1 /*--------------------------------------------------------------------*/
2 /*--- Implementation of vgdb invoker subsystem via ptrace() calls. ---*/
3 /*--------------------------------------------------------------------*/
4
5 /*
6 This file is part of Valgrind, a dynamic binary instrumentation
7 framework.
8
9 Copyright (C) 2011-2017 Philippe Waroquiers
10
11 This program is free software; you can redistribute it and/or
12 modify it under the terms of the GNU General Public License as
13 published by the Free Software Foundation; either version 2 of the
14 License, or (at your option) any later version.
15
16 This program is distributed in the hope that it will be useful, but
17 WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
19 General Public License for more details.
20
21 You should have received a copy of the GNU General Public License
22 along with this program; if not, write to the Free Software
23 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
24 02111-1307, USA.
25
26 The GNU General Public License is contained in the file COPYING.
27 */
28
29 #include "config.h"
30
31 #include "vgdb.h"
32 #include "pub_core_threadstate.h"
33
34 #include <alloca.h>
35 #include <assert.h>
36 #include <errno.h>
37 #include <stdio.h>
38 #include <stdlib.h>
39 #include <string.h>
40 #include <sys/ptrace.h>
41 #include <sys/time.h>
42 #include <sys/user.h>
43 #include <sys/wait.h>
44
45 #ifdef PTRACE_GETREGSET
46 // TBD: better have a configure test instead ?
47 #define HAVE_PTRACE_GETREGSET
48
49 // A bi-arch build using PTRACE_GET/SETREGSET needs
50 // some conversion code for register structures.
51 // So, better do not use PTRACE_GET/SETREGSET
52 // Rather we use PTRACE_GETREGS or PTRACE_PEEKUSER.
53
54 // The only platform on which we must use PTRACE_GETREGSET is arm64.
55 // The resulting vgdb cannot work in a bi-arch setup.
56 // -1 means we will check that PTRACE_GETREGSET works.
57 # if defined(VGA_arm64)
58 #define USE_PTRACE_GETREGSET
59 # endif
60 #endif
61
62 #include <sys/uio.h>
63 #include <elf.h>
64
65 #include <sys/procfs.h>
66
67 // glibc versions prior to 2.5 do not define PTRACE_GETSIGINFO on
68 // the platforms we support.
69 #if !((__GLIBC__ > 2) || (__GLIBC__ == 2 && __GLIBC_MINOR__ >= 5))
70 # ifndef PTRACE_GETSIGINFO
71 # define PTRACE_GETSIGINFO 0x4202
72 # endif
73 #endif
74
75 // 32-bit or 64-bit wide, depending on primary architecture.
76 typedef Addr CORE_ADDR;
77 typedef Addr PTRACE_XFER_TYPE;
78 typedef void* PTRACE_ARG3_TYPE;
79
80 // if > 0, pid for which registers have to be restored.
81 // if == 0, means we have not yet called setregs (or have already
82 // restored the registers).
83 static int pid_of_save_regs = 0;
84 /* True if we have continued pid_of_save_regs after PTRACE_ATTACH. */
85 static Bool pid_of_save_regs_continued = False;
86 // When setregs has been called to change the registers of pid_of_save_regs,
87 // vgdb cannot transmit the signals intercepted during ptrace.
88 // So, we queue them, and will deliver them when detaching.
89 // See function waitstopped for more info.
90 static int signal_queue_sz = 0;
91 static siginfo_t *signal_queue;
92
93 /* True when loss of connection indicating that the Valgrind
94 process is dying. */
95 static Bool dying = False;
96
97 /* ptrace_(read|write)_memory are modified extracts of linux-low.c
98 from gdb 6.6. Copyrighted FSF */
99 /* Copy LEN bytes from valgrind memory starting at MEMADDR
100 to vgdb memory starting at MYADDR. */
101 static
ptrace_read_memory(pid_t inferior_pid,CORE_ADDR memaddr,void * myaddr,size_t len)102 int ptrace_read_memory (pid_t inferior_pid, CORE_ADDR memaddr,
103 void *myaddr, size_t len)
104 {
105 register int i;
106 /* Round starting address down to longword boundary. */
107 register CORE_ADDR addr = memaddr & -(CORE_ADDR) sizeof (PTRACE_XFER_TYPE);
108 /* Round ending address up; get number of longwords that makes. */
109 register int count
110 = (((memaddr + len) - addr) + sizeof (PTRACE_XFER_TYPE) - 1)
111 / sizeof (PTRACE_XFER_TYPE);
112 /* Allocate buffer of that many longwords. */
113 register PTRACE_XFER_TYPE *buffer
114 = (PTRACE_XFER_TYPE *) alloca (count * sizeof (PTRACE_XFER_TYPE));
115
116 /* Read all the longwords */
117 for (i = 0; i < count; i++, addr += sizeof (PTRACE_XFER_TYPE)) {
118 errno = 0;
119 buffer[i] = ptrace (PTRACE_PEEKTEXT, inferior_pid,
120 (PTRACE_ARG3_TYPE) addr, 0);
121 if (errno)
122 return errno;
123 }
124
125 /* Copy appropriate bytes out of the buffer. */
126 memcpy (myaddr,
127 (char *) buffer + (memaddr & (sizeof (PTRACE_XFER_TYPE) - 1)), len);
128
129 return 0;
130 }
131
132 /* Copy LEN bytes of data from vgdb memory at MYADDR
133 to valgrind memory at MEMADDR.
134 On failure (cannot write the valgrind memory)
135 returns the value of errno. */
136 __attribute__((unused)) /* not used on all platforms */
137 static
ptrace_write_memory(pid_t inferior_pid,CORE_ADDR memaddr,const void * myaddr,size_t len)138 int ptrace_write_memory (pid_t inferior_pid, CORE_ADDR memaddr,
139 const void *myaddr, size_t len)
140 {
141 register int i;
142 /* Round starting address down to longword boundary. */
143 register CORE_ADDR addr = memaddr & -(CORE_ADDR) sizeof (PTRACE_XFER_TYPE);
144 /* Round ending address up; get number of longwords that makes. */
145 register int count
146 = (((memaddr + len) - addr) + sizeof (PTRACE_XFER_TYPE) - 1)
147 / sizeof (PTRACE_XFER_TYPE);
148 /* Allocate buffer of that many longwords. */
149 register PTRACE_XFER_TYPE *buffer
150 = (PTRACE_XFER_TYPE *) alloca (count * sizeof (PTRACE_XFER_TYPE));
151
152 if (debuglevel >= 1) {
153 DEBUG (1, "Writing ");
154 for (i = 0; i < len; i++)
155 PDEBUG (1, "%02x", ((const unsigned char*)myaddr)[i]);
156 PDEBUG(1, " to %p\n", (void *) memaddr);
157 }
158
159 /* Fill start and end extra bytes of buffer with existing memory data. */
160
161 buffer[0] = ptrace (PTRACE_PEEKTEXT, inferior_pid,
162 (PTRACE_ARG3_TYPE) addr, 0);
163
164 if (count > 1) {
165 buffer[count - 1]
166 = ptrace (PTRACE_PEEKTEXT, inferior_pid,
167 (PTRACE_ARG3_TYPE) (addr + (count - 1)
168 * sizeof (PTRACE_XFER_TYPE)),
169 0);
170 }
171
172 /* Copy data to be written over corresponding part of buffer */
173
174 memcpy ((char *) buffer + (memaddr & (sizeof (PTRACE_XFER_TYPE) - 1)),
175 myaddr, len);
176
177 /* Write the entire buffer. */
178
179 for (i = 0; i < count; i++, addr += sizeof (PTRACE_XFER_TYPE)) {
180 errno = 0;
181 ptrace (PTRACE_POKETEXT, inferior_pid,
182 (PTRACE_ARG3_TYPE) addr, buffer[i]);
183 if (errno)
184 return errno;
185 }
186
187 return 0;
188 }
189
190 /* subset of VG_(threads) needed for vgdb ptrace.
191 This is initialized when process is attached. */
192 typedef struct {
193 ThreadStatus status;
194 Int lwpid;
195 }
196 VgdbThreadState;
197 static VgdbThreadState *vgdb_threads;
198 static int vg_n_threads;
199
200 static const
name_of_ThreadStatus(ThreadStatus status)201 HChar* name_of_ThreadStatus ( ThreadStatus status )
202 {
203 switch (status) {
204 case VgTs_Empty: return "VgTs_Empty";
205 case VgTs_Init: return "VgTs_Init";
206 case VgTs_Runnable: return "VgTs_Runnable";
207 case VgTs_WaitSys: return "VgTs_WaitSys";
208 case VgTs_Yielding: return "VgTs_Yielding";
209 case VgTs_Zombie: return "VgTs_Zombie";
210 default: return "VgTs_???";
211 }
212 }
213
214 static
status_image(int status)215 char *status_image (int status)
216 {
217 static char result[256]; // large enough
218 int sz = 0;
219 #define APPEND(...) sz += snprintf (result+sz, 256 - sz - 1, __VA_ARGS__)
220
221 result[0] = 0;
222
223 if (WIFEXITED(status))
224 APPEND ("WIFEXITED %d ", WEXITSTATUS(status));
225
226 if (WIFSIGNALED(status)) {
227 APPEND ("WIFSIGNALED %d ", WTERMSIG(status));
228 if (WCOREDUMP(status)) APPEND ("WCOREDUMP ");
229 }
230
231 if (WIFSTOPPED(status))
232 APPEND ("WIFSTOPPED %d ", WSTOPSIG(status));
233
234 #ifdef WIFCONTINUED
235 if (WIFCONTINUED(status))
236 APPEND ("WIFCONTINUED ");
237 #endif
238
239 return result;
240 #undef APPEND
241 }
242
243 /* Wait till the process pid is reported as stopped with signal_expected.
244 If other signal(s) than signal_expected are received, waitstopped
245 will pass them to pid, waiting for signal_expected to stop pid.
246 Returns True when process is in stopped state with signal_expected.
247 Returns False if a problem was encountered while waiting for pid
248 to be stopped.
249
250 If pid is reported as being dead/exited, waitstopped will return False.
251 */
252 static
waitstopped(pid_t pid,int signal_expected,const char * msg)253 Bool waitstopped (pid_t pid, int signal_expected, const char *msg)
254 {
255 pid_t p;
256 int status = 0;
257 int signal_received;
258 int res;
259
260 while (1) {
261 DEBUG(1, "waitstopped %s before waitpid signal_expected %d\n",
262 msg, signal_expected);
263 p = waitpid(pid, &status, __WALL);
264 DEBUG(1, "after waitpid pid %d p %d status 0x%x %s\n", pid, p,
265 status, status_image (status));
266 if (p != pid) {
267 ERROR(errno, "%s waitpid pid %d in waitstopped %d status 0x%x %s\n",
268 msg, pid, p, status, status_image (status));
269 return False;
270 }
271
272 if (WIFEXITED(status)) {
273 shutting_down = True;
274 return False;
275 }
276
277 assert (WIFSTOPPED(status));
278 signal_received = WSTOPSIG(status);
279 if (signal_received == signal_expected)
280 break;
281
282 /* pid received a signal which is not the signal we are waiting for.
283 If we have not (yet) changed the registers of the inferior
284 or we have (already) reset them, we can transmit the signal.
285
286 If we have already set the registers of the inferior, we cannot
287 transmit the signal, as this signal would arrive when the
288 gdbserver code runs. And valgrind only expects signals to
289 arrive in a small code portion around
290 client syscall logic, where signal are unmasked (see e.g.
291 m_syswrap/syscall-x86-linux.S ML_(do_syscall_for_client_WRK).
292
293 As ptrace is forcing a call to gdbserver by jumping
294 'out of this region', signals are not masked, but
295 will arrive outside of the allowed/expected code region.
296 So, if we have changed the registers of the inferior, we
297 rather queue the signal to transmit them when detaching,
298 after having restored the registers to the initial values. */
299 if (pid_of_save_regs) {
300 siginfo_t *newsiginfo;
301
302 // realloc a bigger queue, and store new signal at the end.
303 // This is not very efficient but we assume not many sigs are queued.
304 signal_queue_sz++;
305 signal_queue = vrealloc(signal_queue,
306 sizeof(siginfo_t) * signal_queue_sz);
307 newsiginfo = signal_queue + (signal_queue_sz - 1);
308
309 res = ptrace (PTRACE_GETSIGINFO, pid, NULL, newsiginfo);
310 if (res != 0) {
311 ERROR(errno, "PTRACE_GETSIGINFO failed: signal lost !!!!\n");
312 signal_queue_sz--;
313 } else
314 DEBUG(1, "waitstopped PTRACE_CONT, queuing signal %d"
315 " si_signo %d si_pid %d\n",
316 signal_received, newsiginfo->si_signo, newsiginfo->si_pid);
317 res = ptrace (PTRACE_CONT, pid, NULL, 0);
318 } else {
319 DEBUG(1, "waitstopped PTRACE_CONT with signal %d\n", signal_received);
320 res = ptrace (PTRACE_CONT, pid, NULL, signal_received);
321 }
322 if (res != 0) {
323 ERROR(errno, "waitstopped PTRACE_CONT\n");
324 return False;
325 }
326 }
327
328 return True;
329 }
330
331 /* Stops the given pid, wait for the process to be stopped.
332 Returns True if successful, False otherwise.
333 msg is used in tracing and error reporting. */
334 static
stop(pid_t pid,const char * msg)335 Bool stop (pid_t pid, const char *msg)
336 {
337 long res;
338
339 DEBUG(1, "%s SIGSTOP pid %d\n", msg, pid);
340 res = kill (pid, SIGSTOP);
341 if (res != 0) {
342 ERROR(errno, "%s SIGSTOP pid %d %ld\n", msg, pid, res);
343 return False;
344 }
345
346 return waitstopped (pid, SIGSTOP, msg);
347
348 }
349
350 /* Attaches to given pid, wait for the process to be stopped.
351 Returns True if successful, False otherwise.
352 msg is used in tracing and error reporting. */
353 static
attach(pid_t pid,const char * msg)354 Bool attach (pid_t pid, const char *msg)
355 {
356 long res;
357 static Bool output_error = True;
358 static Bool initial_attach = True;
359 // For a ptrace_scope protected system, we do not want to output
360 // repetitively attach error. We will output once an error
361 // for the initial_attach. Once the 1st attach has succeeded, we
362 // again show all errors.
363
364 DEBUG(1, "%s PTRACE_ATTACH pid %d\n", msg, pid);
365 res = ptrace (PTRACE_ATTACH, pid, NULL, NULL);
366 if (res != 0) {
367 if (output_error || debuglevel > 0) {
368 ERROR(errno, "%s PTRACE_ATTACH pid %d %ld\n", msg, pid, res);
369 if (initial_attach)
370 output_error = False;
371 }
372 return False;
373 }
374
375 initial_attach = False;
376 output_error = True;
377 return waitstopped(pid, SIGSTOP, msg);
378 }
379
380 /* once we are attached to the pid, get the list of threads and stop
381 them all.
382 Returns True if all threads properly suspended, False otherwise. */
383 static
acquire_and_suspend_threads(pid_t pid)384 Bool acquire_and_suspend_threads (pid_t pid)
385 {
386 int i;
387 int rw;
388 Bool pid_found = False;
389 Addr vgt;
390 int sz_tst;
391 int off_status;
392 int off_lwpid;
393 int nr_live_threads = 0;
394
395 if (shared32 != NULL) {
396 vgt = shared32->threads;
397 vg_n_threads = shared32->vg_n_threads;
398 sz_tst = shared32->sizeof_ThreadState;
399 off_status = shared32->offset_status;
400 off_lwpid = shared32->offset_lwpid;
401 }
402 else if (shared64 != NULL) {
403 vgt = shared64->threads;
404 vg_n_threads = shared64->vg_n_threads;
405 sz_tst = shared64->sizeof_ThreadState;
406 off_status = shared64->offset_status;
407 off_lwpid = shared64->offset_lwpid;
408 } else {
409 assert (0);
410 }
411
412 vgdb_threads = vmalloc(vg_n_threads * sizeof vgdb_threads[0]);
413
414 /* note: the entry 0 is unused */
415 DEBUG(1, "examining thread entries from tid 1 to tid %d\n", vg_n_threads-1);
416 for (i = 1; i < vg_n_threads; i++) {
417 vgt += sz_tst;
418 rw = ptrace_read_memory(pid, vgt+off_status,
419 &(vgdb_threads[i].status),
420 sizeof(ThreadStatus));
421 if (rw != 0) {
422 ERROR(rw, "status ptrace_read_memory\n");
423 return False;
424 }
425
426 rw = ptrace_read_memory(pid, vgt+off_lwpid,
427 &(vgdb_threads[i].lwpid),
428 sizeof(Int));
429 if (rw != 0) {
430 ERROR(rw, "lwpid ptrace_read_memory\n");
431 return False;
432 }
433
434 if (vgdb_threads[i].status != VgTs_Empty) {
435 DEBUG(1, "found tid %d status %s lwpid %d\n",
436 i, name_of_ThreadStatus(vgdb_threads[i].status),
437 vgdb_threads[i].lwpid);
438 nr_live_threads++;
439 if (vgdb_threads[i].lwpid <= 1) {
440 if (vgdb_threads[i].lwpid == 0
441 && vgdb_threads[i].status == VgTs_Init) {
442 DEBUG(1, "not set lwpid tid %d status %s lwpid %d\n",
443 i, name_of_ThreadStatus(vgdb_threads[i].status),
444 vgdb_threads[i].lwpid);
445 } else {
446 ERROR(1, "unexpected lwpid tid %d status %s lwpid %d\n",
447 i, name_of_ThreadStatus(vgdb_threads[i].status),
448 vgdb_threads[i].lwpid);
449 }
450 /* in case we have a VtTs_Init thread with lwpid not yet set,
451 we try again later. */
452 return False;
453 }
454 if (vgdb_threads[i].lwpid == pid) {
455 assert (!pid_found);
456 assert (i == 1);
457 pid_found = True;
458 } else {
459 if (!attach(vgdb_threads[i].lwpid, "attach_thread")) {
460 ERROR(0, "ERROR attach pid %d tid %d\n",
461 vgdb_threads[i].lwpid, i);
462 return False;
463 }
464 }
465 }
466 }
467 /* If we found no thread, it means the process is stopping, and
468 we better do not force anything to happen during that. */
469 if (nr_live_threads > 0)
470 return True;
471 else
472 return False;
473 }
474
475 static
detach_from_all_threads(pid_t pid)476 void detach_from_all_threads (pid_t pid)
477 {
478 int i;
479 long res;
480 Bool pid_found = False;
481
482 /* detach from all the threads */
483 for (i = 1; i < vg_n_threads; i++) {
484 if (vgdb_threads[i].status != VgTs_Empty) {
485 if (vgdb_threads[i].status == VgTs_Init
486 && vgdb_threads[i].lwpid == 0) {
487 DEBUG(1, "skipping PTRACE_DETACH pid %d tid %d status %s\n",
488 vgdb_threads[i].lwpid, i,
489 name_of_ThreadStatus (vgdb_threads[i].status));
490 } else {
491 if (vgdb_threads[i].lwpid == pid) {
492 assert (!pid_found);
493 pid_found = True;
494 }
495 DEBUG(1, "PTRACE_DETACH pid %d tid %d status %s\n",
496 vgdb_threads[i].lwpid, i,
497 name_of_ThreadStatus (vgdb_threads[i].status));
498 res = ptrace (PTRACE_DETACH, vgdb_threads[i].lwpid, NULL, NULL);
499 if (res != 0) {
500 ERROR(errno, "PTRACE_DETACH pid %d tid %d status %s res %ld\n",
501 vgdb_threads[i].lwpid, i,
502 name_of_ThreadStatus (vgdb_threads[i].status),
503 res);
504 }
505 }
506 }
507 }
508
509 free (vgdb_threads);
510
511 if (!pid_found && pid) {
512 /* No threads are live. Process is busy stopping.
513 We need to detach from pid explicitly. */
514 DEBUG(1, "no thread live => PTRACE_DETACH pid %d\n", pid);
515 res = ptrace (PTRACE_DETACH, pid, NULL, NULL);
516 if (res != 0)
517 ERROR(errno, "PTRACE_DETACH pid %d res %ld\n", pid, res);
518 }
519 }
520
521 # if defined(VGA_arm64)
522 /* arm64 is extra special, old glibc defined kernel user_pt_regs, but
523 newer glibc instead define user_regs_struct. */
524 # ifdef HAVE_SYS_USER_REGS
525 static struct user_regs_struct user_save;
526 # else
527 static struct user_pt_regs user_save;
528 # endif
529 # else
530 static struct user user_save;
531 # endif
532 // The below indicates if ptrace_getregs (and ptrace_setregs) can be used.
533 // Note that some linux versions are defining PTRACE_GETREGS but using
534 // it gives back EIO.
535 // has_working_ptrace_getregs can take the following values:
536 // -1 : PTRACE_GETREGS is defined
537 // runtime check not yet done.
538 // 0 : PTRACE_GETREGS runtime check has failed.
539 // 1 : PTRACE_GETREGS defined and runtime check ok.
540 #ifdef HAVE_PTRACE_GETREGS
541 static int has_working_ptrace_getregs = -1;
542 #endif
543 // Similar but for PTRACE_GETREGSET
544 #ifdef HAVE_PTRACE_GETREGSET
545 static int has_working_ptrace_getregset = -1;
546 #endif
547
548 /* Get the registers from pid into regs.
549 regs_bsz value gives the length of *regs.
550 Returns True if all ok, otherwise False. */
551 static
getregs(pid_t pid,void * regs,long regs_bsz)552 Bool getregs (pid_t pid, void *regs, long regs_bsz)
553 {
554 DEBUG(1, "getregs regs_bsz %ld\n", regs_bsz);
555 # ifdef HAVE_PTRACE_GETREGSET
556 # ifndef USE_PTRACE_GETREGSET
557 if (has_working_ptrace_getregset)
558 DEBUG(1, "PTRACE_GETREGSET defined, not used (yet?) by vgdb\n");
559 has_working_ptrace_getregset = 0;
560 # endif
561 if (has_working_ptrace_getregset) {
562 // Platforms having GETREGSET
563 long res;
564 elf_gregset_t elf_regs;
565 struct iovec iovec;
566
567 DEBUG(1, "getregs PTRACE_GETREGSET sizeof(elf_regs) %zu\n",
568 sizeof(elf_regs));
569 iovec.iov_base = regs;
570 iovec.iov_len = sizeof(elf_regs);
571
572 res = ptrace (PTRACE_GETREGSET, pid, NT_PRSTATUS, &iovec);
573 if (res == 0) {
574 if (has_working_ptrace_getregset == -1) {
575 // First call to PTRACE_GETREGSET successful =>
576 has_working_ptrace_getregset = 1;
577 DEBUG(1, "detected a working PTRACE_GETREGSET\n");
578 }
579 assert (has_working_ptrace_getregset == 1);
580 return True;
581 }
582 else if (has_working_ptrace_getregset == 1) {
583 // We had a working call, but now it fails.
584 // This is unexpected.
585 ERROR(errno, "PTRACE_GETREGSET %ld\n", res);
586 return False;
587 } else {
588 // Check this is the first call:
589 assert (has_working_ptrace_getregset == -1);
590 if (errno == EIO) {
591 DEBUG(1, "detected a broken PTRACE_GETREGSET with EIO\n");
592 has_working_ptrace_getregset = 0;
593 // Fall over to the PTRACE_GETREGS or PTRACE_PEEKUSER case.
594 } else {
595 ERROR(errno, "broken PTRACE_GETREGSET unexpected errno %ld\n", res);
596 return False;
597 }
598 }
599 }
600 # endif
601
602 # ifdef HAVE_PTRACE_GETREGS
603 if (has_working_ptrace_getregs) {
604 // Platforms having GETREGS
605 long res;
606 DEBUG(1, "getregs PTRACE_GETREGS\n");
607 res = ptrace (PTRACE_GETREGS, pid, NULL, regs);
608 if (res == 0) {
609 if (has_working_ptrace_getregs == -1) {
610 // First call to PTRACE_GETREGS successful =>
611 has_working_ptrace_getregs = 1;
612 DEBUG(1, "detected a working PTRACE_GETREGS\n");
613 }
614 assert (has_working_ptrace_getregs == 1);
615 return True;
616 }
617 else if (has_working_ptrace_getregs == 1) {
618 // We had a working call, but now it fails.
619 // This is unexpected.
620 ERROR(errno, "PTRACE_GETREGS %ld\n", res);
621 return False;
622 } else {
623 // Check this is the first call:
624 assert (has_working_ptrace_getregs == -1);
625 if (errno == EIO) {
626 DEBUG(1, "detected a broken PTRACE_GETREGS with EIO\n");
627 has_working_ptrace_getregs = 0;
628 // Fall over to the PTRACE_PEEKUSER case.
629 } else {
630 ERROR(errno, "broken PTRACE_GETREGS unexpected errno %ld\n", res);
631 return False;
632 }
633 }
634 }
635 # endif
636
637 // We assume PTRACE_PEEKUSER is defined everywhere.
638 {
639 # ifdef PT_ENDREGS
640 long peek_bsz = PT_ENDREGS;
641 assert (peek_bsz <= regs_bsz);
642 # else
643 long peek_bsz = regs_bsz-1;
644 # endif
645 char *pregs = (char *) regs;
646 long offset;
647 errno = 0;
648 DEBUG(1, "getregs PTRACE_PEEKUSER(s) peek_bsz %ld\n", peek_bsz);
649 for (offset = 0; offset < peek_bsz; offset = offset + sizeof(long)) {
650 *(long *)(pregs+offset) = ptrace(PTRACE_PEEKUSER, pid, offset, NULL);
651 if (errno != 0) {
652 ERROR(errno, "PTRACE_PEEKUSER offset %ld\n", offset);
653 return False;
654 }
655 }
656 return True;
657 }
658
659 // If neither of PTRACE_GETREGSET PTRACE_GETREGS PTRACE_PEEKUSER have
660 // returned, then we are in serious trouble.
661 assert (0);
662 }
663
664 /* Set the registers of pid to regs.
665 regs_bsz value gives the length of *regs.
666 Returns True if all ok, otherwise False. */
667 static
setregs(pid_t pid,void * regs,long regs_bsz)668 Bool setregs (pid_t pid, void *regs, long regs_bsz)
669 {
670 DEBUG(1, "setregs regs_bsz %ld\n", regs_bsz);
671
672 // Note : the below is checking for GETREGSET, not SETREGSET
673 // as if one is defined and working, the other one should also work.
674 # ifdef HAVE_PTRACE_GETREGSET
675 if (has_working_ptrace_getregset) {
676 // Platforms having SETREGSET
677 long res;
678 elf_gregset_t elf_regs;
679 struct iovec iovec;
680
681 // setregset can never be called before getregset has done a runtime check.
682 assert (has_working_ptrace_getregset == 1);
683 DEBUG(1, "setregs PTRACE_SETREGSET sizeof(elf_regs) %zu\n",
684 sizeof(elf_regs));
685 iovec.iov_base = regs;
686 iovec.iov_len = sizeof(elf_regs);
687 res = ptrace (PTRACE_SETREGSET, pid, NT_PRSTATUS, &iovec);
688 if (res != 0) {
689 ERROR(errno, "PTRACE_SETREGSET %ld\n", res);
690 return False;
691 }
692 return True;
693 }
694 # endif
695
696 // Note : the below is checking for GETREGS, not SETREGS
697 // as if one is defined and working, the other one should also work.
698 # ifdef HAVE_PTRACE_GETREGS
699 if (has_working_ptrace_getregs) {
700 // Platforms having SETREGS
701 long res;
702 // setregs can never be called before getregs has done a runtime check.
703 assert (has_working_ptrace_getregs == 1);
704 DEBUG(1, "setregs PTRACE_SETREGS\n");
705 res = ptrace (PTRACE_SETREGS, pid, NULL, regs);
706 if (res != 0) {
707 ERROR(errno, "PTRACE_SETREGS %ld\n", res);
708 return False;
709 }
710 return True;
711 }
712 # endif
713
714 {
715 char *pregs = (char *) regs;
716 long offset;
717 long res;
718 # ifdef PT_ENDREGS
719 long peek_bsz = PT_ENDREGS;
720 assert (peek_bsz <= regs_bsz);
721 # else
722 long peek_bsz = regs_bsz-1;
723 # endif
724 errno = 0;
725 DEBUG(1, "setregs PTRACE_POKEUSER(s) %ld\n", peek_bsz);
726 for (offset = 0; offset < peek_bsz; offset = offset + sizeof(long)) {
727 res = ptrace(PTRACE_POKEUSER, pid, offset, *(long*)(pregs+offset));
728 if (errno != 0) {
729 ERROR(errno, "PTRACE_POKEUSER offset %ld res %ld\n", offset, res);
730 return False;
731 }
732 }
733 return True;
734 }
735
736 // If neither PTRACE_SETREGS not PTRACE_POKEUSER have returned,
737 // then we are in serious trouble.
738 assert (0);
739 }
740
741 /* Restore the registers to the saved value, then detaches from all threads */
742 static
restore_and_detach(pid_t pid)743 void restore_and_detach (pid_t pid)
744 {
745 int res;
746
747 DEBUG(1, "restore_and_detach pid %d pid_of_save_regs %d\n",
748 pid, pid_of_save_regs);
749
750 if (pid_of_save_regs) {
751 /* In case the 'main pid' has been continued, we need to stop it
752 before resetting the registers. */
753 if (pid_of_save_regs_continued) {
754 pid_of_save_regs_continued = False;
755 if (!stop(pid_of_save_regs, "sigstop before reset regs"))
756 DEBUG(0, "Could not sigstop before reset");
757 }
758
759 DEBUG(1, "setregs restore registers pid %d\n", pid_of_save_regs);
760 if (!setregs(pid_of_save_regs, &user_save.regs, sizeof(user_save.regs))) {
761 ERROR(errno, "setregs restore registers pid %d after cont\n",
762 pid_of_save_regs);
763 }
764
765 /* Now, we transmit all the signals we have queued. */
766 if (signal_queue_sz > 0) {
767 int i;
768 for (i = 0; i < signal_queue_sz; i++) {
769 DEBUG(1, "PTRACE_CONT to transmit queued signal %d\n",
770 signal_queue[i].si_signo);
771 res = ptrace (PTRACE_CONT, pid_of_save_regs, NULL,
772 signal_queue[i].si_signo);
773 if (res != 0)
774 ERROR(errno, "PTRACE_CONT with signal %d\n",
775 signal_queue[i].si_signo);
776 if (!stop(pid_of_save_regs, "sigstop after transmit sig"))
777 DEBUG(0, "Could not sigstop after transmit sig");
778 }
779 free (signal_queue);
780 signal_queue = NULL;
781 signal_queue_sz = 0;
782 }
783 pid_of_save_regs = 0;
784 } else {
785 DEBUG(1, "PTRACE_SETREGS restore registers: no pid\n");
786 }
787 if (signal_queue)
788 ERROR (0, "One or more signals queued were not delivered. "
789 "First signal: %d\n", signal_queue[0].si_signo);
790 detach_from_all_threads(pid);
791 }
792
invoker_invoke_gdbserver(pid_t pid)793 Bool invoker_invoke_gdbserver (pid_t pid)
794 {
795 long res;
796 Bool stopped;
797 # if defined(VGA_arm64)
798 /* arm64 is extra special, old glibc defined kernel user_pt_regs, but
799 newer glibc instead define user_regs_struct. */
800 # ifdef HAVE_SYS_USER_REGS
801 struct user_regs_struct user_mod;
802 # else
803 struct user_pt_regs user_mod;
804 # endif
805 # else
806 struct user user_mod;
807 # endif
808 Addr sp __attribute__((unused)); // Not used on all platforms.
809
810 /* A specific int value is passed to invoke_gdbserver, to check
811 everything goes according to the plan. */
812 const int check = 0x8BADF00D; // ate bad food.
813
814 const Addr bad_return = 0;
815 // A bad return address will be pushed on the stack.
816 // The function invoke_gdbserver cannot return. If ever it returns, a NULL
817 // address pushed on the stack should ensure this is detected.
818
819 /* Not yet attached. If problem, vgdb can abort,
820 no cleanup needed. */
821
822 DEBUG(1, "attach to 'main' pid %d\n", pid);
823 if (!attach(pid, "attach main pid")) {
824 ERROR(0, "error attach main pid %d\n", pid);
825 return False;
826 }
827
828 /* Now, we are attached. If problem, detach and return. */
829
830 if (!acquire_and_suspend_threads(pid)) {
831 detach_from_all_threads(pid);
832 /* if the pid does not exist anymore, we better stop */
833 if (kill(pid, 0) != 0)
834 XERROR (errno, "invoke_gdbserver: check for pid %d existence failed\n",
835 pid);
836 return False;
837 }
838
839 if (!getregs(pid, &user_mod.regs, sizeof(user_mod.regs))) {
840 detach_from_all_threads(pid);
841 return False;
842 }
843 user_save = user_mod;
844
845 #if defined(VGA_x86)
846 sp = user_mod.regs.esp;
847 #elif defined(VGA_amd64)
848 sp = user_mod.regs.rsp;
849 if (shared32 != NULL) {
850 /* 64bit vgdb speaking with a 32bit executable.
851 To have system call restart properly, we need to sign extend rax.
852 For more info:
853 web search '[patch] Fix syscall restarts for amd64->i386 biarch'
854 e.g. http://sourceware.org/ml/gdb-patches/2009-11/msg00592.html */
855 *(long *)&user_save.regs.rax = *(int*)&user_save.regs.rax;
856 DEBUG(1, "Sign extending %8.8lx to %8.8lx\n",
857 user_mod.regs.rax, user_save.regs.rax);
858 }
859 #elif defined(VGA_arm)
860 sp = user_mod.regs.uregs[13];
861 #elif defined(VGA_arm64)
862 sp = user_mod.sp;
863 #elif defined(VGA_ppc32)
864 sp = user_mod.regs.gpr[1];
865 #elif defined(VGA_ppc64be) || defined(VGA_ppc64le)
866 sp = user_mod.regs.gpr[1];
867 #elif defined(VGA_s390x)
868 sp = user_mod.regs.gprs[15];
869 #elif defined(VGA_mips32)
870 long long *p = (long long *)user_mod.regs;
871 sp = p[29];
872 #elif defined(VGA_mips64)
873 sp = user_mod.regs[29];
874 #else
875 I_die_here : (sp) architecture missing in vgdb-invoker-ptrace.c
876 #endif
877
878
879 // the magic below is derived from spying what gdb sends to
880 // the (classical) gdbserver when invoking a C function.
881 if (shared32 != NULL) {
882 // vgdb speaking with a 32bit executable.
883 #if defined(VGA_x86) || defined(VGA_amd64)
884 const int regsize = 4;
885 int rw;
886 /* push check arg on the stack */
887 sp = sp - regsize;
888 DEBUG(1, "push check arg ptrace_write_memory\n");
889 assert(regsize == sizeof(check));
890 rw = ptrace_write_memory(pid, sp,
891 &check,
892 regsize);
893 if (rw != 0) {
894 ERROR(rw, "push check arg ptrace_write_memory");
895 detach_from_all_threads(pid);
896 return False;
897 }
898
899 sp = sp - regsize;
900 DEBUG(1, "push bad_return return address ptrace_write_memory\n");
901 // Note that for a 64 bits vgdb, only 4 bytes of NULL bad_return
902 // are written.
903 rw = ptrace_write_memory(pid, sp,
904 &bad_return,
905 regsize);
906 if (rw != 0) {
907 ERROR(rw, "push bad_return return address ptrace_write_memory");
908 detach_from_all_threads(pid);
909 return False;
910 }
911 #if defined(VGA_x86)
912 /* set ebp, esp, eip and orig_eax to invoke gdbserver */
913 // compiled in 32bits, speaking with a 32bits exe
914 user_mod.regs.ebp = sp; // bp set to sp
915 user_mod.regs.esp = sp;
916 user_mod.regs.eip = shared32->invoke_gdbserver;
917 user_mod.regs.orig_eax = -1L;
918 #elif defined(VGA_amd64)
919 /* set ebp, esp, eip and orig_eax to invoke gdbserver */
920 // compiled in 64bits, speaking with a 32bits exe
921 user_mod.regs.rbp = sp; // bp set to sp
922 user_mod.regs.rsp = sp;
923 user_mod.regs.rip = shared32->invoke_gdbserver;
924 user_mod.regs.orig_rax = -1L;
925 #else
926 I_die_here : not x86 or amd64 in x86/amd64 section/
927 #endif
928
929 #elif defined(VGA_ppc32) || defined(VGA_ppc64be) || defined(VGA_ppc64le)
930 user_mod.regs.nip = shared32->invoke_gdbserver;
931 user_mod.regs.trap = -1L;
932 /* put check arg in register 3 */
933 user_mod.regs.gpr[3] = check;
934 /* put NULL return address in Link Register */
935 user_mod.regs.link = bad_return;
936
937 #elif defined(VGA_arm)
938 /* put check arg in register 0 */
939 user_mod.regs.uregs[0] = check;
940 /* put NULL return address in Link Register */
941 user_mod.regs.uregs[14] = bad_return;
942 user_mod.regs.uregs[15] = shared32->invoke_gdbserver;
943
944 #elif defined(VGA_arm64)
945 XERROR(0, "TBD arm64: vgdb a 32 bits executable with a 64 bits exe");
946
947 #elif defined(VGA_s390x)
948 XERROR(0, "(fn32) s390x has no 32bits implementation");
949 #elif defined(VGA_mips32)
950 /* put check arg in register 4 */
951 p[4] = check;
952 /* put NULL return address in ra */
953 p[31] = bad_return;
954 p[34] = shared32->invoke_gdbserver;
955 p[25] = shared32->invoke_gdbserver;
956 /* make stack space for args */
957 p[29] = sp - 32;
958
959 #elif defined(VGA_mips64)
960 assert(0); // cannot vgdb a 32 bits executable with a 64 bits exe
961 #else
962 I_die_here : architecture missing in vgdb-invoker-ptrace.c
963 #endif
964 }
965
966 else if (shared64 != NULL) {
967 #if defined(VGA_x86)
968 assert(0); // cannot vgdb a 64 bits executable with a 32 bits exe
969 #elif defined(VGA_amd64)
970 // vgdb speaking with a 64 bit executable.
971 const int regsize = 8;
972 int rw;
973
974 /* give check arg in rdi */
975 user_mod.regs.rdi = check;
976
977 /* push return address on stack : return to breakaddr */
978 sp &= ~0xf; // keep the stack aligned on 16 bytes ...
979 sp = sp - 128; // do not touch the amd64 redzone
980 sp = sp - regsize;
981 DEBUG(1, "push bad_return return address ptrace_write_memory\n");
982 rw = ptrace_write_memory(pid, sp,
983 &bad_return,
984 sizeof(bad_return));
985 if (rw != 0) {
986 ERROR(rw, "push bad_return return address ptrace_write_memory");
987 detach_from_all_threads(pid);
988 return False;
989 }
990
991 /* set rbp, rsp, rip and orig_rax to invoke gdbserver */
992 user_mod.regs.rbp = sp; // bp set to sp
993 user_mod.regs.rsp = sp;
994 user_mod.regs.rip = shared64->invoke_gdbserver;
995 user_mod.regs.orig_rax = -1L;
996
997 #elif defined(VGA_arm)
998 assert(0); // cannot vgdb a 64 bits executable with a 32 bits exe
999 #elif defined(VGA_arm64)
1000 user_mod.regs[0] = check;
1001 user_mod.sp = sp;
1002 user_mod.pc = shared64->invoke_gdbserver;
1003 /* put NULL return address in Link Register */
1004 user_mod.regs[30] = bad_return;
1005
1006 #elif defined(VGA_ppc32)
1007 assert(0); // cannot vgdb a 64 bits executable with a 32 bits exe
1008 #elif defined(VGA_ppc64be)
1009 Addr func_addr;
1010 Addr toc_addr;
1011 int rw;
1012 rw = ptrace_read_memory(pid, shared64->invoke_gdbserver,
1013 &func_addr,
1014 sizeof(Addr));
1015 if (rw != 0) {
1016 ERROR(rw, "ppc64 read func_addr\n");
1017 detach_from_all_threads(pid);
1018 return False;
1019 }
1020 rw = ptrace_read_memory(pid, shared64->invoke_gdbserver+8,
1021 &toc_addr,
1022 sizeof(Addr));
1023 if (rw != 0) {
1024 ERROR(rw, "ppc64 read toc_addr\n");
1025 detach_from_all_threads(pid);
1026 return False;
1027 }
1028 // We are not pushing anything on the stack, so it is not
1029 // very clear why the sp has to be decreased, but it seems
1030 // needed. The ppc64 ABI might give some lights on this ?
1031 user_mod.regs.gpr[1] = sp - 220;
1032 user_mod.regs.gpr[2] = toc_addr;
1033 user_mod.regs.nip = func_addr;
1034 user_mod.regs.trap = -1L;
1035 /* put check arg in register 3 */
1036 user_mod.regs.gpr[3] = check;
1037 /* put bad_return return address in Link Register */
1038 user_mod.regs.link = bad_return;
1039 #elif defined(VGA_ppc64le)
1040 /* LE does not use the function pointer structure used in BE */
1041 user_mod.regs.nip = shared64->invoke_gdbserver;
1042 user_mod.regs.gpr[1] = sp - 512;
1043 user_mod.regs.gpr[12] = user_mod.regs.nip;
1044 user_mod.regs.trap = -1L;
1045 /* put check arg in register 3 */
1046 user_mod.regs.gpr[3] = check;
1047 /* put bad_return return address in Link Register */
1048 user_mod.regs.link = bad_return;
1049 #elif defined(VGA_s390x)
1050 /* put check arg in register r2 */
1051 user_mod.regs.gprs[2] = check;
1052 /* bad_return Return address is in r14 */
1053 user_mod.regs.gprs[14] = bad_return;
1054 /* minimum stack frame */
1055 sp = sp - 160;
1056 user_mod.regs.gprs[15] = sp;
1057 /* set program counter */
1058 user_mod.regs.psw.addr = shared64->invoke_gdbserver;
1059 #elif defined(VGA_mips32)
1060 assert(0); // cannot vgdb a 64 bits executable with a 32 bits exe
1061 #elif defined(VGA_mips64)
1062 /* put check arg in register 4 */
1063 user_mod.regs[4] = check;
1064 /* put NULL return address in ra */
1065 user_mod.regs[31] = bad_return;
1066 user_mod.regs[34] = shared64->invoke_gdbserver;
1067 user_mod.regs[25] = shared64->invoke_gdbserver;
1068 #else
1069 I_die_here: architecture missing in vgdb-invoker-ptrace.c
1070 #endif
1071 }
1072 else {
1073 assert(0);
1074 }
1075
1076 if (!setregs(pid, &user_mod.regs, sizeof(user_mod.regs))) {
1077 detach_from_all_threads(pid);
1078 return False;
1079 }
1080 /* Now that we have modified the registers, we set
1081 pid_of_save_regs to indicate that restore_and_detach
1082 must restore the registers in case of cleanup. */
1083 pid_of_save_regs = pid;
1084 pid_of_save_regs_continued = False;
1085
1086
1087 /* We PTRACE_CONT-inue pid.
1088 Either gdbserver will be invoked directly (if all
1089 threads are interruptible) or gdbserver will be
1090 called soon by the scheduler. In the first case,
1091 pid will stop on the break inserted above when
1092 gdbserver returns. In the 2nd case, the break will
1093 be encountered directly. */
1094 DEBUG(1, "PTRACE_CONT to invoke\n");
1095 res = ptrace (PTRACE_CONT, pid, NULL, NULL);
1096 if (res != 0) {
1097 ERROR(errno, "PTRACE_CONT\n");
1098 restore_and_detach(pid);
1099 return False;
1100 }
1101 pid_of_save_regs_continued = True;
1102 /* Wait for SIGSTOP generated by m_gdbserver.c give_control_back_to_vgdb */
1103 stopped = waitstopped (pid, SIGSTOP,
1104 "waitpid status after PTRACE_CONT to invoke");
1105 if (stopped) {
1106 /* Here pid has properly stopped on the break. */
1107 pid_of_save_regs_continued = False;
1108 restore_and_detach(pid);
1109 return True;
1110 } else {
1111 /* Whatever kind of problem happened. We shutdown. */
1112 shutting_down = True;
1113 return False;
1114 }
1115 }
1116
invoker_cleanup_restore_and_detach(void * v_pid)1117 void invoker_cleanup_restore_and_detach(void *v_pid)
1118 {
1119 DEBUG(1, "invoker_cleanup_restore_and_detach dying: %d\n", dying);
1120 if (!dying)
1121 restore_and_detach(*(int*)v_pid);
1122 }
1123
invoker_restrictions_msg(void)1124 void invoker_restrictions_msg(void)
1125 {
1126 }
1127
invoker_valgrind_dying(void)1128 void invoker_valgrind_dying(void)
1129 {
1130 /* Avoid messing up with registers of valgrind when it is dying. */
1131 pid_of_save_regs_continued = False;
1132 dying = True;
1133 }
1134