gdb/common/linux-ptrace.c

   1 /* Linux-specific ptrace manipulation routines.
   2    Copyright (C) 2012-2014 Free Software Foundation, Inc.
   3
   4    This file is part of GDB.
   5
   6    This program is free software; you can redistribute it and/or modify
   7    it under the terms of the GNU General Public License as published by
   8    the Free Software Foundation; either version 3 of the License, or
   9    (at your option) any later version.
  10
  11    This program is distributed in the hope that it will be useful,
  12    but WITHOUT ANY WARRANTY; without even the implied warranty of
  13    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14    GNU General Public License for more details.
  15
  16    You should have received a copy of the GNU General Public License
  17    along with this program.  If not, see <http://www.gnu.org/licenses/>.  */
  18
  19 #ifdef GDBSERVER
  20 #include "server.h"
  21 #else
  22 #include "defs.h"
  23 #include <string.h>
  24 #endif
  25
  26 #include "linux-ptrace.h"
  27 #include "linux-procfs.h"
  28 #include "nat/linux-waitpid.h"
  29 #include "buffer.h"
  30 #include "gdb_assert.h"
  31 #include "gdb_wait.h"
  32
  33 #include <stdint.h>
  34
  35 /* Stores the currently supported ptrace options.  A value of
  36    -1 means we did not check for features yet.  A value of 0 means
  37    there are no supported features.  */
  38 static int current_ptrace_options = -1;
  39
  40 /* Find all possible reasons we could fail to attach PID and append these
  41    newline terminated reason strings to initialized BUFFER.  '\0' termination
  42    of BUFFER must be done by the caller.  */
  43
  44 void
  45 linux_ptrace_attach_warnings (pid_t pid, struct buffer *buffer)
  46 {
  47   pid_t tracerpid;
  48
  49   tracerpid = linux_proc_get_tracerpid (pid);
  50   if (tracerpid > 0)
  51     buffer_xml_printf (buffer, _("warning: process %d is already traced "
  52                                  "by process %d\n"),
  53                        (int) pid, (int) tracerpid);
  54
  55   if (linux_proc_pid_is_zombie (pid))
  56     buffer_xml_printf (buffer, _("warning: process %d is a zombie "
  57                                  "- the process has already terminated\n"),
  58                        (int) pid);
  59 }
  60
  61 #if defined __i386__ || defined __x86_64__
  62
  63 /* Address of the 'ret' instruction in asm code block below.  */
  64 extern void (linux_ptrace_test_ret_to_nx_instr) (void);
  65
  66 #include <sys/reg.h>
  67 #include <sys/mman.h>
  68 #include <signal.h>
  69
  70 #endif /* defined __i386__ || defined __x86_64__ */
  71
  72 /* Test broken off-trunk Linux kernel patchset for NX support on i386.  It was
  73    removed in Fedora kernel 88fa1f0332d188795ed73d7ac2b1564e11a0b4cd.
  74
  75    Test also x86_64 arch for PaX support.  */
  76
  77 static void
  78 linux_ptrace_test_ret_to_nx (void)
  79 {
  80 #if defined __i386__ || defined __x86_64__
  81   pid_t child, got_pid;
  82   gdb_byte *return_address, *pc;
  83   long l;
  84   int status, kill_status;
  85
  86   return_address = mmap (NULL, 2, PROT_READ | PROT_WRITE,
  87                          MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
  88   if (return_address == MAP_FAILED)
  89     {
  90       warning (_("linux_ptrace_test_ret_to_nx: Cannot mmap: %s"),
  91                strerror (errno));
  92       return;
  93     }
  94
  95   /* Put there 'int3'.  */
  96   *return_address = 0xcc;
  97
  98   child = fork ();
  99   switch (child)
 100     {
 101     case -1:
 102       warning (_("linux_ptrace_test_ret_to_nx: Cannot fork: %s"),
 103                strerror (errno));
 104       return;
 105
 106     case 0:
 107       l = ptrace (PTRACE_TRACEME, 0, (PTRACE_TYPE_ARG3) NULL,
 108                   (PTRACE_TYPE_ARG4) NULL);
 109       if (l != 0)
 110         warning (_("linux_ptrace_test_ret_to_nx: Cannot PTRACE_TRACEME: %s"),
 111                  strerror (errno));
 112       else
 113         {
 114 #if defined __i386__
 115           asm volatile ("pushl %0;"
 116                         ".globl linux_ptrace_test_ret_to_nx_instr;"
 117                         "linux_ptrace_test_ret_to_nx_instr:"
 118                         "ret"
 119                         : : "r" (return_address) : "%esp", "memory");
 120 #elif defined __x86_64__
 121           asm volatile ("pushq %0;"
 122                         ".globl linux_ptrace_test_ret_to_nx_instr;"
 123                         "linux_ptrace_test_ret_to_nx_instr:"
 124                         "ret"
 125                         : : "r" ((uint64_t) (uintptr_t) return_address)
 126                         : "%rsp", "memory");
 127 #else
 128 # error "!__i386__ && !__x86_64__"
 129 #endif
 130           gdb_assert_not_reached ("asm block did not terminate");
 131         }
 132
 133       _exit (1);
 134     }
 135
 136   errno = 0;
 137   got_pid = waitpid (child, &status, 0);
 138   if (got_pid != child)
 139     {
 140       warning (_("linux_ptrace_test_ret_to_nx: waitpid returned %ld: %s"),
 141                (long) got_pid, strerror (errno));
 142       return;
 143     }
 144
 145   if (WIFSIGNALED (status))
 146     {
 147       if (WTERMSIG (status) != SIGKILL)
 148         warning (_("linux_ptrace_test_ret_to_nx: WTERMSIG %d is not SIGKILL!"),
 149                  (int) WTERMSIG (status));
 150       else
 151         warning (_("Cannot call inferior functions, Linux kernel PaX "
 152                    "protection forbids return to non-executable pages!"));
 153       return;
 154     }
 155
 156   if (!WIFSTOPPED (status))
 157     {
 158       warning (_("linux_ptrace_test_ret_to_nx: status %d is not WIFSTOPPED!"),
 159                status);
 160       return;
 161     }
 162
 163   /* We may get SIGSEGV due to missing PROT_EXEC of the return_address.  */
 164   if (WSTOPSIG (status) != SIGTRAP && WSTOPSIG (status) != SIGSEGV)
 165     {
 166       warning (_("linux_ptrace_test_ret_to_nx: "
 167                  "WSTOPSIG %d is neither SIGTRAP nor SIGSEGV!"),
 168                (int) WSTOPSIG (status));
 169       return;
 170     }
 171
 172   errno = 0;
 173 #if defined __i386__
 174   l = ptrace (PTRACE_PEEKUSER, child, (PTRACE_TYPE_ARG3) (uintptr_t) (EIP * 4),
 175               (PTRACE_TYPE_ARG4) NULL);
 176 #elif defined __x86_64__
 177   l = ptrace (PTRACE_PEEKUSER, child, (PTRACE_TYPE_ARG3) (uintptr_t) (RIP * 8),
 178               (PTRACE_TYPE_ARG4) NULL);
 179 #else
 180 # error "!__i386__ && !__x86_64__"
 181 #endif
 182   if (errno != 0)
 183     {
 184       warning (_("linux_ptrace_test_ret_to_nx: Cannot PTRACE_PEEKUSER: %s"),
 185                strerror (errno));
 186       return;
 187     }
 188   pc = (void *) (uintptr_t) l;
 189
 190   kill (child, SIGKILL);
 191   ptrace (PTRACE_KILL, child, (PTRACE_TYPE_ARG3) NULL,
 192           (PTRACE_TYPE_ARG4) NULL);
 193
 194   errno = 0;
 195   got_pid = waitpid (child, &kill_status, 0);
 196   if (got_pid != child)
 197     {
 198       warning (_("linux_ptrace_test_ret_to_nx: "
 199                  "PTRACE_KILL waitpid returned %ld: %s"),
 200                (long) got_pid, strerror (errno));
 201       return;
 202     }
 203   if (!WIFSIGNALED (kill_status))
 204     {
 205       warning (_("linux_ptrace_test_ret_to_nx: "
 206                  "PTRACE_KILL status %d is not WIFSIGNALED!"),
 207                status);
 208       return;
 209     }
 210
 211   /* + 1 is there as x86* stops after the 'int3' instruction.  */
 212   if (WSTOPSIG (status) == SIGTRAP && pc == return_address + 1)
 213     {
 214       /* PASS */
 215       return;
 216     }
 217
 218   /* We may get SIGSEGV due to missing PROT_EXEC of the RETURN_ADDRESS page.  */
 219   if (WSTOPSIG (status) == SIGSEGV && pc == return_address)
 220     {
 221       /* PASS */
 222       return;
 223     }
 224
 225   if ((void (*) (void)) pc != &linux_ptrace_test_ret_to_nx_instr)
 226     warning (_("linux_ptrace_test_ret_to_nx: PC %p is neither near return "
 227                "address %p nor is the return instruction %p!"),
 228              pc, return_address, &linux_ptrace_test_ret_to_nx_instr);
 229   else
 230     warning (_("Cannot call inferior functions on this system - "
 231                "Linux kernel with broken i386 NX (non-executable pages) "
 232                "support detected!"));
 233 #endif /* defined __i386__ || defined __x86_64__ */
 234 }
 235
 236 /* Helper function to fork a process and make the child process call
 237    the function FUNCTION, passing CHILD_STACK as parameter.
 238
 239    For MMU-less targets, clone is used instead of fork, and
 240    CHILD_STACK is used as stack space for the cloned child.  If NULL,
 241    stack space is allocated via malloc (and subsequently passed to
 242    FUNCTION).  For MMU targets, CHILD_STACK is ignored.  */
 243
 244 static int
 245 linux_fork_to_function (gdb_byte *child_stack, void (*function) (gdb_byte *))
 246 {
 247   int child_pid;
 248
 249   /* Sanity check the function pointer.  */
 250   gdb_assert (function != NULL);
 251
 252 #if defined(__UCLIBC__) && defined(HAS_NOMMU)
 253 #define STACK_SIZE 4096
 254
 255     if (child_stack == NULL)
 256       child_stack = xmalloc (STACK_SIZE * 4);
 257
 258     /* Use CLONE_VM instead of fork, to support uClinux (no MMU).  */
 259 #ifdef __ia64__
 260       child_pid = __clone2 (function, child_stack, STACK_SIZE,
 261                             CLONE_VM | SIGCHLD, child_stack + STACK_SIZE * 2);
 262 #else /* !__ia64__ */
 263       child_pid = clone (function, child_stack + STACK_SIZE,
 264                          CLONE_VM | SIGCHLD, child_stack + STACK_SIZE * 2);
 265 #endif /* !__ia64__ */
 266 #else /* !defined(__UCLIBC) && defined(HAS_NOMMU) */
 267   child_pid = fork ();
 268
 269   if (child_pid == 0)
 270     function (NULL);
 271 #endif /* defined(__UCLIBC) && defined(HAS_NOMMU) */
 272
 273   if (child_pid == -1)
 274     perror_with_name (("fork"));
 275
 276   return child_pid;
 277 }
 278
 279 /* A helper function for linux_check_ptrace_features, called after
 280    the child forks a grandchild.  */
 281
 282 static void
 283 linux_grandchild_function (gdb_byte *child_stack)
 284 {
 285   /* Free any allocated stack.  */
 286   xfree (child_stack);
 287
 288   /* This code is only reacheable by the grandchild (child's child)
 289      process.  */
 290   _exit (0);
 291 }
 292
 293 /* A helper function for linux_check_ptrace_features, called after
 294    the parent process forks a child.  The child allows itself to
 295    be traced by its parent.  */
 296
 297 static void
 298 linux_child_function (gdb_byte *child_stack)
 299 {
 300   ptrace (PTRACE_TRACEME, 0, (PTRACE_TYPE_ARG3) 0, (PTRACE_TYPE_ARG4) 0);
 301   kill (getpid (), SIGSTOP);
 302
 303   /* Fork a grandchild.  */
 304   linux_fork_to_function (child_stack, linux_grandchild_function);
 305
 306   /* This code is only reacheable by the child (grandchild's parent)
 307      process.  */
 308   _exit (0);
 309 }
 310
 311 static void linux_test_for_tracesysgood (int child_pid);
 312 static void linux_test_for_tracefork (int child_pid);
 313
 314 /* Determine ptrace features available on this target.  */
 315
 316 static void
 317 linux_check_ptrace_features (void)
 318 {
 319   int child_pid, ret, status;
 320
 321   /* Initialize the options.  */
 322   current_ptrace_options = 0;
 323
 324   /* Fork a child so we can do some testing.  The child will call
 325      linux_child_function and will get traced.  The child will
 326      eventually fork a grandchild so we can test fork event
 327      reporting.  */
 328   child_pid = linux_fork_to_function (NULL, linux_child_function);
 329
 330   ret = my_waitpid (child_pid, &status, 0);
 331   if (ret == -1)
 332     perror_with_name (("waitpid"));
 333   else if (ret != child_pid)
 334     error (_("linux_check_ptrace_features: waitpid: unexpected result %d."),
 335            ret);
 336   if (! WIFSTOPPED (status))
 337     error (_("linux_check_ptrace_features: waitpid: unexpected status %d."),
 338            status);
 339
 340   linux_test_for_tracesysgood (child_pid);
 341
 342   linux_test_for_tracefork (child_pid);
 343
 344   /* Clean things up and kill any pending children.  */
 345   do
 346     {
 347       ret = ptrace (PTRACE_KILL, child_pid, (PTRACE_TYPE_ARG3) 0,
 348                     (PTRACE_TYPE_ARG4) 0);
 349       if (ret != 0)
 350         warning (_("linux_check_ptrace_features: failed to kill child"));
 351       my_waitpid (child_pid, &status, 0);
 352     }
 353   while (WIFSTOPPED (status));
 354 }
 355
 356 /* Determine if PTRACE_O_TRACESYSGOOD can be used to catch
 357    syscalls.  */
 358
 359 static void
 360 linux_test_for_tracesysgood (int child_pid)
 361 {
 362 #ifdef GDBSERVER
 363   /* gdbserver does not support PTRACE_O_TRACESYSGOOD.  */
 364 #else
 365   int ret;
 366
 367   ret = ptrace (PTRACE_SETOPTIONS, child_pid, (PTRACE_TYPE_ARG3) 0,
 368                 (PTRACE_TYPE_ARG4) PTRACE_O_TRACESYSGOOD);
 369   if (ret == 0)
 370     current_ptrace_options |= PTRACE_O_TRACESYSGOOD;
 371 #endif
 372 }
 373
 374 /* Determine if PTRACE_O_TRACEFORK can be used to follow fork
 375    events.  */
 376
 377 static void
 378 linux_test_for_tracefork (int child_pid)
 379 {
 380   int ret, status;
 381   long second_pid;
 382
 383   /* First, set the PTRACE_O_TRACEFORK option.  If this fails, we
 384      know for sure that it is not supported.  */
 385   ret = ptrace (PTRACE_SETOPTIONS, child_pid, (PTRACE_TYPE_ARG3) 0,
 386                 (PTRACE_TYPE_ARG4) PTRACE_O_TRACEFORK);
 387
 388   if (ret != 0)
 389     return;
 390
 391 #ifdef GDBSERVER
 392   /* gdbserver does not support PTRACE_O_TRACEVFORKDONE yet.  */
 393 #else
 394   /* Check if the target supports PTRACE_O_TRACEVFORKDONE.  */
 395   ret = ptrace (PTRACE_SETOPTIONS, child_pid, (PTRACE_TYPE_ARG3) 0,
 396                 (PTRACE_TYPE_ARG4) (PTRACE_O_TRACEFORK
 397                                     | PTRACE_O_TRACEVFORKDONE));
 398   if (ret == 0)
 399     current_ptrace_options |= PTRACE_O_TRACEVFORKDONE;
 400 #endif
 401
 402   /* Setting PTRACE_O_TRACEFORK did not cause an error, however we
 403      don't know for sure that the feature is available; old
 404      versions of PTRACE_SETOPTIONS ignored unknown options.
 405      Therefore, we attach to the child process, use PTRACE_SETOPTIONS
 406      to enable fork tracing, and let it fork.  If the process exits,
 407      we assume that we can't use PTRACE_O_TRACEFORK; if we get the
 408      fork notification, and we can extract the new child's PID, then
 409      we assume that we can.
 410
 411      We do not explicitly check for vfork tracing here.  It is
 412      assumed that vfork tracing is available whenever fork tracing
 413      is available.  */
 414   ret = ptrace (PTRACE_CONT, child_pid, (PTRACE_TYPE_ARG3) 0,
 415                 (PTRACE_TYPE_ARG4) 0);
 416   if (ret != 0)
 417     warning (_("linux_test_for_tracefork: failed to resume child"));
 418
 419   ret = my_waitpid (child_pid, &status, 0);
 420
 421   /* Check if we received a fork event notification.  */
 422   if (ret == child_pid && WIFSTOPPED (status)
 423       && status >> 16 == PTRACE_EVENT_FORK)
 424     {
 425       /* We did receive a fork event notification.  Make sure its PID
 426          is reported.  */
 427       second_pid = 0;
 428       ret = ptrace (PTRACE_GETEVENTMSG, child_pid, (PTRACE_TYPE_ARG3) 0,
 429                     (PTRACE_TYPE_ARG4) &second_pid);
 430       if (ret == 0 && second_pid != 0)
 431         {
 432           int second_status;
 433
 434           /* We got the PID from the grandchild, which means fork
 435              tracing is supported.  */
 436 #ifdef GDBSERVER
 437           /* Do not enable all the options for now since gdbserver does not
 438              properly support them.  This restriction will be lifted when
 439              gdbserver is augmented to support them.  */
 440           current_ptrace_options |= PTRACE_O_TRACECLONE;
 441 #else
 442           current_ptrace_options |= PTRACE_O_TRACEFORK | PTRACE_O_TRACEVFORK
 443             | PTRACE_O_TRACECLONE | PTRACE_O_TRACEEXEC;
 444
 445           /* Do not enable PTRACE_O_TRACEEXIT until GDB is more prepared to
 446              support read-only process state.  */
 447 #endif
 448
 449           /* Do some cleanup and kill the grandchild.  */
 450           my_waitpid (second_pid, &second_status, 0);
 451           ret = ptrace (PTRACE_KILL, second_pid, (PTRACE_TYPE_ARG3) 0,
 452                         (PTRACE_TYPE_ARG4) 0);
 453           if (ret != 0)
 454             warning (_("linux_test_for_tracefork: "
 455                        "failed to kill second child"));
 456           my_waitpid (second_pid, &status, 0);
 457         }
 458     }
 459   else
 460     warning (_("linux_test_for_tracefork: unexpected result from waitpid "
 461              "(%d, status 0x%x)"), ret, status);
 462 }
 463
 464 /* Enable reporting of all currently supported ptrace events.  */
 465
 466 void
 467 linux_enable_event_reporting (pid_t pid)
 468 {
 469   /* Check if we have initialized the ptrace features for this
 470      target.  If not, do it now.  */
 471   if (current_ptrace_options == -1)
 472     linux_check_ptrace_features ();
 473
 474   /* Set the options.  */
 475   ptrace (PTRACE_SETOPTIONS, pid, (PTRACE_TYPE_ARG3) 0,
 476           (PTRACE_TYPE_ARG4) (uintptr_t) current_ptrace_options);
 477 }
 478
 479 /* Returns non-zero if PTRACE_OPTIONS is contained within
 480    CURRENT_PTRACE_OPTIONS, therefore supported.  Returns 0
 481    otherwise.  */
 482
 483 static int
 484 ptrace_supports_feature (int ptrace_options)
 485 {
 486   gdb_assert (current_ptrace_options >= 0);
 487
 488   return ((current_ptrace_options & ptrace_options) == ptrace_options);
 489 }
 490
 491 /* Returns non-zero if PTRACE_EVENT_FORK is supported by ptrace,
 492    0 otherwise.  Note that if PTRACE_EVENT_FORK is supported so is
 493    PTRACE_EVENT_CLONE, PTRACE_EVENT_EXEC and PTRACE_EVENT_VFORK,
 494    since they were all added to the kernel at the same time.  */
 495
 496 int
 497 linux_supports_tracefork (void)
 498 {
 499   return ptrace_supports_feature (PTRACE_O_TRACEFORK);
 500 }
 501
 502 /* Returns non-zero if PTRACE_EVENT_CLONE is supported by ptrace,
 503    0 otherwise.  Note that if PTRACE_EVENT_CLONE is supported so is
 504    PTRACE_EVENT_FORK, PTRACE_EVENT_EXEC and PTRACE_EVENT_VFORK,
 505    since they were all added to the kernel at the same time.  */
 506
 507 int
 508 linux_supports_traceclone (void)
 509 {
 510   return ptrace_supports_feature (PTRACE_O_TRACECLONE);
 511 }
 512
 513 /* Returns non-zero if PTRACE_O_TRACEVFORKDONE is supported by
 514    ptrace, 0 otherwise.  */
 515
 516 int
 517 linux_supports_tracevforkdone (void)
 518 {
 519   return ptrace_supports_feature (PTRACE_O_TRACEVFORKDONE);
 520 }
 521
 522 /* Returns non-zero if PTRACE_O_TRACESYSGOOD is supported by ptrace,
 523    0 otherwise.  */
 524
 525 int
 526 linux_supports_tracesysgood (void)
 527 {
 528   return ptrace_supports_feature (PTRACE_O_TRACESYSGOOD);
 529 }
 530
 531 /* Display possible problems on this system.  Display them only once per GDB
 532    execution.  */
 533
 534 void
 535 linux_ptrace_init_warnings (void)
 536 {
 537   static int warned = 0;
 538
 539   if (warned)
 540     return;
 541   warned = 1;
 542
 543   linux_ptrace_test_ret_to_nx ();
 544 }