1 /* $OpenBSD: sys_process.c,v 1.105 2024/12/15 18:25:12 mvs Exp $ */ 2 /* $NetBSD: sys_process.c,v 1.55 1996/05/15 06:17:47 tls Exp $ */ 3 4 /*- 5 * Copyright (c) 1994 Christopher G. Demetriou. All rights reserved. 6 * Copyright (c) 1982, 1986, 1989, 1993 7 * The Regents of the University of California. All rights reserved. 8 * (c) UNIX System Laboratories, Inc. 9 * All or some portions of this file are derived from material licensed 10 * to the University of California by American Telephone and Telegraph 11 * Co. or Unix System Laboratories, Inc. and are reproduced herein with 12 * the permission of UNIX System Laboratories, Inc. 13 * 14 * Redistribution and use in source and binary forms, with or without 15 * modification, are permitted provided that the following conditions 16 * are met: 17 * 1. Redistributions of source code must retain the above copyright 18 * notice, this list of conditions and the following disclaimer. 19 * 2. Redistributions in binary form must reproduce the above copyright 20 * notice, this list of conditions and the following disclaimer in the 21 * documentation and/or other materials provided with the distribution. 22 * 3. Neither the name of the University nor the names of its contributors 23 * may be used to endorse or promote products derived from this software 24 * without specific prior written permission. 25 * 26 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 27 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 28 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 29 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 36 * SUCH DAMAGE. 37 * 38 * from: @(#)sys_process.c 8.1 (Berkeley) 6/10/93 39 */ 40 41 /* 42 * References: 43 * (1) Bach's "The Design of the UNIX Operating System", 44 * (2) sys/miscfs/procfs from UCB's 4.4BSD-Lite distribution, 45 * (3) the "4.4BSD Programmer's Reference Manual" published 46 * by USENIX and O'Reilly & Associates. 47 * The 4.4BSD PRM does a reasonably good job of documenting what the various 48 * ptrace() requests should actually do, and its text is quoted several times 49 * in this file. 50 */ 51 52 #include <sys/param.h> 53 #include <sys/systm.h> 54 #include <sys/exec.h> 55 #include <sys/proc.h> 56 #include <sys/signalvar.h> 57 #include <sys/errno.h> 58 #include <sys/malloc.h> 59 #include <sys/ptrace.h> 60 #include <sys/uio.h> 61 #include <sys/sched.h> 62 #include <sys/exec_elf.h> 63 64 #include <sys/mount.h> 65 #include <sys/syscallargs.h> 66 67 #include <uvm/uvm_extern.h> 68 69 #include <machine/reg.h> 70 71 #ifdef PTRACE 72 73 /* 74 * Locks used to protect data: 75 * a atomic 76 */ 77 78 static inline int process_checktracestate(struct process *_curpr, 79 struct process *_tr, struct proc *_t); 80 static inline struct process *process_tprfind(pid_t _tpid, struct proc **_tp); 81 82 int ptrace_ctrl(struct proc *, int, pid_t, caddr_t, int); 83 int ptrace_ustate(struct proc *, int, pid_t, void *, int, register_t *); 84 int ptrace_kstate(struct proc *, int, pid_t, void *); 85 86 int global_ptrace; /* [a] permit tracing of not children */ 87 88 89 /* 90 * Process debugging system call. 91 */ 92 int 93 sys_ptrace(struct proc *p, void *v, register_t *retval) 94 { 95 struct sys_ptrace_args /* { 96 syscallarg(int) req; 97 syscallarg(pid_t) pid; 98 syscallarg(caddr_t) addr; 99 syscallarg(int) data; 100 } */ *uap = v; 101 int req = SCARG(uap, req); 102 pid_t pid = SCARG(uap, pid); 103 caddr_t uaddr = SCARG(uap, addr); /* userspace */ 104 void *kaddr = NULL; /* kernelspace */ 105 int data = SCARG(uap, data); 106 union { 107 struct ptrace_thread_state u_pts; 108 struct ptrace_io_desc u_piod; 109 struct ptrace_event u_pe; 110 struct ptrace_state u_ps; 111 register_t u_wcookie; 112 register_t u_pacmask[2]; 113 } u; 114 int size = 0; 115 enum { NONE, IN, IN_ALLOC, OUT, OUT_ALLOC, IN_OUT } mode; 116 int kstate = 0; 117 int error; 118 119 *retval = 0; 120 121 /* Figure out what sort of copyin/out operations we'll do */ 122 switch (req) { 123 case PT_TRACE_ME: 124 case PT_CONTINUE: 125 case PT_KILL: 126 case PT_ATTACH: 127 case PT_DETACH: 128 #ifdef PT_STEP 129 case PT_STEP: 130 #endif 131 /* control operations do no copyin/out; dispatch directly */ 132 return ptrace_ctrl(p, req, pid, uaddr, data); 133 134 case PT_READ_I: 135 case PT_READ_D: 136 case PT_WRITE_I: 137 case PT_WRITE_D: 138 mode = NONE; 139 break; 140 case PT_IO: 141 mode = IN_OUT; 142 size = sizeof u.u_piod; 143 data = size; /* suppress the data == size check */ 144 break; 145 case PT_GET_THREAD_FIRST: 146 mode = OUT; 147 size = sizeof u.u_pts; 148 kstate = 1; 149 break; 150 case PT_GET_THREAD_NEXT: 151 mode = IN_OUT; 152 size = sizeof u.u_pts; 153 kstate = 1; 154 break; 155 case PT_GET_EVENT_MASK: 156 mode = OUT; 157 size = sizeof u.u_pe; 158 kstate = 1; 159 break; 160 case PT_SET_EVENT_MASK: 161 mode = IN; 162 size = sizeof u.u_pe; 163 kstate = 1; 164 break; 165 case PT_GET_PROCESS_STATE: 166 mode = OUT; 167 size = sizeof u.u_ps; 168 kstate = 1; 169 break; 170 case PT_GETREGS: 171 mode = OUT_ALLOC; 172 size = sizeof(struct reg); 173 break; 174 case PT_SETREGS: 175 mode = IN_ALLOC; 176 size = sizeof(struct reg); 177 break; 178 #ifdef PT_GETFPREGS 179 case PT_GETFPREGS: 180 mode = OUT_ALLOC; 181 size = sizeof(struct fpreg); 182 break; 183 #endif 184 #ifdef PT_SETFPREGS 185 case PT_SETFPREGS: 186 mode = IN_ALLOC; 187 size = sizeof(struct fpreg); 188 break; 189 #endif 190 #ifdef PT_GETXMMREGS 191 case PT_GETXMMREGS: 192 mode = OUT_ALLOC; 193 size = sizeof(struct xmmregs); 194 break; 195 #endif 196 #ifdef PT_SETXMMREGS 197 case PT_SETXMMREGS: 198 mode = IN_ALLOC; 199 size = sizeof(struct xmmregs); 200 break; 201 #endif 202 #ifdef PT_WCOOKIE 203 case PT_WCOOKIE: 204 mode = OUT; 205 size = sizeof u.u_wcookie; 206 data = size; /* suppress the data == size check */ 207 break; 208 #endif 209 #ifdef PT_PACMASK 210 case PT_PACMASK: 211 mode = OUT; 212 size = sizeof u.u_pacmask; 213 break; 214 #endif 215 #ifdef PT_GETXSTATE_INFO 216 case PT_GETXSTATE_INFO: 217 mode = OUT_ALLOC; 218 size = sizeof(struct ptrace_xstate_info); 219 break; 220 #endif 221 #ifdef PT_GETXSTATE 222 case PT_GETXSTATE: 223 mode = OUT_ALLOC; 224 size = fpu_save_len; 225 break; 226 #endif 227 #ifdef PT_SETXSTATE 228 case PT_SETXSTATE: 229 mode = IN_ALLOC; 230 size = fpu_save_len; 231 break; 232 #endif 233 default: 234 return EINVAL; 235 } 236 237 238 /* Now do any copyin()s and allocations in a consistent manner */ 239 switch (mode) { 240 case NONE: 241 kaddr = uaddr; 242 break; 243 case IN: 244 case IN_OUT: 245 case OUT: 246 KASSERT(size <= sizeof u); 247 if (data != size) 248 return EINVAL; 249 if (mode == OUT) 250 memset(&u, 0, size); 251 else { /* IN or IN_OUT */ 252 if ((error = copyin(uaddr, &u, size))) 253 return error; 254 } 255 kaddr = &u; 256 break; 257 case IN_ALLOC: 258 kaddr = malloc(size, M_TEMP, M_WAITOK); 259 if ((error = copyin(uaddr, kaddr, size))) { 260 free(kaddr, M_TEMP, size); 261 return error; 262 } 263 break; 264 case OUT_ALLOC: 265 kaddr = malloc(size, M_TEMP, M_WAITOK | M_ZERO); 266 break; 267 } 268 269 if (kstate) 270 error = ptrace_kstate(p, req, pid, kaddr); 271 else 272 error = ptrace_ustate(p, req, pid, kaddr, data, retval); 273 274 /* Do any copyout()s and frees */ 275 if (error == 0) { 276 switch (mode) { 277 case NONE: 278 case IN: 279 case IN_ALLOC: 280 break; 281 case IN_OUT: 282 case OUT: 283 error = copyout(&u, uaddr, size); 284 if (req == PT_IO) { 285 /* historically, errors here are ignored */ 286 error = 0; 287 } 288 break; 289 case OUT_ALLOC: 290 error = copyout(kaddr, uaddr, size); 291 break; 292 } 293 } 294 295 if (mode == IN_ALLOC || mode == OUT_ALLOC) 296 free(kaddr, M_TEMP, size); 297 return error; 298 } 299 300 /* 301 * ptrace control requests: attach, detach, continue, kill, single-step, etc 302 */ 303 int 304 ptrace_ctrl(struct proc *p, int req, pid_t pid, caddr_t addr, int data) 305 { 306 struct proc *t; /* target thread */ 307 struct process *tr; /* target process */ 308 int error = 0; 309 310 switch (req) { 311 case PT_TRACE_ME: 312 /* Just set the trace flag. */ 313 tr = p->p_p; 314 mtx_enter(&tr->ps_mtx); 315 if (ISSET(tr->ps_flags, PS_TRACED)) { 316 mtx_leave(&tr->ps_mtx); 317 return EBUSY; 318 } 319 atomic_setbits_int(&tr->ps_flags, PS_TRACED); 320 tr->ps_opptr = tr->ps_pptr; 321 mtx_leave(&tr->ps_mtx); 322 if (tr->ps_ptstat == NULL) 323 tr->ps_ptstat = malloc(sizeof(*tr->ps_ptstat), 324 M_SUBPROC, M_WAITOK); 325 memset(tr->ps_ptstat, 0, sizeof(*tr->ps_ptstat)); 326 return 0; 327 328 /* calls that only operate on the PID */ 329 case PT_KILL: 330 case PT_ATTACH: 331 case PT_DETACH: 332 /* Find the process we're supposed to be operating on. */ 333 if ((tr = prfind(pid)) == NULL) { 334 error = ESRCH; 335 goto fail; 336 } 337 t = TAILQ_FIRST(&tr->ps_threads); 338 break; 339 340 /* calls that accept a PID or a thread ID */ 341 case PT_CONTINUE: 342 #ifdef PT_STEP 343 case PT_STEP: 344 #endif 345 if ((tr = process_tprfind(pid, &t)) == NULL) { 346 error = ESRCH; 347 goto fail; 348 } 349 break; 350 } 351 352 /* Check permissions/state */ 353 if (req != PT_ATTACH) { 354 /* Check that the data is a valid signal number or zero. */ 355 if (req != PT_KILL && (data < 0 || data >= NSIG)) { 356 error = EINVAL; 357 goto fail; 358 } 359 360 /* Most operations require the target to already be traced */ 361 if ((error = process_checktracestate(p->p_p, tr, t))) 362 goto fail; 363 364 /* Do single-step fixup if needed. */ 365 FIX_SSTEP(t); 366 } else { 367 /* 368 * PT_ATTACH is the opposite; you can't attach to a process if: 369 * (1) it's the process that's doing the attaching, 370 */ 371 if (tr == p->p_p) { 372 error = EINVAL; 373 goto fail; 374 } 375 376 /* 377 * (2) it's a system process 378 */ 379 if (ISSET(tr->ps_flags, PS_SYSTEM)) { 380 error = EPERM; 381 goto fail; 382 } 383 384 /* 385 * (3) it's already being traced, or 386 */ 387 if (ISSET(tr->ps_flags, PS_TRACED)) { 388 error = EBUSY; 389 goto fail; 390 } 391 392 /* 393 * (4) it's in the middle of execve(2) 394 */ 395 if (ISSET(tr->ps_flags, PS_INEXEC)) { 396 error = EAGAIN; 397 goto fail; 398 } 399 400 /* 401 * (5) it's not owned by you, or the last exec 402 * gave us setuid/setgid privs (unless 403 * you're root), or... 404 * 405 * [Note: once PS_SUGID or PS_SUGIDEXEC gets set in 406 * execve(), they stay set until the process does 407 * another execve(). Hence this prevents a setuid 408 * process which revokes its special privileges using 409 * setuid() from being traced. This is good security.] 410 */ 411 if ((tr->ps_ucred->cr_ruid != p->p_ucred->cr_ruid || 412 ISSET(tr->ps_flags, PS_SUGIDEXEC | PS_SUGID)) && 413 (error = suser(p)) != 0) 414 goto fail; 415 416 /* 417 * (5.5) it's not a child of the tracing process. 418 */ 419 if (atomic_load_int(&global_ptrace) == 0 && 420 !inferior(tr, p->p_p) && (error = suser(p)) != 0) 421 goto fail; 422 423 /* 424 * (6) ...it's init, which controls the security level 425 * of the entire system, and the system was not 426 * compiled with permanently insecure mode turned 427 * on. 428 */ 429 if ((tr->ps_pid == 1) && (securelevel > -1)) { 430 error = EPERM; 431 goto fail; 432 } 433 434 /* 435 * (7) it's an ancestor of the current process and 436 * not init (because that would create a loop in 437 * the process graph). 438 */ 439 if (tr->ps_pid != 1 && inferior(p->p_p, tr)) { 440 error = EINVAL; 441 goto fail; 442 } 443 } 444 445 switch (req) { 446 447 #ifdef PT_STEP 448 case PT_STEP: 449 /* 450 * From the 4.4BSD PRM: 451 * "Execution continues as in request PT_CONTINUE; however 452 * as soon as possible after execution of at least one 453 * instruction, execution stops again. [ ... ]" 454 */ 455 #endif 456 case PT_CONTINUE: 457 /* 458 * From the 4.4BSD PRM: 459 * "The data argument is taken as a signal number and the 460 * child's execution continues at location addr as if it 461 * incurred that signal. Normally the signal number will 462 * be either 0 to indicate that the signal that caused the 463 * stop should be ignored, or that value fetched out of 464 * the process's image indicating which signal caused 465 * the stop. If addr is (int *)1 then execution continues 466 * from where it stopped." 467 */ 468 469 if (pid < THREAD_PID_OFFSET && tr->ps_single) 470 t = tr->ps_single; 471 else if (t == tr->ps_single) 472 atomic_setbits_int(&t->p_flag, P_TRACESINGLE); 473 else { 474 error = EINVAL; 475 goto fail; 476 } 477 478 479 /* If the address parameter is not (int *)1, set the pc. */ 480 if ((int *)addr != (int *)1) 481 if ((error = process_set_pc(t, addr)) != 0) 482 goto fail; 483 484 #ifdef PT_STEP 485 /* 486 * Arrange for a single-step, if that's requested and possible. 487 */ 488 error = process_sstep(t, req == PT_STEP); 489 if (error) 490 goto fail; 491 #endif 492 goto sendsig; 493 494 case PT_DETACH: 495 /* 496 * From the 4.4BSD PRM: 497 * "The data argument is taken as a signal number and the 498 * child's execution continues at location addr as if it 499 * incurred that signal. Normally the signal number will 500 * be either 0 to indicate that the signal that caused the 501 * stop should be ignored, or that value fetched out of 502 * the process's image indicating which signal caused 503 * the stop. If addr is (int *)1 then execution continues 504 * from where it stopped." 505 */ 506 507 if (pid < THREAD_PID_OFFSET && tr->ps_single) 508 t = tr->ps_single; 509 510 #ifdef PT_STEP 511 /* 512 * Stop single stepping. 513 */ 514 error = process_sstep(t, 0); 515 if (error) 516 goto fail; 517 #endif 518 519 mtx_enter(&tr->ps_mtx); 520 process_untrace(tr); 521 atomic_clearbits_int(&tr->ps_flags, PS_WAITED); 522 mtx_leave(&tr->ps_mtx); 523 524 sendsig: 525 memset(tr->ps_ptstat, 0, sizeof(*tr->ps_ptstat)); 526 527 /* Finally, deliver the requested signal (or none). */ 528 if (t->p_stat == SSTOP) { 529 tr->ps_xsig = data; 530 SCHED_LOCK(); 531 unsleep(t); 532 setrunnable(t); 533 SCHED_UNLOCK(); 534 } else { 535 if (data != 0) 536 psignal(t, data); 537 } 538 break; 539 540 case PT_KILL: 541 if (pid < THREAD_PID_OFFSET && tr->ps_single) 542 t = tr->ps_single; 543 544 /* just send the process a KILL signal. */ 545 data = SIGKILL; 546 goto sendsig; /* in PT_CONTINUE, above. */ 547 548 case PT_ATTACH: 549 /* 550 * As was done in procfs: 551 * Go ahead and set the trace flag. 552 * Save the old parent (it's reset in 553 * _DETACH, and also in kern_exit.c:wait4() 554 * Reparent the process so that the tracing 555 * proc gets to see all the action. 556 * Stop the target. 557 */ 558 mtx_enter(&tr->ps_mtx); 559 atomic_setbits_int(&tr->ps_flags, PS_TRACED); 560 tr->ps_opptr = tr->ps_pptr; 561 process_reparent(tr, p->p_p); 562 mtx_leave(&tr->ps_mtx); 563 if (tr->ps_ptstat == NULL) 564 tr->ps_ptstat = malloc(sizeof(*tr->ps_ptstat), 565 M_SUBPROC, M_WAITOK); 566 data = SIGSTOP; 567 goto sendsig; 568 default: 569 KASSERTMSG(0, "%s: unhandled request %d", __func__, req); 570 break; 571 } 572 573 fail: 574 return error; 575 } 576 577 /* 578 * ptrace kernel-state requests: thread list, event mask, process state 579 */ 580 int 581 ptrace_kstate(struct proc *p, int req, pid_t pid, void *addr) 582 { 583 struct process *tr; /* target process */ 584 struct ptrace_event *pe = addr; 585 int error; 586 587 KASSERT((p->p_flag & P_SYSTEM) == 0); 588 589 /* Find the process we're supposed to be operating on. */ 590 if ((tr = prfind(pid)) == NULL) 591 return ESRCH; 592 593 if ((error = process_checktracestate(p->p_p, tr, NULL))) 594 return error; 595 596 switch (req) { 597 case PT_GET_THREAD_FIRST: 598 case PT_GET_THREAD_NEXT: 599 { 600 struct ptrace_thread_state *pts = addr; 601 struct proc *t; 602 603 if (req == PT_GET_THREAD_NEXT) { 604 t = tfind_user(pts->pts_tid, tr); 605 if (t == NULL || ISSET(t->p_flag, P_WEXIT)) 606 return ESRCH; 607 t = TAILQ_NEXT(t, p_thr_link); 608 } else { 609 t = TAILQ_FIRST(&tr->ps_threads); 610 } 611 612 if (t == NULL) 613 pts->pts_tid = -1; 614 else 615 pts->pts_tid = t->p_tid + THREAD_PID_OFFSET; 616 return 0; 617 } 618 } 619 620 switch (req) { 621 case PT_GET_EVENT_MASK: 622 pe->pe_set_event = tr->ps_ptmask; 623 break; 624 case PT_SET_EVENT_MASK: 625 tr->ps_ptmask = pe->pe_set_event; 626 break; 627 case PT_GET_PROCESS_STATE: 628 if (tr->ps_single) 629 tr->ps_ptstat->pe_tid = 630 tr->ps_single->p_tid + THREAD_PID_OFFSET; 631 memcpy(addr, tr->ps_ptstat, sizeof *tr->ps_ptstat); 632 break; 633 default: 634 KASSERTMSG(0, "%s: unhandled request %d", __func__, req); 635 break; 636 } 637 638 return 0; 639 } 640 641 /* 642 * ptrace user-state requests: memory access, registers, stack cookie 643 */ 644 int 645 ptrace_ustate(struct proc *p, int req, pid_t pid, void *addr, int data, 646 register_t *retval) 647 { 648 struct proc *t; /* target thread */ 649 struct process *tr; /* target process */ 650 struct uio uio; 651 struct iovec iov; 652 int error, write; 653 int temp = 0; 654 655 KASSERT((p->p_flag & P_SYSTEM) == 0); 656 657 /* Accept either PID or TID */ 658 if ((tr = process_tprfind(pid, &t)) == NULL) 659 return ESRCH; 660 661 if ((error = process_checktracestate(p->p_p, tr, t))) 662 return error; 663 664 FIX_SSTEP(t); 665 666 /* Now do the operation. */ 667 write = 0; 668 669 if ((error = process_checkioperm(p, tr)) != 0) 670 return error; 671 672 switch (req) { 673 case PT_WRITE_I: /* XXX no separate I and D spaces */ 674 case PT_WRITE_D: 675 write = 1; 676 temp = data; 677 case PT_READ_I: /* XXX no separate I and D spaces */ 678 case PT_READ_D: 679 /* write = 0 done above. */ 680 iov.iov_base = (caddr_t)&temp; 681 iov.iov_len = sizeof(int); 682 uio.uio_iov = &iov; 683 uio.uio_iovcnt = 1; 684 uio.uio_offset = (off_t)(vaddr_t)addr; 685 uio.uio_resid = sizeof(int); 686 uio.uio_segflg = UIO_SYSSPACE; 687 uio.uio_rw = write ? UIO_WRITE : UIO_READ; 688 uio.uio_procp = p; 689 error = process_domem(p, tr, &uio, write ? PT_WRITE_I : 690 PT_READ_I); 691 if (write == 0) 692 *retval = temp; 693 return error; 694 695 case PT_IO: 696 { 697 struct ptrace_io_desc *piod = addr; 698 699 iov.iov_base = piod->piod_addr; 700 iov.iov_len = piod->piod_len; 701 uio.uio_iov = &iov; 702 uio.uio_iovcnt = 1; 703 uio.uio_offset = (off_t)(vaddr_t)piod->piod_offs; 704 uio.uio_resid = piod->piod_len; 705 uio.uio_segflg = UIO_USERSPACE; 706 uio.uio_procp = p; 707 switch (piod->piod_op) { 708 case PIOD_READ_I: 709 req = PT_READ_I; 710 uio.uio_rw = UIO_READ; 711 break; 712 case PIOD_READ_D: 713 req = PT_READ_D; 714 uio.uio_rw = UIO_READ; 715 break; 716 case PIOD_WRITE_I: 717 req = PT_WRITE_I; 718 uio.uio_rw = UIO_WRITE; 719 break; 720 case PIOD_WRITE_D: 721 req = PT_WRITE_D; 722 uio.uio_rw = UIO_WRITE; 723 break; 724 case PIOD_READ_AUXV: 725 req = PT_READ_D; 726 uio.uio_rw = UIO_READ; 727 temp = ELF_AUX_WORDS * sizeof(char *); 728 if (uio.uio_offset > temp) 729 return EIO; 730 if (uio.uio_resid > temp - uio.uio_offset) 731 uio.uio_resid = temp - uio.uio_offset; 732 piod->piod_len = iov.iov_len = uio.uio_resid; 733 uio.uio_offset += tr->ps_auxinfo; 734 #ifdef MACHINE_STACK_GROWS_UP 735 if (uio.uio_offset < (off_t)tr->ps_strings) 736 return EIO; 737 #else 738 if (uio.uio_offset > (off_t)tr->ps_strings) 739 return EIO; 740 if ((uio.uio_offset + uio.uio_resid) > 741 (off_t)tr->ps_strings) 742 uio.uio_resid = (off_t)tr->ps_strings - 743 uio.uio_offset; 744 #endif 745 break; 746 default: 747 return EINVAL; 748 } 749 error = process_domem(p, tr, &uio, req); 750 piod->piod_len -= uio.uio_resid; 751 return error; 752 } 753 754 case PT_SETREGS: 755 return process_write_regs(t, addr); 756 case PT_GETREGS: 757 return process_read_regs(t, addr); 758 759 #ifdef PT_SETFPREGS 760 case PT_SETFPREGS: 761 return process_write_fpregs(t, addr); 762 #endif 763 #ifdef PT_SETFPREGS 764 case PT_GETFPREGS: 765 return process_read_fpregs(t, addr); 766 #endif 767 #ifdef PT_SETXMMREGS 768 case PT_SETXMMREGS: 769 return process_write_xmmregs(t, addr); 770 #endif 771 #ifdef PT_SETXMMREGS 772 case PT_GETXMMREGS: 773 return process_read_xmmregs(t, addr); 774 #endif 775 #ifdef PT_WCOOKIE 776 case PT_WCOOKIE: 777 *(register_t *)addr = process_get_wcookie(t); 778 return 0; 779 #endif 780 #ifdef PT_PACMASK 781 case PT_PACMASK: 782 ((register_t *)addr)[0] = process_get_pacmask(t); 783 ((register_t *)addr)[1] = process_get_pacmask(t); 784 return 0; 785 #endif 786 #ifdef PT_GETXSTATE_INFO 787 case PT_GETXSTATE_INFO: 788 return process_read_xstate_info(t, addr); 789 #endif 790 #ifdef PT_GETXSTATE 791 case PT_GETXSTATE: 792 return process_read_xstate(t, addr); 793 #endif 794 #ifdef PT_SETXSTATE 795 case PT_SETXSTATE: 796 return process_write_xstate(t, addr); 797 #endif 798 default: 799 KASSERTMSG(0, "%s: unhandled request %d", __func__, req); 800 break; 801 } 802 803 return 0; 804 } 805 806 807 /* 808 * Helper for doing "it could be a PID or TID" lookup. On failure 809 * returns NULL; on success returns the selected process and sets *tp 810 * to an appropriate thread in that process. 811 */ 812 static inline struct process * 813 process_tprfind(pid_t tpid, struct proc **tp) 814 { 815 if (tpid > THREAD_PID_OFFSET) { 816 struct proc *t = tfind(tpid - THREAD_PID_OFFSET); 817 818 if (t == NULL) 819 return NULL; 820 *tp = t; 821 return t->p_p; 822 } else { 823 struct process *tr = prfind(tpid); 824 825 if (tr == NULL) 826 return NULL; 827 *tp = TAILQ_FIRST(&tr->ps_threads); 828 return tr; 829 } 830 } 831 832 833 /* 834 * Check whether 'tr' is currently traced by 'curpr' and in a state 835 * to be manipulated. If 't' is supplied then it must be stopped and 836 * waited for. 837 */ 838 static inline int 839 process_checktracestate(struct process *curpr, struct process *tr, 840 struct proc *t) 841 { 842 /* 843 * You can't do what you want to the process if: 844 * (1) It's not being traced at all, 845 */ 846 if (!ISSET(tr->ps_flags, PS_TRACED)) 847 return EPERM; 848 849 /* 850 * (2) it's not being traced by _you_, or 851 */ 852 if (tr->ps_pptr != curpr) 853 return EBUSY; 854 855 /* 856 * (3) it's in the middle of execve(2) 857 */ 858 if (ISSET(tr->ps_flags, PS_INEXEC)) 859 return EAGAIN; 860 861 /* 862 * (4) if a thread was specified and it's not currently stopped. 863 */ 864 if (t != NULL && 865 (t->p_stat != SSTOP || !ISSET(tr->ps_flags, PS_WAITED))) 866 return EBUSY; 867 868 return 0; 869 } 870 871 #endif /* PTRACE */ 872 873 /* 874 * Check if a process is allowed to fiddle with the memory of another. 875 * 876 * p = tracer 877 * tr = tracee 878 * 879 * 1. You can't attach to a process not owned by you or one that has raised 880 * its privileges. 881 * 1a. ...unless you are root. 882 * 883 * 2. init is always off-limits because it can control the securelevel. 884 * 2a. ...unless securelevel is permanently set to insecure. 885 * 886 * 3. Processes that are in the process of doing an exec() are always 887 * off-limits because of the can of worms they are. Just wait a 888 * second. 889 */ 890 int 891 process_checkioperm(struct proc *p, struct process *tr) 892 { 893 int error; 894 895 if ((tr->ps_ucred->cr_ruid != p->p_ucred->cr_ruid || 896 ISSET(tr->ps_flags, PS_SUGIDEXEC | PS_SUGID)) && 897 (error = suser(p)) != 0) 898 return (error); 899 900 if ((tr->ps_pid == 1) && (securelevel > -1)) 901 return (EPERM); 902 903 if (ISSET(tr->ps_flags, PS_INEXEC)) 904 return (EAGAIN); 905 906 return (0); 907 } 908 909 int 910 process_domem(struct proc *curp, struct process *tr, struct uio *uio, int req) 911 { 912 struct vmspace *vm; 913 int error; 914 vaddr_t addr; 915 vsize_t len; 916 917 len = uio->uio_resid; 918 if (len == 0) 919 return 0; 920 921 if ((error = process_checkioperm(curp, tr)) != 0) 922 return error; 923 924 vm = tr->ps_vmspace; 925 if ((tr->ps_flags & PS_EXITING) || (vm->vm_refcnt < 1)) 926 return EFAULT; 927 addr = uio->uio_offset; 928 929 uvmspace_addref(vm); 930 931 error = uvm_io(&vm->vm_map, uio, UVM_IO_FIXPROT); 932 933 uvmspace_free(vm); 934 935 if (error == 0 && req == PT_WRITE_I) 936 pmap_proc_iflush(tr, addr, len); 937 938 return error; 939 } 940