1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
|
// SPDX-License-Identifier: GPL-2.0+
#include <asm/unistd.h>
#include <linux/hw_breakpoint.h>
#include <linux/ptrace.h>
#include <memory.h>
#include <stdlib.h>
#include <sys/wait.h>
#include "utils.h"
/*
* Child subroutine that performs a load on the address, then traps
*/
void same_watch_addr_child(unsigned long *addr);
/* Address of the ld instruction in same_watch_addr_child() */
extern char same_watch_addr_load[];
/* Address of the end trap instruction in same_watch_addr_child() */
extern char same_watch_addr_trap[];
/*
* Child subroutine that performs a load on the first address, then a load on
* the second address (with no instructions separating this from the first
* load), then traps.
*/
void perf_then_ptrace_child(unsigned long *first_addr, unsigned long *second_addr);
/* Address of the first ld instruction in perf_then_ptrace_child() */
extern char perf_then_ptrace_load1[];
/* Address of the second ld instruction in perf_then_ptrace_child() */
extern char perf_then_ptrace_load2[];
/* Address of the end trap instruction in perf_then_ptrace_child() */
extern char perf_then_ptrace_trap[];
static inline long sys_ptrace(long request, pid_t pid, unsigned long addr, unsigned long data)
{
return syscall(__NR_ptrace, request, pid, addr, data);
}
static long ptrace_traceme(void)
{
return sys_ptrace(PTRACE_TRACEME, 0, 0, 0);
}
static long ptrace_getregs(pid_t pid, struct pt_regs *result)
{
return sys_ptrace(PTRACE_GETREGS, pid, 0, (unsigned long)result);
}
static long ptrace_setregs(pid_t pid, struct pt_regs *result)
{
return sys_ptrace(PTRACE_SETREGS, pid, 0, (unsigned long)result);
}
static long ptrace_cont(pid_t pid, long signal)
{
return sys_ptrace(PTRACE_CONT, pid, 0, signal);
}
static long ptrace_singlestep(pid_t pid, long signal)
{
return sys_ptrace(PTRACE_SINGLESTEP, pid, 0, signal);
}
static long ppc_ptrace_gethwdbginfo(pid_t pid, struct ppc_debug_info *dbginfo)
{
return sys_ptrace(PPC_PTRACE_GETHWDBGINFO, pid, 0, (unsigned long)dbginfo);
}
static long ppc_ptrace_sethwdbg(pid_t pid, struct ppc_hw_breakpoint *bp_info)
{
return sys_ptrace(PPC_PTRACE_SETHWDEBUG, pid, 0, (unsigned long)bp_info);
}
static long ppc_ptrace_delhwdbg(pid_t pid, int bp_id)
{
return sys_ptrace(PPC_PTRACE_DELHWDEBUG, pid, 0L, bp_id);
}
static long ptrace_getreg_pc(pid_t pid, void **pc)
{
struct pt_regs regs;
long err;
err = ptrace_getregs(pid, ®s);
if (err)
return err;
*pc = (void *)regs.nip;
return 0;
}
static long ptrace_setreg_pc(pid_t pid, void *pc)
{
struct pt_regs regs;
long err;
err = ptrace_getregs(pid, ®s);
if (err)
return err;
regs.nip = (unsigned long)pc;
err = ptrace_setregs(pid, ®s);
if (err)
return err;
return 0;
}
static int perf_event_open(struct perf_event_attr *attr, pid_t pid, int cpu,
int group_fd, unsigned long flags)
{
return syscall(__NR_perf_event_open, attr, pid, cpu, group_fd, flags);
}
static void perf_user_event_attr_set(struct perf_event_attr *attr, void *addr, u64 len)
{
memset(attr, 0, sizeof(struct perf_event_attr));
attr->type = PERF_TYPE_BREAKPOINT;
attr->size = sizeof(struct perf_event_attr);
attr->bp_type = HW_BREAKPOINT_R;
attr->bp_addr = (u64)addr;
attr->bp_len = len;
attr->exclude_kernel = 1;
attr->exclude_hv = 1;
}
static int perf_watchpoint_open(pid_t child_pid, void *addr, u64 len)
{
struct perf_event_attr attr;
perf_user_event_attr_set(&attr, addr, len);
return perf_event_open(&attr, child_pid, -1, -1, 0);
}
static int perf_read_counter(int perf_fd, u64 *count)
{
/*
* A perf counter is retrieved by the read() syscall. It contains
* the current count as 8 bytes that are interpreted as a u64
*/
ssize_t len = read(perf_fd, count, sizeof(*count));
if (len != sizeof(*count))
return -1;
return 0;
}
static void ppc_ptrace_init_breakpoint(struct ppc_hw_breakpoint *info,
int type, void *addr, int len)
{
info->version = 1;
info->trigger_type = type;
info->condition_mode = PPC_BREAKPOINT_CONDITION_NONE;
info->addr = (u64)addr;
info->addr2 = (u64)addr + len;
info->condition_value = 0;
if (!len)
info->addr_mode = PPC_BREAKPOINT_MODE_EXACT;
else
info->addr_mode = PPC_BREAKPOINT_MODE_RANGE_INCLUSIVE;
}
/*
* Checks if we can place at least 2 watchpoints on the child process
*/
static int check_watchpoints(pid_t pid)
{
struct ppc_debug_info dbginfo;
FAIL_IF_MSG(ppc_ptrace_gethwdbginfo(pid, &dbginfo), "PPC_PTRACE_GETHWDBGINFO failed");
SKIP_IF_MSG(dbginfo.num_data_bps <= 1, "Not enough data watchpoints (need at least 2)");
return 0;
}
/*
* Wrapper around a plain fork() call that sets up the child for
* ptrace-ing. Both the parent and child return from this, though
* the child is stopped until ptrace_cont(pid) is run by the parent.
*/
static int ptrace_fork_child(pid_t *pid)
{
int status;
*pid = fork();
if (*pid < 0)
FAIL_IF_MSG(1, "Failed to fork child");
if (!*pid) {
FAIL_IF_EXIT_MSG(ptrace_traceme(), "PTRACE_TRACEME failed");
FAIL_IF_EXIT_MSG(raise(SIGSTOP), "Child failed to raise SIGSTOP");
} else {
/* Synchronise on child SIGSTOP */
FAIL_IF_MSG(waitpid(*pid, &status, 0) == -1, "Failed to wait for child");
FAIL_IF_MSG(!WIFSTOPPED(status), "Child is not stopped");
}
return 0;
}
/*
* Tests the interaction between ptrace and perf watching the same data.
*
* We expect ptrace to take 'priority', as it is has before-execute
* semantics.
*
* The perf counter should not be incremented yet because perf has after-execute
* semantics. E.g., if ptrace changes the child PC, we don't even execute the
* instruction at all.
*
* When the child is stopped for ptrace, we test both continue and single step.
* Both should increment the perf counter. We also test changing the PC somewhere
* different and stepping, which should not increment the perf counter.
*/
int same_watch_addr_test(void)
{
struct ppc_hw_breakpoint bp_info; /* ptrace breakpoint info */
int bp_id; /* Breakpoint handle of ptrace watchpoint */
int perf_fd; /* File descriptor of perf performance counter */
u64 perf_count; /* Most recently fetched perf performance counter value */
pid_t pid; /* PID of child process */
void *pc; /* Most recently fetched child PC value */
int status; /* Stop status of child after waitpid */
unsigned long value; /* Dummy value to be read/written to by child */
int err;
err = ptrace_fork_child(&pid);
if (err)
return err;
if (!pid) {
same_watch_addr_child(&value);
exit(1);
}
err = check_watchpoints(pid);
if (err)
return err;
/* Place a perf watchpoint counter on value */
perf_fd = perf_watchpoint_open(pid, &value, sizeof(value));
FAIL_IF_MSG(perf_fd < 0, "Failed to open perf performance counter");
/* Place a ptrace watchpoint on value */
ppc_ptrace_init_breakpoint(&bp_info, PPC_BREAKPOINT_TRIGGER_READ, &value, sizeof(value));
bp_id = ppc_ptrace_sethwdbg(pid, &bp_info);
FAIL_IF_MSG(bp_id < 0, "Failed to set ptrace watchpoint");
/* Let the child run. It should stop on the ptrace watchpoint */
FAIL_IF_MSG(ptrace_cont(pid, 0), "Failed to continue child");
FAIL_IF_MSG(waitpid(pid, &status, 0) == -1, "Failed to wait for child");
FAIL_IF_MSG(!WIFSTOPPED(status), "Child is not stopped");
FAIL_IF_MSG(ptrace_getreg_pc(pid, &pc), "Failed to get child PC");
FAIL_IF_MSG(pc != same_watch_addr_load, "Child did not stop on load instruction");
/*
* We stopped before executing the load, so perf should not have
* recorded any events yet
*/
FAIL_IF_MSG(perf_read_counter(perf_fd, &perf_count), "Failed to read perf counter");
FAIL_IF_MSG(perf_count != 0, "perf recorded unexpected event");
/* Single stepping over the load should increment the perf counter */
FAIL_IF_MSG(ptrace_singlestep(pid, 0), "Failed to single step child");
FAIL_IF_MSG(waitpid(pid, &status, 0) == -1, "Failed to wait for child");
FAIL_IF_MSG(!WIFSTOPPED(status), "Child is not stopped");
FAIL_IF_MSG(ptrace_getreg_pc(pid, &pc), "Failed to get child PC");
FAIL_IF_MSG(pc != same_watch_addr_load + 4, "Failed to single step load instruction");
FAIL_IF_MSG(perf_read_counter(perf_fd, &perf_count), "Failed to read perf counter");
FAIL_IF_MSG(perf_count != 1, "perf counter did not increment");
/*
* Set up a ptrace watchpoint on the value again and trigger it.
* The perf counter should not have incremented because we do not
* execute the load yet.
*/
FAIL_IF_MSG(ppc_ptrace_delhwdbg(pid, bp_id), "Failed to remove old ptrace watchpoint");
bp_id = ppc_ptrace_sethwdbg(pid, &bp_info);
FAIL_IF_MSG(bp_id < 0, "Failed to set ptrace watchpoint");
FAIL_IF_MSG(ptrace_setreg_pc(pid, same_watch_addr_load), "Failed to set child PC");
FAIL_IF_MSG(ptrace_cont(pid, 0), "Failed to continue child");
FAIL_IF_MSG(waitpid(pid, &status, 0) == -1, "Failed to wait for child");
FAIL_IF_MSG(!WIFSTOPPED(status), "Child is not stopped");
FAIL_IF_MSG(ptrace_getreg_pc(pid, &pc), "Failed to get child PC");
FAIL_IF_MSG(pc != same_watch_addr_load, "Child did not stop on load trap");
FAIL_IF_MSG(perf_read_counter(perf_fd, &perf_count), "Failed to read perf counter");
FAIL_IF_MSG(perf_count != 1, "perf counter should not have changed");
/* Continuing over the load should increment the perf counter */
FAIL_IF_MSG(ptrace_cont(pid, 0), "Failed to continue child");
FAIL_IF_MSG(waitpid(pid, &status, 0) == -1, "Failed to wait for child");
FAIL_IF_MSG(!WIFSTOPPED(status), "Child is not stopped");
FAIL_IF_MSG(ptrace_getreg_pc(pid, &pc), "Failed to get child PC");
FAIL_IF_MSG(pc != same_watch_addr_trap, "Child did not stop on end trap");
FAIL_IF_MSG(perf_read_counter(perf_fd, &perf_count), "Failed to read perf counter");
FAIL_IF_MSG(perf_count != 2, "perf counter did not increment");
/*
* If we set the child PC back to the load instruction, then continue,
* we should reach the end trap (because ptrace is one-shot) and have
* another perf event.
*/
FAIL_IF_MSG(ptrace_setreg_pc(pid, same_watch_addr_load), "Failed to set child PC");
FAIL_IF_MSG(ptrace_cont(pid, 0), "Failed to continue child");
FAIL_IF_MSG(waitpid(pid, &status, 0) == -1, "Failed to wait for child");
FAIL_IF_MSG(!WIFSTOPPED(status), "Child is not stopped");
FAIL_IF_MSG(ptrace_getreg_pc(pid, &pc), "Failed to get child PC");
FAIL_IF_MSG(pc != same_watch_addr_trap, "Child did not stop on end trap");
FAIL_IF_MSG(perf_read_counter(perf_fd, &perf_count), "Failed to read perf counter");
FAIL_IF_MSG(perf_count != 3, "perf counter did not increment");
/*
* If we set the child PC back to the load instruction, set a ptrace
* watchpoint on the load, then continue, we should immediately get
* the ptrace trap without incrementing the perf counter
*/
FAIL_IF_MSG(ppc_ptrace_delhwdbg(pid, bp_id), "Failed to remove old ptrace watchpoint");
bp_id = ppc_ptrace_sethwdbg(pid, &bp_info);
FAIL_IF_MSG(bp_id < 0, "Failed to set ptrace watchpoint");
FAIL_IF_MSG(ptrace_setreg_pc(pid, same_watch_addr_load), "Failed to set child PC");
FAIL_IF_MSG(ptrace_cont(pid, 0), "Failed to continue child");
FAIL_IF_MSG(waitpid(pid, &status, 0) == -1, "Failed to wait for child");
FAIL_IF_MSG(!WIFSTOPPED(status), "Child is not stopped");
FAIL_IF_MSG(ptrace_getreg_pc(pid, &pc), "Failed to get child PC");
FAIL_IF_MSG(pc != same_watch_addr_load, "Child did not stop on load instruction");
FAIL_IF_MSG(perf_read_counter(perf_fd, &perf_count), "Failed to read perf counter");
FAIL_IF_MSG(perf_count != 3, "perf counter should not have changed");
/*
* If we change the PC while stopped on the load instruction, we should
* not increment the perf counter (because ptrace is before-execute,
* perf is after-execute).
*/
FAIL_IF_MSG(ptrace_setreg_pc(pid, same_watch_addr_load + 4), "Failed to set child PC");
FAIL_IF_MSG(ptrace_cont(pid, 0), "Failed to continue child");
FAIL_IF_MSG(waitpid(pid, &status, 0) == -1, "Failed to wait for child");
FAIL_IF_MSG(!WIFSTOPPED(status), "Child is not stopped");
FAIL_IF_MSG(ptrace_getreg_pc(pid, &pc), "Failed to get child PC");
FAIL_IF_MSG(pc != same_watch_addr_trap, "Child did not stop on end trap");
FAIL_IF_MSG(perf_read_counter(perf_fd, &perf_count), "Failed to read perf counter");
FAIL_IF_MSG(perf_count != 3, "perf counter should not have changed");
/* Clean up child */
FAIL_IF_MSG(kill(pid, SIGKILL) != 0, "Failed to kill child");
return 0;
}
/*
* Tests the interaction between ptrace and perf when:
* 1. perf watches a value
* 2. ptrace watches a different value
* 3. The perf value is read, then the ptrace value is read immediately after
*
* A breakpoint implementation may accidentally misattribute/skip one of
* the ptrace or perf handlers, as interrupt based work is done after perf
* and before ptrace.
*
* We expect the perf counter to increment before the ptrace watchpoint
* triggers.
*/
int perf_then_ptrace_test(void)
{
struct ppc_hw_breakpoint bp_info; /* ptrace breakpoint info */
int bp_id; /* Breakpoint handle of ptrace watchpoint */
int perf_fd; /* File descriptor of perf performance counter */
u64 perf_count; /* Most recently fetched perf performance counter value */
pid_t pid; /* PID of child process */
void *pc; /* Most recently fetched child PC value */
int status; /* Stop status of child after waitpid */
unsigned long perf_value; /* Dummy value to be watched by perf */
unsigned long ptrace_value; /* Dummy value to be watched by ptrace */
int err;
err = ptrace_fork_child(&pid);
if (err)
return err;
/*
* If we are the child, run a subroutine that reads the perf value,
* then reads the ptrace value with consecutive load instructions
*/
if (!pid) {
perf_then_ptrace_child(&perf_value, &ptrace_value);
exit(0);
}
err = check_watchpoints(pid);
if (err)
return err;
/* Place a perf watchpoint counter */
perf_fd = perf_watchpoint_open(pid, &perf_value, sizeof(perf_value));
FAIL_IF_MSG(perf_fd < 0, "Failed to open perf performance counter");
/* Place a ptrace watchpoint */
ppc_ptrace_init_breakpoint(&bp_info, PPC_BREAKPOINT_TRIGGER_READ,
&ptrace_value, sizeof(ptrace_value));
bp_id = ppc_ptrace_sethwdbg(pid, &bp_info);
FAIL_IF_MSG(bp_id < 0, "Failed to set ptrace watchpoint");
/* Let the child run. It should stop on the ptrace watchpoint */
FAIL_IF_MSG(ptrace_cont(pid, 0), "Failed to continue child");
FAIL_IF_MSG(waitpid(pid, &status, 0) == -1, "Failed to wait for child");
FAIL_IF_MSG(!WIFSTOPPED(status), "Child is not stopped");
FAIL_IF_MSG(ptrace_getreg_pc(pid, &pc), "Failed to get child PC");
FAIL_IF_MSG(pc != perf_then_ptrace_load2, "Child did not stop on ptrace load");
/* perf should have recorded the first load */
FAIL_IF_MSG(perf_read_counter(perf_fd, &perf_count), "Failed to read perf counter");
FAIL_IF_MSG(perf_count != 1, "perf counter did not increment");
/* Clean up child */
FAIL_IF_MSG(kill(pid, SIGKILL) != 0, "Failed to kill child");
return 0;
}
int main(int argc, char *argv[])
{
int err = 0;
err |= test_harness(same_watch_addr_test, "same_watch_addr");
err |= test_harness(perf_then_ptrace_test, "perf_then_ptrace");
return err;
}
|