gdb/nat/linux-ptrace.c

   1 /* Linux-specific ptrace manipulation routines.
   2    Copyright (C) 2012-2014 Free Software Foundation, Inc.
   3
   4    This file is part of GDB.
   5
   6    This program is free software; you can redistribute it and/or modify
   7    it under the terms of the GNU General Public License as published by
   8    the Free Software Foundation; either version 3 of the License, or
   9    (at your option) any later version.
  10
  11    This program is distributed in the hope that it will be useful,
  12    but WITHOUT ANY WARRANTY; without even the implied warranty of
  13    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14    GNU General Public License for more details.
  15
  16    You should have received a copy of the GNU General Public License
  17    along with this program.  If not, see <http://www.gnu.org/licenses/>.  */
  18
  19 #ifdef GDBSERVER
  20 #include "server.h"
  21 #else
  22 #include "defs.h"
  23 #endif
  24
  25 #include "linux-ptrace.h"
  26 #include "linux-procfs.h"
  27 #include "linux-waitpid.h"
  28 #include "buffer.h"
  29 #include "gdb_wait.h"
  30
  31 #include <stdint.h>
  32
  33 /* Stores the currently supported ptrace options.  A value of
  34    -1 means we did not check for features yet.  A value of 0 means
  35    there are no supported features.  */
  36 static int current_ptrace_options = -1;
  37
  38 /* Additional flags to test.  */
  39
  40 static int additional_flags;
  41
  42 /* Find all possible reasons we could fail to attach PID and append
  43    these as strings to the already initialized BUFFER.  '\0'
  44    termination of BUFFER must be done by the caller.  */
  45
  46 void
  47 linux_ptrace_attach_fail_reason (pid_t pid, struct buffer *buffer)
  48 {
  49   pid_t tracerpid;
  50
  51   tracerpid = linux_proc_get_tracerpid (pid);
  52   if (tracerpid > 0)
  53     buffer_xml_printf (buffer, _("process %d is already traced "
  54                                  "by process %d"),
  55                        (int) pid, (int) tracerpid);
  56
  57   if (linux_proc_pid_is_zombie (pid))
  58     buffer_xml_printf (buffer, _("process %d is a zombie "
  59                                  "- the process has already terminated"),
  60                        (int) pid);
  61 }
  62
  63 #if defined __i386__ || defined __x86_64__
  64
  65 /* Address of the 'ret' instruction in asm code block below.  */
  66 extern void (linux_ptrace_test_ret_to_nx_instr) (void);
  67
  68 #include <sys/reg.h>
  69 #include <sys/mman.h>
  70 #include <signal.h>
  71
  72 #endif /* defined __i386__ || defined __x86_64__ */
  73
  74 /* Test broken off-trunk Linux kernel patchset for NX support on i386.  It was
  75    removed in Fedora kernel 88fa1f0332d188795ed73d7ac2b1564e11a0b4cd.
  76
  77    Test also x86_64 arch for PaX support.  */
  78
  79 static void
  80 linux_ptrace_test_ret_to_nx (void)
  81 {
  82 #if defined __i386__ || defined __x86_64__
  83   pid_t child, got_pid;
  84   gdb_byte *return_address, *pc;
  85   long l;
  86   int status, kill_status;
  87
  88   return_address = mmap (NULL, 2, PROT_READ | PROT_WRITE,
  89                          MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
  90   if (return_address == MAP_FAILED)
  91     {
  92       warning (_("linux_ptrace_test_ret_to_nx: Cannot mmap: %s"),
  93                strerror (errno));
  94       return;
  95     }
  96
  97   /* Put there 'int3'.  */
  98   *return_address = 0xcc;
  99
 100   child = fork ();
 101   switch (child)
 102     {
 103     case -1:
 104       warning (_("linux_ptrace_test_ret_to_nx: Cannot fork: %s"),
 105                strerror (errno));
 106       return;
 107
 108     case 0:
 109       l = ptrace (PTRACE_TRACEME, 0, (PTRACE_TYPE_ARG3) NULL,
 110                   (PTRACE_TYPE_ARG4) NULL);
 111       if (l != 0)
 112         warning (_("linux_ptrace_test_ret_to_nx: Cannot PTRACE_TRACEME: %s"),
 113                  strerror (errno));
 114       else
 115         {
 116 #if defined __i386__
 117           asm volatile ("pushl %0;"
 118                         ".globl linux_ptrace_test_ret_to_nx_instr;"
 119                         "linux_ptrace_test_ret_to_nx_instr:"
 120                         "ret"
 121                         : : "r" (return_address) : "%esp", "memory");
 122 #elif defined __x86_64__
 123           asm volatile ("pushq %0;"
 124                         ".globl linux_ptrace_test_ret_to_nx_instr;"
 125                         "linux_ptrace_test_ret_to_nx_instr:"
 126                         "ret"
 127                         : : "r" ((uint64_t) (uintptr_t) return_address)
 128                         : "%rsp", "memory");
 129 #else
 130 # error "!__i386__ && !__x86_64__"
 131 #endif
 132           gdb_assert_not_reached ("asm block did not terminate");
 133         }
 134
 135       _exit (1);
 136     }
 137
 138   errno = 0;
 139   got_pid = waitpid (child, &status, 0);
 140   if (got_pid != child)
 141     {
 142       warning (_("linux_ptrace_test_ret_to_nx: waitpid returned %ld: %s"),
 143                (long) got_pid, strerror (errno));
 144       return;
 145     }
 146
 147   if (WIFSIGNALED (status))
 148     {
 149       if (WTERMSIG (status) != SIGKILL)
 150         warning (_("linux_ptrace_test_ret_to_nx: WTERMSIG %d is not SIGKILL!"),
 151                  (int) WTERMSIG (status));
 152       else
 153         warning (_("Cannot call inferior functions, Linux kernel PaX "
 154                    "protection forbids return to non-executable pages!"));
 155       return;
 156     }
 157
 158   if (!WIFSTOPPED (status))
 159     {
 160       warning (_("linux_ptrace_test_ret_to_nx: status %d is not WIFSTOPPED!"),
 161                status);
 162       return;
 163     }
 164
 165   /* We may get SIGSEGV due to missing PROT_EXEC of the return_address.  */
 166   if (WSTOPSIG (status) != SIGTRAP && WSTOPSIG (status) != SIGSEGV)
 167     {
 168       warning (_("linux_ptrace_test_ret_to_nx: "
 169                  "WSTOPSIG %d is neither SIGTRAP nor SIGSEGV!"),
 170                (int) WSTOPSIG (status));
 171       return;
 172     }
 173
 174   errno = 0;
 175 #if defined __i386__
 176   l = ptrace (PTRACE_PEEKUSER, child, (PTRACE_TYPE_ARG3) (uintptr_t) (EIP * 4),
 177               (PTRACE_TYPE_ARG4) NULL);
 178 #elif defined __x86_64__
 179   l = ptrace (PTRACE_PEEKUSER, child, (PTRACE_TYPE_ARG3) (uintptr_t) (RIP * 8),
 180               (PTRACE_TYPE_ARG4) NULL);
 181 #else
 182 # error "!__i386__ && !__x86_64__"
 183 #endif
 184   if (errno != 0)
 185     {
 186       warning (_("linux_ptrace_test_ret_to_nx: Cannot PTRACE_PEEKUSER: %s"),
 187                strerror (errno));
 188       return;
 189     }
 190   pc = (void *) (uintptr_t) l;
 191
 192   kill (child, SIGKILL);
 193   ptrace (PTRACE_KILL, child, (PTRACE_TYPE_ARG3) NULL,
 194           (PTRACE_TYPE_ARG4) NULL);
 195
 196   errno = 0;
 197   got_pid = waitpid (child, &kill_status, 0);
 198   if (got_pid != child)
 199     {
 200       warning (_("linux_ptrace_test_ret_to_nx: "
 201                  "PTRACE_KILL waitpid returned %ld: %s"),
 202                (long) got_pid, strerror (errno));
 203       return;
 204     }
 205   if (!WIFSIGNALED (kill_status))
 206     {
 207       warning (_("linux_ptrace_test_ret_to_nx: "
 208                  "PTRACE_KILL status %d is not WIFSIGNALED!"),
 209                status);
 210       return;
 211     }
 212
 213   /* + 1 is there as x86* stops after the 'int3' instruction.  */
 214   if (WSTOPSIG (status) == SIGTRAP && pc == return_address + 1)
 215     {
 216       /* PASS */
 217       return;
 218     }
 219
 220   /* We may get SIGSEGV due to missing PROT_EXEC of the RETURN_ADDRESS page.  */
 221   if (WSTOPSIG (status) == SIGSEGV && pc == return_address)
 222     {
 223       /* PASS */
 224       return;
 225     }
 226
 227   if ((void (*) (void)) pc != &linux_ptrace_test_ret_to_nx_instr)
 228     warning (_("linux_ptrace_test_ret_to_nx: PC %p is neither near return "
 229                "address %p nor is the return instruction %p!"),
 230              pc, return_address, &linux_ptrace_test_ret_to_nx_instr);
 231   else
 232     warning (_("Cannot call inferior functions on this system - "
 233                "Linux kernel with broken i386 NX (non-executable pages) "
 234                "support detected!"));
 235 #endif /* defined __i386__ || defined __x86_64__ */
 236 }
 237
 238 /* Helper function to fork a process and make the child process call
 239    the function FUNCTION, passing CHILD_STACK as parameter.
 240
 241    For MMU-less targets, clone is used instead of fork, and
 242    CHILD_STACK is used as stack space for the cloned child.  If NULL,
 243    stack space is allocated via malloc (and subsequently passed to
 244    FUNCTION).  For MMU targets, CHILD_STACK is ignored.  */
 245
 246 static int
 247 linux_fork_to_function (gdb_byte *child_stack, void (*function) (gdb_byte *))
 248 {
 249   int child_pid;
 250
 251   /* Sanity check the function pointer.  */
 252   gdb_assert (function != NULL);
 253
 254 #if defined(__UCLIBC__) && defined(HAS_NOMMU)
 255 #define STACK_SIZE 4096
 256
 257     if (child_stack == NULL)
 258       child_stack = xmalloc (STACK_SIZE * 4);
 259
 260     /* Use CLONE_VM instead of fork, to support uClinux (no MMU).  */
 261 #ifdef __ia64__
 262       child_pid = __clone2 (function, child_stack, STACK_SIZE,
 263                             CLONE_VM | SIGCHLD, child_stack + STACK_SIZE * 2);
 264 #else /* !__ia64__ */
 265       child_pid = clone (function, child_stack + STACK_SIZE,
 266                          CLONE_VM | SIGCHLD, child_stack + STACK_SIZE * 2);
 267 #endif /* !__ia64__ */
 268 #else /* !defined(__UCLIBC) && defined(HAS_NOMMU) */
 269   child_pid = fork ();
 270
 271   if (child_pid == 0)
 272     function (NULL);
 273 #endif /* defined(__UCLIBC) && defined(HAS_NOMMU) */
 274
 275   if (child_pid == -1)
 276     perror_with_name (("fork"));
 277
 278   return child_pid;
 279 }
 280
 281 /* A helper function for linux_check_ptrace_features, called after
 282    the child forks a grandchild.  */
 283
 284 static void
 285 linux_grandchild_function (gdb_byte *child_stack)
 286 {
 287   /* Free any allocated stack.  */
 288   xfree (child_stack);
 289
 290   /* This code is only reacheable by the grandchild (child's child)
 291      process.  */
 292   _exit (0);
 293 }
 294
 295 /* A helper function for linux_check_ptrace_features, called after
 296    the parent process forks a child.  The child allows itself to
 297    be traced by its parent.  */
 298
 299 static void
 300 linux_child_function (gdb_byte *child_stack)
 301 {
 302   ptrace (PTRACE_TRACEME, 0, (PTRACE_TYPE_ARG3) 0, (PTRACE_TYPE_ARG4) 0);
 303   kill (getpid (), SIGSTOP);
 304
 305   /* Fork a grandchild.  */
 306   linux_fork_to_function (child_stack, linux_grandchild_function);
 307
 308   /* This code is only reacheable by the child (grandchild's parent)
 309      process.  */
 310   _exit (0);
 311 }
 312
 313 static void linux_test_for_tracesysgood (int child_pid);
 314 static void linux_test_for_tracefork (int child_pid);
 315
 316 /* Determine ptrace features available on this target.  */
 317
 318 static void
 319 linux_check_ptrace_features (void)
 320 {
 321   int child_pid, ret, status;
 322
 323   /* Initialize the options.  */
 324   current_ptrace_options = 0;
 325
 326   /* Fork a child so we can do some testing.  The child will call
 327      linux_child_function and will get traced.  The child will
 328      eventually fork a grandchild so we can test fork event
 329      reporting.  */
 330   child_pid = linux_fork_to_function (NULL, linux_child_function);
 331
 332   ret = my_waitpid (child_pid, &status, 0);
 333   if (ret == -1)
 334     perror_with_name (("waitpid"));
 335   else if (ret != child_pid)
 336     error (_("linux_check_ptrace_features: waitpid: unexpected result %d."),
 337            ret);
 338   if (! WIFSTOPPED (status))
 339     error (_("linux_check_ptrace_features: waitpid: unexpected status %d."),
 340            status);
 341
 342   linux_test_for_tracesysgood (child_pid);
 343
 344   linux_test_for_tracefork (child_pid);
 345
 346   /* Clean things up and kill any pending children.  */
 347   do
 348     {
 349       ret = ptrace (PTRACE_KILL, child_pid, (PTRACE_TYPE_ARG3) 0,
 350                     (PTRACE_TYPE_ARG4) 0);
 351       if (ret != 0)
 352         warning (_("linux_check_ptrace_features: failed to kill child"));
 353       my_waitpid (child_pid, &status, 0);
 354     }
 355   while (WIFSTOPPED (status));
 356 }
 357
 358 /* Determine if PTRACE_O_TRACESYSGOOD can be used to catch
 359    syscalls.  */
 360
 361 static void
 362 linux_test_for_tracesysgood (int child_pid)
 363 {
 364   int ret;
 365
 366   if ((additional_flags & PTRACE_O_TRACESYSGOOD) == 0)
 367     return;
 368
 369   ret = ptrace (PTRACE_SETOPTIONS, child_pid, (PTRACE_TYPE_ARG3) 0,
 370                 (PTRACE_TYPE_ARG4) PTRACE_O_TRACESYSGOOD);
 371
 372   if (ret == 0)
 373     current_ptrace_options |= PTRACE_O_TRACESYSGOOD;
 374 }
 375
 376 /* Determine if PTRACE_O_TRACEFORK can be used to follow fork
 377    events.  */
 378
 379 static void
 380 linux_test_for_tracefork (int child_pid)
 381 {
 382   int ret, status;
 383   long second_pid;
 384
 385   /* First, set the PTRACE_O_TRACEFORK option.  If this fails, we
 386      know for sure that it is not supported.  */
 387   ret = ptrace (PTRACE_SETOPTIONS, child_pid, (PTRACE_TYPE_ARG3) 0,
 388                 (PTRACE_TYPE_ARG4) PTRACE_O_TRACEFORK);
 389
 390   if (ret != 0)
 391     return;
 392
 393   if ((additional_flags & PTRACE_O_TRACEVFORKDONE) != 0)
 394     {
 395       /* Check if the target supports PTRACE_O_TRACEVFORKDONE.  */
 396       ret = ptrace (PTRACE_SETOPTIONS, child_pid, (PTRACE_TYPE_ARG3) 0,
 397                     (PTRACE_TYPE_ARG4) (PTRACE_O_TRACEFORK
 398                                         | PTRACE_O_TRACEVFORKDONE));
 399       if (ret == 0)
 400         current_ptrace_options |= PTRACE_O_TRACEVFORKDONE;
 401     }
 402
 403   /* Setting PTRACE_O_TRACEFORK did not cause an error, however we
 404      don't know for sure that the feature is available; old
 405      versions of PTRACE_SETOPTIONS ignored unknown options.
 406      Therefore, we attach to the child process, use PTRACE_SETOPTIONS
 407      to enable fork tracing, and let it fork.  If the process exits,
 408      we assume that we can't use PTRACE_O_TRACEFORK; if we get the
 409      fork notification, and we can extract the new child's PID, then
 410      we assume that we can.
 411
 412      We do not explicitly check for vfork tracing here.  It is
 413      assumed that vfork tracing is available whenever fork tracing
 414      is available.  */
 415   ret = ptrace (PTRACE_CONT, child_pid, (PTRACE_TYPE_ARG3) 0,
 416                 (PTRACE_TYPE_ARG4) 0);
 417   if (ret != 0)
 418     warning (_("linux_test_for_tracefork: failed to resume child"));
 419
 420   ret = my_waitpid (child_pid, &status, 0);
 421
 422   /* Check if we received a fork event notification.  */
 423   if (ret == child_pid && WIFSTOPPED (status)
 424       && status >> 16 == PTRACE_EVENT_FORK)
 425     {
 426       /* We did receive a fork event notification.  Make sure its PID
 427          is reported.  */
 428       second_pid = 0;
 429       ret = ptrace (PTRACE_GETEVENTMSG, child_pid, (PTRACE_TYPE_ARG3) 0,
 430                     (PTRACE_TYPE_ARG4) &second_pid);
 431       if (ret == 0 && second_pid != 0)
 432         {
 433           int second_status;
 434
 435           /* We got the PID from the grandchild, which means fork
 436              tracing is supported.  */
 437           current_ptrace_options |= PTRACE_O_TRACECLONE;
 438           current_ptrace_options |= (additional_flags & (PTRACE_O_TRACEFORK
 439                                                          | PTRACE_O_TRACEVFORK
 440                                                          | PTRACE_O_TRACEEXEC));
 441
 442           /* Do some cleanup and kill the grandchild.  */
 443           my_waitpid (second_pid, &second_status, 0);
 444           ret = ptrace (PTRACE_KILL, second_pid, (PTRACE_TYPE_ARG3) 0,
 445                         (PTRACE_TYPE_ARG4) 0);
 446           if (ret != 0)
 447             warning (_("linux_test_for_tracefork: "
 448                        "failed to kill second child"));
 449           my_waitpid (second_pid, &status, 0);
 450         }
 451     }
 452   else
 453     warning (_("linux_test_for_tracefork: unexpected result from waitpid "
 454              "(%d, status 0x%x)"), ret, status);
 455 }
 456
 457 /* Enable reporting of all currently supported ptrace events.  */
 458
 459 void
 460 linux_enable_event_reporting (pid_t pid)
 461 {
 462   /* Check if we have initialized the ptrace features for this
 463      target.  If not, do it now.  */
 464   if (current_ptrace_options == -1)
 465     linux_check_ptrace_features ();
 466
 467   /* Set the options.  */
 468   ptrace (PTRACE_SETOPTIONS, pid, (PTRACE_TYPE_ARG3) 0,
 469           (PTRACE_TYPE_ARG4) (uintptr_t) current_ptrace_options);
 470 }
 471
 472 /* Disable reporting of all currently supported ptrace events.  */
 473
 474 void
 475 linux_disable_event_reporting (pid_t pid)
 476 {
 477   /* Set the options.  */
 478   ptrace (PTRACE_SETOPTIONS, pid, (PTRACE_TYPE_ARG3) 0, 0);
 479 }
 480
 481 /* Returns non-zero if PTRACE_OPTIONS is contained within
 482    CURRENT_PTRACE_OPTIONS, therefore supported.  Returns 0
 483    otherwise.  */
 484
 485 static int
 486 ptrace_supports_feature (int ptrace_options)
 487 {
 488   gdb_assert (current_ptrace_options >= 0);
 489
 490   return ((current_ptrace_options & ptrace_options) == ptrace_options);
 491 }
 492
 493 /* Returns non-zero if PTRACE_EVENT_FORK is supported by ptrace,
 494    0 otherwise.  Note that if PTRACE_EVENT_FORK is supported so is
 495    PTRACE_EVENT_CLONE, PTRACE_EVENT_EXEC and PTRACE_EVENT_VFORK,
 496    since they were all added to the kernel at the same time.  */
 497
 498 int
 499 linux_supports_tracefork (void)
 500 {
 501   return ptrace_supports_feature (PTRACE_O_TRACEFORK);
 502 }
 503
 504 /* Returns non-zero if PTRACE_EVENT_CLONE is supported by ptrace,
 505    0 otherwise.  Note that if PTRACE_EVENT_CLONE is supported so is
 506    PTRACE_EVENT_FORK, PTRACE_EVENT_EXEC and PTRACE_EVENT_VFORK,
 507    since they were all added to the kernel at the same time.  */
 508
 509 int
 510 linux_supports_traceclone (void)
 511 {
 512   return ptrace_supports_feature (PTRACE_O_TRACECLONE);
 513 }
 514
 515 /* Returns non-zero if PTRACE_O_TRACEVFORKDONE is supported by
 516    ptrace, 0 otherwise.  */
 517
 518 int
 519 linux_supports_tracevforkdone (void)
 520 {
 521   return ptrace_supports_feature (PTRACE_O_TRACEVFORKDONE);
 522 }
 523
 524 /* Returns non-zero if PTRACE_O_TRACESYSGOOD is supported by ptrace,
 525    0 otherwise.  */
 526
 527 int
 528 linux_supports_tracesysgood (void)
 529 {
 530   return ptrace_supports_feature (PTRACE_O_TRACESYSGOOD);
 531 }
 532
 533 /* Display possible problems on this system.  Display them only once per GDB
 534    execution.  */
 535
 536 void
 537 linux_ptrace_init_warnings (void)
 538 {
 539   static int warned = 0;
 540
 541   if (warned)
 542     return;
 543   warned = 1;
 544
 545   linux_ptrace_test_ret_to_nx ();
 546 }
 547
 548 /* Set additional ptrace flags to use.  Some such flags may be checked
 549    by the implementation above.  This function must be called before
 550    any other function in this file; otherwise the flags may not take
 551    effect appropriately.  */
 552
 553 void
 554 linux_ptrace_set_additional_flags (int flags)
 555 {
 556   additional_flags = flags;
 557 }