trace.c revision 9294d82f67e20f5f2b61f317ad04f5cb717c7d27
1#include "config.h" 2 3#include <asm/unistd.h> 4#include <sys/types.h> 5#include <sys/wait.h> 6#include <assert.h> 7#include <errno.h> 8#include <stdio.h> 9#include <stdlib.h> 10#include <string.h> 11#include <unistd.h> 12 13#ifdef HAVE_LIBSELINUX 14# include <selinux/selinux.h> 15#endif 16 17#include "ptrace.h" 18#include "common.h" 19#include "breakpoint.h" 20 21/* If the system headers did not provide the constants, hard-code the normal 22 values. */ 23#ifndef PTRACE_EVENT_FORK 24 25#define PTRACE_OLDSETOPTIONS 21 26#define PTRACE_SETOPTIONS 0x4200 27#define PTRACE_GETEVENTMSG 0x4201 28 29/* options set using PTRACE_SETOPTIONS */ 30#define PTRACE_O_TRACESYSGOOD 0x00000001 31#define PTRACE_O_TRACEFORK 0x00000002 32#define PTRACE_O_TRACEVFORK 0x00000004 33#define PTRACE_O_TRACECLONE 0x00000008 34#define PTRACE_O_TRACEEXEC 0x00000010 35#define PTRACE_O_TRACEVFORKDONE 0x00000020 36#define PTRACE_O_TRACEEXIT 0x00000040 37 38/* Wait extended result codes for the above trace options. */ 39#define PTRACE_EVENT_FORK 1 40#define PTRACE_EVENT_VFORK 2 41#define PTRACE_EVENT_CLONE 3 42#define PTRACE_EVENT_EXEC 4 43#define PTRACE_EVENT_VFORK_DONE 5 44#define PTRACE_EVENT_EXIT 6 45 46#endif /* PTRACE_EVENT_FORK */ 47 48#ifdef ARCH_HAVE_UMOVELONG 49extern int arch_umovelong (Process *, void *, long *, arg_type_info *); 50int 51umovelong (Process *proc, void *addr, long *result, arg_type_info *info) { 52 return arch_umovelong (proc, addr, result, info); 53} 54#else 55/* Read a single long from the process's memory address 'addr' */ 56int 57umovelong (Process *proc, void *addr, long *result, arg_type_info *info) { 58 long pointed_to; 59 60 errno = 0; 61 pointed_to = ptrace (PTRACE_PEEKTEXT, proc->pid, addr, 0); 62 if (pointed_to == -1 && errno) 63 return -errno; 64 65 *result = pointed_to; 66 if (info) { 67 switch(info->type) { 68 case ARGTYPE_INT: 69 *result &= 0x00000000ffffffffUL; 70 default: 71 break; 72 }; 73 } 74 return 0; 75} 76#endif 77 78void 79trace_fail_warning(pid_t pid) 80{ 81 /* This was adapted from GDB. */ 82#ifdef HAVE_LIBSELINUX 83 static int checked = 0; 84 if (checked) 85 return; 86 checked = 1; 87 88 /* -1 is returned for errors, 0 if it has no effect, 1 if 89 * PTRACE_ATTACH is forbidden. */ 90 if (security_get_boolean_active("deny_ptrace") == 1) 91 fprintf(stderr, 92"The SELinux boolean 'deny_ptrace' is enabled, which may prevent ltrace from\n" 93"tracing other processes. You can disable this process attach protection by\n" 94"issuing 'setsebool deny_ptrace=0' in the superuser context.\n"); 95#endif /* HAVE_LIBSELINUX */ 96} 97 98void 99trace_me(void) 100{ 101 debug(DEBUG_PROCESS, "trace_me: pid=%d", getpid()); 102 if (ptrace(PTRACE_TRACEME, 0, 1, 0) < 0) { 103 perror("PTRACE_TRACEME"); 104 trace_fail_warning(getpid()); 105 exit(1); 106 } 107} 108 109/* There's a (hopefully) brief period of time after the child process 110 * exec's when we can't trace it yet. Here we wait for kernel to 111 * prepare the process. */ 112void 113wait_for_proc(pid_t pid) 114{ 115 size_t i; 116 for (i = 0; i < 100; ++i) { 117 /* We read from memory address 0, but that shouldn't 118 * be a problem: the reading will just fail. We are 119 * looking for a particular reason of failure. */ 120 if (ptrace(PTRACE_PEEKTEXT, pid, 0, 0) != -1 121 || errno != ESRCH) 122 return; 123 124 usleep(1000); 125 } 126 127 fprintf(stderr, "\ 128I consistently fail to read a word from the freshly launched process.\n\ 129I'll now try to proceed with tracing, but this shouldn't be happening.\n"); 130} 131 132int 133trace_pid(pid_t pid) 134{ 135 debug(DEBUG_PROCESS, "trace_pid: pid=%d", pid); 136 /* This shouldn't emit error messages, as there are legitimate 137 * reasons that the PID can't be attached: like it may have 138 * already ended. */ 139 if (ptrace(PTRACE_ATTACH, pid, 1, 0) < 0) 140 return -1; 141 142 /* man ptrace: PTRACE_ATTACH attaches to the process specified 143 in pid. The child is sent a SIGSTOP, but will not 144 necessarily have stopped by the completion of this call; 145 use wait() to wait for the child to stop. */ 146 if (waitpid (pid, NULL, __WALL) != pid) { 147 perror ("trace_pid: waitpid"); 148 return -1; 149 } 150 151 return 0; 152} 153 154void 155trace_set_options(Process *proc, pid_t pid) { 156 if (proc->tracesysgood & 0x80) 157 return; 158 159 debug(DEBUG_PROCESS, "trace_set_options: pid=%d", pid); 160 161 long options = PTRACE_O_TRACESYSGOOD | PTRACE_O_TRACEFORK | 162 PTRACE_O_TRACEVFORK | PTRACE_O_TRACECLONE | 163 PTRACE_O_TRACEEXEC; 164 if (ptrace(PTRACE_SETOPTIONS, pid, 0, options) < 0 && 165 ptrace(PTRACE_OLDSETOPTIONS, pid, 0, options) < 0) { 166 perror("PTRACE_SETOPTIONS"); 167 return; 168 } 169 proc->tracesysgood |= 0x80; 170} 171 172void 173untrace_pid(pid_t pid) { 174 debug(DEBUG_PROCESS, "untrace_pid: pid=%d", pid); 175 ptrace(PTRACE_DETACH, pid, 1, 0); 176} 177 178void 179continue_after_signal(pid_t pid, int signum) { 180 debug(DEBUG_PROCESS, "continue_after_signal: pid=%d, signum=%d", pid, signum); 181 ptrace(PTRACE_SYSCALL, pid, 0, signum); 182} 183 184static enum ecb_status 185event_for_pid(Event * event, void * data) 186{ 187 if (event->proc != NULL && event->proc->pid == (pid_t)(uintptr_t)data) 188 return ecb_yield; 189 return ecb_cont; 190} 191 192static int 193have_events_for(pid_t pid) 194{ 195 return each_qd_event(event_for_pid, (void *)(uintptr_t)pid) != NULL; 196} 197 198void 199continue_process(pid_t pid) 200{ 201 debug(DEBUG_PROCESS, "continue_process: pid=%d", pid); 202 203 /* Only really continue the process if there are no events in 204 the queue for this process. Otherwise just wait for the 205 other events to arrive. */ 206 if (!have_events_for(pid)) 207 /* We always trace syscalls to control fork(), 208 * clone(), execve()... */ 209 ptrace(PTRACE_SYSCALL, pid, 0, 0); 210 else 211 debug(DEBUG_PROCESS, 212 "putting off the continue, events in que."); 213} 214 215/** 216 * This is used for bookkeeping related to PIDs that the event 217 * handlers work with. 218 */ 219struct pid_task { 220 pid_t pid; /* This may be 0 for tasks that exited 221 * mid-handling. */ 222 int sigstopped : 1; 223 int got_event : 1; 224 int delivered : 1; 225 int vforked : 1; 226 int sysret : 1; 227} * pids; 228 229struct pid_set { 230 struct pid_task * tasks; 231 size_t count; 232 size_t alloc; 233}; 234 235/** 236 * Breakpoint re-enablement. When we hit a breakpoint, we must 237 * disable it, single-step, and re-enable it. That single-step can be 238 * done only by one task in a task group, while others are stopped, 239 * otherwise the processes would race for who sees the breakpoint 240 * disabled and who doesn't. The following is to keep track of it 241 * all. 242 */ 243struct process_stopping_handler 244{ 245 Event_Handler super; 246 247 /* The task that is doing the re-enablement. */ 248 Process * task_enabling_breakpoint; 249 250 /* The pointer being re-enabled. */ 251 Breakpoint * breakpoint_being_enabled; 252 253 /* Artificial atomic skip breakpoint, if any needed. */ 254 void *atomic_skip_bp_addr; 255 256 enum { 257 /* We are waiting for everyone to land in t/T. */ 258 psh_stopping = 0, 259 260 /* We are doing the PTRACE_SINGLESTEP. */ 261 psh_singlestep, 262 263 /* We are waiting for all the SIGSTOPs to arrive so 264 * that we can sink them. */ 265 psh_sinking, 266 267 /* This is for tracking the ugly workaround. */ 268 psh_ugly_workaround, 269 } state; 270 271 int exiting; 272 273 struct pid_set pids; 274}; 275 276static struct pid_task * 277get_task_info(struct pid_set * pids, pid_t pid) 278{ 279 assert(pid != 0); 280 size_t i; 281 for (i = 0; i < pids->count; ++i) 282 if (pids->tasks[i].pid == pid) 283 return &pids->tasks[i]; 284 285 return NULL; 286} 287 288static struct pid_task * 289add_task_info(struct pid_set * pids, pid_t pid) 290{ 291 if (pids->count == pids->alloc) { 292 size_t ns = (2 * pids->alloc) ?: 4; 293 struct pid_task * n = realloc(pids->tasks, 294 sizeof(*pids->tasks) * ns); 295 if (n == NULL) 296 return NULL; 297 pids->tasks = n; 298 pids->alloc = ns; 299 } 300 struct pid_task * task_info = &pids->tasks[pids->count++]; 301 memset(task_info, 0, sizeof(*task_info)); 302 task_info->pid = pid; 303 return task_info; 304} 305 306static enum pcb_status 307task_stopped(Process * task, void * data) 308{ 309 enum process_status st = process_status(task->pid); 310 if (data != NULL) 311 *(enum process_status *)data = st; 312 313 /* If the task is already stopped, don't worry about it. 314 * Likewise if it managed to become a zombie or terminate in 315 * the meantime. This can happen when the whole thread group 316 * is terminating. */ 317 switch (st) { 318 case ps_invalid: 319 case ps_tracing_stop: 320 case ps_zombie: 321 return pcb_cont; 322 case ps_sleeping: 323 case ps_stop: 324 case ps_other: 325 return pcb_stop; 326 } 327 328 abort (); 329} 330 331/* Task is blocked if it's stopped, or if it's a vfork parent. */ 332static enum pcb_status 333task_blocked(Process * task, void * data) 334{ 335 struct pid_set * pids = data; 336 struct pid_task * task_info = get_task_info(pids, task->pid); 337 if (task_info != NULL 338 && task_info->vforked) 339 return pcb_cont; 340 341 return task_stopped(task, NULL); 342} 343 344static Event * process_vfork_on_event(Event_Handler * super, Event * event); 345 346static enum pcb_status 347task_vforked(Process * task, void * data) 348{ 349 if (task->event_handler != NULL 350 && task->event_handler->on_event == &process_vfork_on_event) 351 return pcb_stop; 352 return pcb_cont; 353} 354 355static int 356is_vfork_parent(Process * task) 357{ 358 return each_task(task->leader, &task_vforked, NULL) != NULL; 359} 360 361static enum pcb_status 362send_sigstop(Process * task, void * data) 363{ 364 Process * leader = task->leader; 365 struct pid_set * pids = data; 366 367 /* Look for pre-existing task record, or add new. */ 368 struct pid_task * task_info = get_task_info(pids, task->pid); 369 if (task_info == NULL) 370 task_info = add_task_info(pids, task->pid); 371 if (task_info == NULL) { 372 perror("send_sigstop: add_task_info"); 373 destroy_event_handler(leader); 374 /* Signal failure upwards. */ 375 return pcb_stop; 376 } 377 378 /* This task still has not been attached to. It should be 379 stopped by the kernel. */ 380 if (task->state == STATE_BEING_CREATED) 381 return pcb_cont; 382 383 /* Don't bother sending SIGSTOP if we are already stopped, or 384 * if we sent the SIGSTOP already, which happens when we are 385 * handling "onexit" and inherited the handler from breakpoint 386 * re-enablement. */ 387 enum process_status st; 388 if (task_stopped(task, &st) == pcb_cont) 389 return pcb_cont; 390 if (task_info->sigstopped) { 391 if (!task_info->delivered) 392 return pcb_cont; 393 task_info->delivered = 0; 394 } 395 396 /* Also don't attempt to stop the process if it's a parent of 397 * vforked process. We set up event handler specially to hint 398 * us. In that case parent is in D state, which we use to 399 * weed out unnecessary looping. */ 400 if (st == ps_sleeping 401 && is_vfork_parent (task)) { 402 task_info->vforked = 1; 403 return pcb_cont; 404 } 405 406 if (task_kill(task->pid, SIGSTOP) >= 0) { 407 debug(DEBUG_PROCESS, "send SIGSTOP to %d", task->pid); 408 task_info->sigstopped = 1; 409 } else 410 fprintf(stderr, 411 "Warning: couldn't send SIGSTOP to %d\n", task->pid); 412 413 return pcb_cont; 414} 415 416/* On certain kernels, detaching right after a singlestep causes the 417 tracee to be killed with a SIGTRAP (that even though the singlestep 418 was properly caught by waitpid. The ugly workaround is to put a 419 breakpoint where IP points and let the process continue. After 420 this the breakpoint can be retracted and the process detached. */ 421static void 422ugly_workaround(Process * proc) 423{ 424 void * ip = get_instruction_pointer(proc); 425 Breakpoint * sbp = dict_find_entry(proc->leader->breakpoints, ip); 426 if (sbp != NULL) 427 enable_breakpoint(proc, sbp); 428 else 429 insert_breakpoint(proc, ip, NULL, 1); 430 ptrace(PTRACE_CONT, proc->pid, 0, 0); 431} 432 433static void 434process_stopping_done(struct process_stopping_handler * self, Process * leader) 435{ 436 debug(DEBUG_PROCESS, "process stopping done %d", 437 self->task_enabling_breakpoint->pid); 438 size_t i; 439 if (!self->exiting) { 440 for (i = 0; i < self->pids.count; ++i) 441 if (self->pids.tasks[i].pid != 0 442 && (self->pids.tasks[i].delivered 443 || self->pids.tasks[i].sysret)) 444 continue_process(self->pids.tasks[i].pid); 445 continue_process(self->task_enabling_breakpoint->pid); 446 destroy_event_handler(leader); 447 } else { 448 self->state = psh_ugly_workaround; 449 ugly_workaround(self->task_enabling_breakpoint); 450 } 451} 452 453/* Before we detach, we need to make sure that task's IP is on the 454 * edge of an instruction. So for tasks that have a breakpoint event 455 * in the queue, we adjust the instruction pointer, just like 456 * continue_after_breakpoint does. */ 457static enum ecb_status 458undo_breakpoint(Event * event, void * data) 459{ 460 if (event != NULL 461 && event->proc->leader == data 462 && event->type == EVENT_BREAKPOINT) 463 set_instruction_pointer(event->proc, event->e_un.brk_addr); 464 return ecb_cont; 465} 466 467static enum pcb_status 468untrace_task(Process * task, void * data) 469{ 470 if (task != data) 471 untrace_pid(task->pid); 472 return pcb_cont; 473} 474 475static enum pcb_status 476remove_task(Process * task, void * data) 477{ 478 /* Don't untrace leader just yet. */ 479 if (task != data) 480 remove_process(task); 481 return pcb_cont; 482} 483 484static void 485detach_process(Process * leader) 486{ 487 each_qd_event(&undo_breakpoint, leader); 488 disable_all_breakpoints(leader); 489 490 /* Now untrace the process, if it was attached to by -p. */ 491 struct opt_p_t * it; 492 for (it = opt_p; it != NULL; it = it->next) { 493 Process * proc = pid2proc(it->pid); 494 if (proc == NULL) 495 continue; 496 if (proc->leader == leader) { 497 each_task(leader, &untrace_task, NULL); 498 break; 499 } 500 } 501 each_task(leader, &remove_task, leader); 502 destroy_event_handler(leader); 503 remove_task(leader, NULL); 504} 505 506static void 507handle_stopping_event(struct pid_task * task_info, Event ** eventp) 508{ 509 /* Mark all events, so that we know whom to SIGCONT later. */ 510 if (task_info != NULL) 511 task_info->got_event = 1; 512 513 Event * event = *eventp; 514 515 /* In every state, sink SIGSTOP events for tasks that it was 516 * sent to. */ 517 if (task_info != NULL 518 && event->type == EVENT_SIGNAL 519 && event->e_un.signum == SIGSTOP) { 520 debug(DEBUG_PROCESS, "SIGSTOP delivered to %d", task_info->pid); 521 if (task_info->sigstopped 522 && !task_info->delivered) { 523 task_info->delivered = 1; 524 *eventp = NULL; // sink the event 525 } else 526 fprintf(stderr, "suspicious: %d got SIGSTOP, but " 527 "sigstopped=%d and delivered=%d\n", 528 task_info->pid, task_info->sigstopped, 529 task_info->delivered); 530 } 531} 532 533/* Some SIGSTOPs may have not been delivered to their respective tasks 534 * yet. They are still in the queue. If we have seen an event for 535 * that process, continue it, so that the SIGSTOP can be delivered and 536 * caught by ltrace. We don't mind that the process is after 537 * breakpoint (and therefore potentially doesn't have aligned IP), 538 * because the signal will be delivered without the process actually 539 * starting. */ 540static void 541continue_for_sigstop_delivery(struct pid_set * pids) 542{ 543 size_t i; 544 for (i = 0; i < pids->count; ++i) { 545 if (pids->tasks[i].pid != 0 546 && pids->tasks[i].sigstopped 547 && !pids->tasks[i].delivered 548 && pids->tasks[i].got_event) { 549 debug(DEBUG_PROCESS, "continue %d for SIGSTOP delivery", 550 pids->tasks[i].pid); 551 ptrace(PTRACE_SYSCALL, pids->tasks[i].pid, 0, 0); 552 } 553 } 554} 555 556static int 557event_exit_p(Event * event) 558{ 559 return event != NULL && (event->type == EVENT_EXIT 560 || event->type == EVENT_EXIT_SIGNAL); 561} 562 563static int 564event_exit_or_none_p(Event * event) 565{ 566 return event == NULL || event_exit_p(event) 567 || event->type == EVENT_NONE; 568} 569 570static int 571await_sigstop_delivery(struct pid_set * pids, struct pid_task * task_info, 572 Event * event) 573{ 574 /* If we still didn't get our SIGSTOP, continue the process 575 * and carry on. */ 576 if (event != NULL && !event_exit_or_none_p(event) 577 && task_info != NULL && task_info->sigstopped) { 578 debug(DEBUG_PROCESS, "continue %d for SIGSTOP delivery", 579 task_info->pid); 580 /* We should get the signal the first thing 581 * after this, so it should be OK to continue 582 * even if we are over a breakpoint. */ 583 ptrace(PTRACE_SYSCALL, task_info->pid, 0, 0); 584 585 } else { 586 /* If all SIGSTOPs were delivered, uninstall the 587 * handler and continue everyone. */ 588 /* XXX I suspect that we should check tasks that are 589 * still around. Is things are now, there should be a 590 * race between waiting for everyone to stop and one 591 * of the tasks exiting. */ 592 int all_clear = 1; 593 size_t i; 594 for (i = 0; i < pids->count; ++i) 595 if (pids->tasks[i].pid != 0 596 && pids->tasks[i].sigstopped 597 && !pids->tasks[i].delivered) { 598 all_clear = 0; 599 break; 600 } 601 return all_clear; 602 } 603 604 return 0; 605} 606 607static int 608all_stops_accountable(struct pid_set * pids) 609{ 610 size_t i; 611 for (i = 0; i < pids->count; ++i) 612 if (pids->tasks[i].pid != 0 613 && !pids->tasks[i].got_event 614 && !have_events_for(pids->tasks[i].pid)) 615 return 0; 616 return 1; 617} 618 619/* The protocol is: 0 for success, negative for failure, positive if 620 * default singlestep is to be used. */ 621int arch_atomic_singlestep(struct Process *proc, Breakpoint *sbp, 622 int (*add_cb)(void *addr, void *data), 623 void *add_cb_data); 624 625#ifndef ARCH_HAVE_ATOMIC_SINGLESTEP 626int 627arch_atomic_singlestep(struct Process *proc, Breakpoint *sbp, 628 int (*add_cb)(void *addr, void *data), 629 void *add_cb_data) 630{ 631 return 1; 632} 633#endif 634 635static int 636atomic_singlestep_add_bp(void *addr, void *data) 637{ 638 struct process_stopping_handler *self = data; 639 struct Process *proc = self->task_enabling_breakpoint; 640 641 /* Only support single address as of now. */ 642 assert(self->atomic_skip_bp_addr == NULL); 643 644 self->atomic_skip_bp_addr = addr + 4; 645 insert_breakpoint(proc->leader, self->atomic_skip_bp_addr, NULL, 1); 646 647 return 0; 648} 649 650static int 651singlestep(struct process_stopping_handler *self) 652{ 653 struct Process *proc = self->task_enabling_breakpoint; 654 655 int status = arch_atomic_singlestep(self->task_enabling_breakpoint, 656 self->breakpoint_being_enabled, 657 &atomic_singlestep_add_bp, self); 658 659 /* Propagate failure and success. */ 660 if (status <= 0) 661 return status; 662 663 /* Otherwise do the default action: singlestep. */ 664 debug(1, "PTRACE_SINGLESTEP"); 665 if (ptrace(PTRACE_SINGLESTEP, proc->pid, 0, 0)) { 666 perror("PTRACE_SINGLESTEP"); 667 return -1; 668 } 669 return 0; 670} 671 672static void 673post_singlestep(struct process_stopping_handler *self, Event **eventp) 674{ 675 continue_for_sigstop_delivery(&self->pids); 676 677 if ((*eventp)->type == EVENT_BREAKPOINT) 678 *eventp = NULL; // handled 679 680 if (self->atomic_skip_bp_addr != 0) 681 delete_breakpoint(self->task_enabling_breakpoint->leader, 682 self->atomic_skip_bp_addr); 683 684 self->breakpoint_being_enabled = NULL; 685} 686 687static void 688singlestep_error(struct process_stopping_handler *self, Event **eventp) 689{ 690 struct Process *teb = self->task_enabling_breakpoint; 691 Breakpoint *sbp = self->breakpoint_being_enabled; 692 fprintf(stderr, "%d couldn't singlestep over %s (%p)\n", 693 teb->pid, sbp->libsym != NULL ? sbp->libsym->name : NULL, 694 sbp->addr); 695 delete_breakpoint(teb->leader, sbp->addr); 696 post_singlestep(self, eventp); 697} 698 699/* This event handler is installed when we are in the process of 700 * stopping the whole thread group to do the pointer re-enablement for 701 * one of the threads. We pump all events to the queue for later 702 * processing while we wait for all the threads to stop. When this 703 * happens, we let the re-enablement thread to PTRACE_SINGLESTEP, 704 * re-enable, and continue everyone. */ 705static Event * 706process_stopping_on_event(Event_Handler * super, Event * event) 707{ 708 struct process_stopping_handler * self = (void *)super; 709 Process * task = event->proc; 710 Process * leader = task->leader; 711 Breakpoint * sbp = self->breakpoint_being_enabled; 712 Process * teb = self->task_enabling_breakpoint; 713 714 debug(DEBUG_PROCESS, 715 "pid %d; event type %d; state %d", 716 task->pid, event->type, self->state); 717 718 struct pid_task * task_info = get_task_info(&self->pids, task->pid); 719 if (task_info == NULL) 720 fprintf(stderr, "new task??? %d\n", task->pid); 721 handle_stopping_event(task_info, &event); 722 723 int state = self->state; 724 int event_to_queue = !event_exit_or_none_p(event); 725 726 /* Deactivate the entry if the task exits. */ 727 if (event_exit_p(event) && task_info != NULL) 728 task_info->pid = 0; 729 730 /* Always handle sysrets. Whether sysret occurred and what 731 * sys it rets from may need to be determined based on process 732 * stack, so we need to keep that in sync with reality. Note 733 * that we don't continue the process after the sysret is 734 * handled. See continue_after_syscall. */ 735 if (event != NULL && event->type == EVENT_SYSRET) { 736 debug(1, "%d LT_EV_SYSRET", event->proc->pid); 737 event_to_queue = 0; 738 task_info->sysret = 1; 739 } 740 741 switch (state) { 742 case psh_stopping: 743 /* If everyone is stopped, singlestep. */ 744 if (each_task(leader, &task_blocked, &self->pids) == NULL) { 745 debug(DEBUG_PROCESS, "all stopped, now SINGLESTEP %d", 746 teb->pid); 747 if (sbp->enabled) 748 disable_breakpoint(teb, sbp); 749 if (singlestep(self) < 0) { 750 singlestep_error(self, &event); 751 goto psh_sinking; 752 } 753 754 self->state = state = psh_singlestep; 755 } 756 break; 757 758 case psh_singlestep: 759 /* In singlestep state, breakpoint signifies that we 760 * have now stepped, and can re-enable the breakpoint. */ 761 if (event != NULL && task == teb) { 762 763 /* This is not the singlestep that we are waiting for. */ 764 if (event->type == EVENT_SIGNAL) { 765 if (singlestep(self) < 0) { 766 singlestep_error(self, &event); 767 goto psh_sinking; 768 } 769 break; 770 } 771 772 /* Essentially we don't care what event caused 773 * the thread to stop. We can do the 774 * re-enablement now. */ 775 if (sbp->enabled) 776 enable_breakpoint(teb, sbp); 777 778 post_singlestep(self, &event); 779 goto psh_sinking; 780 } 781 break; 782 783 psh_sinking: 784 state = self->state = psh_sinking; 785 case psh_sinking: 786 if (await_sigstop_delivery(&self->pids, task_info, event)) 787 process_stopping_done(self, leader); 788 break; 789 790 case psh_ugly_workaround: 791 if (event == NULL) 792 break; 793 if (event->type == EVENT_BREAKPOINT) { 794 undo_breakpoint(event, leader); 795 if (task == teb) 796 self->task_enabling_breakpoint = NULL; 797 } 798 if (self->task_enabling_breakpoint == NULL 799 && all_stops_accountable(&self->pids)) { 800 undo_breakpoint(event, leader); 801 detach_process(leader); 802 event = NULL; // handled 803 } 804 } 805 806 if (event != NULL && event_to_queue) { 807 enque_event(event); 808 event = NULL; // sink the event 809 } 810 811 return event; 812} 813 814static void 815process_stopping_destroy(Event_Handler * super) 816{ 817 struct process_stopping_handler * self = (void *)super; 818 free(self->pids.tasks); 819} 820 821void 822continue_after_breakpoint(Process *proc, Breakpoint *sbp) 823{ 824 set_instruction_pointer(proc, sbp->addr); 825 if (sbp->enabled == 0) { 826 continue_process(proc->pid); 827 } else { 828 debug(DEBUG_PROCESS, 829 "continue_after_breakpoint: pid=%d, addr=%p", 830 proc->pid, sbp->addr); 831#if defined __sparc__ || defined __ia64___ || defined __mips__ 832 /* we don't want to singlestep here */ 833 continue_process(proc->pid); 834#else 835 struct process_stopping_handler * handler 836 = calloc(sizeof(*handler), 1); 837 if (handler == NULL) { 838 perror("malloc breakpoint disable handler"); 839 fatal: 840 /* Carry on not bothering to re-enable. */ 841 continue_process(proc->pid); 842 return; 843 } 844 845 handler->super.on_event = process_stopping_on_event; 846 handler->super.destroy = process_stopping_destroy; 847 handler->task_enabling_breakpoint = proc; 848 handler->breakpoint_being_enabled = sbp; 849 install_event_handler(proc->leader, &handler->super); 850 851 if (each_task(proc->leader, &send_sigstop, 852 &handler->pids) != NULL) 853 goto fatal; 854 855 /* And deliver the first fake event, in case all the 856 * conditions are already fulfilled. */ 857 Event ev; 858 ev.type = EVENT_NONE; 859 ev.proc = proc; 860 process_stopping_on_event(&handler->super, &ev); 861#endif 862 } 863} 864 865/** 866 * Ltrace exit. When we are about to exit, we have to go through all 867 * the processes, stop them all, remove all the breakpoints, and then 868 * detach the processes that we attached to using -p. If we left the 869 * other tasks running, they might hit stray return breakpoints and 870 * produce artifacts, so we better stop everyone, even if it's a bit 871 * of extra work. 872 */ 873struct ltrace_exiting_handler 874{ 875 Event_Handler super; 876 struct pid_set pids; 877}; 878 879static Event * 880ltrace_exiting_on_event(Event_Handler * super, Event * event) 881{ 882 struct ltrace_exiting_handler * self = (void *)super; 883 Process * task = event->proc; 884 Process * leader = task->leader; 885 886 debug(DEBUG_PROCESS, "pid %d; event type %d", task->pid, event->type); 887 888 struct pid_task * task_info = get_task_info(&self->pids, task->pid); 889 handle_stopping_event(task_info, &event); 890 891 if (event != NULL && event->type == EVENT_BREAKPOINT) 892 undo_breakpoint(event, leader); 893 894 if (await_sigstop_delivery(&self->pids, task_info, event) 895 && all_stops_accountable(&self->pids)) 896 detach_process(leader); 897 898 /* Sink all non-exit events. We are about to exit, so we 899 * don't bother with queuing them. */ 900 if (event_exit_or_none_p(event)) 901 return event; 902 903 return NULL; 904} 905 906static void 907ltrace_exiting_destroy(Event_Handler * super) 908{ 909 struct ltrace_exiting_handler * self = (void *)super; 910 free(self->pids.tasks); 911} 912 913static int 914ltrace_exiting_install_handler(Process * proc) 915{ 916 /* Only install to leader. */ 917 if (proc->leader != proc) 918 return 0; 919 920 /* Perhaps we are already installed, if the user passed 921 * several -p options that are tasks of one process. */ 922 if (proc->event_handler != NULL 923 && proc->event_handler->on_event == <race_exiting_on_event) 924 return 0; 925 926 /* If stopping handler is already present, let it do the 927 * work. */ 928 if (proc->event_handler != NULL) { 929 assert(proc->event_handler->on_event 930 == &process_stopping_on_event); 931 struct process_stopping_handler * other 932 = (void *)proc->event_handler; 933 other->exiting = 1; 934 return 0; 935 } 936 937 struct ltrace_exiting_handler * handler 938 = calloc(sizeof(*handler), 1); 939 if (handler == NULL) { 940 perror("malloc exiting handler"); 941 fatal: 942 /* XXXXXXXXXXXXXXXXXXX fixme */ 943 return -1; 944 } 945 946 handler->super.on_event = ltrace_exiting_on_event; 947 handler->super.destroy = ltrace_exiting_destroy; 948 install_event_handler(proc->leader, &handler->super); 949 950 if (each_task(proc->leader, &send_sigstop, 951 &handler->pids) != NULL) 952 goto fatal; 953 954 return 0; 955} 956 957/* 958 * When the traced process vforks, it's suspended until the child 959 * process calls _exit or exec*. In the meantime, the two share the 960 * address space. 961 * 962 * The child process should only ever call _exit or exec*, but we 963 * can't count on that (it's not the role of ltrace to policy, but to 964 * observe). In any case, we will _at least_ have to deal with 965 * removal of vfork return breakpoint (which we have to smuggle back 966 * in, so that the parent can see it, too), and introduction of exec* 967 * return breakpoint. Since we already have both breakpoint actions 968 * to deal with, we might as well support it all. 969 * 970 * The gist is that we pretend that the child is in a thread group 971 * with its parent, and handle it as a multi-threaded case, with the 972 * exception that we know that the parent is blocked, and don't 973 * attempt to stop it. When the child execs, we undo the setup. 974 */ 975 976struct process_vfork_handler 977{ 978 Event_Handler super; 979 void * bp_addr; 980}; 981 982static Event * 983process_vfork_on_event(Event_Handler * super, Event * event) 984{ 985 struct process_vfork_handler * self = (void *)super; 986 Breakpoint * sbp; 987 assert(self != NULL); 988 989 switch (event->type) { 990 case EVENT_BREAKPOINT: 991 /* Remember the vfork return breakpoint. */ 992 if (self->bp_addr == NULL) 993 self->bp_addr = event->e_un.brk_addr; 994 break; 995 996 case EVENT_EXIT: 997 case EVENT_EXIT_SIGNAL: 998 case EVENT_EXEC: 999 /* Smuggle back in the vfork return breakpoint, so 1000 * that our parent can trip over it once again. */ 1001 if (self->bp_addr != NULL) { 1002 sbp = dict_find_entry(event->proc->leader->breakpoints, 1003 self->bp_addr); 1004 if (sbp != NULL) 1005 insert_breakpoint(event->proc->parent, 1006 self->bp_addr, 1007 sbp->libsym, 1); 1008 } 1009 1010 continue_process(event->proc->parent->pid); 1011 1012 /* Remove the leader that we artificially set up 1013 * earlier. */ 1014 change_process_leader(event->proc, event->proc); 1015 destroy_event_handler(event->proc); 1016 1017 default: 1018 ; 1019 } 1020 1021 return event; 1022} 1023 1024void 1025continue_after_vfork(Process * proc) 1026{ 1027 debug(DEBUG_PROCESS, "continue_after_vfork: pid=%d", proc->pid); 1028 struct process_vfork_handler * handler = calloc(sizeof(*handler), 1); 1029 if (handler == NULL) { 1030 perror("malloc vfork handler"); 1031 /* Carry on not bothering to treat the process as 1032 * necessary. */ 1033 continue_process(proc->parent->pid); 1034 return; 1035 } 1036 1037 /* We must set up custom event handler, so that we see 1038 * exec/exit events for the task itself. */ 1039 handler->super.on_event = process_vfork_on_event; 1040 install_event_handler(proc, &handler->super); 1041 1042 /* Make sure that the child is sole thread. */ 1043 assert(proc->leader == proc); 1044 assert(proc->next == NULL || proc->next->leader != proc); 1045 1046 /* Make sure that the child's parent is properly set up. */ 1047 assert(proc->parent != NULL); 1048 assert(proc->parent->leader != NULL); 1049 1050 change_process_leader(proc, proc->parent->leader); 1051} 1052 1053static int 1054is_mid_stopping(Process *proc) 1055{ 1056 return proc != NULL 1057 && proc->event_handler != NULL 1058 && proc->event_handler->on_event == &process_stopping_on_event; 1059} 1060 1061void 1062continue_after_syscall(Process * proc, int sysnum, int ret_p) 1063{ 1064 /* Don't continue if we are mid-stopping. */ 1065 if (ret_p && (is_mid_stopping(proc) || is_mid_stopping(proc->leader))) { 1066 debug(DEBUG_PROCESS, 1067 "continue_after_syscall: don't continue %d", 1068 proc->pid); 1069 return; 1070 } 1071 continue_process(proc->pid); 1072} 1073 1074/* If ltrace gets SIGINT, the processes directly or indirectly run by 1075 * ltrace get it too. We just have to wait long enough for the signal 1076 * to be delivered and the process terminated, which we notice and 1077 * exit ltrace, too. So there's not much we need to do there. We 1078 * want to keep tracing those processes as usual, in case they just 1079 * SIG_IGN the SIGINT to do their shutdown etc. 1080 * 1081 * For processes ran on the background, we want to install an exit 1082 * handler that stops all the threads, removes all breakpoints, and 1083 * detaches. 1084 */ 1085void 1086os_ltrace_exiting(void) 1087{ 1088 struct opt_p_t * it; 1089 for (it = opt_p; it != NULL; it = it->next) { 1090 Process * proc = pid2proc(it->pid); 1091 if (proc == NULL || proc->leader == NULL) 1092 continue; 1093 if (ltrace_exiting_install_handler(proc->leader) < 0) 1094 fprintf(stderr, 1095 "Couldn't install exiting handler for %d.\n", 1096 proc->pid); 1097 } 1098} 1099 1100int 1101os_ltrace_exiting_sighandler(void) 1102{ 1103 extern int linux_in_waitpid; 1104 if (linux_in_waitpid) { 1105 os_ltrace_exiting(); 1106 return 1; 1107 } 1108 return 0; 1109} 1110 1111size_t 1112umovebytes(Process *proc, void *addr, void *laddr, size_t len) { 1113 1114 union { 1115 long a; 1116 char c[sizeof(long)]; 1117 } a; 1118 int started = 0; 1119 size_t offset = 0, bytes_read = 0; 1120 1121 while (offset < len) { 1122 a.a = ptrace(PTRACE_PEEKTEXT, proc->pid, addr + offset, 0); 1123 if (a.a == -1 && errno) { 1124 if (started && errno == EIO) 1125 return bytes_read; 1126 else 1127 return -1; 1128 } 1129 started = 1; 1130 1131 if (len - offset >= sizeof(long)) { 1132 memcpy(laddr + offset, &a.c[0], sizeof(long)); 1133 bytes_read += sizeof(long); 1134 } 1135 else { 1136 memcpy(laddr + offset, &a.c[0], len - offset); 1137 bytes_read += (len - offset); 1138 } 1139 offset += sizeof(long); 1140 } 1141 1142 return bytes_read; 1143} 1144 1145/* Read a series of bytes starting at the process's memory address 1146 'addr' and continuing until a NUL ('\0') is seen or 'len' bytes 1147 have been read. 1148*/ 1149int 1150umovestr(Process *proc, void *addr, int len, void *laddr) { 1151 union { 1152 long a; 1153 char c[sizeof(long)]; 1154 } a; 1155 unsigned i; 1156 int offset = 0; 1157 1158 while (offset < len) { 1159 a.a = ptrace(PTRACE_PEEKTEXT, proc->pid, addr + offset, 0); 1160 for (i = 0; i < sizeof(long); i++) { 1161 if (a.c[i] && offset + (signed)i < len) { 1162 *(char *)(laddr + offset + i) = a.c[i]; 1163 } else { 1164 *(char *)(laddr + offset + i) = '\0'; 1165 return 0; 1166 } 1167 } 1168 offset += sizeof(long); 1169 } 1170 *(char *)(laddr + offset) = '\0'; 1171 return 0; 1172} 1173