trace.c revision 54bb64cf2eae7a0daa4d17e980b743b8ae69413b
1/* 2 * This file is part of ltrace. 3 * Copyright (C) 2007,2011,2012,2013 Petr Machata, Red Hat Inc. 4 * Copyright (C) 2010 Joe Damato 5 * Copyright (C) 1998,2002,2003,2004,2008,2009 Juan Cespedes 6 * Copyright (C) 2006 Ian Wienand 7 * 8 * This program is free software; you can redistribute it and/or 9 * modify it under the terms of the GNU General Public License as 10 * published by the Free Software Foundation; either version 2 of the 11 * License, or (at your option) any later version. 12 * 13 * This program is distributed in the hope that it will be useful, but 14 * WITHOUT ANY WARRANTY; without even the implied warranty of 15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 16 * General Public License for more details. 17 * 18 * You should have received a copy of the GNU General Public License 19 * along with this program; if not, write to the Free Software 20 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 21 * 02110-1301 USA 22 */ 23 24#include "config.h" 25 26#include <asm/unistd.h> 27#include <assert.h> 28#include <errno.h> 29#include <gelf.h> 30#include <inttypes.h> 31#include <stdbool.h> 32#include <stdio.h> 33#include <stdlib.h> 34#include <string.h> 35#include <sys/types.h> 36#include <sys/wait.h> 37#include <unistd.h> 38 39#ifdef HAVE_LIBSELINUX 40# include <selinux/selinux.h> 41#endif 42 43#include "linux-gnu/trace-defs.h" 44#include "linux-gnu/trace.h" 45#include "backend.h" 46#include "breakpoint.h" 47#include "debug.h" 48#include "events.h" 49#include "ltrace-elf.h" 50#include "options.h" 51#include "proc.h" 52#include "ptrace.h" 53#include "type.h" 54 55void 56trace_fail_warning(pid_t pid) 57{ 58 /* This was adapted from GDB. */ 59#ifdef HAVE_LIBSELINUX 60 static int checked = 0; 61 if (checked) 62 return; 63 checked = 1; 64 65 /* -1 is returned for errors, 0 if it has no effect, 1 if 66 * PTRACE_ATTACH is forbidden. */ 67 if (security_get_boolean_active("deny_ptrace") == 1) 68 fprintf(stderr, 69"The SELinux boolean 'deny_ptrace' is enabled, which may prevent ltrace from\n" 70"tracing other processes. You can disable this process attach protection by\n" 71"issuing 'setsebool deny_ptrace=0' in the superuser context.\n"); 72#endif /* HAVE_LIBSELINUX */ 73} 74 75void 76trace_me(void) 77{ 78 debug(DEBUG_PROCESS, "trace_me: pid=%d", getpid()); 79 if (ptrace(PTRACE_TRACEME, 0, 0, 0) < 0) { 80 perror("PTRACE_TRACEME"); 81 trace_fail_warning(getpid()); 82 exit(1); 83 } 84} 85 86/* There's a (hopefully) brief period of time after the child process 87 * forks when we can't trace it yet. Here we wait for kernel to 88 * prepare the process. */ 89int 90wait_for_proc(pid_t pid) 91{ 92 /* man ptrace: PTRACE_ATTACH attaches to the process specified 93 in pid. The child is sent a SIGSTOP, but will not 94 necessarily have stopped by the completion of this call; 95 use wait() to wait for the child to stop. */ 96 if (waitpid(pid, NULL, __WALL) != pid) { 97 perror ("trace_pid: waitpid"); 98 return -1; 99 } 100 101 return 0; 102} 103 104int 105trace_pid(pid_t pid) 106{ 107 debug(DEBUG_PROCESS, "trace_pid: pid=%d", pid); 108 /* This shouldn't emit error messages, as there are legitimate 109 * reasons that the PID can't be attached: like it may have 110 * already ended. */ 111 if (ptrace(PTRACE_ATTACH, pid, 0, 0) < 0) 112 return -1; 113 114 return wait_for_proc(pid); 115} 116 117void 118trace_set_options(struct process *proc) 119{ 120 if (proc->tracesysgood & 0x80) 121 return; 122 123 pid_t pid = proc->pid; 124 debug(DEBUG_PROCESS, "trace_set_options: pid=%d", pid); 125 126 long options = PTRACE_O_TRACESYSGOOD | PTRACE_O_TRACEFORK | 127 PTRACE_O_TRACEVFORK | PTRACE_O_TRACECLONE | 128 PTRACE_O_TRACEEXEC; 129 if (ptrace(PTRACE_SETOPTIONS, pid, 0, (void *)options) < 0 && 130 ptrace(PTRACE_OLDSETOPTIONS, pid, 0, (void *)options) < 0) { 131 perror("PTRACE_SETOPTIONS"); 132 return; 133 } 134 proc->tracesysgood |= 0x80; 135} 136 137void 138untrace_pid(pid_t pid) { 139 debug(DEBUG_PROCESS, "untrace_pid: pid=%d", pid); 140 ptrace(PTRACE_DETACH, pid, 0, 0); 141} 142 143void 144continue_after_signal(pid_t pid, int signum) 145{ 146 debug(DEBUG_PROCESS, "continue_after_signal: pid=%d, signum=%d", 147 pid, signum); 148 ptrace(PTRACE_SYSCALL, pid, 0, (void *)(uintptr_t)signum); 149} 150 151static enum ecb_status 152event_for_pid(Event *event, void *data) 153{ 154 if (event->proc != NULL && event->proc->pid == (pid_t)(uintptr_t)data) 155 return ECB_YIELD; 156 return ECB_CONT; 157} 158 159static int 160have_events_for(pid_t pid) 161{ 162 return each_qd_event(event_for_pid, (void *)(uintptr_t)pid) != NULL; 163} 164 165void 166continue_process(pid_t pid) 167{ 168 debug(DEBUG_PROCESS, "continue_process: pid=%d", pid); 169 170 /* Only really continue the process if there are no events in 171 the queue for this process. Otherwise just wait for the 172 other events to arrive. */ 173 if (!have_events_for(pid)) 174 /* We always trace syscalls to control fork(), 175 * clone(), execve()... */ 176 ptrace(PTRACE_SYSCALL, pid, 0, 0); 177 else 178 debug(DEBUG_PROCESS, 179 "putting off the continue, events in que."); 180} 181 182static struct pid_task * 183get_task_info(struct pid_set *pids, pid_t pid) 184{ 185 assert(pid != 0); 186 size_t i; 187 for (i = 0; i < pids->count; ++i) 188 if (pids->tasks[i].pid == pid) 189 return &pids->tasks[i]; 190 191 return NULL; 192} 193 194static struct pid_task * 195add_task_info(struct pid_set *pids, pid_t pid) 196{ 197 if (pids->count == pids->alloc) { 198 size_t ns = (2 * pids->alloc) ?: 4; 199 struct pid_task *n = realloc(pids->tasks, 200 sizeof(*pids->tasks) * ns); 201 if (n == NULL) 202 return NULL; 203 pids->tasks = n; 204 pids->alloc = ns; 205 } 206 struct pid_task * task_info = &pids->tasks[pids->count++]; 207 memset(task_info, 0, sizeof(*task_info)); 208 task_info->pid = pid; 209 return task_info; 210} 211 212static enum callback_status 213task_stopped(struct process *task, void *data) 214{ 215 enum process_status st = process_status(task->pid); 216 if (data != NULL) 217 *(enum process_status *)data = st; 218 219 /* If the task is already stopped, don't worry about it. 220 * Likewise if it managed to become a zombie or terminate in 221 * the meantime. This can happen when the whole thread group 222 * is terminating. */ 223 switch (st) { 224 case PS_INVALID: 225 case PS_TRACING_STOP: 226 case PS_ZOMBIE: 227 return CBS_CONT; 228 case PS_SLEEPING: 229 case PS_STOP: 230 case PS_OTHER: 231 return CBS_STOP; 232 } 233 234 abort (); 235} 236 237/* Task is blocked if it's stopped, or if it's a vfork parent. */ 238static enum callback_status 239task_blocked(struct process *task, void *data) 240{ 241 struct pid_set *pids = data; 242 struct pid_task *task_info = get_task_info(pids, task->pid); 243 if (task_info != NULL 244 && task_info->vforked) 245 return CBS_CONT; 246 247 return task_stopped(task, NULL); 248} 249 250static Event *process_vfork_on_event(struct event_handler *super, Event *event); 251 252static enum callback_status 253task_vforked(struct process *task, void *data) 254{ 255 if (task->event_handler != NULL 256 && task->event_handler->on_event == &process_vfork_on_event) 257 return CBS_STOP; 258 return CBS_CONT; 259} 260 261static int 262is_vfork_parent(struct process *task) 263{ 264 return each_task(task->leader, NULL, &task_vforked, NULL) != NULL; 265} 266 267static enum callback_status 268send_sigstop(struct process *task, void *data) 269{ 270 struct process *leader = task->leader; 271 struct pid_set *pids = data; 272 273 /* Look for pre-existing task record, or add new. */ 274 struct pid_task *task_info = get_task_info(pids, task->pid); 275 if (task_info == NULL) 276 task_info = add_task_info(pids, task->pid); 277 if (task_info == NULL) { 278 perror("send_sigstop: add_task_info"); 279 destroy_event_handler(leader); 280 /* Signal failure upwards. */ 281 return CBS_STOP; 282 } 283 284 /* This task still has not been attached to. It should be 285 stopped by the kernel. */ 286 if (task->state == STATE_BEING_CREATED) 287 return CBS_CONT; 288 289 /* Don't bother sending SIGSTOP if we are already stopped, or 290 * if we sent the SIGSTOP already, which happens when we are 291 * handling "onexit" and inherited the handler from breakpoint 292 * re-enablement. */ 293 enum process_status st; 294 if (task_stopped(task, &st) == CBS_CONT) 295 return CBS_CONT; 296 if (task_info->sigstopped) { 297 if (!task_info->delivered) 298 return CBS_CONT; 299 task_info->delivered = 0; 300 } 301 302 /* Also don't attempt to stop the process if it's a parent of 303 * vforked process. We set up event handler specially to hint 304 * us. In that case parent is in D state, which we use to 305 * weed out unnecessary looping. */ 306 if (st == PS_SLEEPING 307 && is_vfork_parent(task)) { 308 task_info->vforked = 1; 309 return CBS_CONT; 310 } 311 312 if (task_kill(task->pid, SIGSTOP) >= 0) { 313 debug(DEBUG_PROCESS, "send SIGSTOP to %d", task->pid); 314 task_info->sigstopped = 1; 315 } else 316 fprintf(stderr, 317 "Warning: couldn't send SIGSTOP to %d\n", task->pid); 318 319 return CBS_CONT; 320} 321 322/* On certain kernels, detaching right after a singlestep causes the 323 tracee to be killed with a SIGTRAP (that even though the singlestep 324 was properly caught by waitpid. The ugly workaround is to put a 325 breakpoint where IP points and let the process continue. After 326 this the breakpoint can be retracted and the process detached. */ 327static void 328ugly_workaround(struct process *proc) 329{ 330 arch_addr_t ip = get_instruction_pointer(proc); 331 struct breakpoint *found; 332 if (DICT_FIND_VAL(proc->leader->breakpoints, &ip, &found) < 0) { 333 insert_breakpoint_at(proc, ip, NULL); 334 } else { 335 assert(found != NULL); 336 enable_breakpoint(proc, found); 337 } 338 ptrace(PTRACE_CONT, proc->pid, 0, 0); 339} 340 341static void 342process_stopping_done(struct process_stopping_handler *self, 343 struct process *leader) 344{ 345 debug(DEBUG_PROCESS, "process stopping done %d", 346 self->task_enabling_breakpoint->pid); 347 348 if (!self->exiting) { 349 size_t i; 350 for (i = 0; i < self->pids.count; ++i) 351 if (self->pids.tasks[i].pid != 0 352 && (self->pids.tasks[i].delivered 353 || self->pids.tasks[i].sysret)) 354 continue_process(self->pids.tasks[i].pid); 355 continue_process(self->task_enabling_breakpoint->pid); 356 } 357 358 if (self->exiting) { 359 ugly_workaround: 360 self->state = PSH_UGLY_WORKAROUND; 361 ugly_workaround(self->task_enabling_breakpoint); 362 } else { 363 switch ((self->ugly_workaround_p)(self)) { 364 case CBS_FAIL: 365 /* xxx handle me */ 366 case CBS_STOP: 367 break; 368 case CBS_CONT: 369 goto ugly_workaround; 370 } 371 destroy_event_handler(leader); 372 } 373} 374 375/* Before we detach, we need to make sure that task's IP is on the 376 * edge of an instruction. So for tasks that have a breakpoint event 377 * in the queue, we adjust the instruction pointer, just like 378 * continue_after_breakpoint does. */ 379static enum ecb_status 380undo_breakpoint(Event *event, void *data) 381{ 382 if (event != NULL 383 && event->proc->leader == data 384 && event->type == EVENT_BREAKPOINT) 385 set_instruction_pointer(event->proc, event->e_un.brk_addr); 386 return ECB_CONT; 387} 388 389static enum callback_status 390untrace_task(struct process *task, void *data) 391{ 392 if (task != data) 393 untrace_pid(task->pid); 394 return CBS_CONT; 395} 396 397static enum callback_status 398remove_task(struct process *task, void *data) 399{ 400 /* Don't untrace leader just yet. */ 401 if (task != data) 402 remove_process(task); 403 return CBS_CONT; 404} 405 406static enum callback_status 407retract_breakpoint_cb(struct process *proc, struct breakpoint *bp, void *data) 408{ 409 breakpoint_on_retract(bp, proc); 410 return CBS_CONT; 411} 412 413static void 414detach_process(struct process *leader) 415{ 416 each_qd_event(&undo_breakpoint, leader); 417 disable_all_breakpoints(leader); 418 proc_each_breakpoint(leader, NULL, retract_breakpoint_cb, NULL); 419 420 /* Now untrace the process, if it was attached to by -p. */ 421 struct opt_p_t *it; 422 for (it = opt_p; it != NULL; it = it->next) { 423 struct process *proc = pid2proc(it->pid); 424 if (proc == NULL) 425 continue; 426 if (proc->leader == leader) { 427 each_task(leader, NULL, &untrace_task, NULL); 428 break; 429 } 430 } 431 each_task(leader, NULL, &remove_task, leader); 432 destroy_event_handler(leader); 433 remove_task(leader, NULL); 434} 435 436static void 437handle_stopping_event(struct pid_task *task_info, Event **eventp) 438{ 439 /* Mark all events, so that we know whom to SIGCONT later. */ 440 if (task_info != NULL) 441 task_info->got_event = 1; 442 443 Event *event = *eventp; 444 445 /* In every state, sink SIGSTOP events for tasks that it was 446 * sent to. */ 447 if (task_info != NULL 448 && event->type == EVENT_SIGNAL 449 && event->e_un.signum == SIGSTOP) { 450 debug(DEBUG_PROCESS, "SIGSTOP delivered to %d", task_info->pid); 451 if (task_info->sigstopped 452 && !task_info->delivered) { 453 task_info->delivered = 1; 454 *eventp = NULL; // sink the event 455 } else 456 fprintf(stderr, "suspicious: %d got SIGSTOP, but " 457 "sigstopped=%d and delivered=%d\n", 458 task_info->pid, task_info->sigstopped, 459 task_info->delivered); 460 } 461} 462 463/* Some SIGSTOPs may have not been delivered to their respective tasks 464 * yet. They are still in the queue. If we have seen an event for 465 * that process, continue it, so that the SIGSTOP can be delivered and 466 * caught by ltrace. We don't mind that the process is after 467 * breakpoint (and therefore potentially doesn't have aligned IP), 468 * because the signal will be delivered without the process actually 469 * starting. */ 470static void 471continue_for_sigstop_delivery(struct pid_set *pids) 472{ 473 size_t i; 474 for (i = 0; i < pids->count; ++i) { 475 if (pids->tasks[i].pid != 0 476 && pids->tasks[i].sigstopped 477 && !pids->tasks[i].delivered 478 && pids->tasks[i].got_event) { 479 debug(DEBUG_PROCESS, "continue %d for SIGSTOP delivery", 480 pids->tasks[i].pid); 481 ptrace(PTRACE_SYSCALL, pids->tasks[i].pid, 0, 0); 482 } 483 } 484} 485 486static int 487event_exit_p(Event *event) 488{ 489 return event != NULL && (event->type == EVENT_EXIT 490 || event->type == EVENT_EXIT_SIGNAL); 491} 492 493static int 494event_exit_or_none_p(Event *event) 495{ 496 return event == NULL || event_exit_p(event) 497 || event->type == EVENT_NONE; 498} 499 500static int 501await_sigstop_delivery(struct pid_set *pids, struct pid_task *task_info, 502 Event *event) 503{ 504 /* If we still didn't get our SIGSTOP, continue the process 505 * and carry on. */ 506 if (event != NULL && !event_exit_or_none_p(event) 507 && task_info != NULL && task_info->sigstopped) { 508 debug(DEBUG_PROCESS, "continue %d for SIGSTOP delivery", 509 task_info->pid); 510 /* We should get the signal the first thing 511 * after this, so it should be OK to continue 512 * even if we are over a breakpoint. */ 513 ptrace(PTRACE_SYSCALL, task_info->pid, 0, 0); 514 515 } else { 516 /* If all SIGSTOPs were delivered, uninstall the 517 * handler and continue everyone. */ 518 /* XXX I suspect that we should check tasks that are 519 * still around. Is things are now, there should be a 520 * race between waiting for everyone to stop and one 521 * of the tasks exiting. */ 522 int all_clear = 1; 523 size_t i; 524 for (i = 0; i < pids->count; ++i) 525 if (pids->tasks[i].pid != 0 526 && pids->tasks[i].sigstopped 527 && !pids->tasks[i].delivered) { 528 all_clear = 0; 529 break; 530 } 531 return all_clear; 532 } 533 534 return 0; 535} 536 537static int 538all_stops_accountable(struct pid_set *pids) 539{ 540 size_t i; 541 for (i = 0; i < pids->count; ++i) 542 if (pids->tasks[i].pid != 0 543 && !pids->tasks[i].got_event 544 && !have_events_for(pids->tasks[i].pid)) 545 return 0; 546 return 1; 547} 548 549#ifndef ARCH_HAVE_SW_SINGLESTEP 550enum sw_singlestep_status 551arch_sw_singlestep(struct process *proc, struct breakpoint *bp, 552 int (*add_cb)(arch_addr_t, struct sw_singlestep_data *), 553 struct sw_singlestep_data *data) 554{ 555 return SWS_HW; 556} 557#endif 558 559static Event *process_stopping_on_event(struct event_handler *super, 560 Event *event); 561 562static void 563remove_sw_breakpoints(struct process *proc) 564{ 565 struct process_stopping_handler *self 566 = (void *)proc->leader->event_handler; 567 assert(self != NULL); 568 assert(self->super.on_event == process_stopping_on_event); 569 570 int ct = sizeof(self->sws_bps) / sizeof(*self->sws_bps); 571 int i; 572 for (i = 0; i < ct; ++i) 573 if (self->sws_bps[i] != NULL) { 574 delete_breakpoint_at(proc, self->sws_bps[i]->addr); 575 self->sws_bps[i] = NULL; 576 } 577} 578 579static void 580sw_singlestep_bp_on_hit(struct breakpoint *bp, struct process *proc) 581{ 582 remove_sw_breakpoints(proc); 583} 584 585struct sw_singlestep_data { 586 struct process_stopping_handler *self; 587}; 588 589static int 590sw_singlestep_add_bp(arch_addr_t addr, struct sw_singlestep_data *data) 591{ 592 struct process_stopping_handler *self = data->self; 593 struct process *proc = self->task_enabling_breakpoint; 594 595 int ct = sizeof(self->sws_bps) / sizeof(*self->sws_bps); 596 int i; 597 for (i = 0; i < ct; ++i) 598 if (self->sws_bps[i] == NULL) { 599 static struct bp_callbacks cbs = { 600 .on_hit = sw_singlestep_bp_on_hit, 601 }; 602 struct breakpoint *bp 603 = insert_breakpoint_at(proc, addr, NULL); 604 breakpoint_set_callbacks(bp, &cbs); 605 self->sws_bps[i] = bp; 606 return 0; 607 } 608 609 assert(!"Too many sw singlestep breakpoints!"); 610 abort(); 611} 612 613static int 614singlestep(struct process_stopping_handler *self) 615{ 616 size_t i; 617 for (i = 0; i < sizeof(self->sws_bps) / sizeof(*self->sws_bps); ++i) 618 self->sws_bps[i] = NULL; 619 620 struct sw_singlestep_data data = { self }; 621 switch (arch_sw_singlestep(self->task_enabling_breakpoint, 622 self->breakpoint_being_enabled, 623 &sw_singlestep_add_bp, &data)) { 624 case SWS_HW: 625 /* Otherwise do the default action: singlestep. */ 626 debug(1, "PTRACE_SINGLESTEP"); 627 if (ptrace(PTRACE_SINGLESTEP, 628 self->task_enabling_breakpoint->pid, 0, 0)) { 629 perror("PTRACE_SINGLESTEP"); 630 return -1; 631 } 632 return 0; 633 634 case SWS_OK: 635 return 0; 636 637 case SWS_FAIL: 638 return -1; 639 } 640 abort(); 641} 642 643static void 644post_singlestep(struct process_stopping_handler *self, 645 struct Event **eventp) 646{ 647 continue_for_sigstop_delivery(&self->pids); 648 649 if (*eventp != NULL && (*eventp)->type == EVENT_BREAKPOINT) 650 *eventp = NULL; // handled 651 652 struct process *proc = self->task_enabling_breakpoint; 653 654 remove_sw_breakpoints(proc); 655 self->breakpoint_being_enabled = NULL; 656} 657 658static void 659singlestep_error(struct process_stopping_handler *self) 660{ 661 struct process *teb = self->task_enabling_breakpoint; 662 struct breakpoint *sbp = self->breakpoint_being_enabled; 663 fprintf(stderr, "%d couldn't continue when handling %s (%p) at %p\n", 664 teb->pid, breakpoint_name(sbp), sbp->addr, 665 get_instruction_pointer(teb)); 666 delete_breakpoint_at(teb->leader, sbp->addr); 667} 668 669static void 670pt_continue(struct process_stopping_handler *self) 671{ 672 struct process *teb = self->task_enabling_breakpoint; 673 debug(1, "PTRACE_CONT"); 674 ptrace(PTRACE_CONT, teb->pid, 0, 0); 675} 676 677static void 678pt_singlestep(struct process_stopping_handler *self) 679{ 680 if (singlestep(self) < 0) 681 singlestep_error(self); 682} 683 684static void 685disable_and(struct process_stopping_handler *self, 686 void (*do_this)(struct process_stopping_handler *self)) 687{ 688 struct process *teb = self->task_enabling_breakpoint; 689 debug(DEBUG_PROCESS, "all stopped, now singlestep/cont %d", teb->pid); 690 if (self->breakpoint_being_enabled->enabled) 691 disable_breakpoint(teb, self->breakpoint_being_enabled); 692 (do_this)(self); 693 self->state = PSH_SINGLESTEP; 694} 695 696void 697linux_ptrace_disable_and_singlestep(struct process_stopping_handler *self) 698{ 699 disable_and(self, &pt_singlestep); 700} 701 702void 703linux_ptrace_disable_and_continue(struct process_stopping_handler *self) 704{ 705 disable_and(self, &pt_continue); 706} 707 708/* This event handler is installed when we are in the process of 709 * stopping the whole thread group to do the pointer re-enablement for 710 * one of the threads. We pump all events to the queue for later 711 * processing while we wait for all the threads to stop. When this 712 * happens, we let the re-enablement thread to PTRACE_SINGLESTEP, 713 * re-enable, and continue everyone. */ 714static Event * 715process_stopping_on_event(struct event_handler *super, Event *event) 716{ 717 struct process_stopping_handler *self = (void *)super; 718 struct process *task = event->proc; 719 struct process *leader = task->leader; 720 struct process *teb = self->task_enabling_breakpoint; 721 722 debug(DEBUG_PROCESS, 723 "process_stopping_on_event: pid %d; event type %d; state %d", 724 task->pid, event->type, self->state); 725 726 struct pid_task *task_info = get_task_info(&self->pids, task->pid); 727 if (task_info == NULL) 728 fprintf(stderr, "new task??? %d\n", task->pid); 729 handle_stopping_event(task_info, &event); 730 731 int state = self->state; 732 int event_to_queue = !event_exit_or_none_p(event); 733 734 /* Deactivate the entry if the task exits. */ 735 if (event_exit_p(event) && task_info != NULL) 736 task_info->pid = 0; 737 738 /* Always handle sysrets. Whether sysret occurred and what 739 * sys it rets from may need to be determined based on process 740 * stack, so we need to keep that in sync with reality. Note 741 * that we don't continue the process after the sysret is 742 * handled. See continue_after_syscall. */ 743 if (event != NULL && event->type == EVENT_SYSRET) { 744 debug(1, "%d LT_EV_SYSRET", event->proc->pid); 745 event_to_queue = 0; 746 if (task_info != NULL) 747 task_info->sysret = 1; 748 } 749 750 switch (state) { 751 case PSH_STOPPING: 752 /* If everyone is stopped, singlestep. */ 753 if (each_task(leader, NULL, &task_blocked, 754 &self->pids) == NULL) { 755 (self->on_all_stopped)(self); 756 state = self->state; 757 } 758 break; 759 760 case PSH_SINGLESTEP: 761 /* In singlestep state, breakpoint signifies that we 762 * have now stepped, and can re-enable the breakpoint. */ 763 if (event != NULL && task == teb) { 764 765 /* If this was caused by a real breakpoint, as 766 * opposed to a singlestep, assume that it's 767 * an artificial breakpoint installed for some 768 * reason for the re-enablement. In that case 769 * handle it. */ 770 if (event->type == EVENT_BREAKPOINT) { 771 arch_addr_t ip 772 = get_instruction_pointer(task); 773 struct breakpoint *other 774 = address2bpstruct(leader, ip); 775 if (other != NULL) 776 breakpoint_on_hit(other, task); 777 } 778 779 /* If we got SIGNAL instead of BREAKPOINT, 780 * then this is not singlestep at all. */ 781 if (event->type == EVENT_SIGNAL) { 782 do_singlestep: 783 if (singlestep(self) < 0) { 784 singlestep_error(self); 785 post_singlestep(self, &event); 786 goto psh_sinking; 787 } 788 break; 789 } else { 790 switch ((self->keep_stepping_p)(self)) { 791 case CBS_FAIL: 792 /* XXX handle me */ 793 case CBS_STOP: 794 break; 795 case CBS_CONT: 796 /* Sink singlestep event. */ 797 if (event->type == EVENT_BREAKPOINT) 798 event = NULL; 799 goto do_singlestep; 800 } 801 } 802 803 /* Re-enable the breakpoint that we are 804 * stepping over. */ 805 struct breakpoint *sbp = self->breakpoint_being_enabled; 806 if (sbp->enabled) 807 enable_breakpoint(teb, sbp); 808 809 post_singlestep(self, &event); 810 goto psh_sinking; 811 } 812 break; 813 814 psh_sinking: 815 state = self->state = PSH_SINKING; 816 /* Fall through. */ 817 case PSH_SINKING: 818 if (await_sigstop_delivery(&self->pids, task_info, event)) 819 process_stopping_done(self, leader); 820 break; 821 822 case PSH_UGLY_WORKAROUND: 823 if (event == NULL) 824 break; 825 if (event->type == EVENT_BREAKPOINT) { 826 undo_breakpoint(event, leader); 827 if (task == teb) 828 self->task_enabling_breakpoint = NULL; 829 } 830 if (self->task_enabling_breakpoint == NULL 831 && all_stops_accountable(&self->pids)) { 832 undo_breakpoint(event, leader); 833 detach_process(leader); 834 event = NULL; // handled 835 } 836 } 837 838 if (event != NULL && event_to_queue) { 839 enque_event(event); 840 event = NULL; // sink the event 841 } 842 843 return event; 844} 845 846static void 847process_stopping_destroy(struct event_handler *super) 848{ 849 struct process_stopping_handler *self = (void *)super; 850 free(self->pids.tasks); 851} 852 853static enum callback_status 854no(struct process_stopping_handler *self) 855{ 856 return CBS_STOP; 857} 858 859int 860process_install_stopping_handler(struct process *proc, struct breakpoint *sbp, 861 void (*as)(struct process_stopping_handler *), 862 enum callback_status (*ks) 863 (struct process_stopping_handler *), 864 enum callback_status (*uw) 865 (struct process_stopping_handler *)) 866{ 867 debug(DEBUG_FUNCTION, 868 "process_install_stopping_handler: pid=%d", proc->pid); 869 870 struct process_stopping_handler *handler = calloc(sizeof(*handler), 1); 871 if (handler == NULL) 872 return -1; 873 874 if (as == NULL) 875 as = &linux_ptrace_disable_and_singlestep; 876 if (ks == NULL) 877 ks = &no; 878 if (uw == NULL) 879 uw = &no; 880 881 handler->super.on_event = process_stopping_on_event; 882 handler->super.destroy = process_stopping_destroy; 883 handler->task_enabling_breakpoint = proc; 884 handler->breakpoint_being_enabled = sbp; 885 handler->on_all_stopped = as; 886 handler->keep_stepping_p = ks; 887 handler->ugly_workaround_p = uw; 888 889 install_event_handler(proc->leader, &handler->super); 890 891 if (each_task(proc->leader, NULL, &send_sigstop, 892 &handler->pids) != NULL) { 893 destroy_event_handler(proc); 894 return -1; 895 } 896 897 /* And deliver the first fake event, in case all the 898 * conditions are already fulfilled. */ 899 Event ev = { 900 .type = EVENT_NONE, 901 .proc = proc, 902 }; 903 process_stopping_on_event(&handler->super, &ev); 904 905 return 0; 906} 907 908void 909continue_after_breakpoint(struct process *proc, struct breakpoint *sbp) 910{ 911 debug(DEBUG_PROCESS, 912 "continue_after_breakpoint: pid=%d, addr=%p", 913 proc->pid, sbp->addr); 914 915 set_instruction_pointer(proc, sbp->addr); 916 917 if (sbp->enabled == 0) { 918 continue_process(proc->pid); 919 } else if (process_install_stopping_handler 920 (proc, sbp, NULL, NULL, NULL) < 0) { 921 perror("process_stopping_handler_create"); 922 /* Carry on not bothering to re-enable. */ 923 continue_process(proc->pid); 924 } 925} 926 927/** 928 * Ltrace exit. When we are about to exit, we have to go through all 929 * the processes, stop them all, remove all the breakpoints, and then 930 * detach the processes that we attached to using -p. If we left the 931 * other tasks running, they might hit stray return breakpoints and 932 * produce artifacts, so we better stop everyone, even if it's a bit 933 * of extra work. 934 */ 935struct ltrace_exiting_handler 936{ 937 struct event_handler super; 938 struct pid_set pids; 939}; 940 941static Event * 942ltrace_exiting_on_event(struct event_handler *super, Event *event) 943{ 944 struct ltrace_exiting_handler *self = (void *)super; 945 struct process *task = event->proc; 946 struct process *leader = task->leader; 947 948 debug(DEBUG_PROCESS, 949 "ltrace_exiting_on_event: pid %d; event type %d", 950 task->pid, event->type); 951 952 struct pid_task *task_info = get_task_info(&self->pids, task->pid); 953 handle_stopping_event(task_info, &event); 954 955 if (event != NULL && event->type == EVENT_BREAKPOINT) 956 undo_breakpoint(event, leader); 957 958 if (await_sigstop_delivery(&self->pids, task_info, event) 959 && all_stops_accountable(&self->pids)) 960 detach_process(leader); 961 962 /* Sink all non-exit events. We are about to exit, so we 963 * don't bother with queuing them. */ 964 if (event_exit_or_none_p(event)) 965 return event; 966 967 return NULL; 968} 969 970static void 971ltrace_exiting_destroy(struct event_handler *super) 972{ 973 struct ltrace_exiting_handler *self = (void *)super; 974 free(self->pids.tasks); 975} 976 977static int 978ltrace_exiting_install_handler(struct process *proc) 979{ 980 /* Only install to leader. */ 981 if (proc->leader != proc) 982 return 0; 983 984 /* Perhaps we are already installed, if the user passed 985 * several -p options that are tasks of one process. */ 986 if (proc->event_handler != NULL 987 && proc->event_handler->on_event == <race_exiting_on_event) 988 return 0; 989 990 /* If stopping handler is already present, let it do the 991 * work. */ 992 if (proc->event_handler != NULL) { 993 assert(proc->event_handler->on_event 994 == &process_stopping_on_event); 995 struct process_stopping_handler *other 996 = (void *)proc->event_handler; 997 other->exiting = 1; 998 return 0; 999 } 1000 1001 struct ltrace_exiting_handler *handler 1002 = calloc(sizeof(*handler), 1); 1003 if (handler == NULL) { 1004 perror("malloc exiting handler"); 1005 fatal: 1006 /* XXXXXXXXXXXXXXXXXXX fixme */ 1007 return -1; 1008 } 1009 1010 handler->super.on_event = ltrace_exiting_on_event; 1011 handler->super.destroy = ltrace_exiting_destroy; 1012 install_event_handler(proc->leader, &handler->super); 1013 1014 if (each_task(proc->leader, NULL, &send_sigstop, 1015 &handler->pids) != NULL) 1016 goto fatal; 1017 1018 return 0; 1019} 1020 1021/* 1022 * When the traced process vforks, it's suspended until the child 1023 * process calls _exit or exec*. In the meantime, the two share the 1024 * address space. 1025 * 1026 * The child process should only ever call _exit or exec*, but we 1027 * can't count on that (it's not the role of ltrace to policy, but to 1028 * observe). In any case, we will _at least_ have to deal with 1029 * removal of vfork return breakpoint (which we have to smuggle back 1030 * in, so that the parent can see it, too), and introduction of exec* 1031 * return breakpoint. Since we already have both breakpoint actions 1032 * to deal with, we might as well support it all. 1033 * 1034 * The gist is that we pretend that the child is in a thread group 1035 * with its parent, and handle it as a multi-threaded case, with the 1036 * exception that we know that the parent is blocked, and don't 1037 * attempt to stop it. When the child execs, we undo the setup. 1038 */ 1039 1040struct process_vfork_handler 1041{ 1042 struct event_handler super; 1043 int vfork_bp_refd:1; 1044}; 1045 1046static Event * 1047process_vfork_on_event(struct event_handler *super, Event *event) 1048{ 1049 debug(DEBUG_PROCESS, 1050 "process_vfork_on_event: pid %d; event type %d", 1051 event->proc->pid, event->type); 1052 1053 struct process_vfork_handler *self = (void *)super; 1054 struct process *proc = event->proc; 1055 assert(self != NULL); 1056 1057 switch (event->type) { 1058 case EVENT_BREAKPOINT: 1059 /* We turn on the vfork return breakpoint (which 1060 * should be the one that we have tripped over just 1061 * now) one extra time, so that the vfork parent hits 1062 * it as well. */ 1063 if (!self->vfork_bp_refd) { 1064 struct breakpoint *sbp = NULL; 1065 DICT_FIND_VAL(proc->leader->breakpoints, 1066 &event->e_un.brk_addr, &sbp); 1067 assert(sbp != NULL); 1068 breakpoint_turn_on(sbp, proc->leader); 1069 self->vfork_bp_refd = 1; 1070 } 1071 break; 1072 1073 case EVENT_EXIT: 1074 case EVENT_EXIT_SIGNAL: 1075 case EVENT_EXEC: 1076 /* Remove the leader that we artificially set up 1077 * earlier. */ 1078 change_process_leader(proc, proc); 1079 destroy_event_handler(proc); 1080 continue_process(proc->parent->pid); 1081 1082 default: 1083 ; 1084 } 1085 1086 return event; 1087} 1088 1089void 1090continue_after_vfork(struct process *proc) 1091{ 1092 debug(DEBUG_PROCESS, "continue_after_vfork: pid=%d", proc->pid); 1093 struct process_vfork_handler *handler = calloc(sizeof(*handler), 1); 1094 if (handler == NULL) { 1095 perror("malloc vfork handler"); 1096 /* Carry on not bothering to treat the process as 1097 * necessary. */ 1098 continue_process(proc->parent->pid); 1099 return; 1100 } 1101 1102 /* We must set up custom event handler, so that we see 1103 * exec/exit events for the task itself. */ 1104 handler->super.on_event = process_vfork_on_event; 1105 install_event_handler(proc, &handler->super); 1106 1107 /* Make sure that the child is sole thread. */ 1108 assert(proc->leader == proc); 1109 assert(proc->next == NULL || proc->next->leader != proc); 1110 1111 /* Make sure that the child's parent is properly set up. */ 1112 assert(proc->parent != NULL); 1113 assert(proc->parent->leader != NULL); 1114 1115 change_process_leader(proc, proc->parent->leader); 1116} 1117 1118static int 1119is_mid_stopping(struct process *proc) 1120{ 1121 return proc != NULL 1122 && proc->event_handler != NULL 1123 && proc->event_handler->on_event == &process_stopping_on_event; 1124} 1125 1126void 1127continue_after_syscall(struct process *proc, int sysnum, int ret_p) 1128{ 1129 /* Don't continue if we are mid-stopping. */ 1130 if (ret_p && (is_mid_stopping(proc) || is_mid_stopping(proc->leader))) { 1131 debug(DEBUG_PROCESS, 1132 "continue_after_syscall: don't continue %d", 1133 proc->pid); 1134 return; 1135 } 1136 continue_process(proc->pid); 1137} 1138 1139void 1140continue_after_exec(struct process *proc) 1141{ 1142 continue_process(proc->pid); 1143 1144 /* After the exec, we expect to hit the first executable 1145 * instruction. 1146 * 1147 * XXX TODO It would be nice to have this removed, but then we 1148 * need to do that also for initial call to wait_for_proc in 1149 * execute_program. In that case we could generate a 1150 * EVENT_FIRST event or something, or maybe this could somehow 1151 * be rolled into EVENT_NEW. */ 1152 wait_for_proc(proc->pid); 1153 continue_process(proc->pid); 1154} 1155 1156/* If ltrace gets SIGINT, the processes directly or indirectly run by 1157 * ltrace get it too. We just have to wait long enough for the signal 1158 * to be delivered and the process terminated, which we notice and 1159 * exit ltrace, too. So there's not much we need to do there. We 1160 * want to keep tracing those processes as usual, in case they just 1161 * SIG_IGN the SIGINT to do their shutdown etc. 1162 * 1163 * For processes ran on the background, we want to install an exit 1164 * handler that stops all the threads, removes all breakpoints, and 1165 * detaches. 1166 */ 1167void 1168os_ltrace_exiting(void) 1169{ 1170 struct opt_p_t *it; 1171 for (it = opt_p; it != NULL; it = it->next) { 1172 struct process *proc = pid2proc(it->pid); 1173 if (proc == NULL || proc->leader == NULL) 1174 continue; 1175 if (ltrace_exiting_install_handler(proc->leader) < 0) 1176 fprintf(stderr, 1177 "Couldn't install exiting handler for %d.\n", 1178 proc->pid); 1179 } 1180} 1181 1182int 1183os_ltrace_exiting_sighandler(void) 1184{ 1185 extern int linux_in_waitpid; 1186 if (linux_in_waitpid) { 1187 os_ltrace_exiting(); 1188 return 1; 1189 } 1190 return 0; 1191} 1192 1193size_t 1194umovebytes(struct process *proc, void *addr, void *laddr, size_t len) 1195{ 1196 1197 union { 1198 long a; 1199 char c[sizeof(long)]; 1200 } a; 1201 int started = 0; 1202 size_t offset = 0, bytes_read = 0; 1203 1204 while (offset < len) { 1205 a.a = ptrace(PTRACE_PEEKTEXT, proc->pid, addr + offset, 0); 1206 if (a.a == -1 && errno) { 1207 if (started && errno == EIO) 1208 return bytes_read; 1209 else 1210 return -1; 1211 } 1212 started = 1; 1213 1214 if (len - offset >= sizeof(long)) { 1215 memcpy(laddr + offset, &a.c[0], sizeof(long)); 1216 bytes_read += sizeof(long); 1217 } 1218 else { 1219 memcpy(laddr + offset, &a.c[0], len - offset); 1220 bytes_read += (len - offset); 1221 } 1222 offset += sizeof(long); 1223 } 1224 1225 return bytes_read; 1226} 1227 1228struct irelative_name_data_t { 1229 GElf_Addr addr; 1230 const char *found_name; 1231}; 1232 1233static enum callback_status 1234irelative_name_cb(GElf_Sym *symbol, const char *name, void *d) 1235{ 1236 struct irelative_name_data_t *data = d; 1237 1238 if (symbol->st_value == data->addr) { 1239 bool is_ifunc = false; 1240#ifdef STT_GNU_IFUNC 1241 is_ifunc = GELF_ST_TYPE(symbol->st_info) == STT_GNU_IFUNC; 1242#endif 1243 data->found_name = name; 1244 1245 /* Keep looking, unless we found the actual IFUNC 1246 * symbol. What we matched may have been a symbol 1247 * denoting the resolver function, which would have 1248 * the same address. */ 1249 return CBS_STOP_IF(is_ifunc); 1250 } 1251 1252 return CBS_CONT; 1253} 1254 1255char * 1256linux_elf_find_irelative_name(struct ltelf *lte, GElf_Addr addr) 1257{ 1258 struct irelative_name_data_t data = { addr, NULL }; 1259 if (addr != 0 1260 && elf_each_symbol(lte, 0, 1261 irelative_name_cb, &data).status < 0) 1262 return NULL; 1263 1264 const char *name; 1265 if (data.found_name != NULL) { 1266 name = data.found_name; 1267 } else { 1268#define NAME "IREL." 1269 /* NAME\0 + 0x + digits. */ 1270 char *tmp_name = alloca(sizeof NAME + 2 + 16); 1271 sprintf(tmp_name, NAME "%#" PRIx64, (uint64_t) addr); 1272 name = tmp_name; 1273#undef NAME 1274 } 1275 1276 return strdup(name); 1277} 1278 1279enum plt_status 1280linux_elf_add_plt_entry_irelative(struct process *proc, struct ltelf *lte, 1281 GElf_Rela *rela, size_t ndx, 1282 struct library_symbol **ret) 1283 1284{ 1285 char *name = linux_elf_find_irelative_name(lte, rela->r_addend); 1286 int i = default_elf_add_plt_entry(proc, lte, name, rela, ndx, ret); 1287 free(name); 1288 return i < 0 ? PLT_FAIL : PLT_OK; 1289} 1290