| blob | e0238bd07230805f40929c22da5d88fe1ded7373 |
2 /*--------------------------------------------------------------------*/
3 /*--- Handle remote gdb protocol. m_gdbserver.c ---*/
4 /*--------------------------------------------------------------------*/
6 /*
7 This file is part of Valgrind, a dynamic binary instrumentation
8 framework.
10 Copyright (C) 2011-2017 Philippe Waroquiers
12 This program is free software; you can redistribute it and/or
13 modify it under the terms of the GNU General Public License as
14 published by the Free Software Foundation; either version 2 of the
15 License, or (at your option) any later version.
17 This program is distributed in the hope that it will be useful, but
18 WITHOUT ANY WARRANTY; without even the implied warranty of
19 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
20 General Public License for more details.
22 You should have received a copy of the GNU General Public License
23 along with this program; if not, see <http://www.gnu.org/licenses/>.
25 The GNU General Public License is contained in the file COPYING.
26 */
51 /* forward declarations */
58 /* reasons of call to call_gdbserver. */
59 typedef
68 CallReason;
71 {
81 }
82 }
84 /* An instruction instrumented for gdbserver looks like this:
85 1. Ist_Mark (0x1234)
86 2. Put (IP, 0x1234)
87 3. helperc_CallDebugger (0x1234)
88 This will give control to gdb if there is a break at 0x1234
89 or if we are single stepping
90 4. ... here the real IR for the instruction at 0x1234
92 When there is a break at 0x1234:
93 if user does "continue" or "step" or similar,
94 then - the call to debugger returns
95 - valgrind executes at 3. the real IR(s) for 0x1234
97 if as part of helperc_CallDebugger, the user calls
98 some code in gdb e.g print hello_world()
99 then - gdb prepares a dummy stack frame with a specific
100 return address (typically it uses _start) and
101 inserts a break at this address
102 - gdb then puts in EIP the address of hello_world()
103 - gdb then continues (so the helperc_CallDebugger
104 returns)
105 - call_gdbserver() function will then return the
106 control to the scheduler (using VG_MINIMAL_LONGJMP)
107 to allow the block of the new EIP
108 to be executed.
109 - hello_world code is executed.
110 - when hello_world() returns, it returns to
111 _start and encounters the break at _start.
112 - gdb then removes this break, put 0x1234 in EIP
113 and does a "step". This causes to jump from
114 _start to 0x1234, where the call to
115 helperc_CallDebugger is redone.
116 - This is all ok, the user can then give new gdb
117 commands.
119 However, when continue is given, address 0x1234 is to
120 be executed: gdb gives a single step, which must not
121 report again the break at 0x1234. To avoid a 2nd report
122 of the same break, the below tells that the next
123 helperc_CallDebugger call must ignore a break/stop at
124 this address.
125 */
131 /* Describes the address addr (for debugging/printing purposes).
132 Last two results are kept. A third call will replace the
133 oldest result. */
135 {
138 PtrdiffT offset;
141 // sym is used for debugging/tracing, so cur_ep is a reasonable choice.
154 }
156 }
158 /* Each time gdbserver is called, gdbserver_called is incremented
159 gdbserver_exited is incremented when gdbserver is asked to exit */
163 /* alloc and free functions for xarray and similar. */
165 {
167 }
169 {
171 }
173 typedef
175 GS_break,
176 GS_jump
177 }
178 GS_Kind;
180 typedef
183 Addr addr;
184 GS_Kind kind;
185 }
186 GS_Address;
188 /* gs_addresses contains a list of all addresses that have been invalidated
189 because they have been (or must be) instrumented for gdbserver.
190 An entry is added in this table when there is a break at this
191 address (kind == GS_break) or if this address is the jump target of an
192 exit of a block that has been instrumented for gdbserver while
193 single stepping (kind == GS_jump).
194 When gdbserver is not single stepping anymore, all GS_jump entries
195 are removed, their translations are invalidated.
197 Note for ARM: addr in GS_Address is the value without the thumb bit set.
198 */
201 // Transform addr in the form stored in the list of addresses.
202 // For the ARM architecture, we store it with the thumb bit set to 0.
204 {
205 #if defined(VGA_arm)
207 #else
209 #endif
210 }
213 {
220 /* It should be sufficient to discard a range of 1.
221 We use 2 to ensure the below is not sensitive to the presence
222 of thumb bit in the range of addresses to discard.
223 No need to discard translations for Vg_VgdbFull as all
224 instructions are in any case vgdb-instrumented. */
227 }
230 {
232 // See add_gs_address for the explanation for condition and the range 2 below.
236 }
239 {
247 }
248 }
250 typedef
252 Addr addr;
253 SizeT len;
254 PointKind kind;
255 }
256 GS_Watch;
258 /* gs_watches contains a list of all addresses+len+kind that are being
259 watched. */
263 {
265 }
267 /* Returns the GS_Watch matching addr/len/kind and sets *g_ix to its
268 position in gs_watches.
269 If no matching GS_Watch is found, returns NULL and sets g_ix to -1. */
272 {
274 Word i;
277 /* Linear search. If we have many watches, this might be optimised
278 by having the array sorted and using VG_(lookupXA) */
282 // Found.
285 }
286 }
288 // Not found.
291 }
294 /* protocol spec tells the below must be idempotent. */
296 {
301 /* insert a breakpoint at addr or upgrade its kind */
305 /* already gdbserved. Normally, it must be because of a jump.
306 However, due to idempotent or if connection with gdb was
307 lost (kept breaks from the previous gdb), if already existing,
308 we just upgrade its kind. */
310 }
312 /* delete a breakpoint at addr or downgrade its kind */
315 /* keep gdbserved instrumentation while single stepping */
319 }
325 }
326 }
327 }
330 Bool insert,
331 Addr addr,
334 Bool insert,
335 Addr addr,
336 SizeT len))
337 {
339 }
343 {
344 Bool res;
346 Word g_ix;
358 }
371 // Protocol says insert/remove must be idempotent.
372 // So, we just ignore double insert or (supposed) double delete.
386 }
395 }
396 }
398 }
401 {
407 }
410 {
411 Word n_elems;
413 Word i;
440 /* If no overlap, examine next watchpoint: */
445 /* call gdbserver if access kind reported by the tool
446 matches the watchpoint kind. */
450 /* Watchpoint encountered.
451 If this is a read watchpoint, we directly call gdbserver
452 to report it to gdb.
453 Otherwise, for a write watchpoint, we have to finish
454 the instruction so as to modify the value.
455 If we do not finish the instruction, then gdb sees no
456 value change and continues.
457 For a read watchpoint, we better call gdbserver directly:
458 in case the current block is not gdbserved, Valgrind
459 will execute instructions till the next block. */
461 /* set the watchpoint stop address to the first read or written. */
466 }
469 /* Let Valgrind stop as early as possible after this instruction
470 by switching to Single Stepping mode. */
476 }
478 }
482 }
483 }
485 }
487 /* Returns the reason for which gdbserver instrumentation is needed */
489 {
499 }
504 /* We assume we do not have a huge nr of breakpoints.
505 Otherwise, we need something more efficient e.g.
506 a sorted list of breakpoints or associate extents to it or ...
507 */
518 }
519 }
520 }
526 }
530 }
532 // Clear gdbserved_addresses in gs_addresses.
533 // If clear_only_jumps, clears only the addresses that are served
534 // for jump reasons.
535 // Otherwise, clear all the addresses.
536 // Cleared addresses are invalidated so as to have them re-translated.
538 {
540 UInt n_elems;
551 }
553 // Clear watched addressed in gs_watches, delete gs_watches.
555 {
558 Word i;
562 n_elems);
571 }
572 }
576 }
579 {
583 }
586 {
588 }
591 {
593 }
596 {
598 }
601 {
602 // Using VG_(clo_vgdb_error) allows the user to control if gdbserver
603 // stops after a fork.
606 /* The below call allows gdb to attach at startup
607 before the first guest instruction is executed. */
611 /* User has activated gdbserver => initialize now the FIFOs
612 to let vgdb/gdb contact us either via the scheduler poll
613 mechanism or via vgdb ptrace-ing valgrind. */
616 }
617 }
619 /* when fork is done, various cleanup is needed in the child process.
620 In particular, child must have its own connection to avoid stealing
621 data from its parent */
623 {
627 /* finish connection inheritated from parent */
630 /* ensure next call to gdbserver will be considered as a brand
631 new call that will initialize a fresh gdbserver. */
643 }
649 /* After fork, if we do not trace the children, disable vgdb
650 poll to avoid gdbserver being called unexpectedly. */
652 }
653 }
655 /* If reason is init_reason, creates the connection resources (e.g.
656 the FIFOs) to allow a gdb connection to be detected by polling
657 using remote_desc_activity.
658 Otherwise (other reasons):
659 If connection with gdb not yet opened, opens the connection with gdb.
660 reads gdb remote protocol packets and executes the requested commands.
661 */
663 {
666 Addr saved_pc;
669 "entering call_gdbserver %s ... pid %d tid %u status %s "
675 /* If we are about to die, then just run server_main() once to get
676 the resume reply out and return immediately because most of the state
677 of this tid and process is about to be torn down. */
681 }
688 gdbserver_exited);
690 }
698 gs_free,
701 }
705 gdbserver_called++;
707 /* call gdbserver_init if this is the first call to gdbserver. */
714 /* if the call reason is to initialize, then return control to
715 valgrind. After this initialization, gdbserver will be called
716 again either if there is an error detected by valgrind or
717 if vgdb sends data to the valgrind process. */
720 }
733 /* we are single stepping. If we were not stepping on entry,
734 then invalidate the current program counter so as to properly
735 do single step. In case the program counter was changed by
736 gdb, this will also invalidate the target address we will
737 jump to. */
740 }
742 /* We are not single stepping. If we were stepping on entry,
743 then clear the gdbserved addresses. This will cause all
744 these gdbserved blocks to be invalidated so that they can be
745 re-translated without being gdbserved. */
748 }
750 /* can't do sanity check at beginning. At least the stack
751 check is not yet possible. */
755 /* If the PC has been changed by gdb, then we VG_MINIMAL_LONGJMP to
756 the scheduler to execute the block of the new PC.
757 Otherwise we just return to continue executing the
758 current block. */
765 SysRes sres;
768 }
770 /* resume scheduler */
772 }
773 /* else continue to run */
774 }
775 /* continue to run */
776 }
778 /* busy > 0 when gdbserver is currently being called.
779 busy is used to avoid vgdb invoking gdbserver
780 while gdbserver by Valgrind. */
784 {
785 busy++;
786 /* called by the rest of valgrind for
787 --vgdb-error=0 reason
788 or by scheduler "poll/debug/interrupt" reason
789 or to terminate. */
797 gdbserver_exited);
800 gdbserver_exited++;
801 }
802 }
803 busy--;
804 }
806 // nr of invoke_gdbserver while gdbserver is already executing.
809 // nr of invoke_gdbserver while gdbserver is not executing.
812 // nr of invoke_gdbserver when some threads are not interruptible.
815 /* When all threads are blocked in a system call, the Valgrind
816 scheduler cannot poll the shared memory for gdbserver activity. In
817 such a case, vgdb will force the invocation of gdbserver using
818 ptrace. To do that, vgdb 'pushes' a call to invoke_gdbserver
819 on the stack using ptrace. invoke_gdbserver must not return.
820 Instead, it must call give_control_back_to_vgdb.
821 vgdb expects to receive a SIGSTOP, which this function generates.
822 When vgdb gets this SIGSTOP, it knows invoke_gdbserver call
823 is finished and can reset the Valgrind process in the state prior to
824 the 'pushed call' (using ptrace again).
825 This all works well. However, the user must avoid
826 'kill-9ing' vgdb during such a pushed call, otherwise
827 the SIGSTOP generated below will be seen by the Valgrind core,
828 instead of being handled by vgdb. The OS will then handle the SIGSTOP
829 by stopping the Valgrind process.
830 We use SIGSTOP as this process cannot be masked. */
833 {
834 #if !defined(VGO_solaris)
835 /* cause a SIGSTOP to be sent to ourself, so that vgdb takes control.
836 vgdb will then restore the stack so as to resume the activity
837 before the ptrace (typically do_syscall_WRK). */
841 /* If we arrive here, it means a call was pushed on the stack
842 by vgdb, but during this call, vgdb and/or connection
843 died. Alternatively, it is a bug in the vgdb<=>Valgrind gdbserver
844 ptrace handling. */
850 /* On Solaris, this code is run within the context of an agent thread
851 (see vgdb-invoker-solaris.c and "PCAGENT" control message in
852 proc(4)). Exit the agent thread now.
853 */
858 }
860 /* Using ptrace calls, vgdb will force an invocation of gdbserver.
861 VG_(invoke_gdbserver) is the entry point called through the
862 vgdb ptrace technique. */
864 {
865 /* ******* Avoid non-reentrant function call from here .....
866 till the ".... till here" below. */
868 /* We need to determine the state of the various threads to decide
869 if we directly invoke gdbserver or if we rather indicate to the
870 scheduler to invoke the gdbserver. To decide that, it is
871 critical to avoid any "coregrind" function call as the ptrace
872 might have stopped the process in the middle of this (possibly)
873 non-rentrant function. So, it is only when all threads are in
874 an "interruptible" state that we can safely invoke
875 gdbserver. Otherwise, we let the valgrind scheduler invoke
876 gdbserver at the next poll. This poll will be made very soon
877 thanks to a call to VG_(force_vgdb_poll). */
883 interrupts_while_busy++;
885 }
886 interrupts_non_busy++;
888 /* check if all threads are in an "interruptible" state. If yes,
889 we invoke gdbserver. Otherwise, we tell the scheduler to wake up
890 asap. */
893 /* interruptible states. */
904 /* non interruptible states. */
907 interrupts_non_interruptible++;
910 /* If give_control_back_to_vgdb returns in an non interruptable
911 state something went horribly wrong, fallthrough to vg_assert. */
913 }
914 }
918 /* .... till here.
919 From here onwards, function calls are ok: it is
920 safe to call valgrind core functions: all threads are blocked in
921 a system call or are yielding or ... */
932 }
935 {
936 Bool ret;
937 busy++;
949 }
950 busy--;
952 }
955 ThreadId tid)
956 {
959 who,
963 tid);
965 }
968 ThreadId tid)
969 {
975 }
979 /* indicate to gdbserver that there is a signal */
982 /* let gdbserver do some work, e.g. show the signal to the user */
985 }
988 {
991 /* if gdbserver is currently not connected, then signal
992 is to be given to the process */
996 }
997 /* if gdb has informed gdbserver that this signal can be
998 passed directly without informing gdb, then signal is
999 to be given to the process. */
1003 }
1005 /* indicate to gdbserver that there is a signal */
1008 /* let gdbserver do some work, e.g. show the signal to the user.
1009 User can also decide to ignore the signal or change the signal. */
1012 /* ask gdbserver what is the final decision */
1019 }
1020 }
1023 /* If catching_syscalls is True, then syscalls_to_catch_size == 0 means
1024 to catch all syscalls. Otherwise, it is the size of the syscalls_to_catch
1025 array. */
1029 {
1030 Int i;
1040 }
1043 {
1050 }
1053 /* let gdbserver do some work */
1056 }
1057 }
1058 }
1061 {
1064 /* Make sure vgdb knows we are about to die and why. */
1070 gdbserver_process_exit_encountered
1075 gdbserver_process_exit_encountered
1081 }
1084 }
1086 /* Tear down the connection if it still exists. */
1088 }
1090 // Check if single_stepping or if there is a break requested at iaddr.
1091 // If yes, call debugger
1094 {
1097 // For Vg_VgdbFull, after a fork, we might have calls to this helper
1098 // while gdbserver is not yet initialized.
1111 }
1112 }
1113 }
1115 /* software_breakpoint support --------------------------------------*/
1116 /* When a block is instrumented for gdbserver, single step and breaks
1117 will be obeyed in this block. However, if a jump to another block
1118 is executed while single_stepping is active, we must ensure that
1119 this block is also instrumented. For this, when a block is
1120 instrumented for gdbserver while single_stepping, the target of all
1121 the Jump instructions in this block will be checked to verify if
1122 the block is already instrumented for gdbserver. The below will
1123 ensure that if not already instrumented for gdbserver, the target
1124 block translation containing addr will be invalidated. The list of
1125 gdbserved Addr will also be kept so that translations can be
1126 dropped automatically by gdbserver when going out of single step
1127 mode.
1129 Call the below at translation time if the jump target is a constant.
1130 Otherwise, rather use VG_(add_stmt_call_invalidate_if_not_gdbserved).
1132 To instrument the target exit statement, you can call
1133 VG_(add_stmt_call_invalidate_exit_target_if_not_gdbserved) rather
1134 than check the kind of target exit. */
1136 {
1138 invalidate_if_jump_not_yet_gdbserved
1140 }
1142 // same as VG_(invalidate_if_not_gdbserved) but is intended to be called
1143 // at runtime (only difference is the invalidate reason which traces
1144 // it is at runtime)
1147 {
1149 invalidate_if_jump_not_yet_gdbserved
1151 }
1157 IRTemp jmp,
1159 {
1164 Int nargs;
1178 }
1180 /* software_breakpoint support --------------------------------------*/
1181 /* If a tool wants to allow gdbserver to do something at Addr, then
1182 VG_(add_stmt_call_gdbserver) will add in IRSB a call to a helper
1183 function. This helper function will check if the process must be
1184 stopped at the instruction Addr: either there is a break at Addr or
1185 the process is being single-stepped. Typical usage of the below is to
1186 instrument an Ist_IMark to allow the debugger to interact at any
1187 instruction being executed. As soon as there is one break in a block,
1188 then to allow single stepping in this block (and possible insertions
1189 of other breaks in the same sb_in while the process is stopped), a
1190 debugger statement will be inserted for all instructions of a block. */
1199 {
1203 Int nargs;
1206 /* first store the address in the program counter so that the check
1207 done by VG_(helperc_CallDebugger) will be based on the correct
1208 program counter. We might make this more efficient by rather
1209 searching for assignement to program counter and instrumenting
1210 that but the below is easier and I guess that the optimiser will
1211 remove the redundant store. And in any case, when debugging a
1212 piece of code, the efficiency requirement is not critical: very
1213 few blocks will be instrumented for debugging. */
1215 /* For platforms on which the IP can differ from the addr of the instruction
1216 being executed, we need to add the delta to obtain the IP.
1217 This IP will be given to gdb (e.g. if a breakpoint is put at iaddr).
1219 For ARM, this delta will ensure that the thumb bit is set in the
1220 IP when executing thumb code. gdb uses this thumb bit a.o.
1221 to properly guess the next IP for the 'step' and 'stepi' commands. */
1234 /* Note: in fact, a debugger call can read whatever register
1235 or memory. It can also write whatever register or memory.
1236 So, in theory, we have to indicate the whole universe
1237 can be read and modified. It is however not critical
1238 to indicate precisely what is being read/written
1239 as such indications are needed for tool error detection
1240 and we do not want to have errors being detected for
1241 gdb interactions. */
1257 }
1260 /* Invalidate the target of the exit if needed:
1261 If target is constant, it is invalidated at translation time.
1262 Otherwise, a call to a helper function is generated to invalidate
1263 the translation at run time.
1264 The below is thus calling either VG_(invalidate_if_not_gdbserved)
1265 or VG_(add_stmt_call_invalidate_if_not_gdbserved). */
1270 IRType gWordTy,
1272 {
1282 }
1283 }
1290 {
1292 Int i;
1299 /* here, we need to instrument for gdbserver */
1312 }
1315 /* For an Ist_Mark, add a call to debugger. */
1324 sb_out);
1325 /* There is an optimisation possible here for Vg_VgdbFull:
1326 Put a guard ensuring we only call gdbserver if 'FullCallNeeded'.
1327 FullCallNeeded would be set to 1 we have just switched on
1328 Single Stepping or have just encountered a watchpoint
1329 or have just inserted a breakpoint.
1330 (as gdb by default removes and re-insert breakpoints), we would
1331 need to also implement the notion of 'breakpoint pending removal'
1332 to remove at the next 'continue/step' packet. */
1335 }
1336 }
1337 }
1342 gWordTy,
1343 sb_out);
1344 }
1347 }
1352 UInt ret;
1353 };
1356 {
1365 }
1366 }
1368 {
1382 }
1384 }
1387 kwd_report_error report)
1388 {
1395 Int kwl;
1398 Int pass;
1399 /* pass 0 = search, optional pass 1 = output message multiple matches */
1411 }
1422 kpos++;
1428 /* exact match */
1432 pass1needed++;
1434 }
1436 /* il < kwl */
1438 /* partial match */
1442 pass1needed++;
1444 }
1445 }
1446 }
1447 /* check for success or for no match at all */
1455 }
1457 }
1458 }
1460 /* here we have duplicated match error */
1464 }
1467 else
1469 }
1470 }
1471 /* UNREACHED */
1473 }
1475 /* True if string can be a 0x number */
1477 {
1480 else
1482 }
1484 /* True if string can be a 0b number */
1486 {
1489 else
1491 }
1496 {
1509 }
1516 Int j;
1525 /* report malformed binary integer */
1529 }
1530 }
1533 }
1541 }
1544 }
1547 {
1548 const int nr_gdbserved_addresses
1550 const int nr_watchpoints
1561 gdbserver_called,
1564 vgdb_interrupted_tid,
1565 interrupts_non_busy,
1566 interrupts_while_busy,
1567 interrupts_non_interruptible,
1569 nr_gdbserved_addresses,
1570 nr_watchpoints,
1573 }