2 * Copyright (c) 1991, 1992 Paul Kranenburg <pk@cs.few.eur.nl>
3 * Copyright (c) 1993 Branko Lankester <branko@hacktic.nl>
4 * Copyright (c) 1993, 1994, 1995, 1996 Rick Sladkey <jrs@world.std.com>
5 * Copyright (c) 1996-1999 Wichert Akkerman <wichert@cistron.nl>
6 * Copyright (c) 1999 IBM Deutschland Entwicklung GmbH, IBM Corporation
7 * Linux for s390 port by D.J. Barrow
8 * <barrow_dj@mail.yahoo.com,djbarrow@de.ibm.com>
11 * Redistribution and use in source and binary forms, with or without
12 * modification, are permitted provided that the following conditions
14 * 1. Redistributions of source code must retain the above copyright
15 * notice, this list of conditions and the following disclaimer.
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in the
18 * documentation and/or other materials provided with the distribution.
19 * 3. The name of the author may not be used to endorse or promote products
20 * derived from this software without specific prior written permission.
22 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
23 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
24 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
25 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
26 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
27 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
28 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
29 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
30 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
31 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
39 #include <sys/syscall.h>
41 #include <sys/param.h>
47 #include <machine/reg.h>
52 #if defined(linux) && (__GLIBC__ < 2 || (__GLIBC__ == 2 && __GLIBC_MINOR__ < 1))
53 #include <linux/ptrace.h>
56 #if defined(LINUX) && defined(IA64)
57 # include <asm/ptrace_offsets.h>
63 # define PTRACE_PEEKUSR PTRACE_PEEKUSER
64 #elif defined(HAVE_LINUX_PTRACE_H)
66 # ifdef HAVE_STRUCT_IA64_FPREG
67 # define ia64_fpreg XXX_ia64_fpreg
69 # ifdef HAVE_STRUCT_PT_ALL_USER_REGS
70 # define pt_all_user_regs XXX_pt_all_user_regs
72 #include <linux/ptrace.h>
74 # undef pt_all_user_regs
77 #ifdef SUNOS4_KERNEL_ARCH_KLUDGE
78 #include <sys/utsname.h>
79 #endif /* SUNOS4_KERNEL_ARCH_KLUDGE */
81 #if defined(LINUXSPARC) && defined (SPARC64)
82 # undef PTRACE_GETREGS
83 # define PTRACE_GETREGS PTRACE_GETREGS64
84 # undef PTRACE_SETREGS
85 # define PTRACE_SETREGS PTRACE_SETREGS64
90 #define MAX(a,b) (((a) > (b)) ? (a) : (b))
93 #define MIN(a,b) (((a) < (b)) ? (a) : (b))
97 tv_nz(struct timeval *a)
99 return a->tv_sec || a->tv_usec;
103 tv_cmp(struct timeval *a, struct timeval *b)
105 if (a->tv_sec < b->tv_sec
106 || (a->tv_sec == b->tv_sec && a->tv_usec < b->tv_usec))
108 if (a->tv_sec > b->tv_sec
109 || (a->tv_sec == b->tv_sec && a->tv_usec > b->tv_usec))
115 tv_float(struct timeval *tv)
117 return tv->tv_sec + tv->tv_usec/1000000.0;
121 tv_add(struct timeval *tv, struct timeval *a, struct timeval *b)
123 tv->tv_sec = a->tv_sec + b->tv_sec;
124 tv->tv_usec = a->tv_usec + b->tv_usec;
125 if (tv->tv_usec >= 1000000) {
127 tv->tv_usec -= 1000000;
132 tv_sub(struct timeval *tv, struct timeval *a, struct timeval *b)
134 tv->tv_sec = a->tv_sec - b->tv_sec;
135 tv->tv_usec = a->tv_usec - b->tv_usec;
136 if (((long) tv->tv_usec) < 0) {
138 tv->tv_usec += 1000000;
143 tv_div(struct timeval *tv, struct timeval *a, int n)
145 tv->tv_usec = (a->tv_sec % n * 1000000 + a->tv_usec + n / 2) / n;
146 tv->tv_sec = a->tv_sec / n + tv->tv_usec / 1000000;
147 tv->tv_usec %= 1000000;
151 tv_mul(struct timeval *tv, struct timeval *a, int n)
153 tv->tv_usec = a->tv_usec * n;
154 tv->tv_sec = a->tv_sec * n + tv->tv_usec / 1000000;
155 tv->tv_usec %= 1000000;
159 xlookup(const struct xlat *xlat, int val)
161 for (; xlat->str != NULL; xlat++)
162 if (xlat->val == val)
167 #if !defined HAVE_STPCPY
169 stpcpy(char *dst, const char *src)
171 while ((*dst = *src++) != '\0')
178 * Generic ptrace wrapper which tracks ESRCH errors
179 * by setting tcp->ptrace_errno to ESRCH.
181 * We assume that ESRCH indicates likely process death (SIGKILL?),
182 * modulo bugs where process somehow ended up not stopped.
183 * Unfortunately kernel uses ESRCH for that case too. Oh well.
185 * Currently used by upeek() only.
186 * TODO: use this in all other ptrace() calls while decoding.
189 do_ptrace(int request, struct tcb *tcp, void *addr, void *data)
194 l = ptrace(request, tcp->pid, addr, (long) data);
195 /* Non-ESRCH errors might be our invalid reg/mem accesses,
196 * we do not record them. */
198 tcp->ptrace_errno = ESRCH;
203 * Used when we want to unblock stopped traced process.
204 * Should be only used with PTRACE_CONT, PTRACE_DETACH and PTRACE_SYSCALL.
205 * Returns 0 on success or if error was ESRCH
206 * (presumably process was killed while we talk to it).
207 * Otherwise prints error message and returns -1.
210 ptrace_restart(int op, struct tcb *tcp, int sig)
216 ptrace(op, tcp->pid, (void *) 1, (long) sig);
218 if (!err || err == ESRCH)
221 tcp->ptrace_errno = err;
223 if (op == PTRACE_CONT)
225 if (op == PTRACE_DETACH)
227 perror_msg("ptrace(PTRACE_%s,1,%d)", msg, sig);
232 * Print entry in struct xlat table, if there.
235 printxval(const struct xlat *xlat, int val, const char *dflt)
237 const char *str = xlookup(xlat, val);
242 tprintf("%#x /* %s */", val, dflt);
247 * Print 64bit argument at position llarg and return the index of the next
251 printllval(struct tcb *tcp, const char *format, int llarg)
253 # if defined(FREEBSD) \
254 || (defined(LINUX) && defined(POWERPC) && !defined(POWERPC64)) \
255 || defined(LINUX_MIPSO32) \
256 || defined(__ARM_EABI__)
257 /* Align 64bit argument to 64bit boundary. */
258 llarg = (llarg + 1) & 0x1e;
260 # if defined LINUX && (defined X86_64 || defined POWERPC64)
261 if (current_personality == 0) {
262 tprintf(format, tcp->u_arg[llarg]);
266 /* Align 64bit argument to 64bit boundary. */
267 llarg = (llarg + 1) & 0x1e;
269 tprintf(format, LONG_LONG(tcp->u_arg[llarg], tcp->u_arg[llarg + 1]));
272 # elif defined IA64 || defined ALPHA
273 tprintf(format, tcp->u_arg[llarg]);
275 # elif defined LINUX_MIPSN32
276 tprintf(format, tcp->ext_arg[llarg]);
279 tprintf(format, LONG_LONG(tcp->u_arg[llarg], tcp->u_arg[llarg + 1]));
287 * Interpret `xlat' as an array of flags
288 * print the entries whose bits are on in `flags'
289 * return # of flags printed.
292 addflags(const struct xlat *xlat, int flags)
294 for (; xlat->str; xlat++) {
295 if (xlat->val && (flags & xlat->val) == xlat->val) {
296 tprintf("|%s", xlat->str);
301 tprintf("|%#x", flags);
306 * Interpret `xlat' as an array of flags.
307 * Print to static string the entries whose bits are on in `flags'
308 * Return static string.
311 sprintflags(const char *prefix, const struct xlat *xlat, int flags)
313 static char outstr[1024];
317 outptr = stpcpy(outstr, prefix);
319 for (; xlat->str; xlat++) {
320 if ((flags & xlat->val) == xlat->val) {
323 outptr = stpcpy(outptr, xlat->str);
331 outptr += sprintf(outptr, "%#x", flags);
338 printflags(const struct xlat *xlat, int flags, const char *dflt)
343 if (flags == 0 && xlat->val == 0) {
349 for (n = 0; xlat->str; xlat++) {
350 if (xlat->val && (flags & xlat->val) == xlat->val) {
351 tprintf("%s%s", sep, xlat->str);
360 tprintf("%s%#x", sep, flags);
365 tprintf("%#x", flags);
367 tprintf(" /* %s */", dflt);
378 printnum(struct tcb *tcp, long addr, const char *fmt)
386 if (umove(tcp, addr, &num) < 0) {
387 tprintf("%#lx", addr);
396 printnum_int(struct tcb *tcp, long addr, const char *fmt)
404 if (umove(tcp, addr, &num) < 0) {
405 tprintf("%#lx", addr);
414 printfd(struct tcb *tcp, int fd)
418 if (show_fd_path && (p = getfdpath(tcp, fd)))
419 tprintf("%d<%s>", fd, p);
425 printuid(const char *text, unsigned long uid)
427 tprintf((uid == -1) ? "%s%ld" : "%s%lu", text, uid);
431 * Quote string `instr' of length `size'
432 * Write up to (3 + `size' * 4) bytes to `outstr' buffer.
433 * If `len' < 0, treat `instr' as a NUL-terminated string
434 * and quote at most (`size' - 1) bytes.
436 * Returns 0 if len < 0 and NUL was seen, 1 otherwise.
437 * Note that if len >= 0, always returns 1.
440 string_quote(const char *instr, char *outstr, int len, int size)
442 const unsigned char *ustr = (const unsigned char *) instr;
444 int usehex, c, i, eol;
446 eol = 0x100; /* this can never match a char */
456 /* Check for presence of symbol which require
457 to hex-quote the whole string. */
458 for (i = 0; i < size; ++i) {
460 /* Check for NUL-terminated string. */
463 if (!isprint(c) && !isspace(c)) {
473 /* Hex-quote the whole string. */
474 for (i = 0; i < size; ++i) {
476 /* Check for NUL-terminated string. */
481 *s++ = "0123456789abcdef"[c >> 4];
482 *s++ = "0123456789abcdef"[c & 0xf];
485 for (i = 0; i < size; ++i) {
487 /* Check for NUL-terminated string. */
491 case '\"': case '\\':
522 && ustr[i + 1] >= '0'
523 && ustr[i + 1] <= '9'
526 *s++ = '0' + (c >> 6);
527 *s++ = '0' + ((c >> 3) & 0x7);
532 *s++ = '0' + (c >> 6);
533 *s++ = '0' + ((c >> 3) & 0x7);
536 *s++ = '0' + (c & 0x7);
546 /* Return zero if we printed entire ASCIZ string (didn't truncate it) */
547 if (len < 0 && ustr[i] == '\0') {
548 /* We didn't see NUL yet (otherwise we'd jump to 'asciz_ended')
549 * but next char is NUL.
559 /* Return zero: we printed entire ASCIZ string (didn't truncate it) */
564 * Print path string specified by address `addr' and length `n'.
565 * If path length exceeds `n', append `...' to the output.
568 printpathn(struct tcb *tcp, long addr, int n)
570 char path[MAXPATHLEN + 1];
578 /* Cap path length to the path buffer size */
579 if (n > sizeof path - 1)
582 /* Fetch one byte more to find out whether path length > n. */
583 nul_seen = umovestr(tcp, addr, n + 1, path);
585 tprintf("%#lx", addr);
591 outstr = alloca(4 * n); /* 4*(n-1) + 3 for quotes and NUL */
592 string_quote(path, outstr, -1, n);
600 printpath(struct tcb *tcp, long addr)
602 /* Size must correspond to char path[] size in printpathn */
603 printpathn(tcp, addr, MAXPATHLEN);
607 * Print string specified by address `addr' and length `len'.
608 * If `len' < 0, treat the string as a NUL-terminated string.
609 * If string length exceeds `max_strlen', append `...' to the output.
612 printstr(struct tcb *tcp, long addr, int len)
614 static char *str = NULL;
623 /* Allocate static buffers if they are not allocated yet. */
625 str = malloc(max_strlen + 1);
628 outstr = malloc(4 * max_strlen + /*for quotes and NUL:*/ 3);
635 * Treat as a NUL-terminated string: fetch one byte more
636 * because string_quote() quotes one byte less.
638 size = max_strlen + 1;
639 if (umovestr(tcp, addr, size, str) < 0) {
640 tprintf("%#lx", addr);
645 size = MIN(len, max_strlen);
646 if (umoven(tcp, addr, size, str) < 0) {
647 tprintf("%#lx", addr);
652 /* If string_quote didn't see NUL and (it was supposed to be ASCIZ str
653 * or we were requested to print more than -s NUM chars)...
655 ellipsis = (string_quote(str, outstr, len, size) &&
656 (len < 0 || len > max_strlen));
665 dumpiov(struct tcb *tcp, int len, long addr)
667 #if defined(LINUX) && SUPPORTED_PERSONALITIES > 1
669 struct { u_int32_t base; u_int32_t len; } *iov32;
670 struct { u_int64_t base; u_int64_t len; } *iov64;
672 #define iov iovu.iov64
674 (personality_wordsize[current_personality] == 4 \
675 ? sizeof(*iovu.iov32) : sizeof(*iovu.iov64))
676 #define iov_iov_base(i) \
677 (personality_wordsize[current_personality] == 4 \
678 ? (u_int64_t) iovu.iov32[i].base : iovu.iov64[i].base)
679 #define iov_iov_len(i) \
680 (personality_wordsize[current_personality] == 4 \
681 ? (u_int64_t) iovu.iov32[i].len : iovu.iov64[i].len)
684 #define sizeof_iov sizeof(*iov)
685 #define iov_iov_base(i) iov[i].iov_base
686 #define iov_iov_len(i) iov[i].iov_len
691 size = sizeof_iov * len;
692 /* Assuming no sane program has millions of iovs */
693 if ((unsigned)len > 1024*1024 /* insane or negative size? */
694 || (iov = malloc(size)) == NULL) {
695 fprintf(stderr, "Out of memory\n");
698 if (umoven(tcp, addr, size, (char *) iov) >= 0) {
699 for (i = 0; i < len; i++) {
700 /* include the buffer number to make it easy to
701 * match up the trace with the source */
702 tprintf(" * %lu bytes in buffer %d\n",
703 (unsigned long)iov_iov_len(i), i);
704 dumpstr(tcp, (long) iov_iov_base(i),
717 dumpstr(struct tcb *tcp, long addr, int len)
719 static int strsize = -1;
720 static unsigned char *str;
729 fprintf(stderr, "Out of memory\n");
735 if (umoven(tcp, addr, len, (char *) str) < 0)
738 for (i = 0; i < len; i += 16) {
742 sprintf(s, " | %05x ", i);
744 for (j = 0; j < 16; j++) {
748 sprintf(s, " %02x", str[i + j]);
752 *s++ = ' '; *s++ = ' '; *s++ = ' ';
755 *s++ = ' '; *s++ = ' ';
756 for (j = 0; j < 16; j++) {
760 if (isprint(str[i + j]))
768 tprintf("%s |\n", outstr);
773 /* Need to do this since process_vm_readv() is not yet available in libc.
774 * When libc is be updated, only "static bool process_vm_readv_not_supported"
775 * line should remain.
777 #if !defined(__NR_process_vm_readv)
779 # define __NR_process_vm_readv 347
780 # elif defined(X86_64)
781 # define __NR_process_vm_readv 310
782 # elif defined(POWERPC)
783 # define __NR_process_vm_readv 351
787 #if defined(__NR_process_vm_readv)
788 static bool process_vm_readv_not_supported = 0;
789 static ssize_t process_vm_readv(pid_t pid,
790 const struct iovec *lvec,
791 unsigned long liovcnt,
792 const struct iovec *rvec,
793 unsigned long riovcnt,
796 return syscall(__NR_process_vm_readv, (long)pid, lvec, liovcnt, rvec, riovcnt, flags);
799 static bool process_vm_readv_not_supported = 1;
800 # define process_vm_readv(...) (errno = ENOSYS, -1)
805 #define PAGMASK (~(PAGSIZ - 1))
807 * move `len' bytes of data from process `pid'
808 * at address `addr' to our space at `laddr'
811 umoven(struct tcb *tcp, long addr, int len, char *laddr)
819 char x[sizeof(long)];
822 if (!process_vm_readv_not_supported) {
823 struct iovec local[1], remote[1];
826 local[0].iov_base = laddr;
827 remote[0].iov_base = (void*)addr;
828 local[0].iov_len = remote[0].iov_len = len;
829 r = process_vm_readv(pid,
836 process_vm_readv_not_supported = 1;
837 else if (errno != EINVAL) /* EINVAL is seen if process is gone */
839 perror("process_vm_readv");
840 goto vm_readv_didnt_work;
846 #if SUPPORTED_PERSONALITIES > 1
847 if (personality_wordsize[current_personality] < sizeof(addr))
848 addr &= (1ul << 8 * personality_wordsize[current_personality]) - 1;
852 if (addr & (sizeof(long) - 1)) {
853 /* addr not a multiple of sizeof(long) */
854 n = addr - (addr & -sizeof(long)); /* residue */
855 addr &= -sizeof(long); /* residue */
857 u.val = ptrace(PTRACE_PEEKDATA, pid, (char *) addr, 0);
859 /* But if not started, we had a bogus address. */
860 if (addr != 0 && errno != EIO && errno != ESRCH)
861 perror("ptrace: umoven");
865 m = MIN(sizeof(long) - n, len);
866 memcpy(laddr, &u.x[n], m);
867 addr += sizeof(long), laddr += m, len -= m;
871 u.val = ptrace(PTRACE_PEEKDATA, pid, (char *) addr, 0);
873 if (started && (errno==EPERM || errno==EIO)) {
874 /* Ran into 'end of memory' - stupid "printpath" */
877 if (addr != 0 && errno != EIO && errno != ESRCH)
878 perror("ptrace: umoven");
882 m = MIN(sizeof(long), len);
883 memcpy(laddr, u.x, m);
884 addr += sizeof(long), laddr += m, len -= m;
893 n = MIN(len, PAGSIZ);
894 n = MIN(n, ((addr + PAGSIZ) & PAGMASK) - addr);
895 if (ptrace(PTRACE_READDATA, pid,
896 (char *) addr, len, laddr) < 0) {
897 if (errno != ESRCH) {
898 perror("umoven: ptrace(PTRACE_READDATA, ...)");
910 #ifdef HAVE_MP_PROCFS
911 int fd = tcp->pfd_as;
915 lseek(fd, addr, SEEK_SET);
916 if (read(fd, laddr, len) == -1)
918 #endif /* USE_PROCFS */
924 * Like `umove' but make the additional effort of looking
925 * for a terminating zero byte.
927 * Returns < 0 on error, > 0 if NUL was seen,
928 * (TODO if useful: return count of bytes including NUL),
929 * else 0 if len bytes were read but no NUL byte seen.
931 * Note: there is no guarantee we won't overwrite some bytes
932 * in laddr[] _after_ terminating NUL (but, of course,
933 * we never write past laddr[len-1]).
936 umovestr(struct tcb *tcp, long addr, int len, char *laddr)
939 # ifdef HAVE_MP_PROCFS
940 int fd = tcp->pfd_as;
944 /* Some systems (e.g. FreeBSD) can be upset if we read off the
945 end of valid memory, avoid this by trying to read up
946 to page boundaries. But we don't know what a page is (and
947 getpagesize(2) (if it exists) doesn't necessarily return
948 hardware page size). Assume all pages >= 1024 (a-historical
951 int page = 1024; /* How to find this? */
952 int move = page - (addr & (page - 1));
955 lseek(fd, addr, SEEK_SET);
960 move = read(fd, laddr, move);
962 return left != len ? 0 : -1;
963 if (memchr(laddr, 0, move))
971 #else /* !USE_PROCFS */
977 char x[sizeof(long)];
980 #if SUPPORTED_PERSONALITIES > 1
981 if (personality_wordsize[current_personality] < sizeof(addr))
982 addr &= (1ul << 8 * personality_wordsize[current_personality]) - 1;
985 if (!process_vm_readv_not_supported) {
986 struct iovec local[1], remote[1];
988 local[0].iov_base = laddr;
989 remote[0].iov_base = (void*)addr;
996 /* Don't read kilobytes: most strings are short */
1000 /* Don't cross pages. I guess otherwise we can get EFAULT
1001 * and fail to notice that terminating NUL lies
1002 * in the existing (first) page.
1003 * (I hope there aren't arches with pages < 4K)
1005 end_in_page = ((addr + chunk_len) & 4095);
1006 r = chunk_len - end_in_page;
1007 if (r > 0) /* if chunk_len > end_in_page */
1008 chunk_len = r; /* chunk_len -= end_in_page */
1010 local[0].iov_len = remote[0].iov_len = chunk_len;
1011 r = process_vm_readv(pid,
1017 if (errno == ENOSYS)
1018 process_vm_readv_not_supported = 1;
1019 else if (errno != EINVAL) /* EINVAL is seen if process is gone */
1021 perror("process_vm_readv");
1022 goto vm_readv_didnt_work;
1024 if (memchr(local[0].iov_base, '\0', r))
1026 local[0].iov_base += r;
1027 remote[0].iov_base += r;
1032 vm_readv_didnt_work:
1035 if (addr & (sizeof(long) - 1)) {
1036 /* addr not a multiple of sizeof(long) */
1037 n = addr - (addr & -sizeof(long)); /* residue */
1038 addr &= -sizeof(long); /* residue */
1040 u.val = ptrace(PTRACE_PEEKDATA, pid, (char *)addr, 0);
1042 if (addr != 0 && errno != EIO && errno != ESRCH)
1047 m = MIN(sizeof(long) - n, len);
1048 memcpy(laddr, &u.x[n], m);
1049 while (n & (sizeof(long) - 1))
1050 if (u.x[n++] == '\0')
1052 addr += sizeof(long), laddr += m, len -= m;
1056 u.val = ptrace(PTRACE_PEEKDATA, pid, (char *)addr, 0);
1058 if (started && (errno==EPERM || errno==EIO)) {
1059 /* Ran into 'end of memory' - stupid "printpath" */
1062 if (addr != 0 && errno != EIO && errno != ESRCH)
1067 m = MIN(sizeof(long), len);
1068 memcpy(laddr, u.x, m);
1069 for (i = 0; i < sizeof(long); i++)
1072 addr += sizeof(long), laddr += m, len -= m;
1074 #endif /* !USE_PROCFS */
1079 # if !defined (SPARC) && !defined(SPARC64)
1080 # define PTRACE_WRITETEXT 101
1081 # define PTRACE_WRITEDATA 102
1082 # endif /* !SPARC && !SPARC64 */
1088 uload(int cmd, int pid, long addr, int len, char *laddr)
1094 char x[sizeof(long)];
1097 if (cmd == PTRACE_WRITETEXT) {
1098 peek = PTRACE_PEEKTEXT;
1099 poke = PTRACE_POKETEXT;
1102 peek = PTRACE_PEEKDATA;
1103 poke = PTRACE_POKEDATA;
1105 if (addr & (sizeof(long) - 1)) {
1106 /* addr not a multiple of sizeof(long) */
1107 n = addr - (addr & -sizeof(long)); /* residue */
1108 addr &= -sizeof(long);
1110 u.val = ptrace(peek, pid, (char *) addr, 0);
1112 perror("uload: POKE");
1115 m = MIN(sizeof(long) - n, len);
1116 memcpy(&u.x[n], laddr, m);
1117 if (ptrace(poke, pid, (char *)addr, u.val) < 0) {
1118 perror("uload: POKE");
1121 addr += sizeof(long), laddr += m, len -= m;
1124 if (len < sizeof(long))
1125 u.val = ptrace(peek, pid, (char *) addr, 0);
1126 m = MIN(sizeof(long), len);
1127 memcpy(u.x, laddr, m);
1128 if (ptrace(poke, pid, (char *) addr, u.val) < 0) {
1129 perror("uload: POKE");
1132 addr += sizeof(long), laddr += m, len -= m;
1138 tload(int pid, int addr, int len, char *laddr)
1140 return uload(PTRACE_WRITETEXT, pid, addr, len, laddr);
1144 dload(int pid, int addr, int len, char *laddr)
1146 return uload(PTRACE_WRITEDATA, pid, addr, len, laddr);
1154 upeek(struct tcb *tcp, long off, long *res)
1158 # ifdef SUNOS4_KERNEL_ARCH_KLUDGE
1160 static int is_sun4m = -1;
1161 struct utsname name;
1163 /* Round up the usual suspects. */
1164 if (is_sun4m == -1) {
1165 if (uname(&name) < 0) {
1166 perror("upeek: uname?");
1169 is_sun4m = strcmp(name.machine, "sun4m") == 0;
1171 const struct xlat *x;
1173 for (x = struct_user_offsets; x->str; x++)
1180 # endif /* SUNOS4_KERNEL_ARCH_KLUDGE */
1182 val = do_ptrace(PTRACE_PEEKUSER, tcp, (char *) off, 0);
1183 if (val == -1 && errno) {
1184 if (errno != ESRCH) {
1186 sprintf(buf, "upeek: ptrace(PTRACE_PEEKUSER,%d,%lu,0)", tcp->pid, off);
1195 #endif /* !USE_PROCFS */
1198 printcall(struct tcb *tcp)
1200 #define PRINTBADPC tprintf(sizeof(long) == 4 ? "[????????] " : \
1201 sizeof(long) == 8 ? "[????????????????] " : \
1208 if (upeek(tcp, 4*EIP, &eip) < 0) {
1212 tprintf("[%08lx] ", eip);
1214 # elif defined(S390) || defined(S390X)
1216 if (upeek(tcp, PT_PSWADDR, &psw) < 0) {
1221 tprintf("[%08lx] ", psw);
1223 tprintf("[%16lx] ", psw);
1226 # elif defined(X86_64)
1229 if (upeek(tcp, 8*RIP, &rip) < 0) {
1233 tprintf("[%16lx] ", rip);
1234 # elif defined(IA64)
1237 if (upeek(tcp, PT_B0, &ip) < 0) {
1241 tprintf("[%08lx] ", ip);
1242 # elif defined(POWERPC)
1245 if (upeek(tcp, sizeof(unsigned long)*PT_NIP, &pc) < 0) {
1250 tprintf("[%016lx] ", pc);
1252 tprintf("[%08lx] ", pc);
1254 # elif defined(M68K)
1257 if (upeek(tcp, 4*PT_PC, &pc) < 0) {
1258 tprints("[????????] ");
1261 tprintf("[%08lx] ", pc);
1262 # elif defined(ALPHA)
1265 if (upeek(tcp, REG_PC, &pc) < 0) {
1266 tprints("[????????????????] ");
1269 tprintf("[%08lx] ", pc);
1270 # elif defined(SPARC) || defined(SPARC64)
1271 struct pt_regs regs;
1272 if (ptrace(PTRACE_GETREGS, tcp->pid, (char *)®s, 0) < 0) {
1276 # if defined(SPARC64)
1277 tprintf("[%08lx] ", regs.tpc);
1279 tprintf("[%08lx] ", regs.pc);
1281 # elif defined(HPPA)
1284 if (upeek(tcp, PT_IAOQ0, &pc) < 0) {
1285 tprints("[????????] ");
1288 tprintf("[%08lx] ", pc);
1289 # elif defined(MIPS)
1292 if (upeek(tcp, REG_EPC, &pc) < 0) {
1293 tprints("[????????] ");
1296 tprintf("[%08lx] ", pc);
1300 if (upeek(tcp, 4*REG_PC, &pc) < 0) {
1301 tprints("[????????] ");
1304 tprintf("[%08lx] ", pc);
1305 # elif defined(SH64)
1308 if (upeek(tcp, REG_PC, &pc) < 0) {
1309 tprints("[????????????????] ");
1312 tprintf("[%08lx] ", pc);
1316 if (upeek(tcp, 4*15, &pc) < 0) {
1320 tprintf("[%08lx] ", pc);
1321 # elif defined(AVR32)
1324 if (upeek(tcp, REG_PC, &pc) < 0) {
1325 tprints("[????????] ");
1328 tprintf("[%08lx] ", pc);
1329 # elif defined(BFIN)
1332 if (upeek(tcp, PT_PC, &pc) < 0) {
1336 tprintf("[%08lx] ", pc);
1337 #elif defined(CRISV10)
1340 if (upeek(tcp, 4*PT_IRP, &pc) < 0) {
1344 tprintf("[%08lx] ", pc);
1345 #elif defined(CRISV32)
1348 if (upeek(tcp, 4*PT_ERP, &pc) < 0) {
1352 tprintf("[%08lx] ", pc);
1353 # endif /* architecture */
1359 if (ptrace(PTRACE_GETREGS, tcp->pid, (char *) ®s, 0) < 0) {
1360 perror("printcall: ptrace(PTRACE_GETREGS, ...)");
1364 tprintf("[%08x] ", regs.r_o7);
1374 pread(tcp->pfd_reg, ®s, sizeof(regs), 0);
1375 tprintf("[%08x] ", regs.r_eip);
1376 #endif /* FREEBSD */
1381 * These #if's are huge, please indent them correctly.
1382 * It's easy to get confused otherwise.
1388 # include "syscall.h"
1390 # include <sys/syscall.h>
1391 # ifndef CLONE_PTRACE
1392 # define CLONE_PTRACE 0x00002000
1394 # ifndef CLONE_VFORK
1395 # define CLONE_VFORK 0x00004000
1398 # define CLONE_VM 0x00000100
1400 # ifndef CLONE_STOPPED
1401 # define CLONE_STOPPED 0x02000000
1406 /* We don't have fork()/vfork() syscalls on ia64 itself, but the ia32
1407 subsystem has them for x86... */
1409 # define SYS_vfork 190
1411 typedef unsigned long *arg_setup_state;
1414 arg_setup(struct tcb *tcp, arg_setup_state *state)
1416 unsigned long cfm, sof, sol;
1420 /* Satisfy a false GCC warning. */
1425 if (upeek(tcp, PT_AR_BSP, &bsp) < 0)
1427 if (upeek(tcp, PT_CFM, (long *) &cfm) < 0)
1430 sof = (cfm >> 0) & 0x7f;
1431 sol = (cfm >> 7) & 0x7f;
1432 bsp = (long) ia64_rse_skip_regs((unsigned long *) bsp, -sof + sol);
1434 *state = (unsigned long *) bsp;
1438 # define arg_finish_change(tcp, state) 0
1442 get_arg0(struct tcb *tcp, arg_setup_state *state, long *valp)
1447 ret = upeek(tcp, PT_R11, valp);
1450 (unsigned long) ia64_rse_skip_regs(*state, 0),
1451 sizeof(long), (void *) valp);
1456 get_arg1(struct tcb *tcp, arg_setup_state *state, long *valp)
1461 ret = upeek(tcp, PT_R9, valp);
1464 (unsigned long) ia64_rse_skip_regs(*state, 1),
1465 sizeof(long), (void *) valp);
1471 set_arg0(struct tcb *tcp, arg_setup_state *state, long val)
1473 int req = PTRACE_POKEDATA;
1477 ap = (void *) (intptr_t) PT_R11; /* r11 == EBX */
1478 req = PTRACE_POKEUSER;
1480 ap = ia64_rse_skip_regs(*state, 0);
1482 ptrace(req, tcp->pid, ap, val);
1483 return errno ? -1 : 0;
1487 set_arg1(struct tcb *tcp, arg_setup_state *state, long val)
1489 int req = PTRACE_POKEDATA;
1493 ap = (void *) (intptr_t) PT_R9; /* r9 == ECX */
1494 req = PTRACE_POKEUSER;
1496 ap = ia64_rse_skip_regs(*state, 1);
1498 ptrace(req, tcp->pid, ap, val);
1499 return errno ? -1 : 0;
1502 /* ia64 does not return the input arguments from functions (and syscalls)
1503 according to ia64 RSE (Register Stack Engine) behavior. */
1505 # define restore_arg0(tcp, state, val) ((void) (state), 0)
1506 # define restore_arg1(tcp, state, val) ((void) (state), 0)
1508 # elif defined (SPARC) || defined (SPARC64)
1510 typedef struct pt_regs arg_setup_state;
1512 # define arg_setup(tcp, state) \
1513 (ptrace(PTRACE_GETREGS, tcp->pid, (char *) (state), 0))
1514 # define arg_finish_change(tcp, state) \
1515 (ptrace(PTRACE_SETREGS, tcp->pid, (char *) (state), 0))
1517 # define get_arg0(tcp, state, valp) (*(valp) = (state)->u_regs[U_REG_O0], 0)
1518 # define get_arg1(tcp, state, valp) (*(valp) = (state)->u_regs[U_REG_O1], 0)
1519 # define set_arg0(tcp, state, val) ((state)->u_regs[U_REG_O0] = (val), 0)
1520 # define set_arg1(tcp, state, val) ((state)->u_regs[U_REG_O1] = (val), 0)
1521 # define restore_arg0(tcp, state, val) 0
1523 # else /* other architectures */
1525 # if defined S390 || defined S390X
1526 /* Note: this is only true for the `clone' system call, which handles
1527 arguments specially. We could as well say that its first two arguments
1528 are swapped relative to other architectures, but that would just be
1529 another #ifdef in the calls. */
1530 # define arg0_offset PT_GPR3
1531 # define arg1_offset PT_ORIGGPR2
1532 # define restore_arg0(tcp, state, val) ((void) (state), 0)
1533 # define restore_arg1(tcp, state, val) ((void) (state), 0)
1534 # define arg0_index 1
1535 # define arg1_index 0
1536 # elif defined (ALPHA) || defined (MIPS)
1537 # define arg0_offset REG_A0
1538 # define arg1_offset (REG_A0+1)
1539 # elif defined (AVR32)
1540 # define arg0_offset (REG_R12)
1541 # define arg1_offset (REG_R11)
1542 # elif defined (POWERPC)
1543 # define arg0_offset (sizeof(unsigned long)*PT_R3)
1544 # define arg1_offset (sizeof(unsigned long)*PT_R4)
1545 # define restore_arg0(tcp, state, val) ((void) (state), 0)
1546 # elif defined (HPPA)
1547 # define arg0_offset PT_GR26
1548 # define arg1_offset (PT_GR26-4)
1549 # elif defined (X86_64)
1550 # define arg0_offset ((long)(8*(current_personality ? RBX : RDI)))
1551 # define arg1_offset ((long)(8*(current_personality ? RCX : RSI)))
1553 # define arg0_offset (4*(REG_REG0+4))
1554 # define arg1_offset (4*(REG_REG0+5))
1555 # elif defined (SH64)
1556 /* ABI defines arg0 & 1 in r2 & r3 */
1557 # define arg0_offset (REG_OFFSET+16)
1558 # define arg1_offset (REG_OFFSET+24)
1559 # define restore_arg0(tcp, state, val) 0
1560 # elif defined CRISV10 || defined CRISV32
1561 # define arg0_offset (4*PT_R11)
1562 # define arg1_offset (4*PT_ORIG_R10)
1563 # define restore_arg0(tcp, state, val) 0
1564 # define restore_arg1(tcp, state, val) 0
1565 # define arg0_index 1
1566 # define arg1_index 0
1568 # define arg0_offset 0
1569 # define arg1_offset 4
1571 # define restore_arg0(tcp, state, val) 0
1575 typedef int arg_setup_state;
1577 # define arg_setup(tcp, state) (0)
1578 # define arg_finish_change(tcp, state) 0
1579 # define get_arg0(tcp, cookie, valp) \
1580 (upeek((tcp), arg0_offset, (valp)))
1581 # define get_arg1(tcp, cookie, valp) \
1582 (upeek((tcp), arg1_offset, (valp)))
1585 set_arg0(struct tcb *tcp, void *cookie, long val)
1587 return ptrace(PTRACE_POKEUSER, tcp->pid, (char*)arg0_offset, val);
1591 set_arg1(struct tcb *tcp, void *cookie, long val)
1593 return ptrace(PTRACE_POKEUSER, tcp->pid, (char*)arg1_offset, val);
1596 # endif /* architectures */
1598 # ifndef restore_arg0
1599 # define restore_arg0(tcp, state, val) set_arg0((tcp), (state), (val))
1601 # ifndef restore_arg1
1602 # define restore_arg1(tcp, state, val) set_arg1((tcp), (state), (val))
1606 # define arg0_index 0
1607 # define arg1_index 1
1611 setbpt(struct tcb *tcp)
1613 static int clone_scno[SUPPORTED_PERSONALITIES] = { SYS_clone };
1614 arg_setup_state state;
1616 if (tcp->flags & TCB_BPTSET) {
1617 fprintf(stderr, "PANIC: TCB already set in pid %u\n", tcp->pid);
1622 * It's a silly kludge to initialize this with a search at runtime.
1623 * But it's better than maintaining another magic thing in the
1624 * godforsaken tables.
1626 if (clone_scno[current_personality] == 0) {
1628 for (i = 0; i < nsyscalls; ++i)
1629 if (sysent[i].sys_func == sys_clone) {
1630 clone_scno[current_personality] = i;
1635 switch (known_scno(tcp)) {
1642 # if defined SYS_fork || defined SYS_vfork
1643 if (arg_setup(tcp, &state) < 0
1644 || get_arg0(tcp, &state, &tcp->inst[0]) < 0
1645 || get_arg1(tcp, &state, &tcp->inst[1]) < 0
1646 || change_syscall(tcp, clone_scno[current_personality]) < 0
1647 || set_arg0(tcp, &state, CLONE_PTRACE|SIGCHLD) < 0
1648 || set_arg1(tcp, &state, 0) < 0
1649 || arg_finish_change(tcp, &state) < 0)
1651 tcp->u_arg[arg0_index] = CLONE_PTRACE|SIGCHLD;
1652 tcp->u_arg[arg1_index] = 0;
1653 tcp->flags |= TCB_BPTSET;
1661 /* ia64 calls directly `clone (CLONE_VFORK | CLONE_VM)'
1662 contrary to x86 SYS_vfork above. Even on x86 we turn the
1663 vfork semantics into plain fork - each application must not
1664 depend on the vfork specifics according to POSIX. We would
1665 hang waiting for the parent resume otherwise. We need to
1666 clear also CLONE_VM but only in the CLONE_VFORK case as
1667 otherwise we would break pthread_create. */
1669 long new_arg0 = (tcp->u_arg[arg0_index] | CLONE_PTRACE);
1670 if (new_arg0 & CLONE_VFORK)
1671 new_arg0 &= ~(unsigned long)(CLONE_VFORK | CLONE_VM);
1672 if (arg_setup(tcp, &state) < 0
1673 || set_arg0(tcp, &state, new_arg0) < 0
1674 || arg_finish_change(tcp, &state) < 0)
1676 tcp->flags |= TCB_BPTSET;
1677 tcp->inst[0] = tcp->u_arg[arg0_index];
1678 tcp->inst[1] = tcp->u_arg[arg1_index];
1682 fprintf(stderr, "PANIC: setbpt for syscall %ld on %u???\n",
1683 tcp->scno, tcp->pid);
1691 clearbpt(struct tcb *tcp)
1693 arg_setup_state state;
1694 if (arg_setup(tcp, &state) < 0
1695 || restore_arg0(tcp, &state, tcp->inst[0]) < 0
1696 || restore_arg1(tcp, &state, tcp->inst[1]) < 0
1697 || arg_finish_change(tcp, &state))
1700 tcp->flags &= ~TCB_BPTSET;
1704 # else /* !defined LINUX */
1707 setbpt(struct tcb *tcp)
1710 # ifdef SPARC /* This code is slightly sparc specific */
1713 # define BPT 0x91d02001 /* ta 1 */
1714 # define LOOP 0x10800000 /* ba 0 */
1715 # define LOOPA 0x30800000 /* ba,a 0 */
1716 # define NOP 0x01000000
1718 static int loopdeloop[1] = {LOOPA};
1720 static int loopdeloop[2] = {LOOP, NOP};
1723 if (tcp->flags & TCB_BPTSET) {
1724 fprintf(stderr, "PANIC: TCB already set in pid %u\n", tcp->pid);
1727 if (ptrace(PTRACE_GETREGS, tcp->pid, (char *)®s, 0) < 0) {
1728 perror("setbpt: ptrace(PTRACE_GETREGS, ...)");
1731 tcp->baddr = regs.r_o7 + 8;
1732 if (ptrace(PTRACE_READTEXT, tcp->pid, (char *)tcp->baddr,
1733 sizeof tcp->inst, (char *)tcp->inst) < 0) {
1734 perror("setbpt: ptrace(PTRACE_READTEXT, ...)");
1739 * XXX - BRUTAL MODE ON
1740 * We cannot set a real BPT in the child, since it will not be
1741 * traced at the moment it will reach the trap and would probably
1742 * die with a core dump.
1743 * Thus, we are force our way in by taking out two instructions
1744 * and insert an eternal loop in stead, in expectance of the SIGSTOP
1745 * generated by out PTRACE_ATTACH.
1746 * Of cause, if we evaporate ourselves in the middle of all this...
1748 if (ptrace(PTRACE_WRITETEXT, tcp->pid, (char *) tcp->baddr,
1749 sizeof loopdeloop, (char *) loopdeloop) < 0) {
1750 perror("setbpt: ptrace(PTRACE_WRITETEXT, ...)");
1753 tcp->flags |= TCB_BPTSET;
1756 # endif /* SUNOS4 */
1762 clearbpt(struct tcb *tcp)
1771 if (!(tcp->flags & TCB_BPTSET)) {
1772 fprintf(stderr, "PANIC: TCB not set in pid %u\n", tcp->pid);
1775 if (ptrace(PTRACE_WRITETEXT, tcp->pid, (char *) tcp->baddr,
1776 sizeof tcp->inst, (char *) tcp->inst) < 0) {
1777 perror("clearbtp: ptrace(PTRACE_WRITETEXT, ...)");
1780 tcp->flags &= ~TCB_BPTSET;
1784 * Since we don't have a single instruction breakpoint, we may have
1785 * to adjust the program counter after removing our `breakpoint'.
1787 if (ptrace(PTRACE_GETREGS, tcp->pid, (char *)®s, 0) < 0) {
1788 perror("clearbpt: ptrace(PTRACE_GETREGS, ...)");
1791 if ((regs.r_pc < tcp->baddr) ||
1792 (regs.r_pc > tcp->baddr + 4)) {
1793 /* The breakpoint has not been reached yet */
1796 "NOTE: PC not at bpt (pc %#x baddr %#x)\n",
1797 regs.r_pc, tcp->baddr);
1800 if (regs.r_pc != tcp->baddr)
1802 fprintf(stderr, "NOTE: PC adjusted (%#x -> %#x\n",
1803 regs.r_pc, tcp->baddr);
1805 regs.r_pc = tcp->baddr;
1806 if (ptrace(PTRACE_SETREGS, tcp->pid, (char *)®s, 0) < 0) {
1807 perror("clearbpt: ptrace(PTRACE_SETREGS, ...)");
1812 # endif /* SUNOS4 */
1817 # endif /* !defined LINUX */
1819 #endif /* !USE_PROCFS */
1825 getex(struct tcb *tcp, struct exec *hdr)
1829 for (n = 0; n < sizeof *hdr; n += 4) {
1831 if (upeek(tcp, uoff(u_exdata) + n, &res) < 0)
1833 memcpy(((char *) hdr) + n, &res, 4);
1836 fprintf(stderr, "[struct exec: magic: %o version %u Mach %o\n",
1837 hdr->a_magic, hdr->a_toolversion, hdr->a_machtype);
1838 fprintf(stderr, "Text %lu Data %lu Bss %lu Syms %lu Entry %#lx]\n",
1839 hdr->a_text, hdr->a_data, hdr->a_bss, hdr->a_syms, hdr->a_entry);
1845 fixvfork(struct tcb *tcp)
1849 * Change `vfork' in a freshly exec'ed dynamically linked
1850 * executable's (internal) symbol table to plain old `fork'
1854 struct link_dynamic dyn;
1855 struct link_dynamic_2 ld;
1858 if (getex(tcp, &hdr) < 0)
1863 if (umove(tcp, (int) N_DATADDR(hdr), &dyn) < 0) {
1864 fprintf(stderr, "Cannot read DYNAMIC\n");
1867 if (umove(tcp, (int) dyn.ld_un.ld_2, &ld) < 0) {
1868 fprintf(stderr, "Cannot read link_dynamic_2\n");
1871 strtab = malloc((unsigned)ld.ld_symb_size);
1873 die_out_of_memory();
1874 if (umoven(tcp, (int)ld.ld_symbols+(int)N_TXTADDR(hdr),
1875 (int)ld.ld_symb_size, strtab) < 0)
1878 for (cp = strtab; cp < strtab + ld.ld_symb_size; ) {
1879 if (strcmp(cp, "_vfork") == 0) {
1881 fprintf(stderr, "fixvfork: FOUND _vfork\n");
1882 strcpy(cp, "_fork");
1887 if (cp < strtab + ld.ld_symb_size)
1889 * Write entire symbol table back to avoid
1890 * memory alignment bugs in ptrace
1892 if (tload(pid, (int)ld.ld_symbols+(int)N_TXTADDR(hdr),
1893 (int)ld.ld_symb_size, strtab) < 0)