signal_queue + (signal_queue_sz - 1); 311 312 res = ptrace (PTRACE_GETSIGINFO, pid, NULL, newsiginfo); 313 if (res != 0) { 314 ERROR(errno, "PTRACE_GETSIGINFO failed: signal lost !!!!\n"); 315 signal_queue_sz--; 316 } else 317 DEBUG(1, "waitstopped PTRACE_CONT, queuing signal %d" 318 " si_signo %d si_pid %d\n", 319 signal_received, newsiginfo->si_signo, newsiginfo->si_pid); 320 res = ptrace (PTRACE_CONT, pid, NULL, 0); 321 } else { 322 DEBUG(1, "waitstopped PTRACE_CONT with signal %d\n", signal_received); 323 res = ptrace (PTRACE_CONT, pid, NULL, signal_received); 324 } 325 if (res != 0) { 326 ERROR(errno, "waitstopped PTRACE_CONT\n"); 327 return False; 328 } 329 } 330 331 return True; 332} 333 334/* Stops the given pid, wait for the process to be stopped. 335 Returns True if succesful, False otherwise. 336 msg is used in tracing and error reporting. */ 337static 338Bool stop (pid_t pid, const char *msg) 339{ 340 long res; 341 342 DEBUG(1, "%s SIGSTOP pid %d\n", msg, pid); 343 res = kill (pid, SIGSTOP); 344 if (res != 0) { 345 ERROR(errno, "%s SIGSTOP pid %d %ld\n", msg, pid, res); 346 return False; 347 } 348 349 return waitstopped (pid, SIGSTOP, msg); 350 351} 352 353/* Attaches to given pid, wait for the process to be stopped. 354 Returns True if succesful, False otherwise. 355 msg is used in tracing and error reporting. */ 356static 357Bool attach (pid_t pid, const char *msg) 358{ 359 long res; 360 static Bool output_error = True; 361 static Bool initial_attach = True; 362 // For a ptrace_scope protected system, we do not want to output 363 // repetitively attach error. We will output once an error 364 // for the initial_attach. Once the 1st attach has succeeded, we 365 // again show all errors. 366 367 DEBUG(1, "%s PTRACE_ATTACH pid %d\n", msg, pid); 368 res = ptrace (PTRACE_ATTACH, pid, NULL, NULL); 369 if (res != 0) { 370 if (output_error || debuglevel > 0) { 371 ERROR(errno, "%s PTRACE_ATTACH pid %d %ld\n", msg, pid, res); 372 if (initial_attach) 373 output_error = False; 374 } 375 return False; 376 } 377 378 initial_attach = False; 379 output_error = True; 380 return waitstopped(pid, SIGSTOP, msg); 381} 382 383/* once we are attached to the pid, get the list of threads and stop 384 them all. 385 Returns True if all threads properly suspended, False otherwise. */ 386static 387Bool acquire_and_suspend_threads (pid_t pid) 388{ 389 int i; 390 int rw; 391 Bool pid_found = False; 392 Addr vgt; 393 int sz_tst; 394 int off_status; 395 int off_lwpid; 396 int nr_live_threads = 0; 397 398 if (shared32 != NULL) { 399 vgt = shared32->threads; 400 sz_tst = shared32->sizeof_ThreadState; 401 off_status = shared32->offset_status; 402 off_lwpid = shared32->offset_lwpid; 403 } 404 else if (shared64 != NULL) { 405 vgt = shared64->threads; 406 sz_tst = shared64->sizeof_ThreadState; 407 off_status = shared64->offset_status; 408 off_lwpid = shared64->offset_lwpid; 409 } else { 410 assert (0); 411 } 412 413 /* note: the entry 0 is unused */ 414 for (i = 1; i < VG_N_THREADS; i++) { 415 vgt += sz_tst; 416 rw = ptrace_read_memory(pid, vgt+off_status, 417 &(vgdb_threads[i].status), 418 sizeof(ThreadStatus)); 419 if (rw != 0) { 420 ERROR(rw, "status ptrace_read_memory\n"); 421 return False; 422 } 423 424 rw = ptrace_read_memory(pid, vgt+off_lwpid, 425 &(vgdb_threads[i].lwpid), 426 sizeof(Int)); 427 if (rw != 0) { 428 ERROR(rw, "lwpid ptrace_read_memory\n"); 429 return False; 430 } 431 432 if (vgdb_threads[i].status != VgTs_Empty) { 433 DEBUG(1, "found tid %d status %s lwpid %d\n", 434 i, name_of_ThreadStatus(vgdb_threads[i].status), 435 vgdb_threads[i].lwpid); 436 nr_live_threads++; 437 if (vgdb_threads[i].lwpid <= 1) { 438 if (vgdb_threads[i].lwpid == 0 439 && vgdb_threads[i].status == VgTs_Init) { 440 DEBUG(1, "not set lwpid tid %d status %s lwpid %d\n", 441 i, name_of_ThreadStatus(vgdb_threads[i].status), 442 vgdb_threads[i].lwpid); 443 } else { 444 ERROR(1, "unexpected lwpid tid %d status %s lwpid %d\n", 445 i, name_of_ThreadStatus(vgdb_threads[i].status), 446 vgdb_threads[i].lwpid); 447 } 448 /* in case we have a VtTs_Init thread with lwpid not yet set, 449 we try again later. */ 450 return False; 451 } 452 if (vgdb_threads[i].lwpid == pid) { 453 assert (!pid_found); 454 assert (i == 1); 455 pid_found = True; 456 } else { 457 if (!attach(vgdb_threads[i].lwpid, "attach_thread")) { 458 ERROR(0, "ERROR attach pid %d tid %d\n", 459 vgdb_threads[i].lwpid, i); 460 return False; 461 } 462 } 463 } 464 } 465 /* If we found no thread, it means the process is stopping, and 466 we better do not force anything to happen during that. */ 467 if (nr_live_threads > 0) 468 return True; 469 else 470 return False; 471} 472 473static 474void detach_from_all_threads (pid_t pid) 475{ 476 int i; 477 long res; 478 Bool pid_found = False; 479 480 /* detach from all the threads */ 481 for (i = 1; i < VG_N_THREADS; i++) { 482 if (vgdb_threads[i].status != VgTs_Empty) { 483 if (vgdb_threads[i].status == VgTs_Init 484 && vgdb_threads[i].lwpid == 0) { 485 DEBUG(1, "skipping PTRACE_DETACH pid %d tid %d status %s\n", 486 vgdb_threads[i].lwpid, i, 487 name_of_ThreadStatus (vgdb_threads[i].status)); 488 } else { 489 if (vgdb_threads[i].lwpid == pid) { 490 assert (!pid_found); 491 pid_found = True; 492 } 493 DEBUG(1, "PTRACE_DETACH pid %d tid %d status %s\n", 494 vgdb_threads[i].lwpid, i, 495 name_of_ThreadStatus (vgdb_threads[i].status)); 496 res = ptrace (PTRACE_DETACH, vgdb_threads[i].lwpid, NULL, NULL); 497 if (res != 0) { 498 ERROR(errno, "PTRACE_DETACH pid %d tid %d status %s res %ld\n", 499 vgdb_threads[i].lwpid, i, 500 name_of_ThreadStatus (vgdb_threads[i].status), 501 res); 502 } 503 } 504 } 505 } 506 507 if (!pid_found && pid) { 508 /* No threads are live. Process is busy stopping. 509 We need to detach from pid explicitely. */ 510 DEBUG(1, "no thread live => PTRACE_DETACH pid %d\n", pid); 511 res = ptrace (PTRACE_DETACH, pid, NULL, NULL); 512 if (res != 0) 513 ERROR(errno, "PTRACE_DETACH pid %d res %ld\n", pid, res); 514 } 515} 516 517# if defined(VGA_arm64) 518static struct user_pt_regs user_save; 519# else 520static struct user user_save; 521# endif 522// The below indicates if ptrace_getregs (and ptrace_setregs) can be used. 523// Note that some linux versions are defining PTRACE_GETREGS but using 524// it gives back EIO. 525// has_working_ptrace_getregs can take the following values: 526// -1 : PTRACE_GETREGS is defined 527// runtime check not yet done. 528// 0 : PTRACE_GETREGS runtime check has failed. 529// 1 : PTRACE_GETREGS defined and runtime check ok. 530#ifdef HAVE_PTRACE_GETREGS 531static int has_working_ptrace_getregs = -1; 532#endif 533// Similar but for PTRACE_GETREGSET 534#ifdef HAVE_PTRACE_GETREGSET 535static int has_working_ptrace_getregset = -1; 536#endif 537 538/* Get the registers from pid into regs. 539 regs_bsz value gives the length of *regs. 540 Returns True if all ok, otherwise False. */ 541static 542Bool getregs (pid_t pid, void *regs, long regs_bsz) 543{ 544 DEBUG(1, "getregs regs_bsz %ld\n", regs_bsz); 545# ifdef HAVE_PTRACE_GETREGSET 546# ifndef USE_PTRACE_GETREGSET 547 if (has_working_ptrace_getregset) 548 DEBUG(1, "PTRACE_GETREGSET defined, not used (yet?) by vgdb\n"); 549 has_working_ptrace_getregset = 0; 550# endif 551 if (has_working_ptrace_getregset) { 552 // Platforms having GETREGSET 553 long res; 554 elf_gregset_t elf_regs; 555 struct iovec iovec; 556 557 DEBUG(1, "getregs PTRACE_GETREGSET sizeof(elf_regs) %d\n", sizeof(elf_regs)); 558 iovec.iov_base = regs; 559 iovec.iov_len = sizeof(elf_regs); 560 561 res = ptrace (PTRACE_GETREGSET, pid, NT_PRSTATUS, &iovec); 562 if (res == 0) { 563 if (has_working_ptrace_getregset == -1) { 564 // First call to PTRACE_GETREGSET succesful => 565 has_working_ptrace_getregset = 1; 566 DEBUG(1, "detected a working PTRACE_GETREGSET\n"); 567 } 568 assert (has_working_ptrace_getregset == 1); 569 return True; 570 } 571 else if (has_working_ptrace_getregset == 1) { 572 // We had a working call, but now it fails. 573 // This is unexpected. 574 ERROR(errno, "PTRACE_GETREGSET %ld\n", res); 575 return False; 576 } else { 577 // Check this is the first call: 578 assert (has_working_ptrace_getregset == -1); 579 if (errno == EIO) { 580 DEBUG(1, "detected a broken PTRACE_GETREGSET with EIO\n"); 581 has_working_ptrace_getregset = 0; 582 // Fall over to the PTRACE_GETREGS or PTRACE_PEEKUSER case. 583 } else { 584 ERROR(errno, "broken PTRACE_GETREGSET unexpected errno %ld\n", res); 585 return False; 586 } 587 } 588 } 589# endif 590 591# ifdef HAVE_PTRACE_GETREGS 592 if (has_working_ptrace_getregs) { 593 // Platforms having GETREGS 594 long res; 595 DEBUG(1, "getregs PTRACE_GETREGS\n"); 596 res = ptrace (PTRACE_GETREGS, pid, NULL, regs); 597 if (res == 0) { 598 if (has_working_ptrace_getregs == -1) { 599 // First call to PTRACE_GETREGS succesful => 600 has_working_ptrace_getregs = 1; 601 DEBUG(1, "detected a working PTRACE_GETREGS\n"); 602 } 603 assert (has_working_ptrace_getregs == 1); 604 return True; 605 } 606 else if (has_working_ptrace_getregs == 1) { 607 // We had a working call, but now it fails. 608 // This is unexpected. 609 ERROR(errno, "PTRACE_GETREGS %ld\n", res); 610 return False; 611 } else { 612 // Check this is the first call: 613 assert (has_working_ptrace_getregs == -1); 614 if (errno == EIO) { 615 DEBUG(1, "detected a broken PTRACE_GETREGS with EIO\n"); 616 has_working_ptrace_getregs = 0; 617 // Fall over to the PTRACE_PEEKUSER case. 618 } else { 619 ERROR(errno, "broken PTRACE_GETREGS unexpected errno %ld\n", res); 620 return False; 621 } 622 } 623 } 624# endif 625 626 // We assume PTRACE_PEEKUSER is defined everywhere. 627 { 628# ifdef PT_ENDREGS 629 long peek_bsz = PT_ENDREGS; 630 assert (peek_bsz <= regs_bsz); 631# else 632 long peek_bsz = regs_bsz-1; 633# endif 634 char *pregs = (char *) regs; 635 long offset; 636 errno = 0; 637 DEBUG(1, "getregs PTRACE_PEEKUSER(s) peek_bsz %ld\n", peek_bsz); 638 for (offset = 0; offset < peek_bsz; offset = offset + sizeof(long)) { 639 *(long *)(pregs+offset) = ptrace(PTRACE_PEEKUSER, pid, offset, NULL); 640 if (errno != 0) { 641 ERROR(errno, "PTRACE_PEEKUSER offset %ld\n", offset); 642 return False; 643 } 644 } 645 return True; 646 } 647 648 // If neither of PTRACE_GETREGSET PTRACE_GETREGS PTRACE_PEEKUSER have 649 // returned, then we are in serious trouble. 650 assert (0); 651} 652 653/* Set the registers of pid to regs. 654 regs_bsz value gives the length of *regs. 655 Returns True if all ok, otherwise False. */ 656static 657Bool setregs (pid_t pid, void *regs, long regs_bsz) 658{ 659 DEBUG(1, "setregs regs_bsz %ld\n", regs_bsz); 660 661// Note : the below is checking for GETREGSET, not SETREGSET 662// as if one is defined and working, the other one should also work. 663# ifdef HAVE_PTRACE_GETREGSET 664 if (has_working_ptrace_getregset) { 665 // Platforms having SETREGSET 666 long res; 667 elf_gregset_t elf_regs; 668 struct iovec iovec; 669 670 // setregset can never be called before getregset has done a runtime check. 671 assert (has_working_ptrace_getregset == 1); 672 DEBUG(1, "setregs PTRACE_SETREGSET sizeof(elf_regs) %d\n", sizeof(elf_regs)); 673 iovec.iov_base = regs; 674 iovec.iov_len = sizeof(elf_regs); 675 res = ptrace (PTRACE_SETREGSET, pid, NT_PRSTATUS, &iovec); 676 if (res != 0) { 677 ERROR(errno, "PTRACE_SETREGSET %ld\n", res); 678 return False; 679 } 680 return True; 681 } 682# endif 683 684// Note : the below is checking for GETREGS, not SETREGS 685// as if one is defined and working, the other one should also work. 686# ifdef HAVE_PTRACE_GETREGS 687 if (has_working_ptrace_getregs) { 688 // Platforms having SETREGS 689 long res; 690 // setregs can never be called before getregs has done a runtime check. 691 assert (has_working_ptrace_getregs == 1); 692 DEBUG(1, "setregs PTRACE_SETREGS\n"); 693 res = ptrace (PTRACE_SETREGS, pid, NULL, regs); 694 if (res != 0) { 695 ERROR(errno, "PTRACE_SETREGS %ld\n", res); 696 return False; 697 } 698 return True; 699 } 700# endif 701 702 { 703 char *pregs = (char *) regs; 704 long offset; 705 long res; 706# ifdef PT_ENDREGS 707 long peek_bsz = PT_ENDREGS; 708 assert (peek_bsz <= regs_bsz); 709# else 710 long peek_bsz = regs_bsz-1; 711# endif 712 errno = 0; 713 DEBUG(1, "setregs PTRACE_POKEUSER(s) %ld\n", peek_bsz); 714 for (offset = 0; offset < peek_bsz; offset = offset + sizeof(long)) { 715 res = ptrace(PTRACE_POKEUSER, pid, offset, *(long*)(pregs+offset)); 716 if (errno != 0) { 717 ERROR(errno, "PTRACE_POKEUSER offset %ld res %ld\n", offset, res); 718 return False; 719 } 720 } 721 return True; 722 } 723 724 // If neither PTRACE_SETREGS not PTRACE_POKEUSER have returned, 725 // then we are in serious trouble. 726 assert (0); 727} 728 729/* Restore the registers to the saved value, then detaches from all threads */ 730static 731void restore_and_detach (pid_t pid) 732{ 733 int res; 734 735 DEBUG(1, "restore_and_detach pid %d pid_of_save_regs %d\n", 736 pid, pid_of_save_regs); 737 738 if (pid_of_save_regs) { 739 /* In case the 'main pid' has been continued, we need to stop it 740 before resetting the registers. */ 741 if (pid_of_save_regs_continued) { 742 pid_of_save_regs_continued = False; 743 if (!stop(pid_of_save_regs, "sigstop before reset regs")) 744 DEBUG(0, "Could not sigstop before reset"); 745 } 746 747 DEBUG(1, "setregs restore registers pid %d\n", pid_of_save_regs); 748 if (!setregs(pid_of_save_regs, &user_save.regs, sizeof(user_save.regs))) { 749 ERROR(errno, "setregs restore registers pid %d after cont\n", 750 pid_of_save_regs); 751 } 752 753 /* Now, we transmit all the signals we have queued. */ 754 if (signal_queue_sz > 0) { 755 int i; 756 for (i = 0; i < signal_queue_sz; i++) { 757 DEBUG(1, "PTRACE_CONT to transmit queued signal %d\n", 758 signal_queue[i].si_signo); 759 res = ptrace (PTRACE_CONT, pid_of_save_regs, NULL, 760 signal_queue[i].si_signo); 761 if (res != 0) 762 ERROR(errno, "PTRACE_CONT with signal %d\n", 763 signal_queue[i].si_signo); 764 if (!stop(pid_of_save_regs, "sigstop after transmit sig")) 765 DEBUG(0, "Could not sigstop after transmit sig"); 766 } 767 free (signal_queue); 768 signal_queue = NULL; 769 signal_queue_sz = 0; 770 } 771 pid_of_save_regs = 0; 772 } else { 773 DEBUG(1, "PTRACE_SETREGS restore registers: no pid\n"); 774 } 775 if (signal_queue) 776 ERROR (0, "One or more signals queued were not delivered. " 777 "First signal: %d\n", signal_queue[0].si_signo); 778 detach_from_all_threads(pid); 779} 780 781Bool invoker_invoke_gdbserver (pid_t pid) 782{ 783 long res; 784 Bool stopped; 785# if defined(VGA_arm64) 786 struct user_pt_regs user_mod; 787# else 788 struct user user_mod; 789# endif 790 Addr sp; 791 /* A specific int value is passed to invoke_gdbserver, to check 792 everything goes according to the plan. */ 793 const int check = 0x8BADF00D; // ate bad food. 794 795 const Addr bad_return = 0; 796 // A bad return address will be pushed on the stack. 797 // The function invoke_gdbserver cannot return. If ever it returns, a NULL 798 // address pushed on the stack should ensure this is detected. 799 800 /* Not yet attached. If problem, vgdb can abort, 801 no cleanup needed. */ 802 803 DEBUG(1, "attach to 'main' pid %d\n", pid); 804 if (!attach(pid, "attach main pid")) { 805 ERROR(0, "error attach main pid %d\n", pid); 806 return False; 807 } 808 809 /* Now, we are attached. If problem, detach and return. */ 810 811 if (!acquire_and_suspend_threads(pid)) { 812 detach_from_all_threads(pid); 813 /* if the pid does not exist anymore, we better stop */ 814 if (kill(pid, 0) != 0) 815 XERROR (errno, "invoke_gdbserver: check for pid %d existence failed\n", 816 pid); 817 return False; 818 } 819 820 if (!getregs(pid, &user_mod.regs, sizeof(user_mod.regs))) { 821 detach_from_all_threads(pid); 822 return False; 823 } 824 user_save = user_mod; 825 826#if defined(VGA_x86) 827 sp = user_mod.regs.esp; 828#elif defined(VGA_amd64) 829 sp = user_mod.regs.rsp; 830 if (shared32 != NULL) { 831 /* 64bit vgdb speaking with a 32bit executable. 832 To have system call restart properly, we need to sign extend rax. 833 For more info: 834 web search '[patch] Fix syscall restarts for amd64->i386 biarch' 835 e.g. http://sourceware.org/ml/gdb-patches/2009-11/msg00592.html */ 836 *(long *)&user_save.regs.rax = *(int*)&user_save.regs.rax; 837 DEBUG(1, "Sign extending %8.8lx to %8.8lx\n", 838 user_mod.regs.rax, user_save.regs.rax); 839 } 840#elif defined(VGA_arm) 841 sp = user_mod.regs.uregs[13]; 842#elif defined(VGA_arm64) 843 sp = user_mod.sp; 844#elif defined(VGA_ppc32) 845 sp = user_mod.regs.gpr[1]; 846#elif defined(VGA_ppc64) 847 sp = user_mod.regs.gpr[1]; 848#elif defined(VGA_s390x) 849 sp = user_mod.regs.gprs[15]; 850#elif defined(VGA_mips32) 851 long long *p = (long long *)user_mod.regs; 852 sp = p[29]; 853#elif defined(VGA_mips64) 854 sp = user_mod.regs[29]; 855#else 856 I_die_here : (sp) architecture missing in vgdb.c 857#endif 858 859 860 // the magic below is derived from spying what gdb sends to 861 // the (classical) gdbserver when invoking a C function. 862 if (shared32 != NULL) { 863 // vgdb speaking with a 32bit executable. 864#if defined(VGA_x86) || defined(VGA_amd64) 865 const int regsize = 4; 866 int rw; 867 /* push check arg on the stack */ 868 sp = sp - regsize; 869 DEBUG(1, "push check arg ptrace_write_memory\n"); 870 assert(regsize == sizeof(check)); 871 rw = ptrace_write_memory(pid, sp, 872 &check, 873 regsize); 874 if (rw != 0) { 875 ERROR(rw, "push check arg ptrace_write_memory"); 876 detach_from_all_threads(pid); 877 return False; 878 } 879 880 sp = sp - regsize; 881 DEBUG(1, "push bad_return return address ptrace_write_memory\n"); 882 // Note that for a 64 bits vgdb, only 4 bytes of NULL bad_return 883 // are written. 884 rw = ptrace_write_memory(pid, sp, 885 &bad_return, 886 regsize); 887 if (rw != 0) { 888 ERROR(rw, "push bad_return return address ptrace_write_memory"); 889 detach_from_all_threads(pid); 890 return False; 891 } 892#if defined(VGA_x86) 893 /* set ebp, esp, eip and orig_eax to invoke gdbserver */ 894 // compiled in 32bits, speaking with a 32bits exe 895 user_mod.regs.ebp = sp; // bp set to sp 896 user_mod.regs.esp = sp; 897 user_mod.regs.eip = shared32->invoke_gdbserver; 898 user_mod.regs.orig_eax = -1L; 899#elif defined(VGA_amd64) 900 /* set ebp, esp, eip and orig_eax to invoke gdbserver */ 901 // compiled in 64bits, speaking with a 32bits exe 902 user_mod.regs.rbp = sp; // bp set to sp 903 user_mod.regs.rsp = sp; 904 user_mod.regs.rip = shared32->invoke_gdbserver; 905 user_mod.regs.orig_rax = -1L; 906#else 907 I_die_here : not x86 or amd64 in x86/amd64 section/ 908#endif 909 910#elif defined(VGA_ppc32) || defined(VGA_ppc64) 911 user_mod.regs.nip = shared32->invoke_gdbserver; 912 user_mod.regs.trap = -1L; 913 /* put check arg in register 3 */ 914 user_mod.regs.gpr[3] = check; 915 /* put NULL return address in Link Register */ 916 user_mod.regs.link = bad_return; 917 918#elif defined(VGA_arm) 919 /* put check arg in register 0 */ 920 user_mod.regs.uregs[0] = check; 921 /* put NULL return address in Link Register */ 922 user_mod.regs.uregs[14] = bad_return; 923 user_mod.regs.uregs[15] = shared32->invoke_gdbserver; 924 925#elif defined(VGA_arm64) 926 XERROR(0, "TBD arm64: vgdb a 32 bits executable with a 64 bits exe"); 927 928#elif defined(VGA_s390x) 929 XERROR(0, "(fn32) s390x has no 32bits implementation"); 930#elif defined(VGA_mips32) 931 /* put check arg in register 4 */ 932 p[4] = check; 933 /* put NULL return address in ra */ 934 p[31] = bad_return; 935 p[34] = shared32->invoke_gdbserver; 936 p[25] = shared32->invoke_gdbserver; 937 /* make stack space for args */ 938 p[29] = sp - 32; 939 940#elif defined(VGA_mips64) 941 assert(0); // cannot vgdb a 32 bits executable with a 64 bits exe 942#else 943 I_die_here : architecture missing in vgdb.c 944#endif 945 } 946 947 else if (shared64 != NULL) { 948#if defined(VGA_x86) 949 assert(0); // cannot vgdb a 64 bits executable with a 32 bits exe 950#elif defined(VGA_amd64) 951 // vgdb speaking with a 64 bit executable. 952 const int regsize = 8; 953 int rw; 954 955 /* give check arg in rdi */ 956 user_mod.regs.rdi = check; 957 958 /* push return address on stack : return to breakaddr */ 959 sp = sp - regsize; 960 DEBUG(1, "push bad_return return address ptrace_write_memory\n"); 961 rw = ptrace_write_memory(pid, sp, 962 &bad_return, 963 sizeof(bad_return)); 964 if (rw != 0) { 965 ERROR(rw, "push bad_return return address ptrace_write_memory"); 966 detach_from_all_threads(pid); 967 return False; 968 } 969 970 /* set rbp, rsp, rip and orig_rax to invoke gdbserver */ 971 user_mod.regs.rbp = sp; // bp set to sp 972 user_mod.regs.rsp = sp; 973 user_mod.regs.rip = shared64->invoke_gdbserver; 974 user_mod.regs.orig_rax = -1L; 975 976#elif defined(VGA_arm) 977 assert(0); // cannot vgdb a 64 bits executable with a 32 bits exe 978#elif defined(VGA_arm64) 979 user_mod.regs[0] = check; 980 user_mod.sp = sp; 981 user_mod.pc = shared64->invoke_gdbserver; 982 /* put NULL return address in Link Register */ 983 user_mod.regs[30] = bad_return; 984 985#elif defined(VGA_ppc32) 986 assert(0); // cannot vgdb a 64 bits executable with a 32 bits exe 987#elif defined(VGA_ppc64) 988 Addr64 func_addr; 989 Addr64 toc_addr; 990 int rw; 991 rw = ptrace_read_memory(pid, shared64->invoke_gdbserver, 992 &func_addr, 993 sizeof(Addr64)); 994 if (rw != 0) { 995 ERROR(rw, "ppc64 read func_addr\n"); 996 detach_from_all_threads(pid); 997 return False; 998 } 999 rw = ptrace_read_memory(pid, shared64->invoke_gdbserver+8, 1000 &toc_addr, 1001 sizeof(Addr64)); 1002 if (rw != 0) { 1003 ERROR(rw, "ppc64 read toc_addr\n"); 1004 detach_from_all_threads(pid); 1005 return False; 1006 } 1007 // We are not pushing anything on the stack, so it is not 1008 // very clear why the sp has to be decreased, but it seems 1009 // needed. The ppc64 ABI might give some lights on this ? 1010 user_mod.regs.gpr[1] = sp - 220; 1011 user_mod.regs.gpr[2] = toc_addr; 1012 user_mod.regs.nip = func_addr; 1013 user_mod.regs.trap = -1L; 1014 /* put check arg in register 3 */ 1015 user_mod.regs.gpr[3] = check; 1016 /* put bad_return return address in Link Register */ 1017 user_mod.regs.link = bad_return; 1018#elif defined(VGA_s390x) 1019 /* put check arg in register r2 */ 1020 user_mod.regs.gprs[2] = check; 1021 /* bad_return Return address is in r14 */ 1022 user_mod.regs.gprs[14] = bad_return; 1023 /* minimum stack frame */ 1024 sp = sp - 160; 1025 user_mod.regs.gprs[15] = sp; 1026 /* set program counter */ 1027 user_mod.regs.psw.addr = shared64->invoke_gdbserver; 1028#elif defined(VGA_mips32) 1029 assert(0); // cannot vgdb a 64 bits executable with a 32 bits exe 1030#elif defined(VGA_mips64) 1031 /* put check arg in register 4 */ 1032 user_mod.regs[4] = check; 1033 /* put NULL return address in ra */ 1034 user_mod.regs[31] = bad_return; 1035 user_mod.regs[34] = shared64->invoke_gdbserver; 1036 user_mod.regs[25] = shared64->invoke_gdbserver; 1037#else 1038 I_die_here: architecture missing in vgdb.c 1039#endif 1040 } 1041 else { 1042 assert(0); 1043 } 1044 1045 if (!setregs(pid, &user_mod.regs, sizeof(user_mod.regs))) { 1046 detach_from_all_threads(pid); 1047 return False; 1048 } 1049 /* Now that we have modified the registers, we set 1050 pid_of_save_regs to indicate that restore_and_detach 1051 must restore the registers in case of cleanup. */ 1052 pid_of_save_regs = pid; 1053 pid_of_save_regs_continued = False; 1054 1055 1056 /* We PTRACE_CONT-inue pid. 1057 Either gdbserver will be invoked directly (if all 1058 threads are interruptible) or gdbserver will be 1059 called soon by the scheduler. In the first case, 1060 pid will stop on the break inserted above when 1061 gdbserver returns. In the 2nd case, the break will 1062 be encountered directly. */ 1063 DEBUG(1, "PTRACE_CONT to invoke\n"); 1064 res = ptrace (PTRACE_CONT, pid, NULL, NULL); 1065 if (res != 0) { 1066 ERROR(errno, "PTRACE_CONT\n"); 1067 restore_and_detach(pid); 1068 return False; 1069 } 1070 pid_of_save_regs_continued = True; 1071 /* Wait for SIGSTOP generated by m_gdbserver.c give_control_back_to_vgdb */ 1072 stopped = waitstopped (pid, SIGSTOP, 1073 "waitpid status after PTRACE_CONT to invoke"); 1074 if (stopped) { 1075 /* Here pid has properly stopped on the break. */ 1076 pid_of_save_regs_continued = False; 1077 restore_and_detach(pid); 1078 return True; 1079 } else { 1080 /* Whatever kind of problem happened. We shutdown. */ 1081 shutting_down = True; 1082 return False; 1083 } 1084} 1085 1086void invoker_cleanup_restore_and_detach(void *v_pid) 1087{ 1088 DEBUG(1, "invoker_cleanup_restore_and_detach dying: %d\n", dying); 1089 if (!dying) 1090 restore_and_detach(*(int*)v_pid); 1091} 1092 1093void invoker_restrictions_msg(void) 1094{ 1095} 1096 1097void invoker_valgrind_dying(void) 1098{ 1099 /* Avoid messing up with registers of valgrind when it is dying. */ 1100 pid_of_save_regs_continued = False; 1101 dying = True; 1102} 1103