1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
24 *
25 * Copyright 2018 Joyent, Inc.
26 */
27
28 /*
29 * Kernel Process View Target
30 *
31 * The kproc target is activated when the user is debugging a kernel using the
32 * kvm target and executes a ::context dcmd to change the debugger view to one
33 * of the running processes. The kvm target's t_setcontext operation will
34 * create and activate a kproc target in response to this call. The kproc
35 * target itself is built upon the kvm target's libkvm cookie and the ability
36 * to read information from the kernel itself and the ability to read the
37 * address space of a particular user process with kvm_aread(). It also relies
38 * on a special set of functions provided by the kvm target's mdb_ks support
39 * module in order to bootstrap: specifically, given the initial proc pointer,
40 * mdb_ks provides functions to return the set of address space mappings, the
41 * address space pointer itself, the aux vector vector saved in the u-area,
42 * and the process data model. The kproc target maintains a list of address
43 * space mappings (kp_map_t) and load objects (kp_file_t), and for each load
44 * object will attempt to read the corresponding dynamic symbol table. In
45 * order to bootstrap, the target uses the AT_BASE and AT_ENTRY aux vector
46 * elements to locate the dynamic linker and executable mappings. With these
47 * mappings in place, we initialize a librtld_db agent on the target (see
48 * mdb_pservice.c for how this is done), and then process each load object
49 * found in the link-map chain. In order to simplify the construction of
50 * symbol tables for each load object, we would like make use of our existing
51 * library of GElf processing code. Since the MDB GElf code uses mdb_io
52 * objects to read in an ELF file, we simply define a new type of mdb_io object
53 * where each read operation is translated into a call to kproc's t_vread
54 * function to read from the range of the address space defined by the mapping
55 * as if it were a file.
56 */
57
58 #include <sys/types.h>
59 #include <sys/proc.h>
60 #include <sys/auxv.h>
61
62 #include <strings.h>
63 #include <limits.h>
64 #include <rtld_db.h>
65 #include <procfs.h>
66 #include <dlfcn.h>
67 #include <kvm.h>
68
69 #include <mdb/mdb_target_impl.h>
70 #include <mdb/mdb_debug.h>
71 #include <mdb/mdb_string.h>
72 #include <mdb/mdb_err.h>
73 #include <mdb/mdb_ks.h>
74 #include <mdb/mdb_gelf.h>
75 #include <mdb/mdb_io_impl.h>
76 #include <mdb/mdb.h>
77
78 typedef struct kp_symarg {
79 mdb_tgt_sym_f *sym_cb; /* Caller's callback function */
80 void *sym_data; /* Callback function argument */
81 uint_t sym_type; /* Symbol type/binding filter */
82 uintptr_t sym_adjust; /* Symbol value adjustment */
83 mdb_syminfo_t sym_info; /* Symbol id and table id */
84 const char *sym_obj; /* Containing object */
85 } kp_symarg_t;
86
87 typedef struct kp_file {
88 mdb_gelf_file_t *kpf_file; /* ELF file object */
89 mdb_io_t *kpf_fio; /* ELF file back-end */
90 mdb_gelf_symtab_t *kpf_dynsym; /* Dynamic symbol table */
91 struct kp_map *kpf_map; /* Primary (text) mapping */
92 const char *kpf_basename; /* Mapping basename */
93 uintptr_t kpf_dyn_base; /* Load address for ET_DYN files */
94 uintptr_t kpf_text_base; /* Base address of text mapping */
95 uintptr_t kpf_data_base; /* Base address of data mapping */
96 struct kp_file *kpf_next; /* Pointer to next file */
97 } kp_file_t;
98
99 typedef struct kp_map {
100 mdb_map_t kpm_map; /* Mapping information */
101 kp_file_t *kpm_file; /* Pointer to load object */
102 struct kp_map *kpm_next; /* Pointer to next mapping */
103 } kp_map_t;
104
105 typedef struct kp_io {
106 mdb_tgt_t *kpi_tgt; /* Backpointer to kproc target */
107 kp_map_t *kpi_map; /* Mapping for this i/o */
108 uintptr_t kpi_ptr; /* Virtual address pointer */
109 uintptr_t kpi_lim; /* Virtual address limit */
110 } kp_io_t;
111
112 typedef struct kp_data {
113 mdb_tgt_t *kp_parent; /* Parent kvm target */
114 kvm_t *kp_cookie; /* Cookie for libkvm routines */
115 rd_agent_t *kp_rap; /* Cookie for librtld_db routines */
116 proc_t *kp_proc; /* Proc address in dump */
117 struct as *kp_as; /* Proc as address in dump */
118 pid_t kp_pid; /* Process ID */
119 auxv_t *kp_auxv; /* Auxv array from u-area */
120 int kp_nauxv; /* Length of kp_auxv */
121 const char *kp_platform; /* Platform string from kvm target */
122 uint_t kp_model; /* Process data model */
123 kp_file_t *kp_file_head; /* Head of load object list */
124 kp_file_t *kp_file_tail; /* Tail of load object list */
125 kp_map_t *kp_map_head; /* Head of mapping list */
126 kp_map_t *kp_map_tail; /* Tail of mapping list */
127 int kp_num_files; /* Length of load object list */
128 int kp_num_maps; /* Length of mapping list */
129 kp_map_t *kp_map_exec; /* Executable mapping */
130 kp_map_t *kp_map_ldso; /* Interpreter mapping */
131 kp_file_t kp_prfile; /* Fake file for mdb.m_prsym */
132 } kp_data_t;
133
134 static mdb_io_t *kp_io_create(mdb_tgt_t *, kp_map_t *);
135
136 static kp_map_t *
137 kp_addr_to_kpmap(kp_data_t *kp, uintptr_t addr)
138 {
139 kp_map_t *kpm;
140
141 for (kpm = kp->kp_map_head; kpm != NULL; kpm = kpm->kpm_next) {
142 if (addr >= kpm->kpm_map.map_base &&
143 addr < kpm->kpm_map.map_base + kpm->kpm_map.map_size)
144 return (kpm);
145 }
146
147 return (NULL);
148 }
149
150 static long
151 kp_getauxval(kp_data_t *kp, int type)
152 {
153 auxv_t *auxp;
154
155 for (auxp = kp->kp_auxv; auxp->a_type != AT_NULL; auxp++) {
156 if (auxp->a_type == type)
157 return (auxp->a_un.a_val);
158 }
159
160 return (-1L);
161 }
162
163 static void
164 kp_add_mapping(const mdb_map_t *pmp, void *data)
165 {
166 kp_map_t *kpm = mdb_zalloc(sizeof (kp_map_t), UM_SLEEP);
167 kp_data_t *kp = data;
168
169 bcopy(pmp, &kpm->kpm_map, sizeof (mdb_map_t));
170
171 if (kp->kp_map_tail != NULL)
172 kp->kp_map_tail->kpm_next = kpm;
173 else
174 kp->kp_map_head = kpm;
175
176 kp->kp_map_tail = kpm;
177 kp->kp_num_maps++;
178 }
179
180 static kp_file_t *
181 kp_file_create(mdb_tgt_t *t, kp_map_t *kpm, GElf_Half etype)
182 {
183 kp_file_t *kpf = mdb_zalloc(sizeof (kp_file_t), UM_SLEEP);
184 kp_data_t *kp = t->t_data;
185 size_t dyns_sz;
186 void *dyns;
187
188 kpf->kpf_fio = kp_io_create(t, kpm);
189 kpf->kpf_map = kpm;
190 kpf->kpf_basename = strbasename(kpm->kpm_map.map_name);
191 kpf->kpf_file = mdb_gelf_create(kpf->kpf_fio, etype, GF_PROGRAM);
192 kpf->kpf_text_base = kpm->kpm_map.map_base;
193
194 if (kpm != kp->kp_map_exec)
195 kpf->kpf_dyn_base = kpf->kpf_text_base;
196
197 if (kpf->kpf_file == NULL)
198 goto err; /* Failed to create ELF file */
199
200 mdb_dprintf(MDB_DBG_TGT, "loading symbols for %s\n",
201 kpm->kpm_map.map_name);
202
203 if ((kp->kp_rap != NULL) && (rd_get_dyns(kp->kp_rap,
204 kpf->kpf_text_base, &dyns, &dyns_sz) == RD_OK))
205 mdb_gelf_dyns_set(kpf->kpf_file, dyns, dyns_sz);
206
207 kpf->kpf_dynsym = mdb_gelf_symtab_create_dynamic(kpf->kpf_file,
208 MDB_TGT_DYNSYM);
209
210 if (kpf->kpf_dynsym == NULL)
211 goto err; /* Failed to create symbol table */
212
213 kpm->kpm_file = kpf;
214
215 if (kp->kp_file_tail != NULL)
216 kp->kp_file_tail->kpf_next = kpf;
217 else
218 kp->kp_file_head = kpf;
219
220 kp->kp_file_tail = kpf;
221 kp->kp_num_files++;
222
223 return (kpf);
224
225 err:
226 if (kpf->kpf_file != NULL)
227 mdb_gelf_destroy(kpf->kpf_file);
228 else
229 mdb_io_destroy(kpf->kpf_fio);
230 mdb_free(kpf, sizeof (kp_file_t));
231 return (NULL);
232 }
233
234 static void
235 kp_file_destroy(kp_file_t *kpf)
236 {
237 if (kpf->kpf_dynsym != NULL)
238 mdb_gelf_symtab_destroy(kpf->kpf_dynsym);
239
240 mdb_gelf_destroy(kpf->kpf_file);
241 mdb_free(kpf, sizeof (kp_file_t));
242 }
243
244 static int
245 kp_setcontext(mdb_tgt_t *t, void *context)
246 {
247 kp_data_t *kp = t->t_data;
248
249 if (kp->kp_proc != context) {
250 mdb_tgt_destroy(t);
251 return (mdb_tgt_setcontext(mdb.m_target, context));
252 }
253
254 mdb_warn("debugger context is already set to proc %p\n", context);
255 return (0);
256 }
257
258 static kp_map_t *
259 kp_find_data(kp_data_t *kp, kp_file_t *kpf, const rd_loadobj_t *rlp)
260 {
261 GElf_Phdr *gpp = kpf->kpf_file->gf_phdrs;
262 size_t i, n = kpf->kpf_file->gf_npload;
263
264 /*
265 * Find the first loadable, writeable Phdr and compute kpf_data_base
266 * as the virtual address at which is was loaded.
267 */
268 for (i = 0; i < n; i++, gpp++) {
269 if (gpp->p_type == PT_LOAD && (gpp->p_flags & PF_W)) {
270 kpf->kpf_data_base = gpp->p_vaddr;
271 if (kpf->kpf_map != kp->kp_map_exec)
272 kpf->kpf_data_base += rlp->rl_base;
273 break;
274 }
275 }
276
277 /*
278 * If we found a suitable Phdr and set kpf_data_base, return
279 * the mapping information for this address; otherwise fail.
280 */
281 if (kpf->kpf_data_base != 0)
282 return (kp_addr_to_kpmap(kp, kpf->kpf_data_base));
283
284 return (NULL);
285 }
286
287 static int
288 kp_iter_mapping(const rd_loadobj_t *rlp, mdb_tgt_t *t)
289 {
290 kp_data_t *kp = t->t_data;
291 kp_file_t *kpf;
292 kp_map_t *kpm;
293
294 char name[MDB_TGT_MAPSZ];
295
296 if (mdb_tgt_readstr(t, MDB_TGT_AS_VIRT, name,
297 sizeof (name), (mdb_tgt_addr_t)rlp->rl_nameaddr) <= 0) {
298 mdb_dprintf(MDB_DBG_TGT, "failed to read name %p",
299 (void *)rlp->rl_nameaddr);
300 return (1); /* Keep going; forget this if we can't read name */
301 }
302
303 mdb_dprintf(MDB_DBG_TGT, "rd_loadobj name = \"%s\" rl_base = %p\n",
304 name, (void *)rlp->rl_base);
305
306 if ((kpm = kp_addr_to_kpmap(kp, rlp->rl_base)) == NULL)
307 return (1); /* Keep going; no mapping at this address */
308
309 (void) strncpy(kpm->kpm_map.map_name, name, MDB_TGT_MAPSZ);
310 kpm->kpm_map.map_name[MDB_TGT_MAPSZ - 1] = '\0';
311
312 if ((kpf = kpm->kpm_file) == NULL) {
313 if (kpm == kp->kp_map_exec)
314 kpf = kp_file_create(t, kpm, ET_EXEC);
315 else
316 kpf = kp_file_create(t, kpm, ET_DYN);
317
318 if (kpf == NULL)
319 return (1); /* Keep going; failed to build ELF file */
320 } else
321 kpf->kpf_basename = strbasename(kpm->kpm_map.map_name);
322
323 if ((kpm = kp_find_data(kp, kpf, rlp)) != NULL) {
324 mdb_dprintf(MDB_DBG_TGT, "found data for %s at %p\n",
325 kpf->kpf_basename, (void *)kpm->kpm_map.map_base);
326 kpm->kpm_file = kpf;
327 }
328
329 return (1);
330 }
331
332 /*ARGSUSED*/
333 static int
334 kp_status_dcmd(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
335 {
336 kp_data_t *kp = mdb.m_target->t_data;
337
338 mdb_printf("debugging PID %d (%d-bit) in kernel crash dump\n",
339 kp->kp_pid, kp->kp_model == PR_MODEL_ILP32 ? 32 : 64);
340
341 if (kp->kp_map_exec != NULL) {
342 mdb_printf("executable file: %s\n",
343 kp->kp_map_exec->kpm_map.map_name);
344 }
345
346 return (DCMD_OK);
347 }
348
349 static const mdb_dcmd_t kp_dcmds[] = {
350 { "status", NULL, "print summary of current target", kp_status_dcmd },
351 { NULL }
352 };
353
354 static void
355 kp_activate(mdb_tgt_t *t)
356 {
357 kp_data_t *kp = t->t_data;
358
359 mdb_prop_postmortem = TRUE;
360 mdb_prop_kernel = FALSE;
361
362 if (kp->kp_model == PR_MODEL_ILP32)
363 mdb_prop_datamodel = MDB_TGT_MODEL_ILP32;
364 else
365 mdb_prop_datamodel = MDB_TGT_MODEL_LP64;
366
367 /*
368 * Initialize our rtld_db agent and then iterate over the link map,
369 * instantiating kp_file objects as we go.
370 */
371 if ((kp->kp_rap = rd_new((struct ps_prochandle *)t)) != NULL) {
372 (void) rd_loadobj_iter(kp->kp_rap, (rl_iter_f *)
373 kp_iter_mapping, t);
374 } else {
375 mdb_warn("unable to initialize rtld_db agent for proc %p\n",
376 (void *)kp->kp_proc);
377 }
378
379 (void) mdb_tgt_register_dcmds(t, &kp_dcmds[0], MDB_MOD_FORCE);
380
381 if (kp->kp_map_exec != NULL && kp->kp_map_exec->kpm_file != NULL)
382 mdb_tgt_elf_export(kp->kp_map_exec->kpm_file->kpf_file);
383 else
384 mdb_tgt_elf_export(NULL);
385 }
386
387 static void
388 kp_deactivate(mdb_tgt_t *t)
389 {
390 const mdb_dcmd_t *dcp;
391
392 for (dcp = &kp_dcmds[0]; dcp->dc_name != NULL; dcp++) {
393 if (mdb_module_remove_dcmd(t->t_module, dcp->dc_name) == -1)
394 warn("failed to remove dcmd %s", dcp->dc_name);
395 }
396
397 mdb_prop_postmortem = FALSE;
398 mdb_prop_kernel = FALSE;
399 mdb_prop_datamodel = MDB_TGT_MODEL_UNKNOWN;
400 }
401
402 static void
403 kp_destroy(mdb_tgt_t *t)
404 {
405 kp_data_t *kp = t->t_data;
406 kp_map_t *kpm, *nkpm;
407 kp_file_t *kpf, *nkpf;
408
409 if (kp->kp_rap != NULL)
410 rd_delete(kp->kp_rap);
411
412 for (kpm = kp->kp_map_head; kpm != NULL; kpm = nkpm) {
413 nkpm = kpm->kpm_next;
414 mdb_free(kpm, sizeof (kp_map_t));
415 }
416
417 for (kpf = kp->kp_file_head; kpf != NULL; kpf = nkpf) {
418 nkpf = kpf->kpf_next;
419 kp_file_destroy(kpf);
420 }
421
422 mdb_free(kp->kp_auxv, kp->kp_nauxv * sizeof (auxv_t));
423 mdb_free(kp, sizeof (kp_data_t));
424 }
425
426 /*ARGSUSED*/
427 static const char *
428 kp_name(mdb_tgt_t *t)
429 {
430 return ("kproc");
431 }
432
433 static const char *
434 kp_isa(mdb_tgt_t *t)
435 {
436 kp_data_t *kp = t->t_data;
437 #ifdef __sparc
438 return (kp->kp_model == PR_MODEL_ILP32 ? "sparc" : "sparcv9");
439 #else
440 return (kp->kp_model == PR_MODEL_ILP32 ? "i386" : "amd64");
441 #endif
442 }
443
444 static const char *
445 kp_platform(mdb_tgt_t *t)
446 {
447 return (((kp_data_t *)t->t_data)->kp_platform);
448 }
449
450 static int
451 kp_uname(mdb_tgt_t *t, struct utsname *utsp)
452 {
453 kp_data_t *kp = t->t_data;
454 return (mdb_tgt_uname(kp->kp_parent, utsp));
455 }
456
457 static int
458 kp_dmodel(mdb_tgt_t *t)
459 {
460 kp_data_t *kp = t->t_data;
461
462 switch (kp->kp_model) {
463 case PR_MODEL_ILP32:
464 return (MDB_TGT_MODEL_ILP32);
465 case PR_MODEL_LP64:
466 return (MDB_TGT_MODEL_LP64);
467 }
468
469 return (MDB_TGT_MODEL_UNKNOWN);
470 }
471
472 static kp_map_t *
473 kp_name_to_kpmap(kp_data_t *kp, const char *name)
474 {
475 size_t namelen;
476 kp_file_t *kpf;
477 kp_map_t *kpm;
478
479 /*
480 * Handle special reserved names (except for MDB_TGT_OBJ_EVERY):
481 */
482 if (name == MDB_TGT_OBJ_EXEC)
483 return (kp->kp_map_exec);
484
485 if (name == MDB_TGT_OBJ_RTLD)
486 return (kp->kp_map_ldso);
487
488 /*
489 * First pass: look for exact matches on the entire pathname
490 * associated with the mapping or its basename.
491 */
492 for (kpm = kp->kp_map_head; kpm != NULL; kpm = kpm->kpm_next) {
493 if ((kpf = kpm->kpm_file) != NULL) {
494 if (strcmp(kpm->kpm_map.map_name, name) == 0 ||
495 strcmp(kpf->kpf_basename, name) == 0)
496 return (kpf->kpf_map);
497 }
498 }
499
500 namelen = strlen(name);
501
502 /*
503 * Second pass: look for partial matches (initial basename match
504 * up to a '.' suffix); allows "libc.so" or "libc" to match "libc.so.1"
505 */
506 for (kpm = kp->kp_map_head; kpm != NULL; kpm = kpm->kpm_next) {
507 if ((kpf = kpm->kpm_file) != NULL) {
508 if (strncmp(kpf->kpf_basename, name, namelen) == 0 &&
509 kpf->kpf_basename[namelen] == '.')
510 return (kpf->kpf_map);
511 }
512 }
513
514 /*
515 * One last check: we allow "a.out" to always alias the executable,
516 * assuming this name was not in use for something else.
517 */
518 if (strcmp(name, "a.out") == 0)
519 return (kp->kp_map_exec);
520
521 return (NULL);
522 }
523
524
525 static ssize_t
526 kp_vread(mdb_tgt_t *t, void *buf, size_t nbytes, uintptr_t addr)
527 {
528 kp_data_t *kp = t->t_data;
529 ssize_t n = kvm_aread(kp->kp_cookie, addr, buf, nbytes, kp->kp_as);
530
531 if (n == -1)
532 return (set_errno(EMDB_NOMAP));
533
534 return (n);
535 }
536
537 static ssize_t
538 kp_vwrite(mdb_tgt_t *t, const void *buf, size_t nbytes, uintptr_t addr)
539 {
540 kp_data_t *kp = t->t_data;
541 ssize_t n = kvm_awrite(kp->kp_cookie, addr, buf, nbytes, kp->kp_as);
542
543 if (n == -1)
544 return (set_errno(EMDB_NOMAP));
545
546 return (n);
547 }
548
549
550 int
551 kp_vtop(mdb_tgt_t *t, mdb_tgt_as_t as, uintptr_t va, physaddr_t *pap)
552 {
553 kp_data_t *kp = t->t_data;
554 physaddr_t pa;
555
556 if (as != MDB_TGT_AS_VIRT)
557 return (set_errno(EINVAL));
558
559 if ((pa = kvm_physaddr(kp->kp_cookie, kp->kp_as, va)) != -1ULL) {
560 *pap = pa;
561 return (0);
562 }
563
564 return (set_errno(EMDB_NOMAP));
565 }
566
567 static int
568 kp_lookup_by_name(mdb_tgt_t *t, const char *object,
569 const char *name, GElf_Sym *symp, mdb_syminfo_t *sip)
570 {
571 kp_data_t *kp = t->t_data;
572 kp_file_t *kpf;
573 int n;
574
575 GElf_Sym sym;
576 uint_t symid;
577 int rv = -1;
578
579 /*
580 * Simplify our task: if object is EVERY, then we need to search
581 * kp_num_files files beginning at kp_file_head; otherwise we are
582 * searching 1 file whose file pointer is obtained via object_to_map.
583 */
584 if (object != MDB_TGT_OBJ_EVERY) {
585 kp_map_t *kpm = kp_name_to_kpmap(kp, object);
586 if (kpm == NULL || kpm->kpm_file == NULL)
587 return (set_errno(EMDB_NOOBJ));
588 kpf = kpm->kpm_file;
589 n = 1;
590 } else {
591 kpf = kp->kp_file_head;
592 n = kp->kp_num_files;
593 }
594
595 /*
596 * Iterate through the load object files and look for the symbol name
597 * in the .dynsym of each. If we encounter a match with SHN_UNDEF,
598 * keep looking in hopes of finding a better match. This means that
599 * a name such as "puts" will match the puts function in libc instead
600 * of matching the puts PLT entry in the a.out file.
601 */
602 for (; n > 0; n--, kpf = kpf->kpf_next) {
603 if (kpf->kpf_dynsym == NULL)
604 continue; /* No symbols for this file */
605
606 if (mdb_gelf_symtab_lookup_by_name(kpf->kpf_dynsym,
607 name, symp, &sip->sym_id) != 0)
608 continue; /* Symbol name not found */
609
610 symp->st_value += kpf->kpf_dyn_base;
611
612 if (symp->st_shndx != SHN_UNDEF) {
613 sip->sym_table = MDB_TGT_DYNSYM;
614 return (0);
615 }
616
617 if (rv != 0) {
618 sym = *symp;
619 symid = sip->sym_id;
620 rv = 0;
621 }
622 }
623
624 if (rv != 0)
625 return (set_errno(EMDB_NOSYM));
626
627 sip->sym_table = MDB_TGT_DYNSYM;
628 sip->sym_id = symid;
629 *symp = sym;
630
631 return (0);
632 }
633
634 static int
635 kp_lookup_by_addr(mdb_tgt_t *t, uintptr_t addr, uint_t flags,
636 char *buf, size_t nbytes, GElf_Sym *symp, mdb_syminfo_t *sip)
637 {
638 kp_data_t *kp = t->t_data;
639 kp_map_t *kpm = kp_addr_to_kpmap(kp, addr);
640
641 kp_file_t *sym_kpf = NULL;
642 GElf_Sym sym;
643 uint_t symid;
644
645 const char *name;
646 kp_file_t *kpf;
647 int n;
648
649 /*
650 * Check the user's private symbol table first; if a match is
651 * found there, we're done or we have a first guess.
652 */
653 if (mdb_gelf_symtab_lookup_by_addr(mdb.m_prsym,
654 addr, flags, buf, nbytes, symp, &sip->sym_id) == 0) {
655 sym_kpf = &kp->kp_prfile;
656 if (flags & MDB_TGT_SYM_EXACT)
657 goto found;
658 sym = *symp;
659 symid = sip->sym_id;
660 }
661
662 /*
663 * If no mapping contains the address and EXACT mode is set, we're done.
664 * Otherwise we need to search all the symbol tables in fuzzy mode.
665 * If we find a mapping, then we only need to search that symtab.
666 */
667 if (kpm == NULL || kpm->kpm_file == NULL) {
668 if (flags & MDB_TGT_SYM_EXACT)
669 return (set_errno(EMDB_NOSYMADDR));
670 kpf = kp->kp_file_head;
671 n = kp->kp_num_files;
672 } else {
673 kpf = kpm->kpm_file;
674 n = 1;
675 }
676
677 /*
678 * Iterate through our list of load objects, scanning each one which
679 * has a symbol table. In fuzzy mode, we continue looking and
680 * improve our choice if we find a closer symbol.
681 */
682 for (; n > 0; n--, kpf = kpf->kpf_next) {
683 if (kpf->kpf_dynsym == NULL)
684 continue; /* No symbols for this file */
685
686 if (mdb_gelf_symtab_lookup_by_addr(kpf->kpf_dynsym,
687 addr - kpf->kpf_dyn_base, flags, buf, nbytes,
688 symp, &sip->sym_id) != 0)
689 continue; /* No symbol for this address */
690
691 symp->st_value += kpf->kpf_dyn_base;
692
693 if (flags & MDB_TGT_SYM_EXACT) {
694 sym_kpf = kpf;
695 goto found;
696 }
697
698 if (sym_kpf == NULL || mdb_gelf_sym_closer(symp, &sym, addr)) {
699 sym_kpf = kpf;
700 sym = *symp;
701 symid = sip->sym_id;
702 }
703 }
704
705 if (sym_kpf == NULL)
706 return (set_errno(EMDB_NOSYMADDR));
707
708 *symp = sym; /* Copy our best symbol into the caller's symbol */
709 sip->sym_id = symid;
710 found:
711 /*
712 * Once we've found something, copy the final name into the caller's
713 * buffer and prefix it with the load object name if appropriate.
714 */
715 name = mdb_gelf_sym_name(sym_kpf->kpf_dynsym, symp);
716
717 if (sym_kpf != kp->kp_map_exec->kpm_file && sym_kpf != &kp->kp_prfile) {
718 (void) mdb_snprintf(buf, nbytes, "%s`%s",
719 sym_kpf->kpf_basename, name);
720 } else if (nbytes > 0) {
721 (void) strncpy(buf, name, nbytes);
722 buf[nbytes - 1] = '\0';
723 }
724
725 if (sym_kpf == &kp->kp_prfile)
726 sip->sym_table = MDB_TGT_PRVSYM;
727 else
728 sip->sym_table = MDB_TGT_DYNSYM;
729
730 return (0);
731 }
732
733 static int
734 kp_symtab_func(void *data, const GElf_Sym *symp, const char *name, uint_t id)
735 {
736 kp_symarg_t *argp = data;
737 if (mdb_tgt_sym_match(symp, argp->sym_type)) {
738 GElf_Sym sym = *symp;
739
740 sym.st_value += argp->sym_adjust;
741
742 argp->sym_info.sym_id = id;
743
744 return (argp->sym_cb(argp->sym_data, &sym, name,
745 &argp->sym_info, argp->sym_obj));
746 }
747
748 return (0);
749 }
750
751 static void
752 kp_symtab_iter(kp_file_t *kpf, uint_t type, const char *obj,
753 mdb_tgt_sym_f *cb, void *data)
754 {
755 if (kpf->kpf_dynsym != NULL) {
756 kp_symarg_t arg;
757
758 arg.sym_cb = cb;
759 arg.sym_data = data;
760 arg.sym_type = type;
761 arg.sym_adjust = kpf->kpf_dyn_base;
762 arg.sym_info.sym_table = kpf->kpf_dynsym->gst_tabid;
763 arg.sym_obj = obj;
764
765 mdb_gelf_symtab_iter(kpf->kpf_dynsym, kp_symtab_func, &arg);
766 }
767 }
768
769 /*ARGSUSED*/
770 static int
771 kp_symbol_iter(mdb_tgt_t *t, const char *object, uint_t which,
772 uint_t type, mdb_tgt_sym_f *func, void *private)
773 {
774 kp_data_t *kp = t->t_data;
775 kp_file_t *kpf = NULL;
776 kp_map_t *kpm;
777
778 switch ((uintptr_t)object) {
779 case (uintptr_t)MDB_TGT_OBJ_EVERY:
780 if (kp->kp_map_exec && kp->kp_map_exec->kpm_file) {
781 kpf = kp->kp_map_exec->kpm_file;
782 kp_symtab_iter(kpf, type, MDB_TGT_OBJ_EXEC, func,
783 private);
784 }
785 if (kp->kp_map_ldso && kp->kp_map_ldso->kpm_file) {
786 kpf = kp->kp_map_ldso->kpm_file;
787 kp_symtab_iter(kpf, type, MDB_TGT_OBJ_RTLD, func,
788 private);
789 }
790 return (0);
791
792 case (uintptr_t)MDB_TGT_OBJ_EXEC:
793 if (kp->kp_map_exec && kp->kp_map_exec->kpm_file)
794 kpf = kp->kp_map_exec->kpm_file;
795 break;
796
797 case (uintptr_t)MDB_TGT_OBJ_RTLD:
798 if (kp->kp_map_ldso && kp->kp_map_ldso->kpm_file)
799 kpf = kp->kp_map_ldso->kpm_file;
800 break;
801
802 default:
803 if ((kpm = kp_name_to_kpmap(kp, object)) != NULL) {
804 kpf = kpm->kpm_file;
805 break;
806 } else
807 return (set_errno(EMDB_NOOBJ));
808 }
809
810 if (kpf != NULL)
811 kp_symtab_iter(kpf, type, object, func, private);
812
813 return (0);
814 }
815
816 static int
817 kp_mapping_iter(mdb_tgt_t *t, mdb_tgt_map_f *func, void *private)
818 {
819 kp_data_t *kp = t->t_data;
820 kp_map_t *kpm;
821
822 for (kpm = kp->kp_map_head; kpm != NULL; kpm = kpm->kpm_next) {
823 if (func(private, &kpm->kpm_map, kpm->kpm_map.map_name) != 0)
824 break;
825 }
826
827 return (0);
828 }
829
830 static int
831 kp_object_iter(mdb_tgt_t *t, mdb_tgt_map_f *func, void *private)
832 {
833 kp_data_t *kp = t->t_data;
834 kp_file_t *kpf;
835
836 for (kpf = kp->kp_file_head; kpf != NULL; kpf = kpf->kpf_next) {
837 if (func(private, &kpf->kpf_map->kpm_map,
838 kpf->kpf_map->kpm_map.map_name) != 0)
839 break;
840 }
841
842 return (0);
843 }
844
845 static const mdb_map_t *
846 kp_addr_to_map(mdb_tgt_t *t, uintptr_t addr)
847 {
848 kp_map_t *kpm = kp_addr_to_kpmap(t->t_data, addr);
849
850 if (kpm != NULL)
851 return (&kpm->kpm_map);
852
853 (void) set_errno(EMDB_NOMAP);
854 return (NULL);
855 }
856
857 static const mdb_map_t *
858 kp_name_to_map(mdb_tgt_t *t, const char *name)
859 {
860 kp_map_t *kpm = kp_name_to_kpmap(t->t_data, name);
861
862 if (kpm != NULL)
863 return (&kpm->kpm_map);
864
865 (void) set_errno(EMDB_NOOBJ);
866 return (NULL);
867 }
868
869 /*ARGSUSED*/
870 static int
871 kp_status(mdb_tgt_t *t, mdb_tgt_status_t *tsp)
872 {
873 bzero(tsp, sizeof (mdb_tgt_status_t));
874 tsp->st_state = MDB_TGT_DEAD;
875 return (0);
876 }
877
878 static int
879 kp_auxv(mdb_tgt_t *t, const auxv_t **auxvp)
880 {
881 kp_data_t *kp = t->t_data;
882 *auxvp = kp->kp_auxv;
883 return (0);
884 }
885
886 static const mdb_tgt_ops_t kproc_ops = {
887 (int (*)()) mdb_tgt_notsup, /* t_setflags */
888 kp_setcontext, /* t_setcontext */
889 kp_activate, /* t_activate */
890 kp_deactivate, /* t_deactivate */
891 (void (*)()) mdb_tgt_nop, /* t_periodic */
892 kp_destroy, /* t_destroy */
893 kp_name, /* t_name */
894 kp_isa, /* t_isa */
895 kp_platform, /* t_platform */
896 kp_uname, /* t_uname */
897 kp_dmodel, /* t_dmodel */
898 (ssize_t (*)()) mdb_tgt_notsup, /* t_aread */
899 (ssize_t (*)()) mdb_tgt_notsup, /* t_awrite */
900 kp_vread, /* t_vread */
901 kp_vwrite, /* t_vwrite */
902 (ssize_t (*)()) mdb_tgt_notsup, /* t_pread */
903 (ssize_t (*)()) mdb_tgt_notsup, /* t_pwrite */
904 (ssize_t (*)()) mdb_tgt_notsup, /* t_fread */
905 (ssize_t (*)()) mdb_tgt_notsup, /* t_fwrite */
906 (ssize_t (*)()) mdb_tgt_notsup, /* t_ioread */
907 (ssize_t (*)()) mdb_tgt_notsup, /* t_iowrite */
908 kp_vtop, /* t_vtop */
909 kp_lookup_by_name, /* t_lookup_by_name */
910 kp_lookup_by_addr, /* t_lookup_by_addr */
911 kp_symbol_iter, /* t_symbol_iter */
912 kp_mapping_iter, /* t_mapping_iter */
913 kp_object_iter, /* t_object_iter */
914 kp_addr_to_map, /* t_addr_to_map */
915 kp_name_to_map, /* t_name_to_map */
916 (struct ctf_file *(*)()) mdb_tgt_null, /* t_addr_to_ctf */
917 (struct ctf_file *(*)()) mdb_tgt_null, /* t_name_to_ctf */
918 kp_status, /* t_status */
919 (int (*)()) mdb_tgt_notsup, /* t_run */
920 (int (*)()) mdb_tgt_notsup, /* t_step */
921 (int (*)()) mdb_tgt_notsup, /* t_step_out */
922 (int (*)()) mdb_tgt_notsup, /* t_next */
923 (int (*)()) mdb_tgt_notsup, /* t_cont */
924 (int (*)()) mdb_tgt_notsup, /* t_signal */
925 (int (*)()) mdb_tgt_null, /* t_add_sbrkpt */
926 (int (*)()) mdb_tgt_null, /* t_add_vbrkpt */
927 (int (*)()) mdb_tgt_null, /* t_add_pwapt */
928 (int (*)()) mdb_tgt_null, /* t_add_vwapt */
929 (int (*)()) mdb_tgt_null, /* t_add_iowapt */
930 (int (*)()) mdb_tgt_null, /* t_add_sysenter */
931 (int (*)()) mdb_tgt_null, /* t_add_sysexit */
932 (int (*)()) mdb_tgt_null, /* t_add_signal */
933 (int (*)()) mdb_tgt_null, /* t_add_fault */
934 (int (*)()) mdb_tgt_notsup, /* t_getareg XXX */
935 (int (*)()) mdb_tgt_notsup, /* t_putareg XXX */
936 (int (*)()) mdb_tgt_notsup, /* t_stack_iter XXX */
937 kp_auxv /* t_auxv */
938 };
939
940 int
941 mdb_kproc_tgt_create(mdb_tgt_t *t, int argc, const char *argv[])
942 {
943 kp_data_t *kp = mdb_zalloc(sizeof (kp_data_t), UM_SLEEP);
944 void *proc = (void *)argv[0];
945 long at_entry, at_base;
946 GElf_Sym sym;
947
948 int (*f_asiter)(uintptr_t, void (*)(const mdb_map_t *, void *), void *);
949 int (*f_auxv)(uintptr_t, auxv_t *);
950 uintptr_t (*f_as)(uintptr_t);
951 uint_t (*f_model)(uintptr_t);
952 pid_t (*f_pid)(uintptr_t);
953
954 if (argc != 1)
955 return (set_errno(EINVAL));
956
957 t->t_flags &= ~MDB_TGT_F_RDWR;
958 t->t_data = kp;
959 t->t_ops = &kproc_ops;
960
961 f_asiter = (int (*)()) dlsym(RTLD_NEXT, "mdb_kproc_asiter");
962 f_auxv = (int (*)()) dlsym(RTLD_NEXT, "mdb_kproc_auxv");
963 f_as = (uintptr_t (*)()) dlsym(RTLD_NEXT, "mdb_kproc_as");
964 f_model = (model_t (*)()) dlsym(RTLD_NEXT, "mdb_kproc_model");
965 f_pid = (pid_t (*)()) dlsym(RTLD_NEXT, "mdb_kproc_pid");
966
967 if (f_asiter == NULL || f_auxv == NULL ||
968 f_as == NULL || f_model == NULL || f_pid == NULL) {
969 warn("required kernel support module is not loaded\n");
970 goto err;
971 }
972
973 /*
974 * Here the kproc target relies on the fact that at the time of its
975 * instantiation, mdb.m_target is pointing at a kvm target, and
976 * that the kvm target has stored its libkvm handle in t_pshandle.
977 */
978 kp->kp_parent = mdb.m_target;
979 kp->kp_cookie = mdb.m_target->t_pshandle;
980 kp->kp_platform = mdb_tgt_platform(mdb.m_target);
981 kp->kp_proc = proc;
982 kp->kp_as = (struct as *)f_as((uintptr_t)proc);
983 kp->kp_pid = f_pid((uintptr_t)proc);
984
985 if (kp->kp_as == NULL) {
986 warn("failed to obtain address space for proc %p\n", proc);
987 goto err;
988 }
989
990 if (kp->kp_pid == -1) {
991 warn("failed to obtain PID for proc %p\n", proc);
992 goto err;
993 }
994
995 if (mdb_tgt_lookup_by_name(kp->kp_parent, MDB_TGT_OBJ_EXEC, "kas",
996 &sym, NULL) == 0 && kp->kp_as ==
997 (struct as *)(uintptr_t)sym.st_value) {
998 warn("specified process is a system process (no context)\n");
999 goto err;
1000 }
1001
1002 if ((kp->kp_model = f_model((uintptr_t)proc)) == PR_MODEL_UNKNOWN) {
1003 warn("failed to obtain data model for proc %p\n", proc);
1004 goto err;
1005 }
1006
1007 if (f_asiter((uintptr_t)kp->kp_as, kp_add_mapping, kp) == -1) {
1008 warn("failed to load mappings for proc %p", proc);
1009 goto err;
1010 }
1011
1012 kp->kp_nauxv = f_auxv((uintptr_t)proc, NULL) + 1;
1013 kp->kp_auxv = mdb_alloc(sizeof (auxv_t) * kp->kp_nauxv, UM_SLEEP);
1014
1015 if (f_auxv((uintptr_t)proc, kp->kp_auxv) == -1) {
1016 warn("failed to load auxv for proc %p", proc);
1017 goto err;
1018 }
1019
1020 kp->kp_auxv[kp->kp_nauxv - 1].a_type = AT_NULL;
1021 kp->kp_auxv[kp->kp_nauxv - 1].a_un.a_val = 0;
1022
1023 if ((at_entry = kp_getauxval(kp, AT_ENTRY)) == -1L) {
1024 warn("auxv for proc %p is missing AT_ENTRY\n", proc);
1025 goto err;
1026 }
1027
1028 if ((at_base = kp_getauxval(kp, AT_BASE)) == -1L) {
1029 warn("auxv for proc %p is missing AT_BASE\n", proc);
1030 goto err;
1031 }
1032
1033 /*
1034 * If we're applying kproc to a live kernel, we need to force libkvm
1035 * to set the current process to the process in question so we can
1036 * read from its address space. If kvm_getproc returns NULL, the
1037 * process may have gone away since our previous calls to mdb_ks.
1038 */
1039 if (mdb_prop_postmortem == FALSE &&
1040 kvm_getproc(kp->kp_cookie, kp->kp_pid) == NULL)
1041 warn("failed to attach to PID %d\n", (int)kp->kp_pid);
1042
1043 kp->kp_map_exec = kp_addr_to_kpmap(kp, at_entry);
1044 kp->kp_map_ldso = kp_addr_to_kpmap(kp, at_base);
1045
1046 (void) kp_file_create(t, kp->kp_map_exec, ET_EXEC);
1047 (void) kp_file_create(t, kp->kp_map_ldso, ET_DYN);
1048
1049 kp->kp_prfile.kpf_dynsym = mdb.m_prsym;
1050
1051 return (0);
1052
1053 err:
1054 kp_destroy(t);
1055 return (-1);
1056 }
1057
1058 static ssize_t
1059 kp_io_read(mdb_io_t *io, void *buf, size_t nbytes)
1060 {
1061 kp_io_t *kpi = io->io_data;
1062 kp_data_t *kp = kpi->kpi_tgt->t_data;
1063
1064 kp_map_t *kpm = kp_addr_to_kpmap(kp, kpi->kpi_ptr);
1065 size_t left;
1066
1067 if (kpm != NULL) {
1068 const mdb_map_t *mp = &kpm->kpm_map;
1069 left = mp->map_base + mp->map_size - kpi->kpi_ptr;
1070 } else
1071 left = 0;
1072
1073 if (left != 0) {
1074 ssize_t rbytes = kp_vread(kpi->kpi_tgt,
1075 buf, MIN(nbytes, left), kpi->kpi_ptr);
1076
1077 if (rbytes >= 0)
1078 kpi->kpi_ptr += rbytes;
1079
1080 return (rbytes);
1081 }
1082
1083 return (0); /* At end of segment or in hole; return EOF */
1084 }
1085
1086 static off64_t
1087 kp_io_seek(mdb_io_t *io, off64_t offset, int whence)
1088 {
1089 kp_io_t *kpi = io->io_data;
1090 const mdb_map_t *mp = &kpi->kpi_map->kpm_map;
1091 uintptr_t nptr;
1092
1093 if (io->io_next != NULL)
1094 return (IOP_SEEK(io->io_next, offset, whence));
1095
1096 switch (whence) {
1097 case SEEK_SET:
1098 nptr = mp->map_base + offset;
1099 break;
1100 case SEEK_CUR:
1101 nptr = kpi->kpi_ptr + offset;
1102 break;
1103 case SEEK_END:
1104 nptr = kpi->kpi_lim + offset;
1105 break;
1106 default:
1107 return (set_errno(EINVAL));
1108 }
1109
1110 if (nptr < mp->map_base || nptr >= kpi->kpi_lim)
1111 return (set_errno(EINVAL));
1112
1113 kpi->kpi_ptr = nptr;
1114 return ((off64_t)(nptr - mp->map_base));
1115 }
1116
1117 static void
1118 kp_io_close(mdb_io_t *io)
1119 {
1120 mdb_free(io->io_data, sizeof (kp_io_t));
1121 }
1122
1123 static const char *
1124 kp_io_name(mdb_io_t *io)
1125 {
1126 kp_io_t *kpi = io->io_data;
1127
1128 if (io->io_next != NULL)
1129 return (IOP_NAME(io->io_next));
1130
1131 return (kpi->kpi_map->kpm_map.map_name);
1132 }
1133
1134 static const mdb_io_ops_t kp_io_ops = {
1135 kp_io_read,
1136 no_io_write,
1137 kp_io_seek,
1138 no_io_ctl,
1139 kp_io_close,
1140 kp_io_name,
1141 no_io_link,
1142 no_io_unlink,
1143 no_io_setattr,
1144 no_io_suspend,
1145 no_io_resume
1146 };
1147
1148 static mdb_io_t *
1149 kp_io_create(mdb_tgt_t *t, kp_map_t *kpm)
1150 {
1151 kp_data_t *kp = t->t_data;
1152 mdb_map_t *mp = &kp->kp_map_tail->kpm_map;
1153
1154 mdb_io_t *io = mdb_alloc(sizeof (mdb_io_t), UM_SLEEP);
1155 kp_io_t *kpi = mdb_alloc(sizeof (kp_io_t), UM_SLEEP);
1156
1157 kpi->kpi_tgt = t;
1158 kpi->kpi_map = kpm;
1159 kpi->kpi_ptr = kpm->kpm_map.map_base;
1160 kpi->kpi_lim = mp->map_base + mp->map_size;
1161
1162 io->io_ops = &kp_io_ops;
1163 io->io_data = kpi;
1164 io->io_next = NULL;
1165 io->io_refcnt = 0;
1166
1167 return (io);
1168 }