FreeBSD: add file descriptor tracking for _umtx_op
[valgrind.git] / coregrind / vgdb-invoker-ptrace.c
blob78a6a168c187a1b55b5dc64ddf484fc8904907f6
1 /*--------------------------------------------------------------------*/
2 /*--- Implementation of vgdb invoker subsystem via ptrace() calls. ---*/
3 /*--------------------------------------------------------------------*/
5 /*
6 This file is part of Valgrind, a dynamic binary instrumentation
7 framework.
9 Copyright (C) 2011-2017 Philippe Waroquiers
11 This program is free software; you can redistribute it and/or
12 modify it under the terms of the GNU General Public License as
13 published by the Free Software Foundation; either version 2 of the
14 License, or (at your option) any later version.
16 This program is distributed in the hope that it will be useful, but
17 WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
19 General Public License for more details.
21 You should have received a copy of the GNU General Public License
22 along with this program; if not, see <http://www.gnu.org/licenses/>.
24 The GNU General Public License is contained in the file COPYING.
27 #include "config.h"
29 #include "vgdb.h"
30 #include "pub_core_threadstate.h"
32 #include <alloca.h>
33 #include <assert.h>
34 #include <errno.h>
35 #include <stdio.h>
36 #include <stdlib.h>
37 #include <string.h>
38 #include <sys/ptrace.h>
39 #include <sys/time.h>
40 #include <sys/user.h>
41 #include <sys/wait.h>
43 #ifdef PTRACE_GETREGSET
44 // TBD: better have a configure test instead ?
45 #define HAVE_PTRACE_GETREGSET
47 // A bi-arch build using PTRACE_GET/SETREGSET needs
48 // some conversion code for register structures.
49 // So, better do not use PTRACE_GET/SETREGSET
50 // Rather we use PTRACE_GETREGS or PTRACE_PEEKUSER.
52 // The only platform on which we must use PTRACE_GETREGSET is arm64.
53 // The resulting vgdb cannot work in a bi-arch setup.
54 // -1 means we will check that PTRACE_GETREGSET works.
55 # if defined(VGA_arm64)
56 #define USE_PTRACE_GETREGSET
57 # endif
58 #endif
60 #include <sys/uio.h>
61 #include <elf.h>
63 #include <sys/procfs.h>
65 // glibc versions prior to 2.5 do not define PTRACE_GETSIGINFO on
66 // the platforms we support.
67 #if !((__GLIBC__ > 2) || (__GLIBC__ == 2 && __GLIBC_MINOR__ >= 5))
68 # ifndef PTRACE_GETSIGINFO
69 # define PTRACE_GETSIGINFO 0x4202
70 # endif
71 #endif
73 // 32-bit or 64-bit wide, depending on primary architecture.
74 typedef Addr CORE_ADDR;
75 typedef Addr PTRACE_XFER_TYPE;
76 typedef void* PTRACE_ARG3_TYPE;
78 // if > 0, pid for which registers have to be restored.
79 // if == 0, means we have not yet called setregs (or have already
80 // restored the registers).
81 static int pid_of_save_regs = 0;
82 /* True if we have continued pid_of_save_regs after PTRACE_ATTACH. */
83 static Bool pid_of_save_regs_continued = False;
84 // When setregs has been called to change the registers of pid_of_save_regs,
85 // vgdb cannot transmit the signals intercepted during ptrace.
86 // So, we queue them, and will deliver them when detaching.
87 // See function waitstopped for more info.
88 static int signal_queue_sz = 0;
89 static siginfo_t *signal_queue;
91 /* True when loss of connection indicating that the Valgrind
92 process is dying. */
93 static Bool dying = False;
95 /* ptrace_(read|write)_memory are modified extracts of linux-low.c
96 from gdb 6.6. Copyrighted FSF */
97 /* Copy LEN bytes from valgrind memory starting at MEMADDR
98 to vgdb memory starting at MYADDR. */
99 static
100 int ptrace_read_memory (pid_t inferior_pid, CORE_ADDR memaddr,
101 void *myaddr, size_t len)
103 register int i;
104 /* Round starting address down to longword boundary. */
105 register CORE_ADDR addr = memaddr & -(CORE_ADDR) sizeof (PTRACE_XFER_TYPE);
106 /* Round ending address up; get number of longwords that makes. */
107 register int count
108 = (((memaddr + len) - addr) + sizeof (PTRACE_XFER_TYPE) - 1)
109 / sizeof (PTRACE_XFER_TYPE);
110 /* Allocate buffer of that many longwords. */
111 register PTRACE_XFER_TYPE *buffer
112 = (PTRACE_XFER_TYPE *) alloca (count * sizeof (PTRACE_XFER_TYPE));
114 /* Read all the longwords */
115 for (i = 0; i < count; i++, addr += sizeof (PTRACE_XFER_TYPE)) {
116 errno = 0;
117 buffer[i] = ptrace (PTRACE_PEEKTEXT, inferior_pid,
118 (PTRACE_ARG3_TYPE) addr, 0);
119 if (errno)
120 return errno;
123 /* Copy appropriate bytes out of the buffer. */
124 memcpy (myaddr,
125 (char *) buffer + (memaddr & (sizeof (PTRACE_XFER_TYPE) - 1)), len);
127 return 0;
130 /* Copy LEN bytes of data from vgdb memory at MYADDR
131 to valgrind memory at MEMADDR.
132 On failure (cannot write the valgrind memory)
133 returns the value of errno. */
134 __attribute__((unused)) /* not used on all platforms */
135 static
136 int ptrace_write_memory (pid_t inferior_pid, CORE_ADDR memaddr,
137 const void *myaddr, size_t len)
139 register int i;
140 /* Round starting address down to longword boundary. */
141 register CORE_ADDR addr = memaddr & -(CORE_ADDR) sizeof (PTRACE_XFER_TYPE);
142 /* Round ending address up; get number of longwords that makes. */
143 register int count
144 = (((memaddr + len) - addr) + sizeof (PTRACE_XFER_TYPE) - 1)
145 / sizeof (PTRACE_XFER_TYPE);
146 /* Allocate buffer of that many longwords. */
147 register PTRACE_XFER_TYPE *buffer
148 = (PTRACE_XFER_TYPE *) alloca (count * sizeof (PTRACE_XFER_TYPE));
150 if (debuglevel >= 1) {
151 DEBUG (1, "Writing ");
152 for (i = 0; i < len; i++)
153 PDEBUG (1, "%02x", ((const unsigned char*)myaddr)[i]);
154 PDEBUG(1, " to %p\n", (void *) memaddr);
157 /* Fill start and end extra bytes of buffer with existing memory data. */
159 buffer[0] = ptrace (PTRACE_PEEKTEXT, inferior_pid,
160 (PTRACE_ARG3_TYPE) addr, 0);
162 if (count > 1) {
163 buffer[count - 1]
164 = ptrace (PTRACE_PEEKTEXT, inferior_pid,
165 (PTRACE_ARG3_TYPE) (addr + (count - 1)
166 * sizeof (PTRACE_XFER_TYPE)),
170 /* Copy data to be written over corresponding part of buffer */
172 memcpy ((char *) buffer + (memaddr & (sizeof (PTRACE_XFER_TYPE) - 1)),
173 myaddr, len);
175 /* Write the entire buffer. */
177 for (i = 0; i < count; i++, addr += sizeof (PTRACE_XFER_TYPE)) {
178 errno = 0;
179 ptrace (PTRACE_POKETEXT, inferior_pid,
180 (PTRACE_ARG3_TYPE) addr, buffer[i]);
181 if (errno)
182 return errno;
185 return 0;
188 /* subset of VG_(threads) needed for vgdb ptrace.
189 This is initialized when process is attached. */
190 typedef struct {
191 ThreadStatus status;
192 Int lwpid;
194 VgdbThreadState;
195 static VgdbThreadState *vgdb_threads;
196 static int vg_n_threads;
198 static const
199 HChar* name_of_ThreadStatus ( ThreadStatus status )
201 switch (status) {
202 case VgTs_Empty: return "VgTs_Empty";
203 case VgTs_Init: return "VgTs_Init";
204 case VgTs_Runnable: return "VgTs_Runnable";
205 case VgTs_WaitSys: return "VgTs_WaitSys";
206 case VgTs_Yielding: return "VgTs_Yielding";
207 case VgTs_Zombie: return "VgTs_Zombie";
208 default: return "VgTs_???";
212 static
213 char *status_image (int status)
215 static char result[256]; // large enough
216 int sz = 0;
217 #define APPEND(...) sz += snprintf (result+sz, 256 - sz - 1, __VA_ARGS__)
219 result[0] = 0;
221 if (WIFEXITED(status))
222 APPEND ("WIFEXITED %d ", WEXITSTATUS(status));
224 if (WIFSIGNALED(status)) {
225 APPEND ("WIFSIGNALED %d ", WTERMSIG(status));
226 if (WCOREDUMP(status)) APPEND ("WCOREDUMP ");
229 if (WIFSTOPPED(status))
230 APPEND ("WIFSTOPPED %d ", WSTOPSIG(status));
232 #ifdef WIFCONTINUED
233 if (WIFCONTINUED(status))
234 APPEND ("WIFCONTINUED ");
235 #endif
237 return result;
238 #undef APPEND
241 /* Wait till the process pid is reported as stopped with signal_expected.
242 If other signal(s) than signal_expected are received, waitstopped
243 will pass them to pid, waiting for signal_expected to stop pid.
244 Returns True when process is in stopped state with signal_expected.
245 Returns False if a problem was encountered while waiting for pid
246 to be stopped.
248 If pid is reported as being dead/exited, waitstopped will return False.
250 static
251 Bool waitstopped (pid_t pid, int signal_expected, const char *msg)
253 pid_t p;
254 int status = 0;
255 int signal_received;
256 int res;
258 while (1) {
259 DEBUG(1, "waitstopped %s before waitpid signal_expected %d\n",
260 msg, signal_expected);
261 p = waitpid(pid, &status, __WALL);
262 DEBUG(1, "after waitpid pid %d p %d status 0x%x %s\n", pid, p,
263 status, status_image (status));
264 if (p != pid) {
265 ERROR(errno, "%s waitpid pid %d in waitstopped %d status 0x%x %s\n",
266 msg, pid, p, status, status_image (status));
267 return False;
270 /* The process either exited or was terminated by a (fatal) signal. */
271 if (WIFEXITED(status) || WIFSIGNALED(status)) {
272 shutting_down = True;
273 return False;
276 assert (WIFSTOPPED(status));
277 signal_received = WSTOPSIG(status);
278 if (signal_received == signal_expected)
279 break;
281 /* pid received a signal which is not the signal we are waiting for.
282 If we have not (yet) changed the registers of the inferior
283 or we have (already) reset them, we can transmit the signal.
285 If we have already set the registers of the inferior, we cannot
286 transmit the signal, as this signal would arrive when the
287 gdbserver code runs. And valgrind only expects signals to
288 arrive in a small code portion around
289 client syscall logic, where signal are unmasked (see e.g.
290 m_syswrap/syscall-x86-linux.S ML_(do_syscall_for_client_WRK).
292 As ptrace is forcing a call to gdbserver by jumping
293 'out of this region', signals are not masked, but
294 will arrive outside of the allowed/expected code region.
295 So, if we have changed the registers of the inferior, we
296 rather queue the signal to transmit them when detaching,
297 after having restored the registers to the initial values. */
298 if (pid_of_save_regs) {
299 siginfo_t *newsiginfo;
301 // realloc a bigger queue, and store new signal at the end.
302 // This is not very efficient but we assume not many sigs are queued.
303 if (signal_queue_sz >= 64) {
304 DEBUG(0, "too many queued signals while waiting for SIGSTOP\n");
305 return False;
307 signal_queue_sz++;
308 signal_queue = vrealloc(signal_queue,
309 sizeof(siginfo_t) * signal_queue_sz);
310 newsiginfo = signal_queue + (signal_queue_sz - 1);
312 res = ptrace (PTRACE_GETSIGINFO, pid, NULL, newsiginfo);
313 if (res != 0) {
314 ERROR(errno, "PTRACE_GETSIGINFO failed: signal lost !!!!\n");
315 signal_queue_sz--;
316 } else
317 DEBUG(1, "waitstopped PTRACE_CONT, queuing signal %d"
318 " si_signo %d si_pid %d\n",
319 signal_received, newsiginfo->si_signo, newsiginfo->si_pid);
320 res = ptrace (PTRACE_CONT, pid, NULL, 0);
321 } else {
322 DEBUG(1, "waitstopped PTRACE_CONT with signal %d\n", signal_received);
323 res = ptrace (PTRACE_CONT, pid, NULL, signal_received);
325 if (res != 0) {
326 ERROR(errno, "waitstopped PTRACE_CONT\n");
327 return False;
331 return True;
334 /* Stops the given pid, wait for the process to be stopped.
335 Returns True if successful, False otherwise.
336 msg is used in tracing and error reporting. */
337 static
338 Bool stop (pid_t pid, const char *msg)
340 long res;
342 DEBUG(1, "%s SIGSTOP pid %d\n", msg, pid);
343 res = kill (pid, SIGSTOP);
344 if (res != 0) {
345 ERROR(errno, "%s SIGSTOP pid %d %ld\n", msg, pid, res);
346 return False;
349 return waitstopped (pid, SIGSTOP, msg);
353 /* Attaches to given pid, wait for the process to be stopped.
354 Returns True if successful, False otherwise.
355 msg is used in tracing and error reporting. */
356 static
357 Bool attach (pid_t pid, const char *msg)
359 long res;
360 static Bool output_error = True;
361 static Bool initial_attach = True;
362 // For a ptrace_scope protected system, we do not want to output
363 // repetitively attach error. We will output once an error
364 // for the initial_attach. Once the 1st attach has succeeded, we
365 // again show all errors.
367 DEBUG(1, "%s PTRACE_ATTACH pid %d\n", msg, pid);
368 res = ptrace (PTRACE_ATTACH, pid, NULL, NULL);
369 if (res != 0) {
370 if (output_error || debuglevel > 0) {
371 ERROR(errno, "%s PTRACE_ATTACH pid %d %ld\n", msg, pid, res);
372 if (initial_attach)
373 output_error = False;
375 return False;
378 initial_attach = False;
379 output_error = True;
380 return waitstopped(pid, SIGSTOP, msg);
383 /* once we are attached to the pid, get the list of threads and stop
384 them all.
385 Returns True if all threads properly suspended, False otherwise. */
386 static
387 Bool acquire_and_suspend_threads (pid_t pid)
389 int i;
390 int rw;
391 Bool pid_found = False;
392 Addr vgt;
393 int sz_tst;
394 int off_status;
395 int off_lwpid;
396 int nr_live_threads = 0;
398 if (shared32 != NULL) {
399 vgt = shared32->threads;
400 vg_n_threads = shared32->vg_n_threads;
401 sz_tst = shared32->sizeof_ThreadState;
402 off_status = shared32->offset_status;
403 off_lwpid = shared32->offset_lwpid;
405 else if (shared64 != NULL) {
406 vgt = shared64->threads;
407 vg_n_threads = shared64->vg_n_threads;
408 sz_tst = shared64->sizeof_ThreadState;
409 off_status = shared64->offset_status;
410 off_lwpid = shared64->offset_lwpid;
411 } else {
412 assert (0);
415 vgdb_threads = vmalloc(vg_n_threads * sizeof vgdb_threads[0]);
417 /* note: the entry 0 is unused */
418 DEBUG(1, "examining thread entries from tid 1 to tid %d\n", vg_n_threads-1);
419 for (i = 1; i < vg_n_threads; i++) {
420 vgt += sz_tst;
421 rw = ptrace_read_memory(pid, vgt+off_status,
422 &(vgdb_threads[i].status),
423 sizeof(ThreadStatus));
424 if (rw != 0) {
425 ERROR(rw, "status ptrace_read_memory\n");
426 return False;
429 rw = ptrace_read_memory(pid, vgt+off_lwpid,
430 &(vgdb_threads[i].lwpid),
431 sizeof(Int));
432 if (rw != 0) {
433 ERROR(rw, "lwpid ptrace_read_memory\n");
434 return False;
437 if (vgdb_threads[i].status != VgTs_Empty) {
438 DEBUG(1, "found tid %d status %s lwpid %d\n",
439 i, name_of_ThreadStatus(vgdb_threads[i].status),
440 vgdb_threads[i].lwpid);
441 nr_live_threads++;
442 if (vgdb_threads[i].lwpid <= 1) {
443 if (vgdb_threads[i].lwpid == 0
444 && vgdb_threads[i].status == VgTs_Init) {
445 DEBUG(1, "not set lwpid tid %d status %s lwpid %d\n",
446 i, name_of_ThreadStatus(vgdb_threads[i].status),
447 vgdb_threads[i].lwpid);
448 } else {
449 ERROR(1, "unexpected lwpid tid %d status %s lwpid %d\n",
450 i, name_of_ThreadStatus(vgdb_threads[i].status),
451 vgdb_threads[i].lwpid);
453 /* in case we have a VtTs_Init thread with lwpid not yet set,
454 we try again later. */
455 return False;
457 if (vgdb_threads[i].lwpid == pid) {
458 assert (!pid_found);
459 assert (i == 1);
460 pid_found = True;
461 } else {
462 if (!attach(vgdb_threads[i].lwpid, "attach_thread")) {
463 ERROR(0, "ERROR attach pid %d tid %d\n",
464 vgdb_threads[i].lwpid, i);
465 return False;
470 /* If we found no thread, it means the process is stopping, and
471 we better do not force anything to happen during that. */
472 if (nr_live_threads > 0)
473 return True;
474 else
475 return False;
478 static
479 void detach_from_all_threads (pid_t pid)
481 int i;
482 long res;
483 Bool pid_found = False;
485 /* detach from all the threads */
486 for (i = 1; i < vg_n_threads; i++) {
487 if (vgdb_threads[i].status != VgTs_Empty) {
488 if (vgdb_threads[i].status == VgTs_Init
489 && vgdb_threads[i].lwpid == 0) {
490 DEBUG(1, "skipping PTRACE_DETACH pid %d tid %d status %s\n",
491 vgdb_threads[i].lwpid, i,
492 name_of_ThreadStatus (vgdb_threads[i].status));
493 } else {
494 if (vgdb_threads[i].lwpid == pid) {
495 assert (!pid_found);
496 pid_found = True;
498 DEBUG(1, "PTRACE_DETACH pid %d tid %d status %s\n",
499 vgdb_threads[i].lwpid, i,
500 name_of_ThreadStatus (vgdb_threads[i].status));
501 res = ptrace (PTRACE_DETACH, vgdb_threads[i].lwpid, NULL, NULL);
502 if (res != 0) {
503 ERROR(errno, "PTRACE_DETACH pid %d tid %d status %s res %ld\n",
504 vgdb_threads[i].lwpid, i,
505 name_of_ThreadStatus (vgdb_threads[i].status),
506 res);
512 free (vgdb_threads);
514 if (!pid_found && pid) {
515 /* No threads are live. Process is busy stopping.
516 We need to detach from pid explicitly. */
517 DEBUG(1, "no thread live => PTRACE_DETACH pid %d\n", pid);
518 res = ptrace (PTRACE_DETACH, pid, NULL, NULL);
519 if (res != 0)
520 ERROR(errno, "PTRACE_DETACH pid %d res %ld\n", pid, res);
524 # if defined(VGA_arm64)
525 /* arm64 is extra special, old glibc defined kernel user_pt_regs, but
526 newer glibc instead define user_regs_struct. */
527 # ifdef HAVE_SYS_USER_REGS
528 static struct user_regs_struct user_save;
529 # else
530 static struct user_pt_regs user_save;
531 # endif
532 # else
533 static struct user user_save;
534 # endif
535 // The below indicates if ptrace_getregs (and ptrace_setregs) can be used.
536 // Note that some linux versions are defining PTRACE_GETREGS but using
537 // it gives back EIO.
538 // has_working_ptrace_getregs can take the following values:
539 // -1 : PTRACE_GETREGS is defined
540 // runtime check not yet done.
541 // 0 : PTRACE_GETREGS runtime check has failed.
542 // 1 : PTRACE_GETREGS defined and runtime check ok.
543 #ifdef HAVE_PTRACE_GETREGS
544 static int has_working_ptrace_getregs = -1;
545 #endif
546 // Similar but for PTRACE_GETREGSET
547 #ifdef HAVE_PTRACE_GETREGSET
548 static int has_working_ptrace_getregset = -1;
549 #endif
551 /* Get the registers from pid into regs.
552 regs_bsz value gives the length of *regs.
553 Returns True if all ok, otherwise False. */
554 static
555 Bool getregs (pid_t pid, void *regs, long regs_bsz)
557 DEBUG(1, "getregs regs_bsz %ld\n", regs_bsz);
558 # ifdef HAVE_PTRACE_GETREGSET
559 # ifndef USE_PTRACE_GETREGSET
560 if (has_working_ptrace_getregset)
561 DEBUG(1, "PTRACE_GETREGSET defined, not used (yet?) by vgdb\n");
562 has_working_ptrace_getregset = 0;
563 # endif
564 if (has_working_ptrace_getregset) {
565 // Platforms having GETREGSET
566 long res;
567 elf_gregset_t elf_regs;
568 struct iovec iovec;
570 DEBUG(1, "getregs PTRACE_GETREGSET sizeof(elf_regs) %zu\n",
571 sizeof(elf_regs));
572 iovec.iov_base = regs;
573 iovec.iov_len = sizeof(elf_regs);
575 res = ptrace (PTRACE_GETREGSET, pid, NT_PRSTATUS, &iovec);
576 if (res == 0) {
577 if (has_working_ptrace_getregset == -1) {
578 // First call to PTRACE_GETREGSET successful =>
579 has_working_ptrace_getregset = 1;
580 DEBUG(1, "detected a working PTRACE_GETREGSET\n");
582 assert (has_working_ptrace_getregset == 1);
583 return True;
585 else if (has_working_ptrace_getregset == 1) {
586 // We had a working call, but now it fails.
587 // This is unexpected.
588 ERROR(errno, "PTRACE_GETREGSET %ld\n", res);
589 return False;
590 } else {
591 // Check this is the first call:
592 assert (has_working_ptrace_getregset == -1);
593 if (errno == EIO) {
594 DEBUG(1, "detected a broken PTRACE_GETREGSET with EIO\n");
595 has_working_ptrace_getregset = 0;
596 // Fall over to the PTRACE_GETREGS or PTRACE_PEEKUSER case.
597 } else {
598 ERROR(errno, "broken PTRACE_GETREGSET unexpected errno %ld\n", res);
599 return False;
603 # endif
605 # ifdef HAVE_PTRACE_GETREGS
606 if (has_working_ptrace_getregs) {
607 // Platforms having GETREGS
608 long res;
609 DEBUG(1, "getregs PTRACE_GETREGS\n");
610 res = ptrace (PTRACE_GETREGS, pid, NULL, regs);
611 if (res == 0) {
612 if (has_working_ptrace_getregs == -1) {
613 // First call to PTRACE_GETREGS successful =>
614 has_working_ptrace_getregs = 1;
615 DEBUG(1, "detected a working PTRACE_GETREGS\n");
617 assert (has_working_ptrace_getregs == 1);
618 return True;
620 else if (has_working_ptrace_getregs == 1) {
621 // We had a working call, but now it fails.
622 // This is unexpected.
623 ERROR(errno, "PTRACE_GETREGS %ld\n", res);
624 return False;
625 } else {
626 // Check this is the first call:
627 assert (has_working_ptrace_getregs == -1);
628 if (errno == EIO) {
629 DEBUG(1, "detected a broken PTRACE_GETREGS with EIO\n");
630 has_working_ptrace_getregs = 0;
631 // Fall over to the PTRACE_PEEKUSER case.
632 } else {
633 ERROR(errno, "broken PTRACE_GETREGS unexpected errno %ld\n", res);
634 return False;
638 # endif
640 // We assume PTRACE_PEEKUSER is defined everywhere.
642 # ifdef PT_ENDREGS
643 long peek_bsz = PT_ENDREGS;
644 assert (peek_bsz <= regs_bsz);
645 # else
646 long peek_bsz = regs_bsz-1;
647 # endif
648 char *pregs = (char *) regs;
649 long offset;
650 errno = 0;
651 DEBUG(1, "getregs PTRACE_PEEKUSER(s) peek_bsz %ld\n", peek_bsz);
652 for (offset = 0; offset < peek_bsz; offset = offset + sizeof(long)) {
653 *(long *)(pregs+offset) = ptrace(PTRACE_PEEKUSER, pid, offset, NULL);
654 if (errno != 0) {
655 ERROR(errno, "PTRACE_PEEKUSER offset %ld\n", offset);
656 return False;
659 return True;
662 // If neither of PTRACE_GETREGSET PTRACE_GETREGS PTRACE_PEEKUSER have
663 // returned, then we are in serious trouble.
664 assert (0);
667 /* Set the registers of pid to regs.
668 regs_bsz value gives the length of *regs.
669 Returns True if all ok, otherwise False. */
670 static
671 Bool setregs (pid_t pid, void *regs, long regs_bsz)
673 DEBUG(1, "setregs regs_bsz %ld\n", regs_bsz);
675 // Note : the below is checking for GETREGSET, not SETREGSET
676 // as if one is defined and working, the other one should also work.
677 # ifdef HAVE_PTRACE_GETREGSET
678 if (has_working_ptrace_getregset) {
679 // Platforms having SETREGSET
680 long res;
681 elf_gregset_t elf_regs;
682 struct iovec iovec;
684 // setregset can never be called before getregset has done a runtime check.
685 assert (has_working_ptrace_getregset == 1);
686 DEBUG(1, "setregs PTRACE_SETREGSET sizeof(elf_regs) %zu\n",
687 sizeof(elf_regs));
688 iovec.iov_base = regs;
689 iovec.iov_len = sizeof(elf_regs);
690 res = ptrace (PTRACE_SETREGSET, pid, NT_PRSTATUS, &iovec);
691 if (res != 0) {
692 ERROR(errno, "PTRACE_SETREGSET %ld\n", res);
693 return False;
695 return True;
697 # endif
699 // Note : the below is checking for GETREGS, not SETREGS
700 // as if one is defined and working, the other one should also work.
701 # ifdef HAVE_PTRACE_GETREGS
702 if (has_working_ptrace_getregs) {
703 // Platforms having SETREGS
704 long res;
705 // setregs can never be called before getregs has done a runtime check.
706 assert (has_working_ptrace_getregs == 1);
707 DEBUG(1, "setregs PTRACE_SETREGS\n");
708 res = ptrace (PTRACE_SETREGS, pid, NULL, regs);
709 if (res != 0) {
710 ERROR(errno, "PTRACE_SETREGS %ld\n", res);
711 return False;
713 return True;
715 # endif
718 char *pregs = (char *) regs;
719 long offset;
720 long res;
721 # ifdef PT_ENDREGS
722 long peek_bsz = PT_ENDREGS;
723 assert (peek_bsz <= regs_bsz);
724 # else
725 long peek_bsz = regs_bsz-1;
726 # endif
727 errno = 0;
728 DEBUG(1, "setregs PTRACE_POKEUSER(s) %ld\n", peek_bsz);
729 for (offset = 0; offset < peek_bsz; offset = offset + sizeof(long)) {
730 res = ptrace(PTRACE_POKEUSER, pid, offset, *(long*)(pregs+offset));
731 if (errno != 0) {
732 ERROR(errno, "PTRACE_POKEUSER offset %ld res %ld\n", offset, res);
733 return False;
736 return True;
739 // If neither PTRACE_SETREGS not PTRACE_POKEUSER have returned,
740 // then we are in serious trouble.
741 assert (0);
744 /* Restore the registers to the saved value, then detaches from all threads */
745 static
746 void restore_and_detach (pid_t pid)
748 int res;
750 DEBUG(1, "restore_and_detach pid %d pid_of_save_regs %d\n",
751 pid, pid_of_save_regs);
753 if (pid_of_save_regs) {
754 /* In case the 'main pid' has been continued, we need to stop it
755 before resetting the registers. */
756 if (pid_of_save_regs_continued) {
757 pid_of_save_regs_continued = False;
758 if (!stop(pid_of_save_regs, "sigstop before reset regs"))
759 DEBUG(0, "Could not sigstop before reset");
762 DEBUG(1, "setregs restore registers pid %d\n", pid_of_save_regs);
763 if (!setregs(pid_of_save_regs, &user_save.regs, sizeof(user_save.regs))) {
764 ERROR(errno, "setregs restore registers pid %d after cont\n",
765 pid_of_save_regs);
768 /* Now, we transmit all the signals we have queued. */
769 if (signal_queue_sz > 0) {
770 int i;
771 for (i = 0; i < signal_queue_sz; i++) {
772 DEBUG(1, "PTRACE_CONT to transmit queued signal %d\n",
773 signal_queue[i].si_signo);
774 res = ptrace (PTRACE_CONT, pid_of_save_regs, NULL,
775 signal_queue[i].si_signo);
776 if (res != 0)
777 ERROR(errno, "PTRACE_CONT with signal %d\n",
778 signal_queue[i].si_signo);
779 if (!stop(pid_of_save_regs, "sigstop after transmit sig"))
780 DEBUG(0, "Could not sigstop after transmit sig");
782 free (signal_queue);
783 signal_queue = NULL;
784 signal_queue_sz = 0;
786 pid_of_save_regs = 0;
787 } else {
788 DEBUG(1, "PTRACE_SETREGS restore registers: no pid\n");
790 if (signal_queue)
791 ERROR (0, "One or more signals queued were not delivered. "
792 "First signal: %d\n", signal_queue[0].si_signo);
793 detach_from_all_threads(pid);
796 Bool invoker_invoke_gdbserver (pid_t pid)
798 long res;
799 Bool stopped;
800 # if defined(VGA_arm64)
801 /* arm64 is extra special, old glibc defined kernel user_pt_regs, but
802 newer glibc instead define user_regs_struct. */
803 # ifdef HAVE_SYS_USER_REGS
804 struct user_regs_struct user_mod;
805 # else
806 struct user_pt_regs user_mod;
807 # endif
808 # else
809 struct user user_mod;
810 # endif
811 Addr sp __attribute__((unused)); // Not used on all platforms.
813 /* A specific int value is passed to invoke_gdbserver, to check
814 everything goes according to the plan. */
815 const int check = 0x8BADF00D; // ate bad food.
817 const Addr bad_return = 0;
818 // A bad return address will be pushed on the stack.
819 // The function invoke_gdbserver cannot return. If ever it returns, a NULL
820 // address pushed on the stack should ensure this is detected.
822 /* Not yet attached. If problem, vgdb can abort,
823 no cleanup needed. */
825 DEBUG(1, "attach to 'main' pid %d\n", pid);
826 if (!attach(pid, "attach main pid")) {
827 ERROR(0, "error attach main pid %d\n", pid);
828 return False;
831 /* Now, we are attached. If problem, detach and return. */
833 if (!acquire_and_suspend_threads(pid)) {
834 detach_from_all_threads(pid);
835 /* if the pid does not exist anymore, we better stop */
836 if (kill(pid, 0) != 0)
837 XERROR (errno, "invoke_gdbserver: check for pid %d existence failed\n",
838 pid);
839 return False;
842 if (!getregs(pid, &user_mod.regs, sizeof(user_mod.regs))) {
843 detach_from_all_threads(pid);
844 return False;
846 user_save = user_mod;
848 #if defined(VGA_x86)
849 sp = user_mod.regs.esp;
850 #elif defined(VGA_amd64)
851 sp = user_mod.regs.rsp;
852 if (shared32 != NULL) {
853 /* 64bit vgdb speaking with a 32bit executable.
854 To have system call restart properly, we need to sign extend rax.
855 For more info:
856 web search '[patch] Fix syscall restarts for amd64->i386 biarch'
857 e.g. http://sourceware.org/ml/gdb-patches/2009-11/msg00592.html */
858 *(long *)&user_save.regs.rax = *(int*)&user_save.regs.rax;
859 DEBUG(1, "Sign extending %8.8lx to %8.8lx\n",
860 user_mod.regs.rax, user_save.regs.rax);
862 #elif defined(VGA_arm)
863 sp = user_mod.regs.uregs[13];
864 #elif defined(VGA_arm64)
865 sp = user_mod.sp;
866 #elif defined(VGA_ppc32)
867 sp = user_mod.regs.gpr[1];
868 #elif defined(VGA_ppc64be) || defined(VGA_ppc64le)
869 sp = user_mod.regs.gpr[1];
870 #elif defined(VGA_s390x)
871 sp = user_mod.regs.gprs[15];
872 #elif defined(VGA_mips32) || defined(VGA_nanomips)
873 long long *p = (long long *)user_mod.regs;
874 sp = p[29];
875 #elif defined(VGA_mips64)
876 sp = user_mod.regs[29];
877 #else
878 I_die_here : (sp) architecture missing in vgdb-invoker-ptrace.c
879 #endif
882 // the magic below is derived from spying what gdb sends to
883 // the (classical) gdbserver when invoking a C function.
884 if (shared32 != NULL) {
885 // vgdb speaking with a 32bit executable.
886 #if defined(VGA_x86) || defined(VGA_amd64)
887 const int regsize = 4;
888 int rw;
889 /* push check arg on the stack */
890 sp = sp - regsize;
891 DEBUG(1, "push check arg ptrace_write_memory\n");
892 assert(regsize == sizeof(check));
893 rw = ptrace_write_memory(pid, sp,
894 &check,
895 regsize);
896 if (rw != 0) {
897 ERROR(rw, "push check arg ptrace_write_memory\n");
898 detach_from_all_threads(pid);
899 return False;
902 sp = sp - regsize;
903 DEBUG(1, "push bad_return return address ptrace_write_memory\n");
904 // Note that for a 64 bits vgdb, only 4 bytes of NULL bad_return
905 // are written.
906 rw = ptrace_write_memory(pid, sp,
907 &bad_return,
908 regsize);
909 if (rw != 0) {
910 ERROR(rw, "push bad_return return address ptrace_write_memory\n");
911 detach_from_all_threads(pid);
912 return False;
914 #if defined(VGA_x86)
915 /* set ebp, esp, eip and orig_eax to invoke gdbserver */
916 // compiled in 32bits, speaking with a 32bits exe
917 user_mod.regs.ebp = sp; // bp set to sp
918 user_mod.regs.esp = sp;
919 user_mod.regs.eip = shared32->invoke_gdbserver;
920 user_mod.regs.orig_eax = -1L;
921 #elif defined(VGA_amd64)
922 /* set ebp, esp, eip and orig_eax to invoke gdbserver */
923 // compiled in 64bits, speaking with a 32bits exe
924 user_mod.regs.rbp = sp; // bp set to sp
925 user_mod.regs.rsp = sp;
926 user_mod.regs.rip = shared32->invoke_gdbserver;
927 user_mod.regs.orig_rax = -1L;
928 #else
929 I_die_here : not x86 or amd64 in x86/amd64 section/
930 #endif
932 #elif defined(VGA_ppc32) || defined(VGA_ppc64be) || defined(VGA_ppc64le)
933 user_mod.regs.nip = shared32->invoke_gdbserver;
934 user_mod.regs.trap = -1L;
935 /* put check arg in register 3 */
936 user_mod.regs.gpr[3] = check;
937 /* put NULL return address in Link Register */
938 user_mod.regs.link = bad_return;
940 #elif defined(VGA_arm)
941 /* put check arg in register 0 */
942 user_mod.regs.uregs[0] = check;
943 /* put NULL return address in Link Register */
944 user_mod.regs.uregs[14] = bad_return;
945 user_mod.regs.uregs[15] = shared32->invoke_gdbserver;
947 #elif defined(VGA_arm64)
948 XERROR(0, "TBD arm64: vgdb a 32 bits executable with a 64 bits exe\n");
950 #elif defined(VGA_s390x)
951 XERROR(0, "(fn32) s390x has no 32bits implementation\n");
952 #elif defined(VGA_mips32) || defined(VGA_nanomips)
953 /* put check arg in register 4 */
954 p[4] = check;
955 /* put NULL return address in ra */
956 p[31] = bad_return;
957 p[34] = shared32->invoke_gdbserver;
958 p[25] = shared32->invoke_gdbserver;
959 /* make stack space for args */
960 p[29] = sp - 32;
962 #elif defined(VGA_mips64)
963 assert(0); // cannot vgdb a 32 bits executable with a 64 bits exe
964 #else
965 I_die_here : architecture missing in vgdb-invoker-ptrace.c
966 #endif
969 else if (shared64 != NULL) {
970 #if defined(VGA_x86)
971 assert(0); // cannot vgdb a 64 bits executable with a 32 bits exe
972 #elif defined(VGA_amd64)
973 // vgdb speaking with a 64 bit executable.
974 const int regsize = 8;
975 int rw;
977 /* give check arg in rdi */
978 user_mod.regs.rdi = check;
980 /* push return address on stack : return to breakaddr */
981 sp &= ~0xf; // keep the stack aligned on 16 bytes ...
982 sp = sp - 128; // do not touch the amd64 redzone
983 sp = sp - regsize;
984 DEBUG(1, "push bad_return return address ptrace_write_memory\n");
985 rw = ptrace_write_memory(pid, sp,
986 &bad_return,
987 sizeof(bad_return));
988 if (rw != 0) {
989 ERROR(rw, "push bad_return return address ptrace_write_memory\n");
990 detach_from_all_threads(pid);
991 return False;
994 /* set rbp, rsp, rip and orig_rax to invoke gdbserver */
995 user_mod.regs.rbp = sp; // bp set to sp
996 user_mod.regs.rsp = sp;
997 user_mod.regs.rip = shared64->invoke_gdbserver;
998 user_mod.regs.orig_rax = -1L;
1000 #elif defined(VGA_arm)
1001 assert(0); // cannot vgdb a 64 bits executable with a 32 bits exe
1002 #elif defined(VGA_arm64)
1003 user_mod.regs[0] = check;
1004 user_mod.sp = sp;
1005 user_mod.pc = shared64->invoke_gdbserver;
1006 /* put NULL return address in Link Register */
1007 user_mod.regs[30] = bad_return;
1009 #elif defined(VGA_ppc32)
1010 assert(0); // cannot vgdb a 64 bits executable with a 32 bits exe
1011 #elif defined(VGA_ppc64be)
1012 Addr func_addr;
1013 Addr toc_addr;
1014 int rw;
1015 rw = ptrace_read_memory(pid, shared64->invoke_gdbserver,
1016 &func_addr,
1017 sizeof(Addr));
1018 if (rw != 0) {
1019 ERROR(rw, "ppc64 read func_addr\n");
1020 detach_from_all_threads(pid);
1021 return False;
1023 rw = ptrace_read_memory(pid, shared64->invoke_gdbserver+8,
1024 &toc_addr,
1025 sizeof(Addr));
1026 if (rw != 0) {
1027 ERROR(rw, "ppc64 read toc_addr\n");
1028 detach_from_all_threads(pid);
1029 return False;
1031 // We are not pushing anything on the stack, so it is not
1032 // very clear why the sp has to be decreased, but it seems
1033 // needed. The ppc64 ABI might give some lights on this ?
1034 user_mod.regs.gpr[1] = sp - 220;
1035 user_mod.regs.gpr[2] = toc_addr;
1036 user_mod.regs.nip = func_addr;
1037 user_mod.regs.trap = -1L;
1038 /* put check arg in register 3 */
1039 user_mod.regs.gpr[3] = check;
1040 /* put bad_return return address in Link Register */
1041 user_mod.regs.link = bad_return;
1042 #elif defined(VGA_ppc64le)
1043 /* LE does not use the function pointer structure used in BE */
1044 user_mod.regs.nip = shared64->invoke_gdbserver;
1045 user_mod.regs.gpr[1] = sp - 512;
1046 user_mod.regs.gpr[12] = user_mod.regs.nip;
1047 user_mod.regs.trap = -1L;
1048 /* put check arg in register 3 */
1049 user_mod.regs.gpr[3] = check;
1050 /* put bad_return return address in Link Register */
1051 user_mod.regs.link = bad_return;
1052 #elif defined(VGA_s390x)
1053 /* put check arg in register r2 */
1054 user_mod.regs.gprs[2] = check;
1055 /* bad_return Return address is in r14 */
1056 user_mod.regs.gprs[14] = bad_return;
1057 /* minimum stack frame */
1058 sp = sp - 160;
1059 user_mod.regs.gprs[15] = sp;
1060 /* set program counter */
1061 user_mod.regs.psw.addr = shared64->invoke_gdbserver;
1062 #elif defined(VGA_mips32) || defined(VGA_nanomips)
1063 assert(0); // cannot vgdb a 64 bits executable with a 32 bits exe
1064 #elif defined(VGA_mips64)
1065 /* put check arg in register 4 */
1066 user_mod.regs[4] = check;
1067 /* put NULL return address in ra */
1068 user_mod.regs[31] = bad_return;
1069 user_mod.regs[34] = shared64->invoke_gdbserver;
1070 user_mod.regs[25] = shared64->invoke_gdbserver;
1071 #else
1072 I_die_here: architecture missing in vgdb-invoker-ptrace.c
1073 #endif
1075 else {
1076 assert(0);
1079 if (!setregs(pid, &user_mod.regs, sizeof(user_mod.regs))) {
1080 detach_from_all_threads(pid);
1081 return False;
1083 /* Now that we have modified the registers, we set
1084 pid_of_save_regs to indicate that restore_and_detach
1085 must restore the registers in case of cleanup. */
1086 pid_of_save_regs = pid;
1087 pid_of_save_regs_continued = False;
1090 /* We PTRACE_CONT-inue pid.
1091 Either gdbserver will be invoked directly (if all
1092 threads are interruptible) or gdbserver will be
1093 called soon by the scheduler. In the first case,
1094 pid will stop on the break inserted above when
1095 gdbserver returns. In the 2nd case, the break will
1096 be encountered directly. */
1097 DEBUG(1, "PTRACE_CONT to invoke\n");
1098 res = ptrace (PTRACE_CONT, pid, NULL, NULL);
1099 if (res != 0) {
1100 ERROR(errno, "PTRACE_CONT\n");
1101 restore_and_detach(pid);
1102 return False;
1104 pid_of_save_regs_continued = True;
1105 /* Wait for SIGSTOP generated by m_gdbserver.c give_control_back_to_vgdb */
1106 stopped = waitstopped (pid, SIGSTOP,
1107 "waitpid status after PTRACE_CONT to invoke");
1108 if (stopped) {
1109 /* Here pid has properly stopped on the break. */
1110 pid_of_save_regs_continued = False;
1111 restore_and_detach(pid);
1112 return True;
1113 } else {
1114 /* Whatever kind of problem happened. We shutdown. */
1115 shutting_down = True;
1116 return False;
1120 void invoker_cleanup_restore_and_detach(void *v_pid)
1122 DEBUG(1, "invoker_cleanup_restore_and_detach dying: %d\n", dying);
1123 if (!dying)
1124 restore_and_detach(*(int*)v_pid);
1127 void invoker_restrictions_msg(void)
1131 void invoker_valgrind_dying(void)
1133 /* Avoid messing up with registers of valgrind when it is dying. */
1134 pid_of_save_regs_continued = False;
1135 dying = True;