trace.c revision c897cb796dc4a7d256cbfbf0137ef7cdff9e8ece
1#include "config.h" 2 3#include <asm/unistd.h> 4#include <sys/types.h> 5#include <sys/wait.h> 6#include <assert.h> 7#include <errno.h> 8#include <stdio.h> 9#include <stdlib.h> 10#include <string.h> 11#include <unistd.h> 12 13#ifdef HAVE_LIBSELINUX 14# include <selinux/selinux.h> 15#endif 16 17#include "ptrace.h" 18#include "common.h" 19#include "breakpoint.h" 20#include "proc.h" 21#include "linux-gnu/trace.h" 22 23/* If the system headers did not provide the constants, hard-code the normal 24 values. */ 25#ifndef PTRACE_EVENT_FORK 26 27#define PTRACE_OLDSETOPTIONS 21 28#define PTRACE_SETOPTIONS 0x4200 29#define PTRACE_GETEVENTMSG 0x4201 30 31/* options set using PTRACE_SETOPTIONS */ 32#define PTRACE_O_TRACESYSGOOD 0x00000001 33#define PTRACE_O_TRACEFORK 0x00000002 34#define PTRACE_O_TRACEVFORK 0x00000004 35#define PTRACE_O_TRACECLONE 0x00000008 36#define PTRACE_O_TRACEEXEC 0x00000010 37#define PTRACE_O_TRACEVFORKDONE 0x00000020 38#define PTRACE_O_TRACEEXIT 0x00000040 39 40/* Wait extended result codes for the above trace options. */ 41#define PTRACE_EVENT_FORK 1 42#define PTRACE_EVENT_VFORK 2 43#define PTRACE_EVENT_CLONE 3 44#define PTRACE_EVENT_EXEC 4 45#define PTRACE_EVENT_VFORK_DONE 5 46#define PTRACE_EVENT_EXIT 6 47 48#endif /* PTRACE_EVENT_FORK */ 49 50#ifdef ARCH_HAVE_UMOVELONG 51extern int arch_umovelong (Process *, void *, long *, arg_type_info *); 52int 53umovelong (Process *proc, void *addr, long *result, arg_type_info *info) { 54 return arch_umovelong (proc, addr, result, info); 55} 56#else 57/* Read a single long from the process's memory address 'addr' */ 58int 59umovelong (Process *proc, void *addr, long *result, arg_type_info *info) { 60 long pointed_to; 61 62 errno = 0; 63 pointed_to = ptrace (PTRACE_PEEKTEXT, proc->pid, addr, 0); 64 if (pointed_to == -1 && errno) 65 return -errno; 66 67 *result = pointed_to; 68 if (info) { 69 switch(info->type) { 70 case ARGTYPE_INT: 71 *result &= 0x00000000ffffffffUL; 72 default: 73 break; 74 }; 75 } 76 return 0; 77} 78#endif 79 80void 81trace_fail_warning(pid_t pid) 82{ 83 /* This was adapted from GDB. */ 84#ifdef HAVE_LIBSELINUX 85 static int checked = 0; 86 if (checked) 87 return; 88 checked = 1; 89 90 /* -1 is returned for errors, 0 if it has no effect, 1 if 91 * PTRACE_ATTACH is forbidden. */ 92 if (security_get_boolean_active("deny_ptrace") == 1) 93 fprintf(stderr, 94"The SELinux boolean 'deny_ptrace' is enabled, which may prevent ltrace from\n" 95"tracing other processes. You can disable this process attach protection by\n" 96"issuing 'setsebool deny_ptrace=0' in the superuser context.\n"); 97#endif /* HAVE_LIBSELINUX */ 98} 99 100void 101trace_me(void) 102{ 103 debug(DEBUG_PROCESS, "trace_me: pid=%d", getpid()); 104 if (ptrace(PTRACE_TRACEME, 0, 0, 0) < 0) { 105 perror("PTRACE_TRACEME"); 106 trace_fail_warning(getpid()); 107 exit(1); 108 } 109} 110 111/* There's a (hopefully) brief period of time after the child process 112 * forks when we can't trace it yet. Here we wait for kernel to 113 * prepare the process. */ 114int 115wait_for_proc(pid_t pid) 116{ 117 /* man ptrace: PTRACE_ATTACH attaches to the process specified 118 in pid. The child is sent a SIGSTOP, but will not 119 necessarily have stopped by the completion of this call; 120 use wait() to wait for the child to stop. */ 121 if (waitpid(pid, NULL, __WALL) != pid) { 122 perror ("trace_pid: waitpid"); 123 return -1; 124 } 125 126 return 0; 127} 128 129int 130trace_pid(pid_t pid) 131{ 132 debug(DEBUG_PROCESS, "trace_pid: pid=%d", pid); 133 /* This shouldn't emit error messages, as there are legitimate 134 * reasons that the PID can't be attached: like it may have 135 * already ended. */ 136 if (ptrace(PTRACE_ATTACH, pid, 0, 0) < 0) 137 return -1; 138 139 return wait_for_proc(pid); 140} 141 142void 143trace_set_options(struct Process *proc) 144{ 145 if (proc->tracesysgood & 0x80) 146 return; 147 148 pid_t pid = proc->pid; 149 debug(DEBUG_PROCESS, "trace_set_options: pid=%d", pid); 150 151 long options = PTRACE_O_TRACESYSGOOD | PTRACE_O_TRACEFORK | 152 PTRACE_O_TRACEVFORK | PTRACE_O_TRACECLONE | 153 PTRACE_O_TRACEEXEC; 154 if (ptrace(PTRACE_SETOPTIONS, pid, 0, (void *)options) < 0 && 155 ptrace(PTRACE_OLDSETOPTIONS, pid, 0, (void *)options) < 0) { 156 perror("PTRACE_SETOPTIONS"); 157 return; 158 } 159 proc->tracesysgood |= 0x80; 160} 161 162void 163untrace_pid(pid_t pid) { 164 debug(DEBUG_PROCESS, "untrace_pid: pid=%d", pid); 165 ptrace(PTRACE_DETACH, pid, 0, 0); 166} 167 168void 169continue_after_signal(pid_t pid, int signum) 170{ 171 debug(DEBUG_PROCESS, "continue_after_signal: pid=%d, signum=%d", 172 pid, signum); 173 ptrace(PTRACE_SYSCALL, pid, 0, (void *)(uintptr_t)signum); 174} 175 176static enum ecb_status 177event_for_pid(Event * event, void * data) 178{ 179 if (event->proc != NULL && event->proc->pid == (pid_t)(uintptr_t)data) 180 return ecb_yield; 181 return ecb_cont; 182} 183 184static int 185have_events_for(pid_t pid) 186{ 187 return each_qd_event(event_for_pid, (void *)(uintptr_t)pid) != NULL; 188} 189 190void 191continue_process(pid_t pid) 192{ 193 debug(DEBUG_PROCESS, "continue_process: pid=%d", pid); 194 195 /* Only really continue the process if there are no events in 196 the queue for this process. Otherwise just wait for the 197 other events to arrive. */ 198 if (!have_events_for(pid)) 199 /* We always trace syscalls to control fork(), 200 * clone(), execve()... */ 201 ptrace(PTRACE_SYSCALL, pid, 0, 0); 202 else 203 debug(DEBUG_PROCESS, 204 "putting off the continue, events in que."); 205} 206 207static struct pid_task * 208get_task_info(struct pid_set * pids, pid_t pid) 209{ 210 assert(pid != 0); 211 size_t i; 212 for (i = 0; i < pids->count; ++i) 213 if (pids->tasks[i].pid == pid) 214 return &pids->tasks[i]; 215 216 return NULL; 217} 218 219static struct pid_task * 220add_task_info(struct pid_set * pids, pid_t pid) 221{ 222 if (pids->count == pids->alloc) { 223 size_t ns = (2 * pids->alloc) ?: 4; 224 struct pid_task * n = realloc(pids->tasks, 225 sizeof(*pids->tasks) * ns); 226 if (n == NULL) 227 return NULL; 228 pids->tasks = n; 229 pids->alloc = ns; 230 } 231 struct pid_task * task_info = &pids->tasks[pids->count++]; 232 memset(task_info, 0, sizeof(*task_info)); 233 task_info->pid = pid; 234 return task_info; 235} 236 237static enum callback_status 238task_stopped(struct Process *task, void *data) 239{ 240 enum process_status st = process_status(task->pid); 241 if (data != NULL) 242 *(enum process_status *)data = st; 243 244 /* If the task is already stopped, don't worry about it. 245 * Likewise if it managed to become a zombie or terminate in 246 * the meantime. This can happen when the whole thread group 247 * is terminating. */ 248 switch (st) { 249 case ps_invalid: 250 case ps_tracing_stop: 251 case ps_zombie: 252 return CBS_CONT; 253 case ps_sleeping: 254 case ps_stop: 255 case ps_other: 256 return CBS_STOP; 257 } 258 259 abort (); 260} 261 262/* Task is blocked if it's stopped, or if it's a vfork parent. */ 263static enum callback_status 264task_blocked(struct Process *task, void *data) 265{ 266 struct pid_set * pids = data; 267 struct pid_task * task_info = get_task_info(pids, task->pid); 268 if (task_info != NULL 269 && task_info->vforked) 270 return CBS_CONT; 271 272 return task_stopped(task, NULL); 273} 274 275static Event *process_vfork_on_event(struct event_handler *super, Event *event); 276 277static enum callback_status 278task_vforked(struct Process *task, void *data) 279{ 280 if (task->event_handler != NULL 281 && task->event_handler->on_event == &process_vfork_on_event) 282 return CBS_STOP; 283 return CBS_CONT; 284} 285 286static int 287is_vfork_parent(struct Process *task) 288{ 289 return each_task(task->leader, NULL, &task_vforked, NULL) != NULL; 290} 291 292static enum callback_status 293send_sigstop(struct Process *task, void *data) 294{ 295 Process * leader = task->leader; 296 struct pid_set * pids = data; 297 298 /* Look for pre-existing task record, or add new. */ 299 struct pid_task * task_info = get_task_info(pids, task->pid); 300 if (task_info == NULL) 301 task_info = add_task_info(pids, task->pid); 302 if (task_info == NULL) { 303 perror("send_sigstop: add_task_info"); 304 destroy_event_handler(leader); 305 /* Signal failure upwards. */ 306 return CBS_STOP; 307 } 308 309 /* This task still has not been attached to. It should be 310 stopped by the kernel. */ 311 if (task->state == STATE_BEING_CREATED) 312 return CBS_CONT; 313 314 /* Don't bother sending SIGSTOP if we are already stopped, or 315 * if we sent the SIGSTOP already, which happens when we are 316 * handling "onexit" and inherited the handler from breakpoint 317 * re-enablement. */ 318 enum process_status st; 319 if (task_stopped(task, &st) == CBS_CONT) 320 return CBS_CONT; 321 if (task_info->sigstopped) { 322 if (!task_info->delivered) 323 return CBS_CONT; 324 task_info->delivered = 0; 325 } 326 327 /* Also don't attempt to stop the process if it's a parent of 328 * vforked process. We set up event handler specially to hint 329 * us. In that case parent is in D state, which we use to 330 * weed out unnecessary looping. */ 331 if (st == ps_sleeping 332 && is_vfork_parent (task)) { 333 task_info->vforked = 1; 334 return CBS_CONT; 335 } 336 337 if (task_kill(task->pid, SIGSTOP) >= 0) { 338 debug(DEBUG_PROCESS, "send SIGSTOP to %d", task->pid); 339 task_info->sigstopped = 1; 340 } else 341 fprintf(stderr, 342 "Warning: couldn't send SIGSTOP to %d\n", task->pid); 343 344 return CBS_CONT; 345} 346 347/* On certain kernels, detaching right after a singlestep causes the 348 tracee to be killed with a SIGTRAP (that even though the singlestep 349 was properly caught by waitpid. The ugly workaround is to put a 350 breakpoint where IP points and let the process continue. After 351 this the breakpoint can be retracted and the process detached. */ 352static void 353ugly_workaround(Process * proc) 354{ 355 void * ip = get_instruction_pointer(proc); 356 struct breakpoint *sbp = dict_find_entry(proc->leader->breakpoints, ip); 357 if (sbp != NULL) 358 enable_breakpoint(proc, sbp); 359 else 360 insert_breakpoint(proc, ip, NULL); 361 ptrace(PTRACE_CONT, proc->pid, 0, 0); 362} 363 364static void 365process_stopping_done(struct process_stopping_handler * self, Process * leader) 366{ 367 debug(DEBUG_PROCESS, "process stopping done %d", 368 self->task_enabling_breakpoint->pid); 369 size_t i; 370 if (!self->exiting) { 371 for (i = 0; i < self->pids.count; ++i) 372 if (self->pids.tasks[i].pid != 0 373 && (self->pids.tasks[i].delivered 374 || self->pids.tasks[i].sysret)) 375 continue_process(self->pids.tasks[i].pid); 376 continue_process(self->task_enabling_breakpoint->pid); 377 destroy_event_handler(leader); 378 } 379 380 if (self->exiting) { 381 ugly_workaround: 382 self->state = psh_ugly_workaround; 383 ugly_workaround(self->task_enabling_breakpoint); 384 } else { 385 switch ((self->ugly_workaround_p)(self)) { 386 case CBS_FAIL: 387 /* xxx handle me */ 388 case CBS_STOP: 389 break; 390 case CBS_CONT: 391 goto ugly_workaround; 392 } 393 } 394} 395 396/* Before we detach, we need to make sure that task's IP is on the 397 * edge of an instruction. So for tasks that have a breakpoint event 398 * in the queue, we adjust the instruction pointer, just like 399 * continue_after_breakpoint does. */ 400static enum ecb_status 401undo_breakpoint(Event * event, void * data) 402{ 403 if (event != NULL 404 && event->proc->leader == data 405 && event->type == EVENT_BREAKPOINT) 406 set_instruction_pointer(event->proc, event->e_un.brk_addr); 407 return ecb_cont; 408} 409 410static enum callback_status 411untrace_task(struct Process *task, void *data) 412{ 413 if (task != data) 414 untrace_pid(task->pid); 415 return CBS_CONT; 416} 417 418static enum callback_status 419remove_task(struct Process *task, void *data) 420{ 421 /* Don't untrace leader just yet. */ 422 if (task != data) 423 remove_process(task); 424 return CBS_CONT; 425} 426 427static enum callback_status 428retract_breakpoint_cb(struct Process *proc, struct breakpoint *bp, void *data) 429{ 430 breakpoint_on_retract(bp, proc); 431 return CBS_CONT; 432} 433 434static void 435detach_process(Process * leader) 436{ 437 each_qd_event(&undo_breakpoint, leader); 438 disable_all_breakpoints(leader); 439 proc_each_breakpoint(leader, NULL, retract_breakpoint_cb, NULL); 440 441 /* Now untrace the process, if it was attached to by -p. */ 442 struct opt_p_t * it; 443 for (it = opt_p; it != NULL; it = it->next) { 444 Process * proc = pid2proc(it->pid); 445 if (proc == NULL) 446 continue; 447 if (proc->leader == leader) { 448 each_task(leader, NULL, &untrace_task, NULL); 449 break; 450 } 451 } 452 each_task(leader, NULL, &remove_task, leader); 453 destroy_event_handler(leader); 454 remove_task(leader, NULL); 455} 456 457static void 458handle_stopping_event(struct pid_task * task_info, Event ** eventp) 459{ 460 /* Mark all events, so that we know whom to SIGCONT later. */ 461 if (task_info != NULL) 462 task_info->got_event = 1; 463 464 Event * event = *eventp; 465 466 /* In every state, sink SIGSTOP events for tasks that it was 467 * sent to. */ 468 if (task_info != NULL 469 && event->type == EVENT_SIGNAL 470 && event->e_un.signum == SIGSTOP) { 471 debug(DEBUG_PROCESS, "SIGSTOP delivered to %d", task_info->pid); 472 if (task_info->sigstopped 473 && !task_info->delivered) { 474 task_info->delivered = 1; 475 *eventp = NULL; // sink the event 476 } else 477 fprintf(stderr, "suspicious: %d got SIGSTOP, but " 478 "sigstopped=%d and delivered=%d\n", 479 task_info->pid, task_info->sigstopped, 480 task_info->delivered); 481 } 482} 483 484/* Some SIGSTOPs may have not been delivered to their respective tasks 485 * yet. They are still in the queue. If we have seen an event for 486 * that process, continue it, so that the SIGSTOP can be delivered and 487 * caught by ltrace. We don't mind that the process is after 488 * breakpoint (and therefore potentially doesn't have aligned IP), 489 * because the signal will be delivered without the process actually 490 * starting. */ 491static void 492continue_for_sigstop_delivery(struct pid_set * pids) 493{ 494 size_t i; 495 for (i = 0; i < pids->count; ++i) { 496 if (pids->tasks[i].pid != 0 497 && pids->tasks[i].sigstopped 498 && !pids->tasks[i].delivered 499 && pids->tasks[i].got_event) { 500 debug(DEBUG_PROCESS, "continue %d for SIGSTOP delivery", 501 pids->tasks[i].pid); 502 ptrace(PTRACE_SYSCALL, pids->tasks[i].pid, 0, 0); 503 } 504 } 505} 506 507static int 508event_exit_p(Event * event) 509{ 510 return event != NULL && (event->type == EVENT_EXIT 511 || event->type == EVENT_EXIT_SIGNAL); 512} 513 514static int 515event_exit_or_none_p(Event * event) 516{ 517 return event == NULL || event_exit_p(event) 518 || event->type == EVENT_NONE; 519} 520 521static int 522await_sigstop_delivery(struct pid_set * pids, struct pid_task * task_info, 523 Event * event) 524{ 525 /* If we still didn't get our SIGSTOP, continue the process 526 * and carry on. */ 527 if (event != NULL && !event_exit_or_none_p(event) 528 && task_info != NULL && task_info->sigstopped) { 529 debug(DEBUG_PROCESS, "continue %d for SIGSTOP delivery", 530 task_info->pid); 531 /* We should get the signal the first thing 532 * after this, so it should be OK to continue 533 * even if we are over a breakpoint. */ 534 ptrace(PTRACE_SYSCALL, task_info->pid, 0, 0); 535 536 } else { 537 /* If all SIGSTOPs were delivered, uninstall the 538 * handler and continue everyone. */ 539 /* XXX I suspect that we should check tasks that are 540 * still around. Is things are now, there should be a 541 * race between waiting for everyone to stop and one 542 * of the tasks exiting. */ 543 int all_clear = 1; 544 size_t i; 545 for (i = 0; i < pids->count; ++i) 546 if (pids->tasks[i].pid != 0 547 && pids->tasks[i].sigstopped 548 && !pids->tasks[i].delivered) { 549 all_clear = 0; 550 break; 551 } 552 return all_clear; 553 } 554 555 return 0; 556} 557 558static int 559all_stops_accountable(struct pid_set * pids) 560{ 561 size_t i; 562 for (i = 0; i < pids->count; ++i) 563 if (pids->tasks[i].pid != 0 564 && !pids->tasks[i].got_event 565 && !have_events_for(pids->tasks[i].pid)) 566 return 0; 567 return 1; 568} 569 570/* The protocol is: 0 for success, negative for failure, positive if 571 * default singlestep is to be used. */ 572int arch_atomic_singlestep(struct Process *proc, struct breakpoint *sbp, 573 int (*add_cb)(void *addr, void *data), 574 void *add_cb_data); 575 576#ifndef ARCH_HAVE_ATOMIC_SINGLESTEP 577int 578arch_atomic_singlestep(struct Process *proc, struct breakpoint *sbp, 579 int (*add_cb)(void *addr, void *data), 580 void *add_cb_data) 581{ 582 return 1; 583} 584#endif 585 586static Event *process_stopping_on_event(struct event_handler *super, 587 Event *event); 588 589static void 590remove_atomic_breakpoints(struct Process *proc) 591{ 592 struct process_stopping_handler *self 593 = (void *)proc->leader->event_handler; 594 assert(self != NULL); 595 assert(self->super.on_event == process_stopping_on_event); 596 597 int ct = sizeof(self->atomic_skip_bp_addrs) 598 / sizeof(*self->atomic_skip_bp_addrs); 599 int i; 600 for (i = 0; i < ct; ++i) 601 if (self->atomic_skip_bp_addrs[i] != 0) { 602 delete_breakpoint(proc, self->atomic_skip_bp_addrs[i]); 603 self->atomic_skip_bp_addrs[i] = 0; 604 } 605} 606 607static void 608atomic_singlestep_bp_on_hit(struct breakpoint *bp, struct Process *proc) 609{ 610 remove_atomic_breakpoints(proc); 611} 612 613static int 614atomic_singlestep_add_bp(void *addr, void *data) 615{ 616 struct process_stopping_handler *self = data; 617 struct Process *proc = self->task_enabling_breakpoint; 618 619 int ct = sizeof(self->atomic_skip_bp_addrs) 620 / sizeof(*self->atomic_skip_bp_addrs); 621 int i; 622 for (i = 0; i < ct; ++i) 623 if (self->atomic_skip_bp_addrs[i] == 0) { 624 self->atomic_skip_bp_addrs[i] = addr; 625 static struct bp_callbacks cbs = { 626 .on_hit = atomic_singlestep_bp_on_hit, 627 }; 628 struct breakpoint *bp 629 = insert_breakpoint(proc, addr, NULL); 630 breakpoint_set_callbacks(bp, &cbs); 631 return 0; 632 } 633 634 assert(!"Too many atomic singlestep breakpoints!"); 635 abort(); 636} 637 638static int 639singlestep(struct process_stopping_handler *self) 640{ 641 struct Process *proc = self->task_enabling_breakpoint; 642 643 int status = arch_atomic_singlestep(self->task_enabling_breakpoint, 644 self->breakpoint_being_enabled, 645 &atomic_singlestep_add_bp, self); 646 647 /* Propagate failure and success. */ 648 if (status <= 0) 649 return status; 650 651 /* Otherwise do the default action: singlestep. */ 652 debug(1, "PTRACE_SINGLESTEP"); 653 if (ptrace(PTRACE_SINGLESTEP, proc->pid, 0, 0)) { 654 perror("PTRACE_SINGLESTEP"); 655 return -1; 656 } 657 return 0; 658} 659 660static void 661post_singlestep(struct process_stopping_handler *self, 662 struct Event **eventp) 663{ 664 continue_for_sigstop_delivery(&self->pids); 665 666 if (*eventp != NULL && (*eventp)->type == EVENT_BREAKPOINT) 667 *eventp = NULL; // handled 668 669 struct Process *proc = self->task_enabling_breakpoint; 670 671 remove_atomic_breakpoints(proc); 672 self->breakpoint_being_enabled = NULL; 673} 674 675static void 676singlestep_error(struct process_stopping_handler *self) 677{ 678 struct Process *teb = self->task_enabling_breakpoint; 679 struct breakpoint *sbp = self->breakpoint_being_enabled; 680 fprintf(stderr, "%d couldn't continue when handling %s (%p) at %p\n", 681 teb->pid, sbp->libsym != NULL ? sbp->libsym->name : NULL, 682 sbp->addr, get_instruction_pointer(teb)); 683 delete_breakpoint(teb->leader, sbp->addr); 684} 685 686static void 687pt_continue(struct process_stopping_handler *self) 688{ 689 struct Process *teb = self->task_enabling_breakpoint; 690 debug(1, "PTRACE_CONT"); 691 ptrace(PTRACE_CONT, teb->pid, 0, 0); 692} 693 694static void 695pt_singlestep(struct process_stopping_handler *self) 696{ 697 if (singlestep(self) < 0) 698 singlestep_error(self); 699} 700 701static void 702disable_and(struct process_stopping_handler *self, 703 void (*do_this)(struct process_stopping_handler *self)) 704{ 705 struct Process *teb = self->task_enabling_breakpoint; 706 debug(DEBUG_PROCESS, "all stopped, now singlestep/cont %d", teb->pid); 707 if (self->breakpoint_being_enabled->enabled) 708 disable_breakpoint(teb, self->breakpoint_being_enabled); 709 (do_this)(self); 710 self->state = psh_singlestep; 711} 712 713void 714linux_ptrace_disable_and_singlestep(struct process_stopping_handler *self) 715{ 716 disable_and(self, &pt_singlestep); 717} 718 719void 720linux_ptrace_disable_and_continue(struct process_stopping_handler *self) 721{ 722 disable_and(self, &pt_continue); 723} 724 725/* This event handler is installed when we are in the process of 726 * stopping the whole thread group to do the pointer re-enablement for 727 * one of the threads. We pump all events to the queue for later 728 * processing while we wait for all the threads to stop. When this 729 * happens, we let the re-enablement thread to PTRACE_SINGLESTEP, 730 * re-enable, and continue everyone. */ 731static Event * 732process_stopping_on_event(struct event_handler *super, Event *event) 733{ 734 struct process_stopping_handler * self = (void *)super; 735 Process * task = event->proc; 736 Process * leader = task->leader; 737 Process * teb = self->task_enabling_breakpoint; 738 739 debug(DEBUG_PROCESS, 740 "process_stopping_on_event: pid %d; event type %d; state %d", 741 task->pid, event->type, self->state); 742 743 struct pid_task * task_info = get_task_info(&self->pids, task->pid); 744 if (task_info == NULL) 745 fprintf(stderr, "new task??? %d\n", task->pid); 746 handle_stopping_event(task_info, &event); 747 748 int state = self->state; 749 int event_to_queue = !event_exit_or_none_p(event); 750 751 /* Deactivate the entry if the task exits. */ 752 if (event_exit_p(event) && task_info != NULL) 753 task_info->pid = 0; 754 755 /* Always handle sysrets. Whether sysret occurred and what 756 * sys it rets from may need to be determined based on process 757 * stack, so we need to keep that in sync with reality. Note 758 * that we don't continue the process after the sysret is 759 * handled. See continue_after_syscall. */ 760 if (event != NULL && event->type == EVENT_SYSRET) { 761 debug(1, "%d LT_EV_SYSRET", event->proc->pid); 762 event_to_queue = 0; 763 task_info->sysret = 1; 764 } 765 766 switch (state) { 767 case psh_stopping: 768 /* If everyone is stopped, singlestep. */ 769 if (each_task(leader, NULL, &task_blocked, 770 &self->pids) == NULL) { 771 (self->on_all_stopped)(self); 772 state = self->state; 773 } 774 break; 775 776 case psh_singlestep: 777 /* In singlestep state, breakpoint signifies that we 778 * have now stepped, and can re-enable the breakpoint. */ 779 if (event != NULL && task == teb) { 780 781 /* If this was caused by a real breakpoint, as 782 * opposed to a singlestep, assume that it's 783 * an artificial breakpoint installed for some 784 * reason for the re-enablement. In that case 785 * handle it. */ 786 if (event->type == EVENT_BREAKPOINT) { 787 target_address_t ip 788 = get_instruction_pointer(task); 789 struct breakpoint *other 790 = address2bpstruct(leader, ip); 791 if (other != NULL) 792 breakpoint_on_hit(other, task); 793 } 794 795 /* If we got SIGNAL instead of BREAKPOINT, 796 * then this is not singlestep at all. */ 797 if (event->type == EVENT_SIGNAL) { 798 do_singlestep: 799 if (singlestep(self) < 0) { 800 singlestep_error(self); 801 post_singlestep(self, &event); 802 goto psh_sinking; 803 } 804 break; 805 } else { 806 switch ((self->keep_stepping_p)(self)) { 807 case CBS_FAIL: 808 /* XXX handle me */ 809 case CBS_STOP: 810 break; 811 case CBS_CONT: 812 /* Sink singlestep event. */ 813 if (event->type == EVENT_BREAKPOINT) 814 event = NULL; 815 goto do_singlestep; 816 } 817 } 818 819 /* Re-enable the breakpoint that we are 820 * stepping over. */ 821 struct breakpoint *sbp = self->breakpoint_being_enabled; 822 if (sbp->enabled) 823 enable_breakpoint(teb, sbp); 824 825 post_singlestep(self, &event); 826 goto psh_sinking; 827 } 828 break; 829 830 psh_sinking: 831 state = self->state = psh_sinking; 832 case psh_sinking: 833 if (await_sigstop_delivery(&self->pids, task_info, event)) 834 process_stopping_done(self, leader); 835 break; 836 837 case psh_ugly_workaround: 838 if (event == NULL) 839 break; 840 if (event->type == EVENT_BREAKPOINT) { 841 undo_breakpoint(event, leader); 842 if (task == teb) 843 self->task_enabling_breakpoint = NULL; 844 } 845 if (self->task_enabling_breakpoint == NULL 846 && all_stops_accountable(&self->pids)) { 847 undo_breakpoint(event, leader); 848 detach_process(leader); 849 event = NULL; // handled 850 } 851 } 852 853 if (event != NULL && event_to_queue) { 854 enque_event(event); 855 event = NULL; // sink the event 856 } 857 858 return event; 859} 860 861static void 862process_stopping_destroy(struct event_handler *super) 863{ 864 struct process_stopping_handler * self = (void *)super; 865 free(self->pids.tasks); 866} 867 868static enum callback_status 869no(struct process_stopping_handler *self) 870{ 871 return CBS_STOP; 872} 873 874int 875process_install_stopping_handler(struct Process *proc, struct breakpoint *sbp, 876 void (*as)(struct process_stopping_handler *), 877 enum callback_status (*ks) 878 (struct process_stopping_handler *), 879 enum callback_status (*uw) 880 (struct process_stopping_handler *)) 881{ 882 debug(DEBUG_FUNCTION, 883 "process_install_stopping_handler: pid=%d", proc->pid); 884 885 struct process_stopping_handler *handler = calloc(sizeof(*handler), 1); 886 if (handler == NULL) 887 return -1; 888 889 if (as == NULL) 890 as = &linux_ptrace_disable_and_singlestep; 891 if (ks == NULL) 892 ks = &no; 893 if (uw == NULL) 894 uw = &no; 895 896 handler->super.on_event = process_stopping_on_event; 897 handler->super.destroy = process_stopping_destroy; 898 handler->task_enabling_breakpoint = proc; 899 handler->breakpoint_being_enabled = sbp; 900 handler->on_all_stopped = as; 901 handler->keep_stepping_p = ks; 902 handler->ugly_workaround_p = uw; 903 904 install_event_handler(proc->leader, &handler->super); 905 906 if (each_task(proc->leader, NULL, &send_sigstop, 907 &handler->pids) != NULL) { 908 destroy_event_handler(proc); 909 return -1; 910 } 911 912 /* And deliver the first fake event, in case all the 913 * conditions are already fulfilled. */ 914 Event ev = { 915 .type = EVENT_NONE, 916 .proc = proc, 917 }; 918 process_stopping_on_event(&handler->super, &ev); 919 920 return 0; 921} 922 923void 924continue_after_breakpoint(Process *proc, struct breakpoint *sbp) 925{ 926 debug(DEBUG_PROCESS, 927 "continue_after_breakpoint: pid=%d, addr=%p", 928 proc->pid, sbp->addr); 929 930 set_instruction_pointer(proc, sbp->addr); 931 932 if (sbp->enabled == 0) { 933 continue_process(proc->pid); 934 } else { 935#if defined __sparc__ || defined __ia64___ || defined __mips__ 936 /* we don't want to singlestep here */ 937 continue_process(proc->pid); 938#else 939 if (process_install_stopping_handler 940 (proc, sbp, NULL, NULL, NULL) < 0) { 941 perror("process_stopping_handler_create"); 942 /* Carry on not bothering to re-enable. */ 943 continue_process(proc->pid); 944 } 945#endif 946 } 947} 948 949/** 950 * Ltrace exit. When we are about to exit, we have to go through all 951 * the processes, stop them all, remove all the breakpoints, and then 952 * detach the processes that we attached to using -p. If we left the 953 * other tasks running, they might hit stray return breakpoints and 954 * produce artifacts, so we better stop everyone, even if it's a bit 955 * of extra work. 956 */ 957struct ltrace_exiting_handler 958{ 959 struct event_handler super; 960 struct pid_set pids; 961}; 962 963static Event * 964ltrace_exiting_on_event(struct event_handler *super, Event *event) 965{ 966 struct ltrace_exiting_handler * self = (void *)super; 967 Process * task = event->proc; 968 Process * leader = task->leader; 969 970 debug(DEBUG_PROCESS, 971 "ltrace_exiting_on_event: pid %d; event type %d", 972 task->pid, event->type); 973 974 struct pid_task * task_info = get_task_info(&self->pids, task->pid); 975 handle_stopping_event(task_info, &event); 976 977 if (event != NULL && event->type == EVENT_BREAKPOINT) 978 undo_breakpoint(event, leader); 979 980 if (await_sigstop_delivery(&self->pids, task_info, event) 981 && all_stops_accountable(&self->pids)) 982 detach_process(leader); 983 984 /* Sink all non-exit events. We are about to exit, so we 985 * don't bother with queuing them. */ 986 if (event_exit_or_none_p(event)) 987 return event; 988 989 return NULL; 990} 991 992static void 993ltrace_exiting_destroy(struct event_handler *super) 994{ 995 struct ltrace_exiting_handler * self = (void *)super; 996 free(self->pids.tasks); 997} 998 999static int 1000ltrace_exiting_install_handler(Process * proc) 1001{ 1002 /* Only install to leader. */ 1003 if (proc->leader != proc) 1004 return 0; 1005 1006 /* Perhaps we are already installed, if the user passed 1007 * several -p options that are tasks of one process. */ 1008 if (proc->event_handler != NULL 1009 && proc->event_handler->on_event == <race_exiting_on_event) 1010 return 0; 1011 1012 /* If stopping handler is already present, let it do the 1013 * work. */ 1014 if (proc->event_handler != NULL) { 1015 assert(proc->event_handler->on_event 1016 == &process_stopping_on_event); 1017 struct process_stopping_handler * other 1018 = (void *)proc->event_handler; 1019 other->exiting = 1; 1020 return 0; 1021 } 1022 1023 struct ltrace_exiting_handler * handler 1024 = calloc(sizeof(*handler), 1); 1025 if (handler == NULL) { 1026 perror("malloc exiting handler"); 1027 fatal: 1028 /* XXXXXXXXXXXXXXXXXXX fixme */ 1029 return -1; 1030 } 1031 1032 handler->super.on_event = ltrace_exiting_on_event; 1033 handler->super.destroy = ltrace_exiting_destroy; 1034 install_event_handler(proc->leader, &handler->super); 1035 1036 if (each_task(proc->leader, NULL, &send_sigstop, 1037 &handler->pids) != NULL) 1038 goto fatal; 1039 1040 return 0; 1041} 1042 1043/* 1044 * When the traced process vforks, it's suspended until the child 1045 * process calls _exit or exec*. In the meantime, the two share the 1046 * address space. 1047 * 1048 * The child process should only ever call _exit or exec*, but we 1049 * can't count on that (it's not the role of ltrace to policy, but to 1050 * observe). In any case, we will _at least_ have to deal with 1051 * removal of vfork return breakpoint (which we have to smuggle back 1052 * in, so that the parent can see it, too), and introduction of exec* 1053 * return breakpoint. Since we already have both breakpoint actions 1054 * to deal with, we might as well support it all. 1055 * 1056 * The gist is that we pretend that the child is in a thread group 1057 * with its parent, and handle it as a multi-threaded case, with the 1058 * exception that we know that the parent is blocked, and don't 1059 * attempt to stop it. When the child execs, we undo the setup. 1060 */ 1061 1062struct process_vfork_handler 1063{ 1064 struct event_handler super; 1065 void * bp_addr; 1066}; 1067 1068static Event * 1069process_vfork_on_event(struct event_handler *super, Event *event) 1070{ 1071 debug(DEBUG_PROCESS, 1072 "process_vfork_on_event: pid %d; event type %d", 1073 event->proc->pid, event->type); 1074 1075 struct process_vfork_handler * self = (void *)super; 1076 struct breakpoint *sbp; 1077 assert(self != NULL); 1078 1079 switch (event->type) { 1080 case EVENT_BREAKPOINT: 1081 /* Remember the vfork return breakpoint. */ 1082 if (self->bp_addr == 0) 1083 self->bp_addr = event->e_un.brk_addr; 1084 break; 1085 1086 case EVENT_EXIT: 1087 case EVENT_EXIT_SIGNAL: 1088 case EVENT_EXEC: 1089 /* Smuggle back in the vfork return breakpoint, so 1090 * that our parent can trip over it once again. */ 1091 if (self->bp_addr != 0) { 1092 sbp = dict_find_entry(event->proc->leader->breakpoints, 1093 self->bp_addr); 1094 if (sbp != NULL) 1095 assert(sbp->libsym == NULL); 1096 /* We don't mind failing that, it's not a big 1097 * deal to not display one extra vfork return. */ 1098 insert_breakpoint(event->proc->parent, 1099 self->bp_addr, NULL); 1100 } 1101 1102 continue_process(event->proc->parent->pid); 1103 1104 /* Remove the leader that we artificially set up 1105 * earlier. */ 1106 change_process_leader(event->proc, event->proc); 1107 destroy_event_handler(event->proc); 1108 1109 default: 1110 ; 1111 } 1112 1113 return event; 1114} 1115 1116void 1117continue_after_vfork(Process * proc) 1118{ 1119 debug(DEBUG_PROCESS, "continue_after_vfork: pid=%d", proc->pid); 1120 struct process_vfork_handler * handler = calloc(sizeof(*handler), 1); 1121 if (handler == NULL) { 1122 perror("malloc vfork handler"); 1123 /* Carry on not bothering to treat the process as 1124 * necessary. */ 1125 continue_process(proc->parent->pid); 1126 return; 1127 } 1128 1129 /* We must set up custom event handler, so that we see 1130 * exec/exit events for the task itself. */ 1131 handler->super.on_event = process_vfork_on_event; 1132 install_event_handler(proc, &handler->super); 1133 1134 /* Make sure that the child is sole thread. */ 1135 assert(proc->leader == proc); 1136 assert(proc->next == NULL || proc->next->leader != proc); 1137 1138 /* Make sure that the child's parent is properly set up. */ 1139 assert(proc->parent != NULL); 1140 assert(proc->parent->leader != NULL); 1141 1142 change_process_leader(proc, proc->parent->leader); 1143} 1144 1145static int 1146is_mid_stopping(Process *proc) 1147{ 1148 return proc != NULL 1149 && proc->event_handler != NULL 1150 && proc->event_handler->on_event == &process_stopping_on_event; 1151} 1152 1153void 1154continue_after_syscall(Process * proc, int sysnum, int ret_p) 1155{ 1156 /* Don't continue if we are mid-stopping. */ 1157 if (ret_p && (is_mid_stopping(proc) || is_mid_stopping(proc->leader))) { 1158 debug(DEBUG_PROCESS, 1159 "continue_after_syscall: don't continue %d", 1160 proc->pid); 1161 return; 1162 } 1163 continue_process(proc->pid); 1164} 1165 1166/* If ltrace gets SIGINT, the processes directly or indirectly run by 1167 * ltrace get it too. We just have to wait long enough for the signal 1168 * to be delivered and the process terminated, which we notice and 1169 * exit ltrace, too. So there's not much we need to do there. We 1170 * want to keep tracing those processes as usual, in case they just 1171 * SIG_IGN the SIGINT to do their shutdown etc. 1172 * 1173 * For processes ran on the background, we want to install an exit 1174 * handler that stops all the threads, removes all breakpoints, and 1175 * detaches. 1176 */ 1177void 1178os_ltrace_exiting(void) 1179{ 1180 struct opt_p_t * it; 1181 for (it = opt_p; it != NULL; it = it->next) { 1182 Process * proc = pid2proc(it->pid); 1183 if (proc == NULL || proc->leader == NULL) 1184 continue; 1185 if (ltrace_exiting_install_handler(proc->leader) < 0) 1186 fprintf(stderr, 1187 "Couldn't install exiting handler for %d.\n", 1188 proc->pid); 1189 } 1190} 1191 1192int 1193os_ltrace_exiting_sighandler(void) 1194{ 1195 extern int linux_in_waitpid; 1196 if (linux_in_waitpid) { 1197 os_ltrace_exiting(); 1198 return 1; 1199 } 1200 return 0; 1201} 1202 1203size_t 1204umovebytes(Process *proc, void *addr, void *laddr, size_t len) { 1205 1206 union { 1207 long a; 1208 char c[sizeof(long)]; 1209 } a; 1210 int started = 0; 1211 size_t offset = 0, bytes_read = 0; 1212 1213 while (offset < len) { 1214 a.a = ptrace(PTRACE_PEEKTEXT, proc->pid, addr + offset, 0); 1215 if (a.a == -1 && errno) { 1216 if (started && errno == EIO) 1217 return bytes_read; 1218 else 1219 return -1; 1220 } 1221 started = 1; 1222 1223 if (len - offset >= sizeof(long)) { 1224 memcpy(laddr + offset, &a.c[0], sizeof(long)); 1225 bytes_read += sizeof(long); 1226 } 1227 else { 1228 memcpy(laddr + offset, &a.c[0], len - offset); 1229 bytes_read += (len - offset); 1230 } 1231 offset += sizeof(long); 1232 } 1233 1234 return bytes_read; 1235} 1236 1237/* Read a series of bytes starting at the process's memory address 1238 'addr' and continuing until a NUL ('\0') is seen or 'len' bytes 1239 have been read. 1240*/ 1241int 1242umovestr(Process *proc, void *addr, int len, void *laddr) { 1243 union { 1244 long a; 1245 char c[sizeof(long)]; 1246 } a; 1247 unsigned i; 1248 int offset = 0; 1249 1250 while (offset < len) { 1251 a.a = ptrace(PTRACE_PEEKTEXT, proc->pid, addr + offset, 0); 1252 for (i = 0; i < sizeof(long); i++) { 1253 if (a.c[i] && offset + (signed)i < len) { 1254 *(char *)(laddr + offset + i) = a.c[i]; 1255 } else { 1256 *(char *)(laddr + offset + i) = '\0'; 1257 return 0; 1258 } 1259 } 1260 offset += sizeof(long); 1261 } 1262 *(char *)(laddr + offset) = '\0'; 1263 return 0; 1264} 1265