trace.c revision b420a226cd2fc5d6028adcaf236c512a1f1fb437
1/* 2 * This file is part of ltrace. 3 * Copyright (C) 2007,2011,2012,2013 Petr Machata, Red Hat Inc. 4 * Copyright (C) 2010 Joe Damato 5 * Copyright (C) 1998,2002,2003,2004,2008,2009 Juan Cespedes 6 * Copyright (C) 2006 Ian Wienand 7 * 8 * This program is free software; you can redistribute it and/or 9 * modify it under the terms of the GNU General Public License as 10 * published by the Free Software Foundation; either version 2 of the 11 * License, or (at your option) any later version. 12 * 13 * This program is distributed in the hope that it will be useful, but 14 * WITHOUT ANY WARRANTY; without even the implied warranty of 15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 16 * General Public License for more details. 17 * 18 * You should have received a copy of the GNU General Public License 19 * along with this program; if not, write to the Free Software 20 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 21 * 02110-1301 USA 22 */ 23 24#include "config.h" 25 26#include <asm/unistd.h> 27#include <assert.h> 28#include <errno.h> 29#include <gelf.h> 30#include <stdbool.h> 31#include <stdio.h> 32#include <stdlib.h> 33#include <string.h> 34#include <sys/types.h> 35#include <sys/wait.h> 36#include <unistd.h> 37 38#ifdef HAVE_LIBSELINUX 39# include <selinux/selinux.h> 40#endif 41 42#include "linux-gnu/trace-defs.h" 43#include "linux-gnu/trace.h" 44#include "backend.h" 45#include "breakpoint.h" 46#include "debug.h" 47#include "events.h" 48#include "ltrace-elf.h" 49#include "options.h" 50#include "proc.h" 51#include "ptrace.h" 52#include "type.h" 53 54void 55trace_fail_warning(pid_t pid) 56{ 57 /* This was adapted from GDB. */ 58#ifdef HAVE_LIBSELINUX 59 static int checked = 0; 60 if (checked) 61 return; 62 checked = 1; 63 64 /* -1 is returned for errors, 0 if it has no effect, 1 if 65 * PTRACE_ATTACH is forbidden. */ 66 if (security_get_boolean_active("deny_ptrace") == 1) 67 fprintf(stderr, 68"The SELinux boolean 'deny_ptrace' is enabled, which may prevent ltrace from\n" 69"tracing other processes. You can disable this process attach protection by\n" 70"issuing 'setsebool deny_ptrace=0' in the superuser context.\n"); 71#endif /* HAVE_LIBSELINUX */ 72} 73 74void 75trace_me(void) 76{ 77 debug(DEBUG_PROCESS, "trace_me: pid=%d", getpid()); 78 if (ptrace(PTRACE_TRACEME, 0, 0, 0) < 0) { 79 perror("PTRACE_TRACEME"); 80 trace_fail_warning(getpid()); 81 exit(1); 82 } 83} 84 85/* There's a (hopefully) brief period of time after the child process 86 * forks when we can't trace it yet. Here we wait for kernel to 87 * prepare the process. */ 88int 89wait_for_proc(pid_t pid) 90{ 91 /* man ptrace: PTRACE_ATTACH attaches to the process specified 92 in pid. The child is sent a SIGSTOP, but will not 93 necessarily have stopped by the completion of this call; 94 use wait() to wait for the child to stop. */ 95 if (waitpid(pid, NULL, __WALL) != pid) { 96 perror ("trace_pid: waitpid"); 97 return -1; 98 } 99 100 return 0; 101} 102 103int 104trace_pid(pid_t pid) 105{ 106 debug(DEBUG_PROCESS, "trace_pid: pid=%d", pid); 107 /* This shouldn't emit error messages, as there are legitimate 108 * reasons that the PID can't be attached: like it may have 109 * already ended. */ 110 if (ptrace(PTRACE_ATTACH, pid, 0, 0) < 0) 111 return -1; 112 113 return wait_for_proc(pid); 114} 115 116void 117trace_set_options(struct process *proc) 118{ 119 if (proc->tracesysgood & 0x80) 120 return; 121 122 pid_t pid = proc->pid; 123 debug(DEBUG_PROCESS, "trace_set_options: pid=%d", pid); 124 125 long options = PTRACE_O_TRACESYSGOOD | PTRACE_O_TRACEFORK | 126 PTRACE_O_TRACEVFORK | PTRACE_O_TRACECLONE | 127 PTRACE_O_TRACEEXEC; 128 if (ptrace(PTRACE_SETOPTIONS, pid, 0, (void *)options) < 0 && 129 ptrace(PTRACE_OLDSETOPTIONS, pid, 0, (void *)options) < 0) { 130 perror("PTRACE_SETOPTIONS"); 131 return; 132 } 133 proc->tracesysgood |= 0x80; 134} 135 136void 137untrace_pid(pid_t pid) { 138 debug(DEBUG_PROCESS, "untrace_pid: pid=%d", pid); 139 ptrace(PTRACE_DETACH, pid, 0, 0); 140} 141 142void 143continue_after_signal(pid_t pid, int signum) 144{ 145 debug(DEBUG_PROCESS, "continue_after_signal: pid=%d, signum=%d", 146 pid, signum); 147 ptrace(PTRACE_SYSCALL, pid, 0, (void *)(uintptr_t)signum); 148} 149 150static enum ecb_status 151event_for_pid(Event *event, void *data) 152{ 153 if (event->proc != NULL && event->proc->pid == (pid_t)(uintptr_t)data) 154 return ECB_YIELD; 155 return ECB_CONT; 156} 157 158static int 159have_events_for(pid_t pid) 160{ 161 return each_qd_event(event_for_pid, (void *)(uintptr_t)pid) != NULL; 162} 163 164void 165continue_process(pid_t pid) 166{ 167 debug(DEBUG_PROCESS, "continue_process: pid=%d", pid); 168 169 /* Only really continue the process if there are no events in 170 the queue for this process. Otherwise just wait for the 171 other events to arrive. */ 172 if (!have_events_for(pid)) 173 /* We always trace syscalls to control fork(), 174 * clone(), execve()... */ 175 ptrace(PTRACE_SYSCALL, pid, 0, 0); 176 else 177 debug(DEBUG_PROCESS, 178 "putting off the continue, events in que."); 179} 180 181static struct pid_task * 182get_task_info(struct pid_set *pids, pid_t pid) 183{ 184 assert(pid != 0); 185 size_t i; 186 for (i = 0; i < pids->count; ++i) 187 if (pids->tasks[i].pid == pid) 188 return &pids->tasks[i]; 189 190 return NULL; 191} 192 193static struct pid_task * 194add_task_info(struct pid_set *pids, pid_t pid) 195{ 196 if (pids->count == pids->alloc) { 197 size_t ns = (2 * pids->alloc) ?: 4; 198 struct pid_task *n = realloc(pids->tasks, 199 sizeof(*pids->tasks) * ns); 200 if (n == NULL) 201 return NULL; 202 pids->tasks = n; 203 pids->alloc = ns; 204 } 205 struct pid_task * task_info = &pids->tasks[pids->count++]; 206 memset(task_info, 0, sizeof(*task_info)); 207 task_info->pid = pid; 208 return task_info; 209} 210 211static enum callback_status 212task_stopped(struct process *task, void *data) 213{ 214 enum process_status st = process_status(task->pid); 215 if (data != NULL) 216 *(enum process_status *)data = st; 217 218 /* If the task is already stopped, don't worry about it. 219 * Likewise if it managed to become a zombie or terminate in 220 * the meantime. This can happen when the whole thread group 221 * is terminating. */ 222 switch (st) { 223 case PS_INVALID: 224 case PS_TRACING_STOP: 225 case PS_ZOMBIE: 226 return CBS_CONT; 227 case PS_SLEEPING: 228 case PS_STOP: 229 case PS_OTHER: 230 return CBS_STOP; 231 } 232 233 abort (); 234} 235 236/* Task is blocked if it's stopped, or if it's a vfork parent. */ 237static enum callback_status 238task_blocked(struct process *task, void *data) 239{ 240 struct pid_set *pids = data; 241 struct pid_task *task_info = get_task_info(pids, task->pid); 242 if (task_info != NULL 243 && task_info->vforked) 244 return CBS_CONT; 245 246 return task_stopped(task, NULL); 247} 248 249static Event *process_vfork_on_event(struct event_handler *super, Event *event); 250 251static enum callback_status 252task_vforked(struct process *task, void *data) 253{ 254 if (task->event_handler != NULL 255 && task->event_handler->on_event == &process_vfork_on_event) 256 return CBS_STOP; 257 return CBS_CONT; 258} 259 260static int 261is_vfork_parent(struct process *task) 262{ 263 return each_task(task->leader, NULL, &task_vforked, NULL) != NULL; 264} 265 266static enum callback_status 267send_sigstop(struct process *task, void *data) 268{ 269 struct process *leader = task->leader; 270 struct pid_set *pids = data; 271 272 /* Look for pre-existing task record, or add new. */ 273 struct pid_task *task_info = get_task_info(pids, task->pid); 274 if (task_info == NULL) 275 task_info = add_task_info(pids, task->pid); 276 if (task_info == NULL) { 277 perror("send_sigstop: add_task_info"); 278 destroy_event_handler(leader); 279 /* Signal failure upwards. */ 280 return CBS_STOP; 281 } 282 283 /* This task still has not been attached to. It should be 284 stopped by the kernel. */ 285 if (task->state == STATE_BEING_CREATED) 286 return CBS_CONT; 287 288 /* Don't bother sending SIGSTOP if we are already stopped, or 289 * if we sent the SIGSTOP already, which happens when we are 290 * handling "onexit" and inherited the handler from breakpoint 291 * re-enablement. */ 292 enum process_status st; 293 if (task_stopped(task, &st) == CBS_CONT) 294 return CBS_CONT; 295 if (task_info->sigstopped) { 296 if (!task_info->delivered) 297 return CBS_CONT; 298 task_info->delivered = 0; 299 } 300 301 /* Also don't attempt to stop the process if it's a parent of 302 * vforked process. We set up event handler specially to hint 303 * us. In that case parent is in D state, which we use to 304 * weed out unnecessary looping. */ 305 if (st == PS_SLEEPING 306 && is_vfork_parent(task)) { 307 task_info->vforked = 1; 308 return CBS_CONT; 309 } 310 311 if (task_kill(task->pid, SIGSTOP) >= 0) { 312 debug(DEBUG_PROCESS, "send SIGSTOP to %d", task->pid); 313 task_info->sigstopped = 1; 314 } else 315 fprintf(stderr, 316 "Warning: couldn't send SIGSTOP to %d\n", task->pid); 317 318 return CBS_CONT; 319} 320 321/* On certain kernels, detaching right after a singlestep causes the 322 tracee to be killed with a SIGTRAP (that even though the singlestep 323 was properly caught by waitpid. The ugly workaround is to put a 324 breakpoint where IP points and let the process continue. After 325 this the breakpoint can be retracted and the process detached. */ 326static void 327ugly_workaround(struct process *proc) 328{ 329 arch_addr_t ip = get_instruction_pointer(proc); 330 struct breakpoint *found; 331 if (DICT_FIND_VAL(proc->leader->breakpoints, &ip, &found) < 0) { 332 insert_breakpoint_at(proc, ip, NULL); 333 } else { 334 assert(found != NULL); 335 enable_breakpoint(proc, found); 336 } 337 ptrace(PTRACE_CONT, proc->pid, 0, 0); 338} 339 340static void 341process_stopping_done(struct process_stopping_handler *self, 342 struct process *leader) 343{ 344 debug(DEBUG_PROCESS, "process stopping done %d", 345 self->task_enabling_breakpoint->pid); 346 347 if (!self->exiting) { 348 size_t i; 349 for (i = 0; i < self->pids.count; ++i) 350 if (self->pids.tasks[i].pid != 0 351 && (self->pids.tasks[i].delivered 352 || self->pids.tasks[i].sysret)) 353 continue_process(self->pids.tasks[i].pid); 354 continue_process(self->task_enabling_breakpoint->pid); 355 } 356 357 if (self->exiting) { 358 ugly_workaround: 359 self->state = PSH_UGLY_WORKAROUND; 360 ugly_workaround(self->task_enabling_breakpoint); 361 } else { 362 switch ((self->ugly_workaround_p)(self)) { 363 case CBS_FAIL: 364 /* xxx handle me */ 365 case CBS_STOP: 366 break; 367 case CBS_CONT: 368 goto ugly_workaround; 369 } 370 destroy_event_handler(leader); 371 } 372} 373 374/* Before we detach, we need to make sure that task's IP is on the 375 * edge of an instruction. So for tasks that have a breakpoint event 376 * in the queue, we adjust the instruction pointer, just like 377 * continue_after_breakpoint does. */ 378static enum ecb_status 379undo_breakpoint(Event *event, void *data) 380{ 381 if (event != NULL 382 && event->proc->leader == data 383 && event->type == EVENT_BREAKPOINT) 384 set_instruction_pointer(event->proc, event->e_un.brk_addr); 385 return ECB_CONT; 386} 387 388static enum callback_status 389untrace_task(struct process *task, void *data) 390{ 391 if (task != data) 392 untrace_pid(task->pid); 393 return CBS_CONT; 394} 395 396static enum callback_status 397remove_task(struct process *task, void *data) 398{ 399 /* Don't untrace leader just yet. */ 400 if (task != data) 401 remove_process(task); 402 return CBS_CONT; 403} 404 405static enum callback_status 406retract_breakpoint_cb(struct process *proc, struct breakpoint *bp, void *data) 407{ 408 breakpoint_on_retract(bp, proc); 409 return CBS_CONT; 410} 411 412static void 413detach_process(struct process *leader) 414{ 415 each_qd_event(&undo_breakpoint, leader); 416 disable_all_breakpoints(leader); 417 proc_each_breakpoint(leader, NULL, retract_breakpoint_cb, NULL); 418 419 /* Now untrace the process, if it was attached to by -p. */ 420 struct opt_p_t *it; 421 for (it = opt_p; it != NULL; it = it->next) { 422 struct process *proc = pid2proc(it->pid); 423 if (proc == NULL) 424 continue; 425 if (proc->leader == leader) { 426 each_task(leader, NULL, &untrace_task, NULL); 427 break; 428 } 429 } 430 each_task(leader, NULL, &remove_task, leader); 431 destroy_event_handler(leader); 432 remove_task(leader, NULL); 433} 434 435static void 436handle_stopping_event(struct pid_task *task_info, Event **eventp) 437{ 438 /* Mark all events, so that we know whom to SIGCONT later. */ 439 if (task_info != NULL) 440 task_info->got_event = 1; 441 442 Event *event = *eventp; 443 444 /* In every state, sink SIGSTOP events for tasks that it was 445 * sent to. */ 446 if (task_info != NULL 447 && event->type == EVENT_SIGNAL 448 && event->e_un.signum == SIGSTOP) { 449 debug(DEBUG_PROCESS, "SIGSTOP delivered to %d", task_info->pid); 450 if (task_info->sigstopped 451 && !task_info->delivered) { 452 task_info->delivered = 1; 453 *eventp = NULL; // sink the event 454 } else 455 fprintf(stderr, "suspicious: %d got SIGSTOP, but " 456 "sigstopped=%d and delivered=%d\n", 457 task_info->pid, task_info->sigstopped, 458 task_info->delivered); 459 } 460} 461 462/* Some SIGSTOPs may have not been delivered to their respective tasks 463 * yet. They are still in the queue. If we have seen an event for 464 * that process, continue it, so that the SIGSTOP can be delivered and 465 * caught by ltrace. We don't mind that the process is after 466 * breakpoint (and therefore potentially doesn't have aligned IP), 467 * because the signal will be delivered without the process actually 468 * starting. */ 469static void 470continue_for_sigstop_delivery(struct pid_set *pids) 471{ 472 size_t i; 473 for (i = 0; i < pids->count; ++i) { 474 if (pids->tasks[i].pid != 0 475 && pids->tasks[i].sigstopped 476 && !pids->tasks[i].delivered 477 && pids->tasks[i].got_event) { 478 debug(DEBUG_PROCESS, "continue %d for SIGSTOP delivery", 479 pids->tasks[i].pid); 480 ptrace(PTRACE_SYSCALL, pids->tasks[i].pid, 0, 0); 481 } 482 } 483} 484 485static int 486event_exit_p(Event *event) 487{ 488 return event != NULL && (event->type == EVENT_EXIT 489 || event->type == EVENT_EXIT_SIGNAL); 490} 491 492static int 493event_exit_or_none_p(Event *event) 494{ 495 return event == NULL || event_exit_p(event) 496 || event->type == EVENT_NONE; 497} 498 499static int 500await_sigstop_delivery(struct pid_set *pids, struct pid_task *task_info, 501 Event *event) 502{ 503 /* If we still didn't get our SIGSTOP, continue the process 504 * and carry on. */ 505 if (event != NULL && !event_exit_or_none_p(event) 506 && task_info != NULL && task_info->sigstopped) { 507 debug(DEBUG_PROCESS, "continue %d for SIGSTOP delivery", 508 task_info->pid); 509 /* We should get the signal the first thing 510 * after this, so it should be OK to continue 511 * even if we are over a breakpoint. */ 512 ptrace(PTRACE_SYSCALL, task_info->pid, 0, 0); 513 514 } else { 515 /* If all SIGSTOPs were delivered, uninstall the 516 * handler and continue everyone. */ 517 /* XXX I suspect that we should check tasks that are 518 * still around. Is things are now, there should be a 519 * race between waiting for everyone to stop and one 520 * of the tasks exiting. */ 521 int all_clear = 1; 522 size_t i; 523 for (i = 0; i < pids->count; ++i) 524 if (pids->tasks[i].pid != 0 525 && pids->tasks[i].sigstopped 526 && !pids->tasks[i].delivered) { 527 all_clear = 0; 528 break; 529 } 530 return all_clear; 531 } 532 533 return 0; 534} 535 536static int 537all_stops_accountable(struct pid_set *pids) 538{ 539 size_t i; 540 for (i = 0; i < pids->count; ++i) 541 if (pids->tasks[i].pid != 0 542 && !pids->tasks[i].got_event 543 && !have_events_for(pids->tasks[i].pid)) 544 return 0; 545 return 1; 546} 547 548#ifndef ARCH_HAVE_SW_SINGLESTEP 549enum sw_singlestep_status 550arch_sw_singlestep(struct process *proc, struct breakpoint *bp, 551 int (*add_cb)(arch_addr_t, struct sw_singlestep_data *), 552 struct sw_singlestep_data *data) 553{ 554 return SWS_HW; 555} 556#endif 557 558static Event *process_stopping_on_event(struct event_handler *super, 559 Event *event); 560 561static void 562remove_sw_breakpoints(struct process *proc) 563{ 564 struct process_stopping_handler *self 565 = (void *)proc->leader->event_handler; 566 assert(self != NULL); 567 assert(self->super.on_event == process_stopping_on_event); 568 569 int ct = sizeof(self->sws_bps) / sizeof(*self->sws_bps); 570 int i; 571 for (i = 0; i < ct; ++i) 572 if (self->sws_bps[i] != NULL) { 573 delete_breakpoint_at(proc, self->sws_bps[i]->addr); 574 self->sws_bps[i] = NULL; 575 } 576} 577 578static void 579sw_singlestep_bp_on_hit(struct breakpoint *bp, struct process *proc) 580{ 581 remove_sw_breakpoints(proc); 582} 583 584struct sw_singlestep_data { 585 struct process_stopping_handler *self; 586}; 587 588static int 589sw_singlestep_add_bp(arch_addr_t addr, struct sw_singlestep_data *data) 590{ 591 struct process_stopping_handler *self = data->self; 592 struct process *proc = self->task_enabling_breakpoint; 593 594 int ct = sizeof(self->sws_bps) / sizeof(*self->sws_bps); 595 int i; 596 for (i = 0; i < ct; ++i) 597 if (self->sws_bps[i] == NULL) { 598 static struct bp_callbacks cbs = { 599 .on_hit = sw_singlestep_bp_on_hit, 600 }; 601 struct breakpoint *bp 602 = insert_breakpoint_at(proc, addr, NULL); 603 breakpoint_set_callbacks(bp, &cbs); 604 self->sws_bps[i] = bp; 605 return 0; 606 } 607 608 assert(!"Too many sw singlestep breakpoints!"); 609 abort(); 610} 611 612static int 613singlestep(struct process_stopping_handler *self) 614{ 615 size_t i; 616 for (i = 0; i < sizeof(self->sws_bps) / sizeof(*self->sws_bps); ++i) 617 self->sws_bps[i] = NULL; 618 619 struct sw_singlestep_data data = { self }; 620 switch (arch_sw_singlestep(self->task_enabling_breakpoint, 621 self->breakpoint_being_enabled, 622 &sw_singlestep_add_bp, &data)) { 623 case SWS_HW: 624 /* Otherwise do the default action: singlestep. */ 625 debug(1, "PTRACE_SINGLESTEP"); 626 if (ptrace(PTRACE_SINGLESTEP, 627 self->task_enabling_breakpoint->pid, 0, 0)) { 628 perror("PTRACE_SINGLESTEP"); 629 return -1; 630 } 631 return 0; 632 633 case SWS_OK: 634 return 0; 635 636 case SWS_FAIL: 637 return -1; 638 } 639 abort(); 640} 641 642static void 643post_singlestep(struct process_stopping_handler *self, 644 struct Event **eventp) 645{ 646 continue_for_sigstop_delivery(&self->pids); 647 648 if (*eventp != NULL && (*eventp)->type == EVENT_BREAKPOINT) 649 *eventp = NULL; // handled 650 651 struct process *proc = self->task_enabling_breakpoint; 652 653 remove_sw_breakpoints(proc); 654 self->breakpoint_being_enabled = NULL; 655} 656 657static void 658singlestep_error(struct process_stopping_handler *self) 659{ 660 struct process *teb = self->task_enabling_breakpoint; 661 struct breakpoint *sbp = self->breakpoint_being_enabled; 662 fprintf(stderr, "%d couldn't continue when handling %s (%p) at %p\n", 663 teb->pid, breakpoint_name(sbp), sbp->addr, 664 get_instruction_pointer(teb)); 665 delete_breakpoint_at(teb->leader, sbp->addr); 666} 667 668static void 669pt_continue(struct process_stopping_handler *self) 670{ 671 struct process *teb = self->task_enabling_breakpoint; 672 debug(1, "PTRACE_CONT"); 673 ptrace(PTRACE_CONT, teb->pid, 0, 0); 674} 675 676static void 677pt_singlestep(struct process_stopping_handler *self) 678{ 679 if (singlestep(self) < 0) 680 singlestep_error(self); 681} 682 683static void 684disable_and(struct process_stopping_handler *self, 685 void (*do_this)(struct process_stopping_handler *self)) 686{ 687 struct process *teb = self->task_enabling_breakpoint; 688 debug(DEBUG_PROCESS, "all stopped, now singlestep/cont %d", teb->pid); 689 if (self->breakpoint_being_enabled->enabled) 690 disable_breakpoint(teb, self->breakpoint_being_enabled); 691 (do_this)(self); 692 self->state = PSH_SINGLESTEP; 693} 694 695void 696linux_ptrace_disable_and_singlestep(struct process_stopping_handler *self) 697{ 698 disable_and(self, &pt_singlestep); 699} 700 701void 702linux_ptrace_disable_and_continue(struct process_stopping_handler *self) 703{ 704 disable_and(self, &pt_continue); 705} 706 707/* This event handler is installed when we are in the process of 708 * stopping the whole thread group to do the pointer re-enablement for 709 * one of the threads. We pump all events to the queue for later 710 * processing while we wait for all the threads to stop. When this 711 * happens, we let the re-enablement thread to PTRACE_SINGLESTEP, 712 * re-enable, and continue everyone. */ 713static Event * 714process_stopping_on_event(struct event_handler *super, Event *event) 715{ 716 struct process_stopping_handler *self = (void *)super; 717 struct process *task = event->proc; 718 struct process *leader = task->leader; 719 struct process *teb = self->task_enabling_breakpoint; 720 721 debug(DEBUG_PROCESS, 722 "process_stopping_on_event: pid %d; event type %d; state %d", 723 task->pid, event->type, self->state); 724 725 struct pid_task *task_info = get_task_info(&self->pids, task->pid); 726 if (task_info == NULL) 727 fprintf(stderr, "new task??? %d\n", task->pid); 728 handle_stopping_event(task_info, &event); 729 730 int state = self->state; 731 int event_to_queue = !event_exit_or_none_p(event); 732 733 /* Deactivate the entry if the task exits. */ 734 if (event_exit_p(event) && task_info != NULL) 735 task_info->pid = 0; 736 737 /* Always handle sysrets. Whether sysret occurred and what 738 * sys it rets from may need to be determined based on process 739 * stack, so we need to keep that in sync with reality. Note 740 * that we don't continue the process after the sysret is 741 * handled. See continue_after_syscall. */ 742 if (event != NULL && event->type == EVENT_SYSRET) { 743 debug(1, "%d LT_EV_SYSRET", event->proc->pid); 744 event_to_queue = 0; 745 if (task_info != NULL) 746 task_info->sysret = 1; 747 } 748 749 switch (state) { 750 case PSH_STOPPING: 751 /* If everyone is stopped, singlestep. */ 752 if (each_task(leader, NULL, &task_blocked, 753 &self->pids) == NULL) { 754 (self->on_all_stopped)(self); 755 state = self->state; 756 } 757 break; 758 759 case PSH_SINGLESTEP: 760 /* In singlestep state, breakpoint signifies that we 761 * have now stepped, and can re-enable the breakpoint. */ 762 if (event != NULL && task == teb) { 763 764 /* If this was caused by a real breakpoint, as 765 * opposed to a singlestep, assume that it's 766 * an artificial breakpoint installed for some 767 * reason for the re-enablement. In that case 768 * handle it. */ 769 if (event->type == EVENT_BREAKPOINT) { 770 arch_addr_t ip 771 = get_instruction_pointer(task); 772 struct breakpoint *other 773 = address2bpstruct(leader, ip); 774 if (other != NULL) 775 breakpoint_on_hit(other, task); 776 } 777 778 /* If we got SIGNAL instead of BREAKPOINT, 779 * then this is not singlestep at all. */ 780 if (event->type == EVENT_SIGNAL) { 781 do_singlestep: 782 if (singlestep(self) < 0) { 783 singlestep_error(self); 784 post_singlestep(self, &event); 785 goto psh_sinking; 786 } 787 break; 788 } else { 789 switch ((self->keep_stepping_p)(self)) { 790 case CBS_FAIL: 791 /* XXX handle me */ 792 case CBS_STOP: 793 break; 794 case CBS_CONT: 795 /* Sink singlestep event. */ 796 if (event->type == EVENT_BREAKPOINT) 797 event = NULL; 798 goto do_singlestep; 799 } 800 } 801 802 /* Re-enable the breakpoint that we are 803 * stepping over. */ 804 struct breakpoint *sbp = self->breakpoint_being_enabled; 805 if (sbp->enabled) 806 enable_breakpoint(teb, sbp); 807 808 post_singlestep(self, &event); 809 goto psh_sinking; 810 } 811 break; 812 813 psh_sinking: 814 state = self->state = PSH_SINKING; 815 /* Fall through. */ 816 case PSH_SINKING: 817 if (await_sigstop_delivery(&self->pids, task_info, event)) 818 process_stopping_done(self, leader); 819 break; 820 821 case PSH_UGLY_WORKAROUND: 822 if (event == NULL) 823 break; 824 if (event->type == EVENT_BREAKPOINT) { 825 undo_breakpoint(event, leader); 826 if (task == teb) 827 self->task_enabling_breakpoint = NULL; 828 } 829 if (self->task_enabling_breakpoint == NULL 830 && all_stops_accountable(&self->pids)) { 831 undo_breakpoint(event, leader); 832 detach_process(leader); 833 event = NULL; // handled 834 } 835 } 836 837 if (event != NULL && event_to_queue) { 838 enque_event(event); 839 event = NULL; // sink the event 840 } 841 842 return event; 843} 844 845static void 846process_stopping_destroy(struct event_handler *super) 847{ 848 struct process_stopping_handler *self = (void *)super; 849 free(self->pids.tasks); 850} 851 852static enum callback_status 853no(struct process_stopping_handler *self) 854{ 855 return CBS_STOP; 856} 857 858int 859process_install_stopping_handler(struct process *proc, struct breakpoint *sbp, 860 void (*as)(struct process_stopping_handler *), 861 enum callback_status (*ks) 862 (struct process_stopping_handler *), 863 enum callback_status (*uw) 864 (struct process_stopping_handler *)) 865{ 866 debug(DEBUG_FUNCTION, 867 "process_install_stopping_handler: pid=%d", proc->pid); 868 869 struct process_stopping_handler *handler = calloc(sizeof(*handler), 1); 870 if (handler == NULL) 871 return -1; 872 873 if (as == NULL) 874 as = &linux_ptrace_disable_and_singlestep; 875 if (ks == NULL) 876 ks = &no; 877 if (uw == NULL) 878 uw = &no; 879 880 handler->super.on_event = process_stopping_on_event; 881 handler->super.destroy = process_stopping_destroy; 882 handler->task_enabling_breakpoint = proc; 883 handler->breakpoint_being_enabled = sbp; 884 handler->on_all_stopped = as; 885 handler->keep_stepping_p = ks; 886 handler->ugly_workaround_p = uw; 887 888 install_event_handler(proc->leader, &handler->super); 889 890 if (each_task(proc->leader, NULL, &send_sigstop, 891 &handler->pids) != NULL) { 892 destroy_event_handler(proc); 893 return -1; 894 } 895 896 /* And deliver the first fake event, in case all the 897 * conditions are already fulfilled. */ 898 Event ev = { 899 .type = EVENT_NONE, 900 .proc = proc, 901 }; 902 process_stopping_on_event(&handler->super, &ev); 903 904 return 0; 905} 906 907void 908continue_after_breakpoint(struct process *proc, struct breakpoint *sbp) 909{ 910 debug(DEBUG_PROCESS, 911 "continue_after_breakpoint: pid=%d, addr=%p", 912 proc->pid, sbp->addr); 913 914 set_instruction_pointer(proc, sbp->addr); 915 916 if (sbp->enabled == 0) { 917 continue_process(proc->pid); 918 } else if (process_install_stopping_handler 919 (proc, sbp, NULL, NULL, NULL) < 0) { 920 perror("process_stopping_handler_create"); 921 /* Carry on not bothering to re-enable. */ 922 continue_process(proc->pid); 923 } 924} 925 926/** 927 * Ltrace exit. When we are about to exit, we have to go through all 928 * the processes, stop them all, remove all the breakpoints, and then 929 * detach the processes that we attached to using -p. If we left the 930 * other tasks running, they might hit stray return breakpoints and 931 * produce artifacts, so we better stop everyone, even if it's a bit 932 * of extra work. 933 */ 934struct ltrace_exiting_handler 935{ 936 struct event_handler super; 937 struct pid_set pids; 938}; 939 940static Event * 941ltrace_exiting_on_event(struct event_handler *super, Event *event) 942{ 943 struct ltrace_exiting_handler *self = (void *)super; 944 struct process *task = event->proc; 945 struct process *leader = task->leader; 946 947 debug(DEBUG_PROCESS, 948 "ltrace_exiting_on_event: pid %d; event type %d", 949 task->pid, event->type); 950 951 struct pid_task *task_info = get_task_info(&self->pids, task->pid); 952 handle_stopping_event(task_info, &event); 953 954 if (event != NULL && event->type == EVENT_BREAKPOINT) 955 undo_breakpoint(event, leader); 956 957 if (await_sigstop_delivery(&self->pids, task_info, event) 958 && all_stops_accountable(&self->pids)) 959 detach_process(leader); 960 961 /* Sink all non-exit events. We are about to exit, so we 962 * don't bother with queuing them. */ 963 if (event_exit_or_none_p(event)) 964 return event; 965 966 return NULL; 967} 968 969static void 970ltrace_exiting_destroy(struct event_handler *super) 971{ 972 struct ltrace_exiting_handler *self = (void *)super; 973 free(self->pids.tasks); 974} 975 976static int 977ltrace_exiting_install_handler(struct process *proc) 978{ 979 /* Only install to leader. */ 980 if (proc->leader != proc) 981 return 0; 982 983 /* Perhaps we are already installed, if the user passed 984 * several -p options that are tasks of one process. */ 985 if (proc->event_handler != NULL 986 && proc->event_handler->on_event == <race_exiting_on_event) 987 return 0; 988 989 /* If stopping handler is already present, let it do the 990 * work. */ 991 if (proc->event_handler != NULL) { 992 assert(proc->event_handler->on_event 993 == &process_stopping_on_event); 994 struct process_stopping_handler *other 995 = (void *)proc->event_handler; 996 other->exiting = 1; 997 return 0; 998 } 999 1000 struct ltrace_exiting_handler *handler 1001 = calloc(sizeof(*handler), 1); 1002 if (handler == NULL) { 1003 perror("malloc exiting handler"); 1004 fatal: 1005 /* XXXXXXXXXXXXXXXXXXX fixme */ 1006 return -1; 1007 } 1008 1009 handler->super.on_event = ltrace_exiting_on_event; 1010 handler->super.destroy = ltrace_exiting_destroy; 1011 install_event_handler(proc->leader, &handler->super); 1012 1013 if (each_task(proc->leader, NULL, &send_sigstop, 1014 &handler->pids) != NULL) 1015 goto fatal; 1016 1017 return 0; 1018} 1019 1020/* 1021 * When the traced process vforks, it's suspended until the child 1022 * process calls _exit or exec*. In the meantime, the two share the 1023 * address space. 1024 * 1025 * The child process should only ever call _exit or exec*, but we 1026 * can't count on that (it's not the role of ltrace to policy, but to 1027 * observe). In any case, we will _at least_ have to deal with 1028 * removal of vfork return breakpoint (which we have to smuggle back 1029 * in, so that the parent can see it, too), and introduction of exec* 1030 * return breakpoint. Since we already have both breakpoint actions 1031 * to deal with, we might as well support it all. 1032 * 1033 * The gist is that we pretend that the child is in a thread group 1034 * with its parent, and handle it as a multi-threaded case, with the 1035 * exception that we know that the parent is blocked, and don't 1036 * attempt to stop it. When the child execs, we undo the setup. 1037 */ 1038 1039struct process_vfork_handler 1040{ 1041 struct event_handler super; 1042 int vfork_bp_refd:1; 1043}; 1044 1045static Event * 1046process_vfork_on_event(struct event_handler *super, Event *event) 1047{ 1048 debug(DEBUG_PROCESS, 1049 "process_vfork_on_event: pid %d; event type %d", 1050 event->proc->pid, event->type); 1051 1052 struct process_vfork_handler *self = (void *)super; 1053 struct process *proc = event->proc; 1054 assert(self != NULL); 1055 1056 switch (event->type) { 1057 case EVENT_BREAKPOINT: 1058 /* We turn on the vfork return breakpoint (which 1059 * should be the one that we have tripped over just 1060 * now) one extra time, so that the vfork parent hits 1061 * it as well. */ 1062 if (!self->vfork_bp_refd) { 1063 struct breakpoint *sbp = NULL; 1064 DICT_FIND_VAL(proc->leader->breakpoints, 1065 &event->e_un.brk_addr, &sbp); 1066 assert(sbp != NULL); 1067 breakpoint_turn_on(sbp, proc->leader); 1068 self->vfork_bp_refd = 1; 1069 } 1070 break; 1071 1072 case EVENT_EXIT: 1073 case EVENT_EXIT_SIGNAL: 1074 case EVENT_EXEC: 1075 /* Remove the leader that we artificially set up 1076 * earlier. */ 1077 change_process_leader(proc, proc); 1078 destroy_event_handler(proc); 1079 continue_process(proc->parent->pid); 1080 1081 default: 1082 ; 1083 } 1084 1085 return event; 1086} 1087 1088void 1089continue_after_vfork(struct process *proc) 1090{ 1091 debug(DEBUG_PROCESS, "continue_after_vfork: pid=%d", proc->pid); 1092 struct process_vfork_handler *handler = calloc(sizeof(*handler), 1); 1093 if (handler == NULL) { 1094 perror("malloc vfork handler"); 1095 /* Carry on not bothering to treat the process as 1096 * necessary. */ 1097 continue_process(proc->parent->pid); 1098 return; 1099 } 1100 1101 /* We must set up custom event handler, so that we see 1102 * exec/exit events for the task itself. */ 1103 handler->super.on_event = process_vfork_on_event; 1104 install_event_handler(proc, &handler->super); 1105 1106 /* Make sure that the child is sole thread. */ 1107 assert(proc->leader == proc); 1108 assert(proc->next == NULL || proc->next->leader != proc); 1109 1110 /* Make sure that the child's parent is properly set up. */ 1111 assert(proc->parent != NULL); 1112 assert(proc->parent->leader != NULL); 1113 1114 change_process_leader(proc, proc->parent->leader); 1115} 1116 1117static int 1118is_mid_stopping(struct process *proc) 1119{ 1120 return proc != NULL 1121 && proc->event_handler != NULL 1122 && proc->event_handler->on_event == &process_stopping_on_event; 1123} 1124 1125void 1126continue_after_syscall(struct process *proc, int sysnum, int ret_p) 1127{ 1128 /* Don't continue if we are mid-stopping. */ 1129 if (ret_p && (is_mid_stopping(proc) || is_mid_stopping(proc->leader))) { 1130 debug(DEBUG_PROCESS, 1131 "continue_after_syscall: don't continue %d", 1132 proc->pid); 1133 return; 1134 } 1135 continue_process(proc->pid); 1136} 1137 1138void 1139continue_after_exec(struct process *proc) 1140{ 1141 continue_process(proc->pid); 1142 1143 /* After the exec, we expect to hit the first executable 1144 * instruction. 1145 * 1146 * XXX TODO It would be nice to have this removed, but then we 1147 * need to do that also for initial call to wait_for_proc in 1148 * execute_program. In that case we could generate a 1149 * EVENT_FIRST event or something, or maybe this could somehow 1150 * be rolled into EVENT_NEW. */ 1151 wait_for_proc(proc->pid); 1152 continue_process(proc->pid); 1153} 1154 1155/* If ltrace gets SIGINT, the processes directly or indirectly run by 1156 * ltrace get it too. We just have to wait long enough for the signal 1157 * to be delivered and the process terminated, which we notice and 1158 * exit ltrace, too. So there's not much we need to do there. We 1159 * want to keep tracing those processes as usual, in case they just 1160 * SIG_IGN the SIGINT to do their shutdown etc. 1161 * 1162 * For processes ran on the background, we want to install an exit 1163 * handler that stops all the threads, removes all breakpoints, and 1164 * detaches. 1165 */ 1166void 1167os_ltrace_exiting(void) 1168{ 1169 struct opt_p_t *it; 1170 for (it = opt_p; it != NULL; it = it->next) { 1171 struct process *proc = pid2proc(it->pid); 1172 if (proc == NULL || proc->leader == NULL) 1173 continue; 1174 if (ltrace_exiting_install_handler(proc->leader) < 0) 1175 fprintf(stderr, 1176 "Couldn't install exiting handler for %d.\n", 1177 proc->pid); 1178 } 1179} 1180 1181int 1182os_ltrace_exiting_sighandler(void) 1183{ 1184 extern int linux_in_waitpid; 1185 if (linux_in_waitpid) { 1186 os_ltrace_exiting(); 1187 return 1; 1188 } 1189 return 0; 1190} 1191 1192size_t 1193umovebytes(struct process *proc, void *addr, void *laddr, size_t len) 1194{ 1195 1196 union { 1197 long a; 1198 char c[sizeof(long)]; 1199 } a; 1200 int started = 0; 1201 size_t offset = 0, bytes_read = 0; 1202 1203 while (offset < len) { 1204 a.a = ptrace(PTRACE_PEEKTEXT, proc->pid, addr + offset, 0); 1205 if (a.a == -1 && errno) { 1206 if (started && errno == EIO) 1207 return bytes_read; 1208 else 1209 return -1; 1210 } 1211 started = 1; 1212 1213 if (len - offset >= sizeof(long)) { 1214 memcpy(laddr + offset, &a.c[0], sizeof(long)); 1215 bytes_read += sizeof(long); 1216 } 1217 else { 1218 memcpy(laddr + offset, &a.c[0], len - offset); 1219 bytes_read += (len - offset); 1220 } 1221 offset += sizeof(long); 1222 } 1223 1224 return bytes_read; 1225} 1226 1227struct irelative_name_data_t { 1228 GElf_Addr addr; 1229 const char *found_name; 1230}; 1231 1232static enum callback_status 1233irelative_name_cb(GElf_Sym *symbol, const char *name, void *d) 1234{ 1235 struct irelative_name_data_t *data = d; 1236 1237 if (symbol->st_value == data->addr) { 1238 bool is_ifunc = false; 1239#ifdef STT_GNU_IFUNC 1240 is_ifunc = GELF_ST_TYPE(symbol->st_info) == STT_GNU_IFUNC; 1241#endif 1242 data->found_name = name; 1243 1244 /* Keep looking, unless we found the actual IFUNC 1245 * symbol. What we matched may have been a symbol 1246 * denoting the resolver function, which would have 1247 * the same address. */ 1248 return CBS_STOP_IF(is_ifunc); 1249 } 1250 1251 return CBS_CONT; 1252} 1253 1254enum plt_status 1255linux_elf_add_plt_entry_irelative(struct process *proc, struct ltelf *lte, 1256 GElf_Rela *rela, size_t ndx, 1257 struct library_symbol **ret) 1258 1259{ 1260 struct irelative_name_data_t data = { rela->r_addend, NULL }; 1261 if (rela->r_addend != 0 1262 && elf_each_symbol(lte, 0, 1263 irelative_name_cb, &data).status < 0) 1264 return -1; 1265 1266 const char *name; 1267 if (data.found_name != NULL) { 1268 name = data.found_name; 1269 } else { 1270#define NAME "IREL." 1271 /* NAME\0 + 0x + digits. */ 1272 char *tmp_name = alloca(sizeof NAME + 2 + 16); 1273 sprintf(tmp_name, NAME "%#" PRIx64, 1274 (uint64_t)rela->r_addend); 1275 name = tmp_name; 1276#undef NAME 1277 } 1278 1279 if (default_elf_add_plt_entry(proc, lte, name, rela, ndx, ret) < 0) 1280 return PLT_FAIL; 1281 1282 return PLT_OK; 1283} 1284