| blob | df34e0a1515280b0fb124a6b7b4a53f6fd4a3d19 |
1 /*--------------------------------------------------------------------*/
2 /*--- Implementation of vgdb invoker subsystem via ptrace() calls. ---*/
3 /*--------------------------------------------------------------------*/
5 /*
6 This file is part of Valgrind, a dynamic binary instrumentation
7 framework.
9 Copyright (C) 2011-2017 Philippe Waroquiers
10 Copyright (C) 2021-2022 Paul Floyd
11 pjfloyd@wanadoo.fr
13 This program is free software; you can redistribute it and/or
14 modify it under the terms of the GNU General Public License as
15 published by the Free Software Foundation; either version 2 of the
16 License, or (at your option) any later version.
18 This program is distributed in the hope that it will be useful, but
19 WITHOUT ANY WARRANTY; without even the implied warranty of
20 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
21 General Public License for more details.
23 You should have received a copy of the GNU General Public License
24 along with this program; if not, see <http://www.gnu.org/licenses/>.
26 The GNU General Public License is contained in the file COPYING.
27 */
34 #include <assert.h>
35 #include <errno.h>
36 #include <stdio.h>
37 #include <stdlib.h>
38 #include <string.h>
39 #include <signal.h>
40 #include <sys/ptrace.h>
41 #include <sys/time.h>
42 #include <sys/user.h>
43 #include <sys/wait.h>
44 #include <sys/uio.h>
45 #include <elf.h>
46 #include <sys/procfs.h>
48 /*
49 * This file is largely a copy of vgdb-invoker-ptrace.c
50 *
51 * Sadly, though ptrace exists on most unix-like systems,
52 * no two versions are the same.
53 *
54 * The main two differences are that
55 * - FreeBSD ptrace works at the process level, not lwps
56 * so just attaching to the main pid stops everything
57 * (no need to read memory to get lwpids and stop all of the
58 * threads)
59 * - Reading registers is a lot simpler.
60 *
61 * Known limitations:
62 * gdbserver_tests/nlcontrolc has different behaviour
63 * becase attaching causes the select() syscall of main
64 * to be interrupted. This seems to be a "feature" of
65 * ptrace on FreeBSD so I doubt it can be fixed.
66 *
67 */
69 // 32-bit or 64-bit wide, depending on primary architecture.
74 // if > 0, pid for which registers have to be restored.
75 // if == 0, means we have not yet called setregs (or have already
76 // restored the registers).
78 /* True if we have continued pid_of_save_regs after PT_ATTACH. */
80 // When setregs has been called to change the registers of pid_of_save_regs,
81 // vgdb cannot transmit the signals intercepted during ptrace.
82 // So, we queue them, and will deliver them when detaching.
83 // See function waitstopped for more info.
87 /* True when loss of connection indicating that the Valgrind
88 process is dying. */
91 /* Copy LEN bytes of data from vgdb memory at MYADDR
92 to valgrind memory at MEMADDR.
93 On failure (cannot write the valgrind memory)
94 returns the value of errno. */
96 static
99 {
101 /* Round starting address down to longword boundary. */
103 /* Round ending address up; get number of longwords that makes. */
104 size_t count
107 /* Allocate buffer of that many longwords. */
108 PTRACE_XFER_TYPE *buffer
115 }
117 }
119 /* Fill start and end extra bytes of buffer with existing memory data. */
130 }
132 /* Copy data to be written over corresponding part of buffer */
137 /* Write the entire buffer. */
145 }
146 }
149 }
151 static
153 {
156 #define APPEND(...) sz += snprintf (result+sz, 256 - sz - 1, __VA_ARGS__)
162 }
168 }
169 }
174 #ifdef WIFCONTINUED
177 }
178 #endif
181 #undef APPEND
182 }
184 /* Wait till the process pid is reported as stopped with signal_expected.
185 If other signal(s) than signal_expected are received, waitstopped
186 will pass them to pid, waiting for signal_expected to stop pid.
187 Returns True when process is in stopped state with signal_expected.
188 Returns False if a problem was encountered while waiting for pid
189 to be stopped.
191 If pid is reported as being dead/exited, waitstopped will return False.
192 */
193 static
195 {
196 pid_t p;
211 }
213 /* The process either exited or was terminated by a (fatal) signal. */
217 }
223 }
225 /* pid received a signal which is not the signal we are waiting for.
226 If we have not (yet) changed the registers of the inferior
227 or we have (already) reset them, we can transmit the signal.
229 If we have already set the registers of the inferior, we cannot
230 transmit the signal, as this signal would arrive when the
231 gdbserver code runs. And valgrind only expects signals to
232 arrive in a small code portion around
233 client syscall logic, where signal are unmasked (see e.g.
234 m_syswrap/syscall-x86-linux.S ML_(do_syscall_for_client_WRK).
236 As ptrace is forcing a call to gdbserver by jumping
237 'out of this region', signals are not masked, but
238 will arrive outside of the allowed/expected code region.
239 So, if we have changed the registers of the inferior, we
240 rather queue the signal to transmit them when detaching,
241 after having restored the registers to the initial values. */
246 // realloc a bigger queue, and store new signal at the end.
247 // This is not very efficient but we assume not many sigs are queued.
251 }
252 signal_queue_sz++;
261 signal_queue_sz--;
266 }
271 }
275 }
276 }
279 }
281 /* Stops the given pid, wait for the process to be stopped.
282 Returns True if successful, False otherwise.
283 msg is used in tracing and error reporting. */
284 static
286 {
294 }
298 }
300 /* Attaches to given pid, wait for the process to be stopped.
301 Returns True if successful, False otherwise.
302 msg is used in tracing and error reporting. */
303 static
305 {
309 // For a ptrace_scope protected system, we do not want to output
310 // repetitively attach error. We will output once an error
311 // for the initial_attach. Once the 1st attach has succeeded, we
312 // again show all errors.
321 }
322 }
324 }
329 }
331 static
333 {
339 }
340 }
344 /* Get the registers from pid into regs.
345 Returns True if all ok, otherwise False. */
346 static
348 {
351 }
353 }
355 /* Set the registers of pid to regs.
356 Returns True if all ok, otherwise False. */
357 static
359 {
362 }
364 }
366 /* Restore the registers to the saved value, then detaches from all threads */
367 static
369 {
376 /* In case the 'main pid' has been continued, we need to stop it
377 before resetting the registers. */
382 }
383 }
388 pid_of_save_regs);
389 }
391 /* Now, we transmit all the signals we have queued. */
402 }
405 }
406 }
410 }
414 }
418 }
420 }
423 {
425 Bool stopped;
429 /* A specific int value is passed to invoke_gdbserver, to check
430 everything goes according to the plan. */
434 // A bad return address will be pushed on the stack.
435 // The function invoke_gdbserver cannot return. If ever it returns, a NULL
436 // address pushed on the stack should ensure this is detected.
438 /* Not yet attached. If problem, vgdb can abort,
439 no cleanup needed. */
445 }
447 /* Now, we are attached. If problem, detach and return. */
454 }
459 #if defined(VGA_x86)
461 #elif defined(VGA_amd64)
464 /* 64bit vgdb speaking with a 32bit executable.
465 To have system call restart properly, we need to sign extend rax.
466 For more info:
467 web search '[patch] Fix syscall restarts for amd64->i386 biarch'
468 e.g. http://sourceware.org/ml/gdb-patches/2009-11/msg00592.html */
472 }
473 #elif defined(VGA_arm64)
475 #else
477 #endif
480 // the magic below is derived from spying what gdb sends to
481 // the (classical) gdbserver when invoking a C function.
483 // vgdb speaking with a 32bit executable.
484 #if defined(VGA_x86) || defined(VGA_amd64)
487 /* push check arg on the stack */
493 regsize);
498 }
502 // Note that for a 64 bits vgdb, only 4 bytes of NULL bad_return
503 // are written.
506 regsize);
511 }
512 #if defined(VGA_x86)
513 /* set ebp, esp, eip and orig_eax to invoke gdbserver */
514 // compiled in 32bits, speaking with a 32bits exe
518 #elif defined(VGA_amd64)
519 /* set ebp, esp, eip and orig_eax to invoke gdbserver */
520 // compiled in 64bits, speaking with a 32bits exe
524 #endif
526 #elif defined(VGA_arm64)
528 #else
530 #endif
531 }
534 #if defined(VGA_x86)
536 #elif defined(VGA_amd64)
537 // vgdb speaking with a 64 bit executable.
541 /* give check arg in rdi */
544 /* push return address on stack : return to breakaddr */
546 //sp = sp - 128; // do not touch the amd64 redzone
556 }
558 /* set rbp, rsp, rip and orig_rax to invoke gdbserver */
562 #elif defined(VGA_arm64)
566 /* put NULL return address in Link Register */
569 #else
571 #endif
572 }
575 }
582 }
586 /* Now that we have modified the registers, we set
587 pid_of_save_regs to indicate that restore_and_detach
588 must restore the registers in case of cleanup. */
593 /* We PTRACE_CONT-inue pid.
594 Either gdbserver will be invoked directly (if all
595 threads are interruptible) or gdbserver will be
596 called soon by the scheduler. In the first case,
597 pid will stop on the break inserted above when
598 gdbserver returns. In the 2nd case, the break will
599 be encountered directly. */
601 /* an address of 1 means continue without modifying IP
602 since we already set IP above there is no need to set it here */
608 }
610 /* Wait for SIGSTOP generated by m_gdbserver.c give_control_back_to_vgdb */
614 /* Here pid has properly stopped on the break. */
618 }
619 /* Whatever kind of problem happened. We shutdown. */
622 }
625 {
629 }
630 }
633 {
634 }
637 {
638 /* Avoid messing up with registers of valgrind when it is dying. */
641 }