1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 #include <sys/stack.h> 27 #include <sys/regset.h> 28 #include <sys/frame.h> 29 #include <sys/sysmacros.h> 30 #include <sys/trap.h> 31 #include <sys/machelf.h> 32 33 #include <stdlib.h> 34 #include <unistd.h> 35 #include <sys/types.h> 36 #include <errno.h> 37 #include <string.h> 38 39 #include <saveargs.h> 40 #include "Pcontrol.h" 41 #include "Pstack.h" 42 43 static uchar_t int_syscall_instr[] = { 0xCD, T_SYSCALLINT }; 44 static uchar_t syscall_instr[] = { 0x0f, 0x05 }; 45 46 const char * 47 Ppltdest(struct ps_prochandle *P, uintptr_t pltaddr) 48 { 49 map_info_t *mp = Paddr2mptr(P, pltaddr); 50 file_info_t *fp; 51 size_t i; 52 uintptr_t r_addr; 53 54 if (mp == NULL || (fp = mp->map_file) == NULL || 55 fp->file_plt_base == 0 || 56 pltaddr - fp->file_plt_base >= fp->file_plt_size) { 57 errno = EINVAL; 58 return (NULL); 59 } 60 61 i = (pltaddr - fp->file_plt_base) / M_PLT_ENTSIZE - M_PLT_XNumber; 62 63 if (P->status.pr_dmodel == PR_MODEL_LP64) { 64 Elf64_Rela r; 65 66 r_addr = fp->file_jmp_rel + i * sizeof (r); 67 68 if (Pread(P, &r, sizeof (r), r_addr) == sizeof (r) && 69 (i = ELF64_R_SYM(r.r_info)) < fp->file_dynsym.sym_symn) { 70 Elf_Data *data = fp->file_dynsym.sym_data_pri; 71 Elf64_Sym *symp = &(((Elf64_Sym *)data->d_buf)[i]); 72 73 return (fp->file_dynsym.sym_strs + symp->st_name); 74 } 75 } else { 76 Elf32_Rel r; 77 78 r_addr = fp->file_jmp_rel + i * sizeof (r); 79 80 if (Pread(P, &r, sizeof (r), r_addr) == sizeof (r) && 81 (i = ELF32_R_SYM(r.r_info)) < fp->file_dynsym.sym_symn) { 82 Elf_Data *data = fp->file_dynsym.sym_data_pri; 83 Elf32_Sym *symp = &(((Elf32_Sym *)data->d_buf)[i]); 84 85 return (fp->file_dynsym.sym_strs + symp->st_name); 86 } 87 } 88 89 return (NULL); 90 } 91 92 int 93 Pissyscall(struct ps_prochandle *P, uintptr_t addr) 94 { 95 uchar_t instr[16]; 96 97 if (P->status.pr_dmodel == PR_MODEL_LP64) { 98 if (Pread(P, instr, sizeof (syscall_instr), addr) != 99 sizeof (syscall_instr) || 100 memcmp(instr, syscall_instr, sizeof (syscall_instr)) != 0) 101 return (0); 102 else 103 return (1); 104 } 105 106 if (Pread(P, instr, sizeof (int_syscall_instr), addr) != 107 sizeof (int_syscall_instr)) 108 return (0); 109 110 if (memcmp(instr, int_syscall_instr, sizeof (int_syscall_instr)) == 0) 111 return (1); 112 113 return (0); 114 } 115 116 int 117 Pissyscall_prev(struct ps_prochandle *P, uintptr_t addr, uintptr_t *dst) 118 { 119 int ret; 120 121 if (P->status.pr_dmodel == PR_MODEL_LP64) { 122 if (Pissyscall(P, addr - sizeof (syscall_instr))) { 123 if (dst) 124 *dst = addr - sizeof (syscall_instr); 125 return (1); 126 } 127 return (0); 128 } 129 130 if ((ret = Pissyscall(P, addr - sizeof (int_syscall_instr))) != 0) { 131 if (dst) 132 *dst = addr - sizeof (int_syscall_instr); 133 return (ret); 134 } 135 136 return (0); 137 } 138 139 int 140 Pissyscall_text(struct ps_prochandle *P, const void *buf, size_t buflen) 141 { 142 if (P->status.pr_dmodel == PR_MODEL_LP64) { 143 if (buflen >= sizeof (syscall_instr) && 144 memcmp(buf, syscall_instr, sizeof (syscall_instr)) == 0) 145 return (1); 146 else 147 return (0); 148 } 149 150 if (buflen < sizeof (int_syscall_instr)) 151 return (0); 152 153 if (memcmp(buf, int_syscall_instr, sizeof (int_syscall_instr)) == 0) 154 return (1); 155 156 return (0); 157 } 158 159 #define TR_ARG_MAX 6 /* Max args to print, same as SPARC */ 160 161 /* 162 * Given a return address, determine the likely number of arguments 163 * that were pushed on the stack prior to its execution. We do this by 164 * expecting that a typical call sequence consists of pushing arguments on 165 * the stack, executing a call instruction, and then performing an add 166 * on %esp to restore it to the value prior to pushing the arguments for 167 * the call. We attempt to detect such an add, and divide the addend 168 * by the size of a word to determine the number of pushed arguments. 169 * 170 * If we do not find such an add, this does not necessarily imply that the 171 * function took no arguments. It is not possible to reliably detect such a 172 * void function because hand-coded assembler does not always perform an add 173 * to %esp immediately after the "call" instruction (eg. _sys_call()). 174 * Because of this, we default to returning MIN(sz, TR_ARG_MAX) instead of 0 175 * in the absence of an add to %esp. 176 */ 177 static ulong_t 178 argcount(struct ps_prochandle *P, uint32_t pc, ssize_t sz) 179 { 180 uchar_t instr[6]; 181 ulong_t count, max; 182 183 max = MIN(sz / sizeof (uint32_t), TR_ARG_MAX); 184 185 /* 186 * Read the instruction at the return location. 187 */ 188 if (Pread(P, instr, sizeof (instr), (uintptr_t)pc) != sizeof (instr)) 189 return (max); 190 191 if (instr[1] != 0xc4) 192 return (max); 193 194 switch (instr[0]) { 195 case 0x81: /* count is a longword */ 196 count = instr[2]+(instr[3]<<8)+(instr[4]<<16)+(instr[5]<<24); 197 break; 198 case 0x83: /* count is a byte */ 199 count = instr[2]; 200 break; 201 default: 202 return (max); 203 } 204 205 count /= sizeof (uint32_t); 206 return (MIN(count, max)); 207 } 208 209 static void 210 ucontext_32_to_prgregs(const ucontext32_t *uc, prgregset_t dst) 211 { 212 const greg32_t *src = &uc->uc_mcontext.gregs[0]; 213 214 dst[REG_DS] = (uint16_t)src[DS]; 215 dst[REG_ES] = (uint16_t)src[ES]; 216 217 dst[REG_GS] = (uint16_t)src[GS]; 218 dst[REG_FS] = (uint16_t)src[FS]; 219 dst[REG_SS] = (uint16_t)src[SS]; 220 dst[REG_RSP] = (uint32_t)src[UESP]; 221 dst[REG_RFL] = src[EFL]; 222 dst[REG_CS] = (uint16_t)src[CS]; 223 dst[REG_RIP] = (uint32_t)src[EIP]; 224 dst[REG_ERR] = (uint32_t)src[ERR]; 225 dst[REG_TRAPNO] = (uint32_t)src[TRAPNO]; 226 dst[REG_RAX] = (uint32_t)src[EAX]; 227 dst[REG_RCX] = (uint32_t)src[ECX]; 228 dst[REG_RDX] = (uint32_t)src[EDX]; 229 dst[REG_RBX] = (uint32_t)src[EBX]; 230 dst[REG_RBP] = (uint32_t)src[EBP]; 231 dst[REG_RSI] = (uint32_t)src[ESI]; 232 dst[REG_RDI] = (uint32_t)src[EDI]; 233 } 234 235 static int 236 Pstack_iter32(struct ps_prochandle *P, const prgregset_t regs, 237 proc_stack_f *func, void *arg) 238 { 239 prgreg_t *prevfp = NULL; 240 uint_t pfpsize = 0; 241 int nfp = 0; 242 struct { 243 prgreg32_t fp; 244 prgreg32_t pc; 245 prgreg32_t args[32]; 246 } frame; 247 uint_t argc; 248 ssize_t sz; 249 prgregset_t gregs; 250 uint32_t fp, pfp, pc; 251 long args[32]; 252 int rv; 253 int i; 254 255 /* 256 * Type definition for a structure corresponding to an IA32 257 * signal frame. Refer to the comments in Pstack.c for more info 258 */ 259 typedef struct { 260 prgreg32_t fp; 261 prgreg32_t pc; 262 int signo; 263 caddr32_t ucp; 264 caddr32_t sip; 265 } sf_t; 266 267 uclist_t ucl; 268 ucontext32_t uc; 269 uintptr_t uc_addr; 270 271 init_uclist(&ucl, P); 272 (void) memcpy(gregs, regs, sizeof (gregs)); 273 274 fp = regs[R_FP]; 275 pc = regs[R_PC]; 276 277 while (fp != 0 || pc != 0) { 278 if (stack_loop(fp, &prevfp, &nfp, &pfpsize)) 279 break; 280 281 if (fp != 0 && 282 (sz = Pread(P, &frame, sizeof (frame), (uintptr_t)fp) 283 >= (ssize_t)(2* sizeof (uint32_t)))) { 284 /* 285 * One more trick for signal frames: the kernel sets 286 * the return pc of the signal frame to 0xffffffff on 287 * Intel IA32, so argcount won't work. 288 */ 289 if (frame.pc != -1L) { 290 sz -= 2* sizeof (uint32_t); 291 argc = argcount(P, (uint32_t)frame.pc, sz); 292 } else 293 argc = 3; /* sighandler(signo, sip, ucp) */ 294 } else { 295 (void) memset(&frame, 0, sizeof (frame)); 296 argc = 0; 297 } 298 299 gregs[R_FP] = fp; 300 gregs[R_PC] = pc; 301 302 for (i = 0; i < argc; i++) 303 args[i] = (uint32_t)frame.args[i]; 304 305 if ((rv = func(arg, gregs, argc, args)) != 0) 306 break; 307 308 /* 309 * In order to allow iteration over java frames (which can have 310 * their own frame pointers), we allow the iterator to change 311 * the contents of gregs. If we detect a change, then we assume 312 * that the new values point to the next frame. 313 */ 314 if (gregs[R_FP] != fp || gregs[R_PC] != pc) { 315 fp = gregs[R_FP]; 316 pc = gregs[R_PC]; 317 continue; 318 } 319 320 pfp = fp; 321 fp = frame.fp; 322 pc = frame.pc; 323 324 if (find_uclink(&ucl, pfp + sizeof (sf_t))) 325 uc_addr = pfp + sizeof (sf_t); 326 else 327 uc_addr = NULL; 328 329 if (uc_addr != NULL && 330 Pread(P, &uc, sizeof (uc), uc_addr) == sizeof (uc)) { 331 ucontext_32_to_prgregs(&uc, gregs); 332 fp = gregs[R_FP]; 333 pc = gregs[R_PC]; 334 } 335 } 336 337 if (prevfp) 338 free(prevfp); 339 340 free_uclist(&ucl); 341 return (rv); 342 } 343 344 static void 345 ucontext_n_to_prgregs(const ucontext_t *src, prgregset_t dst) 346 { 347 (void) memcpy(dst, src->uc_mcontext.gregs, sizeof (gregset_t)); 348 } 349 350 /* 351 * Read arguments from the frame indicated by regs into args, return the 352 * number of arguments successfully read 353 */ 354 static int 355 read_args(struct ps_prochandle *P, uintptr_t fp, uintptr_t pc, prgreg_t *args, 356 size_t argsize) 357 { 358 GElf_Sym sym; 359 ctf_file_t *ctfp = NULL; 360 ctf_funcinfo_t finfo; 361 prsyminfo_t si = {0}; 362 uint8_t ins[SAVEARGS_INSN_SEQ_LEN]; 363 size_t insnsize; 364 int argc = 0; 365 int rettype = 0; 366 int start_index = 0; 367 int args_style = 0; 368 int i; 369 ctf_id_t args_types[5]; 370 371 if (Pxlookup_by_addr(P, pc, NULL, 0, &sym, &si) != 0) 372 return (0); 373 374 if ((ctfp = Paddr_to_ctf(P, pc)) == NULL) 375 return (0); 376 377 if (ctf_func_info(ctfp, si.prs_id, &finfo) == CTF_ERR) 378 return (0); 379 380 argc = finfo.ctc_argc; 381 382 if (argc == 0) 383 return (0); 384 385 rettype = ctf_type_kind(ctfp, finfo.ctc_return); 386 387 /* 388 * If the function returns a structure or union greater than 16 bytes 389 * in size %rdi contains the address in which to store the return 390 * value rather than for an argument. 391 */ 392 if (((rettype == CTF_K_STRUCT) || (rettype == CTF_K_UNION)) && 393 ctf_type_size(ctfp, finfo.ctc_return) > 16) 394 start_index = 1; 395 else 396 start_index = 0; 397 398 /* 399 * If any of the first 5 arguments are a structure less than 16 bytes 400 * in size, it will be passed spread across two argument registers, 401 * and we will not cope. 402 */ 403 if (ctf_func_args(ctfp, si.prs_id, 5, args_types) == CTF_ERR) 404 return (0); 405 406 for (i = 0; i < MIN(5, finfo.ctc_argc); i++) { 407 int t = ctf_type_kind(ctfp, args_types[i]); 408 409 if (((t == CTF_K_STRUCT) || (t == CTF_K_UNION)) && 410 ctf_type_size(ctfp, args_types[i]) <= 16) 411 return (0); 412 } 413 414 /* 415 * The number of instructions to search for argument saving is limited 416 * such that only instructions prior to %pc are considered and we 417 * never read arguments from a function where the saving code has not 418 * in fact yet executed. 419 */ 420 insnsize = MIN(MIN(sym.st_size, SAVEARGS_INSN_SEQ_LEN), 421 pc - sym.st_value); 422 423 if (Pread(P, ins, insnsize, sym.st_value) != insnsize) 424 return (0); 425 426 if ((argc != 0) && 427 ((args_style = saveargs_has_args(ins, insnsize, argc, 428 start_index)) != SAVEARGS_NO_ARGS)) { 429 int regargs = MIN((6 - start_index), argc); 430 size_t size = regargs * sizeof (long); 431 int i; 432 433 /* 434 * If Studio pushed a structure return address as an argument, 435 * we need to read one more argument than actually exists (the 436 * addr) to make everything line up. 437 */ 438 if (args_style == SAVEARGS_STRUCT_ARGS) 439 size += sizeof (long); 440 441 if (Pread(P, args, size, (fp - size)) != size) 442 return (0); 443 444 for (i = 0; i < (regargs / 2); i++) { 445 prgreg_t t = args[i]; 446 447 args[i] = args[regargs - i - 1]; 448 args[regargs - i - 1] = t; 449 } 450 451 if (argc > regargs) { 452 size = MIN((argc - regargs) * sizeof (long), 453 argsize - (regargs * sizeof (long))); 454 455 if (Pread(P, &args[regargs], size, fp + 456 (sizeof (uintptr_t) * 2)) != size) 457 return (6); 458 } 459 460 return (argc); 461 } else { 462 return (0); 463 } 464 } 465 466 int 467 Pstack_iter(struct ps_prochandle *P, const prgregset_t regs, 468 proc_stack_f *func, void *arg) 469 { 470 struct { 471 uintptr_t fp; 472 uintptr_t pc; 473 } frame; 474 475 uint_t pfpsize = 0; 476 prgreg_t *prevfp = NULL; 477 prgreg_t fp, pfp; 478 prgreg_t pc; 479 480 prgregset_t gregs; 481 int nfp = 0; 482 483 uclist_t ucl; 484 int rv = 0; 485 int argc; 486 487 uintptr_t uc_addr; 488 ucontext_t uc; 489 490 /* 491 * Type definition for a structure corresponding to an IA32 492 * signal frame. Refer to the comments in Pstack.c for more info 493 */ 494 typedef struct { 495 prgreg_t fp; 496 prgreg_t pc; 497 prgreg_t signo; 498 siginfo_t *sip; 499 } sigframe_t; 500 prgreg_t args[32] = {0}; 501 502 if (P->status.pr_dmodel != PR_MODEL_LP64) 503 return (Pstack_iter32(P, regs, func, arg)); 504 505 init_uclist(&ucl, P); 506 (void) memcpy(gregs, regs, sizeof (gregs)); 507 508 fp = gregs[R_FP]; 509 pc = gregs[R_PC]; 510 511 while (fp != 0 || pc != 0) { 512 513 if (stack_loop(fp, &prevfp, &nfp, &pfpsize)) 514 break; 515 516 if (fp != 0 && 517 Pread(P, &frame, sizeof (frame), (uintptr_t)fp) == 518 sizeof (frame)) { 519 if (frame.pc == -1) { 520 argc = 3; 521 args[2] = fp + sizeof (sigframe_t); 522 if (Pread(P, &args, 2 * sizeof (prgreg_t), 523 fp + 2 * sizeof (prgreg_t)) != 524 2 * sizeof (prgreg_t)) 525 argc = 0; 526 } else { 527 argc = read_args(P, fp, pc, args, 528 sizeof (args)); 529 } 530 } else { 531 (void) memset(&frame, 0, sizeof (frame)); 532 argc = 0; 533 } 534 535 gregs[R_FP] = fp; 536 gregs[R_PC] = pc; 537 538 if ((rv = func(arg, gregs, argc, args)) != 0) 539 break; 540 541 pfp = fp; 542 fp = frame.fp; 543 pc = frame.pc; 544 545 if (pc == -1 && find_uclink(&ucl, pfp + sizeof (sigframe_t))) { 546 uc_addr = pfp + sizeof (sigframe_t); 547 548 if (Pread(P, &uc, sizeof (uc), uc_addr) 549 == sizeof (uc)) { 550 ucontext_n_to_prgregs(&uc, gregs); 551 fp = gregs[R_FP]; 552 pc = gregs[R_PC]; 553 } 554 } 555 } 556 557 if (prevfp) 558 free(prevfp); 559 560 free_uclist(&ucl); 561 562 return (rv); 563 } 564 565 uintptr_t 566 Psyscall_setup(struct ps_prochandle *P, int nargs, int sysindex, uintptr_t sp) 567 { 568 if (P->status.pr_dmodel == PR_MODEL_ILP32) { 569 sp -= sizeof (int) * (nargs+2); 570 571 P->status.pr_lwp.pr_reg[REG_RAX] = sysindex; 572 P->status.pr_lwp.pr_reg[REG_RSP] = sp; 573 P->status.pr_lwp.pr_reg[REG_RIP] = P->sysaddr; 574 } else { 575 int pusharg = (nargs > 6) ? nargs - 6: 0; 576 577 sp -= sizeof (int64_t) * (pusharg+2); 578 579 P->status.pr_lwp.pr_reg[REG_RAX] = sysindex; 580 P->status.pr_lwp.pr_reg[REG_RSP] = sp; 581 P->status.pr_lwp.pr_reg[REG_RIP] = P->sysaddr; 582 } 583 584 return (sp); 585 } 586 587 int 588 Psyscall_copyinargs(struct ps_prochandle *P, int nargs, argdes_t *argp, 589 uintptr_t ap) 590 { 591 if (P->status.pr_dmodel == PR_MODEL_ILP32) { 592 int32_t arglist[MAXARGS+2]; 593 int i; 594 argdes_t *adp; 595 596 for (i = 0, adp = argp; i < nargs; i++, adp++) 597 arglist[1 + i] = (int32_t)adp->arg_value; 598 599 arglist[0] = P->status.pr_lwp.pr_reg[REG_RIP]; 600 if (Pwrite(P, &arglist[0], sizeof (int) * (nargs+1), 601 (uintptr_t)ap) != sizeof (int) * (nargs+1)) 602 return (-1); 603 } else { 604 int64_t arglist[MAXARGS+2]; 605 int i; 606 argdes_t *adp; 607 int pusharg = (nargs > 6) ? nargs - 6: 0; 608 609 for (i = 0, adp = argp; i < nargs; i++, adp++) { 610 switch (i) { 611 case 0: 612 (void) Pputareg(P, REG_RDI, adp->arg_value); 613 break; 614 case 1: 615 (void) Pputareg(P, REG_RSI, adp->arg_value); 616 break; 617 case 2: 618 (void) Pputareg(P, REG_RDX, adp->arg_value); 619 break; 620 case 3: 621 (void) Pputareg(P, REG_RCX, adp->arg_value); 622 break; 623 case 4: 624 (void) Pputareg(P, REG_R8, adp->arg_value); 625 break; 626 case 5: 627 (void) Pputareg(P, REG_R9, adp->arg_value); 628 break; 629 default: 630 arglist[i - 5] = (uint64_t)adp->arg_value; 631 break; 632 } 633 } 634 635 arglist[0] = P->status.pr_lwp.pr_reg[REG_RIP]; 636 637 if (Pwrite(P, &arglist[0], 638 sizeof (int64_t) * (pusharg + 1), ap) != 639 sizeof (int64_t) * (pusharg + 1)) 640 return (-1); 641 } 642 643 return (0); 644 } 645 646 int 647 Psyscall_copyoutargs(struct ps_prochandle *P, int nargs, argdes_t *argp, 648 uintptr_t ap) 649 { 650 if (P->status.pr_dmodel == PR_MODEL_ILP32) { 651 uint32_t arglist[MAXARGS + 2]; 652 int i; 653 argdes_t *adp; 654 655 if (Pread(P, &arglist[0], sizeof (int) * (nargs+1), 656 (uintptr_t)ap) != sizeof (int) * (nargs+1)) 657 return (-1); 658 659 for (i = 0, adp = argp; i < nargs; i++, adp++) 660 adp->arg_value = arglist[i]; 661 } else { 662 int pusharg = (nargs > 6) ? nargs - 6: 0; 663 int64_t arglist[MAXARGS+2]; 664 int i; 665 argdes_t *adp; 666 667 if (pusharg > 0 && 668 Pread(P, &arglist[0], sizeof (int64_t) * (pusharg + 1), 669 ap) != sizeof (int64_t) * (pusharg + 1)) 670 return (-1); 671 672 for (i = 0, adp = argp; i < nargs; i++, adp++) { 673 switch (i) { 674 case 0: 675 adp->arg_value = 676 P->status.pr_lwp.pr_reg[REG_RDI]; 677 break; 678 case 1: 679 adp->arg_value = 680 P->status.pr_lwp.pr_reg[REG_RSI]; 681 break; 682 case 2: 683 adp->arg_value = 684 P->status.pr_lwp.pr_reg[REG_RDX]; 685 break; 686 case 3: 687 adp->arg_value = 688 P->status.pr_lwp.pr_reg[REG_RCX]; 689 break; 690 case 4: 691 adp->arg_value = 692 P->status.pr_lwp.pr_reg[REG_R8]; 693 break; 694 case 5: 695 adp->arg_value = 696 P->status.pr_lwp.pr_reg[REG_R9]; 697 break; 698 default: 699 adp->arg_value = arglist[i - 6]; 700 break; 701 } 702 } 703 704 return (0); 705 } 706 707 return (0); 708 } 709