Make nacl_helper easily debuggable

chrome/nacl/nacl_helper_linux.cc

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 // A mini-zygote specifically for Native Client.
 
 #include "chrome/common/nacl_helper_linux.h"
 
 #include <errno.h>
+#include <link.h>
 #include <stdlib.h>
 #include <sys/socket.h>
 #include <sys/types.h>
 
 #include <string>
 #include <vector>
 
 #include "base/at_exit.h"
 #include "base/command_line.h"
 #include "base/eintr_wrapper.h"
@@ skipping 91 matching lines @@
   if (HANDLE_EINTR(send(kNaClZygoteDescriptor,
                         &childpid, sizeof(childpid), MSG_EOR))
       != sizeof(childpid)) {
     LOG(ERROR) << "*** send() to zygote failed";
   }
 }
 
 }  // namespace
 
 static const char kNaClHelperAtZero[] = "at-zero";
+static const char kNaClHelperRDebug[] = "r_debug";
+
+/*
+ * Since we were started by the bootstrap program rather than in the
+ * usual way, the debugger cannot figure out where our executable
+ * or the dynamic linker or the shared libraries are in memory,
+ * so it won't find any symbols.  But we can fake it out to find us.
+ *
+ * The zygote passes --r_debug=0xXXXXXXXXXXXXXXXX.  The bootstrap
+ * program replaces the Xs with the address of its _r_debug
+ * structure.  The debugger will look for that symbol by name to
+ * discover the addresses of key dynamic linker data structures.
+ * Since all it knows about is the original main executable, which
+ * is the bootstrap program, it finds the symbol defined there.  The
+ * dynamic linker's structure is somewhere else, but it is filled in
+ * after initialization.  The parts that really matter to the
+ * debugger never change.  So we just copy the contents of the
+ * dynamic linker's structure into the address provided by the option.
+ * Hereafter, if someone attaches a debugger (or examines a core dump),
+ * the debugger will find all the symbols in the normal way.
+ */
+static void check_r_debug(char *argv0) {
+  std::string r_debug_switch_value =
+      CommandLine::ForCurrentProcess()->GetSwitchValueASCII(kNaClHelperRDebug);
+  if (!r_debug_switch_value.empty()) {
+    char *endp = NULL;
+    uintptr_t r_debug_addr = strtoul(r_debug_switch_value.c_str(), &endp, 0);
+    if (r_debug_addr != 0 && *endp == '\0') {
+      struct r_debug *bootstrap_r_debug = (struct r_debug *) r_debug_addr;
+      *bootstrap_r_debug = _r_debug;

[eaeltsin, 2011/11/12 01:35:23]

Neat.

A very useful complement would be to introduce command line flag to start
nacl_helper right inside gdb (similar to --plugin-launcher='xterm -title plugin
-e gdb --args' or  --renderer-cmd-prefix='xterm -title renderer -e gdb --args').

However, in this early attach case gdb might examine our fake _r_debug before it
is initialized. The danger is it will never examine it again, as all subsequent
examination of _r_debug happens on hidden breakpoint set on
_r_debug._r_brk=_dl_debug_state call during the first examination (in our case
first examination happens when _r_brk is not initialized).

Does the above make sense? If yes, we might need some _r_brk trick. And we might
want to call that new _dl_debug_state after we actually initialize our _r_debug
...

[eaeltsin, 2011/11/12 01:52:19]

Related note: if we want to support subsequent invocations of _dl_debug_state,
we should always keep these 2 _r_debug structures we have in sync ... 

On 2011/11/12 01:35:23, eaeltsin wrote:

[Mark Seaborn, 2011/11/14 20:15:41]

Is the symbol _r_debug part of the public ABI such that ld.so is guaranteed to
always export it?

+
+      /*
+       * Since the main executable (the bootstrap program) does not
+       * have a dynamic section, the debugger will not skip the
+       * first element of the link_map list as it usually would for
+       * an executable or PIE that was loaded normally.  But the
+       * dynamic linker has set l_name for the PIE to "" as is
+       * normal for the main executable.  So the debugger doesn't
+       * know which file it is.  Fill in the actual file name, which
+       * came in as our argv[0].
+       */
+      struct link_map *l = _r_debug.r_map;
+      if (l->l_name[0] == '\0')
+        l->l_name = argv0;

[Mark Seaborn, 2011/11/14 20:15:41]

I find modifying the dynamic linker's data structures like this more scary than
just copying them to a location that gdb is expected to look at. :-(

+    }
+  }
+}
 
 int main(int argc, char *argv[]) {
   CommandLine::Init(argc, argv);
   base::AtExitManager exit_manager;
   base::RandUint64();  // acquire /dev/urandom fd before sandbox is raised
   std::vector<int> empty; // for SendMsg() calls
 
+  check_r_debug(argv[0]);
+
   g_suid_sandbox_active = (NULL != getenv("SBX_D"));
 
   if (CommandLine::ForCurrentProcess()->HasSwitch(kNaClHelperAtZero)) {
     g_nacl_prereserved_sandbox_addr = (void *) (uintptr_t) 0x10000;
   }
 
   // Send the zygote a message to let it know we are ready to help
   if (!UnixDomainSocket::SendMsg(kNaClZygoteDescriptor,
                                  kNaClHelperStartupAck,
                                  sizeof(kNaClHelperStartupAck), empty)) {
@@ skipping 27 matching lines @@
       }
     }
     // if fork fails, send PID=-1 to zygote
     if (!UnixDomainSocket::SendMsg(kNaClZygoteDescriptor, &badpid,
                                    sizeof(badpid), empty)) {
       LOG(ERROR) << "*** send() to zygote failed";
     }
   }
   CHECK(false);  // This routine must not return
 }