Use PT_INTERP to find the dynamic linker/program interpreter and record that information in the trace, for later use by --serve-files.

Author: khuey

src/AddressSpace.h

@@ -359,6 +359,12 @@ class AddressSpace : public HasTaskSet {
    */
   const std::string& exe_image() const { return exe; }
 
+  const std::string& interp_name() const { return interp_name_; }
+  void set_interp_name(std::string name) { interp_name_ = name; }
+
+  remote_ptr<void> interp_base() const { return interp_base_; }
+  void set_interp_base(remote_ptr<void> base) { interp_base_ = base; }
+
   /**
    * Assuming the last retired instruction has raised a SIGTRAP
    * and might be a breakpoint trap instruction, return the type
@@ -1080,6 +1086,10 @@ class AddressSpace : public HasTaskSet {
   /* Path of the real executable image this address space was
    * exec()'d with. */
   std::string exe;
+  /* Path of the intepreter, if any, of exe. */
+  std::string interp_name_;
+  /* Base address of the interpeter (might be null!) */
+  remote_ptr<void> interp_base_;
   /* Pid of first task for this address space */
   pid_t leader_tid_;
   /* Serial number of first task for this address space */

src/ElfReader.cc

@@ -24,6 +24,7 @@ class ElfReaderImplBase {
   virtual Debuglink read_debuglink() = 0;
   virtual Debugaltlink read_debugaltlink() = 0;
   virtual string read_buildid() = 0;
+  virtual string read_interp() = 0;
   virtual bool addr_to_offset(uintptr_t addr, uintptr_t& offset) = 0;
   virtual SectionOffsets find_section_file_offsets(const char* name) = 0;
   virtual const vector<uint8_t>* decompress_section(SectionOffsets offsets) = 0;
@@ -44,15 +45,19 @@ template <typename Arch> class ElfReaderImpl : public ElfReaderImplBase {
   virtual Debuglink read_debuglink() override;
   virtual Debugaltlink read_debugaltlink() override;
   virtual string read_buildid() override;
+  virtual string read_interp() override;
   virtual bool addr_to_offset(uintptr_t addr, uintptr_t& offset) override;
   virtual SectionOffsets find_section_file_offsets(const char* name) override;
   virtual const vector<uint8_t>* decompress_section(SectionOffsets offsets) override;
 
 private:
   const typename Arch::ElfShdr* find_section(const char* n);
+  const typename Arch::ElfPhdr* find_programheader(uint32_t pt);
 
   const typename Arch::ElfEhdr* elfheader;
+  const typename Arch::ElfPhdr* programheader;
   const typename Arch::ElfShdr* sections;
+  size_t programheader_size;
   size_t sections_size;
   vector<char> section_names;
 };
@@ -75,11 +80,20 @@ ElfReaderImpl<Arch>::ElfReaderImpl(ElfReader& r) : ElfReaderImplBase(r) {
       elfheader->e_ident[EI_DATA] != Arch::elfendian ||
       elfheader->e_machine != Arch::elfmachine ||
       elfheader->e_shentsize != sizeof(typename Arch::ElfShdr) ||
+      elfheader->e_phentsize != sizeof(typename Arch::ElfPhdr) ||
       elfheader->e_shstrndx >= elfheader->e_shnum) {
     LOG(debug) << "Invalid ELF file: invalid header";
     return;
   }
 
+  programheader =
+      r.read<typename Arch::ElfPhdr>(elfheader->e_phoff, elfheader->e_phnum);
+  if (!programheader || !elfheader->e_phnum) {
+    LOG(debug) << "Invalid ELF file: no program headers";
+    return;
+  }
+  programheader_size = elfheader->e_phnum;
+
   sections =
       r.read<typename Arch::ElfShdr>(elfheader->e_shoff, elfheader->e_shnum);
   if (!sections || !elfheader->e_shnum) {
@@ -103,6 +117,23 @@ ElfReaderImpl<Arch>::ElfReaderImpl(ElfReader& r) : ElfReaderImplBase(r) {
   ok_ = true;
 }
 
+template <typename Arch>
+const typename Arch::ElfPhdr* ElfReaderImpl<Arch>::find_programheader(uint32_t pt) {
+  const typename Arch::ElfPhdr* ph = nullptr;
+
+  for (size_t i = 0; i < programheader_size; ++i) {
+    auto& p = programheader[i];
+    if (p.p_type == pt) {
+      ph = &p;
+    }
+  }
+
+  if (!ph) {
+    LOG(debug) << "Missing program header " << pt;
+  }
+  return ph;
+}
+
 template <typename Arch>
 const typename Arch::ElfShdr* ElfReaderImpl<Arch>::find_section(const char* n) {
   const typename Arch::ElfShdr* section = nullptr;
@@ -438,6 +469,28 @@ string ElfReaderImpl<Arch>::read_buildid() {
   return result;
 }
 
+template <typename Arch>
+string ElfReaderImpl<Arch>::read_interp() {
+  string result;
+  if (!ok()) {
+    return result;
+  }
+
+  const typename Arch::ElfPhdr* ph = find_programheader(PT_INTERP);
+  if (!ph) {
+    return result;
+  }
+
+  const char* file_name = r.read<char>(ph->p_offset, ph->p_filesz);
+  if (!file_name) {
+    LOG(warn) << "Invalid ELF file: can't read PT_INTERP";
+    return result;
+  }
+
+  null_terminated(file_name, ph->p_filesz, result);
+  return result;
+}
+
 template <typename Arch>
 bool ElfReaderImpl<Arch>::addr_to_offset(uintptr_t addr, uintptr_t& offset) {
   for (size_t i = 0; i < sections_size; ++i) {
@@ -492,6 +545,7 @@ DwarfSpan ElfReader::dwarf_section(const char* name, bool known_to_be_compressed
 }
 
 string ElfReader::read_buildid() { return impl().read_buildid(); }
+string ElfReader::read_interp() { return impl().read_interp(); }
 
 bool ElfReader::addr_to_offset(uintptr_t addr, uintptr_t& offset) {
   return impl().addr_to_offset(addr, offset);

src/ElfReader.h

@@ -101,6 +101,7 @@ class ElfReader {
   Debuglink read_debuglink();
   Debugaltlink read_debugaltlink();
   std::string read_buildid();
+  std::string read_interp();
   // Returns true and sets file |offset| if ELF address |addr| is mapped from
   // a section in the ELF file.  Returns false if no section maps to
   // |addr|.  |addr| is an address indicated by the ELF file, not its

src/GdbServer.cc

@@ -2097,6 +2097,10 @@ int GdbServer::open_file(Session& session, Task* continue_task, const std::strin
   // XXX should we require file_scope_pid == 0 here?
   ScopedFd contents;
 
+  if (file_name.empty()) {
+    return -1;
+  }
+
   LOG(debug) << "Trying to open " << file_name;
 
   if (file_name.substr(0, 6) == "/proc/") {
@@ -2123,6 +2127,17 @@ int GdbServer::open_file(Session& session, Task* continue_task, const std::strin
     } else {
       return -1;
     }
+  } else if (file_name == continue_task->vm()->interp_name()) {
+    remote_ptr<void> interp_base = continue_task->vm()->interp_base();
+    auto m = continue_task->vm()->mapping_of(interp_base);
+    LOG(debug) << "Found dynamic linker as memory mapping " << m.recorded_map;
+    int ret_fd = 0;
+    while (files.find(ret_fd) != files.end() ||
+           memory_files.find(ret_fd) != memory_files.end()) {
+      ++ret_fd;
+    }
+    memory_files.insert(make_pair(ret_fd, FileId(m.recorded_map)));
+    return ret_fd;
   } else {
     // See if we can find the file by serving one of our mappings
     std::string normalized_file_name = file_name;
@@ -2132,9 +2147,8 @@ int GdbServer::open_file(Session& session, Task* continue_task, const std::strin
       // kernel when the process image gets loaded. We add a special case to
       // substitute the correct mapping, so gdb can find the dynamic linker
       // rendezvous structures.
-      // XXX: These don't tend to vary across systems, so hardcoding them here works
-      //      ok, but it'd be better, to just read INTERP from the main executable
-      //      and record which is the corresponding file.
+      // Use our old hack for ld from before we read PT_INTERP for backwards
+      // compat with older traces.
       if (m.recorded_map.fsname().compare(0,
             normalized_file_name.length(),
             normalized_file_name) == 0

src/TraceStream.cc

@@ -742,6 +742,8 @@ void TraceWriter::write_task_event(const TraceTaskEvent& event) {
         cmd_line.set(i, str_to_data(event_cmd_line[i]));
       }
       exec.setExeBase(event.exe_base().as_int());
+      exec.setInterpBase(event.interp_base().as_int());
+      exec.setInterpName(str_to_data(event.interp_name()));;
       break;
     }
     case TraceTaskEvent::EXIT:
@@ -802,6 +804,8 @@ TraceTaskEvent TraceReader::read_task_event(FrameTime* time) {
         r.cmd_line_[i] = data_to_str(cmd_line[i]);
       }
       r.exe_base_ = exec.getExeBase();
+      r.interp_base_ = exec.getInterpBase();
+      r.interp_name_ = data_to_str(exec.getInterpName());
       break;
     }
     case trace::TaskEvent::Which::EXIT:

src/TraceTaskEvent.h

@@ -88,6 +88,23 @@ class TraceTaskEvent {
     DEBUG_ASSERT(type() == EXEC);
     exe_base_ = ptr;
   }
+  // May be zero at any time.
+  remote_ptr<void> interp_base() const {
+    DEBUG_ASSERT(type() == EXEC);
+    return interp_base_;
+  }
+  void set_interp_base(remote_ptr<void> ptr) {
+    DEBUG_ASSERT(type() == EXEC);
+    interp_base_ = ptr;
+  }
+  const std::string& interp_name() const {
+    DEBUG_ASSERT(type() == EXEC);
+    return interp_name_;
+  }
+  void set_interp_name(std::string name) {
+    DEBUG_ASSERT(type() == EXEC);
+    interp_name_ = name;
+  }
   WaitStatus exit_status() const {
     DEBUG_ASSERT(type() == EXIT);
     return exit_status_;
@@ -105,6 +122,8 @@ class TraceTaskEvent {
   std::string file_name_;             // EXEC only
   std::vector<std::string> cmd_line_; // EXEC only
   remote_ptr<void> exe_base_;         // EXEC only
+  remote_ptr<void> interp_base_;      // EXEC only
+  std::string interp_name_;           // EXEC only
   WaitStatus exit_status_;            // EXIT only
 };
 

src/kernel_abi.h

@@ -241,6 +241,18 @@ struct WordSize32Defs {
     uint16_t e_shstrndx;
   } ElfEhdr;
   RR_VERIFY_TYPE_ARCH(RR_NATIVE_ARCH, ::Elf32_Ehdr, ElfEhdr);
+  typedef struct
+  {
+    uint32_t p_type;
+    uint32_t p_offset;
+    uint32_t p_vaddr;
+    uint32_t p_paddr;
+    uint32_t p_filesz;
+    uint32_t p_memsz;
+    uint32_t p_flags;
+    uint32_t p_align;
+  } ElfPhdr;
+  RR_VERIFY_TYPE_ARCH(RR_NATIVE_ARCH, ::Elf32_Phdr, ElfPhdr);
   typedef struct {
     uint32_t sh_name;
     uint32_t sh_type;
@@ -326,6 +338,18 @@ struct WordSize64Defs {
     uint16_t e_shstrndx;
   } ElfEhdr;
   RR_VERIFY_TYPE_ARCH(RR_NATIVE_ARCH, ::Elf64_Ehdr, ElfEhdr);
+  typedef struct
+  {
+    uint32_t p_type;
+    uint32_t p_flags;
+    uint64_t p_offset;
+    uint64_t p_vaddr;
+    uint64_t p_paddr;
+    uint64_t p_filesz;
+    uint64_t p_memsz;
+    uint64_t p_align;
+  } ElfPhdr;
+  RR_VERIFY_TYPE_ARCH(RR_NATIVE_ARCH, ::Elf64_Phdr, ElfPhdr);
   typedef struct {
     uint32_t sh_name;
     uint32_t sh_type;

src/record_syscall.cc

@@ -5423,17 +5423,21 @@ static uint64_t word_at(uint8_t* buf, size_t wsize) {
   return u.v;
 }
 
-static remote_ptr<void> get_exe_entry(Task* t) {
+static pair<remote_ptr<void>, remote_ptr<void>> get_exe_entry_interp_base(Task* t) {
+  remote_ptr<void> exe_entry;
+  remote_ptr<void> interp_base;
   vector<uint8_t> v = read_auxv(t);
   size_t i = 0;
   size_t wsize = word_size(t->arch());
   while ((i + 1)*wsize*2 <= v.size()) {
     if (word_at(v.data() + i*2*wsize, wsize) == AT_ENTRY) {
-      return word_at(v.data() + (i*2 + 1)*wsize, wsize);
+      exe_entry = word_at(v.data() + (i*2 + 1)*wsize, wsize);
+    } else if (word_at(v.data() + i*2*wsize, wsize) == AT_BASE) {
+      interp_base = word_at(v.data() + (i*2 + 1)*wsize, wsize);
     }
     ++i;
   }
-  return remote_ptr<void>();
+  return make_pair(exe_entry, interp_base);
 }
 
 /**
@@ -5469,6 +5473,7 @@ static void process_execve(RecordTask* t, TaskSyscallState& syscall_state) {
     return;
   }
 
+  string interp_name;
   {
     std::string exe_path = t->proc_exe_path();
     ScopedFd fd(exe_path.c_str(), O_RDONLY);
@@ -5481,6 +5486,9 @@ static void process_execve(RecordTask* t, TaskSyscallState& syscall_state) {
       FATAL() << "rr does not support the x32 ABI, but " << t->exe_path()
               << " is an x32 ABI program.";
     }
+
+    ElfFileReader reader(fd);
+    interp_name = reader.read_interp();
   }
 
   t->post_exec_syscall();
@@ -5513,8 +5521,11 @@ static void process_execve(RecordTask* t, TaskSyscallState& syscall_state) {
 
   // get the remote executable entry point
   // with the pointer, we find out which mapping is the executable
-  auto exe_entry = get_exe_entry(t);
+  auto auxv_pointers = get_exe_entry_interp_base(t);
+  auto exe_entry = auxv_pointers.first;
+  auto interp_base = auxv_pointers.second;
   ASSERT(t, !exe_entry.is_null()) << "AT_ENTRY not found";
+  // NB: A binary is not required to have an interpreter.
 
   // Write out stack mappings first since during replay we need to set up the
   // stack before any files get mapped.
@@ -5534,6 +5545,12 @@ static void process_execve(RecordTask* t, TaskSyscallState& syscall_state) {
       ASSERT(t, km.prot() & PROT_EXEC) << "Entry point not in executable code?";
       syscall_state.exec_saved_event->set_exe_base(km.start());
     }
+    if (km.start() == interp_base) {
+      t->vm()->set_interp_base(interp_base);
+      syscall_state.exec_saved_event->set_interp_base(interp_base);
+      t->vm()->set_interp_name(interp_name);
+      syscall_state.exec_saved_event->set_interp_name(interp_name);
+    }
   }
   ASSERT(t, !syscall_state.exec_saved_event->exe_base().is_null());
 

src/replay_syscall.cc

@@ -448,6 +448,8 @@ static void process_execve(ReplayTask* t, const TraceFrame& trace_frame,
                                ? kms[exe_km].fsname()
                                : datas[exe_km].file_name;
   t->post_exec_syscall(exe_name, kms[exe_km].fsname());
+  t->vm()->set_interp_base(tte.interp_base());
+  t->vm()->set_interp_name(tte.interp_name());
 
   t->fd_table()->close_after_exec(
       t, t->current_trace_frame().event().Syscall().exec_fds_to_close);

src/rr_trace.capnp

@@ -196,6 +196,9 @@ struct TaskEvent {
       # Never null (in traces that support the field)
       # Added after 5.0.0
       exeBase @8 :RemotePtr;
+      interpBase @10 :RemotePtr;
+      # Not a Path since it is only meaningful during recording
+      interpName @11 :CString;
     }
     # Most frame 'exit' events generate one of these, but these are not
     # generated if rr ends abnormally so the tasks did not in fact exit during