From: Pedro Alves <pedro@palves.net>
To: Keith Seitz <keiths@redhat.com>, gdb-patches@sourceware.org
Subject: Re: [PATCH] linux_nat_target::xfer_partial: Fallback to ptrace
Date: Tue, 26 Jul 2022 20:16:44 +0100 [thread overview]
Message-ID: <77dcd604-9c1d-7e77-130d-05da950a14ed@palves.net> (raw)
In-Reply-To: <a003b926-dd72-9118-fdaa-5ad9cb8eac0f@redhat.com>
[-- Attachment #1: Type: text/plain, Size: 1841 bytes --]
On 2022-07-26 6:24 p.m., Keith Seitz wrote:
> I've taken your patch and updated mine (now trivial):
>
> diff --git a/gdb/linux-nat.c b/gdb/linux-nat.c
> index 0a93ab5..95732a6 100644
> --- a/gdb/linux-nat.c
> +++ b/gdb/linux-nat.c
> @@ -3710,8 +3712,10 @@ enum target_xfer_status
> if (addr_bit < (sizeof (ULONGEST) * HOST_CHAR_BIT))
> offset &= ((ULONGEST) 1 << addr_bit) - 1;
>
> - return linux_proc_xfer_memory_partial (readbuf, writebuf,
> - offset, len, xfered_len);
> + if (proc_mem_file_is_writable ())
> + return linux_proc_xfer_memory_partial (readbuf, writebuf,
> + offset, len, xfered_len);
> + /* Fallthrough to ptrace */
> }
>
> return inf_ptrace_target::xfer_partial (object, annex, readbuf, writebuf,
>
> I've re-run this through all my testing, and all looks good.
Great, thanks.
>
> However, I suspect you already knew that. :-)
I was actually curious whether that would work (or rather fail quietly) on the
older kernels!
>
> If/when you push your patch, and there are no further concerns, I will push mine,
> with your approval.
>
As discussed off list, I merged both patches to master at once, to avoid "unused"
warnings.
I've attached both patches, as merged. In my patch, I fixed a bad usage
of gdb::optional (need to emplace once before doing "*opt" ...), and removed
the "static" from the written-to variable (I don't know why I added it in the
first place). In your patch, I added a comment explaining why not to fallback
to ptrace, in case someone changes this code in the future.
> Thank you for your follow-up!
np.
Pedro Alves.
[-- Attachment #2: 0001-gdb-linux-nat-Check-whether-proc-pid-mem-is-writable.patch --]
[-- Type: text/x-patch, Size: 5716 bytes --]
From 1bcb0708f22956d5128a2e75df6eba5a18327892 Mon Sep 17 00:00:00 2001
From: Pedro Alves <pedro@palves.net>
Date: Thu, 21 Jul 2022 19:11:16 +0100
Subject: [PATCH 1/2] gdb/linux-nat: Check whether /proc/pid/mem is writable
Probe whether /proc/pid/mem is writable, by using it to write to a GDB
variable. This will be used in the following patch to avoid falling
back to writing to inferior memory with ptrace if /proc/pid/mem _is_
writable.
Change-Id: If87eff0b46cbe5e32a583e2977a9e17d29d0ed3e
---
gdb/linux-nat.c | 105 ++++++++++++++++++++++++++++++++++++++++--------
1 file changed, 88 insertions(+), 17 deletions(-)
diff --git a/gdb/linux-nat.c b/gdb/linux-nat.c
index a2bbd3cbfc8..b641e88b1ef 100644
--- a/gdb/linux-nat.c
+++ b/gdb/linux-nat.c
@@ -244,6 +244,7 @@ static int lwp_status_pending_p (struct lwp_info *lp);
static void save_stop_reason (struct lwp_info *lp);
+static bool proc_mem_file_is_writable ();
static void close_proc_mem_file (pid_t pid);
static void open_proc_mem_file (ptid_t ptid);
@@ -3882,25 +3883,19 @@ open_proc_mem_file (ptid_t ptid)
fd, ptid.pid (), ptid.lwp ());
}
-/* Implement the to_xfer_partial target method using /proc/PID/mem.
- Because we can use a single read/write call, this can be much more
- efficient than banging away at PTRACE_PEEKTEXT. Also, unlike
- PTRACE_PEEKTEXT/PTRACE_POKETEXT, this works with running
- threads. */
+/* Helper for linux_proc_xfer_memory_partial and
+ proc_mem_file_is_writable. FD is the already opened /proc/pid/mem
+ file, and PID is the pid of the corresponding process. The rest of
+ the arguments are like linux_proc_xfer_memory_partial's. */
static enum target_xfer_status
-linux_proc_xfer_memory_partial (gdb_byte *readbuf, const gdb_byte *writebuf,
- ULONGEST offset, LONGEST len,
- ULONGEST *xfered_len)
+linux_proc_xfer_memory_partial_fd (int fd, int pid,
+ gdb_byte *readbuf, const gdb_byte *writebuf,
+ ULONGEST offset, LONGEST len,
+ ULONGEST *xfered_len)
{
ssize_t ret;
- auto iter = proc_mem_file_map.find (inferior_ptid.pid ());
- if (iter == proc_mem_file_map.end ())
- return TARGET_XFER_EOF;
-
- int fd = iter->second.fd ();
-
gdb_assert (fd != -1);
/* Use pread64/pwrite64 if available, since they save a syscall and can
@@ -3919,8 +3914,7 @@ linux_proc_xfer_memory_partial (gdb_byte *readbuf, const gdb_byte *writebuf,
if (ret == -1)
{
linux_nat_debug_printf ("accessing fd %d for pid %d failed: %s (%d)",
- fd, inferior_ptid.pid (),
- safe_strerror (errno), errno);
+ fd, pid, safe_strerror (errno), errno);
return TARGET_XFER_E_IO;
}
else if (ret == 0)
@@ -3928,7 +3922,7 @@ linux_proc_xfer_memory_partial (gdb_byte *readbuf, const gdb_byte *writebuf,
/* EOF means the address space is gone, the whole process exited
or execed. */
linux_nat_debug_printf ("accessing fd %d for pid %d got EOF",
- fd, inferior_ptid.pid ());
+ fd, pid);
return TARGET_XFER_EOF;
}
else
@@ -3938,6 +3932,81 @@ linux_proc_xfer_memory_partial (gdb_byte *readbuf, const gdb_byte *writebuf,
}
}
+/* Implement the to_xfer_partial target method using /proc/PID/mem.
+ Because we can use a single read/write call, this can be much more
+ efficient than banging away at PTRACE_PEEKTEXT. Also, unlike
+ PTRACE_PEEKTEXT/PTRACE_POKETEXT, this works with running
+ threads. */
+
+static enum target_xfer_status
+linux_proc_xfer_memory_partial (gdb_byte *readbuf, const gdb_byte *writebuf,
+ ULONGEST offset, LONGEST len,
+ ULONGEST *xfered_len)
+{
+ int pid = inferior_ptid.pid ();
+
+ auto iter = proc_mem_file_map.find (pid);
+ if (iter == proc_mem_file_map.end ())
+ return TARGET_XFER_EOF;
+
+ int fd = iter->second.fd ();
+
+ return linux_proc_xfer_memory_partial_fd (fd, pid, readbuf, writebuf, offset,
+ len, xfered_len);
+}
+
+/* Check whether /proc/pid/mem is writable in the current kernel, and
+ return true if so. It wasn't writable before Linux 2.6.39, but
+ there's no way to know whether the feature was backported to older
+ kernels. So we check to see if it works. The result is cached,
+ and this is garanteed to be called once early at startup. */
+
+static bool
+proc_mem_file_is_writable ()
+{
+ static gdb::optional<bool> writable;
+
+ if (writable.has_value ())
+ return *writable;
+
+ writable.emplace (false);
+
+ /* We check whether /proc/pid/mem is writable by trying to write to
+ one of our variables via /proc/self/mem. */
+
+ int fd = gdb_open_cloexec ("/proc/self/mem", O_RDWR | O_LARGEFILE, 0).release ();
+
+ if (fd == -1)
+ {
+ warning (_("opening /proc/self/mem file failed: %s (%d)"),
+ safe_strerror (errno), errno);
+ return *writable;
+ }
+
+ SCOPE_EXIT { close (fd); };
+
+ /* This is the variable we try to write to. Note OFFSET below. */
+ volatile gdb_byte test_var = 0;
+
+ gdb_byte writebuf[] = {0x55};
+ ULONGEST offset = (uintptr_t) &test_var;
+ ULONGEST xfered_len;
+
+ enum target_xfer_status res
+ = linux_proc_xfer_memory_partial_fd (fd, getpid (), nullptr, writebuf,
+ offset, 1, &xfered_len);
+
+ if (res == TARGET_XFER_OK)
+ {
+ gdb_assert (xfered_len == 1);
+ gdb_assert (test_var == 0x55);
+ /* Success. */
+ *writable = true;
+ }
+
+ return *writable;
+}
+
/* Parse LINE as a signal set and add its set bits to SIGS. */
static void
@@ -4437,6 +4506,8 @@ Enables printf debugging output."),
sigemptyset (&blocked_mask);
lwp_lwpid_htab_create ();
+
+ proc_mem_file_is_writable ();
}
\f
base-commit: ecbff28a4457d0ebe11023fa9671d62251e7463d
--
2.36.0
[-- Attachment #3: 0002-gdb-linux_nat-Write-memory-using-ptrace-if-proc-pid-.patch --]
[-- Type: text/x-patch, Size: 3327 bytes --]
From dd09fe0d53242a5f6a86d2822b0cfdeb3f5baa8f Mon Sep 17 00:00:00 2001
From: Keith Seitz <keiths@redhat.com>
Date: Tue, 26 Jul 2022 19:11:04 +0100
Subject: [PATCH 2/2] gdb/linux_nat: Write memory using ptrace if /proc/pid/mem
is not writable
Commit 05c06f318fd9a112529dfc313e6512b399a645e4 enabled GDB to access
memory while threads are running. It did this by accessing
/proc/PID/task/LWP/mem.
Unfortunately, this interface is not implemented for writing in older
kernels (such as RHEL6). This means that GDB is unable to insert
breakpoints on these hosts:
$ ./gdb -q gdb -ex start
Reading symbols from gdb...
Temporary breakpoint 1 at 0x40fdd5: file ../../src/gdb/gdb.c, line 28.
Starting program: /home/rhel6/fsf/linux/gdb/gdb
Warning:
Cannot insert breakpoint 1.
Cannot access memory at address 0x40fdd5
(gdb)
Before this patch, linux_proc_xfer_memory_partial (previously called
linux_proc_xfer_partial) would return TARGET_XFER_EOF if the write to
/proc/PID/mem failed. [More specifically, linux_proc_xfer_partial
would not "bother for one word," but the effect is the essentially
same.]
This status was checked by linux_nat_target::xfer_partial, which would
then fallback to using ptrace to perform the operation.
This is the specific hunk that removed the fallback:
- xfer = linux_proc_xfer_partial (object, annex, readbuf, writebuf,
- offset, len, xfered_len);
- if (xfer != TARGET_XFER_EOF)
- return xfer;
+ return linux_proc_xfer_memory_partial (readbuf, writebuf,
+ offset, len, xfered_len);
+ }
return inf_ptrace_target::xfer_partial (object, annex, readbuf, writebuf,
offset, len, xfered_len);
This patch makes linux_nat_target::xfer_partial go straight to writing
memory via ptrace if writing via /proc/pid/mem is not possible in the
running kernel, enabling GDB to insert breakpoints on these older
kernels. Note that a recent patch changed the return status from
TARGET_XFER_EOF to TARGET_XFER_E_IO.
Tested on {unix,native-gdbserver,native-extended-gdbserver}/-m{32,64}
on x86_64, s390x, aarch64, and ppc64le.
Change-Id: If1d884278e8c4ea71d8836bedd56e6a6c242a415
---
gdb/linux-nat.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/gdb/linux-nat.c b/gdb/linux-nat.c
index b641e88b1ef..e638e8ad04e 100644
--- a/gdb/linux-nat.c
+++ b/gdb/linux-nat.c
@@ -3711,8 +3711,15 @@ linux_nat_target::xfer_partial (enum target_object object,
if (addr_bit < (sizeof (ULONGEST) * HOST_CHAR_BIT))
offset &= ((ULONGEST) 1 << addr_bit) - 1;
- return linux_proc_xfer_memory_partial (readbuf, writebuf,
- offset, len, xfered_len);
+ /* If /proc/pid/mem is writable, don't fallback to ptrace. If
+ the write via /proc/pid/mem fails because the inferior execed
+ (and we haven't seen the exec event yet), a subsequent ptrace
+ poke would incorrectly write memory to the post-exec address
+ space, while the core was trying to write to the pre-exec
+ address space. */
+ if (proc_mem_file_is_writable ())
+ return linux_proc_xfer_memory_partial (readbuf, writebuf,
+ offset, len, xfered_len);
}
return inf_ptrace_target::xfer_partial (object, annex, readbuf, writebuf,
--
2.36.0
next prev parent reply other threads:[~2022-07-26 19:16 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-03 15:18 Keith Seitz
2022-07-21 15:03 ` Keith Seitz
2022-07-21 20:07 ` Pedro Alves
2022-07-26 17:24 ` Keith Seitz
2022-07-26 19:16 ` Pedro Alves [this message]
-- strict thread matches above, loose matches on Subject: below --
2022-05-12 18:15 Keith Seitz
2022-05-20 18:51 ` Pedro Alves
2022-05-24 18:56 ` Keith Seitz
2022-05-25 13:41 ` Pedro Alves
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=77dcd604-9c1d-7e77-130d-05da950a14ed@palves.net \
--to=pedro@palves.net \
--cc=gdb-patches@sourceware.org \
--cc=keiths@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).