1 /* $NetBSD: sys_process.c,v 1.78 2003/01/18 10:06:34 thorpej Exp $ */ 2 3 /*- 4 * Copyright (c) 1993 Jan-Simon Pendry. 5 * Copyright (c) 1994 Christopher G. Demetriou. All rights reserved. 6 * Copyright (c) 1982, 1986, 1989, 1993 7 * The Regents of the University of California. All rights reserved. 8 * (c) UNIX System Laboratories, Inc. 9 * All or some portions of this file are derived from material licensed 10 * to the University of California by American Telephone and Telegraph 11 * Co. or Unix System Laboratories, Inc. and are reproduced herein with 12 * the permission of UNIX System Laboratories, Inc. 13 * 14 * This code is derived from software contributed to Berkeley by 15 * Jan-Simon Pendry. 16 * 17 * Redistribution and use in source and binary forms, with or without 18 * modification, are permitted provided that the following conditions 19 * are met: 20 * 1. Redistributions of source code must retain the above copyright 21 * notice, this list of conditions and the following disclaimer. 22 * 2. Redistributions in binary form must reproduce the above copyright 23 * notice, this list of conditions and the following disclaimer in the 24 * documentation and/or other materials provided with the distribution. 25 * 3. All advertising materials mentioning features or use of this software 26 * must display the following acknowledgement: 27 * This product includes software developed by the University of 28 * California, Berkeley and its contributors. 29 * 4. Neither the name of the University nor the names of its contributors 30 * may be used to endorse or promote products derived from this software 31 * without specific prior written permission. 32 * 33 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 34 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 35 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 36 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 37 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 38 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 39 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 40 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 41 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 42 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 43 * SUCH DAMAGE. 44 * 45 * from: @(#)sys_process.c 8.1 (Berkeley) 6/10/93 46 */ 47 48 /* 49 * References: 50 * (1) Bach's "The Design of the UNIX Operating System", 51 * (2) sys/miscfs/procfs from UCB's 4.4BSD-Lite distribution, 52 * (3) the "4.4BSD Programmer's Reference Manual" published 53 * by USENIX and O'Reilly & Associates. 54 * The 4.4BSD PRM does a reasonably good job of documenting what the various 55 * ptrace() requests should actually do, and its text is quoted several times 56 * in this file. 57 */ 58 59 #include <sys/cdefs.h> 60 __KERNEL_RCSID(0, "$NetBSD: sys_process.c,v 1.78 2003/01/18 10:06:34 thorpej Exp $"); 61 62 #include <sys/param.h> 63 #include <sys/systm.h> 64 #include <sys/proc.h> 65 #include <sys/errno.h> 66 #include <sys/ptrace.h> 67 #include <sys/uio.h> 68 #include <sys/user.h> 69 #include <sys/ras.h> 70 71 #include <sys/mount.h> 72 #include <sys/sa.h> 73 #include <sys/syscallargs.h> 74 75 #include <uvm/uvm_extern.h> 76 77 #include <machine/reg.h> 78 79 /* Macros to clear/set/test flags. */ 80 #define SET(t, f) (t) |= (f) 81 #define CLR(t, f) (t) &= ~(f) 82 #define ISSET(t, f) ((t) & (f)) 83 84 /* 85 * Process debugging system call. 86 */ 87 int 88 sys_ptrace(l, v, retval) 89 struct lwp *l; 90 void *v; 91 register_t *retval; 92 { 93 struct sys_ptrace_args /* { 94 syscallarg(int) req; 95 syscallarg(pid_t) pid; 96 syscallarg(caddr_t) addr; 97 syscallarg(int) data; 98 } */ *uap = v; 99 struct proc *p = l->l_proc; 100 struct lwp *lt; 101 struct proc *t; /* target process */ 102 struct uio uio; 103 struct iovec iov; 104 struct ptrace_io_desc piod; 105 int s, error, write, tmp; 106 107 /* "A foolish consistency..." XXX */ 108 if (SCARG(uap, req) == PT_TRACE_ME) 109 t = p; 110 else { 111 112 /* Find the process we're supposed to be operating on. */ 113 if ((t = pfind(SCARG(uap, pid))) == NULL) 114 return (ESRCH); 115 } 116 117 /* Can't trace a process that's currently exec'ing. */ 118 if ((t->p_flag & P_INEXEC) != 0) 119 return EAGAIN; 120 121 /* Make sure we can operate on it. */ 122 switch (SCARG(uap, req)) { 123 case PT_TRACE_ME: 124 /* Saying that you're being traced is always legal. */ 125 break; 126 127 case PT_ATTACH: 128 /* 129 * You can't attach to a process if: 130 * (1) it's the process that's doing the attaching, 131 */ 132 if (t->p_pid == p->p_pid) 133 return (EINVAL); 134 135 /* 136 * (2) it's a system process 137 */ 138 if (t->p_flag & P_SYSTEM) 139 return (EPERM); 140 141 /* 142 * (3) it's already being traced, or 143 */ 144 if (ISSET(t->p_flag, P_TRACED)) 145 return (EBUSY); 146 147 /* 148 * (4) it's not owned by you, or is set-id on exec 149 * (unless you're root), or... 150 */ 151 if ((t->p_cred->p_ruid != p->p_cred->p_ruid || 152 ISSET(t->p_flag, P_SUGID)) && 153 (error = suser(p->p_ucred, &p->p_acflag)) != 0) 154 return (error); 155 156 /* 157 * (5) ...it's init, which controls the security level 158 * of the entire system, and the system was not 159 * compiled with permanently insecure mode turned on 160 */ 161 if (t == initproc && securelevel > -1) 162 return (EPERM); 163 164 /* 165 * (6) the tracer is chrooted, and its root directory is 166 * not at or above the root directory of the tracee 167 */ 168 169 if (!proc_isunder(t, p)) 170 return EPERM; 171 break; 172 173 case PT_READ_I: 174 case PT_READ_D: 175 case PT_WRITE_I: 176 case PT_WRITE_D: 177 case PT_CONTINUE: 178 case PT_IO: 179 case PT_KILL: 180 case PT_DETACH: 181 #ifdef PT_STEP 182 case PT_STEP: 183 #endif 184 #ifdef PT_GETREGS 185 case PT_GETREGS: 186 #endif 187 #ifdef PT_SETREGS 188 case PT_SETREGS: 189 #endif 190 #ifdef PT_GETFPREGS 191 case PT_GETFPREGS: 192 #endif 193 #ifdef PT_SETFPREGS 194 case PT_SETFPREGS: 195 #endif 196 197 #ifdef __HAVE_PTRACE_MACHDEP 198 PTRACE_MACHDEP_REQUEST_CASES 199 #endif 200 201 /* 202 * You can't do what you want to the process if: 203 * (1) It's not being traced at all, 204 */ 205 if (!ISSET(t->p_flag, P_TRACED)) 206 return (EPERM); 207 208 /* 209 * (2) it's being traced by procfs (which has 210 * different signal delivery semantics), 211 */ 212 if (ISSET(t->p_flag, P_FSTRACE)) 213 return (EBUSY); 214 215 /* 216 * (3) it's not being traced by _you_, or 217 */ 218 if (t->p_pptr != p) 219 return (EBUSY); 220 221 /* 222 * (4) it's not currently stopped. 223 */ 224 if (t->p_stat != SSTOP || !ISSET(t->p_flag, P_WAITED)) 225 return (EBUSY); 226 break; 227 228 default: /* It was not a legal request. */ 229 return (EINVAL); 230 } 231 232 /* Do single-step fixup if needed. */ 233 FIX_SSTEP(t); 234 235 /* 236 * XXX NJWLWP 237 * 238 * The entire ptrace interface needs work to be useful to a 239 * process with multiple LWPs. For the moment, we'll kluge 240 * this; memory access will be fine, but register access will 241 * be weird. 242 */ 243 244 lt = proc_representative_lwp(t); 245 246 /* Now do the operation. */ 247 write = 0; 248 *retval = 0; 249 tmp = 0; 250 251 switch (SCARG(uap, req)) { 252 case PT_TRACE_ME: 253 /* Just set the trace flag. */ 254 SET(t->p_flag, P_TRACED); 255 t->p_opptr = t->p_pptr; 256 return (0); 257 258 case PT_WRITE_I: /* XXX no separate I and D spaces */ 259 case PT_WRITE_D: 260 #if defined(__HAVE_RAS) 261 /* 262 * Can't write to a RAS 263 */ 264 if ((t->p_nras != 0) && 265 (ras_lookup(t, SCARG(uap, addr)) != (caddr_t)-1)) { 266 return (EACCES); 267 } 268 #endif 269 write = 1; 270 tmp = SCARG(uap, data); 271 case PT_READ_I: /* XXX no separate I and D spaces */ 272 case PT_READ_D: 273 /* write = 0 done above. */ 274 iov.iov_base = (caddr_t)&tmp; 275 iov.iov_len = sizeof(tmp); 276 uio.uio_iov = &iov; 277 uio.uio_iovcnt = 1; 278 uio.uio_offset = (off_t)(long)SCARG(uap, addr); 279 uio.uio_resid = sizeof(tmp); 280 uio.uio_segflg = UIO_SYSSPACE; 281 uio.uio_rw = write ? UIO_WRITE : UIO_READ; 282 uio.uio_procp = p; 283 error = process_domem(p, t, &uio); 284 if (!write) 285 *retval = tmp; 286 return (error); 287 288 case PT_IO: 289 error = copyin(SCARG(uap, addr), &piod, sizeof(piod)); 290 if (error) 291 return (error); 292 iov.iov_base = piod.piod_addr; 293 iov.iov_len = piod.piod_len; 294 uio.uio_iov = &iov; 295 uio.uio_iovcnt = 1; 296 uio.uio_offset = (off_t)(long)piod.piod_offs; 297 uio.uio_resid = piod.piod_len; 298 uio.uio_segflg = UIO_USERSPACE; 299 uio.uio_procp = p; 300 switch (piod.piod_op) { 301 case PIOD_READ_D: 302 case PIOD_READ_I: 303 uio.uio_rw = UIO_READ; 304 break; 305 case PIOD_WRITE_D: 306 case PIOD_WRITE_I: 307 uio.uio_rw = UIO_WRITE; 308 break; 309 default: 310 return (EINVAL); 311 } 312 error = process_domem(p, t, &uio); 313 piod.piod_len -= uio.uio_resid; 314 (void) copyout(&piod, SCARG(uap, addr), sizeof(piod)); 315 return (error); 316 317 #ifdef PT_STEP 318 case PT_STEP: 319 /* 320 * From the 4.4BSD PRM: 321 * "Execution continues as in request PT_CONTINUE; however 322 * as soon as possible after execution of at least one 323 * instruction, execution stops again. [ ... ]" 324 */ 325 #endif 326 case PT_CONTINUE: 327 case PT_DETACH: 328 /* 329 * From the 4.4BSD PRM: 330 * "The data argument is taken as a signal number and the 331 * child's execution continues at location addr as if it 332 * incurred that signal. Normally the signal number will 333 * be either 0 to indicate that the signal that caused the 334 * stop should be ignored, or that value fetched out of 335 * the process's image indicating which signal caused 336 * the stop. If addr is (int *)1 then execution continues 337 * from where it stopped." 338 */ 339 340 /* Check that the data is a valid signal number or zero. */ 341 if (SCARG(uap, data) < 0 || SCARG(uap, data) >= NSIG) 342 return (EINVAL); 343 344 PHOLD(lt); 345 346 /* If the address parameter is not (int *)1, set the pc. */ 347 if ((int *)SCARG(uap, addr) != (int *)1) 348 if ((error = process_set_pc(lt, SCARG(uap, addr))) != 0) 349 goto relebad; 350 351 #ifdef PT_STEP 352 /* 353 * Arrange for a single-step, if that's requested and possible. 354 */ 355 error = process_sstep(lt, SCARG(uap, req) == PT_STEP); 356 if (error) 357 goto relebad; 358 #endif 359 360 PRELE(lt); 361 362 if (SCARG(uap, req) == PT_DETACH) { 363 /* give process back to original parent or init */ 364 if (t->p_opptr != t->p_pptr) { 365 struct proc *pp = t->p_opptr; 366 proc_reparent(t, pp ? pp : initproc); 367 } 368 369 /* not being traced any more */ 370 t->p_opptr = NULL; 371 CLR(t->p_flag, P_TRACED|P_WAITED); 372 } 373 374 sendsig: 375 /* Finally, deliver the requested signal (or none). */ 376 if (t->p_stat == SSTOP) { 377 t->p_xstat = SCARG(uap, data); 378 SCHED_LOCK(s); 379 setrunnable(proc_unstop(t)); 380 SCHED_UNLOCK(s); 381 } else { 382 if (SCARG(uap, data) != 0) 383 psignal(t, SCARG(uap, data)); 384 } 385 return (0); 386 387 relebad: 388 PRELE(lt); 389 return (error); 390 391 case PT_KILL: 392 /* just send the process a KILL signal. */ 393 SCARG(uap, data) = SIGKILL; 394 goto sendsig; /* in PT_CONTINUE, above. */ 395 396 case PT_ATTACH: 397 /* 398 * Go ahead and set the trace flag. 399 * Save the old parent (it's reset in 400 * _DETACH, and also in kern_exit.c:wait4() 401 * Reparent the process so that the tracing 402 * proc gets to see all the action. 403 * Stop the target. 404 */ 405 SET(t->p_flag, P_TRACED); 406 t->p_opptr = t->p_pptr; 407 if (t->p_pptr != p) { 408 t->p_pptr->p_flag |= P_CHTRACED; 409 proc_reparent(t, p); 410 } 411 SCARG(uap, data) = SIGSTOP; 412 goto sendsig; 413 414 #ifdef PT_SETREGS 415 case PT_SETREGS: 416 write = 1; 417 #endif 418 #ifdef PT_GETREGS 419 case PT_GETREGS: 420 /* write = 0 done above. */ 421 #endif 422 #if defined(PT_SETREGS) || defined(PT_GETREGS) 423 tmp = SCARG(uap, data); 424 if (tmp != 0 && t->p_nlwps > 1) { 425 LIST_FOREACH(lt, &t->p_lwps, l_sibling) 426 if (lt->l_lid == tmp) 427 break; 428 if (lt == NULL) 429 return (ESRCH); 430 } 431 if (!process_validregs(t)) 432 return (EINVAL); 433 else { 434 iov.iov_base = SCARG(uap, addr); 435 iov.iov_len = sizeof(struct reg); 436 uio.uio_iov = &iov; 437 uio.uio_iovcnt = 1; 438 uio.uio_offset = 0; 439 uio.uio_resid = sizeof(struct reg); 440 uio.uio_segflg = UIO_USERSPACE; 441 uio.uio_rw = write ? UIO_WRITE : UIO_READ; 442 uio.uio_procp = p; 443 return (process_doregs(p, lt, &uio)); 444 } 445 #endif 446 447 #ifdef PT_SETFPREGS 448 case PT_SETFPREGS: 449 write = 1; 450 #endif 451 #ifdef PT_GETFPREGS 452 case PT_GETFPREGS: 453 /* write = 0 done above. */ 454 #endif 455 #if defined(PT_SETFPREGS) || defined(PT_GETFPREGS) 456 tmp = SCARG(uap, data); 457 if (tmp != 0 && t->p_nlwps > 1) { 458 LIST_FOREACH(lt, &t->p_lwps, l_sibling) 459 if (lt->l_lid == tmp) 460 break; 461 if (lt == NULL) 462 return (ESRCH); 463 } 464 if (!process_validfpregs(t)) 465 return (EINVAL); 466 else { 467 iov.iov_base = SCARG(uap, addr); 468 iov.iov_len = sizeof(struct fpreg); 469 uio.uio_iov = &iov; 470 uio.uio_iovcnt = 1; 471 uio.uio_offset = 0; 472 uio.uio_resid = sizeof(struct fpreg); 473 uio.uio_segflg = UIO_USERSPACE; 474 uio.uio_rw = write ? UIO_WRITE : UIO_READ; 475 uio.uio_procp = p; 476 return (process_dofpregs(p, lt, &uio)); 477 } 478 #endif 479 480 #ifdef __HAVE_PTRACE_MACHDEP 481 PTRACE_MACHDEP_REQUEST_CASES 482 return (ptrace_machdep_dorequest(p, lt, 483 SCARG(uap, req), SCARG(uap, addr), 484 SCARG(uap, data))); 485 #endif 486 } 487 488 #ifdef DIAGNOSTIC 489 panic("ptrace: impossible"); 490 #endif 491 return 0; 492 } 493 494 int 495 process_doregs(curp, l, uio) 496 struct proc *curp; /* tracer */ 497 struct lwp *l; /* traced */ 498 struct uio *uio; 499 { 500 #if defined(PT_GETREGS) || defined(PT_SETREGS) 501 int error; 502 struct reg r; 503 char *kv; 504 int kl; 505 506 if ((error = process_checkioperm(curp, l->l_proc)) != 0) 507 return error; 508 509 kl = sizeof(r); 510 kv = (char *) &r; 511 512 kv += uio->uio_offset; 513 kl -= uio->uio_offset; 514 if (kl < 0) 515 return (EINVAL); 516 if ((size_t) kl > uio->uio_resid) 517 kl = uio->uio_resid; 518 519 PHOLD(l); 520 521 error = process_read_regs(l, &r); 522 if (error == 0) 523 error = uiomove(kv, kl, uio); 524 if (error == 0 && uio->uio_rw == UIO_WRITE) { 525 if (l->l_stat != LSSTOP) 526 error = EBUSY; 527 else 528 error = process_write_regs(l, &r); 529 } 530 531 PRELE(l); 532 533 uio->uio_offset = 0; 534 return (error); 535 #else 536 return (EINVAL); 537 #endif 538 } 539 540 int 541 process_validregs(p) 542 struct proc *p; 543 { 544 545 #if defined(PT_SETREGS) || defined(PT_GETREGS) 546 return ((p->p_flag & P_SYSTEM) == 0); 547 #else 548 return (0); 549 #endif 550 } 551 552 int 553 process_dofpregs(curp, l, uio) 554 struct proc *curp; /* tracer */ 555 struct lwp *l; /* traced */ 556 struct uio *uio; 557 { 558 #if defined(PT_GETFPREGS) || defined(PT_SETFPREGS) 559 int error; 560 struct fpreg r; 561 char *kv; 562 int kl; 563 564 if ((error = process_checkioperm(curp, l->l_proc)) != 0) 565 return (error); 566 567 kl = sizeof(r); 568 kv = (char *) &r; 569 570 kv += uio->uio_offset; 571 kl -= uio->uio_offset; 572 if (kl < 0) 573 return (EINVAL); 574 if ((size_t) kl > uio->uio_resid) 575 kl = uio->uio_resid; 576 577 PHOLD(l); 578 579 error = process_read_fpregs(l, &r); 580 if (error == 0) 581 error = uiomove(kv, kl, uio); 582 if (error == 0 && uio->uio_rw == UIO_WRITE) { 583 if (l->l_stat != LSSTOP) 584 error = EBUSY; 585 else 586 error = process_write_fpregs(l, &r); 587 } 588 589 PRELE(l); 590 591 uio->uio_offset = 0; 592 return (error); 593 #else 594 return (EINVAL); 595 #endif 596 } 597 598 int 599 process_validfpregs(p) 600 struct proc *p; 601 { 602 603 #if defined(PT_SETFPREGS) || defined(PT_GETFPREGS) 604 return ((p->p_flag & P_SYSTEM) == 0); 605 #else 606 return (0); 607 #endif 608 } 609 610 int 611 process_domem(curp, p, uio) 612 struct proc *curp; /* tracer */ 613 struct proc *p; /* traced */ 614 struct uio *uio; 615 { 616 int error; 617 618 size_t len; 619 #ifdef PMAP_NEED_PROCWR 620 vaddr_t addr; 621 #endif 622 623 len = uio->uio_resid; 624 625 if (len == 0) 626 return (0); 627 628 #ifdef PMAP_NEED_PROCWR 629 addr = uio->uio_offset; 630 #endif 631 632 if ((error = process_checkioperm(curp, p)) != 0) 633 return (error); 634 635 /* XXXCDC: how should locking work here? */ 636 if ((p->p_flag & P_WEXIT) || (p->p_vmspace->vm_refcnt < 1)) 637 return(EFAULT); 638 p->p_vmspace->vm_refcnt++; /* XXX */ 639 error = uvm_io(&p->p_vmspace->vm_map, uio); 640 uvmspace_free(p->p_vmspace); 641 642 #ifdef PMAP_NEED_PROCWR 643 if (uio->uio_rw == UIO_WRITE) 644 pmap_procwr(p, addr, len); 645 #endif 646 return (error); 647 } 648 649 /* 650 * Ensure that a process has permission to perform I/O on another. 651 * Arguments: 652 * p The process wishing to do the I/O (the tracer). 653 * t The process who's memory/registers will be read/written. 654 */ 655 int 656 process_checkioperm(p, t) 657 struct proc *p, *t; 658 { 659 int error; 660 661 /* 662 * You cannot attach to a processes mem/regs if: 663 * 664 * (1) It is currently exec'ing 665 */ 666 if (ISSET(t->p_flag, P_INEXEC)) 667 return (EAGAIN); 668 669 /* 670 * (2) it's not owned by you, or is set-id on exec 671 * (unless you're root), or... 672 */ 673 if ((t->p_cred->p_ruid != p->p_cred->p_ruid || 674 ISSET(t->p_flag, P_SUGID)) && 675 (error = suser(p->p_ucred, &p->p_acflag)) != 0) 676 return (error); 677 678 /* 679 * (3) ...it's init, which controls the security level 680 * of the entire system, and the system was not 681 * compiled with permanetly insecure mode turned on. 682 */ 683 if (t == initproc && securelevel > -1) 684 return (EPERM); 685 686 /* 687 * (4) the tracer is chrooted, and its root directory is 688 * not at or above the root directory of the tracee 689 */ 690 if (!proc_isunder(t, p)) 691 return (EPERM); 692 693 return (0); 694 } 695