1 /* Get Dwarf Frame state for target live PID process.
2 Copyright (C) 2013, 2014, 2015, 2018 Red Hat, Inc.
3 This file is part of elfutils.
4
5 This file is free software; you can redistribute it and/or modify
6 it under the terms of either
7
8 * the GNU Lesser General Public License as published by the Free
9 Software Foundation; either version 3 of the License, or (at
10 your option) any later version
11
12 or
13
14 * the GNU General Public License as published by the Free
15 Software Foundation; either version 2 of the License, or (at
16 your option) any later version
17
18 or both in parallel, as here.
19
20 elfutils is distributed in the hope that it will be useful, but
21 WITHOUT ANY WARRANTY; without even the implied warranty of
22 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
23 General Public License for more details.
24
25 You should have received copies of the GNU General Public License and
26 the GNU Lesser General Public License along with this program. If
27 not, see <http://www.gnu.org/licenses/>. */
28
29 #ifdef HAVE_CONFIG_H
30 # include <config.h>
31 #endif
32
33 #include <system.h>
34
35 #include "libelfP.h"
36 #include "libdwflP.h"
37 #include <sys/types.h>
38 #include <sys/stat.h>
39 #include <fcntl.h>
40 #include <dirent.h>
41
42 #ifdef __linux__
43
44 #include <sys/uio.h>
45 #include <sys/ptrace.h>
46 #include <sys/syscall.h>
47 #include <sys/wait.h>
48
49 static bool
linux_proc_pid_is_stopped(pid_t pid)50 linux_proc_pid_is_stopped (pid_t pid)
51 {
52 char buffer[64];
53 FILE *procfile;
54 bool retval, have_state;
55
56 snprintf (buffer, sizeof (buffer), "/proc/%ld/status", (long) pid);
57 procfile = fopen (buffer, "r");
58 if (procfile == NULL)
59 return false;
60
61 have_state = false;
62 while (fgets (buffer, sizeof (buffer), procfile) != NULL)
63 if (startswith (buffer, "State:"))
64 {
65 have_state = true;
66 break;
67 }
68 retval = (have_state && strstr (buffer, "T (stopped)") != NULL);
69 fclose (procfile);
70 return retval;
71 }
72
73 bool
74 internal_function
__libdwfl_ptrace_attach(pid_t tid,bool * tid_was_stoppedp)75 __libdwfl_ptrace_attach (pid_t tid, bool *tid_was_stoppedp)
76 {
77 if (ptrace (PTRACE_ATTACH, tid, NULL, NULL) != 0)
78 {
79 __libdwfl_seterrno (DWFL_E_ERRNO);
80 return false;
81 }
82 *tid_was_stoppedp = linux_proc_pid_is_stopped (tid);
83 if (*tid_was_stoppedp)
84 {
85 /* Make sure there is a SIGSTOP signal pending even when the process is
86 already State: T (stopped). Older kernels might fail to generate
87 a SIGSTOP notification in that case in response to our PTRACE_ATTACH
88 above. Which would make the waitpid below wait forever. So emulate
89 it. Since there can only be one SIGSTOP notification pending this is
90 safe. See also gdb/linux-nat.c linux_nat_post_attach_wait. */
91 syscall (__NR_tkill, tid, SIGSTOP);
92 ptrace (PTRACE_CONT, tid, NULL, NULL);
93 }
94 for (;;)
95 {
96 int status;
97 if (waitpid (tid, &status, __WALL) != tid || !WIFSTOPPED (status))
98 {
99 int saved_errno = errno;
100 ptrace (PTRACE_DETACH, tid, NULL, NULL);
101 errno = saved_errno;
102 __libdwfl_seterrno (DWFL_E_ERRNO);
103 return false;
104 }
105 if (WSTOPSIG (status) == SIGSTOP)
106 break;
107 if (ptrace (PTRACE_CONT, tid, NULL,
108 (void *) (uintptr_t) WSTOPSIG (status)) != 0)
109 {
110 int saved_errno = errno;
111 ptrace (PTRACE_DETACH, tid, NULL, NULL);
112 errno = saved_errno;
113 __libdwfl_seterrno (DWFL_E_ERRNO);
114 return false;
115 }
116 }
117 return true;
118 }
119
120 #ifdef HAVE_PROCESS_VM_READV
121 /* Note that the result word size depends on the architecture word size.
122 That is sizeof long. */
123 static bool
read_cached_memory(struct __libdwfl_pid_arg * pid_arg,Dwarf_Addr addr,Dwarf_Word * result)124 read_cached_memory (struct __libdwfl_pid_arg *pid_arg,
125 Dwarf_Addr addr, Dwarf_Word *result)
126 {
127 /* Let the ptrace fallback deal with the corner case of the address
128 possibly crossing a page boundary. */
129 if ((addr & ((Dwarf_Addr)__LIBDWFL_REMOTE_MEM_CACHE_SIZE - 1))
130 > (Dwarf_Addr)__LIBDWFL_REMOTE_MEM_CACHE_SIZE - sizeof (unsigned long))
131 return false;
132
133 struct __libdwfl_remote_mem_cache *mem_cache = pid_arg->mem_cache;
134 if (mem_cache == NULL)
135 {
136 size_t mem_cache_size = sizeof (struct __libdwfl_remote_mem_cache);
137 mem_cache = malloc (mem_cache_size);
138 if (mem_cache == NULL)
139 return false;
140
141 mem_cache->addr = 0;
142 mem_cache->len = 0;
143 pid_arg->mem_cache = mem_cache;
144 }
145
146 unsigned char *d;
147 if (addr >= mem_cache->addr && addr - mem_cache->addr < mem_cache->len)
148 {
149 d = &mem_cache->buf[addr - mem_cache->addr];
150 if ((((uintptr_t) d) & (sizeof (unsigned long) - 1)) == 0)
151 *result = *(unsigned long *) d;
152 else
153 memcpy (result, d, sizeof (unsigned long));
154 return true;
155 }
156
157 struct iovec local, remote;
158 mem_cache->addr = addr & ~((Dwarf_Addr)__LIBDWFL_REMOTE_MEM_CACHE_SIZE - 1);
159 local.iov_base = mem_cache->buf;
160 local.iov_len = __LIBDWFL_REMOTE_MEM_CACHE_SIZE;
161 remote.iov_base = (void *) (uintptr_t) mem_cache->addr;
162 remote.iov_len = __LIBDWFL_REMOTE_MEM_CACHE_SIZE;
163
164 ssize_t res = process_vm_readv (pid_arg->tid_attached,
165 &local, 1, &remote, 1, 0);
166 if (res != __LIBDWFL_REMOTE_MEM_CACHE_SIZE)
167 {
168 mem_cache->len = 0;
169 return false;
170 }
171
172 mem_cache->len = res;
173 d = &mem_cache->buf[addr - mem_cache->addr];
174 if ((((uintptr_t) d) & (sizeof (unsigned long) - 1)) == 0)
175 *result = *(unsigned long *) d;
176 else
177 memcpy (result, d, sizeof (unsigned long));
178 return true;
179 }
180 #endif /* HAVE_PROCESS_VM_READV */
181
182 static void
clear_cached_memory(struct __libdwfl_pid_arg * pid_arg)183 clear_cached_memory (struct __libdwfl_pid_arg *pid_arg)
184 {
185 struct __libdwfl_remote_mem_cache *mem_cache = pid_arg->mem_cache;
186 if (mem_cache != NULL)
187 mem_cache->len = 0;
188 }
189
190 /* Note that the result word size depends on the architecture word size.
191 That is sizeof long. */
192 static bool
pid_memory_read(Dwfl * dwfl,Dwarf_Addr addr,Dwarf_Word * result,void * arg)193 pid_memory_read (Dwfl *dwfl, Dwarf_Addr addr, Dwarf_Word *result, void *arg)
194 {
195 struct __libdwfl_pid_arg *pid_arg = arg;
196 pid_t tid = pid_arg->tid_attached;
197 Dwfl_Process *process = dwfl->process;
198 assert (tid > 0);
199
200 #ifdef HAVE_PROCESS_VM_READV
201 if (read_cached_memory (pid_arg, addr, result))
202 {
203 #if SIZEOF_LONG == 8
204 # if BYTE_ORDER == BIG_ENDIAN
205 if (ebl_get_elfclass (process->ebl) == ELFCLASS32)
206 *result >>= 32;
207 # endif
208 #endif
209 return true;
210 }
211 #endif
212
213 if (ebl_get_elfclass (process->ebl) == ELFCLASS64)
214 {
215 #if SIZEOF_LONG == 8
216 errno = 0;
217 *result = ptrace (PTRACE_PEEKDATA, tid, (void *) (uintptr_t) addr, NULL);
218 return errno == 0;
219 #else /* SIZEOF_LONG != 8 */
220 /* This should not happen. */
221 return false;
222 #endif /* SIZEOF_LONG != 8 */
223 }
224 #if SIZEOF_LONG == 8
225 /* We do not care about reads unaliged to 4 bytes boundary.
226 But 0x...ffc read of 8 bytes could overrun a page. */
227 bool lowered = (addr & 4) != 0;
228 if (lowered)
229 addr -= 4;
230 #endif /* SIZEOF_LONG == 8 */
231 errno = 0;
232 *result = ptrace (PTRACE_PEEKDATA, tid, (void *) (uintptr_t) addr, NULL);
233 if (errno != 0)
234 return false;
235 #if SIZEOF_LONG == 8
236 # if BYTE_ORDER == BIG_ENDIAN
237 if (! lowered)
238 *result >>= 32;
239 # else
240 if (lowered)
241 *result >>= 32;
242 # endif
243 #endif /* SIZEOF_LONG == 8 */
244 *result &= 0xffffffff;
245 return true;
246 }
247
248 static pid_t
pid_next_thread(Dwfl * dwfl,void * dwfl_arg,void ** thread_argp)249 pid_next_thread (Dwfl *dwfl __attribute__ ((unused)), void *dwfl_arg,
250 void **thread_argp)
251 {
252 struct __libdwfl_pid_arg *pid_arg = dwfl_arg;
253 struct dirent *dirent;
254 /* Start fresh on first traversal. */
255 if (*thread_argp == NULL)
256 rewinddir (pid_arg->dir);
257 do
258 {
259 errno = 0;
260 dirent = readdir (pid_arg->dir);
261 if (dirent == NULL)
262 {
263 if (errno != 0)
264 {
265 __libdwfl_seterrno (DWFL_E_ERRNO);
266 return -1;
267 }
268 return 0;
269 }
270 }
271 while (strcmp (dirent->d_name, ".") == 0
272 || strcmp (dirent->d_name, "..") == 0);
273 char *end;
274 errno = 0;
275 long tidl = strtol (dirent->d_name, &end, 10);
276 if (errno != 0)
277 {
278 __libdwfl_seterrno (DWFL_E_ERRNO);
279 return -1;
280 }
281 pid_t tid = tidl;
282 if (tidl <= 0 || (end && *end) || tid != tidl)
283 {
284 __libdwfl_seterrno (DWFL_E_PARSE_PROC);
285 return -1;
286 }
287 *thread_argp = dwfl_arg;
288 return tid;
289 }
290
291 /* Just checks that the thread id exists. */
292 static bool
pid_getthread(Dwfl * dwfl,pid_t tid,void * dwfl_arg,void ** thread_argp)293 pid_getthread (Dwfl *dwfl __attribute__ ((unused)), pid_t tid,
294 void *dwfl_arg, void **thread_argp)
295 {
296 *thread_argp = dwfl_arg;
297 if (kill (tid, 0) < 0)
298 {
299 __libdwfl_seterrno (DWFL_E_ERRNO);
300 return false;
301 }
302 return true;
303 }
304
305 /* Implement the ebl_set_initial_registers_tid setfunc callback. */
306
307 static bool
pid_thread_state_registers_cb(int firstreg,unsigned nregs,const Dwarf_Word * regs,void * arg)308 pid_thread_state_registers_cb (int firstreg, unsigned nregs,
309 const Dwarf_Word *regs, void *arg)
310 {
311 Dwfl_Thread *thread = (Dwfl_Thread *) arg;
312 if (firstreg < 0)
313 {
314 assert (firstreg == -1);
315 assert (nregs == 1);
316 INTUSE(dwfl_thread_state_register_pc) (thread, *regs);
317 return true;
318 }
319 assert (nregs > 0);
320 return INTUSE(dwfl_thread_state_registers) (thread, firstreg, nregs, regs);
321 }
322
323 static bool
pid_set_initial_registers(Dwfl_Thread * thread,void * thread_arg)324 pid_set_initial_registers (Dwfl_Thread *thread, void *thread_arg)
325 {
326 struct __libdwfl_pid_arg *pid_arg = thread_arg;
327 assert (pid_arg->tid_attached == 0);
328 pid_t tid = INTUSE(dwfl_thread_tid) (thread);
329 if (! pid_arg->assume_ptrace_stopped
330 && ! __libdwfl_ptrace_attach (tid, &pid_arg->tid_was_stopped))
331 return false;
332 pid_arg->tid_attached = tid;
333 Dwfl_Process *process = thread->process;
334 Ebl *ebl = process->ebl;
335 return ebl_set_initial_registers_tid (ebl, tid,
336 pid_thread_state_registers_cb, thread);
337 }
338
339 static void
pid_detach(Dwfl * dwfl,void * dwfl_arg)340 pid_detach (Dwfl *dwfl __attribute__ ((unused)), void *dwfl_arg)
341 {
342 struct __libdwfl_pid_arg *pid_arg = dwfl_arg;
343 elf_end (pid_arg->elf);
344 free (pid_arg->mem_cache);
345 close (pid_arg->elf_fd);
346 closedir (pid_arg->dir);
347 free (pid_arg);
348 }
349
350 void
351 internal_function
__libdwfl_ptrace_detach(pid_t tid,bool tid_was_stopped)352 __libdwfl_ptrace_detach (pid_t tid, bool tid_was_stopped)
353 {
354 /* This handling is needed only on older Linux kernels such as
355 2.6.32-358.23.2.el6.ppc64. Later kernels such as
356 3.11.7-200.fc19.x86_64 remember the T (stopped) state
357 themselves and no longer need to pass SIGSTOP during
358 PTRACE_DETACH. */
359 ptrace (PTRACE_DETACH, tid, NULL,
360 (void *) (intptr_t) (tid_was_stopped ? SIGSTOP : 0));
361 }
362
363 static void
pid_thread_detach(Dwfl_Thread * thread,void * thread_arg)364 pid_thread_detach (Dwfl_Thread *thread, void *thread_arg)
365 {
366 struct __libdwfl_pid_arg *pid_arg = thread_arg;
367 pid_t tid = INTUSE(dwfl_thread_tid) (thread);
368 assert (pid_arg->tid_attached == tid);
369 pid_arg->tid_attached = 0;
370 clear_cached_memory (pid_arg);
371 if (! pid_arg->assume_ptrace_stopped)
372 __libdwfl_ptrace_detach (tid, pid_arg->tid_was_stopped);
373 }
374
375 static const Dwfl_Thread_Callbacks pid_thread_callbacks =
376 {
377 pid_next_thread,
378 pid_getthread,
379 pid_memory_read,
380 pid_set_initial_registers,
381 pid_detach,
382 pid_thread_detach,
383 };
384
385 int
dwfl_linux_proc_attach(Dwfl * dwfl,pid_t pid,bool assume_ptrace_stopped)386 dwfl_linux_proc_attach (Dwfl *dwfl, pid_t pid, bool assume_ptrace_stopped)
387 {
388 char buffer[36];
389 FILE *procfile;
390 int err = 0; /* The errno to return and set for dwfl->attcherr. */
391
392 /* Make sure to report the actual PID (thread group leader) to
393 dwfl_attach_state. */
394 snprintf (buffer, sizeof (buffer), "/proc/%ld/status", (long) pid);
395 procfile = fopen (buffer, "r");
396 if (procfile == NULL)
397 {
398 err = errno;
399 fail:
400 if (dwfl->process == NULL && dwfl->attacherr == DWFL_E_NOERROR)
401 {
402 errno = err;
403 dwfl->attacherr = __libdwfl_canon_error (DWFL_E_ERRNO);
404 }
405 return err;
406 }
407
408 char *line = NULL;
409 size_t linelen = 0;
410 while (getline (&line, &linelen, procfile) >= 0)
411 if (startswith (line, "Tgid:"))
412 {
413 errno = 0;
414 char *endptr;
415 long val = strtol (&line[5], &endptr, 10);
416 if ((errno == ERANGE && val == LONG_MAX)
417 || *endptr != '\n' || val < 0 || val != (pid_t) val)
418 pid = 0;
419 else
420 pid = (pid_t) val;
421 break;
422 }
423 free (line);
424 fclose (procfile);
425
426 if (pid == 0)
427 {
428 err = ESRCH;
429 goto fail;
430 }
431
432 char name[64];
433 int i = snprintf (name, sizeof (name), "/proc/%ld/task", (long) pid);
434 if (i <= 0 || i >= (ssize_t) sizeof (name) - 1)
435 {
436 errno = -ENOMEM;
437 goto fail;
438 }
439 DIR *dir = opendir (name);
440 if (dir == NULL)
441 {
442 err = errno;
443 goto fail;
444 }
445
446 Elf *elf;
447 i = snprintf (name, sizeof (name), "/proc/%ld/exe", (long) pid);
448 assert (i > 0 && i < (ssize_t) sizeof (name) - 1);
449 int elf_fd = open (name, O_RDONLY);
450 if (elf_fd >= 0)
451 {
452 elf = elf_begin (elf_fd, ELF_C_READ_MMAP, NULL);
453 if (elf == NULL)
454 {
455 /* Just ignore, dwfl_attach_state will fall back to trying
456 to associate the Dwfl with one of the existing DWfl_Module
457 ELF images (to know the machine/class backend to use). */
458 close (elf_fd);
459 elf_fd = -1;
460 }
461 }
462 else
463 elf = NULL;
464 struct __libdwfl_pid_arg *pid_arg = malloc (sizeof *pid_arg);
465 if (pid_arg == NULL)
466 {
467 elf_end (elf);
468 close (elf_fd);
469 closedir (dir);
470 err = ENOMEM;
471 goto fail;
472 }
473 pid_arg->dir = dir;
474 pid_arg->elf = elf;
475 pid_arg->elf_fd = elf_fd;
476 pid_arg->mem_cache = NULL;
477 pid_arg->tid_attached = 0;
478 pid_arg->assume_ptrace_stopped = assume_ptrace_stopped;
479 if (! INTUSE(dwfl_attach_state) (dwfl, elf, pid, &pid_thread_callbacks,
480 pid_arg))
481 {
482 elf_end (elf);
483 close (elf_fd);
484 closedir (dir);
485 free (pid_arg);
486 return -1;
487 }
488 return 0;
489 }
INTDEF(dwfl_linux_proc_attach)490 INTDEF (dwfl_linux_proc_attach)
491
492 struct __libdwfl_pid_arg *
493 internal_function
494 __libdwfl_get_pid_arg (Dwfl *dwfl)
495 {
496 if (dwfl != NULL && dwfl->process != NULL
497 && dwfl->process->callbacks == &pid_thread_callbacks)
498 return (struct __libdwfl_pid_arg *) dwfl->process->callbacks_arg;
499
500 return NULL;
501 }
502
503 #else /* __linux__ */
504
505 bool
506 internal_function
__libdwfl_ptrace_attach(pid_t tid,bool * tid_was_stoppedp)507 __libdwfl_ptrace_attach (pid_t tid __attribute__ ((unused)),
508 bool *tid_was_stoppedp __attribute__ ((unused)))
509 {
510 errno = ENOSYS;
511 __libdwfl_seterrno (DWFL_E_ERRNO);
512 return false;
513 }
514
515 void
516 internal_function
__libdwfl_ptrace_detach(pid_t tid,bool tid_was_stopped)517 __libdwfl_ptrace_detach (pid_t tid __attribute__ ((unused)),
518 bool tid_was_stopped __attribute__ ((unused)))
519 {
520 }
521
522 int
dwfl_linux_proc_attach(Dwfl * dwfl,pid_t pid,bool assume_ptrace_stopped)523 dwfl_linux_proc_attach (Dwfl *dwfl __attribute__ ((unused)),
524 pid_t pid __attribute__ ((unused)),
525 bool assume_ptrace_stopped __attribute__ ((unused)))
526 {
527 return ENOSYS;
528 }
INTDEF(dwfl_linux_proc_attach)529 INTDEF (dwfl_linux_proc_attach)
530
531 struct __libdwfl_pid_arg *
532 internal_function
533 __libdwfl_get_pid_arg (Dwfl *dwfl __attribute__ ((unused)))
534 {
535 return NULL;
536 }
537
538 #endif /* ! __linux __ */
539
540