2 * Copyright (c) 1991, 1992 Paul Kranenburg <pk@cs.few.eur.nl>
3 * Copyright (c) 1993 Branko Lankester <branko@hacktic.nl>
4 * Copyright (c) 1993, 1994, 1995, 1996 Rick Sladkey <jrs@world.std.com>
5 * Copyright (c) 1996-1999 Wichert Akkerman <wichert@cistron.nl>
6 * Copyright (c) 1999 IBM Deutschland Entwicklung GmbH, IBM Corporation
7 * Linux for s390 port by D.J. Barrow
8 * <barrow_dj@mail.yahoo.com,djbarrow@de.ibm.com>
11 * Redistribution and use in source and binary forms, with or without
12 * modification, are permitted provided that the following conditions
14 * 1. Redistributions of source code must retain the above copyright
15 * notice, this list of conditions and the following disclaimer.
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in the
18 * documentation and/or other materials provided with the distribution.
19 * 3. The name of the author may not be used to endorse or promote products
20 * derived from this software without specific prior written permission.
22 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
23 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
24 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
25 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
26 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
27 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
28 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
29 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
30 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
31 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
39 #include <sys/syscall.h>
41 #include <sys/param.h>
47 #include <machine/reg.h>
52 #if defined(linux) && (__GLIBC__ < 2 || (__GLIBC__ == 2 && __GLIBC_MINOR__ < 1))
53 #include <linux/ptrace.h>
56 #if defined(LINUX) && defined(IA64)
57 # include <asm/ptrace_offsets.h>
63 # define PTRACE_PEEKUSR PTRACE_PEEKUSER
64 #elif defined(HAVE_LINUX_PTRACE_H)
66 #include <linux/ptrace.h>
69 #ifdef SUNOS4_KERNEL_ARCH_KLUDGE
70 #include <sys/utsname.h>
71 #endif /* SUNOS4_KERNEL_ARCH_KLUDGE */
73 #if defined(LINUX) && defined(SPARC)
75 # define fpq kernel_fpq
77 # define fpu kernel_fpu
83 #if !defined(__GLIBC__)
85 #include <linux/unistd.h>
87 #define _hack_syscall5(type,name,type1,arg1,type2,arg2,type3,arg3,type4,arg4,\
89 type name (type1 arg1,type2 arg2,type3 arg3,type4 arg4,type5 arg5) \
93 __asm__ volatile ("or %%g0, %1, %%o0\n\t" \
94 "or %%g0, %2, %%o1\n\t" \
95 "or %%g0, %3, %%o2\n\t" \
96 "or %%g0, %4, %%o3\n\t" \
97 "or %%g0, %5, %%o4\n\t" \
98 "or %%g0, %6, %%g1\n\t" \
101 "or %%g0, %%o0, %0\n\t" \
102 "sub %%g0, %%o0, %0\n\t" \
105 : "0" ((long)(arg1)),"1" ((long)(arg2)), \
106 "2" ((long)(arg3)),"3" ((long)(arg4)),"4" ((long)(arg5)), \
107 "i" (__NR_##syscall) \
108 : "g1", "o0", "o1", "o2", "o3", "o4"); \
110 return (type) __res; \
115 static _hack_syscall5(int,_ptrace,int,__request,int,__pid,int,__addr,int,__data,int,__addr2,ptrace)
125 #define MAX(a,b) (((a) > (b)) ? (a) : (b))
128 #define MIN(a,b) (((a) < (b)) ? (a) : (b))
145 return a->tv_sec || a->tv_usec;
150 struct timeval *a, *b;
152 if (a->tv_sec < b->tv_sec
153 || (a->tv_sec == b->tv_sec && a->tv_usec < b->tv_usec))
155 if (a->tv_sec > b->tv_sec
156 || (a->tv_sec == b->tv_sec && a->tv_usec > b->tv_usec))
165 return tv->tv_sec + tv->tv_usec/1000000.0;
170 struct timeval *tv, *a, *b;
172 tv->tv_sec = a->tv_sec + b->tv_sec;
173 tv->tv_usec = a->tv_usec + b->tv_usec;
174 if (tv->tv_usec > 1000000) {
176 tv->tv_usec -= 1000000;
182 struct timeval *tv, *a, *b;
184 tv->tv_sec = a->tv_sec - b->tv_sec;
185 tv->tv_usec = a->tv_usec - b->tv_usec;
186 if (((long) tv->tv_usec) < 0) {
188 tv->tv_usec += 1000000;
194 struct timeval *tv, *a;
197 tv->tv_usec = (a->tv_sec % n * 1000000 + a->tv_usec + n / 2) / n;
198 tv->tv_sec = a->tv_sec / n + tv->tv_usec / 1000000;
199 tv->tv_usec %= 1000000;
204 struct timeval *tv, *a;
207 tv->tv_usec = a->tv_usec * n;
208 tv->tv_sec = a->tv_sec * n + a->tv_usec / 1000000;
209 tv->tv_usec %= 1000000;
217 for (; xlat->str != NULL; xlat++)
218 if (xlat->val == val)
224 * Print entry in struct xlat table, if there.
227 printxval(xlat, val, dflt)
232 char *str = xlookup(xlat, val);
237 tprintf("%#x /* %s */", val, dflt);
241 * Interpret `xlat' as an array of flags
242 * print the entries whose bits are on in `flags'
243 * return # of flags printed.
246 addflags(xlat, flags)
252 for (n = 0; xlat->str; xlat++) {
253 if (xlat->val && (flags & xlat->val) == xlat->val) {
254 tprintf("|%s", xlat->str);
260 tprintf("|%#x", flags);
267 printflags(xlat, flags)
274 if (flags == 0 && xlat->val == 0) {
275 tprintf("%s", xlat->str);
280 for (n = 0; xlat->str; xlat++) {
281 if (xlat->val && (flags & xlat->val) == xlat->val) {
282 tprintf("%s%s", sep, xlat->str);
289 tprintf("%s%#x", sep, flags);
296 printnum(tcp, addr, fmt)
307 if (umove(tcp, addr, &num) < 0) {
308 tprintf("%#lx", addr);
316 static char path[MAXPATHLEN + 1];
322 char buf[2 * MAXPATHLEN + 1];
325 if (!strpbrk(str, "\"\'\\")) {
326 tprintf("\"%s\"", str);
329 for (s = buf; *str; str++) {
331 case '\"': case '\'': case '\\':
332 *s++ = '\\'; *s++ = *str; break;
338 tprintf("\"%s\"", buf);
346 if (umovestr(tcp, addr, MAXPATHLEN, path) < 0)
347 tprintf("%#lx", addr);
354 printpathn(tcp, addr, n)
359 if (umovestr(tcp, addr, n, path) < 0)
360 tprintf("%#lx", addr);
368 printstr(tcp, addr, len)
373 static unsigned char *str = NULL;
383 if ((str = malloc(max_strlen)) == NULL
384 || (outstr = malloc(2*max_strlen)) == NULL) {
385 fprintf(stderr, "printstr: no memory\n");
386 tprintf("%#lx", addr);
390 outend = outstr + max_strlen * 2 - 10;
393 if (umovestr(tcp, addr, n, (char *) str) < 0) {
394 tprintf("%#lx", addr);
399 n = MIN(len, max_strlen);
400 if (umoven(tcp, addr, n, (char *) str) < 0) {
401 tprintf("%#lx", addr);
410 for (i = 0; i < n; i++) {
412 if (len < 0 && c == '\0')
414 if (!isprint(c) && !isspace(c)) {
425 for (i = 0; i < n; i++) {
427 if (len < 0 && c == '\0')
429 sprintf(s, "\\x%02x", c);
436 for (i = 0; i < n; i++) {
438 if (len < 0 && c == '\0')
441 case '\"': case '\'': case '\\':
442 *s++ = '\\'; *s++ = c; break;
444 *s++ = '\\'; *s++ = 'f'; break;
446 *s++ = '\\'; *s++ = 'n'; break;
448 *s++ = '\\'; *s++ = 'r'; break;
450 *s++ = '\\'; *s++ = 't'; break;
452 *s++ = '\\'; *s++ = 'v'; break;
456 else if (i < n - 1 && isdigit(str[i + 1])) {
457 sprintf(s, "\\%03o", c);
461 sprintf(s, "\\%o", c);
472 if (i < len || (len < 0 && (i == n || s > outend))) {
473 *s++ = '.'; *s++ = '.'; *s++ = '.';
476 tprintf("%s", outstr);
481 dumpiov(tcp, len, addr)
490 if ((iov = (struct iovec *) malloc(len * sizeof *iov)) == NULL) {
491 fprintf(stderr, "dump: No memory");
494 if (umoven(tcp, addr,
495 len * sizeof *iov, (char *) iov) >= 0) {
497 for (i = 0; i < len; i++) {
498 /* include the buffer number to make it easy to
499 * match up the trace with the source */
500 tprintf(" * %lu bytes in buffer %d\n",
501 (unsigned long)iov[i].iov_len, i);
502 dumpstr(tcp, (long) iov[i].iov_base,
512 dumpstr(tcp, addr, len)
517 static int strsize = -1;
518 static unsigned char *str;
519 static char outstr[80];
526 if ((str = malloc(len)) == NULL) {
527 fprintf(stderr, "dump: no memory\n");
533 if (umoven(tcp, addr, len, (char *) str) < 0)
536 for (i = 0; i < len; i += 16) {
538 sprintf(s, " | %05x ", i);
540 for (j = 0; j < 16; j++) {
544 sprintf(s, " %02x", str[i + j]);
548 *s++ = ' '; *s++ = ' '; *s++ = ' ';
551 *s++ = ' '; *s++ = ' ';
552 for (j = 0; j < 16; j++) {
556 if (isprint(str[i + j]))
564 tprintf("%s |\n", outstr);
568 #define PAGMASK (~(PAGSIZ - 1))
570 * move `len' bytes of data from process `pid'
571 * at address `addr' to our space at `laddr'
574 umoven(tcp, addr, len, laddr)
587 char x[sizeof(long)];
590 if (addr & (sizeof(long) - 1)) {
591 /* addr not a multiple of sizeof(long) */
592 n = addr - (addr & -sizeof(long)); /* residue */
593 addr &= -sizeof(long); /* residue */
595 u.val = ptrace(PTRACE_PEEKDATA, pid, (char *) addr, 0);
597 if (started && (errno==EPERM || errno==EIO)) {
598 /* Ran into 'end of memory' - stupid "printpath" */
601 /* But if not started, we had a bogus address. */
602 perror("ptrace: umoven");
606 memcpy(laddr, &u.x[n], m = MIN(sizeof(long) - n, len));
607 addr += sizeof(long), laddr += m, len -= m;
611 u.val = ptrace(PTRACE_PEEKDATA, pid, (char *) addr, 0);
613 if (started && (errno==EPERM || errno==EIO)) {
614 /* Ran into 'end of memory' - stupid "printpath" */
618 perror("ptrace: umoven");
622 memcpy(laddr, u.x, m = MIN(sizeof(long), len));
623 addr += sizeof(long), laddr += m, len -= m;
633 char x[sizeof(long)];
636 if (addr & (sizeof(long) - 1)) {
637 /* addr not a multiple of sizeof(long) */
638 n = addr - (addr & -sizeof(long)); /* residue */
639 addr &= -sizeof(long); /* residue */
641 u.val = ptrace(PTRACE_PEEKDATA, pid, (char *) addr, 0);
646 memcpy(laddr, &u.x[n], m = MIN(sizeof(long) - n, len));
647 addr += sizeof(long), laddr += m, len -= m;
651 u.val = ptrace(PTRACE_PEEKDATA, pid, (char *) addr, 0);
656 memcpy(laddr, u.x, m = MIN(sizeof(long), len));
657 addr += sizeof(long), laddr += m, len -= m;
663 n = MIN(len, PAGSIZ);
664 n = MIN(n, ((addr + PAGSIZ) & PAGMASK) - addr);
665 if (ptrace(PTRACE_READDATA, pid,
666 (char *) addr, len, laddr) < 0) {
667 perror("umoven: ptrace(PTRACE_READDATA, ...)");
679 #ifdef HAVE_MP_PROCFS
680 int fd = tcp->pfd_as;
684 lseek(fd, addr, SEEK_SET);
685 if (read(fd, laddr, len) == -1)
687 #endif /* USE_PROCFS */
693 * like `umove' but make the additional effort of looking
694 * for a terminating zero byte.
697 umovestr(tcp, addr, len, laddr)
704 #ifdef HAVE_MP_PROCFS
705 int fd = tcp->pfd_as;
709 /* Some systems (e.g. FreeBSD) can be upset if we read off the
710 end of valid memory, avoid this by trying to read up
711 to page boundaries. But we don't know what a page is (and
712 getpagesize(2) (if it exists) doesn't necessarily return
713 hardware page size). Assume all pages >= 1024 (a-historical
716 int page = 1024; /* How to find this? */
717 int move = page - (addr & (page - 1));
720 lseek(fd, addr, SEEK_SET);
723 if (move > left) move = left;
724 if ((move = read(fd, laddr, move)) <= 0)
725 return left != len ? 0 : -1;
726 if (memchr (laddr, 0, move)) break;
732 #else /* !USE_PROCFS */
738 char x[sizeof(long)];
741 if (addr & (sizeof(long) - 1)) {
742 /* addr not a multiple of sizeof(long) */
743 n = addr - (addr & -sizeof(long)); /* residue */
744 addr &= -sizeof(long); /* residue */
746 u.val = ptrace(PTRACE_PEEKDATA, pid, (char *)addr, 0);
748 if (started && (errno==EPERM || errno==EIO)) {
749 /* Ran into 'end of memory' - stupid "printpath" */
756 memcpy(laddr, &u.x[n], m = MIN(sizeof(long)-n,len));
757 while (n & (sizeof(long) - 1))
758 if (u.x[n++] == '\0')
760 addr += sizeof(long), laddr += m, len -= m;
764 u.val = ptrace(PTRACE_PEEKDATA, pid, (char *)addr, 0);
766 if (started && (errno==EPERM || errno==EIO)) {
767 /* Ran into 'end of memory' - stupid "printpath" */
774 memcpy(laddr, u.x, m = MIN(sizeof(long), len));
775 for (i = 0; i < sizeof(long); i++)
779 addr += sizeof(long), laddr += m, len -= m;
781 #endif /* !USE_PROCFS */
787 #define PTRACE_WRITETEXT 101
788 #define PTRACE_WRITEDATA 102
795 uload(cmd, pid, addr, len, laddr)
806 n = MIN(len, PAGSIZ);
807 n = MIN(n, ((addr + PAGSIZ) & PAGMASK) - addr);
808 if (ptrace(cmd, pid, (char *)addr, n, laddr) < 0) {
809 perror("uload: ptrace(PTRACE_WRITE, ...)");
821 char x[sizeof(long)];
824 if (cmd == PTRACE_WRITETEXT) {
825 peek = PTRACE_PEEKTEXT;
826 poke = PTRACE_POKETEXT;
829 peek = PTRACE_PEEKDATA;
830 poke = PTRACE_POKEDATA;
832 if (addr & (sizeof(long) - 1)) {
833 /* addr not a multiple of sizeof(long) */
834 n = addr - (addr & -sizeof(long)); /* residue */
835 addr &= -sizeof(long);
837 u.val = ptrace(peek, pid, (char *) addr, 0);
839 perror("uload: POKE");
842 memcpy(&u.x[n], laddr, m = MIN(sizeof(long) - n, len));
843 if (ptrace(poke, pid, (char *)addr, u.val) < 0) {
844 perror("uload: POKE");
847 addr += sizeof(long), laddr += m, len -= m;
850 if (len < sizeof(long))
851 u.val = ptrace(peek, pid, (char *) addr, 0);
852 memcpy(u.x, laddr, m = MIN(sizeof(long), len));
853 if (ptrace(poke, pid, (char *) addr, u.val) < 0) {
854 perror("uload: POKE");
857 addr += sizeof(long), laddr += m, len -= m;
864 tload(pid, addr, len, laddr)
869 return uload(PTRACE_WRITETEXT, pid, addr, len, laddr);
873 dload(pid, addr, len, laddr)
879 return uload(PTRACE_WRITEDATA, pid, addr, len, laddr);
894 #ifdef SUNOS4_KERNEL_ARCH_KLUDGE
896 static int is_sun4m = -1;
899 /* Round up the usual suspects. */
900 if (is_sun4m == -1) {
901 if (uname(&name) < 0) {
902 perror("upeek: uname?");
905 is_sun4m = strcmp(name.machine, "sun4m") == 0;
907 extern struct xlat struct_user_offsets[];
910 for (x = struct_user_offsets; x->str; x++)
917 #endif /* SUNOS4_KERNEL_ARCH_KLUDGE */
919 val = ptrace(PTRACE_PEEKUSER, pid, (char *) off, 0);
920 if (val == -1 && errno) {
922 sprintf(buf,"upeek: ptrace(PTRACE_PEEKUSER,%d,%lu,0)",pid,off);
930 #endif /* !USE_PROCFS */
940 if (upeek(tcp->pid, 4*EIP, &pc) < 0)
942 #elif defined(X86_64)
943 if (upeek(tcp->pid, 8*RIP, &pc) < 0)
946 if (upeek(tcp->pid, PT_B0, &pc) < 0)
949 if (upeek(tcp->pid, 4*15, &pc) < 0)
951 #elif defined(POWERPC)
952 if (upeek(tcp->pid, sizeof(unsigned long)*PT_NIP, &pc) < 0)
955 if (upeek(tcp->pid, 4*PT_PC, &pc) < 0)
958 if (upeek(tcp->pid, REG_PC, &pc) < 0)
961 if (upeek(tcp->pid, REG_EPC, &pc) < 0)
965 if (ptrace(PTRACE_GETREGS,tcp->pid,(char *)®s,0) < 0)
968 #elif defined(S390) || defined(S390X)
969 if(upeek(tcp->pid,PT_PSWADDR,&pc) < 0)
972 if(upeek(tcp->pid,PT_IAOQ0,&pc) < 0)
975 if (upeek(tcp->pid, 4*REG_PC ,&pc) < 0)
983 * Return current program counter for `pid'
984 * Assumes PC is never 0xffffffff
988 if (ptrace(PTRACE_GETREGS, tcp->pid, (char *) ®s, 0) < 0) {
989 perror("getpc: ptrace(PTRACE_GETREGS, ...)");
1002 pread(tcp->pfd_reg, ®s, sizeof(regs), 0);
1004 #endif /* FREEBSD */
1016 if (upeek(tcp->pid, 4*EIP, &eip) < 0) {
1017 tprintf("[????????] ");
1020 tprintf("[%08lx] ", eip);
1021 #elif defined(X86_64)
1024 if (upeek(tcp->pid, 8*RIP, &rip) < 0) {
1025 tprintf("[????????] ");
1028 tprintf("[%16lx] ", rip);
1032 if (upeek(tcp->pid, PT_B0, &ip) < 0) {
1033 tprintf("[????????] ");
1036 tprintf("[%08lx] ", ip);
1037 #elif defined(POWERPC)
1040 if (upeek(tcp->pid, sizeof(unsigned long)*PT_NIP, &pc) < 0) {
1041 tprintf ("[????????] ");
1044 tprintf("[%08lx] ", pc);
1048 if (upeek(tcp->pid, 4*PT_PC, &pc) < 0) {
1049 tprintf ("[????????] ");
1052 tprintf("[%08lx] ", pc);
1053 #elif defined(ALPHA)
1056 if (upeek(tcp->pid, REG_PC, &pc) < 0) {
1057 tprintf ("[????????] ");
1060 tprintf("[%08lx] ", pc);
1061 #elif defined(SPARC)
1063 if (ptrace(PTRACE_GETREGS,tcp->pid,(char *)®s,0) < 0) {
1064 tprintf("[????????] ");
1067 tprintf("[%08lx] ", regs.r_pc);
1071 if(upeek(tcp->pid,PT_IAOQ0,&pc) < 0) {
1072 tprintf ("[????????] ");
1075 tprintf("[%08lx] ", pc);
1079 if (upeek(tcp->pid, REG_EPC, &pc) < 0) {
1080 tprintf ("[????????] ");
1083 tprintf("[%08lx] ", pc);
1087 if (upeek(tcp->pid, 4*REG_PC, &pc) < 0) {
1088 tprintf ("[????????] ");
1091 tprintf("[%08lx] ", pc);
1092 #endif /* !architecture */
1098 if (ptrace(PTRACE_GETREGS, tcp->pid, (char *) ®s, 0) < 0) {
1099 perror("printcall: ptrace(PTRACE_GETREGS, ...)");
1100 tprintf("[????????] ");
1103 tprintf("[%08x] ", regs.r_o7);
1108 tprintf("[????????] ");
1113 pread(tcp->pfd_reg, ®s, sizeof(regs), 0);
1114 tprintf("[%08x] ", regs.r_eip);
1115 #endif /* FREEBSD */
1122 #include <sys/syscall.h>
1123 #ifndef CLONE_PTRACE
1124 # define CLONE_PTRACE 0x00002000
1129 typedef unsigned long *arg_setup_state;
1132 arg_setup(struct tcb *tcp, arg_setup_state *state)
1134 unsigned long *bsp, cfm, sof, sol;
1136 if (upeek(tcp->pid, PT_AR_BSP, (long *) &bsp) < 0)
1138 if (upeek(tcp->pid, PT_CFM, (long *) &cfm) < 0)
1141 sof = (cfm >> 0) & 0x7f;
1142 sol = (cfm >> 7) & 0x7f;
1143 bsp = ia64_rse_skip_regs(bsp, -sof + sol);
1149 # define arg_finish_change(tcp, state) 0
1153 get_arg0 (struct tcb *tcp, arg_setup_state *state, long *valp)
1155 return umoven (tcp, (unsigned long) ia64_rse_skip_regs(*state, 0),
1156 sizeof(long), (void *) valp);
1160 get_arg1 (struct tcb *tcp, arg_setup_state *state, long *valp)
1162 return umoven (tcp, (unsigned long) ia64_rse_skip_regs(*state, 1),
1163 sizeof(long), (void *) valp);
1168 set_arg0 (struct tcb *tcp, arg_setup_state *state, long val)
1171 ap = ia64_rse_skip_regs(*state, 0);
1173 ptrace(PTRACE_POKEDATA, tcp->pid, (void *) ap, val);
1174 return errno ? -1 : 0;
1178 set_arg1 (struct tcb *tcp, arg_setup_state *state, long val)
1181 ap = ia64_rse_skip_regs(*state, 1);
1183 ptrace(PTRACE_POKEDATA, tcp->pid, (void *) ap, val);
1184 return errno ? -1 : 0;
1187 #elif defined (SPARC)
1189 typedef struct regs arg_setup_state;
1191 # define arg_setup(tcp, state) \
1192 (ptrace (PTRACE_GETREGS, tcp->pid, (char *) (state), 0))
1193 # define arg_finish_change(tcp, state) \
1194 (ptrace (PTRACE_SETREGS, tcp->pid, (char *) (state), 0))
1196 # define get_arg0(tcp, state, valp) (*(valp) = (state)->r_o0, 0)
1197 # define get_arg1(tcp, state, valp) (*(valp) = (state)->r_o1, 0)
1198 # define set_arg0(tcp, state, val) ((state)->r_o0 = (val), 0)
1199 # define set_arg1(tcp, state, val) ((state)->r_o1 = (val), 0)
1200 # define restore_arg0(tcp, state, val) 0
1204 # if defined S390 || defined S390X
1205 /* Note: this is only true for the `clone' system call, which handles
1206 arguments specially. We could as well say that its first two arguments
1207 are swapped relative to other architectures, but that would just be
1208 another #ifdef in the calls. */
1209 # define arg0_offset PT_GPR3
1210 # define arg1_offset PT_ORIGGPR2
1211 # define restore_arg0(tcp, state, val) ((void) (state), 0)
1212 # define restore_arg1(tcp, state, val) ((void) (state), 0)
1213 # elif defined (ALPHA) || defined (MIPS)
1214 # define arg0_offset REG_A0
1215 # define arg1_offset (REG_A0+1)
1216 # elif defined (POWERPC)
1217 # define arg0_offset (sizeof(unsigned long)*PT_R3)
1218 # define arg1_offset (sizeof(unsigned long)*PT_R4)
1219 # define restore_arg0(tcp, state, val) ((void) (state), 0)
1220 # elif defined (HPPA)
1221 # define arg0_offset PT_GR26
1222 # define arg1_offset (PT_GR26-4)
1223 # elif defined (X86_64)
1224 # define arg0_offset ((long)(8*(current_personality ? RBX : RDI)))
1225 # define arg1_offset ((long)(8*(current_personality ? RCX : RSI)))
1227 # define arg0_offset 0
1228 # define arg1_offset 4
1229 # if defined SH || defined ARM
1230 # define restore_arg0(tcp, state, val) 0
1234 typedef int arg_setup_state;
1236 # define arg_setup(tcp, state) (0)
1237 # define arg_finish_change(tcp, state) 0
1238 # define get_arg0(tcp, cookie, valp) \
1239 (upeek ((tcp)->pid, arg0_offset, (valp)))
1240 # define get_arg1(tcp, cookie, valp) \
1241 (upeek ((tcp)->pid, arg1_offset, (valp)))
1244 set_arg0 (struct tcb *tcp, void *cookie, long val)
1246 return ptrace (PTRACE_POKEUSER, tcp->pid, (char*)arg0_offset, val);
1250 set_arg1 (struct tcb *tcp, void *cookie, long val)
1252 return ptrace (PTRACE_POKEUSER, tcp->pid, (char*)arg1_offset, val);
1257 #ifndef restore_arg0
1258 # define restore_arg0(tcp, state, val) set_arg0((tcp), (state), (val))
1260 #ifndef restore_arg1
1261 # define restore_arg1(tcp, state, val) set_arg1((tcp), (state), (val))
1268 extern int change_syscall(struct tcb *, int);
1269 arg_setup_state state;
1271 if (tcp->flags & TCB_BPTSET) {
1272 fprintf(stderr, "PANIC: TCB already set in pid %u\n", tcp->pid);
1276 switch (tcp->scno) {
1283 #if defined SYS_fork || defined SYS_vfork
1284 if (arg_setup (tcp, &state) < 0
1285 || get_arg0 (tcp, &state, &tcp->inst[0]) < 0
1286 || get_arg1 (tcp, &state, &tcp->inst[1]) < 0
1287 || change_syscall(tcp, SYS_clone) < 0
1288 || set_arg0 (tcp, &state, CLONE_PTRACE|SIGCHLD) < 0
1289 || set_arg1 (tcp, &state, 0) < 0
1290 || arg_finish_change (tcp, &state) < 0)
1292 tcp->u_arg[0] = CLONE_PTRACE|SIGCHLD;
1294 tcp->flags |= TCB_BPTSET;
1302 if ((tcp->u_arg[0] & CLONE_PTRACE) == 0
1303 && (arg_setup (tcp, &state) < 0
1304 || set_arg0 (tcp, &state, tcp->u_arg[0] | CLONE_PTRACE) < 0
1305 || arg_finish_change (tcp, &state) < 0))
1307 tcp->flags |= TCB_BPTSET;
1308 tcp->inst[0] = tcp->u_arg[0];
1309 tcp->inst[1] = tcp->u_arg[1];
1313 fprintf(stderr, "PANIC: setbpt for syscall %ld on %u???\n",
1314 tcp->scno, tcp->pid);
1325 arg_setup_state state;
1326 if (arg_setup (tcp, &state) < 0
1327 || restore_arg0 (tcp, &state, tcp->inst[0]) < 0
1328 || restore_arg1 (tcp, &state, tcp->inst[1]) < 0
1329 || arg_finish_change (tcp, &state))
1331 tcp->flags &= ~TCB_BPTSET;
1344 /* We simply use the SunOS breakpoint code. */
1347 #define LOOPA 0x30800000 /* ba,a 0 */
1349 if (tcp->flags & TCB_BPTSET) {
1350 fprintf(stderr, "PANIC: TCB already set in pid %u\n", tcp->pid);
1353 if (ptrace(PTRACE_GETREGS, tcp->pid, (char *)®s, 0) < 0) {
1354 perror("setbpt: ptrace(PTRACE_GETREGS, ...)");
1357 tcp->baddr = regs.r_o7 + 8;
1359 tcp->inst[0] = ptrace(PTRACE_PEEKTEXT, tcp->pid, (char *)tcp->baddr, 0);
1361 perror("setbpt: ptrace(PTRACE_PEEKTEXT, ...)");
1366 * XXX - BRUTAL MODE ON
1367 * We cannot set a real BPT in the child, since it will not be
1368 * traced at the moment it will reach the trap and would probably
1369 * die with a core dump.
1370 * Thus, we are force our way in by taking out two instructions
1371 * and insert an eternal loop instead, in expectance of the SIGSTOP
1372 * generated by out PTRACE_ATTACH.
1373 * Of cause, if we evaporate ourselves in the middle of all this...
1376 ptrace(PTRACE_POKETEXT, tcp->pid, (char *) tcp->baddr, LOOPA);
1378 perror("setbpt: ptrace(PTRACE_POKETEXT, ...)");
1381 tcp->flags |= TCB_BPTSET;
1386 # define LOOP 0x0000feeb
1387 if (tcp->flags & TCB_BPTSET) {
1388 fprintf(stderr, "PANIC: bpt already set in pid %u\n",
1392 if (upeek(tcp->pid, PT_CR_IIP, &tcp->baddr) < 0)
1395 fprintf(stderr, "[%d] setting bpt at %lx\n",
1396 tcp->pid, tcp->baddr);
1397 tcp->inst[0] = ptrace(PTRACE_PEEKTEXT, tcp->pid,
1398 (char *) tcp->baddr, 0);
1400 perror("setbpt: ptrace(PTRACE_PEEKTEXT, ...)");
1403 ptrace(PTRACE_POKETEXT, tcp->pid, (char *) tcp->baddr, LOOP);
1405 perror("setbpt: ptrace(PTRACE_POKETEXT, ...)");
1408 tcp->flags |= TCB_BPTSET;
1411 * Our strategy here is to replace the bundle that
1412 * contained the clone() syscall with a bundle of the
1415 * { 1: br 1b; br 1b; br 1b }
1417 * This ensures that the newly forked child will loop
1418 * endlessly until we've got a chance to attach to it.
1420 # define LOOP0 0x0000100000000017
1421 # define LOOP1 0x4000000000200000
1422 unsigned long addr, ipsr;
1426 if (upeek(pid, PT_CR_IPSR, &ipsr) < 0)
1428 if (upeek(pid, PT_CR_IIP, &addr) < 0)
1430 /* store "ri" in low two bits */
1431 tcp->baddr = addr | ((ipsr >> 41) & 0x3);
1434 tcp->inst[0] = ptrace(PTRACE_PEEKTEXT, pid, (char *) addr + 0,
1436 tcp->inst[1] = ptrace(PTRACE_PEEKTEXT, pid, (char *) addr + 8,
1439 perror("setbpt: ptrace(PTRACE_PEEKTEXT, ...)");
1444 ptrace(PTRACE_POKETEXT, pid, (char *) addr + 0, LOOP0);
1445 ptrace(PTRACE_POKETEXT, pid, (char *) addr + 8, LOOP1);
1447 perror("setbpt: ptrace(PTRACE_POKETEXT, ...)");
1450 tcp->flags |= TCB_BPTSET;
1454 #if defined (I386) || defined(X86_64)
1455 #define LOOP 0x0000feeb
1456 #elif defined (M68K)
1457 #define LOOP 0x60fe0000
1458 #elif defined (ALPHA)
1459 #define LOOP 0xc3ffffff
1460 #elif defined (POWERPC)
1461 #define LOOP 0x48000000
1463 #define LOOP 0xEAFFFFFE
1465 #define LOOP 0x1000ffff
1467 #define LOOP 0xa7f40000 /* BRC 15,0 */
1468 #elif defined(S390X)
1469 #define LOOP 0xa7f4000000000000UL /* BRC 15,0 */
1471 #define LOOP 0xe81f1ff7 /* b,l,n <loc>,r0 */
1473 #ifdef __LITTLE_ENDIAN__
1474 #define LOOP 0x0000affe
1476 #define LOOP 0xfeaf0000
1479 #error unknown architecture
1482 if (tcp->flags & TCB_BPTSET) {
1483 fprintf(stderr, "PANIC: bpt already set in pid %u\n", tcp->pid);
1487 if (upeek(tcp->pid, 4*EIP, &tcp->baddr) < 0)
1489 #elif defined (X86_64)
1490 if (upeek(tcp->pid, 8*RIP, &tcp->baddr) < 0)
1492 #elif defined (M68K)
1493 if (upeek(tcp->pid, 4*PT_PC, &tcp->baddr) < 0)
1495 #elif defined (ALPHA)
1499 #elif defined (MIPS)
1500 return -1; /* FIXME: I do not know what i do - Flo */
1501 #elif defined (POWERPC)
1502 if (upeek(tcp->pid, sizeof(unsigned long)*PT_NIP, &tcp->baddr) < 0)
1504 #elif defined(S390) || defined(S390X)
1505 if (upeek(tcp->pid,PT_PSWADDR, &tcp->baddr) < 0)
1508 if (upeek(tcp->pid, PT_IAOQ0, &tcp->baddr) < 0)
1510 tcp->baddr &= ~0x03;
1512 if (upeek(tcp->pid, 4*REG_PC, &tcp->baddr) < 0)
1515 #error unknown architecture
1518 fprintf(stderr, "[%d] setting bpt at %lx\n", tcp->pid, tcp->baddr);
1519 tcp->inst[0] = ptrace(PTRACE_PEEKTEXT, tcp->pid, (char *) tcp->baddr, 0);
1521 perror("setbpt: ptrace(PTRACE_PEEKTEXT, ...)");
1524 ptrace(PTRACE_POKETEXT, tcp->pid, (char *) tcp->baddr, LOOP);
1526 perror("setbpt: ptrace(PTRACE_POKETEXT, ...)");
1529 tcp->flags |= TCB_BPTSET;
1536 #ifdef SPARC /* This code is slightly sparc specific */
1539 #define BPT 0x91d02001 /* ta 1 */
1540 #define LOOP 0x10800000 /* ba 0 */
1541 #define LOOPA 0x30800000 /* ba,a 0 */
1542 #define NOP 0x01000000
1544 static int loopdeloop[1] = {LOOPA};
1546 static int loopdeloop[2] = {LOOP, NOP};
1549 if (tcp->flags & TCB_BPTSET) {
1550 fprintf(stderr, "PANIC: TCB already set in pid %u\n", tcp->pid);
1553 if (ptrace(PTRACE_GETREGS, tcp->pid, (char *)®s, 0) < 0) {
1554 perror("setbpt: ptrace(PTRACE_GETREGS, ...)");
1557 tcp->baddr = regs.r_o7 + 8;
1558 if (ptrace(PTRACE_READTEXT, tcp->pid, (char *)tcp->baddr,
1559 sizeof tcp->inst, (char *)tcp->inst) < 0) {
1560 perror("setbpt: ptrace(PTRACE_READTEXT, ...)");
1565 * XXX - BRUTAL MODE ON
1566 * We cannot set a real BPT in the child, since it will not be
1567 * traced at the moment it will reach the trap and would probably
1568 * die with a core dump.
1569 * Thus, we are force our way in by taking out two instructions
1570 * and insert an eternal loop in stead, in expectance of the SIGSTOP
1571 * generated by out PTRACE_ATTACH.
1572 * Of cause, if we evaporate ourselves in the middle of all this...
1574 if (ptrace(PTRACE_WRITETEXT, tcp->pid, (char *) tcp->baddr,
1575 sizeof loopdeloop, (char *) loopdeloop) < 0) {
1576 perror("setbpt: ptrace(PTRACE_WRITETEXT, ...)");
1579 tcp->flags |= TCB_BPTSET;
1593 #if defined(I386) || defined(X86_64)
1595 #elif defined(POWERPC)
1599 #elif defined(ALPHA)
1605 #endif /* architecture */
1608 /* Again, we borrow the SunOS breakpoint code. */
1609 if (!(tcp->flags & TCB_BPTSET)) {
1610 fprintf(stderr, "PANIC: TCB not set in pid %u\n", tcp->pid);
1614 ptrace(PTRACE_POKETEXT, tcp->pid, (char *) tcp->baddr, tcp->inst[0]);
1616 perror("clearbtp: ptrace(PTRACE_POKETEXT, ...)");
1619 tcp->flags &= ~TCB_BPTSET;
1625 fprintf(stderr, "[%d] clearing bpt\n", tcp->pid);
1626 if (!(tcp->flags & TCB_BPTSET)) {
1627 fprintf(stderr, "PANIC: TCB not set in pid %u\n", tcp->pid);
1631 ptrace(PTRACE_POKETEXT, tcp->pid, (char *) tcp->baddr, tcp->inst[0]);
1633 perror("clearbtp: ptrace(PTRACE_POKETEXT, ...)");
1636 tcp->flags &= ~TCB_BPTSET;
1638 if (upeek(tcp->pid, PT_CR_IIP, &addr) < 0)
1640 if (addr != tcp->baddr) {
1641 /* The breakpoint has not been reached yet. */
1644 "NOTE: PC not at bpt (pc %#lx baddr %#lx)\n",
1649 unsigned long addr, ipsr;
1654 if (upeek(pid, PT_CR_IPSR, &ipsr) < 0)
1656 if (upeek(pid, PT_CR_IIP, &addr) < 0)
1659 /* restore original bundle: */
1661 ptrace(PTRACE_POKETEXT, pid, (char *) addr + 0, tcp->inst[0]);
1662 ptrace(PTRACE_POKETEXT, pid, (char *) addr + 8, tcp->inst[1]);
1664 perror("clearbpt: ptrace(PTRACE_POKETEXT, ...)");
1668 /* restore original "ri" in ipsr: */
1669 ipsr = (ipsr & ~(0x3ul << 41)) | ((tcp->baddr & 0x3) << 41);
1671 ptrace(PTRACE_POKEUSER, pid, (char *) PT_CR_IPSR, ipsr);
1673 perror("clrbpt: ptrace(PTRACE_POKEUSER, ...)");
1677 tcp->flags &= ~TCB_BPTSET;
1679 if (addr != (tcp->baddr & ~0x3)) {
1680 /* the breakpoint has not been reached yet. */
1682 fprintf(stderr, "NOTE: PC not at bpt (pc %#lx baddr %#lx)\n",
1687 #else /* !IA64 && ! SPARC */
1690 fprintf(stderr, "[%d] clearing bpt\n", tcp->pid);
1691 if (!(tcp->flags & TCB_BPTSET)) {
1692 fprintf(stderr, "PANIC: TCB not set in pid %u\n", tcp->pid);
1696 ptrace(PTRACE_POKETEXT, tcp->pid, (char *) tcp->baddr, tcp->inst[0]);
1698 perror("clearbtp: ptrace(PTRACE_POKETEXT, ...)");
1701 tcp->flags &= ~TCB_BPTSET;
1704 if (upeek(tcp->pid, 4*EIP, &eip) < 0)
1706 if (eip != tcp->baddr) {
1707 /* The breakpoint has not been reached yet. */
1710 "NOTE: PC not at bpt (pc %#lx baddr %#lx)\n",
1714 #elif defined(X86_64)
1715 if (upeek(tcp->pid, 8*RIP, &eip) < 0)
1717 if (eip != tcp->baddr) {
1718 /* The breakpoint has not been reached yet. */
1721 "NOTE: PC not at bpt (pc %#lx baddr %#lx)\n",
1725 #elif defined(POWERPC)
1726 if (upeek(tcp->pid, sizeof(unsigned long)*PT_NIP, &pc) < 0)
1728 if (pc != tcp->baddr) {
1729 /* The breakpoint has not been reached yet. */
1731 fprintf(stderr, "NOTE: PC not at bpt (pc %#lx baddr %#lx)\n",
1736 if (upeek(tcp->pid, 4*PT_PC, &pc) < 0)
1738 if (pc != tcp->baddr) {
1739 /* The breakpoint has not been reached yet. */
1741 fprintf(stderr, "NOTE: PC not at bpt (pc %#lx baddr %#lx)\n",
1745 #elif defined(ALPHA)
1746 if (upeek(tcp->pid, REG_PC, &pc) < 0)
1748 if (pc != tcp->baddr) {
1749 /* The breakpoint has not been reached yet. */
1751 fprintf(stderr, "NOTE: PC not at bpt (pc %#lx baddr %#lx)\n",
1756 if (upeek(tcp->pid, PT_IAOQ0, &iaoq) < 0)
1759 if (iaoq != tcp->baddr && iaoq != tcp->baddr + 4) {
1760 /* The breakpoint has not been reached yet. */
1762 fprintf(stderr, "NOTE: PC not at bpt (iaoq %#lx baddr %#lx)\n",
1766 iaoq = tcp->baddr | 3;
1767 /* We should be pointing at a 'ldi -1000,r1' in glibc, so it is
1768 * safe to set both IAOQ0 and IAOQ1 to that so the PSW N bit
1769 * has no significant effect.
1771 ptrace(PTRACE_POKEUSER, tcp->pid, (void *)PT_IAOQ0, iaoq);
1772 ptrace(PTRACE_POKEUSER, tcp->pid, (void *)PT_IAOQ1, iaoq);
1774 if (upeek(tcp->pid, 4*REG_PC, &pc) < 0)
1776 if (pc != tcp->baddr) {
1777 /* The breakpoint has not been reached yet. */
1779 fprintf(stderr, "NOTE: PC not at bpt (pc %#lx baddr %#lx)\n",
1785 #endif /* !SPARC && !IA64 */
1795 if (!(tcp->flags & TCB_BPTSET)) {
1796 fprintf(stderr, "PANIC: TCB not set in pid %u\n", tcp->pid);
1799 if (ptrace(PTRACE_WRITETEXT, tcp->pid, (char *) tcp->baddr,
1800 sizeof tcp->inst, (char *) tcp->inst) < 0) {
1801 perror("clearbtp: ptrace(PTRACE_WRITETEXT, ...)");
1804 tcp->flags &= ~TCB_BPTSET;
1808 * Since we don't have a single instruction breakpoint, we may have
1809 * to adjust the program counter after removing the our `breakpoint'.
1811 if (ptrace(PTRACE_GETREGS, tcp->pid, (char *)®s, 0) < 0) {
1812 perror("clearbpt: ptrace(PTRACE_GETREGS, ...)");
1815 if ((regs.r_pc < tcp->baddr) ||
1816 (regs.r_pc > tcp->baddr + 4)) {
1817 /* The breakpoint has not been reached yet */
1820 "NOTE: PC not at bpt (pc %#x baddr %#x)\n",
1821 regs.r_pc, tcp->parent->baddr);
1824 if (regs.r_pc != tcp->baddr)
1826 fprintf(stderr, "NOTE: PC adjusted (%#x -> %#x\n",
1827 regs.r_pc, tcp->baddr);
1829 regs.r_pc = tcp->baddr;
1830 if (ptrace(PTRACE_SETREGS, tcp->pid, (char *)®s, 0) < 0) {
1831 perror("clearbpt: ptrace(PTRACE_SETREGS, ...)");
1843 #endif /* !USE_PROCFS */
1854 for (n = 0; n < sizeof *hdr; n += 4) {
1856 if (upeek(pid, uoff(u_exdata) + n, &res) < 0)
1858 memcpy(((char *) hdr) + n, &res, 4);
1861 fprintf(stderr, "[struct exec: magic: %o version %u Mach %o\n",
1862 hdr->a_magic, hdr->a_toolversion, hdr->a_machtype);
1863 fprintf(stderr, "Text %lu Data %lu Bss %lu Syms %lu Entry %#lx]\n",
1864 hdr->a_text, hdr->a_data, hdr->a_bss, hdr->a_syms, hdr->a_entry);
1875 * Change `vfork' in a freshly exec'ed dynamically linked
1876 * executable's (internal) symbol table to plain old `fork'
1880 struct link_dynamic dyn;
1881 struct link_dynamic_2 ld;
1884 if (getex(pid, &hdr) < 0)
1889 if (umove(tcp, (int) N_DATADDR(hdr), &dyn) < 0) {
1890 fprintf(stderr, "Cannot read DYNAMIC\n");
1893 if (umove(tcp, (int) dyn.ld_un.ld_2, &ld) < 0) {
1894 fprintf(stderr, "Cannot read link_dynamic_2\n");
1897 if ((strtab = malloc((unsigned)ld.ld_symb_size)) == NULL) {
1898 fprintf(stderr, "fixvfork: out of memory\n");
1901 if (umoven(tcp, (int)ld.ld_symbols+(int)N_TXTADDR(hdr),
1902 (int)ld.ld_symb_size, strtab) < 0)
1906 for (cp = strtab; cp < strtab + ld.ld_symb_size; ) {
1907 fprintf(stderr, "[symbol: %s]\n", cp);
1912 for (cp = strtab; cp < strtab + ld.ld_symb_size; ) {
1913 if (strcmp(cp, "_vfork") == 0) {
1915 fprintf(stderr, "fixvfork: FOUND _vfork\n");
1916 strcpy(cp, "_fork");
1921 if (cp < strtab + ld.ld_symb_size)
1923 * Write entire symbol table back to avoid
1924 * memory alignment bugs in ptrace
1926 if (tload(pid, (int)ld.ld_symbols+(int)N_TXTADDR(hdr),
1927 (int)ld.ld_symb_size, strtab) < 0)