gdb/nat/linux-ptrace.c

   1 /* Linux-specific ptrace manipulation routines.
   2    Copyright (C) 2012-2014 Free Software Foundation, Inc.
   3
   4    This file is part of GDB.
   5
   6    This program is free software; you can redistribute it and/or modify
   7    it under the terms of the GNU General Public License as published by
   8    the Free Software Foundation; either version 3 of the License, or
   9    (at your option) any later version.
  10
  11    This program is distributed in the hope that it will be useful,
  12    but WITHOUT ANY WARRANTY; without even the implied warranty of
  13    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14    GNU General Public License for more details.
  15
  16    You should have received a copy of the GNU General Public License
  17    along with this program.  If not, see <http://www.gnu.org/licenses/>.  */
  18
  19 #include "common-defs.h"
  20 #include "linux-ptrace.h"
  21 #include "linux-procfs.h"
  22 #include "linux-waitpid.h"
  23 #include "buffer.h"
  24 #include "gdb_wait.h"
  25
  26 #include <stdint.h>
  27
  28 /* Stores the currently supported ptrace options.  A value of
  29    -1 means we did not check for features yet.  A value of 0 means
  30    there are no supported features.  */
  31 static int current_ptrace_options = -1;
  32
  33 /* Additional flags to test.  */
  34
  35 static int additional_flags;
  36
  37 /* Find all possible reasons we could fail to attach PID and append
  38    these as strings to the already initialized BUFFER.  '\0'
  39    termination of BUFFER must be done by the caller.  */
  40
  41 void
  42 linux_ptrace_attach_fail_reason (pid_t pid, struct buffer *buffer)
  43 {
  44   pid_t tracerpid;
  45
  46   tracerpid = linux_proc_get_tracerpid (pid);
  47   if (tracerpid > 0)
  48     buffer_xml_printf (buffer, _("process %d is already traced "
  49                                  "by process %d"),
  50                        (int) pid, (int) tracerpid);
  51
  52   if (linux_proc_pid_is_zombie (pid))
  53     buffer_xml_printf (buffer, _("process %d is a zombie "
  54                                  "- the process has already terminated"),
  55                        (int) pid);
  56 }
  57
  58 #if defined __i386__ || defined __x86_64__
  59
  60 /* Address of the 'ret' instruction in asm code block below.  */
  61 extern void (linux_ptrace_test_ret_to_nx_instr) (void);
  62
  63 #include <sys/reg.h>
  64 #include <sys/mman.h>
  65 #include <signal.h>
  66
  67 #endif /* defined __i386__ || defined __x86_64__ */
  68
  69 /* Test broken off-trunk Linux kernel patchset for NX support on i386.  It was
  70    removed in Fedora kernel 88fa1f0332d188795ed73d7ac2b1564e11a0b4cd.
  71
  72    Test also x86_64 arch for PaX support.  */
  73
  74 static void
  75 linux_ptrace_test_ret_to_nx (void)
  76 {
  77 #if defined __i386__ || defined __x86_64__
  78   pid_t child, got_pid;
  79   gdb_byte *return_address, *pc;
  80   long l;
  81   int status, kill_status;
  82
  83   return_address = mmap (NULL, 2, PROT_READ | PROT_WRITE,
  84                          MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
  85   if (return_address == MAP_FAILED)
  86     {
  87       warning (_("linux_ptrace_test_ret_to_nx: Cannot mmap: %s"),
  88                strerror (errno));
  89       return;
  90     }
  91
  92   /* Put there 'int3'.  */
  93   *return_address = 0xcc;
  94
  95   child = fork ();
  96   switch (child)
  97     {
  98     case -1:
  99       warning (_("linux_ptrace_test_ret_to_nx: Cannot fork: %s"),
 100                strerror (errno));
 101       return;
 102
 103     case 0:
 104       l = ptrace (PTRACE_TRACEME, 0, (PTRACE_TYPE_ARG3) NULL,
 105                   (PTRACE_TYPE_ARG4) NULL);
 106       if (l != 0)
 107         warning (_("linux_ptrace_test_ret_to_nx: Cannot PTRACE_TRACEME: %s"),
 108                  strerror (errno));
 109       else
 110         {
 111 #if defined __i386__
 112           asm volatile ("pushl %0;"
 113                         ".globl linux_ptrace_test_ret_to_nx_instr;"
 114                         "linux_ptrace_test_ret_to_nx_instr:"
 115                         "ret"
 116                         : : "r" (return_address) : "%esp", "memory");
 117 #elif defined __x86_64__
 118           asm volatile ("pushq %0;"
 119                         ".globl linux_ptrace_test_ret_to_nx_instr;"
 120                         "linux_ptrace_test_ret_to_nx_instr:"
 121                         "ret"
 122                         : : "r" ((uint64_t) (uintptr_t) return_address)
 123                         : "%rsp", "memory");
 124 #else
 125 # error "!__i386__ && !__x86_64__"
 126 #endif
 127           gdb_assert_not_reached ("asm block did not terminate");
 128         }
 129
 130       _exit (1);
 131     }
 132
 133   errno = 0;
 134   got_pid = waitpid (child, &status, 0);
 135   if (got_pid != child)
 136     {
 137       warning (_("linux_ptrace_test_ret_to_nx: waitpid returned %ld: %s"),
 138                (long) got_pid, strerror (errno));
 139       return;
 140     }
 141
 142   if (WIFSIGNALED (status))
 143     {
 144       if (WTERMSIG (status) != SIGKILL)
 145         warning (_("linux_ptrace_test_ret_to_nx: WTERMSIG %d is not SIGKILL!"),
 146                  (int) WTERMSIG (status));
 147       else
 148         warning (_("Cannot call inferior functions, Linux kernel PaX "
 149                    "protection forbids return to non-executable pages!"));
 150       return;
 151     }
 152
 153   if (!WIFSTOPPED (status))
 154     {
 155       warning (_("linux_ptrace_test_ret_to_nx: status %d is not WIFSTOPPED!"),
 156                status);
 157       return;
 158     }
 159
 160   /* We may get SIGSEGV due to missing PROT_EXEC of the return_address.  */
 161   if (WSTOPSIG (status) != SIGTRAP && WSTOPSIG (status) != SIGSEGV)
 162     {
 163       warning (_("linux_ptrace_test_ret_to_nx: "
 164                  "WSTOPSIG %d is neither SIGTRAP nor SIGSEGV!"),
 165                (int) WSTOPSIG (status));
 166       return;
 167     }
 168
 169   errno = 0;
 170 #if defined __i386__
 171   l = ptrace (PTRACE_PEEKUSER, child, (PTRACE_TYPE_ARG3) (uintptr_t) (EIP * 4),
 172               (PTRACE_TYPE_ARG4) NULL);
 173 #elif defined __x86_64__
 174   l = ptrace (PTRACE_PEEKUSER, child, (PTRACE_TYPE_ARG3) (uintptr_t) (RIP * 8),
 175               (PTRACE_TYPE_ARG4) NULL);
 176 #else
 177 # error "!__i386__ && !__x86_64__"
 178 #endif
 179   if (errno != 0)
 180     {
 181       warning (_("linux_ptrace_test_ret_to_nx: Cannot PTRACE_PEEKUSER: %s"),
 182                strerror (errno));
 183       return;
 184     }
 185   pc = (void *) (uintptr_t) l;
 186
 187   kill (child, SIGKILL);
 188   ptrace (PTRACE_KILL, child, (PTRACE_TYPE_ARG3) NULL,
 189           (PTRACE_TYPE_ARG4) NULL);
 190
 191   errno = 0;
 192   got_pid = waitpid (child, &kill_status, 0);
 193   if (got_pid != child)
 194     {
 195       warning (_("linux_ptrace_test_ret_to_nx: "
 196                  "PTRACE_KILL waitpid returned %ld: %s"),
 197                (long) got_pid, strerror (errno));
 198       return;
 199     }
 200   if (!WIFSIGNALED (kill_status))
 201     {
 202       warning (_("linux_ptrace_test_ret_to_nx: "
 203                  "PTRACE_KILL status %d is not WIFSIGNALED!"),
 204                status);
 205       return;
 206     }
 207
 208   /* + 1 is there as x86* stops after the 'int3' instruction.  */
 209   if (WSTOPSIG (status) == SIGTRAP && pc == return_address + 1)
 210     {
 211       /* PASS */
 212       return;
 213     }
 214
 215   /* We may get SIGSEGV due to missing PROT_EXEC of the RETURN_ADDRESS page.  */
 216   if (WSTOPSIG (status) == SIGSEGV && pc == return_address)
 217     {
 218       /* PASS */
 219       return;
 220     }
 221
 222   if ((void (*) (void)) pc != &linux_ptrace_test_ret_to_nx_instr)
 223     warning (_("linux_ptrace_test_ret_to_nx: PC %p is neither near return "
 224                "address %p nor is the return instruction %p!"),
 225              pc, return_address, &linux_ptrace_test_ret_to_nx_instr);
 226   else
 227     warning (_("Cannot call inferior functions on this system - "
 228                "Linux kernel with broken i386 NX (non-executable pages) "
 229                "support detected!"));
 230 #endif /* defined __i386__ || defined __x86_64__ */
 231 }
 232
 233 /* Helper function to fork a process and make the child process call
 234    the function FUNCTION, passing CHILD_STACK as parameter.
 235
 236    For MMU-less targets, clone is used instead of fork, and
 237    CHILD_STACK is used as stack space for the cloned child.  If NULL,
 238    stack space is allocated via malloc (and subsequently passed to
 239    FUNCTION).  For MMU targets, CHILD_STACK is ignored.  */
 240
 241 static int
 242 linux_fork_to_function (gdb_byte *child_stack, void (*function) (gdb_byte *))
 243 {
 244   int child_pid;
 245
 246   /* Sanity check the function pointer.  */
 247   gdb_assert (function != NULL);
 248
 249 #if defined(__UCLIBC__) && defined(HAS_NOMMU)
 250 #define STACK_SIZE 4096
 251
 252     if (child_stack == NULL)
 253       child_stack = xmalloc (STACK_SIZE * 4);
 254
 255     /* Use CLONE_VM instead of fork, to support uClinux (no MMU).  */
 256 #ifdef __ia64__
 257       child_pid = __clone2 (function, child_stack, STACK_SIZE,
 258                             CLONE_VM | SIGCHLD, child_stack + STACK_SIZE * 2);
 259 #else /* !__ia64__ */
 260       child_pid = clone (function, child_stack + STACK_SIZE,
 261                          CLONE_VM | SIGCHLD, child_stack + STACK_SIZE * 2);
 262 #endif /* !__ia64__ */
 263 #else /* !defined(__UCLIBC) && defined(HAS_NOMMU) */
 264   child_pid = fork ();
 265
 266   if (child_pid == 0)
 267     function (NULL);
 268 #endif /* defined(__UCLIBC) && defined(HAS_NOMMU) */
 269
 270   if (child_pid == -1)
 271     perror_with_name (("fork"));
 272
 273   return child_pid;
 274 }
 275
 276 /* A helper function for linux_check_ptrace_features, called after
 277    the child forks a grandchild.  */
 278
 279 static void
 280 linux_grandchild_function (gdb_byte *child_stack)
 281 {
 282   /* Free any allocated stack.  */
 283   xfree (child_stack);
 284
 285   /* This code is only reacheable by the grandchild (child's child)
 286      process.  */
 287   _exit (0);
 288 }
 289
 290 /* A helper function for linux_check_ptrace_features, called after
 291    the parent process forks a child.  The child allows itself to
 292    be traced by its parent.  */
 293
 294 static void
 295 linux_child_function (gdb_byte *child_stack)
 296 {
 297   ptrace (PTRACE_TRACEME, 0, (PTRACE_TYPE_ARG3) 0, (PTRACE_TYPE_ARG4) 0);
 298   kill (getpid (), SIGSTOP);
 299
 300   /* Fork a grandchild.  */
 301   linux_fork_to_function (child_stack, linux_grandchild_function);
 302
 303   /* This code is only reacheable by the child (grandchild's parent)
 304      process.  */
 305   _exit (0);
 306 }
 307
 308 static void linux_test_for_tracesysgood (int child_pid);
 309 static void linux_test_for_tracefork (int child_pid);
 310
 311 /* Determine ptrace features available on this target.  */
 312
 313 static void
 314 linux_check_ptrace_features (void)
 315 {
 316   int child_pid, ret, status;
 317
 318   /* Initialize the options.  */
 319   current_ptrace_options = 0;
 320
 321   /* Fork a child so we can do some testing.  The child will call
 322      linux_child_function and will get traced.  The child will
 323      eventually fork a grandchild so we can test fork event
 324      reporting.  */
 325   child_pid = linux_fork_to_function (NULL, linux_child_function);
 326
 327   ret = my_waitpid (child_pid, &status, 0);
 328   if (ret == -1)
 329     perror_with_name (("waitpid"));
 330   else if (ret != child_pid)
 331     error (_("linux_check_ptrace_features: waitpid: unexpected result %d."),
 332            ret);
 333   if (! WIFSTOPPED (status))
 334     error (_("linux_check_ptrace_features: waitpid: unexpected status %d."),
 335            status);
 336
 337   linux_test_for_tracesysgood (child_pid);
 338
 339   linux_test_for_tracefork (child_pid);
 340
 341   /* Clean things up and kill any pending children.  */
 342   do
 343     {
 344       ret = ptrace (PTRACE_KILL, child_pid, (PTRACE_TYPE_ARG3) 0,
 345                     (PTRACE_TYPE_ARG4) 0);
 346       if (ret != 0)
 347         warning (_("linux_check_ptrace_features: failed to kill child"));
 348       my_waitpid (child_pid, &status, 0);
 349     }
 350   while (WIFSTOPPED (status));
 351 }
 352
 353 /* Determine if PTRACE_O_TRACESYSGOOD can be used to catch
 354    syscalls.  */
 355
 356 static void
 357 linux_test_for_tracesysgood (int child_pid)
 358 {
 359   int ret;
 360
 361   if ((additional_flags & PTRACE_O_TRACESYSGOOD) == 0)
 362     return;
 363
 364   ret = ptrace (PTRACE_SETOPTIONS, child_pid, (PTRACE_TYPE_ARG3) 0,
 365                 (PTRACE_TYPE_ARG4) PTRACE_O_TRACESYSGOOD);
 366
 367   if (ret == 0)
 368     current_ptrace_options |= PTRACE_O_TRACESYSGOOD;
 369 }
 370
 371 /* Determine if PTRACE_O_TRACEFORK can be used to follow fork
 372    events.  */
 373
 374 static void
 375 linux_test_for_tracefork (int child_pid)
 376 {
 377   int ret, status;
 378   long second_pid;
 379
 380   /* First, set the PTRACE_O_TRACEFORK option.  If this fails, we
 381      know for sure that it is not supported.  */
 382   ret = ptrace (PTRACE_SETOPTIONS, child_pid, (PTRACE_TYPE_ARG3) 0,
 383                 (PTRACE_TYPE_ARG4) PTRACE_O_TRACEFORK);
 384
 385   if (ret != 0)
 386     return;
 387
 388   if ((additional_flags & PTRACE_O_TRACEVFORKDONE) != 0)
 389     {
 390       /* Check if the target supports PTRACE_O_TRACEVFORKDONE.  */
 391       ret = ptrace (PTRACE_SETOPTIONS, child_pid, (PTRACE_TYPE_ARG3) 0,
 392                     (PTRACE_TYPE_ARG4) (PTRACE_O_TRACEFORK
 393                                         | PTRACE_O_TRACEVFORKDONE));
 394       if (ret == 0)
 395         current_ptrace_options |= PTRACE_O_TRACEVFORKDONE;
 396     }
 397
 398   /* Setting PTRACE_O_TRACEFORK did not cause an error, however we
 399      don't know for sure that the feature is available; old
 400      versions of PTRACE_SETOPTIONS ignored unknown options.
 401      Therefore, we attach to the child process, use PTRACE_SETOPTIONS
 402      to enable fork tracing, and let it fork.  If the process exits,
 403      we assume that we can't use PTRACE_O_TRACEFORK; if we get the
 404      fork notification, and we can extract the new child's PID, then
 405      we assume that we can.
 406
 407      We do not explicitly check for vfork tracing here.  It is
 408      assumed that vfork tracing is available whenever fork tracing
 409      is available.  */
 410   ret = ptrace (PTRACE_CONT, child_pid, (PTRACE_TYPE_ARG3) 0,
 411                 (PTRACE_TYPE_ARG4) 0);
 412   if (ret != 0)
 413     warning (_("linux_test_for_tracefork: failed to resume child"));
 414
 415   ret = my_waitpid (child_pid, &status, 0);
 416
 417   /* Check if we received a fork event notification.  */
 418   if (ret == child_pid && WIFSTOPPED (status)
 419       && status >> 16 == PTRACE_EVENT_FORK)
 420     {
 421       /* We did receive a fork event notification.  Make sure its PID
 422          is reported.  */
 423       second_pid = 0;
 424       ret = ptrace (PTRACE_GETEVENTMSG, child_pid, (PTRACE_TYPE_ARG3) 0,
 425                     (PTRACE_TYPE_ARG4) &second_pid);
 426       if (ret == 0 && second_pid != 0)
 427         {
 428           int second_status;
 429
 430           /* We got the PID from the grandchild, which means fork
 431              tracing is supported.  */
 432           current_ptrace_options |= PTRACE_O_TRACECLONE;
 433           current_ptrace_options |= (additional_flags & (PTRACE_O_TRACEFORK
 434                                                          | PTRACE_O_TRACEVFORK
 435                                                          | PTRACE_O_TRACEEXEC));
 436
 437           /* Do some cleanup and kill the grandchild.  */
 438           my_waitpid (second_pid, &second_status, 0);
 439           ret = ptrace (PTRACE_KILL, second_pid, (PTRACE_TYPE_ARG3) 0,
 440                         (PTRACE_TYPE_ARG4) 0);
 441           if (ret != 0)
 442             warning (_("linux_test_for_tracefork: "
 443                        "failed to kill second child"));
 444           my_waitpid (second_pid, &status, 0);
 445         }
 446     }
 447   else
 448     warning (_("linux_test_for_tracefork: unexpected result from waitpid "
 449              "(%d, status 0x%x)"), ret, status);
 450 }
 451
 452 /* Enable reporting of all currently supported ptrace events.  */
 453
 454 void
 455 linux_enable_event_reporting (pid_t pid)
 456 {
 457   /* Check if we have initialized the ptrace features for this
 458      target.  If not, do it now.  */
 459   if (current_ptrace_options == -1)
 460     linux_check_ptrace_features ();
 461
 462   /* Set the options.  */
 463   ptrace (PTRACE_SETOPTIONS, pid, (PTRACE_TYPE_ARG3) 0,
 464           (PTRACE_TYPE_ARG4) (uintptr_t) current_ptrace_options);
 465 }
 466
 467 /* Disable reporting of all currently supported ptrace events.  */
 468
 469 void
 470 linux_disable_event_reporting (pid_t pid)
 471 {
 472   /* Set the options.  */
 473   ptrace (PTRACE_SETOPTIONS, pid, (PTRACE_TYPE_ARG3) 0, 0);
 474 }
 475
 476 /* Returns non-zero if PTRACE_OPTIONS is contained within
 477    CURRENT_PTRACE_OPTIONS, therefore supported.  Returns 0
 478    otherwise.  */
 479
 480 static int
 481 ptrace_supports_feature (int ptrace_options)
 482 {
 483   gdb_assert (current_ptrace_options >= 0);
 484
 485   return ((current_ptrace_options & ptrace_options) == ptrace_options);
 486 }
 487
 488 /* Returns non-zero if PTRACE_EVENT_FORK is supported by ptrace,
 489    0 otherwise.  Note that if PTRACE_EVENT_FORK is supported so is
 490    PTRACE_EVENT_CLONE, PTRACE_EVENT_EXEC and PTRACE_EVENT_VFORK,
 491    since they were all added to the kernel at the same time.  */
 492
 493 int
 494 linux_supports_tracefork (void)
 495 {
 496   return ptrace_supports_feature (PTRACE_O_TRACEFORK);
 497 }
 498
 499 /* Returns non-zero if PTRACE_EVENT_CLONE is supported by ptrace,
 500    0 otherwise.  Note that if PTRACE_EVENT_CLONE is supported so is
 501    PTRACE_EVENT_FORK, PTRACE_EVENT_EXEC and PTRACE_EVENT_VFORK,
 502    since they were all added to the kernel at the same time.  */
 503
 504 int
 505 linux_supports_traceclone (void)
 506 {
 507   return ptrace_supports_feature (PTRACE_O_TRACECLONE);
 508 }
 509
 510 /* Returns non-zero if PTRACE_O_TRACEVFORKDONE is supported by
 511    ptrace, 0 otherwise.  */
 512
 513 int
 514 linux_supports_tracevforkdone (void)
 515 {
 516   return ptrace_supports_feature (PTRACE_O_TRACEVFORKDONE);
 517 }
 518
 519 /* Returns non-zero if PTRACE_O_TRACESYSGOOD is supported by ptrace,
 520    0 otherwise.  */
 521
 522 int
 523 linux_supports_tracesysgood (void)
 524 {
 525   return ptrace_supports_feature (PTRACE_O_TRACESYSGOOD);
 526 }
 527
 528 /* Display possible problems on this system.  Display them only once per GDB
 529    execution.  */
 530
 531 void
 532 linux_ptrace_init_warnings (void)
 533 {
 534   static int warned = 0;
 535
 536   if (warned)
 537     return;
 538   warned = 1;
 539
 540   linux_ptrace_test_ret_to_nx ();
 541 }
 542
 543 /* Set additional ptrace flags to use.  Some such flags may be checked
 544    by the implementation above.  This function must be called before
 545    any other function in this file; otherwise the flags may not take
 546    effect appropriately.  */
 547
 548 void
 549 linux_ptrace_set_additional_flags (int flags)
 550 {
 551   additional_flags = flags;
 552 }