1 /* $NetBSD: sys_process.c,v 1.167 2016/01/09 07:52:38 dholland Exp $ */ 2 3 /*- 4 * Copyright (c) 2008, 2009 The NetBSD Foundation, Inc. 5 * All rights reserved. 6 * 7 * This code is derived from software contributed to The NetBSD Foundation 8 * by Andrew Doran. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 20 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 21 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 22 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 23 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 24 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 25 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 26 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 27 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 28 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 29 * POSSIBILITY OF SUCH DAMAGE. 30 */ 31 32 /*- 33 * Copyright (c) 1982, 1986, 1989, 1993 34 * The Regents of the University of California. All rights reserved. 35 * (c) UNIX System Laboratories, Inc. 36 * All or some portions of this file are derived from material licensed 37 * to the University of California by American Telephone and Telegraph 38 * Co. or Unix System Laboratories, Inc. and are reproduced herein with 39 * the permission of UNIX System Laboratories, Inc. 40 * 41 * This code is derived from software contributed to Berkeley by 42 * Jan-Simon Pendry. 43 * 44 * Redistribution and use in source and binary forms, with or without 45 * modification, are permitted provided that the following conditions 46 * are met: 47 * 1. Redistributions of source code must retain the above copyright 48 * notice, this list of conditions and the following disclaimer. 49 * 2. Redistributions in binary form must reproduce the above copyright 50 * notice, this list of conditions and the following disclaimer in the 51 * documentation and/or other materials provided with the distribution. 52 * 3. Neither the name of the University nor the names of its contributors 53 * may be used to endorse or promote products derived from this software 54 * without specific prior written permission. 55 * 56 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 57 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 58 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 59 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 60 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 61 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 62 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 63 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 64 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 65 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 66 * SUCH DAMAGE. 67 * 68 * from: @(#)sys_process.c 8.1 (Berkeley) 6/10/93 69 */ 70 71 /*- 72 * Copyright (c) 1993 Jan-Simon Pendry. 73 * Copyright (c) 1994 Christopher G. Demetriou. All rights reserved. 74 * 75 * This code is derived from software contributed to Berkeley by 76 * Jan-Simon Pendry. 77 * 78 * Redistribution and use in source and binary forms, with or without 79 * modification, are permitted provided that the following conditions 80 * are met: 81 * 1. Redistributions of source code must retain the above copyright 82 * notice, this list of conditions and the following disclaimer. 83 * 2. Redistributions in binary form must reproduce the above copyright 84 * notice, this list of conditions and the following disclaimer in the 85 * documentation and/or other materials provided with the distribution. 86 * 3. All advertising materials mentioning features or use of this software 87 * must display the following acknowledgement: 88 * This product includes software developed by the University of 89 * California, Berkeley and its contributors. 90 * 4. Neither the name of the University nor the names of its contributors 91 * may be used to endorse or promote products derived from this software 92 * without specific prior written permission. 93 * 94 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 95 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 96 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 97 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 98 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 99 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 100 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 101 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 102 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 103 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 104 * SUCH DAMAGE. 105 * 106 * from: @(#)sys_process.c 8.1 (Berkeley) 6/10/93 107 */ 108 109 /* 110 * References: 111 * (1) Bach's "The Design of the UNIX Operating System", 112 * (2) sys/miscfs/procfs from UCB's 4.4BSD-Lite distribution, 113 * (3) the "4.4BSD Programmer's Reference Manual" published 114 * by USENIX and O'Reilly & Associates. 115 * The 4.4BSD PRM does a reasonably good job of documenting what the various 116 * ptrace() requests should actually do, and its text is quoted several times 117 * in this file. 118 */ 119 120 #include <sys/cdefs.h> 121 __KERNEL_RCSID(0, "$NetBSD: sys_process.c,v 1.167 2016/01/09 07:52:38 dholland Exp $"); 122 123 #include "opt_ptrace.h" 124 #include "opt_ktrace.h" 125 126 #include <sys/param.h> 127 #include <sys/systm.h> 128 #include <sys/proc.h> 129 #include <sys/errno.h> 130 #include <sys/exec.h> 131 #include <sys/ptrace.h> 132 #include <sys/uio.h> 133 #include <sys/ras.h> 134 #include <sys/kmem.h> 135 #include <sys/kauth.h> 136 #include <sys/mount.h> 137 #include <sys/syscallargs.h> 138 139 #include <uvm/uvm_extern.h> 140 141 #include <machine/reg.h> 142 143 #ifdef PTRACE 144 145 # ifdef DEBUG 146 # define DPRINTF(a) uprintf a 147 # else 148 # define DPRINTF(a) 149 # endif 150 151 static kauth_listener_t ptrace_listener; 152 #ifdef PTRACE 153 static int process_auxv_offset(struct proc *, struct uio *); 154 #endif 155 156 static int 157 ptrace_listener_cb(kauth_cred_t cred, kauth_action_t action, void *cookie, 158 void *arg0, void *arg1, void *arg2, void *arg3) 159 { 160 struct proc *p; 161 int result; 162 163 result = KAUTH_RESULT_DEFER; 164 p = arg0; 165 166 if (action != KAUTH_PROCESS_PTRACE) 167 return result; 168 169 switch ((u_long)arg1) { 170 case PT_TRACE_ME: 171 case PT_ATTACH: 172 case PT_WRITE_I: 173 case PT_WRITE_D: 174 case PT_READ_I: 175 case PT_READ_D: 176 case PT_IO: 177 #ifdef PT_GETREGS 178 case PT_GETREGS: 179 #endif 180 #ifdef PT_SETREGS 181 case PT_SETREGS: 182 #endif 183 #ifdef PT_GETFPREGS 184 case PT_GETFPREGS: 185 #endif 186 #ifdef PT_SETFPREGS 187 case PT_SETFPREGS: 188 #endif 189 case PT_SET_EVENT_MASK: 190 case PT_GET_EVENT_MASK: 191 case PT_GET_PROCESS_STATE: 192 #ifdef __HAVE_PTRACE_MACHDEP 193 PTRACE_MACHDEP_REQUEST_CASES 194 #endif 195 if (kauth_cred_getuid(cred) != kauth_cred_getuid(p->p_cred) || 196 ISSET(p->p_flag, PK_SUGID)) { 197 break; 198 } 199 200 result = KAUTH_RESULT_ALLOW; 201 202 break; 203 204 #ifdef PT_STEP 205 case PT_STEP: 206 #endif 207 case PT_CONTINUE: 208 case PT_KILL: 209 case PT_DETACH: 210 case PT_LWPINFO: 211 case PT_SYSCALL: 212 case PT_SYSCALLEMU: 213 case PT_DUMPCORE: 214 result = KAUTH_RESULT_ALLOW; 215 break; 216 217 default: 218 break; 219 } 220 221 return result; 222 } 223 224 void 225 ptrace_init(void) 226 { 227 228 ptrace_listener = kauth_listen_scope(KAUTH_SCOPE_PROCESS, 229 ptrace_listener_cb, NULL); 230 } 231 232 /* 233 * Process debugging system call. 234 */ 235 int 236 sys_ptrace(struct lwp *l, const struct sys_ptrace_args *uap, register_t *retval) 237 { 238 /* { 239 syscallarg(int) req; 240 syscallarg(pid_t) pid; 241 syscallarg(void *) addr; 242 syscallarg(int) data; 243 } */ 244 struct proc *p = l->l_proc; 245 struct lwp *lt; 246 #ifdef PT_STEP 247 struct lwp *lt2; 248 #endif 249 struct proc *t; /* target process */ 250 struct uio uio; 251 struct iovec iov; 252 struct ptrace_io_desc piod; 253 struct ptrace_event pe; 254 struct ptrace_state ps; 255 struct ptrace_lwpinfo pl; 256 struct vmspace *vm; 257 int error, write, tmp, req, pheld; 258 int signo = 0; 259 int resume_all; 260 ksiginfo_t ksi; 261 char *path; 262 int len = 0; 263 264 error = 0; 265 req = SCARG(uap, req); 266 267 /* 268 * If attaching or detaching, we need to get a write hold on the 269 * proclist lock so that we can re-parent the target process. 270 */ 271 mutex_enter(proc_lock); 272 273 /* "A foolish consistency..." XXX */ 274 if (req == PT_TRACE_ME) { 275 t = p; 276 mutex_enter(t->p_lock); 277 } else { 278 /* Find the process we're supposed to be operating on. */ 279 t = proc_find(SCARG(uap, pid)); 280 if (t == NULL) { 281 mutex_exit(proc_lock); 282 return (ESRCH); 283 } 284 285 /* XXX-elad */ 286 mutex_enter(t->p_lock); 287 error = kauth_authorize_process(l->l_cred, KAUTH_PROCESS_CANSEE, 288 t, KAUTH_ARG(KAUTH_REQ_PROCESS_CANSEE_ENTRY), NULL, NULL); 289 if (error) { 290 mutex_exit(proc_lock); 291 mutex_exit(t->p_lock); 292 return (ESRCH); 293 } 294 } 295 296 /* 297 * Grab a reference on the process to prevent it from execing or 298 * exiting. 299 */ 300 if (!rw_tryenter(&t->p_reflock, RW_READER)) { 301 mutex_exit(proc_lock); 302 mutex_exit(t->p_lock); 303 return EBUSY; 304 } 305 306 /* Make sure we can operate on it. */ 307 switch (req) { 308 case PT_TRACE_ME: 309 /* Saying that you're being traced is always legal. */ 310 break; 311 312 case PT_ATTACH: 313 /* 314 * You can't attach to a process if: 315 * (1) it's the process that's doing the attaching, 316 */ 317 if (t->p_pid == p->p_pid) { 318 error = EINVAL; 319 break; 320 } 321 322 /* 323 * (2) it's a system process 324 */ 325 if (t->p_flag & PK_SYSTEM) { 326 error = EPERM; 327 break; 328 } 329 330 /* 331 * (3) it's already being traced, or 332 */ 333 if (ISSET(t->p_slflag, PSL_TRACED)) { 334 error = EBUSY; 335 break; 336 } 337 338 /* 339 * (4) the tracer is chrooted, and its root directory is 340 * not at or above the root directory of the tracee 341 */ 342 mutex_exit(t->p_lock); /* XXXSMP */ 343 tmp = proc_isunder(t, l); 344 mutex_enter(t->p_lock); /* XXXSMP */ 345 if (!tmp) { 346 error = EPERM; 347 break; 348 } 349 break; 350 351 case PT_READ_I: 352 case PT_READ_D: 353 case PT_WRITE_I: 354 case PT_WRITE_D: 355 case PT_IO: 356 #ifdef PT_GETREGS 357 case PT_GETREGS: 358 #endif 359 #ifdef PT_SETREGS 360 case PT_SETREGS: 361 #endif 362 #ifdef PT_GETFPREGS 363 case PT_GETFPREGS: 364 #endif 365 #ifdef PT_SETFPREGS 366 case PT_SETFPREGS: 367 #endif 368 #ifdef __HAVE_PTRACE_MACHDEP 369 PTRACE_MACHDEP_REQUEST_CASES 370 #endif 371 /* 372 * You can't read/write the memory or registers of a process 373 * if the tracer is chrooted, and its root directory is not at 374 * or above the root directory of the tracee. 375 */ 376 mutex_exit(t->p_lock); /* XXXSMP */ 377 tmp = proc_isunder(t, l); 378 mutex_enter(t->p_lock); /* XXXSMP */ 379 if (!tmp) { 380 error = EPERM; 381 break; 382 } 383 /*FALLTHROUGH*/ 384 385 case PT_CONTINUE: 386 case PT_KILL: 387 case PT_DETACH: 388 case PT_LWPINFO: 389 case PT_SYSCALL: 390 case PT_SYSCALLEMU: 391 case PT_DUMPCORE: 392 #ifdef PT_STEP 393 case PT_STEP: 394 #endif 395 case PT_SET_EVENT_MASK: 396 case PT_GET_EVENT_MASK: 397 case PT_GET_PROCESS_STATE: 398 /* 399 * You can't do what you want to the process if: 400 * (1) It's not being traced at all, 401 */ 402 if (!ISSET(t->p_slflag, PSL_TRACED)) { 403 error = EPERM; 404 break; 405 } 406 407 /* 408 * (2) it's being traced by procfs (which has 409 * different signal delivery semantics), 410 */ 411 if (ISSET(t->p_slflag, PSL_FSTRACE)) { 412 DPRINTF(("file system traced\n")); 413 error = EBUSY; 414 break; 415 } 416 417 /* 418 * (3) it's not being traced by _you_, or 419 */ 420 if (t->p_pptr != p) { 421 DPRINTF(("parent %d != %d\n", t->p_pptr->p_pid, 422 p->p_pid)); 423 error = EBUSY; 424 break; 425 } 426 427 /* 428 * (4) it's not currently stopped. 429 */ 430 if (t->p_stat != SSTOP || !t->p_waited /* XXXSMP */) { 431 DPRINTF(("stat %d flag %d\n", t->p_stat, 432 !t->p_waited)); 433 error = EBUSY; 434 break; 435 } 436 break; 437 438 default: /* It was not a legal request. */ 439 error = EINVAL; 440 break; 441 } 442 443 if (error == 0) { 444 error = kauth_authorize_process(l->l_cred, 445 KAUTH_PROCESS_PTRACE, t, KAUTH_ARG(req), 446 NULL, NULL); 447 } 448 if (error == 0) { 449 lt = lwp_find_first(t); 450 if (lt == NULL) 451 error = ESRCH; 452 } 453 454 if (error != 0) { 455 mutex_exit(proc_lock); 456 mutex_exit(t->p_lock); 457 rw_exit(&t->p_reflock); 458 return error; 459 } 460 461 /* Do single-step fixup if needed. */ 462 FIX_SSTEP(t); 463 KASSERT(lt != NULL); 464 lwp_addref(lt); 465 466 /* 467 * Which locks do we need held? XXX Ugly. 468 */ 469 switch (req) { 470 #ifdef PT_STEP 471 case PT_STEP: 472 #endif 473 case PT_CONTINUE: 474 case PT_DETACH: 475 case PT_KILL: 476 case PT_SYSCALL: 477 case PT_SYSCALLEMU: 478 case PT_ATTACH: 479 case PT_TRACE_ME: 480 pheld = 1; 481 break; 482 default: 483 mutex_exit(proc_lock); 484 mutex_exit(t->p_lock); 485 pheld = 0; 486 break; 487 } 488 489 /* Now do the operation. */ 490 write = 0; 491 *retval = 0; 492 tmp = 0; 493 resume_all = 1; 494 495 switch (req) { 496 case PT_TRACE_ME: 497 /* Just set the trace flag. */ 498 SET(t->p_slflag, PSL_TRACED); 499 t->p_opptr = t->p_pptr; 500 break; 501 502 case PT_WRITE_I: /* XXX no separate I and D spaces */ 503 case PT_WRITE_D: 504 #if defined(__HAVE_RAS) 505 /* 506 * Can't write to a RAS 507 */ 508 if (ras_lookup(t, SCARG(uap, addr)) != (void *)-1) { 509 error = EACCES; 510 break; 511 } 512 #endif 513 write = 1; 514 tmp = SCARG(uap, data); 515 /* FALLTHROUGH */ 516 517 case PT_READ_I: /* XXX no separate I and D spaces */ 518 case PT_READ_D: 519 /* write = 0 done above. */ 520 iov.iov_base = (void *)&tmp; 521 iov.iov_len = sizeof(tmp); 522 uio.uio_iov = &iov; 523 uio.uio_iovcnt = 1; 524 uio.uio_offset = (off_t)(unsigned long)SCARG(uap, addr); 525 uio.uio_resid = sizeof(tmp); 526 uio.uio_rw = write ? UIO_WRITE : UIO_READ; 527 UIO_SETUP_SYSSPACE(&uio); 528 529 error = process_domem(l, lt, &uio); 530 if (!write) 531 *retval = tmp; 532 break; 533 534 case PT_IO: 535 error = copyin(SCARG(uap, addr), &piod, sizeof(piod)); 536 if (error) 537 break; 538 539 iov.iov_base = piod.piod_addr; 540 iov.iov_len = piod.piod_len; 541 uio.uio_iov = &iov; 542 uio.uio_iovcnt = 1; 543 uio.uio_offset = (off_t)(unsigned long)piod.piod_offs; 544 uio.uio_resid = piod.piod_len; 545 546 switch (piod.piod_op) { 547 case PIOD_READ_D: 548 case PIOD_READ_I: 549 uio.uio_rw = UIO_READ; 550 break; 551 case PIOD_WRITE_D: 552 case PIOD_WRITE_I: 553 /* 554 * Can't write to a RAS 555 */ 556 if (ras_lookup(t, SCARG(uap, addr)) != (void *)-1) { 557 return (EACCES); 558 } 559 uio.uio_rw = UIO_WRITE; 560 break; 561 case PIOD_READ_AUXV: 562 req = PT_READ_D; 563 uio.uio_rw = UIO_READ; 564 tmp = t->p_execsw->es_arglen * sizeof(char *); 565 if (uio.uio_offset > tmp) 566 return EIO; 567 if (uio.uio_resid > tmp - uio.uio_offset) 568 uio.uio_resid = tmp - uio.uio_offset; 569 piod.piod_len = iov.iov_len = uio.uio_resid; 570 error = process_auxv_offset(t, &uio); 571 if (error) 572 return error; 573 break; 574 default: 575 error = EINVAL; 576 break; 577 } 578 if (error) 579 break; 580 error = proc_vmspace_getref(l->l_proc, &vm); 581 if (error) 582 break; 583 uio.uio_vmspace = vm; 584 585 error = process_domem(l, lt, &uio); 586 piod.piod_len -= uio.uio_resid; 587 (void) copyout(&piod, SCARG(uap, addr), sizeof(piod)); 588 uvmspace_free(vm); 589 break; 590 591 case PT_DUMPCORE: 592 if ((path = SCARG(uap, addr)) != NULL) { 593 char *dst; 594 len = SCARG(uap, data); 595 596 if (len < 0 || len >= MAXPATHLEN) { 597 error = EINVAL; 598 break; 599 } 600 dst = kmem_alloc(len + 1, KM_SLEEP); 601 if ((error = copyin(path, dst, len)) != 0) { 602 kmem_free(dst, len + 1); 603 break; 604 } 605 path = dst; 606 path[len] = '\0'; 607 } 608 error = (*coredump_vec)(lt, path); 609 if (path) 610 kmem_free(path, len + 1); 611 break; 612 613 #ifdef PT_STEP 614 case PT_STEP: 615 /* 616 * From the 4.4BSD PRM: 617 * "Execution continues as in request PT_CONTINUE; however 618 * as soon as possible after execution of at least one 619 * instruction, execution stops again. [ ... ]" 620 */ 621 #endif 622 case PT_CONTINUE: 623 case PT_SYSCALL: 624 case PT_DETACH: 625 if (req == PT_SYSCALL) { 626 if (!ISSET(t->p_slflag, PSL_SYSCALL)) { 627 SET(t->p_slflag, PSL_SYSCALL); 628 #ifdef __HAVE_SYSCALL_INTERN 629 (*t->p_emul->e_syscall_intern)(t); 630 #endif 631 } 632 } else { 633 if (ISSET(t->p_slflag, PSL_SYSCALL)) { 634 CLR(t->p_slflag, PSL_SYSCALL); 635 #ifdef __HAVE_SYSCALL_INTERN 636 (*t->p_emul->e_syscall_intern)(t); 637 #endif 638 } 639 } 640 t->p_trace_enabled = trace_is_enabled(t); 641 642 /* 643 * Pick up the LWPID, if supplied. There are two cases: 644 * data < 0 : step or continue single thread, lwp = -data 645 * data > 0 in PT_STEP : step this thread, continue others 646 * For operations other than PT_STEP, data > 0 means 647 * data is the signo to deliver to the process. 648 */ 649 tmp = SCARG(uap, data); 650 if (tmp >= 0) { 651 #ifdef PT_STEP 652 if (req == PT_STEP) 653 signo = 0; 654 else 655 #endif 656 { 657 signo = tmp; 658 tmp = 0; /* don't search for LWP */ 659 } 660 } 661 else 662 tmp = -tmp; 663 664 if (tmp > 0) { 665 if (req == PT_DETACH) { 666 error = EINVAL; 667 break; 668 } 669 lwp_delref2 (lt); 670 lt = lwp_find(t, tmp); 671 if (lt == NULL) { 672 error = ESRCH; 673 break; 674 } 675 lwp_addref(lt); 676 resume_all = 0; 677 signo = 0; 678 } 679 680 /* 681 * From the 4.4BSD PRM: 682 * "The data argument is taken as a signal number and the 683 * child's execution continues at location addr as if it 684 * incurred that signal. Normally the signal number will 685 * be either 0 to indicate that the signal that caused the 686 * stop should be ignored, or that value fetched out of 687 * the process's image indicating which signal caused 688 * the stop. If addr is (int *)1 then execution continues 689 * from where it stopped." 690 */ 691 692 /* Check that the data is a valid signal number or zero. */ 693 if (signo < 0 || signo >= NSIG) { 694 error = EINVAL; 695 break; 696 } 697 698 /* If the address parameter is not (int *)1, set the pc. */ 699 if ((int *)SCARG(uap, addr) != (int *)1) { 700 error = process_set_pc(lt, SCARG(uap, addr)); 701 if (error != 0) 702 break; 703 } 704 #ifdef PT_STEP 705 /* 706 * Arrange for a single-step, if that's requested and possible. 707 * More precisely, set the single step status as requested for 708 * the requested thread, and clear it for other threads. 709 */ 710 LIST_FOREACH(lt2, &t->p_lwps, l_sibling) { 711 if (lt != lt2) 712 { 713 lwp_lock(lt2); 714 process_sstep(lt2, 0); 715 lwp_unlock(lt2); 716 } 717 } 718 error = process_sstep(lt, req == PT_STEP); 719 if (error) 720 break; 721 #endif 722 if (req == PT_DETACH) { 723 CLR(t->p_slflag, PSL_TRACED|PSL_FSTRACE|PSL_SYSCALL); 724 725 /* give process back to original parent or init */ 726 if (t->p_opptr != t->p_pptr) { 727 struct proc *pp = t->p_opptr; 728 proc_reparent(t, pp ? pp : initproc); 729 } 730 731 /* not being traced any more */ 732 t->p_opptr = NULL; 733 } 734 sendsig: 735 t->p_fpid = 0; 736 /* Finally, deliver the requested signal (or none). */ 737 if (t->p_stat == SSTOP) { 738 /* 739 * Unstop the process. If it needs to take a 740 * signal, make all efforts to ensure that at 741 * an LWP runs to see it. 742 */ 743 t->p_xstat = signo; 744 if (resume_all) 745 proc_unstop(t); 746 else 747 lwp_unstop(lt); 748 } else if (signo != 0) { 749 KSI_INIT_EMPTY(&ksi); 750 ksi.ksi_signo = signo; 751 kpsignal2(t, &ksi); 752 } 753 break; 754 755 case PT_SYSCALLEMU: 756 if (!ISSET(t->p_slflag, PSL_SYSCALL) || t->p_stat != SSTOP) { 757 error = EINVAL; 758 break; 759 } 760 SET(t->p_slflag, PSL_SYSCALLEMU); 761 break; 762 763 case PT_KILL: 764 /* just send the process a KILL signal. */ 765 signo = SIGKILL; 766 goto sendsig; /* in PT_CONTINUE, above. */ 767 768 case PT_ATTACH: 769 /* 770 * Go ahead and set the trace flag. 771 * Save the old parent (it's reset in 772 * _DETACH, and also in kern_exit.c:wait4() 773 * Reparent the process so that the tracing 774 * proc gets to see all the action. 775 * Stop the target. 776 */ 777 t->p_opptr = t->p_pptr; 778 if (t->p_pptr != p) { 779 struct proc *parent = t->p_pptr; 780 781 if (parent->p_lock < t->p_lock) { 782 if (!mutex_tryenter(parent->p_lock)) { 783 mutex_exit(t->p_lock); 784 mutex_enter(parent->p_lock); 785 mutex_enter(t->p_lock); 786 } 787 } else if (parent->p_lock > t->p_lock) { 788 mutex_enter(parent->p_lock); 789 } 790 parent->p_slflag |= PSL_CHTRACED; 791 proc_reparent(t, p); 792 if (parent->p_lock != t->p_lock) 793 mutex_exit(parent->p_lock); 794 } 795 SET(t->p_slflag, PSL_TRACED); 796 signo = SIGSTOP; 797 goto sendsig; 798 799 case PT_GET_EVENT_MASK: 800 if (SCARG(uap, data) != sizeof(pe)) { 801 DPRINTF(("ptrace(%d): %d != %zu\n", req, 802 SCARG(uap, data), sizeof(pe))); 803 error = EINVAL; 804 break; 805 } 806 memset(&pe, 0, sizeof(pe)); 807 pe.pe_set_event = ISSET(t->p_slflag, PSL_TRACEFORK) ? 808 PTRACE_FORK : 0; 809 error = copyout(&pe, SCARG(uap, addr), sizeof(pe)); 810 break; 811 812 case PT_SET_EVENT_MASK: 813 if (SCARG(uap, data) != sizeof(pe)) { 814 DPRINTF(("ptrace(%d): %d != %zu\n", req, 815 SCARG(uap, data), sizeof(pe))); 816 error = EINVAL; 817 break; 818 } 819 if ((error = copyin(SCARG(uap, addr), &pe, sizeof(pe))) != 0) 820 return error; 821 if (pe.pe_set_event & PTRACE_FORK) 822 SET(t->p_slflag, PSL_TRACEFORK); 823 else 824 CLR(t->p_slflag, PSL_TRACEFORK); 825 break; 826 827 case PT_GET_PROCESS_STATE: 828 if (SCARG(uap, data) != sizeof(ps)) { 829 DPRINTF(("ptrace(%d): %d != %zu\n", req, 830 SCARG(uap, data), sizeof(ps))); 831 error = EINVAL; 832 break; 833 } 834 memset(&ps, 0, sizeof(ps)); 835 if (t->p_fpid) { 836 ps.pe_report_event = PTRACE_FORK; 837 ps.pe_other_pid = t->p_fpid; 838 } 839 error = copyout(&ps, SCARG(uap, addr), sizeof(ps)); 840 break; 841 842 case PT_LWPINFO: 843 if (SCARG(uap, data) != sizeof(pl)) { 844 DPRINTF(("ptrace(%d): %d != %zu\n", req, 845 SCARG(uap, data), sizeof(pl))); 846 error = EINVAL; 847 break; 848 } 849 error = copyin(SCARG(uap, addr), &pl, sizeof(pl)); 850 if (error) 851 break; 852 tmp = pl.pl_lwpid; 853 lwp_delref(lt); 854 mutex_enter(t->p_lock); 855 if (tmp == 0) 856 lt = lwp_find_first(t); 857 else { 858 lt = lwp_find(t, tmp); 859 if (lt == NULL) { 860 mutex_exit(t->p_lock); 861 error = ESRCH; 862 break; 863 } 864 lt = LIST_NEXT(lt, l_sibling); 865 } 866 while (lt != NULL && !lwp_alive(lt)) 867 lt = LIST_NEXT(lt, l_sibling); 868 pl.pl_lwpid = 0; 869 pl.pl_event = 0; 870 if (lt) { 871 lwp_addref(lt); 872 pl.pl_lwpid = lt->l_lid; 873 if (lt->l_lid == t->p_sigctx.ps_lwp) 874 pl.pl_event = PL_EVENT_SIGNAL; 875 } 876 mutex_exit(t->p_lock); 877 878 error = copyout(&pl, SCARG(uap, addr), sizeof(pl)); 879 break; 880 881 #ifdef PT_SETREGS 882 case PT_SETREGS: 883 write = 1; 884 #endif 885 #ifdef PT_GETREGS 886 case PT_GETREGS: 887 /* write = 0 done above. */ 888 #endif 889 #if defined(PT_SETREGS) || defined(PT_GETREGS) 890 tmp = SCARG(uap, data); 891 if (tmp != 0 && t->p_nlwps > 1) { 892 lwp_delref(lt); 893 mutex_enter(t->p_lock); 894 lt = lwp_find(t, tmp); 895 if (lt == NULL) { 896 mutex_exit(t->p_lock); 897 error = ESRCH; 898 break; 899 } 900 lwp_addref(lt); 901 mutex_exit(t->p_lock); 902 } 903 if (!process_validregs(lt)) 904 error = EINVAL; 905 else { 906 error = proc_vmspace_getref(l->l_proc, &vm); 907 if (error) 908 break; 909 iov.iov_base = SCARG(uap, addr); 910 iov.iov_len = sizeof(struct reg); 911 uio.uio_iov = &iov; 912 uio.uio_iovcnt = 1; 913 uio.uio_offset = 0; 914 uio.uio_resid = sizeof(struct reg); 915 uio.uio_rw = write ? UIO_WRITE : UIO_READ; 916 uio.uio_vmspace = vm; 917 918 error = process_doregs(l, lt, &uio); 919 uvmspace_free(vm); 920 } 921 break; 922 #endif 923 924 #ifdef PT_SETFPREGS 925 case PT_SETFPREGS: 926 write = 1; 927 #endif 928 #ifdef PT_GETFPREGS 929 case PT_GETFPREGS: 930 /* write = 0 done above. */ 931 #endif 932 #if defined(PT_SETFPREGS) || defined(PT_GETFPREGS) 933 tmp = SCARG(uap, data); 934 if (tmp != 0 && t->p_nlwps > 1) { 935 lwp_delref(lt); 936 mutex_enter(t->p_lock); 937 lt = lwp_find(t, tmp); 938 if (lt == NULL) { 939 mutex_exit(t->p_lock); 940 error = ESRCH; 941 break; 942 } 943 lwp_addref(lt); 944 mutex_exit(t->p_lock); 945 } 946 if (!process_validfpregs(lt)) 947 error = EINVAL; 948 else { 949 error = proc_vmspace_getref(l->l_proc, &vm); 950 if (error) 951 break; 952 iov.iov_base = SCARG(uap, addr); 953 iov.iov_len = sizeof(struct fpreg); 954 uio.uio_iov = &iov; 955 uio.uio_iovcnt = 1; 956 uio.uio_offset = 0; 957 uio.uio_resid = sizeof(struct fpreg); 958 uio.uio_rw = write ? UIO_WRITE : UIO_READ; 959 uio.uio_vmspace = vm; 960 961 error = process_dofpregs(l, lt, &uio); 962 uvmspace_free(vm); 963 } 964 break; 965 #endif 966 967 #ifdef __HAVE_PTRACE_MACHDEP 968 PTRACE_MACHDEP_REQUEST_CASES 969 error = ptrace_machdep_dorequest(l, lt, 970 req, SCARG(uap, addr), SCARG(uap, data)); 971 break; 972 #endif 973 } 974 975 if (pheld) { 976 mutex_exit(t->p_lock); 977 mutex_exit(proc_lock); 978 } 979 if (lt != NULL) 980 lwp_delref(lt); 981 rw_exit(&t->p_reflock); 982 983 return error; 984 } 985 986 int 987 process_doregs(struct lwp *curl /*tracer*/, 988 struct lwp *l /*traced*/, 989 struct uio *uio) 990 { 991 #if defined(PT_GETREGS) || defined(PT_SETREGS) 992 int error; 993 struct reg r; 994 char *kv; 995 int kl; 996 997 if (uio->uio_offset < 0 || uio->uio_offset > (off_t)sizeof(r)) 998 return EINVAL; 999 1000 kl = sizeof(r); 1001 kv = (char *)&r; 1002 1003 kv += uio->uio_offset; 1004 kl -= uio->uio_offset; 1005 if ((size_t)kl > uio->uio_resid) 1006 kl = uio->uio_resid; 1007 1008 error = process_read_regs(l, &r); 1009 if (error == 0) 1010 error = uiomove(kv, kl, uio); 1011 if (error == 0 && uio->uio_rw == UIO_WRITE) { 1012 if (l->l_stat != LSSTOP) 1013 error = EBUSY; 1014 else 1015 error = process_write_regs(l, &r); 1016 } 1017 1018 uio->uio_offset = 0; 1019 return (error); 1020 #else 1021 return (EINVAL); 1022 #endif 1023 } 1024 1025 int 1026 process_validregs(struct lwp *l) 1027 { 1028 1029 #if defined(PT_SETREGS) || defined(PT_GETREGS) 1030 return ((l->l_flag & LW_SYSTEM) == 0); 1031 #else 1032 return (0); 1033 #endif 1034 } 1035 1036 int 1037 process_dofpregs(struct lwp *curl /*tracer*/, 1038 struct lwp *l /*traced*/, 1039 struct uio *uio) 1040 { 1041 #if defined(PT_GETFPREGS) || defined(PT_SETFPREGS) 1042 int error; 1043 struct fpreg r; 1044 char *kv; 1045 size_t kl; 1046 1047 if (uio->uio_offset < 0 || uio->uio_offset > (off_t)sizeof(r)) 1048 return EINVAL; 1049 1050 kl = sizeof(r); 1051 kv = (char *)&r; 1052 1053 kv += uio->uio_offset; 1054 kl -= uio->uio_offset; 1055 if (kl > uio->uio_resid) 1056 kl = uio->uio_resid; 1057 1058 error = process_read_fpregs(l, &r, &kl); 1059 if (error == 0) 1060 error = uiomove(kv, kl, uio); 1061 if (error == 0 && uio->uio_rw == UIO_WRITE) { 1062 if (l->l_stat != LSSTOP) 1063 error = EBUSY; 1064 else 1065 error = process_write_fpregs(l, &r, kl); 1066 } 1067 uio->uio_offset = 0; 1068 return (error); 1069 #else 1070 return (EINVAL); 1071 #endif 1072 } 1073 1074 int 1075 process_validfpregs(struct lwp *l) 1076 { 1077 1078 #if defined(PT_SETFPREGS) || defined(PT_GETFPREGS) 1079 return ((l->l_flag & LW_SYSTEM) == 0); 1080 #else 1081 return (0); 1082 #endif 1083 } 1084 #endif /* PTRACE */ 1085 1086 #if defined(KTRACE) || defined(PTRACE) 1087 int 1088 process_domem(struct lwp *curl /*tracer*/, 1089 struct lwp *l /*traced*/, 1090 struct uio *uio) 1091 { 1092 struct proc *p = l->l_proc; /* traced */ 1093 struct vmspace *vm; 1094 int error; 1095 1096 size_t len; 1097 #ifdef PMAP_NEED_PROCWR 1098 vaddr_t addr; 1099 #endif 1100 1101 error = 0; 1102 len = uio->uio_resid; 1103 1104 if (len == 0) 1105 return (0); 1106 1107 #ifdef PMAP_NEED_PROCWR 1108 addr = uio->uio_offset; 1109 #endif 1110 1111 vm = p->p_vmspace; 1112 1113 mutex_enter(&vm->vm_map.misc_lock); 1114 if ((l->l_flag & LW_WEXIT) || vm->vm_refcnt < 1) 1115 error = EFAULT; 1116 if (error == 0) 1117 p->p_vmspace->vm_refcnt++; /* XXX */ 1118 mutex_exit(&vm->vm_map.misc_lock); 1119 if (error != 0) 1120 return (error); 1121 error = uvm_io(&vm->vm_map, uio); 1122 uvmspace_free(vm); 1123 1124 #ifdef PMAP_NEED_PROCWR 1125 if (error == 0 && uio->uio_rw == UIO_WRITE) 1126 pmap_procwr(p, addr, len); 1127 #endif 1128 return (error); 1129 } 1130 #endif /* KTRACE || PTRACE */ 1131 1132 #if defined(KTRACE) || defined(PTRACE) 1133 void 1134 process_stoptrace(void) 1135 { 1136 struct lwp *l = curlwp; 1137 struct proc *p = l->l_proc, *pp; 1138 1139 mutex_enter(proc_lock); 1140 mutex_enter(p->p_lock); 1141 pp = p->p_pptr; 1142 if (pp->p_pid == 1) { 1143 CLR(p->p_slflag, PSL_SYSCALL); /* XXXSMP */ 1144 mutex_exit(p->p_lock); 1145 mutex_exit(proc_lock); 1146 return; 1147 } 1148 1149 p->p_xstat = SIGTRAP; 1150 proc_stop(p, 1, SIGSTOP); 1151 mutex_exit(proc_lock); 1152 1153 if (sigispending(l, 0)) { 1154 lwp_lock(l); 1155 l->l_flag |= LW_PENDSIG; 1156 lwp_unlock(l); 1157 } 1158 mutex_exit(p->p_lock); 1159 } 1160 #endif /* KTRACE || PTRACE */ 1161 1162 #ifdef PTRACE 1163 static int 1164 process_auxv_offset(struct proc *p, struct uio *uio) 1165 { 1166 struct ps_strings pss; 1167 int error; 1168 off_t off = (off_t)p->p_psstrp; 1169 1170 if ((error = copyin_psstrings(p, &pss)) != 0) 1171 return error; 1172 1173 if (pss.ps_envstr == NULL) 1174 return EIO; 1175 1176 uio->uio_offset += (off_t)(vaddr_t)(pss.ps_envstr + pss.ps_nenvstr + 1); 1177 #ifdef __MACHINE_STACK_GROWS_UP 1178 if (uio->uio_offset < off) 1179 return EIO; 1180 #else 1181 if (uio->uio_offset > off) 1182 return EIO; 1183 if ((uio->uio_offset + uio->uio_resid) > off) 1184 uio->uio_resid = off - uio->uio_offset; 1185 #endif 1186 return 0; 1187 } 1188 #endif 1189