2 * Copyright (c) 1991, 1992 Paul Kranenburg <pk@cs.few.eur.nl>
3 * Copyright (c) 1993 Branko Lankester <branko@hacktic.nl>
4 * Copyright (c) 1993, 1994, 1995, 1996 Rick Sladkey <jrs@world.std.com>
5 * Copyright (c) 1996-1999 Wichert Akkerman <wichert@cistron.nl>
6 * Copyright (c) 1999 IBM Deutschland Entwicklung GmbH, IBM Corporation
7 * Linux for s390 port by D.J. Barrow
8 * <barrow_dj@mail.yahoo.com,djbarrow@de.ibm.com>
11 * Redistribution and use in source and binary forms, with or without
12 * modification, are permitted provided that the following conditions
14 * 1. Redistributions of source code must retain the above copyright
15 * notice, this list of conditions and the following disclaimer.
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in the
18 * documentation and/or other materials provided with the distribution.
19 * 3. The name of the author may not be used to endorse or promote products
20 * derived from this software without specific prior written permission.
22 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
23 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
24 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
25 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
26 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
27 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
28 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
29 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
30 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
31 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
39 #include <sys/syscall.h>
41 #include <sys/param.h>
47 #include <machine/reg.h>
52 #if defined(linux) && (__GLIBC__ < 2 || (__GLIBC__ == 2 && __GLIBC_MINOR__ < 1))
53 #include <linux/ptrace.h>
56 #if defined(LINUX) && defined(IA64)
57 # include <asm/ptrace_offsets.h>
63 # define PTRACE_PEEKUSR PTRACE_PEEKUSER
64 #elif defined(HAVE_LINUX_PTRACE_H)
66 #include <linux/ptrace.h>
69 #ifdef SUNOS4_KERNEL_ARCH_KLUDGE
70 #include <sys/utsname.h>
71 #endif /* SUNOS4_KERNEL_ARCH_KLUDGE */
73 #if defined(LINUX) && defined(SPARC)
75 # define fpq kernel_fpq
77 # define fpu kernel_fpu
83 #if !defined(__GLIBC__)
85 #include <linux/unistd.h>
87 #define _hack_syscall5(type,name,type1,arg1,type2,arg2,type3,arg3,type4,arg4,\
89 type name (type1 arg1,type2 arg2,type3 arg3,type4 arg4,type5 arg5) \
93 __asm__ volatile ("or %%g0, %1, %%o0\n\t" \
94 "or %%g0, %2, %%o1\n\t" \
95 "or %%g0, %3, %%o2\n\t" \
96 "or %%g0, %4, %%o3\n\t" \
97 "or %%g0, %5, %%o4\n\t" \
98 "or %%g0, %6, %%g1\n\t" \
101 "or %%g0, %%o0, %0\n\t" \
102 "sub %%g0, %%o0, %0\n\t" \
105 : "0" ((long)(arg1)),"1" ((long)(arg2)), \
106 "2" ((long)(arg3)),"3" ((long)(arg4)),"4" ((long)(arg5)), \
107 "i" (__NR_##syscall) \
108 : "g1", "o0", "o1", "o2", "o3", "o4"); \
110 return (type) __res; \
115 static _hack_syscall5(int,_ptrace,int,__request,int,__pid,int,__addr,int,__data,int,__addr2,ptrace)
125 #define MAX(a,b) (((a) > (b)) ? (a) : (b))
128 #define MIN(a,b) (((a) < (b)) ? (a) : (b))
145 return a->tv_sec || a->tv_usec;
150 struct timeval *a, *b;
152 if (a->tv_sec < b->tv_sec
153 || (a->tv_sec == b->tv_sec && a->tv_usec < b->tv_usec))
155 if (a->tv_sec > b->tv_sec
156 || (a->tv_sec == b->tv_sec && a->tv_usec > b->tv_usec))
165 return tv->tv_sec + tv->tv_usec/1000000.0;
170 struct timeval *tv, *a, *b;
172 tv->tv_sec = a->tv_sec + b->tv_sec;
173 tv->tv_usec = a->tv_usec + b->tv_usec;
174 if (tv->tv_usec > 1000000) {
176 tv->tv_usec -= 1000000;
182 struct timeval *tv, *a, *b;
184 tv->tv_sec = a->tv_sec - b->tv_sec;
185 tv->tv_usec = a->tv_usec - b->tv_usec;
186 if (((long) tv->tv_usec) < 0) {
188 tv->tv_usec += 1000000;
194 struct timeval *tv, *a;
197 tv->tv_usec = (a->tv_sec % n * 1000000 + a->tv_usec + n / 2) / n;
198 tv->tv_sec = a->tv_sec / n + tv->tv_usec / 1000000;
199 tv->tv_usec %= 1000000;
204 struct timeval *tv, *a;
207 tv->tv_usec = a->tv_usec * n;
208 tv->tv_sec = a->tv_sec * n + a->tv_usec / 1000000;
209 tv->tv_usec %= 1000000;
217 for (; xlat->str != NULL; xlat++)
218 if (xlat->val == val)
224 * Print entry in struct xlat table, if there.
227 printxval(xlat, val, dflt)
232 char *str = xlookup(xlat, val);
237 tprintf("%#x /* %s */", val, dflt);
241 * Interpret `xlat' as an array of flags
242 * print the entries whose bits are on in `flags'
243 * return # of flags printed.
246 addflags(xlat, flags)
252 for (n = 0; xlat->str; xlat++) {
253 if (xlat->val && (flags & xlat->val) == xlat->val) {
254 tprintf("|%s", xlat->str);
260 tprintf("|%#x", flags);
267 printflags(xlat, flags)
274 if (flags == 0 && xlat->val == 0) {
275 tprintf("%s", xlat->str);
280 for (n = 0; xlat->str; xlat++) {
281 if (xlat->val && (flags & xlat->val) == xlat->val) {
282 tprintf("%s%s", sep, xlat->str);
289 tprintf("%s%#x", sep, flags);
296 printnum(tcp, addr, fmt)
307 if (umove(tcp, addr, &num) < 0) {
308 tprintf("%#lx", addr);
316 static char path[MAXPATHLEN + 1];
322 char buf[2 * MAXPATHLEN + 1];
325 if (!strpbrk(str, "\"\'\\")) {
326 tprintf("\"%s\"", str);
329 for (s = buf; *str; str++) {
331 case '\"': case '\'': case '\\':
332 *s++ = '\\'; *s++ = *str; break;
338 tprintf("\"%s\"", buf);
346 if (umovestr(tcp, addr, MAXPATHLEN, path) < 0)
347 tprintf("%#lx", addr);
354 printpathn(tcp, addr, n)
359 if (umovestr(tcp, addr, n, path) < 0)
360 tprintf("%#lx", addr);
368 printstr(tcp, addr, len)
373 static unsigned char *str = NULL;
383 if ((str = malloc(max_strlen)) == NULL
384 || (outstr = malloc(2*max_strlen)) == NULL) {
385 fprintf(stderr, "printstr: no memory\n");
386 tprintf("%#lx", addr);
390 outend = outstr + max_strlen * 2 - 10;
393 if (umovestr(tcp, addr, n, (char *) str) < 0) {
394 tprintf("%#lx", addr);
399 n = MIN(len, max_strlen);
400 if (umoven(tcp, addr, n, (char *) str) < 0) {
401 tprintf("%#lx", addr);
410 for (i = 0; i < n; i++) {
412 if (len < 0 && c == '\0')
414 if (!isprint(c) && !isspace(c)) {
425 for (i = 0; i < n; i++) {
427 if (len < 0 && c == '\0')
429 sprintf(s, "\\x%02x", c);
436 for (i = 0; i < n; i++) {
438 if (len < 0 && c == '\0')
441 case '\"': case '\'': case '\\':
442 *s++ = '\\'; *s++ = c; break;
444 *s++ = '\\'; *s++ = 'f'; break;
446 *s++ = '\\'; *s++ = 'n'; break;
448 *s++ = '\\'; *s++ = 'r'; break;
450 *s++ = '\\'; *s++ = 't'; break;
452 *s++ = '\\'; *s++ = 'v'; break;
456 else if (i < n - 1 && isdigit(str[i + 1])) {
457 sprintf(s, "\\%03o", c);
461 sprintf(s, "\\%o", c);
472 if (i < len || (len < 0 && (i == n || s > outend))) {
473 *s++ = '.'; *s++ = '.'; *s++ = '.';
476 tprintf("%s", outstr);
481 dumpiov(tcp, len, addr)
490 if ((iov = (struct iovec *) malloc(len * sizeof *iov)) == NULL) {
491 fprintf(stderr, "dump: No memory");
494 if (umoven(tcp, addr,
495 len * sizeof *iov, (char *) iov) >= 0) {
497 for (i = 0; i < len; i++) {
498 /* include the buffer number to make it easy to
499 * match up the trace with the source */
500 tprintf(" * %lu bytes in buffer %d\n",
501 (unsigned long)iov[i].iov_len, i);
502 dumpstr(tcp, (long) iov[i].iov_base,
512 dumpstr(tcp, addr, len)
517 static int strsize = -1;
518 static unsigned char *str;
519 static char outstr[80];
526 if ((str = malloc(len)) == NULL) {
527 fprintf(stderr, "dump: no memory\n");
533 if (umoven(tcp, addr, len, (char *) str) < 0)
536 for (i = 0; i < len; i += 16) {
538 sprintf(s, " | %05x ", i);
540 for (j = 0; j < 16; j++) {
544 sprintf(s, " %02x", str[i + j]);
548 *s++ = ' '; *s++ = ' '; *s++ = ' ';
551 *s++ = ' '; *s++ = ' ';
552 for (j = 0; j < 16; j++) {
556 if (isprint(str[i + j]))
564 tprintf("%s |\n", outstr);
568 #define PAGMASK (~(PAGSIZ - 1))
570 * move `len' bytes of data from process `pid'
571 * at address `addr' to our space at `laddr'
574 umoven(tcp, addr, len, laddr)
587 char x[sizeof(long)];
590 if (addr & (sizeof(long) - 1)) {
591 /* addr not a multiple of sizeof(long) */
592 n = addr - (addr & -sizeof(long)); /* residue */
593 addr &= -sizeof(long); /* residue */
595 u.val = ptrace(PTRACE_PEEKDATA, pid, (char *) addr, 0);
597 if (started && (errno==EPERM || errno==EIO)) {
598 /* Ran into 'end of memory' - stupid "printpath" */
601 /* But if not started, we had a bogus address. */
602 perror("ptrace: umoven");
606 memcpy(laddr, &u.x[n], m = MIN(sizeof(long) - n, len));
607 addr += sizeof(long), laddr += m, len -= m;
611 u.val = ptrace(PTRACE_PEEKDATA, pid, (char *) addr, 0);
613 if (started && (errno==EPERM || errno==EIO)) {
614 /* Ran into 'end of memory' - stupid "printpath" */
618 perror("ptrace: umoven");
622 memcpy(laddr, u.x, m = MIN(sizeof(long), len));
623 addr += sizeof(long), laddr += m, len -= m;
633 char x[sizeof(long)];
636 if (addr & (sizeof(long) - 1)) {
637 /* addr not a multiple of sizeof(long) */
638 n = addr - (addr & -sizeof(long)); /* residue */
639 addr &= -sizeof(long); /* residue */
641 u.val = ptrace(PTRACE_PEEKDATA, pid, (char *) addr, 0);
646 memcpy(laddr, &u.x[n], m = MIN(sizeof(long) - n, len));
647 addr += sizeof(long), laddr += m, len -= m;
651 u.val = ptrace(PTRACE_PEEKDATA, pid, (char *) addr, 0);
656 memcpy(laddr, u.x, m = MIN(sizeof(long), len));
657 addr += sizeof(long), laddr += m, len -= m;
663 n = MIN(len, PAGSIZ);
664 n = MIN(n, ((addr + PAGSIZ) & PAGMASK) - addr);
665 if (ptrace(PTRACE_READDATA, pid,
666 (char *) addr, len, laddr) < 0) {
667 perror("umoven: ptrace(PTRACE_READDATA, ...)");
679 #ifdef HAVE_MP_PROCFS
680 int fd = tcp->pfd_as;
684 lseek(fd, addr, SEEK_SET);
685 if (read(fd, laddr, len) == -1)
687 #endif /* USE_PROCFS */
693 * like `umove' but make the additional effort of looking
694 * for a terminating zero byte.
697 umovestr(tcp, addr, len, laddr)
704 #ifdef HAVE_MP_PROCFS
705 int fd = tcp->pfd_as;
709 /* Some systems (e.g. FreeBSD) can be upset if we read off the
710 end of valid memory, avoid this by trying to read up
711 to page boundaries. But we don't know what a page is (and
712 getpagesize(2) (if it exists) doesn't necessarily return
713 hardware page size). Assume all pages >= 1024 (a-historical
716 int page = 1024; /* How to find this? */
717 int move = page - (addr & (page - 1));
720 lseek(fd, addr, SEEK_SET);
723 if (move > left) move = left;
724 if ((move = read(fd, laddr, move)) <= 0)
725 return left != len ? 0 : -1;
726 if (memchr (laddr, 0, move)) break;
732 #else /* !USE_PROCFS */
738 char x[sizeof(long)];
741 if (addr & (sizeof(long) - 1)) {
742 /* addr not a multiple of sizeof(long) */
743 n = addr - (addr & -sizeof(long)); /* residue */
744 addr &= -sizeof(long); /* residue */
746 u.val = ptrace(PTRACE_PEEKDATA, pid, (char *)addr, 0);
748 if (started && (errno==EPERM || errno==EIO)) {
749 /* Ran into 'end of memory' - stupid "printpath" */
756 memcpy(laddr, &u.x[n], m = MIN(sizeof(long)-n,len));
757 while (n & (sizeof(long) - 1))
758 if (u.x[n++] == '\0')
760 addr += sizeof(long), laddr += m, len -= m;
764 u.val = ptrace(PTRACE_PEEKDATA, pid, (char *)addr, 0);
766 if (started && (errno==EPERM || errno==EIO)) {
767 /* Ran into 'end of memory' - stupid "printpath" */
774 memcpy(laddr, u.x, m = MIN(sizeof(long), len));
775 for (i = 0; i < sizeof(long); i++)
779 addr += sizeof(long), laddr += m, len -= m;
781 #endif /* !USE_PROCFS */
787 #define PTRACE_WRITETEXT 101
788 #define PTRACE_WRITEDATA 102
795 uload(cmd, pid, addr, len, laddr)
806 n = MIN(len, PAGSIZ);
807 n = MIN(n, ((addr + PAGSIZ) & PAGMASK) - addr);
808 if (ptrace(cmd, pid, (char *)addr, n, laddr) < 0) {
809 perror("uload: ptrace(PTRACE_WRITE, ...)");
821 char x[sizeof(long)];
824 if (cmd == PTRACE_WRITETEXT) {
825 peek = PTRACE_PEEKTEXT;
826 poke = PTRACE_POKETEXT;
829 peek = PTRACE_PEEKDATA;
830 poke = PTRACE_POKEDATA;
832 if (addr & (sizeof(long) - 1)) {
833 /* addr not a multiple of sizeof(long) */
834 n = addr - (addr & -sizeof(long)); /* residue */
835 addr &= -sizeof(long);
837 u.val = ptrace(peek, pid, (char *) addr, 0);
839 perror("uload: POKE");
842 memcpy(&u.x[n], laddr, m = MIN(sizeof(long) - n, len));
843 if (ptrace(poke, pid, (char *)addr, u.val) < 0) {
844 perror("uload: POKE");
847 addr += sizeof(long), laddr += m, len -= m;
850 if (len < sizeof(long))
851 u.val = ptrace(peek, pid, (char *) addr, 0);
852 memcpy(u.x, laddr, m = MIN(sizeof(long), len));
853 if (ptrace(poke, pid, (char *) addr, u.val) < 0) {
854 perror("uload: POKE");
857 addr += sizeof(long), laddr += m, len -= m;
864 tload(pid, addr, len, laddr)
869 return uload(PTRACE_WRITETEXT, pid, addr, len, laddr);
873 dload(pid, addr, len, laddr)
879 return uload(PTRACE_WRITEDATA, pid, addr, len, laddr);
894 #ifdef SUNOS4_KERNEL_ARCH_KLUDGE
896 static int is_sun4m = -1;
899 /* Round up the usual suspects. */
900 if (is_sun4m == -1) {
901 if (uname(&name) < 0) {
902 perror("upeek: uname?");
905 is_sun4m = strcmp(name.machine, "sun4m") == 0;
907 extern struct xlat struct_user_offsets[];
910 for (x = struct_user_offsets; x->str; x++)
917 #endif /* SUNOS4_KERNEL_ARCH_KLUDGE */
919 val = ptrace(PTRACE_PEEKUSER, pid, (char *) off, 0);
920 if (val == -1 && errno) {
922 sprintf(buf,"upeek: ptrace(PTRACE_PEEKUSER,%d,%lu,0)",pid,off);
930 #endif /* !USE_PROCFS */
940 if (upeek(tcp->pid, 4*EIP, &pc) < 0)
942 #elif defined(X86_64)
943 if (upeek(tcp->pid, 8*RIP, &pc) < 0)
946 if (upeek(tcp->pid, PT_B0, &pc) < 0)
949 if (upeek(tcp->pid, 4*15, &pc) < 0)
951 #elif defined(POWERPC)
952 if (upeek(tcp->pid, sizeof(unsigned long)*PT_NIP, &pc) < 0)
955 if (upeek(tcp->pid, 4*PT_PC, &pc) < 0)
958 if (upeek(tcp->pid, REG_PC, &pc) < 0)
961 if (upeek(tcp->pid, REG_EPC, &pc) < 0)
965 if (ptrace(PTRACE_GETREGS,tcp->pid,(char *)®s,0) < 0)
968 #elif defined(S390) || defined(S390X)
969 if(upeek(tcp->pid,PT_PSWADDR,&pc) < 0)
972 if(upeek(tcp->pid,PT_IAOQ0,&pc) < 0)
975 if (upeek(tcp->pid, 4*REG_PC ,&pc) < 0)
977 #elif defined(SHMEDIA)
978 if (upeek(tcp->pid, REG_PC ,&pc) < 0)
986 * Return current program counter for `pid'
987 * Assumes PC is never 0xffffffff
991 if (ptrace(PTRACE_GETREGS, tcp->pid, (char *) ®s, 0) < 0) {
992 perror("getpc: ptrace(PTRACE_GETREGS, ...)");
1005 pread(tcp->pfd_reg, ®s, sizeof(regs), 0);
1007 #endif /* FREEBSD */
1019 if (upeek(tcp->pid, 4*EIP, &eip) < 0) {
1020 tprintf("[????????] ");
1023 tprintf("[%08lx] ", eip);
1024 #elif defined(X86_64)
1027 if (upeek(tcp->pid, 8*RIP, &rip) < 0) {
1028 tprintf("[????????] ");
1031 tprintf("[%16lx] ", rip);
1035 if (upeek(tcp->pid, PT_B0, &ip) < 0) {
1036 tprintf("[????????] ");
1039 tprintf("[%08lx] ", ip);
1040 #elif defined(POWERPC)
1043 if (upeek(tcp->pid, sizeof(unsigned long)*PT_NIP, &pc) < 0) {
1044 tprintf ("[????????] ");
1047 tprintf("[%08lx] ", pc);
1051 if (upeek(tcp->pid, 4*PT_PC, &pc) < 0) {
1052 tprintf ("[????????] ");
1055 tprintf("[%08lx] ", pc);
1056 #elif defined(ALPHA)
1059 if (upeek(tcp->pid, REG_PC, &pc) < 0) {
1060 tprintf ("[????????] ");
1063 tprintf("[%08lx] ", pc);
1064 #elif defined(SPARC)
1066 if (ptrace(PTRACE_GETREGS,tcp->pid,(char *)®s,0) < 0) {
1067 tprintf("[????????] ");
1070 tprintf("[%08lx] ", regs.r_pc);
1074 if(upeek(tcp->pid,PT_IAOQ0,&pc) < 0) {
1075 tprintf ("[????????] ");
1078 tprintf("[%08lx] ", pc);
1082 if (upeek(tcp->pid, REG_EPC, &pc) < 0) {
1083 tprintf ("[????????] ");
1086 tprintf("[%08lx] ", pc);
1090 if (upeek(tcp->pid, 4*REG_PC, &pc) < 0) {
1091 tprintf ("[????????] ");
1094 tprintf("[%08lx] ", pc);
1095 #elif defined(SHMEDIA)
1098 if (upeek(tcp->pid, REG_PC, &pc) < 0) {
1099 tprintf ("[????????] ");
1102 tprintf("[%08lx] ", pc);
1104 #endif /* !architecture */
1110 if (ptrace(PTRACE_GETREGS, tcp->pid, (char *) ®s, 0) < 0) {
1111 perror("printcall: ptrace(PTRACE_GETREGS, ...)");
1112 tprintf("[????????] ");
1115 tprintf("[%08x] ", regs.r_o7);
1120 tprintf("[????????] ");
1125 pread(tcp->pfd_reg, ®s, sizeof(regs), 0);
1126 tprintf("[%08x] ", regs.r_eip);
1127 #endif /* FREEBSD */
1134 #include <sys/syscall.h>
1135 #ifndef CLONE_PTRACE
1136 # define CLONE_PTRACE 0x00002000
1141 typedef unsigned long *arg_setup_state;
1144 arg_setup(struct tcb *tcp, arg_setup_state *state)
1146 unsigned long *bsp, cfm, sof, sol;
1148 if (upeek(tcp->pid, PT_AR_BSP, (long *) &bsp) < 0)
1150 if (upeek(tcp->pid, PT_CFM, (long *) &cfm) < 0)
1153 sof = (cfm >> 0) & 0x7f;
1154 sol = (cfm >> 7) & 0x7f;
1155 bsp = ia64_rse_skip_regs(bsp, -sof + sol);
1161 # define arg_finish_change(tcp, state) 0
1165 get_arg0 (struct tcb *tcp, arg_setup_state *state, long *valp)
1167 return umoven (tcp, (unsigned long) ia64_rse_skip_regs(*state, 0),
1168 sizeof(long), (void *) valp);
1172 get_arg1 (struct tcb *tcp, arg_setup_state *state, long *valp)
1174 return umoven (tcp, (unsigned long) ia64_rse_skip_regs(*state, 1),
1175 sizeof(long), (void *) valp);
1180 set_arg0 (struct tcb *tcp, arg_setup_state *state, long val)
1183 ap = ia64_rse_skip_regs(*state, 0);
1185 ptrace(PTRACE_POKEDATA, tcp->pid, (void *) ap, val);
1186 return errno ? -1 : 0;
1190 set_arg1 (struct tcb *tcp, arg_setup_state *state, long val)
1193 ap = ia64_rse_skip_regs(*state, 1);
1195 ptrace(PTRACE_POKEDATA, tcp->pid, (void *) ap, val);
1196 return errno ? -1 : 0;
1199 #elif defined (SPARC)
1201 typedef struct regs arg_setup_state;
1203 # define arg_setup(tcp, state) \
1204 (ptrace (PTRACE_GETREGS, tcp->pid, (char *) (state), 0))
1205 # define arg_finish_change(tcp, state) \
1206 (ptrace (PTRACE_SETREGS, tcp->pid, (char *) (state), 0))
1208 # define get_arg0(tcp, state, valp) (*(valp) = (state)->r_o0, 0)
1209 # define get_arg1(tcp, state, valp) (*(valp) = (state)->r_o1, 0)
1210 # define set_arg0(tcp, state, val) ((state)->r_o0 = (val), 0)
1211 # define set_arg1(tcp, state, val) ((state)->r_o1 = (val), 0)
1212 # define restore_arg0(tcp, state, val) 0
1216 # if defined S390 || defined S390X
1217 /* Note: this is only true for the `clone' system call, which handles
1218 arguments specially. We could as well say that its first two arguments
1219 are swapped relative to other architectures, but that would just be
1220 another #ifdef in the calls. */
1221 # define arg0_offset PT_GPR3
1222 # define arg1_offset PT_ORIGGPR2
1223 # define restore_arg0(tcp, state, val) ((void) (state), 0)
1224 # define restore_arg1(tcp, state, val) ((void) (state), 0)
1225 # elif defined (ALPHA) || defined (MIPS)
1226 # define arg0_offset REG_A0
1227 # define arg1_offset (REG_A0+1)
1228 # elif defined (POWERPC)
1229 # define arg0_offset (sizeof(unsigned long)*PT_R3)
1230 # define arg1_offset (sizeof(unsigned long)*PT_R4)
1231 # define restore_arg0(tcp, state, val) ((void) (state), 0)
1232 # elif defined (HPPA)
1233 # define arg0_offset PT_GR26
1234 # define arg1_offset (PT_GR26-4)
1235 # elif defined (X86_64)
1236 # define arg0_offset ((long)(8*(current_personality ? RBX : RDI)))
1237 # define arg1_offset ((long)(8*(current_personality ? RCX : RSI)))
1239 # define arg0_offset (4*(REG_REG0+4))
1240 # define arg1_offset (4*(REG_REG0+5))
1241 # elif defined (SHMEDIA)
1242 /* ABI defines arg0 & 1 in r2 & r3 */
1243 # define arg0_offset (REG_OFFSET+16)
1244 # define arg1_offset (REG_OFFSET+24)
1245 # define restore_arg0(tcp, state, val) 0
1247 # define arg0_offset 0
1248 # define arg1_offset 4
1250 # define restore_arg0(tcp, state, val) 0
1254 typedef int arg_setup_state;
1256 # define arg_setup(tcp, state) (0)
1257 # define arg_finish_change(tcp, state) 0
1258 # define get_arg0(tcp, cookie, valp) \
1259 (upeek ((tcp)->pid, arg0_offset, (valp)))
1260 # define get_arg1(tcp, cookie, valp) \
1261 (upeek ((tcp)->pid, arg1_offset, (valp)))
1264 set_arg0 (struct tcb *tcp, void *cookie, long val)
1266 return ptrace (PTRACE_POKEUSER, tcp->pid, (char*)arg0_offset, val);
1270 set_arg1 (struct tcb *tcp, void *cookie, long val)
1272 return ptrace (PTRACE_POKEUSER, tcp->pid, (char*)arg1_offset, val);
1277 #ifndef restore_arg0
1278 # define restore_arg0(tcp, state, val) set_arg0((tcp), (state), (val))
1280 #ifndef restore_arg1
1281 # define restore_arg1(tcp, state, val) set_arg1((tcp), (state), (val))
1288 extern int change_syscall(struct tcb *, int);
1289 arg_setup_state state;
1291 if (tcp->flags & TCB_BPTSET) {
1292 fprintf(stderr, "PANIC: TCB already set in pid %u\n", tcp->pid);
1296 switch (tcp->scno) {
1303 #if defined SYS_fork || defined SYS_vfork
1304 if (arg_setup (tcp, &state) < 0
1305 || get_arg0 (tcp, &state, &tcp->inst[0]) < 0
1306 || get_arg1 (tcp, &state, &tcp->inst[1]) < 0
1307 || change_syscall(tcp, SYS_clone) < 0
1308 || set_arg0 (tcp, &state, CLONE_PTRACE|SIGCHLD) < 0
1309 || set_arg1 (tcp, &state, 0) < 0
1310 || arg_finish_change (tcp, &state) < 0)
1312 tcp->u_arg[0] = CLONE_PTRACE|SIGCHLD;
1314 tcp->flags |= TCB_BPTSET;
1322 if ((tcp->u_arg[0] & CLONE_PTRACE) == 0
1323 && (arg_setup (tcp, &state) < 0
1324 || set_arg0 (tcp, &state, tcp->u_arg[0] | CLONE_PTRACE) < 0
1325 || arg_finish_change (tcp, &state) < 0))
1327 tcp->flags |= TCB_BPTSET;
1328 tcp->inst[0] = tcp->u_arg[0];
1329 tcp->inst[1] = tcp->u_arg[1];
1333 fprintf(stderr, "PANIC: setbpt for syscall %ld on %u???\n",
1334 tcp->scno, tcp->pid);
1345 arg_setup_state state;
1346 if (arg_setup (tcp, &state) < 0
1347 || restore_arg0 (tcp, &state, tcp->inst[0]) < 0
1348 || restore_arg1 (tcp, &state, tcp->inst[1]) < 0
1349 || arg_finish_change (tcp, &state))
1351 tcp->flags &= ~TCB_BPTSET;
1364 /* We simply use the SunOS breakpoint code. */
1367 #define LOOPA 0x30800000 /* ba,a 0 */
1369 if (tcp->flags & TCB_BPTSET) {
1370 fprintf(stderr, "PANIC: TCB already set in pid %u\n", tcp->pid);
1373 if (ptrace(PTRACE_GETREGS, tcp->pid, (char *)®s, 0) < 0) {
1374 perror("setbpt: ptrace(PTRACE_GETREGS, ...)");
1377 tcp->baddr = regs.r_o7 + 8;
1379 tcp->inst[0] = ptrace(PTRACE_PEEKTEXT, tcp->pid, (char *)tcp->baddr, 0);
1381 perror("setbpt: ptrace(PTRACE_PEEKTEXT, ...)");
1386 * XXX - BRUTAL MODE ON
1387 * We cannot set a real BPT in the child, since it will not be
1388 * traced at the moment it will reach the trap and would probably
1389 * die with a core dump.
1390 * Thus, we are force our way in by taking out two instructions
1391 * and insert an eternal loop instead, in expectance of the SIGSTOP
1392 * generated by out PTRACE_ATTACH.
1393 * Of cause, if we evaporate ourselves in the middle of all this...
1396 ptrace(PTRACE_POKETEXT, tcp->pid, (char *) tcp->baddr, LOOPA);
1398 perror("setbpt: ptrace(PTRACE_POKETEXT, ...)");
1401 tcp->flags |= TCB_BPTSET;
1406 # define LOOP 0x0000feeb
1407 if (tcp->flags & TCB_BPTSET) {
1408 fprintf(stderr, "PANIC: bpt already set in pid %u\n",
1412 if (upeek(tcp->pid, PT_CR_IIP, &tcp->baddr) < 0)
1415 fprintf(stderr, "[%d] setting bpt at %lx\n",
1416 tcp->pid, tcp->baddr);
1417 tcp->inst[0] = ptrace(PTRACE_PEEKTEXT, tcp->pid,
1418 (char *) tcp->baddr, 0);
1420 perror("setbpt: ptrace(PTRACE_PEEKTEXT, ...)");
1423 ptrace(PTRACE_POKETEXT, tcp->pid, (char *) tcp->baddr, LOOP);
1425 perror("setbpt: ptrace(PTRACE_POKETEXT, ...)");
1428 tcp->flags |= TCB_BPTSET;
1431 * Our strategy here is to replace the bundle that
1432 * contained the clone() syscall with a bundle of the
1435 * { 1: br 1b; br 1b; br 1b }
1437 * This ensures that the newly forked child will loop
1438 * endlessly until we've got a chance to attach to it.
1440 # define LOOP0 0x0000100000000017
1441 # define LOOP1 0x4000000000200000
1442 unsigned long addr, ipsr;
1446 if (upeek(pid, PT_CR_IPSR, &ipsr) < 0)
1448 if (upeek(pid, PT_CR_IIP, &addr) < 0)
1450 /* store "ri" in low two bits */
1451 tcp->baddr = addr | ((ipsr >> 41) & 0x3);
1454 tcp->inst[0] = ptrace(PTRACE_PEEKTEXT, pid, (char *) addr + 0,
1456 tcp->inst[1] = ptrace(PTRACE_PEEKTEXT, pid, (char *) addr + 8,
1459 perror("setbpt: ptrace(PTRACE_PEEKTEXT, ...)");
1464 ptrace(PTRACE_POKETEXT, pid, (char *) addr + 0, LOOP0);
1465 ptrace(PTRACE_POKETEXT, pid, (char *) addr + 8, LOOP1);
1467 perror("setbpt: ptrace(PTRACE_POKETEXT, ...)");
1470 tcp->flags |= TCB_BPTSET;
1474 #if defined (I386) || defined(X86_64)
1475 #define LOOP 0x0000feeb
1476 #elif defined (M68K)
1477 #define LOOP 0x60fe0000
1478 #elif defined (ALPHA)
1479 #define LOOP 0xc3ffffff
1480 #elif defined (POWERPC)
1481 #define LOOP 0x48000000
1483 #define LOOP 0xEAFFFFFE
1485 #define LOOP 0x1000ffff
1487 #define LOOP 0xa7f40000 /* BRC 15,0 */
1488 #elif defined(S390X)
1489 #define LOOP 0xa7f4000000000000UL /* BRC 15,0 */
1491 #define LOOP 0xe81f1ff7 /* b,l,n <loc>,r0 */
1493 #ifdef __LITTLE_ENDIAN__
1494 #define LOOP 0x0000affe
1496 #define LOOP 0xfeaf0000
1499 #error unknown architecture
1502 if (tcp->flags & TCB_BPTSET) {
1503 fprintf(stderr, "PANIC: bpt already set in pid %u\n", tcp->pid);
1507 if (upeek(tcp->pid, 4*EIP, &tcp->baddr) < 0)
1509 #elif defined (X86_64)
1510 if (upeek(tcp->pid, 8*RIP, &tcp->baddr) < 0)
1512 #elif defined (M68K)
1513 if (upeek(tcp->pid, 4*PT_PC, &tcp->baddr) < 0)
1515 #elif defined (ALPHA)
1519 #elif defined (MIPS)
1520 return -1; /* FIXME: I do not know what i do - Flo */
1521 #elif defined (POWERPC)
1522 if (upeek(tcp->pid, sizeof(unsigned long)*PT_NIP, &tcp->baddr) < 0)
1524 #elif defined(S390) || defined(S390X)
1525 if (upeek(tcp->pid,PT_PSWADDR, &tcp->baddr) < 0)
1528 if (upeek(tcp->pid, PT_IAOQ0, &tcp->baddr) < 0)
1530 tcp->baddr &= ~0x03;
1532 if (upeek(tcp->pid, 4*REG_PC, &tcp->baddr) < 0)
1535 #error unknown architecture
1538 fprintf(stderr, "[%d] setting bpt at %lx\n", tcp->pid, tcp->baddr);
1539 tcp->inst[0] = ptrace(PTRACE_PEEKTEXT, tcp->pid, (char *) tcp->baddr, 0);
1541 perror("setbpt: ptrace(PTRACE_PEEKTEXT, ...)");
1544 ptrace(PTRACE_POKETEXT, tcp->pid, (char *) tcp->baddr, LOOP);
1546 perror("setbpt: ptrace(PTRACE_POKETEXT, ...)");
1549 tcp->flags |= TCB_BPTSET;
1556 #ifdef SPARC /* This code is slightly sparc specific */
1559 #define BPT 0x91d02001 /* ta 1 */
1560 #define LOOP 0x10800000 /* ba 0 */
1561 #define LOOPA 0x30800000 /* ba,a 0 */
1562 #define NOP 0x01000000
1564 static int loopdeloop[1] = {LOOPA};
1566 static int loopdeloop[2] = {LOOP, NOP};
1569 if (tcp->flags & TCB_BPTSET) {
1570 fprintf(stderr, "PANIC: TCB already set in pid %u\n", tcp->pid);
1573 if (ptrace(PTRACE_GETREGS, tcp->pid, (char *)®s, 0) < 0) {
1574 perror("setbpt: ptrace(PTRACE_GETREGS, ...)");
1577 tcp->baddr = regs.r_o7 + 8;
1578 if (ptrace(PTRACE_READTEXT, tcp->pid, (char *)tcp->baddr,
1579 sizeof tcp->inst, (char *)tcp->inst) < 0) {
1580 perror("setbpt: ptrace(PTRACE_READTEXT, ...)");
1585 * XXX - BRUTAL MODE ON
1586 * We cannot set a real BPT in the child, since it will not be
1587 * traced at the moment it will reach the trap and would probably
1588 * die with a core dump.
1589 * Thus, we are force our way in by taking out two instructions
1590 * and insert an eternal loop in stead, in expectance of the SIGSTOP
1591 * generated by out PTRACE_ATTACH.
1592 * Of cause, if we evaporate ourselves in the middle of all this...
1594 if (ptrace(PTRACE_WRITETEXT, tcp->pid, (char *) tcp->baddr,
1595 sizeof loopdeloop, (char *) loopdeloop) < 0) {
1596 perror("setbpt: ptrace(PTRACE_WRITETEXT, ...)");
1599 tcp->flags |= TCB_BPTSET;
1613 #if defined(I386) || defined(X86_64)
1615 #elif defined(POWERPC)
1619 #elif defined(ALPHA)
1625 #endif /* architecture */
1628 /* Again, we borrow the SunOS breakpoint code. */
1629 if (!(tcp->flags & TCB_BPTSET)) {
1630 fprintf(stderr, "PANIC: TCB not set in pid %u\n", tcp->pid);
1634 ptrace(PTRACE_POKETEXT, tcp->pid, (char *) tcp->baddr, tcp->inst[0]);
1636 perror("clearbtp: ptrace(PTRACE_POKETEXT, ...)");
1639 tcp->flags &= ~TCB_BPTSET;
1645 fprintf(stderr, "[%d] clearing bpt\n", tcp->pid);
1646 if (!(tcp->flags & TCB_BPTSET)) {
1647 fprintf(stderr, "PANIC: TCB not set in pid %u\n", tcp->pid);
1651 ptrace(PTRACE_POKETEXT, tcp->pid, (char *) tcp->baddr, tcp->inst[0]);
1653 perror("clearbtp: ptrace(PTRACE_POKETEXT, ...)");
1656 tcp->flags &= ~TCB_BPTSET;
1658 if (upeek(tcp->pid, PT_CR_IIP, &addr) < 0)
1660 if (addr != tcp->baddr) {
1661 /* The breakpoint has not been reached yet. */
1664 "NOTE: PC not at bpt (pc %#lx baddr %#lx)\n",
1669 unsigned long addr, ipsr;
1674 if (upeek(pid, PT_CR_IPSR, &ipsr) < 0)
1676 if (upeek(pid, PT_CR_IIP, &addr) < 0)
1679 /* restore original bundle: */
1681 ptrace(PTRACE_POKETEXT, pid, (char *) addr + 0, tcp->inst[0]);
1682 ptrace(PTRACE_POKETEXT, pid, (char *) addr + 8, tcp->inst[1]);
1684 perror("clearbpt: ptrace(PTRACE_POKETEXT, ...)");
1688 /* restore original "ri" in ipsr: */
1689 ipsr = (ipsr & ~(0x3ul << 41)) | ((tcp->baddr & 0x3) << 41);
1691 ptrace(PTRACE_POKEUSER, pid, (char *) PT_CR_IPSR, ipsr);
1693 perror("clrbpt: ptrace(PTRACE_POKEUSER, ...)");
1697 tcp->flags &= ~TCB_BPTSET;
1699 if (addr != (tcp->baddr & ~0x3)) {
1700 /* the breakpoint has not been reached yet. */
1702 fprintf(stderr, "NOTE: PC not at bpt (pc %#lx baddr %#lx)\n",
1707 #else /* !IA64 && ! SPARC */
1710 fprintf(stderr, "[%d] clearing bpt\n", tcp->pid);
1711 if (!(tcp->flags & TCB_BPTSET)) {
1712 fprintf(stderr, "PANIC: TCB not set in pid %u\n", tcp->pid);
1716 ptrace(PTRACE_POKETEXT, tcp->pid, (char *) tcp->baddr, tcp->inst[0]);
1718 perror("clearbtp: ptrace(PTRACE_POKETEXT, ...)");
1721 tcp->flags &= ~TCB_BPTSET;
1724 if (upeek(tcp->pid, 4*EIP, &eip) < 0)
1726 if (eip != tcp->baddr) {
1727 /* The breakpoint has not been reached yet. */
1730 "NOTE: PC not at bpt (pc %#lx baddr %#lx)\n",
1734 #elif defined(X86_64)
1735 if (upeek(tcp->pid, 8*RIP, &eip) < 0)
1737 if (eip != tcp->baddr) {
1738 /* The breakpoint has not been reached yet. */
1741 "NOTE: PC not at bpt (pc %#lx baddr %#lx)\n",
1745 #elif defined(POWERPC)
1746 if (upeek(tcp->pid, sizeof(unsigned long)*PT_NIP, &pc) < 0)
1748 if (pc != tcp->baddr) {
1749 /* The breakpoint has not been reached yet. */
1751 fprintf(stderr, "NOTE: PC not at bpt (pc %#lx baddr %#lx)\n",
1756 if (upeek(tcp->pid, 4*PT_PC, &pc) < 0)
1758 if (pc != tcp->baddr) {
1759 /* The breakpoint has not been reached yet. */
1761 fprintf(stderr, "NOTE: PC not at bpt (pc %#lx baddr %#lx)\n",
1765 #elif defined(ALPHA)
1766 if (upeek(tcp->pid, REG_PC, &pc) < 0)
1768 if (pc != tcp->baddr) {
1769 /* The breakpoint has not been reached yet. */
1771 fprintf(stderr, "NOTE: PC not at bpt (pc %#lx baddr %#lx)\n",
1776 if (upeek(tcp->pid, PT_IAOQ0, &iaoq) < 0)
1779 if (iaoq != tcp->baddr && iaoq != tcp->baddr + 4) {
1780 /* The breakpoint has not been reached yet. */
1782 fprintf(stderr, "NOTE: PC not at bpt (iaoq %#lx baddr %#lx)\n",
1786 iaoq = tcp->baddr | 3;
1787 /* We should be pointing at a 'ldi -1000,r1' in glibc, so it is
1788 * safe to set both IAOQ0 and IAOQ1 to that so the PSW N bit
1789 * has no significant effect.
1791 ptrace(PTRACE_POKEUSER, tcp->pid, (void *)PT_IAOQ0, iaoq);
1792 ptrace(PTRACE_POKEUSER, tcp->pid, (void *)PT_IAOQ1, iaoq);
1794 if (upeek(tcp->pid, 4*REG_PC, &pc) < 0)
1796 if (pc != tcp->baddr) {
1797 /* The breakpoint has not been reached yet. */
1799 fprintf(stderr, "NOTE: PC not at bpt (pc %#lx baddr %#lx)\n",
1805 #endif /* !SPARC && !IA64 */
1815 if (!(tcp->flags & TCB_BPTSET)) {
1816 fprintf(stderr, "PANIC: TCB not set in pid %u\n", tcp->pid);
1819 if (ptrace(PTRACE_WRITETEXT, tcp->pid, (char *) tcp->baddr,
1820 sizeof tcp->inst, (char *) tcp->inst) < 0) {
1821 perror("clearbtp: ptrace(PTRACE_WRITETEXT, ...)");
1824 tcp->flags &= ~TCB_BPTSET;
1828 * Since we don't have a single instruction breakpoint, we may have
1829 * to adjust the program counter after removing the our `breakpoint'.
1831 if (ptrace(PTRACE_GETREGS, tcp->pid, (char *)®s, 0) < 0) {
1832 perror("clearbpt: ptrace(PTRACE_GETREGS, ...)");
1835 if ((regs.r_pc < tcp->baddr) ||
1836 (regs.r_pc > tcp->baddr + 4)) {
1837 /* The breakpoint has not been reached yet */
1840 "NOTE: PC not at bpt (pc %#x baddr %#x)\n",
1841 regs.r_pc, tcp->parent->baddr);
1844 if (regs.r_pc != tcp->baddr)
1846 fprintf(stderr, "NOTE: PC adjusted (%#x -> %#x\n",
1847 regs.r_pc, tcp->baddr);
1849 regs.r_pc = tcp->baddr;
1850 if (ptrace(PTRACE_SETREGS, tcp->pid, (char *)®s, 0) < 0) {
1851 perror("clearbpt: ptrace(PTRACE_SETREGS, ...)");
1863 #endif /* !USE_PROCFS */
1874 for (n = 0; n < sizeof *hdr; n += 4) {
1876 if (upeek(pid, uoff(u_exdata) + n, &res) < 0)
1878 memcpy(((char *) hdr) + n, &res, 4);
1881 fprintf(stderr, "[struct exec: magic: %o version %u Mach %o\n",
1882 hdr->a_magic, hdr->a_toolversion, hdr->a_machtype);
1883 fprintf(stderr, "Text %lu Data %lu Bss %lu Syms %lu Entry %#lx]\n",
1884 hdr->a_text, hdr->a_data, hdr->a_bss, hdr->a_syms, hdr->a_entry);
1895 * Change `vfork' in a freshly exec'ed dynamically linked
1896 * executable's (internal) symbol table to plain old `fork'
1900 struct link_dynamic dyn;
1901 struct link_dynamic_2 ld;
1904 if (getex(pid, &hdr) < 0)
1909 if (umove(tcp, (int) N_DATADDR(hdr), &dyn) < 0) {
1910 fprintf(stderr, "Cannot read DYNAMIC\n");
1913 if (umove(tcp, (int) dyn.ld_un.ld_2, &ld) < 0) {
1914 fprintf(stderr, "Cannot read link_dynamic_2\n");
1917 if ((strtab = malloc((unsigned)ld.ld_symb_size)) == NULL) {
1918 fprintf(stderr, "fixvfork: out of memory\n");
1921 if (umoven(tcp, (int)ld.ld_symbols+(int)N_TXTADDR(hdr),
1922 (int)ld.ld_symb_size, strtab) < 0)
1926 for (cp = strtab; cp < strtab + ld.ld_symb_size; ) {
1927 fprintf(stderr, "[symbol: %s]\n", cp);
1932 for (cp = strtab; cp < strtab + ld.ld_symb_size; ) {
1933 if (strcmp(cp, "_vfork") == 0) {
1935 fprintf(stderr, "fixvfork: FOUND _vfork\n");
1936 strcpy(cp, "_fork");
1941 if (cp < strtab + ld.ld_symb_size)
1943 * Write entire symbol table back to avoid
1944 * memory alignment bugs in ptrace
1946 if (tload(pid, (int)ld.ld_symbols+(int)N_TXTADDR(hdr),
1947 (int)ld.ld_symb_size, strtab) < 0)