1 /* $NetBSD: sys_process.c,v 1.80 2003/02/07 21:44:45 nathanw Exp $ */ 2 3 /*- 4 * Copyright (c) 1993 Jan-Simon Pendry. 5 * Copyright (c) 1994 Christopher G. Demetriou. All rights reserved. 6 * Copyright (c) 1982, 1986, 1989, 1993 7 * The Regents of the University of California. All rights reserved. 8 * (c) UNIX System Laboratories, Inc. 9 * All or some portions of this file are derived from material licensed 10 * to the University of California by American Telephone and Telegraph 11 * Co. or Unix System Laboratories, Inc. and are reproduced herein with 12 * the permission of UNIX System Laboratories, Inc. 13 * 14 * This code is derived from software contributed to Berkeley by 15 * Jan-Simon Pendry. 16 * 17 * Redistribution and use in source and binary forms, with or without 18 * modification, are permitted provided that the following conditions 19 * are met: 20 * 1. Redistributions of source code must retain the above copyright 21 * notice, this list of conditions and the following disclaimer. 22 * 2. Redistributions in binary form must reproduce the above copyright 23 * notice, this list of conditions and the following disclaimer in the 24 * documentation and/or other materials provided with the distribution. 25 * 3. All advertising materials mentioning features or use of this software 26 * must display the following acknowledgement: 27 * This product includes software developed by the University of 28 * California, Berkeley and its contributors. 29 * 4. Neither the name of the University nor the names of its contributors 30 * may be used to endorse or promote products derived from this software 31 * without specific prior written permission. 32 * 33 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 34 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 35 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 36 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 37 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 38 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 39 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 40 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 41 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 42 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 43 * SUCH DAMAGE. 44 * 45 * from: @(#)sys_process.c 8.1 (Berkeley) 6/10/93 46 */ 47 48 /* 49 * References: 50 * (1) Bach's "The Design of the UNIX Operating System", 51 * (2) sys/miscfs/procfs from UCB's 4.4BSD-Lite distribution, 52 * (3) the "4.4BSD Programmer's Reference Manual" published 53 * by USENIX and O'Reilly & Associates. 54 * The 4.4BSD PRM does a reasonably good job of documenting what the various 55 * ptrace() requests should actually do, and its text is quoted several times 56 * in this file. 57 */ 58 59 #include <sys/cdefs.h> 60 __KERNEL_RCSID(0, "$NetBSD: sys_process.c,v 1.80 2003/02/07 21:44:45 nathanw Exp $"); 61 62 #include <sys/param.h> 63 #include <sys/systm.h> 64 #include <sys/proc.h> 65 #include <sys/errno.h> 66 #include <sys/ptrace.h> 67 #include <sys/uio.h> 68 #include <sys/user.h> 69 #include <sys/ras.h> 70 71 #include <sys/mount.h> 72 #include <sys/sa.h> 73 #include <sys/syscallargs.h> 74 75 #include <uvm/uvm_extern.h> 76 77 #include <machine/reg.h> 78 79 /* Macros to clear/set/test flags. */ 80 #define SET(t, f) (t) |= (f) 81 #define CLR(t, f) (t) &= ~(f) 82 #define ISSET(t, f) ((t) & (f)) 83 84 /* 85 * Process debugging system call. 86 */ 87 int 88 sys_ptrace(l, v, retval) 89 struct lwp *l; 90 void *v; 91 register_t *retval; 92 { 93 struct sys_ptrace_args /* { 94 syscallarg(int) req; 95 syscallarg(pid_t) pid; 96 syscallarg(caddr_t) addr; 97 syscallarg(int) data; 98 } */ *uap = v; 99 struct proc *p = l->l_proc; 100 struct lwp *lt, *lr; 101 struct proc *t; /* target process */ 102 struct uio uio; 103 struct iovec iov; 104 struct ptrace_io_desc piod; 105 int s, error, write, tmp; 106 107 /* "A foolish consistency..." XXX */ 108 if (SCARG(uap, req) == PT_TRACE_ME) 109 t = p; 110 else { 111 112 /* Find the process we're supposed to be operating on. */ 113 if ((t = pfind(SCARG(uap, pid))) == NULL) 114 return (ESRCH); 115 } 116 117 /* Can't trace a process that's currently exec'ing. */ 118 if ((t->p_flag & P_INEXEC) != 0) 119 return EAGAIN; 120 121 /* Make sure we can operate on it. */ 122 switch (SCARG(uap, req)) { 123 case PT_TRACE_ME: 124 /* Saying that you're being traced is always legal. */ 125 break; 126 127 case PT_ATTACH: 128 case PT_DUMPCORE: 129 /* 130 * You can't attach to a process if: 131 * (1) it's the process that's doing the attaching, 132 */ 133 if (t->p_pid == p->p_pid) 134 return (EINVAL); 135 136 /* 137 * (2) it's a system process 138 */ 139 if (t->p_flag & P_SYSTEM) 140 return (EPERM); 141 142 /* 143 * (3) it's already being traced, or 144 */ 145 if (ISSET(t->p_flag, P_TRACED)) 146 return (EBUSY); 147 148 /* 149 * (4) it's not owned by you, or is set-id on exec 150 * (unless you're root), or... 151 */ 152 if ((t->p_cred->p_ruid != p->p_cred->p_ruid || 153 ISSET(t->p_flag, P_SUGID)) && 154 (error = suser(p->p_ucred, &p->p_acflag)) != 0) 155 return (error); 156 157 /* 158 * (5) ...it's init, which controls the security level 159 * of the entire system, and the system was not 160 * compiled with permanently insecure mode turned on 161 */ 162 if (t == initproc && securelevel > -1) 163 return (EPERM); 164 165 /* 166 * (6) the tracer is chrooted, and its root directory is 167 * not at or above the root directory of the tracee 168 */ 169 170 if (!proc_isunder(t, p)) 171 return EPERM; 172 break; 173 174 case PT_READ_I: 175 case PT_READ_D: 176 case PT_WRITE_I: 177 case PT_WRITE_D: 178 case PT_CONTINUE: 179 case PT_IO: 180 case PT_KILL: 181 case PT_DETACH: 182 #ifdef PT_STEP 183 case PT_STEP: 184 #endif 185 #ifdef PT_GETREGS 186 case PT_GETREGS: 187 #endif 188 #ifdef PT_SETREGS 189 case PT_SETREGS: 190 #endif 191 #ifdef PT_GETFPREGS 192 case PT_GETFPREGS: 193 #endif 194 #ifdef PT_SETFPREGS 195 case PT_SETFPREGS: 196 #endif 197 198 #ifdef __HAVE_PTRACE_MACHDEP 199 PTRACE_MACHDEP_REQUEST_CASES 200 #endif 201 202 /* 203 * You can't do what you want to the process if: 204 * (1) It's not being traced at all, 205 */ 206 if (!ISSET(t->p_flag, P_TRACED)) 207 return (EPERM); 208 209 /* 210 * (2) it's being traced by procfs (which has 211 * different signal delivery semantics), 212 */ 213 if (ISSET(t->p_flag, P_FSTRACE)) 214 return (EBUSY); 215 216 /* 217 * (3) it's not being traced by _you_, or 218 */ 219 if (t->p_pptr != p) 220 return (EBUSY); 221 222 /* 223 * (4) it's not currently stopped. 224 */ 225 if (t->p_stat != SSTOP || !ISSET(t->p_flag, P_WAITED)) 226 return (EBUSY); 227 break; 228 229 default: /* It was not a legal request. */ 230 return (EINVAL); 231 } 232 233 /* Do single-step fixup if needed. */ 234 FIX_SSTEP(t); 235 236 /* 237 * XXX NJWLWP 238 * 239 * The entire ptrace interface needs work to be useful to a 240 * process with multiple LWPs. For the moment, we'll kluge 241 * this; memory access will be fine, but register access will 242 * be weird. 243 */ 244 245 lt = proc_representative_lwp(t); 246 247 /* Now do the operation. */ 248 write = 0; 249 *retval = 0; 250 tmp = 0; 251 252 switch (SCARG(uap, req)) { 253 case PT_TRACE_ME: 254 /* Just set the trace flag. */ 255 SET(t->p_flag, P_TRACED); 256 t->p_opptr = t->p_pptr; 257 return (0); 258 259 case PT_WRITE_I: /* XXX no separate I and D spaces */ 260 case PT_WRITE_D: 261 #if defined(__HAVE_RAS) 262 /* 263 * Can't write to a RAS 264 */ 265 if ((t->p_nras != 0) && 266 (ras_lookup(t, SCARG(uap, addr)) != (caddr_t)-1)) { 267 return (EACCES); 268 } 269 #endif 270 write = 1; 271 tmp = SCARG(uap, data); 272 case PT_READ_I: /* XXX no separate I and D spaces */ 273 case PT_READ_D: 274 /* write = 0 done above. */ 275 iov.iov_base = (caddr_t)&tmp; 276 iov.iov_len = sizeof(tmp); 277 uio.uio_iov = &iov; 278 uio.uio_iovcnt = 1; 279 uio.uio_offset = (off_t)(long)SCARG(uap, addr); 280 uio.uio_resid = sizeof(tmp); 281 uio.uio_segflg = UIO_SYSSPACE; 282 uio.uio_rw = write ? UIO_WRITE : UIO_READ; 283 uio.uio_procp = p; 284 error = process_domem(p, t, &uio); 285 if (!write) 286 *retval = tmp; 287 return (error); 288 289 case PT_IO: 290 error = copyin(SCARG(uap, addr), &piod, sizeof(piod)); 291 if (error) 292 return (error); 293 iov.iov_base = piod.piod_addr; 294 iov.iov_len = piod.piod_len; 295 uio.uio_iov = &iov; 296 uio.uio_iovcnt = 1; 297 uio.uio_offset = (off_t)(long)piod.piod_offs; 298 uio.uio_resid = piod.piod_len; 299 uio.uio_segflg = UIO_USERSPACE; 300 uio.uio_procp = p; 301 switch (piod.piod_op) { 302 case PIOD_READ_D: 303 case PIOD_READ_I: 304 uio.uio_rw = UIO_READ; 305 break; 306 case PIOD_WRITE_D: 307 case PIOD_WRITE_I: 308 uio.uio_rw = UIO_WRITE; 309 break; 310 default: 311 return (EINVAL); 312 } 313 error = process_domem(p, t, &uio); 314 piod.piod_len -= uio.uio_resid; 315 (void) copyout(&piod, SCARG(uap, addr), sizeof(piod)); 316 return (error); 317 318 case PT_DUMPCORE: 319 return coredump(lt); 320 321 #ifdef PT_STEP 322 case PT_STEP: 323 /* 324 * From the 4.4BSD PRM: 325 * "Execution continues as in request PT_CONTINUE; however 326 * as soon as possible after execution of at least one 327 * instruction, execution stops again. [ ... ]" 328 */ 329 #endif 330 case PT_CONTINUE: 331 case PT_DETACH: 332 /* 333 * From the 4.4BSD PRM: 334 * "The data argument is taken as a signal number and the 335 * child's execution continues at location addr as if it 336 * incurred that signal. Normally the signal number will 337 * be either 0 to indicate that the signal that caused the 338 * stop should be ignored, or that value fetched out of 339 * the process's image indicating which signal caused 340 * the stop. If addr is (int *)1 then execution continues 341 * from where it stopped." 342 */ 343 344 /* Check that the data is a valid signal number or zero. */ 345 if (SCARG(uap, data) < 0 || SCARG(uap, data) >= NSIG) 346 return (EINVAL); 347 348 PHOLD(lt); 349 350 /* If the address parameter is not (int *)1, set the pc. */ 351 if ((int *)SCARG(uap, addr) != (int *)1) 352 if ((error = process_set_pc(lt, SCARG(uap, addr))) != 0) 353 goto relebad; 354 355 #ifdef PT_STEP 356 /* 357 * Arrange for a single-step, if that's requested and possible. 358 */ 359 error = process_sstep(lt, SCARG(uap, req) == PT_STEP); 360 if (error) 361 goto relebad; 362 #endif 363 364 PRELE(lt); 365 366 if (SCARG(uap, req) == PT_DETACH) { 367 /* give process back to original parent or init */ 368 if (t->p_opptr != t->p_pptr) { 369 struct proc *pp = t->p_opptr; 370 proc_reparent(t, pp ? pp : initproc); 371 } 372 373 /* not being traced any more */ 374 t->p_opptr = NULL; 375 CLR(t->p_flag, P_TRACED|P_WAITED); 376 } 377 378 sendsig: 379 /* Finally, deliver the requested signal (or none). */ 380 if (t->p_stat == SSTOP) { 381 t->p_xstat = SCARG(uap, data); 382 SCHED_LOCK(s); 383 lr = proc_unstop(t); 384 /* 385 * If the target needs to take a signal, there 386 * is no running LWP that will see it, and 387 * there is a LWP sleeping interruptably, then 388 * get it moving. 389 */ 390 if (lr && (t->p_xstat != 0)) 391 setrunnable(lr); 392 SCHED_UNLOCK(s); 393 } else { 394 if (SCARG(uap, data) != 0) 395 psignal(t, SCARG(uap, data)); 396 } 397 return (0); 398 399 relebad: 400 PRELE(lt); 401 return (error); 402 403 case PT_KILL: 404 /* just send the process a KILL signal. */ 405 SCARG(uap, data) = SIGKILL; 406 goto sendsig; /* in PT_CONTINUE, above. */ 407 408 case PT_ATTACH: 409 /* 410 * Go ahead and set the trace flag. 411 * Save the old parent (it's reset in 412 * _DETACH, and also in kern_exit.c:wait4() 413 * Reparent the process so that the tracing 414 * proc gets to see all the action. 415 * Stop the target. 416 */ 417 SET(t->p_flag, P_TRACED); 418 t->p_opptr = t->p_pptr; 419 if (t->p_pptr != p) { 420 t->p_pptr->p_flag |= P_CHTRACED; 421 proc_reparent(t, p); 422 } 423 SCARG(uap, data) = SIGSTOP; 424 goto sendsig; 425 426 #ifdef PT_SETREGS 427 case PT_SETREGS: 428 write = 1; 429 #endif 430 #ifdef PT_GETREGS 431 case PT_GETREGS: 432 /* write = 0 done above. */ 433 #endif 434 #if defined(PT_SETREGS) || defined(PT_GETREGS) 435 tmp = SCARG(uap, data); 436 if (tmp != 0 && t->p_nlwps > 1) { 437 LIST_FOREACH(lt, &t->p_lwps, l_sibling) 438 if (lt->l_lid == tmp) 439 break; 440 if (lt == NULL) 441 return (ESRCH); 442 } 443 if (!process_validregs(t)) 444 return (EINVAL); 445 else { 446 iov.iov_base = SCARG(uap, addr); 447 iov.iov_len = sizeof(struct reg); 448 uio.uio_iov = &iov; 449 uio.uio_iovcnt = 1; 450 uio.uio_offset = 0; 451 uio.uio_resid = sizeof(struct reg); 452 uio.uio_segflg = UIO_USERSPACE; 453 uio.uio_rw = write ? UIO_WRITE : UIO_READ; 454 uio.uio_procp = p; 455 return (process_doregs(p, lt, &uio)); 456 } 457 #endif 458 459 #ifdef PT_SETFPREGS 460 case PT_SETFPREGS: 461 write = 1; 462 #endif 463 #ifdef PT_GETFPREGS 464 case PT_GETFPREGS: 465 /* write = 0 done above. */ 466 #endif 467 #if defined(PT_SETFPREGS) || defined(PT_GETFPREGS) 468 tmp = SCARG(uap, data); 469 if (tmp != 0 && t->p_nlwps > 1) { 470 LIST_FOREACH(lt, &t->p_lwps, l_sibling) 471 if (lt->l_lid == tmp) 472 break; 473 if (lt == NULL) 474 return (ESRCH); 475 } 476 if (!process_validfpregs(t)) 477 return (EINVAL); 478 else { 479 iov.iov_base = SCARG(uap, addr); 480 iov.iov_len = sizeof(struct fpreg); 481 uio.uio_iov = &iov; 482 uio.uio_iovcnt = 1; 483 uio.uio_offset = 0; 484 uio.uio_resid = sizeof(struct fpreg); 485 uio.uio_segflg = UIO_USERSPACE; 486 uio.uio_rw = write ? UIO_WRITE : UIO_READ; 487 uio.uio_procp = p; 488 return (process_dofpregs(p, lt, &uio)); 489 } 490 #endif 491 492 #ifdef __HAVE_PTRACE_MACHDEP 493 PTRACE_MACHDEP_REQUEST_CASES 494 return (ptrace_machdep_dorequest(p, lt, 495 SCARG(uap, req), SCARG(uap, addr), 496 SCARG(uap, data))); 497 #endif 498 } 499 500 #ifdef DIAGNOSTIC 501 panic("ptrace: impossible"); 502 #endif 503 return 0; 504 } 505 506 int 507 process_doregs(curp, l, uio) 508 struct proc *curp; /* tracer */ 509 struct lwp *l; /* traced */ 510 struct uio *uio; 511 { 512 #if defined(PT_GETREGS) || defined(PT_SETREGS) 513 int error; 514 struct reg r; 515 char *kv; 516 int kl; 517 518 if ((error = process_checkioperm(curp, l->l_proc)) != 0) 519 return error; 520 521 kl = sizeof(r); 522 kv = (char *) &r; 523 524 kv += uio->uio_offset; 525 kl -= uio->uio_offset; 526 if (kl < 0) 527 return (EINVAL); 528 if ((size_t) kl > uio->uio_resid) 529 kl = uio->uio_resid; 530 531 PHOLD(l); 532 533 error = process_read_regs(l, &r); 534 if (error == 0) 535 error = uiomove(kv, kl, uio); 536 if (error == 0 && uio->uio_rw == UIO_WRITE) { 537 if (l->l_stat != LSSTOP) 538 error = EBUSY; 539 else 540 error = process_write_regs(l, &r); 541 } 542 543 PRELE(l); 544 545 uio->uio_offset = 0; 546 return (error); 547 #else 548 return (EINVAL); 549 #endif 550 } 551 552 int 553 process_validregs(p) 554 struct proc *p; 555 { 556 557 #if defined(PT_SETREGS) || defined(PT_GETREGS) 558 return ((p->p_flag & P_SYSTEM) == 0); 559 #else 560 return (0); 561 #endif 562 } 563 564 int 565 process_dofpregs(curp, l, uio) 566 struct proc *curp; /* tracer */ 567 struct lwp *l; /* traced */ 568 struct uio *uio; 569 { 570 #if defined(PT_GETFPREGS) || defined(PT_SETFPREGS) 571 int error; 572 struct fpreg r; 573 char *kv; 574 int kl; 575 576 if ((error = process_checkioperm(curp, l->l_proc)) != 0) 577 return (error); 578 579 kl = sizeof(r); 580 kv = (char *) &r; 581 582 kv += uio->uio_offset; 583 kl -= uio->uio_offset; 584 if (kl < 0) 585 return (EINVAL); 586 if ((size_t) kl > uio->uio_resid) 587 kl = uio->uio_resid; 588 589 PHOLD(l); 590 591 error = process_read_fpregs(l, &r); 592 if (error == 0) 593 error = uiomove(kv, kl, uio); 594 if (error == 0 && uio->uio_rw == UIO_WRITE) { 595 if (l->l_stat != LSSTOP) 596 error = EBUSY; 597 else 598 error = process_write_fpregs(l, &r); 599 } 600 601 PRELE(l); 602 603 uio->uio_offset = 0; 604 return (error); 605 #else 606 return (EINVAL); 607 #endif 608 } 609 610 int 611 process_validfpregs(p) 612 struct proc *p; 613 { 614 615 #if defined(PT_SETFPREGS) || defined(PT_GETFPREGS) 616 return ((p->p_flag & P_SYSTEM) == 0); 617 #else 618 return (0); 619 #endif 620 } 621 622 int 623 process_domem(curp, p, uio) 624 struct proc *curp; /* tracer */ 625 struct proc *p; /* traced */ 626 struct uio *uio; 627 { 628 int error; 629 630 size_t len; 631 #ifdef PMAP_NEED_PROCWR 632 vaddr_t addr; 633 #endif 634 635 len = uio->uio_resid; 636 637 if (len == 0) 638 return (0); 639 640 #ifdef PMAP_NEED_PROCWR 641 addr = uio->uio_offset; 642 #endif 643 644 if ((error = process_checkioperm(curp, p)) != 0) 645 return (error); 646 647 /* XXXCDC: how should locking work here? */ 648 if ((p->p_flag & P_WEXIT) || (p->p_vmspace->vm_refcnt < 1)) 649 return(EFAULT); 650 p->p_vmspace->vm_refcnt++; /* XXX */ 651 error = uvm_io(&p->p_vmspace->vm_map, uio); 652 uvmspace_free(p->p_vmspace); 653 654 #ifdef PMAP_NEED_PROCWR 655 if (uio->uio_rw == UIO_WRITE) 656 pmap_procwr(p, addr, len); 657 #endif 658 return (error); 659 } 660 661 /* 662 * Ensure that a process has permission to perform I/O on another. 663 * Arguments: 664 * p The process wishing to do the I/O (the tracer). 665 * t The process who's memory/registers will be read/written. 666 */ 667 int 668 process_checkioperm(p, t) 669 struct proc *p, *t; 670 { 671 int error; 672 673 /* 674 * You cannot attach to a processes mem/regs if: 675 * 676 * (1) It is currently exec'ing 677 */ 678 if (ISSET(t->p_flag, P_INEXEC)) 679 return (EAGAIN); 680 681 /* 682 * (2) it's not owned by you, or is set-id on exec 683 * (unless you're root), or... 684 */ 685 if ((t->p_cred->p_ruid != p->p_cred->p_ruid || 686 ISSET(t->p_flag, P_SUGID)) && 687 (error = suser(p->p_ucred, &p->p_acflag)) != 0) 688 return (error); 689 690 /* 691 * (3) ...it's init, which controls the security level 692 * of the entire system, and the system was not 693 * compiled with permanetly insecure mode turned on. 694 */ 695 if (t == initproc && securelevel > -1) 696 return (EPERM); 697 698 /* 699 * (4) the tracer is chrooted, and its root directory is 700 * not at or above the root directory of the tracee 701 */ 702 if (!proc_isunder(t, p)) 703 return (EPERM); 704 705 return (0); 706 } 707