proc.c revision aacb95e73bd532bb11fbe4005fe28286ecb2d38d 
1/*
2 * This file is part of ltrace.
3 * Copyright (C) 2011,2012,2013 Petr Machata, Red Hat Inc.
4 * Copyright (C) 2010 Zachary T Welch, CodeSourcery
5 * Copyright (C) 2010 Joe Damato
6 * Copyright (C) 1998,2008,2009 Juan Cespedes
7 *
8 * This program is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU General Public License as
10 * published by the Free Software Foundation; either version 2 of the
11 * License, or (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
16 * General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
21 * 02110-1301 USA
22 */
23
24#define _GNU_SOURCE /* For getline.  */
25#include "config.h"
26
27#include <sys/stat.h>
28#include <sys/syscall.h>
29#include <sys/types.h>
30#include <ctype.h>
31#include <dirent.h>
32#include <errno.h>
33#include <fcntl.h>
34#include <inttypes.h>
35#include <link.h>
36#include <signal.h>
37#include <stdio.h>
38#include <stdlib.h>
39#include <string.h>
40#include <unistd.h>
41
42#include "backend.h"
43#include "breakpoint.h"
44#include "config.h"
45#include "debug.h"
46#include "events.h"
47#include "library.h"
48#include "ltrace-elf.h"
49#include "proc.h"
50
51/* /proc/pid doesn't exist just after the fork, and sometimes `ltrace'
52 * couldn't open it to find the executable.  So it may be necessary to
53 * have a bit delay
54 */
55
56#define	MAX_DELAY	100000	/* 100000 microseconds = 0.1 seconds */
57
58#define PROC_PID_FILE(VAR, FORMAT, PID)		\
59	char VAR[strlen(FORMAT) + 6];		\
60	sprintf(VAR, FORMAT, PID)
61
62/*
63 * Returns a (malloc'd) file name corresponding to a running pid
64 */
65char *
66pid2name(pid_t pid) {
67	if (!kill(pid, 0)) {
68		int delay = 0;
69
70		PROC_PID_FILE(proc_exe, "/proc/%d/exe", pid);
71
72		while (delay < MAX_DELAY) {
73			if (!access(proc_exe, F_OK)) {
74				return strdup(proc_exe);
75			}
76			delay += 1000;	/* 1 milisecond */
77		}
78	}
79	return NULL;
80}
81
82static FILE *
83open_status_file(pid_t pid)
84{
85	PROC_PID_FILE(fn, "/proc/%d/status", pid);
86	/* Don't complain if we fail.  This would typically happen
87	   when the process is about to terminate, and these files are
88	   not available anymore.  This function is called from the
89	   event loop, and we don't want to clutter the output just
90	   because the process terminates.  */
91	return fopen(fn, "r");
92}
93
94static char *
95find_line_starting(FILE * file, const char * prefix, size_t len)
96{
97	char * line = NULL;
98	size_t line_len = 0;
99	while (!feof(file)) {
100		if (getline(&line, &line_len, file) < 0)
101			return NULL;
102		if (strncmp(line, prefix, len) == 0)
103			return line;
104	}
105	return NULL;
106}
107
108static void
109each_line_starting(FILE *file, const char *prefix,
110		   enum callback_status (*cb)(const char *line,
111					      const char *prefix,
112					      void *data),
113		   void *data)
114{
115	size_t len = strlen(prefix);
116	char * line;
117	while ((line = find_line_starting(file, prefix, len)) != NULL) {
118		enum callback_status st = (*cb)(line, prefix, data);
119		free(line);
120		if (st == CBS_STOP)
121			return;
122	}
123}
124
125static enum callback_status
126process_leader_cb(const char *line, const char *prefix, void *data)
127{
128	pid_t * pidp = data;
129	*pidp = atoi(line + strlen(prefix));
130	return CBS_STOP;
131}
132
133pid_t
134process_leader(pid_t pid)
135{
136	pid_t tgid = 0;
137	FILE * file = open_status_file(pid);
138	if (file != NULL) {
139		each_line_starting(file, "Tgid:\t", &process_leader_cb, &tgid);
140		fclose(file);
141	}
142
143	return tgid;
144}
145
146static enum callback_status
147process_stopped_cb(const char *line, const char *prefix, void *data)
148{
149	char c = line[strlen(prefix)];
150	// t:tracing stop, T:job control stop
151	*(int *)data = (c == 't' || c == 'T');
152	return CBS_STOP;
153}
154
155int
156process_stopped(pid_t pid)
157{
158	int is_stopped = -1;
159	FILE * file = open_status_file(pid);
160	if (file != NULL) {
161		each_line_starting(file, "State:\t", &process_stopped_cb,
162				   &is_stopped);
163		fclose(file);
164	}
165	return is_stopped;
166}
167
168static enum callback_status
169process_status_cb(const char *line, const char *prefix, void *data)
170{
171	const char * status = line + strlen(prefix);
172	const char c = *status;
173
174#define RETURN(C) do {					\
175		*(enum process_status *)data = C;	\
176		return CBS_STOP;			\
177	} while (0)
178
179	switch (c) {
180	case 'Z': RETURN(PS_ZOMBIE);
181	case 't': RETURN(PS_TRACING_STOP);
182	case 'T':
183		/* This can be either "T (stopped)" or, for older
184		 * kernels, "T (tracing stop)".  */
185		if (!strcmp(status, "T (stopped)\n"))
186			RETURN(PS_STOP);
187		else if (!strcmp(status, "T (tracing stop)\n"))
188			RETURN(PS_TRACING_STOP);
189		else {
190			fprintf(stderr, "Unknown process status: %s",
191				status);
192			RETURN(PS_STOP); /* Some sort of stop
193					  * anyway.  */
194		}
195	case 'D':
196	case 'S': RETURN(PS_SLEEPING);
197	}
198
199	RETURN(PS_OTHER);
200#undef RETURN
201}
202
203enum process_status
204process_status(pid_t pid)
205{
206	enum process_status ret = PS_INVALID;
207	FILE * file = open_status_file(pid);
208	if (file != NULL) {
209		each_line_starting(file, "State:\t", &process_status_cb, &ret);
210		fclose(file);
211		if (ret == PS_INVALID)
212			fprintf(stderr,
213				"Couldn't determine status of process %d: %s\n",
214				pid, strerror(errno));
215	} else {
216		/* If the file is not present, the process presumably
217		 * exited already.  */
218		ret = PS_ZOMBIE;
219	}
220
221	return ret;
222}
223
224static int
225all_digits(const char *str)
226{
227	while (isdigit(*str))
228		str++;
229	return !*str;
230}
231
232int
233process_tasks(pid_t pid, pid_t **ret_tasks, size_t *ret_n)
234{
235	PROC_PID_FILE(fn, "/proc/%d/task", pid);
236	DIR * d = opendir(fn);
237	if (d == NULL)
238		return -1;
239
240	pid_t *tasks = NULL;
241	size_t n = 0;
242	size_t alloc = 0;
243
244	while (1) {
245		struct dirent entry;
246		struct dirent *result;
247		if (readdir_r(d, &entry, &result) != 0) {
248			free(tasks);
249			return -1;
250		}
251		if (result == NULL)
252			break;
253		if (result->d_type == DT_DIR && all_digits(result->d_name)) {
254			pid_t npid = atoi(result->d_name);
255			if (n >= alloc) {
256				alloc = alloc > 0 ? (2 * alloc) : 8;
257				pid_t *ntasks = realloc(tasks,
258							sizeof(*tasks) * alloc);
259				if (ntasks == NULL) {
260					free(tasks);
261					return -1;
262				}
263				tasks = ntasks;
264			}
265			if (n >= alloc)
266				abort();
267			tasks[n++] = npid;
268		}
269	}
270
271	closedir(d);
272
273	*ret_tasks = tasks;
274	*ret_n = n;
275	return 0;
276}
277
278/* On native 64-bit system, we need to be careful when handling cross
279 * tracing.  This select appropriate pointer depending on host and
280 * target architectures.  XXX Really we should abstract this into the
281 * ABI object, as theorized about somewhere on pmachata/revamp
282 * branch.  */
283static void *
284select_32_64(struct process *proc, void *p32, void *p64)
285{
286	if (sizeof(long) == 4 || proc->mask_32bit)
287		return p32;
288	else
289		return p64;
290}
291
292static int
293fetch_dyn64(struct process *proc, arch_addr_t *addr, Elf64_Dyn *ret)
294{
295	if (umovebytes(proc, *addr, ret, sizeof(*ret)) != sizeof(*ret))
296		return -1;
297	*addr += sizeof(*ret);
298	return 0;
299}
300
301static int
302fetch_dyn32(struct process *proc, arch_addr_t *addr, Elf64_Dyn *ret)
303{
304	Elf32_Dyn dyn;
305	if (umovebytes(proc, *addr, &dyn, sizeof(dyn)) != sizeof(dyn))
306		return -1;
307
308	*addr += sizeof(dyn);
309	ret->d_tag = dyn.d_tag;
310	ret->d_un.d_val = dyn.d_un.d_val;
311
312	return 0;
313}
314
315static int (*
316dyn_fetcher(struct process *proc))(struct process *,
317				   arch_addr_t *, Elf64_Dyn *)
318{
319	return select_32_64(proc, fetch_dyn32, fetch_dyn64);
320}
321
322int
323proc_find_dynamic_entry_addr(struct process *proc, arch_addr_t src_addr,
324			     int d_tag, arch_addr_t *ret)
325{
326	debug(DEBUG_FUNCTION, "find_dynamic_entry()");
327
328	if (ret == NULL || src_addr == 0 || d_tag < 0)
329		return -1;
330
331	int i = 0;
332	while (1) {
333		Elf64_Dyn entry;
334		if (dyn_fetcher(proc)(proc, &src_addr, &entry) < 0
335		    || entry.d_tag == DT_NULL
336		    || i++ > 100) { /* Arbitrary cut-off so that we
337				     * don't loop forever if the
338				     * binary is corrupted.  */
339			debug(2, "Couldn't find address for dtag!");
340			return -1;
341		}
342
343		if (entry.d_tag == d_tag) {
344			/* XXX The double cast should be removed when
345			 * arch_addr_t becomes integral type.  */
346			*ret = (arch_addr_t)(uintptr_t)entry.d_un.d_val;
347			debug(2, "found address: %p in dtag %d", *ret, d_tag);
348			return 0;
349		}
350	}
351}
352
353/* Our own type for representing 32-bit linkmap.  We can't rely on the
354 * definition in link.h, because that's only accurate for our host
355 * architecture, not for target architecture (where the traced process
356 * runs). */
357#define LT_LINK_MAP(BITS)			\
358	{					\
359		Elf##BITS##_Addr l_addr;	\
360		Elf##BITS##_Addr l_name;	\
361		Elf##BITS##_Addr l_ld;		\
362		Elf##BITS##_Addr l_next;	\
363		Elf##BITS##_Addr l_prev;	\
364	}
365struct lt_link_map_32 LT_LINK_MAP(32);
366struct lt_link_map_64 LT_LINK_MAP(64);
367
368static int
369fetch_lm64(struct process *proc, arch_addr_t addr,
370	   struct lt_link_map_64 *ret)
371{
372	if (umovebytes(proc, addr, ret, sizeof(*ret)) != sizeof(*ret))
373		return -1;
374	return 0;
375}
376
377static int
378fetch_lm32(struct process *proc, arch_addr_t addr,
379	   struct lt_link_map_64 *ret)
380{
381	struct lt_link_map_32 lm;
382	if (umovebytes(proc, addr, &lm, sizeof(lm)) != sizeof(lm))
383		return -1;
384
385	ret->l_addr = lm.l_addr;
386	ret->l_name = lm.l_name;
387	ret->l_ld = lm.l_ld;
388	ret->l_next = lm.l_next;
389	ret->l_prev = lm.l_prev;
390
391	return 0;
392}
393
394static int (*
395lm_fetcher(struct process *proc))(struct process *,
396				  arch_addr_t, struct lt_link_map_64 *)
397{
398	return select_32_64(proc, fetch_lm32, fetch_lm64);
399}
400
401/* The same as above holds for struct r_debug.  */
402#define LT_R_DEBUG(BITS)			\
403	{					\
404		int r_version;			\
405		Elf##BITS##_Addr r_map;		\
406		Elf##BITS##_Addr r_brk;		\
407		int r_state;			\
408		Elf##BITS##_Addr r_ldbase;	\
409	}
410
411struct lt_r_debug_32 LT_R_DEBUG(32);
412struct lt_r_debug_64 LT_R_DEBUG(64);
413
414static int
415fetch_rd64(struct process *proc, arch_addr_t addr,
416	   struct lt_r_debug_64 *ret)
417{
418	if (umovebytes(proc, addr, ret, sizeof(*ret)) != sizeof(*ret))
419		return -1;
420	return 0;
421}
422
423static int
424fetch_rd32(struct process *proc, arch_addr_t addr,
425	   struct lt_r_debug_64 *ret)
426{
427	struct lt_r_debug_32 rd;
428	if (umovebytes(proc, addr, &rd, sizeof(rd)) != sizeof(rd))
429		return -1;
430
431	ret->r_version = rd.r_version;
432	ret->r_map = rd.r_map;
433	ret->r_brk = rd.r_brk;
434	ret->r_state = rd.r_state;
435	ret->r_ldbase = rd.r_ldbase;
436
437	return 0;
438}
439
440static int (*
441rdebug_fetcher(struct process *proc))(struct process *,
442				      arch_addr_t, struct lt_r_debug_64 *)
443{
444	return select_32_64(proc, fetch_rd32, fetch_rd64);
445}
446
447static int
448fetch_auxv64_entry(int fd, Elf64_auxv_t *ret)
449{
450	/* Reaching EOF is as much problem as not reading whole
451	 * entry.  */
452	return read(fd, ret, sizeof(*ret)) == sizeof(*ret) ? 0 : -1;
453}
454
455static int
456fetch_auxv32_entry(int fd, Elf64_auxv_t *ret)
457{
458	Elf32_auxv_t auxv;
459	if (read(fd, &auxv, sizeof(auxv)) != sizeof(auxv))
460		return -1;
461
462	ret->a_type = auxv.a_type;
463	ret->a_un.a_val = auxv.a_un.a_val;
464	return 0;
465}
466
467static int (*
468auxv_fetcher(struct process *proc))(int, Elf64_auxv_t *)
469{
470	return select_32_64(proc, fetch_auxv32_entry, fetch_auxv64_entry);
471}
472
473static void
474crawl_linkmap(struct process *proc, struct lt_r_debug_64 *dbg)
475{
476	debug (DEBUG_FUNCTION, "crawl_linkmap()");
477
478	if (!dbg || !dbg->r_map) {
479		debug(2, "Debug structure or it's linkmap are NULL!");
480		return;
481	}
482
483	/* XXX The double cast should be removed when
484	 * arch_addr_t becomes integral type.  */
485	arch_addr_t addr = (arch_addr_t)(uintptr_t)dbg->r_map;
486
487	while (addr != 0) {
488		struct lt_link_map_64 rlm = {};
489		if (lm_fetcher(proc)(proc, addr, &rlm) < 0) {
490			debug(2, "Unable to read link map");
491			return;
492		}
493
494		arch_addr_t key = addr;
495		/* XXX The double cast should be removed when
496		 * arch_addr_t becomes integral type.  */
497		addr = (arch_addr_t)(uintptr_t)rlm.l_next;
498		if (rlm.l_name == 0) {
499			debug(2, "Name of mapped library is NULL");
500			return;
501		}
502
503		char lib_name[BUFSIZ];
504		/* XXX The double cast should be removed when
505		 * arch_addr_t becomes integral type.  */
506		umovebytes(proc, (arch_addr_t)(uintptr_t)rlm.l_name,
507			   lib_name, sizeof(lib_name));
508
509		/* Library name can be an empty string, in which case
510		 * the entry represents either the main binary, or a
511		 * VDSO.  Unfortunately we can't rely on that, as in
512		 * recent glibc, that entry is initialized to VDSO
513		 * SONAME.
514		 *
515		 * It's not clear how to detect VDSO in this case.  We
516		 * can't assume that l_name of real DSOs will be
517		 * either absolute or relative (for LD_LIBRARY_PATH=:
518		 * it will be neither).  We can't compare l_addr with
519		 * AT_SYSINFO_EHDR either, as l_addr is bias (which
520		 * also means it's not unique, and therefore useless
521		 * for this).  We could load VDSO from process image
522		 * and at least compare actual SONAMEs.  For now, this
523		 * kludge is about the best that we can do.  */
524		if (*lib_name == 0
525		    || strcmp(lib_name, "linux-vdso.so.1") == 0
526		    || strcmp(lib_name, "linux-gate.so.1") == 0
527		    || strcmp(lib_name, "linux-vdso32.so.1") == 0
528		    || strcmp(lib_name, "linux-vdso64.so.1") == 0)
529			continue;
530
531		/* Do we have that library already?  */
532		if (proc_each_library(proc, NULL, library_with_key_cb, &key))
533			continue;
534
535		struct library *lib = malloc(sizeof(*lib));
536		if (lib == NULL) {
537		fail:
538			if (lib != NULL)
539				library_destroy(lib);
540			fprintf(stderr, "Couldn't load ELF object %s: %s\n",
541				lib_name, strerror(errno));
542			continue;
543		}
544		library_init(lib, LT_LIBTYPE_DSO);
545
546		if (ltelf_read_library(lib, proc, lib_name, rlm.l_addr) < 0)
547			goto fail;
548
549		lib->key = key;
550		proc_add_library(proc, lib);
551	}
552	return;
553}
554
555static int
556load_debug_struct(struct process *proc, struct lt_r_debug_64 *ret)
557{
558	debug(DEBUG_FUNCTION, "load_debug_struct");
559
560	if (rdebug_fetcher(proc)(proc, proc->os.debug_addr, ret) < 0) {
561		debug(2, "This process does not have a debug structure!");
562		return -1;
563	}
564
565	return 0;
566}
567
568static void
569rdebug_bp_on_hit(struct breakpoint *bp, struct process *proc)
570{
571	debug(DEBUG_FUNCTION, "arch_check_dbg");
572
573	struct lt_r_debug_64 rdbg;
574	if (load_debug_struct(proc, &rdbg) < 0) {
575		debug(2, "Unable to load debug structure!");
576		return;
577	}
578
579	if (rdbg.r_state == RT_CONSISTENT) {
580		debug(2, "Linkmap is now consistent");
581		switch (proc->os.debug_state) {
582		case RT_ADD:
583			debug(2, "Adding DSO to linkmap");
584			crawl_linkmap(proc, &rdbg);
585			break;
586		case RT_DELETE:
587			debug(2, "Removing DSO from linkmap");
588			// XXX unload that library
589			break;
590		default:
591			debug(2, "Unexpected debug state!");
592		}
593	}
594
595	proc->os.debug_state = rdbg.r_state;
596}
597
598#ifndef ARCH_HAVE_FIND_DL_DEBUG
599int
600arch_find_dl_debug(struct process *proc, arch_addr_t dyn_addr,
601		   arch_addr_t *ret)
602{
603	return proc_find_dynamic_entry_addr(proc, dyn_addr, DT_DEBUG, ret);
604}
605#endif
606
607int
608linkmap_init(struct process *proc, arch_addr_t dyn_addr)
609{
610	debug(DEBUG_FUNCTION, "linkmap_init(%d, dyn_addr=%p)", proc->pid, dyn_addr);
611
612	if (arch_find_dl_debug(proc, dyn_addr, &proc->os.debug_addr) == -1) {
613		debug(2, "Couldn't find debug structure!");
614		return -1;
615	}
616
617	int status;
618	struct lt_r_debug_64 rdbg;
619	if ((status = load_debug_struct(proc, &rdbg)) < 0) {
620		debug(2, "No debug structure or no memory to allocate one!");
621		return status;
622	}
623
624	crawl_linkmap(proc, &rdbg);
625
626	/* XXX The double cast should be removed when
627	 * arch_addr_t becomes integral type.  */
628	arch_addr_t addr = (arch_addr_t)(uintptr_t)rdbg.r_brk;
629	if (arch_translate_address_dyn(proc, addr, &addr) < 0)
630		return -1;
631
632	struct breakpoint *rdebug_bp = insert_breakpoint(proc, addr, NULL);
633	if (rdebug_bp == NULL) {
634		/* This is not fatal, the tracing can continue with
635		 * reduced functionality.  */
636		fprintf(stderr,
637			"Couldn't insert _r_debug breakpoint to %d: %s.\n"
638			"As a result of that, ltrace will not be able to "
639			"detect and trace\nnewly-loaded libraries.\n",
640			proc->pid, strerror(errno));
641	} else {
642		static struct bp_callbacks rdebug_callbacks = {
643			.on_hit = rdebug_bp_on_hit,
644		};
645		rdebug_bp->cbs = &rdebug_callbacks;
646	}
647
648	return 0;
649}
650
651int
652task_kill (pid_t pid, int sig)
653{
654	// Taken from GDB
655        int ret;
656
657        errno = 0;
658        ret = syscall (__NR_tkill, pid, sig);
659	return ret;
660}
661
662void
663process_removed(struct process *proc)
664{
665	delete_events_for(proc);
666}
667
668int
669process_get_entry(struct process *proc,
670		  arch_addr_t *entryp,
671		  arch_addr_t *interp_biasp)
672{
673	PROC_PID_FILE(fn, "/proc/%d/auxv", proc->pid);
674	int fd = open(fn, O_RDONLY);
675	int ret = 0;
676	if (fd == -1) {
677	fail:
678		fprintf(stderr, "couldn't read %s: %s", fn, strerror(errno));
679		ret = -1;
680	done:
681		if (fd != -1)
682			close(fd);
683		return ret;
684	}
685
686	arch_addr_t at_entry = 0;
687	arch_addr_t at_bias = 0;
688	while (1) {
689		Elf64_auxv_t entry = {};
690		if (auxv_fetcher(proc)(fd, &entry) < 0)
691			goto fail;
692
693		switch (entry.a_type) {
694		case AT_BASE:
695			/* XXX The double cast should be removed when
696			 * arch_addr_t becomes integral type.  */
697			at_bias = (arch_addr_t)(uintptr_t)entry.a_un.a_val;
698			continue;
699
700		case AT_ENTRY:
701			/* XXX The double cast should be removed when
702			 * arch_addr_t becomes integral type.  */
703			at_entry = (arch_addr_t)(uintptr_t)entry.a_un.a_val;
704		default:
705			continue;
706
707		case AT_NULL:
708			break;
709		}
710		break;
711	}
712
713	if (entryp != NULL)
714		*entryp = at_entry;
715	if (interp_biasp != NULL)
716		*interp_biasp = at_bias;
717	goto done;
718}
719
720int
721os_process_init(struct process *proc)
722{
723	proc->os.debug_addr = 0;
724	proc->os.debug_state = 0;
725	return 0;
726}
727
728void
729os_process_destroy(struct process *proc)
730{
731}
732
733int
734os_process_clone(struct process *retp, struct process *proc)
735{
736	retp->os = proc->os;
737	return 0;
738}
739
740int
741os_process_exec(struct process *proc)
742{
743	return 0;
744}
745