Re: [PATCH] linux_nat_target::xfer_partial: Fallback to ptrace

[Pedro Alves <pedro@palves.net>]

[-- Attachment #1: Type: text/plain, Size: 1841 bytes --]

On 2022-07-26 6:24 p.m., Keith Seitz wrote:

> I've taken your patch and updated mine (now trivial):
> 
> diff --git a/gdb/linux-nat.c b/gdb/linux-nat.c
> index 0a93ab5..95732a6 100644
> --- a/gdb/linux-nat.c
> +++ b/gdb/linux-nat.c
> @@ -3710,8 +3712,10 @@ enum target_xfer_status
>        if (addr_bit < (sizeof (ULONGEST) * HOST_CHAR_BIT))
>         offset &= ((ULONGEST) 1 << addr_bit) - 1;
>  
> -      return linux_proc_xfer_memory_partial (readbuf, writebuf,
> -                                            offset, len, xfered_len);
> +      if (proc_mem_file_is_writable ())
> +       return linux_proc_xfer_memory_partial (readbuf, writebuf,
> +                                              offset, len, xfered_len);
> +      /* Fallthrough to ptrace  */
>      }
>  
>    return inf_ptrace_target::xfer_partial (object, annex, readbuf, writebuf,
> 
> I've re-run this through all my testing, and all looks good.

Great, thanks.

> 
> However, I suspect you already knew that. :-)

I was actually curious whether that would work (or rather fail quietly) on the
older kernels!

> 
> If/when you push your patch, and there are no further concerns, I will push mine,
> with your approval.
> 

As discussed off list, I merged both patches to master at once, to avoid "unused"
warnings.

I've attached both patches, as merged.  In my patch, I fixed a bad usage
of gdb::optional (need to emplace once before doing "*opt" ...), and removed
the "static" from the written-to variable (I don't know why I added it in the
first place).  In your patch, I added a comment explaining why not to fallback
to ptrace, in case someone changes this code in the future.

> Thank you for your follow-up!

np.

Pedro Alves.

[-- Attachment #2: 0001-gdb-linux-nat-Check-whether-proc-pid-mem-is-writable.patch --]
[-- Type: text/x-patch, Size: 5716 bytes --]

From 1bcb0708f22956d5128a2e75df6eba5a18327892 Mon Sep 17 00:00:00 2001
From: Pedro Alves <pedro@palves.net>
Date: Thu, 21 Jul 2022 19:11:16 +0100
Subject: [PATCH 1/2] gdb/linux-nat: Check whether /proc/pid/mem is writable

Probe whether /proc/pid/mem is writable, by using it to write to a GDB
variable.  This will be used in the following patch to avoid falling
back to writing to inferior memory with ptrace if /proc/pid/mem _is_
writable.

Change-Id: If87eff0b46cbe5e32a583e2977a9e17d29d0ed3e
---
 gdb/linux-nat.c | 105 ++++++++++++++++++++++++++++++++++++++++--------
 1 file changed, 88 insertions(+), 17 deletions(-)

diff --git a/gdb/linux-nat.c b/gdb/linux-nat.c
index a2bbd3cbfc8..b641e88b1ef 100644
--- a/gdb/linux-nat.c
+++ b/gdb/linux-nat.c
@@ -244,6 +244,7 @@ static int lwp_status_pending_p (struct lwp_info *lp);
 
 static void save_stop_reason (struct lwp_info *lp);
 
+static bool proc_mem_file_is_writable ();
 static void close_proc_mem_file (pid_t pid);
 static void open_proc_mem_file (ptid_t ptid);
 
@@ -3882,25 +3883,19 @@ open_proc_mem_file (ptid_t ptid)
 			  fd, ptid.pid (), ptid.lwp ());
 }
 
-/* Implement the to_xfer_partial target method using /proc/PID/mem.
-   Because we can use a single read/write call, this can be much more
-   efficient than banging away at PTRACE_PEEKTEXT.  Also, unlike
-   PTRACE_PEEKTEXT/PTRACE_POKETEXT, this works with running
-   threads.  */
+/* Helper for linux_proc_xfer_memory_partial and
+   proc_mem_file_is_writable.  FD is the already opened /proc/pid/mem
+   file, and PID is the pid of the corresponding process.  The rest of
+   the arguments are like linux_proc_xfer_memory_partial's.  */
 
 static enum target_xfer_status
-linux_proc_xfer_memory_partial (gdb_byte *readbuf, const gdb_byte *writebuf,
-				ULONGEST offset, LONGEST len,
-				ULONGEST *xfered_len)
+linux_proc_xfer_memory_partial_fd (int fd, int pid,
+				   gdb_byte *readbuf, const gdb_byte *writebuf,
+				   ULONGEST offset, LONGEST len,
+				   ULONGEST *xfered_len)
 {
   ssize_t ret;
 
-  auto iter = proc_mem_file_map.find (inferior_ptid.pid ());
-  if (iter == proc_mem_file_map.end ())
-    return TARGET_XFER_EOF;
-
-  int fd = iter->second.fd ();
-
   gdb_assert (fd != -1);
 
   /* Use pread64/pwrite64 if available, since they save a syscall and can
@@ -3919,8 +3914,7 @@ linux_proc_xfer_memory_partial (gdb_byte *readbuf, const gdb_byte *writebuf,
   if (ret == -1)
     {
       linux_nat_debug_printf ("accessing fd %d for pid %d failed: %s (%d)",
-			      fd, inferior_ptid.pid (),
-			      safe_strerror (errno), errno);
+			      fd, pid, safe_strerror (errno), errno);
       return TARGET_XFER_E_IO;
     }
   else if (ret == 0)
@@ -3928,7 +3922,7 @@ linux_proc_xfer_memory_partial (gdb_byte *readbuf, const gdb_byte *writebuf,
       /* EOF means the address space is gone, the whole process exited
 	 or execed.  */
       linux_nat_debug_printf ("accessing fd %d for pid %d got EOF",
-			      fd, inferior_ptid.pid ());
+			      fd, pid);
       return TARGET_XFER_EOF;
     }
   else
@@ -3938,6 +3932,81 @@ linux_proc_xfer_memory_partial (gdb_byte *readbuf, const gdb_byte *writebuf,
     }
 }
 
+/* Implement the to_xfer_partial target method using /proc/PID/mem.
+   Because we can use a single read/write call, this can be much more
+   efficient than banging away at PTRACE_PEEKTEXT.  Also, unlike
+   PTRACE_PEEKTEXT/PTRACE_POKETEXT, this works with running
+   threads.  */
+
+static enum target_xfer_status
+linux_proc_xfer_memory_partial (gdb_byte *readbuf, const gdb_byte *writebuf,
+				ULONGEST offset, LONGEST len,
+				ULONGEST *xfered_len)
+{
+  int pid = inferior_ptid.pid ();
+
+  auto iter = proc_mem_file_map.find (pid);
+  if (iter == proc_mem_file_map.end ())
+    return TARGET_XFER_EOF;
+
+  int fd = iter->second.fd ();
+
+  return linux_proc_xfer_memory_partial_fd (fd, pid, readbuf, writebuf, offset,
+					    len, xfered_len);
+}
+
+/* Check whether /proc/pid/mem is writable in the current kernel, and
+   return true if so.  It wasn't writable before Linux 2.6.39, but
+   there's no way to know whether the feature was backported to older
+   kernels.  So we check to see if it works.  The result is cached,
+   and this is garanteed to be called once early at startup.  */
+
+static bool
+proc_mem_file_is_writable ()
+{
+  static gdb::optional<bool> writable;
+
+  if (writable.has_value ())
+    return *writable;
+
+  writable.emplace (false);
+
+  /* We check whether /proc/pid/mem is writable by trying to write to
+     one of our variables via /proc/self/mem.  */
+
+  int fd = gdb_open_cloexec ("/proc/self/mem", O_RDWR | O_LARGEFILE, 0).release ();
+
+  if (fd == -1)
+    {
+      warning (_("opening /proc/self/mem file failed: %s (%d)"),
+	       safe_strerror (errno), errno);
+      return *writable;
+    }
+
+  SCOPE_EXIT { close (fd); };
+
+  /* This is the variable we try to write to.  Note OFFSET below.  */
+  volatile gdb_byte test_var = 0;
+
+  gdb_byte writebuf[] = {0x55};
+  ULONGEST offset = (uintptr_t) &test_var;
+  ULONGEST xfered_len;
+
+  enum target_xfer_status res
+    = linux_proc_xfer_memory_partial_fd (fd, getpid (), nullptr, writebuf,
+					 offset, 1, &xfered_len);
+
+  if (res == TARGET_XFER_OK)
+    {
+      gdb_assert (xfered_len == 1);
+      gdb_assert (test_var == 0x55);
+      /* Success.  */
+      *writable = true;
+    }
+
+  return *writable;
+}
+
 /* Parse LINE as a signal set and add its set bits to SIGS.  */
 
 static void
@@ -4437,6 +4506,8 @@ Enables printf debugging output."),
   sigemptyset (&blocked_mask);
 
   lwp_lwpid_htab_create ();
+
+  proc_mem_file_is_writable ();
 }
 \f
 

base-commit: ecbff28a4457d0ebe11023fa9671d62251e7463d
-- 
2.36.0


[-- Attachment #3: 0002-gdb-linux_nat-Write-memory-using-ptrace-if-proc-pid-.patch --]
[-- Type: text/x-patch, Size: 3327 bytes --]

From dd09fe0d53242a5f6a86d2822b0cfdeb3f5baa8f Mon Sep 17 00:00:00 2001
From: Keith Seitz <keiths@redhat.com>
Date: Tue, 26 Jul 2022 19:11:04 +0100
Subject: [PATCH 2/2] gdb/linux_nat: Write memory using ptrace if /proc/pid/mem
 is not writable

Commit 05c06f318fd9a112529dfc313e6512b399a645e4 enabled GDB to access
memory while threads are running.  It did this by accessing
/proc/PID/task/LWP/mem.

Unfortunately, this interface is not implemented for writing in older
kernels (such as RHEL6).  This means that GDB is unable to insert
breakpoints on these hosts:

 $ ./gdb -q gdb -ex start
 Reading symbols from gdb...
 Temporary breakpoint 1 at 0x40fdd5: file ../../src/gdb/gdb.c, line 28.
 Starting program: /home/rhel6/fsf/linux/gdb/gdb
 Warning:
 Cannot insert breakpoint 1.
 Cannot access memory at address 0x40fdd5

 (gdb)

Before this patch, linux_proc_xfer_memory_partial (previously called
linux_proc_xfer_partial) would return TARGET_XFER_EOF if the write to
/proc/PID/mem failed. [More specifically, linux_proc_xfer_partial
would not "bother for one word," but the effect is the essentially
same.]

This status was checked by linux_nat_target::xfer_partial, which would
then fallback to using ptrace to perform the operation.

This is the specific hunk that removed the fallback:

-  xfer = linux_proc_xfer_partial (object, annex, readbuf, writebuf,
-                                 offset, len, xfered_len);
-  if (xfer != TARGET_XFER_EOF)
-    return xfer;
+      return linux_proc_xfer_memory_partial (readbuf, writebuf,
+                                            offset, len, xfered_len);
+    }

   return inf_ptrace_target::xfer_partial (object, annex, readbuf, writebuf,
                                          offset, len, xfered_len);

This patch makes linux_nat_target::xfer_partial go straight to writing
memory via ptrace if writing via /proc/pid/mem is not possible in the
running kernel, enabling GDB to insert breakpoints on these older
kernels.  Note that a recent patch changed the return status from
TARGET_XFER_EOF to TARGET_XFER_E_IO.

Tested on {unix,native-gdbserver,native-extended-gdbserver}/-m{32,64}
on x86_64, s390x, aarch64, and ppc64le.

Change-Id: If1d884278e8c4ea71d8836bedd56e6a6c242a415
---
 gdb/linux-nat.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/gdb/linux-nat.c b/gdb/linux-nat.c
index b641e88b1ef..e638e8ad04e 100644
--- a/gdb/linux-nat.c
+++ b/gdb/linux-nat.c
@@ -3711,8 +3711,15 @@ linux_nat_target::xfer_partial (enum target_object object,
       if (addr_bit < (sizeof (ULONGEST) * HOST_CHAR_BIT))
 	offset &= ((ULONGEST) 1 << addr_bit) - 1;
 
-      return linux_proc_xfer_memory_partial (readbuf, writebuf,
-					     offset, len, xfered_len);
+      /* If /proc/pid/mem is writable, don't fallback to ptrace.  If
+	 the write via /proc/pid/mem fails because the inferior execed
+	 (and we haven't seen the exec event yet), a subsequent ptrace
+	 poke would incorrectly write memory to the post-exec address
+	 space, while the core was trying to write to the pre-exec
+	 address space.  */
+      if (proc_mem_file_is_writable ())
+	return linux_proc_xfer_memory_partial (readbuf, writebuf,
+					       offset, len, xfered_len);
     }
 
   return inf_ptrace_target::xfer_partial (object, annex, readbuf, writebuf,
-- 
2.36.0