1 /* Remote utility routines for the remote server for GDB.
2 Copyright (C) 1986, 1989, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000,
3 2001, 2002, 2003, 2004, 2005, 2006, 2011
4 Free Software Foundation, Inc.
5
6 This file is part of GDB.
7 It has been modified to integrate it in valgrind
8
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 2 of the License, or
12 (at your option) any later version.
13
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
18
19 You should have received a copy of the GNU General Public License
20 along with this program; if not, write to the Free Software
21 Foundation, Inc., 51 Franklin Street, Fifth Floor,
22 Boston, MA 02110-1301, USA. */
23
24 #include "pub_core_basics.h"
25 #include "pub_core_vki.h"
26 #include "pub_core_vkiscnums.h"
27 #include "pub_core_libcsignal.h"
28 #include "pub_core_options.h"
29 #include "pub_core_aspacemgr.h"
30
31 #include "server.h"
32
33 # if defined(VGO_linux)
34 #include <sys/prctl.h>
35 # endif
36
37 /* Calls sr_perror with msg.
38 Outputs more information about Valgrind state if verbosity > 0
39 or debuglog_getlevel > 0. */
40 static
sr_extended_perror(SysRes sr,const HChar * msg)41 void sr_extended_perror (SysRes sr, const HChar *msg)
42 {
43 sr_perror (sr, "%s", msg);
44 if (VG_(clo_verbosity) > 0 || VG_(debugLog_getLevel)() >= 1) {
45 Int i;
46 vki_sigset_t cursigset;
47 VG_(show_sched_status) (True, // host_stacktrace
48 True, // stack_usage
49 True); // exited_threads
50 VG_(sigprocmask) (0, // dummy how.
51 NULL, // do not change the sigmask
52 &cursigset); //
53 VG_(dmsg)("current sigmask value { ");
54 for (i = 1; i <= _VKI_NSIG; i++) {
55 if (VG_(sigismember)(&cursigset, i))
56 VG_(dmsg)("%d ", i);
57 }
58 VG_(dmsg)("}\n");
59 }
60 }
61
62 /* Calls VG_(poll) with given arguments. If VG_(poll) fails due to EINTR,
63 restarts the syscall.
64 Normally, VG_(poll) gdbsrv syscalls are not supposed to be interrupted :
65 either gdbsrv has been called by the scheduler (so all async signals
66 are masked)
67 or gdbsrv has been forced invoked by vgdb+ptrace, and vgdb is queuing
68 the signals.
69
70 However, on old kernels (such as on RHEL5.5 2.6.18), when vgdb+ptrace
71 intercepts and queues an async signal, the poll syscall is not properly
72 restarted. Instead, it returns EINTR even if no signal was effectively
73 received by the ptraced process.
74 See red-hat "Bug 679129 - Change in behaviour between RH5.5 and RH6
75 with ptrace and syscalls bugzilla"
76 e.g. "Why rhel5 differs? Because unlike in rhel6, sys_poll() returns
77 -EINTR if interrupted, that is all. This old implementation does
78 not support the restart-if-eintr-is-spurious."
79
80 So in case VG_(poll) fails with EINTR, we retry. */
VG_(poll_no_eintr)81 static SysRes VG_(poll_no_eintr) (struct vki_pollfd *fds, Int nfds, Int timeout)
82 {
83 const HChar* msg = "VG_(poll) failed (old kernel ?) retrying ... \n";
84 SysRes sr;
85 do {
86 sr = VG_(poll) (fds, nfds, timeout);
87 if (!sr_isError(sr) || sr_Err(sr) != VKI_EINTR)
88 return sr;
89 sr_perror (sr, "%s", msg);
90 if (VG_(debugLog_getLevel)() >= 1) {
91 sr_extended_perror (sr, msg);
92 }
93 } while (1);
94 /*NOTREACHED*/
95 }
96
97 Bool noack_mode;
98
99 static int readchar (int single);
100
101 void remote_utils_output_status(void);
102
103 #define INVALID_DESCRIPTOR -1
104 static int remote_desc = INVALID_DESCRIPTOR;
105
106 static VgdbShared *shared;
107 static int last_looked_cntr = -1;
108 static struct vki_pollfd remote_desc_pollfdread_activity;
109
110 /* for a gdbserver embedded in valgrind, we read from a FIFO and write
111 to another FIFO So, we need two descriptors */
112 static int write_remote_desc = INVALID_DESCRIPTOR;
113 static int pid_from_to_creator;
114 /* only this pid will remove the FIFOs: if an exec fails, we must avoid
115 that the exiting child believes it has to remove the FIFOs of its parent */
116 static int mknod_done = 0;
117
118 static char *from_gdb = NULL;
119 static char *to_gdb = NULL;
120 static char *shared_mem = NULL;
121
122 static
open_fifo(const char * side,const char * path,int flags)123 int open_fifo (const char *side, const char *path, int flags)
124 {
125 SysRes o;
126 int fd;
127 dlog(1, "Opening %s side %s\n", side, path);
128 o = VG_(open) (path, flags, 0);
129 if (sr_isError (o)) {
130 sr_perror(o, "open fifo %s\n", path);
131 fatal ("valgrind: fatal error: vgdb FIFO cannot be opened.\n");
132 } else {
133 fd = sr_Res(o);
134 dlog(1, "result fd %d\n", fd);
135 }
136 fd = VG_(safe_fd)(fd);
137 dlog(1, "result safe_fd %d\n", fd);
138 if (fd == -1)
139 fatal("safe_fd for vgdb FIFO failed\n");
140 return fd;
141 }
142
remote_utils_output_status(void)143 void remote_utils_output_status(void)
144 {
145 if (shared == NULL)
146 VG_(umsg)("remote communication not initialized\n");
147 else
148 VG_(umsg)("shared->written_by_vgdb %d shared->seen_by_valgrind %d\n",
149 shared->written_by_vgdb, shared->seen_by_valgrind);
150 }
151
152 /* Returns 0 if vgdb and connection state looks good,
153 otherwise returns an int value telling which check failed. */
154 static
vgdb_state_looks_bad(const char * where)155 int vgdb_state_looks_bad(const char* where)
156 {
157 if (VG_(kill)(shared->vgdb_pid, 0) != 0)
158 return 1; // vgdb process does not exist anymore.
159
160 if (remote_desc_activity(where) == 2)
161 return 2; // check for error on remote desc shows a problem
162
163 if (remote_desc == INVALID_DESCRIPTOR)
164 return 3; // after check, remote_desc not ok anymore
165
166 return 0; // all is ok.
167 }
168
VG_(set_ptracer)169 void VG_(set_ptracer)(void)
170 {
171 #ifdef PR_SET_PTRACER
172 SysRes o;
173 const char *ptrace_scope_setting_file = "/proc/sys/kernel/yama/ptrace_scope";
174 int fd;
175 char ptrace_scope;
176 int ret;
177
178 o = VG_(open) (ptrace_scope_setting_file, VKI_O_RDONLY, 0);
179 if (sr_isError(o)) {
180 if (VG_(debugLog_getLevel)() >= 1) {
181 sr_perror(o, "error VG_(open) %s\n", ptrace_scope_setting_file);
182 }
183 /* can't read setting. Assuming ptrace can be called by vgdb. */
184 return;
185 }
186 fd = sr_Res(o);
187 if (VG_(read) (fd, &ptrace_scope, 1) == 1) {
188 dlog(1, "ptrace_scope %c\n", ptrace_scope);
189 if (ptrace_scope != '0') {
190 /* insufficient default ptrace_scope.
191 Indicate to the kernel that we accept to be ptraced. */
192 #ifdef PR_SET_PTRACER_ANY
193 ret = VG_(prctl) (PR_SET_PTRACER, PR_SET_PTRACER_ANY, 0, 0, 0);
194 dlog(1, "set_ptracer to PR_SET_PTRACER_ANY result %d\n", ret);
195 #else
196 ret = VG_(prctl) (PR_SET_PTRACER, 1, 0, 0, 0);
197 dlog(1, "set_ptracer to 1 result %d\n", ret);
198 #endif
199 if (ret)
200 VG_(umsg)("error calling PR_SET_PTRACER, vgdb might block\n");
201 }
202 } else {
203 dlog(0, "Could not read the ptrace_scope setting from %s\n",
204 ptrace_scope_setting_file);
205 }
206
207 VG_(close) (fd);
208 #endif
209 }
210
211 /* returns 1 if one or more poll "errors" is set.
212 Errors are: VKI_POLLERR or VKI_POLLHUP or VKI_POLLNAL */
213 static
poll_cond(short revents)214 int poll_cond (short revents)
215 {
216 return (revents & (VKI_POLLERR | VKI_POLLHUP | VKI_POLLNVAL));
217 }
218
219 /* Ensures we have a valid write file descriptor.
220 Returns 1 if we have a valid write file descriptor,
221 0 if the write fd is not valid/cannot be opened. */
222 static
ensure_write_remote_desc(void)223 int ensure_write_remote_desc(void)
224 {
225 struct vki_pollfd write_remote_desc_ok;
226 SysRes ret;
227 if (write_remote_desc != INVALID_DESCRIPTOR) {
228 write_remote_desc_ok.fd = write_remote_desc;
229 write_remote_desc_ok.events = VKI_POLLOUT;
230 write_remote_desc_ok.revents = 0;
231 ret = VG_(poll_no_eintr)(&write_remote_desc_ok, 1, 0);
232 if (sr_isError(ret)
233 || (sr_Res(ret) > 0 && poll_cond(write_remote_desc_ok.revents))) {
234 if (sr_isError(ret)) {
235 sr_extended_perror(ret, "ensure_write_remote_desc: poll error\n");
236 } else {
237 dlog(0, "POLLcond %d closing write_remote_desc %d\n",
238 write_remote_desc_ok.revents, write_remote_desc);
239 }
240 VG_(close) (write_remote_desc);
241 write_remote_desc = INVALID_DESCRIPTOR;
242 }
243 }
244 if (write_remote_desc == INVALID_DESCRIPTOR) {
245 /* open_fifo write will block if the receiving vgdb
246 process is dead. So, let's check for vgdb state to
247 be reasonably sure someone is reading on the other
248 side of the fifo. */
249 if (!vgdb_state_looks_bad("bad?@ensure_write_remote_desc")) {
250 write_remote_desc = open_fifo ("write", to_gdb, VKI_O_WRONLY);
251 }
252 }
253
254 return (write_remote_desc != INVALID_DESCRIPTOR);
255 }
256
257 #if defined(VGO_darwin)
258 #define VKI_S_IFIFO 0010000
259 #endif
260 static
safe_mknod(char * nod)261 void safe_mknod (char *nod)
262 {
263 SysRes m;
264 m = VG_(mknod) (nod, VKI_S_IFIFO|0600, 0);
265 if (sr_isError (m)) {
266 if (sr_Err (m) == VKI_EEXIST) {
267 if (VG_(clo_verbosity) > 1) {
268 VG_(umsg)("%s already created\n", nod);
269 }
270 } else {
271 sr_perror(m, "mknod %s\n", nod);
272 VG_(umsg) ("valgrind: fatal error: vgdb FIFOs cannot be created.\n");
273 VG_(exit)(1);
274 }
275 }
276 }
277
278 /* If remote_desc is not opened, open it.
279 Setup remote_desc_pollfdread_activity. */
setup_remote_desc_for_reading(void)280 static void setup_remote_desc_for_reading (void)
281 {
282 int save_fcntl_flags;
283
284 if (remote_desc == INVALID_DESCRIPTOR) {
285 /* we open the read side FIFO in non blocking mode
286 We then set the fd in blocking mode.
287 Opening in non-blocking read mode always succeeds while opening
288 in non-blocking write mode succeeds only if the fifo is already
289 opened in read mode. So, we wait till we have read the first
290 character from the read side before opening the write side. */
291 remote_desc = open_fifo ("read", from_gdb, VKI_O_RDONLY|VKI_O_NONBLOCK);
292 save_fcntl_flags = VG_(fcntl) (remote_desc, VKI_F_GETFL, 0);
293 VG_(fcntl) (remote_desc, VKI_F_SETFL, save_fcntl_flags & ~VKI_O_NONBLOCK);
294 }
295 remote_desc_pollfdread_activity.fd = remote_desc;
296 remote_desc_pollfdread_activity.events = VKI_POLLIN;
297 remote_desc_pollfdread_activity.revents = 0;
298 }
299
300 /* Open a connection to a remote debugger.
301 NAME is the filename used for communication.
302 For Valgrind, name is the prefix for the two read and write FIFOs
303 The two FIFOs names will be build by appending
304 -from-vgdb-to-pid-by-user-on-host and -to-vgdb-from-pid-by-user-on-host
305 with pid being the pidnr of the valgrind process These two FIFOs
306 will be created if not existing yet. They will be removed when
307 the gdbserver connection is closed or the process exits */
308
remote_open(const HChar * name)309 void remote_open (const HChar *name)
310 {
311 const HChar *user, *host;
312 int len;
313 VgdbShared vgdbinit;
314 const int pid = VG_(getpid)();
315 Addr addr_shared;
316 SysRes o;
317 int shared_mem_fd = INVALID_DESCRIPTOR;
318
319 VG_(memset) (&vgdbinit, 0, sizeof (VgdbShared));
320 vgdbinit = (VgdbShared)
321 {0, 0, (Addr) VG_(invoke_gdbserver),
322 (Addr) VG_(threads), VG_N_THREADS, sizeof(ThreadState),
323 offsetof(ThreadState, status),
324 offsetof(ThreadState, os_state) + offsetof(ThreadOSstate, lwpid),
325 0};
326
327 user = VG_(getenv)("LOGNAME");
328 if (user == NULL) user = VG_(getenv)("USER");
329 if (user == NULL) user = "???";
330 if (VG_(strchr)(user, '/')) user = "???";
331
332 host = VG_(getenv)("HOST");
333 if (host == NULL) host = VG_(getenv)("HOSTNAME");
334 if (host == NULL) host = "???";
335 if (VG_(strchr)(host, '/')) host = "???";
336
337 len = strlen(name) + strlen(user) + strlen(host) + 40;
338
339 if (from_gdb != NULL)
340 free (from_gdb);
341 from_gdb = malloc (len);
342 if (to_gdb != NULL)
343 free (to_gdb);
344 to_gdb = malloc (len);
345 if (shared_mem != NULL)
346 free (shared_mem);
347 shared_mem = malloc (len);
348 /* below 3 lines must match the equivalent in vgdb.c */
349 VG_(sprintf) (from_gdb, "%s-from-vgdb-to-%d-by-%s-on-%s", name,
350 pid, user, host);
351 VG_(sprintf) (to_gdb, "%s-to-vgdb-from-%d-by-%s-on-%s", name,
352 pid, user, host);
353 VG_(sprintf) (shared_mem, "%s-shared-mem-vgdb-%d-by-%s-on-%s", name,
354 pid, user, host);
355 if (VG_(clo_verbosity) > 1) {
356 VG_(umsg)("embedded gdbserver: reading from %s\n", from_gdb);
357 VG_(umsg)("embedded gdbserver: writing to %s\n", to_gdb);
358 VG_(umsg)("embedded gdbserver: shared mem %s\n", shared_mem);
359 VG_(umsg)("\n");
360 VG_(umsg)("TO CONTROL THIS PROCESS USING vgdb (which you probably\n"
361 "don't want to do, unless you know exactly what you're doing,\n"
362 "or are doing some strange experiment):\n"
363 " %s/../../bin/vgdb%s%s --pid=%d ...command...\n",
364 VG_(libdir),
365 (VG_(arg_vgdb_prefix) ? " " : ""),
366 (VG_(arg_vgdb_prefix) ? VG_(arg_vgdb_prefix) : ""),
367 pid);
368 }
369 if (VG_(clo_verbosity) > 1
370 || VG_(clo_vgdb_error) < 999999999
371 || VG_(clo_vgdb_stop_at) != 0) {
372 VG_(umsg)("\n");
373 VG_(umsg)(
374 "TO DEBUG THIS PROCESS USING GDB: start GDB like this\n"
375 " /path/to/gdb %s\n"
376 "and then give GDB the following command\n"
377 " target remote | %s/../../bin/vgdb%s%s --pid=%d\n",
378 VG_(args_the_exename),
379 VG_(libdir),
380 (VG_(arg_vgdb_prefix) ? " " : ""),
381 (VG_(arg_vgdb_prefix) ? VG_(arg_vgdb_prefix) : ""),
382 pid
383 );
384 VG_(umsg)("--pid is optional if only one valgrind process is running\n");
385 VG_(umsg)("\n");
386 }
387
388 if (!mknod_done) {
389 mknod_done++;
390 VG_(set_ptracer)();
391 /*
392 * Unlink just in case a previous process with the same PID had been
393 * killed and hence Valgrind hasn't had the chance yet to remove these.
394 */
395 VG_(unlink)(from_gdb);
396 VG_(unlink)(to_gdb);
397 VG_(unlink)(shared_mem);
398
399 o = VG_(open) (shared_mem, VKI_O_CREAT|VKI_O_RDWR, 0600);
400 if (sr_isError (o)) {
401 sr_perror(o, "cannot create shared_mem file %s\n", shared_mem);
402 fatal("Cannot recover from previous error. Good-bye.");
403 } else {
404 shared_mem_fd = sr_Res(o);
405 }
406
407 if (VG_(write)(shared_mem_fd, &vgdbinit, sizeof(VgdbShared))
408 != sizeof(VgdbShared)) {
409 fatal("error writing %d bytes to shared mem %s\n",
410 (int) sizeof(VgdbShared), shared_mem);
411 }
412 {
413 SysRes res = VG_(am_shared_mmap_file_float_valgrind)
414 (sizeof(VgdbShared), VKI_PROT_READ|VKI_PROT_WRITE,
415 shared_mem_fd, (Off64T)0);
416 if (sr_isError(res)) {
417 sr_perror(res, "error VG_(am_shared_mmap_file_float_valgrind) %s\n",
418 shared_mem);
419 fatal("Cannot recover from previous error. Good-bye.");
420 }
421 addr_shared = sr_Res (res);
422 }
423 shared = (VgdbShared*) addr_shared;
424 VG_(close) (shared_mem_fd);
425
426 safe_mknod(to_gdb);
427 safe_mknod(from_gdb);
428 /* from_gdb is the last resource created: vgdb searches such FIFOs
429 to detect the presence of a valgrind process.
430 So, we better create this resource when all the rest needed by
431 vgdb is ready : the other FIFO and the shared memory. */
432
433 pid_from_to_creator = pid;
434 }
435
436 setup_remote_desc_for_reading ();
437 }
438
439 /* sync_gdb_connection wait a time long enough to let the connection
440 be properly closed if needed when closing the connection (in case
441 of detach or error), if we reopen it too quickly, it seems there
442 are some events queued in the kernel concerning the "old"
443 connection/remote_desc which are discovered with poll or select on
444 the "new" connection/remote_desc. We bypass this by waiting some
445 time to let a proper cleanup to be donex */
sync_gdb_connection(void)446 void sync_gdb_connection(void)
447 {
448 SysRes ret;
449 ret = VG_(poll_no_eintr)(0, 0, 100);
450 if (sr_isError(ret))
451 sr_extended_perror(ret, "sync_gdb_connection: poll error\n");
452 }
453
454 static
ppFinishReason(FinishReason reason)455 const char * ppFinishReason (FinishReason reason)
456 {
457 switch (reason) {
458 case orderly_finish: return "orderly_finish";
459 case reset_after_error: return "reset_after_error";
460 case reset_after_fork: return "reset_after_fork";
461 default: vg_assert (0);
462 }
463 }
464
remote_finish(FinishReason reason)465 void remote_finish (FinishReason reason)
466 {
467 dlog(1, "remote_finish (reason %s) %d %d\n",
468 ppFinishReason(reason), remote_desc, write_remote_desc);
469 reset_valgrind_sink(ppFinishReason(reason));
470 if (write_remote_desc != INVALID_DESCRIPTOR)
471 VG_(close) (write_remote_desc);
472 write_remote_desc = INVALID_DESCRIPTOR;
473
474 if (remote_desc != INVALID_DESCRIPTOR) {
475 /* Fully close the connection, either due to orderly_finish or
476 to reset_after_fork or reset_after_error. For
477 reset_after_error, the FIFO will be re-opened soon. This
478 leaves a small window during which a race condition can
479 happen between vgdb and a forking process: Just after fork,
480 both the parent and the child have the FIFO open. The child
481 will close it asap (as part of the 'after fork cleanup'). If
482 2 vgdbs are launched very quickly just after the fork, the
483 parent will close its FIFO when the 1st vgdb exits. Then if
484 the 2nd vgdb is started before the parent has the time to
485 re-open the FIFO, the 2nd vgdb will be able to open the FIFO
486 (as it is still opened by the child). The 2nd vgdb can then
487 have a 'write' error when the child closes the FIFO. After
488 the 1st vgdb closes its FIFO write side, the parent gets EOF
489 on its reading FIFO till it is closed and re-opened. Opening
490 a 2nd time the FIFO before closing the 'previous fd' solves
491 this race condition, but causes other (not understood)
492 problems due to too early re-invocation of gdbsrv. Rather
493 than to handle this race condition in gdbsrv side, we put a
494 'retry' loop in vgdb for the initial write on the write
495 FIFO. */
496 remote_desc_pollfdread_activity.fd = INVALID_DESCRIPTOR;
497 remote_desc_pollfdread_activity.events = 0;
498 remote_desc_pollfdread_activity.revents = 0;
499 VG_(close) (remote_desc);
500 remote_desc = INVALID_DESCRIPTOR;
501 }
502 noack_mode = False;
503
504 /* ensure the child will create its own FIFOs */
505 if (reason == reset_after_fork)
506 mknod_done = 0;
507
508 if (reason == reset_after_error)
509 sync_gdb_connection();
510 }
511
512 /* orderly close, cleans up everything */
remote_close(void)513 void remote_close (void)
514 {
515 const int pid = VG_(getpid)();
516 remote_finish(orderly_finish);
517 dlog(1, "%d (creator %d) maybe unlinking \n %s\n %s\n %s\n",
518 pid, pid_from_to_creator,
519 from_gdb ? from_gdb : "NULL",
520 to_gdb ? to_gdb : "NULL",
521 shared_mem ? shared_mem : "NULL");
522 if (pid == pid_from_to_creator && from_gdb && VG_(unlink) (from_gdb) == -1)
523 warning ("could not unlink %s\n", from_gdb);
524 if (pid == pid_from_to_creator && to_gdb && VG_(unlink) (to_gdb) == -1)
525 warning ("could not unlink %s\n", to_gdb);
526 if (pid == pid_from_to_creator && shared_mem && VG_(unlink) (shared_mem) == -1)
527 warning ("could not unlink %s\n", shared_mem);
528 free (from_gdb);
529 from_gdb = NULL;
530 free (to_gdb);
531 to_gdb = NULL;
532 free (shared_mem);
533 shared_mem = NULL;
534 }
535
remote_connected(void)536 Bool remote_connected(void)
537 {
538 return write_remote_desc != INVALID_DESCRIPTOR;
539 }
540
541 /* cleanup after an error detected by poll_cond */
542 static
error_poll_cond(void)543 void error_poll_cond(void)
544 {
545 /* if we will close the connection, we assume either that
546 all characters have been seen or that they will be dropped. */
547 shared->seen_by_valgrind = shared->written_by_vgdb;
548 remote_finish(reset_after_error);
549 }
550
551 /* remote_desc_activity might be used at high frequency if the user
552 gives a small value to --vgdb-poll. So, the function avoids
553 doing repetitively system calls by rather looking at the
554 counter values maintained in shared memory by vgdb. */
remote_desc_activity(const char * msg)555 int remote_desc_activity(const char *msg)
556 {
557 int retval;
558 SysRes ret;
559 const int looking_at = shared->written_by_vgdb;
560 if (shared->seen_by_valgrind == looking_at)
561 return 0;
562 if (remote_desc == INVALID_DESCRIPTOR)
563 return 0;
564
565 /* poll the remote desc */
566 remote_desc_pollfdread_activity.revents = 0;
567 ret = VG_(poll_no_eintr) (&remote_desc_pollfdread_activity, 1, 0);
568 if (sr_isError(ret)
569 || (sr_Res(ret) && poll_cond(remote_desc_pollfdread_activity.revents))) {
570 if (sr_isError(ret)) {
571 sr_extended_perror(ret, "remote_desc_activity: poll error\n");
572 } else {
573 dlog(0, "POLLcond %d remote_desc_pollfdread %d\n",
574 remote_desc_pollfdread_activity.revents, remote_desc);
575 error_poll_cond();
576 }
577 retval = 2;
578 } else {
579 retval = sr_Res(ret);
580 }
581 dlog(1,
582 "remote_desc_activity %s %d last_looked_cntr %d looking_at %d"
583 " shared->written_by_vgdb %d shared->seen_by_valgrind %d"
584 " retval %d\n",
585 msg, remote_desc, last_looked_cntr, looking_at,
586 shared->written_by_vgdb, shared->seen_by_valgrind,
587 retval);
588 /* if no error from poll, indicate we have "seen" up to looking_at */
589 if (retval == 1)
590 last_looked_cntr = looking_at;
591 return retval;
592 }
593
594 /* Convert hex digit A to a number. */
595
596 static
fromhex(int a)597 int fromhex (int a)
598 {
599 if (a >= '0' && a <= '9')
600 return a - '0';
601 else if (a >= 'a' && a <= 'f')
602 return a - 'a' + 10;
603 else
604 error ("Reply contains invalid hex digit 0x%x\n", (unsigned)a);
605 return 0;
606 }
607
unhexify(char * bin,const char * hex,int count)608 int unhexify (char *bin, const char *hex, int count)
609 {
610 int i;
611
612 for (i = 0; i < count; i++) {
613 if (hex[0] == 0 || hex[1] == 0) {
614 /* Hex string is short, or of uneven length.
615 Return the count that has been converted so far. */
616 return i;
617 }
618 *bin++ = fromhex (hex[0]) * 16 + fromhex (hex[1]);
619 hex += 2;
620 }
621 return i;
622 }
623
decode_address(CORE_ADDR * addrp,const char * start,int len)624 void decode_address (CORE_ADDR *addrp, const char *start, int len)
625 {
626 CORE_ADDR addr;
627 char ch;
628 int i;
629
630 addr = 0;
631 for (i = 0; i < len; i++) {
632 ch = start[i];
633 addr = addr << 4;
634 addr = addr | (fromhex (ch) & 0x0f);
635 }
636 *addrp = addr;
637 }
638
639 /* Convert number NIB to a hex digit. */
640
641 static
tohex(int nib)642 int tohex (int nib)
643 {
644 if (nib < 10)
645 return '0' + nib;
646 else
647 return 'a' + nib - 10;
648 }
649
hexify(char * hex,const char * bin,int count)650 int hexify (char *hex, const char *bin, int count)
651 {
652 int i;
653
654 /* May use a length, or a nul-terminated string as input. */
655 if (count == 0)
656 count = strlen (bin);
657
658 for (i = 0; i < count; i++) {
659 *hex++ = tohex ((*bin >> 4) & 0xf);
660 *hex++ = tohex (*bin++ & 0xf);
661 }
662 *hex = 0;
663 return i;
664 }
665
666 /* builds an image of bin according to byte order of the architecture
667 Useful for register and int image */
heximage(char * buf,char * bin,int count)668 char* heximage (char *buf, char *bin, int count)
669 {
670 #if (VKI_LITTLE_ENDIAN)
671 char rev[count];
672 /* note: no need for trailing \0, length is known with count */
673 int i;
674 for (i = 0; i < count; i++)
675 rev[i] = bin[count - i - 1];
676 hexify (buf, rev, count);
677 #else
678 hexify (buf, bin, count);
679 #endif
680 return buf;
681 }
682
C2v(CORE_ADDR addr)683 void* C2v(CORE_ADDR addr)
684 {
685 return (void*) addr;
686 }
687
688
689 /* Convert BUFFER, binary data at least LEN bytes long, into escaped
690 binary data in OUT_BUF. Set *OUT_LEN to the length of the data
691 encoded in OUT_BUF, and return the number of bytes in OUT_BUF
692 (which may be more than *OUT_LEN due to escape characters). The
693 total number of bytes in the output buffer will be at most
694 OUT_MAXLEN. */
695
696 int
remote_escape_output(const gdb_byte * buffer,int len,gdb_byte * out_buf,int * out_len,int out_maxlen)697 remote_escape_output (const gdb_byte *buffer, int len,
698 gdb_byte *out_buf, int *out_len,
699 int out_maxlen)
700 {
701 int input_index, output_index;
702
703 output_index = 0;
704 for (input_index = 0; input_index < len; input_index++) {
705 gdb_byte b = buffer[input_index];
706
707 if (b == '$' || b == '#' || b == '}' || b == '*') {
708 /* These must be escaped. */
709 if (output_index + 2 > out_maxlen)
710 break;
711 out_buf[output_index++] = '}';
712 out_buf[output_index++] = b ^ 0x20;
713 } else {
714 if (output_index + 1 > out_maxlen)
715 break;
716 out_buf[output_index++] = b;
717 }
718 }
719
720 *out_len = input_index;
721 return output_index;
722 }
723
724 /* Convert BUFFER, escaped data LEN bytes long, into binary data
725 in OUT_BUF. Return the number of bytes written to OUT_BUF.
726 Raise an error if the total number of bytes exceeds OUT_MAXLEN.
727
728 This function reverses remote_escape_output. It allows more
729 escaped characters than that function does, in particular because
730 '*' must be escaped to avoid the run-length encoding processing
731 in reading packets. */
732
733 static
remote_unescape_input(const gdb_byte * buffer,int len,gdb_byte * out_buf,int out_maxlen)734 int remote_unescape_input (const gdb_byte *buffer, int len,
735 gdb_byte *out_buf, int out_maxlen)
736 {
737 int input_index, output_index;
738 int escaped;
739
740 output_index = 0;
741 escaped = 0;
742 for (input_index = 0; input_index < len; input_index++) {
743 gdb_byte b = buffer[input_index];
744
745 if (output_index + 1 > out_maxlen)
746 error ("Received too much data (len %d) from the target.\n", len);
747
748 if (escaped) {
749 out_buf[output_index++] = b ^ 0x20;
750 escaped = 0;
751 } else if (b == '}') {
752 escaped = 1;
753 } else {
754 out_buf[output_index++] = b;
755 }
756 }
757
758 if (escaped)
759 error ("Unmatched escape character in target response.\n");
760
761 return output_index;
762 }
763
764 /* Look for a sequence of characters which can be run-length encoded.
765 If there are any, update *CSUM and *P. Otherwise, output the
766 single character. Return the number of characters consumed. */
767
768 static
try_rle(char * buf,int remaining,unsigned char * csum,char ** p)769 int try_rle (char *buf, int remaining, unsigned char *csum, char **p)
770 {
771 int n;
772
773 /* Always output the character. */
774 *csum += buf[0];
775 *(*p)++ = buf[0];
776
777 /* Don't go past '~'. */
778 if (remaining > 97)
779 remaining = 97;
780
781 for (n = 1; n < remaining; n++)
782 if (buf[n] != buf[0])
783 break;
784
785 /* N is the index of the first character not the same as buf[0].
786 buf[0] is counted twice, so by decrementing N, we get the number
787 of characters the RLE sequence will replace. */
788 n--;
789
790 if (n < 3)
791 return 1;
792
793 /* Skip the frame characters. The manual says to skip '+' and '-'
794 also, but there's no reason to. Unfortunately these two unusable
795 characters double the encoded length of a four byte zero
796 value. */
797 while (n + 29 == '$' || n + 29 == '#')
798 n--;
799
800 *csum += '*';
801 *(*p)++ = '*';
802 *csum += n + 29;
803 *(*p)++ = n + 29;
804
805 return n + 1;
806 }
807
808 /* Send a packet to the remote machine, with error checking.
809 The data of the packet is in BUF, and the length of the
810 packet is in CNT. Returns >= 0 on success, -1 otherwise. */
811
putpkt_binary(char * buf,int cnt)812 int putpkt_binary (char *buf, int cnt)
813 {
814 int i;
815 unsigned char csum = 0;
816 char *buf2;
817 char *p;
818 int cc;
819
820 buf2 = malloc (PBUFSIZ+POVERHSIZ);
821 // should malloc PBUFSIZ, but bypass GDB bug (see gdbserver_init in server.c)
822 vg_assert (5 == POVERHSIZ);
823 vg_assert (cnt <= PBUFSIZ); // be tolerant for GDB bug.
824
825 /* Copy the packet into buffer BUF2, encapsulating it
826 and giving it a checksum. */
827
828 p = buf2;
829 *p++ = '$';
830
831 for (i = 0; i < cnt;)
832 i += try_rle (buf + i, cnt - i, &csum, &p);
833
834 *p++ = '#';
835 *p++ = tohex ((csum >> 4) & 0xf);
836 *p++ = tohex (csum & 0xf);
837
838 *p = '\0';
839
840 /* we might have to write a pkt when out FIFO not yet/anymore opened */
841 if (!ensure_write_remote_desc()) {
842 warning ("putpkt(write) error: no write_remote_desc\n");
843 free (buf2);
844 return -1;
845 }
846
847 /* Send it once (noack_mode)
848 or send it over and over until we get a positive ack. */
849
850 do {
851 if (VG_(write) (write_remote_desc, buf2, p - buf2) != p - buf2) {
852 warning ("putpkt(write) error\n");
853 free (buf2);
854 return -1;
855 }
856
857 if (VG_(debugLog_getLevel)() >= 3) {
858 char *tracebuf = malloc(4 * (p - buf2) + 1); // worst case
859 char *tr = tracebuf;
860
861 for (UInt npr = 0; npr < p - buf2; npr++) {
862 UChar uc = (unsigned char)buf2[npr];
863 if (uc > 31 && uc < 127) {
864 *tr++ = uc;
865 } else {
866 *tr++ = '\\';
867 VG_(sprintf)(tr, "%03o", uc);
868 tr += 3;
869 }
870 }
871 *tr++ = 0;
872 dlog(3, "putpkt (\"%s\"); (%slen %d) %s\n", tracebuf,
873 strlen(tracebuf) == p - buf2 ? "binary " : "",
874 (int)(p - buf2),
875 noack_mode ? "[no ack]" : "[looking for ack]");
876 free (tracebuf);
877 }
878
879 if (noack_mode)
880 break;
881
882 cc = readchar (1);
883 if (cc > 0)
884 dlog(3, "[received '%c' (0x%x)]\n", cc, (unsigned)cc);
885
886 if (cc <= 0) {
887 if (cc == 0)
888 dlog(1, "putpkt(read): Got EOF\n");
889 else
890 warning ("putpkt(read) error\n");
891
892 free (buf2);
893 return -1;
894 }
895
896 /* Check for an input interrupt while we're here. */
897 if (cc == '\003')
898 dlog(1, "Received 0x03 character (SIGINT)\n");
899 }
900 while (cc != '+');
901
902 free (buf2);
903 return 1; /* Success! */
904 }
905
906 /* Send a packet to the remote machine, with error checking. The data
907 of the packet is in BUF, and the packet should be a NUL-terminated
908 string. Returns >= 0 on success, -1 otherwise. */
909
putpkt(char * buf)910 int putpkt (char *buf)
911 {
912 return putpkt_binary (buf, strlen (buf));
913 }
914
monitor_output(char * s)915 void monitor_output (char *s)
916 {
917 if (remote_connected()) {
918 const int len = strlen(s);
919 char *buf = malloc(1 + 2*len + 1);
920
921 buf[0] = 'O';
922 hexify(buf+1, s, len);
923 if (putpkt (buf) < 0) {
924 /* We probably have lost the connection with vgdb. */
925 reset_valgrind_sink("Error writing monitor output");
926 /* write again after reset */
927 VG_(printf) ("%s", s);
928 }
929
930 free (buf);
931 } else {
932 print_to_initial_valgrind_sink (s);
933 }
934 }
935
936 /* Returns next char from remote GDB. -1 if error. */
937 /* if single, only one character maximum can be read with
938 read system call. Otherwise, when reading an ack character
939 we might pile up the next gdb command in the static buf.
940 The read loop is then blocked in poll till gdb times out. */
941 static
readchar(int single)942 int readchar (int single)
943 {
944 static unsigned char buf[PBUFSIZ];
945 static int bufcnt = 0;
946 static unsigned char *bufp;
947 SysRes ret;
948
949 if (bufcnt-- > 0)
950 return *bufp++;
951
952 if (remote_desc == INVALID_DESCRIPTOR)
953 return -1;
954
955 /* No characters available in buf =>
956 wait for some characters to arrive */
957 remote_desc_pollfdread_activity.revents = 0;
958 ret = VG_(poll_no_eintr)(&remote_desc_pollfdread_activity, 1, -1);
959 if (sr_isError(ret) || sr_Res(ret) != 1) {
960 if (sr_isError(ret)) {
961 sr_extended_perror(ret, "readchar: poll error\n");
962 } else {
963 dlog(0, "readchar: poll got %d, expecting 1\n", (int)sr_Res(ret));
964 }
965 return -1;
966 }
967 if (single)
968 bufcnt = VG_(read) (remote_desc, buf, 1);
969 else
970 bufcnt = VG_(read) (remote_desc, buf, sizeof (buf));
971
972 if (bufcnt <= 0) {
973 if (bufcnt == 0)
974 dlog (1, "readchar: Got EOF\n");
975 else
976 warning ("readchar read error\n");
977
978 return -1;
979 }
980
981 shared->seen_by_valgrind += bufcnt;
982
983 /* If we have received a character and we do not yet have a
984 connection, we better open our "write" fifo to let vgdb open its
985 read fifo side */
986 if (write_remote_desc == INVALID_DESCRIPTOR
987 && !ensure_write_remote_desc()) {
988 dlog(1, "reachar: write_remote_desc could not be created");
989 }
990
991 bufp = buf;
992 bufcnt--;
993
994 if (poll_cond(remote_desc_pollfdread_activity.revents)) {
995 dlog(1, "readchar: POLLcond got %d\n",
996 remote_desc_pollfdread_activity.revents);
997 error_poll_cond();
998 }
999
1000 return *bufp++;
1001 }
1002
1003
1004 /* Read a packet from the remote machine, with error checking,
1005 and store it in BUF. Returns length of packet, or negative if error. */
1006
getpkt(char * buf)1007 int getpkt (char *buf)
1008 {
1009 char *bp;
1010 unsigned char csum, c1, c2;
1011 int c;
1012
1013 while (1) {
1014 csum = 0;
1015
1016 while (1) {
1017 c = readchar (0);
1018 if (c == '$')
1019 break;
1020 dlog(3, "[getpkt: discarding char '%c']\n", c);
1021 if (c < 0)
1022 return -1;
1023 }
1024
1025 bp = buf;
1026 while (1) {
1027 c = readchar (0);
1028 if (c < 0)
1029 return -1;
1030 if (c == '#')
1031 break;
1032 *bp++ = c;
1033 csum += c;
1034 }
1035 *bp = 0;
1036
1037 c1 = fromhex (readchar (0));
1038 c2 = fromhex (readchar (0));
1039
1040 if (csum == (c1 << 4) + c2)
1041 break;
1042
1043 dlog (0, "Bad checksum, sentsum=0x%x, csum=0x%x, buf=%s\n",
1044 (unsigned)(c1 << 4) + c2, (unsigned)csum, buf);
1045 if (!ensure_write_remote_desc()) {
1046 dlog(1, "getpkt(write nack) no write_remote_desc");
1047 }
1048 VG_(write) (write_remote_desc, "-", 1);
1049 }
1050
1051 if (noack_mode)
1052 dlog(3, "getpkt (\"%s\"); [no ack] \n", buf);
1053 else
1054 dlog(3, "getpkt (\"%s\"); [sending ack] \n", buf);
1055
1056 if (!noack_mode) {
1057 if (!ensure_write_remote_desc()) {
1058 dlog(1, "getpkt(write ack) no write_remote_desc");
1059 }
1060 VG_(write) (write_remote_desc, "+", 1);
1061 dlog(3, "[sent ack]\n");
1062 }
1063
1064 return bp - buf;
1065 }
1066
write_ok(char * buf)1067 void write_ok (char *buf)
1068 {
1069 buf[0] = 'O';
1070 buf[1] = 'K';
1071 buf[2] = '\0';
1072 }
1073
write_enn(char * buf)1074 void write_enn (char *buf)
1075 {
1076 /* Some day, we should define the meanings of the error codes... */
1077 buf[0] = 'E';
1078 buf[1] = '0';
1079 buf[2] = '1';
1080 buf[3] = '\0';
1081 }
1082
convert_int_to_ascii(const unsigned char * from,char * to,int n)1083 void convert_int_to_ascii (const unsigned char *from, char *to, int n)
1084 {
1085 int nib;
1086 int ch;
1087 while (n--) {
1088 ch = *from++;
1089 nib = ((ch & 0xf0) >> 4) & 0x0f;
1090 *to++ = tohex (nib);
1091 nib = ch & 0x0f;
1092 *to++ = tohex (nib);
1093 }
1094 *to++ = 0;
1095 }
1096
1097
convert_ascii_to_int(const char * from,unsigned char * to,int n)1098 void convert_ascii_to_int (const char *from, unsigned char *to, int n)
1099 {
1100 int nib1, nib2;
1101 while (n--) {
1102 nib1 = fromhex (*from++);
1103 nib2 = fromhex (*from++);
1104 *to++ = (((nib1 & 0x0f) << 4) & 0xf0) | (nib2 & 0x0f);
1105 }
1106 }
1107
1108 static
outreg(int regno,char * buf)1109 char * outreg (int regno, char *buf)
1110 {
1111 if ((regno >> 12) != 0)
1112 *buf++ = tohex ((regno >> 12) & 0xf);
1113 if ((regno >> 8) != 0)
1114 *buf++ = tohex ((regno >> 8) & 0xf);
1115 *buf++ = tohex ((regno >> 4) & 0xf);
1116 *buf++ = tohex (regno & 0xf);
1117 *buf++ = ':';
1118 collect_register_as_string (regno, buf);
1119 buf += 2 * register_size (regno);
1120 *buf++ = ';';
1121
1122 return buf;
1123 }
1124
prepare_resume_reply(char * buf,char status,unsigned char sig)1125 void prepare_resume_reply (char *buf, char status, unsigned char sig)
1126 {
1127 int nib;
1128
1129 *buf++ = status;
1130
1131 nib = ((sig & 0xf0) >> 4);
1132 *buf++ = tohex (nib);
1133 nib = sig & 0x0f;
1134 *buf++ = tohex (nib);
1135
1136 if (status == 'T') {
1137 const char **regp = gdbserver_expedite_regs;
1138
1139 if (valgrind_stopped_by_watchpoint()) {
1140 CORE_ADDR addr;
1141 int i;
1142
1143 strncpy (buf, "watch:", 6);
1144 buf += 6;
1145
1146 addr = valgrind_stopped_data_address ();
1147
1148 /* Convert each byte of the address into two hexadecimal chars.
1149 Note that we take sizeof (void *) instead of sizeof (addr);
1150 this is to avoid sending a 64-bit address to a 32-bit GDB. */
1151 for (i = sizeof (void *) * 2; i > 0; i--) {
1152 *buf++ = tohex ((addr >> (i - 1) * 4) & 0xf);
1153 }
1154 *buf++ = ';';
1155 }
1156
1157 if (valgrind_stopped_by_syscall () >= 0) {
1158 VG_(sprintf) (buf, "%s:%x;",
1159 valgrind_stopped_before_syscall ()
1160 ? "syscall_entry" : "syscall_return",
1161 valgrind_stopped_by_syscall ());
1162 buf += strlen (buf);
1163 }
1164
1165 while (*regp) {
1166 buf = outreg (find_regno (*regp), buf);
1167 regp ++;
1168 }
1169
1170 {
1171 unsigned int gdb_id_from_wait;
1172
1173 /* FIXME right place to set this? */
1174 thread_from_wait =
1175 ((struct inferior_list_entry *)current_inferior)->id;
1176 gdb_id_from_wait = thread_to_gdb_id (current_inferior);
1177
1178 dlog(1, "Writing resume reply for %lu\n", thread_from_wait);
1179 /* This if (1) ought to be unnecessary. But remote_wait in GDB
1180 will claim this event belongs to inferior_ptid if we do not
1181 specify a thread, and there's no way for gdbserver to know
1182 what inferior_ptid is. */
1183 if (1 || old_thread_from_wait != thread_from_wait) {
1184 general_thread = thread_from_wait;
1185 VG_(sprintf) (buf, "thread:%x;", gdb_id_from_wait);
1186 buf += strlen (buf);
1187 old_thread_from_wait = thread_from_wait;
1188 }
1189 }
1190 }
1191 /* For W and X, we're done. */
1192 *buf++ = 0;
1193 }
1194
decode_m_packet(char * from,CORE_ADDR * mem_addr_ptr,unsigned int * len_ptr)1195 void decode_m_packet (char *from, CORE_ADDR *mem_addr_ptr, unsigned int *len_ptr)
1196 {
1197 int i = 0, j = 0;
1198 char ch;
1199 *mem_addr_ptr = *len_ptr = 0;
1200
1201 while ((ch = from[i++]) != ',') {
1202 *mem_addr_ptr = *mem_addr_ptr << 4;
1203 *mem_addr_ptr |= fromhex (ch) & 0x0f;
1204 }
1205
1206 for (j = 0; j < 4; j++) {
1207 if ((ch = from[i++]) == 0)
1208 break;
1209 *len_ptr = *len_ptr << 4;
1210 *len_ptr |= fromhex (ch) & 0x0f;
1211 }
1212 }
1213
decode_M_packet(char * from,CORE_ADDR * mem_addr_ptr,unsigned int * len_ptr,unsigned char * to)1214 void decode_M_packet (char *from, CORE_ADDR *mem_addr_ptr, unsigned int *len_ptr,
1215 unsigned char *to)
1216 {
1217 int i = 0;
1218 char ch;
1219 *mem_addr_ptr = *len_ptr = 0;
1220
1221 while ((ch = from[i++]) != ',') {
1222 *mem_addr_ptr = *mem_addr_ptr << 4;
1223 *mem_addr_ptr |= fromhex (ch) & 0x0f;
1224 }
1225
1226 while ((ch = from[i++]) != ':') {
1227 *len_ptr = *len_ptr << 4;
1228 *len_ptr |= fromhex (ch) & 0x0f;
1229 }
1230
1231 convert_ascii_to_int (&from[i++], to, *len_ptr);
1232 }
1233
decode_X_packet(char * from,int packet_len,CORE_ADDR * mem_addr_ptr,unsigned int * len_ptr,unsigned char * to)1234 int decode_X_packet (char *from, int packet_len, CORE_ADDR *mem_addr_ptr,
1235 unsigned int *len_ptr, unsigned char *to)
1236 {
1237 int i = 0;
1238 char ch;
1239 *mem_addr_ptr = *len_ptr = 0;
1240
1241 while ((ch = from[i++]) != ',') {
1242 *mem_addr_ptr = *mem_addr_ptr << 4;
1243 *mem_addr_ptr |= fromhex (ch) & 0x0f;
1244 }
1245
1246 while ((ch = from[i++]) != ':') {
1247 *len_ptr = *len_ptr << 4;
1248 *len_ptr |= fromhex (ch) & 0x0f;
1249 }
1250
1251 if (remote_unescape_input ((const gdb_byte *) &from[i], packet_len - i,
1252 to, *len_ptr) != *len_ptr)
1253 return -1;
1254
1255 return 0;
1256 }
1257
1258
1259 /* Return the default path prefix for the named pipes (FIFOs) used by vgdb/gdb
1260 to communicate with valgrind */
1261 HChar *
VG_(vgdb_prefix_default)1262 VG_(vgdb_prefix_default)(void)
1263 {
1264 static HChar *prefix;
1265
1266 if (prefix == NULL) {
1267 const HChar *tmpdir = VG_(tmpdir)();
1268 prefix = malloc(strlen(tmpdir) + strlen("/vgdb-pipe") + 1);
1269 strcpy(prefix, tmpdir);
1270 strcat(prefix, "/vgdb-pipe");
1271 }
1272 return prefix;
1273 }
1274