1 /* 2 * This file is part of ltrace. 3 * Copyright (C) 2011,2012,2013 Petr Machata, Red Hat Inc. 4 * Copyright (C) 2010 Zachary T Welch, CodeSourcery 5 * Copyright (C) 2010 Joe Damato 6 * Copyright (C) 1998,2008,2009 Juan Cespedes 7 * 8 * This program is free software; you can redistribute it and/or 9 * modify it under the terms of the GNU General Public License as 10 * published by the Free Software Foundation; either version 2 of the 11 * License, or (at your option) any later version. 12 * 13 * This program is distributed in the hope that it will be useful, but 14 * WITHOUT ANY WARRANTY; without even the implied warranty of 15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 16 * General Public License for more details. 17 * 18 * You should have received a copy of the GNU General Public License 19 * along with this program; if not, write to the Free Software 20 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 21 * 02110-1301 USA 22 */ 23 24 #define _GNU_SOURCE /* For getline. */ 25 #include "config.h" 26 27 #include <sys/stat.h> 28 #include <sys/syscall.h> 29 #include <sys/types.h> 30 #include <ctype.h> 31 #include <dirent.h> 32 #include <errno.h> 33 #include <fcntl.h> 34 #include <inttypes.h> 35 #include <link.h> 36 #include <signal.h> 37 #include <stdio.h> 38 #include <stdlib.h> 39 #include <string.h> 40 #include <unistd.h> 41 42 #include "backend.h" 43 #include "breakpoint.h" 44 #include "config.h" 45 #include "debug.h" 46 #include "events.h" 47 #include "library.h" 48 #include "ltrace-elf.h" 49 #include "proc.h" 50 51 /* /proc/pid doesn't exist just after the fork, and sometimes `ltrace' 52 * couldn't open it to find the executable. So it may be necessary to 53 * have a bit delay 54 */ 55 56 #define MAX_DELAY 100000 /* 100000 microseconds = 0.1 seconds */ 57 58 #define PROC_PID_FILE(VAR, FORMAT, PID) \ 59 char VAR[strlen(FORMAT) + 6]; \ 60 sprintf(VAR, FORMAT, PID) 61 62 /* 63 * Returns a (malloc'd) file name corresponding to a running pid 64 */ 65 char * 66 pid2name(pid_t pid) { 67 if (!kill(pid, 0)) { 68 int delay = 0; 69 70 PROC_PID_FILE(proc_exe, "/proc/%d/exe", pid); 71 72 while (delay < MAX_DELAY) { 73 if (!access(proc_exe, F_OK)) { 74 return strdup(proc_exe); 75 } 76 delay += 1000; /* 1 milisecond */ 77 } 78 } 79 return NULL; 80 } 81 82 static FILE * 83 open_status_file(pid_t pid) 84 { 85 PROC_PID_FILE(fn, "/proc/%d/status", pid); 86 /* Don't complain if we fail. This would typically happen 87 when the process is about to terminate, and these files are 88 not available anymore. This function is called from the 89 event loop, and we don't want to clutter the output just 90 because the process terminates. */ 91 return fopen(fn, "r"); 92 } 93 94 static char * 95 find_line_starting(FILE * file, const char * prefix, size_t len) 96 { 97 char * line = NULL; 98 size_t line_len = 0; 99 while (!feof(file)) { 100 if (getline(&line, &line_len, file) < 0) 101 return NULL; 102 if (strncmp(line, prefix, len) == 0) 103 return line; 104 } 105 return NULL; 106 } 107 108 static void 109 each_line_starting(FILE *file, const char *prefix, 110 enum callback_status (*cb)(const char *line, 111 const char *prefix, 112 void *data), 113 void *data) 114 { 115 size_t len = strlen(prefix); 116 char * line; 117 while ((line = find_line_starting(file, prefix, len)) != NULL) { 118 enum callback_status st = (*cb)(line, prefix, data); 119 free(line); 120 if (st == CBS_STOP) 121 return; 122 } 123 } 124 125 static enum callback_status 126 process_leader_cb(const char *line, const char *prefix, void *data) 127 { 128 pid_t * pidp = data; 129 *pidp = atoi(line + strlen(prefix)); 130 return CBS_STOP; 131 } 132 133 pid_t 134 process_leader(pid_t pid) 135 { 136 pid_t tgid = 0; 137 FILE * file = open_status_file(pid); 138 if (file != NULL) { 139 each_line_starting(file, "Tgid:\t", &process_leader_cb, &tgid); 140 fclose(file); 141 } 142 143 return tgid; 144 } 145 146 static enum callback_status 147 process_stopped_cb(const char *line, const char *prefix, void *data) 148 { 149 char c = line[strlen(prefix)]; 150 // t:tracing stop, T:job control stop 151 *(int *)data = (c == 't' || c == 'T'); 152 return CBS_STOP; 153 } 154 155 int 156 process_stopped(pid_t pid) 157 { 158 int is_stopped = -1; 159 FILE * file = open_status_file(pid); 160 if (file != NULL) { 161 each_line_starting(file, "State:\t", &process_stopped_cb, 162 &is_stopped); 163 fclose(file); 164 } 165 return is_stopped; 166 } 167 168 static enum callback_status 169 process_status_cb(const char *line, const char *prefix, void *data) 170 { 171 const char * status = line + strlen(prefix); 172 const char c = *status; 173 174 #define RETURN(C) do { \ 175 *(enum process_status *)data = C; \ 176 return CBS_STOP; \ 177 } while (0) 178 179 switch (c) { 180 case 'Z': RETURN(PS_ZOMBIE); 181 case 't': RETURN(PS_TRACING_STOP); 182 case 'T': 183 /* This can be either "T (stopped)" or, for older 184 * kernels, "T (tracing stop)". */ 185 if (!strcmp(status, "T (stopped)\n")) 186 RETURN(PS_STOP); 187 else if (!strcmp(status, "T (tracing stop)\n")) 188 RETURN(PS_TRACING_STOP); 189 else { 190 fprintf(stderr, "Unknown process status: %s", 191 status); 192 RETURN(PS_STOP); /* Some sort of stop 193 * anyway. */ 194 } 195 case 'D': 196 case 'S': RETURN(PS_SLEEPING); 197 } 198 199 RETURN(PS_OTHER); 200 #undef RETURN 201 } 202 203 enum process_status 204 process_status(pid_t pid) 205 { 206 enum process_status ret = PS_INVALID; 207 FILE * file = open_status_file(pid); 208 if (file != NULL) { 209 each_line_starting(file, "State:\t", &process_status_cb, &ret); 210 fclose(file); 211 if (ret == PS_INVALID) 212 fprintf(stderr, 213 "Couldn't determine status of process %d: %s\n", 214 pid, strerror(errno)); 215 } else { 216 /* If the file is not present, the process presumably 217 * exited already. */ 218 ret = PS_ZOMBIE; 219 } 220 221 return ret; 222 } 223 224 static int 225 all_digits(const char *str) 226 { 227 while (isdigit(*str)) 228 str++; 229 return !*str; 230 } 231 232 int 233 process_tasks(pid_t pid, pid_t **ret_tasks, size_t *ret_n) 234 { 235 PROC_PID_FILE(fn, "/proc/%d/task", pid); 236 DIR *d = opendir(fn); 237 if (d == NULL) 238 return -1; 239 240 pid_t *tasks = NULL; 241 size_t n = 0; 242 size_t alloc = 0; 243 244 while (1) { 245 struct dirent entry; 246 struct dirent *result; 247 if (readdir_r(d, &entry, &result) != 0) { 248 fail: 249 free(tasks); 250 closedir(d); 251 return -1; 252 } 253 if (result == NULL) 254 break; 255 if (result->d_type == DT_DIR && all_digits(result->d_name)) { 256 pid_t npid = atoi(result->d_name); 257 if (n >= alloc) { 258 alloc = alloc > 0 ? (2 * alloc) : 8; 259 pid_t *ntasks = realloc(tasks, 260 sizeof(*tasks) * alloc); 261 if (ntasks == NULL) 262 goto fail; 263 tasks = ntasks; 264 } 265 assert(n < alloc); 266 tasks[n++] = npid; 267 } 268 } 269 270 closedir(d); 271 272 *ret_tasks = tasks; 273 *ret_n = n; 274 return 0; 275 } 276 277 /* On native 64-bit system, we need to be careful when handling cross 278 * tracing. This select appropriate pointer depending on host and 279 * target architectures. XXX Really we should abstract this into the 280 * ABI object, as theorized about somewhere on pmachata/revamp 281 * branch. */ 282 static void * 283 select_32_64(struct process *proc, void *p32, void *p64) 284 { 285 if (sizeof(long) == 4 || proc->mask_32bit) 286 return p32; 287 else 288 return p64; 289 } 290 291 static int 292 fetch_dyn64(struct process *proc, arch_addr_t *addr, Elf64_Dyn *ret) 293 { 294 if (umovebytes(proc, *addr, ret, sizeof(*ret)) != sizeof(*ret)) 295 return -1; 296 *addr += sizeof(*ret); 297 return 0; 298 } 299 300 static int 301 fetch_dyn32(struct process *proc, arch_addr_t *addr, Elf64_Dyn *ret) 302 { 303 Elf32_Dyn dyn; 304 if (umovebytes(proc, *addr, &dyn, sizeof(dyn)) != sizeof(dyn)) 305 return -1; 306 307 *addr += sizeof(dyn); 308 ret->d_tag = dyn.d_tag; 309 ret->d_un.d_val = dyn.d_un.d_val; 310 311 return 0; 312 } 313 314 static int (* 315 dyn_fetcher(struct process *proc))(struct process *, 316 arch_addr_t *, Elf64_Dyn *) 317 { 318 return select_32_64(proc, fetch_dyn32, fetch_dyn64); 319 } 320 321 int 322 proc_find_dynamic_entry_addr(struct process *proc, arch_addr_t src_addr, 323 int d_tag, arch_addr_t *ret) 324 { 325 debug(DEBUG_FUNCTION, "find_dynamic_entry()"); 326 327 if (ret == NULL || src_addr == 0 || d_tag < 0) 328 return -1; 329 330 int i = 0; 331 while (1) { 332 Elf64_Dyn entry; 333 if (dyn_fetcher(proc)(proc, &src_addr, &entry) < 0 334 || entry.d_tag == DT_NULL 335 || i++ > 100) { /* Arbitrary cut-off so that we 336 * don't loop forever if the 337 * binary is corrupted. */ 338 debug(2, "Couldn't find address for dtag!"); 339 return -1; 340 } 341 342 if (entry.d_tag == d_tag) { 343 /* XXX The double cast should be removed when 344 * arch_addr_t becomes integral type. */ 345 *ret = (arch_addr_t)(uintptr_t)entry.d_un.d_val; 346 debug(2, "found address: %p in dtag %d", *ret, d_tag); 347 return 0; 348 } 349 } 350 } 351 352 /* Our own type for representing 32-bit linkmap. We can't rely on the 353 * definition in link.h, because that's only accurate for our host 354 * architecture, not for target architecture (where the traced process 355 * runs). */ 356 #define LT_LINK_MAP(BITS) \ 357 { \ 358 Elf##BITS##_Addr l_addr; \ 359 Elf##BITS##_Addr l_name; \ 360 Elf##BITS##_Addr l_ld; \ 361 Elf##BITS##_Addr l_next; \ 362 Elf##BITS##_Addr l_prev; \ 363 } 364 struct lt_link_map_32 LT_LINK_MAP(32); 365 struct lt_link_map_64 LT_LINK_MAP(64); 366 367 static int 368 fetch_lm64(struct process *proc, arch_addr_t addr, 369 struct lt_link_map_64 *ret) 370 { 371 if (umovebytes(proc, addr, ret, sizeof(*ret)) != sizeof(*ret)) 372 return -1; 373 return 0; 374 } 375 376 static int 377 fetch_lm32(struct process *proc, arch_addr_t addr, 378 struct lt_link_map_64 *ret) 379 { 380 struct lt_link_map_32 lm; 381 if (umovebytes(proc, addr, &lm, sizeof(lm)) != sizeof(lm)) 382 return -1; 383 384 ret->l_addr = lm.l_addr; 385 ret->l_name = lm.l_name; 386 ret->l_ld = lm.l_ld; 387 ret->l_next = lm.l_next; 388 ret->l_prev = lm.l_prev; 389 390 return 0; 391 } 392 393 static int (* 394 lm_fetcher(struct process *proc))(struct process *, 395 arch_addr_t, struct lt_link_map_64 *) 396 { 397 return select_32_64(proc, fetch_lm32, fetch_lm64); 398 } 399 400 /* The same as above holds for struct r_debug. */ 401 #define LT_R_DEBUG(BITS) \ 402 { \ 403 int r_version; \ 404 Elf##BITS##_Addr r_map; \ 405 Elf##BITS##_Addr r_brk; \ 406 int r_state; \ 407 Elf##BITS##_Addr r_ldbase; \ 408 } 409 410 struct lt_r_debug_32 LT_R_DEBUG(32); 411 struct lt_r_debug_64 LT_R_DEBUG(64); 412 413 static int 414 fetch_rd64(struct process *proc, arch_addr_t addr, 415 struct lt_r_debug_64 *ret) 416 { 417 if (umovebytes(proc, addr, ret, sizeof(*ret)) != sizeof(*ret)) 418 return -1; 419 return 0; 420 } 421 422 static int 423 fetch_rd32(struct process *proc, arch_addr_t addr, 424 struct lt_r_debug_64 *ret) 425 { 426 struct lt_r_debug_32 rd; 427 if (umovebytes(proc, addr, &rd, sizeof(rd)) != sizeof(rd)) 428 return -1; 429 430 ret->r_version = rd.r_version; 431 ret->r_map = rd.r_map; 432 ret->r_brk = rd.r_brk; 433 ret->r_state = rd.r_state; 434 ret->r_ldbase = rd.r_ldbase; 435 436 return 0; 437 } 438 439 static int (* 440 rdebug_fetcher(struct process *proc))(struct process *, 441 arch_addr_t, struct lt_r_debug_64 *) 442 { 443 return select_32_64(proc, fetch_rd32, fetch_rd64); 444 } 445 446 static int 447 fetch_auxv64_entry(int fd, Elf64_auxv_t *ret) 448 { 449 /* Reaching EOF is as much problem as not reading whole 450 * entry. */ 451 return read(fd, ret, sizeof(*ret)) == sizeof(*ret) ? 0 : -1; 452 } 453 454 static int 455 fetch_auxv32_entry(int fd, Elf64_auxv_t *ret) 456 { 457 Elf32_auxv_t auxv; 458 if (read(fd, &auxv, sizeof(auxv)) != sizeof(auxv)) 459 return -1; 460 461 ret->a_type = auxv.a_type; 462 ret->a_un.a_val = auxv.a_un.a_val; 463 return 0; 464 } 465 466 static int (* 467 auxv_fetcher(struct process *proc))(int, Elf64_auxv_t *) 468 { 469 return select_32_64(proc, fetch_auxv32_entry, fetch_auxv64_entry); 470 } 471 472 static void 473 crawl_linkmap(struct process *proc, struct lt_r_debug_64 *dbg) 474 { 475 debug (DEBUG_FUNCTION, "crawl_linkmap()"); 476 477 if (!dbg || !dbg->r_map) { 478 debug(2, "Debug structure or it's linkmap are NULL!"); 479 return; 480 } 481 482 /* XXX The double cast should be removed when 483 * arch_addr_t becomes integral type. */ 484 arch_addr_t addr = (arch_addr_t)(uintptr_t)dbg->r_map; 485 486 while (addr != 0) { 487 struct lt_link_map_64 rlm = {}; 488 if (lm_fetcher(proc)(proc, addr, &rlm) < 0) { 489 debug(2, "Unable to read link map"); 490 return; 491 } 492 493 arch_addr_t key = addr; 494 /* XXX The double cast should be removed when 495 * arch_addr_t becomes integral type. */ 496 addr = (arch_addr_t)(uintptr_t)rlm.l_next; 497 if (rlm.l_name == 0) { 498 debug(2, "Name of mapped library is NULL"); 499 return; 500 } 501 502 char lib_name[BUFSIZ]; 503 /* XXX The double cast should be removed when 504 * arch_addr_t becomes integral type. */ 505 umovebytes(proc, (arch_addr_t)(uintptr_t)rlm.l_name, 506 lib_name, sizeof(lib_name)); 507 508 /* Library name can be an empty string, in which case 509 * the entry represents either the main binary, or a 510 * VDSO. Unfortunately we can't rely on that, as in 511 * recent glibc, that entry is initialized to VDSO 512 * SONAME. 513 * 514 * It's not clear how to detect VDSO in this case. We 515 * can't assume that l_name of real DSOs will be 516 * either absolute or relative (for LD_LIBRARY_PATH=: 517 * it will be neither). We can't compare l_addr with 518 * AT_SYSINFO_EHDR either, as l_addr is bias (which 519 * also means it's not unique, and therefore useless 520 * for this). We could load VDSO from process image 521 * and at least compare actual SONAMEs. For now, this 522 * kludge is about the best that we can do. */ 523 if (*lib_name == 0 524 || strcmp(lib_name, "linux-vdso.so.1") == 0 525 || strcmp(lib_name, "linux-gate.so.1") == 0 526 || strcmp(lib_name, "linux-vdso32.so.1") == 0 527 || strcmp(lib_name, "linux-vdso64.so.1") == 0) 528 continue; 529 530 /* Do we have that library already? */ 531 if (proc_each_library(proc, NULL, library_with_key_cb, &key)) 532 continue; 533 534 struct library *lib = malloc(sizeof(*lib)); 535 if (lib == NULL) { 536 fail: 537 free(lib); 538 fprintf(stderr, "Couldn't load ELF object %s: %s\n", 539 lib_name, strerror(errno)); 540 continue; 541 } 542 543 if (library_init(lib, LT_LIBTYPE_DSO) < 0) 544 goto fail; 545 546 if (ltelf_read_library(lib, proc, lib_name, rlm.l_addr) < 0) { 547 library_destroy(lib); 548 goto fail; 549 } 550 551 lib->key = key; 552 proc_add_library(proc, lib); 553 } 554 return; 555 } 556 557 static int 558 load_debug_struct(struct process *proc, struct lt_r_debug_64 *ret) 559 { 560 debug(DEBUG_FUNCTION, "load_debug_struct"); 561 562 if (rdebug_fetcher(proc)(proc, proc->os.debug_addr, ret) < 0) { 563 debug(2, "This process does not have a debug structure!"); 564 return -1; 565 } 566 567 return 0; 568 } 569 570 static void 571 rdebug_bp_on_hit(struct breakpoint *bp, struct process *proc) 572 { 573 debug(DEBUG_FUNCTION, "arch_check_dbg"); 574 575 struct lt_r_debug_64 rdbg; 576 if (load_debug_struct(proc, &rdbg) < 0) { 577 debug(2, "Unable to load debug structure!"); 578 return; 579 } 580 581 if (rdbg.r_state == RT_CONSISTENT) { 582 debug(2, "Linkmap is now consistent"); 583 switch (proc->os.debug_state) { 584 case RT_ADD: 585 debug(2, "Adding DSO to linkmap"); 586 crawl_linkmap(proc, &rdbg); 587 break; 588 case RT_DELETE: 589 debug(2, "Removing DSO from linkmap"); 590 // XXX unload that library 591 break; 592 default: 593 debug(2, "Unexpected debug state!"); 594 } 595 } 596 597 proc->os.debug_state = rdbg.r_state; 598 } 599 600 #ifndef ARCH_HAVE_FIND_DL_DEBUG 601 int 602 arch_find_dl_debug(struct process *proc, arch_addr_t dyn_addr, 603 arch_addr_t *ret) 604 { 605 return proc_find_dynamic_entry_addr(proc, dyn_addr, DT_DEBUG, ret); 606 } 607 #endif 608 609 int 610 linkmap_init(struct process *proc, arch_addr_t dyn_addr) 611 { 612 debug(DEBUG_FUNCTION, "linkmap_init(%d, dyn_addr=%p)", proc->pid, dyn_addr); 613 614 if (arch_find_dl_debug(proc, dyn_addr, &proc->os.debug_addr) == -1) { 615 debug(2, "Couldn't find debug structure!"); 616 return -1; 617 } 618 619 int status; 620 struct lt_r_debug_64 rdbg; 621 if ((status = load_debug_struct(proc, &rdbg)) < 0) { 622 debug(2, "No debug structure or no memory to allocate one!"); 623 return status; 624 } 625 626 crawl_linkmap(proc, &rdbg); 627 628 /* XXX The double cast should be removed when 629 * arch_addr_t becomes integral type. */ 630 arch_addr_t addr = (arch_addr_t)(uintptr_t)rdbg.r_brk; 631 if (arch_translate_address_dyn(proc, addr, &addr) < 0) 632 return -1; 633 634 struct breakpoint *rdebug_bp = insert_breakpoint_at(proc, addr, NULL); 635 if (rdebug_bp == NULL) { 636 /* This is not fatal, the tracing can continue with 637 * reduced functionality. */ 638 fprintf(stderr, 639 "Couldn't insert _r_debug breakpoint to %d: %s.\n" 640 "As a result of that, ltrace will not be able to " 641 "detect and trace\nnewly-loaded libraries.\n", 642 proc->pid, strerror(errno)); 643 } else { 644 static struct bp_callbacks rdebug_callbacks = { 645 .on_hit = rdebug_bp_on_hit, 646 }; 647 rdebug_bp->cbs = &rdebug_callbacks; 648 } 649 650 return 0; 651 } 652 653 int 654 task_kill (pid_t pid, int sig) 655 { 656 // Taken from GDB 657 int ret; 658 659 errno = 0; 660 ret = syscall (__NR_tkill, pid, sig); 661 return ret; 662 } 663 664 void 665 process_removed(struct process *proc) 666 { 667 delete_events_for(proc); 668 } 669 670 int 671 process_get_entry(struct process *proc, 672 arch_addr_t *entryp, 673 arch_addr_t *interp_biasp) 674 { 675 PROC_PID_FILE(fn, "/proc/%d/auxv", proc->pid); 676 int fd = open(fn, O_RDONLY); 677 int ret = 0; 678 if (fd == -1) { 679 fail: 680 fprintf(stderr, "couldn't read %s: %s", fn, strerror(errno)); 681 ret = -1; 682 done: 683 if (fd != -1) 684 close(fd); 685 return ret; 686 } 687 688 arch_addr_t at_entry = 0; 689 arch_addr_t at_bias = 0; 690 while (1) { 691 Elf64_auxv_t entry = {}; 692 if (auxv_fetcher(proc)(fd, &entry) < 0) 693 goto fail; 694 695 switch (entry.a_type) { 696 case AT_BASE: 697 /* XXX The double cast should be removed when 698 * arch_addr_t becomes integral type. */ 699 at_bias = (arch_addr_t)(uintptr_t)entry.a_un.a_val; 700 continue; 701 702 case AT_ENTRY: 703 /* XXX The double cast should be removed when 704 * arch_addr_t becomes integral type. */ 705 at_entry = (arch_addr_t)(uintptr_t)entry.a_un.a_val; 706 default: 707 continue; 708 709 case AT_NULL: 710 break; 711 } 712 break; 713 } 714 715 if (entryp != NULL) 716 *entryp = at_entry; 717 if (interp_biasp != NULL) 718 *interp_biasp = at_bias; 719 goto done; 720 } 721 722 int 723 os_process_init(struct process *proc) 724 { 725 proc->os.debug_addr = 0; 726 proc->os.debug_state = 0; 727 return 0; 728 } 729 730 void 731 os_process_destroy(struct process *proc) 732 { 733 } 734 735 int 736 os_process_clone(struct process *retp, struct process *proc) 737 { 738 retp->os = proc->os; 739 return 0; 740 } 741 742 int 743 os_process_exec(struct process *proc) 744 { 745 return 0; 746 } 747
