| blob | 9913c882304be5f71308059af4d99aa5d78e758b |
2 /*--------------------------------------------------------------------*/
3 /*--- Handle remote gdb protocol. m_gdbserver.c ---*/
4 /*--------------------------------------------------------------------*/
6 /*
7 This file is part of Valgrind, a dynamic binary instrumentation
8 framework.
10 Copyright (C) 2011-2017 Philippe Waroquiers
12 This program is free software; you can redistribute it and/or
13 modify it under the terms of the GNU General Public License as
14 published by the Free Software Foundation; either version 2 of the
15 License, or (at your option) any later version.
17 This program is distributed in the hope that it will be useful, but
18 WITHOUT ANY WARRANTY; without even the implied warranty of
19 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
20 General Public License for more details.
22 You should have received a copy of the GNU General Public License
23 along with this program; if not, write to the Free Software
24 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
25 02111-1307, USA.
27 The GNU General Public License is contained in the file COPYING.
28 */
55 /* forward declarations */
62 /* reasons of call to call_gdbserver. */
63 typedef
72 CallReason;
75 {
85 }
86 }
88 /* An instruction instrumented for gdbserver looks like this:
89 1. Ist_Mark (0x1234)
90 2. Put (IP, 0x1234)
91 3. helperc_CallDebugger (0x1234)
92 This will give control to gdb if there is a break at 0x1234
93 or if we are single stepping
94 4. ... here the real IR for the instruction at 0x1234
96 When there is a break at 0x1234:
97 if user does "continue" or "step" or similar,
98 then - the call to debugger returns
99 - valgrind executes at 3. the real IR(s) for 0x1234
101 if as part of helperc_CallDebugger, the user calls
102 some code in gdb e.g print hello_world()
103 then - gdb prepares a dummy stack frame with a specific
104 return address (typically it uses _start) and
105 inserts a break at this address
106 - gdb then puts in EIP the address of hello_world()
107 - gdb then continues (so the helperc_CallDebugger
108 returns)
109 - call_gdbserver() function will then return the
110 control to the scheduler (using VG_MINIMAL_LONGJMP)
111 to allow the block of the new EIP
112 to be executed.
113 - hello_world code is executed.
114 - when hello_world() returns, it returns to
115 _start and encounters the break at _start.
116 - gdb then removes this break, put 0x1234 in EIP
117 and does a "step". This causes to jump from
118 _start to 0x1234, where the call to
119 helperc_CallDebugger is redone.
120 - This is all ok, the user can then give new gdb
121 commands.
123 However, when continue is given, address 0x1234 is to
124 be executed: gdb gives a single step, which must not
125 report again the break at 0x1234. To avoid a 2nd report
126 of the same break, the below tells that the next
127 helperc_CallDebugger call must ignore a break/stop at
128 this address.
129 */
135 /* Describes the address addr (for debugging/printing purposes).
136 Last two results are kept. A third call will replace the
137 oldest result. */
139 {
142 PtrdiffT offset;
145 // sym is used for debugging/tracing, so cur_ep is a reasonable choice.
158 }
160 }
162 /* Each time gdbserver is called, gdbserver_called is incremented
163 gdbserver_exited is incremented when gdbserver is asked to exit */
167 /* alloc and free functions for xarray and similar. */
169 {
171 }
173 {
175 }
177 typedef
179 GS_break,
180 GS_jump
181 }
182 GS_Kind;
184 typedef
187 Addr addr;
188 GS_Kind kind;
189 }
190 GS_Address;
192 /* gs_addresses contains a list of all addresses that have been invalidated
193 because they have been (or must be) instrumented for gdbserver.
194 An entry is added in this table when there is a break at this
195 address (kind == GS_break) or if this address is the jump target of an
196 exit of a block that has been instrumented for gdbserver while
197 single stepping (kind == GS_jump).
198 When gdbserver is not single stepping anymore, all GS_jump entries
199 are removed, their translations are invalidated.
201 Note for ARM: addr in GS_Address is the value without the thumb bit set.
202 */
205 // Transform addr in the form stored in the list of addresses.
206 // For the ARM architecture, we store it with the thumb bit set to 0.
208 {
209 #if defined(VGA_arm)
211 #else
213 #endif
214 }
217 {
224 /* It should be sufficient to discard a range of 1.
225 We use 2 to ensure the below is not sensitive to the presence
226 of thumb bit in the range of addresses to discard.
227 No need to discard translations for Vg_VgdbFull as all
228 instructions are in any case vgdb-instrumented. */
231 }
234 {
236 // See add_gs_address for the explanation for condition and the range 2 below.
240 }
243 {
251 }
252 }
254 typedef
256 Addr addr;
257 SizeT len;
258 PointKind kind;
259 }
260 GS_Watch;
262 /* gs_watches contains a list of all addresses+len+kind that are being
263 watched. */
267 {
269 }
271 /* Returns the GS_Watch matching addr/len/kind and sets *g_ix to its
272 position in gs_watches.
273 If no matching GS_Watch is found, returns NULL and sets g_ix to -1. */
276 {
278 Word i;
281 /* Linear search. If we have many watches, this might be optimised
282 by having the array sorted and using VG_(lookupXA) */
286 // Found.
289 }
290 }
292 // Not found.
295 }
298 /* protocol spec tells the below must be idempotent. */
300 {
305 /* insert a breakpoint at addr or upgrade its kind */
309 /* already gdbserved. Normally, it must be because of a jump.
310 However, due to idempotent or if connection with gdb was
311 lost (kept breaks from the previous gdb), if already existing,
312 we just upgrade its kind. */
314 }
316 /* delete a breakpoint at addr or downgrade its kind */
319 /* keep gdbserved instrumentation while single stepping */
323 }
329 }
330 }
331 }
334 Bool insert,
335 Addr addr,
338 Bool insert,
339 Addr addr,
340 SizeT len))
341 {
343 }
347 {
348 Bool res;
350 Word g_ix;
362 }
375 // Protocol says insert/remove must be idempotent.
376 // So, we just ignore double insert or (supposed) double delete.
390 }
399 }
400 }
402 }
405 {
411 }
414 {
415 Word n_elems;
417 Word i;
444 /* If no overlap, examine next watchpoint: */
449 /* call gdbserver if access kind reported by the tool
450 matches the watchpoint kind. */
454 /* Watchpoint encountered.
455 If this is a read watchpoint, we directly call gdbserver
456 to report it to gdb.
457 Otherwise, for a write watchpoint, we have to finish
458 the instruction so as to modify the value.
459 If we do not finish the instruction, then gdb sees no
460 value change and continues.
461 For a read watchpoint, we better call gdbserver directly:
462 in case the current block is not gdbserved, Valgrind
463 will execute instructions till the next block. */
465 /* set the watchpoint stop address to the first read or written. */
470 }
473 /* Let Valgrind stop as early as possible after this instruction
474 by switching to Single Stepping mode. */
480 }
482 }
486 }
487 }
489 }
491 /* Returns the reason for which gdbserver instrumentation is needed */
493 {
503 }
508 /* We assume we do not have a huge nr of breakpoints.
509 Otherwise, we need something more efficient e.g.
510 a sorted list of breakpoints or associate extents to it or ...
511 */
522 }
523 }
524 }
530 }
534 }
536 // Clear gdbserved_addresses in gs_addresses.
537 // If clear_only_jumps, clears only the addresses that are served
538 // for jump reasons.
539 // Otherwise, clear all the addresses.
540 // Cleared addresses are invalidated so as to have them re-translated.
542 {
544 UInt n_elems;
555 }
557 // Clear watched addressed in gs_watches, delete gs_watches.
559 {
562 Word i;
566 n_elems);
575 }
576 }
580 }
583 {
587 }
590 {
592 }
595 {
597 }
600 {
602 }
605 {
606 // Using VG_(dyn_vgdb_error) allows the user to control if gdbserver
607 // stops after a fork.
610 /* The below call allows gdb to attach at startup
611 before the first guest instruction is executed. */
615 /* User has activated gdbserver => initialize now the FIFOs
616 to let vgdb/gdb contact us either via the scheduler poll
617 mechanism or via vgdb ptrace-ing valgrind. */
620 }
621 }
623 /* when fork is done, various cleanup is needed in the child process.
624 In particular, child must have its own connection to avoid stealing
625 data from its parent */
627 {
631 /* finish connection inheritated from parent */
634 /* ensure next call to gdbserver will be considered as a brand
635 new call that will initialize a fresh gdbserver. */
647 }
653 /* After fork, if we do not trace the children, disable vgdb
654 poll to avoid gdbserver being called unexpectedly. */
656 }
657 }
659 /* If reason is init_reason, creates the connection resources (e.g.
660 the FIFOs) to allow a gdb connection to be detected by polling
661 using remote_desc_activity.
662 Otherwise (other reasons):
663 If connection with gdb not yet opened, opens the connection with gdb.
664 reads gdb remote protocol packets and executes the requested commands.
665 */
667 {
670 Addr saved_pc;
673 "entering call_gdbserver %s ... pid %d tid %u status %s "
679 /* If we are about to die, then just run server_main() once to get
680 the resume reply out and return immediately because most of the state
681 of this tid and process is about to be torn down. */
685 }
692 gdbserver_exited);
694 }
702 gs_free,
705 }
709 gdbserver_called++;
711 /* call gdbserver_init if this is the first call to gdbserver. */
718 /* if the call reason is to initialize, then return control to
719 valgrind. After this initialization, gdbserver will be called
720 again either if there is an error detected by valgrind or
721 if vgdb sends data to the valgrind process. */
724 }
737 /* we are single stepping. If we were not stepping on entry,
738 then invalidate the current program counter so as to properly
739 do single step. In case the program counter was changed by
740 gdb, this will also invalidate the target address we will
741 jump to. */
744 }
746 /* We are not single stepping. If we were stepping on entry,
747 then clear the gdbserved addresses. This will cause all
748 these gdbserved blocks to be invalidated so that they can be
749 re-translated without being gdbserved. */
752 }
754 /* can't do sanity check at beginning. At least the stack
755 check is not yet possible. */
759 /* If the PC has been changed by gdb, then we VG_MINIMAL_LONGJMP to
760 the scheduler to execute the block of the new PC.
761 Otherwise we just return to continue executing the
762 current block. */
769 SysRes sres;
772 }
774 /* resume scheduler */
776 }
777 /* else continue to run */
778 }
779 /* continue to run */
780 }
782 /* busy > 0 when gdbserver is currently being called.
783 busy is used to avoid vgdb invoking gdbserver
784 while gdbserver by Valgrind. */
788 {
789 busy++;
790 /* called by the rest of valgrind for
791 --vgdb-error=0 reason
792 or by scheduler "poll/debug/interrupt" reason
793 or to terminate. */
801 gdbserver_exited);
804 gdbserver_exited++;
805 }
806 }
807 busy--;
808 }
810 // nr of invoke_gdbserver while gdbserver is already executing.
813 // nr of invoke_gdbserver while gdbserver is not executing.
816 // nr of invoke_gdbserver when some threads are not interruptible.
819 /* When all threads are blocked in a system call, the Valgrind
820 scheduler cannot poll the shared memory for gdbserver activity. In
821 such a case, vgdb will force the invocation of gdbserver using
822 ptrace. To do that, vgdb 'pushes' a call to invoke_gdbserver
823 on the stack using ptrace. invoke_gdbserver must not return.
824 Instead, it must call give_control_back_to_vgdb.
825 vgdb expects to receive a SIGSTOP, which this function generates.
826 When vgdb gets this SIGSTOP, it knows invoke_gdbserver call
827 is finished and can reset the Valgrind process in the state prior to
828 the 'pushed call' (using ptrace again).
829 This all works well. However, the user must avoid
830 'kill-9ing' vgdb during such a pushed call, otherwise
831 the SIGSTOP generated below will be seen by the Valgrind core,
832 instead of being handled by vgdb. The OS will then handle the SIGSTOP
833 by stopping the Valgrind process.
834 We use SIGSTOP as this process cannot be masked. */
837 {
838 #if !defined(VGO_solaris)
839 /* cause a SIGSTOP to be sent to ourself, so that vgdb takes control.
840 vgdb will then restore the stack so as to resume the activity
841 before the ptrace (typically do_syscall_WRK). */
845 /* If we arrive here, it means a call was pushed on the stack
846 by vgdb, but during this call, vgdb and/or connection
847 died. Alternatively, it is a bug in the vgdb<=>Valgrind gdbserver
848 ptrace handling. */
854 /* On Solaris, this code is run within the context of an agent thread
855 (see vgdb-invoker-solaris.c and "PCAGENT" control message in
856 proc(4)). Exit the agent thread now.
857 */
862 }
864 /* Using ptrace calls, vgdb will force an invocation of gdbserver.
865 VG_(invoke_gdbserver) is the entry point called through the
866 vgdb ptrace technique. */
868 {
869 /* ******* Avoid non-reentrant function call from here .....
870 till the ".... till here" below. */
872 /* We need to determine the state of the various threads to decide
873 if we directly invoke gdbserver or if we rather indicate to the
874 scheduler to invoke the gdbserver. To decide that, it is
875 critical to avoid any "coregrind" function call as the ptrace
876 might have stopped the process in the middle of this (possibly)
877 non-rentrant function. So, it is only when all threads are in
878 an "interruptible" state that we can safely invoke
879 gdbserver. Otherwise, we let the valgrind scheduler invoke
880 gdbserver at the next poll. This poll will be made very soon
881 thanks to a call to VG_(force_vgdb_poll). */
887 interrupts_while_busy++;
889 }
890 interrupts_non_busy++;
892 /* check if all threads are in an "interruptible" state. If yes,
893 we invoke gdbserver. Otherwise, we tell the scheduler to wake up
894 asap. */
897 /* interruptible states. */
908 /* non interruptible states. */
911 interrupts_non_interruptible++;
916 }
917 }
921 /* .... till here.
922 From here onwards, function calls are ok: it is
923 safe to call valgrind core functions: all threads are blocked in
924 a system call or are yielding or ... */
935 }
938 {
939 Bool ret;
940 busy++;
952 }
953 busy--;
955 }
958 ThreadId tid)
959 {
962 who,
966 tid);
968 }
971 ThreadId tid)
972 {
978 }
982 /* indicate to gdbserver that there is a signal */
985 /* let gdbserver do some work, e.g. show the signal to the user */
988 }
991 {
994 /* if gdbserver is currently not connected, then signal
995 is to be given to the process */
999 }
1000 /* if gdb has informed gdbserver that this signal can be
1001 passed directly without informing gdb, then signal is
1002 to be given to the process. */
1006 }
1008 /* indicate to gdbserver that there is a signal */
1011 /* let gdbserver do some work, e.g. show the signal to the user.
1012 User can also decide to ignore the signal or change the signal. */
1015 /* ask gdbserver what is the final decision */
1022 }
1023 }
1026 /* If catching_syscalls is True, then syscalls_to_catch_size == 0 means
1027 to catch all syscalls. Otherwise, it is the size of the syscalls_to_catch
1028 array. */
1032 {
1033 Int i;
1043 }
1046 {
1053 }
1056 /* let gdbserver do some work */
1059 }
1060 }
1061 }
1064 {
1067 /* Make sure vgdb knows we are about to die and why. */
1073 gdbserver_process_exit_encountered
1078 gdbserver_process_exit_encountered
1084 }
1087 }
1089 /* Tear down the connection if it still exists. */
1091 }
1093 // Check if single_stepping or if there is a break requested at iaddr.
1094 // If yes, call debugger
1097 {
1100 // For Vg_VgdbFull, after a fork, we might have calls to this helper
1101 // while gdbserver is not yet initialized.
1114 }
1115 }
1116 }
1118 /* software_breakpoint support --------------------------------------*/
1119 /* When a block is instrumented for gdbserver, single step and breaks
1120 will be obeyed in this block. However, if a jump to another block
1121 is executed while single_stepping is active, we must ensure that
1122 this block is also instrumented. For this, when a block is
1123 instrumented for gdbserver while single_stepping, the target of all
1124 the Jump instructions in this block will be checked to verify if
1125 the block is already instrumented for gdbserver. The below will
1126 ensure that if not already instrumented for gdbserver, the target
1127 block translation containing addr will be invalidated. The list of
1128 gdbserved Addr will also be kept so that translations can be
1129 dropped automatically by gdbserver when going out of single step
1130 mode.
1132 Call the below at translation time if the jump target is a constant.
1133 Otherwise, rather use VG_(add_stmt_call_invalidate_if_not_gdbserved).
1135 To instrument the target exit statement, you can call
1136 VG_(add_stmt_call_invalidate_exit_target_if_not_gdbserved) rather
1137 than check the kind of target exit. */
1139 {
1141 invalidate_if_jump_not_yet_gdbserved
1143 }
1145 // same as VG_(invalidate_if_not_gdbserved) but is intended to be called
1146 // at runtime (only difference is the invalidate reason which traces
1147 // it is at runtime)
1150 {
1152 invalidate_if_jump_not_yet_gdbserved
1154 }
1160 IRTemp jmp,
1162 {
1167 Int nargs;
1181 }
1183 /* software_breakpoint support --------------------------------------*/
1184 /* If a tool wants to allow gdbserver to do something at Addr, then
1185 VG_(add_stmt_call_gdbserver) will add in IRSB a call to a helper
1186 function. This helper function will check if the process must be
1187 stopped at the instruction Addr: either there is a break at Addr or
1188 the process is being single-stepped. Typical usage of the below is to
1189 instrument an Ist_IMark to allow the debugger to interact at any
1190 instruction being executed. As soon as there is one break in a block,
1191 then to allow single stepping in this block (and possible insertions
1192 of other breaks in the same sb_in while the process is stopped), a
1193 debugger statement will be inserted for all instructions of a block. */
1202 {
1206 Int nargs;
1209 /* first store the address in the program counter so that the check
1210 done by VG_(helperc_CallDebugger) will be based on the correct
1211 program counter. We might make this more efficient by rather
1212 searching for assignement to program counter and instrumenting
1213 that but the below is easier and I guess that the optimiser will
1214 remove the redundant store. And in any case, when debugging a
1215 piece of code, the efficiency requirement is not critical: very
1216 few blocks will be instrumented for debugging. */
1218 /* For platforms on which the IP can differ from the addr of the instruction
1219 being executed, we need to add the delta to obtain the IP.
1220 This IP will be given to gdb (e.g. if a breakpoint is put at iaddr).
1222 For ARM, this delta will ensure that the thumb bit is set in the
1223 IP when executing thumb code. gdb uses this thumb bit a.o.
1224 to properly guess the next IP for the 'step' and 'stepi' commands. */
1237 /* Note: in fact, a debugger call can read whatever register
1238 or memory. It can also write whatever register or memory.
1239 So, in theory, we have to indicate the whole universe
1240 can be read and modified. It is however not critical
1241 to indicate precisely what is being read/written
1242 as such indications are needed for tool error detection
1243 and we do not want to have errors being detected for
1244 gdb interactions. */
1260 }
1263 /* Invalidate the target of the exit if needed:
1264 If target is constant, it is invalidated at translation time.
1265 Otherwise, a call to a helper function is generated to invalidate
1266 the translation at run time.
1267 The below is thus calling either VG_(invalidate_if_not_gdbserved)
1268 or VG_(add_stmt_call_invalidate_if_not_gdbserved). */
1273 IRType gWordTy,
1275 {
1285 }
1286 }
1293 {
1295 Int i;
1302 /* here, we need to instrument for gdbserver */
1315 }
1318 /* For an Ist_Mark, add a call to debugger. */
1327 sb_out);
1328 /* There is an optimisation possible here for Vg_VgdbFull:
1329 Put a guard ensuring we only call gdbserver if 'FullCallNeeded'.
1330 FullCallNeeded would be set to 1 we have just switched on
1331 Single Stepping or have just encountered a watchpoint
1332 or have just inserted a breakpoint.
1333 (as gdb by default removes and re-insert breakpoints), we would
1334 need to also implement the notion of 'breakpoint pending removal'
1335 to remove at the next 'continue/step' packet. */
1338 }
1339 }
1340 }
1345 gWordTy,
1346 sb_out);
1347 }
1350 }
1355 UInt ret;
1356 };
1359 {
1368 }
1369 }
1371 {
1385 }
1387 }
1390 kwd_report_error report)
1391 {
1398 Int kwl;
1401 Int pass;
1402 /* pass 0 = search, optional pass 1 = output message multiple matches */
1414 }
1425 kpos++;
1431 /* exact match */
1435 pass1needed++;
1437 }
1439 /* il < kwl */
1441 /* partial match */
1445 pass1needed++;
1447 }
1448 }
1449 }
1450 /* check for success or for no match at all */
1458 }
1460 }
1461 }
1463 /* here we have duplicated match error */
1467 }
1470 else
1472 }
1473 }
1474 /* UNREACHED */
1476 }
1478 /* True if string can be a 0x number */
1480 {
1483 else
1485 }
1487 /* True if string can be a 0b number */
1489 {
1492 else
1494 }
1499 {
1512 }
1519 Int j;
1528 /* report malformed binary integer */
1532 }
1533 }
1536 }
1544 }
1546 }
1549 {
1550 const int nr_gdbserved_addresses
1552 const int nr_watchpoints
1563 gdbserver_called,
1566 vgdb_interrupted_tid,
1567 interrupts_non_busy,
1568 interrupts_while_busy,
1569 interrupts_non_interruptible,
1571 nr_gdbserved_addresses,
1572 nr_watchpoints,
1575 }