• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*--------------------------------------------------------------------*/
2 /*--- Relay between gdb and gdbserver embedded in valgrind  vgdb.c ---*/
3 /*--------------------------------------------------------------------*/
4 
5 /*
6    This file is part of Valgrind, a dynamic binary instrumentation
7    framework.
8 
9    Copyright (C) 2011-2011 Philippe Waroquiers
10 
11    This program is free software; you can redistribute it and/or
12    modify it under the terms of the GNU General Public License as
13    published by the Free Software Foundation; either version 2 of the
14    License, or (at your option) any later version.
15 
16    This program is distributed in the hope that it will be useful, but
17    WITHOUT ANY WARRANTY; without even the implied warranty of
18    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
19    General Public License for more details.
20 
21    You should have received a copy of the GNU General Public License
22    along with this program; if not, write to the Free Software
23    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
24    02111-1307, USA.
25 
26    The GNU General Public License is contained in the file COPYING.
27 */
28 
29 #include "pub_core_basics.h"
30 #include "pub_core_vki.h"
31 #include "pub_core_libcsetjmp.h"
32 #include "pub_core_threadstate.h"
33 #include "pub_core_gdbserver.h"
34 #include "config.h"
35 
36 #include <limits.h>
37 #include <unistd.h>
38 #include <string.h>
39 #include <poll.h>
40 #include <pthread.h>
41 #include <stdlib.h>
42 #include <stdio.h>
43 #include <fcntl.h>
44 #include <dirent.h>
45 #include <sys/stat.h>
46 #include <sys/time.h>
47 #include <errno.h>
48 #include <signal.h>
49 #include <sys/types.h>
50 #include <sys/socket.h>
51 #include <netinet/in.h>
52 #include <arpa/inet.h>
53 #include <sys/mman.h>
54 #include <sys/ptrace.h>
55 #include <sys/wait.h>
56 #include <assert.h>
57 /* vgdb has two usages:
58    1. relay application between gdb and the gdbserver embedded in valgrind.
59    2. standalone to send monitor commands to a running valgrind-ified process
60 
61    It is made of a main program which reads arguments.  If no
62    arguments are given or only --pid and --vgdb-prefix, then usage 1 is
63    assumed.
64 
65    As relay application, vgdb reads bytes from gdb on stdin and
66    writes these bytes to valgrind.  Bytes read from valgrind are
67    written to gdb on stdout.  Read/Write from/to valgrind is done
68    using FIFOs.  There is one thread reading from stdin, writing to
69    valgrind on a FIFO.  There is one thread reading from valgrind on a
70    FIFO, writing to gdb on stdout
71 
72    As a standalone utility, vgdb builds command packets to write to valgrind,
73    sends it and reads the reply. The same two threads are used to write/read.
74    Once all the commands are sent and their replies received, vgdb will exit.
75 
76 */
77 
78 /* define PTRACEINVOKER to compile the ptrace related code
79    which ensures a valgrind process blocked in a system call
80    can be "waken up". PTRACEINVOKER implies some architecture
81    specific code and/or some OS specific code. */
82 #if defined(VGA_arm) || defined(VGA_x86) || defined(VGA_amd64) \
83     || defined(VGA_ppc32) || defined(VGA_ppc64) || defined(VGA_s390x)
84 #define PTRACEINVOKER
85 #else
86 I_die_here : (PTRACEINVOKER) architecture missing in vgdb.c
87 #endif
88 
89 /* Some darwin specific stuff is needed as ptrace is not
90    fully supported on MacOS. Till we find someone courageous
91    having access to Darwin, there is no PTRACEINVOKER. */
92 #if defined(VGO_darwin)
93 #undef PTRACEINVOKER
94 #endif
95 
96 #if defined(VGPV_arm_linux_android) || defined(VGPV_x86_linux_android)
97 #undef PTRACEINVOKER
98 #endif
99 
100 #if defined(PTRACEINVOKER)
101 #include <sys/user.h>
102 #if defined(VGO_linux)
103 #  include <sys/prctl.h>
104 #  include <linux/ptrace.h>
105 #endif
106 #endif
107 
108 
109 // Outputs information for the user about ptrace_scope protection
110 // or ptrace not working.
111 static void ptrace_restrictions_msg(void);
112 
113 static int debuglevel;
114 static struct timeval dbgtv;
115 /* if level <= debuglevel, print timestamp, then print provided by debug info */
116 #define DEBUG(level, ...) (level <= debuglevel ?                        \
117                            gettimeofday(&dbgtv, NULL),                  \
118                            fprintf(stderr, "%ld.%6.6ld ",               \
119                                    (long int)dbgtv.tv_sec,              \
120                                    (long int)dbgtv.tv_usec),            \
121                            fprintf(stderr, __VA_ARGS__),fflush(stderr)  \
122                            : 0)
123 
124 /* same as DEBUG but does not print time stamp info */
125 #define PDEBUG(level, ...) (level <= debuglevel ?                       \
126                             fprintf(stderr, __VA_ARGS__),fflush(stderr) \
127                             : 0)
128 
129 /* if errno != 0,
130    report the errno and fprintf the ... varargs on stderr. */
131 #define ERROR(errno, ...) ((errno == 0 ? 0 : perror("syscall failed")), \
132                            fprintf(stderr, __VA_ARGS__),                \
133                            fflush(stderr))
134 /* same as ERROR, but also exits with status 1 */
135 #define XERROR(errno, ...) ((errno == 0 ? 0 : perror("syscall failed")), \
136                             fprintf(stderr, __VA_ARGS__),                \
137                             fflush(stderr),                              \
138                             exit(1))
139 
140 static char *vgdb_prefix = NULL;
141 
142 /* Will be set to True when any condition indicating we have to shutdown
143    is encountered. */
144 static Bool shutting_down = False;
145 
146 static VgdbShared32 *shared32;
147 static VgdbShared64 *shared64;
148 #define VS_written_by_vgdb (shared32 != NULL ?        \
149                             shared32->written_by_vgdb \
150                             : shared64->written_by_vgdb)
151 #define VS_seen_by_valgrind (shared32 != NULL ?         \
152                              shared32->seen_by_valgrind \
153                              : shared64->seen_by_valgrind)
154 
155 #define VS_vgdb_pid (shared32 != NULL ? shared32->vgdb_pid : shared64->vgdb_pid)
156 
157 /* Calls malloc (size). Exits if memory can't be allocated. */
158 static
vmalloc(size_t size)159 void *vmalloc(size_t size)
160 {
161    void * mem = malloc(size);
162    if (mem == NULL)
163       XERROR (errno, "can't allocate memory\n");
164    return mem;
165 }
166 
167 /* Calls realloc (size). Exits if memory can't be allocated. */
168 static
vrealloc(void * ptr,size_t size)169 void *vrealloc(void *ptr,size_t size)
170 {
171    void * mem = realloc(ptr, size);
172    if (mem == NULL)
173       XERROR (errno, "can't reallocate memory\n");
174    return mem;
175 }
176 
177 /* Return the name of a directory for temporary files. */
178 static
vgdb_tmpdir(void)179 const char *vgdb_tmpdir(void)
180 {
181    const char *tmpdir;
182 
183    tmpdir = getenv("TMPDIR");
184    if (tmpdir == NULL || *tmpdir == '\0') tmpdir = VG_TMPDIR;
185    if (tmpdir == NULL || *tmpdir == '\0') tmpdir = "/tmp";    /* fallback */
186 
187    return tmpdir;
188 }
189 
190 /* Return the path prefix for the named pipes (FIFOs) used by vgdb/gdb
191    to communicate with valgrind */
192 static
vgdb_prefix_default(void)193 char *vgdb_prefix_default(void)
194 {
195    const char *tmpdir;
196    HChar *prefix;
197 
198    tmpdir = vgdb_tmpdir();
199    prefix = vmalloc(strlen(tmpdir) + strlen("/vgdb-pipe") + 1);
200    strcpy(prefix, tmpdir);
201    strcat(prefix, "/vgdb-pipe");
202 
203    return prefix;
204 }
205 
206 /* add nrw to the written_by_vgdb field of shared32 or shared64 */
207 static
add_written(int nrw)208 void add_written(int nrw)
209 {
210    if (shared32 != NULL)
211       shared32->written_by_vgdb += nrw;
212    else if (shared64 != NULL)
213       shared64->written_by_vgdb += nrw;
214    else
215       assert(0);
216 }
217 
218 static int shared_mem_fd = -1;
219 static
map_vgdbshared(char * shared_mem)220 void map_vgdbshared (char* shared_mem)
221 {
222    struct stat fdstat;
223    void **s;
224    shared_mem_fd = open(shared_mem, O_RDWR);
225    /* shared_mem_fd will not be closed till vgdb exits. */
226 
227    if (shared_mem_fd == -1)
228       XERROR (errno, "error opening %s shared memory file\n", shared_mem);
229 
230    if (fstat(shared_mem_fd, &fdstat) != 0)
231       XERROR (errno, "fstat");
232 
233    if (fdstat.st_size == sizeof(VgdbShared64))
234       s = (void*) &shared64;
235    else if (fdstat.st_size == sizeof(VgdbShared32))
236       s = (void*) &shared32;
237    else
238 #if VEX_HOST_WORDSIZE == 8
239       XERROR (0,
240               "error size shared memory file %s.\n"
241               "expecting size %d (64bits) or %d (32bits) got %ld.\n",
242               shared_mem,
243               (int) sizeof(VgdbShared64), (int) sizeof(VgdbShared32),
244               (long int)fdstat.st_size);
245 #elif VEX_HOST_WORDSIZE == 4
246       XERROR (0,
247               "error size shared memory file %s.\n"
248               "expecting size %d (32bits) got %ld.\n",
249               shared_mem,
250               (int) sizeof(VgdbShared32),
251               fdstat.st_size);
252 #else
253 # error "unexpected wordsize"
254 #endif
255 
256 #if VEX_HOST_WORDSIZE == 4
257    if (shared64 != NULL)
258       XERROR (0, "cannot use 32 bits vgdb with a 64bits valgrind process\n");
259    /* But we can use a 64 bits vgdb with a 32 bits valgrind */
260 #endif
261 
262    *s = (void*) mmap (NULL, fdstat.st_size,
263                       PROT_READ|PROT_WRITE, MAP_SHARED,
264                       shared_mem_fd, 0);
265 
266    if (*s == (void *) -1)
267       XERROR (errno, "error mmap shared memory file %s\n", shared_mem);
268 
269 }
270 
271 #if VEX_HOST_WORDSIZE == 8
272 typedef Addr64 CORE_ADDR;
273 typedef Addr64 PTRACE_XFER_TYPE;
274 typedef void* PTRACE_ARG3_TYPE;
275 #elif VEX_HOST_WORDSIZE == 4
276 typedef Addr32 CORE_ADDR;
277 typedef Addr32 PTRACE_XFER_TYPE;
278 typedef void* PTRACE_ARG3_TYPE;
279 #else
280 # error "unexpected wordsize"
281 #endif
282 
283 static Bool pid_of_save_regs_continued = False;
284 // True if we have continued pid_of_save_regs after PTRACE_ATTACH
285 
286 static Bool dying = False;
287 // Set to True when loss of connection indicating that the Valgrind
288 // process is dying.
289 
290 /* To be called when connection with valgrind is lost.  In case we
291 have lost the connection, it means that Valgrind has closed the
292 connection and is busy exiting. We can't and don't have to stop it in
293 this case. */
294 static
valgrind_dying(void)295 void valgrind_dying(void)
296 {
297    pid_of_save_regs_continued = False;
298    dying = True;
299 }
300 
301 
302 #ifdef PTRACEINVOKER
303 /* ptrace_(read|write)_memory are modified extracts of linux-low.c
304    from gdb 6.6. Copyrighted FSF */
305 /* Copy LEN bytes from inferior's memory starting at MEMADDR
306    to debugger memory starting at MYADDR.  */
307 
308 static
ptrace_read_memory(pid_t inferior_pid,CORE_ADDR memaddr,unsigned char * myaddr,int len)309 int ptrace_read_memory (pid_t inferior_pid, CORE_ADDR memaddr,
310                         unsigned char *myaddr, int len)
311 {
312    register int i;
313    /* Round starting address down to longword boundary.  */
314    register CORE_ADDR addr = memaddr & -(CORE_ADDR) sizeof (PTRACE_XFER_TYPE);
315    /* Round ending address up; get number of longwords that makes.  */
316    register int count
317       = (((memaddr + len) - addr) + sizeof (PTRACE_XFER_TYPE) - 1)
318       / sizeof (PTRACE_XFER_TYPE);
319    /* Allocate buffer of that many longwords.  */
320    register PTRACE_XFER_TYPE *buffer
321       = (PTRACE_XFER_TYPE *) alloca (count * sizeof (PTRACE_XFER_TYPE));
322 
323    /* Read all the longwords */
324    for (i = 0; i < count; i++, addr += sizeof (PTRACE_XFER_TYPE)) {
325       errno = 0;
326       buffer[i] = ptrace (PTRACE_PEEKTEXT, inferior_pid,
327                           (PTRACE_ARG3_TYPE) addr, 0);
328       if (errno)
329          return errno;
330    }
331 
332    /* Copy appropriate bytes out of the buffer.  */
333    memcpy (myaddr,
334            (char *) buffer + (memaddr & (sizeof (PTRACE_XFER_TYPE) - 1)), len);
335 
336    return 0;
337 }
338 
339 /* Copy LEN bytes of data from debugger memory at MYADDR
340    to inferior's memory at MEMADDR.
341    On failure (cannot write the inferior)
342    returns the value of errno.  */
343 
344 static
ptrace_write_memory(pid_t inferior_pid,CORE_ADDR memaddr,const unsigned char * myaddr,int len)345 int ptrace_write_memory (pid_t inferior_pid, CORE_ADDR memaddr,
346                          const unsigned char *myaddr, int len)
347 {
348    register int i;
349    /* Round starting address down to longword boundary.  */
350    register CORE_ADDR addr = memaddr & -(CORE_ADDR) sizeof (PTRACE_XFER_TYPE);
351    /* Round ending address up; get number of longwords that makes.  */
352    register int count
353       = (((memaddr + len) - addr) + sizeof (PTRACE_XFER_TYPE) - 1)
354       / sizeof (PTRACE_XFER_TYPE);
355    /* Allocate buffer of that many longwords.  */
356    register PTRACE_XFER_TYPE *buffer
357       = (PTRACE_XFER_TYPE *) alloca (count * sizeof (PTRACE_XFER_TYPE));
358 
359    if (debuglevel >= 1) {
360       DEBUG (1, "Writing ");
361       for (i = 0; i < len; i++)
362          PDEBUG (1, "%02x", (unsigned)myaddr[i]);
363       PDEBUG(1, " to %p\n", (void *) memaddr);
364    }
365 
366    /* Fill start and end extra bytes of buffer with existing memory data.  */
367 
368    buffer[0] = ptrace (PTRACE_PEEKTEXT, inferior_pid,
369                        (PTRACE_ARG3_TYPE) addr, 0);
370 
371    if (count > 1) {
372       buffer[count - 1]
373          = ptrace (PTRACE_PEEKTEXT, inferior_pid,
374                    (PTRACE_ARG3_TYPE) (addr + (count - 1)
375                                        * sizeof (PTRACE_XFER_TYPE)),
376                    0);
377    }
378 
379    /* Copy data to be written over corresponding part of buffer */
380 
381    memcpy ((char *) buffer + (memaddr & (sizeof (PTRACE_XFER_TYPE) - 1)),
382            myaddr, len);
383 
384    /* Write the entire buffer.  */
385 
386    for (i = 0; i < count; i++, addr += sizeof (PTRACE_XFER_TYPE)) {
387       errno = 0;
388       ptrace (PTRACE_POKETEXT, inferior_pid,
389               (PTRACE_ARG3_TYPE) addr, buffer[i]);
390       if (errno)
391          return errno;
392    }
393 
394    return 0;
395 }
396 
397 /* subset of VG_(threads) needed for vgdb ptrace.
398    This is initialized when process is attached. */
399 typedef struct {
400    ThreadStatus status;
401    Int lwpid;
402 }
403 VgdbThreadState;
404 static VgdbThreadState vgdb_threads[VG_N_THREADS];
405 
406 static const
name_of_ThreadStatus(ThreadStatus status)407 HChar* name_of_ThreadStatus ( ThreadStatus status )
408 {
409    switch (status) {
410    case VgTs_Empty:     return "VgTs_Empty";
411    case VgTs_Init:      return "VgTs_Init";
412    case VgTs_Runnable:  return "VgTs_Runnable";
413    case VgTs_WaitSys:   return "VgTs_WaitSys";
414    case VgTs_Yielding:  return "VgTs_Yielding";
415    case VgTs_Zombie:    return "VgTs_Zombie";
416    default:             return "VgTs_???";
417   }
418 }
419 
420 static
status_image(int status)421 char *status_image (int status)
422 {
423    static char result[256];
424    int sz = 0;
425 #define APPEND(...) sz += snprintf (result+sz, 256 - sz - 1, __VA_ARGS__)
426 
427    result[0] = 0;
428 
429    if (WIFEXITED(status))
430       APPEND ("WIFEXITED %d ", WEXITSTATUS(status));
431 
432    if (WIFSIGNALED(status)) {
433       APPEND ("WIFSIGNALED %d ", WTERMSIG(status));
434       if (WCOREDUMP(status)) APPEND ("WCOREDUMP ");
435    }
436 
437    if (WIFSTOPPED(status))
438       APPEND ("WIFSTOPPED %d ", WSTOPSIG(status));
439 
440    if (WIFCONTINUED(status))
441       APPEND ("WIFCONTINUED ");
442 
443    return result;
444 #undef APPEND
445 }
446 
447 /* Wait till the process pid is reported as stopped with signal_expected.
448    If other signal(s) than signal_expected are received, waitstopped
449    will pass them to pid, waiting for signal_expected to stop pid.
450    Returns True when process is in stopped state with signal_expected.
451    Returns False if a problem was encountered while waiting for pid
452    to be stopped.
453 
454    If pid is reported as being dead/exited, waitstopped will return False.
455 */
456 static
waitstopped(int pid,int signal_expected,char * msg)457 Bool waitstopped (int pid, int signal_expected, char *msg)
458 {
459    pid_t p;
460    int status = 0;
461    int signal_received;
462    int res;
463 
464    while (1) {
465       DEBUG(1, "waitstopped %s before waitpid signal_expected %d\n",
466             msg, signal_expected);
467       p = waitpid(pid, &status, __WALL);
468       DEBUG(1, "after waitpid pid %d p %d status 0x%x %s\n", pid, p,
469             status, status_image (status));
470       if (p != pid) {
471          ERROR(errno, "%s waitpid pid %d in waitstopped %d status 0x%x %s\n",
472                msg, pid, p, status, status_image (status));
473          return False;
474       }
475 
476       if (WIFEXITED(status)) {
477          shutting_down = True;
478          return False;
479       }
480 
481       assert (WIFSTOPPED(status));
482       signal_received = WSTOPSIG(status);
483       if (signal_received == signal_expected)
484          break;
485 
486       /* pid received a signal which is not the signal we are waiting for.
487          We continue pid, transmitting this signal. */
488       DEBUG(1, "waitstopped PTRACE_CONT with signal %d\n", signal_received);
489       res = ptrace (PTRACE_CONT, pid, NULL, signal_received);
490       if (res != 0) {
491          ERROR(errno, "waitstopped PTRACE_CONT\n");
492          return False;
493       }
494    }
495 
496    return True;
497 }
498 
499 /* Stops the given pid, wait for the process to be stopped.
500    Returns True if succesful, False otherwise.
501    msg is used in tracing and error reporting. */
502 static
stop(int pid,char * msg)503 Bool stop (int pid, char *msg)
504 {
505    long res;
506 
507    DEBUG(1, "%s SIGSTOP pid %d\n", msg, pid);
508    res = kill (pid, SIGSTOP);
509    if (res != 0) {
510       ERROR(errno, "%s SIGSTOP pid %d %ld\n", msg, pid, res);
511       return False;
512    }
513 
514    return waitstopped (pid, SIGSTOP, msg);
515 
516 }
517 
518 /* Attaches to given pid, wait for the process to be stopped.
519    Returns True if succesful, False otherwise.
520    msg is used in tracing and error reporting. */
521 static
attach(int pid,char * msg)522 Bool attach (int pid, char *msg)
523 {
524    long res;
525    static Bool output_error = True;
526    static Bool initial_attach = True;
527    // For a ptrace_scope protected system, we do not want to output
528    // repetitively attach error. We will output once an error
529    // for the initial_attach. Once the 1st attach has succeeded, we
530    // again show all errors.
531 
532    DEBUG(1, "%s PTRACE_ATTACH pid %d\n", msg, pid);
533    res = ptrace (PTRACE_ATTACH, pid, NULL, NULL);
534    if (res != 0) {
535       if (output_error || debuglevel > 0) {
536          ERROR(errno, "%s PTRACE_ATTACH pid %d %ld\n", msg, pid, res);
537          if (initial_attach)
538             output_error = False;
539       }
540       return False;
541    }
542 
543    initial_attach = False;
544    output_error = True;
545    return waitstopped(pid, SIGSTOP, msg);
546 }
547 
548 /* once we are attached to the pid, get the list of threads and stop
549    them all.
550    Returns True if all threads properly suspended, False otherwise. */
551 static
acquire_and_suspend_threads(int pid)552 Bool acquire_and_suspend_threads(int pid)
553 {
554    int i;
555    int rw;
556    Bool pid_found = False;
557    Addr vgt;
558    int sz_tst;
559    int off_status;
560    int off_lwpid;
561    int nr_live_threads = 0;
562 
563    if (shared32 != NULL) {
564       vgt = shared32->threads;
565       sz_tst = shared32->sizeof_ThreadState;
566       off_status = shared32->offset_status;
567       off_lwpid = shared32->offset_lwpid;
568    }
569    else if (shared64 != NULL) {
570       vgt = shared64->threads;
571       sz_tst = shared64->sizeof_ThreadState;
572       off_status = shared64->offset_status;
573       off_lwpid = shared64->offset_lwpid;
574    } else {
575       assert (0);
576    }
577 
578    /* note: the entry 0 is unused */
579    for (i = 1; i < VG_N_THREADS; i++) {
580       vgt += sz_tst;
581       rw = ptrace_read_memory(pid, vgt+off_status,
582                               (unsigned char *)&(vgdb_threads[i].status),
583                               sizeof(ThreadStatus));
584       if (rw != 0) {
585          ERROR(rw, "status ptrace_read_memory\n");
586          return False;
587       }
588 
589       rw = ptrace_read_memory(pid, vgt+off_lwpid,
590                               (unsigned char *)&(vgdb_threads[i].lwpid),
591                               sizeof(Int));
592       if (rw != 0) {
593          ERROR(rw, "lwpid ptrace_read_memory\n");
594          return False;
595       }
596 
597       if (vgdb_threads[i].status != VgTs_Empty) {
598          DEBUG(1, "found tid %d status %s lwpid %d\n",
599                i, name_of_ThreadStatus(vgdb_threads[i].status),
600                vgdb_threads[i].lwpid);
601          nr_live_threads++;
602          if (vgdb_threads[i].lwpid <= 1) {
603             if (vgdb_threads[i].lwpid == 0
604                 && vgdb_threads[i].status == VgTs_Init) {
605                DEBUG(1, "not set lwpid tid %d status %s lwpid %d\n",
606                      i, name_of_ThreadStatus(vgdb_threads[i].status),
607                      vgdb_threads[i].lwpid);
608             } else {
609                ERROR(1, "unexpected lwpid tid %d status %s lwpid %d\n",
610                      i, name_of_ThreadStatus(vgdb_threads[i].status),
611                      vgdb_threads[i].lwpid);
612             }
613             /* in case we have a VtTs_Init thread with lwpid not yet set,
614                we try again later. */
615             return False;
616          }
617          if (vgdb_threads[i].lwpid == pid) {
618             assert (!pid_found);
619             assert (i == 1);
620             pid_found = True;
621          } else {
622             if (!attach(vgdb_threads[i].lwpid, "attach_thread")) {
623                  ERROR(0, "ERROR attach pid %d tid %d\n",
624                        vgdb_threads[i].lwpid, i);
625                return False;
626             }
627          }
628       }
629    }
630    /* If we found no thread, it means the process is stopping, and
631       we better do not force anything to happen during that. */
632    if (nr_live_threads > 0)
633       return True;
634    else
635       return False;
636 }
637 
638 static
detach_from_all_threads(int pid)639 void detach_from_all_threads(int pid)
640 {
641    int i;
642    long res;
643    Bool pid_found = False;
644 
645    /* detach from all the threads  */
646    for (i = 1; i < VG_N_THREADS; i++) {
647       if (vgdb_threads[i].status != VgTs_Empty) {
648          if (vgdb_threads[i].status == VgTs_Init
649              && vgdb_threads[i].lwpid == 0) {
650             DEBUG(1, "skipping PTRACE_DETACH pid %d tid %d status %s\n",
651                   vgdb_threads[i].lwpid, i,
652                   name_of_ThreadStatus (vgdb_threads[i].status));
653          } else {
654             if (vgdb_threads[i].lwpid == pid) {
655                assert (!pid_found);
656                pid_found = True;
657             }
658             DEBUG(1, "PTRACE_DETACH pid %d tid %d status %s\n",
659                   vgdb_threads[i].lwpid, i,
660                   name_of_ThreadStatus (vgdb_threads[i].status));
661             res = ptrace (PTRACE_DETACH, vgdb_threads[i].lwpid, NULL, NULL);
662             if (res != 0) {
663                ERROR(errno, "PTRACE_DETACH pid %d tid %d status %s res %ld\n",
664                      vgdb_threads[i].lwpid, i,
665                      name_of_ThreadStatus (vgdb_threads[i].status),
666                      res);
667             }
668          }
669       }
670    }
671 
672    if (!pid_found && pid) {
673       /* No threads are live. Process is busy stopping.
674          We need to detach from pid explicitely. */
675       DEBUG(1, "no thread live => PTRACE_DETACH pid %d\n", pid);
676       res = ptrace (PTRACE_DETACH, pid, NULL, NULL);
677       if (res != 0)
678          ERROR(errno, "PTRACE_DETACH pid %d res %ld\n", pid, res);
679    }
680 }
681 
682 // if > 0, pid for which registers have to be restored.
683 static int pid_of_save_regs = 0;
684 static struct user user_save;
685 
686 // The below indicates if ptrace_getregs (and ptrace_setregs) can be used.
687 // Note that some linux versions are defining PTRACE_GETREGS but using
688 // it gives back EIO.
689 // has_working_ptrace_getregs can take the following values:
690 //  -1 : PTRACE_GETREGS is defined
691 //       runtime check not yet done.
692 //   0 : PTRACE_GETREGS runtime check has failed.
693 //   1 : PTRACE_GETREGS defined and runtime check ok.
694 #ifdef PTRACE_GETREGS
695 static int has_working_ptrace_getregs = -1;
696 #endif
697 
698 /* Get the registers from pid into regs.
699    regs_bsz value gives the length of *regs.
700    Returns True if all ok, otherwise False. */
701 static
getregs(int pid,void * regs,long regs_bsz)702 Bool getregs (int pid, void *regs, long regs_bsz)
703 {
704    DEBUG(1, "getregs regs_bsz %ld\n", regs_bsz);
705 #  ifdef PTRACE_GETREGS
706    if (has_working_ptrace_getregs) {
707       // Platforms having GETREGS
708       long res;
709       DEBUG(1, "getregs PTRACE_GETREGS\n");
710       res = ptrace (PTRACE_GETREGS, pid, NULL, regs);
711       if (res == 0) {
712          if (has_working_ptrace_getregs == -1) {
713             // First call to PTRACE_GETREGS succesful =>
714             has_working_ptrace_getregs = 1;
715             DEBUG(1, "detected a working PTRACE_GETREGS\n");
716          }
717          assert (has_working_ptrace_getregs == 1);
718          return True;
719       }
720       else if (has_working_ptrace_getregs == 1) {
721          // We had a working call, but now it fails.
722          // This is unexpected.
723          ERROR(errno, "PTRACE_GETREGS %ld\n", res);
724          return False;
725       } else {
726          // Check this is the first call:
727          assert (has_working_ptrace_getregs == -1);
728          if (errno == EIO) {
729             DEBUG(1, "detected a broken PTRACE_GETREGS with EIO\n");
730             has_working_ptrace_getregs = 0;
731             // Fall over to the PTRACE_PEEKUSER case.
732          } else {
733             ERROR(errno, "broken PTRACE_GETREGS unexpected errno %ld\n", res);
734             return False;
735          }
736       }
737    }
738 #  endif
739 
740    // We assume  PTRACE_PEEKUSER is defined everywhere.
741    {
742 #     ifdef PT_ENDREGS
743       long peek_bsz = PT_ENDREGS;
744       assert (peek_bsz <= regs_bsz);
745 #     else
746       long peek_bsz = regs_bsz-1;
747 #     endif
748       char *pregs = (char *) regs;
749       long offset;
750       errno = 0;
751       DEBUG(1, "getregs PTRACE_PEEKUSER(s) peek_bsz %ld\n", peek_bsz);
752       for (offset = 0; offset < peek_bsz; offset = offset + sizeof(long)) {
753          *(long *)(pregs+offset) = ptrace(PTRACE_PEEKUSER, pid, offset, NULL);
754          if (errno != 0) {
755             ERROR(errno, "PTRACE_PEEKUSER offset %ld\n", offset);
756             return False;
757          }
758       }
759       return True;
760    }
761 
762    // If neither PTRACE_GETREGS not PTRACE_PEEKUSER have returned,
763    // then we are in serious trouble.
764    assert (0);
765 }
766 
767 /* Set the registers of pid to regs.
768    regs_bsz value gives the length of *regs.
769    Returns True if all ok, otherwise False. */
770 static
setregs(int pid,void * regs,long regs_bsz)771 Bool setregs (int pid, void *regs, long regs_bsz)
772 {
773    DEBUG(1, "setregs regs_bsz %ld\n", regs_bsz);
774 // Note : the below is checking for GETREGS, not SETREGS
775 // as if one is defined and working, the other one should also work.
776 #  ifdef PTRACE_GETREGS
777    if (has_working_ptrace_getregs) {
778       // Platforms having SETREGS
779       long res;
780       // setregs can never be called before getregs has done a runtime check.
781       assert (has_working_ptrace_getregs == 1);
782       DEBUG(1, "setregs PTRACE_SETREGS\n");
783       res = ptrace (PTRACE_SETREGS, pid, NULL, regs);
784       if (res != 0) {
785          ERROR(errno, "PTRACE_SETREGS %ld\n", res);
786          return False;
787       }
788       return True;
789    }
790 #  endif
791 
792    {
793       char *pregs = (char *) regs;
794       long offset;
795       long res;
796 #     ifdef PT_ENDREGS
797       long peek_bsz = PT_ENDREGS;
798       assert (peek_bsz <= regs_bsz);
799 #     else
800       long peek_bsz = regs_bsz-1;
801 #     endif
802       errno = 0;
803       DEBUG(1, "setregs PTRACE_POKEUSER(s) %ld\n", peek_bsz);
804       for (offset = 0; offset < peek_bsz; offset = offset + sizeof(long)) {
805          res = ptrace(PTRACE_POKEUSER, pid, offset, *(long*)(pregs+offset));
806          if (errno != 0) {
807             ERROR(errno, "PTRACE_POKEUSER offset %ld res %ld\n", offset, res);
808             return False;
809          }
810       }
811       return True;
812    }
813 
814    // If neither PTRACE_SETREGS not PTRACE_POKEUSER have returned,
815    // then we are in serious trouble.
816    assert (0);
817 }
818 
819 /* Restore the registers to the saved value, then detaches from all threads */
820 static
restore_and_detach(int pid)821 void restore_and_detach(int pid)
822 {
823    if (pid_of_save_regs) {
824       /* In case the 'main pid' has been continued, we need to stop it
825          before resetting the registers. */
826       if (pid_of_save_regs_continued) {
827          pid_of_save_regs_continued = False;
828          if (!stop(pid_of_save_regs, "sigstop before reset regs"))
829             DEBUG(0, "Could not sigstop before reset");
830       }
831 
832       DEBUG(1, "setregs restore registers pid %d\n", pid_of_save_regs);
833       if (!setregs(pid_of_save_regs, &user_save.regs, sizeof(user_save.regs))) {
834          ERROR(errno, "setregs restore registers pid %d after cont\n",
835                pid_of_save_regs);
836       }
837       pid_of_save_regs = 0;
838    } else {
839       DEBUG(1, "PTRACE_SETREGS restore registers: no pid\n");
840    }
841    detach_from_all_threads(pid);
842 }
843 
844 /* Ensures that the gdbserver code is invoked by pid.
845    If an error occurs, resets to the valgrind process
846    to the state it has before being ptrace-d.
847    Returns True if invoke successful, False otherwise.
848 */
849 static
invoke_gdbserver(int pid)850 Bool invoke_gdbserver (int pid)
851 {
852    static Bool ptrace_restrictions_msg_given = False;
853    long res;
854    Bool stopped;
855    struct user user_mod;
856    Addr sp;
857    /* A specific int value is passed to invoke_gdbserver, to check
858       everything goes according to the plan. */
859    const int check = 0x8BADF00D; // ate bad food.
860 
861    const Addr bad_return = 0;
862    // A bad return address will be pushed on the stack.
863    // The function invoke_gdbserver cannot return. If ever it returns, a NULL
864    // address pushed on the stack should ensure this is detected.
865 
866    /* Not yet attached. If problem, vgdb can abort,
867       no cleanup needed.
868 
869       On Ubuntu>= 10.10, a /proc setting can disable ptrace.
870       So, Valgrind has to SET_PTRACER this vgdb. Once this
871       is done, this vgdb can ptrace the valgrind process. */
872 
873    DEBUG(1, "attach to 'main' pid %d\n", pid);
874    if (!attach(pid, "attach main pid")) {
875       if (!ptrace_restrictions_msg_given) {
876          ptrace_restrictions_msg_given = True;
877          ERROR(0, "error attach main pid %d\n", pid);
878          ptrace_restrictions_msg();
879       }
880       return False;
881    }
882 
883    /* Now, we are attached. If problem, detach and return. */
884 
885    if (!acquire_and_suspend_threads(pid)) {
886       detach_from_all_threads(pid);
887       /* if the pid does not exist anymore, we better stop */
888       if (kill(pid, 0) != 0)
889         XERROR (errno, "invoke_gdbserver: check for pid %d existence failed\n",
890                 pid);
891       return False;
892    }
893 
894    if (!getregs(pid, &user_mod.regs, sizeof(user_mod.regs))) {
895       detach_from_all_threads(pid);
896       return False;
897    }
898    user_save = user_mod;
899 
900 #if defined(VGA_x86)
901    sp = user_mod.regs.esp;
902 #elif defined(VGA_amd64)
903    sp = user_mod.regs.rsp;
904    if (shared32 != NULL) {
905      /* 64bit vgdb speaking with a 32bit executable.
906         To have system call restart properly, we need to sign extend rax.
907         For more info:
908         web search '[patch] Fix syscall restarts for amd64->i386 biarch'
909         e.g. http://sourceware.org/ml/gdb-patches/2009-11/msg00592.html */
910      *(long *)&user_save.regs.rax = *(int*)&user_save.regs.rax;
911      DEBUG(1, "Sign extending %8.8lx to %8.8lx\n",
912            user_mod.regs.rax, user_save.regs.rax);
913    }
914 #elif defined(VGA_arm)
915    sp = user_mod.regs.uregs[13];
916 #elif defined(VGA_ppc32)
917    sp = user_mod.regs.gpr[1];
918 #elif defined(VGA_ppc64)
919    sp = user_mod.regs.gpr[1];
920 #elif defined(VGA_s390x)
921    sp = user_mod.regs.gprs[15];
922 #else
923    I_die_here : (sp) architecture missing in vgdb.c
924 #endif
925 
926 
927    // the magic below is derived from spying what gdb sends to
928    // the (classical) gdbserver when invoking a C function.
929    if (shared32 != NULL) {
930       // vgdb speaking with a 32bit executable.
931 #if   defined(VGA_x86) || defined(VGA_amd64)
932       const int regsize = 4;
933       int rw;
934       /* push check arg on the stack */
935       sp = sp - regsize;
936       DEBUG(1, "push check arg ptrace_write_memory\n");
937       assert(regsize == sizeof(check));
938       rw = ptrace_write_memory(pid, sp,
939                                (unsigned char *) &check,
940                                regsize);
941       if (rw != 0) {
942          ERROR(rw, "push check arg ptrace_write_memory");
943          detach_from_all_threads(pid);
944          return False;
945       }
946 
947       sp = sp - regsize;
948       DEBUG(1, "push bad_return return address ptrace_write_memory\n");
949       // Note that for a 64 bits vgdb, only 4 bytes of NULL bad_return
950       // are written.
951       rw = ptrace_write_memory(pid, sp,
952                                (unsigned char *) &bad_return,
953                                regsize);
954       if (rw != 0) {
955          ERROR(rw, "push bad_return return address ptrace_write_memory");
956          detach_from_all_threads(pid);
957          return False;
958       }
959 #if   defined(VGA_x86)
960       /* set ebp, esp, eip and orig_eax to invoke gdbserver */
961       // compiled in 32bits, speaking with a 32bits exe
962       user_mod.regs.ebp = sp; // bp set to sp
963       user_mod.regs.esp = sp;
964       user_mod.regs.eip = shared32->invoke_gdbserver;
965       user_mod.regs.orig_eax = -1L;
966 #elif defined(VGA_amd64)
967       /* set ebp, esp, eip and orig_eax to invoke gdbserver */
968       // compiled in 64bits, speaking with a 32bits exe
969       user_mod.regs.rbp = sp; // bp set to sp
970       user_mod.regs.rsp = sp;
971       user_mod.regs.rip = shared32->invoke_gdbserver;
972       user_mod.regs.orig_rax = -1L;
973 #else
974       I_die_here : not x86 or amd64 in x86/amd64 section/
975 #endif
976 
977 #elif defined(VGA_ppc32) || defined(VGA_ppc64)
978       user_mod.regs.nip = shared32->invoke_gdbserver;
979       user_mod.regs.trap = -1L;
980       /* put check arg in register 3 */
981       user_mod.regs.gpr[3] = check;
982       /* put NULL return address in Link Register */
983       user_mod.regs.link = bad_return;
984 
985 #elif defined(VGA_arm)
986       /* put check arg in register 0 */
987       user_mod.regs.uregs[0] = check;
988       /* put NULL return address in Link Register */
989       user_mod.regs.uregs[14] = bad_return;
990       user_mod.regs.uregs[15] = shared32->invoke_gdbserver;
991 
992 #elif defined(VGA_s390x)
993       XERROR(0, "(fn32) s390x has no 32bits implementation");
994 #else
995       I_die_here : architecture missing in vgdb.c
996 #endif
997       }
998 
999    else if (shared64 != NULL) {
1000 #if defined(VGA_x86)
1001       assert(0); // cannot vgdb a 64 bits executable with a 32 bits exe
1002 #elif defined(VGA_amd64)
1003       // vgdb speaking with a 64 bit executable.
1004       const int regsize = 8;
1005       int rw;
1006 
1007       /* give check arg in rdi */
1008       user_mod.regs.rdi = check;
1009 
1010       /* push return address on stack : return to breakaddr */
1011       sp = sp - regsize;
1012       DEBUG(1, "push bad_return return address ptrace_write_memory\n");
1013       rw = ptrace_write_memory(pid, sp,
1014                                (unsigned char *) &bad_return,
1015                                sizeof(bad_return));
1016       if (rw != 0) {
1017          ERROR(rw, "push bad_return return address ptrace_write_memory");
1018          detach_from_all_threads(pid);
1019          return False;
1020       }
1021 
1022       /* set rbp, rsp, rip and orig_rax to invoke gdbserver */
1023       user_mod.regs.rbp = sp; // bp set to sp
1024       user_mod.regs.rsp = sp;
1025       user_mod.regs.rip = shared64->invoke_gdbserver;
1026       user_mod.regs.orig_rax = -1L;
1027 
1028 #elif defined(VGA_arm)
1029       assert(0); // cannot vgdb a 64 bits executable with a 32 bits exe
1030 #elif defined(VGA_ppc32)
1031       assert(0); // cannot vgdb a 64 bits executable with a 32 bits exe
1032 #elif defined(VGA_ppc64)
1033       Addr64 func_addr;
1034       Addr64 toc_addr;
1035       int rw;
1036       rw = ptrace_read_memory(pid, shared64->invoke_gdbserver,
1037                               (unsigned char *)&func_addr,
1038                               sizeof(Addr64));
1039       if (rw != 0) {
1040          ERROR(rw, "ppc64 read func_addr\n");
1041          detach_from_all_threads(pid);
1042          return False;
1043       }
1044       rw = ptrace_read_memory(pid, shared64->invoke_gdbserver+8,
1045                               (unsigned char *)&toc_addr,
1046                               sizeof(Addr64));
1047       if (rw != 0) {
1048          ERROR(rw, "ppc64 read toc_addr\n");
1049          detach_from_all_threads(pid);
1050          return False;
1051       }
1052       // We are not pushing anything on the stack, so it is not
1053       // very clear why the sp has to be decreased, but it seems
1054       // needed. The ppc64 ABI might give some lights on this ?
1055       user_mod.regs.gpr[1] = sp - 220;
1056       user_mod.regs.gpr[2] = toc_addr;
1057       user_mod.regs.nip = func_addr;
1058       user_mod.regs.trap = -1L;
1059       /* put check arg in register 3 */
1060       user_mod.regs.gpr[3] = check;
1061       /* put bad_return return address in Link Register */
1062       user_mod.regs.link = bad_return;
1063 #elif defined(VGA_s390x)
1064       /* put check arg in register r2 */
1065       user_mod.regs.gprs[2] = check;
1066       /* bad_return Return address is in r14 */
1067       user_mod.regs.gprs[14] = bad_return;
1068       /* minimum stack frame */
1069       sp = sp - 160;
1070       user_mod.regs.gprs[15] = sp;
1071       /* set program counter */
1072       user_mod.regs.psw.addr = shared64->invoke_gdbserver;
1073 #else
1074       I_die_here: architecture missing in vgdb.c
1075 #endif
1076    }
1077    else {
1078       assert(0);
1079    }
1080 
1081    if (!setregs(pid, &user_mod.regs, sizeof(user_mod.regs))) {
1082       detach_from_all_threads(pid);
1083       return False;
1084    }
1085    /* Now that we have modified the registers, we set
1086       pid_of_save_regs to indicate that restore_and_detach
1087       must restore the registers in case of cleanup. */
1088    pid_of_save_regs = pid;
1089    pid_of_save_regs_continued = False;
1090 
1091 
1092    /* We PTRACE_CONT-inue pid.
1093       Either gdbserver will be invoked directly (if all
1094       threads are interruptible) or gdbserver will be
1095       called soon by the scheduler. In the first case,
1096       pid will stop on the break inserted above when
1097       gdbserver returns. In the 2nd case, the break will
1098       be encountered directly. */
1099    DEBUG(1, "PTRACE_CONT to invoke\n");
1100    res = ptrace (PTRACE_CONT, pid, NULL, NULL);
1101    if (res != 0) {
1102       ERROR(errno, "PTRACE_CONT\n");
1103       restore_and_detach(pid);
1104       return False;
1105    }
1106    pid_of_save_regs_continued = True;
1107    /* Wait for SIGSTOP generated by m_gdbserver.c give_control_back_to_vgdb */
1108    stopped = waitstopped (pid, SIGSTOP,
1109                           "waitpid status after PTRACE_CONT to invoke");
1110    if (stopped) {
1111       /* Here pid has properly stopped on the break. */
1112       pid_of_save_regs_continued = False;
1113       restore_and_detach(pid);
1114       return True;
1115    } else {
1116       /* Whatever kind of problem happened. We shutdown */
1117       shutting_down = True;
1118       return False;
1119    }
1120 }
1121 #endif
1122 
1123 static
cleanup_restore_and_detach(void * v_pid)1124 void cleanup_restore_and_detach(void *v_pid)
1125 {
1126    DEBUG(1, "cleanup_restore_and_detach dying: %d\n", dying);
1127 #ifdef PTRACEINVOKER
1128    if (!dying)
1129       restore_and_detach(*(int*)v_pid);
1130 #endif
1131 }
1132 
1133 /* This function loops till shutting_down becomes true.  In this loop,
1134    it verifies if valgrind process is reading the characters written
1135    by vgdb.  The verification is done every max_invoke_ms ms.  If
1136    valgrind is not reading characters, it will use invoke_gdbserver
1137    (if PTRACE_INVOKER is defined) to ensure that the gdbserver code is
1138    called soon by valgrind. */
1139 static int max_invoke_ms = 100;
1140 #define NEVER 99999999
1141 static int cmd_time_out = NEVER;
1142 static
invoke_gdbserver_in_valgrind(void * v_pid)1143 void *invoke_gdbserver_in_valgrind(void *v_pid)
1144 {
1145    struct timeval cmd_max_end_time;
1146    Bool cmd_started = False;
1147    struct timeval invoke_time;
1148 
1149    int pid = *(int *)v_pid;
1150    int written_by_vgdb_before_sleep;
1151    int seen_by_valgrind_before_sleep;
1152 
1153    int invoked_written = -1;
1154    unsigned int usecs;
1155 
1156    pthread_cleanup_push(cleanup_restore_and_detach, v_pid);
1157 
1158    while (!shutting_down) {
1159       written_by_vgdb_before_sleep = VS_written_by_vgdb;
1160       seen_by_valgrind_before_sleep = VS_seen_by_valgrind;
1161       DEBUG(3,
1162             "written_by_vgdb_before_sleep %d "
1163             "seen_by_valgrind_before_sleep %d\n",
1164             written_by_vgdb_before_sleep,
1165             seen_by_valgrind_before_sleep);
1166       if (cmd_time_out != NEVER
1167           && !cmd_started
1168           && written_by_vgdb_before_sleep > seen_by_valgrind_before_sleep) {
1169          /* A command was started. Record the time at which it was started. */
1170          DEBUG(1, "IO for command started\n");
1171          gettimeofday(&cmd_max_end_time, NULL);
1172          cmd_max_end_time.tv_sec += cmd_time_out;
1173          cmd_started = True;
1174       }
1175       if (max_invoke_ms > 0) {
1176          usecs = 1000 * max_invoke_ms;
1177          gettimeofday(&invoke_time, NULL);
1178          invoke_time.tv_sec += max_invoke_ms / 1000;
1179          invoke_time.tv_usec += 1000 * (max_invoke_ms % 1000);
1180          invoke_time.tv_sec += invoke_time.tv_usec / (1000 * 1000);
1181          invoke_time.tv_usec = invoke_time.tv_usec % (1000 * 1000);
1182       } else {
1183          usecs = 0;
1184       }
1185       if (cmd_started) {
1186          // 0 usecs here means the thread just has to check gdbserver eats
1187          // the characters in <= cmd_time_out seconds.
1188          // We will just wait by 1 second max at a time.
1189          if (usecs == 0 || usecs > 1000 * 1000)
1190             usecs = 1000 * 1000;
1191       }
1192       usleep(usecs);
1193 
1194       /* If nothing happened during our sleep, let's try to wake up valgrind
1195          or check for cmd time out. */
1196       if (written_by_vgdb_before_sleep == VS_written_by_vgdb
1197           && seen_by_valgrind_before_sleep == VS_seen_by_valgrind
1198           && VS_written_by_vgdb > VS_seen_by_valgrind) {
1199          struct timeval now;
1200          gettimeofday(&now, NULL);
1201          DEBUG(2,
1202                "after sleep "
1203                "written_by_vgdb %d "
1204                "seen_by_valgrind %d "
1205                "invoked_written %d\n",
1206                VS_written_by_vgdb,
1207                VS_seen_by_valgrind,
1208                invoked_written);
1209          /* if the pid does not exist anymore, we better stop */
1210          if (kill(pid, 0) != 0)
1211            XERROR (errno,
1212                    "invoke_gdbserver_in_valgrind: "
1213                    "check for pid %d existence failed\n", pid);
1214          if (cmd_started) {
1215             if (timercmp (&now, &cmd_max_end_time, >))
1216                XERROR (0,
1217                        "pid %d did not handle a command in %d seconds\n",
1218                        pid, cmd_time_out);
1219          }
1220          if (max_invoke_ms > 0 && timercmp (&now, &invoke_time, >=)) {
1221             #if defined(PTRACEINVOKER)
1222             /* only need to wake up if the nr written has changed since
1223                last invoke. */
1224             if (invoked_written != written_by_vgdb_before_sleep) {
1225                if (invoke_gdbserver(pid)) {
1226                   /* If invoke succesful, no need to invoke again
1227                      for the same value of written_by_vgdb_before_sleep. */
1228                   invoked_written = written_by_vgdb_before_sleep;
1229                }
1230             }
1231             #else
1232             DEBUG(2, "invoke_gdbserver via ptrace not (yet) implemented\n");
1233             #endif
1234          }
1235       } else {
1236          // Something happened => restart timer check.
1237          if (cmd_time_out != NEVER) {
1238             DEBUG(2, "some IO was done => restart command\n");
1239             cmd_started = False;
1240          }
1241       }
1242    }
1243    pthread_cleanup_pop(0);
1244    return NULL;
1245 }
1246 
1247 static
open_fifo(char * name,int flags,char * desc)1248 int open_fifo (char* name, int flags, char* desc)
1249 {
1250    int fd;
1251    DEBUG(1, "opening %s %s\n", name, desc);
1252    fd = open(name, flags);
1253    if (fd == -1)
1254       XERROR (errno, "error opening %s %s\n", name, desc);
1255 
1256    DEBUG(1, "opened %s %s fd %d\n", name, desc, fd);
1257    return fd;
1258 }
1259 
1260 /* acquire a lock on the first byte of the given fd. If not successful,
1261    exits with error.
1262    This allows to avoid having two vgdb speaking with the same Valgrind
1263    gdbserver as this causes serious headaches to the protocol. */
1264 static
acquire_lock(int fd,int valgrind_pid)1265 void acquire_lock (int fd, int valgrind_pid)
1266 {
1267    struct flock fl;
1268    fl.l_type = F_WRLCK;
1269    fl.l_whence = SEEK_SET;
1270    fl.l_start = 0;
1271    fl.l_len = 1;
1272    if (fcntl(fd, F_SETLK, &fl) < 0) {
1273       if (errno == EAGAIN || errno == EACCES) {
1274          XERROR(errno,
1275                 "Cannot acquire lock.\n"
1276                 "Probably vgdb pid %d already speaks with Valgrind pid %d\n",
1277                 VS_vgdb_pid,
1278                 valgrind_pid);
1279       } else {
1280          XERROR(errno, "cannot acquire lock.\n");
1281       }
1282    }
1283 
1284    /* Here, we have the lock. It will be released when fd will be closed. */
1285    /* We indicate our pid to Valgrind gdbserver */
1286    if (shared32 != NULL)
1287       shared32->vgdb_pid = getpid();
1288    else if (shared64 != NULL)
1289       shared64->vgdb_pid = getpid();
1290    else
1291       assert(0);
1292 }
1293 
1294 #define PBUFSIZ 16384 /* keep in sync with server.h */
1295 
1296 /* read some characters from fd.
1297    Returns the nr of characters read, -1 if error.
1298    desc is a string used in tracing */
1299 static
read_buf(int fd,char * buf,char * desc)1300 int read_buf (int fd, char* buf, char* desc)
1301 {
1302    int nrread;
1303    DEBUG(2, "reading %s\n", desc);
1304    nrread = read(fd, buf, PBUFSIZ);
1305    if (nrread == -1) {
1306       ERROR (errno, "error reading %s\n", desc);
1307       return -1;
1308    }
1309    buf[nrread] = '\0';
1310    DEBUG(2, "read %s %s\n", desc, buf);
1311    return nrread;
1312 }
1313 
1314 /* write size bytes from buf to fd.
1315    desc is a description of the action for which the write is done.
1316    If notify, then add size to the shared cntr indicating to the
1317    valgrind process that there is new data.
1318    Returns True if write is ok, False if there was a problem. */
1319 static
write_buf(int fd,char * buf,int size,char * desc,Bool notify)1320 Bool write_buf(int fd, char* buf, int size, char* desc, Bool notify)
1321 {
1322    int nrwritten;
1323    int nrw;
1324    DEBUG(2, "writing %s len %d %s notify: %d\n", desc, size, buf, notify);
1325    nrwritten = 0;
1326    while (nrwritten < size) {
1327       nrw = write (fd, buf+nrwritten, size - nrwritten);
1328       if (nrw == -1) {
1329          ERROR(errno, "error write %s\n", desc);
1330          return False;
1331       }
1332       nrwritten = nrwritten + nrw;
1333       if (notify)
1334          add_written(nrw);
1335    }
1336    return True;
1337 }
1338 
1339 typedef enum {
1340    FROM_GDB,
1341    TO_GDB,
1342    FROM_PID,
1343    TO_PID } ConnectionKind;
1344 static const int NumConnectionKind = TO_PID+1;
1345 static
ppConnectionKind(ConnectionKind con)1346 char *ppConnectionKind (ConnectionKind con)
1347 {
1348    switch (con) {
1349    case FROM_GDB: return "FROM_GDB";
1350    case TO_GDB:   return "TO_GDB";
1351    case FROM_PID: return "FROM_PID";
1352    case TO_PID:   return "TO_PID";
1353    default:       return "invalid connection kind";
1354    }
1355 }
1356 
1357 static char *shared_mem;
1358 
1359 static int from_gdb = 0; /* stdin by default, changed if --port is given. */
1360 static char *from_gdb_to_pid; /* fifo name to write gdb command to pid */
1361 /* Returns True in case read/write operations were done properly.
1362    Returns False in case of error.
1363    to_pid is the file descriptor to write to the process pid. */
1364 static
read_from_gdb_write_to_pid(int to_pid)1365 Bool read_from_gdb_write_to_pid(int to_pid)
1366 {
1367    char buf[PBUFSIZ];
1368    int nrread;
1369 
1370    nrread = read_buf(from_gdb, buf, "from gdb on stdin");
1371    if (nrread <= 0) {
1372       if (nrread == 0)
1373          DEBUG(1, "read 0 bytes from gdb => assume exit\n");
1374       else
1375          DEBUG(1, "error reading bytes from gdb\n");
1376       close (from_gdb);
1377       shutting_down = True;
1378       return False;
1379    }
1380    return write_buf(to_pid, buf, nrread, "to_pid", /* notify */ True);
1381 }
1382 
1383 static int to_gdb = 1; /* stdout by default, changed if --port is given. */
1384 static char *to_gdb_from_pid; /* fifo name to read pid replies */
1385 /* Returns True in case read/write operations were done properly.
1386    Returns False in case of error.
1387    from_pid is the file descriptor to read data from the process pid. */
1388 static
read_from_pid_write_to_gdb(int from_pid)1389 Bool read_from_pid_write_to_gdb(int from_pid)
1390 {
1391    char buf[PBUFSIZ];
1392    int nrread;
1393 
1394    nrread = read_buf(from_pid, buf, "from pid");
1395    if (nrread <= 0) {
1396       if (nrread == 0)
1397          DEBUG(1, "read 0 bytes from pid => assume exit\n");
1398       else
1399          DEBUG(1, "error reading bytes from pid\n");
1400       close (from_pid);
1401       shutting_down = True;
1402       return False;
1403    }
1404    return write_buf(to_gdb, buf, nrread, "to_gdb", /* notify */ False);
1405 }
1406 
1407 static
wait_for_gdb_connect(int in_port)1408 void wait_for_gdb_connect (int in_port)
1409 {
1410    struct sockaddr_in addr;
1411 
1412    int listen_gdb = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);
1413    int gdb_connect;
1414 
1415    if (-1 == listen_gdb) {
1416       XERROR(errno, "cannot create socket");
1417    }
1418 
1419     memset(&addr, 0, sizeof(addr));
1420 
1421     addr.sin_family = AF_INET;
1422     addr.sin_port = htons((unsigned short int)in_port);
1423     addr.sin_addr.s_addr = INADDR_ANY;
1424 
1425     if (-1 == bind(listen_gdb,(struct sockaddr *)&addr, sizeof(addr))) {
1426       XERROR(errno, "bind failed");
1427     }
1428     fprintf(stderr, "listening on port %d ...", in_port);
1429     fflush(stderr);
1430     if (-1 == listen(listen_gdb, 1)) {
1431       XERROR(errno, "error listen failed");
1432     }
1433 
1434     gdb_connect = accept(listen_gdb, NULL, NULL);
1435     if (gdb_connect < 0) {
1436         XERROR(errno, "accept failed");
1437     }
1438     fprintf(stderr, "connected.\n");
1439     fflush(stderr);
1440     close(listen_gdb);
1441     from_gdb = gdb_connect;
1442     to_gdb = gdb_connect;
1443 }
1444 
1445 /* prepares the FIFOs filenames, map the shared memory. */
1446 static
prepare_fifos_and_shared_mem(int pid)1447 void prepare_fifos_and_shared_mem(int pid)
1448 {
1449    const HChar *user, *host;
1450    unsigned len;
1451 
1452    user = getenv("LOGNAME");
1453    if (user == NULL) user = getenv("USER");
1454    if (user == NULL) user = "???";
1455 
1456    host = getenv("HOST");
1457    if (host == NULL) host = getenv("HOSTNAME");
1458    if (host == NULL) host = "???";
1459 
1460    len = strlen(vgdb_prefix) + strlen(user) + strlen(host) + 40;
1461    from_gdb_to_pid = vmalloc (len);
1462    to_gdb_from_pid = vmalloc (len);
1463    shared_mem      = vmalloc (len);
1464    /* below 3 lines must match the equivalent in remote-utils.c */
1465    sprintf(from_gdb_to_pid, "%s-from-vgdb-to-%d-by-%s-on-%s",    vgdb_prefix,
1466            pid, user, host);
1467    sprintf(to_gdb_from_pid, "%s-to-vgdb-from-%d-by-%s-on-%s",    vgdb_prefix,
1468            pid, user, host);
1469    sprintf(shared_mem,      "%s-shared-mem-vgdb-%d-by-%s-on-%s", vgdb_prefix,
1470            pid, user, host);
1471    DEBUG (1, "vgdb: using %s %s %s\n",
1472           from_gdb_to_pid, to_gdb_from_pid, shared_mem);
1473 
1474    map_vgdbshared(shared_mem);
1475 }
1476 
1477 /* Convert hex digit A to a number.  */
1478 
1479 static int
fromhex(int a)1480 fromhex (int a)
1481 {
1482    if (a >= '0' && a <= '9')
1483       return a - '0';
1484    else if (a >= 'a' && a <= 'f')
1485       return a - 'a' + 10;
1486    else
1487       XERROR(0, "Reply contains invalid hex digit %c\n", a);
1488   return 0;
1489 }
1490 
1491 /* Returns next char from fd.  -1 if error, -2 if EOF.
1492    NB: must always call it with the same fd */
1493 static int
readchar(int fd)1494 readchar (int fd)
1495 {
1496   static unsigned char buf[PBUFSIZ];
1497   static int bufcnt = 0;
1498   static unsigned char *bufp;
1499 
1500   if (bufcnt-- > 0)
1501      return *bufp++;
1502 
1503   bufcnt = read (fd, buf, sizeof (buf));
1504 
1505   if (bufcnt <= 0) {
1506      if (bufcnt == 0) {
1507         fprintf (stderr, "readchar: Got EOF\n");
1508         return -2;
1509      } else {
1510         ERROR (errno, "readchar\n");
1511         return -1;
1512      }
1513   }
1514 
1515   bufp = buf;
1516   bufcnt--;
1517   return *bufp++;
1518 }
1519 
1520 /* Read a packet from fromfd, with error checking,
1521    and store it in BUF.
1522    Returns length of packet, or -1 if error or -2 if EOF.
1523    Writes ack on ackfd */
1524 
1525 static int
getpkt(char * buf,int fromfd,int ackfd)1526 getpkt (char *buf, int fromfd, int ackfd)
1527 {
1528   char *bp;
1529   unsigned char csum, c1, c2;
1530   int c;
1531 
1532   while (1) {
1533      csum = 0;
1534 
1535      while (1) {
1536         c = readchar (fromfd);
1537         if (c == '$')
1538            break;
1539         DEBUG(2, "[getpkt: discarding char '%c']\n", c);
1540         if (c < 0)
1541            return c;
1542      }
1543 
1544      bp = buf;
1545      while (1) {
1546         c = readchar (fromfd);
1547         if (c < 0)
1548            return c;
1549         if (c == '#')
1550            break;
1551         if (c == '*') {
1552            int repeat;
1553            int r;
1554            int prev;
1555            prev = *(bp-1);
1556            csum += c;
1557            repeat = readchar (fromfd);
1558            csum += repeat;
1559            for (r = 0; r < repeat - 29; r ++)
1560               *bp++ = prev;
1561         } else {
1562            *bp++ = c;
1563            csum += c;
1564         }
1565      }
1566      *bp = 0;
1567 
1568      c1 = fromhex (readchar (fromfd));
1569      c2 = fromhex (readchar (fromfd));
1570 
1571      if (csum == (c1 << 4) + c2)
1572 	break;
1573 
1574      fprintf (stderr, "Bad checksum, sentsum=0x%x, csum=0x%x, buf=%s\n",
1575               (c1 << 4) + c2, csum, buf);
1576      if (write (ackfd, "-", 1) != 1)
1577         ERROR(0, "error when writing - (nack)\n");
1578      else
1579         add_written(1);
1580   }
1581 
1582   DEBUG(2, "getpkt (\"%s\");  [sending ack] \n", buf);
1583   if (write (ackfd, "+", 1) != 1)
1584      ERROR(0, "error when writing + (ack)\n");
1585   else
1586      add_written(1);
1587   return bp - buf;
1588 }
1589 
1590 static int sigint = 0;
1591 static int sigterm = 0;
1592 static int sigpipe = 0;
1593 static int sighup = 0;
1594 static int sigusr1 = 0;
1595 static int sigalrm = 0;
1596 static int sigusr1_fd = -1;
1597 static pthread_t invoke_gdbserver_in_valgrind_thread;
1598 
1599 static
received_signal(int signum)1600 void received_signal (int signum)
1601 {
1602    if (signum == SIGINT)
1603       sigint++;
1604    else if (signum == SIGUSR1) {
1605       sigusr1++;
1606       if (sigusr1_fd >= 0) {
1607          char control_c = '\003';
1608          write_buf(sigusr1_fd, &control_c, 1,
1609                    "write \\003 on SIGUSR1", /* notify */ True);
1610       }
1611    }
1612    else if (signum == SIGTERM) {
1613       shutting_down = True;
1614       sigterm++;
1615    } else if (signum == SIGHUP) {
1616       shutting_down = True;
1617       sighup++;
1618    } else if (signum == SIGPIPE) {
1619       sigpipe++;
1620    } else if (signum == SIGALRM) {
1621       sigalrm++;
1622 #if defined(VGPV_arm_linux_android)
1623       /* Android has no pthread_cancel. As it also does not have
1624          PTRACE_INVOKER, there is no need for cleanup action.
1625          So, we just do nothing. */
1626       DEBUG(1, "sigalrm received, no action on android\n");
1627 #else
1628       /* Note: we cannot directly invoke restore_and_detach : this must
1629          be done by the thread that has attached.
1630          We have in this thread pushed a cleanup handler that will
1631          cleanup what is needed. */
1632       DEBUG(1, "pthread_cancel invoke_gdbserver_in_valgrind_thread\n");
1633       pthread_cancel(invoke_gdbserver_in_valgrind_thread);
1634 #endif
1635    } else {
1636       ERROR(0, "unexpected signal %d\n", signum);
1637    }
1638 }
1639 
1640 /* install the signal handlers allowing e.g. vgdb to cleanup in
1641    case of termination. */
1642 static
install_handlers(void)1643 void install_handlers(void)
1644 {
1645    struct sigaction action, oldaction;
1646 
1647    action.sa_handler = received_signal;
1648    sigemptyset (&action.sa_mask);
1649    action.sa_flags = 0;
1650 
1651    /* SIGINT: when user types C-c in gdb, this sends
1652       a SIGINT to vgdb + causes a character to be sent to remote gdbserver.
1653       The later is enough to wakeup the valgrind process. */
1654    if (sigaction (SIGINT, &action, &oldaction) != 0)
1655       XERROR (errno, "vgdb error sigaction SIGINT\n");
1656    /* We might do something more intelligent than just
1657       reporting this SIGINT E.g. behave similarly to the gdb: two
1658       control-C without feedback from the debugged process would
1659       mean to stop debugging it. */
1660 
1661    /* SIGUSR1: this is used to facilitate automatic testing.  When
1662       vgdb receives this signal, it will simulate the user typing C-c. */
1663    if (sigaction (SIGUSR1, &action, &oldaction) != 0)
1664       XERROR (errno, "vgdb error sigaction SIGUSR1\n");
1665 
1666 
1667    /* SIGTERM: can receive this signal (e.g. from gdb) to terminate vgdb
1668       when detaching or similar. A clean shutdown will be done as both
1669       the read and write side will detect an end of file. */
1670    if (sigaction (SIGTERM, &action, &oldaction) != 0)
1671       XERROR (errno, "vgdb error sigaction SIGTERM\n");
1672 
1673    /* SIGPIPE: can receive this signal when gdb detaches or kill the
1674       process debugged: gdb will close its pipes to vgdb. vgdb
1675       must resist to this signal to allow a clean shutdown. */
1676    if (sigaction (SIGPIPE, &action, &oldaction) != 0)
1677       XERROR (errno, "vgdb error sigaction SIGPIPE\n");
1678 
1679    /* SIGALRM: in case invoke thread is blocked, alarm is used
1680       to cleanup.  */
1681    if (sigaction (SIGALRM, &action, &oldaction) != 0)
1682       XERROR (errno, "vgdb error sigaction SIGALRM\n");
1683 }
1684 
1685 /* close the FIFOs provided connections, terminate the invoker thread.  */
1686 static
close_connection(int to_pid,int from_pid)1687 void close_connection(int to_pid, int from_pid)
1688 {
1689    DEBUG(1, "nr received signals: sigint %d sigterm %d sighup %d sigpipe %d\n",
1690          sigint, sigterm, sighup, sigpipe);
1691    /* Note that we do not forward sigterm to the valgrind process:
1692       a sigterm signal is (probably) received from gdb if the user wants to
1693       kill the debugged process. The kill instruction has been given to
1694       the valgrind process, which should execute a clean exit. */
1695 
1696    /* We first close the connection to pid. The pid will then
1697       terminates its gdbserver work. We keep the from pid
1698       fifo opened till the invoker thread is finished.
1699       This allows the gdbserver to finish sending its last reply. */
1700    if (close(to_pid) != 0)
1701       ERROR(errno, "close to_pid\n");
1702 
1703    /* if there is a task that was busy trying to wake up valgrind
1704       process, we wait for it to be terminated otherwise threads
1705       in the valgrind process can stay stopped if vgdb main
1706       exits before the invoke thread had time to detach from
1707       all valgrind threads. */
1708    if (max_invoke_ms > 0 || cmd_time_out != NEVER) {
1709       int join;
1710 
1711       /* It is surprisingly complex to properly shutdown or exit the
1712          valgrind process in which gdbserver has been invoked through
1713          ptrace.  In the normal case (gdb detaches from the process,
1714          or process is continued), the valgrind process will reach the
1715          breakpoint place.  Using ptrace, vgdb will ensure the
1716          previous activity of the process is resumed (e.g. restart a
1717          blocking system call).  The special case is when gdb asks the
1718          valgrind process to exit (using either the "kill" command or
1719          "monitor exit").  In such a case, the valgrind process will
1720          call exit.  But a ptraced process will be blocked in exit,
1721          waiting for the ptracing process to detach or die. vgdb
1722          cannot detach unconditionally as otherwise, in the normal
1723          case, the valgrind process would stop abnormally with SIGSTOP
1724          (as vgdb would not be there to catch it). vgdb can also not
1725          die unconditionally otherwise again, similar problem.  So, we
1726          assume that most of the time, we arrive here in the normal
1727          case, and so, the breakpoint has been encountered by the
1728          valgrind process, so the invoker thread will exit and the
1729          join will succeed.  For the "kill" case, we cause an alarm
1730          signal to be sent after a few seconds. This means that in the
1731          normal case, the gdbserver code in valgrind process must have
1732          returned the control in less than the alarm nr of seconds,
1733          otherwise, valgrind will stop abnormally with SIGSTOP. */
1734       (void) alarm (3);
1735 
1736       DEBUG(1, "joining with invoke_gdbserver_in_valgrind_thread\n");
1737       join = pthread_join(invoke_gdbserver_in_valgrind_thread, NULL);
1738       if (join != 0)
1739          XERROR
1740             (join,
1741              "vgdb error pthread_join invoke_gdbserver_in_valgrind_thread\n");
1742    }
1743    if (close(from_pid) != 0)
1744       ERROR(errno, "close from_pid\n");
1745 }
1746 
1747 /* Relay data between gdb and Valgrind gdbserver, till EOF or an
1748    error is encountered. */
1749 static
gdb_relay(int pid)1750 void gdb_relay (int pid)
1751 {
1752    int from_pid = -1; /* fd to read from pid */
1753    int to_pid = -1; /* fd to write to pid */
1754 
1755    int shutdown_loop = 0;
1756    fprintf (stderr, "relaying data between gdb and process %d\n", pid);
1757    fflush (stderr);
1758 
1759    if (max_invoke_ms > 0)
1760       pthread_create(&invoke_gdbserver_in_valgrind_thread, NULL,
1761                      invoke_gdbserver_in_valgrind, (void *) &pid);
1762    to_pid = open_fifo(from_gdb_to_pid, O_WRONLY, "write to pid");
1763    acquire_lock (shared_mem_fd, pid);
1764 
1765    from_pid = open_fifo (to_gdb_from_pid, O_RDONLY|O_NONBLOCK,
1766                          "read mode from pid");
1767 
1768    sigusr1_fd = to_pid; /* allow simulating user typing control-c */
1769 
1770    while (1) {
1771       ConnectionKind ck;
1772       int ret;
1773       struct pollfd pollfds[NumConnectionKind];
1774 
1775       /* watch data written by gdb, watch POLLERR on both gdb fd */
1776       pollfds[FROM_GDB].fd = from_gdb;
1777       pollfds[FROM_GDB].events = POLLIN;
1778       pollfds[FROM_GDB].revents = 0;
1779       pollfds[TO_GDB].fd = to_gdb;
1780       pollfds[TO_GDB].events = 0;
1781       pollfds[TO_GDB].revents = 0;
1782 
1783       /* watch data written by pid, watch POLLERR on both pid fd */
1784       pollfds[FROM_PID].fd = from_pid;
1785       pollfds[FROM_PID].events = POLLIN;
1786       pollfds[FROM_PID].revents = 0;
1787       pollfds[TO_PID].fd = to_pid;
1788       pollfds[TO_PID].events = 0;
1789       pollfds[TO_PID].revents = 0;
1790 
1791       ret = poll(pollfds,
1792                  NumConnectionKind,
1793                  (shutting_down ?
1794                   1 /* one second */
1795                   : -1 /* infinite */));
1796       DEBUG(2, "poll ret %d errno %d\n", ret, errno);
1797 
1798       /* check for unexpected error */
1799       if (ret <= 0 && errno != EINTR) {
1800          ERROR (errno, "unexpected poll ret %d\n", ret);
1801          shutting_down = True;
1802          break;
1803       }
1804 
1805       /* check for data to read */
1806       for (ck = 0; ck < NumConnectionKind; ck ++) {
1807          if (pollfds[ck].revents & POLLIN) {
1808             switch (ck) {
1809             case FROM_GDB:
1810                if (!read_from_gdb_write_to_pid(to_pid))
1811                   shutting_down = True;
1812                break;
1813                case FROM_PID:
1814                   if (!read_from_pid_write_to_gdb(from_pid))
1815                      shutting_down = True;
1816                   break;
1817             default: XERROR(0, "unexpected POLLIN on %s\n",
1818                                ppConnectionKind(ck));
1819             }
1820          }
1821       }
1822 
1823       /* check for an fd being in error condition */
1824       for (ck = 0; ck < NumConnectionKind; ck ++) {
1825          if (pollfds[ck].revents & POLLERR) {
1826             DEBUG(1, "connection %s fd %d POLLERR error condition\n",
1827                      ppConnectionKind(ck), pollfds[ck].fd);
1828             valgrind_dying();
1829             shutting_down = True;
1830          }
1831          if (pollfds[ck].revents & POLLHUP) {
1832             DEBUG(1, "connection %s fd %d POLLHUP error condition\n",
1833                   ppConnectionKind(ck), pollfds[ck].fd);
1834             valgrind_dying();
1835             shutting_down = True;
1836          }
1837          if (pollfds[ck].revents & POLLNVAL) {
1838             DEBUG(1, "connection %s fd %d POLLNVAL error condition\n",
1839                   ppConnectionKind(ck), pollfds[ck].fd);
1840             valgrind_dying();
1841             shutting_down = True;
1842          }
1843       }
1844 
1845       if (shutting_down) {
1846          /* we let some time to the final packets to be transferred */
1847          shutdown_loop++;
1848          if (shutdown_loop > 3)
1849             break;
1850       }
1851    }
1852    close_connection(to_pid, from_pid);
1853 }
1854 
packet_len_for_command(char * cmd)1855 static int packet_len_for_command(char *cmd)
1856 {
1857    /* cmd will be send as a packet $qRcmd,xxxx....................xx#cc      */
1858    return                          7+     2*strlen(cmd)             +3  + 1;
1859 }
1860 
1861 /* hyper-minimal protocol implementation that
1862    sends the provided commands (using qRcmd packets)
1863    and read and display their replies. */
1864 static
standalone_send_commands(int pid,int last_command,char * commands[])1865 void standalone_send_commands(int pid,
1866                               int last_command,
1867                               char *commands[] )
1868 {
1869    int from_pid = -1; /* fd to read from pid */
1870    int to_pid = -1; /* fd to write to pid */
1871 
1872    int i;
1873    int hi;
1874    unsigned char hex[3];
1875    unsigned char cksum;
1876    unsigned char *hexcommand;
1877    unsigned char buf[PBUFSIZ];
1878    int buflen;
1879    int nc;
1880 
1881 
1882    if (max_invoke_ms > 0 || cmd_time_out != NEVER)
1883       pthread_create(&invoke_gdbserver_in_valgrind_thread, NULL,
1884                      invoke_gdbserver_in_valgrind, (void *) &pid);
1885 
1886    to_pid = open_fifo(from_gdb_to_pid, O_WRONLY, "write to pid");
1887    acquire_lock (shared_mem_fd, pid);
1888 
1889    /* first send a C-c \003 to pid, so that it wakes up the process
1890       After that, we can open the fifo from the pid in read mode
1891       We then start to wait for packets (normally first a resume reply)
1892       At that point, we send our command and expect replies */
1893    buf[0] = '\003';
1894    write_buf(to_pid, buf, 1, "write \\003 to wake up", /* notify */ True);
1895    from_pid = open_fifo(to_gdb_from_pid, O_RDONLY,
1896                         "read cmd result from pid");
1897 
1898    for (nc = 0; nc <= last_command; nc++) {
1899       fprintf (stderr, "sending command %s to pid %d\n", commands[nc], pid);
1900       fflush (stderr);
1901 
1902       /* prepare hexcommand $qRcmd,xxxx....................xx#cc      */
1903       hexcommand = vmalloc (packet_len_for_command(commands[nc]));
1904       hexcommand[0] = 0;
1905       strcat (hexcommand, "$qRcmd,");
1906       for (i = 0; i < strlen(commands[nc]); i++) {
1907          sprintf(hex, "%02x", commands[nc][i]);
1908          strcat (hexcommand, hex);
1909       }
1910       /* checksum (but without the $) */
1911       cksum = 0;
1912       for (hi = 1; hi < strlen(hexcommand); hi++)
1913          cksum+=hexcommand[hi];
1914       strcat(hexcommand, "#");
1915       sprintf(hex, "%02x", cksum);
1916       strcat(hexcommand, hex);
1917       write_buf(to_pid, hexcommand, strlen(hexcommand),
1918                 "writing hex command to pid", /* notify */ True);
1919 
1920       /* we exit of the below loop explicitely when the command has
1921          been handled or because a signal handler will set
1922          shutting_down. */
1923       while (!shutting_down) {
1924          buflen = getpkt(buf, from_pid, to_pid);
1925          if (buflen < 0) {
1926             ERROR (0, "error reading packet\n");
1927             if (buflen == -2)
1928                valgrind_dying();
1929             break;
1930          }
1931          if (strlen(buf) == 0) {
1932             DEBUG(0, "empty packet rcvd (packet qRcmd not recognised?)\n");
1933             break;
1934          }
1935          if (strcmp(buf, "OK") == 0) {
1936             DEBUG(1, "OK packet rcvd\n");
1937             break;
1938          }
1939          if (buf[0] == 'E') {
1940             DEBUG(0,
1941                   "E NN error packet rcvd: %s (unknown monitor command?)\n",
1942                   buf);
1943             break;
1944          }
1945          if (buf[0] == 'W') {
1946             DEBUG(0, "W stopped packet rcvd: %s\n", buf);
1947             break;
1948          }
1949          if (buf[0] == 'T') {
1950             DEBUG(1, "T resume reply packet received: %s\n", buf);
1951             continue;
1952          }
1953 
1954          /* must be here an O packet with hex encoded string reply
1955             => decode and print it */
1956          if (buf[0] != 'O') {
1957             DEBUG(0, "expecting O packet, received: %s\n", buf);
1958             continue;
1959          }
1960          {
1961             char buf_print[buflen/2 + 1];
1962             for (i = 1; i < buflen; i = i + 2)
1963                buf_print[i/2] = (fromhex(*(buf+i)) << 4)
1964                      + fromhex(*(buf+i+1));
1965             buf_print[buflen/2] = 0;
1966             printf("%s", buf_print);
1967             fflush(stdout);
1968          }
1969       }
1970       free (hexcommand);
1971    }
1972    shutting_down = True;
1973 
1974    close_connection(to_pid, from_pid);
1975 }
1976 
1977 /* report to user the existence of a vgdb-able valgrind process
1978    with given pid */
1979 static
report_pid(int pid,Bool on_stdout)1980 void report_pid (int pid, Bool on_stdout)
1981 {
1982    char cmdline_file[100];
1983    char cmdline[1000];
1984    int fd;
1985    int i, sz;
1986 
1987    sprintf(cmdline_file, "/proc/%d/cmdline", pid);
1988    fd = open (cmdline_file, O_RDONLY);
1989    if (fd == -1) {
1990       DEBUG(1, "error opening cmdline file %s %s\n",
1991             cmdline_file, strerror(errno));
1992       sprintf(cmdline, "(could not obtain process command line)");
1993    } else {
1994       sz = read(fd, cmdline, 1000);
1995       for (i = 0; i < sz; i++)
1996          if (cmdline[i] == 0)
1997             cmdline[i] = ' ';
1998       cmdline[sz] = 0;
1999       close (fd);
2000    }
2001    fprintf((on_stdout ? stdout : stderr), "use --pid=%d for %s\n", pid, cmdline);
2002    fflush((on_stdout ? stdout : stderr));
2003 }
2004 
2005 /* Possibly produces additional usage information documenting the
2006    ptrace restrictions. */
2007 static
ptrace_restrictions_msg(void)2008 void ptrace_restrictions_msg(void)
2009 {
2010 #  ifdef PR_SET_PTRACER
2011    char *ptrace_scope_setting_file = "/proc/sys/kernel/yama/ptrace_scope";
2012    int fd = -1;
2013    char ptrace_scope = 'X';
2014    fd = open (ptrace_scope_setting_file, O_RDONLY, 0);
2015    if (fd >= 0 && (read (fd, &ptrace_scope, 1) == 1) && (ptrace_scope != '0')) {
2016       fprintf (stderr,
2017                "Note: your kernel restricts ptrace invoker using %s\n"
2018                "vgdb will only be able to attach to a Valgrind process\n"
2019                "blocked in a system call *after* an initial successful attach\n",
2020                ptrace_scope_setting_file);
2021    } else if (ptrace_scope == 'X') {
2022       DEBUG (1,
2023              "PR_SET_PTRACER defined"
2024              " but could not determine ptrace scope from %s\n",
2025              ptrace_scope_setting_file);
2026    }
2027    if (fd >= 0)
2028       close (fd);
2029 #  endif
2030 
2031 #  ifndef PTRACEINVOKER
2032    fprintf(stderr,
2033            "Note: ptrace invoker not implemented\n"
2034            "For more info: read user manual section"
2035            " 'Limitations of the Valgrind gdbserver'\n");
2036 #  endif
2037 }
2038 
2039 static
usage(void)2040 void usage(void)
2041 {
2042    fprintf(stderr,
2043 "Usage: vgdb [OPTION]... [[-c] COMMAND]...\n"
2044 "vgdb (valgrind gdb) has two usages\n"
2045 "  1. standalone to send monitor commands to a Valgrind gdbserver.\n"
2046 "     The OPTION(s) must be followed by the command to send\n"
2047 "     To send more than one command, separate the commands with -c\n"
2048 "  2. relay application between gdb and a Valgrind gdbserver.\n"
2049 "     Only OPTION(s) can be given.\n"
2050 "\n"
2051 " OPTIONS are [--pid=<number>] [--vgdb-prefix=<prefix>]\n"
2052 "             [--wait=<number>] [--max-invoke-ms=<number>]\n"
2053 "             [--port=<portnr>\n"
2054 "             [--cmd-time-out=<number>] [-l] [-D] [-d]\n"
2055 "             \n"
2056 "  --pid arg must be given if multiple Valgrind gdbservers are found.\n"
2057 "  --vgdb-prefix arg must be given to both Valgrind and vgdb utility\n"
2058 "      if you want to change the default prefix for the FIFOs communication\n"
2059 "      between the Valgrind gdbserver and vgdb.\n"
2060 "  --wait (default 0) tells vgdb to check during the specified number\n"
2061 "      of seconds if a Valgrind gdbserver can be found.\n"
2062 "  --max-invoke-ms (default 100) gives the nr of milli-seconds after which vgdb\n"
2063 "      will force the invocation of the Valgrind gdbserver (if the Valgrind\n"
2064 "         process is blocked in a system call).\n"
2065 "  --port instructs vgdb to listen for gdb on the specified port nr.\n"
2066 "  --cmd-time-out (default 99999999) tells vgdb to exit if the found Valgrind\n"
2067 "     gdbserver has not processed a command after number seconds\n"
2068 "  -l  arg tells to show the list of running Valgrind gdbserver and then exit.\n"
2069 "  -D  arg tells to show shared mem status and then exit.\n"
2070 "  -d  arg tells to show debug info. Multiple -d args for more debug info\n"
2071 "\n"
2072 "  -h --help shows this message\n"
2073 "  To get help from the Valgrind gdbserver, use vgdb help\n"
2074 "\n"
2075            );
2076    ptrace_restrictions_msg();
2077 }
2078 
2079 /* If show_list, outputs on stdout the list of Valgrind processes with gdbserver activated.
2080                  and then exits.
2081 
2082    else if arg_pid == -1, waits maximum check_trials seconds to discover
2083    a valgrind pid appearing.
2084 
2085    Otherwise verify arg_pid is valid and corresponds to a Valgrind process
2086    with gdbserver activated.
2087 
2088    Returns the pid to work with
2089    or exits in case of error (e.g. no pid found corresponding to arg_pid */
2090 
2091 static
search_arg_pid(int arg_pid,int check_trials,Bool show_list)2092 int search_arg_pid(int arg_pid, int check_trials, Bool show_list)
2093 {
2094    int i;
2095    int pid = -1;
2096 
2097    if (arg_pid == 0 || arg_pid < -1) {
2098       fprintf (stderr, "vgdb error: invalid pid %d given\n", arg_pid);
2099       exit (1);
2100    } else {
2101       /* search for a matching named fifo.
2102          If we have been given a pid, we will check that the matching FIFO is
2103          there (or wait the nr of check_trials for this to appear).
2104          If no pid has been given, then if we find only one FIFO,
2105          we will use this to build the pid to use.
2106          If we find multiple processes with valid FIFO, we report them and will
2107          exit with an error. */
2108       DIR *vgdb_dir;
2109       char *vgdb_dir_name = vmalloc (strlen (vgdb_prefix) + 3);
2110       struct dirent *f;
2111       int is;
2112       int nr_valid_pid = 0;
2113       const char *suffix = "-from-vgdb-to-"; /* followed by pid */
2114       char *vgdb_format = vmalloc (strlen(vgdb_prefix) + strlen(suffix) + 1);
2115 
2116       strcpy (vgdb_format, vgdb_prefix);
2117       strcat (vgdb_format, suffix);
2118 
2119       strcpy (vgdb_dir_name, vgdb_prefix);
2120 
2121       for (is = strlen(vgdb_prefix) - 1; is >= 0; is--)
2122          if (vgdb_dir_name[is] == '/') {
2123             vgdb_dir_name[is+1] = '\0';
2124             break;
2125          }
2126       if (strlen(vgdb_dir_name) == 0)
2127          strcpy (vgdb_dir_name, "./");
2128 
2129       DEBUG(1, "searching pid in directory %s format %s\n",
2130             vgdb_dir_name, vgdb_format);
2131 
2132       /* try to find FIFOs with valid pid.
2133          On exit of the loop, pid is set to:
2134          the last pid found if show_list (or -1 if no process was listed)
2135          -1 if no FIFOs matching a running process is found
2136          -2 if multiple FIFOs of running processes are found
2137          otherwise it is set to the (only) pid found that can be debugged
2138       */
2139       for (i = 0; i < check_trials; i++) {
2140          DEBUG(1, "check_trial %d \n", i);
2141          if (i > 0)
2142            /* wait one second before checking again */
2143            sleep(1);
2144 
2145          vgdb_dir = opendir (vgdb_dir_name);
2146          if (vgdb_dir == NULL)
2147             XERROR (errno,
2148                     "vgdb error: opening directory %s searching vgdb fifo\n",
2149                     vgdb_dir_name);
2150 
2151          errno = 0; /* avoid complain if vgdb_dir is empty */
2152          while ((f = readdir (vgdb_dir))) {
2153             struct stat st;
2154             char pathname[strlen(vgdb_dir_name) + strlen(f->d_name)];
2155             char *wrongpid;
2156             int newpid;
2157 
2158             strcpy (pathname, vgdb_dir_name);
2159             strcat (pathname, f->d_name);
2160             DEBUG(3, "trying %s\n", pathname);
2161             if (stat (pathname, &st) != 0) {
2162                if (debuglevel >= 3)
2163                   ERROR (errno, "vgdb error: stat %s searching vgdb fifo\n",
2164                          pathname);
2165             } else if (S_ISFIFO (st.st_mode)) {
2166                DEBUG(3, "trying %s\n", pathname);
2167                if (strncmp (pathname, vgdb_format,
2168                             strlen (vgdb_format)) == 0) {
2169                   newpid = strtol(pathname + strlen (vgdb_format),
2170                                   &wrongpid, 10);
2171                   if (*wrongpid == '-' && newpid > 0
2172                       && kill (newpid, 0) == 0) {
2173                      nr_valid_pid++;
2174                      if (show_list) {
2175                         report_pid (newpid, /*on_stdout*/ True);
2176                         pid = newpid;
2177                      } else if (arg_pid != -1) {
2178                         if (arg_pid == newpid) {
2179                            pid = newpid;
2180                         }
2181                      } else if (nr_valid_pid > 1) {
2182                         if (nr_valid_pid == 2) {
2183                            fprintf
2184                               (stderr,
2185                                "no --pid= arg given"
2186                                " and multiple valgrind pids found:\n");
2187                            report_pid (pid, /*on_stdout*/ False);
2188                         }
2189                         pid = -2;
2190                         report_pid (newpid, /*on_stdout*/ False);
2191                      } else {
2192                         pid = newpid;
2193                      }
2194                   }
2195                }
2196             }
2197             errno = 0; /* avoid complain if at the end of vgdb_dir */
2198          }
2199          if (f == NULL && errno != 0)
2200             XERROR (errno, "vgdb error: reading directory %s for vgdb fifo\n",
2201                     vgdb_dir_name);
2202 
2203          closedir (vgdb_dir);
2204          if (pid != -1)
2205             break;
2206       }
2207 
2208       free (vgdb_dir_name);
2209       free (vgdb_format);
2210    }
2211 
2212    if (show_list) {
2213       exit (1);
2214    } else if (pid == -1) {
2215       if (arg_pid == -1)
2216          fprintf (stderr, "vgdb error: no FIFO found and no pid given\n");
2217       else
2218          fprintf (stderr, "vgdb error: no FIFO found matching pid %d\n",
2219                   arg_pid);
2220       exit (1);
2221    }
2222    else if (pid == -2) {
2223       /* no arg_pid given, multiple FIFOs found */
2224       exit (1);
2225    }
2226    else {
2227       return pid;
2228    }
2229 }
2230 
2231 /* return true if the numeric value of an option of the
2232    form --xxxxxxxxx=<number> could properly be extracted
2233    from arg. If True is returned, *value contains the
2234    extracted value.*/
2235 static
numeric_val(char * arg,int * value)2236 Bool numeric_val(char* arg, int *value)
2237 {
2238    const char *eq_pos = strchr(arg, '=');
2239    char *wrong;
2240    long long int long_value;
2241 
2242    if (eq_pos == NULL)
2243       return False;
2244 
2245    long_value = strtoll(eq_pos+1, &wrong, 10);
2246    if (long_value < 0 || long_value > INT_MAX)
2247       return False;
2248    if (*wrong)
2249       return False;
2250 
2251    *value = (int) long_value;
2252    return True;
2253 }
2254 
2255 /* true if arg matches the provided option */
2256 static
is_opt(char * arg,char * option)2257 Bool is_opt(char* arg, char *option)
2258 {
2259    int option_len = strlen(option);
2260    if (option[option_len-1] == '=')
2261       return (0 == strncmp(option, arg, option_len));
2262    else
2263       return (0 == strcmp(option, arg));
2264 }
2265 
2266 /* Parse command lines options. If error(s), exits.
2267    Otherwise returns the options in *p_... args.
2268    commands must be big enough for the commands extracted from argv.
2269    On return, *p_last_command gives the position in commands where
2270    the last command has been allocated (using vmalloc). */
2271 static
parse_options(int argc,char ** argv,Bool * p_show_shared_mem,Bool * p_show_list,int * p_arg_pid,int * p_check_trials,int * p_port,int * p_last_command,char * commands[])2272 void parse_options(int argc, char** argv,
2273                    Bool *p_show_shared_mem,
2274                    Bool *p_show_list,
2275                    int *p_arg_pid,
2276                    int *p_check_trials,
2277                    int *p_port,
2278                    int *p_last_command,
2279                    char *commands[])
2280 {
2281    Bool show_shared_mem = False;
2282    Bool show_list = False;
2283    int arg_pid = -1;
2284    int check_trials = 1;
2285    int last_command = -1;
2286    int int_port = 0;
2287 
2288    int i;
2289    int arg_errors = 0;
2290 
2291    for (i = 1; i < argc; i++) {
2292       if (is_opt(argv[i], "--help") || is_opt(argv[i], "-h")) {
2293          usage();
2294          exit(0);
2295       } else if (is_opt(argv[i], "-d")) {
2296          debuglevel++;
2297       } else if (is_opt(argv[i], "-D")) {
2298          show_shared_mem = True;
2299       } else if (is_opt(argv[i], "-l")) {
2300          show_list = True;
2301       } else if (is_opt(argv[i], "--pid=")) {
2302          int newpid;
2303          if (!numeric_val(argv[i], &newpid)) {
2304             fprintf (stderr, "invalid --pid argument %s\n", argv[i]);
2305             arg_errors++;
2306          } else if (arg_pid != -1) {
2307             fprintf (stderr, "multiple --pid arguments given\n");
2308             arg_errors++;
2309          } else {
2310             arg_pid = newpid;
2311          }
2312       } else if (is_opt(argv[i], "--wait=")) {
2313          if (!numeric_val(argv[i], &check_trials)) {
2314             fprintf (stderr, "invalid --wait argument %s\n", argv[i]);
2315             arg_errors++;
2316          }
2317       } else if (is_opt(argv[i], "--max-invoke-ms=")) {
2318          if (!numeric_val(argv[i], &max_invoke_ms)) {
2319             fprintf (stderr, "invalid --max-invoke-ms argument %s\n", argv[i]);
2320             arg_errors++;
2321          }
2322       } else if (is_opt(argv[i], "--cmd-time-out=")) {
2323          if (!numeric_val(argv[i], &cmd_time_out)) {
2324             fprintf (stderr, "invalid --cmd-time-out argument %s\n", argv[i]);
2325             arg_errors++;
2326          }
2327       } else if (is_opt(argv[i], "--port=")) {
2328          if (!numeric_val(argv[i], &int_port)) {
2329             fprintf (stderr, "invalid --port argument %s\n", argv[i]);
2330             arg_errors++;
2331          }
2332       } else if (is_opt(argv[i], "--vgdb-prefix=")) {
2333          vgdb_prefix = argv[i] + 14;
2334       } else if (is_opt(argv[i], "-c")) {
2335          last_command++;
2336          commands[last_command] = vmalloc (1);
2337          commands[last_command][0] = '\0';
2338       } else if (0 == strncmp(argv[i], "-", 1)) {
2339          fprintf (stderr, "unknown or invalid argument %s\n", argv[i]);
2340          arg_errors++;
2341       } else {
2342          int len;
2343          if (last_command == -1) {
2344             /* only one command, no -c command indicator */
2345             last_command++;
2346             commands[last_command] = vmalloc (1);
2347             commands[last_command][0] = '\0';
2348          }
2349          len = strlen(commands[last_command]);
2350          commands[last_command] = vrealloc (commands[last_command],
2351                                             len + 1 + strlen(argv[i]) + 1);
2352          if (len > 0)
2353             strcat (commands[last_command], " ");
2354          strcat (commands[last_command], argv[i]);
2355          if (packet_len_for_command(commands[last_command]) > PBUFSIZ) {
2356             fprintf (stderr, "command %s too long\n", commands[last_command]);
2357             arg_errors++;
2358          }
2359 
2360       }
2361    }
2362 
2363    if (vgdb_prefix == NULL)
2364       vgdb_prefix = vgdb_prefix_default();
2365 
2366    if (isatty(0)
2367        && !show_shared_mem
2368        && !show_list
2369        && int_port == 0
2370        && last_command == -1) {
2371       arg_errors++;
2372       fprintf (stderr,
2373                "Using vgdb standalone implies to give -D or -l or a COMMAND\n");
2374    }
2375 
2376    if (show_shared_mem && show_list) {
2377       arg_errors++;
2378       fprintf (stderr,
2379                "Can't use both -D and -l options\n");
2380    }
2381 
2382    if (max_invoke_ms > 0
2383        && cmd_time_out != NEVER
2384        && (cmd_time_out * 1000) <= max_invoke_ms) {
2385       arg_errors++;
2386       fprintf (stderr,
2387                "--max-invoke-ms must be < --cmd-time-out * 1000\n");
2388    }
2389 
2390    if (show_list && arg_pid != -1) {
2391       arg_errors++;
2392       fprintf (stderr,
2393                "Can't use both --pid and -l options\n");
2394    }
2395 
2396    if (int_port > 0 && last_command != -1) {
2397       arg_errors++;
2398       fprintf (stderr,
2399                "Can't use --port to send commands\n");
2400    }
2401 
2402    if (arg_errors > 0) {
2403       fprintf (stderr, "args error. Try `vgdb --help` for more information\n");
2404       exit(1);
2405    }
2406 
2407    *p_show_shared_mem = show_shared_mem;
2408    *p_show_list = show_list;
2409    *p_arg_pid = arg_pid;
2410    *p_check_trials = check_trials;
2411    *p_port = int_port;
2412    *p_last_command = last_command;
2413 }
2414 
main(int argc,char ** argv)2415 int main(int argc, char** argv)
2416 {
2417    int i;
2418    int pid;
2419 
2420    Bool show_shared_mem;
2421    Bool show_list;
2422    int arg_pid;
2423    int check_trials;
2424    int in_port;
2425    int last_command;
2426    char *commands[argc]; // we will never have more commands than args.
2427 
2428    parse_options(argc, argv,
2429                  &show_shared_mem,
2430                  &show_list,
2431                  &arg_pid,
2432                  &check_trials,
2433                  &in_port,
2434                  &last_command,
2435                  commands);
2436 
2437    /* when we are working as a relay for gdb, handle some signals by
2438       only reporting them (according to debug level). Also handle these
2439       when ptrace will be used: vgdb must clean up the ptrace effect before
2440       dying. */
2441    if (max_invoke_ms > 0 || last_command == -1)
2442       install_handlers();
2443 
2444    pid = search_arg_pid (arg_pid, check_trials, show_list);
2445 
2446    prepare_fifos_and_shared_mem(pid);
2447 
2448    if (in_port > 0)
2449       wait_for_gdb_connect(in_port);
2450 
2451    if (show_shared_mem) {
2452       fprintf(stderr,
2453               "vgdb %d "
2454               "written_by_vgdb %d "
2455               "seen_by_valgrind %d\n"
2456               "vgdb pid %d\n",
2457               VS_vgdb_pid,
2458               VS_written_by_vgdb,
2459               VS_seen_by_valgrind,
2460               VS_vgdb_pid);
2461       exit (0);
2462    }
2463 
2464    if (last_command >= 0) {
2465       standalone_send_commands(pid, last_command, commands);
2466    } else {
2467       gdb_relay(pid);
2468    }
2469 
2470 
2471    free (from_gdb_to_pid);
2472    free (to_gdb_from_pid);
2473    free (shared_mem);
2474 
2475    for (i = 0; i <= last_command; i++)
2476       free (commands[i]);
2477    return 0;
2478 }
2479