1 /*--------------------------------------------------------------------*/ 2 /*--- Implementation of vgdb invoker subsystem via ptrace() calls. ---*/ 3 /*--------------------------------------------------------------------*/ 4 5 /* 6 This file is part of Valgrind, a dynamic binary instrumentation 7 framework. 8 9 Copyright (C) 2011-2017 Philippe Waroquiers 10 11 This program is free software; you can redistribute it and/or 12 modify it under the terms of the GNU General Public License as 13 published by the Free Software Foundation; either version 2 of the 14 License, or (at your option) any later version. 15 16 This program is distributed in the hope that it will be useful, but 17 WITHOUT ANY WARRANTY; without even the implied warranty of 18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 19 General Public License for more details. 20 21 You should have received a copy of the GNU General Public License 22 along with this program; if not, write to the Free Software 23 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 24 02111-1307, USA. 25 26 The GNU General Public License is contained in the file COPYING. 27 */ 28 29 #include "config.h" 30 31 #include "vgdb.h" 32 #include "pub_core_threadstate.h" 33 34 #include <alloca.h> 35 #include <assert.h> 36 #include <errno.h> 37 #include <stdio.h> 38 #include <stdlib.h> 39 #include <string.h> 40 #include <sys/ptrace.h> 41 #include <sys/time.h> 42 #include <sys/user.h> 43 #include <sys/wait.h> 44 45 #ifdef PTRACE_GETREGSET 46 // TBD: better have a configure test instead ? 47 #define HAVE_PTRACE_GETREGSET 48 49 // A bi-arch build using PTRACE_GET/SETREGSET needs 50 // some conversion code for register structures. 51 // So, better do not use PTRACE_GET/SETREGSET 52 // Rather we use PTRACE_GETREGS or PTRACE_PEEKUSER. 53 54 // The only platform on which we must use PTRACE_GETREGSET is arm64. 55 // The resulting vgdb cannot work in a bi-arch setup. 56 // -1 means we will check that PTRACE_GETREGSET works. 57 # if defined(VGA_arm64) 58 #define USE_PTRACE_GETREGSET 59 # endif 60 #endif 61 62 #include <sys/uio.h> 63 #include <elf.h> 64 65 #include <sys/procfs.h> 66 67 // glibc versions prior to 2.5 do not define PTRACE_GETSIGINFO on 68 // the platforms we support. 69 #if !((__GLIBC__ > 2) || (__GLIBC__ == 2 && __GLIBC_MINOR__ >= 5)) 70 # ifndef PTRACE_GETSIGINFO 71 # define PTRACE_GETSIGINFO 0x4202 72 # endif 73 #endif 74 75 // 32-bit or 64-bit wide, depending on primary architecture. 76 typedef Addr CORE_ADDR; 77 typedef Addr PTRACE_XFER_TYPE; 78 typedef void* PTRACE_ARG3_TYPE; 79 80 // if > 0, pid for which registers have to be restored. 81 // if == 0, means we have not yet called setregs (or have already 82 // restored the registers). 83 static int pid_of_save_regs = 0; 84 /* True if we have continued pid_of_save_regs after PTRACE_ATTACH. */ 85 static Bool pid_of_save_regs_continued = False; 86 // When setregs has been called to change the registers of pid_of_save_regs, 87 // vgdb cannot transmit the signals intercepted during ptrace. 88 // So, we queue them, and will deliver them when detaching. 89 // See function waitstopped for more info. 90 static int signal_queue_sz = 0; 91 static siginfo_t *signal_queue; 92 93 /* True when loss of connection indicating that the Valgrind 94 process is dying. */ 95 static Bool dying = False; 96 97 /* ptrace_(read|write)_memory are modified extracts of linux-low.c 98 from gdb 6.6. Copyrighted FSF */ 99 /* Copy LEN bytes from valgrind memory starting at MEMADDR 100 to vgdb memory starting at MYADDR. */ 101 static 102 int ptrace_read_memory (pid_t inferior_pid, CORE_ADDR memaddr, 103 void *myaddr, size_t len) 104 { 105 register int i; 106 /* Round starting address down to longword boundary. */ 107 register CORE_ADDR addr = memaddr & -(CORE_ADDR) sizeof (PTRACE_XFER_TYPE); 108 /* Round ending address up; get number of longwords that makes. */ 109 register int count 110 = (((memaddr + len) - addr) + sizeof (PTRACE_XFER_TYPE) - 1) 111 / sizeof (PTRACE_XFER_TYPE); 112 /* Allocate buffer of that many longwords. */ 113 register PTRACE_XFER_TYPE *buffer 114 = (PTRACE_XFER_TYPE *) alloca (count * sizeof (PTRACE_XFER_TYPE)); 115 116 /* Read all the longwords */ 117 for (i = 0; i < count; i++, addr += sizeof (PTRACE_XFER_TYPE)) { 118 errno = 0; 119 buffer[i] = ptrace (PTRACE_PEEKTEXT, inferior_pid, 120 (PTRACE_ARG3_TYPE) addr, 0); 121 if (errno) 122 return errno; 123 } 124 125 /* Copy appropriate bytes out of the buffer. */ 126 memcpy (myaddr, 127 (char *) buffer + (memaddr & (sizeof (PTRACE_XFER_TYPE) - 1)), len); 128 129 return 0; 130 } 131 132 /* Copy LEN bytes of data from vgdb memory at MYADDR 133 to valgrind memory at MEMADDR. 134 On failure (cannot write the valgrind memory) 135 returns the value of errno. */ 136 __attribute__((unused)) /* not used on all platforms */ 137 static 138 int ptrace_write_memory (pid_t inferior_pid, CORE_ADDR memaddr, 139 const void *myaddr, size_t len) 140 { 141 register int i; 142 /* Round starting address down to longword boundary. */ 143 register CORE_ADDR addr = memaddr & -(CORE_ADDR) sizeof (PTRACE_XFER_TYPE); 144 /* Round ending address up; get number of longwords that makes. */ 145 register int count 146 = (((memaddr + len) - addr) + sizeof (PTRACE_XFER_TYPE) - 1) 147 / sizeof (PTRACE_XFER_TYPE); 148 /* Allocate buffer of that many longwords. */ 149 register PTRACE_XFER_TYPE *buffer 150 = (PTRACE_XFER_TYPE *) alloca (count * sizeof (PTRACE_XFER_TYPE)); 151 152 if (debuglevel >= 1) { 153 DEBUG (1, "Writing "); 154 for (i = 0; i < len; i++) 155 PDEBUG (1, "%02x", ((const unsigned char*)myaddr)[i]); 156 PDEBUG(1, " to %p\n", (void *) memaddr); 157 } 158 159 /* Fill start and end extra bytes of buffer with existing memory data. */ 160 161 buffer[0] = ptrace (PTRACE_PEEKTEXT, inferior_pid, 162 (PTRACE_ARG3_TYPE) addr, 0); 163 164 if (count > 1) { 165 buffer[count - 1] 166 = ptrace (PTRACE_PEEKTEXT, inferior_pid, 167 (PTRACE_ARG3_TYPE) (addr + (count - 1) 168 * sizeof (PTRACE_XFER_TYPE)), 169 0); 170 } 171 172 /* Copy data to be written over corresponding part of buffer */ 173 174 memcpy ((char *) buffer + (memaddr & (sizeof (PTRACE_XFER_TYPE) - 1)), 175 myaddr, len); 176 177 /* Write the entire buffer. */ 178 179 for (i = 0; i < count; i++, addr += sizeof (PTRACE_XFER_TYPE)) { 180 errno = 0; 181 ptrace (PTRACE_POKETEXT, inferior_pid, 182 (PTRACE_ARG3_TYPE) addr, buffer[i]); 183 if (errno) 184 return errno; 185 } 186 187 return 0; 188 } 189 190 /* subset of VG_(threads) needed for vgdb ptrace. 191 This is initialized when process is attached. */ 192 typedef struct { 193 ThreadStatus status; 194 Int lwpid; 195 } 196 VgdbThreadState; 197 static VgdbThreadState *vgdb_threads; 198 static int vg_n_threads; 199 200 static const 201 HChar* name_of_ThreadStatus ( ThreadStatus status ) 202 { 203 switch (status) { 204 case VgTs_Empty: return "VgTs_Empty"; 205 case VgTs_Init: return "VgTs_Init"; 206 case VgTs_Runnable: return "VgTs_Runnable"; 207 case VgTs_WaitSys: return "VgTs_WaitSys"; 208 case VgTs_Yielding: return "VgTs_Yielding"; 209 case VgTs_Zombie: return "VgTs_Zombie"; 210 default: return "VgTs_???"; 211 } 212 } 213 214 static 215 char *status_image (int status) 216 { 217 static char result[256]; // large enough 218 int sz = 0; 219 #define APPEND(...) sz += snprintf (result+sz, 256 - sz - 1, __VA_ARGS__) 220 221 result[0] = 0; 222 223 if (WIFEXITED(status)) 224 APPEND ("WIFEXITED %d ", WEXITSTATUS(status)); 225 226 if (WIFSIGNALED(status)) { 227 APPEND ("WIFSIGNALED %d ", WTERMSIG(status)); 228 if (WCOREDUMP(status)) APPEND ("WCOREDUMP "); 229 } 230 231 if (WIFSTOPPED(status)) 232 APPEND ("WIFSTOPPED %d ", WSTOPSIG(status)); 233 234 #ifdef WIFCONTINUED 235 if (WIFCONTINUED(status)) 236 APPEND ("WIFCONTINUED "); 237 #endif 238 239 return result; 240 #undef APPEND 241 } 242 243 /* Wait till the process pid is reported as stopped with signal_expected. 244 If other signal(s) than signal_expected are received, waitstopped 245 will pass them to pid, waiting for signal_expected to stop pid. 246 Returns True when process is in stopped state with signal_expected. 247 Returns False if a problem was encountered while waiting for pid 248 to be stopped. 249 250 If pid is reported as being dead/exited, waitstopped will return False. 251 */ 252 static 253 Bool waitstopped (pid_t pid, int signal_expected, const char *msg) 254 { 255 pid_t p; 256 int status = 0; 257 int signal_received; 258 int res; 259 260 while (1) { 261 DEBUG(1, "waitstopped %s before waitpid signal_expected %d\n", 262 msg, signal_expected); 263 p = waitpid(pid, &status, __WALL); 264 DEBUG(1, "after waitpid pid %d p %d status 0x%x %s\n", pid, p, 265 status, status_image (status)); 266 if (p != pid) { 267 ERROR(errno, "%s waitpid pid %d in waitstopped %d status 0x%x %s\n", 268 msg, pid, p, status, status_image (status)); 269 return False; 270 } 271 272 if (WIFEXITED(status)) { 273 shutting_down = True; 274 return False; 275 } 276 277 assert (WIFSTOPPED(status)); 278 signal_received = WSTOPSIG(status); 279 if (signal_received == signal_expected) 280 break; 281 282 /* pid received a signal which is not the signal we are waiting for. 283 If we have not (yet) changed the registers of the inferior 284 or we have (already) reset them, we can transmit the signal. 285 286 If we have already set the registers of the inferior, we cannot 287 transmit the signal, as this signal would arrive when the 288 gdbserver code runs. And valgrind only expects signals to 289 arrive in a small code portion around 290 client syscall logic, where signal are unmasked (see e.g. 291 m_syswrap/syscall-x86-linux.S ML_(do_syscall_for_client_WRK). 292 293 As ptrace is forcing a call to gdbserver by jumping 294 'out of this region', signals are not masked, but 295 will arrive outside of the allowed/expected code region. 296 So, if we have changed the registers of the inferior, we 297 rather queue the signal to transmit them when detaching, 298 after having restored the registers to the initial values. */ 299 if (pid_of_save_regs) { 300 siginfo_t *newsiginfo; 301 302 // realloc a bigger queue, and store new signal at the end. 303 // This is not very efficient but we assume not many sigs are queued. 304 signal_queue_sz++; 305 signal_queue = vrealloc(signal_queue, 306 sizeof(siginfo_t) * signal_queue_sz); 307 newsiginfo = signal_queue + (signal_queue_sz - 1); 308 309 res = ptrace (PTRACE_GETSIGINFO, pid, NULL, newsiginfo); 310 if (res != 0) { 311 ERROR(errno, "PTRACE_GETSIGINFO failed: signal lost !!!!\n"); 312 signal_queue_sz--; 313 } else 314 DEBUG(1, "waitstopped PTRACE_CONT, queuing signal %d" 315 " si_signo %d si_pid %d\n", 316 signal_received, newsiginfo->si_signo, newsiginfo->si_pid); 317 res = ptrace (PTRACE_CONT, pid, NULL, 0); 318 } else { 319 DEBUG(1, "waitstopped PTRACE_CONT with signal %d\n", signal_received); 320 res = ptrace (PTRACE_CONT, pid, NULL, signal_received); 321 } 322 if (res != 0) { 323 ERROR(errno, "waitstopped PTRACE_CONT\n"); 324 return False; 325 } 326 } 327 328 return True; 329 } 330 331 /* Stops the given pid, wait for the process to be stopped. 332 Returns True if successful, False otherwise. 333 msg is used in tracing and error reporting. */ 334 static 335 Bool stop (pid_t pid, const char *msg) 336 { 337 long res; 338 339 DEBUG(1, "%s SIGSTOP pid %d\n", msg, pid); 340 res = kill (pid, SIGSTOP); 341 if (res != 0) { 342 ERROR(errno, "%s SIGSTOP pid %d %ld\n", msg, pid, res); 343 return False; 344 } 345 346 return waitstopped (pid, SIGSTOP, msg); 347 348 } 349 350 /* Attaches to given pid, wait for the process to be stopped. 351 Returns True if successful, False otherwise. 352 msg is used in tracing and error reporting. */ 353 static 354 Bool attach (pid_t pid, const char *msg) 355 { 356 long res; 357 static Bool output_error = True; 358 static Bool initial_attach = True; 359 // For a ptrace_scope protected system, we do not want to output 360 // repetitively attach error. We will output once an error 361 // for the initial_attach. Once the 1st attach has succeeded, we 362 // again show all errors. 363 364 DEBUG(1, "%s PTRACE_ATTACH pid %d\n", msg, pid); 365 res = ptrace (PTRACE_ATTACH, pid, NULL, NULL); 366 if (res != 0) { 367 if (output_error || debuglevel > 0) { 368 ERROR(errno, "%s PTRACE_ATTACH pid %d %ld\n", msg, pid, res); 369 if (initial_attach) 370 output_error = False; 371 } 372 return False; 373 } 374 375 initial_attach = False; 376 output_error = True; 377 return waitstopped(pid, SIGSTOP, msg); 378 } 379 380 /* once we are attached to the pid, get the list of threads and stop 381 them all. 382 Returns True if all threads properly suspended, False otherwise. */ 383 static 384 Bool acquire_and_suspend_threads (pid_t pid) 385 { 386 int i; 387 int rw; 388 Bool pid_found = False; 389 Addr vgt; 390 int sz_tst; 391 int off_status; 392 int off_lwpid; 393 int nr_live_threads = 0; 394 395 if (shared32 != NULL) { 396 vgt = shared32->threads; 397 vg_n_threads = shared32->vg_n_threads; 398 sz_tst = shared32->sizeof_ThreadState; 399 off_status = shared32->offset_status; 400 off_lwpid = shared32->offset_lwpid; 401 } 402 else if (shared64 != NULL) { 403 vgt = shared64->threads; 404 vg_n_threads = shared64->vg_n_threads; 405 sz_tst = shared64->sizeof_ThreadState; 406 off_status = shared64->offset_status; 407 off_lwpid = shared64->offset_lwpid; 408 } else { 409 assert (0); 410 } 411 412 vgdb_threads = vmalloc(vg_n_threads * sizeof vgdb_threads[0]); 413 414 /* note: the entry 0 is unused */ 415 DEBUG(1, "examining thread entries from tid 1 to tid %d\n", vg_n_threads-1); 416 for (i = 1; i < vg_n_threads; i++) { 417 vgt += sz_tst; 418 rw = ptrace_read_memory(pid, vgt+off_status, 419 &(vgdb_threads[i].status), 420 sizeof(ThreadStatus)); 421 if (rw != 0) { 422 ERROR(rw, "status ptrace_read_memory\n"); 423 return False; 424 } 425 426 rw = ptrace_read_memory(pid, vgt+off_lwpid, 427 &(vgdb_threads[i].lwpid), 428 sizeof(Int)); 429 if (rw != 0) { 430 ERROR(rw, "lwpid ptrace_read_memory\n"); 431 return False; 432 } 433 434 if (vgdb_threads[i].status != VgTs_Empty) { 435 DEBUG(1, "found tid %d status %s lwpid %d\n", 436 i, name_of_ThreadStatus(vgdb_threads[i].status), 437 vgdb_threads[i].lwpid); 438 nr_live_threads++; 439 if (vgdb_threads[i].lwpid <= 1) { 440 if (vgdb_threads[i].lwpid == 0 441 && vgdb_threads[i].status == VgTs_Init) { 442 DEBUG(1, "not set lwpid tid %d status %s lwpid %d\n", 443 i, name_of_ThreadStatus(vgdb_threads[i].status), 444 vgdb_threads[i].lwpid); 445 } else { 446 ERROR(1, "unexpected lwpid tid %d status %s lwpid %d\n", 447 i, name_of_ThreadStatus(vgdb_threads[i].status), 448 vgdb_threads[i].lwpid); 449 } 450 /* in case we have a VtTs_Init thread with lwpid not yet set, 451 we try again later. */ 452 return False; 453 } 454 if (vgdb_threads[i].lwpid == pid) { 455 assert (!pid_found); 456 assert (i == 1); 457 pid_found = True; 458 } else { 459 if (!attach(vgdb_threads[i].lwpid, "attach_thread")) { 460 ERROR(0, "ERROR attach pid %d tid %d\n", 461 vgdb_threads[i].lwpid, i); 462 return False; 463 } 464 } 465 } 466 } 467 /* If we found no thread, it means the process is stopping, and 468 we better do not force anything to happen during that. */ 469 if (nr_live_threads > 0) 470 return True; 471 else 472 return False; 473 } 474 475 static 476 void detach_from_all_threads (pid_t pid) 477 { 478 int i; 479 long res; 480 Bool pid_found = False; 481 482 /* detach from all the threads */ 483 for (i = 1; i < vg_n_threads; i++) { 484 if (vgdb_threads[i].status != VgTs_Empty) { 485 if (vgdb_threads[i].status == VgTs_Init 486 && vgdb_threads[i].lwpid == 0) { 487 DEBUG(1, "skipping PTRACE_DETACH pid %d tid %d status %s\n", 488 vgdb_threads[i].lwpid, i, 489 name_of_ThreadStatus (vgdb_threads[i].status)); 490 } else { 491 if (vgdb_threads[i].lwpid == pid) { 492 assert (!pid_found); 493 pid_found = True; 494 } 495 DEBUG(1, "PTRACE_DETACH pid %d tid %d status %s\n", 496 vgdb_threads[i].lwpid, i, 497 name_of_ThreadStatus (vgdb_threads[i].status)); 498 res = ptrace (PTRACE_DETACH, vgdb_threads[i].lwpid, NULL, NULL); 499 if (res != 0) { 500 ERROR(errno, "PTRACE_DETACH pid %d tid %d status %s res %ld\n", 501 vgdb_threads[i].lwpid, i, 502 name_of_ThreadStatus (vgdb_threads[i].status), 503 res); 504 } 505 } 506 } 507 } 508 509 free (vgdb_threads); 510 511 if (!pid_found && pid) { 512 /* No threads are live. Process is busy stopping. 513 We need to detach from pid explicitly. */ 514 DEBUG(1, "no thread live => PTRACE_DETACH pid %d\n", pid); 515 res = ptrace (PTRACE_DETACH, pid, NULL, NULL); 516 if (res != 0) 517 ERROR(errno, "PTRACE_DETACH pid %d res %ld\n", pid, res); 518 } 519 } 520 521 # if defined(VGA_arm64) 522 /* arm64 is extra special, old glibc defined kernel user_pt_regs, but 523 newer glibc instead define user_regs_struct. */ 524 # ifdef HAVE_SYS_USER_REGS 525 static struct user_regs_struct user_save; 526 # else 527 static struct user_pt_regs user_save; 528 # endif 529 # else 530 static struct user user_save; 531 # endif 532 // The below indicates if ptrace_getregs (and ptrace_setregs) can be used. 533 // Note that some linux versions are defining PTRACE_GETREGS but using 534 // it gives back EIO. 535 // has_working_ptrace_getregs can take the following values: 536 // -1 : PTRACE_GETREGS is defined 537 // runtime check not yet done. 538 // 0 : PTRACE_GETREGS runtime check has failed. 539 // 1 : PTRACE_GETREGS defined and runtime check ok. 540 #ifdef HAVE_PTRACE_GETREGS 541 static int has_working_ptrace_getregs = -1; 542 #endif 543 // Similar but for PTRACE_GETREGSET 544 #ifdef HAVE_PTRACE_GETREGSET 545 static int has_working_ptrace_getregset = -1; 546 #endif 547 548 /* Get the registers from pid into regs. 549 regs_bsz value gives the length of *regs. 550 Returns True if all ok, otherwise False. */ 551 static 552 Bool getregs (pid_t pid, void *regs, long regs_bsz) 553 { 554 DEBUG(1, "getregs regs_bsz %ld\n", regs_bsz); 555 # ifdef HAVE_PTRACE_GETREGSET 556 # ifndef USE_PTRACE_GETREGSET 557 if (has_working_ptrace_getregset) 558 DEBUG(1, "PTRACE_GETREGSET defined, not used (yet?) by vgdb\n"); 559 has_working_ptrace_getregset = 0; 560 # endif 561 if (has_working_ptrace_getregset) { 562 // Platforms having GETREGSET 563 long res; 564 elf_gregset_t elf_regs; 565 struct iovec iovec; 566 567 DEBUG(1, "getregs PTRACE_GETREGSET sizeof(elf_regs) %zu\n", 568 sizeof(elf_regs)); 569 iovec.iov_base = regs; 570 iovec.iov_len = sizeof(elf_regs); 571 572 res = ptrace (PTRACE_GETREGSET, pid, NT_PRSTATUS, &iovec); 573 if (res == 0) { 574 if (has_working_ptrace_getregset == -1) { 575 // First call to PTRACE_GETREGSET successful => 576 has_working_ptrace_getregset = 1; 577 DEBUG(1, "detected a working PTRACE_GETREGSET\n"); 578 } 579 assert (has_working_ptrace_getregset == 1); 580 return True; 581 } 582 else if (has_working_ptrace_getregset == 1) { 583 // We had a working call, but now it fails. 584 // This is unexpected. 585 ERROR(errno, "PTRACE_GETREGSET %ld\n", res); 586 return False; 587 } else { 588 // Check this is the first call: 589 assert (has_working_ptrace_getregset == -1); 590 if (errno == EIO) { 591 DEBUG(1, "detected a broken PTRACE_GETREGSET with EIO\n"); 592 has_working_ptrace_getregset = 0; 593 // Fall over to the PTRACE_GETREGS or PTRACE_PEEKUSER case. 594 } else { 595 ERROR(errno, "broken PTRACE_GETREGSET unexpected errno %ld\n", res); 596 return False; 597 } 598 } 599 } 600 # endif 601 602 # ifdef HAVE_PTRACE_GETREGS 603 if (has_working_ptrace_getregs) { 604 // Platforms having GETREGS 605 long res; 606 DEBUG(1, "getregs PTRACE_GETREGS\n"); 607 res = ptrace (PTRACE_GETREGS, pid, NULL, regs); 608 if (res == 0) { 609 if (has_working_ptrace_getregs == -1) { 610 // First call to PTRACE_GETREGS successful => 611 has_working_ptrace_getregs = 1; 612 DEBUG(1, "detected a working PTRACE_GETREGS\n"); 613 } 614 assert (has_working_ptrace_getregs == 1); 615 return True; 616 } 617 else if (has_working_ptrace_getregs == 1) { 618 // We had a working call, but now it fails. 619 // This is unexpected. 620 ERROR(errno, "PTRACE_GETREGS %ld\n", res); 621 return False; 622 } else { 623 // Check this is the first call: 624 assert (has_working_ptrace_getregs == -1); 625 if (errno == EIO) { 626 DEBUG(1, "detected a broken PTRACE_GETREGS with EIO\n"); 627 has_working_ptrace_getregs = 0; 628 // Fall over to the PTRACE_PEEKUSER case. 629 } else { 630 ERROR(errno, "broken PTRACE_GETREGS unexpected errno %ld\n", res); 631 return False; 632 } 633 } 634 } 635 # endif 636 637 // We assume PTRACE_PEEKUSER is defined everywhere. 638 { 639 # ifdef PT_ENDREGS 640 long peek_bsz = PT_ENDREGS; 641 assert (peek_bsz <= regs_bsz); 642 # else 643 long peek_bsz = regs_bsz-1; 644 # endif 645 char *pregs = (char *) regs; 646 long offset; 647 errno = 0; 648 DEBUG(1, "getregs PTRACE_PEEKUSER(s) peek_bsz %ld\n", peek_bsz); 649 for (offset = 0; offset < peek_bsz; offset = offset + sizeof(long)) { 650 *(long *)(pregs+offset) = ptrace(PTRACE_PEEKUSER, pid, offset, NULL); 651 if (errno != 0) { 652 ERROR(errno, "PTRACE_PEEKUSER offset %ld\n", offset); 653 return False; 654 } 655 } 656 return True; 657 } 658 659 // If neither of PTRACE_GETREGSET PTRACE_GETREGS PTRACE_PEEKUSER have 660 // returned, then we are in serious trouble. 661 assert (0); 662 } 663 664 /* Set the registers of pid to regs. 665 regs_bsz value gives the length of *regs. 666 Returns True if all ok, otherwise False. */ 667 static 668 Bool setregs (pid_t pid, void *regs, long regs_bsz) 669 { 670 DEBUG(1, "setregs regs_bsz %ld\n", regs_bsz); 671 672 // Note : the below is checking for GETREGSET, not SETREGSET 673 // as if one is defined and working, the other one should also work. 674 # ifdef HAVE_PTRACE_GETREGSET 675 if (has_working_ptrace_getregset) { 676 // Platforms having SETREGSET 677 long res; 678 elf_gregset_t elf_regs; 679 struct iovec iovec; 680 681 // setregset can never be called before getregset has done a runtime check. 682 assert (has_working_ptrace_getregset == 1); 683 DEBUG(1, "setregs PTRACE_SETREGSET sizeof(elf_regs) %zu\n", 684 sizeof(elf_regs)); 685 iovec.iov_base = regs; 686 iovec.iov_len = sizeof(elf_regs); 687 res = ptrace (PTRACE_SETREGSET, pid, NT_PRSTATUS, &iovec); 688 if (res != 0) { 689 ERROR(errno, "PTRACE_SETREGSET %ld\n", res); 690 return False; 691 } 692 return True; 693 } 694 # endif 695 696 // Note : the below is checking for GETREGS, not SETREGS 697 // as if one is defined and working, the other one should also work. 698 # ifdef HAVE_PTRACE_GETREGS 699 if (has_working_ptrace_getregs) { 700 // Platforms having SETREGS 701 long res; 702 // setregs can never be called before getregs has done a runtime check. 703 assert (has_working_ptrace_getregs == 1); 704 DEBUG(1, "setregs PTRACE_SETREGS\n"); 705 res = ptrace (PTRACE_SETREGS, pid, NULL, regs); 706 if (res != 0) { 707 ERROR(errno, "PTRACE_SETREGS %ld\n", res); 708 return False; 709 } 710 return True; 711 } 712 # endif 713 714 { 715 char *pregs = (char *) regs; 716 long offset; 717 long res; 718 # ifdef PT_ENDREGS 719 long peek_bsz = PT_ENDREGS; 720 assert (peek_bsz <= regs_bsz); 721 # else 722 long peek_bsz = regs_bsz-1; 723 # endif 724 errno = 0; 725 DEBUG(1, "setregs PTRACE_POKEUSER(s) %ld\n", peek_bsz); 726 for (offset = 0; offset < peek_bsz; offset = offset + sizeof(long)) { 727 res = ptrace(PTRACE_POKEUSER, pid, offset, *(long*)(pregs+offset)); 728 if (errno != 0) { 729 ERROR(errno, "PTRACE_POKEUSER offset %ld res %ld\n", offset, res); 730 return False; 731 } 732 } 733 return True; 734 } 735 736 // If neither PTRACE_SETREGS not PTRACE_POKEUSER have returned, 737 // then we are in serious trouble. 738 assert (0); 739 } 740 741 /* Restore the registers to the saved value, then detaches from all threads */ 742 static 743 void restore_and_detach (pid_t pid) 744 { 745 int res; 746 747 DEBUG(1, "restore_and_detach pid %d pid_of_save_regs %d\n", 748 pid, pid_of_save_regs); 749 750 if (pid_of_save_regs) { 751 /* In case the 'main pid' has been continued, we need to stop it 752 before resetting the registers. */ 753 if (pid_of_save_regs_continued) { 754 pid_of_save_regs_continued = False; 755 if (!stop(pid_of_save_regs, "sigstop before reset regs")) 756 DEBUG(0, "Could not sigstop before reset"); 757 } 758 759 DEBUG(1, "setregs restore registers pid %d\n", pid_of_save_regs); 760 if (!setregs(pid_of_save_regs, &user_save.regs, sizeof(user_save.regs))) { 761 ERROR(errno, "setregs restore registers pid %d after cont\n", 762 pid_of_save_regs); 763 } 764 765 /* Now, we transmit all the signals we have queued. */ 766 if (signal_queue_sz > 0) { 767 int i; 768 for (i = 0; i < signal_queue_sz; i++) { 769 DEBUG(1, "PTRACE_CONT to transmit queued signal %d\n", 770 signal_queue[i].si_signo); 771 res = ptrace (PTRACE_CONT, pid_of_save_regs, NULL, 772 signal_queue[i].si_signo); 773 if (res != 0) 774 ERROR(errno, "PTRACE_CONT with signal %d\n", 775 signal_queue[i].si_signo); 776 if (!stop(pid_of_save_regs, "sigstop after transmit sig")) 777 DEBUG(0, "Could not sigstop after transmit sig"); 778 } 779 free (signal_queue); 780 signal_queue = NULL; 781 signal_queue_sz = 0; 782 } 783 pid_of_save_regs = 0; 784 } else { 785 DEBUG(1, "PTRACE_SETREGS restore registers: no pid\n"); 786 } 787 if (signal_queue) 788 ERROR (0, "One or more signals queued were not delivered. " 789 "First signal: %d\n", signal_queue[0].si_signo); 790 detach_from_all_threads(pid); 791 } 792 793 Bool invoker_invoke_gdbserver (pid_t pid) 794 { 795 long res; 796 Bool stopped; 797 # if defined(VGA_arm64) 798 /* arm64 is extra special, old glibc defined kernel user_pt_regs, but 799 newer glibc instead define user_regs_struct. */ 800 # ifdef HAVE_SYS_USER_REGS 801 struct user_regs_struct user_mod; 802 # else 803 struct user_pt_regs user_mod; 804 # endif 805 # else 806 struct user user_mod; 807 # endif 808 Addr sp __attribute__((unused)); // Not used on all platforms. 809 810 /* A specific int value is passed to invoke_gdbserver, to check 811 everything goes according to the plan. */ 812 const int check = 0x8BADF00D; // ate bad food. 813 814 const Addr bad_return = 0; 815 // A bad return address will be pushed on the stack. 816 // The function invoke_gdbserver cannot return. If ever it returns, a NULL 817 // address pushed on the stack should ensure this is detected. 818 819 /* Not yet attached. If problem, vgdb can abort, 820 no cleanup needed. */ 821 822 DEBUG(1, "attach to 'main' pid %d\n", pid); 823 if (!attach(pid, "attach main pid")) { 824 ERROR(0, "error attach main pid %d\n", pid); 825 return False; 826 } 827 828 /* Now, we are attached. If problem, detach and return. */ 829 830 if (!acquire_and_suspend_threads(pid)) { 831 detach_from_all_threads(pid); 832 /* if the pid does not exist anymore, we better stop */ 833 if (kill(pid, 0) != 0) 834 XERROR (errno, "invoke_gdbserver: check for pid %d existence failed\n", 835 pid); 836 return False; 837 } 838 839 if (!getregs(pid, &user_mod.regs, sizeof(user_mod.regs))) { 840 detach_from_all_threads(pid); 841 return False; 842 } 843 user_save = user_mod; 844 845 #if defined(VGA_x86) 846 sp = user_mod.regs.esp; 847 #elif defined(VGA_amd64) 848 sp = user_mod.regs.rsp; 849 if (shared32 != NULL) { 850 /* 64bit vgdb speaking with a 32bit executable. 851 To have system call restart properly, we need to sign extend rax. 852 For more info: 853 web search '[patch] Fix syscall restarts for amd64->i386 biarch' 854 e.g. http://sourceware.org/ml/gdb-patches/2009-11/msg00592.html */ 855 *(long *)&user_save.regs.rax = *(int*)&user_save.regs.rax; 856 DEBUG(1, "Sign extending %8.8lx to %8.8lx\n", 857 user_mod.regs.rax, user_save.regs.rax); 858 } 859 #elif defined(VGA_arm) 860 sp = user_mod.regs.uregs[13]; 861 #elif defined(VGA_arm64) 862 sp = user_mod.sp; 863 #elif defined(VGA_ppc32) 864 sp = user_mod.regs.gpr[1]; 865 #elif defined(VGA_ppc64be) || defined(VGA_ppc64le) 866 sp = user_mod.regs.gpr[1]; 867 #elif defined(VGA_s390x) 868 sp = user_mod.regs.gprs[15]; 869 #elif defined(VGA_mips32) 870 long long *p = (long long *)user_mod.regs; 871 sp = p[29]; 872 #elif defined(VGA_mips64) 873 sp = user_mod.regs[29]; 874 #else 875 I_die_here : (sp) architecture missing in vgdb-invoker-ptrace.c 876 #endif 877 878 879 // the magic below is derived from spying what gdb sends to 880 // the (classical) gdbserver when invoking a C function. 881 if (shared32 != NULL) { 882 // vgdb speaking with a 32bit executable. 883 #if defined(VGA_x86) || defined(VGA_amd64) 884 const int regsize = 4; 885 int rw; 886 /* push check arg on the stack */ 887 sp = sp - regsize; 888 DEBUG(1, "push check arg ptrace_write_memory\n"); 889 assert(regsize == sizeof(check)); 890 rw = ptrace_write_memory(pid, sp, 891 &check, 892 regsize); 893 if (rw != 0) { 894 ERROR(rw, "push check arg ptrace_write_memory"); 895 detach_from_all_threads(pid); 896 return False; 897 } 898 899 sp = sp - regsize; 900 DEBUG(1, "push bad_return return address ptrace_write_memory\n"); 901 // Note that for a 64 bits vgdb, only 4 bytes of NULL bad_return 902 // are written. 903 rw = ptrace_write_memory(pid, sp, 904 &bad_return, 905 regsize); 906 if (rw != 0) { 907 ERROR(rw, "push bad_return return address ptrace_write_memory"); 908 detach_from_all_threads(pid); 909 return False; 910 } 911 #if defined(VGA_x86) 912 /* set ebp, esp, eip and orig_eax to invoke gdbserver */ 913 // compiled in 32bits, speaking with a 32bits exe 914 user_mod.regs.ebp = sp; // bp set to sp 915 user_mod.regs.esp = sp; 916 user_mod.regs.eip = shared32->invoke_gdbserver; 917 user_mod.regs.orig_eax = -1L; 918 #elif defined(VGA_amd64) 919 /* set ebp, esp, eip and orig_eax to invoke gdbserver */ 920 // compiled in 64bits, speaking with a 32bits exe 921 user_mod.regs.rbp = sp; // bp set to sp 922 user_mod.regs.rsp = sp; 923 user_mod.regs.rip = shared32->invoke_gdbserver; 924 user_mod.regs.orig_rax = -1L; 925 #else 926 I_die_here : not x86 or amd64 in x86/amd64 section/ 927 #endif 928 929 #elif defined(VGA_ppc32) || defined(VGA_ppc64be) || defined(VGA_ppc64le) 930 user_mod.regs.nip = shared32->invoke_gdbserver; 931 user_mod.regs.trap = -1L; 932 /* put check arg in register 3 */ 933 user_mod.regs.gpr[3] = check; 934 /* put NULL return address in Link Register */ 935 user_mod.regs.link = bad_return; 936 937 #elif defined(VGA_arm) 938 /* put check arg in register 0 */ 939 user_mod.regs.uregs[0] = check; 940 /* put NULL return address in Link Register */ 941 user_mod.regs.uregs[14] = bad_return; 942 user_mod.regs.uregs[15] = shared32->invoke_gdbserver; 943 944 #elif defined(VGA_arm64) 945 XERROR(0, "TBD arm64: vgdb a 32 bits executable with a 64 bits exe"); 946 947 #elif defined(VGA_s390x) 948 XERROR(0, "(fn32) s390x has no 32bits implementation"); 949 #elif defined(VGA_mips32) 950 /* put check arg in register 4 */ 951 p[4] = check; 952 /* put NULL return address in ra */ 953 p[31] = bad_return; 954 p[34] = shared32->invoke_gdbserver; 955 p[25] = shared32->invoke_gdbserver; 956 /* make stack space for args */ 957 p[29] = sp - 32; 958 959 #elif defined(VGA_mips64) 960 assert(0); // cannot vgdb a 32 bits executable with a 64 bits exe 961 #else 962 I_die_here : architecture missing in vgdb-invoker-ptrace.c 963 #endif 964 } 965 966 else if (shared64 != NULL) { 967 #if defined(VGA_x86) 968 assert(0); // cannot vgdb a 64 bits executable with a 32 bits exe 969 #elif defined(VGA_amd64) 970 // vgdb speaking with a 64 bit executable. 971 const int regsize = 8; 972 int rw; 973 974 /* give check arg in rdi */ 975 user_mod.regs.rdi = check; 976 977 /* push return address on stack : return to breakaddr */ 978 sp = sp - regsize; 979 DEBUG(1, "push bad_return return address ptrace_write_memory\n"); 980 rw = ptrace_write_memory(pid, sp, 981 &bad_return, 982 sizeof(bad_return)); 983 if (rw != 0) { 984 ERROR(rw, "push bad_return return address ptrace_write_memory"); 985 detach_from_all_threads(pid); 986 return False; 987 } 988 989 /* set rbp, rsp, rip and orig_rax to invoke gdbserver */ 990 user_mod.regs.rbp = sp; // bp set to sp 991 user_mod.regs.rsp = sp; 992 user_mod.regs.rip = shared64->invoke_gdbserver; 993 user_mod.regs.orig_rax = -1L; 994 995 #elif defined(VGA_arm) 996 assert(0); // cannot vgdb a 64 bits executable with a 32 bits exe 997 #elif defined(VGA_arm64) 998 user_mod.regs[0] = check; 999 user_mod.sp = sp; 1000 user_mod.pc = shared64->invoke_gdbserver; 1001 /* put NULL return address in Link Register */ 1002 user_mod.regs[30] = bad_return; 1003 1004 #elif defined(VGA_ppc32) 1005 assert(0); // cannot vgdb a 64 bits executable with a 32 bits exe 1006 #elif defined(VGA_ppc64be) 1007 Addr func_addr; 1008 Addr toc_addr; 1009 int rw; 1010 rw = ptrace_read_memory(pid, shared64->invoke_gdbserver, 1011 &func_addr, 1012 sizeof(Addr)); 1013 if (rw != 0) { 1014 ERROR(rw, "ppc64 read func_addr\n"); 1015 detach_from_all_threads(pid); 1016 return False; 1017 } 1018 rw = ptrace_read_memory(pid, shared64->invoke_gdbserver+8, 1019 &toc_addr, 1020 sizeof(Addr)); 1021 if (rw != 0) { 1022 ERROR(rw, "ppc64 read toc_addr\n"); 1023 detach_from_all_threads(pid); 1024 return False; 1025 } 1026 // We are not pushing anything on the stack, so it is not 1027 // very clear why the sp has to be decreased, but it seems 1028 // needed. The ppc64 ABI might give some lights on this ? 1029 user_mod.regs.gpr[1] = sp - 220; 1030 user_mod.regs.gpr[2] = toc_addr; 1031 user_mod.regs.nip = func_addr; 1032 user_mod.regs.trap = -1L; 1033 /* put check arg in register 3 */ 1034 user_mod.regs.gpr[3] = check; 1035 /* put bad_return return address in Link Register */ 1036 user_mod.regs.link = bad_return; 1037 #elif defined(VGA_ppc64le) 1038 /* LE does not use the function pointer structure used in BE */ 1039 user_mod.regs.nip = shared64->invoke_gdbserver; 1040 user_mod.regs.gpr[1] = sp - 512; 1041 user_mod.regs.gpr[12] = user_mod.regs.nip; 1042 user_mod.regs.trap = -1L; 1043 /* put check arg in register 3 */ 1044 user_mod.regs.gpr[3] = check; 1045 /* put bad_return return address in Link Register */ 1046 user_mod.regs.link = bad_return; 1047 #elif defined(VGA_s390x) 1048 /* put check arg in register r2 */ 1049 user_mod.regs.gprs[2] = check; 1050 /* bad_return Return address is in r14 */ 1051 user_mod.regs.gprs[14] = bad_return; 1052 /* minimum stack frame */ 1053 sp = sp - 160; 1054 user_mod.regs.gprs[15] = sp; 1055 /* set program counter */ 1056 user_mod.regs.psw.addr = shared64->invoke_gdbserver; 1057 #elif defined(VGA_mips32) 1058 assert(0); // cannot vgdb a 64 bits executable with a 32 bits exe 1059 #elif defined(VGA_mips64) 1060 /* put check arg in register 4 */ 1061 user_mod.regs[4] = check; 1062 /* put NULL return address in ra */ 1063 user_mod.regs[31] = bad_return; 1064 user_mod.regs[34] = shared64->invoke_gdbserver; 1065 user_mod.regs[25] = shared64->invoke_gdbserver; 1066 #else 1067 I_die_here: architecture missing in vgdb-invoker-ptrace.c 1068 #endif 1069 } 1070 else { 1071 assert(0); 1072 } 1073 1074 if (!setregs(pid, &user_mod.regs, sizeof(user_mod.regs))) { 1075 detach_from_all_threads(pid); 1076 return False; 1077 } 1078 /* Now that we have modified the registers, we set 1079 pid_of_save_regs to indicate that restore_and_detach 1080 must restore the registers in case of cleanup. */ 1081 pid_of_save_regs = pid; 1082 pid_of_save_regs_continued = False; 1083 1084 1085 /* We PTRACE_CONT-inue pid. 1086 Either gdbserver will be invoked directly (if all 1087 threads are interruptible) or gdbserver will be 1088 called soon by the scheduler. In the first case, 1089 pid will stop on the break inserted above when 1090 gdbserver returns. In the 2nd case, the break will 1091 be encountered directly. */ 1092 DEBUG(1, "PTRACE_CONT to invoke\n"); 1093 res = ptrace (PTRACE_CONT, pid, NULL, NULL); 1094 if (res != 0) { 1095 ERROR(errno, "PTRACE_CONT\n"); 1096 restore_and_detach(pid); 1097 return False; 1098 } 1099 pid_of_save_regs_continued = True; 1100 /* Wait for SIGSTOP generated by m_gdbserver.c give_control_back_to_vgdb */ 1101 stopped = waitstopped (pid, SIGSTOP, 1102 "waitpid status after PTRACE_CONT to invoke"); 1103 if (stopped) { 1104 /* Here pid has properly stopped on the break. */ 1105 pid_of_save_regs_continued = False; 1106 restore_and_detach(pid); 1107 return True; 1108 } else { 1109 /* Whatever kind of problem happened. We shutdown. */ 1110 shutting_down = True; 1111 return False; 1112 } 1113 } 1114 1115 void invoker_cleanup_restore_and_detach(void *v_pid) 1116 { 1117 DEBUG(1, "invoker_cleanup_restore_and_detach dying: %d\n", dying); 1118 if (!dying) 1119 restore_and_detach(*(int*)v_pid); 1120 } 1121 1122 void invoker_restrictions_msg(void) 1123 { 1124 } 1125 1126 void invoker_valgrind_dying(void) 1127 { 1128 /* Avoid messing up with registers of valgrind when it is dying. */ 1129 pid_of_save_regs_continued = False; 1130 dying = True; 1131 } 1132
