1/*--------------------------------------------------------------------*/ 2/*--- Implementation of vgdb invoker subsystem via ptrace() calls. ---*/ 3/*--------------------------------------------------------------------*/ 4 5/* 6 This file is part of Valgrind, a dynamic binary instrumentation 7 framework. 8 9 Copyright (C) 2011-2013 Philippe Waroquiers 10 11 This program is free software; you can redistribute it and/or 12 modify it under the terms of the GNU General Public License as 13 published by the Free Software Foundation; either version 2 of the 14 License, or (at your option) any later version. 15 16 This program is distributed in the hope that it will be useful, but 17 WITHOUT ANY WARRANTY; without even the implied warranty of 18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 19 General Public License for more details. 20 21 You should have received a copy of the GNU General Public License 22 along with this program; if not, write to the Free Software 23 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 24 02111-1307, USA. 25 26 The GNU General Public License is contained in the file COPYING. 27*/ 28 29#include "config.h" 30 31#include "vgdb.h" 32#include "pub_core_threadstate.h" 33 34#include <alloca.h> 35#include <assert.h> 36#include <errno.h> 37#include <stdio.h> 38#include <stdlib.h> 39#include <string.h> 40#include <sys/ptrace.h> 41#include <sys/time.h> 42#include <sys/user.h> 43#include <sys/wait.h> 44 45#ifdef PTRACE_GETREGSET 46// TBD: better have a configure test instead ? 47#define HAVE_PTRACE_GETREGSET 48 49// A bi-arch build using PTRACE_GET/SETREGSET needs 50// some conversion code for register structures. 51// So, better do not use PTRACE_GET/SETREGSET 52// Rather we use PTRACE_GETREGS or PTRACE_PEEKUSER. 53 54// The only platform on which we must use PTRACE_GETREGSET is arm64. 55// The resulting vgdb cannot work in a bi-arch setup. 56// -1 means we will check that PTRACE_GETREGSET works. 57# if defined(VGA_arm64) 58#define USE_PTRACE_GETREGSET 59# endif 60#endif 61 62#include <sys/uio.h> 63#include <elf.h> 64 65#include <sys/procfs.h> 66 67// glibc versions prior to 2.5 do not define PTRACE_GETSIGINFO on 68// the platforms we support. 69#if !((__GLIBC__ > 2) || (__GLIBC__ == 2 && __GLIBC_MINOR__ >= 5)) 70# ifndef PTRACE_GETSIGINFO 71# define PTRACE_GETSIGINFO 0x4202 72# endif 73#endif 74 75// 32-bit or 64-bit wide, depending on primary architecture. 76typedef Addr CORE_ADDR; 77typedef Addr PTRACE_XFER_TYPE; 78typedef void* PTRACE_ARG3_TYPE; 79 80// if > 0, pid for which registers have to be restored. 81// if == 0, means we have not yet called setregs (or have already 82// restored the registers). 83static int pid_of_save_regs = 0; 84/* True if we have continued pid_of_save_regs after PTRACE_ATTACH. */ 85static Bool pid_of_save_regs_continued = False; 86// When setregs has been called to change the registers of pid_of_save_regs, 87// vgdb cannot transmit the signals intercepted during ptrace. 88// So, we queue them, and will deliver them when detaching. 89// See function waitstopped for more info. 90static int signal_queue_sz = 0; 91static siginfo_t *signal_queue; 92 93/* True when loss of connection indicating that the Valgrind 94 process is dying. */ 95static Bool dying = False; 96 97/* ptrace_(read|write)_memory are modified extracts of linux-low.c 98 from gdb 6.6. Copyrighted FSF */ 99/* Copy LEN bytes from valgrind memory starting at MEMADDR 100 to vgdb memory starting at MYADDR. */ 101static 102int ptrace_read_memory (pid_t inferior_pid, CORE_ADDR memaddr, 103 void *myaddr, size_t len) 104{ 105 register int i; 106 /* Round starting address down to longword boundary. */ 107 register CORE_ADDR addr = memaddr & -(CORE_ADDR) sizeof (PTRACE_XFER_TYPE); 108 /* Round ending address up; get number of longwords that makes. */ 109 register int count 110 = (((memaddr + len) - addr) + sizeof (PTRACE_XFER_TYPE) - 1) 111 / sizeof (PTRACE_XFER_TYPE); 112 /* Allocate buffer of that many longwords. */ 113 register PTRACE_XFER_TYPE *buffer 114 = (PTRACE_XFER_TYPE *) alloca (count * sizeof (PTRACE_XFER_TYPE)); 115 116 /* Read all the longwords */ 117 for (i = 0; i < count; i++, addr += sizeof (PTRACE_XFER_TYPE)) { 118 errno = 0; 119 buffer[i] = ptrace (PTRACE_PEEKTEXT, inferior_pid, 120 (PTRACE_ARG3_TYPE) addr, 0); 121 if (errno) 122 return errno; 123 } 124 125 /* Copy appropriate bytes out of the buffer. */ 126 memcpy (myaddr, 127 (char *) buffer + (memaddr & (sizeof (PTRACE_XFER_TYPE) - 1)), len); 128 129 return 0; 130} 131 132/* Copy LEN bytes of data from vgdb memory at MYADDR 133 to valgrind memory at MEMADDR. 134 On failure (cannot write the valgrind memory) 135 returns the value of errno. */ 136__attribute__((unused)) /* not used on all platforms */ 137static 138int ptrace_write_memory (pid_t inferior_pid, CORE_ADDR memaddr, 139 const void *myaddr, size_t len) 140{ 141 register int i; 142 /* Round starting address down to longword boundary. */ 143 register CORE_ADDR addr = memaddr & -(CORE_ADDR) sizeof (PTRACE_XFER_TYPE); 144 /* Round ending address up; get number of longwords that makes. */ 145 register int count 146 = (((memaddr + len) - addr) + sizeof (PTRACE_XFER_TYPE) - 1) 147 / sizeof (PTRACE_XFER_TYPE); 148 /* Allocate buffer of that many longwords. */ 149 register PTRACE_XFER_TYPE *buffer 150 = (PTRACE_XFER_TYPE *) alloca (count * sizeof (PTRACE_XFER_TYPE)); 151 152 if (debuglevel >= 1) { 153 DEBUG (1, "Writing "); 154 for (i = 0; i < len; i++) 155 PDEBUG (1, "%02x", ((const unsigned char*)myaddr)[i]); 156 PDEBUG(1, " to %p\n", (void *) memaddr); 157 } 158 159 /* Fill start and end extra bytes of buffer with existing memory data. */ 160 161 buffer[0] = ptrace (PTRACE_PEEKTEXT, inferior_pid, 162 (PTRACE_ARG3_TYPE) addr, 0); 163 164 if (count > 1) { 165 buffer[count - 1] 166 = ptrace (PTRACE_PEEKTEXT, inferior_pid, 167 (PTRACE_ARG3_TYPE) (addr + (count - 1) 168 * sizeof (PTRACE_XFER_TYPE)), 169 0); 170 } 171 172 /* Copy data to be written over corresponding part of buffer */ 173 174 memcpy ((char *) buffer + (memaddr & (sizeof (PTRACE_XFER_TYPE) - 1)), 175 myaddr, len); 176 177 /* Write the entire buffer. */ 178 179 for (i = 0; i < count; i++, addr += sizeof (PTRACE_XFER_TYPE)) { 180 errno = 0; 181 ptrace (PTRACE_POKETEXT, inferior_pid, 182 (PTRACE_ARG3_TYPE) addr, buffer[i]); 183 if (errno) 184 return errno; 185 } 186 187 return 0; 188} 189 190/* subset of VG_(threads) needed for vgdb ptrace. 191 This is initialized when process is attached. */ 192typedef struct { 193 ThreadStatus status; 194 Int lwpid; 195} 196VgdbThreadState; 197static VgdbThreadState *vgdb_threads; 198static int vg_n_threads; 199 200static const 201HChar* name_of_ThreadStatus ( ThreadStatus status ) 202{ 203 switch (status) { 204 case VgTs_Empty: return "VgTs_Empty"; 205 case VgTs_Init: return "VgTs_Init"; 206 case VgTs_Runnable: return "VgTs_Runnable"; 207 case VgTs_WaitSys: return "VgTs_WaitSys"; 208 case VgTs_Yielding: return "VgTs_Yielding"; 209 case VgTs_Zombie: return "VgTs_Zombie"; 210 default: return "VgTs_???"; 211 } 212} 213 214static 215char *status_image (int status) 216{ 217 static char result[256]; // large enough 218 int sz = 0; 219#define APPEND(...) sz += snprintf (result+sz, 256 - sz - 1, __VA_ARGS__) 220 221 result[0] = 0; 222 223 if (WIFEXITED(status)) 224 APPEND ("WIFEXITED %d ", WEXITSTATUS(status)); 225 226 if (WIFSIGNALED(status)) { 227 APPEND ("WIFSIGNALED %d ", WTERMSIG(status)); 228 if (WCOREDUMP(status)) APPEND ("WCOREDUMP "); 229 } 230 231 if (WIFSTOPPED(status)) 232 APPEND ("WIFSTOPPED %d ", WSTOPSIG(status)); 233 234#ifdef WIFCONTINUED 235 if (WIFCONTINUED(status)) 236 APPEND ("WIFCONTINUED "); 237#endif 238 239 return result; 240#undef APPEND 241} 242 243/* Wait till the process pid is reported as stopped with signal_expected. 244 If other signal(s) than signal_expected are received, waitstopped 245 will pass them to pid, waiting for signal_expected to stop pid. 246 Returns True when process is in stopped state with signal_expected. 247 Returns False if a problem was encountered while waiting for pid 248 to be stopped. 249 250 If pid is reported as being dead/exited, waitstopped will return False. 251*/ 252static 253Bool waitstopped (pid_t pid, int signal_expected, const char *msg) 254{ 255 pid_t p; 256 int status = 0; 257 int signal_received; 258 int res; 259 260 while (1) { 261 DEBUG(1, "waitstopped %s before waitpid signal_expected %d\n", 262 msg, signal_expected); 263 p = waitpid(pid, &status, __WALL); 264 DEBUG(1, "after waitpid pid %d p %d status 0x%x %s\n", pid, p, 265 status, status_image (status)); 266 if (p != pid) { 267 ERROR(errno, "%s waitpid pid %d in waitstopped %d status 0x%x %s\n", 268 msg, pid, p, status, status_image (status)); 269 return False; 270 } 271 272 if (WIFEXITED(status)) { 273 shutting_down = True; 274 return False; 275 } 276 277 assert (WIFSTOPPED(status)); 278 signal_received = WSTOPSIG(status); 279 if (signal_received == signal_expected) 280 break; 281 282 /* pid received a signal which is not the signal we are waiting for. 283 If we have not (yet) changed the registers of the inferior 284 or we have (already) reset them, we can transmit the signal. 285 286 If we have already set the registers of the inferior, we cannot 287 transmit the signal, as this signal would arrive when the 288 gdbserver code runs. And valgrind only expects signals to 289 arrive in a small code portion around 290 client syscall logic, where signal are unmasked (see e.g. 291 m_syswrap/syscall-x86-linux.S ML_(do_syscall_for_client_WRK). 292 293 As ptrace is forcing a call to gdbserver by jumping 294 'out of this region', signals are not masked, but 295 will arrive outside of the allowed/expected code region. 296 So, if we have changed the registers of the inferior, we 297 rather queue the signal to transmit them when detaching, 298 after having restored the registers to the initial values. */ 299 if (pid_of_save_regs) { 300 siginfo_t *newsiginfo; 301 302 // realloc a bigger queue, and store new signal at the end. 303 // This is not very efficient but we assume not many sigs are queued. 304 signal_queue_sz++; 305 signal_queue = vrealloc(signal_queue, 306 sizeof(siginfo_t) * signal_queue_sz); 307 newsiginfo = signal_queue + (signal_queue_sz - 1); 308 309 res = ptrace (PTRACE_GETSIGINFO, pid, NULL, newsiginfo); 310 if (res != 0) { 311 ERROR(errno, "PTRACE_GETSIGINFO failed: signal lost !!!!\n"); 312 signal_queue_sz--; 313 } else 314 DEBUG(1, "waitstopped PTRACE_CONT, queuing signal %d" 315 " si_signo %d si_pid %d\n", 316 signal_received, newsiginfo->si_signo, newsiginfo->si_pid); 317 res = ptrace (PTRACE_CONT, pid, NULL, 0); 318 } else { 319 DEBUG(1, "waitstopped PTRACE_CONT with signal %d\n", signal_received); 320 res = ptrace (PTRACE_CONT, pid, NULL, signal_received); 321 } 322 if (res != 0) { 323 ERROR(errno, "waitstopped PTRACE_CONT\n"); 324 return False; 325 } 326 } 327 328 return True; 329} 330 331/* Stops the given pid, wait for the process to be stopped. 332 Returns True if succesful, False otherwise. 333 msg is used in tracing and error reporting. */ 334static 335Bool stop (pid_t pid, const char *msg) 336{ 337 long res; 338 339 DEBUG(1, "%s SIGSTOP pid %d\n", msg, pid); 340 res = kill (pid, SIGSTOP); 341 if (res != 0) { 342 ERROR(errno, "%s SIGSTOP pid %d %ld\n", msg, pid, res); 343 return False; 344 } 345 346 return waitstopped (pid, SIGSTOP, msg); 347 348} 349 350/* Attaches to given pid, wait for the process to be stopped. 351 Returns True if succesful, False otherwise. 352 msg is used in tracing and error reporting. */ 353static 354Bool attach (pid_t pid, const char *msg) 355{ 356 long res; 357 static Bool output_error = True; 358 static Bool initial_attach = True; 359 // For a ptrace_scope protected system, we do not want to output 360 // repetitively attach error. We will output once an error 361 // for the initial_attach. Once the 1st attach has succeeded, we 362 // again show all errors. 363 364 DEBUG(1, "%s PTRACE_ATTACH pid %d\n", msg, pid); 365 res = ptrace (PTRACE_ATTACH, pid, NULL, NULL); 366 if (res != 0) { 367 if (output_error || debuglevel > 0) { 368 ERROR(errno, "%s PTRACE_ATTACH pid %d %ld\n", msg, pid, res); 369 if (initial_attach) 370 output_error = False; 371 } 372 return False; 373 } 374 375 initial_attach = False; 376 output_error = True; 377 return waitstopped(pid, SIGSTOP, msg); 378} 379 380/* once we are attached to the pid, get the list of threads and stop 381 them all. 382 Returns True if all threads properly suspended, False otherwise. */ 383static 384Bool acquire_and_suspend_threads (pid_t pid) 385{ 386 int i; 387 int rw; 388 Bool pid_found = False; 389 Addr vgt; 390 int sz_tst; 391 int off_status; 392 int off_lwpid; 393 int nr_live_threads = 0; 394 395 if (shared32 != NULL) { 396 vgt = shared32->threads; 397 vg_n_threads = shared32->vg_n_threads; 398 sz_tst = shared32->sizeof_ThreadState; 399 off_status = shared32->offset_status; 400 off_lwpid = shared32->offset_lwpid; 401 } 402 else if (shared64 != NULL) { 403 vgt = shared64->threads; 404 vg_n_threads = shared64->vg_n_threads; 405 sz_tst = shared64->sizeof_ThreadState; 406 off_status = shared64->offset_status; 407 off_lwpid = shared64->offset_lwpid; 408 } else { 409 assert (0); 410 } 411 412 vgdb_threads = vmalloc(vg_n_threads * sizeof vgdb_threads[0]); 413 414 /* note: the entry 0 is unused */ 415 DEBUG(1, "examining thread entries from tid 1 to tid %d\n", vg_n_threads-1); 416 for (i = 1; i < vg_n_threads; i++) { 417 vgt += sz_tst; 418 rw = ptrace_read_memory(pid, vgt+off_status, 419 &(vgdb_threads[i].status), 420 sizeof(ThreadStatus)); 421 if (rw != 0) { 422 ERROR(rw, "status ptrace_read_memory\n"); 423 return False; 424 } 425 426 rw = ptrace_read_memory(pid, vgt+off_lwpid, 427 &(vgdb_threads[i].lwpid), 428 sizeof(Int)); 429 if (rw != 0) { 430 ERROR(rw, "lwpid ptrace_read_memory\n"); 431 return False; 432 } 433 434 if (vgdb_threads[i].status != VgTs_Empty) { 435 DEBUG(1, "found tid %d status %s lwpid %d\n", 436 i, name_of_ThreadStatus(vgdb_threads[i].status), 437 vgdb_threads[i].lwpid); 438 nr_live_threads++; 439 if (vgdb_threads[i].lwpid <= 1) { 440 if (vgdb_threads[i].lwpid == 0 441 && vgdb_threads[i].status == VgTs_Init) { 442 DEBUG(1, "not set lwpid tid %d status %s lwpid %d\n", 443 i, name_of_ThreadStatus(vgdb_threads[i].status), 444 vgdb_threads[i].lwpid); 445 } else { 446 ERROR(1, "unexpected lwpid tid %d status %s lwpid %d\n", 447 i, name_of_ThreadStatus(vgdb_threads[i].status), 448 vgdb_threads[i].lwpid); 449 } 450 /* in case we have a VtTs_Init thread with lwpid not yet set, 451 we try again later. */ 452 return False; 453 } 454 if (vgdb_threads[i].lwpid == pid) { 455 assert (!pid_found); 456 assert (i == 1); 457 pid_found = True; 458 } else { 459 if (!attach(vgdb_threads[i].lwpid, "attach_thread")) { 460 ERROR(0, "ERROR attach pid %d tid %d\n", 461 vgdb_threads[i].lwpid, i); 462 return False; 463 } 464 } 465 } 466 } 467 /* If we found no thread, it means the process is stopping, and 468 we better do not force anything to happen during that. */ 469 if (nr_live_threads > 0) 470 return True; 471 else 472 return False; 473} 474 475static 476void detach_from_all_threads (pid_t pid) 477{ 478 int i; 479 long res; 480 Bool pid_found = False; 481 482 /* detach from all the threads */ 483 for (i = 1; i < vg_n_threads; i++) { 484 if (vgdb_threads[i].status != VgTs_Empty) { 485 if (vgdb_threads[i].status == VgTs_Init 486 && vgdb_threads[i].lwpid == 0) { 487 DEBUG(1, "skipping PTRACE_DETACH pid %d tid %d status %s\n", 488 vgdb_threads[i].lwpid, i, 489 name_of_ThreadStatus (vgdb_threads[i].status)); 490 } else { 491 if (vgdb_threads[i].lwpid == pid) { 492 assert (!pid_found); 493 pid_found = True; 494 } 495 DEBUG(1, "PTRACE_DETACH pid %d tid %d status %s\n", 496 vgdb_threads[i].lwpid, i, 497 name_of_ThreadStatus (vgdb_threads[i].status)); 498 res = ptrace (PTRACE_DETACH, vgdb_threads[i].lwpid, NULL, NULL); 499 if (res != 0) { 500 ERROR(errno, "PTRACE_DETACH pid %d tid %d status %s res %ld\n", 501 vgdb_threads[i].lwpid, i, 502 name_of_ThreadStatus (vgdb_threads[i].status), 503 res); 504 } 505 } 506 } 507 } 508 509 free (vgdb_threads); 510 511 if (!pid_found && pid) { 512 /* No threads are live. Process is busy stopping. 513 We need to detach from pid explicitely. */ 514 DEBUG(1, "no thread live => PTRACE_DETACH pid %d\n", pid); 515 res = ptrace (PTRACE_DETACH, pid, NULL, NULL); 516 if (res != 0) 517 ERROR(errno, "PTRACE_DETACH pid %d res %ld\n", pid, res); 518 } 519} 520 521# if defined(VGA_arm64) || defined(VGA_tilegx) 522/* arm64 is extra special, old glibc defined kernel user_pt_regs, but 523 newer glibc instead define user_regs_struct. */ 524# ifdef HAVE_SYS_USER_REGS 525static struct user_regs_struct user_save; 526# else 527static struct user_pt_regs user_save; 528# endif 529# else 530static struct user user_save; 531# endif 532// The below indicates if ptrace_getregs (and ptrace_setregs) can be used. 533// Note that some linux versions are defining PTRACE_GETREGS but using 534// it gives back EIO. 535// has_working_ptrace_getregs can take the following values: 536// -1 : PTRACE_GETREGS is defined 537// runtime check not yet done. 538// 0 : PTRACE_GETREGS runtime check has failed. 539// 1 : PTRACE_GETREGS defined and runtime check ok. 540#ifdef HAVE_PTRACE_GETREGS 541static int has_working_ptrace_getregs = -1; 542#endif 543// Similar but for PTRACE_GETREGSET 544#ifdef HAVE_PTRACE_GETREGSET 545static int has_working_ptrace_getregset = -1; 546#endif 547 548/* Get the registers from pid into regs. 549 regs_bsz value gives the length of *regs. 550 Returns True if all ok, otherwise False. */ 551static 552Bool getregs (pid_t pid, void *regs, long regs_bsz) 553{ 554 DEBUG(1, "getregs regs_bsz %ld\n", regs_bsz); 555# ifdef HAVE_PTRACE_GETREGSET 556# ifndef USE_PTRACE_GETREGSET 557 if (has_working_ptrace_getregset) 558 DEBUG(1, "PTRACE_GETREGSET defined, not used (yet?) by vgdb\n"); 559 has_working_ptrace_getregset = 0; 560# endif 561 if (has_working_ptrace_getregset) { 562 // Platforms having GETREGSET 563 long res; 564 elf_gregset_t elf_regs; 565 struct iovec iovec; 566 567 DEBUG(1, "getregs PTRACE_GETREGSET sizeof(elf_regs) %zu\n", 568 sizeof(elf_regs)); 569 iovec.iov_base = regs; 570 iovec.iov_len = sizeof(elf_regs); 571 572 res = ptrace (PTRACE_GETREGSET, pid, NT_PRSTATUS, &iovec); 573 if (res == 0) { 574 if (has_working_ptrace_getregset == -1) { 575 // First call to PTRACE_GETREGSET succesful => 576 has_working_ptrace_getregset = 1; 577 DEBUG(1, "detected a working PTRACE_GETREGSET\n"); 578 } 579 assert (has_working_ptrace_getregset == 1); 580 return True; 581 } 582 else if (has_working_ptrace_getregset == 1) { 583 // We had a working call, but now it fails. 584 // This is unexpected. 585 ERROR(errno, "PTRACE_GETREGSET %ld\n", res); 586 return False; 587 } else { 588 // Check this is the first call: 589 assert (has_working_ptrace_getregset == -1); 590 if (errno == EIO) { 591 DEBUG(1, "detected a broken PTRACE_GETREGSET with EIO\n"); 592 has_working_ptrace_getregset = 0; 593 // Fall over to the PTRACE_GETREGS or PTRACE_PEEKUSER case. 594 } else { 595 ERROR(errno, "broken PTRACE_GETREGSET unexpected errno %ld\n", res); 596 return False; 597 } 598 } 599 } 600# endif 601 602# ifdef HAVE_PTRACE_GETREGS 603 if (has_working_ptrace_getregs) { 604 // Platforms having GETREGS 605 long res; 606 DEBUG(1, "getregs PTRACE_GETREGS\n"); 607 res = ptrace (PTRACE_GETREGS, pid, NULL, regs); 608 if (res == 0) { 609 if (has_working_ptrace_getregs == -1) { 610 // First call to PTRACE_GETREGS succesful => 611 has_working_ptrace_getregs = 1; 612 DEBUG(1, "detected a working PTRACE_GETREGS\n"); 613 } 614 assert (has_working_ptrace_getregs == 1); 615 return True; 616 } 617 else if (has_working_ptrace_getregs == 1) { 618 // We had a working call, but now it fails. 619 // This is unexpected. 620 ERROR(errno, "PTRACE_GETREGS %ld\n", res); 621 return False; 622 } else { 623 // Check this is the first call: 624 assert (has_working_ptrace_getregs == -1); 625 if (errno == EIO) { 626 DEBUG(1, "detected a broken PTRACE_GETREGS with EIO\n"); 627 has_working_ptrace_getregs = 0; 628 // Fall over to the PTRACE_PEEKUSER case. 629 } else { 630 ERROR(errno, "broken PTRACE_GETREGS unexpected errno %ld\n", res); 631 return False; 632 } 633 } 634 } 635# endif 636 637 // We assume PTRACE_PEEKUSER is defined everywhere. 638 { 639# ifdef PT_ENDREGS 640 long peek_bsz = PT_ENDREGS; 641 assert (peek_bsz <= regs_bsz); 642# else 643 long peek_bsz = regs_bsz-1; 644# endif 645 char *pregs = (char *) regs; 646 long offset; 647 errno = 0; 648 DEBUG(1, "getregs PTRACE_PEEKUSER(s) peek_bsz %ld\n", peek_bsz); 649 for (offset = 0; offset < peek_bsz; offset = offset + sizeof(long)) { 650 *(long *)(pregs+offset) = ptrace(PTRACE_PEEKUSER, pid, offset, NULL); 651 if (errno != 0) { 652 ERROR(errno, "PTRACE_PEEKUSER offset %ld\n", offset); 653 return False; 654 } 655 } 656 return True; 657 } 658 659 // If neither of PTRACE_GETREGSET PTRACE_GETREGS PTRACE_PEEKUSER have 660 // returned, then we are in serious trouble. 661 assert (0); 662} 663 664/* Set the registers of pid to regs. 665 regs_bsz value gives the length of *regs. 666 Returns True if all ok, otherwise False. */ 667static 668Bool setregs (pid_t pid, void *regs, long regs_bsz) 669{ 670 DEBUG(1, "setregs regs_bsz %ld\n", regs_bsz); 671 672// Note : the below is checking for GETREGSET, not SETREGSET 673// as if one is defined and working, the other one should also work. 674# ifdef HAVE_PTRACE_GETREGSET 675 if (has_working_ptrace_getregset) { 676 // Platforms having SETREGSET 677 long res; 678 elf_gregset_t elf_regs; 679 struct iovec iovec; 680 681 // setregset can never be called before getregset has done a runtime check. 682 assert (has_working_ptrace_getregset == 1); 683 DEBUG(1, "setregs PTRACE_SETREGSET sizeof(elf_regs) %zu\n", 684 sizeof(elf_regs)); 685 iovec.iov_base = regs; 686 iovec.iov_len = sizeof(elf_regs); 687 res = ptrace (PTRACE_SETREGSET, pid, NT_PRSTATUS, &iovec); 688 if (res != 0) { 689 ERROR(errno, "PTRACE_SETREGSET %ld\n", res); 690 return False; 691 } 692 return True; 693 } 694# endif 695 696// Note : the below is checking for GETREGS, not SETREGS 697// as if one is defined and working, the other one should also work. 698# ifdef HAVE_PTRACE_GETREGS 699 if (has_working_ptrace_getregs) { 700 // Platforms having SETREGS 701 long res; 702 // setregs can never be called before getregs has done a runtime check. 703 assert (has_working_ptrace_getregs == 1); 704 DEBUG(1, "setregs PTRACE_SETREGS\n"); 705 res = ptrace (PTRACE_SETREGS, pid, NULL, regs); 706 if (res != 0) { 707 ERROR(errno, "PTRACE_SETREGS %ld\n", res); 708 return False; 709 } 710 return True; 711 } 712# endif 713 714 { 715 char *pregs = (char *) regs; 716 long offset; 717 long res; 718# ifdef PT_ENDREGS 719 long peek_bsz = PT_ENDREGS; 720 assert (peek_bsz <= regs_bsz); 721# else 722 long peek_bsz = regs_bsz-1; 723# endif 724 errno = 0; 725 DEBUG(1, "setregs PTRACE_POKEUSER(s) %ld\n", peek_bsz); 726 for (offset = 0; offset < peek_bsz; offset = offset + sizeof(long)) { 727 res = ptrace(PTRACE_POKEUSER, pid, offset, *(long*)(pregs+offset)); 728 if (errno != 0) { 729 ERROR(errno, "PTRACE_POKEUSER offset %ld res %ld\n", offset, res); 730 return False; 731 } 732 } 733 return True; 734 } 735 736 // If neither PTRACE_SETREGS not PTRACE_POKEUSER have returned, 737 // then we are in serious trouble. 738 assert (0); 739} 740 741/* Restore the registers to the saved value, then detaches from all threads */ 742static 743void restore_and_detach (pid_t pid) 744{ 745 int res; 746 747 DEBUG(1, "restore_and_detach pid %d pid_of_save_regs %d\n", 748 pid, pid_of_save_regs); 749 750 if (pid_of_save_regs) { 751 /* In case the 'main pid' has been continued, we need to stop it 752 before resetting the registers. */ 753 if (pid_of_save_regs_continued) { 754 pid_of_save_regs_continued = False; 755 if (!stop(pid_of_save_regs, "sigstop before reset regs")) 756 DEBUG(0, "Could not sigstop before reset"); 757 } 758 759 DEBUG(1, "setregs restore registers pid %d\n", pid_of_save_regs); 760 if (!setregs(pid_of_save_regs, &user_save.regs, sizeof(user_save.regs))) { 761 ERROR(errno, "setregs restore registers pid %d after cont\n", 762 pid_of_save_regs); 763 } 764 765 /* Now, we transmit all the signals we have queued. */ 766 if (signal_queue_sz > 0) { 767 int i; 768 for (i = 0; i < signal_queue_sz; i++) { 769 DEBUG(1, "PTRACE_CONT to transmit queued signal %d\n", 770 signal_queue[i].si_signo); 771 res = ptrace (PTRACE_CONT, pid_of_save_regs, NULL, 772 signal_queue[i].si_signo); 773 if (res != 0) 774 ERROR(errno, "PTRACE_CONT with signal %d\n", 775 signal_queue[i].si_signo); 776 if (!stop(pid_of_save_regs, "sigstop after transmit sig")) 777 DEBUG(0, "Could not sigstop after transmit sig"); 778 } 779 free (signal_queue); 780 signal_queue = NULL; 781 signal_queue_sz = 0; 782 } 783 pid_of_save_regs = 0; 784 } else { 785 DEBUG(1, "PTRACE_SETREGS restore registers: no pid\n"); 786 } 787 if (signal_queue) 788 ERROR (0, "One or more signals queued were not delivered. " 789 "First signal: %d\n", signal_queue[0].si_signo); 790 detach_from_all_threads(pid); 791} 792 793Bool invoker_invoke_gdbserver (pid_t pid) 794{ 795 long res; 796 Bool stopped; 797# if defined(VGA_arm64) || defined(VGA_tilegx) 798/* arm64 is extra special, old glibc defined kernel user_pt_regs, but 799 newer glibc instead define user_regs_struct. */ 800# ifdef HAVE_SYS_USER_REGS 801 struct user_regs_struct user_mod; 802# else 803 struct user_pt_regs user_mod; 804# endif 805# else 806 struct user user_mod; 807# endif 808 Addr sp __attribute__((unused)); // Not used on all platforms. 809 810 /* A specific int value is passed to invoke_gdbserver, to check 811 everything goes according to the plan. */ 812 const int check = 0x8BADF00D; // ate bad food. 813 814 const Addr bad_return = 0; 815 // A bad return address will be pushed on the stack. 816 // The function invoke_gdbserver cannot return. If ever it returns, a NULL 817 // address pushed on the stack should ensure this is detected. 818 819 /* Not yet attached. If problem, vgdb can abort, 820 no cleanup needed. */ 821 822 DEBUG(1, "attach to 'main' pid %d\n", pid); 823 if (!attach(pid, "attach main pid")) { 824 ERROR(0, "error attach main pid %d\n", pid); 825 return False; 826 } 827 828 /* Now, we are attached. If problem, detach and return. */ 829 830 if (!acquire_and_suspend_threads(pid)) { 831 detach_from_all_threads(pid); 832 /* if the pid does not exist anymore, we better stop */ 833 if (kill(pid, 0) != 0) 834 XERROR (errno, "invoke_gdbserver: check for pid %d existence failed\n", 835 pid); 836 return False; 837 } 838 839 if (!getregs(pid, &user_mod.regs, sizeof(user_mod.regs))) { 840 detach_from_all_threads(pid); 841 return False; 842 } 843 user_save = user_mod; 844 845#if defined(VGA_x86) 846 sp = user_mod.regs.esp; 847#elif defined(VGA_amd64) 848 sp = user_mod.regs.rsp; 849 if (shared32 != NULL) { 850 /* 64bit vgdb speaking with a 32bit executable. 851 To have system call restart properly, we need to sign extend rax. 852 For more info: 853 web search '[patch] Fix syscall restarts for amd64->i386 biarch' 854 e.g. http://sourceware.org/ml/gdb-patches/2009-11/msg00592.html */ 855 *(long *)&user_save.regs.rax = *(int*)&user_save.regs.rax; 856 DEBUG(1, "Sign extending %8.8lx to %8.8lx\n", 857 user_mod.regs.rax, user_save.regs.rax); 858 } 859#elif defined(VGA_arm) 860 sp = user_mod.regs.uregs[13]; 861#elif defined(VGA_arm64) 862 sp = user_mod.sp; 863#elif defined(VGA_ppc32) 864 sp = user_mod.regs.gpr[1]; 865#elif defined(VGA_ppc64be) || defined(VGA_ppc64le) 866 sp = user_mod.regs.gpr[1]; 867#elif defined(VGA_s390x) 868 sp = user_mod.regs.gprs[15]; 869#elif defined(VGA_mips32) 870 long long *p = (long long *)user_mod.regs; 871 sp = p[29]; 872#elif defined(VGA_mips64) 873 sp = user_mod.regs[29]; 874#elif defined(VGA_tilegx) 875 sp = user_mod.sp; 876#else 877 I_die_here : (sp) architecture missing in vgdb-invoker-ptrace.c 878#endif 879 880 881 // the magic below is derived from spying what gdb sends to 882 // the (classical) gdbserver when invoking a C function. 883 if (shared32 != NULL) { 884 // vgdb speaking with a 32bit executable. 885#if defined(VGA_x86) || defined(VGA_amd64) 886 const int regsize = 4; 887 int rw; 888 /* push check arg on the stack */ 889 sp = sp - regsize; 890 DEBUG(1, "push check arg ptrace_write_memory\n"); 891 assert(regsize == sizeof(check)); 892 rw = ptrace_write_memory(pid, sp, 893 &check, 894 regsize); 895 if (rw != 0) { 896 ERROR(rw, "push check arg ptrace_write_memory"); 897 detach_from_all_threads(pid); 898 return False; 899 } 900 901 sp = sp - regsize; 902 DEBUG(1, "push bad_return return address ptrace_write_memory\n"); 903 // Note that for a 64 bits vgdb, only 4 bytes of NULL bad_return 904 // are written. 905 rw = ptrace_write_memory(pid, sp, 906 &bad_return, 907 regsize); 908 if (rw != 0) { 909 ERROR(rw, "push bad_return return address ptrace_write_memory"); 910 detach_from_all_threads(pid); 911 return False; 912 } 913#if defined(VGA_x86) 914 /* set ebp, esp, eip and orig_eax to invoke gdbserver */ 915 // compiled in 32bits, speaking with a 32bits exe 916 user_mod.regs.ebp = sp; // bp set to sp 917 user_mod.regs.esp = sp; 918 user_mod.regs.eip = shared32->invoke_gdbserver; 919 user_mod.regs.orig_eax = -1L; 920#elif defined(VGA_amd64) 921 /* set ebp, esp, eip and orig_eax to invoke gdbserver */ 922 // compiled in 64bits, speaking with a 32bits exe 923 user_mod.regs.rbp = sp; // bp set to sp 924 user_mod.regs.rsp = sp; 925 user_mod.regs.rip = shared32->invoke_gdbserver; 926 user_mod.regs.orig_rax = -1L; 927#else 928 I_die_here : not x86 or amd64 in x86/amd64 section/ 929#endif 930 931#elif defined(VGA_ppc32) || defined(VGA_ppc64be) || defined(VGA_ppc64le) 932 user_mod.regs.nip = shared32->invoke_gdbserver; 933 user_mod.regs.trap = -1L; 934 /* put check arg in register 3 */ 935 user_mod.regs.gpr[3] = check; 936 /* put NULL return address in Link Register */ 937 user_mod.regs.link = bad_return; 938 939#elif defined(VGA_arm) 940 /* put check arg in register 0 */ 941 user_mod.regs.uregs[0] = check; 942 /* put NULL return address in Link Register */ 943 user_mod.regs.uregs[14] = bad_return; 944 user_mod.regs.uregs[15] = shared32->invoke_gdbserver; 945 946#elif defined(VGA_arm64) 947 XERROR(0, "TBD arm64: vgdb a 32 bits executable with a 64 bits exe"); 948 949#elif defined(VGA_s390x) 950 XERROR(0, "(fn32) s390x has no 32bits implementation"); 951#elif defined(VGA_mips32) 952 /* put check arg in register 4 */ 953 p[4] = check; 954 /* put NULL return address in ra */ 955 p[31] = bad_return; 956 p[34] = shared32->invoke_gdbserver; 957 p[25] = shared32->invoke_gdbserver; 958 /* make stack space for args */ 959 p[29] = sp - 32; 960 961#elif defined(VGA_mips64) || defined(VGA_tilegx) 962 assert(0); // cannot vgdb a 32 bits executable with a 64 bits exe 963#else 964 I_die_here : architecture missing in vgdb-invoker-ptrace.c 965#endif 966 } 967 968 else if (shared64 != NULL) { 969#if defined(VGA_x86) 970 assert(0); // cannot vgdb a 64 bits executable with a 32 bits exe 971#elif defined(VGA_amd64) 972 // vgdb speaking with a 64 bit executable. 973 const int regsize = 8; 974 int rw; 975 976 /* give check arg in rdi */ 977 user_mod.regs.rdi = check; 978 979 /* push return address on stack : return to breakaddr */ 980 sp = sp - regsize; 981 DEBUG(1, "push bad_return return address ptrace_write_memory\n"); 982 rw = ptrace_write_memory(pid, sp, 983 &bad_return, 984 sizeof(bad_return)); 985 if (rw != 0) { 986 ERROR(rw, "push bad_return return address ptrace_write_memory"); 987 detach_from_all_threads(pid); 988 return False; 989 } 990 991 /* set rbp, rsp, rip and orig_rax to invoke gdbserver */ 992 user_mod.regs.rbp = sp; // bp set to sp 993 user_mod.regs.rsp = sp; 994 user_mod.regs.rip = shared64->invoke_gdbserver; 995 user_mod.regs.orig_rax = -1L; 996 997#elif defined(VGA_arm) 998 assert(0); // cannot vgdb a 64 bits executable with a 32 bits exe 999#elif defined(VGA_arm64) 1000 user_mod.regs[0] = check; 1001 user_mod.sp = sp; 1002 user_mod.pc = shared64->invoke_gdbserver; 1003 /* put NULL return address in Link Register */ 1004 user_mod.regs[30] = bad_return; 1005 1006#elif defined(VGA_ppc32) 1007 assert(0); // cannot vgdb a 64 bits executable with a 32 bits exe 1008#elif defined(VGA_ppc64be) 1009 Addr func_addr; 1010 Addr toc_addr; 1011 int rw; 1012 rw = ptrace_read_memory(pid, shared64->invoke_gdbserver, 1013 &func_addr, 1014 sizeof(Addr)); 1015 if (rw != 0) { 1016 ERROR(rw, "ppc64 read func_addr\n"); 1017 detach_from_all_threads(pid); 1018 return False; 1019 } 1020 rw = ptrace_read_memory(pid, shared64->invoke_gdbserver+8, 1021 &toc_addr, 1022 sizeof(Addr)); 1023 if (rw != 0) { 1024 ERROR(rw, "ppc64 read toc_addr\n"); 1025 detach_from_all_threads(pid); 1026 return False; 1027 } 1028 // We are not pushing anything on the stack, so it is not 1029 // very clear why the sp has to be decreased, but it seems 1030 // needed. The ppc64 ABI might give some lights on this ? 1031 user_mod.regs.gpr[1] = sp - 220; 1032 user_mod.regs.gpr[2] = toc_addr; 1033 user_mod.regs.nip = func_addr; 1034 user_mod.regs.trap = -1L; 1035 /* put check arg in register 3 */ 1036 user_mod.regs.gpr[3] = check; 1037 /* put bad_return return address in Link Register */ 1038 user_mod.regs.link = bad_return; 1039#elif defined(VGA_ppc64le) 1040 /* LE does not use the function pointer structure used in BE */ 1041 user_mod.regs.nip = shared64->invoke_gdbserver; 1042 user_mod.regs.gpr[1] = sp - 512; 1043 user_mod.regs.gpr[12] = user_mod.regs.nip; 1044 user_mod.regs.trap = -1L; 1045 /* put check arg in register 3 */ 1046 user_mod.regs.gpr[3] = check; 1047 /* put bad_return return address in Link Register */ 1048 user_mod.regs.link = bad_return; 1049#elif defined(VGA_s390x) 1050 /* put check arg in register r2 */ 1051 user_mod.regs.gprs[2] = check; 1052 /* bad_return Return address is in r14 */ 1053 user_mod.regs.gprs[14] = bad_return; 1054 /* minimum stack frame */ 1055 sp = sp - 160; 1056 user_mod.regs.gprs[15] = sp; 1057 /* set program counter */ 1058 user_mod.regs.psw.addr = shared64->invoke_gdbserver; 1059#elif defined(VGA_mips32) 1060 assert(0); // cannot vgdb a 64 bits executable with a 32 bits exe 1061#elif defined(VGA_mips64) 1062 /* put check arg in register 4 */ 1063 user_mod.regs[4] = check; 1064 /* put NULL return address in ra */ 1065 user_mod.regs[31] = bad_return; 1066 user_mod.regs[34] = shared64->invoke_gdbserver; 1067 user_mod.regs[25] = shared64->invoke_gdbserver; 1068#elif defined(VGA_tilegx) 1069 /* put check arg in register r0 */ 1070 user_mod.regs[0] = check; 1071 /* put NULL return address in lr */ 1072 user_mod.lr = bad_return; 1073 user_mod.pc = shared64->invoke_gdbserver; 1074#else 1075 I_die_here: architecture missing in vgdb-invoker-ptrace.c 1076#endif 1077 } 1078 else { 1079 assert(0); 1080 } 1081 1082 if (!setregs(pid, &user_mod.regs, sizeof(user_mod.regs))) { 1083 detach_from_all_threads(pid); 1084 return False; 1085 } 1086 /* Now that we have modified the registers, we set 1087 pid_of_save_regs to indicate that restore_and_detach 1088 must restore the registers in case of cleanup. */ 1089 pid_of_save_regs = pid; 1090 pid_of_save_regs_continued = False; 1091 1092 1093 /* We PTRACE_CONT-inue pid. 1094 Either gdbserver will be invoked directly (if all 1095 threads are interruptible) or gdbserver will be 1096 called soon by the scheduler. In the first case, 1097 pid will stop on the break inserted above when 1098 gdbserver returns. In the 2nd case, the break will 1099 be encountered directly. */ 1100 DEBUG(1, "PTRACE_CONT to invoke\n"); 1101 res = ptrace (PTRACE_CONT, pid, NULL, NULL); 1102 if (res != 0) { 1103 ERROR(errno, "PTRACE_CONT\n"); 1104 restore_and_detach(pid); 1105 return False; 1106 } 1107 pid_of_save_regs_continued = True; 1108 /* Wait for SIGSTOP generated by m_gdbserver.c give_control_back_to_vgdb */ 1109 stopped = waitstopped (pid, SIGSTOP, 1110 "waitpid status after PTRACE_CONT to invoke"); 1111 if (stopped) { 1112 /* Here pid has properly stopped on the break. */ 1113 pid_of_save_regs_continued = False; 1114 restore_and_detach(pid); 1115 return True; 1116 } else { 1117 /* Whatever kind of problem happened. We shutdown. */ 1118 shutting_down = True; 1119 return False; 1120 } 1121} 1122 1123void invoker_cleanup_restore_and_detach(void *v_pid) 1124{ 1125 DEBUG(1, "invoker_cleanup_restore_and_detach dying: %d\n", dying); 1126 if (!dying) 1127 restore_and_detach(*(int*)v_pid); 1128} 1129 1130void invoker_restrictions_msg(void) 1131{ 1132} 1133 1134void invoker_valgrind_dying(void) 1135{ 1136 /* Avoid messing up with registers of valgrind when it is dying. */ 1137 pid_of_save_regs_continued = False; 1138 dying = True; 1139} 1140