/*--------------------------------------------------------------------*/
/*--- Launching Valgrind on AIX5. launcher-aix5.c ---*/
/*--------------------------------------------------------------------*/
/*
This file is part of Valgrind, a dynamic binary instrumentation
framework.
Copyright (C) 2006-2010 OpenWorks LLP
info@open-works.co.uk
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License as
published by the Free Software Foundation; either version 2 of the
License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
02111-1307, USA.
The GNU General Public License is contained in the file COPYING.
Neither the names of the U.S. Department of Energy nor the
University of California nor the names of its contributors may be
used to endorse or promote products derived from this software
without prior written permission.
*/
/* Cut-down version of the normal launcher, except it is completely
different on AIX5. Does not handle shell scripts, only real
machine code XCOFF executables.
Note: this is a "normal" program and not part of Valgrind proper,
and so it doesn't have to conform to Valgrind's arcane rules on
no-glibc-usage etc.
*/
#include <stdio.h>
#include <assert.h>
#include <string.h>
#include <stdlib.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <unistd.h>
#include <sys/ptrace.h>
#include <sys/wait.h>
/* Get both struct __ld_info32 and struct __ld_info64. */
#define __LDINFO_PTRACE32__ 1
#define __LDINFO_PTRACE64__ 1
#include <sys/ldr.h>
#include <sys/reg.h> /* GPR0 .. GPR31 */
#include <sys/procfs.h> /* prsysent_t */
#include "pub_core_debuglog.h"
#include "pub_core_vki.h"
#include "pub_core_vkiscnums.h"
#include "pub_core_libcproc.h" // For VALGRIND_LIB, VALGRIND_LAUNCHER
/* Get the definition for the AIX5Bootblock structure. This is what
we will generate and patch into the child's address space. */
#include "launcher-aix5-bootblock.h"
/* Simple routines for Huffman compression/decompression */
#include "m_initimg/simple_huffman.c"
/* -------------------------------------------------------------- */
/* --- --- */
/* --- A uniform interface to the ptrace facilities we need. --- */
/* --- --- */
/* -------------------------------------------------------------- */
typedef
struct {
pid_t pid;
Bool is64;
}
Child;
/* Read len bytes from target's rsrc to local ldst. Returns True if
error. */
static
Bool ptrace_READ_BLOCK ( Child* ch, Int len, void* ldst, Addr64 rsrc )
{
Int r;
assert(len >= 0 && len <= 1024);
r = ptrace64( PT_READ_BLOCK, (ULong)ch->pid, rsrc, len, ldst );
if (r == len)
return False; /* success */
return True; /* error */
}
/* Write len bytes to target's rdst from local lsrc. Returns True if
error. */
static
Bool ptrace_WRITE_BLOCK ( Child* child, Int len, Addr64 rdst, void* lsrc )
{
Int r;
assert(len >= 0 && len <= 1024);
r = ptrace64( PT_WRITE_BLOCK, (ULong)child->pid, rdst, len, lsrc );
if (r == len)
return False; /* success */
return True; /* error */
}
/* Read a GPR from the target. Returns True if error. */
static
Bool ptrace_READ_GPR ( Child* child, Int reg, ULong* ldst )
{
ULong w64;
UInt w32;
errno = 0;
if (child->is64) {
(void)ptrace64( PT_READ_GPR,
(ULong)child->pid, (ULong)reg, 8, (Int*)(&w64) );
if (errno != 0) return True; /* error */
} else {
w32 = ptrace64( PT_READ_GPR,
(ULong)child->pid, (ULong)reg, 0, 0 );
if (errno != 0) return True; /* error */
w64 = (ULong)w32;
}
*ldst = w64;
return False; /* success */
}
/* Write a GPR to the target. Returns True if error. */
static
Bool ptrace_WRITE_GPR ( Child* child, Int reg, ULong val )
{
ULong w64;
UInt w32;
errno = 0;
if (child->is64) {
w64 = val;
(void)ptrace64( PT_WRITE_GPR,
(ULong)child->pid, (ULong)reg, 8, (Int*)&w64 );
if (errno != 0) return True; /* error */
} else {
w32 = (UInt)val;
(void)ptrace64( PT_WRITE_GPR,
(ULong)child->pid, (ULong)reg, w32, 0 );
if (errno != 0) return True; /* error */
}
return False; /* success */
}
/* -------------------------------------------------------------- */
/* --- --- */
/* --- Helper functions --- */
/* --- --- */
/* -------------------------------------------------------------- */
/* Search the path for the client program */
static const char* find_client ( const char* clientname )
{
static char fullname[PATH_MAX];
const char *path = getenv("PATH");
const char *colon;
while (path)
{
if ((colon = strchr(path, ':')) == NULL)
{
strcpy(fullname, path);
path = NULL;
}
else
{
memcpy(fullname, path, colon - path);
fullname[colon - path] = '\0';
path = colon + 1;
}
strcat(fullname, "/");
strcat(fullname, clientname);
if (access(fullname, R_OK|X_OK) == 0)
return fullname;
}
return clientname;
}
/* Examine the given file. If it looks like valid XCOFF32 return 32,
if valid XCOFF64 return 64, else return 0. */
static Int examine_client ( const char* clientname )
{
UChar buf[16];
Int n;
FILE* f = fopen( clientname, "r" );
if (f == NULL)
return 0;
n = fread( buf, 1, 16, f );
fclose(f);
if (n != 16)
return 0;
if (buf[0] == 0x01 && buf[1] == 0xDF)
return 32; /* XCOFF32 */
if (buf[0] == 0x01 && buf[1] == 0xF7)
return 64; /* XCOFF64 */
return 0;
}
static Bool file_exists ( char* fname )
{
struct stat buf;
int r = stat(fname, &buf);
return r == 0;
}
static Addr64 ROUNDDN_PAGE ( Addr64 v )
{
ULong p = (ULong)v;
ULong a = PAGE_SIZE;
p &= ~(a-1);
return (Addr64)p;
}
static Bool IS_PAGE_ALIGNED ( Addr64 v )
{
ULong p = (ULong)v;
ULong a = PAGE_SIZE;
if (p & (a-1))
return False;
else
return True;
}
static Bool IS_8_ALIGNED ( Addr64 v )
{
ULong p = (ULong)v;
ULong a = 8;
if (p & (a-1))
return False;
else
return True;
}
/* Read a 4096-byte page from CHILD's address space at location SRC,
into local address space at DST. Returns True if error, False
otherwise.
*/
static Bool ptrace_read_page ( Child* child, UChar* ldst, Addr64 rsrc )
{
Int off;
Bool err;
assert(IS_PAGE_ALIGNED(rsrc));
off = 0;
err = ptrace_READ_BLOCK(child, 1024, ldst + off, rsrc + off);
if (err) return err;
off += 1024;
err = ptrace_READ_BLOCK(child, 1024, ldst + off, rsrc + off);
if (err) return err;
off += 1024;
err = ptrace_READ_BLOCK(child, 1024, ldst + off, rsrc + off);
if (err) return err;
off += 1024;
err = ptrace_READ_BLOCK(child, 1024, ldst + off, rsrc + off);
if (err) return err;
off += 1024;
assert(off == PAGE_SIZE);
return False;
}
/* Write a 4096-byte page from local address space at SRC to CHILD's
address space at location DST. Returns True if error, False
otherwise.
*/
static Bool ptrace_write_page ( Child* child, Addr64 rdst, UChar* lsrc )
{
Int off;
Bool err;
assert(IS_PAGE_ALIGNED(rdst));
off = 0;
err = ptrace_WRITE_BLOCK(child, 1024, rdst + off, lsrc + off);
if (err) return err;
off += 1024;
err = ptrace_WRITE_BLOCK(child, 1024, rdst + off, lsrc + off);
if (err) return err;
off += 1024;
err = ptrace_WRITE_BLOCK(child, 1024, rdst + off, lsrc + off);
if (err) return err;
off += 1024;
err = ptrace_WRITE_BLOCK(child, 1024, rdst + off, lsrc + off);
if (err) return err;
off += 1024;
assert(off == PAGE_SIZE);
return False;
}
/* Get 37 integer registers (GPR0 .. GPR31, PC, CR, LR, CTR, XER) from
CHILD into the given array. Returns True if there is any kind of
error. */
static
Bool ptrace_get_iregs_pc_cr_lr_ctr_xer (
Child* child,
/*OUT*/ULong* iregs_pc_cr_lr_ctr_xer
)
{
Int i, j;
Bool err;
for (i = GPR0; i <= GPR31; i++) {
j = i - GPR0;
assert(j >= 0 && j < 32);
err = ptrace_READ_GPR( child, i, &iregs_pc_cr_lr_ctr_xer[j] );
if (err) return err;
}
/* PC */
err = ptrace_READ_GPR( child, IAR, &iregs_pc_cr_lr_ctr_xer[32+0] );
if (err) return err;
/* CR */
err = ptrace_READ_GPR( child, CR, &iregs_pc_cr_lr_ctr_xer[32+1] );
if (err) return err;
/* LR */
err = ptrace_READ_GPR( child, LR, &iregs_pc_cr_lr_ctr_xer[32+2] );
if (err) return err;
/* CTR */
err = ptrace_READ_GPR( child, CTR, &iregs_pc_cr_lr_ctr_xer[32+3] );
if (err) return err;
/* XER */
err = ptrace_READ_GPR( child, XER, &iregs_pc_cr_lr_ctr_xer[32+4] );
if (err) return err;
return False;
}
/* Set CHILD's program counter to the given value. Returns True if
there is any kind of error. */
static
Bool ptrace_put_pc ( Child* child, ULong newpc )
{
return ptrace_WRITE_GPR( child, IAR, newpc );
}
/* Set CHILD's R31 to the given value. Returns True if there is any
kind of error. */
static
Bool ptrace_put_r31 ( Child* child, ULong newr31 )
{
return ptrace_WRITE_GPR( child, GPR31, newr31 );
}
/* ------ Instruction generators ------ */
static UInt mkFormD ( UInt opc1, UInt r1, UInt r2, UInt imm )
{
UInt theInstr;
assert(opc1 < 0x40);
assert(r1 < 0x20);
assert(r2 < 0x20);
imm = imm & 0xFFFF;
theInstr = ((opc1<<26) | (r1<<21) | (r2<<16) | (imm));
return theInstr;
}
static UInt mkFormX ( UInt opc1,
UInt r1, UInt r2, UInt r3, UInt opc2, UInt b0 )
{
UInt theInstr;
assert(opc1 < 0x40);
assert(r1 < 0x20);
assert(r2 < 0x20);
assert(r3 < 0x20);
assert(opc2 < 0x400);
assert(b0 < 0x2);
theInstr = ((opc1<<26) | (r1<<21) | (r2<<16) |
(r3<<11) | (opc2<<1) | (b0));
return theInstr;
}
static UInt mkFormXFX ( UInt r1, UInt f2, UInt opc2 )
{
UInt theInstr;
assert(r1 < 0x20);
assert(f2 < 0x20);
assert(opc2 < 0x400);
switch (opc2) {
case 144: // mtcrf
assert(f2 < 0x100);
f2 = f2 << 1;
break;
case 339: // mfspr
case 371: // mftb
case 467: // mtspr
assert(f2 < 0x400);
// re-arrange split field
f2 = ((f2>>5) & 0x1F) | ((f2 & 0x1F)<<5);
break;
default: assert(0);
}
theInstr = ((31<<26) | (r1<<21) | (f2<<11) | (opc2<<1));
return theInstr;
}
static UInt mkFormMD ( UInt opc1, UInt r1, UInt r2,
UInt imm1, UInt imm2, UInt opc2 )
{
UInt theInstr;
assert(opc1 < 0x40);
assert(r1 < 0x20);
assert(r2 < 0x20);
assert(imm1 < 0x40);
assert(imm2 < 0x40);
assert(opc2 < 0x08);
imm2 = ((imm2 & 0x1F) << 1) | (imm2 >> 5);
theInstr = ((opc1<<26) | (r1<<21) | (r2<<16) |
((imm1 & 0x1F)<<11) | (imm2<<5) |
(opc2<<2) | ((imm1 >> 5)<<1));
return theInstr;
}
static UInt mkFormXO ( UInt opc1, UInt r1, UInt r2,
UInt r3, UInt b10, UInt opc2, UInt b0 )
{
UInt theInstr;
assert(opc1 < 0x40);
assert(r1 < 0x20);
assert(r2 < 0x20);
assert(r3 < 0x20);
assert(b10 < 0x2);
assert(opc2 < 0x200);
assert(b0 < 0x2);
theInstr = ((opc1<<26) | (r1<<21) | (r2<<16) |
(r3<<11) | (b10 << 10) | (opc2<<1) | (b0));
return theInstr;
}
static UInt gen_lis_r_N ( UInt r, UInt N ) {
return mkFormD(15, r, 0, N & 0xFFFF); /* lis r,r,N */
}
static UInt gen_ori_r_r_N ( UInt r, UInt N ) {
return mkFormD(24, r, r, N & 0xFFFF); /* ori r,r,N */
}
static UInt gen_addi_rd_rs_N ( UInt rd, UInt rs, UInt N ) {
assert(rs != 0);
return mkFormD(14, rd, rs, N & 0xFFFF); /* addi rd,rs,N */
}
static UInt gen_addis_rd_rs_N ( UInt rd, UInt rs, UInt N ) {
assert(rs != 0);
return mkFormD(15, rd, rs, N & 0xFFFF); /* addis rd,rs,N */
}
static UInt gen_crorc_6_6_6 ( void ) {
return 0x4CC63342; /* crorc 6,6,6 */
}
static UInt gen_mr_rd_rs ( UInt rd, UInt rs ) {
return mkFormX(31, rs, rd, rs, 444, 0); /* or rd,rs,ts */
}
static UInt gen_bl_next ( void ) {
return 0x48000005; /* bl .+4 */
}
static UInt gen_mflr_r ( UInt r ) {
return mkFormXFX(r, 8, 339); /* mflr r */
}
static UInt gen_mtlr_r ( UInt r ) {
return mkFormXFX(r, 8, 467); /* mtlr r */
}
static UInt gen_blr ( void ) {
return 0x4E800020; /* blr */
}
__attribute__((unused))
static UInt gen_blrl ( void ) {
return 0x4E800021; /* blrl */
}
static UInt gen_add_r_N ( UInt r, UInt N ) {
return mkFormD(14, r, r, N & 0xFFFF); /* addi r,r,N */
}
static UInt gen_cmpli_cr7_r_N ( UInt r, UInt N ) {
return mkFormD(10, 7<<2, r, N & 0xFFFF); /* cmpli cr7,r,N */
}
static UInt gen_bne_cr7_delta ( UInt delta ) {
return 0x409E0000 | (delta & 0x0000FFFC); /* bne- cr7,delta */
}
__attribute__((unused))
static UInt gen_beq_cr7_delta ( UInt delta ) {
return 0x419E0000 | (delta & 0x0000FFFC); /* beq- cr7,delta */
}
static UInt gen_sc ( void ) {
return 0x44000002; /* sc */
}
static UInt gen_lwz_rd_off_ra ( UInt rd, UInt off, UInt ra ) {
return mkFormD(32, rd, ra, off); /* lwz rd, off(ra) */
}
static UInt gen_add_rd_rL_rR (UInt rd, UInt rsrcL, UInt rsrcR ) {
return mkFormXO(31, rd, rsrcL, rsrcR, 0, 266, 0);
}
static UInt gen_subf_rd_rL_rR (UInt rd, UInt rsrcL, UInt rsrcR ) {
return mkFormXO(31, rd, rsrcL, rsrcR, 0, 40, 0);
}
static Int emit_insn ( UInt* code, Int ix, UInt insn ) {
code[ix++] = insn;
return ix;
}
static Int emit_li32 ( UInt* code, Int ix, UInt rd, UInt imm32 ) {
code[ix++] = gen_lis_r_N(rd, imm32 >> 16);
if (imm32 & 0xFFFF)
code[ix++] = gen_ori_r_r_N(rd, imm32 & 0xFFFF);
return ix;
}
static Int emit_dosc ( UInt* code, Int ix ) {
/* Generate code to do a syscall and continue at the next insn.
Note: trashes r29. */
code[ix++] = gen_crorc_6_6_6();
code[ix++] = gen_bl_next();
code[ix++] = gen_mflr_r(29);
code[ix++] = gen_add_r_N(29,16);
code[ix++] = gen_mtlr_r(29);
code[ix++] = gen_sc();
return ix;
}
/* Generate 64-bit insns */
static Int emit_li64 ( UInt* code, Int ix, UInt rd, ULong imm64 ) {
if (imm64 >= 0xFFFFFFFF80000000ULL || imm64 < 0x80000000ULL) {
// sign-extendable from 32 bits
// addis rd,r0,(imm64>>16) => lis rd, (imm64>>16)
code[ix++] = mkFormD(15, rd, 0, (imm64>>16) & 0xFFFF);
// ori rd, rd, (imm64 & 0xFFFF)
code[ix++] = mkFormD(24, rd, rd, imm64 & 0xFFFF);
} else {
// load high word
// lis rd, (imm64>>48) & 0xFFFF
code[ix++] = mkFormD(15, rd, 0, (imm64>>48) & 0xFFFF);
// ori rd, rd, (imm64>>32) & 0xFFFF
code[ix++] = mkFormD(24, rd, rd, (imm64>>32) & 0xFFFF);
// shift rd low word to high word => rldicr
code[ix++] = mkFormMD(30, rd, rd, 32, 31, 1);
// load low word
// oris rd, rd, (imm64>>16) & 0xFFFF
code[ix++] = mkFormD(25, rd, rd, (imm64>>16) & 0xFFFF);
// ori rd, rd, (imm64) & 0xFFFF
code[ix++] = mkFormD(24, rd, rd, imm64 & 0xFFFF);
}
return ix;
}
static UInt gen_ld_rd_off_ra ( UInt rd, UInt off, UInt ra ) {
assert((off & 3) == 0);
return mkFormD(58, rd, ra, off); /* ld rd, off(ra) */
}
static UInt compute_adler32 ( void* addr, UWord len )
{
UInt s1 = 1;
UInt s2 = 0;
UChar* buf = (UChar*)addr;
while (len > 0) {
s1 += buf[0];
s2 += s1;
s1 %= 65521;
s2 %= 65521;
len--;
buf++;
}
return (s2 << 16) + s1;
}
/* -------------------------------------------------------------- */
/* --- --- */
/* --- BEGIN write bootstrap loader into child process --- */
/* --- --- */
/* -------------------------------------------------------------- */
/* From using truss, __loadx is used to load a module into a running
process in 32-bit mode, and kload in 64-bit mode. __loadx is
simple: it returns a pointer to a standard function descriptor to
the entry point.
kload isn't: it returns a pointer which, from examination of
/proc/<pid>/maps, doesn't point into the loaded object image. It
does appear to point to some kind of struct, words [4] and [6] of
which do point into the loaded object image. From comparison with
/proc/<pid>/maps, they are respectively the actual VMAs of the text
and data sections of the loaded module.
Knowing this it is possible to find the entry point descriptor:
- figure out where the auxiliary header is. We have a pointer to
the start of the mapped text section, so just add the size of
the XCOFF file header to that.
- figure out the data bias. We know the avma of the data section;
and the svma of it is in the auxiliary header in field
o_data_start. The data bias is therefore the difference between
them.
- The auxiliary header also gives the svma of the entry point
descriptor; (o_entry); therefore its avma is o_entry + the data
bias.
ULong* kr = (result of kload)
// r3 is this value
AOUTHDR* aux = kr[4] (text_avma) + 24 (size of XCOFF file header);
// ld 9,32(3) kr[4]
// addi 9,9,24 + 24
// 9=aux
ULong data_avma = kr[6];
// ld 11,48(3) kr[6]
// 9=aux
// 11=data_avma
ULong data_svma = aux->o_data_start;
// ld 0,16(9) aux->o_data_start
// 9=aux
// 11=data_avma
// 0=data_svma
ULong data_bias = data_avma - data_svma;
// subf 11,0,11
// 9=aux
// 11=data_bias
// 0=data_svma
ULong ent_svma = (ULong)aux->o_entry;
// ld 9,80(9) aux->o_entry
// 9=ent_svma
// 11=data_bias
// 0=data_svma
ULong ent_avma = ent_svma + data_bias;
// add 10,9,11
// 9=ent_svma
// 11=data_bias
// 0=data_svma
// 10=ent_avma
*/
#define LAUNCHER_SYSENT_SIZE 100000
static char sysent_buf[LAUNCHER_SYSENT_SIZE];
/* The executable loaded must have no more than N_LDINFOs direct
shared-object dependencies. Just increase this value and rebuild,
if you ever run out. We have two arrays, one for each kind of
target process. */
#define N_LDINFOs 1000
static struct __ld_info32 ld_info32_array[N_LDINFOs];
static struct __ld_info64 ld_info64_array[N_LDINFOs];
static
UChar* bootstrap_errmsg
= "\nvalgrind: bootstrap loader failed. Cannot continue.\n\n";
/* Write the bootstrap loader and associated data (iow, an
AIX5Bootblock structure) into CHILD, so that when
ptrace-detached, it will continue by loading TOOLNAME and
continuing with that. Returns NULL on success or an error string
on failure. */
static char* write_bootstrap_loader_into_child
( Child* child, char* toolfile )
{
/* ------ STEP 1: Fill in most parts of the bootblock. ------ */
/* All parts except code[], off_zdata and len_zdata. */
AIX5Bootblock block;
VG_(debugLog)(1, "launcher", "parent: size of bootblock is %ld\n",
sizeof(AIX5Bootblock));
assert(IS_8_ALIGNED( sizeof(AIX5Bootblock) ));
memset(&block, 0, sizeof(block));
/* --- OFFSETS--- */
/* off_zdata not known yet */
/* len_zdata not known yet */
/* --- SYSCALL NUMBERS --- */
/* Read some system call entries from the child's
/proc/<pid>/sysent file. */
char sysent_name[50];
FILE* sysent_file;
int sysent_used = 0;
prsysent_t* sysent_hdr;
int i;
VG_(debugLog)(1, "launcher",
"parent: reading child's /proc/../sysent\n");
sprintf(sysent_name, "/proc/%d/sysent", child->pid);
sysent_file = fopen(sysent_name, "r");
if (sysent_file == NULL)
return "Can't open child's /proc/<pid>/sysent file";
sysent_used = fread(sysent_buf, 1, LAUNCHER_SYSENT_SIZE, sysent_file);
if (sysent_used == 0)
return "Error reading child's /proc/<pid>/sysent file";
if (sysent_used == LAUNCHER_SYSENT_SIZE)
return "LAUNCHER_SYSENT_SIZE is too low; increase and recompile";
assert(sysent_used > 0 && sysent_used < LAUNCHER_SYSENT_SIZE);
fclose(sysent_file);
sysent_hdr = (prsysent_t*)&sysent_buf[0];
/* Find some syscall numbers for the child. */
Int __nr__getpid = -1;
Int __nr_kwrite = -1;
Int __nr___loadx = -1; /* 32-bit child only */
Int __nr_kload = -1; /* 64-bit child only */
Int __nr__exit = -1;
Int __nr_open = -1;
Int __nr_kread = -1;
Int __nr_close = -1;
for (i = 0; i < sysent_hdr->pr_nsyscalls; i++) {
char* name = &sysent_buf[ sysent_hdr->pr_syscall[i].pr_nameoff ];
int nmbr = sysent_hdr->pr_syscall[i].pr_number;
if (0 == strcmp(name, "_getpid"))
__nr__getpid = nmbr;
if (0 == strcmp(name, "kwrite"))
__nr_kwrite = nmbr;
if (0 == strcmp(name, "__loadx"))
__nr___loadx = nmbr;
if (0 == strcmp(name, "kload"))
__nr_kload = nmbr;
if (0 == strcmp(name, "_exit"))
__nr__exit = nmbr;
if (0 == strcmp(name, "open"))
__nr_open = nmbr;
if (0 == strcmp(name, "kread"))
__nr_kread = nmbr;
if (0 == strcmp(name, "close"))
__nr_close = nmbr;
}
if (__nr__getpid == -1
|| __nr_kwrite == -1
|| ((!child->is64) && __nr___loadx == -1)
|| ((child->is64) && __nr_kload == -1)
|| __nr__exit == -1
|| __nr_open == -1
|| __nr_kread == -1
|| __nr_close == -1)
return "can't establish syscall #s needed for bootstrap";
block.__NR_getpid = __nr__getpid;
block.__NR_write = __nr_kwrite;
block.__NR_exit = __nr__exit;
block.__NR_open = __nr_open;
block.__NR_read = __nr_kread;
block.__NR_close = __nr_close;
/* --- REGS --- */
/* Continue by copying out the child's current integer register
state. */
VG_(debugLog)(1, "launcher",
"parent: reading child's int registers\n");
Bool err = ptrace_get_iregs_pc_cr_lr_ctr_xer
( child, &block.iregs_pc_cr_lr_ctr_xer[0] );
if (err)
return "read of child's int registers failed";
/* --- CODE --- */
/* We'll leave that till last (is difficult). */
/* --- ERRMSG --- */
if (1 + strlen(bootstrap_errmsg) > N_BOOTBLOCK_ERRMSG)
return "bootstrap error message won't fit in bootblock";
for (i = 0; bootstrap_errmsg[i]; i++)
block.errmsg[i] = bootstrap_errmsg[i];
assert(i <= N_BOOTBLOCK_ERRMSG);
/* --- TOOLFILE --- */
if (1 + strlen(toolfile) > N_BOOTBLOCK_TOOLFILE)
return "tool file path is too long, won't fit in bootblock";
for (i = 0; toolfile[i]; i++)
block.toolfile[i] = toolfile[i];
assert(i <= N_BOOTBLOCK_TOOLFILE);
/* ------ STEP 2: Generate the bootblock code. ------ */
VG_(debugLog)(1, "launcher",
"parent: creating bootblock code ..\n");
/* This is the tricky bit. The resulting code has to be position
independent since we don't yet know where it's going to be
placed. The code is entered with r31 pointing at the bootblock.
r29-31 are callee-saved, so presumably they don't get trashed
across syscalls. r30 is used as scratch, and r29 is also used
as scratch by 'emit_dosc'. */
/* Preliminaries: to do a syscall, we have to do 'crorc 6,6,6' and
put the continuation address in LR, which is a bit of a drag.
Hence the following macro:
SYSCALL_SEQUENCE = crorc 6,6,6
bl .+4
mflr 29
addi 29,29,16
mtlr 29
sc
Also: 'imm' is an imaginary instruction to get a 32-bit literal into
a register. It's really li followed by oris.
*/
/* So, the code. First, prepare for and do a _loadx syscall, to
get the tool aboard:
addis 1, 1, -4
imm 2, __NR__loadx
imm 3, VKI_DL_LOAD
mr 4, 1
imm 5, 3<<16
addi 6, 31, offset_of_toolfile
mr 7, 4
mr 8, 4
mr 9, 4
mr 10,4
SYSCALL_SEQUENCE
addis 1, 1, 4
If the syscall failed, r4 will be nonzero. Branch elsewhere if so.
cmpi 4, 0
bne error
*/
int ix = 0;
# if 1
# define TRAP \
do { \
ix=emit_insn( &block.code[0],ix, 0x7fe00008 ); } \
while (0)
# define SEGV \
do { \
if (child->is64) { \
ix=emit_li64( &block.code[0],ix, 28,0); \
ix=emit_insn( &block.code[0],ix, \
gen_ld_rd_off_ra(27,0xfffc,28)); \
} else { \
ix=emit_li32( &block.code[0],ix, 28,0); \
ix=emit_insn( &block.code[0],ix, \
gen_lwz_rd_off_ra(27,0xffff,28)); \
} \
} while (0)
# define ILL \
do { \
ix=emit_insn( &block.code[0],ix, 0 ); } \
while (0)
# endif
if (child->is64) {
/* 64-bit sequence */
/* Set up for 'sys_kload(toolfile, 0, 0)'
li64 2, __NR_kload
addi 3, 31, offset_toolfile
li64 4, 0
mr 5, 4
mr 6, 4
mr 7, 4
mr 8, 4
mr 9, 4
mr 10,4
SYSCALL_SEQUENCE
// if kload failed, r3 will hold zero
cmpdi 3,0
beq error
// from result of kload, figure out entry point address
// as described above
ld 9,32(3)
addi 9,9,24
ld 11,48(3)
ld 0,16(9)
subf 11,0,11
ld 9,80(9)
add 10,9,11 // r10 is entry descriptor avma
void(*fn)(void*) = (void(*)(void*))ent_avma;
fn();
ld 9,0(10)
mtlr 9
ld 2,8(10)
ld 11,16(10)
mr 3,31 // arg to pass
blr
*/
ix = emit_li64( &block.code[0],ix, 2, __nr_kload );
ix = emit_insn( &block.code[0],ix,
gen_addi_rd_rs_N(3,31,offsetof(AIX5Bootblock,toolfile)));
ix = emit_li64( &block.code[0],ix, 4, 0 );
ix = emit_insn( &block.code[0],ix, gen_mr_rd_rs(5,4) );
ix = emit_insn( &block.code[0],ix, gen_mr_rd_rs(6,4) );
ix = emit_insn( &block.code[0],ix, gen_mr_rd_rs(7,4) );
ix = emit_insn( &block.code[0],ix, gen_mr_rd_rs(8,4) );
ix = emit_insn( &block.code[0],ix, gen_mr_rd_rs(9,4) );
ix = emit_insn( &block.code[0],ix, gen_mr_rd_rs(10,4) );
ix = emit_dosc( &block.code[0],ix );
ix = emit_insn( &block.code[0],ix, gen_cmpli_cr7_r_N(3,0) );
Int ix_beq = ix; /* Patch this later */
ix = emit_insn( &block.code[0],ix, 0 );
ix = emit_insn( &block.code[0],ix, gen_ld_rd_off_ra( 9, 32, 3 ) );
ix = emit_insn( &block.code[0],ix, gen_addi_rd_rs_N( 9, 9, 24 ) );
ix = emit_insn( &block.code[0],ix, gen_ld_rd_off_ra( 11, 48, 3 ) );
ix = emit_insn( &block.code[0],ix, gen_ld_rd_off_ra( 0, 16, 9 ) );
ix = emit_insn( &block.code[0],ix, gen_subf_rd_rL_rR( 11, 0, 11 ) );
ix = emit_insn( &block.code[0],ix, gen_ld_rd_off_ra( 9, 80, 9 ) );
ix = emit_insn( &block.code[0],ix, gen_add_rd_rL_rR( 10, 9, 11 ) );
ix = emit_insn( &block.code[0],ix, gen_ld_rd_off_ra( 9, 0, 10 ) );
ix = emit_insn( &block.code[0],ix, gen_mtlr_r( 9 ) );
ix = emit_insn( &block.code[0],ix, gen_ld_rd_off_ra( 2, 8, 10 ) );
ix = emit_insn( &block.code[0],ix, gen_ld_rd_off_ra( 11, 16, 10 ) );
ix = emit_insn( &block.code[0],ix, gen_mr_rd_rs(3, 31) );
ix = emit_insn( &block.code[0],ix, gen_blr() );
TRAP;
assert(ix <= N_BOOTBLOCK_INSNS);
/* error:
We get here if the kload syscall fails. Write a terse message
to stderr saying so, then exit, carrying the error code of the
kload call. The latter is saved in r30 across the write() call.
mr 30,4 (4 contains the error result from kload)
imm 2, __NR_write
imm 3,2 (2=stderr)
addi 4, 31, offset_of_errormsg
imm 5, length(errormsg)
SYSCALL_SEQUENCE
imm 2, __NR_exit
mr 3, 30
SYSCALL_SEQUENCE
Well, we shouldn't be alive here. But just in case we do, put
a zero word, which will generate SIGILL and definitely stop the
party.
.word 0
*/
/* fill in the conditional jump */
(void)emit_insn( &block.code[0],ix_beq,
gen_beq_cr7_delta(4*(ix-ix_beq)));
ix = emit_insn( &block.code[0],ix, gen_mr_rd_rs(30,4) );
ix = emit_li64( &block.code[0],ix, 2, __nr_kwrite);
ix = emit_li64( &block.code[0],ix, 3, 2);
ix = emit_insn( &block.code[0],ix,
gen_addi_rd_rs_N(4,31,offsetof(AIX5Bootblock,errmsg)));
ix = emit_li64( &block.code[0],ix, 5, strlen(bootstrap_errmsg));
ix = emit_dosc( &block.code[0],ix );
ix = emit_li64( &block.code[0],ix, 2, __nr__exit);
ix = emit_insn( &block.code[0],ix, gen_mr_rd_rs(3,30) );
ix = emit_dosc( &block.code[0],ix );
ix = emit_insn( &block.code[0],ix, 0 );
assert(ix <= N_BOOTBLOCK_INSNS);
} else {
/* 32-bit sequence */
ix = emit_insn( &block.code[0],ix,
gen_addis_rd_rs_N(1,1,-4) );
ix = emit_li32( &block.code[0],ix, 2, __nr___loadx );
ix = emit_li32( &block.code[0],ix, 3, VKI_DL_LOAD );
ix = emit_insn( &block.code[0],ix, gen_mr_rd_rs(4,1) );
ix = emit_li32( &block.code[0],ix, 5, 3<<16 );
ix = emit_insn( &block.code[0],ix,
gen_addi_rd_rs_N(6,31,offsetof(AIX5Bootblock,toolfile)));
ix = emit_li32( &block.code[0],ix, 7, 0);
ix = emit_insn( &block.code[0],ix, gen_mr_rd_rs(8,7) );
ix = emit_insn( &block.code[0],ix, gen_mr_rd_rs(9,7) );
ix = emit_insn( &block.code[0],ix, gen_mr_rd_rs(10,7) );
ix = emit_dosc( &block.code[0],ix );
ix = emit_insn( &block.code[0],ix,
gen_addis_rd_rs_N(1,1,4) );
ix = emit_insn( &block.code[0],ix, gen_cmpli_cr7_r_N(4,0) );
Int ix_bne = ix; /* Patch this later */
ix = emit_insn( &block.code[0],ix, 0 );
assert(ix <= N_BOOTBLOCK_INSNS);
/* Looks like we're good. r3 now points at a standard function
descriptor for the entry point of the module we just loaded.
Load r2/r11 from the descriptor, then put the address of the
bootstrap area in r3, and jump to the code address. Not a
call -- we don't intend to return here. Note, must use r30
as scratch here since r31 is live.
lwz 30, 0(3)
mtlr 30
lwz 2, 4(3)
lwz 11, 8(3)
mr 3, 31
blr
*/
ix = emit_insn( &block.code[0],ix, gen_lwz_rd_off_ra(30, 0, 3));
ix = emit_insn( &block.code[0],ix, gen_mtlr_r(30) );
ix = emit_insn( &block.code[0],ix, gen_lwz_rd_off_ra( 2, 4, 3));
ix = emit_insn( &block.code[0],ix, gen_lwz_rd_off_ra(11, 8, 3));
ix = emit_insn( &block.code[0],ix, gen_mr_rd_rs(3,31));
ix = emit_insn( &block.code[0],ix, gen_blr() );
assert(ix <= N_BOOTBLOCK_INSNS);
/* error:
We get here if the _loadx syscall fails. Write a terse message
to stderr saying so, then exit, carrying the error code of the
_loadx call. The latter is saved in r30 across the write() call.
mr 30,4 (4 contains the error result from __loadx)
imm 2, __NR_write
imm 3,2 (2=stderr)
addi 4, 31, offset_of_errormsg
imm 5, length(errormsg)
SYSCALL_SEQUENCE
imm 2, __NR_exit
mr 3, 30
SYSCALL_SEQUENCE
Well, we shouldn't be alive here. But just in case we do, put
a zero word, which will generate SIGILL and definitely stop the
party.
.word 0
*/
/* fill in the conditional jump */
(void)emit_insn( &block.code[0],ix_bne,
gen_bne_cr7_delta(4*(ix-ix_bne)));
ix = emit_insn( &block.code[0],ix, gen_mr_rd_rs(30,4) );
ix = emit_li32( &block.code[0],ix, 2, __nr_kwrite);
ix = emit_li32( &block.code[0],ix, 3, 2);
ix = emit_insn( &block.code[0],ix,
gen_addi_rd_rs_N(4,31,offsetof(AIX5Bootblock,errmsg)));
ix = emit_li32( &block.code[0],ix, 5, strlen(bootstrap_errmsg));
ix = emit_dosc( &block.code[0],ix );
ix = emit_li32( &block.code[0],ix, 2, __nr__exit);
ix = emit_insn( &block.code[0],ix, gen_mr_rd_rs(3,30) );
ix = emit_dosc( &block.code[0],ix );
ix = emit_insn( &block.code[0],ix, 0 );
assert(ix <= N_BOOTBLOCK_INSNS);
}
VG_(debugLog)(1, "launcher",
"parent: .. %d instructions emitted\n", ix);
# if 0
for (i = 0; i < ix; i++) {
if (0) printf("code[%d] = 0x%08x\n", i, block.code[i]);
char buff[100];
sprintf(buff, "echo 0x%x | ./ascii2u32", block.code[i]);
system(buff);
}
# endif
/* ------ STEP 3: Find out where to place stuff in the child. ------ */
/* We'll have to hijack some space in the data section of the main
executable. First off, find the first and last pages of said
data section. We can't use the text section, because the child
is unable to write to its own text section, to undo the
compression of the hijacked page. We can't use the stack
because it appears, although stacks in AIX 5.3 appear to be
executable, the child gets SIGKILL'd after the ptrace detach if
its program counter is pointing into its stack. The data
section of the main executable appears to be executable, though,
so use that.
This requires wading though the list of loaded modules in the
child, to find the main executable. */
long lr;
if (child->is64) {
lr = ptrace64(PT_LDINFO, (ULong)child->pid,
(ULong)(UWord)&ld_info64_array,
sizeof(ld_info64_array), 0/*ignored*/);
} else {
lr = ptrace64(PT_LDINFO, (ULong)child->pid,
(ULong)(UWord)&ld_info32_array,
sizeof(ld_info32_array), 0/*ignored*/);
}
VG_(debugLog)(1, "launcher", "parent: ptrace PT_LDINFO got %ld\n", lr);
if (lr == -1)
return "ptrace(PT_LDINFO, ...) failed";
else
assert(lr == 0);
/* We have to iterate through the entire array to close the object
files that this has opened. Duh. */
if (child->is64) {
char* p = (char*)&ld_info64_array;
while (1) {
struct __ld_info64* info = (struct __ld_info64*)p;
VG_(debugLog)(1,
"launcher", "parent: text 0x%llx-0x%llx data 0x%llx-0x%llx\n",
(Addr64)info->ldinfo_textorg,
(Addr64)info->ldinfo_textorg + (Addr64)info->ldinfo_textsize,
(Addr64)info->ldinfo_dataorg,
(Addr64)info->ldinfo_dataorg + (Addr64)info->ldinfo_datasize
);
Int ir = close(info->_file._ldinfo_fd);
assert(ir == 0);
/* The last entry in the array is marked by having a zero
offset-link field. */
if (info->ldinfo_next == 0)
break;
p += info->ldinfo_next;
}
} else {
char* p = (char*)&ld_info32_array;
while (1) {
struct __ld_info32* info = (struct __ld_info32*)p;
VG_(debugLog)(1,
"launcher", "parent: text 0x%llx-0x%llx data 0x%llx-0x%llx\n",
(Addr64)(UWord)info->ldinfo_textorg,
(Addr64)(UWord)info->ldinfo_textorg + info->ldinfo_textsize,
(Addr64)(UWord)info->ldinfo_dataorg,
(Addr64)(UWord)info->ldinfo_dataorg + info->ldinfo_datasize
);
Int ir = close(info->_file._ldinfo_fd);
assert(ir == 0);
/* The last entry in the array is marked by having a zero
offset-link field. */
if (info->ldinfo_next == 0)
break;
p += info->ldinfo_next;
}
}
/* The first entry in that array -- and it is guaranteed to to have
at least one entry -- is that of the the main executable. We
need to put our bootblock in one of the pages the main
executable's data segment. The abovementioned AIX 'ptrace'
documentation says:
To allow a debugger to generate code more easily (in order to
handle fast trap instructions, for example), memory from the
end of the main program up to the next segment boundary can be
modified. That memory is read-only to the process but can be
modified by the debugger.
which would be great if it actually worked reliably; but not so.
On AIX 5.2 this is true, but on 5.3 it appears to be impossible
to read or write (via ptrace) anything beyond the last page of
the executable's text section.
*/
Addr64 c_cand_text_first, c_cand_text_last;
if (child->is64) {
c_cand_text_first
= (Addr64)ld_info64_array[0].ldinfo_dataorg;
c_cand_text_last
= c_cand_text_first
+ ld_info64_array[0].ldinfo_datasize - 1;
} else {
c_cand_text_first
= (Addr64)(UWord)ld_info32_array[0].ldinfo_dataorg;
c_cand_text_last
= c_cand_text_first
+ ld_info32_array[0].ldinfo_datasize - 1;
}
VG_(debugLog)(1, "launcher",
"parent: candidate first 0x%llx last 0x%llx\n",
c_cand_text_first, c_cand_text_last);
/* Page align the text section limits. */
Addr64 c_first_page = ROUNDDN_PAGE( c_cand_text_first );
Addr64 c_last_page = ROUNDDN_PAGE( c_cand_text_last );
/* It's safe to try out any page p satisfying
c_first_page <= p && p <= c_last_page
*/
/* CHOOSE A PAGE. Do a test compression of available pages until
we find one for which compression yields enough free space to
put the bootblock in. */
Int zsize;
Addr64 c_chosen_page = 0;
Addr64 c_page;
UChar p_page_unzbuf[PAGE_SIZE];
UChar p_page_unzbuf2[PAGE_SIZE];
UChar p_page_zbuf[PAGE_SIZE + 384 + 8/*paranoia*/];
for (c_page = c_first_page; c_page <= c_last_page; c_page += PAGE_SIZE) {
assert(IS_PAGE_ALIGNED(c_page));
err = ptrace_read_page( child, p_page_unzbuf, c_page );
if (err)
return "read of page from child failed(1)";
zsize = Huffman_Compress(p_page_unzbuf, p_page_zbuf, PAGE_SIZE);
assert(zsize >= 0 && zsize <= PAGE_SIZE + 384);
/* Do a test decompression, to check the compress/decompress
cycle works properly */
Huffman_Uncompress( p_page_zbuf, p_page_unzbuf2,
PAGE_SIZE + 384, PAGE_SIZE);
assert(0 == memcmp(p_page_unzbuf, p_page_unzbuf2, PAGE_SIZE));
VG_(debugLog)(1, "launcher",
"parent: page 0x%llx has %d usable bytes\n",
c_page, PAGE_SIZE - zsize);
if ( (Int)(PAGE_SIZE - zsize)
>= (Int)sizeof(AIX5Bootblock)+8/*paranoia*/) {
c_chosen_page = c_page;
break;
}
}
if (c_chosen_page == NULL)
return "can't find a page with enough free space for bootblock";
/* Compress the chosen page, leaving the compressed data at the
start of the page, and put the bootblock at the end of the
page. */
VG_(debugLog)(1, "launcher",
"parent: reading page at 0x%llx\n", c_chosen_page);
err = ptrace_read_page( child, p_page_unzbuf, c_chosen_page );
if (err)
return "read of page from child failed(2)";
block.adler32 = compute_adler32( p_page_unzbuf, PAGE_SIZE );
VG_(debugLog)(1, "launcher",
"parent: adler32 of unz page is 0x%x\n", block.adler32);
memset(p_page_zbuf, 0, sizeof(p_page_zbuf));
zsize = Huffman_Compress(p_page_unzbuf, p_page_zbuf, PAGE_SIZE);
assert(zsize >= 0 && zsize <= PAGE_SIZE + 384);
assert(PAGE_SIZE - zsize >= sizeof(AIX5Bootblock)+8/*paranoia*/);
UChar* p_dst = p_page_zbuf + PAGE_SIZE - sizeof(AIX5Bootblock);
Addr64 c_dst = c_chosen_page + PAGE_SIZE - sizeof(AIX5Bootblock);
assert(IS_8_ALIGNED(c_dst));
VG_(debugLog)(1, "launcher",
"parent: free space starts at 0x%llx in child\n",
c_chosen_page + zsize);
VG_(debugLog)(1, "launcher",
"parent: bootblock will be at 0x%llx in child\n",
c_dst);
*(AIX5Bootblock*)p_dst = block;
VG_(debugLog)(1, "launcher",
"parent: writing page at 0x%llx\n", c_chosen_page);
err = ptrace_write_page( child, c_chosen_page, p_page_zbuf );
if (err)
return "write of page to child failed";
/* Do a test read back to ensure ptrace didn't screw up. */
err = ptrace_read_page( child, p_page_unzbuf2, c_chosen_page );
if (err)
return "test read back of boot page failed (1)";
if (0 != memcmp(p_page_zbuf, p_page_unzbuf2, PAGE_SIZE))
return "test read back of boot page failed (2)";
/* Finally .. set the program counter so that when we detach, our
magic stub is run, not the original program. */
VG_(debugLog)(1, "launcher",
"parent: set child's pc to 0x%llx\n",
c_dst + offsetof(AIX5Bootblock,code) );
err = ptrace_put_pc ( child, c_dst + offsetof(AIX5Bootblock,code) );
if (err)
return "write of new initial pc into child failed";
VG_(debugLog)(1, "launcher",
"parent: set child's r31 to 0x%llx\n", c_dst);
err = ptrace_put_r31 ( child, c_dst );
if (err)
return "write of new r31 into child failed";
return NULL; /* success */
}
/* -------------------------------------------------------------- */
/* --- --- */
/* --- END write bootstrap loader into child process --- */
/* --- --- */
/* -------------------------------------------------------------- */
static void barf ( int exitcode, char* argv0, char* msg )
{
fprintf(stderr, "%s: %s\n", argv0, msg);
exit(exitcode);
}
int main ( int argc, char** argv, char** envp )
{
Child child;
Int i, loglevel;
const char *toolname = NULL;
char *clientname = NULL;
/* First, look in our own /proc/<pid>/sysent file to find
the syscall numbers for kwrite and _getpid. These are needed
to make the VG_(debugLog) usable. We'll temporarily use
the sysent_buf used by write_bootstrap_loader_into_child for this
purpose. */
char sysent_name[50];
FILE* sysent_file;
int sysent_used = 0;
prsysent_t* sysent_hdr;
child.pid = 0;
child.is64 = False;
sprintf(sysent_name, "/proc/%d/sysent", getpid());
sysent_file = fopen(sysent_name, "r");
if (sysent_file == NULL)
barf(1, argv[0], "Can't open my own /proc/<pid>/sysent file");
sysent_used = fread(sysent_buf, 1, LAUNCHER_SYSENT_SIZE, sysent_file);
if (sysent_used == 0)
barf(1, argv[0], "Error reading my own /proc/<pid>/sysent file");
if (sysent_used == LAUNCHER_SYSENT_SIZE)
barf(1, argv[0], "LAUNCHER_SYSENT_SIZE is too low; increase and recompile");
assert(sysent_used > 0 && sysent_used < LAUNCHER_SYSENT_SIZE);
fclose(sysent_file);
sysent_hdr = (prsysent_t*)&sysent_buf[0];
/* Find some syscall numbers for the child. Note, we copy them
from our own /proc/../sysent file, which isn't really right. */
Word __nr__getpid = -1;
Word __nr_kwrite = -1;
for (i = 0; i < sysent_hdr->pr_nsyscalls; i++) {
char* name = &sysent_buf[ sysent_hdr->pr_syscall[i].pr_nameoff ];
int nmbr = sysent_hdr->pr_syscall[i].pr_number;
if (0 == strcmp(name, "_getpid"))
__nr__getpid = nmbr;
if (0 == strcmp(name, "kwrite"))
__nr_kwrite = nmbr;
}
if (__nr__getpid == -1 || __nr_kwrite == -1)
barf(1, argv[0], "can't establish syscall #s needed for startup");
/* "Tell" m_vkiscnums about them */
__NR_getpid = __nr__getpid;
__NR_write = __nr_kwrite;
/* Right, now we're safe to start the debug logging system. */
/* Start the debugging-log system ASAP. First find out how many
"-d"s were specified. This is a pre-scan of the command line.
At the same time, look for the tool name. */
loglevel = 0;
for (i = 1; i < argc; i++) {
if (argv[i][0] != '-') {
clientname = argv[i];
break;
}
if (0 == strcmp(argv[i], "--")) {
if (i+1 < argc)
clientname = argv[i+1];
break;
}
if (0 == strcmp(argv[i], "-d"))
loglevel++;
if (0 == strncmp(argv[i], "--tool=", 7))
toolname = argv[i] + 7;
}
/* ... and start the debug logger. Now we can safely emit logging
messages all through startup. */
VG_(debugLog_startup)(loglevel, "Stage 1");
/* Make sure we know which tool we're using */
if (toolname) {
VG_(debugLog)(1, "launcher", "tool '%s' requested\n", toolname);
} else {
VG_(debugLog)(1, "launcher",
"no tool requested, defaulting to 'memcheck'\n");
toolname = "memcheck";
}
/* Do some preliminary sanity checks */
long pagesize = sysconf(_SC_PAGESIZE);
if (pagesize != 4096)
barf(1, argv[0], "config error: sysconf(_SC_PAGESIZE) is not 4096");
assert(PAGE_SIZE == 4096); /* stay sane */
const char* valgrind_lib = VG_LIBDIR;
/* If there is no program to run, which will be the case if the
user just does "valgrind --help", etc, run a dummy do-nothing
program so at least the tool can get started and handle the
--help/--version etc. It spots the fact that this is a dummy
program and acts like it was started with no program, hence
behaving the same as the Linux ports would have. */
if (clientname == NULL) {
Int j;
char** new_argv;
const char* noop_exe_name = "no_op_client_for_valgrind";
const char* up_n_bindir = "/../../bin";
clientname = malloc(strlen(valgrind_lib) + strlen(up_n_bindir)
+ 2 + strlen(noop_exe_name));
if (clientname == NULL) {
fprintf(stderr,"%s: malloc of clientname failed\n", argv[0]);
return 1;
}
sprintf(clientname, "%s%s/%s", valgrind_lib, up_n_bindir, noop_exe_name);
/* now we have to add it to the end of argv, which means making
that one word longer. How tedious. */
for (j = 0; argv[j]; j++)
;
j += 2;
new_argv = calloc(j, sizeof(char*));
if (new_argv == NULL) {
fprintf(stderr,"%s: malloc of new_argv failed\n", argv[0]);
return 1;
}
for (i = 0; i < j-2; i++)
new_argv[i] = argv[i];
new_argv[j-2] = clientname;
assert(new_argv[j-1] == NULL);
argv = new_argv;
argc++;
}
if (argc < 2 || toolname == NULL || clientname == NULL)
barf(1, argv[0], "usage: valgrind [args-for-valgrind] prog args");
/* Find the client, and figure out if it's a 32- or 64-bit
executable. */
VG_(debugLog)(1, "launcher", "searching for client in $PATH\n");
if (strchr(clientname, '/') == NULL)
clientname = (char*)find_client(clientname);
VG_(debugLog)(1, "launcher", "found %s\n", clientname);
Int client_exekind = examine_client ( clientname );
switch (client_exekind) {
case 32:
child.is64 = False;
break;
case 64:
child.is64 = True;
break;
default:
fprintf(stderr, "%s: requested executable %s\n",
argv[0], clientname);
fprintf(stderr, "%s: not found, or is not a valid XCOFF32 "
"or XCOFF64 executable.\n", argv[0]);
return 1;
}
VG_(debugLog)(1, "launcher", "client is an XCOFF%d executable\n",
client_exekind);
const char* platform = child.is64 ? "ppc64-aix5" : "ppc32-aix5";
VG_(debugLog)(1, "launcher", "looking for the tool file\n");
char* toolfile = malloc(strlen(valgrind_lib)
+ strlen(toolname) + strlen(platform) + 3);
if (toolfile == NULL) {
fprintf(stderr,"%s: malloc of toolfile failed\n", argv[0]);
return 1;
}
sprintf(toolfile, "%s/%s-%s", valgrind_lib, toolname, platform);
if (!file_exists(toolfile)) {
fprintf(stderr,"%s: can't stat %s\n", argv[0], toolfile);
return 1;
}
/* Force the client to use a 1:1 threading model - this works
because the client inherits our environment. */
VG_(debugLog)(1, "launcher", "doing putenv(\"AIXTHREAD_SCOPE=S\")\n");
Int putenv_err = putenv("AIXTHREAD_SCOPE=S");
if (putenv_err) {
fprintf(stderr,"%s: putenv(\"AIXTHREAD_SCOPE=S\") failed\n", argv[0]);
return 1;
}
VG_(debugLog)(1, "launcher", "doing putenv(\"MP_SHARED_MEMORY=no\")\n");
putenv_err = putenv("MP_SHARED_MEMORY=no");
if (putenv_err) {
fprintf(stderr,"%s: putenv(\"MP_SHARED_MEMORY=no\") failed\n", argv[0]);
return 1;
}
/* Find out what the current working directory is, and stuff it into the
environment so that the child can find it. */
char wd_buf[4096];
memset(wd_buf, 0, sizeof(wd_buf));
if (getcwd(wd_buf, sizeof(wd_buf)-1) == NULL) {
fprintf(stderr,"%s: getcwd(..) failed\n", argv[0]);
return 1;
}
assert(wd_buf[ sizeof(wd_buf)-1 ] == 0);
char* set_cwd = calloc(1, 100+sizeof(wd_buf));
if (set_cwd == NULL) {
fprintf(stderr,"%s: calloc of set_cwd failed\n", argv[0]);
return 1;
}
sprintf(set_cwd, "VALGRIND_STARTUP_PWD_%d_XYZZY=%s", getpid(), wd_buf);
VG_(debugLog)(1, "launcher", "doing putenv(\"%s\")\n", set_cwd);
putenv_err = putenv(set_cwd);
if (putenv_err) {
fprintf(stderr,"%s: putenv(\"VALGRIND_STARTUP_PWD_...\") failed\n",
argv[0]);
return 1;
}
/* Also, cook up the fully qualified name of this executable. The
following is a kludge, but I don't see how to really get the
fully qualified name on AIX. */
char* up_n_down = "/../../bin/valgrind";
char* launcher = malloc(strlen(valgrind_lib)
+ strlen(up_n_down) + 2);
if (launcher == NULL) {
fprintf(stderr,"%s: malloc of launcher failed\n", argv[0]);
return 1;
}
sprintf(launcher, "%s%s", valgrind_lib, up_n_down);
if (!file_exists(launcher)) {
fprintf(stderr,"%s: can't stat %s\n", argv[0], launcher);
return 1;
}
/* First, fork.
In the child, ask for a ptrace, then exec argv[2 ..]. This
causes the kernel to complete the exec, hence loading the
child, but does not start it; instead the child remains frozen
so that the parent can mess with it via ptrace().
*/
VG_(debugLog)(1, "launcher", "doing fork()\n");
child.pid = fork();
if (child.pid == -1) {
fprintf(stderr,"%s: fork() failed\n", argv[0]);
return 1;
}
if (child.pid == 0) {
/* --- CHILD --- */
VG_(debugLog)(1, "launcher", "child: before ptrace\n");
long rl = ptrace64(PT_TRACE_ME, 0,0,0,0);
if (rl != 0) {
fprintf(stderr,"%s: child: ptrace(PT_TRACE_ME, ...) failed\n", argv[0]);
fprintf(stderr,"%s: ", argv[0]);
perror(NULL);
fflush(stderr);
_exit(1);
}
VG_(debugLog)(1, "launcher", "child: before execve\n");
/* make VALGRIND_LAUNCHER point at something plausible. */
VG_(debugLog)(1, "launcher", "child: launcher = %s\n", launcher);
int r = setenv("VALGRIND_LAUNCHER", launcher, 1/*overwrite*/);
if (r) {
/* setenv failed. */
fprintf(stderr,"%s: child: setenv failed\n", argv[0]);
fprintf(stderr,"%s: ", argv[0]);
perror(NULL);
fflush(stderr);
_exit(1);
/* NOTREACHED */
}
/* This is kind-of strange. We're execvp-ing the client but
argv[0] is the toolname, which is irrelevant - m_main ignores
it. However, setting it like this at least makes m_main's
view of the world (as far as the argv goes) look the same as
it does in Linux-land:
tool-exe-name [args for V] client-name [args for client]
*/
argv[0] = toolfile;
int ri = execvp(clientname, &argv[0]);
/* WE ONLY GET HERE IF execve FAILED */
assert(ri == -1);
fprintf(stderr,"%s: exec failed: %s: ", argv[0], clientname);
perror("");
return 1;
/* NOTREACHED */
}
/* --- PARENT --- */
VG_(debugLog)(1, "launcher", "parent: waitpid-ing for child\n");
int status;
/* Wait to hear back from the child. */
pid_t p2 = waitpid(child.pid, &status, 0);
/* We could hear back for two reasons. (1) the exec was
successful, and because the child is being ptraced, it is now
waiting for the parent. (2) the exec failed, and so the child
did _exit(). */
VG_(debugLog)(1, "launcher", "parent: waitpid got pid %d\n", (int)p2);
VG_(debugLog)(1, "launcher", "parent: waitpid got status 0x%x\n", status);
assert(p2 == child.pid); /* Huh?! We only have one child. */
if (WIFEXITED(status)) {
/* Case (2) - exec failed. */
fprintf(stderr, "parent: child's exec failed.\n");
return 0;
}
/* else case (1) must apply */
assert(WIFSTOPPED(status));
/* ------ BEGIN write bootstrap pages into child ------ */
/* In this section, if for any reason we can't continue to the
child-detach and so have to give up, we have to kill the child,
else it'll become a zombie. That's what the code at
latched_error: does. */
char* badness
= write_bootstrap_loader_into_child ( &child, toolfile );
/* Returns NULL if no error, else points to a string of at least
some descriptiveness. */
if (badness)
goto latched_error;
/* ------ END write bootstrap pages into child ------ */
VG_(debugLog)(1, "launcher", "parent: detaching child\n");
long lr = ptrace64(PT_DETACH, (ULong)child.pid, 0, SIGCONT, 0);
VG_(debugLog)(1, "launcher", "parent: detach got %ld\n", lr);
assert(lr == 0);
VG_(debugLog)(1, "launcher", "parent: waiting for child to finish\n");
p2 = waitpid(child.pid, &status, 0);
assert(p2 == child.pid);
if (0)
fprintf(stderr,"parent: child finished, status 0x%x 0x%x\n",
status, WEXITSTATUS(status));
if (WIFEXITED(status)) {
VG_(debugLog)(1, "launcher",
"parent: child finished normally, exit code %d\n",
WEXITSTATUS(status));
return WEXITSTATUS(status);
}
else if (WIFSIGNALED(status)) {
VG_(debugLog)(1, "launcher",
"parent: child exited on signal %d\n",
(int)WTERMSIG(status));
/* Since the child exited with a signal, we'd better
whack ourselves on the head with the same signal. */
kill( getpid(), (int)WTERMSIG(status) );
/* presumably NOTREACHED? */
return 0; /* This is completely bogus */
}
else {
/* erm. Can we ever get here? */
assert(0);
return 0;
}
latched_error:
/* We get here if there was some kind of problem messing with the
child whilst we still had it latched by ptrace. In this case we
need to kill it before exiting, since otherwise it will become a
zombie. */
assert(badness);
fprintf(stderr, "%s: error while doing ptracery on '%s'\n",
argv[0], clientname);
fprintf(stderr, "%s: error is: %s\n",
argv[0], badness);
return 0; /*BOGUS*/
}
/*--------------------------------------------------------------------*/
/*--- end launcher-aix5.c ---*/
/*--------------------------------------------------------------------*/