1 /* Copyright (C) 2007-2010 The Android Open Source Project 2 ** 3 ** This software is licensed under the terms of the GNU General Public 4 ** License version 2, as published by the Free Software Foundation, and 5 ** may be copied, distributed, and modified under those terms. 6 ** 7 ** This program is distributed in the hope that it will be useful, 8 ** but WITHOUT ANY WARRANTY; without even the implied warranty of 9 ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 10 ** GNU General Public License for more details. 11 */ 12 13 /* 14 * Contains implementation of routines related to process management in 15 * memchecker framework. 16 */ 17 18 #include "elff/elff_api.h" 19 #include "memcheck.h" 20 #include "memcheck_proc_management.h" 21 #include "memcheck_logging.h" 22 #include "memcheck_util.h" 23 24 /* Current thread id. 25 * This value is updated with each call to memcheck_switch, saving here 26 * ID of the thread that becomes current. */ 27 static uint32_t current_tid = 0; 28 29 /* Current thread descriptor. 30 * This variable is used to cache current thread descriptor. This value gets 31 * initialized on "as needed" basis, when descriptor for the current thread 32 * is requested for the first time. 33 * Note that every time memcheck_switch routine is called, this value gets 34 * NULL'ed, since another thread becomes current. */ 35 static ThreadDesc* current_thread = NULL; 36 37 /* Current process descriptor. 38 * This variable is used to cache current process descriptor. This value gets 39 * initialized on "as needed" basis, when descriptor for the current process 40 * is requested for the first time. 41 * Note that every time memcheck_switch routine is called, this value gets 42 * NULL'ed, since new thread becomes current, thus process switch may have 43 * occurred as well. */ 44 static ProcDesc* current_process = NULL; 45 46 /* List of running processes. */ 47 static QLIST_HEAD(proc_list, ProcDesc) proc_list; 48 49 /* List of running threads. */ 50 static QLIST_HEAD(thread_list, ThreadDesc) thread_list; 51 52 // ============================================================================= 53 // Static routines 54 // ============================================================================= 55 56 /* Creates and lists thread descriptor for a new thread. 57 * This routine will allocate and initialize new thread descriptor. After that 58 * this routine will insert the descriptor into the global list of running 59 * threads, as well as thread list in the process descriptor of the process 60 * in context of which this thread is created. 61 * Param: 62 * proc - Process descriptor of the process, in context of which new thread 63 * is created. 64 * tid - Thread ID of the thread that's being created. 65 * Return: 66 * New thread descriptor on success, or NULL on failure. 67 */ 68 static ThreadDesc* 69 create_new_thread(ProcDesc* proc, uint32_t tid) 70 { 71 ThreadDesc* new_thread = (ThreadDesc*)qemu_malloc(sizeof(ThreadDesc)); 72 if (new_thread == NULL) { 73 ME("memcheck: Unable to allocate new thread descriptor."); 74 return NULL; 75 } 76 new_thread->tid = tid; 77 new_thread->process = proc; 78 new_thread->call_stack = NULL; 79 new_thread->call_stack_count = 0; 80 new_thread->call_stack_max = 0; 81 QLIST_INSERT_HEAD(&thread_list, new_thread, global_entry); 82 QLIST_INSERT_HEAD(&proc->threads, new_thread, proc_entry); 83 return new_thread; 84 } 85 86 /* Creates and lists process descriptor for a new process. 87 * This routine will allocate and initialize new process descriptor. After that 88 * this routine will create main thread descriptor for the process (with the 89 * thread ID equal to the new process ID), and then new process descriptor will 90 * be inserted into the global list of running processes. 91 * Param: 92 * pid - Process ID of the process that's being created. 93 * parent_pid - Process ID of the parent process. 94 * Return: 95 * New process descriptor on success, or NULL on failure. 96 */ 97 static ProcDesc* 98 create_new_process(uint32_t pid, uint32_t parent_pid) 99 { 100 // Create and init new process descriptor. 101 ProcDesc* new_proc = (ProcDesc*)qemu_malloc(sizeof(ProcDesc)); 102 if (new_proc == NULL) { 103 ME("memcheck: Unable to allocate new process descriptor"); 104 return NULL; 105 } 106 QLIST_INIT(&new_proc->threads); 107 allocmap_init(&new_proc->alloc_map); 108 mmrangemap_init(&new_proc->mmrange_map); 109 new_proc->pid = pid; 110 new_proc->parent_pid = parent_pid; 111 new_proc->image_path = NULL; 112 new_proc->flags = 0; 113 114 if (parent_pid != 0) { 115 /* If new process has been forked, it inherits a copy of parent's 116 * process heap, as well as parent's mmaping of loaded modules. So, on 117 * fork we're required to copy parent's allocation descriptors map, as 118 * well as parent's mmapping map to the new process. */ 119 int failed; 120 ProcDesc* parent = get_process_from_pid(parent_pid); 121 if (parent == NULL) { 122 ME("memcheck: Unable to get parent process pid=%u for new process pid=%u", 123 parent_pid, pid); 124 qemu_free(new_proc); 125 return NULL; 126 } 127 128 /* Copy parent's allocation map, setting "inherited" flag, and clearing 129 * parent's "transition" flag in the copied entries. */ 130 failed = allocmap_copy(&new_proc->alloc_map, &parent->alloc_map, 131 MDESC_FLAG_INHERITED_ON_FORK, 132 MDESC_FLAG_TRANSITION_ENTRY); 133 if (failed) { 134 ME("memcheck: Unable to copy process' %s[pid=%u] allocation map to new process pid=%u", 135 parent->image_path, parent_pid, pid); 136 allocmap_empty(&new_proc->alloc_map); 137 qemu_free(new_proc); 138 return NULL; 139 } 140 141 // Copy parent's memory mappings map. 142 failed = mmrangemap_copy(&new_proc->mmrange_map, &parent->mmrange_map); 143 if (failed) { 144 ME("memcheck: Unable to copy process' %s[pid=%u] mmrange map to new process pid=%u", 145 parent->image_path, parent_pid, pid); 146 mmrangemap_empty(&new_proc->mmrange_map); 147 allocmap_empty(&new_proc->alloc_map); 148 qemu_free(new_proc); 149 return NULL; 150 } 151 } 152 153 // Create and register main thread descriptor for new process. 154 if(create_new_thread(new_proc, pid) == NULL) { 155 mmrangemap_empty(&new_proc->mmrange_map); 156 allocmap_empty(&new_proc->alloc_map); 157 qemu_free(new_proc); 158 return NULL; 159 } 160 161 // List new process. 162 QLIST_INSERT_HEAD(&proc_list, new_proc, global_entry); 163 164 return new_proc; 165 } 166 167 /* Finds thread descriptor for a thread id in the global list of running 168 * threads. 169 * Param: 170 * tid - Thread ID to look up thread descriptor for. 171 * Return: 172 * Found thread descriptor, or NULL if thread descriptor has not been found. 173 */ 174 static ThreadDesc* 175 get_thread_from_tid(uint32_t tid) 176 { 177 ThreadDesc* thread; 178 179 /* There is a pretty good chance that when this call is made, it's made 180 * to get descriptor for the current thread. Lets see if it is so, so 181 * we don't have to iterate through the entire list. */ 182 if (tid == current_tid && current_thread != NULL) { 183 return current_thread; 184 } 185 186 QLIST_FOREACH(thread, &thread_list, global_entry) { 187 if (tid == thread->tid) { 188 if (tid == current_tid) { 189 current_thread = thread; 190 } 191 return thread; 192 } 193 } 194 return NULL; 195 } 196 197 /* Gets thread descriptor for the current thread. 198 * Return: 199 * Found thread descriptor, or NULL if thread descriptor has not been found. 200 */ 201 ThreadDesc* 202 get_current_thread(void) 203 { 204 // Lets see if current thread descriptor has been cached. 205 if (current_thread == NULL) { 206 /* Descriptor is not cached. Look it up in the list. Note that 207 * get_thread_from_tid(current_tid) is not used here in order to 208 * optimize this code for performance, as this routine is called from 209 * the performance sensitive path. */ 210 ThreadDesc* thread; 211 QLIST_FOREACH(thread, &thread_list, global_entry) { 212 if (current_tid == thread->tid) { 213 current_thread = thread; 214 return current_thread; 215 } 216 } 217 } 218 return current_thread; 219 } 220 221 /* Finds process descriptor for a thread id. 222 * Param: 223 * tid - Thread ID to look up process descriptor for. 224 * Return: 225 * Process descriptor for the thread, or NULL, if process descriptor 226 * has not been found. 227 */ 228 static inline ProcDesc* 229 get_process_from_tid(uint32_t tid) 230 { 231 const ThreadDesc* thread = get_thread_from_tid(tid); 232 return (thread != NULL) ? thread->process : NULL; 233 } 234 235 /* Sets, or replaces process image path in process descriptor. 236 * Generally, new process' image path is unknown untill we calculate it in 237 * the handler for TRACE_DEV_REG_CMDLINE event. This routine is called from 238 * TRACE_DEV_REG_CMDLINE event handler to set, or replace process image path. 239 * Param: 240 * proc - Descriptor of the process where to set, or replace image path. 241 * image_path - Image path to the process, transmitted with 242 * TRACE_DEV_REG_CMDLINE event. 243 * set_flags_on_replace - Flags to be set when current image path for the 244 * process has been actually replaced with the new one. 245 * Return: 246 * Zero on success, or -1 on failure. 247 */ 248 static int 249 procdesc_set_image_path(ProcDesc* proc, 250 const char* image_path, 251 uint32_t set_flags_on_replace) 252 { 253 if (image_path == NULL || proc == NULL) { 254 return 0; 255 } 256 257 if (proc->image_path != NULL) { 258 /* Process could have been forked, and inherited image path of the 259 * parent process. However, it seems that "fork" in terms of TRACE_XXX 260 * is not necessarly a strict "fork", but rather new process creation 261 * in general. So, if that's the case we need to override image path 262 * inherited from the parent process. */ 263 if (!strcmp(proc->image_path, image_path)) { 264 // Paths are the same. Just bail out. 265 return 0; 266 } 267 qemu_free(proc->image_path); 268 proc->image_path = NULL; 269 } 270 271 // Save new image path into process' descriptor. 272 proc->image_path = qemu_malloc(strlen(image_path) + 1); 273 if (proc->image_path == NULL) { 274 ME("memcheck: Unable to allocate %u bytes for image path %s to set it for pid=%u", 275 strlen(image_path) + 1, image_path, proc->pid); 276 return -1; 277 } 278 strcpy(proc->image_path, image_path); 279 proc->flags |= set_flags_on_replace; 280 return 0; 281 } 282 283 /* Frees thread descriptor. */ 284 static void 285 threaddesc_free(ThreadDesc* thread) 286 { 287 uint32_t indx; 288 289 if (thread == NULL) { 290 return; 291 } 292 293 if (thread->call_stack != NULL) { 294 for (indx = 0; indx < thread->call_stack_count; indx++) { 295 if (thread->call_stack[indx].module_path != NULL) { 296 qemu_free(thread->call_stack[indx].module_path); 297 } 298 } 299 qemu_free(thread->call_stack); 300 } 301 qemu_free(thread); 302 } 303 304 // ============================================================================= 305 // Process management API 306 // ============================================================================= 307 308 void 309 memcheck_init_proc_management(void) 310 { 311 QLIST_INIT(&proc_list); 312 QLIST_INIT(&thread_list); 313 } 314 315 ProcDesc* 316 get_process_from_pid(uint32_t pid) 317 { 318 ProcDesc* proc; 319 320 /* Chances are that pid addresses the current process. Lets check this, 321 * so we don't have to iterate through the entire project list. */ 322 if (current_thread != NULL && current_thread->process->pid == pid) { 323 current_process = current_thread->process; 324 return current_process; 325 } 326 327 QLIST_FOREACH(proc, &proc_list, global_entry) { 328 if (pid == proc->pid) { 329 break; 330 } 331 } 332 return proc; 333 } 334 335 ProcDesc* 336 get_current_process(void) 337 { 338 if (current_process == NULL) { 339 const ThreadDesc* cur_thread = get_current_thread(); 340 if (cur_thread != NULL) { 341 current_process = cur_thread->process; 342 } 343 } 344 return current_process; 345 } 346 347 void 348 memcheck_on_call(target_ulong from, target_ulong ret) 349 { 350 const uint32_t grow_by = 32; 351 const uint32_t max_stack = grow_by; 352 ThreadDesc* thread = get_current_thread(); 353 if (thread == NULL) { 354 return; 355 } 356 357 /* We're not saving call stack until process starts execution. */ 358 if (!procdesc_is_executing(thread->process)) { 359 return; 360 } 361 362 const MMRangeDesc* rdesc = procdesc_get_range_desc(thread->process, from); 363 if (rdesc == NULL) { 364 ME("memcheck: Unable to find mapping for guest PC 0x%08X in process %s[pid=%u]", 365 from, thread->process->image_path, thread->process->pid); 366 return; 367 } 368 369 /* Limit calling stack size. There are cases when calling stack can be 370 * quite deep due to recursion (up to 4000 entries). */ 371 if (thread->call_stack_count >= max_stack) { 372 #if 0 373 /* This happens quite often. */ 374 MD("memcheck: Thread stack for %s[pid=%u, tid=%u] is too big: %u", 375 thread->process->image_path, thread->process->pid, thread->tid, 376 thread->call_stack_count); 377 #endif 378 return; 379 } 380 381 if (thread->call_stack_count >= thread->call_stack_max) { 382 /* Expand calling stack array buffer. */ 383 thread->call_stack_max += grow_by; 384 ThreadCallStackEntry* new_array = 385 qemu_malloc(thread->call_stack_max * sizeof(ThreadCallStackEntry)); 386 if (new_array == NULL) { 387 ME("memcheck: Unable to allocate %u bytes for calling stack.", 388 thread->call_stack_max * sizeof(ThreadCallStackEntry)); 389 thread->call_stack_max -= grow_by; 390 return; 391 } 392 if (thread->call_stack_count != 0) { 393 memcpy(new_array, thread->call_stack, 394 thread->call_stack_count * sizeof(ThreadCallStackEntry)); 395 } 396 if (thread->call_stack != NULL) { 397 qemu_free(thread->call_stack); 398 } 399 thread->call_stack = new_array; 400 } 401 thread->call_stack[thread->call_stack_count].call_address = from; 402 thread->call_stack[thread->call_stack_count].call_address_rel = 403 mmrangedesc_get_module_offset(rdesc, from); 404 thread->call_stack[thread->call_stack_count].ret_address = ret; 405 thread->call_stack[thread->call_stack_count].ret_address_rel = 406 mmrangedesc_get_module_offset(rdesc, ret); 407 thread->call_stack[thread->call_stack_count].module_path = 408 qemu_malloc(strlen(rdesc->path) + 1); 409 if (thread->call_stack[thread->call_stack_count].module_path == NULL) { 410 ME("memcheck: Unable to allocate %u bytes for module path in the thread calling stack.", 411 strlen(rdesc->path) + 1); 412 return; 413 } 414 strcpy(thread->call_stack[thread->call_stack_count].module_path, 415 rdesc->path); 416 thread->call_stack_count++; 417 } 418 419 void 420 memcheck_on_ret(target_ulong ret) 421 { 422 ThreadDesc* thread = get_current_thread(); 423 if (thread == NULL) { 424 return; 425 } 426 427 /* We're not saving call stack until process starts execution. */ 428 if (!procdesc_is_executing(thread->process)) { 429 return; 430 } 431 432 if (thread->call_stack_count > 0) { 433 int indx = (int)thread->call_stack_count - 1; 434 for (; indx >= 0; indx--) { 435 if (thread->call_stack[indx].ret_address == ret) { 436 thread->call_stack_count = indx; 437 return; 438 } 439 } 440 } 441 } 442 443 // ============================================================================= 444 // Handlers for events, generated by the kernel. 445 // ============================================================================= 446 447 void 448 memcheck_init_pid(uint32_t new_pid) 449 { 450 create_new_process(new_pid, 0); 451 T(PROC_NEW_PID, "memcheck: init_pid(pid=%u) in current thread tid=%u\n", 452 new_pid, current_tid); 453 } 454 455 void 456 memcheck_switch(uint32_t tid) 457 { 458 /* Since new thread became active, we have to invalidate cached 459 * descriptors for current thread and process. */ 460 current_thread = NULL; 461 current_process = NULL; 462 current_tid = tid; 463 } 464 465 void 466 memcheck_fork(uint32_t tgid, uint32_t new_pid) 467 { 468 ProcDesc* parent_proc; 469 ProcDesc* new_proc; 470 471 /* tgid may match new_pid, in which case current process is the 472 * one that's being forked, otherwise tgid identifies process 473 * that's being forked. */ 474 if (new_pid == tgid) { 475 parent_proc = get_current_process(); 476 } else { 477 parent_proc = get_process_from_tid(tgid); 478 } 479 480 if (parent_proc == NULL) { 481 ME("memcheck: FORK(%u, %u): Unable to look up parent process. Current tid=%u", 482 tgid, new_pid, current_tid); 483 return; 484 } 485 486 if (parent_proc->pid != get_current_process()->pid) { 487 MD("memcheck: FORK(%u, %u): parent %s[pid=%u] is not the current process %s[pid=%u]", 488 tgid, new_pid, parent_proc->image_path, parent_proc->pid, 489 get_current_process()->image_path, get_current_process()->pid); 490 } 491 492 new_proc = create_new_process(new_pid, parent_proc->pid); 493 if (new_proc == NULL) { 494 return; 495 } 496 497 /* Since we're possibly forking parent process, we need to inherit 498 * parent's image path in the forked process. */ 499 procdesc_set_image_path(new_proc, parent_proc->image_path, 0); 500 501 T(PROC_FORK, "memcheck: FORK(tgid=%u, new_pid=%u) by %s[pid=%u] (tid=%u)\n", 502 tgid, new_pid, parent_proc->image_path, parent_proc->pid, current_tid); 503 } 504 505 void 506 memcheck_clone(uint32_t tgid, uint32_t new_tid) 507 { 508 ProcDesc* parent_proc; 509 510 /* tgid may match new_pid, in which case current process is the 511 * one that creates thread, otherwise tgid identifies process 512 * that creates thread. */ 513 if (new_tid == tgid) { 514 parent_proc = get_current_process(); 515 } else { 516 parent_proc = get_process_from_tid(tgid); 517 } 518 519 if (parent_proc == NULL) { 520 ME("memcheck: CLONE(%u, %u) Unable to look up parent process. Current tid=%u", 521 tgid, new_tid, current_tid); 522 return; 523 } 524 525 if (parent_proc->pid != get_current_process()->pid) { 526 ME("memcheck: CLONE(%u, %u): parent %s[pid=%u] is not the current process %s[pid=%u]", 527 tgid, new_tid, parent_proc->image_path, parent_proc->pid, 528 get_current_process()->image_path, get_current_process()->pid); 529 } 530 531 create_new_thread(parent_proc, new_tid); 532 533 T(PROC_CLONE, "memcheck: CLONE(tgid=%u, new_tid=%u) by %s[pid=%u] (tid=%u)\n", 534 tgid, new_tid, parent_proc->image_path, parent_proc->pid, current_tid); 535 } 536 537 void 538 memcheck_set_cmd_line(const char* cmd_arg, unsigned cmdlen) 539 { 540 char parsed[4096]; 541 int n; 542 543 ProcDesc* current_proc = get_current_process(); 544 if (current_proc == NULL) { 545 ME("memcheck: CMDL(%s, %u): Unable to look up process for current tid=%3u", 546 cmd_arg, cmdlen, current_tid); 547 return; 548 } 549 550 /* Image path is the first agrument in cmd line. Note that due to 551 * limitations of TRACE_XXX cmdlen can never exceed CLIENT_PAGE_SIZE */ 552 memcpy(parsed, cmd_arg, cmdlen); 553 554 // Cut first argument off the entire command line. 555 for (n = 0; n < cmdlen; n++) { 556 if (parsed[n] == ' ') { 557 break; 558 } 559 } 560 parsed[n] = '\0'; 561 562 // Save process' image path into descriptor. 563 procdesc_set_image_path(current_proc, parsed, 564 PROC_FLAG_IMAGE_PATH_REPLACED); 565 current_proc->flags |= PROC_FLAG_EXECUTING; 566 567 /* At this point we need to discard memory mappings inherited from 568 * the parent process, since this process has become "independent" from 569 * its parent. */ 570 mmrangemap_empty(¤t_proc->mmrange_map); 571 T(PROC_START, "memcheck: Executing process %s[pid=%u]\n", 572 current_proc->image_path, current_proc->pid); 573 } 574 575 void 576 memcheck_exit(uint32_t exit_code) 577 { 578 ProcDesc* proc; 579 int leaks_reported = 0; 580 MallocDescEx leaked_alloc; 581 582 // Exiting thread descriptor. 583 ThreadDesc* thread = get_current_thread(); 584 if (thread == NULL) { 585 ME("memcheck: EXIT(%u): Unable to look up thread for current tid=%u", 586 exit_code, current_tid); 587 return; 588 } 589 proc = thread->process; 590 591 // Since current thread is exiting, we need to NULL its cached descriptor. 592 current_thread = NULL; 593 594 // Unlist the thread from its process as well as global lists. 595 QLIST_REMOVE(thread, proc_entry); 596 QLIST_REMOVE(thread, global_entry); 597 threaddesc_free(thread); 598 599 /* Lets see if this was last process thread, which would indicate 600 * process termination. */ 601 if (!QLIST_EMPTY(&proc->threads)) { 602 return; 603 } 604 605 // Process is terminating. Report leaks and free resources. 606 proc->flags |= PROC_FLAG_EXITING; 607 608 /* Empty allocation descriptors map for the exiting process, 609 * reporting leaking blocks in the process. */ 610 while (!allocmap_pull_first(&proc->alloc_map, &leaked_alloc)) { 611 /* We should "forgive" blocks that were inherited from the 612 * parent process on fork, or were allocated while process was 613 * in "transition" state. */ 614 if (!mallocdescex_is_inherited_on_fork(&leaked_alloc) && 615 !mallocdescex_is_transition_entry(&leaked_alloc)) { 616 if (!leaks_reported) { 617 // First leak detected. Print report's header. 618 T(CHECK_LEAK, "memcheck: Process %s[pid=%u] is exiting leaking allocated blocks:\n", 619 proc->image_path, proc->pid); 620 } 621 if (trace_flags & TRACE_CHECK_LEAK_ENABLED) { 622 // Dump leaked block information. 623 printf(" Leaked block %u:\n", leaks_reported + 1); 624 memcheck_dump_malloc_desc(&leaked_alloc, 0, 0); 625 if (leaked_alloc.call_stack != NULL) { 626 const int max_stack = 24; 627 if (max_stack >= leaked_alloc.call_stack_count) { 628 printf(" Call stack:\n"); 629 } else { 630 printf(" Call stack (first %u of %u entries):\n", 631 max_stack, leaked_alloc.call_stack_count); 632 } 633 uint32_t stk; 634 for (stk = 0; 635 stk < leaked_alloc.call_stack_count && stk < max_stack; 636 stk++) { 637 const MMRangeDesc* rdesc = 638 procdesc_find_mapentry(proc, 639 leaked_alloc.call_stack[stk]); 640 if (rdesc != NULL) { 641 Elf_AddressInfo elff_info; 642 ELFF_HANDLE elff_handle = NULL; 643 uint32_t rel = 644 mmrangedesc_get_module_offset(rdesc, 645 leaked_alloc.call_stack[stk]); 646 printf(" Frame %u: PC=0x%08X (relative 0x%08X) in module %s\n", 647 stk, leaked_alloc.call_stack[stk], rel, 648 rdesc->path); 649 if (memcheck_get_address_info(leaked_alloc.call_stack[stk], 650 rdesc, &elff_info, 651 &elff_handle) == 0) { 652 printf(" Routine %s @ %s/%s:%u\n", 653 elff_info.routine_name, 654 elff_info.dir_name, 655 elff_info.file_name, 656 elff_info.line_number); 657 elff_free_pc_address_info(elff_handle, 658 &elff_info); 659 elff_close(elff_handle); 660 } 661 } else { 662 printf(" Frame %u: PC=0x%08X in module <unknown>\n", 663 stk, leaked_alloc.call_stack[stk]); 664 665 } 666 } 667 } 668 } 669 leaks_reported++; 670 } 671 } 672 673 if (leaks_reported) { 674 T(CHECK_LEAK, "memcheck: Process %s[pid=%u] is leaking %u allocated blocks.\n", 675 proc->image_path, proc->pid, leaks_reported); 676 } 677 678 T(PROC_EXIT, "memcheck: Exiting process %s[pid=%u] in thread %u. Memory leaks detected: %u\n", 679 proc->image_path, proc->pid, current_tid, leaks_reported); 680 681 /* Since current process is exiting, we need to NULL its cached descriptor, 682 * and unlist it from the list of running processes. */ 683 current_process = NULL; 684 QLIST_REMOVE(proc, global_entry); 685 686 // Empty process' mmapings map. 687 mmrangemap_empty(&proc->mmrange_map); 688 if (proc->image_path != NULL) { 689 qemu_free(proc->image_path); 690 } 691 qemu_free(proc); 692 } 693 694 void 695 memcheck_mmap_exepath(target_ulong vstart, 696 target_ulong vend, 697 target_ulong exec_offset, 698 const char* path) 699 { 700 MMRangeDesc desc; 701 MMRangeDesc replaced; 702 RBTMapResult ins_res; 703 704 ProcDesc* proc = get_current_process(); 705 if (proc == NULL) { 706 ME("memcheck: MMAP(0x%08X, 0x%08X, 0x%08X, %s) Unable to look up current process. Current tid=%u", 707 vstart, vend, exec_offset, path, current_tid); 708 return; 709 } 710 711 /* First, unmap an overlapped section */ 712 memcheck_unmap(vstart, vend); 713 714 /* Add new mapping. */ 715 desc.map_start = vstart; 716 desc.map_end = vend; 717 desc.exec_offset = exec_offset; 718 desc.path = qemu_malloc(strlen(path) + 1); 719 if (desc.path == NULL) { 720 ME("memcheck: MMAP(0x%08X, 0x%08X, 0x%08X, %s) Unable to allocate path for the entry.", 721 vstart, vend, exec_offset, path); 722 return; 723 } 724 strcpy(desc.path, path); 725 726 ins_res = mmrangemap_insert(&proc->mmrange_map, &desc, &replaced); 727 if (ins_res == RBT_MAP_RESULT_ERROR) { 728 ME("memcheck: %s[pid=%u] unable to insert memory mapping entry: 0x%08X - 0x%08X", 729 proc->image_path, proc->pid, vstart, vend); 730 qemu_free(desc.path); 731 return; 732 } 733 734 if (ins_res == RBT_MAP_RESULT_ENTRY_REPLACED) { 735 MD("memcheck: %s[pid=%u] MMRANGE %s[0x%08X - 0x%08X] is replaced with %s[0x%08X - 0x%08X]", 736 proc->image_path, proc->pid, replaced.path, replaced.map_start, 737 replaced.map_end, desc.path, desc.map_start, desc.map_end); 738 qemu_free(replaced.path); 739 } 740 741 T(PROC_MMAP, "memcheck: %s[pid=%u] %s is mapped: 0x%08X - 0x%08X + 0x%08X\n", 742 proc->image_path, proc->pid, path, vstart, vend, exec_offset); 743 } 744 745 void 746 memcheck_unmap(target_ulong vstart, target_ulong vend) 747 { 748 MMRangeDesc desc; 749 ProcDesc* proc = get_current_process(); 750 if (proc == NULL) { 751 ME("memcheck: UNMAP(0x%08X, 0x%08X) Unable to look up current process. Current tid=%u", 752 vstart, vend, current_tid); 753 return; 754 } 755 756 if (mmrangemap_pull(&proc->mmrange_map, vstart, vend, &desc)) { 757 return; 758 } 759 760 if (desc.map_start >= vstart && desc.map_end <= vend) { 761 /* Entire mapping has been deleted. */ 762 T(PROC_MMAP, "memcheck: %s[pid=%u] %s is unmapped: [0x%08X - 0x%08X + 0x%08X]\n", 763 proc->image_path, proc->pid, desc.path, vstart, vend, desc.exec_offset); 764 qemu_free(desc.path); 765 return; 766 } 767 768 /* This can be first stage of "remap" request, when part of the existing 769 * mapping has been unmapped. If that's so, lets cut unmapped part from the 770 * block that we just pulled, and add whatever's left back to the map. */ 771 T(PROC_MMAP, "memcheck: REMAP(0x%08X, 0x%08X + 0x%08X) -> (0x%08X, 0x%08X)\n", 772 desc.map_start, desc.map_end, desc.exec_offset, vstart, vend); 773 if (desc.map_start == vstart) { 774 /* We cut part from the beginning. Add the tail back. */ 775 desc.exec_offset += vend - desc.map_start; 776 desc.map_start = vend; 777 mmrangemap_insert(&proc->mmrange_map, &desc, NULL); 778 } else if (desc.map_end == vend) { 779 /* We cut part from the tail. Add the beginning back. */ 780 desc.map_end = vstart; 781 mmrangemap_insert(&proc->mmrange_map, &desc, NULL); 782 } else { 783 /* We cut piece in the middle. */ 784 MMRangeDesc tail; 785 tail.map_start = vend; 786 tail.map_end = desc.map_end; 787 tail.exec_offset = vend - desc.map_start + desc.exec_offset; 788 tail.path = qemu_malloc(strlen(desc.path) + 1); 789 strcpy(tail.path, desc.path); 790 mmrangemap_insert(&proc->mmrange_map, &tail, NULL); 791 desc.map_end = vstart; 792 mmrangemap_insert(&proc->mmrange_map, &desc, NULL); 793 } 794 } 795
