1 /* Remote utility routines for the remote server for GDB.
2    Copyright (C) 1986, 1989, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000,
3    2001, 2002, 2003, 2004, 2005, 2006, 2011
4    Free Software Foundation, Inc.
5 
6    This file is part of GDB.
7    It has been modified to integrate it in valgrind
8 
9    This program is free software; you can redistribute it and/or modify
10    it under the terms of the GNU General Public License as published by
11    the Free Software Foundation; either version 2 of the License, or
12    (at your option) any later version.
13 
14    This program is distributed in the hope that it will be useful,
15    but WITHOUT ANY WARRANTY; without even the implied warranty of
16    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17    GNU General Public License for more details.
18 
19    You should have received a copy of the GNU General Public License
20    along with this program; if not, write to the Free Software
21    Foundation, Inc., 51 Franklin Street, Fifth Floor,
22    Boston, MA 02110-1301, USA.  */
23 
24 #include "pub_core_basics.h"
25 #include "pub_core_vki.h"
26 #include "pub_core_vkiscnums.h"
27 #include "pub_core_libcsignal.h"
28 #include "pub_core_options.h"
29 #include "pub_core_aspacemgr.h"
30 
31 #include "server.h"
32 
33 #  if defined(VGO_linux)
34 #include <sys/prctl.h>
35 #  endif
36 
37 /* Calls sr_perror with msg.
38    Outputs more information about Valgrind state if verbosity > 0
39    or debuglog_getlevel > 0. */
40 static
sr_extended_perror(SysRes sr,const HChar * msg)41 void sr_extended_perror (SysRes sr, const HChar *msg)
42 {
43    sr_perror (sr, "%s", msg);
44    if (VG_(clo_verbosity) > 0 || VG_(debugLog_getLevel)() >= 1) {
45       Int i;
46       vki_sigset_t cursigset;
47       VG_(show_sched_status) (True,  // host_stacktrace
48                               True,  // stack_usage
49                               True); // exited_threads
50       VG_(sigprocmask) (0,           // dummy how.
51                         NULL,        // do not change the sigmask
52                         &cursigset); //
53       VG_(dmsg)("current sigmask value { ");
54       for (i = 1; i <= _VKI_NSIG; i++) {
55          if (VG_(sigismember)(&cursigset, i))
56             VG_(dmsg)("%d ", i);
57       }
58       VG_(dmsg)("}\n");
59    }
60 }
61 
62 /* Calls VG_(poll) with given arguments. If VG_(poll) fails due to EINTR,
63    restarts the syscall.
64    Normally, VG_(poll) gdbsrv syscalls are not supposed to be interrupted :
65      either gdbsrv has been called by the scheduler (so all async signals
66      are masked)
67      or gdbsrv has been forced invoked by vgdb+ptrace, and vgdb is queuing
68      the signals.
69 
70    However, on old kernels (such as on RHEL5.5 2.6.18), when vgdb+ptrace
71    intercepts and queues an async signal, the poll syscall is not properly
72    restarted. Instead, it returns EINTR even if no signal was effectively
73    received by the ptraced process.
74    See red-hat "Bug 679129 - Change in behaviour between RH5.5 and RH6
75    with ptrace and syscalls bugzilla"
76    e.g. "Why rhel5 differs? Because unlike in rhel6, sys_poll() returns
77          -EINTR if interrupted, that is all. This old implementation does
78          not support the restart-if-eintr-is-spurious."
79 
80    So in case VG_(poll) fails with EINTR, we retry. */
VG_(poll_no_eintr)81 static SysRes VG_(poll_no_eintr) (struct vki_pollfd *fds, Int nfds, Int timeout)
82 {
83   const HChar* msg = "VG_(poll) failed (old kernel ?) retrying ... \n";
84   SysRes sr;
85   do {
86      sr = VG_(poll) (fds, nfds, timeout);
87      if (!sr_isError(sr) || sr_Err(sr) != VKI_EINTR)
88         return sr;
89      sr_perror (sr, "%s", msg);
90      if (VG_(debugLog_getLevel)() >= 1) {
91         sr_extended_perror (sr, msg);
92      }
93   } while (1);
94   /*NOTREACHED*/
95 }
96 
97 Bool noack_mode;
98 
99 static int readchar (int single);
100 
101 void remote_utils_output_status(void);
102 
103 #define INVALID_DESCRIPTOR -1
104 static int remote_desc = INVALID_DESCRIPTOR;
105 
106 static VgdbShared *shared;
107 static int  last_looked_cntr = -1;
108 static struct vki_pollfd remote_desc_pollfdread_activity;
109 
110 /* for a gdbserver embedded in valgrind, we read from a FIFO and write
111    to another FIFO So, we need two descriptors */
112 static int write_remote_desc = INVALID_DESCRIPTOR;
113 static int pid_from_to_creator;
114 /* only this pid will remove the FIFOs: if an exec fails, we must avoid
115    that the exiting child believes it has to remove the FIFOs of its parent */
116 static int mknod_done = 0;
117 
118 static char *from_gdb = NULL;
119 static char *to_gdb = NULL;
120 static char *shared_mem = NULL;
121 
122 static
open_fifo(const char * side,const char * path,int flags)123 int open_fifo (const char *side, const char *path, int flags)
124 {
125   SysRes o;
126   int fd;
127   dlog(1, "Opening %s side %s\n", side, path);
128   o = VG_(open) (path, flags, 0);
129   if (sr_isError (o)) {
130      sr_perror(o, "open fifo %s\n", path);
131      fatal ("valgrind: fatal error: vgdb FIFO cannot be opened.\n");
132   } else {
133      fd = sr_Res(o);
134      dlog(1, "result fd %d\n", fd);
135   }
136   fd = VG_(safe_fd)(fd);
137   dlog(1, "result safe_fd %d\n", fd);
138   if (fd == -1)
139      fatal("safe_fd for vgdb FIFO failed\n");
140   return fd;
141 }
142 
remote_utils_output_status(void)143 void remote_utils_output_status(void)
144 {
145    if (shared == NULL)
146       VG_(umsg)("remote communication not initialized\n");
147    else
148       VG_(umsg)("shared->written_by_vgdb %d shared->seen_by_valgrind %d\n",
149                 shared->written_by_vgdb, shared->seen_by_valgrind);
150 }
151 
152 /* Returns 0 if vgdb and connection state looks good,
153    otherwise returns an int value telling which check failed. */
154 static
vgdb_state_looks_bad(const char * where)155 int vgdb_state_looks_bad(const char* where)
156 {
157    if (VG_(kill)(shared->vgdb_pid, 0) != 0)
158       return 1; // vgdb process does not exist anymore.
159 
160    if (remote_desc_activity(where) == 2)
161       return 2; // check for error on remote desc shows a problem
162 
163    if (remote_desc == INVALID_DESCRIPTOR)
164       return 3; // after check, remote_desc not ok anymore
165 
166    return 0; // all is ok.
167 }
168 
VG_(set_ptracer)169 void VG_(set_ptracer)(void)
170 {
171 #ifdef PR_SET_PTRACER
172    SysRes o;
173    const char *ptrace_scope_setting_file = "/proc/sys/kernel/yama/ptrace_scope";
174    int fd;
175    char ptrace_scope;
176    int ret;
177 
178    o = VG_(open) (ptrace_scope_setting_file, VKI_O_RDONLY, 0);
179    if (sr_isError(o)) {
180       if (VG_(debugLog_getLevel)() >= 1) {
181          sr_perror(o, "error VG_(open) %s\n", ptrace_scope_setting_file);
182       }
183       /* can't read setting. Assuming ptrace can be called by vgdb. */
184       return;
185    }
186    fd = sr_Res(o);
187    if (VG_(read) (fd, &ptrace_scope, 1) == 1) {
188       dlog(1, "ptrace_scope %c\n", ptrace_scope);
189       if (ptrace_scope != '0') {
190          /* insufficient default ptrace_scope.
191             Indicate to the kernel that we accept to be ptraced. */
192 #ifdef PR_SET_PTRACER_ANY
193          ret = VG_(prctl) (PR_SET_PTRACER, PR_SET_PTRACER_ANY, 0, 0, 0);
194          dlog(1, "set_ptracer to PR_SET_PTRACER_ANY result %d\n", ret);
195 #else
196          ret = VG_(prctl) (PR_SET_PTRACER, 1, 0, 0, 0);
197          dlog(1, "set_ptracer to 1 result %d\n", ret);
198 #endif
199          if (ret)
200             VG_(umsg)("error calling PR_SET_PTRACER, vgdb might block\n");
201       }
202    } else {
203       dlog(0, "Could not read the ptrace_scope setting from %s\n",
204            ptrace_scope_setting_file);
205    }
206 
207    VG_(close) (fd);
208 #endif
209 }
210 
211 /* returns 1 if one or more poll "errors" is set.
212    Errors are: VKI_POLLERR or VKI_POLLHUP or VKI_POLLNAL */
213 static
poll_cond(short revents)214 int poll_cond (short revents)
215 {
216    return (revents & (VKI_POLLERR | VKI_POLLHUP | VKI_POLLNVAL));
217 }
218 
219 /* Ensures we have a valid write file descriptor.
220    Returns 1 if we have a valid write file descriptor,
221    0 if the write fd is not valid/cannot be opened. */
222 static
ensure_write_remote_desc(void)223 int ensure_write_remote_desc(void)
224 {
225    struct vki_pollfd write_remote_desc_ok;
226    SysRes ret;
227    if (write_remote_desc != INVALID_DESCRIPTOR) {
228       write_remote_desc_ok.fd = write_remote_desc;
229       write_remote_desc_ok.events = VKI_POLLOUT;
230       write_remote_desc_ok.revents = 0;
231       ret = VG_(poll_no_eintr)(&write_remote_desc_ok, 1, 0);
232       if (sr_isError(ret)
233           || (sr_Res(ret) > 0 && poll_cond(write_remote_desc_ok.revents))) {
234         if (sr_isError(ret)) {
235           sr_extended_perror(ret, "ensure_write_remote_desc: poll error\n");
236         } else {
237           dlog(0, "POLLcond %d closing write_remote_desc %d\n",
238                write_remote_desc_ok.revents, write_remote_desc);
239         }
240         VG_(close) (write_remote_desc);
241         write_remote_desc = INVALID_DESCRIPTOR;
242       }
243    }
244    if (write_remote_desc == INVALID_DESCRIPTOR) {
245       /* open_fifo write will block if the receiving vgdb
246          process is dead.  So, let's check for vgdb state to
247          be reasonably sure someone is reading on the other
248          side of the fifo. */
249       if (!vgdb_state_looks_bad("bad?@ensure_write_remote_desc")) {
250          write_remote_desc = open_fifo ("write", to_gdb, VKI_O_WRONLY);
251       }
252    }
253 
254    return (write_remote_desc != INVALID_DESCRIPTOR);
255 }
256 
257 #if defined(VGO_darwin)
258 #define VKI_S_IFIFO 0010000
259 #endif
260 static
safe_mknod(char * nod)261 void safe_mknod (char *nod)
262 {
263    SysRes m;
264    m = VG_(mknod) (nod, VKI_S_IFIFO|0600, 0);
265    if (sr_isError (m)) {
266       if (sr_Err (m) == VKI_EEXIST) {
267          if (VG_(clo_verbosity) > 1) {
268             VG_(umsg)("%s already created\n", nod);
269          }
270       } else {
271          sr_perror(m, "mknod %s\n", nod);
272          VG_(umsg) ("valgrind: fatal error: vgdb FIFOs cannot be created.\n");
273          VG_(exit)(1);
274       }
275    }
276 }
277 
278 /* If remote_desc is not opened, open it.
279    Setup remote_desc_pollfdread_activity. */
setup_remote_desc_for_reading(void)280 static void setup_remote_desc_for_reading (void)
281 {
282    int save_fcntl_flags;
283 
284    if (remote_desc == INVALID_DESCRIPTOR) {
285       /* we open the read side FIFO in non blocking mode
286          We then set the fd in blocking mode.
287          Opening in non-blocking read mode always succeeds while opening
288          in non-blocking write mode succeeds only if the fifo is already
289          opened in read mode. So, we wait till we have read the first
290          character from the read side before opening the write side. */
291       remote_desc = open_fifo ("read", from_gdb, VKI_O_RDONLY|VKI_O_NONBLOCK);
292       save_fcntl_flags = VG_(fcntl) (remote_desc, VKI_F_GETFL, 0);
293       VG_(fcntl) (remote_desc, VKI_F_SETFL, save_fcntl_flags & ~VKI_O_NONBLOCK);
294    }
295    remote_desc_pollfdread_activity.fd = remote_desc;
296    remote_desc_pollfdread_activity.events = VKI_POLLIN;
297    remote_desc_pollfdread_activity.revents = 0;
298 }
299 
300 /* Open a connection to a remote debugger.
301    NAME is the filename used for communication.
302    For Valgrind, name is the prefix for the two read and write FIFOs
303    The two FIFOs names will be build by appending
304    -from-vgdb-to-pid-by-user-on-host and -to-vgdb-from-pid-by-user-on-host
305    with pid being the pidnr of the valgrind process These two FIFOs
306    will be created if not existing yet. They will be removed when
307    the gdbserver connection is closed or the process exits */
308 
remote_open(const HChar * name)309 void remote_open (const HChar *name)
310 {
311    const HChar *user, *host;
312    int len;
313    VgdbShared vgdbinit;
314    const int pid = VG_(getpid)();
315    Addr addr_shared;
316    SysRes o;
317    int shared_mem_fd = INVALID_DESCRIPTOR;
318 
319    VG_(memset) (&vgdbinit, 0, sizeof (VgdbShared));
320    vgdbinit = (VgdbShared)
321       {0, 0, (Addr) VG_(invoke_gdbserver),
322        (Addr) VG_(threads), VG_N_THREADS, sizeof(ThreadState),
323        offsetof(ThreadState, status),
324        offsetof(ThreadState, os_state) + offsetof(ThreadOSstate, lwpid),
325        0};
326 
327    user = VG_(getenv)("LOGNAME");
328    if (user == NULL) user = VG_(getenv)("USER");
329    if (user == NULL) user = "???";
330    if (VG_(strchr)(user, '/')) user = "???";
331 
332    host = VG_(getenv)("HOST");
333    if (host == NULL) host = VG_(getenv)("HOSTNAME");
334    if (host == NULL) host = "???";
335    if (VG_(strchr)(host, '/')) host = "???";
336 
337    len = strlen(name) + strlen(user) + strlen(host) + 40;
338 
339    if (from_gdb != NULL)
340       free (from_gdb);
341    from_gdb = malloc (len);
342    if (to_gdb != NULL)
343       free (to_gdb);
344    to_gdb = malloc (len);
345    if (shared_mem != NULL)
346       free (shared_mem);
347    shared_mem = malloc (len);
348    /* below 3 lines must match the equivalent in vgdb.c */
349    VG_(sprintf) (from_gdb,   "%s-from-vgdb-to-%d-by-%s-on-%s",    name,
350                  pid, user, host);
351    VG_(sprintf) (to_gdb,     "%s-to-vgdb-from-%d-by-%s-on-%s",    name,
352                  pid, user, host);
353    VG_(sprintf) (shared_mem, "%s-shared-mem-vgdb-%d-by-%s-on-%s", name,
354                  pid, user, host);
355    if (VG_(clo_verbosity) > 1) {
356       VG_(umsg)("embedded gdbserver: reading from %s\n", from_gdb);
357       VG_(umsg)("embedded gdbserver: writing to   %s\n", to_gdb);
358       VG_(umsg)("embedded gdbserver: shared mem   %s\n", shared_mem);
359       VG_(umsg)("\n");
360       VG_(umsg)("TO CONTROL THIS PROCESS USING vgdb (which you probably\n"
361                 "don't want to do, unless you know exactly what you're doing,\n"
362                 "or are doing some strange experiment):\n"
363                 "  %s/../../bin/vgdb%s%s --pid=%d ...command...\n",
364                 VG_(libdir),
365                 (VG_(arg_vgdb_prefix) ? " " : ""),
366                 (VG_(arg_vgdb_prefix) ? VG_(arg_vgdb_prefix) : ""),
367                 pid);
368    }
369    if (VG_(clo_verbosity) > 1
370        || VG_(clo_vgdb_error) < 999999999
371        || VG_(clo_vgdb_stop_at) != 0) {
372       VG_(umsg)("\n");
373       VG_(umsg)(
374          "TO DEBUG THIS PROCESS USING GDB: start GDB like this\n"
375          "  /path/to/gdb %s\n"
376          "and then give GDB the following command\n"
377          "  target remote | %s/../../bin/vgdb%s%s --pid=%d\n",
378          VG_(args_the_exename),
379          VG_(libdir),
380          (VG_(arg_vgdb_prefix) ? " " : ""),
381          (VG_(arg_vgdb_prefix) ? VG_(arg_vgdb_prefix) : ""),
382          pid
383       );
384       VG_(umsg)("--pid is optional if only one valgrind process is running\n");
385       VG_(umsg)("\n");
386    }
387 
388    if (!mknod_done) {
389       mknod_done++;
390       VG_(set_ptracer)();
391       /*
392        * Unlink just in case a previous process with the same PID had been
393        * killed and hence Valgrind hasn't had the chance yet to remove these.
394        */
395       VG_(unlink)(from_gdb);
396       VG_(unlink)(to_gdb);
397       VG_(unlink)(shared_mem);
398 
399       o = VG_(open) (shared_mem, VKI_O_CREAT|VKI_O_RDWR, 0600);
400       if (sr_isError (o)) {
401          sr_perror(o, "cannot create shared_mem file %s\n", shared_mem);
402          fatal("Cannot recover from previous error. Good-bye.");
403       } else {
404          shared_mem_fd = sr_Res(o);
405       }
406 
407       if (VG_(write)(shared_mem_fd, &vgdbinit, sizeof(VgdbShared))
408           != sizeof(VgdbShared)) {
409          fatal("error writing %d bytes to shared mem %s\n",
410                (int) sizeof(VgdbShared), shared_mem);
411       }
412       {
413          SysRes res = VG_(am_shared_mmap_file_float_valgrind)
414             (sizeof(VgdbShared), VKI_PROT_READ|VKI_PROT_WRITE,
415              shared_mem_fd, (Off64T)0);
416          if (sr_isError(res)) {
417             sr_perror(res, "error VG_(am_shared_mmap_file_float_valgrind) %s\n",
418                       shared_mem);
419             fatal("Cannot recover from previous error. Good-bye.");
420          }
421          addr_shared = sr_Res (res);
422       }
423       shared = (VgdbShared*) addr_shared;
424       VG_(close) (shared_mem_fd);
425 
426       safe_mknod(to_gdb);
427       safe_mknod(from_gdb);
428       /* from_gdb is the last resource created: vgdb searches such FIFOs
429          to detect the presence of a valgrind process.
430          So, we better create this resource when all the rest needed by
431          vgdb is ready : the other FIFO and the shared memory. */
432 
433       pid_from_to_creator = pid;
434    }
435 
436    setup_remote_desc_for_reading ();
437 }
438 
439 /* sync_gdb_connection wait a time long enough to let the connection
440    be properly closed if needed when closing the connection (in case
441    of detach or error), if we reopen it too quickly, it seems there
442    are some events queued in the kernel concerning the "old"
443    connection/remote_desc which are discovered with poll or select on
444    the "new" connection/remote_desc.  We bypass this by waiting some
445    time to let a proper cleanup to be donex */
sync_gdb_connection(void)446 void sync_gdb_connection(void)
447 {
448    SysRes ret;
449    ret = VG_(poll_no_eintr)(0, 0, 100);
450    if (sr_isError(ret))
451       sr_extended_perror(ret, "sync_gdb_connection: poll error\n");
452 }
453 
454 static
ppFinishReason(FinishReason reason)455 const char * ppFinishReason (FinishReason reason)
456 {
457    switch (reason) {
458    case orderly_finish:    return "orderly_finish";
459    case reset_after_error: return "reset_after_error";
460    case reset_after_fork:  return "reset_after_fork";
461    default: vg_assert (0);
462    }
463 }
464 
remote_finish(FinishReason reason)465 void remote_finish (FinishReason reason)
466 {
467    dlog(1, "remote_finish (reason %s) %d %d\n",
468         ppFinishReason(reason), remote_desc, write_remote_desc);
469    reset_valgrind_sink(ppFinishReason(reason));
470    if (write_remote_desc != INVALID_DESCRIPTOR)
471       VG_(close) (write_remote_desc);
472    write_remote_desc = INVALID_DESCRIPTOR;
473 
474    if (remote_desc != INVALID_DESCRIPTOR) {
475       /* Fully close the connection, either due to orderly_finish or
476          to reset_after_fork or reset_after_error.  For
477          reset_after_error, the FIFO will be re-opened soon.  This
478          leaves a small window during which a race condition can
479          happen between vgdb and a forking process: Just after fork,
480          both the parent and the child have the FIFO open.  The child
481          will close it asap (as part of the 'after fork cleanup').  If
482          2 vgdbs are launched very quickly just after the fork, the
483          parent will close its FIFO when the 1st vgdb exits.  Then if
484          the 2nd vgdb is started before the parent has the time to
485          re-open the FIFO, the 2nd vgdb will be able to open the FIFO
486          (as it is still opened by the child).  The 2nd vgdb can then
487          have a 'write' error when the child closes the FIFO.  After
488          the 1st vgdb closes its FIFO write side, the parent gets EOF
489          on its reading FIFO till it is closed and re-opened.  Opening
490          a 2nd time the FIFO before closing the 'previous fd' solves
491          this race condition, but causes other (not understood)
492          problems due to too early re-invocation of gdbsrv.  Rather
493          than to handle this race condition in gdbsrv side, we put a
494          'retry' loop in vgdb for the initial write on the write
495          FIFO. */
496       remote_desc_pollfdread_activity.fd = INVALID_DESCRIPTOR;
497       remote_desc_pollfdread_activity.events = 0;
498       remote_desc_pollfdread_activity.revents = 0;
499       VG_(close) (remote_desc);
500       remote_desc = INVALID_DESCRIPTOR;
501    }
502    noack_mode = False;
503 
504    /* ensure the child will create its own FIFOs */
505    if (reason == reset_after_fork)
506       mknod_done = 0;
507 
508    if (reason == reset_after_error)
509       sync_gdb_connection();
510 }
511 
512 /* orderly close, cleans up everything */
remote_close(void)513 void remote_close (void)
514 {
515    const int pid = VG_(getpid)();
516    remote_finish(orderly_finish);
517    dlog(1, "%d (creator %d) maybe unlinking \n    %s\n    %s\n    %s\n",
518         pid, pid_from_to_creator,
519         from_gdb ? from_gdb : "NULL",
520         to_gdb ? to_gdb : "NULL",
521         shared_mem ? shared_mem : "NULL");
522    if (pid == pid_from_to_creator && from_gdb && VG_(unlink) (from_gdb) == -1)
523       warning ("could not unlink %s\n", from_gdb);
524    if (pid == pid_from_to_creator && to_gdb && VG_(unlink) (to_gdb) == -1)
525       warning ("could not unlink %s\n", to_gdb);
526    if (pid == pid_from_to_creator && shared_mem && VG_(unlink) (shared_mem) == -1)
527       warning ("could not unlink %s\n", shared_mem);
528    free (from_gdb);
529    from_gdb = NULL;
530    free (to_gdb);
531    to_gdb = NULL;
532    free (shared_mem);
533    shared_mem = NULL;
534 }
535 
remote_connected(void)536 Bool remote_connected(void)
537 {
538    return write_remote_desc != INVALID_DESCRIPTOR;
539 }
540 
541 /* cleanup after an error detected by poll_cond */
542 static
error_poll_cond(void)543 void error_poll_cond(void)
544 {
545    /* if we will close the connection, we assume either that
546       all characters have been seen or that they will be dropped. */
547    shared->seen_by_valgrind = shared->written_by_vgdb;
548    remote_finish(reset_after_error);
549 }
550 
551 /* remote_desc_activity might be used at high frequency if the user
552    gives a small value to --vgdb-poll. So, the function avoids
553    doing repetitively system calls by rather looking at the
554    counter values maintained in shared memory by vgdb. */
remote_desc_activity(const char * msg)555 int remote_desc_activity(const char *msg)
556 {
557    int retval;
558    SysRes ret;
559    const int looking_at = shared->written_by_vgdb;
560    if (shared->seen_by_valgrind == looking_at)
561       return 0;
562    if (remote_desc == INVALID_DESCRIPTOR)
563       return 0;
564 
565    /* poll the remote desc */
566    remote_desc_pollfdread_activity.revents = 0;
567    ret = VG_(poll_no_eintr) (&remote_desc_pollfdread_activity, 1, 0);
568    if (sr_isError(ret)
569        || (sr_Res(ret) && poll_cond(remote_desc_pollfdread_activity.revents))) {
570      if (sr_isError(ret)) {
571        sr_extended_perror(ret, "remote_desc_activity: poll error\n");
572      } else {
573        dlog(0, "POLLcond %d remote_desc_pollfdread %d\n",
574             remote_desc_pollfdread_activity.revents, remote_desc);
575        error_poll_cond();
576      }
577      retval = 2;
578    } else {
579      retval = sr_Res(ret);
580    }
581    dlog(1,
582         "remote_desc_activity %s %d last_looked_cntr %d looking_at %d"
583         " shared->written_by_vgdb %d shared->seen_by_valgrind %d"
584         " retval %d\n",
585         msg, remote_desc, last_looked_cntr, looking_at,
586         shared->written_by_vgdb, shared->seen_by_valgrind,
587         retval);
588    /* if no error from poll, indicate we have "seen" up to looking_at */
589    if (retval == 1)
590       last_looked_cntr = looking_at;
591    return retval;
592 }
593 
594 /* Convert hex digit A to a number.  */
595 
596 static
fromhex(int a)597 int fromhex (int a)
598 {
599    if (a >= '0' && a <= '9')
600       return a - '0';
601    else if (a >= 'a' && a <= 'f')
602       return a - 'a' + 10;
603    else
604      error ("Reply contains invalid hex digit 0x%x\n", (unsigned)a);
605    return 0;
606 }
607 
unhexify(char * bin,const char * hex,int count)608 int unhexify (char *bin, const char *hex, int count)
609 {
610    int i;
611 
612    for (i = 0; i < count; i++) {
613       if (hex[0] == 0 || hex[1] == 0) {
614          /* Hex string is short, or of uneven length.
615             Return the count that has been converted so far. */
616          return i;
617       }
618       *bin++ = fromhex (hex[0]) * 16 + fromhex (hex[1]);
619       hex += 2;
620    }
621    return i;
622 }
623 
decode_address(CORE_ADDR * addrp,const char * start,int len)624 void decode_address (CORE_ADDR *addrp, const char *start, int len)
625 {
626    CORE_ADDR addr;
627    char ch;
628    int i;
629 
630    addr = 0;
631    for (i = 0; i < len; i++) {
632       ch = start[i];
633       addr = addr << 4;
634       addr = addr | (fromhex (ch) & 0x0f);
635    }
636    *addrp = addr;
637 }
638 
639 /* Convert number NIB to a hex digit.  */
640 
641 static
tohex(int nib)642 int tohex (int nib)
643 {
644    if (nib < 10)
645       return '0' + nib;
646    else
647       return 'a' + nib - 10;
648 }
649 
hexify(char * hex,const char * bin,int count)650 int hexify (char *hex, const char *bin, int count)
651 {
652    int i;
653 
654    /* May use a length, or a nul-terminated string as input. */
655    if (count == 0)
656       count = strlen (bin);
657 
658   for (i = 0; i < count; i++) {
659      *hex++ = tohex ((*bin >> 4) & 0xf);
660      *hex++ = tohex (*bin++ & 0xf);
661   }
662   *hex = 0;
663   return i;
664 }
665 
666 /* builds an image of bin according to byte order of the architecture
667    Useful for register and int image */
heximage(char * buf,char * bin,int count)668 char* heximage (char *buf, char *bin, int count)
669 {
670 #if (VKI_LITTLE_ENDIAN)
671    char rev[count];
672    /* note: no need for trailing \0, length is known with count */
673    int i;
674    for (i = 0; i < count; i++)
675       rev[i] = bin[count - i - 1];
676    hexify (buf, rev, count);
677 #else
678    hexify (buf, bin, count);
679 #endif
680    return buf;
681 }
682 
C2v(CORE_ADDR addr)683 void* C2v(CORE_ADDR addr)
684 {
685    return (void*) addr;
686 }
687 
688 
689 /* Convert BUFFER, binary data at least LEN bytes long, into escaped
690    binary data in OUT_BUF.  Set *OUT_LEN to the length of the data
691    encoded in OUT_BUF, and return the number of bytes in OUT_BUF
692    (which may be more than *OUT_LEN due to escape characters).  The
693    total number of bytes in the output buffer will be at most
694    OUT_MAXLEN.  */
695 
696 int
remote_escape_output(const gdb_byte * buffer,int len,gdb_byte * out_buf,int * out_len,int out_maxlen)697 remote_escape_output (const gdb_byte *buffer, int len,
698 		      gdb_byte *out_buf, int *out_len,
699 		      int out_maxlen)
700 {
701    int input_index, output_index;
702 
703    output_index = 0;
704    for (input_index = 0; input_index < len; input_index++) {
705       gdb_byte b = buffer[input_index];
706 
707       if (b == '$' || b == '#' || b == '}' || b == '*') {
708          /* These must be escaped.  */
709          if (output_index + 2 > out_maxlen)
710 	    break;
711          out_buf[output_index++] = '}';
712          out_buf[output_index++] = b ^ 0x20;
713       } else {
714          if (output_index + 1 > out_maxlen)
715 	    break;
716          out_buf[output_index++] = b;
717       }
718    }
719 
720    *out_len = input_index;
721    return output_index;
722 }
723 
724 /* Convert BUFFER, escaped data LEN bytes long, into binary data
725    in OUT_BUF.  Return the number of bytes written to OUT_BUF.
726    Raise an error if the total number of bytes exceeds OUT_MAXLEN.
727 
728    This function reverses remote_escape_output.  It allows more
729    escaped characters than that function does, in particular because
730    '*' must be escaped to avoid the run-length encoding processing
731    in reading packets.  */
732 
733 static
remote_unescape_input(const gdb_byte * buffer,int len,gdb_byte * out_buf,int out_maxlen)734 int remote_unescape_input (const gdb_byte *buffer, int len,
735 		       gdb_byte *out_buf, int out_maxlen)
736 {
737    int input_index, output_index;
738    int escaped;
739 
740    output_index = 0;
741    escaped = 0;
742    for (input_index = 0; input_index < len; input_index++) {
743       gdb_byte b = buffer[input_index];
744 
745       if (output_index + 1 > out_maxlen)
746          error ("Received too much data (len %d) from the target.\n", len);
747 
748       if (escaped) {
749          out_buf[output_index++] = b ^ 0x20;
750          escaped = 0;
751       } else if (b == '}') {
752          escaped = 1;
753       } else {
754          out_buf[output_index++] = b;
755       }
756    }
757 
758    if (escaped)
759       error ("Unmatched escape character in target response.\n");
760 
761    return output_index;
762 }
763 
764 /* Look for a sequence of characters which can be run-length encoded.
765    If there are any, update *CSUM and *P.  Otherwise, output the
766    single character.  Return the number of characters consumed.  */
767 
768 static
try_rle(char * buf,int remaining,unsigned char * csum,char ** p)769 int try_rle (char *buf, int remaining, unsigned char *csum, char **p)
770 {
771    int n;
772 
773    /* Always output the character.  */
774    *csum += buf[0];
775    *(*p)++ = buf[0];
776 
777    /* Don't go past '~'.  */
778    if (remaining > 97)
779       remaining = 97;
780 
781    for (n = 1; n < remaining; n++)
782       if (buf[n] != buf[0])
783          break;
784 
785    /* N is the index of the first character not the same as buf[0].
786       buf[0] is counted twice, so by decrementing N, we get the number
787       of characters the RLE sequence will replace.  */
788    n--;
789 
790    if (n < 3)
791       return 1;
792 
793    /* Skip the frame characters.  The manual says to skip '+' and '-'
794       also, but there's no reason to.  Unfortunately these two unusable
795       characters double the encoded length of a four byte zero
796       value.  */
797    while (n + 29 == '$' || n + 29 == '#')
798       n--;
799 
800    *csum += '*';
801    *(*p)++ = '*';
802    *csum += n + 29;
803    *(*p)++ = n + 29;
804 
805    return n + 1;
806 }
807 
808 /* Send a packet to the remote machine, with error checking.
809    The data of the packet is in BUF, and the length of the
810    packet is in CNT.  Returns >= 0 on success, -1 otherwise.  */
811 
putpkt_binary(char * buf,int cnt)812 int putpkt_binary (char *buf, int cnt)
813 {
814    int i;
815    unsigned char csum = 0;
816    char *buf2;
817    char *p;
818    int cc;
819 
820    buf2 = malloc (PBUFSIZ+POVERHSIZ);
821    // should malloc PBUFSIZ, but bypass GDB bug (see gdbserver_init in server.c)
822    vg_assert (5 == POVERHSIZ);
823    vg_assert (cnt <= PBUFSIZ); // be tolerant for GDB bug.
824 
825    /* Copy the packet into buffer BUF2, encapsulating it
826       and giving it a checksum.  */
827 
828    p = buf2;
829    *p++ = '$';
830 
831    for (i = 0; i < cnt;)
832       i += try_rle (buf + i, cnt - i, &csum, &p);
833 
834    *p++ = '#';
835    *p++ = tohex ((csum >> 4) & 0xf);
836    *p++ = tohex (csum & 0xf);
837 
838    *p = '\0';
839 
840    /* we might have to write a pkt when out FIFO not yet/anymore opened */
841    if (!ensure_write_remote_desc()) {
842       warning ("putpkt(write) error: no write_remote_desc\n");
843       free (buf2);
844       return -1;
845    }
846 
847    /* Send it once (noack_mode)
848       or send it over and over until we get a positive ack.  */
849 
850    do {
851       if (VG_(write) (write_remote_desc, buf2, p - buf2) != p - buf2) {
852          warning ("putpkt(write) error\n");
853          free (buf2);
854          return -1;
855       }
856 
857       if (VG_(debugLog_getLevel)() >= 3) {
858          char *tracebuf = malloc(4 * (p - buf2) + 1); // worst case
859          char *tr = tracebuf;
860 
861          for (UInt npr = 0; npr < p - buf2; npr++) {
862             UChar uc = (unsigned char)buf2[npr];
863             if (uc > 31 && uc < 127) {
864                *tr++ = uc;
865             } else {
866                *tr++ = '\\';
867                VG_(sprintf)(tr, "%03o", uc);
868                tr += 3;
869             }
870          }
871          *tr++ = 0;
872          dlog(3, "putpkt (\"%s\"); (%slen %d) %s\n", tracebuf,
873               strlen(tracebuf) == p - buf2 ? "binary " : "",
874               (int)(p - buf2),
875               noack_mode ? "[no ack]" : "[looking for ack]");
876          free (tracebuf);
877       }
878 
879       if (noack_mode)
880          break;
881 
882       cc = readchar (1);
883       if (cc > 0)
884          dlog(3, "[received '%c' (0x%x)]\n", cc, (unsigned)cc);
885 
886       if (cc <= 0) {
887          if (cc == 0)
888             dlog(1, "putpkt(read): Got EOF\n");
889          else
890 	    warning ("putpkt(read) error\n");
891 
892          free (buf2);
893          return -1;
894       }
895 
896       /* Check for an input interrupt while we're here.  */
897       if (cc == '\003')
898          dlog(1, "Received 0x03 character (SIGINT)\n");
899    }
900    while (cc != '+');
901 
902    free (buf2);
903    return 1;			/* Success! */
904 }
905 
906 /* Send a packet to the remote machine, with error checking.  The data
907    of the packet is in BUF, and the packet should be a NUL-terminated
908    string.  Returns >= 0 on success, -1 otherwise.  */
909 
putpkt(char * buf)910 int putpkt (char *buf)
911 {
912    return putpkt_binary (buf, strlen (buf));
913 }
914 
monitor_output(char * s)915 void monitor_output (char *s)
916 {
917    if (remote_connected()) {
918       const int len = strlen(s);
919       char *buf = malloc(1 + 2*len + 1);
920 
921       buf[0] = 'O';
922       hexify(buf+1, s, len);
923       if (putpkt (buf) < 0) {
924          /* We probably have lost the connection with vgdb. */
925          reset_valgrind_sink("Error writing monitor output");
926          /* write again after reset */
927          VG_(printf) ("%s", s);
928       }
929 
930       free (buf);
931    } else {
932       print_to_initial_valgrind_sink (s);
933    }
934 }
935 
936 /* Returns next char from remote GDB.  -1 if error.  */
937 /* if single, only one character maximum can be read with
938    read system call. Otherwise, when reading an ack character
939    we might pile up the next gdb command in the static buf.
940    The read loop is then blocked in poll till gdb times out. */
941 static
readchar(int single)942 int readchar (int single)
943 {
944    static unsigned char buf[PBUFSIZ];
945    static int bufcnt = 0;
946    static unsigned char *bufp;
947    SysRes ret;
948 
949    if (bufcnt-- > 0)
950       return *bufp++;
951 
952    if (remote_desc == INVALID_DESCRIPTOR)
953       return -1;
954 
955    /* No characters available in buf =>
956       wait for some characters to arrive */
957    remote_desc_pollfdread_activity.revents = 0;
958    ret = VG_(poll_no_eintr)(&remote_desc_pollfdread_activity, 1, -1);
959    if (sr_isError(ret) || sr_Res(ret) != 1) {
960      if (sr_isError(ret)) {
961         sr_extended_perror(ret, "readchar: poll error\n");
962      } else {
963         dlog(0, "readchar: poll got %d, expecting 1\n", (int)sr_Res(ret));
964      }
965      return -1;
966    }
967    if (single)
968       bufcnt = VG_(read) (remote_desc, buf, 1);
969    else
970       bufcnt = VG_(read) (remote_desc, buf, sizeof (buf));
971 
972    if (bufcnt <= 0) {
973       if (bufcnt == 0)
974          dlog (1, "readchar: Got EOF\n");
975       else
976          warning ("readchar read error\n");
977 
978       return -1;
979    }
980 
981    shared->seen_by_valgrind += bufcnt;
982 
983    /* If we have received a character and we do not yet have a
984       connection, we better open our "write" fifo to let vgdb open its
985       read fifo side */
986    if (write_remote_desc == INVALID_DESCRIPTOR
987        && !ensure_write_remote_desc()) {
988       dlog(1, "reachar: write_remote_desc could not be created");
989    }
990 
991    bufp = buf;
992    bufcnt--;
993 
994    if (poll_cond(remote_desc_pollfdread_activity.revents)) {
995       dlog(1, "readchar: POLLcond got %d\n",
996            remote_desc_pollfdread_activity.revents);
997       error_poll_cond();
998    }
999 
1000    return *bufp++;
1001 }
1002 
1003 
1004 /* Read a packet from the remote machine, with error checking,
1005    and store it in BUF.  Returns length of packet, or negative if error. */
1006 
getpkt(char * buf)1007 int getpkt (char *buf)
1008 {
1009    char *bp;
1010    unsigned char csum, c1, c2;
1011    int c;
1012 
1013    while (1) {
1014       csum = 0;
1015 
1016       while (1) {
1017          c = readchar (0);
1018          if (c == '$')
1019 	    break;
1020          dlog(3, "[getpkt: discarding char '%c']\n", c);
1021          if (c < 0)
1022 	    return -1;
1023       }
1024 
1025       bp = buf;
1026       while (1) {
1027          c = readchar (0);
1028          if (c < 0)
1029 	    return -1;
1030          if (c == '#')
1031 	    break;
1032          *bp++ = c;
1033          csum += c;
1034       }
1035       *bp = 0;
1036 
1037       c1 = fromhex (readchar (0));
1038       c2 = fromhex (readchar (0));
1039 
1040       if (csum == (c1 << 4) + c2)
1041          break;
1042 
1043       dlog (0, "Bad checksum, sentsum=0x%x, csum=0x%x, buf=%s\n",
1044             (unsigned)(c1 << 4) + c2, (unsigned)csum, buf);
1045       if (!ensure_write_remote_desc()) {
1046          dlog(1, "getpkt(write nack) no write_remote_desc");
1047       }
1048       VG_(write) (write_remote_desc, "-", 1);
1049    }
1050 
1051    if (noack_mode)
1052       dlog(3, "getpkt (\"%s\");  [no ack] \n", buf);
1053    else
1054       dlog(3, "getpkt (\"%s\");  [sending ack] \n", buf);
1055 
1056    if (!noack_mode) {
1057       if (!ensure_write_remote_desc()) {
1058          dlog(1, "getpkt(write ack) no write_remote_desc");
1059       }
1060       VG_(write) (write_remote_desc, "+", 1);
1061       dlog(3, "[sent ack]\n");
1062    }
1063 
1064    return bp - buf;
1065 }
1066 
write_ok(char * buf)1067 void write_ok (char *buf)
1068 {
1069    buf[0] = 'O';
1070    buf[1] = 'K';
1071    buf[2] = '\0';
1072 }
1073 
write_enn(char * buf)1074 void write_enn (char *buf)
1075 {
1076    /* Some day, we should define the meanings of the error codes... */
1077    buf[0] = 'E';
1078    buf[1] = '0';
1079    buf[2] = '1';
1080    buf[3] = '\0';
1081 }
1082 
convert_int_to_ascii(const unsigned char * from,char * to,int n)1083 void convert_int_to_ascii (const unsigned char *from, char *to, int n)
1084 {
1085    int nib;
1086    int ch;
1087    while (n--) {
1088       ch = *from++;
1089       nib = ((ch & 0xf0) >> 4) & 0x0f;
1090       *to++ = tohex (nib);
1091       nib = ch & 0x0f;
1092       *to++ = tohex (nib);
1093    }
1094    *to++ = 0;
1095 }
1096 
1097 
convert_ascii_to_int(const char * from,unsigned char * to,int n)1098 void convert_ascii_to_int (const char *from, unsigned char *to, int n)
1099 {
1100    int nib1, nib2;
1101    while (n--) {
1102       nib1 = fromhex (*from++);
1103       nib2 = fromhex (*from++);
1104       *to++ = (((nib1 & 0x0f) << 4) & 0xf0) | (nib2 & 0x0f);
1105    }
1106 }
1107 
1108 static
outreg(int regno,char * buf)1109 char * outreg (int regno, char *buf)
1110 {
1111    if ((regno >> 12) != 0)
1112       *buf++ = tohex ((regno >> 12) & 0xf);
1113    if ((regno >> 8) != 0)
1114       *buf++ = tohex ((regno >> 8) & 0xf);
1115    *buf++ = tohex ((regno >> 4) & 0xf);
1116    *buf++ = tohex (regno & 0xf);
1117    *buf++ = ':';
1118    collect_register_as_string (regno, buf);
1119    buf += 2 * register_size (regno);
1120    *buf++ = ';';
1121 
1122    return buf;
1123 }
1124 
prepare_resume_reply(char * buf,char status,unsigned char sig)1125 void prepare_resume_reply (char *buf, char status, unsigned char sig)
1126 {
1127    int nib;
1128 
1129    *buf++ = status;
1130 
1131    nib = ((sig & 0xf0) >> 4);
1132    *buf++ = tohex (nib);
1133    nib = sig & 0x0f;
1134    *buf++ = tohex (nib);
1135 
1136    if (status == 'T') {
1137       const char **regp = gdbserver_expedite_regs;
1138 
1139       if (valgrind_stopped_by_watchpoint()) {
1140          CORE_ADDR addr;
1141          int i;
1142 
1143          strncpy (buf, "watch:", 6);
1144          buf += 6;
1145 
1146          addr = valgrind_stopped_data_address ();
1147 
1148          /* Convert each byte of the address into two hexadecimal chars.
1149             Note that we take sizeof (void *) instead of sizeof (addr);
1150             this is to avoid sending a 64-bit address to a 32-bit GDB.  */
1151          for (i = sizeof (void *) * 2; i > 0; i--) {
1152             *buf++ = tohex ((addr >> (i - 1) * 4) & 0xf);
1153          }
1154          *buf++ = ';';
1155       }
1156 
1157       while (*regp) {
1158          buf = outreg (find_regno (*regp), buf);
1159          regp ++;
1160       }
1161 
1162       {
1163          unsigned int gdb_id_from_wait;
1164 
1165          /* FIXME right place to set this? */
1166          thread_from_wait =
1167             ((struct inferior_list_entry *)current_inferior)->id;
1168          gdb_id_from_wait = thread_to_gdb_id (current_inferior);
1169 
1170          dlog(1, "Writing resume reply for %lu\n", thread_from_wait);
1171          /* This if (1) ought to be unnecessary.  But remote_wait in GDB
1172             will claim this event belongs to inferior_ptid if we do not
1173             specify a thread, and there's no way for gdbserver to know
1174             what inferior_ptid is.  */
1175          if (1 || old_thread_from_wait != thread_from_wait) {
1176             general_thread = thread_from_wait;
1177             VG_(sprintf) (buf, "thread:%x;", gdb_id_from_wait);
1178             buf += strlen (buf);
1179             old_thread_from_wait = thread_from_wait;
1180          }
1181       }
1182    }
1183    /* For W and X, we're done.  */
1184    *buf++ = 0;
1185 }
1186 
decode_m_packet(char * from,CORE_ADDR * mem_addr_ptr,unsigned int * len_ptr)1187 void decode_m_packet (char *from, CORE_ADDR *mem_addr_ptr, unsigned int *len_ptr)
1188 {
1189    int i = 0, j = 0;
1190    char ch;
1191    *mem_addr_ptr = *len_ptr = 0;
1192 
1193    while ((ch = from[i++]) != ',') {
1194       *mem_addr_ptr = *mem_addr_ptr << 4;
1195       *mem_addr_ptr |= fromhex (ch) & 0x0f;
1196    }
1197 
1198    for (j = 0; j < 4; j++) {
1199       if ((ch = from[i++]) == 0)
1200          break;
1201       *len_ptr = *len_ptr << 4;
1202       *len_ptr |= fromhex (ch) & 0x0f;
1203    }
1204 }
1205 
decode_M_packet(char * from,CORE_ADDR * mem_addr_ptr,unsigned int * len_ptr,unsigned char * to)1206 void decode_M_packet (char *from, CORE_ADDR *mem_addr_ptr, unsigned int *len_ptr,
1207 		 unsigned char *to)
1208 {
1209    int i = 0;
1210    char ch;
1211    *mem_addr_ptr = *len_ptr = 0;
1212 
1213    while ((ch = from[i++]) != ',') {
1214       *mem_addr_ptr = *mem_addr_ptr << 4;
1215       *mem_addr_ptr |= fromhex (ch) & 0x0f;
1216    }
1217 
1218    while ((ch = from[i++]) != ':') {
1219       *len_ptr = *len_ptr << 4;
1220       *len_ptr |= fromhex (ch) & 0x0f;
1221    }
1222 
1223    convert_ascii_to_int (&from[i++], to, *len_ptr);
1224 }
1225 
decode_X_packet(char * from,int packet_len,CORE_ADDR * mem_addr_ptr,unsigned int * len_ptr,unsigned char * to)1226 int decode_X_packet (char *from, int packet_len, CORE_ADDR *mem_addr_ptr,
1227 		 unsigned int *len_ptr, unsigned char *to)
1228 {
1229    int i = 0;
1230    char ch;
1231    *mem_addr_ptr = *len_ptr = 0;
1232 
1233    while ((ch = from[i++]) != ',') {
1234       *mem_addr_ptr = *mem_addr_ptr << 4;
1235       *mem_addr_ptr |= fromhex (ch) & 0x0f;
1236    }
1237 
1238    while ((ch = from[i++]) != ':') {
1239       *len_ptr = *len_ptr << 4;
1240       *len_ptr |= fromhex (ch) & 0x0f;
1241    }
1242 
1243    if (remote_unescape_input ((const gdb_byte *) &from[i], packet_len - i,
1244                               to, *len_ptr) != *len_ptr)
1245       return -1;
1246 
1247    return 0;
1248 }
1249 
1250 
1251 /* Return the default path prefix for the named pipes (FIFOs) used by vgdb/gdb
1252    to communicate with valgrind */
1253 HChar *
VG_(vgdb_prefix_default)1254 VG_(vgdb_prefix_default)(void)
1255 {
1256    static HChar *prefix;
1257 
1258    if (prefix == NULL) {
1259      const HChar *tmpdir = VG_(tmpdir)();
1260      prefix = malloc(strlen(tmpdir) + strlen("/vgdb-pipe") + 1);
1261      strcpy(prefix, tmpdir);
1262      strcat(prefix, "/vgdb-pipe");
1263    }
1264    return prefix;
1265 }
1266