1 /* $NetBSD: sys_ptrace_common.c,v 1.96 2025/01/11 19:42:04 christos Exp $ */ 2 3 /*- 4 * Copyright (c) 2008, 2009 The NetBSD Foundation, Inc. 5 * All rights reserved. 6 * 7 * This code is derived from software contributed to The NetBSD Foundation 8 * by Andrew Doran. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 20 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 21 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 22 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 23 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 24 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 25 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 26 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 27 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 28 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 29 * POSSIBILITY OF SUCH DAMAGE. 30 */ 31 32 /*- 33 * Copyright (c) 1982, 1986, 1989, 1993 34 * The Regents of the University of California. All rights reserved. 35 * (c) UNIX System Laboratories, Inc. 36 * All or some portions of this file are derived from material licensed 37 * to the University of California by American Telephone and Telegraph 38 * Co. or Unix System Laboratories, Inc. and are reproduced herein with 39 * the permission of UNIX System Laboratories, Inc. 40 * 41 * This code is derived from software contributed to Berkeley by 42 * Jan-Simon Pendry. 43 * 44 * Redistribution and use in source and binary forms, with or without 45 * modification, are permitted provided that the following conditions 46 * are met: 47 * 1. Redistributions of source code must retain the above copyright 48 * notice, this list of conditions and the following disclaimer. 49 * 2. Redistributions in binary form must reproduce the above copyright 50 * notice, this list of conditions and the following disclaimer in the 51 * documentation and/or other materials provided with the distribution. 52 * 3. Neither the name of the University nor the names of its contributors 53 * may be used to endorse or promote products derived from this software 54 * without specific prior written permission. 55 * 56 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 57 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 58 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 59 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 60 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 61 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 62 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 63 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 64 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 65 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 66 * SUCH DAMAGE. 67 * 68 * from: @(#)sys_process.c 8.1 (Berkeley) 6/10/93 69 */ 70 71 /*- 72 * Copyright (c) 1993 Jan-Simon Pendry. 73 * Copyright (c) 1994 Christopher G. Demetriou. All rights reserved. 74 * 75 * This code is derived from software contributed to Berkeley by 76 * Jan-Simon Pendry. 77 * 78 * Redistribution and use in source and binary forms, with or without 79 * modification, are permitted provided that the following conditions 80 * are met: 81 * 1. Redistributions of source code must retain the above copyright 82 * notice, this list of conditions and the following disclaimer. 83 * 2. Redistributions in binary form must reproduce the above copyright 84 * notice, this list of conditions and the following disclaimer in the 85 * documentation and/or other materials provided with the distribution. 86 * 3. All advertising materials mentioning features or use of this software 87 * must display the following acknowledgement: 88 * This product includes software developed by the University of 89 * California, Berkeley and its contributors. 90 * 4. Neither the name of the University nor the names of its contributors 91 * may be used to endorse or promote products derived from this software 92 * without specific prior written permission. 93 * 94 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 95 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 96 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 97 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 98 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 99 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 100 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 101 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 102 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 103 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 104 * SUCH DAMAGE. 105 * 106 * from: @(#)sys_process.c 8.1 (Berkeley) 6/10/93 107 */ 108 109 #include <sys/cdefs.h> 110 __KERNEL_RCSID(0, "$NetBSD: sys_ptrace_common.c,v 1.96 2025/01/11 19:42:04 christos Exp $"); 111 112 #ifdef _KERNEL_OPT 113 #include "opt_ptrace.h" 114 #include "opt_ktrace.h" 115 #include "opt_pax.h" 116 #include "opt_compat_netbsd32.h" 117 #endif 118 119 #if defined(__HAVE_COMPAT_NETBSD32) && !defined(COMPAT_NETBSD32) \ 120 && !defined(_RUMPKERNEL) 121 #define COMPAT_NETBSD32 122 #endif 123 124 #include <sys/param.h> 125 #include <sys/systm.h> 126 #include <sys/proc.h> 127 #include <sys/errno.h> 128 #include <sys/exec.h> 129 #include <sys/pax.h> 130 #include <sys/ptrace.h> 131 #include <sys/uio.h> 132 #include <sys/ras.h> 133 #include <sys/kmem.h> 134 #include <sys/kauth.h> 135 #include <sys/mount.h> 136 #include <sys/syscallargs.h> 137 #include <sys/module.h> 138 #include <sys/condvar.h> 139 #include <sys/mutex.h> 140 #include <sys/compat_stub.h> 141 142 #include <uvm/uvm_extern.h> 143 144 #include <machine/reg.h> 145 146 #ifdef PTRACE_DEBUG 147 # define DPRINTF(a) uprintf a 148 static const char *pt_strings[] = { PT_STRINGS }; 149 #else 150 # define DPRINTF(a) 151 #endif 152 153 static kauth_listener_t ptrace_listener; 154 static int process_auxv_offset(struct proc *, struct uio *); 155 156 extern int user_va0_disable; 157 158 #if 0 159 static int ptrace_cbref; 160 static kmutex_t ptrace_mtx; 161 static kcondvar_t ptrace_cv; 162 #endif 163 164 #ifdef PT_GETREGS 165 # define case_PT_GETREGS case PT_GETREGS: 166 #else 167 # define case_PT_GETREGS 168 #endif 169 170 #ifdef PT_SETREGS 171 # define case_PT_SETREGS case PT_SETREGS: 172 #else 173 # define case_PT_SETREGS 174 #endif 175 176 #ifdef PT_GETFPREGS 177 # define case_PT_GETFPREGS case PT_GETFPREGS: 178 #else 179 # define case_PT_GETFPREGS 180 #endif 181 182 #ifdef PT_SETFPREGS 183 # define case_PT_SETFPREGS case PT_SETFPREGS: 184 #else 185 # define case_PT_SETFPREGS 186 #endif 187 188 #ifdef PT_GETDBREGS 189 # define case_PT_GETDBREGS case PT_GETDBREGS: 190 #else 191 # define case_PT_GETDBREGS 192 #endif 193 194 #ifdef PT_SETDBREGS 195 # define case_PT_SETDBREGS case PT_SETDBREGS: 196 #else 197 # define case_PT_SETDBREGS 198 #endif 199 200 static int 201 ptrace_listener_cb(kauth_cred_t cred, kauth_action_t action, void *cookie, 202 void *arg0, void *arg1, void *arg2, void *arg3) 203 { 204 struct proc *p; 205 int result; 206 #ifdef PT_SETDBREGS 207 extern int user_set_dbregs; 208 #endif 209 210 result = KAUTH_RESULT_DEFER; 211 p = arg0; 212 213 #if 0 214 mutex_enter(&ptrace_mtx); 215 ptrace_cbref++; 216 mutex_exit(&ptrace_mtx); 217 #endif 218 if (action != KAUTH_PROCESS_PTRACE) 219 goto out; 220 221 switch ((u_long)arg1) { 222 #ifdef PT_SETDBREGS 223 case_PT_SETDBREGS 224 if (kauth_cred_getuid(cred) != 0 && user_set_dbregs == 0) { 225 result = KAUTH_RESULT_DENY; 226 break; 227 } 228 #endif 229 /* FALLTHROUGH */ 230 case PT_TRACE_ME: 231 case PT_ATTACH: 232 case PT_WRITE_I: 233 case PT_WRITE_D: 234 case PT_READ_I: 235 case PT_READ_D: 236 case PT_IO: 237 case_PT_GETREGS 238 case_PT_SETREGS 239 case_PT_GETFPREGS 240 case_PT_SETFPREGS 241 case_PT_GETDBREGS 242 case PT_SET_EVENT_MASK: 243 case PT_GET_EVENT_MASK: 244 case PT_GET_PROCESS_STATE: 245 case PT_SET_SIGINFO: 246 case PT_GET_SIGINFO: 247 #ifdef __HAVE_PTRACE_MACHDEP 248 PTRACE_MACHDEP_REQUEST_CASES 249 #endif 250 if (kauth_cred_getuid(cred) != kauth_cred_getuid(p->p_cred) || 251 ISSET(p->p_flag, PK_SUGID)) { 252 break; 253 } 254 255 result = KAUTH_RESULT_ALLOW; 256 257 break; 258 259 #ifdef PT_STEP 260 case PT_STEP: 261 case PT_SETSTEP: 262 case PT_CLEARSTEP: 263 #endif 264 case PT_CONTINUE: 265 case PT_KILL: 266 case PT_DETACH: 267 case PT_LWPINFO: 268 case PT_SYSCALL: 269 case PT_SYSCALLEMU: 270 case PT_DUMPCORE: 271 case PT_RESUME: 272 case PT_SUSPEND: 273 case PT_STOP: 274 case PT_LWPSTATUS: 275 case PT_LWPNEXT: 276 case PT_SET_SIGPASS: 277 case PT_GET_SIGPASS: 278 result = KAUTH_RESULT_ALLOW; 279 break; 280 281 default: 282 break; 283 } 284 285 out: 286 #if 0 287 mutex_enter(&ptrace_mtx); 288 if (--ptrace_cbref == 0) 289 cv_broadcast(&ptrace_cv); 290 mutex_exit(&ptrace_mtx); 291 #endif 292 293 return result; 294 } 295 296 static struct proc * 297 ptrace_find(struct lwp *l, int req, pid_t pid) 298 { 299 struct proc *t; 300 301 /* "A foolish consistency..." XXX */ 302 if (req == PT_TRACE_ME) { 303 t = l->l_proc; 304 mutex_enter(t->p_lock); 305 return t; 306 } 307 308 /* Find the process we're supposed to be operating on. */ 309 t = proc_find(pid); 310 if (t == NULL) 311 return NULL; 312 313 /* XXX-elad */ 314 mutex_enter(t->p_lock); 315 int error = kauth_authorize_process(l->l_cred, KAUTH_PROCESS_CANSEE, 316 t, KAUTH_ARG(KAUTH_REQ_PROCESS_CANSEE_ENTRY), NULL, NULL); 317 if (error) { 318 mutex_exit(t->p_lock); 319 return NULL; 320 } 321 return t; 322 } 323 324 static int 325 ptrace_allowed(struct lwp *l, int req, struct proc *t, struct proc *p, 326 bool *locked) 327 { 328 *locked = false; 329 330 /* 331 * Grab a reference on the process to prevent it from execing or 332 * exiting. 333 */ 334 if (!rw_tryenter(&t->p_reflock, RW_READER)) 335 return EBUSY; 336 337 *locked = true; 338 339 /* Make sure we can operate on it. */ 340 switch (req) { 341 case PT_TRACE_ME: 342 /* 343 * You can't say to the parent of a process to start tracing if: 344 * (1) the parent is initproc, 345 */ 346 if (p->p_pptr == initproc) 347 return EPERM; 348 349 /* 350 * (2) the process is initproc, or 351 */ 352 if (p == initproc) 353 return EPERM; 354 355 /* 356 * (3) the child is already traced. 357 */ 358 if (ISSET(p->p_slflag, PSL_TRACED)) 359 return EBUSY; 360 361 return 0; 362 363 case PT_ATTACH: 364 /* 365 * You can't attach to a process if: 366 * (1) it's the process that's doing the attaching, 367 */ 368 if (t == p) 369 return EINVAL; 370 371 /* 372 * (2) it's a system process, 373 */ 374 if (t->p_flag & PK_SYSTEM) 375 return EPERM; 376 377 /* 378 * (3) the tracer is initproc, 379 */ 380 if (p == initproc) 381 return EPERM; 382 383 /* 384 * (4) it's already being traced, 385 */ 386 if (ISSET(t->p_slflag, PSL_TRACED)) 387 return EBUSY; 388 389 /* 390 * (5) it's a vfork(2)ed parent of the current process, or 391 */ 392 if (ISSET(p->p_lflag, PL_PPWAIT) && p->p_pptr == t) 393 return EPERM; 394 395 /* 396 * (6) the tracer is chrooted, and its root directory is 397 * not at or above the root directory of the tracee 398 */ 399 mutex_exit(t->p_lock); /* XXXSMP */ 400 int tmp = proc_isunder(t, l); 401 mutex_enter(t->p_lock); /* XXXSMP */ 402 if (!tmp) 403 return EPERM; 404 return 0; 405 406 case PT_READ_I: 407 case PT_READ_D: 408 case PT_WRITE_I: 409 case PT_WRITE_D: 410 case PT_IO: 411 case PT_SET_SIGINFO: 412 case PT_GET_SIGINFO: 413 case_PT_GETREGS 414 case_PT_SETREGS 415 case_PT_GETFPREGS 416 case_PT_SETFPREGS 417 case_PT_GETDBREGS 418 case_PT_SETDBREGS 419 #ifdef __HAVE_PTRACE_MACHDEP 420 PTRACE_MACHDEP_REQUEST_CASES 421 #endif 422 /* 423 * You can't read/write the memory or registers of a process 424 * if the tracer is chrooted, and its root directory is not at 425 * or above the root directory of the tracee. 426 */ 427 mutex_exit(t->p_lock); /* XXXSMP */ 428 tmp = proc_isunder(t, l); 429 mutex_enter(t->p_lock); /* XXXSMP */ 430 if (!tmp) 431 return EPERM; 432 /*FALLTHROUGH*/ 433 434 case PT_CONTINUE: 435 case PT_KILL: 436 case PT_DETACH: 437 case PT_LWPINFO: 438 case PT_SYSCALL: 439 case PT_SYSCALLEMU: 440 case PT_DUMPCORE: 441 #ifdef PT_STEP 442 case PT_STEP: 443 case PT_SETSTEP: 444 case PT_CLEARSTEP: 445 #endif 446 case PT_SET_EVENT_MASK: 447 case PT_GET_EVENT_MASK: 448 case PT_GET_PROCESS_STATE: 449 case PT_RESUME: 450 case PT_SUSPEND: 451 case PT_STOP: 452 case PT_LWPSTATUS: 453 case PT_LWPNEXT: 454 case PT_SET_SIGPASS: 455 case PT_GET_SIGPASS: 456 /* 457 * You can't do what you want to the process if: 458 * (1) It's not being traced at all, 459 */ 460 if (!ISSET(t->p_slflag, PSL_TRACED)) 461 return EPERM; 462 463 /* 464 * (2) it's not being traced by _you_, or 465 */ 466 if (t->p_pptr != p) { 467 DPRINTF(("parent %d != %d\n", t->p_pptr->p_pid, 468 p->p_pid)); 469 return EBUSY; 470 } 471 472 /* 473 * (3) it's not currently stopped. 474 * 475 * As an exception allow PT_KILL and PT_STOP here. 476 */ 477 if (req != PT_KILL && req != PT_STOP && 478 (t->p_stat != SSTOP || !t->p_waited /* XXXSMP */)) { 479 DPRINTF(("stat %d flag %d\n", t->p_stat, 480 !t->p_waited)); 481 return EBUSY; 482 } 483 return 0; 484 485 default: /* It was not a legal request. */ 486 return EINVAL; 487 } 488 } 489 490 static int 491 ptrace_needs_hold(int req) 492 { 493 switch (req) { 494 #ifdef PT_STEP 495 case PT_STEP: 496 #endif 497 case PT_CONTINUE: 498 case PT_DETACH: 499 case PT_KILL: 500 case PT_SYSCALL: 501 case PT_SYSCALLEMU: 502 case PT_ATTACH: 503 case PT_TRACE_ME: 504 case PT_GET_SIGINFO: 505 case PT_SET_SIGINFO: 506 case PT_STOP: 507 return 1; 508 default: 509 return 0; 510 } 511 } 512 513 static int 514 ptrace_get_siginfo(struct proc *t, struct ptrace_methods *ptm, void *addr, 515 size_t data) 516 { 517 struct ptrace_siginfo psi; 518 519 memset(&psi, 0, sizeof(psi)); 520 psi.psi_siginfo._info = t->p_sigctx.ps_info; 521 psi.psi_lwpid = t->p_sigctx.ps_lwp; 522 DPRINTF(("%s: lwp=%d signal=%d\n", __func__, psi.psi_lwpid, 523 psi.psi_siginfo.si_signo)); 524 525 return ptm->ptm_copyout_siginfo(&psi, addr, data); 526 } 527 528 static int 529 ptrace_set_siginfo(struct proc *t, struct lwp **lt, struct ptrace_methods *ptm, 530 void *addr, size_t data) 531 { 532 struct ptrace_siginfo psi; 533 534 int error = ptm->ptm_copyin_siginfo(&psi, addr, data); 535 if (error) 536 return error; 537 538 /* Check that the data is a valid signal number or zero. */ 539 if (psi.psi_siginfo.si_signo < 0 || psi.psi_siginfo.si_signo >= NSIG) 540 return EINVAL; 541 542 t->p_sigctx.ps_faked = true; 543 t->p_sigctx.ps_info = psi.psi_siginfo._info; 544 t->p_sigctx.ps_lwp = psi.psi_lwpid; 545 DPRINTF(("%s: lwp=%d signal=%d\n", __func__, psi.psi_lwpid, 546 psi.psi_siginfo.si_signo)); 547 return 0; 548 } 549 550 static int 551 ptrace_get_sigpass(struct proc *t, void *addr, size_t data) 552 { 553 sigset_t set; 554 555 if (data > sizeof(set) || data <= 0) { 556 DPRINTF(("%s: invalid data: %zu < %zu <= 0\n", 557 __func__, sizeof(set), data)); 558 return EINVAL; 559 } 560 561 set = t->p_sigctx.ps_sigpass; 562 563 return copyout(&set, addr, data); 564 } 565 566 static int 567 ptrace_set_sigpass(struct proc *t, void *addr, size_t data) 568 { 569 sigset_t set; 570 int error; 571 572 if (data > sizeof(set) || data <= 0) { 573 DPRINTF(("%s: invalid data: %zu < %zu <= 0\n", 574 __func__, sizeof(set), data)); 575 return EINVAL; 576 } 577 578 memset(&set, 0, sizeof(set)); 579 580 if ((error = copyin(addr, &set, data))) 581 return error; 582 583 /* We catch SIGSTOP and cannot intercept SIGKILL. */ 584 sigminusset(&sigcantmask, &set); 585 586 t->p_sigctx.ps_sigpass = set; 587 588 return 0; 589 } 590 591 static int 592 ptrace_get_event_mask(struct proc *t, void *addr, size_t data) 593 { 594 struct ptrace_event pe; 595 596 if (data != sizeof(pe)) { 597 DPRINTF(("%s: %zu != %zu\n", __func__, data, sizeof(pe))); 598 return EINVAL; 599 } 600 memset(&pe, 0, sizeof(pe)); 601 pe.pe_set_event = ISSET(t->p_slflag, PSL_TRACEFORK) ? 602 PTRACE_FORK : 0; 603 pe.pe_set_event |= ISSET(t->p_slflag, PSL_TRACEVFORK) ? 604 PTRACE_VFORK : 0; 605 pe.pe_set_event |= ISSET(t->p_slflag, PSL_TRACEVFORK_DONE) ? 606 PTRACE_VFORK_DONE : 0; 607 pe.pe_set_event |= ISSET(t->p_slflag, PSL_TRACELWP_CREATE) ? 608 PTRACE_LWP_CREATE : 0; 609 pe.pe_set_event |= ISSET(t->p_slflag, PSL_TRACELWP_EXIT) ? 610 PTRACE_LWP_EXIT : 0; 611 pe.pe_set_event |= ISSET(t->p_slflag, PSL_TRACEPOSIX_SPAWN) ? 612 PTRACE_POSIX_SPAWN : 0; 613 DPRINTF(("%s: lwp=%d event=%#x\n", __func__, 614 t->p_sigctx.ps_lwp, pe.pe_set_event)); 615 return copyout(&pe, addr, sizeof(pe)); 616 } 617 618 static int 619 ptrace_set_event_mask(struct proc *t, void *addr, size_t data) 620 { 621 struct ptrace_event pe; 622 int error; 623 624 if (data != sizeof(pe)) { 625 DPRINTF(("%s: %zu != %zu\n", __func__, data, sizeof(pe))); 626 return EINVAL; 627 } 628 if ((error = copyin(addr, &pe, sizeof(pe))) != 0) 629 return error; 630 631 DPRINTF(("%s: lwp=%d event=%#x\n", __func__, 632 t->p_sigctx.ps_lwp, pe.pe_set_event)); 633 if (pe.pe_set_event & PTRACE_FORK) 634 SET(t->p_slflag, PSL_TRACEFORK); 635 else 636 CLR(t->p_slflag, PSL_TRACEFORK); 637 638 if (pe.pe_set_event & PTRACE_VFORK) 639 SET(t->p_slflag, PSL_TRACEVFORK); 640 else 641 CLR(t->p_slflag, PSL_TRACEVFORK); 642 643 if (pe.pe_set_event & PTRACE_VFORK_DONE) 644 SET(t->p_slflag, PSL_TRACEVFORK_DONE); 645 else 646 CLR(t->p_slflag, PSL_TRACEVFORK_DONE); 647 648 if (pe.pe_set_event & PTRACE_LWP_CREATE) 649 SET(t->p_slflag, PSL_TRACELWP_CREATE); 650 else 651 CLR(t->p_slflag, PSL_TRACELWP_CREATE); 652 653 if (pe.pe_set_event & PTRACE_LWP_EXIT) 654 SET(t->p_slflag, PSL_TRACELWP_EXIT); 655 else 656 CLR(t->p_slflag, PSL_TRACELWP_EXIT); 657 658 if (pe.pe_set_event & PTRACE_POSIX_SPAWN) 659 SET(t->p_slflag, PSL_TRACEPOSIX_SPAWN); 660 else 661 CLR(t->p_slflag, PSL_TRACEPOSIX_SPAWN); 662 663 return 0; 664 } 665 666 static int 667 ptrace_get_process_state(struct proc *t, void *addr, size_t data) 668 { 669 struct _ksiginfo *si; 670 struct ptrace_state ps; 671 672 if (data != sizeof(ps)) { 673 DPRINTF(("%s: %zu != %zu\n", __func__, data, sizeof(ps))); 674 return EINVAL; 675 } 676 677 if (t->p_sigctx.ps_info._signo != SIGTRAP || 678 (t->p_sigctx.ps_info._code != TRAP_CHLD && 679 t->p_sigctx.ps_info._code != TRAP_LWP)) { 680 memset(&ps, 0, sizeof(ps)); 681 } else { 682 si = &t->p_sigctx.ps_info; 683 684 KASSERT(si->_reason._ptrace_state._pe_report_event > 0); 685 KASSERT(si->_reason._ptrace_state._option._pe_other_pid > 0); 686 687 ps.pe_report_event = si->_reason._ptrace_state._pe_report_event; 688 689 CTASSERT(sizeof(ps.pe_other_pid) == sizeof(ps.pe_lwp)); 690 ps.pe_other_pid = 691 si->_reason._ptrace_state._option._pe_other_pid; 692 } 693 694 DPRINTF(("%s: lwp=%d event=%#x pid=%d lwp=%d\n", __func__, 695 t->p_sigctx.ps_lwp, ps.pe_report_event, 696 ps.pe_other_pid, ps.pe_lwp)); 697 return copyout(&ps, addr, sizeof(ps)); 698 } 699 700 static int 701 ptrace_lwpinfo(struct proc *t, struct lwp **lt, void *addr, size_t data) 702 { 703 struct ptrace_lwpinfo pl; 704 705 if (data != sizeof(pl)) { 706 DPRINTF(("%s: %zu != %zu\n", __func__, data, sizeof(pl))); 707 return EINVAL; 708 } 709 int error = copyin(addr, &pl, sizeof(pl)); 710 if (error) 711 return error; 712 713 lwpid_t tmp = pl.pl_lwpid; 714 lwp_delref(*lt); 715 mutex_enter(t->p_lock); 716 if (tmp == 0) 717 *lt = lwp_find_first(t); 718 else { 719 *lt = lwp_find(t, tmp); 720 if (*lt == NULL) { 721 mutex_exit(t->p_lock); 722 return ESRCH; 723 } 724 *lt = LIST_NEXT(*lt, l_sibling); 725 } 726 727 while (*lt != NULL && (!lwp_alive(*lt) || 728 ((*lt)->l_flag & LW_SYSTEM) != 0)) 729 *lt = LIST_NEXT(*lt, l_sibling); 730 731 pl.pl_lwpid = 0; 732 pl.pl_event = 0; 733 if (*lt) { 734 lwp_addref(*lt); 735 pl.pl_lwpid = (*lt)->l_lid; 736 737 if ((*lt)->l_flag & LW_WSUSPEND) 738 pl.pl_event = PL_EVENT_SUSPENDED; 739 /* 740 * If we match the lwp, or it was sent to every lwp, 741 * we set PL_EVENT_SIGNAL. 742 * XXX: ps_lwp == 0 means everyone and noone, so 743 * check ps_signo too. 744 */ 745 else if ((*lt)->l_lid == t->p_sigctx.ps_lwp 746 || (t->p_sigctx.ps_lwp == 0 && 747 t->p_sigctx.ps_info._signo)) { 748 DPRINTF(("%s: lwp=%d siglwp=%d signo %d\n", __func__, 749 pl.pl_lwpid, t->p_sigctx.ps_lwp, 750 t->p_sigctx.ps_info._signo)); 751 pl.pl_event = PL_EVENT_SIGNAL; 752 } 753 } 754 mutex_exit(t->p_lock); 755 DPRINTF(("%s: lwp=%d event=%#x\n", __func__, 756 pl.pl_lwpid, pl.pl_event)); 757 758 return copyout(&pl, addr, sizeof(pl)); 759 } 760 761 static int 762 ptrace_lwpstatus(struct proc *t, struct ptrace_methods *ptm, struct lwp **lt, 763 void *addr, size_t data, bool next) 764 { 765 struct ptrace_lwpstatus pls; 766 struct lwp *l; 767 int error; 768 769 if (data > sizeof(pls) || data < sizeof(lwpid_t)) { 770 DPRINTF(("%s: invalid data: %zu < %zu < %zu\n", 771 __func__, sizeof(lwpid_t), data, sizeof(pls))); 772 return EINVAL; 773 } 774 error = copyin(addr, &pls.pl_lwpid, sizeof(lwpid_t)); 775 if (error) 776 return error; 777 778 if (next) { 779 lwp_delref(*lt); 780 lwpid_t tmp = pls.pl_lwpid; 781 mutex_enter(t->p_lock); 782 if (tmp == 0) 783 *lt = lwp_find_first(t); 784 else { 785 *lt = lwp_find(t, tmp); 786 if (*lt == NULL) { 787 mutex_exit(t->p_lock); 788 return ESRCH; 789 } 790 *lt = LIST_NEXT(*lt, l_sibling); 791 } 792 793 while (*lt != NULL && (!lwp_alive(*lt) || 794 ((*lt)->l_flag & LW_SYSTEM) != 0)) 795 *lt = LIST_NEXT(*lt, l_sibling); 796 797 if (*lt == NULL) { 798 memset(&pls, 0, sizeof(pls)); 799 mutex_exit(t->p_lock); 800 goto out; 801 } 802 lwp_addref(*lt); 803 mutex_exit(t->p_lock); 804 805 pls.pl_lwpid = (*lt)->l_lid; 806 } else { 807 if ((error = ptrace_update_lwp(t, lt, pls.pl_lwpid)) != 0) 808 return error; 809 } 810 811 l = *lt; 812 813 ptrace_read_lwpstatus(l, &pls); 814 815 out: 816 DPRINTF(("%s: lwp=%d sigpend=%02x%02x%02x%02x " 817 "sigmask=%02x%02x%02x%02x name='%s' private=%p\n", 818 __func__, pls.pl_lwpid, 819 pls.pl_sigpend.__bits[0], pls.pl_sigpend.__bits[1], 820 pls.pl_sigpend.__bits[2], pls.pl_sigpend.__bits[3], 821 pls.pl_sigmask.__bits[0], pls.pl_sigmask.__bits[1], 822 pls.pl_sigmask.__bits[2], pls.pl_sigmask.__bits[3], 823 pls.pl_name, pls.pl_private)); 824 825 return ptm->ptm_copyout_lwpstatus(&pls, addr, data); 826 } 827 828 static int 829 ptrace_startstop(struct proc *t, struct lwp **lt, int rq, void *addr, 830 size_t data) 831 { 832 int error; 833 834 if ((error = ptrace_update_lwp(t, lt, data)) != 0) 835 return error; 836 837 DPRINTF(("%s: lwp=%d request=%d\n", __func__, (*lt)->l_lid, rq)); 838 lwp_lock(*lt); 839 if (rq == PT_SUSPEND) 840 (*lt)->l_flag |= LW_DBGSUSPEND; 841 else { 842 (*lt)->l_flag &= ~LW_DBGSUSPEND; 843 if ((*lt)->l_flag != LSSUSPENDED) 844 (*lt)->l_stat = LSSTOP; 845 } 846 lwp_unlock(*lt); 847 return 0; 848 } 849 850 #ifdef PT_REGISTERS 851 static int 852 ptrace_uio_dir(int req) 853 { 854 switch (req) { 855 case_PT_GETREGS 856 case_PT_GETFPREGS 857 case_PT_GETDBREGS 858 return UIO_READ; 859 case_PT_SETREGS 860 case_PT_SETFPREGS 861 case_PT_SETDBREGS 862 return UIO_WRITE; 863 default: 864 return -1; 865 } 866 } 867 868 static int 869 ptrace_regs(struct lwp *l, struct lwp **lt, int rq, struct ptrace_methods *ptm, 870 void *addr, size_t data) 871 { 872 int error; 873 struct proc *p, *t; 874 struct vmspace *vm; 875 876 p = l->l_proc; /* tracer */ 877 t = (*lt)->l_proc; /* traced */ 878 879 if ((error = ptrace_update_lwp(t, lt, data)) != 0) 880 return error; 881 882 int dir = ptrace_uio_dir(rq); 883 size_t size; 884 int (*func)(struct lwp *, struct lwp *, struct uio *); 885 886 DPRINTF(("%s: lwp=%d request=%d\n", __func__, l->l_lid, rq)); 887 888 switch (rq) { 889 #if defined(PT_REGS) 890 case_PT_GETREGS 891 case_PT_SETREGS 892 if (!process_validregs(*lt)) 893 return EINVAL; 894 size = PROC_REGSZ(p); 895 func = ptm->ptm_doregs; 896 break; 897 #endif 898 #if defined(PT_FPREGS) 899 case_PT_GETFPREGS 900 case_PT_SETFPREGS 901 if (!process_validfpregs(*lt)) 902 return EINVAL; 903 size = PROC_FPREGSZ(p); 904 func = ptm->ptm_dofpregs; 905 break; 906 #endif 907 #if defined(PT_DBREGS) 908 case_PT_GETDBREGS 909 case_PT_SETDBREGS 910 if (!process_validdbregs(*lt)) 911 return EINVAL; 912 size = PROC_DBREGSZ(p); 913 func = ptm->ptm_dodbregs; 914 break; 915 #endif 916 default: 917 return EINVAL; 918 } 919 920 error = proc_vmspace_getref(l->l_proc, &vm); 921 if (error) 922 return error; 923 924 struct uio uio; 925 struct iovec iov; 926 927 iov.iov_base = addr; 928 iov.iov_len = size; 929 uio.uio_iov = &iov; 930 uio.uio_iovcnt = 1; 931 uio.uio_offset = 0; 932 uio.uio_resid = iov.iov_len; 933 uio.uio_rw = dir; 934 uio.uio_vmspace = vm; 935 936 error = (*func)(l, *lt, &uio); 937 uvmspace_free(vm); 938 return error; 939 } 940 #endif 941 942 static int 943 ptrace_sendsig(struct lwp *l, int req, struct proc *t, struct lwp *lt, int signo, int resume_all) 944 { 945 ksiginfo_t ksi; 946 947 /* Finally, deliver the requested signal (or none). */ 948 if (t->p_stat == SSTOP) { 949 /* 950 * Unstop the process. If it needs to take a 951 * signal, make all efforts to ensure that at 952 * an LWP runs to see it. 953 */ 954 t->p_xsig = signo; 955 956 /* 957 * signo > 0 check prevents a potential panic, as 958 * sigismember(&...,0) is invalid check and signo 959 * can be equal to 0 as a special case of no-signal. 960 */ 961 if (signo > 0 && sigismember(&stopsigmask, signo)) { 962 t->p_waited = 0; 963 child_psignal(t, 0); 964 } else if (resume_all) 965 proc_unstop(t); 966 else 967 lwp_unstop(lt); 968 969 if (req != PT_KILL || signo != SIGKILL) 970 return 0; 971 } 972 973 KASSERT(req == PT_KILL || req == PT_STOP || req == PT_ATTACH); 974 975 KSI_INIT(&ksi); 976 ksi.ksi_signo = signo; 977 ksi.ksi_code = SI_USER; 978 ksi.ksi_pid = l->l_proc->p_pid; 979 ksi.ksi_uid = kauth_cred_geteuid(l->l_cred); 980 981 t->p_sigctx.ps_faked = false; 982 983 DPRINTF(("%s: pid=%d.%d signal=%d resume_all=%d\n", __func__, t->p_pid, 984 lt->l_lid, signo, resume_all)); 985 986 return kpsignal2(t, &ksi); 987 } 988 989 static int 990 ptrace_dumpcore(struct lwp *lt, char *path, size_t len) 991 { 992 int error; 993 if (path != NULL) { 994 995 if (len >= MAXPATHLEN) 996 return EINVAL; 997 998 char *src = path; 999 path = kmem_alloc(len + 1, KM_SLEEP); 1000 error = copyin(src, path, len); 1001 if (error) 1002 goto out; 1003 path[len] = '\0'; 1004 } 1005 DPRINTF(("%s: lwp=%d\n", __func__, lt->l_lid)); 1006 MODULE_HOOK_CALL(coredump_hook, (lt, path), 0, error); 1007 out: 1008 if (path) 1009 kmem_free(path, len + 1); 1010 return error; 1011 } 1012 1013 static int 1014 ptrace_doio(struct lwp *l, struct proc *t, struct lwp *lt, 1015 struct ptrace_io_desc *piod, void *addr, bool sysspace) 1016 { 1017 struct uio uio; 1018 struct iovec iov; 1019 int error, tmp; 1020 1021 error = 0; 1022 iov.iov_base = piod->piod_addr; 1023 iov.iov_len = piod->piod_len; 1024 uio.uio_iov = &iov; 1025 uio.uio_iovcnt = 1; 1026 uio.uio_offset = (off_t)(unsigned long)piod->piod_offs; 1027 uio.uio_resid = piod->piod_len; 1028 1029 DPRINTF(("%s: lwp=%d request=%d\n", __func__, l->l_lid, piod->piod_op)); 1030 1031 switch (piod->piod_op) { 1032 case PIOD_READ_D: 1033 case PIOD_READ_I: 1034 uio.uio_rw = UIO_READ; 1035 break; 1036 case PIOD_WRITE_D: 1037 case PIOD_WRITE_I: 1038 /* 1039 * Can't write to a RAS 1040 */ 1041 if (ras_lookup(t, addr) != (void *)-1) { 1042 return EACCES; 1043 } 1044 uio.uio_rw = UIO_WRITE; 1045 break; 1046 case PIOD_READ_AUXV: 1047 uio.uio_rw = UIO_READ; 1048 tmp = t->p_execsw->es_arglen; 1049 if (uio.uio_offset > tmp) 1050 return EIO; 1051 if (uio.uio_resid > tmp - uio.uio_offset) 1052 uio.uio_resid = tmp - uio.uio_offset; 1053 piod->piod_len = iov.iov_len = uio.uio_resid; 1054 error = process_auxv_offset(t, &uio); 1055 break; 1056 default: 1057 error = EINVAL; 1058 break; 1059 } 1060 1061 if (error) 1062 return error; 1063 1064 if (sysspace) { 1065 uio.uio_vmspace = vmspace_kernel(); 1066 } else { 1067 error = proc_vmspace_getref(l->l_proc, &uio.uio_vmspace); 1068 if (error) 1069 return error; 1070 } 1071 1072 error = process_domem(l, lt, &uio); 1073 if (!sysspace) 1074 uvmspace_free(uio.uio_vmspace); 1075 if (error) 1076 return error; 1077 piod->piod_len -= uio.uio_resid; 1078 return 0; 1079 } 1080 1081 int 1082 do_ptrace(struct ptrace_methods *ptm, struct lwp *l, int req, pid_t pid, 1083 void *addr, int data, register_t *retval) 1084 { 1085 struct proc *p = l->l_proc; 1086 struct lwp *lt = NULL; 1087 struct lwp *lt2; 1088 struct proc *t; /* target process */ 1089 struct ptrace_io_desc piod; 1090 int error, write, tmp, pheld; 1091 int signo = 0; 1092 int resume_all; 1093 bool locked; 1094 error = 0; 1095 1096 DPRINTF(("%s: tracer=%d tracee=%d req=%s(%d) addr=%p data=%d\n", 1097 __func__, p->p_pid, pid, 1098 (u_int)req < __arraycount(pt_strings) ? pt_strings[req] : "???", 1099 req, addr, data)); 1100 /* 1101 * If attaching or detaching, we need to get a write hold on the 1102 * proclist lock so that we can re-parent the target process. 1103 */ 1104 mutex_enter(&proc_lock); 1105 1106 t = ptrace_find(l, req, pid); 1107 if (t == NULL) { 1108 mutex_exit(&proc_lock); 1109 return ESRCH; 1110 } 1111 1112 pheld = 1; 1113 if ((error = ptrace_allowed(l, req, t, p, &locked)) != 0) 1114 goto out; 1115 1116 if ((error = kauth_authorize_process(l->l_cred, 1117 KAUTH_PROCESS_PTRACE, t, KAUTH_ARG(req), NULL, NULL)) != 0) 1118 goto out; 1119 1120 if ((lt = lwp_find_first(t)) == NULL) { 1121 error = ESRCH; 1122 goto out; 1123 } 1124 1125 /* Do single-step fixup if needed. */ 1126 FIX_SSTEP(t); 1127 KASSERT(lt != NULL); 1128 lwp_addref(lt); 1129 1130 /* 1131 * Which locks do we need held? XXX Ugly. 1132 */ 1133 if ((pheld = ptrace_needs_hold(req)) == 0) { 1134 mutex_exit(t->p_lock); 1135 mutex_exit(&proc_lock); 1136 } 1137 1138 /* Now do the operation. */ 1139 write = 0; 1140 *retval = 0; 1141 tmp = 0; 1142 resume_all = 1; 1143 1144 switch (req) { 1145 case PT_TRACE_ME: 1146 /* Just set the trace flag. */ 1147 SET(t->p_slflag, PSL_TRACED); 1148 t->p_opptr = t->p_pptr; 1149 break; 1150 1151 /* 1152 * The I and D separate address space has been inherited from PDP-11. 1153 * The 16-bit UNIX started with a single address space per program, 1154 * but was extended to two 16-bit (2 x 64kb) address spaces. 1155 * 1156 * We no longer maintain this feature in maintained architectures, but 1157 * we keep the API for backward compatibility. Currently the I and D 1158 * operations are exactly the same and not distinguished in debuggers. 1159 */ 1160 case PT_WRITE_I: 1161 case PT_WRITE_D: 1162 write = 1; 1163 tmp = data; 1164 /* FALLTHROUGH */ 1165 case PT_READ_I: 1166 case PT_READ_D: 1167 piod.piod_addr = &tmp; 1168 piod.piod_len = sizeof(tmp); 1169 piod.piod_offs = addr; 1170 piod.piod_op = write ? PIOD_WRITE_D : PIOD_READ_D; 1171 if ((error = ptrace_doio(l, t, lt, &piod, addr, true)) != 0) 1172 break; 1173 /* 1174 * For legacy reasons we treat here two results as success: 1175 * - incomplete transfer piod.piod_len < sizeof(tmp) 1176 * - no transfer piod.piod_len == 0 1177 * 1178 * This means that there is no way to determine whether 1179 * transfer operation was performed in PT_WRITE and PT_READ 1180 * calls. 1181 */ 1182 if (!write) 1183 *retval = tmp; 1184 break; 1185 1186 case PT_IO: 1187 if ((error = ptm->ptm_copyin_piod(&piod, addr, data)) != 0) 1188 break; 1189 if (piod.piod_len < 1) { 1190 error = EINVAL; 1191 break; 1192 } 1193 if ((error = ptrace_doio(l, t, lt, &piod, addr, false)) != 0) 1194 break; 1195 /* 1196 * For legacy reasons we treat here two results as success: 1197 * - incomplete transfer piod.piod_len < sizeof(tmp) 1198 * - no transfer piod.piod_len == 0 1199 */ 1200 error = ptm->ptm_copyout_piod(&piod, addr, data); 1201 break; 1202 1203 case PT_DUMPCORE: 1204 error = ptrace_dumpcore(lt, addr, data); 1205 break; 1206 1207 #ifdef PT_STEP 1208 case PT_STEP: 1209 /* 1210 * From the 4.4BSD PRM: 1211 * "Execution continues as in request PT_CONTINUE; however 1212 * as soon as possible after execution of at least one 1213 * instruction, execution stops again. [ ... ]" 1214 */ 1215 #endif 1216 case PT_CONTINUE: 1217 case PT_SYSCALL: 1218 case PT_DETACH: 1219 if (req == PT_SYSCALL) { 1220 if (!ISSET(t->p_slflag, PSL_SYSCALL)) { 1221 SET(t->p_slflag, PSL_SYSCALL); 1222 #ifdef __HAVE_SYSCALL_INTERN 1223 (*t->p_emul->e_syscall_intern)(t); 1224 #endif 1225 } 1226 } else { 1227 if (ISSET(t->p_slflag, PSL_SYSCALL)) { 1228 CLR(t->p_slflag, PSL_SYSCALL); 1229 #ifdef __HAVE_SYSCALL_INTERN 1230 (*t->p_emul->e_syscall_intern)(t); 1231 #endif 1232 } 1233 } 1234 t->p_trace_enabled = trace_is_enabled(t); 1235 1236 /* 1237 * Pick up the LWPID, if supplied. There are two cases: 1238 * data < 0 : step or continue single thread, lwp = -data 1239 * data > 0 in PT_STEP : step this thread, continue others 1240 * For operations other than PT_STEP, data > 0 means 1241 * data is the signo to deliver to the process. 1242 */ 1243 tmp = data; 1244 if (tmp >= 0) { 1245 #ifdef PT_STEP 1246 if (req == PT_STEP) 1247 signo = 0; 1248 else 1249 #endif 1250 { 1251 signo = tmp; 1252 tmp = 0; /* don't search for LWP */ 1253 } 1254 } else if (tmp == INT_MIN) { 1255 error = ESRCH; 1256 break; 1257 } else { 1258 tmp = -tmp; 1259 } 1260 1261 if (tmp > 0) { 1262 if (req == PT_DETACH) { 1263 error = EINVAL; 1264 break; 1265 } 1266 lwp_delref2 (lt); 1267 lt = lwp_find(t, tmp); 1268 if (lt == NULL) { 1269 error = ESRCH; 1270 break; 1271 } 1272 lwp_addref(lt); 1273 resume_all = 0; 1274 signo = 0; 1275 } 1276 1277 /* 1278 * From the 4.4BSD PRM: 1279 * "The data argument is taken as a signal number and the 1280 * child's execution continues at location addr as if it 1281 * incurred that signal. Normally the signal number will 1282 * be either 0 to indicate that the signal that caused the 1283 * stop should be ignored, or that value fetched out of 1284 * the process's image indicating which signal caused 1285 * the stop. If addr is (int *)1 then execution continues 1286 * from where it stopped." 1287 */ 1288 1289 /* Check that the data is a valid signal number or zero. */ 1290 if (signo < 0 || signo >= NSIG) { 1291 error = EINVAL; 1292 break; 1293 } 1294 1295 /* Prevent process deadlock */ 1296 if (resume_all) { 1297 #ifdef PT_STEP 1298 if (req == PT_STEP) { 1299 if (lt->l_flag & 1300 (LW_WSUSPEND | LW_DBGSUSPEND)) { 1301 error = EDEADLK; 1302 break; 1303 } 1304 } else 1305 #endif 1306 { 1307 error = EDEADLK; 1308 LIST_FOREACH(lt2, &t->p_lwps, l_sibling) { 1309 if ((lt2->l_flag & 1310 (LW_WSUSPEND | LW_DBGSUSPEND)) == 0 1311 ) { 1312 error = 0; 1313 break; 1314 } 1315 } 1316 if (error != 0) 1317 break; 1318 } 1319 } else { 1320 if (lt->l_flag & (LW_WSUSPEND | LW_DBGSUSPEND)) { 1321 error = EDEADLK; 1322 break; 1323 } 1324 } 1325 1326 /* 1327 * Reject setting program counter to 0x0 if VA0 is disabled. 1328 * 1329 * Not all kernels implement this feature to set Program 1330 * Counter in one go in PT_CONTINUE and similar operations. 1331 * This causes portability issues as passing address 0x0 1332 * on these kernels is no-operation, but can cause failure 1333 * in most cases on NetBSD. 1334 */ 1335 if (user_va0_disable && addr == 0) { 1336 error = EINVAL; 1337 break; 1338 } 1339 1340 /* If the address parameter is not (int *)1, set the pc. */ 1341 if ((int *)addr != (int *)1) { 1342 error = process_set_pc(lt, addr); 1343 if (error != 0) 1344 break; 1345 } 1346 #ifdef PT_STEP 1347 /* 1348 * Arrange for a single-step, if that's requested and possible. 1349 * More precisely, set the single step status as requested for 1350 * the requested thread, and clear it for other threads. 1351 */ 1352 LIST_FOREACH(lt2, &t->p_lwps, l_sibling) { 1353 error = process_sstep(lt2, 1354 ISSET(lt2->l_pflag, LP_SINGLESTEP)); 1355 if (error) 1356 break; 1357 } 1358 if (error) 1359 break; 1360 error = process_sstep(lt, 1361 ISSET(lt->l_pflag, LP_SINGLESTEP) || req == PT_STEP); 1362 if (error) 1363 break; 1364 #endif 1365 if (req == PT_DETACH) { 1366 CLR(t->p_slflag, 1367 PSL_TRACED|PSL_TRACEDCHILD|PSL_SYSCALL); 1368 1369 /* clear sigpass mask */ 1370 sigemptyset(&t->p_sigctx.ps_sigpass); 1371 1372 /* give process back to original parent or init */ 1373 if (t->p_opptr != t->p_pptr) { 1374 struct proc *pp = t->p_opptr; 1375 proc_reparent(t, pp ? pp : initproc); 1376 } 1377 1378 /* not being traced any more */ 1379 t->p_opptr = NULL; 1380 1381 /* clear single step */ 1382 LIST_FOREACH(lt2, &t->p_lwps, l_sibling) { 1383 CLR(lt2->l_pflag, LP_SINGLESTEP); 1384 } 1385 CLR(lt->l_pflag, LP_SINGLESTEP); 1386 } 1387 sendsig: 1388 error = ptrace_sendsig(l, req, t, lt, signo, resume_all); 1389 break; 1390 1391 case PT_SYSCALLEMU: 1392 if (!ISSET(t->p_slflag, PSL_SYSCALL) || t->p_stat != SSTOP) { 1393 error = EINVAL; 1394 break; 1395 } 1396 SET(t->p_slflag, PSL_SYSCALLEMU); 1397 break; 1398 1399 #ifdef PT_STEP 1400 case PT_SETSTEP: 1401 write = 1; 1402 1403 /* FALLTHROUGH */ 1404 case PT_CLEARSTEP: 1405 /* write = 0 done above. */ 1406 if ((error = ptrace_update_lwp(t, <, data)) != 0) 1407 break; 1408 1409 if (write) 1410 SET(lt->l_pflag, LP_SINGLESTEP); 1411 else 1412 CLR(lt->l_pflag, LP_SINGLESTEP); 1413 break; 1414 #endif 1415 1416 case PT_KILL: 1417 /* just send the process a KILL signal. */ 1418 signo = SIGKILL; 1419 goto sendsig; /* in PT_CONTINUE, above. */ 1420 1421 case PT_STOP: 1422 /* just send the process a STOP signal. */ 1423 signo = SIGSTOP; 1424 goto sendsig; /* in PT_CONTINUE, above. */ 1425 1426 case PT_ATTACH: 1427 /* 1428 * Go ahead and set the trace flag. 1429 * Save the old parent (it's reset in 1430 * _DETACH, and also in kern_exit.c:wait4() 1431 * Reparent the process so that the tracing 1432 * proc gets to see all the action. 1433 * Stop the target. 1434 */ 1435 proc_changeparent(t, p); 1436 signo = SIGSTOP; 1437 goto sendsig; 1438 1439 case PT_GET_EVENT_MASK: 1440 error = ptrace_get_event_mask(t, addr, data); 1441 break; 1442 1443 case PT_SET_EVENT_MASK: 1444 error = ptrace_set_event_mask(t, addr, data); 1445 break; 1446 1447 case PT_GET_PROCESS_STATE: 1448 error = ptrace_get_process_state(t, addr, data); 1449 break; 1450 1451 case PT_LWPINFO: 1452 error = ptrace_lwpinfo(t, <, addr, data); 1453 break; 1454 1455 case PT_SET_SIGINFO: 1456 error = ptrace_set_siginfo(t, <, ptm, addr, data); 1457 break; 1458 1459 case PT_GET_SIGINFO: 1460 error = ptrace_get_siginfo(t, ptm, addr, data); 1461 break; 1462 1463 case PT_RESUME: 1464 case PT_SUSPEND: 1465 error = ptrace_startstop(t, <, req, addr, data); 1466 break; 1467 1468 case PT_LWPSTATUS: 1469 error = ptrace_lwpstatus(t, ptm, <, addr, data, false); 1470 break; 1471 1472 case PT_LWPNEXT: 1473 error = ptrace_lwpstatus(t, ptm, <, addr, data, true); 1474 break; 1475 1476 case PT_SET_SIGPASS: 1477 error = ptrace_set_sigpass(t, addr, data); 1478 break; 1479 1480 case PT_GET_SIGPASS: 1481 error = ptrace_get_sigpass(t, addr, data); 1482 break; 1483 1484 #ifdef PT_REGISTERS 1485 case_PT_SETREGS 1486 case_PT_GETREGS 1487 case_PT_SETFPREGS 1488 case_PT_GETFPREGS 1489 case_PT_SETDBREGS 1490 case_PT_GETDBREGS 1491 error = ptrace_regs(l, <, req, ptm, addr, data); 1492 break; 1493 #endif 1494 1495 #ifdef __HAVE_PTRACE_MACHDEP 1496 PTRACE_MACHDEP_REQUEST_CASES 1497 error = ptrace_machdep_dorequest(l, <, req, addr, data); 1498 break; 1499 #endif 1500 } 1501 1502 out: 1503 if (pheld) { 1504 mutex_exit(t->p_lock); 1505 mutex_exit(&proc_lock); 1506 } 1507 if (lt != NULL) 1508 lwp_delref(lt); 1509 if (locked) 1510 rw_exit(&t->p_reflock); 1511 1512 return error; 1513 } 1514 1515 static int 1516 process_auxv_offset(struct proc *p, struct uio *uio) 1517 { 1518 struct ps_strings pss; 1519 int error; 1520 off_t off = (off_t)p->p_psstrp; 1521 1522 if ((error = copyin_psstrings(p, &pss)) != 0) 1523 return error; 1524 1525 if (pss.ps_envstr == NULL) 1526 return EIO; 1527 1528 #ifdef COMPAT_NETBSD32 1529 if (p->p_flag & PK_32) 1530 uio->uio_offset += (off_t)((vaddr_t)pss.ps_envstr + 1531 sizeof(uint32_t) * (pss.ps_nenvstr + 1)); 1532 else 1533 #endif 1534 uio->uio_offset += (off_t)(vaddr_t)(pss.ps_envstr + 1535 pss.ps_nenvstr + 1); 1536 1537 #ifdef __MACHINE_STACK_GROWS_UP 1538 if (uio->uio_offset < off) 1539 return EIO; 1540 #else 1541 if (uio->uio_offset > off) 1542 return EIO; 1543 if ((uio->uio_offset + uio->uio_resid) > off) 1544 uio->uio_resid = off - uio->uio_offset; 1545 #endif 1546 return 0; 1547 } 1548 1549 MODULE(MODULE_CLASS_EXEC, ptrace_common, NULL); 1550 1551 static int 1552 ptrace_common_init(void) 1553 { 1554 1555 #if 0 1556 mutex_init(&ptrace_mtx, MUTEX_DEFAULT, IPL_NONE); 1557 cv_init(&ptrace_cv, "ptracecb"); 1558 ptrace_cbref = 0; 1559 #endif 1560 ptrace_listener = kauth_listen_scope(KAUTH_SCOPE_PROCESS, 1561 ptrace_listener_cb, NULL); 1562 return 0; 1563 } 1564 1565 static int 1566 ptrace_common_fini(void) 1567 { 1568 1569 kauth_unlisten_scope(ptrace_listener); 1570 1571 #if 0 1572 /* Make sure no-one is executing our kauth listener */ 1573 1574 mutex_enter(&ptrace_mtx); 1575 while (ptrace_cbref != 0) 1576 cv_wait(&ptrace_cv, &ptrace_mtx); 1577 mutex_exit(&ptrace_mtx); 1578 mutex_destroy(&ptrace_mtx); 1579 cv_destroy(&ptrace_cv); 1580 #endif 1581 1582 return 0; 1583 } 1584 1585 static int 1586 ptrace_common_modcmd(modcmd_t cmd, void *arg) 1587 { 1588 int error; 1589 1590 switch (cmd) { 1591 case MODULE_CMD_INIT: 1592 error = ptrace_common_init(); 1593 break; 1594 case MODULE_CMD_FINI: 1595 error = ptrace_common_fini(); 1596 break; 1597 default: 1598 ptrace_hooks(); 1599 error = ENOTTY; 1600 break; 1601 } 1602 return error; 1603 } 1604