2 * Copyright (c) 1991, 1992 Paul Kranenburg <pk@cs.few.eur.nl>
3 * Copyright (c) 1993 Branko Lankester <branko@hacktic.nl>
4 * Copyright (c) 1993, 1994, 1995, 1996 Rick Sladkey <jrs@world.std.com>
5 * Copyright (c) 1996-1999 Wichert Akkerman <wichert@cistron.nl>
6 * Copyright (c) 1999 IBM Deutschland Entwicklung GmbH, IBM Corporation
7 * Linux for s390 port by D.J. Barrow
8 * <barrow_dj@mail.yahoo.com,djbarrow@de.ibm.com>
11 * Redistribution and use in source and binary forms, with or without
12 * modification, are permitted provided that the following conditions
14 * 1. Redistributions of source code must retain the above copyright
15 * notice, this list of conditions and the following disclaimer.
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in the
18 * documentation and/or other materials provided with the distribution.
19 * 3. The name of the author may not be used to endorse or promote products
20 * derived from this software without specific prior written permission.
22 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
23 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
24 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
25 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
26 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
27 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
28 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
29 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
30 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
31 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
39 #include <sys/syscall.h>
41 #include <sys/param.h>
47 #include <machine/reg.h>
52 #if defined(linux) && (__GLIBC__ < 2 || (__GLIBC__ == 2 && __GLIBC_MINOR__ < 1))
53 #include <linux/ptrace.h>
56 #if defined(LINUX) && defined(IA64)
57 # include <asm/ptrace_offsets.h>
63 # define PTRACE_PEEKUSR PTRACE_PEEKUSER
64 #elif defined(HAVE_LINUX_PTRACE_H)
66 # ifdef HAVE_STRUCT_IA64_FPREG
67 # define ia64_fpreg XXX_ia64_fpreg
69 # ifdef HAVE_STRUCT_PT_ALL_USER_REGS
70 # define pt_all_user_regs XXX_pt_all_user_regs
72 #include <linux/ptrace.h>
74 # undef pt_all_user_regs
77 #ifdef SUNOS4_KERNEL_ARCH_KLUDGE
78 #include <sys/utsname.h>
79 #endif /* SUNOS4_KERNEL_ARCH_KLUDGE */
81 #if defined(LINUX) && defined(SPARC)
83 # define fpq kernel_fpq
85 # define fpu kernel_fpu
91 #if !defined(__GLIBC__)
93 #include <linux/unistd.h>
95 #define _hack_syscall5(type,name,type1,arg1,type2,arg2,type3,arg3,type4,arg4,\
97 type name (type1 arg1,type2 arg2,type3 arg3,type4 arg4,type5 arg5) \
101 __asm__ volatile ("or %%g0, %1, %%o0\n\t" \
102 "or %%g0, %2, %%o1\n\t" \
103 "or %%g0, %3, %%o2\n\t" \
104 "or %%g0, %4, %%o3\n\t" \
105 "or %%g0, %5, %%o4\n\t" \
106 "or %%g0, %6, %%g1\n\t" \
109 "or %%g0, %%o0, %0\n\t" \
110 "sub %%g0, %%o0, %0\n\t" \
113 : "0" ((long)(arg1)),"1" ((long)(arg2)), \
114 "2" ((long)(arg3)),"3" ((long)(arg4)),"4" ((long)(arg5)), \
115 "i" (__NR_##syscall) \
116 : "g1", "o0", "o1", "o2", "o3", "o4"); \
118 return (type) __res; \
123 static _hack_syscall5(int,_ptrace,int,__request,int,__pid,int,__addr,int,__data,int,__addr2,ptrace)
133 #define MAX(a,b) (((a) > (b)) ? (a) : (b))
136 #define MIN(a,b) (((a) < (b)) ? (a) : (b))
153 return a->tv_sec || a->tv_usec;
158 struct timeval *a, *b;
160 if (a->tv_sec < b->tv_sec
161 || (a->tv_sec == b->tv_sec && a->tv_usec < b->tv_usec))
163 if (a->tv_sec > b->tv_sec
164 || (a->tv_sec == b->tv_sec && a->tv_usec > b->tv_usec))
173 return tv->tv_sec + tv->tv_usec/1000000.0;
178 struct timeval *tv, *a, *b;
180 tv->tv_sec = a->tv_sec + b->tv_sec;
181 tv->tv_usec = a->tv_usec + b->tv_usec;
182 if (tv->tv_usec > 1000000) {
184 tv->tv_usec -= 1000000;
190 struct timeval *tv, *a, *b;
192 tv->tv_sec = a->tv_sec - b->tv_sec;
193 tv->tv_usec = a->tv_usec - b->tv_usec;
194 if (((long) tv->tv_usec) < 0) {
196 tv->tv_usec += 1000000;
202 struct timeval *tv, *a;
205 tv->tv_usec = (a->tv_sec % n * 1000000 + a->tv_usec + n / 2) / n;
206 tv->tv_sec = a->tv_sec / n + tv->tv_usec / 1000000;
207 tv->tv_usec %= 1000000;
212 struct timeval *tv, *a;
215 tv->tv_usec = a->tv_usec * n;
216 tv->tv_sec = a->tv_sec * n + a->tv_usec / 1000000;
217 tv->tv_usec %= 1000000;
225 for (; xlat->str != NULL; xlat++)
226 if (xlat->val == val)
232 * Print entry in struct xlat table, if there.
235 printxval(xlat, val, dflt)
240 char *str = xlookup(xlat, val);
245 tprintf("%#x /* %s */", val, dflt);
249 * Interpret `xlat' as an array of flags
250 * print the entries whose bits are on in `flags'
251 * return # of flags printed.
254 addflags(xlat, flags)
260 for (n = 0; xlat->str; xlat++) {
261 if (xlat->val && (flags & xlat->val) == xlat->val) {
262 tprintf("|%s", xlat->str);
268 tprintf("|%#x", flags);
275 printflags(xlat, flags)
282 if (flags == 0 && xlat->val == 0) {
283 tprintf("%s", xlat->str);
288 for (n = 0; xlat->str; xlat++) {
289 if (xlat->val && (flags & xlat->val) == xlat->val) {
290 tprintf("%s%s", sep, xlat->str);
297 tprintf("%s%#x", sep, flags);
304 printnum(tcp, addr, fmt)
315 if (umove(tcp, addr, &num) < 0) {
316 tprintf("%#lx", addr);
330 tprintf((uid == -1) ? "%ld" : "%lu", uid);
333 static char path[MAXPATHLEN + 1];
339 char buf[2 * MAXPATHLEN + 1];
342 if (!strpbrk(str, "\"\'\\")) {
343 tprintf("\"%s\"", str);
346 for (s = buf; *str; str++) {
348 case '\"': case '\'': case '\\':
349 *s++ = '\\'; *s++ = *str; break;
355 tprintf("\"%s\"", buf);
363 if (umovestr(tcp, addr, MAXPATHLEN, path) < 0)
364 tprintf("%#lx", addr);
371 printpathn(tcp, addr, n)
376 if (umovestr(tcp, addr, n, path) < 0)
377 tprintf("%#lx", addr);
385 printstr(tcp, addr, len)
390 static unsigned char *str = NULL;
400 if ((str = malloc(max_strlen)) == NULL
401 || (outstr = malloc(2*max_strlen)) == NULL) {
402 fprintf(stderr, "printstr: no memory\n");
403 tprintf("%#lx", addr);
407 outend = outstr + max_strlen * 2 - 10;
410 if (umovestr(tcp, addr, n, (char *) str) < 0) {
411 tprintf("%#lx", addr);
416 n = MIN(len, max_strlen);
417 if (umoven(tcp, addr, n, (char *) str) < 0) {
418 tprintf("%#lx", addr);
427 for (i = 0; i < n; i++) {
429 if (len < 0 && c == '\0')
431 if (!isprint(c) && !isspace(c)) {
442 for (i = 0; i < n; i++) {
444 if (len < 0 && c == '\0')
446 sprintf(s, "\\x%02x", c);
453 for (i = 0; i < n; i++) {
455 if (len < 0 && c == '\0')
458 case '\"': case '\'': case '\\':
459 *s++ = '\\'; *s++ = c; break;
461 *s++ = '\\'; *s++ = 'f'; break;
463 *s++ = '\\'; *s++ = 'n'; break;
465 *s++ = '\\'; *s++ = 'r'; break;
467 *s++ = '\\'; *s++ = 't'; break;
469 *s++ = '\\'; *s++ = 'v'; break;
473 else if (i < n - 1 && isdigit(str[i + 1])) {
474 sprintf(s, "\\%03o", c);
478 sprintf(s, "\\%o", c);
489 if (i < len || (len < 0 && (i == n || s > outend))) {
490 *s++ = '.'; *s++ = '.'; *s++ = '.';
493 tprintf("%s", outstr);
498 dumpiov(tcp, len, addr)
507 if ((iov = (struct iovec *) malloc(len * sizeof *iov)) == NULL) {
508 fprintf(stderr, "dump: No memory");
511 if (umoven(tcp, addr,
512 len * sizeof *iov, (char *) iov) >= 0) {
514 for (i = 0; i < len; i++) {
515 /* include the buffer number to make it easy to
516 * match up the trace with the source */
517 tprintf(" * %lu bytes in buffer %d\n",
518 (unsigned long)iov[i].iov_len, i);
519 dumpstr(tcp, (long) iov[i].iov_base,
529 dumpstr(tcp, addr, len)
534 static int strsize = -1;
535 static unsigned char *str;
536 static char outstr[80];
543 if ((str = malloc(len)) == NULL) {
544 fprintf(stderr, "dump: no memory\n");
550 if (umoven(tcp, addr, len, (char *) str) < 0)
553 for (i = 0; i < len; i += 16) {
555 sprintf(s, " | %05x ", i);
557 for (j = 0; j < 16; j++) {
561 sprintf(s, " %02x", str[i + j]);
565 *s++ = ' '; *s++ = ' '; *s++ = ' ';
568 *s++ = ' '; *s++ = ' ';
569 for (j = 0; j < 16; j++) {
573 if (isprint(str[i + j]))
581 tprintf("%s |\n", outstr);
585 #define PAGMASK (~(PAGSIZ - 1))
587 * move `len' bytes of data from process `pid'
588 * at address `addr' to our space at `laddr'
591 umoven(tcp, addr, len, laddr)
604 char x[sizeof(long)];
607 if (addr & (sizeof(long) - 1)) {
608 /* addr not a multiple of sizeof(long) */
609 n = addr - (addr & -sizeof(long)); /* residue */
610 addr &= -sizeof(long); /* residue */
612 u.val = ptrace(PTRACE_PEEKDATA, pid, (char *) addr, 0);
614 if (started && (errno==EPERM || errno==EIO)) {
615 /* Ran into 'end of memory' - stupid "printpath" */
618 /* But if not started, we had a bogus address. */
619 perror("ptrace: umoven");
623 memcpy(laddr, &u.x[n], m = MIN(sizeof(long) - n, len));
624 addr += sizeof(long), laddr += m, len -= m;
628 u.val = ptrace(PTRACE_PEEKDATA, pid, (char *) addr, 0);
630 if (started && (errno==EPERM || errno==EIO)) {
631 /* Ran into 'end of memory' - stupid "printpath" */
635 perror("ptrace: umoven");
639 memcpy(laddr, u.x, m = MIN(sizeof(long), len));
640 addr += sizeof(long), laddr += m, len -= m;
650 char x[sizeof(long)];
653 if (addr & (sizeof(long) - 1)) {
654 /* addr not a multiple of sizeof(long) */
655 n = addr - (addr & -sizeof(long)); /* residue */
656 addr &= -sizeof(long); /* residue */
658 u.val = ptrace(PTRACE_PEEKDATA, pid, (char *) addr, 0);
663 memcpy(laddr, &u.x[n], m = MIN(sizeof(long) - n, len));
664 addr += sizeof(long), laddr += m, len -= m;
668 u.val = ptrace(PTRACE_PEEKDATA, pid, (char *) addr, 0);
673 memcpy(laddr, u.x, m = MIN(sizeof(long), len));
674 addr += sizeof(long), laddr += m, len -= m;
680 n = MIN(len, PAGSIZ);
681 n = MIN(n, ((addr + PAGSIZ) & PAGMASK) - addr);
682 if (ptrace(PTRACE_READDATA, pid,
683 (char *) addr, len, laddr) < 0) {
684 perror("umoven: ptrace(PTRACE_READDATA, ...)");
696 #ifdef HAVE_MP_PROCFS
697 int fd = tcp->pfd_as;
701 lseek(fd, addr, SEEK_SET);
702 if (read(fd, laddr, len) == -1)
704 #endif /* USE_PROCFS */
710 * like `umove' but make the additional effort of looking
711 * for a terminating zero byte.
714 umovestr(tcp, addr, len, laddr)
721 #ifdef HAVE_MP_PROCFS
722 int fd = tcp->pfd_as;
726 /* Some systems (e.g. FreeBSD) can be upset if we read off the
727 end of valid memory, avoid this by trying to read up
728 to page boundaries. But we don't know what a page is (and
729 getpagesize(2) (if it exists) doesn't necessarily return
730 hardware page size). Assume all pages >= 1024 (a-historical
733 int page = 1024; /* How to find this? */
734 int move = page - (addr & (page - 1));
737 lseek(fd, addr, SEEK_SET);
740 if (move > left) move = left;
741 if ((move = read(fd, laddr, move)) <= 0)
742 return left != len ? 0 : -1;
743 if (memchr (laddr, 0, move)) break;
749 #else /* !USE_PROCFS */
755 char x[sizeof(long)];
758 if (addr & (sizeof(long) - 1)) {
759 /* addr not a multiple of sizeof(long) */
760 n = addr - (addr & -sizeof(long)); /* residue */
761 addr &= -sizeof(long); /* residue */
763 u.val = ptrace(PTRACE_PEEKDATA, pid, (char *)addr, 0);
765 if (started && (errno==EPERM || errno==EIO)) {
766 /* Ran into 'end of memory' - stupid "printpath" */
773 memcpy(laddr, &u.x[n], m = MIN(sizeof(long)-n,len));
774 while (n & (sizeof(long) - 1))
775 if (u.x[n++] == '\0')
777 addr += sizeof(long), laddr += m, len -= m;
781 u.val = ptrace(PTRACE_PEEKDATA, pid, (char *)addr, 0);
783 if (started && (errno==EPERM || errno==EIO)) {
784 /* Ran into 'end of memory' - stupid "printpath" */
791 memcpy(laddr, u.x, m = MIN(sizeof(long), len));
792 for (i = 0; i < sizeof(long); i++)
796 addr += sizeof(long), laddr += m, len -= m;
798 #endif /* !USE_PROCFS */
804 #define PTRACE_WRITETEXT 101
805 #define PTRACE_WRITEDATA 102
812 uload(cmd, pid, addr, len, laddr)
823 n = MIN(len, PAGSIZ);
824 n = MIN(n, ((addr + PAGSIZ) & PAGMASK) - addr);
825 if (ptrace(cmd, pid, (char *)addr, n, laddr) < 0) {
826 perror("uload: ptrace(PTRACE_WRITE, ...)");
838 char x[sizeof(long)];
841 if (cmd == PTRACE_WRITETEXT) {
842 peek = PTRACE_PEEKTEXT;
843 poke = PTRACE_POKETEXT;
846 peek = PTRACE_PEEKDATA;
847 poke = PTRACE_POKEDATA;
849 if (addr & (sizeof(long) - 1)) {
850 /* addr not a multiple of sizeof(long) */
851 n = addr - (addr & -sizeof(long)); /* residue */
852 addr &= -sizeof(long);
854 u.val = ptrace(peek, pid, (char *) addr, 0);
856 perror("uload: POKE");
859 memcpy(&u.x[n], laddr, m = MIN(sizeof(long) - n, len));
860 if (ptrace(poke, pid, (char *)addr, u.val) < 0) {
861 perror("uload: POKE");
864 addr += sizeof(long), laddr += m, len -= m;
867 if (len < sizeof(long))
868 u.val = ptrace(peek, pid, (char *) addr, 0);
869 memcpy(u.x, laddr, m = MIN(sizeof(long), len));
870 if (ptrace(poke, pid, (char *) addr, u.val) < 0) {
871 perror("uload: POKE");
874 addr += sizeof(long), laddr += m, len -= m;
881 tload(pid, addr, len, laddr)
886 return uload(PTRACE_WRITETEXT, pid, addr, len, laddr);
890 dload(pid, addr, len, laddr)
896 return uload(PTRACE_WRITEDATA, pid, addr, len, laddr);
911 #ifdef SUNOS4_KERNEL_ARCH_KLUDGE
913 static int is_sun4m = -1;
916 /* Round up the usual suspects. */
917 if (is_sun4m == -1) {
918 if (uname(&name) < 0) {
919 perror("upeek: uname?");
922 is_sun4m = strcmp(name.machine, "sun4m") == 0;
924 extern struct xlat struct_user_offsets[];
927 for (x = struct_user_offsets; x->str; x++)
934 #endif /* SUNOS4_KERNEL_ARCH_KLUDGE */
936 val = ptrace(PTRACE_PEEKUSER, pid, (char *) off, 0);
937 if (val == -1 && errno) {
939 sprintf(buf,"upeek: ptrace(PTRACE_PEEKUSER,%d,%lu,0)",pid,off);
947 #endif /* !USE_PROCFS */
957 if (upeek(tcp->pid, 4*EIP, &pc) < 0)
959 #elif defined(X86_64)
960 if (upeek(tcp->pid, 8*RIP, &pc) < 0)
963 if (upeek(tcp->pid, PT_B0, &pc) < 0)
966 if (upeek(tcp->pid, 4*15, &pc) < 0)
968 #elif defined(POWERPC)
969 if (upeek(tcp->pid, sizeof(unsigned long)*PT_NIP, &pc) < 0)
972 if (upeek(tcp->pid, 4*PT_PC, &pc) < 0)
975 if (upeek(tcp->pid, REG_PC, &pc) < 0)
978 if (upeek(tcp->pid, REG_EPC, &pc) < 0)
982 if (ptrace(PTRACE_GETREGS,tcp->pid,(char *)®s,0) < 0)
985 #elif defined(S390) || defined(S390X)
986 if(upeek(tcp->pid,PT_PSWADDR,&pc) < 0)
989 if(upeek(tcp->pid,PT_IAOQ0,&pc) < 0)
992 if (upeek(tcp->pid, 4*REG_PC ,&pc) < 0)
995 if (upeek(tcp->pid, REG_PC ,&pc) < 0)
1003 * Return current program counter for `pid'
1004 * Assumes PC is never 0xffffffff
1008 if (ptrace(PTRACE_GETREGS, tcp->pid, (char *) ®s, 0) < 0) {
1009 perror("getpc: ptrace(PTRACE_GETREGS, ...)");
1022 pread(tcp->pfd_reg, ®s, sizeof(regs), 0);
1024 #endif /* FREEBSD */
1036 if (upeek(tcp->pid, 4*EIP, &eip) < 0) {
1037 tprintf("[????????] ");
1040 tprintf("[%08lx] ", eip);
1041 #elif defined(X86_64)
1044 if (upeek(tcp->pid, 8*RIP, &rip) < 0) {
1045 tprintf("[????????] ");
1048 tprintf("[%16lx] ", rip);
1052 if (upeek(tcp->pid, PT_B0, &ip) < 0) {
1053 tprintf("[????????] ");
1056 tprintf("[%08lx] ", ip);
1057 #elif defined(POWERPC)
1060 if (upeek(tcp->pid, sizeof(unsigned long)*PT_NIP, &pc) < 0) {
1061 tprintf ("[????????] ");
1064 tprintf("[%08lx] ", pc);
1068 if (upeek(tcp->pid, 4*PT_PC, &pc) < 0) {
1069 tprintf ("[????????] ");
1072 tprintf("[%08lx] ", pc);
1073 #elif defined(ALPHA)
1076 if (upeek(tcp->pid, REG_PC, &pc) < 0) {
1077 tprintf ("[????????] ");
1080 tprintf("[%08lx] ", pc);
1081 #elif defined(SPARC)
1083 if (ptrace(PTRACE_GETREGS,tcp->pid,(char *)®s,0) < 0) {
1084 tprintf("[????????] ");
1087 tprintf("[%08lx] ", regs.r_pc);
1091 if(upeek(tcp->pid,PT_IAOQ0,&pc) < 0) {
1092 tprintf ("[????????] ");
1095 tprintf("[%08lx] ", pc);
1099 if (upeek(tcp->pid, REG_EPC, &pc) < 0) {
1100 tprintf ("[????????] ");
1103 tprintf("[%08lx] ", pc);
1107 if (upeek(tcp->pid, 4*REG_PC, &pc) < 0) {
1108 tprintf ("[????????] ");
1111 tprintf("[%08lx] ", pc);
1115 if (upeek(tcp->pid, REG_PC, &pc) < 0) {
1116 tprintf ("[????????] ");
1119 tprintf("[%08lx] ", pc);
1123 if (upeek(tcp->pid, 4*15, &pc) < 0) {
1124 tprintf("[????????] ");
1127 tprintf("[%08lx] ", pc);
1128 #endif /* !architecture */
1134 if (ptrace(PTRACE_GETREGS, tcp->pid, (char *) ®s, 0) < 0) {
1135 perror("printcall: ptrace(PTRACE_GETREGS, ...)");
1136 tprintf("[????????] ");
1139 tprintf("[%08x] ", regs.r_o7);
1144 tprintf("[????????] ");
1149 pread(tcp->pfd_reg, ®s, sizeof(regs), 0);
1150 tprintf("[%08x] ", regs.r_eip);
1151 #endif /* FREEBSD */
1158 #include <sys/syscall.h>
1159 #ifndef CLONE_PTRACE
1160 # define CLONE_PTRACE 0x00002000
1165 /* We don't have fork()/vfork() syscalls on ia64 itself, but the ia32
1166 subsystem has them for x86... */
1168 #define SYS_vfork 190
1170 typedef unsigned long *arg_setup_state;
1173 arg_setup(struct tcb *tcp, arg_setup_state *state)
1175 unsigned long *bsp, cfm, sof, sol;
1180 if (upeek(tcp->pid, PT_AR_BSP, (long *) &bsp) < 0)
1182 if (upeek(tcp->pid, PT_CFM, (long *) &cfm) < 0)
1185 sof = (cfm >> 0) & 0x7f;
1186 sol = (cfm >> 7) & 0x7f;
1187 bsp = ia64_rse_skip_regs(bsp, -sof + sol);
1193 # define arg_finish_change(tcp, state) 0
1197 get_arg0 (struct tcb *tcp, arg_setup_state *state, long *valp)
1202 ret = upeek (tcp->pid, PT_R11, valp);
1205 (unsigned long) ia64_rse_skip_regs(*state, 0),
1206 sizeof(long), (void *) valp);
1211 get_arg1 (struct tcb *tcp, arg_setup_state *state, long *valp)
1216 ret = upeek (tcp->pid, PT_R9, valp);
1219 (unsigned long) ia64_rse_skip_regs(*state, 1),
1220 sizeof(long), (void *) valp);
1226 set_arg0 (struct tcb *tcp, arg_setup_state *state, long val)
1228 int req = PTRACE_POKEDATA;
1232 ap = (void *) (intptr_t) PT_R11; /* r11 == EBX */
1233 req = PTRACE_POKEUSER;
1235 ap = ia64_rse_skip_regs(*state, 0);
1237 ptrace(req, tcp->pid, ap, val);
1238 return errno ? -1 : 0;
1242 set_arg1 (struct tcb *tcp, arg_setup_state *state, long val)
1244 int req = PTRACE_POKEDATA;
1248 ap = (void *) (intptr_t) PT_R9; /* r9 == ECX */
1249 req = PTRACE_POKEUSER;
1251 ap = ia64_rse_skip_regs(*state, 1);
1253 ptrace(req, tcp->pid, ap, val);
1254 return errno ? -1 : 0;
1257 #elif defined (SPARC)
1259 typedef struct regs arg_setup_state;
1261 # define arg_setup(tcp, state) \
1262 (ptrace (PTRACE_GETREGS, tcp->pid, (char *) (state), 0))
1263 # define arg_finish_change(tcp, state) \
1264 (ptrace (PTRACE_SETREGS, tcp->pid, (char *) (state), 0))
1266 # define get_arg0(tcp, state, valp) (*(valp) = (state)->r_o0, 0)
1267 # define get_arg1(tcp, state, valp) (*(valp) = (state)->r_o1, 0)
1268 # define set_arg0(tcp, state, val) ((state)->r_o0 = (val), 0)
1269 # define set_arg1(tcp, state, val) ((state)->r_o1 = (val), 0)
1270 # define restore_arg0(tcp, state, val) 0
1274 # if defined S390 || defined S390X
1275 /* Note: this is only true for the `clone' system call, which handles
1276 arguments specially. We could as well say that its first two arguments
1277 are swapped relative to other architectures, but that would just be
1278 another #ifdef in the calls. */
1279 # define arg0_offset PT_GPR3
1280 # define arg1_offset PT_ORIGGPR2
1281 # define restore_arg0(tcp, state, val) ((void) (state), 0)
1282 # define restore_arg1(tcp, state, val) ((void) (state), 0)
1283 # define arg0_index 1
1284 # define arg1_index 0
1285 # elif defined (ALPHA) || defined (MIPS)
1286 # define arg0_offset REG_A0
1287 # define arg1_offset (REG_A0+1)
1288 # elif defined (POWERPC)
1289 # define arg0_offset (sizeof(unsigned long)*PT_R3)
1290 # define arg1_offset (sizeof(unsigned long)*PT_R4)
1291 # define restore_arg0(tcp, state, val) ((void) (state), 0)
1292 # elif defined (HPPA)
1293 # define arg0_offset PT_GR26
1294 # define arg1_offset (PT_GR26-4)
1295 # elif defined (X86_64)
1296 # define arg0_offset ((long)(8*(current_personality ? RBX : RDI)))
1297 # define arg1_offset ((long)(8*(current_personality ? RCX : RSI)))
1299 # define arg0_offset (4*(REG_REG0+4))
1300 # define arg1_offset (4*(REG_REG0+5))
1301 # elif defined (SH64)
1302 /* ABI defines arg0 & 1 in r2 & r3 */
1303 # define arg0_offset (REG_OFFSET+16)
1304 # define arg1_offset (REG_OFFSET+24)
1305 # define restore_arg0(tcp, state, val) 0
1307 # define arg0_offset 0
1308 # define arg1_offset 4
1310 # define restore_arg0(tcp, state, val) 0
1314 typedef int arg_setup_state;
1316 # define arg_setup(tcp, state) (0)
1317 # define arg_finish_change(tcp, state) 0
1318 # define get_arg0(tcp, cookie, valp) \
1319 (upeek ((tcp)->pid, arg0_offset, (valp)))
1320 # define get_arg1(tcp, cookie, valp) \
1321 (upeek ((tcp)->pid, arg1_offset, (valp)))
1324 set_arg0 (struct tcb *tcp, void *cookie, long val)
1326 return ptrace (PTRACE_POKEUSER, tcp->pid, (char*)arg0_offset, val);
1330 set_arg1 (struct tcb *tcp, void *cookie, long val)
1332 return ptrace (PTRACE_POKEUSER, tcp->pid, (char*)arg1_offset, val);
1337 #ifndef restore_arg0
1338 # define restore_arg0(tcp, state, val) set_arg0((tcp), (state), (val))
1340 #ifndef restore_arg1
1341 # define restore_arg1(tcp, state, val) set_arg1((tcp), (state), (val))
1345 # define arg0_index 0
1346 # define arg1_index 1
1353 extern int change_syscall(struct tcb *, int);
1354 arg_setup_state state;
1356 if (tcp->flags & TCB_BPTSET) {
1357 fprintf(stderr, "PANIC: TCB already set in pid %u\n", tcp->pid);
1361 switch (tcp->scno) {
1368 #if defined SYS_fork || defined SYS_vfork
1369 if (arg_setup (tcp, &state) < 0
1370 || get_arg0 (tcp, &state, &tcp->inst[0]) < 0
1371 || get_arg1 (tcp, &state, &tcp->inst[1]) < 0
1372 || change_syscall(tcp, SYS_clone) < 0
1373 || set_arg0 (tcp, &state, CLONE_PTRACE|SIGCHLD) < 0
1374 || set_arg1 (tcp, &state, 0) < 0
1375 || arg_finish_change (tcp, &state) < 0)
1377 tcp->u_arg[arg0_index] = CLONE_PTRACE|SIGCHLD;
1378 tcp->u_arg[arg1_index] = 0;
1379 tcp->flags |= TCB_BPTSET;
1387 if ((tcp->u_arg[arg0_index] & CLONE_PTRACE) == 0
1388 && (arg_setup (tcp, &state) < 0
1389 || set_arg0 (tcp, &state,
1390 tcp->u_arg[arg0_index] | CLONE_PTRACE) < 0
1391 || arg_finish_change (tcp, &state) < 0))
1393 tcp->flags |= TCB_BPTSET;
1394 tcp->inst[0] = tcp->u_arg[arg0_index];
1395 tcp->inst[1] = tcp->u_arg[arg1_index];
1399 fprintf(stderr, "PANIC: setbpt for syscall %ld on %u???\n",
1400 tcp->scno, tcp->pid);
1411 arg_setup_state state;
1412 if (arg_setup (tcp, &state) < 0
1413 || restore_arg0 (tcp, &state, tcp->inst[0]) < 0
1414 || restore_arg1 (tcp, &state, tcp->inst[1]) < 0
1415 || arg_finish_change (tcp, &state))
1417 tcp->flags &= ~TCB_BPTSET;
1430 /* We simply use the SunOS breakpoint code. */
1433 #define LOOPA 0x30800000 /* ba,a 0 */
1435 if (tcp->flags & TCB_BPTSET) {
1436 fprintf(stderr, "PANIC: TCB already set in pid %u\n", tcp->pid);
1439 if (ptrace(PTRACE_GETREGS, tcp->pid, (char *)®s, 0) < 0) {
1440 perror("setbpt: ptrace(PTRACE_GETREGS, ...)");
1443 tcp->baddr = regs.r_o7 + 8;
1445 tcp->inst[0] = ptrace(PTRACE_PEEKTEXT, tcp->pid, (char *)tcp->baddr, 0);
1447 perror("setbpt: ptrace(PTRACE_PEEKTEXT, ...)");
1452 * XXX - BRUTAL MODE ON
1453 * We cannot set a real BPT in the child, since it will not be
1454 * traced at the moment it will reach the trap and would probably
1455 * die with a core dump.
1456 * Thus, we are force our way in by taking out two instructions
1457 * and insert an eternal loop instead, in expectance of the SIGSTOP
1458 * generated by out PTRACE_ATTACH.
1459 * Of cause, if we evaporate ourselves in the middle of all this...
1462 ptrace(PTRACE_POKETEXT, tcp->pid, (char *) tcp->baddr, LOOPA);
1464 perror("setbpt: ptrace(PTRACE_POKETEXT, ...)");
1467 tcp->flags |= TCB_BPTSET;
1472 # define LOOP 0x0000feeb
1473 if (tcp->flags & TCB_BPTSET) {
1474 fprintf(stderr, "PANIC: bpt already set in pid %u\n",
1478 if (upeek(tcp->pid, PT_CR_IIP, &tcp->baddr) < 0)
1481 fprintf(stderr, "[%d] setting bpt at %lx\n",
1482 tcp->pid, tcp->baddr);
1483 tcp->inst[0] = ptrace(PTRACE_PEEKTEXT, tcp->pid,
1484 (char *) tcp->baddr, 0);
1486 perror("setbpt: ptrace(PTRACE_PEEKTEXT, ...)");
1489 ptrace(PTRACE_POKETEXT, tcp->pid, (char *) tcp->baddr, LOOP);
1491 perror("setbpt: ptrace(PTRACE_POKETEXT, ...)");
1494 tcp->flags |= TCB_BPTSET;
1497 * Our strategy here is to replace the bundle that
1498 * contained the clone() syscall with a bundle of the
1501 * { 1: br 1b; br 1b; br 1b }
1503 * This ensures that the newly forked child will loop
1504 * endlessly until we've got a chance to attach to it.
1506 # define LOOP0 0x0000100000000017
1507 # define LOOP1 0x4000000000200000
1508 unsigned long addr, ipsr;
1512 if (upeek(pid, PT_CR_IPSR, &ipsr) < 0)
1514 if (upeek(pid, PT_CR_IIP, &addr) < 0)
1516 /* store "ri" in low two bits */
1517 tcp->baddr = addr | ((ipsr >> 41) & 0x3);
1520 tcp->inst[0] = ptrace(PTRACE_PEEKTEXT, pid, (char *) addr + 0,
1522 tcp->inst[1] = ptrace(PTRACE_PEEKTEXT, pid, (char *) addr + 8,
1525 perror("setbpt: ptrace(PTRACE_PEEKTEXT, ...)");
1530 ptrace(PTRACE_POKETEXT, pid, (char *) addr + 0, LOOP0);
1531 ptrace(PTRACE_POKETEXT, pid, (char *) addr + 8, LOOP1);
1533 perror("setbpt: ptrace(PTRACE_POKETEXT, ...)");
1536 tcp->flags |= TCB_BPTSET;
1540 #if defined (I386) || defined(X86_64)
1541 #define LOOP 0x0000feeb
1542 #elif defined (M68K)
1543 #define LOOP 0x60fe0000
1544 #elif defined (ALPHA)
1545 #define LOOP 0xc3ffffff
1546 #elif defined (POWERPC)
1547 #define LOOP 0x48000000
1549 #define LOOP 0xEAFFFFFE
1551 #define LOOP 0x1000ffff
1553 #define LOOP 0xa7f40000 /* BRC 15,0 */
1554 #elif defined(S390X)
1555 #define LOOP 0xa7f4000000000000UL /* BRC 15,0 */
1557 #define LOOP 0xe81f1ff7 /* b,l,n <loc>,r0 */
1559 #ifdef __LITTLE_ENDIAN__
1560 #define LOOP 0x0000affe
1562 #define LOOP 0xfeaf0000
1565 #error unknown architecture
1568 if (tcp->flags & TCB_BPTSET) {
1569 fprintf(stderr, "PANIC: bpt already set in pid %u\n", tcp->pid);
1573 if (upeek(tcp->pid, 4*EIP, &tcp->baddr) < 0)
1575 #elif defined (X86_64)
1576 if (upeek(tcp->pid, 8*RIP, &tcp->baddr) < 0)
1578 #elif defined (M68K)
1579 if (upeek(tcp->pid, 4*PT_PC, &tcp->baddr) < 0)
1581 #elif defined (ALPHA)
1585 #elif defined (MIPS)
1586 return -1; /* FIXME: I do not know what i do - Flo */
1587 #elif defined (POWERPC)
1588 if (upeek(tcp->pid, sizeof(unsigned long)*PT_NIP, &tcp->baddr) < 0)
1590 #elif defined(S390) || defined(S390X)
1591 if (upeek(tcp->pid,PT_PSWADDR, &tcp->baddr) < 0)
1594 if (upeek(tcp->pid, PT_IAOQ0, &tcp->baddr) < 0)
1596 tcp->baddr &= ~0x03;
1598 if (upeek(tcp->pid, 4*REG_PC, &tcp->baddr) < 0)
1601 #error unknown architecture
1604 fprintf(stderr, "[%d] setting bpt at %lx\n", tcp->pid, tcp->baddr);
1605 tcp->inst[0] = ptrace(PTRACE_PEEKTEXT, tcp->pid, (char *) tcp->baddr, 0);
1607 perror("setbpt: ptrace(PTRACE_PEEKTEXT, ...)");
1610 ptrace(PTRACE_POKETEXT, tcp->pid, (char *) tcp->baddr, LOOP);
1612 perror("setbpt: ptrace(PTRACE_POKETEXT, ...)");
1615 tcp->flags |= TCB_BPTSET;
1622 #ifdef SPARC /* This code is slightly sparc specific */
1625 #define BPT 0x91d02001 /* ta 1 */
1626 #define LOOP 0x10800000 /* ba 0 */
1627 #define LOOPA 0x30800000 /* ba,a 0 */
1628 #define NOP 0x01000000
1630 static int loopdeloop[1] = {LOOPA};
1632 static int loopdeloop[2] = {LOOP, NOP};
1635 if (tcp->flags & TCB_BPTSET) {
1636 fprintf(stderr, "PANIC: TCB already set in pid %u\n", tcp->pid);
1639 if (ptrace(PTRACE_GETREGS, tcp->pid, (char *)®s, 0) < 0) {
1640 perror("setbpt: ptrace(PTRACE_GETREGS, ...)");
1643 tcp->baddr = regs.r_o7 + 8;
1644 if (ptrace(PTRACE_READTEXT, tcp->pid, (char *)tcp->baddr,
1645 sizeof tcp->inst, (char *)tcp->inst) < 0) {
1646 perror("setbpt: ptrace(PTRACE_READTEXT, ...)");
1651 * XXX - BRUTAL MODE ON
1652 * We cannot set a real BPT in the child, since it will not be
1653 * traced at the moment it will reach the trap and would probably
1654 * die with a core dump.
1655 * Thus, we are force our way in by taking out two instructions
1656 * and insert an eternal loop in stead, in expectance of the SIGSTOP
1657 * generated by out PTRACE_ATTACH.
1658 * Of cause, if we evaporate ourselves in the middle of all this...
1660 if (ptrace(PTRACE_WRITETEXT, tcp->pid, (char *) tcp->baddr,
1661 sizeof loopdeloop, (char *) loopdeloop) < 0) {
1662 perror("setbpt: ptrace(PTRACE_WRITETEXT, ...)");
1665 tcp->flags |= TCB_BPTSET;
1679 #if defined(I386) || defined(X86_64)
1681 #elif defined(POWERPC)
1685 #elif defined(ALPHA)
1691 #endif /* architecture */
1694 /* Again, we borrow the SunOS breakpoint code. */
1695 if (!(tcp->flags & TCB_BPTSET)) {
1696 fprintf(stderr, "PANIC: TCB not set in pid %u\n", tcp->pid);
1700 ptrace(PTRACE_POKETEXT, tcp->pid, (char *) tcp->baddr, tcp->inst[0]);
1702 perror("clearbtp: ptrace(PTRACE_POKETEXT, ...)");
1705 tcp->flags &= ~TCB_BPTSET;
1711 fprintf(stderr, "[%d] clearing bpt\n", tcp->pid);
1712 if (!(tcp->flags & TCB_BPTSET)) {
1713 fprintf(stderr, "PANIC: TCB not set in pid %u\n", tcp->pid);
1717 ptrace(PTRACE_POKETEXT, tcp->pid, (char *) tcp->baddr, tcp->inst[0]);
1719 perror("clearbtp: ptrace(PTRACE_POKETEXT, ...)");
1722 tcp->flags &= ~TCB_BPTSET;
1724 if (upeek(tcp->pid, PT_CR_IIP, &addr) < 0)
1726 if (addr != tcp->baddr) {
1727 /* The breakpoint has not been reached yet. */
1730 "NOTE: PC not at bpt (pc %#lx baddr %#lx)\n",
1735 unsigned long addr, ipsr;
1740 if (upeek(pid, PT_CR_IPSR, &ipsr) < 0)
1742 if (upeek(pid, PT_CR_IIP, &addr) < 0)
1745 /* restore original bundle: */
1747 ptrace(PTRACE_POKETEXT, pid, (char *) addr + 0, tcp->inst[0]);
1748 ptrace(PTRACE_POKETEXT, pid, (char *) addr + 8, tcp->inst[1]);
1750 perror("clearbpt: ptrace(PTRACE_POKETEXT, ...)");
1754 /* restore original "ri" in ipsr: */
1755 ipsr = (ipsr & ~(0x3ul << 41)) | ((tcp->baddr & 0x3) << 41);
1757 ptrace(PTRACE_POKEUSER, pid, (char *) PT_CR_IPSR, ipsr);
1759 perror("clrbpt: ptrace(PTRACE_POKEUSER, ...)");
1763 tcp->flags &= ~TCB_BPTSET;
1765 if (addr != (tcp->baddr & ~0x3)) {
1766 /* the breakpoint has not been reached yet. */
1768 fprintf(stderr, "NOTE: PC not at bpt (pc %#lx baddr %#lx)\n",
1773 #else /* !IA64 && ! SPARC */
1776 fprintf(stderr, "[%d] clearing bpt\n", tcp->pid);
1777 if (!(tcp->flags & TCB_BPTSET)) {
1778 fprintf(stderr, "PANIC: TCB not set in pid %u\n", tcp->pid);
1782 ptrace(PTRACE_POKETEXT, tcp->pid, (char *) tcp->baddr, tcp->inst[0]);
1784 perror("clearbtp: ptrace(PTRACE_POKETEXT, ...)");
1787 tcp->flags &= ~TCB_BPTSET;
1790 if (upeek(tcp->pid, 4*EIP, &eip) < 0)
1792 if (eip != tcp->baddr) {
1793 /* The breakpoint has not been reached yet. */
1796 "NOTE: PC not at bpt (pc %#lx baddr %#lx)\n",
1800 #elif defined(X86_64)
1801 if (upeek(tcp->pid, 8*RIP, &eip) < 0)
1803 if (eip != tcp->baddr) {
1804 /* The breakpoint has not been reached yet. */
1807 "NOTE: PC not at bpt (pc %#lx baddr %#lx)\n",
1811 #elif defined(POWERPC)
1812 if (upeek(tcp->pid, sizeof(unsigned long)*PT_NIP, &pc) < 0)
1814 if (pc != tcp->baddr) {
1815 /* The breakpoint has not been reached yet. */
1817 fprintf(stderr, "NOTE: PC not at bpt (pc %#lx baddr %#lx)\n",
1822 if (upeek(tcp->pid, 4*PT_PC, &pc) < 0)
1824 if (pc != tcp->baddr) {
1825 /* The breakpoint has not been reached yet. */
1827 fprintf(stderr, "NOTE: PC not at bpt (pc %#lx baddr %#lx)\n",
1831 #elif defined(ALPHA)
1832 if (upeek(tcp->pid, REG_PC, &pc) < 0)
1834 if (pc != tcp->baddr) {
1835 /* The breakpoint has not been reached yet. */
1837 fprintf(stderr, "NOTE: PC not at bpt (pc %#lx baddr %#lx)\n",
1842 if (upeek(tcp->pid, PT_IAOQ0, &iaoq) < 0)
1845 if (iaoq != tcp->baddr && iaoq != tcp->baddr + 4) {
1846 /* The breakpoint has not been reached yet. */
1848 fprintf(stderr, "NOTE: PC not at bpt (iaoq %#lx baddr %#lx)\n",
1852 iaoq = tcp->baddr | 3;
1853 /* We should be pointing at a 'ldi -1000,r1' in glibc, so it is
1854 * safe to set both IAOQ0 and IAOQ1 to that so the PSW N bit
1855 * has no significant effect.
1857 ptrace(PTRACE_POKEUSER, tcp->pid, (void *)PT_IAOQ0, iaoq);
1858 ptrace(PTRACE_POKEUSER, tcp->pid, (void *)PT_IAOQ1, iaoq);
1860 if (upeek(tcp->pid, 4*REG_PC, &pc) < 0)
1862 if (pc != tcp->baddr) {
1863 /* The breakpoint has not been reached yet. */
1865 fprintf(stderr, "NOTE: PC not at bpt (pc %#lx baddr %#lx)\n",
1871 #endif /* !SPARC && !IA64 */
1881 if (!(tcp->flags & TCB_BPTSET)) {
1882 fprintf(stderr, "PANIC: TCB not set in pid %u\n", tcp->pid);
1885 if (ptrace(PTRACE_WRITETEXT, tcp->pid, (char *) tcp->baddr,
1886 sizeof tcp->inst, (char *) tcp->inst) < 0) {
1887 perror("clearbtp: ptrace(PTRACE_WRITETEXT, ...)");
1890 tcp->flags &= ~TCB_BPTSET;
1894 * Since we don't have a single instruction breakpoint, we may have
1895 * to adjust the program counter after removing the our `breakpoint'.
1897 if (ptrace(PTRACE_GETREGS, tcp->pid, (char *)®s, 0) < 0) {
1898 perror("clearbpt: ptrace(PTRACE_GETREGS, ...)");
1901 if ((regs.r_pc < tcp->baddr) ||
1902 (regs.r_pc > tcp->baddr + 4)) {
1903 /* The breakpoint has not been reached yet */
1906 "NOTE: PC not at bpt (pc %#x baddr %#x)\n",
1907 regs.r_pc, tcp->parent->baddr);
1910 if (regs.r_pc != tcp->baddr)
1912 fprintf(stderr, "NOTE: PC adjusted (%#x -> %#x\n",
1913 regs.r_pc, tcp->baddr);
1915 regs.r_pc = tcp->baddr;
1916 if (ptrace(PTRACE_SETREGS, tcp->pid, (char *)®s, 0) < 0) {
1917 perror("clearbpt: ptrace(PTRACE_SETREGS, ...)");
1929 #endif /* !USE_PROCFS */
1940 for (n = 0; n < sizeof *hdr; n += 4) {
1942 if (upeek(pid, uoff(u_exdata) + n, &res) < 0)
1944 memcpy(((char *) hdr) + n, &res, 4);
1947 fprintf(stderr, "[struct exec: magic: %o version %u Mach %o\n",
1948 hdr->a_magic, hdr->a_toolversion, hdr->a_machtype);
1949 fprintf(stderr, "Text %lu Data %lu Bss %lu Syms %lu Entry %#lx]\n",
1950 hdr->a_text, hdr->a_data, hdr->a_bss, hdr->a_syms, hdr->a_entry);
1961 * Change `vfork' in a freshly exec'ed dynamically linked
1962 * executable's (internal) symbol table to plain old `fork'
1966 struct link_dynamic dyn;
1967 struct link_dynamic_2 ld;
1970 if (getex(pid, &hdr) < 0)
1975 if (umove(tcp, (int) N_DATADDR(hdr), &dyn) < 0) {
1976 fprintf(stderr, "Cannot read DYNAMIC\n");
1979 if (umove(tcp, (int) dyn.ld_un.ld_2, &ld) < 0) {
1980 fprintf(stderr, "Cannot read link_dynamic_2\n");
1983 if ((strtab = malloc((unsigned)ld.ld_symb_size)) == NULL) {
1984 fprintf(stderr, "fixvfork: out of memory\n");
1987 if (umoven(tcp, (int)ld.ld_symbols+(int)N_TXTADDR(hdr),
1988 (int)ld.ld_symb_size, strtab) < 0)
1992 for (cp = strtab; cp < strtab + ld.ld_symb_size; ) {
1993 fprintf(stderr, "[symbol: %s]\n", cp);
1998 for (cp = strtab; cp < strtab + ld.ld_symb_size; ) {
1999 if (strcmp(cp, "_vfork") == 0) {
2001 fprintf(stderr, "fixvfork: FOUND _vfork\n");
2002 strcpy(cp, "_fork");
2007 if (cp < strtab + ld.ld_symb_size)
2009 * Write entire symbol table back to avoid
2010 * memory alignment bugs in ptrace
2012 if (tload(pid, (int)ld.ld_symbols+(int)N_TXTADDR(hdr),
2013 (int)ld.ld_symb_size, strtab) < 0)