2 * Copyright (c) 1991, 1992 Paul Kranenburg <pk@cs.few.eur.nl>
3 * Copyright (c) 1993 Branko Lankester <branko@hacktic.nl>
4 * Copyright (c) 1993, 1994, 1995, 1996 Rick Sladkey <jrs@world.std.com>
5 * Copyright (c) 1996-1999 Wichert Akkerman <wichert@cistron.nl>
6 * Copyright (c) 1999 IBM Deutschland Entwicklung GmbH, IBM Corporation
7 * Linux for s390 port by D.J. Barrow
8 * <barrow_dj@mail.yahoo.com,djbarrow@de.ibm.com>
11 * Redistribution and use in source and binary forms, with or without
12 * modification, are permitted provided that the following conditions
14 * 1. Redistributions of source code must retain the above copyright
15 * notice, this list of conditions and the following disclaimer.
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in the
18 * documentation and/or other materials provided with the distribution.
19 * 3. The name of the author may not be used to endorse or promote products
20 * derived from this software without specific prior written permission.
22 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
23 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
24 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
25 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
26 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
27 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
28 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
29 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
30 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
31 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
39 #include <sys/syscall.h>
41 #include <sys/param.h>
47 #include <machine/reg.h>
52 #if defined(linux) && (__GLIBC__ < 2 || (__GLIBC__ == 2 && __GLIBC_MINOR__ < 1))
53 #include <linux/ptrace.h>
56 #if defined(LINUX) && defined(IA64)
57 # include <asm/ptrace_offsets.h>
63 # define PTRACE_PEEKUSR PTRACE_PEEKUSER
64 #elif defined(HAVE_LINUX_PTRACE_H)
66 # ifdef HAVE_STRUCT_IA64_FPREG
67 # define ia64_fpreg XXX_ia64_fpreg
69 # ifdef HAVE_STRUCT_PT_ALL_USER_REGS
70 # define pt_all_user_regs XXX_pt_all_user_regs
72 #include <linux/ptrace.h>
74 # undef pt_all_user_regs
77 #ifdef SUNOS4_KERNEL_ARCH_KLUDGE
78 #include <sys/utsname.h>
79 #endif /* SUNOS4_KERNEL_ARCH_KLUDGE */
81 #if defined(LINUXSPARC) && defined (SPARC64)
82 # undef PTRACE_GETREGS
83 # define PTRACE_GETREGS PTRACE_GETREGS64
84 # undef PTRACE_SETREGS
85 # define PTRACE_SETREGS PTRACE_SETREGS64
90 #define MAX(a,b) (((a) > (b)) ? (a) : (b))
93 #define MIN(a,b) (((a) < (b)) ? (a) : (b))
97 tv_nz(struct timeval *a)
99 return a->tv_sec || a->tv_usec;
103 tv_cmp(struct timeval *a, struct timeval *b)
105 if (a->tv_sec < b->tv_sec
106 || (a->tv_sec == b->tv_sec && a->tv_usec < b->tv_usec))
108 if (a->tv_sec > b->tv_sec
109 || (a->tv_sec == b->tv_sec && a->tv_usec > b->tv_usec))
115 tv_float(struct timeval *tv)
117 return tv->tv_sec + tv->tv_usec/1000000.0;
121 tv_add(struct timeval *tv, struct timeval *a, struct timeval *b)
123 tv->tv_sec = a->tv_sec + b->tv_sec;
124 tv->tv_usec = a->tv_usec + b->tv_usec;
125 if (tv->tv_usec >= 1000000) {
127 tv->tv_usec -= 1000000;
132 tv_sub(struct timeval *tv, struct timeval *a, struct timeval *b)
134 tv->tv_sec = a->tv_sec - b->tv_sec;
135 tv->tv_usec = a->tv_usec - b->tv_usec;
136 if (((long) tv->tv_usec) < 0) {
138 tv->tv_usec += 1000000;
143 tv_div(struct timeval *tv, struct timeval *a, int n)
145 tv->tv_usec = (a->tv_sec % n * 1000000 + a->tv_usec + n / 2) / n;
146 tv->tv_sec = a->tv_sec / n + tv->tv_usec / 1000000;
147 tv->tv_usec %= 1000000;
151 tv_mul(struct timeval *tv, struct timeval *a, int n)
153 tv->tv_usec = a->tv_usec * n;
154 tv->tv_sec = a->tv_sec * n + tv->tv_usec / 1000000;
155 tv->tv_usec %= 1000000;
159 xlookup(const struct xlat *xlat, int val)
161 for (; xlat->str != NULL; xlat++)
162 if (xlat->val == val)
167 #if !defined HAVE_STPCPY
169 stpcpy(char *dst, const char *src)
171 while ((*dst = *src++) != '\0')
178 * Generic ptrace wrapper which tracks ESRCH errors
179 * by setting tcp->ptrace_errno to ESRCH.
181 * We assume that ESRCH indicates likely process death (SIGKILL?),
182 * modulo bugs where process somehow ended up not stopped.
183 * Unfortunately kernel uses ESRCH for that case too. Oh well.
185 * Currently used by upeek() only.
186 * TODO: use this in all other ptrace() calls while decoding.
189 do_ptrace(int request, struct tcb *tcp, void *addr, void *data)
194 l = ptrace(request, tcp->pid, addr, (long) data);
195 /* Non-ESRCH errors might be our invalid reg/mem accesses,
196 * we do not record them. */
198 tcp->ptrace_errno = ESRCH;
203 * Used when we want to unblock stopped traced process.
204 * Should be only used with PTRACE_CONT, PTRACE_DETACH and PTRACE_SYSCALL.
205 * Returns 0 on success or if error was ESRCH
206 * (presumably process was killed while we talk to it).
207 * Otherwise prints error message and returns -1.
210 ptrace_restart(int op, struct tcb *tcp, int sig)
216 ptrace(op, tcp->pid, (void *) 1, (long) sig);
218 if (!err || err == ESRCH)
221 tcp->ptrace_errno = err;
223 if (op == PTRACE_CONT)
225 if (op == PTRACE_DETACH)
228 if (op == PTRACE_LISTEN)
231 perror_msg("ptrace(PTRACE_%s,1,%d)", msg, sig);
236 * Print entry in struct xlat table, if there.
239 printxval(const struct xlat *xlat, int val, const char *dflt)
241 const char *str = xlookup(xlat, val);
246 tprintf("%#x /* %s */", val, dflt);
251 * Print 64bit argument at position llarg and return the index of the next
255 printllval(struct tcb *tcp, const char *format, int llarg)
257 # if defined(FREEBSD) \
258 || (defined(LINUX) && defined(POWERPC) && !defined(POWERPC64)) \
259 || defined(LINUX_MIPSO32) \
260 || defined(__ARM_EABI__)
261 /* Align 64bit argument to 64bit boundary. */
262 llarg = (llarg + 1) & 0x1e;
264 # if defined LINUX && (defined X86_64 || defined POWERPC64)
265 if (current_personality == 0) {
266 tprintf(format, tcp->u_arg[llarg]);
270 /* Align 64bit argument to 64bit boundary. */
271 llarg = (llarg + 1) & 0x1e;
273 tprintf(format, LONG_LONG(tcp->u_arg[llarg], tcp->u_arg[llarg + 1]));
276 # elif defined IA64 || defined ALPHA
277 tprintf(format, tcp->u_arg[llarg]);
279 # elif defined LINUX_MIPSN32
280 tprintf(format, tcp->ext_arg[llarg]);
283 tprintf(format, LONG_LONG(tcp->u_arg[llarg], tcp->u_arg[llarg + 1]));
291 * Interpret `xlat' as an array of flags
292 * print the entries whose bits are on in `flags'
293 * return # of flags printed.
296 addflags(const struct xlat *xlat, int flags)
298 for (; xlat->str; xlat++) {
299 if (xlat->val && (flags & xlat->val) == xlat->val) {
300 tprintf("|%s", xlat->str);
305 tprintf("|%#x", flags);
310 * Interpret `xlat' as an array of flags.
311 * Print to static string the entries whose bits are on in `flags'
312 * Return static string.
315 sprintflags(const char *prefix, const struct xlat *xlat, int flags)
317 static char outstr[1024];
321 outptr = stpcpy(outstr, prefix);
323 for (; xlat->str; xlat++) {
324 if ((flags & xlat->val) == xlat->val) {
327 outptr = stpcpy(outptr, xlat->str);
337 outptr += sprintf(outptr, "%#x", flags);
344 printflags(const struct xlat *xlat, int flags, const char *dflt)
349 if (flags == 0 && xlat->val == 0) {
355 for (n = 0; xlat->str; xlat++) {
356 if (xlat->val && (flags & xlat->val) == xlat->val) {
357 tprintf("%s%s", sep, xlat->str);
366 tprintf("%s%#x", sep, flags);
371 tprintf("%#x", flags);
373 tprintf(" /* %s */", dflt);
384 printnum(struct tcb *tcp, long addr, const char *fmt)
392 if (umove(tcp, addr, &num) < 0) {
393 tprintf("%#lx", addr);
402 printnum_int(struct tcb *tcp, long addr, const char *fmt)
410 if (umove(tcp, addr, &num) < 0) {
411 tprintf("%#lx", addr);
420 printfd(struct tcb *tcp, int fd)
424 if (show_fd_path && (p = getfdpath(tcp, fd)))
425 tprintf("%d<%s>", fd, p);
431 printuid(const char *text, unsigned long uid)
433 tprintf((uid == -1) ? "%s%ld" : "%s%lu", text, uid);
437 * Quote string `instr' of length `size'
438 * Write up to (3 + `size' * 4) bytes to `outstr' buffer.
439 * If `len' < 0, treat `instr' as a NUL-terminated string
440 * and quote at most (`size' - 1) bytes.
442 * Returns 0 if len < 0 and NUL was seen, 1 otherwise.
443 * Note that if len >= 0, always returns 1.
446 string_quote(const char *instr, char *outstr, int len, int size)
448 const unsigned char *ustr = (const unsigned char *) instr;
450 int usehex, c, i, eol;
452 eol = 0x100; /* this can never match a char */
462 /* Check for presence of symbol which require
463 to hex-quote the whole string. */
464 for (i = 0; i < size; ++i) {
466 /* Check for NUL-terminated string. */
469 if (!isprint(c) && !isspace(c)) {
479 /* Hex-quote the whole string. */
480 for (i = 0; i < size; ++i) {
482 /* Check for NUL-terminated string. */
487 *s++ = "0123456789abcdef"[c >> 4];
488 *s++ = "0123456789abcdef"[c & 0xf];
491 for (i = 0; i < size; ++i) {
493 /* Check for NUL-terminated string. */
497 case '\"': case '\\':
528 && ustr[i + 1] >= '0'
529 && ustr[i + 1] <= '9'
532 *s++ = '0' + (c >> 6);
533 *s++ = '0' + ((c >> 3) & 0x7);
538 *s++ = '0' + (c >> 6);
539 *s++ = '0' + ((c >> 3) & 0x7);
542 *s++ = '0' + (c & 0x7);
552 /* Return zero if we printed entire ASCIZ string (didn't truncate it) */
553 if (len < 0 && ustr[i] == '\0') {
554 /* We didn't see NUL yet (otherwise we'd jump to 'asciz_ended')
555 * but next char is NUL.
565 /* Return zero: we printed entire ASCIZ string (didn't truncate it) */
570 * Print path string specified by address `addr' and length `n'.
571 * If path length exceeds `n', append `...' to the output.
574 printpathn(struct tcb *tcp, long addr, int n)
576 char path[MAXPATHLEN + 1];
584 /* Cap path length to the path buffer size */
585 if (n > sizeof path - 1)
588 /* Fetch one byte more to find out whether path length > n. */
589 nul_seen = umovestr(tcp, addr, n + 1, path);
591 tprintf("%#lx", addr);
597 outstr = alloca(4 * n); /* 4*(n-1) + 3 for quotes and NUL */
598 string_quote(path, outstr, -1, n);
606 printpath(struct tcb *tcp, long addr)
608 /* Size must correspond to char path[] size in printpathn */
609 printpathn(tcp, addr, MAXPATHLEN);
613 * Print string specified by address `addr' and length `len'.
614 * If `len' < 0, treat the string as a NUL-terminated string.
615 * If string length exceeds `max_strlen', append `...' to the output.
618 printstr(struct tcb *tcp, long addr, int len)
620 static char *str = NULL;
629 /* Allocate static buffers if they are not allocated yet. */
631 str = malloc(max_strlen + 1);
634 outstr = malloc(4 * max_strlen + /*for quotes and NUL:*/ 3);
641 * Treat as a NUL-terminated string: fetch one byte more
642 * because string_quote() quotes one byte less.
644 size = max_strlen + 1;
645 if (umovestr(tcp, addr, size, str) < 0) {
646 tprintf("%#lx", addr);
651 size = MIN(len, max_strlen);
652 if (umoven(tcp, addr, size, str) < 0) {
653 tprintf("%#lx", addr);
658 /* If string_quote didn't see NUL and (it was supposed to be ASCIZ str
659 * or we were requested to print more than -s NUM chars)...
661 ellipsis = (string_quote(str, outstr, len, size) &&
662 (len < 0 || len > max_strlen));
671 dumpiov(struct tcb *tcp, int len, long addr)
673 #if defined(LINUX) && SUPPORTED_PERSONALITIES > 1
675 struct { u_int32_t base; u_int32_t len; } *iov32;
676 struct { u_int64_t base; u_int64_t len; } *iov64;
678 #define iov iovu.iov64
680 (personality_wordsize[current_personality] == 4 \
681 ? sizeof(*iovu.iov32) : sizeof(*iovu.iov64))
682 #define iov_iov_base(i) \
683 (personality_wordsize[current_personality] == 4 \
684 ? (u_int64_t) iovu.iov32[i].base : iovu.iov64[i].base)
685 #define iov_iov_len(i) \
686 (personality_wordsize[current_personality] == 4 \
687 ? (u_int64_t) iovu.iov32[i].len : iovu.iov64[i].len)
690 #define sizeof_iov sizeof(*iov)
691 #define iov_iov_base(i) iov[i].iov_base
692 #define iov_iov_len(i) iov[i].iov_len
697 size = sizeof_iov * len;
698 /* Assuming no sane program has millions of iovs */
699 if ((unsigned)len > 1024*1024 /* insane or negative size? */
700 || (iov = malloc(size)) == NULL) {
701 fprintf(stderr, "Out of memory\n");
704 if (umoven(tcp, addr, size, (char *) iov) >= 0) {
705 for (i = 0; i < len; i++) {
706 /* include the buffer number to make it easy to
707 * match up the trace with the source */
708 tprintf(" * %lu bytes in buffer %d\n",
709 (unsigned long)iov_iov_len(i), i);
710 dumpstr(tcp, (long) iov_iov_base(i),
723 dumpstr(struct tcb *tcp, long addr, int len)
725 static int strsize = -1;
726 static unsigned char *str;
735 fprintf(stderr, "Out of memory\n");
741 if (umoven(tcp, addr, len, (char *) str) < 0)
744 for (i = 0; i < len; i += 16) {
748 sprintf(s, " | %05x ", i);
750 for (j = 0; j < 16; j++) {
754 sprintf(s, " %02x", str[i + j]);
758 *s++ = ' '; *s++ = ' '; *s++ = ' ';
761 *s++ = ' '; *s++ = ' ';
762 for (j = 0; j < 16; j++) {
766 if (isprint(str[i + j]))
774 tprintf("%s |\n", outstr);
779 #ifdef HAVE_PROCESS_VM_READV
780 /* C library supports this, but the kernel might not. */
781 static bool process_vm_readv_not_supported = 0;
784 /* Need to do this since process_vm_readv() is not yet available in libc.
785 * When libc is be updated, only "static bool process_vm_readv_not_supported"
786 * line should remain.
788 #if !defined(__NR_process_vm_readv)
790 # define __NR_process_vm_readv 347
791 # elif defined(X86_64)
792 # define __NR_process_vm_readv 310
793 # elif defined(POWERPC)
794 # define __NR_process_vm_readv 351
798 #if defined(__NR_process_vm_readv)
799 static bool process_vm_readv_not_supported = 0;
800 static ssize_t process_vm_readv(pid_t pid,
801 const struct iovec *lvec,
802 unsigned long liovcnt,
803 const struct iovec *rvec,
804 unsigned long riovcnt,
807 return syscall(__NR_process_vm_readv, (long)pid, lvec, liovcnt, rvec, riovcnt, flags);
810 static bool process_vm_readv_not_supported = 1;
811 # define process_vm_readv(...) (errno = ENOSYS, -1)
814 #endif /* end of hack */
817 #define PAGMASK (~(PAGSIZ - 1))
819 * move `len' bytes of data from process `pid'
820 * at address `addr' to our space at `laddr'
823 umoven(struct tcb *tcp, long addr, int len, char *laddr)
831 char x[sizeof(long)];
834 if (!process_vm_readv_not_supported) {
835 struct iovec local[1], remote[1];
838 local[0].iov_base = laddr;
839 remote[0].iov_base = (void*)addr;
840 local[0].iov_len = remote[0].iov_len = len;
841 r = process_vm_readv(pid,
848 process_vm_readv_not_supported = 1;
849 else if (errno != EINVAL) /* EINVAL is seen if process is gone */
851 perror("process_vm_readv");
852 goto vm_readv_didnt_work;
858 #if SUPPORTED_PERSONALITIES > 1
859 if (personality_wordsize[current_personality] < sizeof(addr))
860 addr &= (1ul << 8 * personality_wordsize[current_personality]) - 1;
864 if (addr & (sizeof(long) - 1)) {
865 /* addr not a multiple of sizeof(long) */
866 n = addr - (addr & -sizeof(long)); /* residue */
867 addr &= -sizeof(long); /* residue */
869 u.val = ptrace(PTRACE_PEEKDATA, pid, (char *) addr, 0);
871 /* But if not started, we had a bogus address. */
872 if (addr != 0 && errno != EIO && errno != ESRCH)
873 perror("ptrace: umoven");
877 m = MIN(sizeof(long) - n, len);
878 memcpy(laddr, &u.x[n], m);
879 addr += sizeof(long), laddr += m, len -= m;
883 u.val = ptrace(PTRACE_PEEKDATA, pid, (char *) addr, 0);
885 if (started && (errno==EPERM || errno==EIO)) {
886 /* Ran into 'end of memory' - stupid "printpath" */
889 if (addr != 0 && errno != EIO && errno != ESRCH)
890 perror("ptrace: umoven");
894 m = MIN(sizeof(long), len);
895 memcpy(laddr, u.x, m);
896 addr += sizeof(long), laddr += m, len -= m;
905 n = MIN(len, PAGSIZ);
906 n = MIN(n, ((addr + PAGSIZ) & PAGMASK) - addr);
907 if (ptrace(PTRACE_READDATA, pid,
908 (char *) addr, len, laddr) < 0) {
909 if (errno != ESRCH) {
910 perror("umoven: ptrace(PTRACE_READDATA, ...)");
922 #ifdef HAVE_MP_PROCFS
923 int fd = tcp->pfd_as;
927 lseek(fd, addr, SEEK_SET);
928 if (read(fd, laddr, len) == -1)
930 #endif /* USE_PROCFS */
936 * Like `umove' but make the additional effort of looking
937 * for a terminating zero byte.
939 * Returns < 0 on error, > 0 if NUL was seen,
940 * (TODO if useful: return count of bytes including NUL),
941 * else 0 if len bytes were read but no NUL byte seen.
943 * Note: there is no guarantee we won't overwrite some bytes
944 * in laddr[] _after_ terminating NUL (but, of course,
945 * we never write past laddr[len-1]).
948 umovestr(struct tcb *tcp, long addr, int len, char *laddr)
951 # ifdef HAVE_MP_PROCFS
952 int fd = tcp->pfd_as;
956 /* Some systems (e.g. FreeBSD) can be upset if we read off the
957 end of valid memory, avoid this by trying to read up
958 to page boundaries. But we don't know what a page is (and
959 getpagesize(2) (if it exists) doesn't necessarily return
960 hardware page size). Assume all pages >= 1024 (a-historical
963 int page = 1024; /* How to find this? */
964 int move = page - (addr & (page - 1));
967 lseek(fd, addr, SEEK_SET);
972 move = read(fd, laddr, move);
974 return left != len ? 0 : -1;
975 if (memchr(laddr, 0, move))
983 #else /* !USE_PROCFS */
989 char x[sizeof(long)];
992 #if SUPPORTED_PERSONALITIES > 1
993 if (personality_wordsize[current_personality] < sizeof(addr))
994 addr &= (1ul << 8 * personality_wordsize[current_personality]) - 1;
997 if (!process_vm_readv_not_supported) {
998 struct iovec local[1], remote[1];
1000 local[0].iov_base = laddr;
1001 remote[0].iov_base = (void*)addr;
1008 /* Don't read kilobytes: most strings are short */
1010 if (chunk_len > 256)
1012 /* Don't cross pages. I guess otherwise we can get EFAULT
1013 * and fail to notice that terminating NUL lies
1014 * in the existing (first) page.
1015 * (I hope there aren't arches with pages < 4K)
1017 end_in_page = ((addr + chunk_len) & 4095);
1018 r = chunk_len - end_in_page;
1019 if (r > 0) /* if chunk_len > end_in_page */
1020 chunk_len = r; /* chunk_len -= end_in_page */
1022 local[0].iov_len = remote[0].iov_len = chunk_len;
1023 r = process_vm_readv(pid,
1029 if (errno == ENOSYS)
1030 process_vm_readv_not_supported = 1;
1031 else if (errno != EINVAL) /* EINVAL is seen if process is gone */
1033 perror("process_vm_readv");
1034 goto vm_readv_didnt_work;
1036 if (memchr(local[0].iov_base, '\0', r))
1038 local[0].iov_base += r;
1039 remote[0].iov_base += r;
1044 vm_readv_didnt_work:
1047 if (addr & (sizeof(long) - 1)) {
1048 /* addr not a multiple of sizeof(long) */
1049 n = addr - (addr & -sizeof(long)); /* residue */
1050 addr &= -sizeof(long); /* residue */
1052 u.val = ptrace(PTRACE_PEEKDATA, pid, (char *)addr, 0);
1054 if (addr != 0 && errno != EIO && errno != ESRCH)
1059 m = MIN(sizeof(long) - n, len);
1060 memcpy(laddr, &u.x[n], m);
1061 while (n & (sizeof(long) - 1))
1062 if (u.x[n++] == '\0')
1064 addr += sizeof(long), laddr += m, len -= m;
1068 u.val = ptrace(PTRACE_PEEKDATA, pid, (char *)addr, 0);
1070 if (started && (errno==EPERM || errno==EIO)) {
1071 /* Ran into 'end of memory' - stupid "printpath" */
1074 if (addr != 0 && errno != EIO && errno != ESRCH)
1079 m = MIN(sizeof(long), len);
1080 memcpy(laddr, u.x, m);
1081 for (i = 0; i < sizeof(long); i++)
1084 addr += sizeof(long), laddr += m, len -= m;
1086 #endif /* !USE_PROCFS */
1091 # if !defined (SPARC) && !defined(SPARC64)
1092 # define PTRACE_WRITETEXT 101
1093 # define PTRACE_WRITEDATA 102
1094 # endif /* !SPARC && !SPARC64 */
1100 uload(int cmd, int pid, long addr, int len, char *laddr)
1106 char x[sizeof(long)];
1109 if (cmd == PTRACE_WRITETEXT) {
1110 peek = PTRACE_PEEKTEXT;
1111 poke = PTRACE_POKETEXT;
1114 peek = PTRACE_PEEKDATA;
1115 poke = PTRACE_POKEDATA;
1117 if (addr & (sizeof(long) - 1)) {
1118 /* addr not a multiple of sizeof(long) */
1119 n = addr - (addr & -sizeof(long)); /* residue */
1120 addr &= -sizeof(long);
1122 u.val = ptrace(peek, pid, (char *) addr, 0);
1124 perror("uload: POKE");
1127 m = MIN(sizeof(long) - n, len);
1128 memcpy(&u.x[n], laddr, m);
1129 if (ptrace(poke, pid, (char *)addr, u.val) < 0) {
1130 perror("uload: POKE");
1133 addr += sizeof(long), laddr += m, len -= m;
1136 if (len < sizeof(long))
1137 u.val = ptrace(peek, pid, (char *) addr, 0);
1138 m = MIN(sizeof(long), len);
1139 memcpy(u.x, laddr, m);
1140 if (ptrace(poke, pid, (char *) addr, u.val) < 0) {
1141 perror("uload: POKE");
1144 addr += sizeof(long), laddr += m, len -= m;
1150 tload(int pid, int addr, int len, char *laddr)
1152 return uload(PTRACE_WRITETEXT, pid, addr, len, laddr);
1156 dload(int pid, int addr, int len, char *laddr)
1158 return uload(PTRACE_WRITEDATA, pid, addr, len, laddr);
1166 upeek(struct tcb *tcp, long off, long *res)
1170 # ifdef SUNOS4_KERNEL_ARCH_KLUDGE
1172 static int is_sun4m = -1;
1173 struct utsname name;
1175 /* Round up the usual suspects. */
1176 if (is_sun4m == -1) {
1177 if (uname(&name) < 0) {
1178 perror("upeek: uname?");
1181 is_sun4m = strcmp(name.machine, "sun4m") == 0;
1183 const struct xlat *x;
1185 for (x = struct_user_offsets; x->str; x++)
1192 # endif /* SUNOS4_KERNEL_ARCH_KLUDGE */
1194 val = do_ptrace(PTRACE_PEEKUSER, tcp, (char *) off, 0);
1195 if (val == -1 && errno) {
1196 if (errno != ESRCH) {
1198 sprintf(buf, "upeek: ptrace(PTRACE_PEEKUSER,%d,%lu,0)", tcp->pid, off);
1207 #endif /* !USE_PROCFS */
1210 printcall(struct tcb *tcp)
1212 #define PRINTBADPC tprintf(sizeof(long) == 4 ? "[????????] " : \
1213 sizeof(long) == 8 ? "[????????????????] " : \
1220 if (upeek(tcp, 4*EIP, &eip) < 0) {
1224 tprintf("[%08lx] ", eip);
1226 # elif defined(S390) || defined(S390X)
1228 if (upeek(tcp, PT_PSWADDR, &psw) < 0) {
1233 tprintf("[%08lx] ", psw);
1235 tprintf("[%16lx] ", psw);
1238 # elif defined(X86_64)
1241 if (upeek(tcp, 8*RIP, &rip) < 0) {
1245 tprintf("[%16lx] ", rip);
1246 # elif defined(IA64)
1249 if (upeek(tcp, PT_B0, &ip) < 0) {
1253 tprintf("[%08lx] ", ip);
1254 # elif defined(POWERPC)
1257 if (upeek(tcp, sizeof(unsigned long)*PT_NIP, &pc) < 0) {
1262 tprintf("[%016lx] ", pc);
1264 tprintf("[%08lx] ", pc);
1266 # elif defined(M68K)
1269 if (upeek(tcp, 4*PT_PC, &pc) < 0) {
1270 tprints("[????????] ");
1273 tprintf("[%08lx] ", pc);
1274 # elif defined(ALPHA)
1277 if (upeek(tcp, REG_PC, &pc) < 0) {
1278 tprints("[????????????????] ");
1281 tprintf("[%08lx] ", pc);
1282 # elif defined(SPARC) || defined(SPARC64)
1283 struct pt_regs regs;
1284 if (ptrace(PTRACE_GETREGS, tcp->pid, (char *)®s, 0) < 0) {
1288 # if defined(SPARC64)
1289 tprintf("[%08lx] ", regs.tpc);
1291 tprintf("[%08lx] ", regs.pc);
1293 # elif defined(HPPA)
1296 if (upeek(tcp, PT_IAOQ0, &pc) < 0) {
1297 tprints("[????????] ");
1300 tprintf("[%08lx] ", pc);
1301 # elif defined(MIPS)
1304 if (upeek(tcp, REG_EPC, &pc) < 0) {
1305 tprints("[????????] ");
1308 tprintf("[%08lx] ", pc);
1312 if (upeek(tcp, 4*REG_PC, &pc) < 0) {
1313 tprints("[????????] ");
1316 tprintf("[%08lx] ", pc);
1317 # elif defined(SH64)
1320 if (upeek(tcp, REG_PC, &pc) < 0) {
1321 tprints("[????????????????] ");
1324 tprintf("[%08lx] ", pc);
1328 if (upeek(tcp, 4*15, &pc) < 0) {
1332 tprintf("[%08lx] ", pc);
1333 # elif defined(AVR32)
1336 if (upeek(tcp, REG_PC, &pc) < 0) {
1337 tprints("[????????] ");
1340 tprintf("[%08lx] ", pc);
1341 # elif defined(BFIN)
1344 if (upeek(tcp, PT_PC, &pc) < 0) {
1348 tprintf("[%08lx] ", pc);
1349 #elif defined(CRISV10)
1352 if (upeek(tcp, 4*PT_IRP, &pc) < 0) {
1356 tprintf("[%08lx] ", pc);
1357 #elif defined(CRISV32)
1360 if (upeek(tcp, 4*PT_ERP, &pc) < 0) {
1364 tprintf("[%08lx] ", pc);
1365 # endif /* architecture */
1371 if (ptrace(PTRACE_GETREGS, tcp->pid, (char *) ®s, 0) < 0) {
1372 perror("printcall: ptrace(PTRACE_GETREGS, ...)");
1376 tprintf("[%08x] ", regs.r_o7);
1386 pread(tcp->pfd_reg, ®s, sizeof(regs), 0);
1387 tprintf("[%08x] ", regs.r_eip);
1388 #endif /* FREEBSD */
1393 * These #if's are huge, please indent them correctly.
1394 * It's easy to get confused otherwise.
1400 # include "syscall.h"
1402 # include <sys/syscall.h>
1403 # ifndef CLONE_PTRACE
1404 # define CLONE_PTRACE 0x00002000
1406 # ifndef CLONE_VFORK
1407 # define CLONE_VFORK 0x00004000
1410 # define CLONE_VM 0x00000100
1412 # ifndef CLONE_STOPPED
1413 # define CLONE_STOPPED 0x02000000
1418 typedef unsigned long *arg_setup_state;
1421 arg_setup(struct tcb *tcp, arg_setup_state *state)
1423 unsigned long cfm, sof, sol;
1427 /* Satisfy a false GCC warning. */
1432 if (upeek(tcp, PT_AR_BSP, &bsp) < 0)
1434 if (upeek(tcp, PT_CFM, (long *) &cfm) < 0)
1437 sof = (cfm >> 0) & 0x7f;
1438 sol = (cfm >> 7) & 0x7f;
1439 bsp = (long) ia64_rse_skip_regs((unsigned long *) bsp, -sof + sol);
1441 *state = (unsigned long *) bsp;
1445 # define arg_finish_change(tcp, state) 0
1448 get_arg0(struct tcb *tcp, arg_setup_state *state, long *valp)
1453 ret = upeek(tcp, PT_R11, valp);
1456 (unsigned long) ia64_rse_skip_regs(*state, 0),
1457 sizeof(long), (void *) valp);
1462 get_arg1(struct tcb *tcp, arg_setup_state *state, long *valp)
1467 ret = upeek(tcp, PT_R9, valp);
1470 (unsigned long) ia64_rse_skip_regs(*state, 1),
1471 sizeof(long), (void *) valp);
1476 set_arg0(struct tcb *tcp, arg_setup_state *state, long val)
1478 int req = PTRACE_POKEDATA;
1482 ap = (void *) (intptr_t) PT_R11; /* r11 == EBX */
1483 req = PTRACE_POKEUSER;
1485 ap = ia64_rse_skip_regs(*state, 0);
1487 ptrace(req, tcp->pid, ap, val);
1488 return errno ? -1 : 0;
1492 set_arg1(struct tcb *tcp, arg_setup_state *state, long val)
1494 int req = PTRACE_POKEDATA;
1498 ap = (void *) (intptr_t) PT_R9; /* r9 == ECX */
1499 req = PTRACE_POKEUSER;
1501 ap = ia64_rse_skip_regs(*state, 1);
1503 ptrace(req, tcp->pid, ap, val);
1504 return errno ? -1 : 0;
1507 /* ia64 does not return the input arguments from functions (and syscalls)
1508 according to ia64 RSE (Register Stack Engine) behavior. */
1510 # define restore_arg0(tcp, state, val) ((void) (state), 0)
1511 # define restore_arg1(tcp, state, val) ((void) (state), 0)
1513 # elif defined (SPARC) || defined (SPARC64)
1515 typedef struct pt_regs arg_setup_state;
1517 # define arg_setup(tcp, state) \
1518 (ptrace(PTRACE_GETREGS, tcp->pid, (char *) (state), 0))
1519 # define arg_finish_change(tcp, state) \
1520 (ptrace(PTRACE_SETREGS, tcp->pid, (char *) (state), 0))
1522 # define get_arg0(tcp, state, valp) (*(valp) = (state)->u_regs[U_REG_O0], 0)
1523 # define get_arg1(tcp, state, valp) (*(valp) = (state)->u_regs[U_REG_O1], 0)
1524 # define set_arg0(tcp, state, val) ((state)->u_regs[U_REG_O0] = (val), 0)
1525 # define set_arg1(tcp, state, val) ((state)->u_regs[U_REG_O1] = (val), 0)
1526 # define restore_arg0(tcp, state, val) 0
1528 # else /* other architectures */
1530 # if defined S390 || defined S390X
1531 /* Note: this is only true for the `clone' system call, which handles
1532 arguments specially. We could as well say that its first two arguments
1533 are swapped relative to other architectures, but that would just be
1534 another #ifdef in the calls. */
1535 # define arg0_offset PT_GPR3
1536 # define arg1_offset PT_ORIGGPR2
1537 # define restore_arg0(tcp, state, val) ((void) (state), 0)
1538 # define restore_arg1(tcp, state, val) ((void) (state), 0)
1539 # define arg0_index 1
1540 # define arg1_index 0
1541 # elif defined (ALPHA) || defined (MIPS)
1542 # define arg0_offset REG_A0
1543 # define arg1_offset (REG_A0+1)
1544 # elif defined (AVR32)
1545 # define arg0_offset (REG_R12)
1546 # define arg1_offset (REG_R11)
1547 # elif defined (POWERPC)
1548 # define arg0_offset (sizeof(unsigned long)*PT_R3)
1549 # define arg1_offset (sizeof(unsigned long)*PT_R4)
1550 # define restore_arg0(tcp, state, val) ((void) (state), 0)
1551 # elif defined (HPPA)
1552 # define arg0_offset PT_GR26
1553 # define arg1_offset (PT_GR26-4)
1554 # elif defined (X86_64)
1555 # define arg0_offset ((long)(8*(current_personality ? RBX : RDI)))
1556 # define arg1_offset ((long)(8*(current_personality ? RCX : RSI)))
1558 # define arg0_offset (4*(REG_REG0+4))
1559 # define arg1_offset (4*(REG_REG0+5))
1560 # elif defined (SH64)
1561 /* ABI defines arg0 & 1 in r2 & r3 */
1562 # define arg0_offset (REG_OFFSET+16)
1563 # define arg1_offset (REG_OFFSET+24)
1564 # define restore_arg0(tcp, state, val) 0
1565 # elif defined CRISV10 || defined CRISV32
1566 # define arg0_offset (4*PT_R11)
1567 # define arg1_offset (4*PT_ORIG_R10)
1568 # define restore_arg0(tcp, state, val) 0
1569 # define restore_arg1(tcp, state, val) 0
1570 # define arg0_index 1
1571 # define arg1_index 0
1573 # define arg0_offset 0
1574 # define arg1_offset 4
1576 # define restore_arg0(tcp, state, val) 0
1580 typedef int arg_setup_state;
1582 # define arg_setup(tcp, state) (0)
1583 # define arg_finish_change(tcp, state) 0
1584 # define get_arg0(tcp, cookie, valp) \
1585 (upeek((tcp), arg0_offset, (valp)))
1586 # define get_arg1(tcp, cookie, valp) \
1587 (upeek((tcp), arg1_offset, (valp)))
1590 set_arg0(struct tcb *tcp, void *cookie, long val)
1592 return ptrace(PTRACE_POKEUSER, tcp->pid, (char*)arg0_offset, val);
1596 set_arg1(struct tcb *tcp, void *cookie, long val)
1598 return ptrace(PTRACE_POKEUSER, tcp->pid, (char*)arg1_offset, val);
1601 # endif /* architectures */
1603 # ifndef restore_arg0
1604 # define restore_arg0(tcp, state, val) set_arg0((tcp), (state), (val))
1606 # ifndef restore_arg1
1607 # define restore_arg1(tcp, state, val) set_arg1((tcp), (state), (val))
1611 # define arg0_index 0
1612 # define arg1_index 1
1616 setbpt(struct tcb *tcp)
1618 static int clone_scno[SUPPORTED_PERSONALITIES] = { SYS_clone };
1619 arg_setup_state state;
1621 if (tcp->flags & TCB_BPTSET) {
1622 fprintf(stderr, "PANIC: TCB already set in pid %u\n", tcp->pid);
1627 * It's a silly kludge to initialize this with a search at runtime.
1628 * But it's better than maintaining another magic thing in the
1629 * godforsaken tables.
1631 if (clone_scno[current_personality] == 0) {
1633 for (i = 0; i < nsyscalls; ++i)
1634 if (sysent[i].sys_func == sys_clone) {
1635 clone_scno[current_personality] = i;
1640 if (sysent[tcp->scno].sys_func == sys_fork ||
1641 sysent[tcp->scno].sys_func == sys_vfork) {
1642 if (arg_setup(tcp, &state) < 0
1643 || get_arg0(tcp, &state, &tcp->inst[0]) < 0
1644 || get_arg1(tcp, &state, &tcp->inst[1]) < 0
1645 || change_syscall(tcp, clone_scno[current_personality]) < 0
1646 || set_arg0(tcp, &state, CLONE_PTRACE|SIGCHLD) < 0
1647 || set_arg1(tcp, &state, 0) < 0
1648 || arg_finish_change(tcp, &state) < 0)
1650 tcp->u_arg[arg0_index] = CLONE_PTRACE|SIGCHLD;
1651 tcp->u_arg[arg1_index] = 0;
1652 tcp->flags |= TCB_BPTSET;
1656 if (sysent[tcp->scno].sys_func == sys_clone) {
1657 /* ia64 calls directly `clone (CLONE_VFORK | CLONE_VM)'
1658 contrary to x86 vfork above. Even on x86 we turn the
1659 vfork semantics into plain fork - each application must not
1660 depend on the vfork specifics according to POSIX. We would
1661 hang waiting for the parent resume otherwise. We need to
1662 clear also CLONE_VM but only in the CLONE_VFORK case as
1663 otherwise we would break pthread_create. */
1665 long new_arg0 = (tcp->u_arg[arg0_index] | CLONE_PTRACE);
1666 if (new_arg0 & CLONE_VFORK)
1667 new_arg0 &= ~(unsigned long)(CLONE_VFORK | CLONE_VM);
1668 if (arg_setup(tcp, &state) < 0
1669 || set_arg0(tcp, &state, new_arg0) < 0
1670 || arg_finish_change(tcp, &state) < 0)
1672 tcp->flags |= TCB_BPTSET;
1673 tcp->inst[0] = tcp->u_arg[arg0_index];
1674 tcp->inst[1] = tcp->u_arg[arg1_index];
1678 fprintf(stderr, "PANIC: setbpt for syscall %ld on %u???\n",
1679 tcp->scno, tcp->pid);
1684 clearbpt(struct tcb *tcp)
1686 arg_setup_state state;
1687 if (arg_setup(tcp, &state) < 0
1688 || restore_arg0(tcp, &state, tcp->inst[0]) < 0
1689 || restore_arg1(tcp, &state, tcp->inst[1]) < 0
1690 || arg_finish_change(tcp, &state))
1693 tcp->flags &= ~TCB_BPTSET;
1697 # else /* !defined LINUX */
1700 setbpt(struct tcb *tcp)
1703 # ifdef SPARC /* This code is slightly sparc specific */
1706 # define BPT 0x91d02001 /* ta 1 */
1707 # define LOOP 0x10800000 /* ba 0 */
1708 # define LOOPA 0x30800000 /* ba,a 0 */
1709 # define NOP 0x01000000
1711 static int loopdeloop[1] = {LOOPA};
1713 static int loopdeloop[2] = {LOOP, NOP};
1716 if (tcp->flags & TCB_BPTSET) {
1717 fprintf(stderr, "PANIC: TCB already set in pid %u\n", tcp->pid);
1720 if (ptrace(PTRACE_GETREGS, tcp->pid, (char *)®s, 0) < 0) {
1721 perror("setbpt: ptrace(PTRACE_GETREGS, ...)");
1724 tcp->baddr = regs.r_o7 + 8;
1725 if (ptrace(PTRACE_READTEXT, tcp->pid, (char *)tcp->baddr,
1726 sizeof tcp->inst, (char *)tcp->inst) < 0) {
1727 perror("setbpt: ptrace(PTRACE_READTEXT, ...)");
1732 * XXX - BRUTAL MODE ON
1733 * We cannot set a real BPT in the child, since it will not be
1734 * traced at the moment it will reach the trap and would probably
1735 * die with a core dump.
1736 * Thus, we are force our way in by taking out two instructions
1737 * and insert an eternal loop in stead, in expectance of the SIGSTOP
1738 * generated by out PTRACE_ATTACH.
1739 * Of cause, if we evaporate ourselves in the middle of all this...
1741 if (ptrace(PTRACE_WRITETEXT, tcp->pid, (char *) tcp->baddr,
1742 sizeof loopdeloop, (char *) loopdeloop) < 0) {
1743 perror("setbpt: ptrace(PTRACE_WRITETEXT, ...)");
1746 tcp->flags |= TCB_BPTSET;
1749 # endif /* SUNOS4 */
1755 clearbpt(struct tcb *tcp)
1764 if (!(tcp->flags & TCB_BPTSET)) {
1765 fprintf(stderr, "PANIC: TCB not set in pid %u\n", tcp->pid);
1768 if (ptrace(PTRACE_WRITETEXT, tcp->pid, (char *) tcp->baddr,
1769 sizeof tcp->inst, (char *) tcp->inst) < 0) {
1770 perror("clearbtp: ptrace(PTRACE_WRITETEXT, ...)");
1773 tcp->flags &= ~TCB_BPTSET;
1777 * Since we don't have a single instruction breakpoint, we may have
1778 * to adjust the program counter after removing our `breakpoint'.
1780 if (ptrace(PTRACE_GETREGS, tcp->pid, (char *)®s, 0) < 0) {
1781 perror("clearbpt: ptrace(PTRACE_GETREGS, ...)");
1784 if ((regs.r_pc < tcp->baddr) ||
1785 (regs.r_pc > tcp->baddr + 4)) {
1786 /* The breakpoint has not been reached yet */
1789 "NOTE: PC not at bpt (pc %#x baddr %#x)\n",
1790 regs.r_pc, tcp->baddr);
1793 if (regs.r_pc != tcp->baddr)
1795 fprintf(stderr, "NOTE: PC adjusted (%#x -> %#x\n",
1796 regs.r_pc, tcp->baddr);
1798 regs.r_pc = tcp->baddr;
1799 if (ptrace(PTRACE_SETREGS, tcp->pid, (char *)®s, 0) < 0) {
1800 perror("clearbpt: ptrace(PTRACE_SETREGS, ...)");
1805 # endif /* SUNOS4 */
1810 # endif /* !defined LINUX */
1812 #endif /* !USE_PROCFS */
1818 getex(struct tcb *tcp, struct exec *hdr)
1822 for (n = 0; n < sizeof *hdr; n += 4) {
1824 if (upeek(tcp, uoff(u_exdata) + n, &res) < 0)
1826 memcpy(((char *) hdr) + n, &res, 4);
1829 fprintf(stderr, "[struct exec: magic: %o version %u Mach %o\n",
1830 hdr->a_magic, hdr->a_toolversion, hdr->a_machtype);
1831 fprintf(stderr, "Text %lu Data %lu Bss %lu Syms %lu Entry %#lx]\n",
1832 hdr->a_text, hdr->a_data, hdr->a_bss, hdr->a_syms, hdr->a_entry);
1838 fixvfork(struct tcb *tcp)
1842 * Change `vfork' in a freshly exec'ed dynamically linked
1843 * executable's (internal) symbol table to plain old `fork'
1847 struct link_dynamic dyn;
1848 struct link_dynamic_2 ld;
1851 if (getex(tcp, &hdr) < 0)
1856 if (umove(tcp, (int) N_DATADDR(hdr), &dyn) < 0) {
1857 fprintf(stderr, "Cannot read DYNAMIC\n");
1860 if (umove(tcp, (int) dyn.ld_un.ld_2, &ld) < 0) {
1861 fprintf(stderr, "Cannot read link_dynamic_2\n");
1864 strtab = malloc((unsigned)ld.ld_symb_size);
1866 die_out_of_memory();
1867 if (umoven(tcp, (int)ld.ld_symbols+(int)N_TXTADDR(hdr),
1868 (int)ld.ld_symb_size, strtab) < 0)
1871 for (cp = strtab; cp < strtab + ld.ld_symb_size; ) {
1872 if (strcmp(cp, "_vfork") == 0) {
1874 fprintf(stderr, "fixvfork: FOUND _vfork\n");
1875 strcpy(cp, "_fork");
1880 if (cp < strtab + ld.ld_symb_size)
1882 * Write entire symbol table back to avoid
1883 * memory alignment bugs in ptrace
1885 if (tload(pid, (int)ld.ld_symbols+(int)N_TXTADDR(hdr),
1886 (int)ld.ld_symb_size, strtab) < 0)